Secure QR Code Based Document Security Gets a Boost from the pandemic
- Rajesh Soundararajan
- Mar 25, 2021
- 7 min read
Innovators Vs COVID 19
Recently, Startup.Info caught up with Nikhil Jhingan, Co-Founder of Qryptal, about document security and interviewed him under their INNOVATORS VS COVID 19 series.
Titled Secure QR Code Based Document Security Gets a Boost from the pandemic, by Kossi Adzo, Nikhil gave a bare-all interview about how Qyptal was founded, how it is helping solve the problem of document security and how Covid has actually boosted Qryptal’s business prospects. We are reproducing the interview here for the benefit of our customers and visitors interested in knowing more about us.
1. First of all, how are you and your family doing in these COVID-19 times?
Nikhil Jhingan: We are fortunately doing well, thank you! It has been a challenging period with both work and family getting impacted. However, overall we seem to have adjusted well. The silver lining has been more time with family, particularly kids, and a tailwind for our business.
2. Tell us about you, your career, and how you founded Qryptal?
Nikhil Jhingan: I have been an accidental serial entrepreneur, and my recent ventures have been in the IT security space. There is an interesting story behind the inspiration for my current venture – Qryptal.
About a decade ago, I was travelling and happened to be in a city where I could order a cholesterol test over the phone. The following day they sent their agent to collect my blood sample. Later in the evening, a courier dropped off my report. The report indicated normal levels – surprising considering my history of high cholesterol. To confirm the same, the following day, I went to another lab to be tested. The second report killed my joy – my levels were unfortunately still elevated.
Startup.info interview
This discrepancy got me curious, and I called the first lab and asked them about my results. I was shocked to learn that they had no record of my test though the agent who collected my sample was part of their"authorized"network. Apparently, what had happened was that this agent never sent my sample to the lab and just manufactured a fake report and collected the fee. The fake report just looked like the “original”: same letterhead, paper, and style! This incident prompted me to go down the rabbit hole. Together with my co-founder, we started Qryptal to reimagine document security.
3. That’s interesting! Now that you mention this problem, how does Qryptal solve it?
Nikhil Jhingan: This is a complex problem where fraud happens via many vectors. After many iterations, our position is that for a technology to solve this problem successfully, it must meet the following criteria:
Ease of verification: this is an obvious point, but most potential solutions fail to meet these criteria, and without the ease, fraud continues unabated because the victims find it too difficult to validate.
Physical-Digital: The reality is that we are still in a world where documents are often both electronic and on paper. Any solution needs to work for both mediums. Digital-only solutions (mobile Document Wallets/many blockchain-based implementations) get disqualified since many use-cases still rely on paper or printout-based workflows.
Avoiding reliance on databases: The obvious and common approach is to enable access to databases to validate. This is bad for security and increases the attack surface area by both external hackers and bad internal actors.
Privacy: Many solutions rely upon tracking everything: who is issuing these documents, to whom, and who is verifying. This often rules them out because often the information is sensitive, and many societies are not willing to trade privacy for convenience. A good solution needs to protect privacy for all: document issuer, holder, and verifier.
Once we understood the problem, we were able to architect a solution that meets the above criteria.
At its core – the Qryptal solution is conceptually simple: a document issuing system can seal and encapsulate the information inside a QR Code which is digitally signed by the issuer’s private key. For verification, only the QR Code and the public key is needed – it can be made as simple as scanning the code by an App for instant and even offline verification.
Millions of documents can be signed by a private key – and any third party can validate the document (even offline) with just the QR and the corresponding public key.
4. How has the coronavirus pandemic affected your business, and how are you coping?
Nikhil Jhingan: As we are all aware, the pandemic has boosted remote working/work from home due to severe restrictions in people’s movements. This brought about its challenges and opportunities. Thankfully for us, the focus on e-documents and remote verification & authentication, contactless or not-present transactions – made potential customers realise the benefit of using Qryptal’s technology and solutions for solving such day-to-day problems.
There was an increased awareness of fraud in this kind of backdrop. Our emphasis on security and privacy has made people understand how we can help tackle it.
Besides, one significant benefit for us – has been a level playing field for smaller technology-focused companies like Qryptal. Now we can interact with and sell to enterprise & government customers remotely, in all parts of the world, without face-to-face contact. This cannot be overemphasised as it has made the landscape more democratic and allowed us to compete better. This has also helped customers to source best-of-breed solutions and not be limited to what is offered by local & traditional vendors.
The pandemic has also opened up a new opportunity tailor-made for our technology: Covid-19 testing and vaccination certificates. How do health authorities and governments, and even private labs help people access verifiable credentials to facilitate travel? This is where secure QR has a significant role to play. It’s a technology that is ready and cost-effective and seems custom-built for this exact purpose! All these things add up to the tailwind that I spoke about earlier in our business.
5. How did this pandemic contribute to the change of strategy and product development at Qryptal? Did you have to make significant changes and come up with new tools?
Nikhil Jhingan: Early in the pandemic, we were approached by partners to help authorities issue lockdown passes. One difficulty was that in many places, the connectivity was poor. They wanted something where critical information like the name of essential services worker, vehicle number, date, etc., can be validated offline. Enhanced information, such as photographs, can be displayed when online.
Qryptal always had primary data codes (PDC), which can be validated offline, and extended data codes (EDC) containing additional data like images and PDFs to be validated with network connectivity. For these passes, both capabilities were needed. So in April 2020, we combined the two and launched hybrid data codes (HDC) which can provide critical info when offline and all the information when data connectivity is available.
Later in the pandemic, Qryptal began to be used for the Covid-19 test and vaccination certificates to facilitate travel. This brought up some exciting challenges where immigration departments and border control authorities needed to validate these documents in air-gapped environments. So we developed tools to help such organisations validate these documents seamlessly within their environments.
6. What are the barriers to the adoption of a technology like yours?
Nikhil Jhingan: Being a new category of a solution, we primarily have to contend with established biases and home-grown solutions. There are a few barriers to adoption:
The costs and benefits for the implementation often accrue to different stakeholders: Qryptal needs to work with a document issuer. The benefits of implementation primarily flow to the validators. For example, hospitals incur the cost of implementing Qryptal. However, the beneficiaries are insurance companies that can instantly validate the bills and process claims.
QR Code re-education: Earlier, most QR Codes just contained a URL which, when scanned, opened a web-page. This makes many enterprises think that the solution is simple: create a unique URL for every document. We then have to explain and guide customers that this is bad for security for two reasons: a) fake QR codes with phishing URLs can point verifiers to malicious websites b) Making sensitive information available to"free" QR code scanning Apps can potentially leak this information to unknown entities.
We believe that QR codes should never have URLs for better security and should not be usable by unauthorised Apps and readers.
7. Your final thoughts?
Nikhil Jhingan: Apart from health and well-being, the pandemic has fundamentally changed how we work. There is no going back, and these changes have opened up new opportunities to explore and build upon.
You may also like to read -