QR applications in China monopolized by foreign standards: information security problems occur frequently-QR codes, standards-IT information

Not long ago, a forgery case drew widespread attention for Shanghai Disneyland tickets. Disneyland provides technical and management services to the employees of a company, exploit technical vulnerabilities to steal QR ticket Disneyland tickets more than 2,600 employees and make selling fake tickets for more than 1700 employees, acquisition of illegal interests more than 490,000 yuan, more than 800,000 yuan loss to Shanghai Disneyland. Reporters learned from paper to Internet applications to industrial, Government and other fields, QR codes are widely used in convenience at the same time, is also accompanied by a huge security risk. Experts said the key to solving this problem lies in promoting independent standard, with their own "lock" in order to keep their "men".

QR code information security problems

Zhang is a senior who lives in Yubei District of Chongqing "Taobao", but she accidentally fell into the net a few days ago bought a trap. She works in a shop to buy clothes in the process, the owner had induced her to sweep a QR code, after you are asked to enter a social security number and bank card number, the owner asked for a phone verification code, leading to thousands of Yuan in cash in the bank cards were stolen.

Reporters learn, shop sellers sent Zhang two-dimensional codes, link is a phishing site behind, seemingly simple black squares, hidden is a variety of network virus. Lawless elements to induce people to scan codes to steal personal information, crazy "gold".

Recently in Guangzhou, Huizhou, Shenzhen, Xining, Qinghai, Shandong Qingdao are the criminals under the guise of traffic police, posing as police legal instruments to obtain property by deception. Cars were posted on the "ticket", the printing two-dimensional code fast toll lanes. After you scan the QR code, enter the payment transfer page, induced the owner transfers pay a "penalty".

Industry experts told reporters that the QR is an interdisciplinary, cross-domain, cross-industry application of information technology tools, with the national network and information security, economic security, public security and people's lives, but as the information security vulnerabilities pose a great risk to the safety of people and property, and related control but can't keep up with the pace.

"The key is currently abroad we make extensive use of QR code technology, the open market application mode leads to all kinds of security problems and difficult to control. "QR code, China industry Union implementing the Secretary-General Zhang Yeping said.

Foreign standard monopoly QR application market is out of control

According to introduced, currently China widely application of is Japan Denso company 1994 development of fast response code (QR code), due to at domestic no independent intellectual property of II dimension code technology, 2000 QR code became China national standards, and widely application Yu Chief system, and intelligent manufacturing, and financial paid, and e-commerce, and news media, field, and network information security, and economic run environment, and social public security and the people daily is closely related to.

"Currently domestic of II dimension code market almost all was QR code occupy, but QR code patent both no in domestic application, also no gave up patent; 2015 QR code issued has new of technology standard and began charged patent costs, but domestic market still in free using 2000 years of technology standard, at any time may produced serious of intellectual property risk, even may directly effect to economic social run security. "Zhang Yeping said.

Zhang Yeping said that in order to achieve the objective market monopoly, QR code to take the so-called free market policy, generating a QR application is out of control and order. Anyone can download the QR code is generated and resolved through the network, and through the front of the phone for real-time decoding, but no background for analytical identification and monitoring of the contents at the front desk, a problem often liability could not be locked. "From malicious advertising to financial fraud, including politically sensitive words, political advocacy, and notice of unlawful assembly, rumours, etc, can be accessed through QR codes in computer networks and move quickly and widely disseminated on the Internet. ”

Broken siege key to promote national standards

It is reported that at present, China has 5 QR national standards, except Japan QR codes, United States PDF417 barcode, and independent research and development of Chinese domestic enterprises codes, grid matrix code (GM code), the close code (CM) from three Chinese-made standard. Because QR codes to promote an earlier, the scope of application is the most widely used, but special reading tools for QR-code, label generation equipment such as core technology and production capacity are in Japan enterprises.

In addition, the United States of PDF417 barcode is in the early 1990 of the 20th century by the United States Symbol companies invented an open technical standards, in a number of countries are widely used in identification, document management, logistics and transport and defense and other fields, Chinese aircraft boarding pass QR QR code, parts express documents using the PDF417 code.

"Especially in Japan enterprises in China to promote QR code standard, have got the monopoly on hardware devices. "China electronics Standardization Institute of technology said Wang lijian, Director at the Ministry, only with independent intellectual property rights the two dimensional code core technologies and corresponding information systems based on the Chinese standard, information can be" root "set up in China, so as to protect national security while avoiding patent risks of foreign standards.

"In fact China's independent research and development of Chinese-letter code, GM codes, CM code standard and technical capabilities are not lower than the international standard, fully equipped to replace QR codes and PDF417 codes matching the technological standard and industrial capacity. "Director Xu Shuncheng QR China industry Union, said, Chinese-made standard delays due to lack of policy support and drive effective use, which greatly restricted the development of China's own QR code.

In recent years, as the country's Internet, Smart City system construction, industrial Department of the State began gradually takes the QR code standard of construction work, but in standards implementation and applications, lack of policy measures and promote efforts to present two-dimensional codes information security problems and a lack of effective regulatory guidance and coordination mechanisms.

"This needs at the national level to strengthen top-level design and specification, realization of QR code technology, control, security, promote the healthy development of the industry. "Zhang Yeping said.

