The application of two-dimensional code in China has been a frequent problem of foreign standard monopoly information security

不久前,一则伪造上海迪士尼乐园门票的案例引发广泛关注。为迪士尼乐园提供票务技术和管理服务的某公司员工,利用技术漏洞盗取迪士尼乐园门票二维码票号2600余张并制作贩卖假票1700余张,获取非法利益49万余元,给上海迪士尼造成80多万元损失。
记者采访了解到,从各种票据到互联网应用再到工业、政务等领域,二维码的广泛应用在带来便利的同时,也伴随着巨大的信息安全风险。专家表示,解决这一问题的关键,在于推广自主标准,用自家的“锁”才能守住自家的“门”。
二维码信息安全问题频发
家住重庆渝北区的张女士是位资深的“淘宝族”,但几天前她不小心也掉进了网购陷阱。她在一家网店购买衣物的过程中,店主诱导她扫了一个二维码,在被要求输入身份证号和银行卡号后,店主又索取了手机验证码,导致银行卡内数千元现金被盗走。
记者采访了解到,网店卖家发给张女士的二维码,背后链接的是一个钓鱼网站,看似简单的黑白格子之中,隐藏的是各种网络病毒。不法分子以此诱导人们扫码盗取个人信息,疯狂“吸金”。
日前在广州惠州、深圳,青海西宁,山东青岛等多地都出现了不法分子打着交警执法的幌子,冒充交警法律文书来行骗。车上被贴的“罚单”上,印有二维码快速缴费通道。扫描二维码后,会进入支付转账页面,诱导车主转账缴纳“违章罚款”。
业内专家告诉记者,二维码是一个跨学科、跨领域、跨行业的信息化应用工具,与国家网络信息安全、经济运行安全、公共安全和百姓生活息息相关,但随之而来的信息安全漏洞也给人们的财产安全带来巨大风险,而相关管控却迟迟跟不上步伐。
“问题的关键在于目前我们大量运用的是国外的二维码技术,其开放式的市场应用模式导致了各种安全问题频发且难以有效监控。”中国二维码产业联盟执行秘书长张也平说。
国外标准垄断二维码市场应用失控
据介绍,目前我国广泛应用的是日本Denso公司1994年研制的快速响应码(QR码),由于当时国内没有自主知识产权的二维码技术,2000
信诺瑞得慧敏应用交付网关 获最值得推荐产品奖
众日常生活息息相关。
“目前国内的二维码市场几乎全部被QR码占据,但QR码专利既没有在国内申请,也没有放弃专利权;2015年QR码颁布了新的技术标准并开始收
取专利费用,但国内市场仍在免费使用2000年的技术标准,随时可能产生严重的知识产权风险,甚至可能直接影响到经济社会运行安全。”张也平说。
张也平表示,为了达到市场垄断目的,QR码采取了所谓的全市场免费开放策略,导致我国二维码应用基本处于失控和无序状态。任何人都可以通过网络
骗,甚至包括敏感政治词汇、政治宣传,以及非法集会通知、谣言等,都能通过二维码在计算机网络和移动互联网快速、广泛传播。”
破解困局关键在于推广国标
据悉,目前我国共有5项二维码国家标准,除了日本QR码、美国PDF417码,还有国内企业自主研发的汉信码、网格矩阵码(GM码)、紧密矩阵
码(CM码)三项国产标准。由于QR码推广较早,应用范围也最为广泛,但QR码专用识读机具、标签生成设备等核心技术和生产能力都掌握在日本企业手中。
此外,美国PDF417码是20世纪90年代初由美国Symbol公司发明的一种公开的技术标准,在多个国家广泛应用于身份识别、证件管理、物流运输乃至国防等领域,我国飞机登机牌二维码、部分快递单据二维码等都使用的是PDF417码。
“特别是日本企业在我国大力推广QR码标准,已经获得了硬件设备的垄断地位。”工信部中国电子技术标准化研究院技术总监王立建说,只有以自主知
险。
“实际上我国自主研发的汉信码、GM码、CM码的标准能力、技术水平等都不低于国外标准,完全具备替换QR码和PDF417码的技术标准能力和
产业配套能力。”中国二维码产业联盟理事长徐顺成说,国产标准因缺乏政策扶持和驱动而迟迟不能有效使用,这极大制约了我国自主二维码产业的发展。
近几年随着国家物联网、智慧城市等应用系统的建设兴起,国家产业部门开始逐步重视二维码标准的建设工作,但在标准化的落实和应用方面,缺乏政策层面的措施和推动力度,对于目前出现的二维码信息安全问题也缺乏有效的监管指导和协调机制。
“这就需要国家层面加强顶层设计和应用规范,实现二维码技术自主、可控、安全,促进产业健康发展。”张也平说。
资料收集于网络 版权归原作者所有
公司资质
ISO9001质量管理体系认证证书
国家中小企业公共示范平台
昆明市推荐信息化企业资质证书
昆明市高新技术企业协会副理事长单位
软件企业认定证书
中国版权协会理事单位
云南省认定企业技术中心
职业技能培训项目考试站
公司荣誉
云南大学软件学院实习实训基地
云南科技信息职业学院实习实训基地
黄冈师范学院实习实训基地
昆明理工大学津桥学院实习实训基地
深圳信息职业技术学院实习实训基地
四川信息职业技术学院实习实训基地
玉林师范学院实习实训基地
2007年3月开始组建云南省Linux公共服务技术支持中心(YNLC)。
2009年2月SPGnux办公桌面系统通过云南省科技厅科技成果鉴定。
2010年11月公司通过高新技术企业认定,双软认定
2011年9月公司被评定为昆明市中小企业服务体系服务示范单位
2011年公司被认定为云南省成长型中小企业。
思普SPGnux操作系统被国家科技部、国家环保部、国家商务部、国家质监部局评为国家重点新产品。
SPGnux国产操作系统工程师培训项目被中华人民共和国人力资源社会保障部、中国就业培训技术指导中心作为国家CETTIC职业培训项目
思普SPGnux操作系统被云南省科技厅评为云南省重点新产品。
思普SPGnux办公桌面系统获昆明市科学技术进步二等奖。
云南思普投资有限公司被国家工信部认定为国家中小企业公共服务示范平台
云南思普投资有限公司被云南省工信委认定为云南省中小企业公共服务示范平台。
云南思普投资有限公司荣获“2014年中国版权最具影响力企业”。
2014年11月被云南省工业和信息化委员会评为省级企业技术中心。
2015年7月张龙董事长作为特邀嘉宾参加CCTV《创响人生》栏目,讲述操作系统开发的艰难历程。
2015年8月我公司张龙董事长进入全国信息安全标准化技术委员会委员名单。
2015年12月26日思普桌面操作系统在云南省留学人员创新创业园第二届年会(昆明高新峰会)上被评为“优秀创新成果”
2016年4月我公司被云南省政府列入云南省重点企业。
截止2016年4月我公司一共取得27项计算机软件著作权登记证书。
该文章作者已设置需关注才可以留言
