May 5, 2025 • 18 mins
QR codes are scanned every day for restaurant menus, parking payments or flight boarding passes, but malicious users can take advantage of the technology for phishing and other criminal activities. Gaurav Sharma and Irving Barron, professors at the University of Rochester, discuss QR code technology and how their research makes it safer.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:03):
This is the Discovery Files podcastfrom the U.S.
National Science Foundation.
The development of barcodesallowed information
to be encoded into a black and white image
that could be scanned with lasertechnologies.
The adoption of barcodeshas broadly impacted inventory management,
and adding pricing information
(00:23):
has transformed our checkout experienceat grocery stores today.
Quick response,or QR codes are scanned by smart devices
for restaurant menus, parking paymentsor flight boarding passes,
but malicious users can take advantageof the technology for phishing
and other criminal activities.
We're joined by Gaurav Sharma, professorof electrical and computer engineering,
(00:44):
computer science and biostatisticsand computation on biology,
as well as Irving Barron,assistant professor of electrical
and computer engineering,both at the University of Rochester,
where they are working onnew forms of more secure QR codes.
Thank you both for joining metoday. It's my pleasure to join you, Nate.
Thank you for having me here.
So I want to start with the big question,what are QR codes?
(01:06):
So QR codes are these 2D barcodeswhich are encoding digital information
in the form of a machinereadable image format.
So just like you have these UPC barcodeswhich are traditional 1D barcodes,
which encode these productsthat we buy at grocery stores and other
department stores.
These are 2D versions of those codes.
Do they functionthe same way on the back end?
(01:27):
Like is the technical waythese things work the same?
So I think the technologiesare somewhat different.
The traditional 1D bar codes
are designed for reading with specializedlaser scanners.
As technology has evolved,
image sensorshave become really cheap and ubiquitous
because you have them everywhere in oursmartphones and in our tablet devices.
So that's become a much more cheaperalternative for reading images.
(01:49):
And that has really provokedthis revolution in people
trying to use these 2D barcodes.
And QR codesare one instantiation of this.
There are also other 2D barcodesthat are actually coming into the space.
So how does a camera sensorread the barcode?
So the camera sensoractually just senses an image.
And the QR code is designedin a particular way
such that localization,which is finding out where the barcode
(02:12):
is, is designedto be very efficient and fast.
So it's essentially doing some very quickscanning to figure out where in the image
a barcode is located.
And once it locates the barcode,then the process is really the location
markersbreak up the field into small squares,
and whether the square is lighter or not
so determined whether you bought a oneor a zero in that particular square.
(02:34):
So those squares are called modules.
So the rise of smartphonesI think has correlated with seeing these
becoming more popular.
Like I feel like I started seeing QR codesmaybe around 2000s.
How did QR codes movefrom being a logistic tool
to being somethingpeople were using for advertising?
A couple of things.
Firstly, I think the companywhich invented this technology,
(02:55):
they made it available openly,so that allowed people to adopt it easily.
The technology is quite robustin the sense that there is good
error correction built into this,
so that you can capture itin spite of some distortions.
So you will typically see this in the formof beautification, where people
will take a small segment of the QR codeand replace it with a logo.
So that's deliberately cannibalizingthe small region of the image to put
(03:16):
a logo in.
And the error correction is so robustthat it can still recover it.
So that's what prompted this.
And among the different technologies,the QR codes happened to be the ones
which are actually probablythe most robust in my experience,
there are a variety of 2dbarcode technologies.
But QR quotes tend to be the most robust.
So I think that that rise in popularityhas made it more of a potential target
for phishing.
(03:37):
Like criminals will take advantageof new opportunities and new technologies
in that kind of way.
Can you talk a little bitabout what makes a QR code
so susceptibleto phishing or quishing scams?
So we tend to think about good peoplebeing the enterprising ones,
but thieves are also fairly enterprising.
Anytime a new technology comes on board,
they think about ways inwhich can be exploited.
(03:58):
So QR code was something
which would conveniently allow somebodyto connect to an online resource.
So, for instance, you want to connectto your bank on your smartphone
rather than right from the URL.
You could just have a QR code,
which gives you a pointer to thatand allows you to connect there.
So now enterprising folks figured outthat this is a way they can plan directly
to a site which looks like a bank site,but is not really a mine site,
(04:20):
and then they can get you to get to themyour confidential information.
