This is the third in a series of four brief articles on QR Codes and it will speak about QR code security, describing some common examples of how we use QR codes today in our online activities. In our next article, we’ll talk about where QR code technology in general might be going.
Have you ever seen a URL for a familiar vendor’s product, bank services or other institution… and then clicked on it? Few of us ask where this ‘click’ might take us and that ‘click’ can sometimes lead us to a fraudulent website or to one we do not expect to land upon. Sometimes we click on tiny URLs which are shortened versions of what would have been a multi-line URL. You may have seen these ‘tiny URLs’ in Twitter messages or perhaps included in an online article you accessed. Although not commonly used, there are browser addins that allow us to see the full URL before we click on it and let us make the decision to proceed or not. Not meaning to spread fear of the Internet, let it suffice to say that we need to practice vigilence when accessing websites with which we are not familiar.
OK, you may ask, “so what does this have to do with QR codes?”. Well, to start, anyone can use a web-based application to create a QR code and that is both good and bad. QR codes are not human-readable so, like a tiny URL or a potentially fraudulent URL, we cannot tell what will happen or know where we will be taken when we use a Smartphone to read the QR code in a magazine or wall poster for example. Reputable organizations do not mislead the public through the use of suspect QR codes any more than they would if we clicked on their visibly correct URL using our Internet browser. QR codes and tiny URLs are not the only concern new technology raises. The next time you download an application to your Smartphone, read the comments about the access it might have to data on your phone. I’ve read these comments and, because I wanted to have the application, I installed it, as I expect many of you have also done. In brief, we still need to be vigilant about our use of the technology but, as noted, reputable organizations simply use QR codes as an easy means to provide information and services to us in a more efficient manner than having us type in a URL on our computers.
QR codes can be set up to not only lead the user to a website to view specific information, but to also carry out some predefined actions. The Calgary Herald recently ran a WestJet contest where readers could access the entry form by reading a QR code that was responsive during a defined time period. Variants of the QR code (called a SPARQ code) are used by the travel industry and are visually identical to a standard QR code. For example, if you make an online flight reservation with WestJet, you will receive your electronic ticket in an email which will include a SPARQ code. If you click on the SPARQ code with your Smartphone QR code reader, you will see any flight updates or related information right on your Smartphone. Since WestJet knows the particulars of your reservation, your contact information, etc. and has assigned a ‘flight code’ to your reservaion, they can create a SPARQ code specifically to service you better. The SPARQ Code encoding standard specifies a convention that extends QR code support for the following encoding data types: Phone Number, SMS TEXT, MAP, URL, MeCard, vCard, and BlackBerry PIN.
Although we will not discuss QR code security at length, there are some QR codes called SQR codes (Secure QR codes) that are deemed secure. Secure Quick Response codes use a method for encrypting data into a two-dimensional bar code, which then becomes extremely difficult to decode into the original plain text in the absence of the encryption cipher or key. A typical implementation of SQR codes would be to create a one-time use SQR code on a mobile handset’s high resolution screen to effectively create a highly secure type of encryption called a ‘One Time Pad’ that might contain an on-line account number. SQR codes, because we can use them on hundreds of millions of already installed phones and because no additional hardware on the mobile handset is necessary, can operate in a similar fashion to NFC (Near Field Code) handsets for secure mobile payments. We have all likely used secure access such as this (or will in the near future) when the ‘mobile wallet’ becomes more widely used.
Now let’s look at clicking on other QR codes we should consider using. Some companies provide a document archival service where their clients would securely upload documents and the system assigns a document-specific QR code to each document. Clients view documents by reading the QR code for the document list from their phone or other device. Other companies have found that imprinting a QR code on a printed document provides a means to better control and manage documents, as we have seen in the previous article (‘QR Codes Here and QR Codes There’) on this site. DocBoss for example, imprints a QR code on the Document Cover Sheets it generates for efficient control of documents for users.
In our next article, we will discuss some of the more innovative ways we might use QR codes and muse about ways we could use QR codes in the future. They can play an important role in how we do Document Control and make life easier for all.