Are there unphotographable, but scannable ID cards?











up vote
50
down vote

favorite
13












We have a client who hosts an event, with a tight budget, that uses lanyarded Photo-ID cards with barcodes on them. The barcodes are used to gain access to various areas at the event.



We were thinking of proposing a hashed code (currently the IDs are sequential), but then it occured that it's pretty easy to 'swipe' a card
with high resolution photography, and then overlay one's existing barcode with a printout of the swipe.



Bearing in mind that we are using ean13 scanners, and there really is a tight budget (so NFC is out for the time being) - would an overlay, such as red cellophane, serve any purpose in mitigating this specific kind of attack?










share|improve this question


















  • 32




    I think you are looking at the wrong layer for a solution. Why not use a 2nd factor? Or provide additional authentication token with the badge that is not observable? Like adding a sticker to the back of the card (scan the barcode, then check for the sticker)
    – schroeder
    Nov 28 at 9:31






  • 23




    Just putting the barcode on the back of the card might be good enough solution. Also consider, is there a particularly high incentive for people to fake the cards? Does it cause the event a lot of trouble if there are one or two cheaters?
    – jpa
    Nov 28 at 12:38






  • 40




    This question misses too much information, i.e. a better definition of your threat model. In addition to the other comnment questions: Is event access also checked with the barcode, i.e. at your outside perimeter? Are people going to leave and re-enter that perimeter? How are the codes going to be distributed to the users - what are the chances of them falling into the wrong hands before the legitimate users present him/herself at the event?
    – Jan Doggen
    Nov 28 at 13:46








  • 14




    You should checkout DEFCON 16: Toying with Barcodes. Barcode give very little security. And authentication is not the only problem. Your scanners can be configured via barcodes so someone can fabricate some barcodes to "break" your scanners.
    – Bakuriu
    Nov 28 at 19:05








  • 12




    I agree with @JanDoggen. We need a threat model. If you have ultra-high risk associated with a single mishap, and no budget to actually implement the security procedures, then you need a very sharp focused threat model to focus your efforts. As an example: are the self-verification "what table am I at" as sensitive as the "enter this room" verifications? I assume not, and that helps you focus your dollars on the parts of the threat model which really matter to your client.
    – Cort Ammon
    Nov 28 at 20:37















up vote
50
down vote

favorite
13












We have a client who hosts an event, with a tight budget, that uses lanyarded Photo-ID cards with barcodes on them. The barcodes are used to gain access to various areas at the event.



We were thinking of proposing a hashed code (currently the IDs are sequential), but then it occured that it's pretty easy to 'swipe' a card
with high resolution photography, and then overlay one's existing barcode with a printout of the swipe.



Bearing in mind that we are using ean13 scanners, and there really is a tight budget (so NFC is out for the time being) - would an overlay, such as red cellophane, serve any purpose in mitigating this specific kind of attack?










share|improve this question


















  • 32




    I think you are looking at the wrong layer for a solution. Why not use a 2nd factor? Or provide additional authentication token with the badge that is not observable? Like adding a sticker to the back of the card (scan the barcode, then check for the sticker)
    – schroeder
    Nov 28 at 9:31






  • 23




    Just putting the barcode on the back of the card might be good enough solution. Also consider, is there a particularly high incentive for people to fake the cards? Does it cause the event a lot of trouble if there are one or two cheaters?
    – jpa
    Nov 28 at 12:38






  • 40




    This question misses too much information, i.e. a better definition of your threat model. In addition to the other comnment questions: Is event access also checked with the barcode, i.e. at your outside perimeter? Are people going to leave and re-enter that perimeter? How are the codes going to be distributed to the users - what are the chances of them falling into the wrong hands before the legitimate users present him/herself at the event?
    – Jan Doggen
    Nov 28 at 13:46








  • 14




    You should checkout DEFCON 16: Toying with Barcodes. Barcode give very little security. And authentication is not the only problem. Your scanners can be configured via barcodes so someone can fabricate some barcodes to "break" your scanners.
    – Bakuriu
    Nov 28 at 19:05








  • 12




    I agree with @JanDoggen. We need a threat model. If you have ultra-high risk associated with a single mishap, and no budget to actually implement the security procedures, then you need a very sharp focused threat model to focus your efforts. As an example: are the self-verification "what table am I at" as sensitive as the "enter this room" verifications? I assume not, and that helps you focus your dollars on the parts of the threat model which really matter to your client.
    – Cort Ammon
    Nov 28 at 20:37













up vote
50
down vote

favorite
13









up vote
50
down vote

favorite
13






13





We have a client who hosts an event, with a tight budget, that uses lanyarded Photo-ID cards with barcodes on them. The barcodes are used to gain access to various areas at the event.



We were thinking of proposing a hashed code (currently the IDs are sequential), but then it occured that it's pretty easy to 'swipe' a card
with high resolution photography, and then overlay one's existing barcode with a printout of the swipe.



Bearing in mind that we are using ean13 scanners, and there really is a tight budget (so NFC is out for the time being) - would an overlay, such as red cellophane, serve any purpose in mitigating this specific kind of attack?










share|improve this question













We have a client who hosts an event, with a tight budget, that uses lanyarded Photo-ID cards with barcodes on them. The barcodes are used to gain access to various areas at the event.



We were thinking of proposing a hashed code (currently the IDs are sequential), but then it occured that it's pretty easy to 'swipe' a card
with high resolution photography, and then overlay one's existing barcode with a printout of the swipe.



Bearing in mind that we are using ean13 scanners, and there really is a tight budget (so NFC is out for the time being) - would an overlay, such as red cellophane, serve any purpose in mitigating this specific kind of attack?







identity barcode






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 28 at 7:20









Konchog

357125




357125








  • 32




    I think you are looking at the wrong layer for a solution. Why not use a 2nd factor? Or provide additional authentication token with the badge that is not observable? Like adding a sticker to the back of the card (scan the barcode, then check for the sticker)
    – schroeder
    Nov 28 at 9:31






  • 23




    Just putting the barcode on the back of the card might be good enough solution. Also consider, is there a particularly high incentive for people to fake the cards? Does it cause the event a lot of trouble if there are one or two cheaters?
    – jpa
    Nov 28 at 12:38






  • 40




    This question misses too much information, i.e. a better definition of your threat model. In addition to the other comnment questions: Is event access also checked with the barcode, i.e. at your outside perimeter? Are people going to leave and re-enter that perimeter? How are the codes going to be distributed to the users - what are the chances of them falling into the wrong hands before the legitimate users present him/herself at the event?
    – Jan Doggen
    Nov 28 at 13:46








  • 14




    You should checkout DEFCON 16: Toying with Barcodes. Barcode give very little security. And authentication is not the only problem. Your scanners can be configured via barcodes so someone can fabricate some barcodes to "break" your scanners.
    – Bakuriu
    Nov 28 at 19:05








  • 12




    I agree with @JanDoggen. We need a threat model. If you have ultra-high risk associated with a single mishap, and no budget to actually implement the security procedures, then you need a very sharp focused threat model to focus your efforts. As an example: are the self-verification "what table am I at" as sensitive as the "enter this room" verifications? I assume not, and that helps you focus your dollars on the parts of the threat model which really matter to your client.
    – Cort Ammon
    Nov 28 at 20:37














  • 32




    I think you are looking at the wrong layer for a solution. Why not use a 2nd factor? Or provide additional authentication token with the badge that is not observable? Like adding a sticker to the back of the card (scan the barcode, then check for the sticker)
    – schroeder
    Nov 28 at 9:31






  • 23




    Just putting the barcode on the back of the card might be good enough solution. Also consider, is there a particularly high incentive for people to fake the cards? Does it cause the event a lot of trouble if there are one or two cheaters?
    – jpa
    Nov 28 at 12:38






  • 40




    This question misses too much information, i.e. a better definition of your threat model. In addition to the other comnment questions: Is event access also checked with the barcode, i.e. at your outside perimeter? Are people going to leave and re-enter that perimeter? How are the codes going to be distributed to the users - what are the chances of them falling into the wrong hands before the legitimate users present him/herself at the event?
    – Jan Doggen
    Nov 28 at 13:46








  • 14




    You should checkout DEFCON 16: Toying with Barcodes. Barcode give very little security. And authentication is not the only problem. Your scanners can be configured via barcodes so someone can fabricate some barcodes to "break" your scanners.
    – Bakuriu
    Nov 28 at 19:05








  • 12




    I agree with @JanDoggen. We need a threat model. If you have ultra-high risk associated with a single mishap, and no budget to actually implement the security procedures, then you need a very sharp focused threat model to focus your efforts. As an example: are the self-verification "what table am I at" as sensitive as the "enter this room" verifications? I assume not, and that helps you focus your dollars on the parts of the threat model which really matter to your client.
    – Cort Ammon
    Nov 28 at 20:37








32




32




I think you are looking at the wrong layer for a solution. Why not use a 2nd factor? Or provide additional authentication token with the badge that is not observable? Like adding a sticker to the back of the card (scan the barcode, then check for the sticker)
– schroeder
Nov 28 at 9:31




I think you are looking at the wrong layer for a solution. Why not use a 2nd factor? Or provide additional authentication token with the badge that is not observable? Like adding a sticker to the back of the card (scan the barcode, then check for the sticker)
– schroeder
Nov 28 at 9:31




23




23




Just putting the barcode on the back of the card might be good enough solution. Also consider, is there a particularly high incentive for people to fake the cards? Does it cause the event a lot of trouble if there are one or two cheaters?
– jpa
Nov 28 at 12:38




Just putting the barcode on the back of the card might be good enough solution. Also consider, is there a particularly high incentive for people to fake the cards? Does it cause the event a lot of trouble if there are one or two cheaters?
– jpa
Nov 28 at 12:38




40




40




This question misses too much information, i.e. a better definition of your threat model. In addition to the other comnment questions: Is event access also checked with the barcode, i.e. at your outside perimeter? Are people going to leave and re-enter that perimeter? How are the codes going to be distributed to the users - what are the chances of them falling into the wrong hands before the legitimate users present him/herself at the event?
– Jan Doggen
Nov 28 at 13:46






This question misses too much information, i.e. a better definition of your threat model. In addition to the other comnment questions: Is event access also checked with the barcode, i.e. at your outside perimeter? Are people going to leave and re-enter that perimeter? How are the codes going to be distributed to the users - what are the chances of them falling into the wrong hands before the legitimate users present him/herself at the event?
– Jan Doggen
Nov 28 at 13:46






14




14




You should checkout DEFCON 16: Toying with Barcodes. Barcode give very little security. And authentication is not the only problem. Your scanners can be configured via barcodes so someone can fabricate some barcodes to "break" your scanners.
– Bakuriu
Nov 28 at 19:05






You should checkout DEFCON 16: Toying with Barcodes. Barcode give very little security. And authentication is not the only problem. Your scanners can be configured via barcodes so someone can fabricate some barcodes to "break" your scanners.
– Bakuriu
Nov 28 at 19:05






12




12




I agree with @JanDoggen. We need a threat model. If you have ultra-high risk associated with a single mishap, and no budget to actually implement the security procedures, then you need a very sharp focused threat model to focus your efforts. As an example: are the self-verification "what table am I at" as sensitive as the "enter this room" verifications? I assume not, and that helps you focus your dollars on the parts of the threat model which really matter to your client.
– Cort Ammon
Nov 28 at 20:37




I agree with @JanDoggen. We need a threat model. If you have ultra-high risk associated with a single mishap, and no budget to actually implement the security procedures, then you need a very sharp focused threat model to focus your efforts. As an example: are the self-verification "what table am I at" as sensitive as the "enter this room" verifications? I assume not, and that helps you focus your dollars on the parts of the threat model which really matter to your client.
– Cort Ammon
Nov 28 at 20:37










21 Answers
21






active

oldest

votes

















up vote
76
down vote













Simple answer: No



If you can see it, you can photograph it.



There have been countless attempts over the years to solve this part of DRM and all have failed.



Instead of focusing on the barcode, have you considered making it difficult to copy the id card itself? So that security for each area can quickly check it isn't an overlay? For example a hologram over the barcode that the scanner ignores but a human can check, or a high quality plastic card with the barcode in the coloured coating - a guard can spot a fake overlay.






share|improve this answer



















  • 6




    I'd think something akin to a monitor privacy filter would help a bit. It would at least ensure that the barcode would have to be viewed from a very precise angle, which is easy for a scanner but not a photographer.
    – forest
    Nov 28 at 8:08








  • 5




    Yeah - I have one for my luggage tags (3M were at a conference I went to and were giving out interesting swag) but it's not useful enough: lanyards swing etc
    – Rory Alsop
    Nov 28 at 8:09






  • 1




    @RoryAlsop, Do you have a photo of what that (the monitor privacy thing) looks like? (never mind I googled it - 3M are easy to find, but again quite expensive). The client cannot afford holograms! How about if we stick it on the inside of a folded id - booklet style - with the photo on the outside? Hmm but it makes UX a bit fiddly. stumped
    – Konchog
    Nov 28 at 8:34








  • 10




    I like the idea. For one time events, it is easier to stick a cheap unique hologram sticker to defeat photocopy.
    – mootmoot
    Nov 28 at 9:38






  • 5




    @Konchog IMHO, the purpose is to defeat photocopy, any cheapo hologram will do.
    – mootmoot
    Nov 28 at 9:41


















up vote
52
down vote













Simple answer is yes. Unfortunately I think you might be struggling to do so on a tight budget, barcodes can be printed using inks that are only visible under UV/IR light, so they aren't visible to the naked eye and can't be replicated without specialist equipment and inks.



Unfortunately the scanners that can read these codes aren't cheap and neither is the ink so unless you're going to be having more than a couple of thousand attendees the NFC route is going to be cheaper. And as the question indicates this isn't something you think they will pay for so that probably puts the "unphotographable" barcode solutions out of your price range.






share|improve this answer

















  • 5




    Yeah they aren't completely foolproof - most of the inks work by fluorescing in the visible spectrum when under the appropriate type of light so using that to uncover the barcode and then reproducing it would probably fool scanners, that actually gives me an idea - I wonder if printing the barcodes using UV ink and then having a cheap UV light set up next to a standard scanner to reveal it would work. It's a bit rough and ready (and would be vulnerable to the above flaw for certain) but might be on-budget?
    – motosubatsu
    Nov 28 at 12:16






  • 7




    I really want to test this now with a cheap barcode reader, a strong UV lamp and UV ink. Could cheap materials work?
    – schroeder
    Nov 28 at 13:38






  • 1




    @schroeder me too! I've got access to a reader at work but would need a way to produce UV barcodes
    – motosubatsu
    Nov 28 at 13:42








  • 6




    My kid has a "secret writing pen" with a built-in lamp. Hit a dollar store? Use a stencil to copy an existing barcode
    – schroeder
    Nov 28 at 13:43








  • 5




    Unfortunately, many phone cameras can "see" infrared.
    – MGOwen
    Nov 29 at 6:33


















up vote
28
down vote













While a simple red cellophane does little to hide the barcode, you could apply multiple colors to hide the barcode from human eye. If the barcode scanner only uses a single wavelength (such as red), it will see the colors differently than a human or a color camera.



This would be more difficult to photograph and print successfully, because cameras and printers will blur the colors more easily than they would blur a black and white image. Further, you could experiment with making the foreground and background some kind of random pattern, so that it is not obvious that it is a barcode at all.



For example, you replace black with blue and green, and white with red and orange:



Obfuscated barcode



To a red-light barcode scanner, this should appear like a normal black and white barcode. But I expect it would be more difficult to copy successfully.





Theoretical background: The human eye is most sensitive to brightness variations, and less sensitive to color variations. Most of our equipment, such as cameras, printers and image formats reflect this, and methods such as Chroma subsampling and Bayer filter are in common use. But a scanner at a single wavelength is completely insensitive to brightness variations in other colors, and very sensitive to color variations that affect the amount of red in the color.



Thus the pattern should be designed so that it has a lot of brightness variation to make copying difficult, while keeping the brightness seen by scanner the same. One way to do this in image editors is to separate red/green/blue channels and only edit the green and blue channels.






share|improve this answer



















  • 4




    Looks like some kind of tartan. But still, if you can scan it, you can also make a photograph of it, can't you?
    – Trilarion
    Nov 28 at 13:54








  • 3




    @Trilarion Yeah, but it's more work to do so successfully. At least color vs. bw printer, or some photoshopping. And I expect it could blur more easily in camera or JPEG compression, though of course with care you can still do it.
    – jpa
    Nov 28 at 13:56






  • 4




    Great practical solution! The thread model is currently someone getting a quick "blurry" photograph from the original card and printing this photograph with a consumer-grade printer onto simple paper. - The color differences from the original to this one coupled with some blurriness will probably lead to copies being ineffective at scanners and very easily identifiable by human security.
    – Falco
    Nov 29 at 13:45






  • 4




    I think this answer is theoretically correct, but in practical reality won't work: There's enough of a safety margin on labels that you get a good read (say) 9-out-of-10-times. To be so borderline-illegible that a good photo is made to reliably fail (that's what you're proposing) seems a recipe for frustration --- for chaos and long queues and social engineering opportunities to enter your venue. Coincidentally today I got offered a (non-sensitive) product I asked after, when my ID proved illegible; the vendor said "You were here on Saturday, right? I remember you" when I absolutely hadn't.
    – user3445853
    Nov 29 at 21:45










  • Unless you had a scanner setup to be sensitive to precise customized ink variants, photographing this and printing on a run of the mill consumer color printer will duplicate this just fine. Human eye response is not relevant.
    – user10216038
    Nov 30 at 22:59


















up vote
23
down vote













The cheapest solution for your situation in this case is utilising the human security guard to do photo check. Use the barcode tag to quickly lookup the user's record from the participant database, the database should store participant's photo and the guard should check that the participant that presented themselves match the photo on the database.



The barcode in this case should not really be considered part of the security, it's just a quick way to lookup database records, so it doesn't matter if it gets copied. The real security comes from the photo matching. Obviously, you can't really enforce security on self scan spots in this case, which is the main weakness.






share|improve this answer

















  • 4




    Photo check is not required. Just verify that a badge is legitimate. The vulnerability becomes the ability to source and print a badge that will pass inspection, which raises the bar significantly.
    – schroeder
    Nov 28 at 11:55








  • 2




    "Oh, the event has already started? I reeeeally need to get in! Here's my legit barcode. You can skip the photo check, okay? Okay! Bye!!"
    – Tom K.
    Nov 28 at 13:23










  • @schroeder Depends on if "sharing" badges is considered a problem. (Or, if this is a heist novel, knocking someone out for 8+ hours and "borrowing" theirs.)
    – user3067860
    Nov 28 at 14:45


















up vote
17
down vote













You can’t, because as long as both a human and a barcode scanner needs to be able to see the whole thing, so can a camera and copier.



A barcode is no different than printing a string of text, except a machine can read it faster. Security-wise it adds no protection.



This issue might not be part of the threat model — have you checked that?






share|improve this answer

















  • 8




    Indeed. The organisers will have to decide which is more of a threat to their tight budget: spending more on useful ID cards, or risking someone photographing a card, reprinting it, entering the event and then drinking all the champagne themselves (is this likely?)
    – Lightness Races in Orbit
    Nov 28 at 10:42






  • 16




    @forest I think you misunderstood me. It's a common way to perform an attack, yes. But will it be likely for someone to attack this event in this way for the purpose of ... doing what? What would be their goal? What resources are at risk? Is it a champagne reception? If so, can they even really possibly drink enough to harm you to the extent that it's economical to spend a ton of money on NFC hard passes? Of course you don't want uninviteds at your party but you have to apply balance when deciding what to spend on mitigation.
    – Lightness Races in Orbit
    Nov 28 at 10:45








  • 3




    .. OP says they can't afford secure passes so the [IMO low] risk in this case is probably worth it from that perspective. Any possible financial losses are not likely to cost as much as the technology that they can't afford.
    – Lightness Races in Orbit
    Nov 28 at 10:47








  • 1




    @Konchog Indeed!
    – Lightness Races in Orbit
    Nov 28 at 12:16






  • 12




    @Konchog People who want to protect high-value things without spending money on it always remind me of the old saying "If you've got a $5 head buy a $5 helmet" :D
    – motosubatsu
    Nov 28 at 12:36


















up vote
15
down vote













Is NFC really too expensive? I found a 50-pack of MiFARE NFC stickers for $13.20, making them < $0.27 per attendee; if you plan on 500 attendees, that's $132 which really isn't that much in the scheme of a catered event of that scale. If you can manage to swing $0.89 per attendee, you can actually get inkjet-printable MiFARE cards, saving the step of printing and separately applying a sticker (though you'd have to have a flat-paper-path printer that the cards could be fed through).



Since NFC can't be photographed, it can't be easily duplicated, but tags are easily read by any smartphone and a variety of other devices, and are often less finicky. For example, if the badge is in a plastic holder, a barcode scanner might pick up too much reflected ambient light to be able to read the barcode, and the person would have to tilt it this way and that (pausing a bit each time to give the scanner time to focus), hoping to reduce the glare enough for the scanner to read the code; with NFC, just pressing the card against the reader and maybe wiggling it around a bit until you hit the sweet spot. By the 10th or 15th scan, the security person should have a pretty good clue where the sweet spot is and be able to scan almost instantaneously from there on out.



EDIT1: Even basic, cheap non-cryptographic NFC tags programmed with simple ID numbers are more difficult to duplicate -- you need to either have close proximity access to a tag (generally less than a foot). This makes them significantly more difficult to clone than a barcode that can be captured by a decent camera from several feet away or across the room or further with a good DSLR and zoom lens. Optimum read range on NFC chips is based on the loop antenna radius of the chip: the radius divided by ~1.414. On a 2"x3.5" NFC card the radius can't be more than 1 inch (2.54cm) since the loop's antenna can't be more than 2 inches in diameter, giving us an "optimum" read range of just under 2cm (less than an inch). Even with a powerful reader, I seriously doubt you're going to be able to read the tags at distances greater than a foot.



