A 2D Barcode Validation System for Mobile Devices Ta-Wei Kuo, Daniel Wong, and Jerry Gao Ph.D., Lee Change Ph.D. San Jose State University, email:
[email protected] and
[email protected]
Abstract: The widely deployment of wireless networks and mobile technologies and the significant increase in the number of mobile device users have created a very strong demand for emerging mobile commerce applications and services. Barcode-based identification and validation solutions have been considered as an important part of electronic commerce systems, particularly in electronic supply chain systems. This paper reports a mobile-based 2D barcode validation system as a part of mobile commerce systems. This barcode-based validation solution is developed based on the DataMatrix 2D-Barcode standard to support barcode-based validation in mobile commerce systems on mobile devices. Furthermore, the paper also demonstrates its application by building a mobile movie ticketing system. Keywords: mobile commerce, barcode-based application, barcode validation, electronic commerce, mobile device-based application.
1
Introduction
The widely deployment of wireless networks and mobile technologies and the significant increase in the number of mobile device users have created a very strong demand for emerging mobile commerce applications and services. According to [1], 2D barcodes can be used to support pre-sale, buy-and-sell, and post-sale activities for mobile commerce transactions. For example, 2D barcodes can be used as advertisements, coupons, or promotion materials that can be captured and decoded by the user with mobile devices. Moreover, 2D barcodes enable mobile devices to become a point-of-sale device that reads the barcode and facilitates payment transactions. After a payment transaction, 2D barcodes can be used by customers as a receipt or proof of purchase to gain access to the purchased goods and services with their mobile phones. Until recently, people are gradually realized the importance of 2D barcode and its great application value in M-Commerce because of the followings [1]: 2D barcodes provide a new effective input channel for mobile customers carrying mobile devices with inbuilt cameras. 2D barcode is becoming a popular approach to present semantic mobile data with standard formats. 2D barcodes support a new interactive and efficient approach between mobile customers and wireless application systems. 2D barcode technology can be and are being used in diverse applications in mobile commerce. Similar to RFID-based technology and solutions, barcode-based identification and validation solutions have been considered as an important part of electronic commerce systems, particularly in electronic supply chain systems. This paper reports a mobile-based 2D barcode validation system as a part of mobile commerce systems. This barcode-based validation solution is developed based on the DataMatrix 2D-Barcode standard to support barcode-based validation in mobile commerce systems on mobile devices. Furthermore, the paper also demonstrates its application by building a mobile movie ticketing system.
This paper is structured as follows. The next section covers the basics of 2D barcode and related supporting technologies. Section 3 reviews the related work in mobile commerce and applications. Section 4 presents a 2D barcode based validation system, including the system architecture, functional components, and used technologies as well as its 2D barcode-based framework. Section 5 reports its application in a movie ticketing prototyping system in mobile commerce. Finally, our conclusion remarks are given in Section 6.
2
Understanding 2D Barcodes and Supporting Technologies
Although there are a number of widely used 2D barcodes today, different barcodes and standards are used in different countries and industry segments. Figure 1.1 shows the samples of three popular types of 2D barcodes. Quick Response (QR) code is mostly used in Japan. Similar to Japanese characters, both binary and text data can be encoded as QR barcodes. Japanese companies use them to encode product information. Data Matrix 2D barcodes are popularly used in United States [3]. It is printed on parcel labels on product packages to track the shipment and identify a product in a supply chain. Both QR code and Data Matrix have been standardized by International Standard Organization (ISO). Other 2D barcodes include ColorCode, VS Code, Visual Code, Shot Code, etc [2].