There's also other use cases,as in any kind of technology
which is used,people will come out with different ways.
So for instance, municipalities
put on these QR codes on parking metersas a way to pay for parking.
And again, enterprising individualsthought it would be a nice thing.
They could place their own PR codes on top
and redirect the payments themselvesrather than to the municipalities.
(04:42):
And that's really a double whammybecause you both get a parking ticket,
and also you have paid moneyto some thieves.
With quishing, you are sending an imageand really unless you decode, this
QR code.
You have no way to tellthat there is a malicious link in there.
So that's really the threat.
That people are so used nowto scan QR codes,
(05:03):
because you use them for two factorauthentication.
You use it to see your restaurant menu.
It is such a commoditynow that you don't take twice to scan it
in an email, speciallybecause if you are in a workplace
where they use specifically QR codesfor some authentication procedures,
then people immediately trust and scan.
So because they email security nowadaysthey are working though
(05:27):
in improving that aspect,but it's not there yet.
So these malicious QR codesget to people and bad actors
love them because they may be all these malicious websites.
But these people do not visitthe websites,
they don't get the informationthey are after.
Right?
So QR codes in a way,are a perfect vehicle for them
(05:48):
to obfuscate their intentions.
Is there a way for the consumeror the user or an average person
clicking through a QR codeto know that it's a secure link?
Sure, that's a great question.
And multiple private companies
and all the researchers have proposedsolutions.
Immediately, what I can think of isthere are antivirus apps,
(06:10):
maybe in the Google Play Store or AppStore that let you know if the link
that you are trying to visit is maliciousbecause they have maybe a registry
of different fake websitesor something like that.
However,one other thing that QR codes facilitate
these bad actorsis a use of shortening services.
So when you do like an onlineQR code, create that thing.
(06:35):
You are going to get a short versionof the malicious website.
So when the solution the antivirus app,let's call it like that
scan, this QR code is going to say,oh, this is just a shortened URL,
and unless it does more to identifywhere it is going,
then you might still be fallingfor the scam.
(06:55):
But yes, there are some measures, but
this is the endless cat and mouse chase.
Bad actors are always tryingto see how they can circumvent
these security measures.
And of course, people who work on securityare always trying to make their
validations harder. Right.
That short link thing makes me thinkof some of the phishing schemes you see
with emails where the address isalmost right, but not quite.
(07:18):
Exactly right.
And if you think about itas you are putting pressure
on the userto be the one to judge that link,
and let's be honest, most people, including myself,
I don't go through,let's say a 100 character web link going
character by character to see if it isactually a true or not website or URL.
(07:40):
So moving into your research,
you have an approachthat might make these a lot safer.
Can you talk a little bit about the selfauthenticating dual modulation approach?
The name just rolls off of the top right.
So basicallywhat we did is we started with creating
and developing a new design that builds ontop of the QR code framework.
(08:03):
And that's what we call a dual modulatedQR code.
Now here basically we have use
oriented elliptical dots instead ofthe traditional square modules
that you can find the QR codes to embedan additional layer of information.
Now with this additional informationcomes the self authentication part.
(08:23):
We create a digital signature of.
Let's use an example.
The link to a bank website login page.
So we have that URL that we communicatethrough the regular QR code message.
And then we use the additional layerof information to create
a digital signature of that bank URLthe authentic URL.
(08:46):
Now you need some trusted authority.
Let's, for the sake of argument,say Google or Apple, which are the.
As you might know,
the two big players on mobiledevelopment and mobile operating systems.
So they say, yes,this is actually a trusted website,
but you have the signature.
You have the website.
(09:06):
Now when you try to decode itor capture it with your camera,
there is already softwarethat is going to check the website,
the signature and is going to say, okay,
this particular websitewas signed by Apple
and therefore I can trustthat is going to be on this website.
However,if you do not have that signature,
(09:27):
you can let the user know, hey,you know what?
You have this link in this QR code.
I was not able to say who created it onwho sign it.
So it is up to youif you decide that you want to continue.
Or we can be more aggressiveand straight up.
Don't allow it to continue.
So the authentication happensin the device itself.
We do not need to goor have an internet connection to request.
(09:51):
Okay. Let's compareif this is actually authentic.