EDIT2: As @Falco pointed out in the comments below, if you print a barcode on the badge too, a potential ne'er-do-well might not even realize there's an NFC tag and attempt to just clone the barcode... but of course their counterfeit badge wouldn't scan with NFC, exposing it as a fake.






share|improve this answer



















  • 2




    "it can't be easily duplicated, but tags are easily read" - That doesn't make sense. If you can read it, you can duplicate it.
    – AndrolGenhald
    Nov 28 at 22:08






  • 11




    @AndrolGenhald: not necessarily, higher security NFC Smartcards uses cryptography to sign a challenge-response protocol. These type of tags are essentially impossible to duplicate without breaking the physical enclosure of the original tag, and the physical enclosure are often rigged to destroy the signing key if it's tampered with. These types of tags aren't as cheap as the static passive tags though.
    – Lie Ryan
    Nov 28 at 23:07






  • 1




    @LieRyan I suppose "tags are easily read" is a bit ambiguous, I wouldn't call authenticating with a smartcard "reading" it, as you're sending it data to sign and checking the response, but I guess you could still call it that. Smartcards are likely too expensive for OP though, which is probably why they specifically rule out NFC.
    – AndrolGenhald
    Nov 29 at 0:30






  • 3




    NFC stickers are not expensive - and NFC scanners are getting far more affordable. However, when this was last tried out it did not work so well - there were problems with the scanners at that time (which may well have been an upsteam issue). Also, there were problems with getting NFC embedded cards printed on time, and then matching each NFC identity with the system identity without pre-printing identity details. The client may revisit NFC at some point - but we are told that they are staying with EAN13 scanners for the time being..
    – Konchog
    Nov 29 at 7:25








  • 3




    At a one shot event obscurity can be used as a valid strategy to increase security. Printing Barcodes on the NFC-Tagged cards will lead many potential threats to try and copy the barcodes before realizing NFC-Equipment might be necessary.
    – Falco
    Nov 29 at 13:49


















up vote
11
down vote













Not sure how you are planning to carry the id cards, whether hung directly from the lanyard with a simple hole punched through the card or if in a carrier or plastic wallet hung from the lanyard.



If you use the clear wallet style of carrier you could have something printed, or a sticker applied, on the outside that covers the area of the barcode but leaving the photo and other identifying information visible to human readers, make sure this is on both sides if there in case the card is placed in the carrier reversed. This would mean a 'drive by' photo of someone would not reveal the barcode at all. The card would have to be removed, or moved within the carrier, for scanning the barcode however.



If using a more substantial plastic carrier print the barcode on the reverse of the card ensuring it is obscured from view while in the carrier.






share|improve this answer




























    up vote
    5
    down vote













    One thing you could do that's been a staple of anti-counterfeiting for millenia is to introduce a deliberate flaw into your barcode that causes it to read, for example, the last two characters "incorrectly." Make it look like an accidental misprint of the card.



    You then instruct your scanner/software to ignore the error and pass you the data anyway, leaving out the invalid bits.



    Someone forging cards will likely assume that their photograph was imperfect or that they got a smudged card and manually correct the "error".



    Your software can then notice that it's being sent the "this card is a forgery" code and alert security.



    This is not the best security mechanism as it depends on an attacker both not knowing what you're doing and not just blindly copying the card without checking that it printed correctly.



    Pair this with some kind of watermarking. Either a literal watermark if you're using a paper card, or say stamping all the cards with an additional code that only shows up under UV light.



    If you stamp on a QR code, building a scanner that consists of a box with a slot in the front containing a camera and a UV lamp would be the work of an afternoon. Pipe it to the QR reader program of your choice. As long as you manage to keep the presence of the watermark a secret it should be nearly impossible for anyone to forge a card.






    share|improve this answer




























      up vote
      5
      down vote













      Yes, there is a way to do it*



      Use fluorescent materials for the barcode itself, making it so that duplication cannot be done by photograph without ruining the duplicate's "invisibility", which distinguishes fakes. Modern ID cards use this.



      *This only works for polycarbonate cards, not PVC. Unfortunately, this may not fit your client's budget.






      share|improve this answer

















      • 2




        Simple trick to make a document copy-evident: use flourescent highlighter pens on it. Color photocopiers will copy the apparent colour but not the flourescent property, usually causing the copy to look different.
        – rackandboneman
        Nov 30 at 20:49


















      up vote
      4
      down vote













      How about if the first time they're scanned in at the door by a human, the security person (i.e. scanner) checks the photo to make sure it matches the person with the badge. If it matches, the security person puts on one of those inexpensive tyvek wristbands of a specific color. These are often used at amusement parks, ball games, etc. to indicate specific access levels, age qualifications, etc. This would at least prevent unauthorized people from getting into your venue in the first place.



      These wristbands are one-time use, and are very difficult to take off and put on someone else without noticing that they've been removed. If you keep secret the "wristband color of the day", or get some specially made with a specific color or colors, then they should be fairly secure from copying. I also believe that these are typically rather inexpensive in bulk.



      Though in general, if security is this critically important at this event, then security should have been allocated enough funds up front to support its importance and value.






      share|improve this answer




























        up vote
        4
        down vote













        I know I'm late to the game, but here are two suggestions from me:



        1) Make the barcode really small, just big enough to be picked up by the a barcode scanner. This makes it difficult (but not impossible) to take useable copies with a camera without making it obvious that you're trying to do it.



        2) Split the barcode in two pairs (for instance, just every other bar) and print one half on the ID card, and one half on a transparent overlay -- you would then have to manually align the two halves to make a useful barcode. This makes it more tedious to actually use, but makes it unlikely that the parts will line up while dangling on the lanyard (especially if you make the transparent part with a different balance).



        You can of course combine the two approaches.






        share|improve this answer





















        • It's great fun - but I think it's way too complicated for the wearers, and slows down entry/exit points even moreso..
          – Konchog
          Nov 29 at 8:24


















        up vote
        3
        down vote













        Easy solution: Print the barcode on the lanyard and not on the badge.



        Everybody can print out a Photo-ID made out of paper with a barcode. It is rather complicated to print a barcode on a lanyard with your home printing equipment.



        If your PhotoID looks something like this:



        Hard plastic PhotoID



        It is very hard for a guard to tell if this barcode is the real deal or just a printed and glued on version of the barcode. If your event is attended by 300+ people, it gets very tedious to check these things. The bigger the barcode the better. If you are planning to use PhotoID that are made out of paper then it becomes impossible to tell if a printout is real or fake.

        If the barcode is on the lanyard it is extremely easy for the guards to tell if this is fake or real. But keep in mind this is by no means a failsafe method. It is really a "we have no more money left" control, and not something you should rely on.






        share|improve this answer























        • While a cool suggestion, I'm not sure this fixes anything. I can take a snapshot of the barcode and use a slip of paper in the reader. The best control here is to have a human verify the validity of the barcode media. The human would reject a slip of paper in both instances.
          – schroeder
          Nov 28 at 13:29








        • 1




          OP stated here that access to a room is always granted by a person who scans the barcode. The person will recognize if the barcode is on the lanyard or on something else.
          – Tom K.
          Nov 28 at 13:33








        • 1




          Right, so I'm not sure how this control adds anything but unnecessary complexity. The paper barcode would be detected in either case.
          – schroeder
          Nov 28 at 13:35






        • 1




          I was a bouncer at several high class events. I was underpaid, tired and everyone looked at me like I was dirt. I (and all my colleagues) would have never tested several hundred cards with our fingernails. But we could've probably spotted a "cheater" from 50 meters away. Controls that rely on humans only work when enforced. And this is a control that will not work, because it will not be enforced.
          – Tom K.
          Nov 28 at 13:52








        • 2




          I can't stand lanyards and would use a safety pin or fasten the card to a button or similar. If the lanyard holds the real barcode then its required. Whoops!
          – Criggie
          Nov 28 at 18:07


















        up vote
        3
        down vote













        While not a complete solution to the problem, you can make life slightly more difficult by including the EURion Constellation on your cards. This may be used in conjunction with other approaches.




        EURion constellation is a pattern of symbols incorporated into a number of banknote designs worldwide since about 1996. ... [It] consists of a pattern of five small yellow, green or orange circles, which is repeated across areas of the banknote at different orientations. The mere presence of five of these circles on a page is sufficient for some colour photocopiers to refuse processing.







        share|improve this answer





















        • Yeah I was thinking of something like this too last night - but it would still mean upgrading the scanners; also, and in fairness, the need (as I see it) isn't really trying to prevent counterfeits, as much as being able to protect identity.
          – Konchog
          Nov 29 at 7:17






        • 2




          @Konchog: No, your scanners don't need to detect the pattern. The hope is that the attacker cannot scan the pattern. You are only scanning barcodes.
          – MSalters
          Nov 29 at 8:05










        • @MSalters, ok - right.. But are cameras defeated by EURion? I just took a photo of a €20 note with no problems using an iPhone..
          – Konchog
          Nov 29 at 8:18






        • 1




          @Konchog: I did write "hope" intentionally there. Still, many printers also detect the pattern, so you might have a second line of defense.
          – MSalters
          Nov 29 at 8:26


















        up vote
        3
        down vote













        While it might be simple to take a photo of one side, it's much harder to capture both sides in a casual attack. You can do various things to build on that idea, depending on the event.




        • Unique barcodes on each side, attendee puts card between two readers

        • Barcode on one side, human-verifiable information on the other. Manually compared against account.




        Or you could add a second factor. Send the participant a registration SMS when they first scan in, that captures their beacon with the local wifi and then you can do approximation checks every time they scan in the future. If their phone isn't where it should be, block access and send another SMS-link. You could two-factor all the way, but you'd probably want an app to provide a quicker notification.





        Or you could just obscure the barcode entirely. Your idea was red cellophane... Why not just a blackout cover? This could be as dirty as a postit or some high-tack tape, or as pretty as a sleeve that only obscures the barcode.






        share|improve this answer




























          up vote
          2
          down vote













          As stated in other comments, it is unclear what the threats you are facing are. If you are purely worried about people photographing the identification, just do something so that the natural physical state of the pass obscures the barcode. For example, you can distribute the passes folded in half (the lanyard can help keep it in half) and the bar code can be on the inside. When people go to scan them, you can have security 'unfold' the pass to reveal the barcode. Or you can have people wear ID's but carry a bar-coded card in their pockets for entry.






          share|improve this answer

















          • 1




            Yes, the idea is mentioned above. It may seem unlikely, but it should be clear that I cannot reveal too much about anything on a public forum, and I err on the side of caution here. However, the 'threat' is access to high-value people rather than free champagne.. Not exactly meeting the president - but - you get the picture...
            – Konchog
            Nov 29 at 7:20


















          up vote
          2
          down vote













          Theoretically you can print in something polarised.
          Then view it with polarised light or through a polarised filter.
          Not necessarily cheap though.



          Presumably you can choose linear or circularly polarised in order to avoid any filter that might typically be in a common camera.






          share|improve this answer




























            up vote
            2
            down vote













            Strictly speaking, there isn't. If the scanner can read it, it can be recorded and reproduced. But that doesn't tell the whole story.



            Although cameras and screens/printers these days are pretty universal, they can't capture and reproduce every single color. There are actually colors that the human eye can see, but which are difficult to capture on camera, display on screen or print on paper:





            Some simple examples include fluorescent colors, actual fluorescence triggered by a certain color light emitted by the scanner (for instance, green plants glow orange under UV light), non-visible colors like UV or infrared. You could also go the reverse way and include features that are visible normally but invisible to your scanner, for instance perhaps part of the barcode is sandwiched between sheets of paper and which becomes properly transparent only under your scanner. Many banknotes incorporate such security measure based on transparency, special dyes and paper, glowing/hologrammed elements and so on.



            This doesn't mean your card is unphotographable, since obviously your scanner can detect it - an adversary could build a similar device and record your card. But it does mean that readily available consumer cameras won't be able to, so the adversary will have to obtain specialized equipment (which may not even be legal to purchase) or even build their own device. Similarly, reproducing will also be a challenge. If you use a color outside the CMYK space they can't print it, and if outside RGB their phone screen won't show it. Again, they can obtain or make specialized screens/papers that can do it (after all, whoever made your legitimate ID cards was able to) but it will be harder. Not to mention it will be easier for law enforcement to find them, because not many people would have such specialized equipment with no good reason.



            Really the ideal solution here is to just use RFID chips with encryption. Few people have the technical skills to reproduce those, and even if they do, they won't be able to easily find out the encryption key in the chip. As a lower cost option, magnetic cards should be cheaper, those can be easily cloned but it requires equipment. The time tested physical access control solution is of course a plain key (also not so simple to copy). Or you could just forget it all and go with memorized passwords.



            If you really have to use the scanners, I would either look into fluorescent ink, or printing on some material that doesn't look right except for a specific wavelength (which the scanner would presumably provide. But it's hard to be more precise without knowing what your scanner is.






            share|improve this answer






























              up vote
              1
              down vote













              If you can ensure all barcodes are printed at the exact same spot, you could modify the slot of the barcode reader to position the ID exactly with something covering the borders. So if someone tries to print a photo but it is slightly off-center, the barcode wont be read.



              However I would suggest that the reception do not have such thing, and just the ones with sensitive data. This way a "cheater" gets in thinking it worked, then he is stuck inside when trying to pass thru restricted areas. Depending on the person, it would be risky to go out and try to get it fixed and reveal their intention. If he gets blocked before entering the "common area", they might have a chance to fix that and try again with another person.






              share|improve this answer

















              • 5




                Scanners are not that precise. Photoshop is not that imprecise.
                – schroeder
                Nov 28 at 13:31






              • 1




                "Stuck inside" sounds like a potential fire code violation
                – infixed
                Nov 30 at 17:19


















              up vote
              0
              down vote













              I think you are too much focussed on copying the barcode. The correct way to do this is to issue an unique ID to each and every visiting person and keeping track of that ID, checking it in to (and possibly out of) the different venues. If an ID already is inside a venue then entry would be prohibited.
              There still is the possibility that a visitor gains entry with a copied barcode before the rightful ID owner. But in such a case the rightful owner could prove that he is the rightful owner of the ID by means of some type of receipt. You could then invalidate that ID in the computer, thus locking out the copied ID form further attendances.

              But is this worth the effort? What harm is done by a few unrightful visitors? The best security measure might be just to tell people there is a security measure to prevent fraud. "Please note that we will keep track of issued IDs and should we find that somebody has gained unrightful entry we will have our security guards take care of him until the police arrives" or similar might just do it... :-)






              share|improve this answer

















              • 3




                This creates a denial of service for the person who paid to enter the event if the illegitimate person enters first. While the receipt is a nice idea, it becomes a crucial part of their authorisation, which is what the ID is supposed to be
                – schroeder
                Nov 29 at 14:06




















              up vote
              0
              down vote













              If protecting the guard-supervised access points is enough, how about two-factor authentication on the cheap? Along with the ID card, hand out a plastic token, casino chip, rubber ducky or other trinket that cannot be obtained quickly by would-be gatecrashers.



              It should have a hole or other way to attach to the lanyard, otherwise you'll have people losing or "losing" it right and left.






              share|improve this answer




























                up vote
                0
                down vote













                It actually is not THAT easy to photograph without at least the wearer noticing it if the barcode is sufficiently small (think about the height of 8pt or 6pt lettering...)



                Let's assume we are talking handheld mobile phone cameras here, no high-end (dual lens) phones, clip-on teleconverters, professional/enthusiast grade cameras, optical zooms, RAW processing, or tripods involved. Someone affording all that bother can probably afford to pay your tickets.



                Let's assume a 12MP phone camera, yielding an effective resolution of 2000 pixels on the longest side of the photo. Not 4000, there will be either aliasing or antialising in your way once you try to faithfully reproduce structures smaller than 2 pixels.



                In many cases, you can again halve the effective resolution available for exact reproduction due to the image being automatically postprocessed by the phone firmware to correct for lens defects, especially in off-center parts of the image. Pixels get bumped off their raster to do that....



                Let's assume a standard phone camera lens, which will be a 24mm or 28mm equivalent wide angle with no optical zoom, so increasing magnification will not give you extra resolution.



                If your barcode would need 100 pixels resolution to work, that would mean someone would have to photograph it in a way that it fills 1/20th of the frame, and would have to do so without introducing perspective distortion, shake, other errors...



                A 1cm long tiny barcode would merely fill 1/100th of the frame width snapped with an 28mm equivalent lens from a distance of 1 meter.... or 1/50th if somebody came up to someone at half a meter distance, probably getting told off for encroaching.






                share|improve this answer




















                  protected by schroeder Nov 29 at 15:13



                  Thank you for your interest in this question.
                  Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).



                  Would you like to answer one of these unanswered questions instead?














                  21 Answers
                  21






                  active

                  oldest

                  votes








                  21 Answers
                  21






                  active

                  oldest

                  votes









                  active

                  oldest

                  votes






                  active

                  oldest

                  votes








                  up vote
                  76
                  down vote













                  Simple answer: No



                  If you can see it, you can photograph it.



                  There have been countless attempts over the years to solve this part of DRM and all have failed.



                  Instead of focusing on the barcode, have you considered making it difficult to copy the id card itself? So that security for each area can quickly check it isn't an overlay? For example a hologram over the barcode that the scanner ignores but a human can check, or a high quality plastic card with the barcode in the coloured coating - a guard can spot a fake overlay.






                  share|improve this answer



















                  • 6




                    I'd think something akin to a monitor privacy filter would help a bit. It would at least ensure that the barcode would have to be viewed from a very precise angle, which is easy for a scanner but not a photographer.
                    – forest
                    Nov 28 at 8:08








                  • 5




                    Yeah - I have one for my luggage tags (3M were at a conference I went to and were giving out interesting swag) but it's not useful enough: lanyards swing etc
                    – Rory Alsop
                    Nov 28 at 8:09






                  • 1




                    @RoryAlsop, Do you have a photo of what that (the monitor privacy thing) looks like? (never mind I googled it - 3M are easy to find, but again quite expensive). The client cannot afford holograms! How about if we stick it on the inside of a folded id - booklet style - with the photo on the outside? Hmm but it makes UX a bit fiddly. stumped
                    – Konchog
                    Nov 28 at 8:34








                  • 10




                    I like the idea. For one time events, it is easier to stick a cheap unique hologram sticker to defeat photocopy.
                    – mootmoot
                    Nov 28 at 9:38






                  • 5




                    @Konchog IMHO, the purpose is to defeat photocopy, any cheapo hologram will do.
                    – mootmoot
                    Nov 28 at 9:41















                  up vote
                  76
                  down vote













                  Simple answer: No



                  If you can see it, you can photograph it.



                  There have been countless attempts over the years to solve this part of DRM and all have failed.



                  Instead of focusing on the barcode, have you considered making it difficult to copy the id card itself? So that security for each area can quickly check it isn't an overlay? For example a hologram over the barcode that the scanner ignores but a human can check, or a high quality plastic card with the barcode in the coloured coating - a guard can spot a fake overlay.






                  share|improve this answer



















                  • 6




                    I'd think something akin to a monitor privacy filter would help a bit. It would at least ensure that the barcode would have to be viewed from a very precise angle, which is easy for a scanner but not a photographer.
                    – forest
                    Nov 28 at 8:08








                  • 5




                    Yeah - I have one for my luggage tags (3M were at a conference I went to and were giving out interesting swag) but it's not useful enough: lanyards swing etc
                    – Rory Alsop
                    Nov 28 at 8:09






                  • 1




                    @RoryAlsop, Do you have a photo of what that (the monitor privacy thing) looks like? (never mind I googled it - 3M are easy to find, but again quite expensive). The client cannot afford holograms! How about if we stick it on the inside of a folded id - booklet style - with the photo on the outside? Hmm but it makes UX a bit fiddly. stumped
                    – Konchog
                    Nov 28 at 8:34








                  • 10




                    I like the idea. For one time events, it is easier to stick a cheap unique hologram sticker to defeat photocopy.
                    – mootmoot
                    Nov 28 at 9:38






                  • 5




                    @Konchog IMHO, the purpose is to defeat photocopy, any cheapo hologram will do.
                    – mootmoot
                    Nov 28 at 9:41













                  up vote
                  76
                  down vote










                  up vote
                  76
                  down vote









                  Simple answer: No



                  If you can see it, you can photograph it.



                  There have been countless attempts over the years to solve this part of DRM and all have failed.



                  Instead of focusing on the barcode, have you considered making it difficult to copy the id card itself? So that security for each area can quickly check it isn't an overlay? For example a hologram over the barcode that the scanner ignores but a human can check, or a high quality plastic card with the barcode in the coloured coating - a guard can spot a fake overlay.






                  share|improve this answer














                  Simple answer: No



                  If you can see it, you can photograph it.



                  There have been countless attempts over the years to solve this part of DRM and all have failed.