a) QR Code b) PDF417 c) Data Matrix Fig. 1.1: 2D Barcode Samples
Fig. 1.2: Metrologic Elite MS7580 Genesis area-imaging scanner with the PS2 keyboard wedge interface
As described in [4], “Data Matrix is a two-dimensional matrix symbology, which is made up of square modules arranged within a perimeter finder pattern.” It uses Reed-Solomon ECC level 200 for error detection and correction. The maximum data that a Data Matrix code can encode is 2,335 alphanumeric characters or 1,556 bytes. A Data Matrix symbol contains an L shape solid modules to define the orientation, boarder, and size of the shape. A module is either a black square or a while square or vise versa depends on the configuration. The other two sides are represented by broken modules alternating between white and black. The whole symbol is surrounded with white modules marked as the quite zone. Because of its advantages and compact size, the Data Matrix barcode is one of the 2D barcodes that is often used with mobile devices. Using 2D barcodes (like Data Matrix), we need to understand of its standard, encoding and decoding processes, and its error detection and correction rules. Data Matrix Standard. Data Matrix is a type of two-dimensional symbol that can be encoded with data and read by scanning devices. According to its standard specification (the ISO/IEC 16022 specification), a Data Matrix symbol is composed of three parts, the encoded data, four borders, and the quite zone. Each part contains either white or black solid squares called modules. A black module represents one, and a white module represents zero. To facilitate the scanning devices to locate the symbols, the left and the bottom borders create an L-shape finder pattern containing black modules. The two opposite sides of the finder have alternating black and white modules. These four sides are onemodule wide, and they define the perimeter of the encoded data. All the modules inside these four sides are the encoded data, and these four sides are surrounded by a module-wide quite zone. There
are two types of Error Checking Correction (ECC) for Data Matrix. One is ECC 000 – 140, and the other is ECC 200 which is recommended by the specification for developing new Data Matrix applications. The size of an ECC 200 symbol can be 10 by 10 modules up to 144 by 144 modules with only an even number of module for each side. An ECC 200 symbol can be in square or rectangular shapes, and it can encode up to 1556 8-bit data, 2335 alphanumeric data, and 1556 numeric digits. ECC 200 supports six different encodation schemes including ASCII, C40, Text, X12, EDIFACT, and Base 256. Regardless of which scheme is used, each character is encoded into an 8-bit codeword which is placed in the symbol. Encoding and Decoding Processes. According to the ISO Data Matrix specification [4], an encoding process for creating a Data Matrix symbol consists of the following steps. 1. Evaluate the given data stream to determine the best encoding scheme and convert the data into codewords. 2. Generate the error checking and correction codewords. 3. Place codewords in the symbol. A decoding process is needed to enable hardware devices and software programs to locate and decode Data Matrix barcodes (or symbols). This process includes the following steps. 1. Find the candidate areas that might contain the L-shape finder. 2. Find the finder in these candidate areas. 3. Find the two lines that are outside but closes to the finder. 4. Find the two opposite sides of the finder that contains alternating black and white modules. 5. Find the line that passes through alternating black and white modules for each side. 6. For each side, find the number of data modules. 7. Find the centerline that passes through the alternating modules for each side. 8. Use the centerline to find all the data modules from left to right and bottom to top until reaching to the borders. Error Correction and Codeword Generation. The ECC 200 symbols use Reed-Solomon for error checking. The Reed-Solomon code is given by the equation R-S(n, k) = (2m – 1, 2m – 1 – 2t), where k is the number of codewords of actual encoded data, n is the total number of codewords, m is the number of bits in a codeword, and t is the number of error codewords that can be corrected. 8 is a popular value for m since it’s the number of bits in a byte. The number of checking codewords is calculated as 2t = n – k. The checking codewords are the reminder of the data codewords divided by the generator polynomials. If encoded data is damaged or distorted, the checking codewords can be used to restore the data [5]. 2D Barcode Scanners. As the article in [6] points out, choosing the right 2D barcode scanner can be challenging when developing a mobile 2D barcode application. Not all types of barcode scanners are able to read 2D barcodes from the screen of mobile devices. For example, laser barcode scanners cannot read barcodes from LCD screens. This was an issue for our previous graduate students working on a mobile 2D barcode project. This could be a major obstacle for the success of developing mobile ticketing and mobile voucher solutions for mobile devices. Most retailers today do not have the right equipment to read barcodes from mobile devices. Due to the popularity and advantages of using 2D barcodes with mobile devices, more barcode scanners are built with the imaging technology. These scanners are often called imagers. A 2D barcode imager works similar to a digital camera. It is equipped with an imaging sensor. It reads a barcode by first capturing its image and then decodes its data. This feature allows the imagers to decode barcodes from self-illuminating displays. Moreover, most imagers support both 1D and 2D barcodes, making them suitable for mixed barcode environments. The scanner interface has also been evolved in the past few years. The latest 2D barcode scanners support keyboard simulation and the UBS interface [7]. This allows the scanner to simulate the keyboard through the USB
interface, entering the decoded data as if it was entered by the keyboard. Figure 1.2 shows a 2D barcode scanner that is able to scan LCD displays. A 2D barcode imager normally needs to be attached to a PC or a laptop for it to work with the barcode application. However, sometime this requirement cannot be satisfied due to the location of where the barcode is used. For example, to scan 2D barcodes at the entrance of a ball game, it’s impossible for a barcode inspector to carry a laptop. Therefore, another type of 2D barcode scanner is built into a PDA as described in section 3.2. The barcode reader and the client application can be combined into one device. The PDA 2D barcode scanner increases the mobility for the barcode inspectors, but the cost is much higher.