中国二维码应用被国外标准垄断：信息安全问题频频发生 - 二维码,标准 - IT资讯

不久前，一则伪造上海迪士尼乐园门票的案例引发广泛关注。为迪士尼乐园提供票务技术和管理服务的某公司员工，利用技术漏洞盗取迪士尼乐园门票二维码票号2600余张并制作贩卖假票1700余张，获取非法利益49万余元，给上海迪士尼造成80多万元损失。记者采访了解到，从各种票据到互联网应用再到工业、政务等领域，二维码的广泛应用在带来便利的同时，也伴随着巨大的信息安全风险。专家表示，解决这一问题的关键，在于推广自主标准，用自家的“锁”才能守住自家的“门”。

二维码信息安全问题频发

家住重庆渝北区的张女士是位资深的“淘宝族”，但几天前她不小心也掉进了网购陷阱。她在一家网店购买衣物的过程中，店主诱导她扫了一个二维码，在被要求输入身份证号和银行卡号后，店主又索取了手机验证码，导致银行卡内数千元现金被盗走。

记者采访了解到，网店卖家发给张女士的二维码，背后链接的是一个钓鱼网站，看似简单的黑白格子之中，隐藏的是各种网络病毒。不法分子以此诱导人们扫码盗取个人信息，疯狂“吸金”。

日前在广州惠州、深圳，青海西宁，山东青岛等多地都出现了不法分子打着交警执法的幌子，冒充交警法律文书来行骗。车上被贴的“罚单”上，印有二维码快速缴费通道。扫描二维码后，会进入支付转账页面，诱导车主转账缴纳“违章罚款”。

业内专家告诉记者，二维码是一个跨学科、跨领域、跨行业的信息化应用工具，与国家网络信息安全、经济运行安全、公共安全和百姓生活息息相关，但随之而来的信息安全漏洞也给人们的财产安全带来巨大风险，而相关管控却迟迟跟不上步伐。

“问题的关键在于目前我们大量运用的是国外的二维码技术，其开放式的市场应用模式导致了各种安全问题频发且难以有效监控。”中国二维码产业联盟执行秘书长张也平说。

国外标准垄断二维码市场应用失控

据介绍，目前中国广泛应用的是日本Denso公司1994年研制的快速响应码（QR码），由于当时国内没有自主知识产权的二维码技术，2000年QR码成为中国国家标准，并广泛应用于政务系统、智能制造、金融支付、电子商务、新闻传媒等领域，与网络信息安全、经济运行环境、社会公共安全及人民群众日常生活息息相关。

“目前国内的二维码市场几乎全部被QR码占据，但QR码专利既没有在国内申请，也没有放弃专利权；2015年QR码颁布了新的技术标准并开始收取专利费用，但国内市场仍在免费使用2000年的技术标准，随时可能产生严重的知识产权风险，甚至可能直接影响到经济社会运行安全。”张也平说。

张也平表示，为了达到市场垄断目的，QR码采取了所谓的全市场免费开放策略，导致中国二维码应用基本处于失控和无序状态。任何人都可以通过网络下载生成和解析二维码，并通过前台的手机进行实时解码，但没有后台对前台解析的内容进行识别和监控，出了问题往往无法锁定责任主体。“从恶意广告到金融诈骗，甚至包括敏感政治词汇、政治宣传，以及非法集会通知、谣言等，都能通过二维码在计算机网络和移动互联网快速、广泛传播。”

破解困局关键在于推广国标

据悉，目前中国共有5项二维码国家标准，除了日本QR码、美国PDF417码，还有国内企业自主研发的汉信码、网格矩阵码（GM码）、紧密矩阵码（CM码）三项中国国产标准。由于QR码推广较早，应用范围也最为广泛，但QR码专用识读机具、标签生成设备等核心技术和生产能力都掌握在日本企业手中。

此外，美国PDF417码是20世纪90年代初由美国Symbol公司发明的一种公开的技术标准，在多个国家广泛应用于身份识别、证件管理、物流运输乃至国防等领域，中国飞机登机牌二维码、部分快递单据二维码等都使用的是PDF417码。

“特别是日本企业在中国大力推广QR码标准，已经获得了硬件设备的垄断地位。”工信部中国电子技术标准化研究院技术总监王立建说，只有以自主知识产权二维码核心技术和相应的中国标准为基础的信息系统，才能将信息的“根”建立在中国，从而在保障国家信息安全的同时避免国外标准带来的专利风险。

“实际上中国自主研发的汉信码、GM码、CM码的标准能力、技术水平等都不低于国外标准，完全具备替换QR码和PDF417码的技术标准能力和产业配套能力。”中国二维码产业联盟理事长徐顺成说，中国国产标准因缺乏政策扶持和驱动而迟迟不能有效使用，这极大制约了中国自主二维码产业的发展。

近几年随着国家物联网、智慧城市等应用系统的建设兴起，国家产业部门开始逐步重视二维码标准的建设工作，但在标准化的落实和应用方面，缺乏政策层面的措施和推动力度，对于目前出现的二维码信息安全问题也缺乏有效的监管指导和协调机制。

“这就需要国家层面加强顶层设计和应用规范，实现二维码技术自主、可控、安全，促进产业健康发展。”张也平说。