                  Instead of focusing on the barcode, have you considered making it difficult to copy the id card itself? So that security for each area can quickly check it isn't an overlay? For example a hologram over the barcode that the scanner ignores but a human can check, or a high quality plastic card with the barcode in the coloured coating - a guard can spot a fake overlay.







                  share|improve this answer














                  share|improve this answer



                  share|improve this answer








                  edited Nov 28 at 12:07

























                  answered Nov 28 at 8:02









                  Rory Alsop

                  56.8k11103296




                  56.8k11103296








                  • 6




                    I'd think something akin to a monitor privacy filter would help a bit. It would at least ensure that the barcode would have to be viewed from a very precise angle, which is easy for a scanner but not a photographer.
                    – forest
                    Nov 28 at 8:08








                  • 5




                    Yeah - I have one for my luggage tags (3M were at a conference I went to and were giving out interesting swag) but it's not useful enough: lanyards swing etc
                    – Rory Alsop
                    Nov 28 at 8:09






                  • 1




                    @RoryAlsop, Do you have a photo of what that (the monitor privacy thing) looks like? (never mind I googled it - 3M are easy to find, but again quite expensive). The client cannot afford holograms! How about if we stick it on the inside of a folded id - booklet style - with the photo on the outside? Hmm but it makes UX a bit fiddly. stumped
                    – Konchog
                    Nov 28 at 8:34








                  • 10




                    I like the idea. For one time events, it is easier to stick a cheap unique hologram sticker to defeat photocopy.
                    – mootmoot
                    Nov 28 at 9:38






                  • 5




                    @Konchog IMHO, the purpose is to defeat photocopy, any cheapo hologram will do.
                    – mootmoot
                    Nov 28 at 9:41














                  • 6




                    I'd think something akin to a monitor privacy filter would help a bit. It would at least ensure that the barcode would have to be viewed from a very precise angle, which is easy for a scanner but not a photographer.
                    – forest
                    Nov 28 at 8:08








                  • 5




                    Yeah - I have one for my luggage tags (3M were at a conference I went to and were giving out interesting swag) but it's not useful enough: lanyards swing etc
                    – Rory Alsop
                    Nov 28 at 8:09






                  • 1




                    @RoryAlsop, Do you have a photo of what that (the monitor privacy thing) looks like? (never mind I googled it - 3M are easy to find, but again quite expensive). The client cannot afford holograms! How about if we stick it on the inside of a folded id - booklet style - with the photo on the outside? Hmm but it makes UX a bit fiddly. stumped
                    – Konchog
                    Nov 28 at 8:34








                  • 10




                    I like the idea. For one time events, it is easier to stick a cheap unique hologram sticker to defeat photocopy.
                    – mootmoot
                    Nov 28 at 9:38






                  • 5




                    @Konchog IMHO, the purpose is to defeat photocopy, any cheapo hologram will do.
                    – mootmoot
                    Nov 28 at 9:41








                  6




                  6




                  I'd think something akin to a monitor privacy filter would help a bit. It would at least ensure that the barcode would have to be viewed from a very precise angle, which is easy for a scanner but not a photographer.
                  – forest
                  Nov 28 at 8:08






                  I'd think something akin to a monitor privacy filter would help a bit. It would at least ensure that the barcode would have to be viewed from a very precise angle, which is easy for a scanner but not a photographer.
                  – forest
                  Nov 28 at 8:08






                  5




                  5




                  Yeah - I have one for my luggage tags (3M were at a conference I went to and were giving out interesting swag) but it's not useful enough: lanyards swing etc
                  – Rory Alsop
                  Nov 28 at 8:09




                  Yeah - I have one for my luggage tags (3M were at a conference I went to and were giving out interesting swag) but it's not useful enough: lanyards swing etc
                  – Rory Alsop
                  Nov 28 at 8:09




                  1




                  1




                  @RoryAlsop, Do you have a photo of what that (the monitor privacy thing) looks like? (never mind I googled it - 3M are easy to find, but again quite expensive). The client cannot afford holograms! How about if we stick it on the inside of a folded id - booklet style - with the photo on the outside? Hmm but it makes UX a bit fiddly. stumped
                  – Konchog
                  Nov 28 at 8:34






                  @RoryAlsop, Do you have a photo of what that (the monitor privacy thing) looks like? (never mind I googled it - 3M are easy to find, but again quite expensive). The client cannot afford holograms! How about if we stick it on the inside of a folded id - booklet style - with the photo on the outside? Hmm but it makes UX a bit fiddly. stumped
                  – Konchog
                  Nov 28 at 8:34






                  10




                  10




                  I like the idea. For one time events, it is easier to stick a cheap unique hologram sticker to defeat photocopy.
                  – mootmoot
                  Nov 28 at 9:38




                  I like the idea. For one time events, it is easier to stick a cheap unique hologram sticker to defeat photocopy.
                  – mootmoot
                  Nov 28 at 9:38




                  5




                  5




                  @Konchog IMHO, the purpose is to defeat photocopy, any cheapo hologram will do.
                  – mootmoot
                  Nov 28 at 9:41




                  @Konchog IMHO, the purpose is to defeat photocopy, any cheapo hologram will do.
                  – mootmoot
                  Nov 28 at 9:41












                  up vote
                  52
                  down vote













                  Simple answer is yes. Unfortunately I think you might be struggling to do so on a tight budget, barcodes can be printed using inks that are only visible under UV/IR light, so they aren't visible to the naked eye and can't be replicated without specialist equipment and inks.



                  Unfortunately the scanners that can read these codes aren't cheap and neither is the ink so unless you're going to be having more than a couple of thousand attendees the NFC route is going to be cheaper. And as the question indicates this isn't something you think they will pay for so that probably puts the "unphotographable" barcode solutions out of your price range.






                  share|improve this answer

















                  • 5




                    Yeah they aren't completely foolproof - most of the inks work by fluorescing in the visible spectrum when under the appropriate type of light so using that to uncover the barcode and then reproducing it would probably fool scanners, that actually gives me an idea - I wonder if printing the barcodes using UV ink and then having a cheap UV light set up next to a standard scanner to reveal it would work. It's a bit rough and ready (and would be vulnerable to the above flaw for certain) but might be on-budget?
                    – motosubatsu
                    Nov 28 at 12:16






                  • 7




                    I really want to test this now with a cheap barcode reader, a strong UV lamp and UV ink. Could cheap materials work?
                    – schroeder
                    Nov 28 at 13:38






                  • 1




                    @schroeder me too! I've got access to a reader at work but would need a way to produce UV barcodes
                    – motosubatsu
                    Nov 28 at 13:42








                  • 6




                    My kid has a "secret writing pen" with a built-in lamp. Hit a dollar store? Use a stencil to copy an existing barcode
                    – schroeder
                    Nov 28 at 13:43








                  • 5




                    Unfortunately, many phone cameras can "see" infrared.
                    – MGOwen
                    Nov 29 at 6:33















                  up vote
                  52
                  down vote













                  Simple answer is yes. Unfortunately I think you might be struggling to do so on a tight budget, barcodes can be printed using inks that are only visible under UV/IR light, so they aren't visible to the naked eye and can't be replicated without specialist equipment and inks.



                  Unfortunately the scanners that can read these codes aren't cheap and neither is the ink so unless you're going to be having more than a couple of thousand attendees the NFC route is going to be cheaper. And as the question indicates this isn't something you think they will pay for so that probably puts the "unphotographable" barcode solutions out of your price range.






                  share|improve this answer

















                  • 5




                    Yeah they aren't completely foolproof - most of the inks work by fluorescing in the visible spectrum when under the appropriate type of light so using that to uncover the barcode and then reproducing it would probably fool scanners, that actually gives me an idea - I wonder if printing the barcodes using UV ink and then having a cheap UV light set up next to a standard scanner to reveal it would work. It's a bit rough and ready (and would be vulnerable to the above flaw for certain) but might be on-budget?
                    – motosubatsu
                    Nov 28 at 12:16






                  • 7




                    I really want to test this now with a cheap barcode reader, a strong UV lamp and UV ink. Could cheap materials work?
                    – schroeder
                    Nov 28 at 13:38






                  • 1




                    @schroeder me too! I've got access to a reader at work but would need a way to produce UV barcodes
                    – motosubatsu
                    Nov 28 at 13:42








                  • 6




                    My kid has a "secret writing pen" with a built-in lamp. Hit a dollar store? Use a stencil to copy an existing barcode
                    – schroeder
                    Nov 28 at 13:43








                  • 5




                    Unfortunately, many phone cameras can "see" infrared.
                    – MGOwen
                    Nov 29 at 6:33













                  up vote
                  52
                  down vote










                  up vote
                  52
                  down vote









                  Simple answer is yes. Unfortunately I think you might be struggling to do so on a tight budget, barcodes can be printed using inks that are only visible under UV/IR light, so they aren't visible to the naked eye and can't be replicated without specialist equipment and inks.



                  Unfortunately the scanners that can read these codes aren't cheap and neither is the ink so unless you're going to be having more than a couple of thousand attendees the NFC route is going to be cheaper. And as the question indicates this isn't something you think they will pay for so that probably puts the "unphotographable" barcode solutions out of your price range.






                  share|improve this answer












                  Simple answer is yes. Unfortunately I think you might be struggling to do so on a tight budget, barcodes can be printed using inks that are only visible under UV/IR light, so they aren't visible to the naked eye and can't be replicated without specialist equipment and inks.



                  Unfortunately the scanners that can read these codes aren't cheap and neither is the ink so unless you're going to be having more than a couple of thousand attendees the NFC route is going to be cheaper. And as the question indicates this isn't something you think they will pay for so that probably puts the "unphotographable" barcode solutions out of your price range.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Nov 28 at 11:18









                  motosubatsu

                  87426




                  87426








                  • 5




                    Yeah they aren't completely foolproof - most of the inks work by fluorescing in the visible spectrum when under the appropriate type of light so using that to uncover the barcode and then reproducing it would probably fool scanners, that actually gives me an idea - I wonder if printing the barcodes using UV ink and then having a cheap UV light set up next to a standard scanner to reveal it would work. It's a bit rough and ready (and would be vulnerable to the above flaw for certain) but might be on-budget?
                    – motosubatsu
                    Nov 28 at 12:16






                  • 7




                    I really want to test this now with a cheap barcode reader, a strong UV lamp and UV ink. Could cheap materials work?
                    – schroeder
                    Nov 28 at 13:38






                  • 1




                    @schroeder me too! I've got access to a reader at work but would need a way to produce UV barcodes
                    – motosubatsu
                    Nov 28 at 13:42








                  • 6




                    My kid has a "secret writing pen" with a built-in lamp. Hit a dollar store? Use a stencil to copy an existing barcode
                    – schroeder
                    Nov 28 at 13:43








                  • 5




                    Unfortunately, many phone cameras can "see" infrared.
                    – MGOwen
                    Nov 29 at 6:33














                  • 5




                    Yeah they aren't completely foolproof - most of the inks work by fluorescing in the visible spectrum when under the appropriate type of light so using that to uncover the barcode and then reproducing it would probably fool scanners, that actually gives me an idea - I wonder if printing the barcodes using UV ink and then having a cheap UV light set up next to a standard scanner to reveal it would work. It's a bit rough and ready (and would be vulnerable to the above flaw for certain) but might be on-budget?
                    – motosubatsu
                    Nov 28 at 12:16






                  • 7




                    I really want to test this now with a cheap barcode reader, a strong UV lamp and UV ink. Could cheap materials work?
                    – schroeder
                    Nov 28 at 13:38






                  • 1




                    @schroeder me too! I've got access to a reader at work but would need a way to produce UV barcodes
                    – motosubatsu
                    Nov 28 at 13:42








                  • 6




                    My kid has a "secret writing pen" with a built-in lamp. Hit a dollar store? Use a stencil to copy an existing barcode
                    – schroeder
                    Nov 28 at 13:43








                  • 5




                    Unfortunately, many phone cameras can "see" infrared.
                    – MGOwen
                    Nov 29 at 6:33








                  5




                  5




                  Yeah they aren't completely foolproof - most of the inks work by fluorescing in the visible spectrum when under the appropriate type of light so using that to uncover the barcode and then reproducing it would probably fool scanners, that actually gives me an idea - I wonder if printing the barcodes using UV ink and then having a cheap UV light set up next to a standard scanner to reveal it would work. It's a bit rough and ready (and would be vulnerable to the above flaw for certain) but might be on-budget?
                  – motosubatsu
                  Nov 28 at 12:16




                  Yeah they aren't completely foolproof - most of the inks work by fluorescing in the visible spectrum when under the appropriate type of light so using that to uncover the barcode and then reproducing it would probably fool scanners, that actually gives me an idea - I wonder if printing the barcodes using UV ink and then having a cheap UV light set up next to a standard scanner to reveal it would work. It's a bit rough and ready (and would be vulnerable to the above flaw for certain) but might be on-budget?
                  – motosubatsu
                  Nov 28 at 12:16




                  7




                  7




                  I really want to test this now with a cheap barcode reader, a strong UV lamp and UV ink. Could cheap materials work?
                  – schroeder
                  Nov 28 at 13:38




                  I really want to test this now with a cheap barcode reader, a strong UV lamp and UV ink. Could cheap materials work?
                  – schroeder
                  Nov 28 at 13:38




                  1




                  1




                  @schroeder me too! I've got access to a reader at work but would need a way to produce UV barcodes
                  – motosubatsu
                  Nov 28 at 13:42






                  @schroeder me too! I've got access to a reader at work but would need a way to produce UV barcodes
                  – motosubatsu
                  Nov 28 at 13:42






                  6




                  6




                  My kid has a "secret writing pen" with a built-in lamp. Hit a dollar store? Use a stencil to copy an existing barcode
                  – schroeder
                  Nov 28 at 13:43






                  My kid has a "secret writing pen" with a built-in lamp. Hit a dollar store? Use a stencil to copy an existing barcode
                  – schroeder
                  Nov 28 at 13:43






                  5




                  5




                  Unfortunately, many phone cameras can "see" infrared.
                  – MGOwen
                  Nov 29 at 6:33




                  Unfortunately, many phone cameras can "see" infrared.
                  – MGOwen
                  Nov 29 at 6:33










                  up vote
                  28
                  down vote













                  While a simple red cellophane does little to hide the barcode, you could apply multiple colors to hide the barcode from human eye. If the barcode scanner only uses a single wavelength (such as red), it will see the colors differently than a human or a color camera.



                  This would be more difficult to photograph and print successfully, because cameras and printers will blur the colors more easily than they would blur a black and white image. Further, you could experiment with making the foreground and background some kind of random pattern, so that it is not obvious that it is a barcode at all.



                  For example, you replace black with blue and green, and white with red and orange:



                  Obfuscated barcode



                  To a red-light barcode scanner, this should appear like a normal black and white barcode. But I expect it would be more difficult to copy successfully.





                  Theoretical background: The human eye is most sensitive to brightness variations, and less sensitive to color variations. Most of our equipment, such as cameras, printers and image formats reflect this, and methods such as Chroma subsampling and Bayer filter are in common use. But a scanner at a single wavelength is completely insensitive to brightness variations in other colors, and very sensitive to color variations that affect the amount of red in the color.



                  Thus the pattern should be designed so that it has a lot of brightness variation to make copying difficult, while keeping the brightness seen by scanner the same. One way to do this in image editors is to separate red/green/blue channels and only edit the green and blue channels.






                  share|improve this answer



















                  • 4




                    Looks like some kind of tartan. But still, if you can scan it, you can also make a photograph of it, can't you?
                    – Trilarion
                    Nov 28 at 13:54








                  • 3




                    @Trilarion Yeah, but it's more work to do so successfully. At least color vs. bw printer, or some photoshopping. And I expect it could blur more easily in camera or JPEG compression, though of course with care you can still do it.
                    – jpa
                    Nov 28 at 13:56






                  • 4




                    Great practical solution! The thread model is currently someone getting a quick "blurry" photograph from the original card and printing this photograph with a consumer-grade printer onto simple paper. - The color differences from the original to this one coupled with some blurriness will probably lead to copies being ineffective at scanners and very easily identifiable by human security.
                    – Falco
                    Nov 29 at 13:45






                  • 4




                    I think this answer is theoretically correct, but in practical reality won't work: There's enough of a safety margin on labels that you get a good read (say) 9-out-of-10-times. To be so borderline-illegible that a good photo is made to reliably fail (that's what you're proposing) seems a recipe for frustration --- for chaos and long queues and social engineering opportunities to enter your venue. Coincidentally today I got offered a (non-sensitive) product I asked after, when my ID proved illegible; the vendor said "You were here on Saturday, right? I remember you" when I absolutely hadn't.
                    – user3445853
                    Nov 29 at 21:45










                  • Unless you had a scanner setup to be sensitive to precise customized ink variants, photographing this and printing on a run of the mill consumer color printer will duplicate this just fine. Human eye response is not relevant.
                    – user10216038
                    Nov 30 at 22:59















                  up vote
                  28
                  down vote













                  While a simple red cellophane does little to hide the barcode, you could apply multiple colors to hide the barcode from human eye. If the barcode scanner only uses a single wavelength (such as red), it will see the colors differently than a human or a color camera.



                  This would be more difficult to photograph and print successfully, because cameras and printers will blur the colors more easily than they would blur a black and white image. Further, you could experiment with making the foreground and background some kind of random pattern, so that it is not obvious that it is a barcode at all.



                  For example, you replace black with blue and green, and white with red and orange:



                  Obfuscated barcode



                  To a red-light barcode scanner, this should appear like a normal black and white barcode. But I expect it would be more difficult to copy successfully.





                  Theoretical background: The human eye is most sensitive to brightness variations, and less sensitive to color variations. Most of our equipment, such as cameras, printers and image formats reflect this, and methods such as Chroma subsampling and Bayer filter are in common use. But a scanner at a single wavelength is completely insensitive to brightness variations in other colors, and very sensitive to color variations that affect the amount of red in the color.



                  Thus the pattern should be designed so that it has a lot of brightness variation to make copying difficult, while keeping the brightness seen by scanner the same. One way to do this in image editors is to separate red/green/blue channels and only edit the green and blue channels.






                  share|improve this answer



















                  • 4




                    Looks like some kind of tartan. But still, if you can scan it, you can also make a photograph of it, can't you?
                    – Trilarion
                    Nov 28 at 13:54








                  • 3




                    @Trilarion Yeah, but it's more work to do so successfully. At least color vs. bw printer, or some photoshopping. And I expect it could blur more easily in camera or JPEG compression, though of course with care you can still do it.
                    – jpa
                    Nov 28 at 13:56






                  • 4




                    Great practical solution! The thread model is currently someone getting a quick "blurry" photograph from the original card and printing this photograph with a consumer-grade printer onto simple paper. - The color differences from the original to this one coupled with some blurriness will probably lead to copies being ineffective at scanners and very easily identifiable by human security.
                    – Falco
                    Nov 29 at 13:45






                  • 4




                    I think this answer is theoretically correct, but in practical reality won't work: There's enough of a safety margin on labels that you get a good read (say) 9-out-of-10-times. To be so borderline-illegible that a good photo is made to reliably fail (that's what you're proposing) seems a recipe for frustration --- for chaos and long queues and social engineering opportunities to enter your venue. Coincidentally today I got offered a (non-sensitive) product I asked after, when my ID proved illegible; the vendor said "You were here on Saturday, right? I remember you" when I absolutely hadn't.
                    – user3445853
                    Nov 29 at 21:45










                  • Unless you had a scanner setup to be sensitive to precise customized ink variants, photographing this and printing on a run of the mill consumer color printer will duplicate this just fine. Human eye response is not relevant.
                    – user10216038
                    Nov 30 at 22:59













                  up vote
                  28
                  down vote










                  up vote
                  28
                  down vote









                  While a simple red cellophane does little to hide the barcode, you could apply multiple colors to hide the barcode from human eye. If the barcode scanner only uses a single wavelength (such as red), it will see the colors differently than a human or a color camera.



                  This would be more difficult to photograph and print successfully, because cameras and printers will blur the colors more easily than they would blur a black and white image. Further, you could experiment with making the foreground and background some kind of random pattern, so that it is not obvious that it is a barcode at all.



                  For example, you replace black with blue and green, and white with red and orange:



                  Obfuscated barcode



                  To a red-light barcode scanner, this should appear like a normal black and white barcode. But I expect it would be more difficult to copy successfully.





                  Theoretical background: The human eye is most sensitive to brightness variations, and less sensitive to color variations. Most of our equipment, such as cameras, printers and image formats reflect this, and methods such as Chroma subsampling and Bayer filter are in common use. But a scanner at a single wavelength is completely insensitive to brightness variations in other colors, and very sensitive to color variations that affect the amount of red in the color.



                  Thus the pattern should be designed so that it has a lot of brightness variation to make copying difficult, while keeping the brightness seen by scanner the same. One way to do this in image editors is to separate red/green/blue channels and only edit the green and blue channels.






                  share|improve this answer














                  While a simple red cellophane does little to hide the barcode, you could apply multiple colors to hide the barcode from human eye. If the barcode scanner only uses a single wavelength (such as red), it will see the colors differently than a human or a color camera.



                  This would be more difficult to photograph and print successfully, because cameras and printers will blur the colors more easily than they would blur a black and white image. Further, you could experiment with making the foreground and background some kind of random pattern, so that it is not obvious that it is a barcode at all.



                  For example, you replace black with blue and green, and white with red and orange:



                  Obfuscated barcode



                  To a red-light barcode scanner, this should appear like a normal black and white barcode. But I expect it would be more difficult to copy successfully.





                  Theoretical background: The human eye is most sensitive to brightness variations, and less sensitive to color variations. Most of our equipment, such as cameras, printers and image formats reflect this, and methods such as Chroma subsampling and Bayer filter are in common use. But a scanner at a single wavelength is completely insensitive to brightness variations in other colors, and very sensitive to color variations that affect the amount of red in the color.