3
Related Work in Mobile Commerce
Barcodes have been widely used for identifying products and delivering information. The invention of 2D barcodes has significantly increased the security and data capacity for a barcode. As mobile devices are built with more sophisticated functions selling at more affordable prices, there are new mobile applications with 2D barcodes. Most cell phones today are built in with a camera. One type of 2D barcode applications is to use camera-enabled cell phones as barcode readers to decode the barcode content. This allows users to collect more information just by a click of a button. The other type of usage is to use the mobile device as a carrier of 2D barcodes, which are validated directly from the mobile device at the point of use. For this type of applications, a comprehensive 2D barcode processing, delivering, and validation system is needed. It is useful in mobile-commerce where digital tickets, coupons, and invoices can be delivered to mobile devices as 2D barcodes. It allows users to receive digital tickets, discount information, and electronic receipts anytime anywhere and use them immediately. According to [1], there are different types of 2D barcode mobile applications. They are listed below. 2D barcodes have used in a supply-chain for product identification and tracking. As discussed in [2][15], in Japan, 2D barcodes can be seen on websites, street signs, product packages, stores, magazines, and ads. Businesses use them to encode e-coupons and product URLs. Most camera-enabled cell phones in Japan are built with a barcode reader. A survey shows that in year 2006, 82.6% of the respondents had used their barcode readers on their cell phones with QR codes [2]. This allows users to collect information without tedious data entry. This type of application can also be used in zoos or museums for users to collect detailed information on an animal or a historical art piece [8]. 2D barcodes can be utilized in pre-sale, buy-and-sale, and post-sale activities, where purchase information, invoices, and promotional materials such as coupons and advertisements can be encoded into 2D barcodes and delivered to customers’ cell phones through emails or MMS. 2D barcodes can also be used for wireless payments [14]. Payment transaction information (such as credit card data) can be encoded into 2D barcodes and used at retail stores, taxi, payment terminals, and even mobile internet payment. However, using 2D barcodes for payments has security issues that need to be addressed. Since 2D barcodes are just electronic image files, they can be easily transferred and copied. Therefore, 2D barcode payment systems need to be carefully designed and rigorously tested to ensure a secure environment for using these barcodes. The rest of this section reviews some 2D barcode-based application systems and validation solutions for mobile commerce. Airline 2D Barcode Boarding Passes.
