Certificate Authentication Using QR Code

CHAPTER-1
1.1 INTRODUCTION :
Nowadays people obtain a certification as a proof that they have the knowledge in the related
field. At present time, the companies process to certify a certificate take at least around 3 days
[1]. However, some of the companies need a certificate for hiring but they take a shortcut
without authenticatee certificate with reason which the process needs take a long time. Apart
from that, based on the research that has done state that the use of forged degree certificates in
higher education has seen a rise in this last few years [2]. Due to that, in this project, a certificate
authentication system using QR code will be developing to make people easier in authentication
progress and help in solving the current issues.
On the other side, Quick Response Code (QR Code) system has become popular use in
authentication method because it has fast readability and great storage capacity compare to
other type of barcode. QR code is the trademark of a type of matrix barcode. It has error
correction capability which is dirt and damage resistant and it also readable 2 from any direction
in 360 degrees. The Quick Response aspects of the code make it a convenient way to serve up
content to people on the go.
Hence, in this paper, it is proposed a QR code with certification method by cryptology. The
effectiveness of the certification authentication system is ensured based on the information
stored in the QR code generated that printed on the certification. A QR reader application can
be appear to be essential because it needed to scan QR code in order to obtain the information
that stored in the code which is able to checking the authentication of the certification.

Introduction to QR Codes:
Quick Response (QR) codes have become ubiquitous in today's digital landscape,
revolutionizing the way information is stored, shared, and accessed. Initially created in Japan
in the 1990s by Denso Wave, a subsidiary of Toyota, QR codes were originally designed to
track automotive parts during manufacturing. However, their versatility quickly led to their
adoption in various fields, making them a prominent feature of contemporary technology.

A QR code is a two-dimensional matrix barcode that can encode a wide range of data types,
including text, URLs, contact information, and more. Unlike traditional barcodes, QR codes
can store significantly more information in a compact, square format. This efficiency in data
storage, coupled with their ease of use, has made QR codes an integral part of our daily lives.

QR codes are characterized by their distinct square shape, composed of black squares and white
background modules arranged in a grid pattern. These codes are designed to be scanned and

MCA Program, AIMS Institutes, 22-23 1

Certificate Authentication Using QR Code

decoded by QR code readers, which are readily available on smartphones and dedicated QR
code scanning devices.

The versatility of QR codes extends to various applications across industries. They are
commonly used for:

Marketing and Advertising: QR codes enable businesses to provide easy access to product
information, promotions, and websites when scanned by consumers. They facilitate interactive
marketing campaigns and bridge the gap between physical and digital marketing channels.

Contactless Payments: QR codes are integral to mobile payment systems, allowing users to
make transactions by scanning a code displayed at a point of sale. Services like Apple Pay and
Google Pay utilize QR codes for secure payments.

Ticketing and Boarding Passes: Airlines, cinemas, and event organizers use QR codes as
electronic tickets and boarding passes. Passengers can scan their codes for quick entry and
validation.

Inventory and Asset Management: In industries such as logistics and manufacturing, QR

codes are employed for efficient inventory tracking and asset management, providing real-time
data on product movement and location.

Authentication and Verification: QR codes are used in certificate authentication systems, as

seen in educational and professional certifications. Scanning a QR code can quickly verify the
authenticity of a document or credential.

Healthcare: QR codes have found applications in healthcare, from accessing patient records
to contactless check-ins at medical facilities. They play a crucial role in facilitating streamlined
processes and minimizing physical contact.

Navigation and Location Services: QR codes embedded in maps and signage provide
navigation assistance. Scanning the code can offer directions, detailed information about a
location, or even a link to a GPS navigation app.

MCA Program, AIMS Institutes, 22-23 2

Certificate Authentication Using QR Code

Education: QR codes are used in educational materials to link to additional resources, videos,
or interactive content. They enhance the learning experience by providing immediate access to
supplementary materials.

As QR codes continue to evolve, they offer a convenient and efficient way to bridge the digital-
physical divide, connect people with information, and simplify everyday tasks. Their
adaptability and utility make them a valuable tool in an increasingly digital world, with
numerous possibilities for innovation and integration in various domains.
Certificate authentication using QR codes is a secure and convenient method to verify the
authenticity of digital certificates and documents. This process involves encoding certificate
information into a QR code, which can be easily scanned and verified using a QR code reader
or a mobile app. Here's a more detailed explanation of how certificate authentication using QR
codes works:
1. Certificate Generation:
The certificate authority or issuer generates a digital certificate for an individual or entity. This
certificate typically includes information like the recipient's name, credential details, and a
digital signature to ensure its authenticity.
2. QR Code Generation:
The certificate information is converted into a QR code format. This conversion involves
encoding the certificate data into the QR code using a specific algorithm or generator.
3. QR Code Placement:
The QR code can be placed on the physical certificate or sent electronically to the certificate
holder. When printed on physical documents, it's crucial to ensure that the QR code is tamper-
resistant to maintain its integrity.
4. Verification Process:
To authenticate the certificate, a verifier (e.g., an employer, educational institution, or anyone
with a verification role) uses a QR code reader or a mobile app. They scan the QR code on the
certificate.
5. Data Extraction:
The QR code reader extracts the encoded certificate data from the QR code. This data typically
includes a unique identifier and certificate details.
6. Online Verification (Optional):

MCA Program, AIMS Institutes, 22-23 3

Certificate Authentication Using QR Code

In some cases, the verifier may connect to an online database or a trusted source to cross-
reference the extracted data with the issuer's records. This step ensures real-time verification
and helps confirm the validity of the certificate.
7. Verification Outcome:
Based on the comparison of the extracted data with the issuer's records and any additional
verification checks, the verifier determines whether the certificate is valid or not. If the
information matches and the certificate is still valid, it is considered authentic.
Benefits of Certificate Authentication Using QR Codes:
• Enhanced Security: QR codes are difficult to counterfeit, and digital certificates are
typically secure. This combination enhances the overall security of certificate
verification.
• Efficiency: The process is streamlined, reducing the time and effort required for manual
verification.
• Accessibility: QR code scanning is widely accessible and doesn't require specialized
equipment or knowledge.
• Reduced Paperwork: Digital certificates with QR codes reduce the reliance on physical
paperwork and storage, making it a more eco-friendly and cost-effective solution.
• Real-time Verification: Online verification allows for real-time checks, ensuring that
the certificate is still valid and up-to-date.
Certificate authentication using QR codes is a valuable tool in various fields, including
education, professional certification, identity verification, and more, offering a reliable and
convenient method to verify the authenticity of digital certificates.

1.2 Problem Statement:

In today's digital age, the need for secure and efficient methods of verifying the authenticity of
digital certificates and documents is paramount. While digital certificates play a crucial role in
various sectors, such as education, professional certification, identity verification, and more,
traditional methods of certificate validation often involve cumbersome and time-consuming
processes. The problem statement for certificate authentication using QR codes addresses the
challenges and shortcomings of current methods and seeks to improve the verification process.
In the context of digital certificates and document authentication, there exists a pressing need
for a more efficient, secure, and user-friendly method of verifying the authenticity of these
credentials. Traditional approaches to certificate verification are often plagued by issues of
security, accessibility, and administrative burdens. The problem statement for certificate
authentication using QR codes aims to address these challenges and transform the verification
process into a streamlined, modernized, and reliable solution.

MCA Program, AIMS Institutes, 22-23 4

Certificate Authentication Using QR Code

Key Challenges and Issues:

1. Security Concerns: Traditional certificates, such as diplomas, licenses, and identification
documents, are susceptible to forgery and tampering. Ensuring the security and integrity of
these documents is a significant challenge.
2. Manual Verification: The current methods of verifying certificates often involve manual
checks and access to extensive databases. This process is time-consuming and may not
guarantee real-time verification.
3. Accessibility: Verifying certificates should be accessible to a wide range of users, including
employers, educational institutions, and other verifying authorities. Simplifying the process
for these users is essential.
4. Efficiency: The time and effort required for verifying certificates can be substantial, causing
delays and administrative burdens. Streamlining the process is crucial.
5. Data Integrity: Maintaining the integrity of certificate data is a concern, as any tampering
or alteration could compromise the validity of the document.
Proposed Solution:
The proposed solution is to implement a certificate authentication system using QR codes. By
encoding certificate information into QR codes.
The authentication process can be significantly improved. Users, including employers and
institutions, can simply scan the QR code with a mobile app or QR code reader to access the
certificate information.
The system should offer real-time verification by connecting to trusted online sources or
databases, ensuring the most up-to-date certificate data is being reviewed. This solution aims
to enhance security, accessibility, and efficiency in the certificate authentication process.

1.3 Objectives:
implementing a certificate authentication system using QR codes comes with several key
objectives that aim to improve the security, accessibility, and efficiency of the verification
process. These objectives are essential for addressing the challenges associated with traditional
certificate authentication methods. Here are the primary objectives:
1. TO Enhanced Security: The use of QR codes, which are difficult to counterfeit, will help
enhance the security of certificate authentication.
2. TO Efficiency: The new system should streamline the verification process, reducing the
time and effort required for manual checks.
3. TO Accessibility: The system should be user-friendly and accessible to a wide range of
users, promoting ease of use for employers, educational institutions, and other verifying
authorities.
4. TO Real-time Verification: The system should be capable of real-time verification by
connecting to online databases, ensuring the validity and currency of certificates.

MCA Program, AIMS Institutes, 22-23 5

Certificate Authentication Using QR Code

5. TO Data Integrity: Measures should be in place to ensure the integrity and authenticity
of certificate data encoded in the QR code.
i. To study the QR code technology for document authentication process
ii. To develop a certificate authentication system using QR cod
iii. To evaluate the functionality of the document authentication system

1.4. Scope (what project can do and cannot do):

Defining the scope of a project is critical to ensure clarity and manage expectations. In the
context of certificate authentication using QR codes, it's important to outline what the project
can and cannot do. Here's a breakdown of the scope:
What the Project Can Do:
1. Certificate Verification: The project can verify the authenticity of digital certificates,
such as diplomas, licenses, and identification documents, by scanning the QR code
associated with each certificate.
2. Real-Time Verification: The system can connect to trusted online databases or sources
to perform real-time certificate verification, ensuring that certificates are valid and up-
to-date.
3. Enhanced Security: By utilizing QR codes, the project can enhance the security of
certificate authentication, making it more resistant to forgery and tampering.
4. Efficient Verification: The project aims to streamline the certificate verification
process, reducing manual effort and improving the efficiency of verifying authorities.
5. User Accessibility: The system can be designed to be user-friendly and accessible to a
wide range of users, including employers, educational institutions, and individuals.
6. Privacy Protection: Measures can be implemented to protect the privacy of certificate
holders, ensuring that only necessary information is revealed when a QR code is
scanned.
7. Standardization: The project can establish standardized protocols for encoding
certificate data into QR codes, promoting consistency and interoperability.
8. Data Integrity: The project can include measures to safeguard the integrity and
authenticity of the certificate data encoded in the QR code.
9. Cross-Border Recognition: The system can be designed to work across international
borders, supporting various languages and character sets for cross-border recognition
of certificates.
10. Compliance and Regulation: The project can ensure compliance with relevant legal
and regulatory requirements, including data privacy and digital signature regulations.

MCA Program, AIMS Institutes, 22-23 6

Certificate Authentication Using QR Code

What the Project Cannot Do:

1. Certificate Issuance: The project is focused on certificate verification and
authentication, not on the issuance of digital certificates. The creation of digital
certificates is a separate process.
2. Data Entry and Database Management: While the project can connect to online
databases for verification, it does not handle data entry or database management for
certificate issuance.
3. Offline Verification Only: Although the project may support offline verification in
some cases, it primarily focuses on real-time verification. It cannot be entirely
dependent on offline processes.
4. Data Storage: The project does not store certificate data. It retrieves certificate
information from trusted sources but does not retain it permanently.
5. Complete Data Privacy: While the project can protect the privacy of certificate holders
to some extent, it cannot guarantee complete data privacy, as the extent of data exposure
may vary based on the certificate and its issuer's policies.
6. Total Cost Estimation: While the project can assess the cost-effectiveness of
implementation, it does not provide a detailed financial breakdown of all associated
costs, which may vary based on the organization's specific requirements.
7. Legal and Regulatory Consultation: The project can ensure compliance with relevant
regulations but does not offer legal or regulatory advice. Organizations may need to
consult legal experts for specific guidance.
Defining the project's scope in this manner helps manage expectations and ensures that
stakeholders have a clear understanding of what the system can and cannot accomplish in the
context of certificate authentication using QR codes.

MCA Program, AIMS Institutes, 22-23 7

Certificate Authentication Using QR Code

1.5. Technology and Literature Review:

1) Enhancing Security in Identity Documents Using QR Code
AUTHORS: K. M. Revathi, P. Annapandi, P. K. Ramya
In earlier days we didn’t have any certificate verification techniques, only the checking of
marks is done by the person. Due to these verification methods so many mistakes are
happened like duplication of marks in the mark sheet. Our system consists of QR reader and
Biometrics finger print readers which are used to verify the certificate originality in order to
eradicate fraudulent certificate. The procedure involved in this paper is getting the QR code
the certificate and finger print of the person during the run time. Then the fingerprint is
verified with that of the stored one, if it matches then the approved mark statement will be
provided. As a result of completing the above procedure the security if identification
document is increased. A running version of the system will have only one Administrator but
it typically has multiple end users like educational institution, industries and etc. The
administrator is responsible for managing user accounts, system resources and logs and for
the health and safekeeping of the system. Educational institution, industries and other users
have the responsibility of verifying the certificate as assigned by the administrator.
2) Paper-based document security–A Review
AUTHORS: R. L. Renesse
Inspection of documents and valuable products for authenticity can be divided into three
categories: first line inspection-the inspection of the document or product with the human
senses only without additional equipment; second line inspection-the inspection of the
document or product with the means of additional tools like a magnifier, an ultra violet
source, a bar code reader; third line inspection-the inspection of the document or product in
laboratory conditions, using advanced know how, sophisticated means (spectrometers,
microscopes, infrared radiation, etc.) and dedicated inspection facilities. It can be argued that
first line inspection has a few psychological drawbacks and that machine inspection grants
considerably higher security. This may be true, but a major drawback of machine inspection is
the current lack of standardization and it cannot be conceived how the many ingenious
systems that have been invented can be put to general use. Obvious exceptions are the
magnetic stripe and the chip card. However, there is little refuge in providing valuable
documents and products with high tech and highly secure machine readable features if not,
first of all, their first line public defence is adequately covered. First line security, therefore, is
the main subject of the paper.
3) Choosing best hashing strategies and hash functions
AUTHORS: M. Singh and D. Garg
The paper gives the guideline to choose a best suitable hashing method hash function for a
particular problem. After studying the various problem we find some criteria has been found
to predict the best hash method and hash function for that problem. We present six suitable
various classes of hash functions in which most of the problems can find their solution. Paper
discusses about hashing and its various components which are involved in hashing and states
the need of using hashing for faster data retrieval. Hashing methods were used in many

MCA Program, AIMS Institutes, 22-23 8

Certificate Authentication Using QR Code

different applications of computer science discipline. These applications are spread from spell
checker, database management applications, symbol tables generated by loaders, assembler,
and compilers. There are various forms of hashing that are used in different problems of
hashing like Dynamic hashing, Cryptographic hashing, Geometric hashing, Robust hashing,
Bloom hash, String hashing. At the end we conclude which type of hash function is suitable
for which kind of problem.
4) Understanding 2D-barcode technology and applications in M-commerce – design and
implementation of a 2D barcode processing solution
AUTHORS: J. Z. Gao
With the swift increase of the number of mobile device users, more wireless information
services and mobile commerce applications are needed. Since various barcodes have been
used for decades as a very effective means in many traditional commerce systems, today
people are looking for innovative solutions to use barcodes in the wireless world. Recently,
the mobile industry began to pay more attention to barcode applications in m-commerce
because 2D-barcodes not only provide a simple and inexpensive method to present diverse
commerce data, but also improve mobile user experience by reducing their inputs. This paper
first discusses 2D-barcode concepts, types and classifications, major technology players, and
applications in mobile commerce. Then, it reports a research project to develop a 2D-barcode
processing solution to support mobile applications. Moreover, the paper also presents the
application examples, and case study using the solution.
5) Document Certificate Authentication System Using Digitally Signed QR Code Tag
AUTHORS: Hamdi Abdurhman Ahmed, Jong Wook Jang
Now a day document such as Degree certificate can be easily forged fully or partially
modifying obtained score result like GPA (Grade Point Average). Digital signature are used to
detect unauthorized modification to data and to authenticate the identity of signatory. The
Quick Response (QR) code was designed for storage information and high-speed readability.
This paper proposed a method that QR code will contain a digital signature with the student
data such as degree holder's name, major program, GPA obtained and more, which will be
signed by Higher Educational Institute (HEI). In order to use this system, all HEI have to
register in central system, the central system provide another system that will deploy in each
HEI. All digitally signed certificate generating process are offline. To verify the digital
signature signed with QR code, we developed specific smart phone application which will
scan and authenticate the certificate without the need to address the certificate issuing
institution and gaining access to user's security credentials.