微信扫一扫关注该公众号
Not long ago, a case of fake Shanghai Disney park tickets caused widespread concern. Provide ticketing technology and management services for the Disney Park employees of a company, the use of technical loopholes to steal Disney park tickets ticket more than 2600 pieces of two-dimensional code and making fake tickets selling more than 1700 copies, to obtain illegal profits more than 49 yuan, resulting in loss of about 800000 yuan to Shanghai Disney.
Reporters learned that, from a variety of bills to the Internet application to the industry, government and other fields, the wide application of two-dimensional code to bring convenience, but also accompanied by a huge risk of information security. Experts said that the key to solve this problem is to promote independent standards, with their own lock to keep their doors.
Two dimensional code information security problems
信息安全宣传手册可以用朗朗上口的语句,配以形象生动的漫画,深入浅出地告诉用户什么是信息安全,信息安全认识误区,严禁的信息安全行为等等。
Ms. Zhang, who lives in Chongqing, Yubei District is a senior Taobao, but a few days ago she accidentally fell into the trap of online shopping. She buy clothes in a shop, the shopkeeper induced her to sweep a two-dimensional code, when asked to enter the ID number and bank card number, the shopkeeper for mobile phone verification code, leading bank card stolen thousands of dollars in cash.
Reporters learned that the shop owner issued a two-dimensional code to Ms. Zhang, behind the link is a phishing site, seemingly simple black and white lattice, hidden in a variety of network viruses. Criminals in order to induce people to scan code to steal personal information, crazy suction gold.
The Guangzhou Huizhou, Shenzhen, Qinghai, Xining, Shandong, Qingdao and other places have appeared criminals under the guise of the name of the enforcement of traffic police, police posing as legal documents to defraud. The car was posted on the ticket, printed with two-dimensional code fast payment channel. After scanning the two-dimensional code, will enter the payment page, the transfer of the owner to pay the transfer of fines.
Industry experts told reporters that the two-dimensional code is an information tool interdisciplinary and cross industry, with the national network and information security, economic operation and public safety and people’s lives, but also the information security vulnerability to people’s property safety brought great risks, and related control has been difficult to keep up the pace of.
The key problem is that we are currently using a large number of foreign two-dimensional code technology, and its open market application model has led to a variety of security issues and difficult to monitor the frequent. Executive Secretary General of China’s two-dimensional code industry alliance Zhang Yeping said.