                  Thus the pattern should be designed so that it has a lot of brightness variation to make copying difficult, while keeping the brightness seen by scanner the same. One way to do this in image editors is to separate red/green/blue channels and only edit the green and blue channels.







                  share|improve this answer














                  share|improve this answer



                  share|improve this answer








                  edited Nov 28 at 14:19

























                  answered Nov 28 at 13:41









                  jpa

                  60348




                  60348








                  • 4




                    Looks like some kind of tartan. But still, if you can scan it, you can also make a photograph of it, can't you?
                    – Trilarion
                    Nov 28 at 13:54








                  • 3




                    @Trilarion Yeah, but it's more work to do so successfully. At least color vs. bw printer, or some photoshopping. And I expect it could blur more easily in camera or JPEG compression, though of course with care you can still do it.
                    – jpa
                    Nov 28 at 13:56






                  • 4




                    Great practical solution! The thread model is currently someone getting a quick "blurry" photograph from the original card and printing this photograph with a consumer-grade printer onto simple paper. - The color differences from the original to this one coupled with some blurriness will probably lead to copies being ineffective at scanners and very easily identifiable by human security.
                    – Falco
                    Nov 29 at 13:45






                  • 4




                    I think this answer is theoretically correct, but in practical reality won't work: There's enough of a safety margin on labels that you get a good read (say) 9-out-of-10-times. To be so borderline-illegible that a good photo is made to reliably fail (that's what you're proposing) seems a recipe for frustration --- for chaos and long queues and social engineering opportunities to enter your venue. Coincidentally today I got offered a (non-sensitive) product I asked after, when my ID proved illegible; the vendor said "You were here on Saturday, right? I remember you" when I absolutely hadn't.
                    – user3445853
                    Nov 29 at 21:45










                  • Unless you had a scanner setup to be sensitive to precise customized ink variants, photographing this and printing on a run of the mill consumer color printer will duplicate this just fine. Human eye response is not relevant.
                    – user10216038
                    Nov 30 at 22:59














                  • 4




                    Looks like some kind of tartan. But still, if you can scan it, you can also make a photograph of it, can't you?
                    – Trilarion
                    Nov 28 at 13:54








                  • 3




                    @Trilarion Yeah, but it's more work to do so successfully. At least color vs. bw printer, or some photoshopping. And I expect it could blur more easily in camera or JPEG compression, though of course with care you can still do it.
                    – jpa
                    Nov 28 at 13:56






                  • 4




                    Great practical solution! The thread model is currently someone getting a quick "blurry" photograph from the original card and printing this photograph with a consumer-grade printer onto simple paper. - The color differences from the original to this one coupled with some blurriness will probably lead to copies being ineffective at scanners and very easily identifiable by human security.
                    – Falco
                    Nov 29 at 13:45






                  • 4




                    I think this answer is theoretically correct, but in practical reality won't work: There's enough of a safety margin on labels that you get a good read (say) 9-out-of-10-times. To be so borderline-illegible that a good photo is made to reliably fail (that's what you're proposing) seems a recipe for frustration --- for chaos and long queues and social engineering opportunities to enter your venue. Coincidentally today I got offered a (non-sensitive) product I asked after, when my ID proved illegible; the vendor said "You were here on Saturday, right? I remember you" when I absolutely hadn't.
                    – user3445853
                    Nov 29 at 21:45










                  • Unless you had a scanner setup to be sensitive to precise customized ink variants, photographing this and printing on a run of the mill consumer color printer will duplicate this just fine. Human eye response is not relevant.
                    – user10216038
                    Nov 30 at 22:59








                  4




                  4




                  Looks like some kind of tartan. But still, if you can scan it, you can also make a photograph of it, can't you?
                  – Trilarion
                  Nov 28 at 13:54






                  Looks like some kind of tartan. But still, if you can scan it, you can also make a photograph of it, can't you?
                  – Trilarion
                  Nov 28 at 13:54






                  3




                  3




                  @Trilarion Yeah, but it's more work to do so successfully. At least color vs. bw printer, or some photoshopping. And I expect it could blur more easily in camera or JPEG compression, though of course with care you can still do it.
                  – jpa
                  Nov 28 at 13:56




                  @Trilarion Yeah, but it's more work to do so successfully. At least color vs. bw printer, or some photoshopping. And I expect it could blur more easily in camera or JPEG compression, though of course with care you can still do it.
                  – jpa
                  Nov 28 at 13:56




                  4




                  4




                  Great practical solution! The thread model is currently someone getting a quick "blurry" photograph from the original card and printing this photograph with a consumer-grade printer onto simple paper. - The color differences from the original to this one coupled with some blurriness will probably lead to copies being ineffective at scanners and very easily identifiable by human security.
                  – Falco
                  Nov 29 at 13:45




                  Great practical solution! The thread model is currently someone getting a quick "blurry" photograph from the original card and printing this photograph with a consumer-grade printer onto simple paper. - The color differences from the original to this one coupled with some blurriness will probably lead to copies being ineffective at scanners and very easily identifiable by human security.
                  – Falco
                  Nov 29 at 13:45




                  4




                  4




                  I think this answer is theoretically correct, but in practical reality won't work: There's enough of a safety margin on labels that you get a good read (say) 9-out-of-10-times. To be so borderline-illegible that a good photo is made to reliably fail (that's what you're proposing) seems a recipe for frustration --- for chaos and long queues and social engineering opportunities to enter your venue. Coincidentally today I got offered a (non-sensitive) product I asked after, when my ID proved illegible; the vendor said "You were here on Saturday, right? I remember you" when I absolutely hadn't.
                  – user3445853
                  Nov 29 at 21:45




                  I think this answer is theoretically correct, but in practical reality won't work: There's enough of a safety margin on labels that you get a good read (say) 9-out-of-10-times. To be so borderline-illegible that a good photo is made to reliably fail (that's what you're proposing) seems a recipe for frustration --- for chaos and long queues and social engineering opportunities to enter your venue. Coincidentally today I got offered a (non-sensitive) product I asked after, when my ID proved illegible; the vendor said "You were here on Saturday, right? I remember you" when I absolutely hadn't.
                  – user3445853
                  Nov 29 at 21:45












                  Unless you had a scanner setup to be sensitive to precise customized ink variants, photographing this and printing on a run of the mill consumer color printer will duplicate this just fine. Human eye response is not relevant.
                  – user10216038
                  Nov 30 at 22:59




                  Unless you had a scanner setup to be sensitive to precise customized ink variants, photographing this and printing on a run of the mill consumer color printer will duplicate this just fine. Human eye response is not relevant.
                  – user10216038
                  Nov 30 at 22:59










                  up vote
                  23
                  down vote













                  The cheapest solution for your situation in this case is utilising the human security guard to do photo check. Use the barcode tag to quickly lookup the user's record from the participant database, the database should store participant's photo and the guard should check that the participant that presented themselves match the photo on the database.



                  The barcode in this case should not really be considered part of the security, it's just a quick way to lookup database records, so it doesn't matter if it gets copied. The real security comes from the photo matching. Obviously, you can't really enforce security on self scan spots in this case, which is the main weakness.






                  share|improve this answer

















                  • 4




                    Photo check is not required. Just verify that a badge is legitimate. The vulnerability becomes the ability to source and print a badge that will pass inspection, which raises the bar significantly.
                    – schroeder
                    Nov 28 at 11:55








                  • 2




                    "Oh, the event has already started? I reeeeally need to get in! Here's my legit barcode. You can skip the photo check, okay? Okay! Bye!!"
                    – Tom K.
                    Nov 28 at 13:23










                  • @schroeder Depends on if "sharing" badges is considered a problem. (Or, if this is a heist novel, knocking someone out for 8+ hours and "borrowing" theirs.)
                    – user3067860
                    Nov 28 at 14:45















                  up vote
                  23
                  down vote













                  The cheapest solution for your situation in this case is utilising the human security guard to do photo check. Use the barcode tag to quickly lookup the user's record from the participant database, the database should store participant's photo and the guard should check that the participant that presented themselves match the photo on the database.



                  The barcode in this case should not really be considered part of the security, it's just a quick way to lookup database records, so it doesn't matter if it gets copied. The real security comes from the photo matching. Obviously, you can't really enforce security on self scan spots in this case, which is the main weakness.






                  share|improve this answer

















                  • 4




                    Photo check is not required. Just verify that a badge is legitimate. The vulnerability becomes the ability to source and print a badge that will pass inspection, which raises the bar significantly.
                    – schroeder
                    Nov 28 at 11:55








                  • 2




                    "Oh, the event has already started? I reeeeally need to get in! Here's my legit barcode. You can skip the photo check, okay? Okay! Bye!!"
                    – Tom K.
                    Nov 28 at 13:23










                  • @schroeder Depends on if "sharing" badges is considered a problem. (Or, if this is a heist novel, knocking someone out for 8+ hours and "borrowing" theirs.)
                    – user3067860
                    Nov 28 at 14:45













                  up vote
                  23
                  down vote










                  up vote
                  23
                  down vote









                  The cheapest solution for your situation in this case is utilising the human security guard to do photo check. Use the barcode tag to quickly lookup the user's record from the participant database, the database should store participant's photo and the guard should check that the participant that presented themselves match the photo on the database.



                  The barcode in this case should not really be considered part of the security, it's just a quick way to lookup database records, so it doesn't matter if it gets copied. The real security comes from the photo matching. Obviously, you can't really enforce security on self scan spots in this case, which is the main weakness.






                  share|improve this answer












                  The cheapest solution for your situation in this case is utilising the human security guard to do photo check. Use the barcode tag to quickly lookup the user's record from the participant database, the database should store participant's photo and the guard should check that the participant that presented themselves match the photo on the database.



                  The barcode in this case should not really be considered part of the security, it's just a quick way to lookup database records, so it doesn't matter if it gets copied. The real security comes from the photo matching. Obviously, you can't really enforce security on self scan spots in this case, which is the main weakness.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Nov 28 at 10:58









                  Lie Ryan

                  21.8k24674




                  21.8k24674








                  • 4




                    Photo check is not required. Just verify that a badge is legitimate. The vulnerability becomes the ability to source and print a badge that will pass inspection, which raises the bar significantly.
                    – schroeder
                    Nov 28 at 11:55








                  • 2




                    "Oh, the event has already started? I reeeeally need to get in! Here's my legit barcode. You can skip the photo check, okay? Okay! Bye!!"
                    – Tom K.
                    Nov 28 at 13:23










                  • @schroeder Depends on if "sharing" badges is considered a problem. (Or, if this is a heist novel, knocking someone out for 8+ hours and "borrowing" theirs.)
                    – user3067860
                    Nov 28 at 14:45














                  • 4




                    Photo check is not required. Just verify that a badge is legitimate. The vulnerability becomes the ability to source and print a badge that will pass inspection, which raises the bar significantly.
                    – schroeder
                    Nov 28 at 11:55








                  • 2




                    "Oh, the event has already started? I reeeeally need to get in! Here's my legit barcode. You can skip the photo check, okay? Okay! Bye!!"
                    – Tom K.
                    Nov 28 at 13:23










                  • @schroeder Depends on if "sharing" badges is considered a problem. (Or, if this is a heist novel, knocking someone out for 8+ hours and "borrowing" theirs.)
                    – user3067860
                    Nov 28 at 14:45








                  4




                  4




                  Photo check is not required. Just verify that a badge is legitimate. The vulnerability becomes the ability to source and print a badge that will pass inspection, which raises the bar significantly.
                  – schroeder
                  Nov 28 at 11:55






                  Photo check is not required. Just verify that a badge is legitimate. The vulnerability becomes the ability to source and print a badge that will pass inspection, which raises the bar significantly.
                  – schroeder
                  Nov 28 at 11:55






                  2




                  2




                  "Oh, the event has already started? I reeeeally need to get in! Here's my legit barcode. You can skip the photo check, okay? Okay! Bye!!"
                  – Tom K.
                  Nov 28 at 13:23




                  "Oh, the event has already started? I reeeeally need to get in! Here's my legit barcode. You can skip the photo check, okay? Okay! Bye!!"
                  – Tom K.
                  Nov 28 at 13:23












                  @schroeder Depends on if "sharing" badges is considered a problem. (Or, if this is a heist novel, knocking someone out for 8+ hours and "borrowing" theirs.)
                  – user3067860
                  Nov 28 at 14:45




                  @schroeder Depends on if "sharing" badges is considered a problem. (Or, if this is a heist novel, knocking someone out for 8+ hours and "borrowing" theirs.)
                  – user3067860
                  Nov 28 at 14:45










                  up vote
                  17
                  down vote













                  You can’t, because as long as both a human and a barcode scanner needs to be able to see the whole thing, so can a camera and copier.



                  A barcode is no different than printing a string of text, except a machine can read it faster. Security-wise it adds no protection.



                  This issue might not be part of the threat model — have you checked that?






                  share|improve this answer

















                  • 8




                    Indeed. The organisers will have to decide which is more of a threat to their tight budget: spending more on useful ID cards, or risking someone photographing a card, reprinting it, entering the event and then drinking all the champagne themselves (is this likely?)
                    – Lightness Races in Orbit
                    Nov 28 at 10:42






                  • 16




                    @forest I think you misunderstood me. It's a common way to perform an attack, yes. But will it be likely for someone to attack this event in this way for the purpose of ... doing what? What would be their goal? What resources are at risk? Is it a champagne reception? If so, can they even really possibly drink enough to harm you to the extent that it's economical to spend a ton of money on NFC hard passes? Of course you don't want uninviteds at your party but you have to apply balance when deciding what to spend on mitigation.
                    – Lightness Races in Orbit
                    Nov 28 at 10:45








                  • 3




                    .. OP says they can't afford secure passes so the [IMO low] risk in this case is probably worth it from that perspective. Any possible financial losses are not likely to cost as much as the technology that they can't afford.
                    – Lightness Races in Orbit
                    Nov 28 at 10:47








                  • 1




                    @Konchog Indeed!
                    – Lightness Races in Orbit
                    Nov 28 at 12:16






                  • 12




                    @Konchog People who want to protect high-value things without spending money on it always remind me of the old saying "If you've got a $5 head buy a $5 helmet" :D
                    – motosubatsu
                    Nov 28 at 12:36















                  up vote
                  17
                  down vote













                  You can’t, because as long as both a human and a barcode scanner needs to be able to see the whole thing, so can a camera and copier.



                  A barcode is no different than printing a string of text, except a machine can read it faster. Security-wise it adds no protection.



                  This issue might not be part of the threat model — have you checked that?






                  share|improve this answer

















                  • 8




                    Indeed. The organisers will have to decide which is more of a threat to their tight budget: spending more on useful ID cards, or risking someone photographing a card, reprinting it, entering the event and then drinking all the champagne themselves (is this likely?)
                    – Lightness Races in Orbit
                    Nov 28 at 10:42






                  • 16




                    @forest I think you misunderstood me. It's a common way to perform an attack, yes. But will it be likely for someone to attack this event in this way for the purpose of ... doing what? What would be their goal? What resources are at risk? Is it a champagne reception? If so, can they even really possibly drink enough to harm you to the extent that it's economical to spend a ton of money on NFC hard passes? Of course you don't want uninviteds at your party but you have to apply balance when deciding what to spend on mitigation.
                    – Lightness Races in Orbit
                    Nov 28 at 10:45








                  • 3




                    .. OP says they can't afford secure passes so the [IMO low] risk in this case is probably worth it from that perspective. Any possible financial losses are not likely to cost as much as the technology that they can't afford.
                    – Lightness Races in Orbit
                    Nov 28 at 10:47








                  • 1




                    @Konchog Indeed!
                    – Lightness Races in Orbit
                    Nov 28 at 12:16






                  • 12




                    @Konchog People who want to protect high-value things without spending money on it always remind me of the old saying "If you've got a $5 head buy a $5 helmet" :D
                    – motosubatsu
                    Nov 28 at 12:36













                  up vote
                  17
                  down vote










                  up vote
                  17
                  down vote









                  You can’t, because as long as both a human and a barcode scanner needs to be able to see the whole thing, so can a camera and copier.



                  A barcode is no different than printing a string of text, except a machine can read it faster. Security-wise it adds no protection.



                  This issue might not be part of the threat model — have you checked that?






                  share|improve this answer












                  You can’t, because as long as both a human and a barcode scanner needs to be able to see the whole thing, so can a camera and copier.



                  A barcode is no different than printing a string of text, except a machine can read it faster. Security-wise it adds no protection.



                  This issue might not be part of the threat model — have you checked that?







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Nov 28 at 9:42









                  John Keates

                  62236




                  62236








                  • 8




                    Indeed. The organisers will have to decide which is more of a threat to their tight budget: spending more on useful ID cards, or risking someone photographing a card, reprinting it, entering the event and then drinking all the champagne themselves (is this likely?)
                    – Lightness Races in Orbit
                    Nov 28 at 10:42






                  • 16




                    @forest I think you misunderstood me. It's a common way to perform an attack, yes. But will it be likely for someone to attack this event in this way for the purpose of ... doing what? What would be their goal? What resources are at risk? Is it a champagne reception? If so, can they even really possibly drink enough to harm you to the extent that it's economical to spend a ton of money on NFC hard passes? Of course you don't want uninviteds at your party but you have to apply balance when deciding what to spend on mitigation.
                    – Lightness Races in Orbit
                    Nov 28 at 10:45








                  • 3




                    .. OP says they can't afford secure passes so the [IMO low] risk in this case is probably worth it from that perspective. Any possible financial losses are not likely to cost as much as the technology that they can't afford.
                    – Lightness Races in Orbit
                    Nov 28 at 10:47








                  • 1




                    @Konchog Indeed!
                    – Lightness Races in Orbit
                    Nov 28 at 12:16






                  • 12




                    @Konchog People who want to protect high-value things without spending money on it always remind me of the old saying "If you've got a $5 head buy a $5 helmet" :D
                    – motosubatsu
                    Nov 28 at 12:36














                  • 8




                    Indeed. The organisers will have to decide which is more of a threat to their tight budget: spending more on useful ID cards, or risking someone photographing a card, reprinting it, entering the event and then drinking all the champagne themselves (is this likely?)
                    – Lightness Races in Orbit
                    Nov 28 at 10:42






                  • 16




                    @forest I think you misunderstood me. It's a common way to perform an attack, yes. But will it be likely for someone to attack this event in this way for the purpose of ... doing what? What would be their goal? What resources are at risk? Is it a champagne reception? If so, can they even really possibly drink enough to harm you to the extent that it's economical to spend a ton of money on NFC hard passes? Of course you don't want uninviteds at your party but you have to apply balance when deciding what to spend on mitigation.
                    – Lightness Races in Orbit
                    Nov 28 at 10:45








                  • 3




                    .. OP says they can't afford secure passes so the [IMO low] risk in this case is probably worth it from that perspective. Any possible financial losses are not likely to cost as much as the technology that they can't afford.
                    – Lightness Races in Orbit
                    Nov 28 at 10:47








                  • 1




                    @Konchog Indeed!
                    – Lightness Races in Orbit
                    Nov 28 at 12:16






                  • 12




                    @Konchog People who want to protect high-value things without spending money on it always remind me of the old saying "If you've got a $5 head buy a $5 helmet" :D
                    – motosubatsu
                    Nov 28 at 12:36








                  8




                  8




                  Indeed. The organisers will have to decide which is more of a threat to their tight budget: spending more on useful ID cards, or risking someone photographing a card, reprinting it, entering the event and then drinking all the champagne themselves (is this likely?)
                  – Lightness Races in Orbit
                  Nov 28 at 10:42




                  Indeed. The organisers will have to decide which is more of a threat to their tight budget: spending more on useful ID cards, or risking someone photographing a card, reprinting it, entering the event and then drinking all the champagne themselves (is this likely?)
                  – Lightness Races in Orbit
                  Nov 28 at 10:42




                  16




                  16




                  @forest I think you misunderstood me. It's a common way to perform an attack, yes. But will it be likely for someone to attack this event in this way for the purpose of ... doing what? What would be their goal? What resources are at risk? Is it a champagne reception? If so, can they even really possibly drink enough to harm you to the extent that it's economical to spend a ton of money on NFC hard passes? Of course you don't want uninviteds at your party but you have to apply balance when deciding what to spend on mitigation.
                  – Lightness Races in Orbit
                  Nov 28 at 10:45






                  @forest I think you misunderstood me. It's a common way to perform an attack, yes. But will it be likely for someone to attack this event in this way for the purpose of ... doing what? What would be their goal? What resources are at risk? Is it a champagne reception? If so, can they even really possibly drink enough to harm you to the extent that it's economical to spend a ton of money on NFC hard passes? Of course you don't want uninviteds at your party but you have to apply balance when deciding what to spend on mitigation.
                  – Lightness Races in Orbit
                  Nov 28 at 10:45






                  3




                  3




                  .. OP says they can't afford secure passes so the [IMO low] risk in this case is probably worth it from that perspective. Any possible financial losses are not likely to cost as much as the technology that they can't afford.
                  – Lightness Races in Orbit
                  Nov 28 at 10:47






                  .. OP says they can't afford secure passes so the [IMO low] risk in this case is probably worth it from that perspective. Any possible financial losses are not likely to cost as much as the technology that they can't afford.
                  – Lightness Races in Orbit
                  Nov 28 at 10:47






                  1




                  1




                  @Konchog Indeed!
                  – Lightness Races in Orbit
                  Nov 28 at 12:16




                  @Konchog Indeed!
                  – Lightness Races in Orbit
                  Nov 28 at 12:16




                  12




                  12




                  @Konchog People who want to protect high-value things without spending money on it always remind me of the old saying "If you've got a $5 head buy a $5 helmet" :D
                  – motosubatsu
                  Nov 28 at 12:36




                  @Konchog People who want to protect high-value things without spending money on it always remind me of the old saying "If you've got a $5 head buy a $5 helmet" :D
                  – motosubatsu
                  Nov 28 at 12:36










                  up vote
                  15
                  down vote













                  Is NFC really too expensive? I found a 50-pack of MiFARE NFC stickers for $13.20, making them < $0.27 per attendee; if you plan on 500 attendees, that's $132 which really isn't that much in the scheme of a catered event of that scale. If you can manage to swing $0.89 per attendee, you can actually get inkjet-printable MiFARE cards, saving the step of printing and separately applying a sticker (though you'd have to have a flat-paper-path printer that the cards could be fed through).



                  Since NFC can't be photographed, it can't be easily duplicated, but tags are easily read by any smartphone and a variety of other devices, and are often less finicky. For example, if the badge is in a plastic holder, a barcode scanner might pick up too much reflected ambient light to be able to read the barcode, and the person would have to tilt it this way and that (pausing a bit each time to give the scanner time to focus), hoping to reduce the glare enough for the scanner to read the code; with NFC, just pressing the card against the reader and maybe wiggling it around a bit until you hit the sweet spot. By the 10th or 15th scan, the security person should have a pretty good clue where the sweet spot is and be able to scan almost instantaneously from there on out.



                  EDIT1: Even basic, cheap non-cryptographic NFC tags programmed with simple ID numbers are more difficult to duplicate -- you need to either have close proximity access to a tag (generally less than a foot). This makes them significantly more difficult to clone than a barcode that can be captured by a decent camera from several feet away or across the room or further with a good DSLR and zoom lens. Optimum read range on NFC chips is based on the loop antenna radius of the chip: the radius divided by ~1.414. On a 2"x3.5" NFC card the radius can't be more than 1 inch (2.54cm) since the loop's antenna can't be more than 2 inches in diameter, giving us an "optimum" read range of just under 2cm (less than an inch). Even with a powerful reader, I seriously doubt you're going to be able to read the tags at distances greater than a foot.