As described in [9], airlines are using mobile 2D barcode validation systems to replace paper-based boarding passes in order to speed up the boarding time. During the check-in process, the airline staff sends the boarding information as a 2D barcode to the passenger’s cell phone through the Multimedia Messaging Service (MMS). When the passenger passes the security checkpoints or boards on a plane, the security staff scans the barcode to reveal the passenger’s boarding information and identity for ID validation against his/her passport. However, there is an important issue to be addressed to make sure the barcodes can be scanned and validated from different mobile phone models. To resolve this issue, the system created an adaptive model to generate the barcode based on the different characteristics of the mobile screen. The International Air Transport Association (IATA) has approved to use 2D barcodes as boarding passes [10]. By 2010, every airline will implement a mobile 2D barcode boarding pass solution. Today, both Air Canada and Northwest Airlines have already implemented this technology [9][11]. Sports Game Ticketing Services. Another type of mobile barcode validation systems can be seen in concert and game ticketing services. When combined with mobile payment services, the whole transaction from purchasing to receiving the ticket can be done using a mobile phone. Mobiqa, a mobile barcode solution provider, partnered with PayPal to provide a mobile payment and ticket delivering service for rugby games [12]. The system allows users to purchase tickets using the PayPal Mobile service. Once the transaction is complete, the ticket information (which includes the schedule and the teams) is encoded into a barcode, and then it is sent to the user’s mobile device. When the user arrives at the venue, the staff scans the barcode from the user’s mobile device using a scanner. The scanner validates the barcode with the system that sold the ticket to complete validation. This solution uses Symbol MC50 scanners. As a high-end scanner, a MC50 scanner is a PDA scanner supports both 1D and 2D barcodes and several standards (such as DataMatrix, PDF417, QRCode, and MaxiCode). 2D Barcode Medical Prescription System. Application examples are also found in pharmaceutical science. The Taiwan government developed a 2D barcode prescription system (2DBPS) for its National Health Insurance (NHI) [13]. With this system, doctors’ medical prescriptions are encoded as 2D barcodes and sent to patients. When patients arrive at a pharmacy, the pharmacist only needs to scan the barcode on a customer’s mobile device to validate the prescription with the back-end server. This system has several advantages. Firstly, it reduces human errors occurred in manual data entry. Drugs can be dispensed more accurately. Secondly, it saves time for doctors, patients, and pharmacists by reducing manual labors such as writing prescription and entering prescription data. Lastly, it increases patient’s privacy because medical prescription data are presented as 2D barcode.
4
An Overview of A 2D Barcode-based Validation Solution
In mobile-commerce, 2D barcodes can be used to present different types of commerce information, such as mobile ads (or coupons), purchase information, payment transactions, invoices, and tickets. To support the product delivery (or pick-up) and merchandise check-out, we need a 2D barcodebased validation solution to integrate with electronic payment systems or mobile POS-based terminals. To use the 2D barcode, the user just needs to bring their mobile device to a point-of-use terminal. The staff uses a 2D barcode scanner along with the client application to read the barcode off the screen of the mobile device. The information will be read into the client application, which will be decoded using the key provided by the server system. The 2D barcode is validated against the server through the Internet, and then the identity of the user is verified by the merchant. If the 2D barcode and the identity of the user are both validated correctly, the merchant can let the user to use the barcode. The 2D Barcode Validation System is a client-server system. It uses a multi-tier
architecture to provide flexibility for scaling and growth. This section describes the system infrastructure, client and server architecture, functional components, and used technologies of the system. 4.1 System Infrastructure and Architecture The 2D Barcode Validation System consists of three portions, the server, the client, and the end user. These three portions are connected by three types of networks as shown in Figure 4.1. Internet – It supports the internet-based communications between the server system and Javabased mobile clients in browsers. The client system communicates with the server system through the SOAP protocol over the Internet. Wireless Network – It supports the wireless communications between the server system and mobile devices with a Wi-Fi connection. Users can use these devices to visit a server’s web store, for example, to make 2D barcode ticket purchases. Cellular Network – It supports the communications with mobile phones through the HTTP protocol. For email-enabled cell phones, users can receive their 2D barcode tickets using email attachments.
