IETF Logo Mail Archive

Re: [81attendees] What is it at the bottom of restaurant receipts?

Richard Barnes <richard.barnes@gmail.com> Tue, 09 August 2011 19:11 UTC

Return-Path: <richard.barnes@gmail.com>
X-Original-To: 81attendees@ietfa.amsl.com
Delivered-To: 81attendees@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D03C21F8BA4 for <81attendees@ietfa.amsl.com>; Tue, 9 Aug 2011 12:11:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.377
X-Spam-Level:
X-Spam-Status: No, score=-102.377 tagged_above=-999 required=5 tests=[AWL=1.222, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0wBNQIVbDbMI for <81attendees@ietfa.amsl.com>; Tue, 9 Aug 2011 12:11:20 -0700 (PDT)
Received: from mail-ew0-f44.google.com (mail-ew0-f44.google.com [209.85.215.44]) by ietfa.amsl.com (Postfix) with ESMTP id F007C21F8BA2 for <81attendees@ietf.org>; Tue, 9 Aug 2011 12:11:19 -0700 (PDT)
Received: by ewy19 with SMTP id 19so208819ewy.31 for <81attendees@ietf.org>; Tue, 09 Aug 2011 12:11:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=x9eWgLrb7F83uDNHdCTET0d490fmzoU7Vg63owssHW4=; b=HnyiyoRRDCUK5yinP8xkn5QuR2udASAWXA5EIZJnd0Xb9q4SdDHaadgYa7TgWViCZA AsQDqXdpO1/2f88OcuyekngQ7oUjzt/fq+/SwNYia6fgZzUidsQl+TRRxuEo+wnToC7Z e/0nAsyveknZ4YKuPIdb5ciqUQ+yyN1cqXaj0=
MIME-Version: 1.0
Received: by 10.14.3.149 with SMTP id 21mr1999220eeh.233.1312917108814; Tue, 09 Aug 2011 12:11:48 -0700 (PDT)
Received: by 10.14.28.134 with HTTP; Tue, 9 Aug 2011 12:11:48 -0700 (PDT)
In-Reply-To: <alpine.BSF.2.00.1108091333400.781@joyce.lan>
References: <CD5674C3CD99574EBA7432465FC13C1B222B1F57D4@DC-US1MBEX4.global.avaya.com> <CD5674C3CD99574EBA7432465FC13C1B222B1F5801@DC-US1MBEX4.global.avaya.com> <9B3D0397-56CB-4270-9787-DCB67544D857@estacado.net> <alpine.BSF.2.00.1108091333400.781@joyce.lan>
Date: Tue, 09 Aug 2011 15:11:48 -0400
Message-ID: <CACB24MufX1Pb2PusTn1BquqMxiGUR_E7skz8rn_AiFAd6UBtOw@mail.gmail.com>
From: Richard Barnes <richard.barnes@gmail.com>
To: "John R. Levine" <johnl@iecc.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: "81attendees@ietf.org" <81attendees@ietf.org>
Subject: Re: [81attendees] What is it at the bottom of restaurant receipts?
X-BeenThere: 81attendees@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF 81 Attendee List <81attendees.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/81attendees>, <mailto:81attendees-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/81attendees>
List-Post: <mailto:81attendees@ietf.org>
List-Help: <mailto:81attendees-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/81attendees>, <mailto:81attendees-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2011 19:11:21 -0000

Not addressing the dingbats, but as far as the barcodes:

The barcodes are apparently in the ISO-standard PDF417 format:
<http://en.wikipedia.org/wiki/PDF417>

It appears you get meaningful data if you do the following:
1. Decode PDF417 as text
2. Base64-decode

Using that technique, I was able to match several fields from
different receipts:
-- MEV ID number (binary)
-- Transaction number ("FACTURE#"/"ADDITION#") (ASCII)
-- Table number (ASCII)
-- Server name (ASCII)
-- TPS amount (binary)
-- TVQ amount (binary)
-- Total amount (binary)

In all of the three cases I looked at, the first intelligible field
(the MEV ID) appears at position 0x40 in the binary.  This would be
consistent with the overall code having the form (digest, data), if
the digest were 512 bits long, say SHA512.  Chopping of the first 0x40
octets and hashing the remainder with SHA-512 did not give the right
hash values.   But then again, you wouldn't expect that if the hash
were an HMAC instead of just a digest; it would make a lot of sense
for the machine to compute the HMAC with a secret key that the tax
department knows.

FWIW,
--Richard



On Tue, Aug 9, 2011 at 1:35 PM, John R. Levine <johnl@iecc.com> wrote:
>> I asked a couple of waiters about them, and they had no idea what the
>> dingbats were for. That tells me that they don't use them for anything. They
>> use the barcodes for everything. That makes me wonder if the dingbats were
>> put there for restaurants that didn't invest in the bar-code system, as some
>> sort of alternative verification. Or maybe they're only used by auditors. Or
>> in expense reimbursement.
>
> I like the hash for audit theory.  It makes it harder to fake a receipt,
> which otherwise would be pretty easy if you're sending in scans of receipts,
> just load up gimp and cut and paste a few digits to adjust the amount.
>
> Regards,
> John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for
> Dummies",
> Please consider the environment before reading this e-mail. http://jl.ly
> _______________________________________________
> 81attendees mailing list
> 81attendees@ietf.org
> https://www.ietf.org/mailman/listinfo/81attendees
>

v2.23.0 | Report a Bug | By Email