No, all you need is within the QR codeitself.
Well, the barcode lets you analyzeand the software in your smartphone.
And for the user,that really reinforces the security
when your device is confirming thatthe link is legitimate
before you even have a chanceto look at the link.
That's right.
Because if you already followed the linkin some sense,
(10:11):
then you possiblyexpose yourself to malware.
And so this is sort of a key thingin security.
Oftenthe focus is initially on functionality.
On first getting the functionalityand security comes with an afterthought.
So in many applicationsthat becomes a challenge
because you already have somethingdeployed.
Now you're trying to retrofit securityand you want to do that in a way
(10:31):
that does not break things.
So that's where the dual modulationis particularly advantageous
because as I mentioned, the primaryapplication is not impacted at all.
The primary data even.
But in the QR code is not impacted at allby the dual modulation.
I understand
you're working on other strategies,such as adding color to QR codes as well.
Color is a differentkind of degree of freedom that you have.
The smartphone devices.
(10:52):
We actually exploredthat also extensively.
That was the first direction we startedon was looking at color
and the unique aspect in our approachwas to do things in a modular fashion.
So if you look at color
displays, for example,they use red, green and blue channels.
So our approach was unique in the sensethat we can do
one barcode at each of the channelsand what you get at the other end.
(11:12):
When you get to an image, you get crosscoupling between the channels.
And then we can implement machinelearning techniques to understand
what is the natureof coupling and undo it.
And now we can actually do a combinationof both these techniques.
Also we can do the dual modulationas well as the color
to get about six times as much datawithin the same footprint.
What is the path forward
to get this research outinto widespread use for consumers?
(11:34):
I believe your NSF AI Corp's awardhas to do with this translational aspect.
While we didn't get NSF supportfor the research part.
In this program, what they teach you ishow to get out of your building,
your research buildingand talk to people, right?
See what they need.
(11:54):
See if what you are buildingis actually something that they would
like to have, buy, or somethingthat will make their lives better.
And I believe personally,after going through all this experience
that it is as importantas the research work,
because at the end of the day,what I learned is the customer
(12:16):
or potential customerdoes not care, usually,
if you found a very elegant
mathematical wayto create these elliptical bots
and you develop, a statistical modelsuch that the error correction is better.
What they care about iswhat can your research
your product do for me to solve my issues?
(12:38):
Right now
we have several journal publicationsand conference publications.
We have already validated all the science.
We have a prototype working,but our prototype is on a
traditional computer.
So you need to take a picture,put that into the computer
and then do the decoding.
People definitely nobody wants to do that.
(12:59):
You want to carry a computer,capture QR code
and do the authentication on your PC.
You want it to livein your smartphone, right?
So that's the first thing we want to do.
We want to develop this mobile appto better showcase the seamless
authentication that you can achievewith DSC and QR codes.
Then once we have that,the next step really as I mentioned,
(13:23):
we require a trusted authority,
someone that can be the one saying,yes, this
URLs, this web links,this content is safe to follow.
And we can think, nobody better than Apple
and Google themselvesto be these trusted authorities.
So then I would like to think that we need to approach somehow,
(13:48):
expose our caseand see if we can go from there.
But I think that would be the easiest wayto adoption, having them come together
and working with us to put thisin your camera such that tomorrow
you can just use what you already haveand you have the additional protection.
If we are not able to do that,then we might go a different route.
(14:12):
Maybe we try to partner with
other companiesthat work with QR codes, barcode decoders,
and they might be interested in adoptingthis additional layer of security
and maybe go from there.
So the broader application spacewe think about
is broader than just the specific aspectthat we talked about, about Anti-Phishing.
So for instance, a lot of applicationsthere's interesting track in place.
(14:35):
You're looking at supply chains.
Now there's interestin trying to figure out
whether you maintain the integrityof the supply chain and can establish
how things travel to that.
So we are also exploring that spacein our efforts
at looking at commercialization.
For my last question to each of you,I want to think about the future
and what's ahead.
(14:55):
Professor Sharma,
where do you see this technologygoing in the next ten years, let's say?
So the UPC, traditional UPCuniversal product code,
that was the one the 1d barcodethat we're all familiar with
is increasinglybeing replaced by 2D versions,
either the data matrixor the QR code that we talk about.
Okay.
