Skip links

How Apple could have avoided fraud in iTunes with our Secure Code Generator

Now everybody has heard about the Chinese hackers who cracked the codes used for the iTunes Store vouchers. Using key-generators they have created millions of voucher codes and they are now selling $200 vouchers for as little as $2.60 online.

Following a report on the blog of Chinese music industry consultancy Outdustry.

It occurred to us that this is one of the main reasons many different companies approach us for advice.

Our secure code generator software is used by many large companies, throughout the world, such as British American Tobacco. It has been used in  a wide range of  applications such as database marketing, phone card pin generating and scratch card games.  It allows you to minimise the liability and exposure your company faces with problems associated in secure code generation,  and most importantly reducing your costs.

Generating secure codes creates a huge wealth of problems that many companies don’t realise,  it is a complex conundrum.

In most cases developers decide, knowing time is constrained, that using a standard pseudo random generator that is included in a standard library is the way to go.

This may work for Monte Carlo Simulations but when money is involved it is not the correct way to solve the problem.

A straightforward solution is to use a strong pseudo random generator or… a real random source.  This is a convenient way but it is necessary to store all the numbers generated and then verify each one to see if they are duplicates of a previously generated number.

The most desirable solution is to have a function f(<index>) and to change the index so it generates non-repeatable pseudo random numbers.  It would be even more desirable to customize the function with a secret key <key> so that you can change the function easily.

For business campaigns it would be better to add some configuration so that you can customise the alphabet and the length of the codes used.  With this solution you only need to remember the key and the upmost index to check if the codes were indeed generated by you.

Remember that the chance of guessing a correct code depends of the number of codes generated, the length of the code and the alphabet used by the code.

Function f must not just be any function, it must also obied by some strong security properties.

This is exactly what we deliver with our secure code generator software. A very simple library to generate custom codes in the most popular programming languages and different operating systems.

It’s time for Apple and other companies to take coupon, codes and  pin generation seriously otherwise i suspect we shall see similar stories of people hacking vouchers in the future.

You can use Secure Code Generator in many applications…

  • M-Coupons for consumer focused marketing campaigns.
  • E-Coupons for product discounts.
  • Event tickets with verifiable security.
  • Authentication codes for service/prepaid cards.
  • Special businesses offerings.
  • PIN & TAN (Transaction Authentication Number) generation.
  • Obfuscation of internal codes.
  • Mobile Phone 1D & 2D Barcodes campaigns.
  • E-banking token authentication.
  • Firmware for devices like Digipass®.

Secure Code Generator is also indispensable for scratchcard (e.g: a scratch off, scratch ticket, scratcher, scratchie, scratch-it, scratch game, scratch-and-win or instant game) games.

Secure Code Generator also provides these essential features.

  • Non-predictable and Non-deducible codes.
  • Codes with variable lengths.
  • Numeric & Alphanumeric code generation.
  • Codes can be verified in real time without requiring the massive storage of generated data.
  • Secure Code Generator can be integrated with almost all programming languages (i.e. C/C++, .NET, Java, PHP, Python, Ruby & Perl).

More information about our secure code generator is available at:

This website uses cookies to improve your web experience.