In Japan, the immigration department has used encrypted QR codes on visas [3]. The secure
QR codes can be made that make the scanner enter a password to be able to access the
content. This is a good idea to make secure QR codes for people use in immigrations. This
means other than the immigration department that for check in and out, people cannot see
decode the QR code without the password. Obviously, the 5 security level of QR codes is
very high although simple encryption systems may be involved.

MCA Program, AIMS Institutes, 22-23 9

Certificate Authentication Using QR Code

Apart from that, applications that already exist are to use encrypted QR codes on products
packaging, advertising, in show window display and more for business marketing. This
application is built for customer guarantees that any copyrights to any components of
products, designs, trademarks that are employed for inclusion in the custom QR codes are
either owned by customer.
In recent years, certificate authentication system using QR code was developed to increase the
security of certificate. In this certificate authentication system, the information that encrypted
in the QR codes needs to be decoded by using QR reader applications. Then the scanned QR
code in the application are processed by using various techniques of image processing such as
cryptography, morphological, stenography, image subtraction, watermark and etc to get the
information of certificate from the QR code in order to check the authentication of cert. Then
based on the information the authentication of certificate is checked.

MCA Program, AIMS Institutes, 22-23 10

Certificate Authentication Using QR Code

2. System Requirements Study

2.1Study of Current System:
A study of the current system in certificate authentication using QR codes involves analyzing
the existing processes and technologies used for verifying digital certificates with QR codes.
This study helps identify the strengths and weaknesses of the current system and provides
valuable insights for potential improvements. Here's an overview of what such a study might
entail:
1. Identification of Key Stakeholders:
Identify the primary stakeholders involved in the current certificate authentication process,
including certificate issuers, verifiers (e.g., employers or educational institutions), and
certificate holders.
2. Process Flow Analysis:
Examine the step-by-step process of certificate authentication using QR codes, from the
creation of digital certificates to their verification by authorized parties.
3. Technology Stack:
Identify the technology and tools currently used in the system, such as QR code generators,
mobile apps, and online databases for certificate validation.
4. Data Flow and Integration:
Analyze how certificate data is transferred from issuers to verifiers, considering data formats,
storage, and transmission methods.
5. User Experience and Accessibility:
Assess the user-friendliness of the current system, both for certificate holders who receive QR-
coded certificates and for verifiers who perform the authentication.
6. Security Measures:
Evaluate the security features in place to protect QR codes and certificate data from tampering
or unauthorized access.
7. Verification Speed and Efficiency:
Measure the time and effort required for verifiers to scan QR codes and validate certificates.
Determine whether the current system provides real-time verification.
8. Data Privacy and Compliance:
Examine how the system addresses data privacy concerns, especially regarding personal
information included in certificates. Ensure that the system complies with relevant regulations
and standards.

MCA Program, AIMS Institutes, 22-23 11

Certificate Authentication Using QR Code

9. Scalability and Performance:

Evaluate the system's ability to handle a growing volume of certificates and verification
requests. Identify any performance bottlenecks.
10. Data Integrity and Trustworthiness:
Ensure that certificate data remains accurate and unaltered throughout the verification process.
11. User Feedback and Challenges:
Collect feedback from certificate holders and verifiers about their experiences and challenges
with the current system.
12. Cost Analysis:
Assess the cost associated with maintaining and operating the current system, including
hardware, software, and personnel.
13. Documentation and Record Keeping:
Review the documentation and record-keeping procedures for certificates and verification
transactions.
14. Case Studies and Use Cases:
Examine real-world use cases and scenarios where the current system has been applied. Identify
any specific challenges or success stories.
15. Competitive Analysis:
Investigate if other certificate authentication systems using QR codes are in use, and compare
the strengths and weaknesses of the current system with potential alternatives.
16. Vulnerability Assessment:
Conduct a security assessment to identify vulnerabilities or potential risks associated with the
current system.
17. Future Requirements and Needs:
Gather insights into the evolving requirements and needs of certificate authentication, including
potential areas for improvement.
A thorough study of the current system provides a comprehensive understanding of its
functionality and limitations. This analysis is a crucial initial step in identifying opportunities
for enhancing the certificate authentication process using QR codes and addressing any
shortcomings in the existing system.

MCA Program, AIMS Institutes, 22-23 12

Certificate Authentication Using QR Code

2.2 Problems and weakness of current system:

The problems and weaknesses of the current technical system for certificate authentication
using QR codes can encompass various aspects of the technology and its implementation. Here
are some common technical issues and weaknesses:
Lack of Standardization: Many organizations and institutions use different formats and
standards for encoding certificate data into QR codes. This lack of standardization can hinder
interoperability and make it challenging to develop a universal system.
Vulnerability to QR Code Manipulation: QR codes, if not properly protected, can be
manipulated or replaced with fraudulent ones. Attackers could create counterfeit certificates
with altered QR codes, undermining the system's security.
Limited Data Encryption: QR codes themselves do not inherently provide data encryption. The
data encoded in a QR code may not be adequately protected, making it vulnerable to
interception and unauthorized access.
Dependence on Internet Connectivity: Many systems rely on real-time verification by
connecting to online databases. In cases of poor internet connectivity or server downtime, this
can lead to verification delays and interruptions.
Privacy Concerns: Scanning a QR code may reveal sensitive information, including personal
details about the certificate holder. Without proper safeguards, privacy concerns may arise.
Inadequate Data Validation: Some systems may not perform comprehensive validation of the
data contained within the QR code, making them susceptible to the inclusion of incorrect or
fraudulent information.
Complex Backend Integration: Implementing real-time verification often requires complex
backend integration with databases and systems. This can be challenging for organizations with
outdated or inflexible IT infrastructure.
Limited Offline Verification: In scenarios where internet connectivity is unreliable or
unavailable, the system may lack adequate provisions for offline verification, potentially
leading to verification bottlenecks.
Security of the Issuing Process: If the process of generating QR codes and linking them to
certificates is not secure, it can introduce vulnerabilities. Secure generation and storage of QR
codes is essential.
Scalability Challenges: As the number of certificates to be verified increases, the current system
may face scalability issues, affecting performance and response times.
Backup and Redundancy: Some systems may not have adequate backup and redundancy
measures in place. Failures or data loss could disrupt the verification process.
Cross-Platform Compatibility: Incompatibility with different QR code readers or mobile
devices can hinder the usability of the system for both certificate holders and verifiers.

MCA Program, AIMS Institutes, 22-23 13

Certificate Authentication Using QR Code

User Education: Lack of proper education and training for certificate holders and verifiers can
result in missteps and errors in the verification process.
Audit and Logging: The system may lack robust audit and logging features for tracking
verification activities, which can be important for record-keeping and compliance.
QR Code Expiration: If the QR code doesn't have an expiration mechanism or is not
automatically updated with the latest information, outdated or invalid certificates may still pass
verification.
Complex QR Code Content: Overly complex QR code content, such as long URLs or extensive
data, can lead to issues with readability and scanning.
Data Integrity in Transit: If the certificate data is not adequately protected during transmission
from the QR code to the verification system, it could be intercepted or modified.
Verification Device Compatibility: Compatibility issues between verification devices (e.g.,
mobile devices) and QR code readers can hinder the verification process.
Addressing these technical problems and weaknesses is crucial for enhancing the security and
efficiency of certificate authentication using QR codes. Implementing solutions such as
encryption, standardization, and robust backend systems can help mitigate these issues.

2.3 Requirements of new system:

The requirements for a new system in certificate authentication using QR codes should be
carefully defined to ensure that the system addresses the challenges and weaknesses of the
current system and provides an efficient, secure, and user-friendly solution. Here are the key
requirements for such a system:
Standardization:The system should follow standardized protocols for encoding certificate data
into QR codes, ensuring interoperability and consistency across different organizations and
institutions.
QR Code Security:Implement mechanisms to protect QR codes from tampering, replication, or
unauthorized alterations.
Encryption:Incorporate data encryption within QR codes to ensure the security and privacy of
the certificate data during transmission and storage.
Offline Verification:Provide the capability for offline verification, allowing verifiers to
authenticate certificates without internet connectivity.
Real-Time Verification:Support real-time verification by connecting to trusted online
databases or sources to ensure that certificates are valid and up-to-date.
User-Friendly Interface:Design a user-friendly interface for both certificate holders and
verifiers, making it easy to scan QR codes and access certificate information.

MCA Program, AIMS Institutes, 22-23 14

Certificate Authentication Using QR Code

Data Privacy Protection:Implement measures to protect the privacy of certificate holders by

limiting the information exposed when a QR code is scanned.
Data Integrity:Ensure that the system includes measures to safeguard the integrity and
authenticity of the certificate data encoded in the QR code.
Cross-Border Recognition:Design the system to work seamlessly across international borders,
supporting various languages and character sets for cross-border recognition of certificates.
Compliance and Regulation:- Ensure that the system complies with relevant legal and
regulatory requirements, including data privacy and digital signature regulations.
Scalability:Ensure that the system is scalable and can handle a growing volume of certificates
and verification requests efficiently.
Backup and Redundancy:Implement backup mechanisms to ensure system availability in case
of failures or data loss.
User Education:Provide educational materials and training to certificate holders and verifiers
to ensure they understand how to use the system effectively.
Cost-Effectiveness:Assess the cost-effectiveness of implementing the system, taking into
account both initial setup costs and ongoing operational expenses.
Blockchain Integration (Optional):Consider integrating blockchain technology for additional
security and transparency in certificate issuance and verification.
Device Compatibility:Ensure compatibility with a wide range of devices, including different
QR code readers and mobile apps.
Audit and Logging:Implement robust audit and logging features to track verification activities,
ensuring transparency and accountability.
QR Code Expiration:Include a mechanism for QR code expiration or automatic updates with
the latest certificate information to prevent the verification of outdated certificates.
Legal and Regulatory Compliance:Ensure that the system complies with relevant laws,
regulations, and industry standards, including data protection and privacy regulations.
Integration with Existing Systems:Ensure that the new system can seamlessly integrate with
existing certificate management systems, databases, and digital infrastructure.
Usability Testing:Conduct usability testing to verify that the system meets the needs and
expectations of certificate holders and verifiers.
By defining these requirements, you can lay the foundation for the development of a robust and
effective system for certificate authentication using QR codes that addresses the limitations of
the current system while providing enhanced security and usability.

MCA Program, AIMS Institutes, 22-23 15

Certificate Authentication Using QR Code

2.4 Feasibility study:

A feasibility study for implementing a certificate authentication system using QR codes is
essential to determine if the project is viable and can be executed within the given constraints.
Here are the key aspects to assess:
1. Technical Feasibility:
• Current Technology: Evaluate whether the necessary technology, including QR code
generation tools, mobile apps, and online databases, is readily available and compatible
with the proposed system.
• Integration: Assess whether the system can be integrated with existing infrastructure
and systems, such as certificate management databases, without significant technical
challenges.
• Data Security: Ensure that the chosen technology can provide the required level of data
security and encryption for certificate information.
2. Economic Feasibility:
• Cost Assessment: Estimate the project's costs, including initial setup, hardware,
software, and ongoing operational expenses. Ensure it aligns with the budget
constraints.
• Return on Investment (ROI): Analyze the potential benefits of the system, such as time
saved, reduced administrative costs, and enhanced security, to determine if the ROI
justifies the investment.
3. Schedule Feasibility:
• Timeline: Develop a project timeline, taking into account the complexity of integration,
development, testing, and deployment. Ensure it aligns with the desired implementation
schedule.
4. Legal and Regulatory Feasibility:
• Compliance: Verify that the system can meet the legal and regulatory requirements
related to data privacy, security, and digital signatures.
5. Operational Feasibility:
• Usability: Evaluate if the system is user-friendly and accessible to certificate holders
and verifiers. Consider user training and support.
• Scalability: Ensure the system can accommodate a growing number of certificates and
verification requests.
6. Risk Analysis:
• Identify potential risks, such as technical challenges, data breaches, or unforeseen issues
that may arise during implementation. Develop strategies to mitigate these risks.

MCA Program, AIMS Institutes, 22-23 16

Certificate Authentication Using QR Code

7. Compatibility and Integration:

• Assess whether the system can seamlessly integrate with existing certificate
management systems, databases, and digital infrastructure without causing disruptions.
8. User Acceptance:
• Gauge the acceptance and readiness of users, including certificate holders and verifiers,
to adopt the new system. Conduct surveys or gather user feedback.
9. Alternative Solutions:
• Explore alternative solutions or technologies that may provide similar benefits with
fewer constraints or risks.
10. Vendor Selection:
• If third-party solutions or vendors are involved, assess their capabilities and track record
for implementing similar systems.
The feasibility study should conclude whether the implementation of a certificate
authentication system using QR codes is technically, economically, and operationally viable
within the defined constraints. It should provide a clear understanding of the potential
challenges and benefits and help guide decision-making in the project's planning and execution.