So now as that's happening,what modulation allows us,
(15:16):
the ability to add a new functionalitytransparently
to what is being donewith the primary application.
And that's really quite helpful because,
you can think about thingsthat are standardized.
So there's a global standardizationinitiative called GS1
which standardizesthese 2D barcode for product labeling.
If it's standardized
then the challenges it'sthis great that you have interoperability.
(15:38):
But the challengeis any additional innovation
you want to introduce on top of itbecomes difficult
because you've got to now arguewith the standard.
So what are dual modulationallows us to do this as transparently.
We can add new functionality.
And that's what we are exploringthrough this broader...
We’ve got an NSF I-Corps grant,for which we are actually exploring
this idea of broader applicationsfor the technology
(16:00):
and seeing which one is the fix pointthat we would like to address first.
How about you, Professor Barron, where
would you like to see this technologygo in the next decade?
QR codes in general.
I think they are going to stick aroundfor some time specifically.
Recently, the traditional rectangular
barcode is being phased away by GS1,
(16:23):
and they are gonna really pushthe adoption of QR codes.
If I remember correctly, datamatrix called other 2D barcodes.
So they are going to stick aroundI don't know.
But based on what we have seenwith the traditional rectangle barcode,
I am sure it would be at least ten years.
(16:43):
Now regarding of
where do I seeour particular research going forward is.
Well, there are needs that we found
in the national I-Corpsteams program that we believe,
we can address by doing some additionalresearch and some additional development,
without going too much into the specifics,but we live in a world
(17:07):
where we require more and more informationto be communicated.
That's just increasing, right?
So QR codes have been around fora long time, and we really want to pack
as much informationas possible in these guys
without making them unnecessarily big.
And this is particularly importantin packaging
where real estate is a premium.
(17:29):
So that's one possible research directionwhere we might go
and solve that issue of packingas much information as possible,
while keeping readabilityand as much compatibility as possible.
Specialthanks to Gaurav Sharma and Irving Barron.
For the Discovery Files, I'm Nate Pottker.
You can watch video versions
of these conversations on our YouTubechannel by searching @NSFscience.
(17:50):
Please subscribe wherever you get podcastsand if you like our program,
share it with a friendand consider leaving a review.
Discover how the U.S.
National Science Foundationis advancing research at NSF.gov.
This is the Discovery Files podcastfrom the U.S.
National Science Foundation.
The development of barcodesallowed information
to be encoded into a black and white image
that could be scanned with lasertechnologies.
The adoption of barcodeshas broadly impacted inventory management,
and adding pricing information
(00:23):
has transformed our checkout experienceat grocery stores today.
Quick response,or QR codes are scanned by smart devices
for restaurant menus, parking paymentsor flight boarding passes,
but malicious users can take advantageof the technology for phishing
and other criminal activities.
We're joined by Gaurav Sharma, professorof electrical and computer engineering,
(00:44):
computer science and biostatisticsand computation on biology,
as well as Irving Barron,assistant professor of electrical
and computer engineering,both at the University of Rochester,
where they are working onnew forms of more secure QR codes.
Thank you both for joining metoday. It's my pleasure to join you, Nate.
Thank you for having me here.
So I want to start with the big question,what are QR codes?
(01:06):
So QR codes are these 2D barcodeswhich are encoding digital information
in the form of a machinereadable image format.
So just like you have these UPC barcodeswhich are traditional 1D barcodes,
which encode these productsthat we buy at grocery stores and other
department stores.
These are 2D versions of those codes.
Do they functionthe same way on the back end?
(01:27):
Like is the technical waythese things work the same?
So I think the technologiesare somewhat different.
The traditional 1D bar codes
are designed for reading with specializedlaser scanners.
As technology has evolved,
image sensorshave become really cheap and ubiquitous
because you have them everywhere in oursmartphones and in our tablet devices.
So that's become a much more cheaperalternative for reading images.
(01:49):
And that has really provokedthis revolution in people
trying to use these 2D barcodes.
And QR codesare one instantiation of this.
There are also other 2D barcodesthat are actually coming into the space.
So how does a camera sensorread the barcode?
So the camera sensoractually just senses an image.
And the QR code is designedin a particular way
such that localization,which is finding out where the barcode
(02:12):
is, is designedto be very efficient and fast.