Fig. 4.1: System Infrastructure The 2D Barcode Validation System includes a server system, a client system, a USB 2D barcode imager, and a backend database server. A mobile phone is required in additional to the system to demonstrate all its functionalities. As shown in Figure 4.2, the 2D Barcode Validation System has its 4-tier architecture to increase the independency between different layers and reduce their change impacts. The user interface layer has two parts, a point-of-use client and a web client. The web client runs on a Web browser in PCs or mobile devices. The point-of-use client will be a GUI application. The communication layer provides communication protocols including HTTP, HTTPS, and SOAP between the client and the server. The service layer includes all the services that are required for this system. Each functional service has its own functional scope. All the business logic will be embedded in this layer. Services include 2D barcode generation, security service with Elliptic Curve Cryptography (ECC), order purchase, account management…etc. The database layer consists of entity models, Java Persistence API (JPA) based on Hibernate, and a MySQL 5.x database. Using JPA provides the system a standard way to access its data. 4.2 Server Components The server consists of the 2D barcode web application and a J2EE application server. The web application contains the mobile/web store, 2D barcode framework, validation web services, and data access services. The application is hosted in a J2EE application server, which manages the
application life cycle. All the server components are depicted in Figure 4.3. It includes the following service components. The 2D barcode web store provides an interface for users to purchase 2D barcodes. The validation web service allows the client system to validate barcodes through a secured channel. The server abstracts the business logic layer into different services. The User Service manages user accounts and authentication for the system. The Order Service manages user’s order. The Event Service manages event and ticket information. The Payment Service handles the payment process. The Encryption Service abstracts the security framework and the encryption logic. The 2D Barcode Service contains the 2D barcode encoding and decoding algorithms. It works in conjunction with Device Configuration Manager to produce the best image for each different type of mobile devices. Based on different mobile device profile, the barcode service will encode different sizes of images to best display for the mobile device. This ensures interoperability for the 2D barcode imager to accurately read the 2D barcode from different mobile device screens.
4.3
Client Components
The client system consists of a GUI application and a 2D barcode imager that allows barcode inspectors to validate and display the content of the issued 2D barcodes. It is installed in the merchant stores where 2D barcodes need to be validated. It consists of the components shown in Figure 4.4.
Fig. 4.4: Client Components
Fig. 4.5: Security Components
Each component of the client system is described in details as follows: Client GUI – It provides a GUI interface for the client user to interact with the system. It contains the GUI controls and views for the user to enter login information, login to the server system, validate an issued 2D barcode, and display the barcode content. It also displays error messages if there is any problem occurs during the validation process. 2D Barcode Validation Handler – This component is responsible for validating 2D barcodes with the server. Secure Session Establisher – It is the controller that is responsible to establish a secure session between the client and the server by using the components provided in the security framework client. Security Framework Client – This is the client component of our security framework. It contains the libraries and interfaces for encrypting and decrypting data and generating certificates to establish secure sessions. Web Service Client – It is the client web service interface for invoking the web services provided on the server.
2D Barcode Imager – It is the 2D barcode scanner hardware that is able to scan 2D barcodes from mobile screens and enters the decoded barcode into the client system.
4.4 Security Components In this 2D barcode validation system, mobile purchasing information (such as invoices or tickets) is encrypted as 2D barcodes. They will be sent to end users as emails over the wireless internet, and they can show and display the barcodes in mobile client software on mobile devices for validation. Later, they are validated at a point-of-use terminal (or a retail store’s check station). Another alternative is to deliver the barcodes through Multi Media Service (MMS). On a retail check point (or a point-of-use terminal), the ciphered information in a 2D barcode is decrypted and validated against the server through web services. All the information to be encoded into a 2D barcode is encrypted using our security encryption framework. The two different security solutions are used here. They are reported in [14]. An asymmetric encryption is used to ensure all barcode generated are created by the server application. A symmetric encryption is used for order purchase, so we can provide an additional level of security for validating the actual order owner. The security framework uses Elliptic Curve Cryptography (ECC) to provide the necessary security. Encrypting the information prevent outsider to steal the valuable information from the 2D barcode by using any 2D barcode scanner. By encrypting the data, only a 2D barcode scanner connected to an authorized pointof-use terminal could decrypt the information. The security framework of this project is used for encrypting and decrypting sensitive data and establishing secure sessions between