调研报告称中国企业信息安全事件平均数量飙升

Out of control of the application of foreign standard monopoly two-dimensional code
According to reports, at present our country is widely used in Japan Denso company in 1994 developed a fast response code (QR code), because at that time there is no independent intellectual property rights of the two-dimensional code technology, 2000
Daily life is closely related.
At present, the domestic two-dimensional code market is almost all occupied by the QR code, but the QR code is not in the domestic patent applications, did not give up the patent right; in 2015 QR code issued a new technical standards and began to close
Take patent fees, but the domestic market is still free to use the technical standards in 2000, at any time may have serious intellectual property risks, and may even have a direct impact on the economic and social security. Zhang Yeping said.
Zhang Yeping said that in order to achieve the purpose of market monopoly, QR code to take the so-called free market wide open strategy, resulting in the application of two-dimensional code in our country is basically out of control and disorder. Anyone can go through the Internet
Cheat, even including sensitive political vocabulary, political propaganda, as well as illegal gatherings, rumors, etc., can be quickly and widely spread through the two-dimensional code in computer networks and mobile internet.
Key to solve the problem lies in the promotion of national standard
It is reported that currently there are 5 national standard two-dimensional code, in addition to the Japanese American QR code, PDF417 code, as well as domestic independent research and development enterprise hanxinma, grid matrix code (GM code), tight matrix
Code (CM code) three domestic standards. Because the QR code promotion earlier, scope of application and the most widely used, but the QR code reading equipment, special equipment and other core label generation technology and production capacity rests in the hands of Japanese companies.
In addition, the PDF417 code is an open technical standard at the beginning of 1990s by the American Symbol company invented, in many countries is widely applied in the field of identity recognition, document management, logistics transportation and national defense, China’s aircraft boarding pass, two-dimensional code, two-dimensional code is part of the delivery of documents using PDF417 code.
In particular, the Japanese companies in China to promote QR code standards, has been the monopoly of hardware devices. Ministry of industry, China Institute of Electronic Technology Standardization Technical Director Wang Lijian said, only to know
Insurance.
In fact, China’s independent research and development of the Chinese code, GM code, CM code standard ability, technical level and so on are not less than foreign standards, completely replace the QR code and PDF417 code and the technical standards
Industrial supporting capacity. Xu Shuncheng, chairman of China’s two-dimensional code industry alliance, said domestic standards due to lack of policy support and drive and can not be effectively used, which greatly restricts the development of China’s independent two-dimensional code industry.

The rise of the application system construction in recent years, with the state of things, such as the wisdom of the city, the national industry standard two-dimensional code gradually began to pay attention to the construction work, but in the implementation and application of standardization, lack of policy measures and efforts to promote, and the lack of effective supervision and guidance and coordination mechanism for the two-dimensional code information security problems at present.
This requires the national level to strengthen top-level design and application specifications, two-dimensional code technology to achieve autonomy, control, security, and promote the healthy development of the industry. Zhang Yeping said.
Data collected in the network copyright belongs to the original author
Company qualification
ISO9001 quality management system certification
National public demonstration platform for SMEs
Kunming recommended information enterprise qualification certificate
Vice chairman of Kunming Association of high tech Enterprises
Software enterprise certification
China Copyright Association
Yunnan provincial enterprise technology center
Vocational skills training project examination station
Company honor
Practice and training base of Software College of Yunnan University
Yunnan science and technology information Career Academy internship base
Huanggang Normal University training base
Practice and training base of Kunming University of Science and Technology
Shenzhen Institute of Information Technology training base
Sichuan Information Technology College training base
Yulin Normal University training base
In March 2007, he set up the Linux public service technical support center (YNLC) in Yunnan province.
February 2009 SPGnux office desktop system by the Yunnan provincial science and technology achievements.
In November 2010 the company identified by high-tech enterprises, soft
In September 2011, the company was evaluated as the demonstration unit of Kunming SME Service System

文思海辉:全球企业信息安全形势严峻 需变被动为主动

In 2011 the company was identified as the growth of small and medium enterprises in Yunnan.
China SPGnux operating system by the State Ministry of science and technology, Ministry of environmental protection, Ministry of Commerce, the National Quality Supervision Bureau as the national key new product.
SPGnux domestic operating system engineer training program by the People’s Republic of China Ministry of human resources and social security, China employment training technical guidance center as a national CETTIC vocational training program

存储有重要数据的电脑设备丢失了,往往人们过度关注设备本身的价值,其实,对于电脑的主人,数据要较设备更有价值,数据的不当外漏可能会给自己带来严重的灾难。

猜您喜欢

金融保险行业信息安全意识视频培训
电子邮件安全意识仍然很重要
拓展海外,文化上的沟通和融合需从这里开始:
学霸坐寝室讲课走红 被一群男生仰视 学霸在手天下我有!
FATIHHAYRIOGLU CLICKNEWZ
电子商务行业的安全意识教育