Why does Secure QR code score over Blockchain ?

  • Rajesh Soundararajan
  • Jun 15, 2021
  • 6 min read
Why does Secure QR code score over Blockchain ?

Answer - The best of both worlds - Blockchain like results and the ease of use of QR codes

Over the last decade, we see QR codes grow in popularity across many applications away from their original uses in manufacturing, thanks to the widespread ownership of camera smartphones with apps that could read the QR Codes. This led to an explosion of its usefulness - in marketing, secure documents, etc. In the last year, it skyrocketed further in popularity due to its use for contract tracing for COVID-19 and is now ubiquitous.

In the same decade, blockchain has risen in popularity for its potential uses beyond its original use in cryptocurrency bitcoin. It’s actively being looked at for areas such as smart contracts, trade finance, and questions have been raised about its use for secure documents such as certificates.

At Qryptal, we have often been asked this question on use of blockchains versus secure QR. It turns out it need not be an either or discussion

THE SECURE QR CHALLENGE

While QR code was initially designed for a different purpose because of the open standard on which it is based, its ability to have a high density of information per unit area and the explosive growth of smartphones giving everyone the capability to have a QR reader on demand, has resulted in QR code use growing exponentially over the last decade. However, when security and secure documents transfers are involved, the standard QR code faces a few challenges.

QR Codes even today are commonly used for URL redirection to a web page or resource, but this can lead to QR phishing and is not suitable in case of security and making the information tamper-proof. At Qryptal, we designed our Secure QR code solution to be secured with a private key of sufficient strength so that it cannot be tampered with.

Secure QR code can be considered just like the immutable ledger (as it is tamper-proof and safe) in a blockchain. And the benefit is that the validator-user can still validate without being part of a network (which is the requirement in Blockchain) as the verification is decentralised. Thus, secure QR codes combine the best of both worlds.

The key elements of blockchain are immutability (cannot be changed or altered in an unauthorised manner), distributed ledger (every participant can see all the transactions and verify and even keep a copy), decentralised (there is no single governing authority), enhanced security (using hashing, encryption and cryptography) and based on consensus protocols.

Qryptal’s Secure QR codes give us the same elements - information is secured at the time of generation using a unique private key under the issuer’s control only, thus preventing unauthorised alterations or tampering. It is based on standard cryptography and has high levels of security due to PKI. The code itself is the distributed ledger. All that is needed for verification is the corresponding public key, which can be distributed as per the issuer’s requirements and the transaction.

In this way, Secure QR codes are also different from the widely-seen regular URL based QR codes. Qryptal’s Secure QR uses readily available web-based verification tools or Apps on mobile phones, which can be easily accessed, yet offer security and functionality comparable to much more expensive blockchain technologies. This is possible because, akin to blockchain, Qryptal’s secure QR uses similar digital signing commonly used in blockchain at the point of generation of the code with validation that is de-centralized and does not access to a central ledger. All that is required is the public key to verify the information has not been tampered.

Hence, using blockchain-like asymmetric encryption and signing capabilities, secure QR codes help achieve the security of blockchain solutions at a fraction of the cost.

Qryptal’s secure codes technology has in a way combined QR Codes and blockchain benefits to enable secure centralized “truth” generation with de-centralised validation

Such a secure QR code solution allows for multiple use cases like cheques, ID cards, invoices, passports, school certificates, trade finance documents, vaccination certificates, Covid test reports etc to name a few. Enterprises also benefit from simple integration using APIs into their existing ERP systems in either an on-premises or cloud environment.

HOW DOES AUTHENTICATION WORK WITH SECURE QR?

Generation and Validation

Generation and Validation of Secure QR Codes

  • The validator usually scans the secure QR code with a mobile app or goes to a verification web page on the issuer website, or a validation server is used for bulk validation.

  • The mobile app has a public key that can verify the information embedded into the secure QR code digitally signed by the issuer’s private key – this works for both physical documents and electronic documents carrying the code.

