WATERMARKING QR CODES DATA TRANSMISSION DOCUMENTATION A TECHNIQUE OF USING WATERMARK Watermarks are normally used to be embedded visibly or invisibly in a text form or in an image, including the image of QR Code. They will protect the contents from being illegally used even though the content can be easily obtained. The technique introduced in this paper is to use the authentication data as a watermark to protect the transmitting data or information in a mobile communication environment. By using a mobile device installed with this application, the user will first be prompted to key in a pin number (obtained from the system’s administrator) and a security number (user’s own selected number). The pin number is the number which is already registered in the system which can only be used by authorized users. However, the security number is a random secret number determined by the user. The user must remember both numbers because they will be used again during the data retrieval or verification process. For an easy experiment of this technique, only a 3-digit security number will be used as a watermark. Figure 1 shows that the user will have to key-in a 6-digit pin number and a 3digit security number to be able to use the application system. Figure 1: Mobile's User Interface Once the pin number and security number are keyed in, the user will be able to scan the QR Code image using the installed scanning software. After the scanning is done, the information decoded from the QR Code image is immediately displayed on the user's mobile device (UMD). All the decoded information from QR Code is split into several variables which are then converted to binary numbers for the purpose of encrypting them. Meanwhile, the 3-digit security number is converted to a binary number of 20 digits which is later split into several smaller digits of binary numbers. Each small digit binary number will be attached to each binary variable of the information obtained from decoded QR Code. This will act as the watermark to the decoded QR Code’s information. These watermarked variables with be transmitted for use in verification with the records in the database. For easy verification process, the records in database are also stored in binary numbers. During the process of verification, the watermarked variables will be temporarily split from the watermark but resume using the watermark during transmission of retrieved records to the UMD. The flow of the watermarked variables from first user request to the final retrieval of the corresponding records from database is shown in Figure 2. Since the security number is used as a binary watermark, the split binary security numbers are denoted as variables W1, W2, W3, …, Wn. Meanwhile, the decoded data from QR Code are split into variables D1, D2, D3, …, Dn. When the user send a request to check these data with the records in the database, these variables will be watermarked into W1D1, W2D2, W3D3, …, WnDn. These watermarked data will be sent from UMD to the database’s server. After checking with the database and a correspondence record is found, the record’s information will be split into variables R1, R2, R3, …, Rn. To bring these record variables to user’s portable device, they have to be attached to the watermarked data as a security protection. Thus, the combined variables will be transmitted to the UMD as new variables W1D1R1, W2D2R2, W3D3R3, …, WnDnRn. Figure 2: Data from QR Code and its corresponding records are watermarked with security number Once the combined variables arrived at the UMD, they will be detached and the split security numbers which are used as watermark will be combined to build an original 20 digits security number. This number will be checked with the security number which the user needs to key in again to display the retrieve records from database. If these numbers are consistent, the records will be displayed. Otherwise, the user will be prompted with denial of service usage. With this technique, there are 2 levels of security obtained. First, the unauthorized parties will not be able to steal the data during transmission if they don’t have the 3-digit security number determined by the authorized user. Second, even if the data are being stolen during transmission, they will not be easy to be understood because they are encrypted into binary numbers. Besides, if they are able to be decrypted, they are meaningless because they are watermarked with security numbers which are only known by the authorized users.