Here's how E-pass forgery can be stopped
QR Code based E-Pass for Suburban Travel in Mumbai?
The COVID-19 outbreak is rewriting travel documentation like never before. The Maharashtra state government in India has made QR code based E-pass mandatory for all essential category staff to be able to travel by local trains in Mumbai. Consequently, an electronic QR based E-pass along with a valid railway ticket is required to travel in the local suburban services from July 30. The purpose of such ‘validation’ systems is to ensure that nobody barring essential service workers travels in local trains.
Such E-passes are increasingly becoming de facto for travel. QR codes check all the boxes in terms of ease of implementation, affordability and readability. However, if not appropriately implemented, it may fail a critical test— the test of security or in other words tampering and forging.
Fake E-passes are becoming the norm - secure QR code is the key to avoid this .
With most countries adopting E-passes and mostly using QR codes, fake QR code based E-passes are mushrooming all over the world. This makes a mockery of authentication and derails the entire objective.
In one of our earlier posts - Kenya used this nifty technology to move essential goods during COVID-19; we had shared how Kenya implemented a secure QR code based solution that helped them contain the spread of the disease. Now with Mumbai suburban railway, the use of QR code based travel may become the norm elsewhere too. Secure QR code based pass is the most effective, efficient and quickest way to implement authenticated travel.
Why Secure QR ?
As the name suggests, Secure QR code provides more security than a standard QR code. The ubiquity of QR codes that makes it a compelling solution is also the source of its weakness as far as security is concerned. Secure QR code overcomes this by building high-level military-grade security in the code at the time of creation, yet makes it easy for third-party validators to verify the code/information contained therein. That makes it extremely powerful against imposters and fraudsters who may otherwise use the ubiquitous methods to generate a ‘generic QR code.’ The ability to validate the code with a simple app and have that trustworthiness is a big positive factor for adopting this technology.
How is secure QR code technology different?
Security technology adopts all the advantages of QR code and yet ensures that the code and the document can be verified. This is done by generating a QR code digitally signed with a unique private key for each issuer, and the code can be read by the corresponding public key which is made part of an app or a web validation mechanism. This allows the generator or issuer to control the issuance of the document, while allowing any third party to read the QR code using the appropriate validator app. So a secure QR code issued by the Mumbai authorities can be read by the verifiers as required and no one will be able to tamper or forge the same.
A secure QR code embedded in a ticket / physical pass or an E-pass is an incredible way of quickly, efficiently, and effectively curbing this menace.
Here is an example of the use case - secure QR code for essential services pass in Kenya.
Sample KNCCI Covid-19 pass
Sample Covid-19 pass - Validation result
As you would observe, Secure QR codes
Do not have any URL embedded, and this prevents any phishing or data leakage.
It is digitally signed with the organization’s private key and read by the corresponding public key. Uses PKI.
The unique multi-stage pipeline compression algorithm helps the rich code be printed on a small area.
You can maintain extreme privacy, and only QR + Algorithm + Public key provides access to data.
There is no need to expose sensitive internal databases for verification.
So the next time you think QR codes for business, think secure QR codes
You may also like