IS SUCH A SOLUTION WIDELY USED TODAY?

Today, Qryptal’s Secure QR Codes are used in over 25 countries across large enterprises, SME’s and governments. They are used to secure invoices, purchase orders, bank statements, industrial test certificates, Covid-19 test reports certificates, university degrees, transcripts and many more documents.

All these use cases of Qryptal’s Secure QR code solution use PKI based security equivalent to 3072 bit RSA, along with it’s multi-stage pipeline compression to generate a small QR code footprint which facilitates decentralised validation using just the public key. The technology uses standard cryptography and allows for quick, efficient, and effective verification. These features make it a compelling proposition and offer a unique advantage to make documents tamper proof and easily verifiable.

Blockchain like elements

Secure QR - Combines Blockchain elements with QR

With Qryptal’s Secure Code solution only authorised issuers can generate and digitally sign the QR with a private key. The QR code encapsulates the critical information that needs to be communicated and verified. This secure QR code is tamper-proof. The QR code can be easily verified by the corresponding public key.

Documents with the Secure QR can be both physical and digital i.e “physical-digital”. Verification is simple and instantaneous. Once the code is placed on the document, it can be verified at anytime on a verification website configured for each issuer (say at: verify.xyz.com). We will create, host and configure this website as part of our setup. This verification website will offer 3 options to verify:

  1. On a phone/laptop - scan code with device camera (no App to install)
  2. Upload report PDF/image/scan copy
  3. Install Document Validator App for iOS / Android

Automated or bulk verification methods are also available using API calls to a validation server for cases where the flow requires such bulk processing of information

Verification methods

Seamless Verification Experience


You may also be interested in -



Suggested further reading

Why Having Immunity Passports on Blockchain is a bad idea

Why Having Immunity Passports on Blockchain is a bad idea

  • Feb 16, 2021
  • 3 min read

A spate of articles have appeared recently in the media espousing the need for COVID-19 Vaccination Certificates, also called Immunity Passports, to facilitate safe travel.

Continue Reading
‘Freedom Passes’ - A brilliant idea whose time has come.

‘Freedom Passes’ - A brilliant idea whose time has come.

  • Nov 24, 2020
  • 5 min read

When UK’s former health secretary Jeremy Hunt threw his backing behind the ‘freedom pass’ concept, it addressed both the concerns - (1) Dramatically increasing the numbers signing up for voluntary testing and (2) Focusing a nation’s resources only on potential sources of spread for better effectiveness. Freedom is one of the ‘key incentives’ for people to get tested so that those infected can self isolate. Yet, it has an immense potential to be misused.

Continue Reading
Fake Certificate Factories - Myth or Reality ?

Fake Certificate Factories - Myth or Reality ?

  • Jan 28, 2020
  • 4 min read

Fake Certificate Factories - Myth or Reality ?

We have spoken a lot about fake certificates and fake documents in our blogs and other communication. We still get asked if such news or concern about fake documents is overblown. Unfortunately, it is not.

Continue Reading
Did you know -  there is an easy way to incorporate document security with your LIS

Did you know - there is an easy way to incorporate document security with your LIS

  • Apr 06, 2021
  • 6 min read

In our earlier post - How do you integrate secure QR code with LIS in healthcare with minimal or no changes? we had discussed using Files API for LIS. For most labs using modern LIS there is a far easier way of having document security incorporated into the lab reports. All it needs is a normal API integration which enables a secure QR code to be placed on the report for subsequent verification. This post will share a quick overview of how that can be done using Rest API and how this is applicable for physical-digital format which has several advantages over just the purely digital or purely physical approach. This is done with zero to minimal changes to the existing LIS systems and massively simplifies final tamper proof document generation and verification. The process used is a Rest API method which is a way of making outgoing API calls from the LIS itself. But first let’s see why are security and verification so important for lab reports.

Continue Reading