2.5 Hardware Requirements:

a. For Development:

➢ System : Pentium i3 Processor

➢ Hard Disk : 500 GB.
➢ Monitor : 15’’ LED
➢ Input Devices : Keyboard, Mouse
➢ Ram : 4 GB

MCA Program, AIMS Institutes, 22-23 17

Certificate Authentication Using QR Code

b. For Development:
Server or Hosting: The specific hardware requirements for deployment will depend on factors
like the number of users, the complexity of your application, and its expected workload. For
small to medium-scale deployments, a virtual private server (VPS) or cloud hosting (e.g., AWS,
Azure, Google Cloud) should suffice. Make sure to choose an instance size that matches your
expected traffic.
1.Memory (RAM): The amount of RAM required will depend on the number of concurrent
users and the size of the application. A starting point could be 2GB of RAM for a small
deployment, but you may need more for larger applications.
2.Storage: You will need sufficient storage to store the application, databases, and user data.
SSD storage is recommended for faster access.
3.Processor: A multi-core processor with decent processing power is important, especially for
handling concurrent user requests.
4.Networking: Ensure a stable and high-speed internet connection for your server. It should be
capable of handling the expected traffic.
5.Redundancy: For mission-critical applications, consider redundancy and failover
mechanisms to ensure high availability.
6.Security: Implement necessary security measures, such as firewalls, intrusion detection
systems, and regular security updates.
7.Backup and Disaster Recovery: Have a backup and disaster recovery plan in place to protect
against data loss.

2.6 Software Requirements:

a. For Development:
1.Java Development Kit (JDK): You'll need the JDK to write, compile, and run Java code.
You can download the latest version from the Oracle website or use OpenJDK.
2.Integrated Development Environment (IDE): Choose an IDE for Java development.
Popular options include Eclipse, IntelliJ IDEA, or NetBeans. An IDE streamlines the
development process with features like code editing, debugging, and project management.
3.Build and Dependency Management: Use a build tool such as Apache Maven or Gradle to
manage project dependencies, build, and package your application.
4.Version Control: Software version control is crucial for collaborative development. Git is a
widely used version control system, and you can use platforms like GitHub, GitLab, or
Bitbucket to host your code.

MCA Program, AIMS Institutes, 22-23 18

Certificate Authentication Using QR Code

5.QR Code Generation Library: You'll need a Java library for generating QR codes. One
popular library is the ZXing (Zebra Crossing) library.

6.Web Development Tools (Optional): If your application includes a web component, you
may need web development tools such as HTML, CSS, and JavaScript, and possibly a web
framework like Spring Boot for building web applications.

b.For Deployment:
1.Java Runtime Environment (JRE): Your deployment environment should have the Java
Runtime Environment installed to run Java applications. Install the JRE that matches your
application's Java version.
2.Application Server (Optional): If your Java application is web-based, you may need an
application server like Apache Tomcat, Jetty, or WildFly to deploy your application.
3.Database Management System: Depending on your application's requirements, you might
need a database management system such as MySQL, PostgreSQL, Oracle Database, or
MongoDB to store and manage data.
4.Web Server (Optional): If your application has a web front end, you may need a web server
(e.g., Apache HTTP Server) to serve static content and act as a reverse proxy.
5.Operating System: Ensure your deployment environment runs on a compatible and secure
operating system (e.g., Linux, Windows, or macOS).
6.Security Software: Implement security software, including firewalls, intrusion detection
systems, and encryption protocols, to protect your application and user data.
7.Monitoring and Logging Tools: Deploy monitoring and logging tools to track application
performance and troubleshoot issues. Tools like Prometheus, Grafana, and ELK stack can be
helpful.
8.Backup and Recovery Solutions: Implement backup and disaster recovery solutions to
safeguard against data loss and ensure business continuity.
9.Dependency Management: Use a package manager or dependency management tool to
ensure all required libraries and dependencies are available in the deployment environment.
10.SSL Certificate: If your application involves secure communication, you'll need an
SSL/TLS certificate for HTTPS encryption.
11.Load Balancer (Optional): For high-traffic applications, a load balancer can distribute
incoming requests across multiple application server instances.

MCA Program, AIMS Institutes, 22-23 19

Certificate Authentication Using QR Code

3.SYSTEM DESIGN

SYSTEM ARCHITECTURE:

MCA Program, AIMS Institutes, 22-23 20

Certificate Authentication Using QR Code

SYSTEM DESIGN
3.1 Functions of the system
3.1.1 Use Case Diagrams:

Sequence Diagram for certificate Authentication

MCA Program, AIMS Institutes, 22-23 21

Certificate Authentication Using QR Code

3.2 Functional and Behaviour Modelling:

3.2.1 Flow chart:

3.2.1 Flow chart of QR code technique

3.2.2 Flow chart of data encoding process

MCA Program, AIMS Institutes, 22-23 22

Certificate Authentication Using QR Code

3.2.3 The simplified process of the sender

The project is mainly focus on the basic certificate authentication in QR code technology. The
first previous system is according to the research Sir Revathiprovides a new enhancing security
in identity documents using QR code [4]. The main focus of this system is they want to use QR
code to perform checking authentication of documents such as certificates. In this research it
focuses on using personal detail information of an individual to embed into QR code. The
personal detail information 7 such as the name of the person, date of birth, register number, and
nationality which are used for generate the QR code.
In this system, there have few steps in encode procedure of QR code. Firstly, input data is
encoded in according to most efficient mode and formed bit stream. The bit streams are divided
into code words. Then code words are divided into blocks, and add error correction code words
to each block. All these code words are put into a matrix and are masked with mask pattern.
Finally function patterns are added into the QR symbol. A QR Code symbol is formed.
The second previous system is according to the latest product of Intact.Inc Company which is
named as Easy-Cert (Ecert) with built-in authentication [5]. This system applies a certificate
authentication system with QR code technology. In this system, it focuses on using image of
the certificate to generate into QR code. Ecert system consists of two process which are sender
process and receiver process.

MCA Program, AIMS Institutes, 22-23 23

Certificate Authentication Using QR Code

3.2.4 The simplified process of the receiver

In figure 2.2 shows the simplified process of receiver, when a receiver obtains the document
from a sender, user may verify the authenticity of document by scanning the document and
processing the image. In the first step, the verification process starts Vej with checking the
integrity of the information stored in the QR code. Next, the information in the QR code that
consists of the image of the certificate is compressed. After scanning the QR code and
uncompressing the encrypted data, the certificate can be verified by comparing the image from
the QR code and the hand-in certificate. Thus, if both values are identical, the certificate is
valid.
The third previous system is according to the research of Kim and Jun, it applies method of QR
code recognition, password method, existing user authentication technique and etc to develop
a new user authentication technique. This research is proposed user authentication technique
by using QR code which is able read by QR reader application on smart phones and transmitted
into a server. The main focus on the research is to simplified and implement a more secure
process of authentication and also contract to the disadvantages such as keyboard hacking
which may occur in other authentication techniques.

MCA Program, AIMS Institutes, 22-23 24

Certificate Authentication Using QR Code

3.3.2 DFD (levels 0 & 1)

3.3.2.1 Level 0 DFD Diagram

3.3.2.2 Level 1 DFD Diagram

MCA Program, AIMS Institutes, 22-23 25

Certificate Authentication Using QR Code

Chapter-4
Implementation
4.1 Implementation Environment:
SOFTWARE ENVIRONMENT

Java Technology
Java technology is both a programming language and a platform. Java, a versatile and
widely-used programming language, has left an indelible mark on the world of software
development since its inception. Created by James Gosling and his team at Sun Microsystems
(now owned by Oracle Corporation), Java emerged in the mid-1990s as a revolutionary
language with its promise of "write once, run anywhere" capability. This phrase encapsulates
Java's ability to be executed on any platform that supports the Java Virtual Machine (JVM),
freeing developers from the constraints of specific operating systems.

Java's popularity can be attributed to its exceptional portability, robustness, and comprehensive
libraries that expedite the development process. With its object-oriented nature, Java promotes
structured and modular programming practices, making it suitable for projects ranging from
small applications to large-scale enterprise systems. The language's syntax, influenced by C
and C++, is designed to be readable and expressive, promoting ease of understanding and
maintenance of codebases.

Java's significance extends beyond its core language features. The Java ecosystem includes a
plethora of frameworks, tools, and libraries that facilitate tasks such as web development,
mobile app creation, scientific computing, and more. The community-driven Java Standard
Library provides a wide array of pre-built classes and methods, empowering developers to
focus on solving unique challenges rather than reinventing the wheel.

Security is another hallmark of Java. The JVM's security features, such as bytecode verification
and runtime access control, contribute to Java's reputation as a secure language, making it an
ideal choice for developing applications that handle sensitive data or run in environments with
stringent security requirements.

In this era of technological evolution, Java remains highly relevant. It powers a significant
portion of enterprise software, Android mobile applications, and various web-based
applications. Its adaptability to changing trends, like the rise of microservices architecture and

MCA Program, AIMS Institutes, 22-23 26

Certificate Authentication Using QR Code

cloud computing, demonstrates its resilience and ongoing relevance in the ever-evolving
software landscape.

Whether you are a seasoned developer or a beginner eager to delve into programming, Java
offers a rich and vibrant environment to explore, experiment, and create. This introduction
provides a glimpse into the world of Java, hinting at its history, features, and significance in
modern software development. As we journey further, we will delve deeper into the language's
intricacies, applications, and best practices, uncovering the multitude of possibilities that Java
brings to the realm of programming.

The Java Programming Language

The Java programming language is a high-level language that can be characterized by
all of the following buzzwords:

▪ Simple
▪ Architecture neutral
▪ Object oriented
▪ Portable
▪ Distributed
▪ High performance
▪ Interpreted
▪ Multithreaded
▪ Robust
▪ Dynamic
▪ Secure

With most programming languages, you either compile or interpret a program so that
you can run it on your computer. The Java programming language is unusual in that a program
is both compiled and interpreted. With the compiler, first you translate a program into an
intermediate language called Java byte codes —the platform-independent codes interpreted by
the interpreter on the Java platform. The interpreter parses and runs each Java byte code

MCA Program, AIMS Institutes, 22-23 27

Certificate Authentication Using QR Code

instruction on the computer. Compilation happens just once; interpretation occurs each time
the program is executed. The following figure illustrates how this works.

You can think of Java byte codes as the machine code instructions for the Java Virtual
Machine (Java VM). Every Java interpreter, whether it’s a development tool or a Web browser
that can run applets, is an implementation of the Java VM. Java byte codes help make “write
once, run anywhere” possible. You can compile your program into byte codes on any platform
that has a Java compiler. The byte codes can then be run on any implementation of the Java
VM. That means that as long as a computer has a Java VM, the same program written in the
Java programming language can run on Windows 2000, a Solaris workstation, or on an iMac.

The Java Platform

A platform is the hardware or software environment in which a program runs.
We’ve already mentioned some of the most popular platforms like Windows 2000,
Linux, Solaris, and MacOS. Most platforms can be described as a combination of the

MCA Program, AIMS Institutes, 22-23 28

Certificate Authentication Using QR Code

operating system and hardware. The Java platform differs from most other platforms in
that it’s a software-only platform that runs on top of other hardware-based platforms.

The Java platform has two components:

• The Java Virtual Machine (Java VM)
• The Java Application Programming Interface (Java API)
You’ve already been introduced to the Java VM. It’s the base for the Java platform
and is ported onto various hardware-based platforms.

The Java API is a large collection of ready-made software components that provide
many useful capabilities, such as graphical user interface (GUI) widgets. The Java API
is grouped into libraries of related classes and interfaces; these libraries are known as
packages. The next section, What Can Java Technology Do? Highlights what
functionality some of the packages in the Java API provide.
The following figure depicts a program that’s running on the Java platform. As the
figure shows, the Java API and the virtual machine insulate the program from the
hardware.

Native code is code that after you compile it, the compiled code runs on a
specific hardware platform. As a platform-independent environment, the Java platform
can be a bit slower than native code. However, smart compilers, well-tuned interpreters,
and just-in-time byte code compilers can bring performance close to that of native code
without threatening portability.

What Can Java Technology Do?

The most common types of programs written in the Java programming language are
applets and applications. If you’ve surfed the Web, you’re probably already familiar
with applets. An applet is a program that adheres to certain conventions that allow it to
run within a Java-enabled browser.

MCA Program, AIMS Institutes, 22-23 29

Certificate Authentication Using QR Code

However, the Java programming language is not just for writing cute, entertaining
applets for the Web. The general-purpose, high-level Java programming language is
also a powerful software platform. Using the generous API, you can write many types
of programs.
An application is a standalone program that runs directly on the Java platform. A special
kind of application known as a server serves and supports clients on a network.
Examples of servers are Web servers, proxy servers, mail servers, and print servers.
Another specialized program is a servlet. A servlet can almost be thought of as an applet
that runs on the server side. Java Servlets are a popular choice for building interactive
web applications, replacing the use of CGI scripts. Servlets are similar to applets in that
they are runtime extensions of applications. Instead of working in browsers, though,
servlets run within Java Web servers, configuring or tailoring the server.
How does the API support all these kinds of programs? It does so with packages of
software components that provides a wide range of functionality. Every full
implementation of the Java platform gives you the following features:
• The essentials: Objects, strings, threads, numbers, input and output, data
structures, system properties, date and time, and so on.
• Applets: The set of conventions used by applets.
• Networking: URLs, TCP (Transmission Control Protocol), UDP (User Data
gram Protocol) sockets, and IP (Internet Protocol) addresses.
• Internationalization: Help for writing programs that can be localized for users
worldwide. Programs can automatically adapt to specific locales and be
displayed in the appropriate language.
• Security: Both low level and high level, including electronic signatures, public
and private key management, access control, and certificates.
• Software components: Known as JavaBeansTM, can plug into existing
component architectures.
• Object serialization: Allows lightweight persistence and communication via
Remote Method Invocation (RMI).
• Java Database Connectivity (JDBCTM): Provides uniform access to a wide
range of relational databases.

MCA Program, AIMS Institutes, 22-23 30

Certificate Authentication Using QR Code

The Java platform also has APIs for 2D and 3D graphics, accessibility, servers,
collaboration, telephony, speech, animation, and more. The following figure depicts
what is included in the Java 2 SDK.

How Will Java Technology Change My Life?

We can’t promise you fame, fortune, or even a job if you learn the Java
programming language. Still, it is likely to make your programs better and requires less
effort than other languages. We believe that Java technology will help you do the
following:

• Get started quickly: Although the Java programming language is a powerful

object-oriented language, it’s easy to learn, especially for programmers already
familiar with C or C++.
• Write less code: Comparisons of program metrics (class counts, method counts,
and so on) suggest that a program written in the Java programming language
can be four times smaller than the same program in C++.
• Write better code: The Java programming language encourages good coding
practices, and its garbage collection helps you avoid memory leaks. Its object
orientation, its JavaBeans component architecture, and its wide-ranging, easily
extendible API let you reuse other people’s tested code and introduce fewer
bugs.