So it's essentially doing some very quickscanning to figure out where in the image
a barcode is located.
And once it locates the barcode,then the process is really the location
markersbreak up the field into small squares,
and whether the square is lighter or not
so determined whether you bought a oneor a zero in that particular square.
(02:34):
So those squares are called modules.
So the rise of smartphonesI think has correlated with seeing these
becoming more popular.
Like I feel like I started seeing QR codesmaybe around 2000s.
How did QR codes movefrom being a logistic tool
to being somethingpeople were using for advertising?
A couple of things.
Firstly, I think the companywhich invented this technology,
(02:55):
they made it available openly,so that allowed people to adopt it easily.
The technology is quite robustin the sense that there is good
error correction built into this,
so that you can capture itin spite of some distortions.
So you will typically see this in the formof beautification, where people
will take a small segment of the QR codeand replace it with a logo.
So that's deliberately cannibalizingthe small region of the image to put
(03:16):
a logo in.
And the error correction is so robustthat it can still recover it.
So that's what prompted this.
And among the different technologies,the QR codes happened to be the ones
which are actually probablythe most robust in my experience,
there are a variety of 2dbarcode technologies.
But QR quotes tend to be the most robust.
So I think that that rise in popularityhas made it more of a potential target
for phishing.
(03:37):
Like criminals will take advantageof new opportunities and new technologies
in that kind of way.
Can you talk a little bitabout what makes a QR code
so susceptibleto phishing or quishing scams?
So we tend to think about good peoplebeing the enterprising ones,
but thieves are also fairly enterprising.
Anytime a new technology comes on board,
they think about ways inwhich can be exploited.
(03:58):
So QR code was something
which would conveniently allow somebodyto connect to an online resource.
So, for instance, you want to connectto your bank on your smartphone
rather than right from the URL.
You could just have a QR code,
which gives you a pointer to thatand allows you to connect there.
So now enterprising folks figured outthat this is a way they can plan directly
to a site which looks like a bank site,but is not really a mine site,
(04:20):
and then they can get you to get to themyour confidential information.
There's also other use cases,as in any kind of technology
which is used,people will come out with different ways.
So for instance, municipalities
put on these QR codes on parking metersas a way to pay for parking.
And again, enterprising individualsthought it would be a nice thing.
They could place their own PR codes on top
and redirect the payments themselvesrather than to the municipalities.
(04:42):
And that's really a double whammybecause you both get a parking ticket,
and also you have paid moneyto some thieves.
With quishing, you are sending an imageand really unless you decode, this
QR code.
You have no way to tellthat there is a malicious link in there.
So that's really the threat.
That people are so used nowto scan QR codes,
(05:03):
because you use them for two factorauthentication.
You use it to see your restaurant menu.
It is such a commoditynow that you don't take twice to scan it
in an email, speciallybecause if you are in a workplace
where they use specifically QR codesfor some authentication procedures,
then people immediately trust and scan.
So because they email security nowadaysthey are working though
(05:27):
in improving that aspect,but it's not there yet.
So these malicious QR codesget to people and bad actors
love them because they may be all these malicious websites.
But these people do not visitthe websites,
they don't get the informationthey are after.
Right?
So QR codes in a way,are a perfect vehicle for them
(05:48):
to obfuscate their intentions.
Is there a way for the consumeror the user or an average person
clicking through a QR codeto know that it's a secure link?
Sure, that's a great question.
And multiple private companies
and all the researchers have proposedsolutions.
Immediately, what I can think of isthere are antivirus apps,
(06:10):
maybe in the Google Play Store or AppStore that let you know if the link
that you are trying to visit is maliciousbecause they have maybe a registry
of different fake websitesor something like that.
However,one other thing that QR codes facilitate
these bad actorsis a use of shortening services.
So when you do like an onlineQR code, create that thing.
(06:35):
You are going to get a short versionof the malicious website.
So when the solution the antivirus app,let's call it like that
scan, this QR code is going to say,oh, this is just a shortened URL,
and unless it does more to identifywhere it is going,
then you might still be fallingfor the scam.
(06:55):
But yes, there are some measures, but
this is the endless cat and mouse chase.
Bad actors are always tryingto see how they can circumvent
these security measures.
And of course, people who work on securityare always trying to make their
validations harder. Right.
