Article’s

Quick Response (QR) codes have become widespread in digital interactions, yet their opacity enables sophisticated phishing attacks “Quishing” where users cannot visually verify encoded destinations before scanning. While QR phishing incidents surged 433% between 2021 and 2023, existing mitigation strategies remain fragmented: encryption focused solutions provide payload confidentiality without authenticity verification, scanner applications offer URL reputation checks that fail against zero-day threats, and dynamic QR platforms prioritize marketing analytics over cryptographic integrity. This study addresses the critical gap in end-to-end QR code authentication by proposing a comprehensive secure QR system integrating backend-driven code generation, RSA public-key cryptography, and server side validation with enforced one-time-use controls. Through systematic analysis of contemporary QR platforms and security advisories from federal agencies and cybersecurity firms, we establish functional requirements and present a three-tier client server architecture employing SQLite persistence, cryptographic signature verification, and user-session binding mechanisms. The proposed system provides authenticated QR generation and real-time validation, offering organizations a deployable framework for regulated environments where code legitimacy and tamper-resistance are paramount. The validation workflow applies only to QR codes issued by the proposed system; verification of external/third-party QR codes is out of scope.