MCA Program, AIMS Institutes, 22-23 31

Certificate Authentication Using QR Code

• Develop programs more quickly: Your development time may be as much as

twice as fast versus writing the same program in C++. Why? You write fewer
lines of code and it is a simpler programming language than C++.
• Avoid platform dependencies with 100% Pure Java: You can keep your
program portable by avoiding the use of libraries written in other languages. The
100% Pure JavaTM Product Certification Program has a repository of historical
process manuals, white papers, brochures, and similar materials online.
• Write once, run anywhere: Because 100% Pure Java programs are compiled
into machine-independent byte codes, they run consistently on any Java
platform.
• Distribute software more easily: You can upgrade applets easily from a central
server. Applets take advantage of the feature of allowing new classes to be
loaded “on the fly,” without recompiling the entire program.
ODBC
Microsoft Open Database Connectivity (ODBC) is a standard programming interface
for application developers and database systems providers. Before ODBC became a de facto
standard for Windows programs to interface with database systems, programmers had to use
proprietary languages for each database they wanted to connect to. Now, ODBC has made the
choice of the database system almost irrelevant from a coding perspective, which is as it should
be. Application developers have much more important things to worry about than the syntax
that is needed to port their program from one database to another when business needs suddenly
change.
Through the ODBC Administrator in Control Panel, you can specify the particular
database that is associated with a data source that an ODBC application program is written to
use. Think of an ODBC data source as a door with a name on it. Each door will lead you to a
particular database. For example, the data source named Sales Figures might be a SQL Server
database, whereas the Accounts Payable data source could refer to an Access database. The
physical database referred to by a data source can reside anywhere on the LAN.
The ODBC system files are not installed on your system by Windows 95. Rather, they
are installed when you setup a separate database application, such as SQL Server Client or
Visual Basic 4.0. When the ODBC icon is installed in Control Panel, it uses a file called
ODBCINST.DLL. It is also possible to administer your ODBC data sources through a stand-
alone program called ODBCADM.EXE. There is a 16-bit and a 32-bit version of this program

MCA Program, AIMS Institutes, 22-23 32

Certificate Authentication Using QR Code

and each maintains a separate list of ODBC data sources.

From a programming perspective, the beauty of ODBC is that the application can be
written to use the same set of function calls to interface with any data source, regardless of the
database vendor. The source code of the application doesn’t change whether it talks to Oracle
or SQL Server. We only mention these two as an example. There are ODBC drivers available
for several dozen popular database systems. Even Excel spreadsheets and plain text files can
be turned into data sources. The operating system uses the Registry information written by
ODBC Administrator to determine which low-level ODBC drivers are needed to talk to the
data source (such as the interface to Oracle or SQL Server). The loading of the ODBC drivers
is transparent to the ODBC application program. In a client/server environment, the ODBC API
even handles many of the network issues for the application programmer.
The advantages of this scheme are so numerous that you are probably thinking there
must be some catch. The only disadvantage of ODBC is that it isn’t as efficient as talking
directly to the native database interface. ODBC has had many detractors make the charge that
it is too slow. Microsoft has always claimed that the critical factor in performance is the quality
of the driver software that is used. In our humble opinion, this is true. The availability of good
ODBC drivers has improved a great deal recently. And anyway, the criticism about
performance is somewhat analogous to those who said that compilers would never match the
speed of pure assembly language. Maybe not, but the compiler (or ODBC) gives you the
opportunity to write cleaner programs, which means you finish sooner. Meanwhile, computers
get faster every year.

JDBC
In an effort to set an independent database standard API for Java; Sun Microsystems
developed Java Database Connectivity, or JDBC. JDBC offers a generic SQL database access
mechanism that provides a consistent interface to a variety of RDBMSs. This consistent
interface is achieved through the use of “plug-in” database connectivity modules, or drivers. If
a database vendor wishes to have JDBC support, he or she must provide the driver for each
platform that the database and Java run on.
To gain a wider acceptance of JDBC, Sun based JDBC’s framework on ODBC. As you
discovered earlier in this chapter, ODBC has widespread support on a variety of platforms.

MCA Program, AIMS Institutes, 22-23 33

Certificate Authentication Using QR Code

Basing JDBC on ODBC will allow vendors to bring JDBC drivers to market much faster than
developing a completely new connectivity solution.
JDBC was announced in March of 1996. It was released for a 90 day public review that
ended June 8, 1996. Because of user input, the final JDBC v1.0 specification was released soon
after.
The remainder of this section will cover enough information about JDBC for you to know what
it is about and how to use it effectively. This is by no means a complete overview of JDBC.
That would fill an entire book.

JDBC Goals
Few software packages are designed without goals in mind. JDBC is one that, because
of its many goals, drove the development of the API. These goals, in conjunction with early
reviewer feedback, have finalized the JDBC class library into a solid framework for building
database applications in Java.
The goals that were set for JDBC are important. They will give you some insight as to why
certain classes and functionalities behave the way they do. The eight design goals for JDBC are
as follows:

1. SQL Level API

The designers felt that their main goal was to define a SQL interface for Java. Although
not the lowest database interface level possible, it is at a low enough level for higher-level
tools and APIs to be created. Conversely, it is at a high enough level for application
programmers to use it confidently. Attaining this goal allows for future tool vendors to
“generate” JDBC code and to hide many of JDBC’s complexities from the end user.

2. SQL Conformance
SQL syntax varies as you move from database vendor to database vendor. In an effort
to support a wide variety of vendors, JDBC will allow any query statement to be passed
through it to the underlying database driver. This allows the connectivity module to handle
non-standard functionality in a manner that is suitable for its users.

3. JDBC must be implemental on top of common database interfaces

The JDBC SQL API must “sit” on top of other common SQL level APIs. This goal

MCA Program, AIMS Institutes, 22-23 34

Certificate Authentication Using QR Code

allows JDBC to use existing ODBC level drivers by the use of a software interface. This
interface would translate JDBC calls to ODBC and vice versa.
4. Provide a Java interface that is consistent with the rest of the Java system
Because of Java’s acceptance in the user community thus far, the designers feel that
they should not stray from the current design of the core Java system.

5. Keep it simple
This goal probably appears in all software design goal listings. JDBC is no exception.
Sun felt that the design of JDBC should be very simple, allowing for only one method of
completing a task per mechanism. Allowing duplicate functionality only serves to confuse
the users of the API.

6. Use strong, static typing wherever possible

Strong typing allows for more error checking to be done at compile time; also, less error
appear at runtime.

7. Keep the common cases simple

Because more often than not, the usual SQL calls used by the programmer are simple
SELECT’s, INSERT’s, DELETE’s and UPDATE’s, these queries should be simple to
perform with JDBC. However, more complex SQL statements should also be possible.

Java is also unusual in that each Java program is both compiled and interpreted.
With a compile you translate a Java program into an intermediate language called
Java byte codes the platform-independent code instruction is passed and run on the
computer.

Compilation happens just once; interpretation occurs each time the program is
executed. The figure illustrates how this works.

MCA Program, AIMS Institutes, 22-23 35

Certificate Authentication Using QR Code

Java Program Interpreter

Compilers My Program

You can think of Java byte codes as the machine code instructions for the Java
Virtual Machine (Java VM). Every Java interpreter, whether it’s a Java development
tool or a Web browser that can run Java applets, is an implementation of the Java
VM. The Java VM can also be implemented in hardware.

Java byte codes help make “write once, run anywhere” possible. You can
compile your Java program into byte codes on my platform that has a Java compiler.
The byte codes can then be run any implementation of the Java VM. For example,
the same Java program can run Windows NT, Solaris, and Macintosh.

Networking

TCP/IP stack

The TCP/IP stack is shorter than the OSI one:

MCA Program, AIMS Institutes, 22-23 36

Certificate Authentication Using QR Code

TCP is a connection-oriented protocol; UDP (User Datagram Protocol) is a

connectionless protocol.

IP datagram’s

The IP layer provides a connectionless and unreliable delivery system. It considers

each datagram independently of the others. Any association between datagram must
be supplied by the higher layers. The IP layer supplies a checksum that includes its
own header. The header includes the source and destination addresses. The IP layer
handles routing through an Internet. It is also responsible for breaking up large
datagram into smaller ones for transmission and reassembling them at the other end.

UDP

UDP is also connectionless and unreliable. What it adds to IP is a checksum for

the contents of the datagram and port numbers. These are used to give a client/server
model - see later.

MCA Program, AIMS Institutes, 22-23 37

Certificate Authentication Using QR Code

TCP

TCP supplies logic to give a reliable connection-oriented protocol above IP. It

provides a virtual circuit that two processes can use to communicate.

Internet addresses

In order to use a service, you must be able to find it. The Internet uses an address
scheme for machines so that they can be located. The address is a 32 bit integer which
gives the IP address. This encodes a network ID and more addressing. The network
ID falls into various classes according to the size of the network address.

Network address

Class A uses 8 bits for the network address with 24 bits left over for other
addressing. Class B uses 16 bit network addressing. Class C uses 24 bit network
addressing and class D uses all 32.

Subnet address

Internally, the UNIX network is divided into sub networks. Building 11 is

currently on one sub network and uses 10-bit addressing, allowing 1024 different
hosts.

Host address

8 bits are finally used for host addresses within our subnet. This places a limit of
256 machines that can be on the subnet.

Total address

MCA Program, AIMS Institutes, 22-23 38

Certificate Authentication Using QR Code

The 32 bit address is usually written as 4 integers separated by dots.

Port addresses

A service exists on a host, and is identified by its port. This is a 16 bit number. To
send a message to a server, you send it to the port for that service of the host that it is
running on. This is not location transparency! Certain of these ports are "well known".

Sockets

A socket is a data structure maintained by the system to handle network

connections. A socket is created using the call socket. It returns an integer that is like
a file descriptor. In fact, under Windows, this handle can be used with Read File and
Write File functions.

#include <sys/types.h>
#include <sys/socket.h>
int socket(int family, int type, int protocol);

Here "family" will be AF_INET for IP communications, protocol will be zero,

and type will depend on whether TCP or UDP is used. Two processes wishing to
communicate over a network create a socket each. These are similar to two ends of a
pipe - but the actual pipe does not yet exist.

JFree Chart

JFreeChart is a free 100% Java chart library that makes it easy for developers to
display professional quality charts in their applications. JFreeChart's extensive feature
set includes:

A consistent and well-documented API, supporting a wide range of chart types;

A flexible design that is easy to extend, and targets both server-side and client-
side applications;

MCA Program, AIMS Institutes, 22-23 39

Certificate Authentication Using QR Code

Support for many output types, including Swing components, image files
(including PNG and JPEG), and vector graphics file formats (including PDF, EPS and
SVG);

JFreeChart is "open source" or, more specifically, free software. It is distributed

under the terms of the GNU Lesser General Public Licence (LGPL), which permits use
in proprietary applications.

1. Map Visualizations
Charts showing values that relate to geographical areas. Some examples include:
(a) population density in each state of the United States, (b) income per capita for each
country in Europe, (c) life expectancy in each country of the world. The tasks in this
project include:

Sourcing freely redistributable vector outlines for the countries of the world,
states/provinces in particular countries (USA in particular, but also other areas);

Creating an appropriate dataset interface (plus default implementation), a

rendered, and integrating this with the existing XYPlot class in JFreeChart;

Testing, documenting, testing some more, documenting some more.

2. Time Series Chart Interactivity

Implement a new (to JFreeChart) feature for interactive time series charts --- to display a
separate control that shows a small version of ALL the time series data, with a sliding
"view" rectangle that allows you to select the subset of the time series data to display in the
main chart.

3. Dashboards

There is currently a lot of interest in dashboard displays. Create a flexible dashboard

mechanism that supports a subset of JFreeChart chart types (dials, pies, thermometers, bars,
and lines/time series) that can be delivered easily via both Java Web Start and an applet.

MCA Program, AIMS Institutes, 22-23 40

Certificate Authentication Using QR Code

4. Property Editors

The property editor mechanism in JFreeChart only handles a small subset of the
properties that can be set for charts. Extend (or reimplement) this mechanism to provide
greater end-user control over the appearance of the charts.

J2ME (Java 2 Micro edition):-

Sun Microsystems defines J2ME as "a highly optimized Java run-time environment targeting a
wide range of consumer products, including pagers, cellular phones, screen-phones, digital set-
top boxes and car navigation systems." Announced in June 1999 at the JavaOne Developer
Conference, J2ME brings the cross-platform functionality of the Java language to smaller
devices, allowing mobile wireless devices to share applications. With J2ME, Sun has adapted
the Java platform for consumer products that incorporate or are based on small computing
devices.

MCA Program, AIMS Institutes, 22-23 41

Certificate Authentication Using QR Code

1. General J2ME architecture

J2ME uses configurations and profiles to customize the Java Runtime Environment (JRE). As
a complete JRE, J2ME is comprised of a configuration, which determines the JVM used, and a
profile, which defines the application by adding domain-specific classes. The configuration
defines the basic run-time environment as a set of core classes and a specific JVM that run on
specific types of devices. We'll discuss configurations in detail in the The profile defines the
application; specifically, it adds domain-specific classes to the J2ME configuration to define
certain uses for devices. We'll cover profiles in depth in the The following graphic depicts the
relationship between the different virtual machines, configurations, and profiles. It also draws
a parallel with the J2SE API and its Java virtual machine. While the J2SE virtual machine is
generally referred to as a JVM, the J2ME virtual machines, KVM and CVM, are subsets of
JVM. Both KVM and CVM can be thought of as a kind of Java virtual machine -- it's just that
they are shrunken versions of the J2SE JVM and are specific to J2ME.

2. Developing J2ME applications

Introduction In this section, we will go over some considerations you need to keep in mind
when developing applications for smaller devices. We'll take a look at the way the compiler is
invoked when using J2SE to compile J2ME applications. Finally, we'll explore packaging and
deployment and the role preverification plays in this process.

MCA Program, AIMS Institutes, 22-23 42

Certificate Authentication Using QR Code

3. Design considerations for small devices

Developing applications for small devices requires you to keep certain strategies in mind during
the design phase. It is best to strategically design an application for a small device before you
begin coding. Correcting the code because you failed to consider all of the "gotchas" before
developing the application can be a painful process. Here are some design strategies to consider:

* Keep it simple. Remove unnecessary features, possibly making those features a separate,
secondary application.

* Smaller is better. This consideration should be a "no brainer" for all developers. Smaller
applications use less memory on the device and require shorter installation times. Consider
packaging your Java applications as compressed Java Archive (jar) files.

* Minimize run-time memory use. To minimize the amount of memory used at run time, use
scalar types in place of object types. Also, do not depend on the garbage collector. You should
manage the memory efficiently yourself by setting object references to null when you are
finished with them. Another way to reduce run-time memory is to use lazy instantiation, only
allocating objects on an as-needed basis. Other ways of reducing overall and peak memory use
on small devices are to release resources quickly, reuse objects, and avoid exceptions.