That short link thing makes me thinkof some of the phishing schemes you see
with emails where the address isalmost right, but not quite.
(07:18):
Exactly right.
And if you think about itas you are putting pressure
on the userto be the one to judge that link,
and let's be honest, most people, including myself,
I don't go through,let's say a 100 character web link going
character by character to see if it isactually a true or not website or URL.
(07:40):
So moving into your research,
you have an approachthat might make these a lot safer.
Can you talk a little bit about the selfauthenticating dual modulation approach?
The name just rolls off of the top right.
So basicallywhat we did is we started with creating
and developing a new design that builds ontop of the QR code framework.
(08:03):
And that's what we call a dual modulatedQR code.
Now here basically we have use
oriented elliptical dots instead ofthe traditional square modules
that you can find the QR codes to embedan additional layer of information.
Now with this additional informationcomes the self authentication part.
(08:23):
We create a digital signature of.
Let's use an example.
The link to a bank website login page.
So we have that URL that we communicatethrough the regular QR code message.
And then we use the additional layerof information to create
a digital signature of that bank URLthe authentic URL.
(08:46):
Now you need some trusted authority.
Let's, for the sake of argument,say Google or Apple, which are the.
As you might know,
the two big players on mobiledevelopment and mobile operating systems.
So they say, yes,this is actually a trusted website,
but you have the signature.
You have the website.
(09:06):
Now when you try to decode itor capture it with your camera,
there is already softwarethat is going to check the website,
the signature and is going to say, okay,
this particular websitewas signed by Apple
and therefore I can trustthat is going to be on this website.
However,if you do not have that signature,
(09:27):
you can let the user know, hey,you know what?
You have this link in this QR code.
I was not able to say who created it onwho sign it.
So it is up to youif you decide that you want to continue.
Or we can be more aggressiveand straight up.
Don't allow it to continue.
So the authentication happensin the device itself.
We do not need to goor have an internet connection to request.
(09:51):
Okay. Let's compareif this is actually authentic.
No, all you need is within the QR codeitself.
Well, the barcode lets you analyzeand the software in your smartphone.
And for the user,that really reinforces the security
when your device is confirming thatthe link is legitimate
before you even have a chanceto look at the link.
That's right.
Because if you already followed the linkin some sense,
(10:11):
then you possiblyexpose yourself to malware.
And so this is sort of a key thingin security.
Oftenthe focus is initially on functionality.
On first getting the functionalityand security comes with an afterthought.
So in many applicationsthat becomes a challenge
because you already have somethingdeployed.
Now you're trying to retrofit securityand you want to do that in a way
(10:31):
that does not break things.
So that's where the dual modulationis particularly advantageous
because as I mentioned, the primaryapplication is not impacted at all.
The primary data even.
But in the QR code is not impacted at allby the dual modulation.
I understand
you're working on other strategies,such as adding color to QR codes as well.
Color is a differentkind of degree of freedom that you have.
The smartphone devices.
(10:52):
We actually exploredthat also extensively.
That was the first direction we startedon was looking at color
and the unique aspect in our approachwas to do things in a modular fashion.
So if you look at color
displays, for example,they use red, green and blue channels.
So our approach was unique in the sensethat we can do
one barcode at each of the channelsand what you get at the other end.
(11:12):
When you get to an image, you get crosscoupling between the channels.
And then we can implement machinelearning techniques to understand
what is the natureof coupling and undo it.
And now we can actually do a combinationof both these techniques.
Also we can do the dual modulationas well as the color
to get about six times as much datawithin the same footprint.
What is the path forward
to get this research outinto widespread use for consumers?
(11:34):
I believe your NSF AI Corp's awardhas to do with this translational aspect.
While we didn't get NSF supportfor the research part.
In this program, what they teach you ishow to get out of your building,
your research buildingand talk to people, right?
See what they need.
(11:54):
See if what you are buildingis actually something that they would
like to have, buy, or somethingthat will make their lives better.
And I believe personally,after going through all this experience
that it is as importantas the research work,
because at the end of the day,what I learned is the customer
(12:16):
or potential customerdoes not care, usually,
if you found a very elegant
mathematical wayto create these elliptical bots
and you develop, a statistical modelsuch that the error correction is better.
What they care about iswhat can your research
your product do for me to solve my issues?
(12:38):
Right now
we have several journal publicationsand conference publications.
