QR-codes are known. A QR-code (Quick Response code, ISO/IEC 18004:2006), herein also called QR-tag, is a specific matrix barcode (or two-dimensional code), readable by camera phones equipped with a QR barcode reader. The QR-code comprises coloured modules (mostly black) arranged in a square pattern on a white background. The information encoded can comprise an URL.
Many QR-code reading applications are known, which can be executed on smart phones and by means of which the user can scan a QR-code and is automatically directed to the web page at the URL encoded in the QR-code. This avoids that the user has to key in the URL on his smart phone in order to access the service behind a web page. All information in the QR-codes is parsed to the web page, making it easy for someone to parse complex alphanumerical string (e.g. codes) to a service without entering them manually.
A Public Key Infrastructure (PKI) is a combination of hardware and software used to issue and verify digital certificates, in particular public and private key pairs, for the purposes of security or authentication, for example to encrypt information or to authenticate users. PKI generally comprises a certification authority (CA) which generates PKI public and private key pairs to users, a registration authority (RA) where the users can register their PKI public and private key pairs and a validation authority (VA) which validates PKI public and private key pairs.
As PKI public and private keys can be relatively long strings of characters, it is not easy for users to enter these keys on their smart phone. When these keys are stored on the device, they can be misused when the smart phone is stolen, or information is copied from. As a result, PKI security solutions are nowadays not suitable for use on communication devices like smart phones.
In the paper ‘Dynamic 2D-barcodes for multi-device web session migration including mobile phones’ (A. Alapetite, Personal and Ubiquitous computing, vol. 14, no. 1, April 2009, pp. 45-52) 2D barcodes or QR-codes are used to store sessions information in order to handover sessions from a web browser on one terminal to a web browser on another terminal.
In JP2008/048135 a two-dimensional code is used to transfer the results of an encryption of an (access) address with a private key to a terminal that can read and decode the two-dimensional code. Next that retrieved address is decrypted with the public key and can give access to that decrypted address.
Application JP2008/090512 discloses a two-dimensional code used to transfer information (an URL and a password) from a content display to a smart phone, sending that information to a content distribution system. That system calculates the correlation between URL and password and decides if the smart phone should receive (additional) information about the (items) in the content display associated with the two-dimensional code.