                  EDIT2: As @Falco pointed out in the comments below, if you print a barcode on the badge too, a potential ne'er-do-well might not even realize there's an NFC tag and attempt to just clone the barcode... but of course their counterfeit badge wouldn't scan with NFC, exposing it as a fake.






                  share|improve this answer



















                  • 2




                    "it can't be easily duplicated, but tags are easily read" - That doesn't make sense. If you can read it, you can duplicate it.
                    – AndrolGenhald
                    Nov 28 at 22:08






                  • 11




                    @AndrolGenhald: not necessarily, higher security NFC Smartcards uses cryptography to sign a challenge-response protocol. These type of tags are essentially impossible to duplicate without breaking the physical enclosure of the original tag, and the physical enclosure are often rigged to destroy the signing key if it's tampered with. These types of tags aren't as cheap as the static passive tags though.
                    – Lie Ryan
                    Nov 28 at 23:07






                  • 1




                    @LieRyan I suppose "tags are easily read" is a bit ambiguous, I wouldn't call authenticating with a smartcard "reading" it, as you're sending it data to sign and checking the response, but I guess you could still call it that. Smartcards are likely too expensive for OP though, which is probably why they specifically rule out NFC.
                    – AndrolGenhald
                    Nov 29 at 0:30






                  • 3




                    NFC stickers are not expensive - and NFC scanners are getting far more affordable. However, when this was last tried out it did not work so well - there were problems with the scanners at that time (which may well have been an upsteam issue). Also, there were problems with getting NFC embedded cards printed on time, and then matching each NFC identity with the system identity without pre-printing identity details. The client may revisit NFC at some point - but we are told that they are staying with EAN13 scanners for the time being..
                    – Konchog
                    Nov 29 at 7:25








                  • 3




                    At a one shot event obscurity can be used as a valid strategy to increase security. Printing Barcodes on the NFC-Tagged cards will lead many potential threats to try and copy the barcodes before realizing NFC-Equipment might be necessary.
                    – Falco
                    Nov 29 at 13:49















                  up vote
                  15
                  down vote













                  Is NFC really too expensive? I found a 50-pack of MiFARE NFC stickers for $13.20, making them < $0.27 per attendee; if you plan on 500 attendees, that's $132 which really isn't that much in the scheme of a catered event of that scale. If you can manage to swing $0.89 per attendee, you can actually get inkjet-printable MiFARE cards, saving the step of printing and separately applying a sticker (though you'd have to have a flat-paper-path printer that the cards could be fed through).



                  Since NFC can't be photographed, it can't be easily duplicated, but tags are easily read by any smartphone and a variety of other devices, and are often less finicky. For example, if the badge is in a plastic holder, a barcode scanner might pick up too much reflected ambient light to be able to read the barcode, and the person would have to tilt it this way and that (pausing a bit each time to give the scanner time to focus), hoping to reduce the glare enough for the scanner to read the code; with NFC, just pressing the card against the reader and maybe wiggling it around a bit until you hit the sweet spot. By the 10th or 15th scan, the security person should have a pretty good clue where the sweet spot is and be able to scan almost instantaneously from there on out.



                  EDIT1: Even basic, cheap non-cryptographic NFC tags programmed with simple ID numbers are more difficult to duplicate -- you need to either have close proximity access to a tag (generally less than a foot). This makes them significantly more difficult to clone than a barcode that can be captured by a decent camera from several feet away or across the room or further with a good DSLR and zoom lens. Optimum read range on NFC chips is based on the loop antenna radius of the chip: the radius divided by ~1.414. On a 2"x3.5" NFC card the radius can't be more than 1 inch (2.54cm) since the loop's antenna can't be more than 2 inches in diameter, giving us an "optimum" read range of just under 2cm (less than an inch). Even with a powerful reader, I seriously doubt you're going to be able to read the tags at distances greater than a foot.



                  EDIT2: As @Falco pointed out in the comments below, if you print a barcode on the badge too, a potential ne'er-do-well might not even realize there's an NFC tag and attempt to just clone the barcode... but of course their counterfeit badge wouldn't scan with NFC, exposing it as a fake.






                  share|improve this answer



















                  • 2




                    "it can't be easily duplicated, but tags are easily read" - That doesn't make sense. If you can read it, you can duplicate it.
                    – AndrolGenhald
                    Nov 28 at 22:08






                  • 11




                    @AndrolGenhald: not necessarily, higher security NFC Smartcards uses cryptography to sign a challenge-response protocol. These type of tags are essentially impossible to duplicate without breaking the physical enclosure of the original tag, and the physical enclosure are often rigged to destroy the signing key if it's tampered with. These types of tags aren't as cheap as the static passive tags though.
                    – Lie Ryan
                    Nov 28 at 23:07






                  • 1




                    @LieRyan I suppose "tags are easily read" is a bit ambiguous, I wouldn't call authenticating with a smartcard "reading" it, as you're sending it data to sign and checking the response, but I guess you could still call it that. Smartcards are likely too expensive for OP though, which is probably why they specifically rule out NFC.
                    – AndrolGenhald
                    Nov 29 at 0:30






                  • 3




                    NFC stickers are not expensive - and NFC scanners are getting far more affordable. However, when this was last tried out it did not work so well - there were problems with the scanners at that time (which may well have been an upsteam issue). Also, there were problems with getting NFC embedded cards printed on time, and then matching each NFC identity with the system identity without pre-printing identity details. The client may revisit NFC at some point - but we are told that they are staying with EAN13 scanners for the time being..
                    – Konchog
                    Nov 29 at 7:25








                  • 3




                    At a one shot event obscurity can be used as a valid strategy to increase security. Printing Barcodes on the NFC-Tagged cards will lead many potential threats to try and copy the barcodes before realizing NFC-Equipment might be necessary.
                    – Falco
                    Nov 29 at 13:49













                  up vote
                  15
                  down vote










                  up vote
                  15
                  down vote









                  Is NFC really too expensive? I found a 50-pack of MiFARE NFC stickers for $13.20, making them < $0.27 per attendee; if you plan on 500 attendees, that's $132 which really isn't that much in the scheme of a catered event of that scale. If you can manage to swing $0.89 per attendee, you can actually get inkjet-printable MiFARE cards, saving the step of printing and separately applying a sticker (though you'd have to have a flat-paper-path printer that the cards could be fed through).



                  Since NFC can't be photographed, it can't be easily duplicated, but tags are easily read by any smartphone and a variety of other devices, and are often less finicky. For example, if the badge is in a plastic holder, a barcode scanner might pick up too much reflected ambient light to be able to read the barcode, and the person would have to tilt it this way and that (pausing a bit each time to give the scanner time to focus), hoping to reduce the glare enough for the scanner to read the code; with NFC, just pressing the card against the reader and maybe wiggling it around a bit until you hit the sweet spot. By the 10th or 15th scan, the security person should have a pretty good clue where the sweet spot is and be able to scan almost instantaneously from there on out.



                  EDIT1: Even basic, cheap non-cryptographic NFC tags programmed with simple ID numbers are more difficult to duplicate -- you need to either have close proximity access to a tag (generally less than a foot). This makes them significantly more difficult to clone than a barcode that can be captured by a decent camera from several feet away or across the room or further with a good DSLR and zoom lens. Optimum read range on NFC chips is based on the loop antenna radius of the chip: the radius divided by ~1.414. On a 2"x3.5" NFC card the radius can't be more than 1 inch (2.54cm) since the loop's antenna can't be more than 2 inches in diameter, giving us an "optimum" read range of just under 2cm (less than an inch). Even with a powerful reader, I seriously doubt you're going to be able to read the tags at distances greater than a foot.



                  EDIT2: As @Falco pointed out in the comments below, if you print a barcode on the badge too, a potential ne'er-do-well might not even realize there's an NFC tag and attempt to just clone the barcode... but of course their counterfeit badge wouldn't scan with NFC, exposing it as a fake.






                  share|improve this answer














                  Is NFC really too expensive? I found a 50-pack of MiFARE NFC stickers for $13.20, making them < $0.27 per attendee; if you plan on 500 attendees, that's $132 which really isn't that much in the scheme of a catered event of that scale. If you can manage to swing $0.89 per attendee, you can actually get inkjet-printable MiFARE cards, saving the step of printing and separately applying a sticker (though you'd have to have a flat-paper-path printer that the cards could be fed through).



                  Since NFC can't be photographed, it can't be easily duplicated, but tags are easily read by any smartphone and a variety of other devices, and are often less finicky. For example, if the badge is in a plastic holder, a barcode scanner might pick up too much reflected ambient light to be able to read the barcode, and the person would have to tilt it this way and that (pausing a bit each time to give the scanner time to focus), hoping to reduce the glare enough for the scanner to read the code; with NFC, just pressing the card against the reader and maybe wiggling it around a bit until you hit the sweet spot. By the 10th or 15th scan, the security person should have a pretty good clue where the sweet spot is and be able to scan almost instantaneously from there on out.



                  EDIT1: Even basic, cheap non-cryptographic NFC tags programmed with simple ID numbers are more difficult to duplicate -- you need to either have close proximity access to a tag (generally less than a foot). This makes them significantly more difficult to clone than a barcode that can be captured by a decent camera from several feet away or across the room or further with a good DSLR and zoom lens. Optimum read range on NFC chips is based on the loop antenna radius of the chip: the radius divided by ~1.414. On a 2"x3.5" NFC card the radius can't be more than 1 inch (2.54cm) since the loop's antenna can't be more than 2 inches in diameter, giving us an "optimum" read range of just under 2cm (less than an inch). Even with a powerful reader, I seriously doubt you're going to be able to read the tags at distances greater than a foot.



                  EDIT2: As @Falco pointed out in the comments below, if you print a barcode on the badge too, a potential ne'er-do-well might not even realize there's an NFC tag and attempt to just clone the barcode... but of course their counterfeit badge wouldn't scan with NFC, exposing it as a fake.







                  share|improve this answer














                  share|improve this answer



                  share|improve this answer








                  edited Nov 29 at 17:41

























                  answered Nov 28 at 21:31









                  Doktor J

                  28826




                  28826








                  • 2




                    "it can't be easily duplicated, but tags are easily read" - That doesn't make sense. If you can read it, you can duplicate it.
                    – AndrolGenhald
                    Nov 28 at 22:08






                  • 11




                    @AndrolGenhald: not necessarily, higher security NFC Smartcards uses cryptography to sign a challenge-response protocol. These type of tags are essentially impossible to duplicate without breaking the physical enclosure of the original tag, and the physical enclosure are often rigged to destroy the signing key if it's tampered with. These types of tags aren't as cheap as the static passive tags though.
                    – Lie Ryan
                    Nov 28 at 23:07






                  • 1




                    @LieRyan I suppose "tags are easily read" is a bit ambiguous, I wouldn't call authenticating with a smartcard "reading" it, as you're sending it data to sign and checking the response, but I guess you could still call it that. Smartcards are likely too expensive for OP though, which is probably why they specifically rule out NFC.
                    – AndrolGenhald
                    Nov 29 at 0:30






                  • 3




                    NFC stickers are not expensive - and NFC scanners are getting far more affordable. However, when this was last tried out it did not work so well - there were problems with the scanners at that time (which may well have been an upsteam issue). Also, there were problems with getting NFC embedded cards printed on time, and then matching each NFC identity with the system identity without pre-printing identity details. The client may revisit NFC at some point - but we are told that they are staying with EAN13 scanners for the time being..
                    – Konchog
                    Nov 29 at 7:25








                  • 3




                    At a one shot event obscurity can be used as a valid strategy to increase security. Printing Barcodes on the NFC-Tagged cards will lead many potential threats to try and copy the barcodes before realizing NFC-Equipment might be necessary.
                    – Falco
                    Nov 29 at 13:49














                  • 2




                    "it can't be easily duplicated, but tags are easily read" - That doesn't make sense. If you can read it, you can duplicate it.
                    – AndrolGenhald
                    Nov 28 at 22:08






                  • 11




                    @AndrolGenhald: not necessarily, higher security NFC Smartcards uses cryptography to sign a challenge-response protocol. These type of tags are essentially impossible to duplicate without breaking the physical enclosure of the original tag, and the physical enclosure are often rigged to destroy the signing key if it's tampered with. These types of tags aren't as cheap as the static passive tags though.
                    – Lie Ryan
                    Nov 28 at 23:07






                  • 1




                    @LieRyan I suppose "tags are easily read" is a bit ambiguous, I wouldn't call authenticating with a smartcard "reading" it, as you're sending it data to sign and checking the response, but I guess you could still call it that. Smartcards are likely too expensive for OP though, which is probably why they specifically rule out NFC.
                    – AndrolGenhald
                    Nov 29 at 0:30






                  • 3




                    NFC stickers are not expensive - and NFC scanners are getting far more affordable. However, when this was last tried out it did not work so well - there were problems with the scanners at that time (which may well have been an upsteam issue). Also, there were problems with getting NFC embedded cards printed on time, and then matching each NFC identity with the system identity without pre-printing identity details. The client may revisit NFC at some point - but we are told that they are staying with EAN13 scanners for the time being..
                    – Konchog
                    Nov 29 at 7:25








                  • 3




                    At a one shot event obscurity can be used as a valid strategy to increase security. Printing Barcodes on the NFC-Tagged cards will lead many potential threats to try and copy the barcodes before realizing NFC-Equipment might be necessary.
                    – Falco
                    Nov 29 at 13:49








                  2




                  2




                  "it can't be easily duplicated, but tags are easily read" - That doesn't make sense. If you can read it, you can duplicate it.
                  – AndrolGenhald
                  Nov 28 at 22:08




                  "it can't be easily duplicated, but tags are easily read" - That doesn't make sense. If you can read it, you can duplicate it.
                  – AndrolGenhald
                  Nov 28 at 22:08




                  11




                  11




                  @AndrolGenhald: not necessarily, higher security NFC Smartcards uses cryptography to sign a challenge-response protocol. These type of tags are essentially impossible to duplicate without breaking the physical enclosure of the original tag, and the physical enclosure are often rigged to destroy the signing key if it's tampered with. These types of tags aren't as cheap as the static passive tags though.
                  – Lie Ryan
                  Nov 28 at 23:07




                  @AndrolGenhald: not necessarily, higher security NFC Smartcards uses cryptography to sign a challenge-response protocol. These type of tags are essentially impossible to duplicate without breaking the physical enclosure of the original tag, and the physical enclosure are often rigged to destroy the signing key if it's tampered with. These types of tags aren't as cheap as the static passive tags though.
                  – Lie Ryan
                  Nov 28 at 23:07




                  1




                  1




                  @LieRyan I suppose "tags are easily read" is a bit ambiguous, I wouldn't call authenticating with a smartcard "reading" it, as you're sending it data to sign and checking the response, but I guess you could still call it that. Smartcards are likely too expensive for OP though, which is probably why they specifically rule out NFC.
                  – AndrolGenhald
                  Nov 29 at 0:30




                  @LieRyan I suppose "tags are easily read" is a bit ambiguous, I wouldn't call authenticating with a smartcard "reading" it, as you're sending it data to sign and checking the response, but I guess you could still call it that. Smartcards are likely too expensive for OP though, which is probably why they specifically rule out NFC.
                  – AndrolGenhald
                  Nov 29 at 0:30




                  3




                  3




                  NFC stickers are not expensive - and NFC scanners are getting far more affordable. However, when this was last tried out it did not work so well - there were problems with the scanners at that time (which may well have been an upsteam issue). Also, there were problems with getting NFC embedded cards printed on time, and then matching each NFC identity with the system identity without pre-printing identity details. The client may revisit NFC at some point - but we are told that they are staying with EAN13 scanners for the time being..
                  – Konchog
                  Nov 29 at 7:25






                  NFC stickers are not expensive - and NFC scanners are getting far more affordable. However, when this was last tried out it did not work so well - there were problems with the scanners at that time (which may well have been an upsteam issue). Also, there were problems with getting NFC embedded cards printed on time, and then matching each NFC identity with the system identity without pre-printing identity details. The client may revisit NFC at some point - but we are told that they are staying with EAN13 scanners for the time being..
                  – Konchog
                  Nov 29 at 7:25






                  3




                  3




                  At a one shot event obscurity can be used as a valid strategy to increase security. Printing Barcodes on the NFC-Tagged cards will lead many potential threats to try and copy the barcodes before realizing NFC-Equipment might be necessary.
                  – Falco
                  Nov 29 at 13:49




                  At a one shot event obscurity can be used as a valid strategy to increase security. Printing Barcodes on the NFC-Tagged cards will lead many potential threats to try and copy the barcodes before realizing NFC-Equipment might be necessary.
                  – Falco
                  Nov 29 at 13:49










                  up vote
                  11
                  down vote













                  Not sure how you are planning to carry the id cards, whether hung directly from the lanyard with a simple hole punched through the card or if in a carrier or plastic wallet hung from the lanyard.



                  If you use the clear wallet style of carrier you could have something printed, or a sticker applied, on the outside that covers the area of the barcode but leaving the photo and other identifying information visible to human readers, make sure this is on both sides if there in case the card is placed in the carrier reversed. This would mean a 'drive by' photo of someone would not reveal the barcode at all. The card would have to be removed, or moved within the carrier, for scanning the barcode however.



                  If using a more substantial plastic carrier print the barcode on the reverse of the card ensuring it is obscured from view while in the carrier.






                  share|improve this answer

























                    up vote
                    11
                    down vote













                    Not sure how you are planning to carry the id cards, whether hung directly from the lanyard with a simple hole punched through the card or if in a carrier or plastic wallet hung from the lanyard.



                    If you use the clear wallet style of carrier you could have something printed, or a sticker applied, on the outside that covers the area of the barcode but leaving the photo and other identifying information visible to human readers, make sure this is on both sides if there in case the card is placed in the carrier reversed. This would mean a 'drive by' photo of someone would not reveal the barcode at all. The card would have to be removed, or moved within the carrier, for scanning the barcode however.



                    If using a more substantial plastic carrier print the barcode on the reverse of the card ensuring it is obscured from view while in the carrier.






                    share|improve this answer























                      up vote
                      11
                      down vote










                      up vote
                      11
                      down vote









                      Not sure how you are planning to carry the id cards, whether hung directly from the lanyard with a simple hole punched through the card or if in a carrier or plastic wallet hung from the lanyard.



                      If you use the clear wallet style of carrier you could have something printed, or a sticker applied, on the outside that covers the area of the barcode but leaving the photo and other identifying information visible to human readers, make sure this is on both sides if there in case the card is placed in the carrier reversed. This would mean a 'drive by' photo of someone would not reveal the barcode at all. The card would have to be removed, or moved within the carrier, for scanning the barcode however.



                      If using a more substantial plastic carrier print the barcode on the reverse of the card ensuring it is obscured from view while in the carrier.






                      share|improve this answer












                      Not sure how you are planning to carry the id cards, whether hung directly from the lanyard with a simple hole punched through the card or if in a carrier or plastic wallet hung from the lanyard.



                      If you use the clear wallet style of carrier you could have something printed, or a sticker applied, on the outside that covers the area of the barcode but leaving the photo and other identifying information visible to human readers, make sure this is on both sides if there in case the card is placed in the carrier reversed. This would mean a 'drive by' photo of someone would not reveal the barcode at all. The card would have to be removed, or moved within the carrier, for scanning the barcode however.



                      If using a more substantial plastic carrier print the barcode on the reverse of the card ensuring it is obscured from view while in the carrier.







                      share|improve this answer












                      share|improve this answer



                      share|improve this answer










                      answered Nov 28 at 13:59









                      GeeTee

                      1112




                      1112






















                          up vote
                          5
                          down vote













                          One thing you could do that's been a staple of anti-counterfeiting for millenia is to introduce a deliberate flaw into your barcode that causes it to read, for example, the last two characters "incorrectly." Make it look like an accidental misprint of the card.



                          You then instruct your scanner/software to ignore the error and pass you the data anyway, leaving out the invalid bits.



                          Someone forging cards will likely assume that their photograph was imperfect or that they got a smudged card and manually correct the "error".



                          Your software can then notice that it's being sent the "this card is a forgery" code and alert security.



                          This is not the best security mechanism as it depends on an attacker both not knowing what you're doing and not just blindly copying the card without checking that it printed correctly.



                          Pair this with some kind of watermarking. Either a literal watermark if you're using a paper card, or say stamping all the cards with an additional code that only shows up under UV light.



                          If you stamp on a QR code, building a scanner that consists of a box with a slot in the front containing a camera and a UV lamp would be the work of an afternoon. Pipe it to the QR reader program of your choice. As long as you manage to keep the presence of the watermark a secret it should be nearly impossible for anyone to forge a card.






                          share|improve this answer

























                            up vote
                            5
                            down vote













                            One thing you could do that's been a staple of anti-counterfeiting for millenia is to introduce a deliberate flaw into your barcode that causes it to read, for example, the last two characters "incorrectly." Make it look like an accidental misprint of the card.



                            You then instruct your scanner/software to ignore the error and pass you the data anyway, leaving out the invalid bits.



                            Someone forging cards will likely assume that their photograph was imperfect or that they got a smudged card and manually correct the "error".



                            Your software can then notice that it's being sent the "this card is a forgery" code and alert security.



                            This is not the best security mechanism as it depends on an attacker both not knowing what you're doing and not just blindly copying the card without checking that it printed correctly.



                            Pair this with some kind of watermarking. Either a literal watermark if you're using a paper card, or say stamping all the cards with an additional code that only shows up under UV light.



                            If you stamp on a QR code, building a scanner that consists of a box with a slot in the front containing a camera and a UV lamp would be the work of an afternoon. Pipe it to the QR reader program of your choice. As long as you manage to keep the presence of the watermark a secret it should be nearly impossible for anyone to forge a card.






                            share|improve this answer























                              up vote
                              5
                              down vote










                              up vote
                              5
                              down vote









                              One thing you could do that's been a staple of anti-counterfeiting for millenia is to introduce a deliberate flaw into your barcode that causes it to read, for example, the last two characters "incorrectly." Make it look like an accidental misprint of the card.



                              You then instruct your scanner/software to ignore the error and pass you the data anyway, leaving out the invalid bits.



                              Someone forging cards will likely assume that their photograph was imperfect or that they got a smudged card and manually correct the "error".



                              Your software can then notice that it's being sent the "this card is a forgery" code and alert security.



                              This is not the best security mechanism as it depends on an attacker both not knowing what you're doing and not just blindly copying the card without checking that it printed correctly.