4. Configurations overview

The configuration defines the basic run-time environment as a set of core classes and a specific
JVM that run on specific types of devices. Currently, two configurations exist for J2ME, though
others may be defined in the future:

* Connected Limited Device Configuration (CLDC) is used specifically with the KVM for
16-bit or 32-bit devices with limited amounts of memory. This is the configuration (and the
virtual machine) used for developing small J2ME applications. Its size limitations make CLDC
more interesting and challenging (from a development point of view) than CDC. CLDC is also
the configuration that we will use for developing our drawing tool application. An example of
a small wireless device running small applications is a Palm hand-held computer.

MCA Program, AIMS Institutes, 22-23 43

Certificate Authentication Using QR Code

* Connected Device Configuration (CDC) is used with the C virtual machine (CVM) and is
used for 32-bit architectures requiring more than 2 MB of memory. An example of such a device
is a Net TV box.

5. J2ME profiles

What is a J2ME profile?

As we mentioned earlier in this tutorial, a profile defines the type of device supported. The
Mobile Information Device Profile (MIDP), for example, defines classes for cellular phones. It
adds domain-specific classes to the J2ME configuration to define uses for similar devices. Two
profiles have been defined for J2ME and are built upon CLDC: KJava and MIDP. Both KJava
and MIDP are associated with CLDC and smaller devices. Profiles are built on top of
configurations. Because profiles are specific to the size of the device (amount of memory) on
which an application runs, certain profiles are associated with certain configurations.

A skeleton profile upon which you can create your own profile, the Foundation Profile, is
available for CDC.

Profile 1: KJava

KJava is Sun's proprietary profile and contains the KJava API. The KJava profile is built on top
of the CLDC configuration. The KJava virtual machine, KVM, accepts the same byte codes
and class file format as the classic J2SE virtual machine. KJava contains a Sun-specific API
that runs on the Palm OS. The KJava API has a great deal in common with the J2SE Abstract
Windowing Toolkit (AWT). However, because it is not a standard J2ME package, its main
package is com.sun.kjava. We'll learn more about the KJava API later in this tutorial when we
develop some sample applications.

Profile 2: MIDP

MIDP is geared toward mobile devices such as cellular phones and pagers. The MIDP, like
KJava, is built upon CLDC and provides a standard run-time environment that allows new
applications and services to be deployed dynamically on end user devices. MIDP is a common,
industry-standard profile for mobile devices that is not dependent on a specific vendor. It is a
complete and supported foundation for mobile application

MCA Program, AIMS Institutes, 22-23 44

Certificate Authentication Using QR Code

development. MIDP contains the following packages, the first three of which are core CLDC
packages, plus three MIDP-specific packages.

* java.lang

* java.io

* java.util

* javax.microedition.io

* javax.microedition.lcdui

* javax.microedition.midlet

* javax.microedition.rms

MYSQL:

What is a Database?

A database is a separate application that stores a collection of data. Each database has one or
more distinct APIs for creating, accessing, managing, searching and replicating the data it
holds.

Other kinds of data stores can also be used, such as files on the file system or large hash tables
in memory, but data fetching and writing would not be so fast and easy with those type of
systems.

Nowadays, we use relational database management systems (RDBMS) to store and manage
huge volume of data. This is called relational database because all the data is stored into
different tables and relations are established using primary keys or other keys known as Foreign
Keys.

A Relational DataBase Management System (RDBMS) is a software that:

❖ Enables you to implement a database with tables, columns and indexes.

❖ Guarantees the Referential Integrity between rows of various tables.
❖ Updates the indexes automatically.
❖ Interprets an SQL Query and combines information from various tables.

MCA Program, AIMS Institutes, 22-23 45

Certificate Authentication Using QR Code

RDBMS Terminology

Before we proceed to explain the MySQL database system, let us revise a few definitions
related to the database.

❖ Database: A database is a collection of tables, with related data.

❖ Table: A table is a matrix with data. A table in a database looks like a simple spreadsheet.
❖ Column: One column (data element) contains data of one and the same kind, for
example the column postcode.
❖ Row: A row (= tuple, entry or record) is a group of related data. For example, the data
of one subscription.
❖ Redundancy: Storing data twice, redundantly to make the system faster.
❖ Primary Key: A primary key is unique. A key value cannot occur twice in one table.
With a key, you can only find one row.
❖ Foreign Key: A foreign key is the linking pin between two tables
❖ Compound Key: A compound key (composite key) is a key that consists of multiple
columns, because one column is not sufficiently unique.
❖ Index: An index in a database resembles an index at the back of a book.
❖ Referential Integrity: Referential Integrity makes sure that a foreign key value always
points to an existing row.

MySQL Database

MySQL is a fast, easy-to-use RDBMS being used for many small and big businesses. MySQL
is developed, marketed and supported by MySQL AB, which is a Swedish company. MySQL
is becoming so popular because of many good reasons:

❖ MySQL is released under an open-source license. So you have nothing to pay to use it.
❖ MySQL is a very powerful program in its own right. It handles a large subset of the
functionality of the most expensive and powerful database packages.
❖ MySQL uses a standard form of the well-known SQL data language.
❖ MySQL works on many operating systems and with many languages including HP,
PERL, C, C++, JAVA, etc.
❖ MySQL works very quickly and works well even with large data sets.
❖ MySQL is very friendly to PHP, the most appreciated language for web development.

MCA Program, AIMS Institutes, 22-23 46

Certificate Authentication Using QR Code

❖ MySQL supports large databases, up to 50 million rows or more in a table. The default
file size limit for a table is 4GB, but you can increase this (if your operating system can
handle it) to a theoretical limit of 8 million terabytes (TB).
❖ MySQL is customizable. The open-source GPL license allows programmers to modify
the MySQL software to fit their own specific environments.

MYSQL Introduction:

MySQL (pronounced “My Ess Cue Ell”) is more than just “the world’s most popular open
source database,” as the developers at the MySQL AB corporation (http://www.mysql.com)
claim. This modest-sized database has introduced millions of everyday computer users and
amateur researchers to the world of powerful information systems. MySQL is a relatively recent
entrant into the well-established area of relational database management systems (RDBMs), a
concept invented by IBM researcher Edgar Frank Codd in 1970. Despite the arrival of newer
types of data repositories over the past 35 years, relational databases remain the workhorses of
the information world. They permit users to represent sophisticated relationships between items
of data and to calculate these relationships with the speed needed to make decisions in modern
organizations. It’s impressive how you can go from design to implementation in just a few
hours, and how easily you can develop web applications to access terabytes of data and serve
thousands of web users per second. Whether you’re offering products on a web site, conducting
a scientific survey, or simply trying to provide useful data to your classroom, bike club, or
religious organization, MySQL gets you started quickly and lets you scale up your services
comfortably over time. Its ease of installation and use led media analyst Clay Shirky to credit
MySQL with driving a whole new type of information system he calls “situated software”—
custom software that can be easily designed and built for niche applications. In this book, we
provide detailed instructions to help you set up MySQL and related software. We’ll teach you
Structured Query Language (SQL), which is used to insert, retrieve, and manipulate data. We’ll
also provide a tutorial on database design, explain how to configure MySQL for improved
security, and offer you advanced hints on getting even more out of your data. In the last five
chapters, we show how to interact with the database using the PHP and Perl programming
languages, and how to allow interaction with your data over the medium most people prefer
these days: the Web.

MCA Program, AIMS Institutes, 22-23 47

Certificate Authentication Using QR Code

Why Is MySQL so Popular?

The MySQL development process focuses on offering a very efficient implementation of the
features most people need. This means that MySQL still has fewer features than its chief open
source competitor, PostgreSQL, or the commercial database engines. Nevertheless, the skills
you get from this book will serve you well on any platform. Many database management
systems—even open source ones—preceded MySQL. Why has MySQL been the choice for so
many beginners and small sites, and now for some heavyweight database users in government
and industry? We can suggest a few factors:

Size and speed

MySQL can run on very modest hardware and puts very little strain on system resources; many
small users serve up information to their organizations by running MySQL on modest desktop
systems. The speed with which it can retrieve information has made it a longstanding favorite
of web administrators. Over the past few years, MySQL AB has addressed the need of larger
sites by adding features that necessarily slow down retrieval, but its modular design lets you
ignore the advanced features and maintain the suppleness and speed for which MySQL is
famous.

Ease of installation

Partly because MySQL is small and fast, it works the way most people want straight “out of
the box.” It can be installed without a lot of difficult and sophisticated configuration. Now that
many Linux distributions include MySQL, installation can be almost automatic.

Responsiveness to community

With a few hundred employees scattered around the globe, MySQL AB is a very flexible
organization that keeps constant tabs on user needs. At its conferences, lead developers get out
in front and make themselves available to everyone with a gripe or a new idea. There are also
local MySQL user groups in almost every major city. This responsiveness is helped by the fact
that MySQL is open and free; any sufficiently skilled programmer can look at the program code
to find and perhaps help in fixing problems.

MySQL actually has a dual-license approach: if you want to build your own product around it,
you pay MySQL AB a license fee. If you just want to use MySQL to serve your own data, you

MCA Program, AIMS Institutes, 22-23 48

Certificate Authentication Using QR Code

don’t have to pay the license fee. MySQL also offers technical support, as do numerous other
companies and consultants, some of them probably near you.

Easy interface to other software

It is easy to use MySQL as part of a larger software system. For example, you can write
programs that can interact directly with a MySQL database. Most major programming
languages have libraries of functions for use with MySQL; these include C, PHP, Perl, Python,
Ruby, and the Microsoft .NET languages. MySQL also supports the Open Database
Connectivity (ODBC) standard, making it accessible even when MySQL-specific functionality
isn’t available.

4.2 Major Modules

MODULES:

❖ Student Registration and Authentication Module

❖ Certificate Request Module
❖ Admin Module
❖ QR Code Verification Module

MODULES DESCSRIPTION:

Student Registration and Authentication Module

❖ This module is dedicated to the registration of students or certificate holders within the
system. The "Student Registration and Authentication Module" is a pivotal component
of the "Certificate Authentication System using QR Code." This module is responsible
for managing the registration of students or certificate holders, ensuring that only
legitimate users gain access to the system.
❖ The registration process allows students to create accounts within the system by
providing essential personal details. This information is collected to establish the user's
identity and facilitate communication. Registration is the first step toward accessing
certificate services. Input Data such as: Roll Number, Year, Department, Photo (Image
Upload), Name, Email ID, Phone Number, Address and Password should be given
during the registration of student.

MCA Program, AIMS Institutes, 22-23 49

Certificate Authentication Using QR Code

❖ Following successful registration, students are not granted immediate access to the
system. Instead, their registration requests are placed in a pending state, awaiting
approval from the system administrator. This approval step serves as a crucial security
measure to prevent unauthorized access. The administrator reviews the pending
registration requests. The admin can approve or reject registration requests based on the
authenticity of the provided information. Once the admin approves a student's
registration, the student gains access to the system. Authentication is required to ensure
that only authorized users can log in.
❖ Security is paramount in this module to prevent unauthorized access and protect user
data. Various security measures are implemented to safeguard the system. The "Student
Registration and Authentication Module" ensures a stringent verification process to
safeguard the system's integrity. By implementing admin approval and robust security
measures, the module enhances the overall security and trustworthiness of the certificate
authentication system while providing a seamless registration experience for legitimate
users.

Certificate Request Module

❖ This module facilitates the request and issuance of certificates. Users can submit
requests for various types of certificates, such as Bonafide Certificates, Transfer
Certificates, or Course Completion Certificates. Upon verification, the requested
certificates are generated and made available for download or printing. The "Certificate
Request Module" is a crucial component of the "Certificate Authentication System
using QR Code." This module facilitates the seamless request and processing of various
types of certificates by authenticated students.
❖ Once a student is logged into the system, they can initiate a certificate request. The
module streamlines the request process, minimizing data entry for students as their basic
details (Roll number, Department, Year) are pre-populated from the database. The
primary purpose is to enable students to select the specific type of certificate they
require. Type of Certificate (e.g., Bonafide, Transfer Certificate, Course Completion
Certificate). Roll number, department, and year fields are auto-populated based on the
student's profile data. Students choose the type of certificate they need from available
options. Students submit their certificate request.

MCA Program, AIMS Institutes, 22-23 50

Certificate Authentication Using QR Code

❖ After submitting a certificate request, students can track the status of their request. The
module provides transparency in the request processing lifecycle, allowing students to
monitor progress. Students can view the status of their certificate requests (e.g.,
Pending, Approved, Rejected).
❖ Certificate requests made by students are not immediately granted. Admin approval is
required to ensure the legitimacy of the request. The admin reviews the request details
and decides whether to approve or reject it. Upon admin approval, the system generates
the requested certificate with the necessary details. The certificate is prepared in a
format suitable for printing or download.

Admin Module

❖ The Admin Module is designed for system administrators who oversee and manage the
entire certificate authentication system. The "Admin Module" is a central component of
the "Certificate Authentication System using QR Code." It is designed to empower
system administrators with tools and functionalities to efficiently manage the system,
oversee student registrations, review certificate requests, and maintain system settings.
❖ The admin has the capability to define and manage the college's name and logo. This
information is essential as it is displayed on the generated certificates, enhancing the
certificates' credibility and authenticity. Admin can upload the college's official logo.
Admin can enter or update the college's name.
❖ Admin has the option of Student Approval, where the pending student registrations
await admin approval. The admin is responsible for verifying the authenticity of student
registration requests and deciding whether to approve or reject them. After approval,
the student's registration status is updated in the system.
❖ Admin has the option of Student details, where the admin can view with a
comprehensive view of all registered students' details. It serves as a central repository
of student information.
❖ Admin has the option of Certificate Request, where the admin can oversee and manage
student-initiated certificate requests. The admin reviews these requests to determine
their validity and authenticity. Admin can access a list of pending certificate requests
made by students. After approval, the request status is updated, and certificate
generation is initiated.

MCA Program, AIMS Institutes, 22-23 51

Certificate Authentication Using QR Code

❖ Admin has the option of All Request details, which provides an overview of the status
of all certificate requests within the system. It serves as a comprehensive tracking and
reporting tool for the admin. The "Admin Module" ensures efficient management of
student registrations, certificate requests, and system settings. It empowers the
administrator to maintain data accuracy, verify authenticity, and oversee the certificate
issuance process, contributing to the overall security and reliability of the certificate
authentication system.

