Secure Documents | Encrypted QR Code | Document Security
Security & Privacy
Security is one of the key concern areas for our customers, and we take it very seriously too. That is why we ensure military-grade-security embedded in the core technology while making the validation easy.
Secure Documents - Encrypted
Security is one of the key concern areas for our customers, and we take it very seriously too. That is why we ensure military-grade-security embedded in the core technology while making the validation easy. This is the secret towards ensuring end to end system security. We are acutely aware that the alternative secure options available in the industry are complicated and hence make it difficult for customers leading to friction in the end-user adoption, which is why we have positioned Qryptal as a solution with frictionless adoption of secure technology.
Digital Signature: Each organisation has its own private-public key pair and all codes are signed by the private key of that customer. The signature itself is based on industry standard algorithms equivalent to a RSA 3072 bit key as per the National Institute of Standards and Technology (NIST). Since this signature can only be generated with the organisation’s private key, no one else can generate this code.
No Database Required: This is an extremely critical component in ensuring ongoing document security. Most systems in the industry today link verification back to online databases and thus the entire security can get compromised. This is especially important for ensuring the security of low verification frequency documents with a long life span like university certificates, birth-death certificates, diamond grading certificates etc. Further, not being dependent on a database reduces operational costs significantly.
EDC Attachment Security: EDC attachments (images, PDFs) are stored AES encrypted in the ADR Object Store. The decryption key is embedded inside the QR Code ensuring access to the information via the secure QR Code.
Offline Verification: We have entirely done away with the need for connectivity to a database. Any verification can be done with the App with just the organisation’s public key. This ensures significantly improved performance and also dramatically reduces the surface area for attack.
No URL - No Phishing: Many verification systems have started incorporating a QR Code on their documents to facilitate validation. This QR Code typically contains a URL, which when scanned displays the information from their server. This, in our view, is a terrible disaster for security because any one can quickly generate a QR Code maliciously with a URL to ’their’ server. QR Phishing is much harder to detect than email phishing and should be avoided in any verification system.
Privacy: Since the Qryptal code is an integral part of the document - user privacy is protected most sensibly. It is all user-controlled by deciding with whom to share the document. There are no complicated systems to create & maintain, thus preventing any privacy issues.
Leading organisations and brands rely on Qryptal
We have customers and users in most parts of the world.