                              Pair this with some kind of watermarking. Either a literal watermark if you're using a paper card, or say stamping all the cards with an additional code that only shows up under UV light.



                              If you stamp on a QR code, building a scanner that consists of a box with a slot in the front containing a camera and a UV lamp would be the work of an afternoon. Pipe it to the QR reader program of your choice. As long as you manage to keep the presence of the watermark a secret it should be nearly impossible for anyone to forge a card.






                              share|improve this answer












                              One thing you could do that's been a staple of anti-counterfeiting for millenia is to introduce a deliberate flaw into your barcode that causes it to read, for example, the last two characters "incorrectly." Make it look like an accidental misprint of the card.



                              You then instruct your scanner/software to ignore the error and pass you the data anyway, leaving out the invalid bits.



                              Someone forging cards will likely assume that their photograph was imperfect or that they got a smudged card and manually correct the "error".



                              Your software can then notice that it's being sent the "this card is a forgery" code and alert security.



                              This is not the best security mechanism as it depends on an attacker both not knowing what you're doing and not just blindly copying the card without checking that it printed correctly.



                              Pair this with some kind of watermarking. Either a literal watermark if you're using a paper card, or say stamping all the cards with an additional code that only shows up under UV light.



                              If you stamp on a QR code, building a scanner that consists of a box with a slot in the front containing a camera and a UV lamp would be the work of an afternoon. Pipe it to the QR reader program of your choice. As long as you manage to keep the presence of the watermark a secret it should be nearly impossible for anyone to forge a card.







                              share|improve this answer












                              share|improve this answer



                              share|improve this answer










                              answered Nov 28 at 19:05









                              Perkins

                              1693




                              1693






















                                  up vote
                                  5
                                  down vote













                                  Yes, there is a way to do it*



                                  Use fluorescent materials for the barcode itself, making it so that duplication cannot be done by photograph without ruining the duplicate's "invisibility", which distinguishes fakes. Modern ID cards use this.



                                  *This only works for polycarbonate cards, not PVC. Unfortunately, this may not fit your client's budget.






                                  share|improve this answer

















                                  • 2




                                    Simple trick to make a document copy-evident: use flourescent highlighter pens on it. Color photocopiers will copy the apparent colour but not the flourescent property, usually causing the copy to look different.
                                    – rackandboneman
                                    Nov 30 at 20:49















                                  up vote
                                  5
                                  down vote













                                  Yes, there is a way to do it*



                                  Use fluorescent materials for the barcode itself, making it so that duplication cannot be done by photograph without ruining the duplicate's "invisibility", which distinguishes fakes. Modern ID cards use this.



                                  *This only works for polycarbonate cards, not PVC. Unfortunately, this may not fit your client's budget.






                                  share|improve this answer

















                                  • 2




                                    Simple trick to make a document copy-evident: use flourescent highlighter pens on it. Color photocopiers will copy the apparent colour but not the flourescent property, usually causing the copy to look different.
                                    – rackandboneman
                                    Nov 30 at 20:49













                                  up vote
                                  5
                                  down vote










                                  up vote
                                  5
                                  down vote









                                  Yes, there is a way to do it*



                                  Use fluorescent materials for the barcode itself, making it so that duplication cannot be done by photograph without ruining the duplicate's "invisibility", which distinguishes fakes. Modern ID cards use this.



                                  *This only works for polycarbonate cards, not PVC. Unfortunately, this may not fit your client's budget.






                                  share|improve this answer












                                  Yes, there is a way to do it*



                                  Use fluorescent materials for the barcode itself, making it so that duplication cannot be done by photograph without ruining the duplicate's "invisibility", which distinguishes fakes. Modern ID cards use this.



                                  *This only works for polycarbonate cards, not PVC. Unfortunately, this may not fit your client's budget.







                                  share|improve this answer












                                  share|improve this answer



                                  share|improve this answer










                                  answered Nov 28 at 19:10









                                  Expectator

                                  712




                                  712








                                  • 2




                                    Simple trick to make a document copy-evident: use flourescent highlighter pens on it. Color photocopiers will copy the apparent colour but not the flourescent property, usually causing the copy to look different.
                                    – rackandboneman
                                    Nov 30 at 20:49














                                  • 2




                                    Simple trick to make a document copy-evident: use flourescent highlighter pens on it. Color photocopiers will copy the apparent colour but not the flourescent property, usually causing the copy to look different.
                                    – rackandboneman
                                    Nov 30 at 20:49








                                  2




                                  2




                                  Simple trick to make a document copy-evident: use flourescent highlighter pens on it. Color photocopiers will copy the apparent colour but not the flourescent property, usually causing the copy to look different.
                                  – rackandboneman
                                  Nov 30 at 20:49




                                  Simple trick to make a document copy-evident: use flourescent highlighter pens on it. Color photocopiers will copy the apparent colour but not the flourescent property, usually causing the copy to look different.
                                  – rackandboneman
                                  Nov 30 at 20:49










                                  up vote
                                  4
                                  down vote













                                  How about if the first time they're scanned in at the door by a human, the security person (i.e. scanner) checks the photo to make sure it matches the person with the badge. If it matches, the security person puts on one of those inexpensive tyvek wristbands of a specific color. These are often used at amusement parks, ball games, etc. to indicate specific access levels, age qualifications, etc. This would at least prevent unauthorized people from getting into your venue in the first place.



                                  These wristbands are one-time use, and are very difficult to take off and put on someone else without noticing that they've been removed. If you keep secret the "wristband color of the day", or get some specially made with a specific color or colors, then they should be fairly secure from copying. I also believe that these are typically rather inexpensive in bulk.



                                  Though in general, if security is this critically important at this event, then security should have been allocated enough funds up front to support its importance and value.






                                  share|improve this answer

























                                    up vote
                                    4
                                    down vote













                                    How about if the first time they're scanned in at the door by a human, the security person (i.e. scanner) checks the photo to make sure it matches the person with the badge. If it matches, the security person puts on one of those inexpensive tyvek wristbands of a specific color. These are often used at amusement parks, ball games, etc. to indicate specific access levels, age qualifications, etc. This would at least prevent unauthorized people from getting into your venue in the first place.



                                    These wristbands are one-time use, and are very difficult to take off and put on someone else without noticing that they've been removed. If you keep secret the "wristband color of the day", or get some specially made with a specific color or colors, then they should be fairly secure from copying. I also believe that these are typically rather inexpensive in bulk.



                                    Though in general, if security is this critically important at this event, then security should have been allocated enough funds up front to support its importance and value.






                                    share|improve this answer























                                      up vote
                                      4
                                      down vote










                                      up vote
                                      4
                                      down vote









                                      How about if the first time they're scanned in at the door by a human, the security person (i.e. scanner) checks the photo to make sure it matches the person with the badge. If it matches, the security person puts on one of those inexpensive tyvek wristbands of a specific color. These are often used at amusement parks, ball games, etc. to indicate specific access levels, age qualifications, etc. This would at least prevent unauthorized people from getting into your venue in the first place.



                                      These wristbands are one-time use, and are very difficult to take off and put on someone else without noticing that they've been removed. If you keep secret the "wristband color of the day", or get some specially made with a specific color or colors, then they should be fairly secure from copying. I also believe that these are typically rather inexpensive in bulk.



                                      Though in general, if security is this critically important at this event, then security should have been allocated enough funds up front to support its importance and value.






                                      share|improve this answer












                                      How about if the first time they're scanned in at the door by a human, the security person (i.e. scanner) checks the photo to make sure it matches the person with the badge. If it matches, the security person puts on one of those inexpensive tyvek wristbands of a specific color. These are often used at amusement parks, ball games, etc. to indicate specific access levels, age qualifications, etc. This would at least prevent unauthorized people from getting into your venue in the first place.



                                      These wristbands are one-time use, and are very difficult to take off and put on someone else without noticing that they've been removed. If you keep secret the "wristband color of the day", or get some specially made with a specific color or colors, then they should be fairly secure from copying. I also believe that these are typically rather inexpensive in bulk.



                                      Though in general, if security is this critically important at this event, then security should have been allocated enough funds up front to support its importance and value.







                                      share|improve this answer












                                      share|improve this answer



                                      share|improve this answer










                                      answered Nov 28 at 15:35









                                      Milwrdfan

                                      1412




                                      1412






















                                          up vote
                                          4
                                          down vote













                                          I know I'm late to the game, but here are two suggestions from me:



                                          1) Make the barcode really small, just big enough to be picked up by the a barcode scanner. This makes it difficult (but not impossible) to take useable copies with a camera without making it obvious that you're trying to do it.



                                          2) Split the barcode in two pairs (for instance, just every other bar) and print one half on the ID card, and one half on a transparent overlay -- you would then have to manually align the two halves to make a useful barcode. This makes it more tedious to actually use, but makes it unlikely that the parts will line up while dangling on the lanyard (especially if you make the transparent part with a different balance).



                                          You can of course combine the two approaches.






                                          share|improve this answer





















                                          • It's great fun - but I think it's way too complicated for the wearers, and slows down entry/exit points even moreso..
                                            – Konchog
                                            Nov 29 at 8:24















                                          up vote
                                          4
                                          down vote













                                          I know I'm late to the game, but here are two suggestions from me:



                                          1) Make the barcode really small, just big enough to be picked up by the a barcode scanner. This makes it difficult (but not impossible) to take useable copies with a camera without making it obvious that you're trying to do it.



                                          2) Split the barcode in two pairs (for instance, just every other bar) and print one half on the ID card, and one half on a transparent overlay -- you would then have to manually align the two halves to make a useful barcode. This makes it more tedious to actually use, but makes it unlikely that the parts will line up while dangling on the lanyard (especially if you make the transparent part with a different balance).



                                          You can of course combine the two approaches.






                                          share|improve this answer





















                                          • It's great fun - but I think it's way too complicated for the wearers, and slows down entry/exit points even moreso..
                                            – Konchog
                                            Nov 29 at 8:24













                                          up vote
                                          4
                                          down vote










                                          up vote
                                          4
                                          down vote









                                          I know I'm late to the game, but here are two suggestions from me:



                                          1) Make the barcode really small, just big enough to be picked up by the a barcode scanner. This makes it difficult (but not impossible) to take useable copies with a camera without making it obvious that you're trying to do it.



                                          2) Split the barcode in two pairs (for instance, just every other bar) and print one half on the ID card, and one half on a transparent overlay -- you would then have to manually align the two halves to make a useful barcode. This makes it more tedious to actually use, but makes it unlikely that the parts will line up while dangling on the lanyard (especially if you make the transparent part with a different balance).



                                          You can of course combine the two approaches.






                                          share|improve this answer












                                          I know I'm late to the game, but here are two suggestions from me:



                                          1) Make the barcode really small, just big enough to be picked up by the a barcode scanner. This makes it difficult (but not impossible) to take useable copies with a camera without making it obvious that you're trying to do it.



                                          2) Split the barcode in two pairs (for instance, just every other bar) and print one half on the ID card, and one half on a transparent overlay -- you would then have to manually align the two halves to make a useful barcode. This makes it more tedious to actually use, but makes it unlikely that the parts will line up while dangling on the lanyard (especially if you make the transparent part with a different balance).



                                          You can of course combine the two approaches.







                                          share|improve this answer












                                          share|improve this answer



                                          share|improve this answer










                                          answered Nov 29 at 8:20









                                          KlaymenDK

                                          31316




                                          31316












                                          • It's great fun - but I think it's way too complicated for the wearers, and slows down entry/exit points even moreso..
                                            – Konchog
                                            Nov 29 at 8:24


















                                          • It's great fun - but I think it's way too complicated for the wearers, and slows down entry/exit points even moreso..
                                            – Konchog
                                            Nov 29 at 8:24
















                                          It's great fun - but I think it's way too complicated for the wearers, and slows down entry/exit points even moreso..
                                          – Konchog
                                          Nov 29 at 8:24




                                          It's great fun - but I think it's way too complicated for the wearers, and slows down entry/exit points even moreso..
                                          – Konchog
                                          Nov 29 at 8:24










                                          up vote
                                          3
                                          down vote













                                          Easy solution: Print the barcode on the lanyard and not on the badge.



                                          Everybody can print out a Photo-ID made out of paper with a barcode. It is rather complicated to print a barcode on a lanyard with your home printing equipment.



                                          If your PhotoID looks something like this:



                                          Hard plastic PhotoID



                                          It is very hard for a guard to tell if this barcode is the real deal or just a printed and glued on version of the barcode. If your event is attended by 300+ people, it gets very tedious to check these things. The bigger the barcode the better. If you are planning to use PhotoID that are made out of paper then it becomes impossible to tell if a printout is real or fake.

                                          If the barcode is on the lanyard it is extremely easy for the guards to tell if this is fake or real. But keep in mind this is by no means a failsafe method. It is really a "we have no more money left" control, and not something you should rely on.






                                          share|improve this answer























                                          • While a cool suggestion, I'm not sure this fixes anything. I can take a snapshot of the barcode and use a slip of paper in the reader. The best control here is to have a human verify the validity of the barcode media. The human would reject a slip of paper in both instances.
                                            – schroeder
                                            Nov 28 at 13:29








                                          • 1




                                            OP stated here that access to a room is always granted by a person who scans the barcode. The person will recognize if the barcode is on the lanyard or on something else.
                                            – Tom K.
                                            Nov 28 at 13:33








                                          • 1




                                            Right, so I'm not sure how this control adds anything but unnecessary complexity. The paper barcode would be detected in either case.
                                            – schroeder
                                            Nov 28 at 13:35






                                          • 1




                                            I was a bouncer at several high class events. I was underpaid, tired and everyone looked at me like I was dirt. I (and all my colleagues) would have never tested several hundred cards with our fingernails. But we could've probably spotted a "cheater" from 50 meters away. Controls that rely on humans only work when enforced. And this is a control that will not work, because it will not be enforced.
                                            – Tom K.
                                            Nov 28 at 13:52








                                          • 2




                                            I can't stand lanyards and would use a safety pin or fasten the card to a button or similar. If the lanyard holds the real barcode then its required. Whoops!
                                            – Criggie
                                            Nov 28 at 18:07















                                          up vote
                                          3
                                          down vote













                                          Easy solution: Print the barcode on the lanyard and not on the badge.



                                          Everybody can print out a Photo-ID made out of paper with a barcode. It is rather complicated to print a barcode on a lanyard with your home printing equipment.



                                          If your PhotoID looks something like this:



                                          Hard plastic PhotoID



                                          It is very hard for a guard to tell if this barcode is the real deal or just a printed and glued on version of the barcode. If your event is attended by 300+ people, it gets very tedious to check these things. The bigger the barcode the better. If you are planning to use PhotoID that are made out of paper then it becomes impossible to tell if a printout is real or fake.

                                          If the barcode is on the lanyard it is extremely easy for the guards to tell if this is fake or real. But keep in mind this is by no means a failsafe method. It is really a "we have no more money left" control, and not something you should rely on.






                                          share|improve this answer























                                          • While a cool suggestion, I'm not sure this fixes anything. I can take a snapshot of the barcode and use a slip of paper in the reader. The best control here is to have a human verify the validity of the barcode media. The human would reject a slip of paper in both instances.
                                            – schroeder
                                            Nov 28 at 13:29








                                          • 1




                                            OP stated here that access to a room is always granted by a person who scans the barcode. The person will recognize if the barcode is on the lanyard or on something else.
                                            – Tom K.
                                            Nov 28 at 13:33








                                          • 1




                                            Right, so I'm not sure how this control adds anything but unnecessary complexity. The paper barcode would be detected in either case.
                                            – schroeder
                                            Nov 28 at 13:35






                                          • 1




                                            I was a bouncer at several high class events. I was underpaid, tired and everyone looked at me like I was dirt. I (and all my colleagues) would have never tested several hundred cards with our fingernails. But we could've probably spotted a "cheater" from 50 meters away. Controls that rely on humans only work when enforced. And this is a control that will not work, because it will not be enforced.
                                            – Tom K.
                                            Nov 28 at 13:52








                                          • 2




                                            I can't stand lanyards and would use a safety pin or fasten the card to a button or similar. If the lanyard holds the real barcode then its required. Whoops!
                                            – Criggie
                                            Nov 28 at 18:07













                                          up vote
                                          3
                                          down vote










                                          up vote
                                          3
                                          down vote









                                          Easy solution: Print the barcode on the lanyard and not on the badge.



                                          Everybody can print out a Photo-ID made out of paper with a barcode. It is rather complicated to print a barcode on a lanyard with your home printing equipment.



                                          If your PhotoID looks something like this:



                                          Hard plastic PhotoID



                                          It is very hard for a guard to tell if this barcode is the real deal or just a printed and glued on version of the barcode. If your event is attended by 300+ people, it gets very tedious to check these things. The bigger the barcode the better. If you are planning to use PhotoID that are made out of paper then it becomes impossible to tell if a printout is real or fake.

                                          If the barcode is on the lanyard it is extremely easy for the guards to tell if this is fake or real. But keep in mind this is by no means a failsafe method. It is really a "we have no more money left" control, and not something you should rely on.






                                          share|improve this answer














                                          Easy solution: Print the barcode on the lanyard and not on the badge.



                                          Everybody can print out a Photo-ID made out of paper with a barcode. It is rather complicated to print a barcode on a lanyard with your home printing equipment.



                                          If your PhotoID looks something like this:



                                          Hard plastic PhotoID



                                          It is very hard for a guard to tell if this barcode is the real deal or just a printed and glued on version of the barcode. If your event is attended by 300+ people, it gets very tedious to check these things. The bigger the barcode the better. If you are planning to use PhotoID that are made out of paper then it becomes impossible to tell if a printout is real or fake.

                                          If the barcode is on the lanyard it is extremely easy for the guards to tell if this is fake or real. But keep in mind this is by no means a failsafe method. It is really a "we have no more money left" control, and not something you should rely on.







                                          share|improve this answer














                                          share|improve this answer



                                          share|improve this answer








                                          edited Nov 28 at 13:43

























                                          answered Nov 28 at 12:47









                                          Tom K.

                                          5,34932048




                                          5,34932048












                                          • While a cool suggestion, I'm not sure this fixes anything. I can take a snapshot of the barcode and use a slip of paper in the reader. The best control here is to have a human verify the validity of the barcode media. The human would reject a slip of paper in both instances.
                                            – schroeder
                                            Nov 28 at 13:29








                                          • 1




                                            OP stated here that access to a room is always granted by a person who scans the barcode. The person will recognize if the barcode is on the lanyard or on something else.
                                            – Tom K.
                                            Nov 28 at 13:33








                                          • 1




                                            Right, so I'm not sure how this control adds anything but unnecessary complexity. The paper barcode would be detected in either case.
                                            – schroeder
                                            Nov 28 at 13:35






                                          • 1




                                            I was a bouncer at several high class events. I was underpaid, tired and everyone looked at me like I was dirt. I (and all my colleagues) would have never tested several hundred cards with our fingernails. But we could've probably spotted a "cheater" from 50 meters away. Controls that rely on humans only work when enforced. And this is a control that will not work, because it will not be enforced.
                                            – Tom K.
                                            Nov 28 at 13:52








                                          • 2




                                            I can't stand lanyards and would use a safety pin or fasten the card to a button or similar. If the lanyard holds the real barcode then its required. Whoops!
                                            – Criggie
                                            Nov 28 at 18:07


















                                          • While a cool suggestion, I'm not sure this fixes anything. I can take a snapshot of the barcode and use a slip of paper in the reader. The best control here is to have a human verify the validity of the barcode media. The human would reject a slip of paper in both instances.
                                            – schroeder
                                            Nov 28 at 13:29








                                          • 1




                                            OP stated here that access to a room is always granted by a person who scans the barcode. The person will recognize if the barcode is on the lanyard or on something else.
                                            – Tom K.
                                            Nov 28 at 13:33








                                          • 1




                                            Right, so I'm not sure how this control adds anything but unnecessary complexity. The paper barcode would be detected in either case.
                                            – schroeder
                                            Nov 28 at 13:35






                                          • 1




                                            I was a bouncer at several high class events. I was underpaid, tired and everyone looked at me like I was dirt. I (and all my colleagues) would have never tested several hundred cards with our fingernails. But we could've probably spotted a "cheater" from 50 meters away. Controls that rely on humans only work when enforced. And this is a control that will not work, because it will not be enforced.
                                            – Tom K.
                                            Nov 28 at 13:52








                                          • 2




                                            I can't stand lanyards and would use a safety pin or fasten the card to a button or similar. If the lanyard holds the real barcode then its required. Whoops!
                                            – Criggie
                                            Nov 28 at 18:07
















                                          While a cool suggestion, I'm not sure this fixes anything. I can take a snapshot of the barcode and use a slip of paper in the reader. The best control here is to have a human verify the validity of the barcode media. The human would reject a slip of paper in both instances.
                                          – schroeder
                                          Nov 28 at 13:29






                                          While a cool suggestion, I'm not sure this fixes anything. I can take a snapshot of the barcode and use a slip of paper in the reader. The best control here is to have a human verify the validity of the barcode media. The human would reject a slip of paper in both instances.
                                          – schroeder
                                          Nov 28 at 13:29






                                          1




                                          1




                                          OP stated here that access to a room is always granted by a person who scans the barcode. The person will recognize if the barcode is on the lanyard or on something else.
                                          – Tom K.
                                          Nov 28 at 13:33






                                          OP stated here that access to a room is always granted by a person who scans the barcode. The person will recognize if the barcode is on the lanyard or on something else.
                                          – Tom K.
                                          Nov 28 at 13:33






                                          1




                                          1




                                          Right, so I'm not sure how this control adds anything but unnecessary complexity. The paper barcode would be detected in either case.
                                          – schroeder
                                          Nov 28 at 13:35




                                          Right, so I'm not sure how this control adds anything but unnecessary complexity. The paper barcode would be detected in either case.
                                          – schroeder
                                          Nov 28 at 13:35




                                          1




                                          1




                                          I was a bouncer at several high class events. I was underpaid, tired and everyone looked at me like I was dirt. I (and all my colleagues) would have never tested several hundred cards with our fingernails. But we could've probably spotted a "cheater" from 50 meters away. Controls that rely on humans only work when enforced. And this is a control that will not work, because it will not be enforced.
                                          – Tom K.
                                          Nov 28 at 13:52






                                          I was a bouncer at several high class events. I was underpaid, tired and everyone looked at me like I was dirt. I (and all my colleagues) would have never tested several hundred cards with our fingernails. But we could've probably spotted a "cheater" from 50 meters away. Controls that rely on humans only work when enforced. And this is a control that will not work, because it will not be enforced.
                                          – Tom K.
                                          Nov 28 at 13:52






                                          2




                                          2




                                          I can't stand lanyards and would use a safety pin or fasten the card to a button or similar. If the lanyard holds the real barcode then its required. Whoops!
                                          – Criggie
                                          Nov 28 at 18:07




                                          I can't stand lanyards and would use a safety pin or fasten the card to a button or similar. If the lanyard holds the real barcode then its required. Whoops!
                                          – Criggie
                                          Nov 28 at 18:07










                                          up vote
                                          3
                                          down vote













                                          While not a complete solution to the problem, you can make life slightly more difficult by including the EURion Constellation on your cards. This may be used in conjunction with other approaches.