QR Code Verification Module

❖ This critical module handles the verification of certificates using QR codes. The "QR
Code Verification Module" is a critical component of the "Certificate Authentication
System using QR Code." This module is designed to empower verifiers to quickly and
accurately authenticate certificates by scanning QR codes.
❖ To access the QR Code Verification Module, verifiers must log in to the system using
their credentials. This step ensures that only authorized personnel can perform
certificate verification. After successful login, verifiers can initiate the QR code
scanning process. This involves activating their device's webcam to scan the QR code
on a certificate. Verifiers position the QR code within the webcam's viewfinder and
initiate the scanning process.
❖ Once the QR code is scanned, the module validates the QR code to determine its
authenticity. The validation process checks if the QR code corresponds to a genuine
certificate in the system's database. The module compares the QR code data with the
stored certificate information to verify authenticity. If the QR code is valid, the system
displays the certificate details, including the certificate holder's name and information,
along with an "Authentic" label. If the QR code is not valid (e.g., expired, tampered
with, or non-existent in the database), the system displays an "Invalid QR Code"
message.

MCA Program, AIMS Institutes, 22-23 52

Certificate Authentication Using QR Code

5.3 Sample code / Pseudo code

QR code reader.
package CertificateAuth.QRCode;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.Map;
import javax.imageio.ImageIO;
import com.google.zxing.BinaryBitmap;
import com.google.zxing.MultiFormatReader;
import com.google.zxing.NotFoundException;
import com.google.zxing.Result;
import com.google.zxing.client.j2se.BufferedImageLuminanceSource;
import com.google.zxing.common.HybridBinarizer;

/**
*
* @author NARESH
*/
public class QRReader {

// Function to read the QR file

public static String readQR(String path, String charset,
Map hashMap)
throws FileNotFoundException, IOException,
NotFoundException
{
BinaryBitmap binaryBitmap
= new BinaryBitmap(new HybridBinarizer(

MCA Program, AIMS Institutes, 22-23 53

Certificate Authentication Using QR Code

new BufferedImageLuminanceSource(
ImageIO.read(
new FileInputStream(path)))));

Result result
= new MultiFormatReader().decode(binaryBitmap);

return result.getText();
}

}
QR Genarator.
package CertificateAuth.QRCode;

import java.io.File;
import java.io.IOException;
import java.util.Map;
import com.google.zxing.BarcodeFormat;
import com.google.zxing.MultiFormatWriter;
import com.google.zxing.WriterException;
import com.google.zxing.client.j2se.MatrixToImageWriter;
import com.google.zxing.common.BitMatrix;
/**
*
* @author NARESH
*/
public class QRGen {

MCA Program, AIMS Institutes, 22-23 54

Certificate Authentication Using QR Code

// Function to create the QR code

public static void createQR(String data, String path,
String charset, Map hashMap,
int height, int width)
throws WriterException, IOException
{

BitMatrix matrix = new MultiFormatWriter().encode(

new String(data.getBytes(charset), charset),
BarcodeFormat.QR_CODE, width, height);

MatrixToImageWriter.writeToFile(
matrix,
path.substring(path.lastIndexOf('.') + 1),
new File(path));
}
}
SQL Connection
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package CertificateAuth.Database;

import java.sql.Connection;
import java.sql.DriverManager;

/**
*

MCA Program, AIMS Institutes, 22-23 55

Certificate Authentication Using QR Code

* @author Beast
*/
public class SQLconnection {

static Connection con;

/**
*
* @return
*/
public static Connection getconnection() {
try {
Class.forName("com.mysql.jdbc.Driver");
con = DriverManager.getConnection("jdbc:mysql://localhost:3306/certauth", "root",
"root");
} catch (Exception e) {
}
return con;
}
}

Verifier Log .
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package CertificateAuth;

MCA Program, AIMS Institutes, 22-23 56

Certificate Authentication Using QR Code

import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
*
* @author NARESH
*/
public class VerifierLog extends HttpServlet {

/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
try (PrintWriter out = response.getWriter()) {
/* TODO output your page here. You may use following sample code. */
String name = request.getParameter("name");
String pass = request.getParameter("pass");

MCA Program, AIMS Institutes, 22-23 57

Certificate Authentication Using QR Code

System.out.println("===============================================
===============================");
if (name.equals("Verifier") && pass.equals("Verifier")) {
response.sendRedirect("VerifierHome.jsp?Success");
} else {
response.sendRedirect("Verifier.jsp?Failed");
}
} catch (Exception ex) {
}
}

// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on

the left to edit the code.">
/**
* Handles the HTTP <code>GET</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}

/**
* Handles the HTTP <code>POST</code> method.
*
* @param request servlet request

MCA Program, AIMS Institutes, 22-23 58

Certificate Authentication Using QR Code

* @param response servlet response

* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}

/**
* Returns a short description of the servlet.
*
* @return a String containing servlet description
*/
@Override
public String getServletInfo() {
return "Short description";
}// </editor-fold>

Student register.java
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package CertificateAuth;

MCA Program, AIMS Institutes, 22-23 59

Certificate Authentication Using QR Code

import CertificateAuth.Database.SQLconnection;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.annotation.MultipartConfig;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.Part;

/**
*
* @author NARESH
*/
@MultipartConfig(maxFileSize = 16177215)
public class StudentRegister extends HttpServlet {

/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>

MCA Program, AIMS Institutes, 22-23 60

Certificate Authentication Using QR Code

* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
try (PrintWriter out = response.getWriter()) {
/* TODO output your page here. You may use following sample code. */
String name = request.getParameter("name");
String mail = request.getParameter("email");
String pass = request.getParameter("pass");
String phone = request.getParameter("phone");
String address = request.getParameter("address");
String Rollno = request.getParameter("rollno");
String syear = request.getParameter("Year");
String dept = request.getParameter("Department");
Part filePart = request.getPart("pphoto");
InputStream inputStream = null;
if (filePart != null) {
System.out.println(filePart.getName());
System.out.println(filePart.getSize());
System.out.println(filePart.getContentType());

inputStream = filePart.getInputStream();
}
System.out.println("pass------------>> :" + pass);

MCA Program, AIMS Institutes, 22-23 61

Certificate Authentication Using QR Code

System.out.println("email------------>> :" + mail);

DateFormat dateFormat = new SimpleDateFormat("YYYY/MM/dd HH:mm:ss");
Date date = new Date();
String time = dateFormat.format(date);
System.out.println("Date and Time : " + time);
System.out.println("name : " + name);

Connection conn = SQLconnection.getconnection();

Statement st = conn.createStatement();
Statement st1 = conn.createStatement();
ResultSet rs = st1.executeQuery("select * from students where email='" + mail + "'");
int count = 0;
while (rs.next()) {

count++;
}
if (count > 0) {
response.sendRedirect("Students.jsp?mailid");
} else {

try {
conn = SQLconnection.getconnection();

String sql = "INSERT INTO students (name, email, phone, address, pass, ustatus,
regtime, lastlog,ppic,rollno,syear,dept) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?,?,?)";
PreparedStatement statement = conn.prepareStatement(sql);
statement.setString(1, name);
statement.setString(2, mail);
statement.setString(3, phone);
statement.setString(4, address);

MCA Program, AIMS Institutes, 22-23 62

Certificate Authentication Using QR Code

statement.setString(5, pass);
statement.setString(6, "No");
statement.setString(7, time);
statement.setString(8, "No");
if (inputStream != null) {
statement.setBlob(9, inputStream);
}
statement.setString(10, Rollno);
statement.setString(11, syear);
statement.setString(12, dept);
int row = statement.executeUpdate();
if (row > 0) {
System.out.println("success");
response.sendRedirect("Students.jsp?Success");
} else {
System.out.println("Students.jsp?failed");
}
rs.close();
conn.close();
st.close();
st1.close();
} catch (Exception ex) {
ex.printStackTrace();
}
}
} catch (SQLException ex) {
Logger.getLogger(StudentRegister.class.getName()).log(Level.SEVERE, null, ex);
}
}

MCA Program, AIMS Institutes, 22-23 63

Certificate Authentication Using QR Code

// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on

the left to edit the code.">
/**
* Handles the HTTP <code>GET</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}

/**
* Handles the HTTP <code>POST</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}

MCA Program, AIMS Institutes, 22-23 64

Certificate Authentication Using QR Code

/**
* Returns a short description of the servlet.
*
* @return a String containing servlet description
*/
@Override
public String getServletInfo() {
return "Short description";
}// </editor-fold>

Student Request.java
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package CertificateAuth;

import CertificateAuth.Database.SQLconnection;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletException;

MCA Program, AIMS Institutes, 22-23 65

Certificate Authentication Using QR Code

import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
*
* @author NARESH
*/
public class StudentApproval extends HttpServlet {

/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
try (PrintWriter out = response.getWriter()) {
/* TODO output your page here. You may use following sample code. */
String uid = request.getParameter("uid");

Statement st = null;
Connection conn = SQLconnection.getconnection();
Statement sto = conn.createStatement();
st = conn.createStatement();

MCA Program, AIMS Institutes, 22-23 66

Certificate Authentication Using QR Code

try {
int i = sto.executeUpdate("update students set ustatus='Active' where id='" + uid +
"'");
System.out.println("test print==" + uid);
if (i != 0) {
ResultSet rs = st.executeQuery(" SELECT * from students where id = '" + uid +
"' ");
if (rs.next()) {
String email = rs.getString("email");

response.sendRedirect("StudentApproval.jsp?Granted");

} else {

System.out.println("failed");
response.sendRedirect("StudentApproval.jsp?Failed");
}
}
} catch (SQLException ex) {
}
} catch (SQLException ex) {
Logger.getLogger(StudentApproval.class.getName()).log(Level.SEVERE, null, ex);
}
}

// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on

the left to edit the code.">
/**
* Handles the HTTP <code>GET</code> method.
*

MCA Program, AIMS Institutes, 22-23 67

Certificate Authentication Using QR Code

* @param request servlet request

* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}

/**
* Handles the HTTP <code>POST</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}

/**
* Returns a short description of the servlet.
*
* @return a String containing servlet description
*/

MCA Program, AIMS Institutes, 22-23 68

Certificate Authentication Using QR Code

@Override
public String getServletInfo() {
return "Short description";
}// </editor-fold>

Certificate Request.java
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package CertificateAuth;

import CertificateAuth.Database.SQLconnection;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
*
* @author NARESH
*/

MCA Program, AIMS Institutes, 22-23 69

Certificate Authentication Using QR Code

public class CertReq extends HttpServlet {

/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
try (PrintWriter out = response.getWriter()) {
/* TODO output your page here. You may use following sample code. */
String year = request.getParameter("syear");

int studentId = Integer.parseInt(request.getParameter("studentid"));

String department = request.getParameter("Department");
String certype = request.getParameter("certype");
String sname = request.getParameter("sname");
String smail = request.getParameter("smail");
String rollno = request.getParameter("rollno");
try {

Connection connection = SQLconnection.getconnection();

String insertQuery = "INSERT INTO certrequests (syear, student_id,dept, certype,

sname, smail, rollno) VALUES ( ?, ?, ?, ?, ?, ?,?)";

MCA Program, AIMS Institutes, 22-23 70

Certificate Authentication Using QR Code

PreparedStatement insertStatement = connection.prepareStatement(insertQuery);

insertStatement.setString(1, year);
insertStatement.setInt(2, studentId);
insertStatement.setString(3, department);
insertStatement.setString(4, certype);
insertStatement.setString(5, sname);
insertStatement.setString(6, smail);
insertStatement.setString(7, rollno);

insertStatement.executeUpdate();

insertStatement.close();
connection.close();

response.sendRedirect("RequestCert.jsp?Sent"); // Redirect to a success page

} catch (SQLException e) {
e.printStackTrace();
// Handle exceptions here
}
}
}

// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on

the left to edit the code.">
/**
* Handles the HTTP <code>GET</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs

MCA Program, AIMS Institutes, 22-23 71

Certificate Authentication Using QR Code

* @throws IOException if an I/O error occurs

*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}

/**
* Handles the HTTP <code>POST</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}

/**
* Returns a short description of the servlet.
*
* @return a String containing servlet description
*/
@Override
public String getServletInfo() {
return "Short description";

MCA Program, AIMS Institutes, 22-23 72

Certificate Authentication Using QR Code

}// </editor-fold>

Certificate Approval.java
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package CertificateAuth;

import CertificateAuth.Database.SQLconnection;
import static CertificateAuth.QRCode.QRGen.createQR;
import com.google.zxing.EncodeHintType;
import com.google.zxing.WriterException;
import com.google.zxing.qrcode.decoder.ErrorCorrectionLevel;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.security.SecureRandom;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.HashMap;
import java.util.Map;
import java.util.Random;

MCA Program, AIMS Institutes, 22-23 73

Certificate Authentication Using QR Code

import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
*
* @author NARESH
*/
public class CertApprove extends HttpServlet {

/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
try (PrintWriter out = response.getWriter()) {
/* TODO output your page here. You may use following sample code. */
String reqid = request.getParameter("reqid");
String smail = request.getParameter("smail");
String path = "D://CertificateAuth";

MCA Program, AIMS Institutes, 22-23 74

Certificate Authentication Using QR Code

String pathf = path;

File newFolder = new File(pathf);

boolean created = newFolder.mkdirs();

if (created) {
System.out.println("Folder was created !");
} else {
System.out.println("Unable to create folder");
}

Connection conn = SQLconnection.getconnection();

Statement sto = conn.createStatement();

try {
int i = sto.executeUpdate("update certrequests set certstatus='Approved' where id='"
+ reqid + "'");
System.out.println("test print==" + reqid);
if (i != 0) {
Random RANDOM = new SecureRandom();
int PASSWORD_LENGTH = 10;
String letters = "378AIJKLM5CD4NOP126EFGHB9";
String cert_id1 = "";
for (int k = 0; k < PASSWORD_LENGTH; k++) {
int index = (int) (RANDOM.nextDouble() * letters.length());
cert_id1 += letters.substring(index, index + 1);
}
String cert_id = cert_id1;

String pathQR = pathf + "/" + smail + ".png";

MCA Program, AIMS Institutes, 22-23 75

Certificate Authentication Using QR Code

// Encoding charset
String charset = "UTF-8";

Map<EncodeHintType, ErrorCorrectionLevel> hashMap

= new HashMap<EncodeHintType, ErrorCorrectionLevel>();

hashMap.put(EncodeHintType.ERROR_CORRECTION,
ErrorCorrectionLevel.L);

// Create the QR code and save

// in the specified folder
// as a jpg file
createQR(cert_id, pathQR, charset, hashMap, 200, 200);
System.out.println("QR Code Generated!!! ");
String imagePath = pathQR;
File file = new File(imagePath);
InputStream inputStream = new FileInputStream(file);

// Read the image file into a byte array

File imageFile = new File(imagePath);
byte[] imageData = readImageBytes(imageFile);
String updateQuery = "UPDATE certrequests SET image_data = ?,cert_id = ?
WHERE id = ?";
PreparedStatement preparedStatement = conn.prepareStatement(updateQuery);

preparedStatement.setBytes(1, imageData);

preparedStatement.setString(2, cert_id);
preparedStatement.setString(3, reqid);

MCA Program, AIMS Institutes, 22-23 76

Certificate Authentication Using QR Code

preparedStatement.executeUpdate();

System.out.println("Image updated in database.");

