Generally speaking there are many Smartphone and mobile device applications that require the ability to scan a barcode. In order for a developer to add barcode scanning capability to their application, developers quite frequently rely on a third party software development kit (SDK). The SDK must be integrated into their application. This only gives the user access to barcode scanning from within that particular application. If a user wants a universal method of scanning barcodes for data entry across all their applications, even for applications written by a third party, the solution is more complicated.
Sometimes a keyboard wedge style application is used to facilitate universal scanning in any application by keeping a background service running that responds to a particular key press. When the service detects this key press, it brings up the barcode scanner and inserts the resultant scan data into the keyboard buffer so that it is inserted at the cursor as text in whichever application has focus at the moment.
A keyboard wedge can be either a software program or an inserted hardware device that translates digital signals from a barcode reader or magnetic strip reader into keyboard strokes for a computer, smartphone, or mobile device. The software form of a keyboard wedge intercepts the digital signals from the reader when they arrive at the computer and instantly translates them into keyboard strokes. Data sent through a wedge appears as if it was typed into the device, while the keyboard itself remains fully functional. Because an application running on a computer or a mobile device using a keyboard wedge cannot tell the difference between data that is entered by a scanning device or data that is entered by keyboard typing, a wedge can be used to easily add barcode reading capability to an existing device without modifying software applications.
Today, many Smartphone operating systems allow you to create custom software keyboards (software input panels) which are sometimes used to add a barcode scanning button and associated scan wedge functionality. When the custom keyboard is loaded, if the user wants to enter barcode data into a text field they simply open the software keyboard, hit the scanner button, scan the barcode and the result is placed in the text field that has focus.
Each of these types of keyboard wedges or scan wedge applications do not care what fields they enter data into, assuming they are editable. The applications cannot discriminate which fields scan wedge data is allowed in. This is because the application cannot differentiate between scan wedge data and actual keyboard data. This can be a security risk as barcode data could contain malicious code injection attacks (e.g. SQL Injection) disguised as valid data, which could seriously compromise application data.
SQL Injection is a code injection technique, where malicious software is used to attack data-driven applications. Typically statements are inserted into an entry field for execution, for example to dump the database contents of a running application to the malicious attacker. SQL injection attacks are considered one of the top vulnerabilities on the internet.
Therefore, a need exists for system to scan barcodes into applications running on smartphones or mobile devices with the functionality and flexibility of a scan wedge while regulating the data the running application is exposed to from a barcode scan.