                                          EURion constellation is a pattern of symbols incorporated into a number of banknote designs worldwide since about 1996. ... [It] consists of a pattern of five small yellow, green or orange circles, which is repeated across areas of the banknote at different orientations. The mere presence of five of these circles on a page is sufficient for some colour photocopiers to refuse processing.







                                          share|improve this answer





















                                          • Yeah I was thinking of something like this too last night - but it would still mean upgrading the scanners; also, and in fairness, the need (as I see it) isn't really trying to prevent counterfeits, as much as being able to protect identity.
                                            – Konchog
                                            Nov 29 at 7:17






                                          • 2




                                            @Konchog: No, your scanners don't need to detect the pattern. The hope is that the attacker cannot scan the pattern. You are only scanning barcodes.
                                            – MSalters
                                            Nov 29 at 8:05










                                          • @MSalters, ok - right.. But are cameras defeated by EURion? I just took a photo of a €20 note with no problems using an iPhone..
                                            – Konchog
                                            Nov 29 at 8:18






                                          • 1




                                            @Konchog: I did write "hope" intentionally there. Still, many printers also detect the pattern, so you might have a second line of defense.
                                            – MSalters
                                            Nov 29 at 8:26















                                          up vote
                                          3
                                          down vote













                                          While not a complete solution to the problem, you can make life slightly more difficult by including the EURion Constellation on your cards. This may be used in conjunction with other approaches.




                                          EURion constellation is a pattern of symbols incorporated into a number of banknote designs worldwide since about 1996. ... [It] consists of a pattern of five small yellow, green or orange circles, which is repeated across areas of the banknote at different orientations. The mere presence of five of these circles on a page is sufficient for some colour photocopiers to refuse processing.







                                          share|improve this answer





















                                          • Yeah I was thinking of something like this too last night - but it would still mean upgrading the scanners; also, and in fairness, the need (as I see it) isn't really trying to prevent counterfeits, as much as being able to protect identity.
                                            – Konchog
                                            Nov 29 at 7:17






                                          • 2




                                            @Konchog: No, your scanners don't need to detect the pattern. The hope is that the attacker cannot scan the pattern. You are only scanning barcodes.
                                            – MSalters
                                            Nov 29 at 8:05










                                          • @MSalters, ok - right.. But are cameras defeated by EURion? I just took a photo of a €20 note with no problems using an iPhone..
                                            – Konchog
                                            Nov 29 at 8:18






                                          • 1




                                            @Konchog: I did write "hope" intentionally there. Still, many printers also detect the pattern, so you might have a second line of defense.
                                            – MSalters
                                            Nov 29 at 8:26













                                          up vote
                                          3
                                          down vote










                                          up vote
                                          3
                                          down vote









                                          While not a complete solution to the problem, you can make life slightly more difficult by including the EURion Constellation on your cards. This may be used in conjunction with other approaches.




                                          EURion constellation is a pattern of symbols incorporated into a number of banknote designs worldwide since about 1996. ... [It] consists of a pattern of five small yellow, green or orange circles, which is repeated across areas of the banknote at different orientations. The mere presence of five of these circles on a page is sufficient for some colour photocopiers to refuse processing.







                                          share|improve this answer












                                          While not a complete solution to the problem, you can make life slightly more difficult by including the EURion Constellation on your cards. This may be used in conjunction with other approaches.




                                          EURion constellation is a pattern of symbols incorporated into a number of banknote designs worldwide since about 1996. ... [It] consists of a pattern of five small yellow, green or orange circles, which is repeated across areas of the banknote at different orientations. The mere presence of five of these circles on a page is sufficient for some colour photocopiers to refuse processing.








                                          share|improve this answer












                                          share|improve this answer



                                          share|improve this answer










                                          answered Nov 29 at 4:36









                                          Tyzoid

                                          1608




                                          1608












                                          • Yeah I was thinking of something like this too last night - but it would still mean upgrading the scanners; also, and in fairness, the need (as I see it) isn't really trying to prevent counterfeits, as much as being able to protect identity.
                                            – Konchog
                                            Nov 29 at 7:17






                                          • 2




                                            @Konchog: No, your scanners don't need to detect the pattern. The hope is that the attacker cannot scan the pattern. You are only scanning barcodes.
                                            – MSalters
                                            Nov 29 at 8:05










                                          • @MSalters, ok - right.. But are cameras defeated by EURion? I just took a photo of a €20 note with no problems using an iPhone..
                                            – Konchog
                                            Nov 29 at 8:18






                                          • 1




                                            @Konchog: I did write "hope" intentionally there. Still, many printers also detect the pattern, so you might have a second line of defense.
                                            – MSalters
                                            Nov 29 at 8:26


















                                          • Yeah I was thinking of something like this too last night - but it would still mean upgrading the scanners; also, and in fairness, the need (as I see it) isn't really trying to prevent counterfeits, as much as being able to protect identity.
                                            – Konchog
                                            Nov 29 at 7:17






                                          • 2




                                            @Konchog: No, your scanners don't need to detect the pattern. The hope is that the attacker cannot scan the pattern. You are only scanning barcodes.
                                            – MSalters
                                            Nov 29 at 8:05










                                          • @MSalters, ok - right.. But are cameras defeated by EURion? I just took a photo of a €20 note with no problems using an iPhone..
                                            – Konchog
                                            Nov 29 at 8:18






                                          • 1




                                            @Konchog: I did write "hope" intentionally there. Still, many printers also detect the pattern, so you might have a second line of defense.
                                            – MSalters
                                            Nov 29 at 8:26
















                                          Yeah I was thinking of something like this too last night - but it would still mean upgrading the scanners; also, and in fairness, the need (as I see it) isn't really trying to prevent counterfeits, as much as being able to protect identity.
                                          – Konchog
                                          Nov 29 at 7:17




                                          Yeah I was thinking of something like this too last night - but it would still mean upgrading the scanners; also, and in fairness, the need (as I see it) isn't really trying to prevent counterfeits, as much as being able to protect identity.
                                          – Konchog
                                          Nov 29 at 7:17




                                          2




                                          2




                                          @Konchog: No, your scanners don't need to detect the pattern. The hope is that the attacker cannot scan the pattern. You are only scanning barcodes.
                                          – MSalters
                                          Nov 29 at 8:05




                                          @Konchog: No, your scanners don't need to detect the pattern. The hope is that the attacker cannot scan the pattern. You are only scanning barcodes.
                                          – MSalters
                                          Nov 29 at 8:05












                                          @MSalters, ok - right.. But are cameras defeated by EURion? I just took a photo of a €20 note with no problems using an iPhone..
                                          – Konchog
                                          Nov 29 at 8:18




                                          @MSalters, ok - right.. But are cameras defeated by EURion? I just took a photo of a €20 note with no problems using an iPhone..
                                          – Konchog
                                          Nov 29 at 8:18




                                          1




                                          1




                                          @Konchog: I did write "hope" intentionally there. Still, many printers also detect the pattern, so you might have a second line of defense.
                                          – MSalters
                                          Nov 29 at 8:26




                                          @Konchog: I did write "hope" intentionally there. Still, many printers also detect the pattern, so you might have a second line of defense.
                                          – MSalters
                                          Nov 29 at 8:26










                                          up vote
                                          3
                                          down vote













                                          While it might be simple to take a photo of one side, it's much harder to capture both sides in a casual attack. You can do various things to build on that idea, depending on the event.




                                          • Unique barcodes on each side, attendee puts card between two readers

                                          • Barcode on one side, human-verifiable information on the other. Manually compared against account.




                                          Or you could add a second factor. Send the participant a registration SMS when they first scan in, that captures their beacon with the local wifi and then you can do approximation checks every time they scan in the future. If their phone isn't where it should be, block access and send another SMS-link. You could two-factor all the way, but you'd probably want an app to provide a quicker notification.





                                          Or you could just obscure the barcode entirely. Your idea was red cellophane... Why not just a blackout cover? This could be as dirty as a postit or some high-tack tape, or as pretty as a sleeve that only obscures the barcode.






                                          share|improve this answer

























                                            up vote
                                            3
                                            down vote













                                            While it might be simple to take a photo of one side, it's much harder to capture both sides in a casual attack. You can do various things to build on that idea, depending on the event.




                                            • Unique barcodes on each side, attendee puts card between two readers

                                            • Barcode on one side, human-verifiable information on the other. Manually compared against account.




                                            Or you could add a second factor. Send the participant a registration SMS when they first scan in, that captures their beacon with the local wifi and then you can do approximation checks every time they scan in the future. If their phone isn't where it should be, block access and send another SMS-link. You could two-factor all the way, but you'd probably want an app to provide a quicker notification.





                                            Or you could just obscure the barcode entirely. Your idea was red cellophane... Why not just a blackout cover? This could be as dirty as a postit or some high-tack tape, or as pretty as a sleeve that only obscures the barcode.






                                            share|improve this answer























                                              up vote
                                              3
                                              down vote










                                              up vote
                                              3
                                              down vote









                                              While it might be simple to take a photo of one side, it's much harder to capture both sides in a casual attack. You can do various things to build on that idea, depending on the event.




                                              • Unique barcodes on each side, attendee puts card between two readers

                                              • Barcode on one side, human-verifiable information on the other. Manually compared against account.




                                              Or you could add a second factor. Send the participant a registration SMS when they first scan in, that captures their beacon with the local wifi and then you can do approximation checks every time they scan in the future. If their phone isn't where it should be, block access and send another SMS-link. You could two-factor all the way, but you'd probably want an app to provide a quicker notification.





                                              Or you could just obscure the barcode entirely. Your idea was red cellophane... Why not just a blackout cover? This could be as dirty as a postit or some high-tack tape, or as pretty as a sleeve that only obscures the barcode.






                                              share|improve this answer












                                              While it might be simple to take a photo of one side, it's much harder to capture both sides in a casual attack. You can do various things to build on that idea, depending on the event.




                                              • Unique barcodes on each side, attendee puts card between two readers

                                              • Barcode on one side, human-verifiable information on the other. Manually compared against account.




                                              Or you could add a second factor. Send the participant a registration SMS when they first scan in, that captures their beacon with the local wifi and then you can do approximation checks every time they scan in the future. If their phone isn't where it should be, block access and send another SMS-link. You could two-factor all the way, but you'd probably want an app to provide a quicker notification.





                                              Or you could just obscure the barcode entirely. Your idea was red cellophane... Why not just a blackout cover? This could be as dirty as a postit or some high-tack tape, or as pretty as a sleeve that only obscures the barcode.







                                              share|improve this answer












                                              share|improve this answer



                                              share|improve this answer










                                              answered Nov 29 at 10:43









                                              Oli

                                              816713




                                              816713






















                                                  up vote
                                                  2
                                                  down vote













                                                  As stated in other comments, it is unclear what the threats you are facing are. If you are purely worried about people photographing the identification, just do something so that the natural physical state of the pass obscures the barcode. For example, you can distribute the passes folded in half (the lanyard can help keep it in half) and the bar code can be on the inside. When people go to scan them, you can have security 'unfold' the pass to reveal the barcode. Or you can have people wear ID's but carry a bar-coded card in their pockets for entry.






                                                  share|improve this answer

















                                                  • 1




                                                    Yes, the idea is mentioned above. It may seem unlikely, but it should be clear that I cannot reveal too much about anything on a public forum, and I err on the side of caution here. However, the 'threat' is access to high-value people rather than free champagne.. Not exactly meeting the president - but - you get the picture...
                                                    – Konchog
                                                    Nov 29 at 7:20















                                                  up vote
                                                  2
                                                  down vote













                                                  As stated in other comments, it is unclear what the threats you are facing are. If you are purely worried about people photographing the identification, just do something so that the natural physical state of the pass obscures the barcode. For example, you can distribute the passes folded in half (the lanyard can help keep it in half) and the bar code can be on the inside. When people go to scan them, you can have security 'unfold' the pass to reveal the barcode. Or you can have people wear ID's but carry a bar-coded card in their pockets for entry.






                                                  share|improve this answer

















                                                  • 1




                                                    Yes, the idea is mentioned above. It may seem unlikely, but it should be clear that I cannot reveal too much about anything on a public forum, and I err on the side of caution here. However, the 'threat' is access to high-value people rather than free champagne.. Not exactly meeting the president - but - you get the picture...
                                                    – Konchog
                                                    Nov 29 at 7:20













                                                  up vote
                                                  2
                                                  down vote










                                                  up vote
                                                  2
                                                  down vote









                                                  As stated in other comments, it is unclear what the threats you are facing are. If you are purely worried about people photographing the identification, just do something so that the natural physical state of the pass obscures the barcode. For example, you can distribute the passes folded in half (the lanyard can help keep it in half) and the bar code can be on the inside. When people go to scan them, you can have security 'unfold' the pass to reveal the barcode. Or you can have people wear ID's but carry a bar-coded card in their pockets for entry.






                                                  share|improve this answer












                                                  As stated in other comments, it is unclear what the threats you are facing are. If you are purely worried about people photographing the identification, just do something so that the natural physical state of the pass obscures the barcode. For example, you can distribute the passes folded in half (the lanyard can help keep it in half) and the bar code can be on the inside. When people go to scan them, you can have security 'unfold' the pass to reveal the barcode. Or you can have people wear ID's but carry a bar-coded card in their pockets for entry.







                                                  share|improve this answer












                                                  share|improve this answer



                                                  share|improve this answer










                                                  answered Nov 28 at 20:46









                                                  BobtheMagicMoose

                                                  1212




                                                  1212








                                                  • 1




                                                    Yes, the idea is mentioned above. It may seem unlikely, but it should be clear that I cannot reveal too much about anything on a public forum, and I err on the side of caution here. However, the 'threat' is access to high-value people rather than free champagne.. Not exactly meeting the president - but - you get the picture...
                                                    – Konchog
                                                    Nov 29 at 7:20














                                                  • 1




                                                    Yes, the idea is mentioned above. It may seem unlikely, but it should be clear that I cannot reveal too much about anything on a public forum, and I err on the side of caution here. However, the 'threat' is access to high-value people rather than free champagne.. Not exactly meeting the president - but - you get the picture...
                                                    – Konchog
                                                    Nov 29 at 7:20








                                                  1




                                                  1




                                                  Yes, the idea is mentioned above. It may seem unlikely, but it should be clear that I cannot reveal too much about anything on a public forum, and I err on the side of caution here. However, the 'threat' is access to high-value people rather than free champagne.. Not exactly meeting the president - but - you get the picture...
                                                  – Konchog
                                                  Nov 29 at 7:20




                                                  Yes, the idea is mentioned above. It may seem unlikely, but it should be clear that I cannot reveal too much about anything on a public forum, and I err on the side of caution here. However, the 'threat' is access to high-value people rather than free champagne.. Not exactly meeting the president - but - you get the picture...
                                                  – Konchog
                                                  Nov 29 at 7:20










                                                  up vote
                                                  2
                                                  down vote













                                                  Theoretically you can print in something polarised.
                                                  Then view it with polarised light or through a polarised filter.
                                                  Not necessarily cheap though.



                                                  Presumably you can choose linear or circularly polarised in order to avoid any filter that might typically be in a common camera.






                                                  share|improve this answer

























                                                    up vote
                                                    2
                                                    down vote













                                                    Theoretically you can print in something polarised.
                                                    Then view it with polarised light or through a polarised filter.
                                                    Not necessarily cheap though.



                                                    Presumably you can choose linear or circularly polarised in order to avoid any filter that might typically be in a common camera.






                                                    share|improve this answer























                                                      up vote
                                                      2
                                                      down vote










                                                      up vote
                                                      2
                                                      down vote









                                                      Theoretically you can print in something polarised.
                                                      Then view it with polarised light or through a polarised filter.
                                                      Not necessarily cheap though.



                                                      Presumably you can choose linear or circularly polarised in order to avoid any filter that might typically be in a common camera.






                                                      share|improve this answer












                                                      Theoretically you can print in something polarised.
                                                      Then view it with polarised light or through a polarised filter.
                                                      Not necessarily cheap though.



                                                      Presumably you can choose linear or circularly polarised in order to avoid any filter that might typically be in a common camera.







                                                      share|improve this answer












                                                      share|improve this answer



                                                      share|improve this answer










                                                      answered Nov 29 at 1:34









                                                      Smegger

                                                      211




                                                      211






















                                                          up vote
                                                          2
                                                          down vote













                                                          Strictly speaking, there isn't. If the scanner can read it, it can be recorded and reproduced. But that doesn't tell the whole story.



                                                          Although cameras and screens/printers these days are pretty universal, they can't capture and reproduce every single color. There are actually colors that the human eye can see, but which are difficult to capture on camera, display on screen or print on paper:





                                                          Some simple examples include fluorescent colors, actual fluorescence triggered by a certain color light emitted by the scanner (for instance, green plants glow orange under UV light), non-visible colors like UV or infrared. You could also go the reverse way and include features that are visible normally but invisible to your scanner, for instance perhaps part of the barcode is sandwiched between sheets of paper and which becomes properly transparent only under your scanner. Many banknotes incorporate such security measure based on transparency, special dyes and paper, glowing/hologrammed elements and so on.



                                                          This doesn't mean your card is unphotographable, since obviously your scanner can detect it - an adversary could build a similar device and record your card. But it does mean that readily available consumer cameras won't be able to, so the adversary will have to obtain specialized equipment (which may not even be legal to purchase) or even build their own device. Similarly, reproducing will also be a challenge. If you use a color outside the CMYK space they can't print it, and if outside RGB their phone screen won't show it. Again, they can obtain or make specialized screens/papers that can do it (after all, whoever made your legitimate ID cards was able to) but it will be harder. Not to mention it will be easier for law enforcement to find them, because not many people would have such specialized equipment with no good reason.



                                                          Really the ideal solution here is to just use RFID chips with encryption. Few people have the technical skills to reproduce those, and even if they do, they won't be able to easily find out the encryption key in the chip. As a lower cost option, magnetic cards should be cheaper, those can be easily cloned but it requires equipment. The time tested physical access control solution is of course a plain key (also not so simple to copy). Or you could just forget it all and go with memorized passwords.



                                                          If you really have to use the scanners, I would either look into fluorescent ink, or printing on some material that doesn't look right except for a specific wavelength (which the scanner would presumably provide. But it's hard to be more precise without knowing what your scanner is.






                                                          share|improve this answer



























                                                            up vote
                                                            2
                                                            down vote













                                                            Strictly speaking, there isn't. If the scanner can read it, it can be recorded and reproduced. But that doesn't tell the whole story.



                                                            Although cameras and screens/printers these days are pretty universal, they can't capture and reproduce every single color. There are actually colors that the human eye can see, but which are difficult to capture on camera, display on screen or print on paper:





                                                            Some simple examples include fluorescent colors, actual fluorescence triggered by a certain color light emitted by the scanner (for instance, green plants glow orange under UV light), non-visible colors like UV or infrared. You could also go the reverse way and include features that are visible normally but invisible to your scanner, for instance perhaps part of the barcode is sandwiched between sheets of paper and which becomes properly transparent only under your scanner. Many banknotes incorporate such security measure based on transparency, special dyes and paper, glowing/hologrammed elements and so on.



                                                            This doesn't mean your card is unphotographable, since obviously your scanner can detect it - an adversary could build a similar device and record your card. But it does mean that readily available consumer cameras won't be able to, so the adversary will have to obtain specialized equipment (which may not even be legal to purchase) or even build their own device. Similarly, reproducing will also be a challenge. If you use a color outside the CMYK space they can't print it, and if outside RGB their phone screen won't show it. Again, they can obtain or make specialized screens/papers that can do it (after all, whoever made your legitimate ID cards was able to) but it will be harder. Not to mention it will be easier for law enforcement to find them, because not many people would have such specialized equipment with no good reason.



                                                            Really the ideal solution here is to just use RFID chips with encryption. Few people have the technical skills to reproduce those, and even if they do, they won't be able to easily find out the encryption key in the chip. As a lower cost option, magnetic cards should be cheaper, those can be easily cloned but it requires equipment. The time tested physical access control solution is of course a plain key (also not so simple to copy). Or you could just forget it all and go with memorized passwords.



                                                            If you really have to use the scanners, I would either look into fluorescent ink, or printing on some material that doesn't look right except for a specific wavelength (which the scanner would presumably provide. But it's hard to be more precise without knowing what your scanner is.






                                                            share|improve this answer

























                                                              up vote
                                                              2
                                                              down vote










                                                              up vote
                                                              2
                                                              down vote









                                                              Strictly speaking, there isn't. If the scanner can read it, it can be recorded and reproduced. But that doesn't tell the whole story.



                                                              Although cameras and screens/printers these days are pretty universal, they can't capture and reproduce every single color. There are actually colors that the human eye can see, but which are difficult to capture on camera, display on screen or print on paper:





                                                              Some simple examples include fluorescent colors, actual fluorescence triggered by a certain color light emitted by the scanner (for instance, green plants glow orange under UV light), non-visible colors like UV or infrared. You could also go the reverse way and include features that are visible normally but invisible to your scanner, for instance perhaps part of the barcode is sandwiched between sheets of paper and which becomes properly transparent only under your scanner. Many banknotes incorporate such security measure based on transparency, special dyes and paper, glowing/hologrammed elements and so on.