We have already validated all the science.
We have a prototype working,but our prototype is on a
traditional computer.
So you need to take a picture,put that into the computer
and then do the decoding.
People definitely nobody wants to do that.
(12:59):
You want to carry a computer,capture QR code
and do the authentication on your PC.
You want it to livein your smartphone, right?
So that's the first thing we want to do.
We want to develop this mobile appto better showcase the seamless
authentication that you can achievewith DSC and QR codes.
Then once we have that,the next step really as I mentioned,
(13:23):
we require a trusted authority,
someone that can be the one saying,yes, this
URLs, this web links,this content is safe to follow.
And we can think, nobody better than Apple
and Google themselvesto be these trusted authorities.
So then I would like to think that we need to approach somehow,
(13:48):
expose our caseand see if we can go from there.
But I think that would be the easiest wayto adoption, having them come together
and working with us to put thisin your camera such that tomorrow
you can just use what you already haveand you have the additional protection.
If we are not able to do that,then we might go a different route.
(14:12):
Maybe we try to partner with
other companiesthat work with QR codes, barcode decoders,
and they might be interested in adoptingthis additional layer of security
and maybe go from there.
So the broader application spacewe think about
is broader than just the specific aspectthat we talked about, about Anti-Phishing.
So for instance, a lot of applicationsthere's interesting track in place.
(14:35):
You're looking at supply chains.
Now there's interestin trying to figure out
whether you maintain the integrityof the supply chain and can establish
how things travel to that.
So we are also exploring that spacein our efforts
at looking at commercialization.
For my last question to each of you,I want to think about the future
and what's ahead.
(14:55):
Professor Sharma,
where do you see this technologygoing in the next ten years, let's say?
So the UPC, traditional UPCuniversal product code,
that was the one the 1d barcodethat we're all familiar with
is increasinglybeing replaced by 2D versions,
either the data matrixor the QR code that we talk about.
Okay.
So now as that's happening,what modulation allows us,
(15:16):
the ability to add a new functionalitytransparently
to what is being donewith the primary application.
And that's really quite helpful because,
you can think about thingsthat are standardized.
So there's a global standardizationinitiative called GS1
which standardizesthese 2D barcode for product labeling.
If it's standardized
then the challenges it'sthis great that you have interoperability.
(15:38):
But the challengeis any additional innovation
you want to introduce on top of itbecomes difficult
because you've got to now arguewith the standard.
So what are dual modulationallows us to do this as transparently.
We can add new functionality.
And that's what we are exploringthrough this broader...
We’ve got an NSF I-Corps grant,for which we are actually exploring
this idea of broader applicationsfor the technology
(16:00):
and seeing which one is the fix pointthat we would like to address first.
How about you, Professor Barron, where
would you like to see this technologygo in the next decade?
QR codes in general.
I think they are going to stick aroundfor some time specifically.
Recently, the traditional rectangular
barcode is being phased away by GS1,
(16:23):
and they are gonna really pushthe adoption of QR codes.
If I remember correctly, datamatrix called other 2D barcodes.
So they are going to stick aroundI don't know.
But based on what we have seenwith the traditional rectangle barcode,
I am sure it would be at least ten years.
(16:43):
Now regarding of
where do I seeour particular research going forward is.
Well, there are needs that we found
in the national I-Corpsteams program that we believe,
we can address by doing some additionalresearch and some additional development,
without going too much into the specifics,but we live in a world
(17:07):
where we require more and more informationto be communicated.
That's just increasing, right?
So QR codes have been around fora long time, and we really want to pack
as much informationas possible in these guys
without making them unnecessarily big.
And this is particularly importantin packaging
where real estate is a premium.
(17:29):
So that's one possible research directionwhere we might go
and solve that issue of packingas much information as possible,
while keeping readabilityand as much compatibility as possible.
Specialthanks to Gaurav Sharma and Irving Barron.
For the Discovery Files, I'm Nate Pottker.
You can watch video versions
of these conversations on our YouTubechannel by searching @NSFscience.
(17:50):
Please subscribe wherever you get podcastsand if you like our program,
share it with a friendand consider leaving a review.
Discover how the U.S.
National Science Foundationis advancing research at NSF.gov.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
The Breakfast Club
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy And Charlamagne Tha God!
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.