System.out.println("Image saved to database.");

response.sendRedirect("CertRequest.jsp?Approved");
} else {
System.out.println("failed");
response.sendRedirect("CertRequest.jsp?Failed");
}
} catch (IOException | SQLException ex) {
} catch (WriterException ex) {
Logger.getLogger(CertApprove.class.getName()).log(Level.SEVERE, null, ex);
}
} catch (SQLException ex) {
Logger.getLogger(CertApprove.class.getName()).log(Level.SEVERE, null, ex);
}
}

// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on

the left to edit the code.">
/**
* Handles the HTTP <code>GET</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override

MCA Program, AIMS Institutes, 22-23 77

Certificate Authentication Using QR Code

protected void doGet(HttpServletRequest request, HttpServletResponse response)

throws ServletException, IOException {
processRequest(request, response);
}

/**
* Handles the HTTP <code>POST</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}

/**
* Returns a short description of the servlet.
*
* @return a String containing servlet description
*/
@Override
public String getServletInfo() {
return "Short description";
}// </editor-fold>

private static byte[] readImageBytes(File file) throws IOException {

MCA Program, AIMS Institutes, 22-23 78

Certificate Authentication Using QR Code

FileInputStream fis = new FileInputStream(file);

byte[] buffer = new byte[(int) file.length()];
fis.read(buffer);
fis.close();
return buffer;
}
}

Certificate Approval.java/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package CertificateAuth;

import CertificateAuth.Database.SQLconnection;
import static CertificateAuth.QRCode.QRGen.createQR;
import com.google.zxing.EncodeHintType;
import com.google.zxing.WriterException;
import com.google.zxing.qrcode.decoder.ErrorCorrectionLevel;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.security.SecureRandom;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.sql.Statement;

MCA Program, AIMS Institutes, 22-23 79

Certificate Authentication Using QR Code

import java.util.HashMap;
import java.util.Map;
import java.util.Random;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
*
* @author NARESH
*/
public class CertApprove extends HttpServlet {

/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
try (PrintWriter out = response.getWriter()) {
/* TODO output your page here. You may use following sample code. */

MCA Program, AIMS Institutes, 22-23 80

Certificate Authentication Using QR Code

String reqid = request.getParameter("reqid");

String smail = request.getParameter("smail");
String path = "D://CertificateAuth";
String pathf = path;
File newFolder = new File(pathf);

boolean created = newFolder.mkdirs();

if (created) {
System.out.println("Folder was created !");
} else {
System.out.println("Unable to create folder");
}

Connection conn = SQLconnection.getconnection();

Statement sto = conn.createStatement();

try {
int i = sto.executeUpdate("update certrequests set certstatus='Approved' where id='"
+ reqid + "'");
System.out.println("test print==" + reqid);
if (i != 0) {
Random RANDOM = new SecureRandom();
int PASSWORD_LENGTH = 10;
String letters = "378AIJKLM5CD4NOP126EFGHB9";
String cert_id1 = "";
for (int k = 0; k < PASSWORD_LENGTH; k++) {
int index = (int) (RANDOM.nextDouble() * letters.length());
cert_id1 += letters.substring(index, index + 1);
}

MCA Program, AIMS Institutes, 22-23 81

Certificate Authentication Using QR Code

String cert_id = cert_id1;

String pathQR = pathf + "/" + smail + ".png";

// Encoding charset
String charset = "UTF-8";

Map<EncodeHintType, ErrorCorrectionLevel> hashMap

= new HashMap<EncodeHintType, ErrorCorrectionLevel>();

hashMap.put(EncodeHintType.ERROR_CORRECTION,
ErrorCorrectionLevel.L);

// Create the QR code and save

// in the specified folder
// as a jpg file
createQR(cert_id, pathQR, charset, hashMap, 200, 200);
System.out.println("QR Code Generated!!! ");
String imagePath = pathQR;
File file = new File(imagePath);
InputStream inputStream = new FileInputStream(file);

// Read the image file into a byte array

File imageFile = new File(imagePath);
byte[] imageData = readImageBytes(imageFile);
String updateQuery = "UPDATE certrequests SET image_data = ?,cert_id = ?
WHERE id = ?";
PreparedStatement preparedStatement = conn.prepareStatement(updateQuery);

preparedStatement.setBytes(1, imageData);

MCA Program, AIMS Institutes, 22-23 82

Certificate Authentication Using QR Code

preparedStatement.setString(2, cert_id);
preparedStatement.setString(3, reqid);
preparedStatement.executeUpdate();

System.out.println("Image updated in database.");

System.out.println("Image saved to database.");

response.sendRedirect("CertRequest.jsp?Approved");
} else {
System.out.println("failed");
response.sendRedirect("CertRequest.jsp?Failed");
}
} catch (IOException | SQLException ex) {
} catch (WriterException ex) {
Logger.getLogger(CertApprove.class.getName()).log(Level.SEVERE, null, ex);
}
} catch (SQLException ex) {
Logger.getLogger(CertApprove.class.getName()).log(Level.SEVERE, null, ex);
}
}

// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on

the left to edit the code.">
/**
* Handles the HTTP <code>GET</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs

MCA Program, AIMS Institutes, 22-23 83

Certificate Authentication Using QR Code

* @throws IOException if an I/O error occurs

*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}

/**
* Handles the HTTP <code>POST</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}

/**
* Returns a short description of the servlet.
*
* @return a String containing servlet description
*/
@Override
public String getServletInfo() {
return "Short description";}

MCA Program, AIMS Institutes, 22-23 84

Certificate Authentication Using QR Code

CHAPTER-5
Testing
5.1 Testing Plan
System testing is a critical phase in the software development life cycle that focuses on
assessing the overall quality, functionality, and performance of a software system. It is a
comprehensive and systematic process that aims to identify defects, ensure that the system
meets specified requirements, and verify its readiness for deployment. System testing plays a
crucial role in delivering reliable, robust, and high-quality software solutions.

Importance of System Testing:

System testing serves as the final gatekeeper before a software system is released to users. It
helps identify and rectify defects, glitches, and inconsistencies that might have gone unnoticed
during earlier testing phases. By rigorously testing the complete system, organizations can
ensure that the software behaves as intended, performs well under various conditions, and meets
user expectations.

The purpose of testing is to discover errors. Testing is the process of trying to discover every
conceivable fault or weakness in a work product. It provides a way to check the functionality
of components, sub- assemblies, assemblies and/or a finished product. It is the process of
exercising software with the intent of ensuring that the Software system meets its requirements
and user expectations and does not fail in an unacceptable manner. There are various types of
test. Each test type addresses a specific testing requirement.

Unit testing

Unit testing involves the design of test cases that validate that the internal program logic is
functioning properly, and that program inputs produce valid outputs. All decision branches and
internal code flow should be validated. It is the testing of individual software units of the
application .it is done after the completion of an individual unit before integration. This is a
structural testing, that relies on knowledge of its construction and is invasive. Unit tests perform
basic tests at component level and test a specific business process, application, and/or system
configuration. Unit tests ensure that each unique path of a business process performs accurately
to the documented specifications and contains clearly defined inputs and expected results.

MCA Program, AIMS Institutes, 22-23 85

Certificate Authentication Using QR Code

Unit testing is an essential practice in software development that involves testing

individual units or components of a software application in isolation. Each unit, typically a
small piece of code or a function, is tested to ensure that it functions correctly and produces
expected outcomes. Unit testing plays a pivotal role in maintaining code quality, catching bugs
early, and facilitating efficient debugging and maintenance.

Importance of Unit Testing:

Unit testing focuses on verifying the correctness of code at its smallest functional level. By
isolating and testing individual units, developers can identify issues early in the development
process, preventing defects from propagating through the entire application. This practice
promotes better code quality, enhances software reliability, and simplifies the process of
identifying and fixing defects.

Integration testing
Integration tests are designed to test integrated software components to determine if
they actually run as one program. Testing is event driven and is more concerned with the basic
outcome of screens or fields. Integration tests demonstrate that although the components were
individually satisfaction, as shown by successfully unit testing, the combination of components
is correct and consistent. Integration testing is specifically aimed at exposing the problems
that arise from the combination of components.

Integration testing is a critical phase in the software development lifecycle that focuses
on testing the interactions and collaborations between different components or modules of a
software application. This testing phase ensures that the integrated system functions as a
cohesive whole, with various parts working seamlessly together. Integration testing identifies
and resolves issues related to data exchange, communication, and inter-component
dependencies.

Importance of Integration Testing:

Integration testing addresses the question: Do the different components of the software
work together harmoniously? This phase verifies that the individual units, which have already
been tested independently, can successfully collaborate and produce the desired outcomes when
combined.

MCA Program, AIMS Institutes, 22-23 86

Certificate Authentication Using QR Code

Integration testing plays a crucial role in ensuring that a software application's

components collaborate seamlessly to deliver the intended functionality. By identifying and
resolving issues related to interactions, dependencies, and data exchanges, integration testing
contributes to the overall stability and reliability of the integrated system. A successful
integration testing phase enhances confidence in the software's ability to perform as a unified
whole and helps avoid integration-related problems in production environments.

Functional test

Functional tests provide systematic demonstrations that functions tested are available
as specified by the business and technical requirements, system documentation, and user
manuals.

Functional testing is a vital testing methodology in software development that focuses

on verifying whether a software application's features and functionalities perform according to
the specified requirements. This type of testing assesses the application's behavior in response
to various inputs, user actions, and system interactions. Functional testing ensures that the
software meets user expectations, delivers the intended outcomes, and aligns with the defined
functional specifications.

Importance of Functional Testing:

Functional testing addresses the question: Does the software behave as expected? This
testing phase helps ensure that the application's functionalities are reliable, accurate, and meet
the defined business or user requirements. By validating that the software performs its intended
tasks correctly, functional testing contributes to delivering a high-quality and user-friendly
application.

Functional testing is centered on the following items:

Valid Input : identified classes of valid input must be accepted.

Invalid Input : identified classes of invalid input must be rejected.

Functions : identified functions must be exercised.

Output : identified classes of application outputs must be exercised.

MCA Program, AIMS Institutes, 22-23 87

Certificate Authentication Using QR Code

Systems/Procedures: interfacing systems or procedures must be invoked.

Organization and preparation of functional tests is focused on requirements, key

functions, or special test cases. In addition, systematic coverage pertaining to identify Business
process flows; data fields, predefined processes, and successive processes must be considered
for testing. Before functional testing is complete, additional tests are identified and the effective
value of current tests is determined.

Functional testing is a fundamental aspect of software quality assurance that ensures the
software's features and functionalities work as intended. By validating requirements, behaviors,
and user interactions, functional testing provides insights into the software's reliability and
alignment with user expectations. A successful functional testing phase contributes to
delivering a functional, user-friendly, and high-quality application that meets both business
goals and end-user needs.

System Test System testing ensures that the entire integrated software system meets
requirements. It tests a configuration to ensure known and predictable results. An example of
system testing is the configuration oriented system integration test. System testing is based on
process descriptions and flows, emphasizing pre-driven process links and integration points.

White Box TestingWhite Box Testing is a testing in which in which the software tester
has knowledge of the inner workings, structure and language of the software, or at least its
purpose. It is purpose. It is used to test areas that cannot be reached from a black box level.

White box testing, also known as structural testing or clear box testing, is a testing methodology
that focuses on examining the internal logic, structure, and code implementation of a software
application. Unlike black box testing that evaluates software functionalities from an external
perspective, white box testing delves into the underlying code to ensure that all aspects of the
codebase, including branches, conditions, loops, and data flows, are thoroughly tested. This
methodology aims to uncover defects, vulnerabilities, and potential optimizations within the
code.

Importance of White Box Testing:

White box testing addresses the question: Does the code behave as expected based on its
internal structure? This testing approach is particularly useful for identifying issues that might

MCA Program, AIMS Institutes, 22-23 88

Certificate Authentication Using QR Code

not be apparent through external testing methods and for ensuring that code paths and decision
points are adequately tested.

Key Objectives of White Box Testing:

Code Coverage:White box testing aims to achieve high code coverage by testing all possible
paths, branches, and conditions within the code. This ensures that all logical scenarios are
tested, increasing the likelihood of identifying defects.

Error Detection:By analyzing the code's internal logic, white box testing identifies issues such
as incorrect calculations, logical errors, syntax errors, and issues related to variables and data
manipulation.

Security Assessment:White box testing can uncover security vulnerabilities that might be
exploited by attackers. It helps identify potential weaknesses in code, such as inadequate input
validation or improper handling of sensitive data.

Performance Optimization:Through code analysis, white box testing can identify bottlenecks
and inefficient code segments that impact the application's performance. This information helps
in optimizing code for better efficiency.

Black Box Testing is testing the software without any knowledge of the inner workings,
structure or language of the module being tested. Black box tests, as most other kinds of tests,
must be written from a definitive source document, such as specification or requirements
document, such as specification or requirements document. It is a testing in which the software
under test is treated, as a black box .you cannot “see” into it. The test provides inputs and
responds to outputs without considering how the software works.

Black box testing is a testing methodology that focuses on evaluating the functionality of a
software application without examining its internal code, structure, or implementation details.
Instead, this approach treats the software as a "black box," where the tester interacts with the
application's inputs and examines its outputs to assess whether the desired functionalities work
as expected. Black box testing emphasizes validating the software's behavior based on user
specifications, requirements, and expected outcomes.

MCA Program, AIMS Institutes, 22-23 89

Certificate Authentication Using QR Code

Importance of Black Box Testing:

Black box testing addresses the question: Does the software behave as expected from an end-
user perspective? This methodology ensures that the software meets user requirements,
functions correctly, and delivers the intended outcomes without requiring knowledge of its
internal workings.

Unit Testing:

Unit testing is usually conducted as part of a combined code and unit test phase of the
software lifecycle, although it is not uncommon for coding and unit testing to be conducted as
two distinct phases.

Unit testing is a fundamental testing practice in software development that involves

testing individual units or components of a software application in isolation. Each unit, which
could be a function, method, class, or module, is tested to ensure that it behaves as intended
and produces the expected outputs for a given set of inputs. Unit testing is a key element of the
Test-Driven Development (TDD) approach and plays a critical role in maintaining code quality,
preventing defects, and facilitating efficient debugging.

Importance of Unit Testing:Unit testing addresses the question: Does each unit of code perform
as expected on its own? This testing approach is essential for catching bugs early in the
development process, isolating defects to specific units, and ensuring that individual
components function correctly before they are integrated into the larger system.

Test strategy and approach

Field testing will be performed manually and functional tests will be written in detail.
Test objectives
• All field entries must work properly.
• Pages must be activated from the identified link.
• The entry screen, messages and responses must not be delayed.

Features to be tested
• Verify that the entries are of the correct format
• No duplicate entries should be allowed
• All links should take the user to the correct page.

MCA Program, AIMS Institutes, 22-23 90

Certificate Authentication Using QR Code

• Integration Testing
Software integration testing is the incremental integration testing of two or more
integrated software components on a single platform to produce failures caused by interface
defects.The task of the integration test is to check that components or software applications,
e.g. components in a software system or – one step up – software applications at the company
level – interact without error.

