Watermarks are normally used to be embedded visibly or
invisibly in a text form or in an image, including the image
of QR Code. They will protect the contents from being
illegally used even though the content can be easily
obtained. The technique introduced in this paper is to use
the authentication data as a watermark to protect the
transmitting data or information in a mobile
communication environment. By using a mobile device
installed with this application, the user will first be
prompted to key in a pin number (obtained from the
system’s administrator) and a security number (user’s own
selected number). The pin number is the number which is
already registered in the system which can only be used by
authorized users. However, the security number is a
random secret number determined by the user. The user
must remember both numbers because they will be used
again during the data retrieval or verification process. For
an easy experiment of this technique, only a 3-digit security
number will be used as a watermark. Figure 1 shows that
the user will have to key-in a 6-digit pin number and a 3digit security number to be able to use the application
Figure 1: Mobile's User Interface
Once the pin number and security number are keyed in, the
user will be able to scan the QR Code image using the
installed scanning software. After the scanning is done, the
information decoded from the QR Code image is
immediately displayed on the user's mobile device (UMD).
All the decoded information from QR Code is split into
several variables which are then converted to binary
numbers for the purpose of encrypting them. Meanwhile,
the 3-digit security number is converted to a binary number
of 20 digits which is later split into several smaller digits of
binary numbers. Each small digit binary number will be
attached to each binary variable of the information obtained
from decoded QR Code. This will act as the watermark to
the decoded QR Code’s information. These watermarked
variables with be transmitted for use in verification with the
records in the database. For easy verification process, the
records in database are also stored in binary numbers.
During the process of verification, the watermarked
variables will be temporarily split from the watermark but
resume using the watermark during transmission of
retrieved records to the UMD. The flow of the watermarked
variables from first user request to the final retrieval of the
corresponding records from database is shown in Figure 2.
Since the security number is used as a binary watermark,
the split binary security numbers are denoted as variables
W1, W2, W3, …, Wn. Meanwhile, the decoded data from
QR Code are split into variables D1, D2, D3, …, Dn. When
the user send a request to check these data with the records
in the database, these variables will be watermarked into
W1D1, W2D2, W3D3, …, WnDn. These watermarked data
will be sent from UMD to the database’s server. After
checking with the database and a correspondence record is
found, the record’s information will be split into variables
R1, R2, R3, …, Rn. To bring these record variables to user’s
portable device, they have to be attached to the
watermarked data as a security protection. Thus, the
combined variables will be transmitted to the UMD as new
variables W1D1R1, W2D2R2, W3D3R3, …, WnDnRn.
Figure 2: Data from QR Code and its corresponding
records are watermarked with security number
Once the combined variables arrived at the UMD, they will
be detached and the split security numbers which are used
as watermark will be combined to build an original 20
digits security number. This number will be checked with
the security number which the user needs to key in again to
display the retrieve records from database. If these numbers
are consistent, the records will be displayed. Otherwise, the
user will be prompted with denial of service usage.
With this technique, there are 2 levels of security obtained.
First, the unauthorized parties will not be able to steal the
data during transmission if they don’t have the 3-digit
security number determined by the authorized user.
Second, even if the data are being stolen during
transmission, they will not be easy to be understood
because they are encrypted into binary numbers. Besides, if
they are able to be decrypted, they are meaningless because
they are watermarked with security numbers which are only
known by the authorized users.