                                                              This doesn't mean your card is unphotographable, since obviously your scanner can detect it - an adversary could build a similar device and record your card. But it does mean that readily available consumer cameras won't be able to, so the adversary will have to obtain specialized equipment (which may not even be legal to purchase) or even build their own device. Similarly, reproducing will also be a challenge. If you use a color outside the CMYK space they can't print it, and if outside RGB their phone screen won't show it. Again, they can obtain or make specialized screens/papers that can do it (after all, whoever made your legitimate ID cards was able to) but it will be harder. Not to mention it will be easier for law enforcement to find them, because not many people would have such specialized equipment with no good reason.



                                                              Really the ideal solution here is to just use RFID chips with encryption. Few people have the technical skills to reproduce those, and even if they do, they won't be able to easily find out the encryption key in the chip. As a lower cost option, magnetic cards should be cheaper, those can be easily cloned but it requires equipment. The time tested physical access control solution is of course a plain key (also not so simple to copy). Or you could just forget it all and go with memorized passwords.



                                                              If you really have to use the scanners, I would either look into fluorescent ink, or printing on some material that doesn't look right except for a specific wavelength (which the scanner would presumably provide. But it's hard to be more precise without knowing what your scanner is.






                                                              share|improve this answer














                                                              Strictly speaking, there isn't. If the scanner can read it, it can be recorded and reproduced. But that doesn't tell the whole story.



                                                              Although cameras and screens/printers these days are pretty universal, they can't capture and reproduce every single color. There are actually colors that the human eye can see, but which are difficult to capture on camera, display on screen or print on paper:





                                                              Some simple examples include fluorescent colors, actual fluorescence triggered by a certain color light emitted by the scanner (for instance, green plants glow orange under UV light), non-visible colors like UV or infrared. You could also go the reverse way and include features that are visible normally but invisible to your scanner, for instance perhaps part of the barcode is sandwiched between sheets of paper and which becomes properly transparent only under your scanner. Many banknotes incorporate such security measure based on transparency, special dyes and paper, glowing/hologrammed elements and so on.



                                                              This doesn't mean your card is unphotographable, since obviously your scanner can detect it - an adversary could build a similar device and record your card. But it does mean that readily available consumer cameras won't be able to, so the adversary will have to obtain specialized equipment (which may not even be legal to purchase) or even build their own device. Similarly, reproducing will also be a challenge. If you use a color outside the CMYK space they can't print it, and if outside RGB their phone screen won't show it. Again, they can obtain or make specialized screens/papers that can do it (after all, whoever made your legitimate ID cards was able to) but it will be harder. Not to mention it will be easier for law enforcement to find them, because not many people would have such specialized equipment with no good reason.



                                                              Really the ideal solution here is to just use RFID chips with encryption. Few people have the technical skills to reproduce those, and even if they do, they won't be able to easily find out the encryption key in the chip. As a lower cost option, magnetic cards should be cheaper, those can be easily cloned but it requires equipment. The time tested physical access control solution is of course a plain key (also not so simple to copy). Or you could just forget it all and go with memorized passwords.



                                                              If you really have to use the scanners, I would either look into fluorescent ink, or printing on some material that doesn't look right except for a specific wavelength (which the scanner would presumably provide. But it's hard to be more precise without knowing what your scanner is.







                                                              share|improve this answer














                                                              share|improve this answer



                                                              share|improve this answer








                                                              edited Nov 29 at 23:19

























                                                              answered Nov 29 at 23:05









                                                              Artimithe55

                                                              385




                                                              385






















                                                                  up vote
                                                                  1
                                                                  down vote













                                                                  If you can ensure all barcodes are printed at the exact same spot, you could modify the slot of the barcode reader to position the ID exactly with something covering the borders. So if someone tries to print a photo but it is slightly off-center, the barcode wont be read.



                                                                  However I would suggest that the reception do not have such thing, and just the ones with sensitive data. This way a "cheater" gets in thinking it worked, then he is stuck inside when trying to pass thru restricted areas. Depending on the person, it would be risky to go out and try to get it fixed and reveal their intention. If he gets blocked before entering the "common area", they might have a chance to fix that and try again with another person.






                                                                  share|improve this answer

















                                                                  • 5




                                                                    Scanners are not that precise. Photoshop is not that imprecise.
                                                                    – schroeder
                                                                    Nov 28 at 13:31






                                                                  • 1




                                                                    "Stuck inside" sounds like a potential fire code violation
                                                                    – infixed
                                                                    Nov 30 at 17:19















                                                                  up vote
                                                                  1
                                                                  down vote













                                                                  If you can ensure all barcodes are printed at the exact same spot, you could modify the slot of the barcode reader to position the ID exactly with something covering the borders. So if someone tries to print a photo but it is slightly off-center, the barcode wont be read.



                                                                  However I would suggest that the reception do not have such thing, and just the ones with sensitive data. This way a "cheater" gets in thinking it worked, then he is stuck inside when trying to pass thru restricted areas. Depending on the person, it would be risky to go out and try to get it fixed and reveal their intention. If he gets blocked before entering the "common area", they might have a chance to fix that and try again with another person.






                                                                  share|improve this answer

















                                                                  • 5




                                                                    Scanners are not that precise. Photoshop is not that imprecise.
                                                                    – schroeder
                                                                    Nov 28 at 13:31






                                                                  • 1




                                                                    "Stuck inside" sounds like a potential fire code violation
                                                                    – infixed
                                                                    Nov 30 at 17:19













                                                                  up vote
                                                                  1
                                                                  down vote










                                                                  up vote
                                                                  1
                                                                  down vote









                                                                  If you can ensure all barcodes are printed at the exact same spot, you could modify the slot of the barcode reader to position the ID exactly with something covering the borders. So if someone tries to print a photo but it is slightly off-center, the barcode wont be read.



                                                                  However I would suggest that the reception do not have such thing, and just the ones with sensitive data. This way a "cheater" gets in thinking it worked, then he is stuck inside when trying to pass thru restricted areas. Depending on the person, it would be risky to go out and try to get it fixed and reveal their intention. If he gets blocked before entering the "common area", they might have a chance to fix that and try again with another person.






                                                                  share|improve this answer












                                                                  If you can ensure all barcodes are printed at the exact same spot, you could modify the slot of the barcode reader to position the ID exactly with something covering the borders. So if someone tries to print a photo but it is slightly off-center, the barcode wont be read.



                                                                  However I would suggest that the reception do not have such thing, and just the ones with sensitive data. This way a "cheater" gets in thinking it worked, then he is stuck inside when trying to pass thru restricted areas. Depending on the person, it would be risky to go out and try to get it fixed and reveal their intention. If he gets blocked before entering the "common area", they might have a chance to fix that and try again with another person.







                                                                  share|improve this answer












                                                                  share|improve this answer



                                                                  share|improve this answer










                                                                  answered Nov 28 at 13:17









                                                                  Moacir

                                                                  1192




                                                                  1192








                                                                  • 5




                                                                    Scanners are not that precise. Photoshop is not that imprecise.
                                                                    – schroeder
                                                                    Nov 28 at 13:31






                                                                  • 1




                                                                    "Stuck inside" sounds like a potential fire code violation
                                                                    – infixed
                                                                    Nov 30 at 17:19














                                                                  • 5




                                                                    Scanners are not that precise. Photoshop is not that imprecise.
                                                                    – schroeder
                                                                    Nov 28 at 13:31






                                                                  • 1




                                                                    "Stuck inside" sounds like a potential fire code violation
                                                                    – infixed
                                                                    Nov 30 at 17:19








                                                                  5




                                                                  5




                                                                  Scanners are not that precise. Photoshop is not that imprecise.
                                                                  – schroeder
                                                                  Nov 28 at 13:31




                                                                  Scanners are not that precise. Photoshop is not that imprecise.
                                                                  – schroeder
                                                                  Nov 28 at 13:31




                                                                  1




                                                                  1




                                                                  "Stuck inside" sounds like a potential fire code violation
                                                                  – infixed
                                                                  Nov 30 at 17:19




                                                                  "Stuck inside" sounds like a potential fire code violation
                                                                  – infixed
                                                                  Nov 30 at 17:19










                                                                  up vote
                                                                  0
                                                                  down vote













                                                                  I think you are too much focussed on copying the barcode. The correct way to do this is to issue an unique ID to each and every visiting person and keeping track of that ID, checking it in to (and possibly out of) the different venues. If an ID already is inside a venue then entry would be prohibited.
                                                                  There still is the possibility that a visitor gains entry with a copied barcode before the rightful ID owner. But in such a case the rightful owner could prove that he is the rightful owner of the ID by means of some type of receipt. You could then invalidate that ID in the computer, thus locking out the copied ID form further attendances.

                                                                  But is this worth the effort? What harm is done by a few unrightful visitors? The best security measure might be just to tell people there is a security measure to prevent fraud. "Please note that we will keep track of issued IDs and should we find that somebody has gained unrightful entry we will have our security guards take care of him until the police arrives" or similar might just do it... :-)






                                                                  share|improve this answer

















                                                                  • 3




                                                                    This creates a denial of service for the person who paid to enter the event if the illegitimate person enters first. While the receipt is a nice idea, it becomes a crucial part of their authorisation, which is what the ID is supposed to be
                                                                    – schroeder
                                                                    Nov 29 at 14:06

















                                                                  up vote
                                                                  0
                                                                  down vote













                                                                  I think you are too much focussed on copying the barcode. The correct way to do this is to issue an unique ID to each and every visiting person and keeping track of that ID, checking it in to (and possibly out of) the different venues. If an ID already is inside a venue then entry would be prohibited.
                                                                  There still is the possibility that a visitor gains entry with a copied barcode before the rightful ID owner. But in such a case the rightful owner could prove that he is the rightful owner of the ID by means of some type of receipt. You could then invalidate that ID in the computer, thus locking out the copied ID form further attendances.

                                                                  But is this worth the effort? What harm is done by a few unrightful visitors? The best security measure might be just to tell people there is a security measure to prevent fraud. "Please note that we will keep track of issued IDs and should we find that somebody has gained unrightful entry we will have our security guards take care of him until the police arrives" or similar might just do it... :-)






                                                                  share|improve this answer

















                                                                  • 3




                                                                    This creates a denial of service for the person who paid to enter the event if the illegitimate person enters first. While the receipt is a nice idea, it becomes a crucial part of their authorisation, which is what the ID is supposed to be
                                                                    – schroeder
                                                                    Nov 29 at 14:06















                                                                  up vote
                                                                  0
                                                                  down vote










                                                                  up vote
                                                                  0
                                                                  down vote









                                                                  I think you are too much focussed on copying the barcode. The correct way to do this is to issue an unique ID to each and every visiting person and keeping track of that ID, checking it in to (and possibly out of) the different venues. If an ID already is inside a venue then entry would be prohibited.
                                                                  There still is the possibility that a visitor gains entry with a copied barcode before the rightful ID owner. But in such a case the rightful owner could prove that he is the rightful owner of the ID by means of some type of receipt. You could then invalidate that ID in the computer, thus locking out the copied ID form further attendances.

                                                                  But is this worth the effort? What harm is done by a few unrightful visitors? The best security measure might be just to tell people there is a security measure to prevent fraud. "Please note that we will keep track of issued IDs and should we find that somebody has gained unrightful entry we will have our security guards take care of him until the police arrives" or similar might just do it... :-)






                                                                  share|improve this answer












                                                                  I think you are too much focussed on copying the barcode. The correct way to do this is to issue an unique ID to each and every visiting person and keeping track of that ID, checking it in to (and possibly out of) the different venues. If an ID already is inside a venue then entry would be prohibited.
                                                                  There still is the possibility that a visitor gains entry with a copied barcode before the rightful ID owner. But in such a case the rightful owner could prove that he is the rightful owner of the ID by means of some type of receipt. You could then invalidate that ID in the computer, thus locking out the copied ID form further attendances.

                                                                  But is this worth the effort? What harm is done by a few unrightful visitors? The best security measure might be just to tell people there is a security measure to prevent fraud. "Please note that we will keep track of issued IDs and should we find that somebody has gained unrightful entry we will have our security guards take care of him until the police arrives" or similar might just do it... :-)







                                                                  share|improve this answer












                                                                  share|improve this answer



                                                                  share|improve this answer










                                                                  answered Nov 29 at 12:33









                                                                  Roland Giersig

                                                                  1




                                                                  1








                                                                  • 3




                                                                    This creates a denial of service for the person who paid to enter the event if the illegitimate person enters first. While the receipt is a nice idea, it becomes a crucial part of their authorisation, which is what the ID is supposed to be
                                                                    – schroeder
                                                                    Nov 29 at 14:06
















                                                                  • 3




                                                                    This creates a denial of service for the person who paid to enter the event if the illegitimate person enters first. While the receipt is a nice idea, it becomes a crucial part of their authorisation, which is what the ID is supposed to be
                                                                    – schroeder
                                                                    Nov 29 at 14:06










                                                                  3




                                                                  3




                                                                  This creates a denial of service for the person who paid to enter the event if the illegitimate person enters first. While the receipt is a nice idea, it becomes a crucial part of their authorisation, which is what the ID is supposed to be
                                                                  – schroeder
                                                                  Nov 29 at 14:06






                                                                  This creates a denial of service for the person who paid to enter the event if the illegitimate person enters first. While the receipt is a nice idea, it becomes a crucial part of their authorisation, which is what the ID is supposed to be
                                                                  – schroeder
                                                                  Nov 29 at 14:06












                                                                  up vote
                                                                  0
                                                                  down vote













                                                                  If protecting the guard-supervised access points is enough, how about two-factor authentication on the cheap? Along with the ID card, hand out a plastic token, casino chip, rubber ducky or other trinket that cannot be obtained quickly by would-be gatecrashers.



                                                                  It should have a hole or other way to attach to the lanyard, otherwise you'll have people losing or "losing" it right and left.






                                                                  share|improve this answer

























                                                                    up vote
                                                                    0
                                                                    down vote













                                                                    If protecting the guard-supervised access points is enough, how about two-factor authentication on the cheap? Along with the ID card, hand out a plastic token, casino chip, rubber ducky or other trinket that cannot be obtained quickly by would-be gatecrashers.



                                                                    It should have a hole or other way to attach to the lanyard, otherwise you'll have people losing or "losing" it right and left.






                                                                    share|improve this answer























                                                                      up vote
                                                                      0
                                                                      down vote










                                                                      up vote
                                                                      0
                                                                      down vote









                                                                      If protecting the guard-supervised access points is enough, how about two-factor authentication on the cheap? Along with the ID card, hand out a plastic token, casino chip, rubber ducky or other trinket that cannot be obtained quickly by would-be gatecrashers.



                                                                      It should have a hole or other way to attach to the lanyard, otherwise you'll have people losing or "losing" it right and left.






                                                                      share|improve this answer












                                                                      If protecting the guard-supervised access points is enough, how about two-factor authentication on the cheap? Along with the ID card, hand out a plastic token, casino chip, rubber ducky or other trinket that cannot be obtained quickly by would-be gatecrashers.



                                                                      It should have a hole or other way to attach to the lanyard, otherwise you'll have people losing or "losing" it right and left.







                                                                      share|improve this answer












                                                                      share|improve this answer



                                                                      share|improve this answer










                                                                      answered Nov 30 at 13:29









                                                                      alexis

                                                                      32114




                                                                      32114






















                                                                          up vote
                                                                          0
                                                                          down vote













                                                                          It actually is not THAT easy to photograph without at least the wearer noticing it if the barcode is sufficiently small (think about the height of 8pt or 6pt lettering...)



                                                                          Let's assume we are talking handheld mobile phone cameras here, no high-end (dual lens) phones, clip-on teleconverters, professional/enthusiast grade cameras, optical zooms, RAW processing, or tripods involved. Someone affording all that bother can probably afford to pay your tickets.



                                                                          Let's assume a 12MP phone camera, yielding an effective resolution of 2000 pixels on the longest side of the photo. Not 4000, there will be either aliasing or antialising in your way once you try to faithfully reproduce structures smaller than 2 pixels.



                                                                          In many cases, you can again halve the effective resolution available for exact reproduction due to the image being automatically postprocessed by the phone firmware to correct for lens defects, especially in off-center parts of the image. Pixels get bumped off their raster to do that....



                                                                          Let's assume a standard phone camera lens, which will be a 24mm or 28mm equivalent wide angle with no optical zoom, so increasing magnification will not give you extra resolution.



                                                                          If your barcode would need 100 pixels resolution to work, that would mean someone would have to photograph it in a way that it fills 1/20th of the frame, and would have to do so without introducing perspective distortion, shake, other errors...



                                                                          A 1cm long tiny barcode would merely fill 1/100th of the frame width snapped with an 28mm equivalent lens from a distance of 1 meter.... or 1/50th if somebody came up to someone at half a meter distance, probably getting told off for encroaching.






                                                                          share|improve this answer

























                                                                            up vote
                                                                            0
                                                                            down vote













                                                                            It actually is not THAT easy to photograph without at least the wearer noticing it if the barcode is sufficiently small (think about the height of 8pt or 6pt lettering...)



                                                                            Let's assume we are talking handheld mobile phone cameras here, no high-end (dual lens) phones, clip-on teleconverters, professional/enthusiast grade cameras, optical zooms, RAW processing, or tripods involved. Someone affording all that bother can probably afford to pay your tickets.



                                                                            Let's assume a 12MP phone camera, yielding an effective resolution of 2000 pixels on the longest side of the photo. Not 4000, there will be either aliasing or antialising in your way once you try to faithfully reproduce structures smaller than 2 pixels.



                                                                            In many cases, you can again halve the effective resolution available for exact reproduction due to the image being automatically postprocessed by the phone firmware to correct for lens defects, especially in off-center parts of the image. Pixels get bumped off their raster to do that....



                                                                            Let's assume a standard phone camera lens, which will be a 24mm or 28mm equivalent wide angle with no optical zoom, so increasing magnification will not give you extra resolution.



                                                                            If your barcode would need 100 pixels resolution to work, that would mean someone would have to photograph it in a way that it fills 1/20th of the frame, and would have to do so without introducing perspective distortion, shake, other errors...



                                                                            A 1cm long tiny barcode would merely fill 1/100th of the frame width snapped with an 28mm equivalent lens from a distance of 1 meter.... or 1/50th if somebody came up to someone at half a meter distance, probably getting told off for encroaching.






                                                                            share|improve this answer























                                                                              up vote
                                                                              0
                                                                              down vote










                                                                              up vote
                                                                              0
                                                                              down vote









                                                                              It actually is not THAT easy to photograph without at least the wearer noticing it if the barcode is sufficiently small (think about the height of 8pt or 6pt lettering...)



                                                                              Let's assume we are talking handheld mobile phone cameras here, no high-end (dual lens) phones, clip-on teleconverters, professional/enthusiast grade cameras, optical zooms, RAW processing, or tripods involved. Someone affording all that bother can probably afford to pay your tickets.



                                                                              Let's assume a 12MP phone camera, yielding an effective resolution of 2000 pixels on the longest side of the photo. Not 4000, there will be either aliasing or antialising in your way once you try to faithfully reproduce structures smaller than 2 pixels.



                                                                              In many cases, you can again halve the effective resolution available for exact reproduction due to the image being automatically postprocessed by the phone firmware to correct for lens defects, especially in off-center parts of the image. Pixels get bumped off their raster to do that....



                                                                              Let's assume a standard phone camera lens, which will be a 24mm or 28mm equivalent wide angle with no optical zoom, so increasing magnification will not give you extra resolution.



                                                                              If your barcode would need 100 pixels resolution to work, that would mean someone would have to photograph it in a way that it fills 1/20th of the frame, and would have to do so without introducing perspective distortion, shake, other errors...



                                                                              A 1cm long tiny barcode would merely fill 1/100th of the frame width snapped with an 28mm equivalent lens from a distance of 1 meter.... or 1/50th if somebody came up to someone at half a meter distance, probably getting told off for encroaching.






                                                                              share|improve this answer












                                                                              It actually is not THAT easy to photograph without at least the wearer noticing it if the barcode is sufficiently small (think about the height of 8pt or 6pt lettering...)



                                                                              Let's assume we are talking handheld mobile phone cameras here, no high-end (dual lens) phones, clip-on teleconverters, professional/enthusiast grade cameras, optical zooms, RAW processing, or tripods involved. Someone affording all that bother can probably afford to pay your tickets.



                                                                              Let's assume a 12MP phone camera, yielding an effective resolution of 2000 pixels on the longest side of the photo. Not 4000, there will be either aliasing or antialising in your way once you try to faithfully reproduce structures smaller than 2 pixels.



                                                                              In many cases, you can again halve the effective resolution available for exact reproduction due to the image being automatically postprocessed by the phone firmware to correct for lens defects, especially in off-center parts of the image. Pixels get bumped off their raster to do that....



                                                                              Let's assume a standard phone camera lens, which will be a 24mm or 28mm equivalent wide angle with no optical zoom, so increasing magnification will not give you extra resolution.



                                                                              If your barcode would need 100 pixels resolution to work, that would mean someone would have to photograph it in a way that it fills 1/20th of the frame, and would have to do so without introducing perspective distortion, shake, other errors...



                                                                              A 1cm long tiny barcode would merely fill 1/100th of the frame width snapped with an 28mm equivalent lens from a distance of 1 meter.... or 1/50th if somebody came up to someone at half a meter distance, probably getting told off for encroaching.







                                                                              share|improve this answer












                                                                              share|improve this answer



                                                                              share|improve this answer










                                                                              answered Nov 30 at 21:18









                                                                              rackandboneman

                                                                              73137




                                                                              73137

















                                                                                  protected by schroeder Nov 29 at 15:13



                                                                                  Thank you for your interest in this question.
                                                                                  Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).



                                                                                  Would you like to answer one of these unanswered questions instead?



                                                                                  Popular posts from this blog

                                                                                  Berounka

                                                                                  Fiat S.p.A.

                                                                                  Type 'String' is not a subtype of type 'int' of 'index'