the server and the client. It mainly uses the security components from the previous Secure Mobile Payment System developed by the SJSU graduate students Vijayendra Kulkarni and Himanshu Ranavat [14]. To make the previous security components more usable for this project, the security framework was modified as shown in Figure 4.5. The framework uses a 3rd party security framework, Bouncy Castle, to do the underlying encryption and decryption. The core of the framework contains various cryptography utilities including ECC, RSA, and symmetric cryptographies. It also has a file IO utility for storing and retrieving keys and certificates. The certificate and IO utilities in the server packages are responsible for generating CA certificates and reading and writing keys and certificate structures. These utilities have similar responsibilities in the client package. The difference is that based on the role of client or server, they address certificates and IO differently. For example, client does not generate CA certificates but to generate certificate requests. Both server and client packages have an interface for the client or server system to use. The interface only exposes the necessary functions to the system. This makes the security framework easier to use without knowing its implementation details. 4.5
Used Technologies
(A) Client Technologies – We used Java and Java Swing API to create client GUI components, and the NetBeans GUI framework and development environment is used to support the development. A Metrologic Elite MS7580 Genesis area-imaging scanner (at $366.47) is used with the PS2 keyboard wedge interface. Using the keyboard wedge interface, the scanner enters the decoded barcode data through keyboard simulation. As shown at URL: (http://www.totalbarcode.com), the scanner supports standard 1D barcodes and popular 2D barcodes such as Data Matrix, QR Code, Aztect, and PDF. In addition, the scanner supports USB and RS232 interfaces and uses the imaging technology – equipped with a CMOS imaging sensor – that can read barcodes from LCD screens. We have successfully tested this scanner with iPhone, iTouch, Android G1, and Palm Treo 650 cell phones.
(B) Server Technologies – Java technology is used to develop the server system as our client components. The server is developed based on the Java EE platform, which provides functionality to deploy a distributed, multi-tier Java application. The Bouncy Castle Crypto API is a Java implementation of cryptographic algorithms. It is used to encrypt and decrypt the barcode data and the communication between the server and the client. Moreover, the Axis2 framework is used to implement the validation services. Adopting web services makes the system extensible and flexible by allowing the server to provide services to clients that are implemented in different technologies. JSON (JavaScript Object Notation) is used throughout the system for passing the data. (C) Middle-tier Technologies - The system uses a J2ME 2D barcode encoding and decoding algorithm provided by www.drhu.org. Although this barcode library is implemented for the mobile environment, the same source is ported to the J2SE environment. This library is used to encode barcode as movie ticket to demonstrate our system. The JavaMail API is used for barcode delivery. This API is used to create and send email messages with 2D barcode attachments through the Gmail service. Other middle-tier technologies and frameworks used are Servlet, JSP, Struts 2, Ext JS 2.0, Spring Framework, Apache Velocity, Tiles, and Quartz. The Apache Tomcat application server is used to support Internet communications with clients. (D) Data-tier Technologies - The MySQL relational database management system (RDBMS) is used as the back-end database. In addition, Java Persistence API and Hibernate are used to communicate with the database.
5
The 2D Barcode Solution
2D Barcode Framework. The 2D barcode framework allows users to encode and decode information. The framework is consists of two parts, the 2D barcode encoding and decoding library and the encryption library. The barcode library only encodes and decodes Data Matrix barcodes and its algorithm is based on ISO/IEC 16022 specification. The encryption library provides asymmetric and symmetric encryptions. The asymmetric encryption method uses the Rivest, Shamir, and Adleman (RSA) algorithm. The data is encrypted using the server’s private key. To decrypt the data, the client needs to use the server’s public key. This method is more suitable for insensitive data and the point-of-use terminals that need a faster validation process since it does not require the user to enter a passphrase. The symmetric encryption uses Advanced Encryption Standard (AES) algorithm. It allows the user to encrypt data using a passphrase before it is encoded into a barcode. Only the user knows this passphrase, and the passphrase is not stored on the server’s database. Therefore, the symmetric encryption method is more suitable for sensitive data. The 2D barcode framework provides the following functionalities: Encode a string of text into a 2D data matrix barcode image with the desirable width and height. Decode a 2D data matrix barcode image into text. Convert an image object into a byte array. This is a utility function to apply on an image for various I/O and transport. Convert a byte array into an image object. This is a utility function to revert a byte array back into an image object. Symmetric and asymmetric encryption and decryption. The barcode framework is exposed through web services to allow remote client to utilize its functionality. 2D Barcode Validation. The 2D barcode validation process of the system consists of two steps. The first step is to establish a secure session between the server and the client. The second step is to validate the barcode using this secure session.