Test Results: All the test cases mentioned above passed successfully. No defects encountered.

Acceptance TestingUser Acceptance Testing is a critical phase of any project and requires
significant participation by the end user. It also ensures that the system meets the functional
requirements.

Test Results: All the test cases mentioned above passed successfully. No defects encountered.

5.2Testing Methods
1. Unit Testing:
• Purpose: Verify the correctness of individual code components.
• Techniques: JUnit or TestNG for Java.
• Tests:
• QR code generation and parsing.
• Cryptographic operations for certificate validation.
• Input validation and error handling in Java code.
2. Integration Testing:
• Purpose: Test interactions between various system components.
• Techniques: Manual testing, as well as automated testing with JUnit or TestNG.
• Tests:
• Integration with the database for certificate storage and retrieval.
• Integration with external services or APIs used for authentication.
3. Functional Testing:
• Purpose: Validate that the system meets its functional requirements.
• Techniques: Manual testing and automated testing with Selenium or other
testing frameworks for web applications.

MCA Program, AIMS Institutes, 22-23 91

Certificate Authentication Using QR Code

• Tests:
• User authentication using QR codes.
• Certificate issuance and revocation.
• User access control and authorization.
4. Security Testing:
• Purpose: Identify and mitigate security vulnerabilities.
• Techniques:
• Manual security testing (ethical hacking).
• Automated security testing tools like OWASP ZAP.
• Tests:
• Verify that QR code data is securely transmitted and stored.
• Test for common vulnerabilities like SQL injection and Cross-Site
Scripting (XSS) in Java code.
5. Usability Testing:
• Purpose: Ensure the system is user-friendly.
• Techniques: Usability testing by real users and stakeholders.
• Tests:
• Validate the user experience during QR code authentication.
• Gather user feedback on the system's ease of use.
6. Performance Testing:
• Purpose: Evaluate system performance under different loads.
• Techniques: Tools like Apache JMeter for load testing.
• Tests:
• Test system performance under normal load.
• Assess system behavior under heavy load.
• Ensure the system can scale to handle increased traffic.
7. Regression Testing:
• Purpose: Ensure that new changes do not break existing functionality.
• Techniques: Automated testing using regression test suites with JUnit or
TestNG.
• Tests:

MCA Program, AIMS Institutes, 22-23 92

Certificate Authentication Using QR Code

• Rerun existing test cases after each code change to verify that existing
functionality is not disrupted.
8. Compatibility Testing:
• Purpose: Verify that the system works correctly across various platforms.
• Techniques: Manual testing.
• Tests:
• Ensure compatibility with different web browsers (e.g., Chrome,
Firefox, Safari).
• Verify compatibility with various operating systems (Windows, macOS,
Linux).
9. Deployment Testing:
• Purpose: Ensure a smooth deployment process.
• Techniques: Manual and automated testing.
• Tests:
• Test the installation and configuration of the system in different
environments (development, staging, production) in a Java-based
environment.
10. Post-Release Monitoring:
• Purpose: Continuously monitor the system in the production environment.
• Techniques:
• Log analysis and monitoring tools.
• User feedback channels.
• Tests:
• Monitor system performance and security in the live environment.
• Address any issues that arise promptly.

MCA Program, AIMS Institutes, 22-23 93

Certificate Authentication Using QR Code

5.3 Test Case :

Module 1: QR Code Generation (Java Code for Generating QR Codes)
1. Purpose: To test the generation of QR codes from certificates.
• Required Output: A QR code image containing certificate data.
• Expected Result: The generated QR code should accurately represent the
certificate data and be scannable.
2. Purpose: To verify that only valid certificates can be converted into QR codes.
• Required Output: An error message or exception for invalid certificates.
• Expected Result: Invalid certificates should not be converted into QR codes, and
the Java code should handle such cases gracefully.
Module 2: QR Code Scanning (Java Code for Scanning QR Codes)
3. Purpose: To test the scanning and decoding of QR codes.
• Required Output: Decoded certificate data.
• Expected Result: The Java code should correctly scan and decode the QR code,
extracting the certificate data.
4. Purpose: To verify the system's response when an invalid or corrupted QR code is
scanned.
• Required Output: An error message or exception for invalid QR codes.
• Expected Result: Invalid or corrupted QR codes should not be accepted, and the
Java code should handle such cases gracefully.
Module 3: Certificate Verification (Java Code for Certificate Verification)
5. Purpose: To test the system's ability to verify the authenticity of the certificate.
• Required Output: A verification status (e.g., "Valid" or "Invalid").
• Expected Result: The Java code should correctly validate the certificate by
cross-referencing it with a trusted authority or database.
6. Purpose: To verify how the system handles expired certificates.
• Required Output: A verification status indicating the certificate is expired.
• Expected Result: The Java code should correctly detect and reject expired
certificates.
7. Purpose: To verify how the system handles revoked certificates.
• Required Output: A verification status indicating the certificate is revoked.
• Expected Result: The Java code should correctly detect and reject revoked
certificates.

MCA Program, AIMS Institutes, 22-23 94

Certificate Authentication Using QR Code

Module 4: Access Control (Java Code for Access Control)

8. Purpose: To test access control based on verified certificates.
• Required Output: Access granted or denied based on certificate verification.
• Expected Result: The Java code should grant access if the certificate is valid and
deny access if it's invalid.
9. Purpose: To test the system's response to multiple failed verification attempts.
• Required Output: Temporary lockout or access restriction after multiple failed
attempts.
• Expected Result: The Java code should implement security measures to prevent
brute force attacks.
Module 5: Reporting and Logging (Java Code for Logging and Reporting)
10. Purpose: To test the logging of authentication events.
• Required Output: Log entries with authentication details.
• Expected Result: The Java code should record all authentication events,
including successful and failed attempts, for auditing and troubleshooting
purposes.
11. Purpose: To test the reporting of security incidents, such as repeated failed
authentication attempts.
• Required Output: Security incident notifications or logs.
• Expected Result: The Java code should generate alerts or notifications for
suspicious or malicious activities and log them for further analysis.

MCA Program, AIMS Institutes, 22-23 95

Certificate Authentication Using QR Code

CHAPTER-6
Screenshots

MCA Program, AIMS Institutes, 22-23 96

Certificate Authentication Using QR Code

MCA Program, AIMS Institutes, 22-23 97

Certificate Authentication Using QR Code

MCA Program, AIMS Institutes, 22-23 98

Certificate Authentication Using QR Code

MCA Program, AIMS Institutes, 22-23 99

Certificate Authentication Using QR Code

CHAPTER-8
Limitations and Future Enhancements
Limitations:
1. Security Concerns: QR codes are susceptible to various security risks, including
interception and tampering. Strong encryption and secure transmission protocols must
be used to mitigate these risks.
2. Dependency on QR Code: If the QR code itself is compromised or the device used to
scan it is untrusted, the security of the certificate authentication system can be
compromised.
3. QR Code Legibility: The legibility of QR codes can be affected by factors such as low-
quality printing, damage, or poor lighting conditions, leading to authentication failures.
4. Certificate Management: Managing certificates, especially in a large-scale
environment, can be complex. There is a need for efficient certificate lifecycle
management and revocation mechanisms.
5. Offline Authentication: QR code-based authentication may not work when offline.
Implementing offline authentication mechanisms is essential in some scenarios.
6. User Experience: Scanning QR codes might not provide the best user experience,
especially for users with visual impairments or in situations where manual entry is
required.
Future Enhancements:
1. Biometric Authentication: Integration with biometric authentication methods
(fingerprint, facial recognition) can enhance security and user experience.
2. Multi-Factor Authentication (MFA): Adding MFA as an option can further secure the
authentication process, combining something you know (the certificate) with something
you have (a mobile device) or something you are (biometrics).
3. Blockchain Integration: Utilizing blockchain technology can enhance the trust and
transparency of certificate issuance and verification.
4. Dynamic QR Codes: Implementing dynamic QR codes that change regularly can
enhance security and prevent replay attacks.
5. Secure Element Integration: Using secure elements in mobile devices or hardware
tokens for certificate storage can improve security.
6. Machine Learning for Threat Detection: Implementing machine learning algorithms for
real-time threat detection and anomaly identification can enhance security.
7. Standardization: Encouraging the adoption of QR code standards for certificate
encoding and data format can improve interoperability.

MCA Program, AIMS Institutes, 22-23 100

Certificate Authentication Using QR Code

CHAPTER-8
Conclusion & Discussion
The "Certificate Authentication System using QR Code" represents a significant advancement
in modernizing the process of certificate verification and authentication. This innovative project
addresses the challenges posed by traditional, manual systems and introduces a streamlined,
efficient, and secure approach to certifying academic credentials. By implementing a series of
well-designed modules, including Student Registration and Authentication, Certificate
Request, Admin Management, and QR Code Verification, this system offers a comprehensive
solution for both certificate holders and verifiers. It ensures the authenticity of certificates while
significantly reducing the time and effort required for verification. The project leverages
cutting-edge technologies such as QR codes, Java, and MySQL to create a user-friendly
interface for students, administrators, and verifiers alike. It enhances security, accessibility, and
efficiency, making it an invaluable tool in today's competitive job and education landscape.
With the ability to generate various types of certificates, automate communication, and provide
real-time updates, this system caters to the diverse needs of educational institutions, employers,
and certificate holders. It significantly reduces the risk of certificate fraud, improves decision-
making for employers and institutions, and contributes to a more reliable certification
ecosystem. In conclusion, the "Certificate Authentication System using QR Code" project is a
testament to the potential of technology in revolutionizing traditional processes. By offering a
secure and efficient means of certificate authentication, this system not only safeguards the
integrity of academic credentials but also streamlines administrative tasks, ultimately
benefiting both educational institutions and individuals seeking to verify their qualifications. It
is a step forward in ensuring the trustworthiness of certificates and promoting a more
transparent and reliable credential verification process.
FUTURE WORK:
While the "Certificate Authentication System using QR Code" project represents a significant
advancement in certificate authentication, there are several avenues for future work and
enhancements to further improve the system's functionality, security, and usability. Some
potential areas of future development include:
Integration with Blockchain Technology: Exploring the integration of blockchain technology
to enhance the security and immutability of certificate records. Blockchain can provide a
tamper-proof ledger for storing certificates, ensuring their long-term integrity.
Enhanced Mobile Application: Developing a dedicated mobile application for both students
and verifiers, allowing for more convenient access to certificate requests and verifications using
smartphones.
Machine Learning for Fraud Detection: Implementing machine learning algorithms to detect
and prevent fraudulent certificate submissions or tampered QR codes. This can add an
additional layer of security to the system.
Multi-Language Support: Expanding the system to support multiple languages to cater to a
diverse user base, including international users.

MCA Program, AIMS Institutes, 22-23 101

Certificate Authentication Using QR Code

Improved Analytics and Reporting: Enhancing the reporting and analytics capabilities of the
system to provide insights into certificate verification trends, user activity, and system
performance.
Integration with Academic Institutions: Collaborating with educational institutions to enable
direct integration with their student databases, streamlining the student registration and
authentication process.
Mobile Wallet Integration: Exploring the integration of mobile wallet applications to store and
manage digital certificates securely.
User Feedback and Usability Testing: Continuously gathering feedback from users to identify
areas for improvement and refine the user interface and overall user experience.
Enhanced Data Privacy: Implementing advanced data privacy measures to comply with
evolving data protection regulations, such as GDPR or CCPA, to protect user information.
Scalability and Performance Optimization: Ensuring that the system can handle increased user
loads and optimizing its performance to accommodate a growing user base.
Accessibility Compliance: Ensuring that the system complies with accessibility standards,
making it usable for individuals with disabilities.
Cybersecurity Audits: Conducting regular cybersecurity audits and penetration testing to
identify and mitigate potential vulnerabilities in the system.
AI-Driven Certificate Matching: Utilizing artificial intelligence for automated matching of
scanned QR codes to the correct certificate records, further reducing human error.
Enhanced Certificate Templates: Offering customizable certificate templates to institutions for
a more personalized and professional appearance.
Collaboration with Certificate Authorities: Partnering with certificate authorities and industry
bodies to establish standards and best practices for digital certificate authentication.
These future work areas demonstrate the potential for ongoing development and improvement
of the "Certificate Authentication System using QR Code." By embracing emerging
technologies and responding to user feedback, the system can continue to evolve as a robust
and reliable solution for certificate verification in the digital age.

MCA Program, AIMS Institutes, 22-23 102

Certificate Authentication Using QR Code

CHAPTER-9
REFERENCES

1. K. M. Revathi, P. Annapandi, P. K. Ramya "Enhancing Security in Identity Documents

Using QR Code" in International Journal of Research in Engineering & Advanced
Technology, Volume 1, Issue 5, Oct-Nov, 2013.

2. R. L. Renesse, "Paper-based document security–A Review," in European Conf. on

Security and Detection, 1997.

3. M. Singh and D. Garg, "Choosing best hashing strategies and hash functions," in
International Advance Computing Conference, 2009, pp. 50 – 55.

4. J. Z. Gao, "Understanding 2D-barcode technology and applications in M-commerce –

design and implementation of a 2D barcode processing solution," in International
Conference on Computer Software and Application, 2007, pp. 49 – 56

5. How UPC Barcode Work, http://electronics. howstuffworks. com/gadgets/high-tech-

gadgets/upc. Htm

6. Document Authentication System Preventing and Detecting fraud of Paper Documents,

http://www. hpl. hp. com/india

7. High Capacity Color Barcode, http://en. wikipedia.

org/wiki/High_Capacity_Color_Barcode

8. SmartDEGREE from TCS to combat Certificate Malpractices,http://www.

tcs.com/SiteCollectionDocuments/White%20Papers/TCS_Innovation_Whitepaper_T
CS_Smart_Degree_11_09. Pdf

9. QR Code Tutorial, http://www. thonky. com/qr-code-tutorial

MCA Program, AIMS Institutes, 22-23 103

Certificate Authentication Using QR Code

10. Digital Signatures, http://technet. microsoft. com/en-us/library/cc962021. aspx.

11. Digital Signature, http://en. wikipedia. org/wiki/Digital_signature

12. Introduction to Android Development, http://www. ibm.

com/developerworks/library/os-android-devel

13. What are 2D Barcodes, http://tag. microsoft. com/what-is-tag/2d-barcodes. Aspx

14. International Organization for Standardization ISO/IEC 18004 Information technology

- Automatic identification and data capture techniques - Bar code symbology - QR
Code, http://raidenii. net/files/datasheets/misc/qr_code. Pdf

15. QRCodes,http://www. qrcode. es/en/2013/12/%C2%BFcual-es-el-tamano-minimo-de-

un-qr-code/

16. QRStuff,http://www. qrstuff. com/blog/2011/01/18/what-size-should-a-qr-code-be

MCA Program, AIMS Institutes, 22-23 104