EQSL.CC COMPUTER-TO-COMPUTER QSO VERIFICATION SYSTEM 17 October 2008 Any questions or problems may be directed to Dave Morris, N5UP, Dave@eqsl.cc SYNOPSIS When QSL cards are presented to an award-granting or contest organization, it is assumed that they are valid, legal cards, issued by a licensed amateur radio operator, and that they confirm an actual QSO between the issuing ham and the recipient of the card. While hams are typically law-abiding people whose self-policing discipline is legendary, there is still the possibility that some may become overwhelmed by the desire to obtain a particular award or to win a contest, and that it may induce them to create "fake" cards. In the past, it would have been difficult to create fake cards, because one would have to have the services of a multi-color press available. However, since the mid 1990's, color inkjet and laser printers have become cheap enough for every amateur to own one, and these are now capable of producing the type of print quality to fool even the most experienced QSL checker. The eQSL.cc system was designed to be MORE secure than traditional, pre-printed QSL cards. It stores each ham's QSOs in an online logbook. From this logbook, eQSL cards may be displayed and printed by the "recipient" ham. When someone prints an eQSL card and submits it as a confirmation for an award or a contest, we need a mechanism to verify that the QSO actually took place, and that the card has not been tampered with after retrieval. There are 3 mechanisms in place to discourage fraudulent eQSL generation: 1. Text embedded within the graphic image of Style 2 and Style 3 cards containing the callsigns of the sender and the recipient. This text can be viewed with most photo manipulation soft- ware but cannot be easily modified. 2. The "Authenticity Guaranteed" program ensures that the sender of an eQSL is actually the holder of a valid amateur radio license. Participants have had their license inspected by a member of the eQSL.cc staff who have indicated that the callsign on the license matches the callsign of the owner of the eQSL.cc account with that callsign. 3. The ability to verify any eQSL card against the eQSL.cc logbook database using the "VerifyQSO.cfm" computer-to-computer program. Traditional, printed QSL cards do not have these security measures available, and thus the cards printed from the eQSL.cc system are MORE SECURE than cards obtained from any other source. HOW TO USE THE "VerifyQSO.cfm" PROGRAM This web page is actually an interactive Cold Fusion "form" that returns a response HTML page that is designed to be parsed electronically. The output is human-readable, but is designed to be read by software, so the output is sparse. This form does NOT return a card, but rather confirms or denies the existence of a log entry matching the input parameters using simple, short return strings. Organizations can access the VerifyQSO.cfm page using an HTTP POST or GET command from their own web servers, or from any web browser, and can retrieve and analyze the results page very simply. The form is stored in the same subdirectory as all other web pages. Its URL is: https://www.eQSL.cc/qslcard/VerifyQSO.cfm The only parameters that are required are: the 2 callsigns, the band, and the date. If the optional mode is supplied, it will be validated, but must be spelled exactly as found in our database (i.e. "PSK" is not the same as "PSK31", and "SSB" is not the same as "USB", etc.). Parameters may be included in the URL as shown below in the TEST PROCEDURES, or may be included internally in the HTTP command in a set of form parameters. (If slashes are used in a callsign or a date in the URL method of submission, they MUST be escaped properly.) *** 17October2008 *** If the CallsignFrom parameter is omitted, the "parameter missing" error message below will be returned, however, a form will also be presented on the results page, allowing a human operator to enter the parameters and continue using the VerifyQSO program. INPUT "FORM" PARAMETERS (Parameter names are case-sensitive, but contents are not!): CallsignFrom CallsignTo QSOBand QSOMode (Optional, can be specified for purposes of guaranteeing a particular mode) QSODate (as MM/DD/YY or MM/DD/YYYY) OR QSOMonth, QSODay, and QSOYear (Note on 2-digit years: Years from 0 to 29 are interpreted as 21st century values. Years 30 to 99 are interpreted as 20th century values.) RETURN PAGE FORMAT: The returned HTML page will contain one or more result strings. The string that indicates a properly verified QSO is "Result - QSO on file". For maximum security, you may also wish to look for the informational message "Information - Authenticity Guaranteed" as well. There are other strings that can be parsed from the results page. Here is a complete list: RESULTS: "Result - QSO on file" "Error - Result: QSO not on file" "Error - Result: QSO rejected by recipient" INFORMATIONAL MESSAGES THAT MAY BE PRESENT IN ADDITION TO RESULTS: "Information - Authenticity Guaranteed" "Information - CallsignTo not on file" (indicates CallsignTo is not a registered user) ERROR MESSAGES THAT ARE FATAL TO THE RETURNING OF ANY RESULTS: "Error - CallsignFrom not on file" (this would be a clear indication of fraud) ERROR MESSAGES THAT ARE FATAL AND INDICATE A BUG IN THE CALLING PROGRAM "Error - Parameter missing: CallsignFrom" "Error - Parameter missing: CallsignTo" "Error - Parameter missing: QSODate" "Error - Parameter missing: QSOYear" "Error - Parameter missing: QSOMonth" "Error - Parameter missing: QSODay" "Error - Parameter missing: QSOBand" TEST PROCEDURE You can test the proper operation of your calling program and retrieval of a proper, verified QSO results page by using the following data: CallsignFrom: N5UP CallsignTo: TEST QSOBand: 160m QSODate: 01/01/2000 QSOMode: SSB For example: https://www.eQSL.cc/qslcard/VerifyQSO.cfm?CallsignFrom=n5up&CallsignTo=test&QSOBand=160m&QSOYear=2000&QSOMonth=1&QSODay=1&QSOMode=ssb