The process of establishing a secure session between the server and the client takes place after the client user logs into the client system by providing the user name and password. To establish a secure session with the server, the client first generates an ECC key pair and creates a certificate request to the server. When the server receives the request, it first checks whether the user name exists. If it exists, it starts to generate the client certificate and sends it to the client along with the CA certificate. When the client receives these certificates, it can generate shared secret and exchange it with the server. After the shared secrets have been exchanged, the secure session is ready. The client can then use the secure session to encrypt the password and send it to the server to complete the login process. If the password is successfully verified, the client saves the certificates and the private key and the secure session is ready to use to encrypt any data communicated between the server and the client. If the password is not correct, the client discards these security data and asks the client user to enter the password again. The process of establishing the secure session is represented in Figure 6.1. As described in Figure 6.2, to validate a barcode, the client system first gets the decoded data from the GUI and checks which encryption method was used for this barcode. If the encryption is symmetric, the user is asked to enter the pass phrase to decrypt the information. If the decryption is asymmetric, the client system decrypts the information using the server’s public key. After the decryption, the client system displays the decrypted data on the screen and sends it to the server for validation using the established secure session. The server system then searches for the database record using the record ID from the received data. If the record is found, the server checks whether this barcode has been used and whether the received data matches to the one in the database. If these conditions are not true, the server sends a descriptive error message back to the client stating that the validation is not successful. If these conditions are true, the validation is deemed successful. The barcode inspector can proceed to verify the barcode information such as the user’s name and the product information. If everything is correct, the client system sends the usage information of this barcode to the server to prevent the same barcode being used more than once.
Fig. 6.1: Secure Session Setup Process
6
Fig. 6.2: Client Barcode Validation Process
A 2D Barcode Validation Application – Mobile Movie Tickets
To demonstrate the usage of this system, a movie 2D barcode ticketing prototype system is implemented. Based on the 2D barcode-ticketing scenario, the system allows users to purchase
movie tickets through a storefront website called Movie Express and have them delivered to mobile devices. Users can use an internet browser or an internet-enabled mobile device to access the 2D barcode ticketing store as shown in Figure 6.3. From the store, users can login to make purchases of various movie tickets (see (a) to (d)). After purchasing tickets, users will receive the tickets and the corresponding barcodes by email (see (e)). It allows users to have a more convenient access to their barcodes. In addition, each ticket can be sent to a different email address. When arriving at a theater, the user shows the ticket barcode to the ticket inspector for scanning (as shown in (f)). After scanning, the ticket information will be displayed in the client system. The ticket information includes the ticket owner’s name, the theater name, the movie name, the movie showing date and time, and the screen number. In the meantime, the client system validates this barcode with the server, checking whether this ticket record exists in the database, and whether it has been used before. If the validation is successful, the ticket inspector proceeds to verify the ticket information and let the user enter the theater. Finally, the ticket inspector uses the client system to send the usage information of this ticket barcode to the server. The usage information includes when the barcode was used and who validated it. To further demonstrate this system, users can select to do “Will Call” orders for their movie tickets. A “Will Call” order will be treated differently than a regular ticket order. No 2D barcode tickets will be generated from the store. Instead, the user will be asked to enter a passphrase to encrypt the order, and an order 2D barcode is generated and sent to the user. After receiving the order barcode, the user can pickup the tickets at the box office. The box office staff scans the barcode and asks the user to enter the passphrase that was used during the purchase. After the order information stored in the barcode has been successfully decoded, decrypted, validated, and verified, the staff gives the ordered tickets to the user to complete the process.
a) Login
d) Showtime details
b) Home page
c) Movie details
e) Receiving the f) Scanning the movie ticket barcode on Android barcode via email G1 at the client Fig. 6.3: Movie Ticket Purchase and Barcode Delivery
7
Conclusion
Using 2D barcodes with mobile devices has many benefits. It provides mobility, security, and convenience. When used for ticketing services, it also helps the environment by reducing the paper usage. This paper introduces a 2D barcode validation system for mobile commerce applications. It provides a secure way to encode ticket and order information into 2D barcodes, which can be easily transported through email and MMS. In addition, the system provides a security framework to protect sensitive data from any malicious act. Mobile commerce is becoming a lucrative market for merchants, banks, and service businesses. 2D barcodes have become the de-facto standard for carrying information in mobile commerce. The proposed validation solution provides a secure way to process and validate 2D barcodes for mobile commerce. The application of our prototyping solution demonstrates that it works effective to check the 2D barcode-based invoices and tickets. Similarly, it also can be used for e-validation in other situations, such as retail-oriented check-out, product delivery and pick-up, station-based payment, terminal-based, and coupon check-up. For the future research direction, we are working on integration of our 2D barcode-based mobile payment system with the discussed solution in this paper, and mobile advertising system to support a complete 2D barcode-based mobile commerce system.
References 1. Gao, J., Prakash, L., and Jagatesan, R.: Understanding 2D-BarCodes Technology and Applications in M-Commerce – Design and Implementation of A 2D Barcode Processing Solution: The Proceedings of COMPSAC 2007, Vol. 2, pp. 49-56 (2007). 2. Kato, H., Tan, K. T.: Pervasive 2D Barcodes for Camera Phone Applications: IEEE Pervasive Computing, Vol. 6, No. 4, pp. 76-85 (2007). 3. The 2D data matrix barcode: Computing & Control Engineering Journal, Vol. 16, No. 6, pp. 39- (2006). 4. Information technology – International symbology specification – Data matrix, ISO/IEC 16022:2000(E) (2000). 5. Sklar, B.: Reed-Solomon Codes, informit.com, www.informit.com/content/images/art_sklar7_reed-solomon/elementLinks/art_sklar7_reedsolomon.pdf 6. Honeywell, Mobile Ticketing Choosing the Right Technology Platform is Critical to your Program Success, Mobile Ticketing Technology – Airport International. 7. Automation, 2D Barcode Imagers and Readers, 2D Barcode Imagers and Readers at IDAutomation. 8. O’Hara, K., Kindberg, T., Glancy, M., Baptista, L., Sukumaran, B., Kahana, G., and Rowbotham, J.: Social Practice in Location-based Collecting: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, San Jose, CA, pp. 1225-1234 (2007) 9. Bouchard, T., Hemon, M., Gagnon, F., Gravel, V., and Munger, O.: Mobile Telephones Used as Boarding Passes: Enabling Technologies and Experimental Results: The Proceedings of Forth International Conference on Autonomic and Autonomous Systems (ICAS, 2008), 2008, pp. 255-259 (2008) 10. IATA, IATA Standard Paves Way for Global Mobile Phone Check-in, http://www.iata.org/pressroom/pr/2007-11-10-01.htm 11. Air Canada, Mobile Check-in, aircanada.com – Travel Info – Mobile Services, http://www.aircanada.com/en/travelinfo/traveller/mobile/mci.html 12. Mobiqa, CASE STUDY: PAYPAL AND SCOTLAND RUGBY LEAGUE WORLD CUP QUALIFIER, www.mobiqa.com. 13. Wang, W. L., Lin, C. H.: A Study of Two-dimensional Barcode Prescription System for Pharmacists’ Activities of NHI Contracted Pharmacy: Yakugaku Zasshi, Vol. 128, pp. 123-127. 14. Gao, J., Kulkarni, V., Ranavat, H., Chang, L., Hsing, M.: A 2D Barcode-Based Mobile Payment System: The 3rd International Conference on Multimedia and Ubiquitous Engineering (MUE 2009), June 2009, pp.320-329. 15. Vandenhouten, R., Seiz, M.: Identification and tracking goods with the mobile phone: The Proceedings of International Symposium on Logistics and Industrial Informatic (LINDI 2007), Wildau, pp. 25-29 (2007).
