Understand your Options in Document Security
Fake Certificate Factories - Myth or Reality ?
We have spoken a lot about fake certificates and fake documents in our blogs and other communication. We still get asked if such news or concern about fake documents is overblown. Unfortunately, it is not.
Yes, fake documents or fake certificate factories are real and thriving. A simple search on Google shows this ( see screenshots enclosed). They openly claimed how easy it is to get a certificate by just paying money on a website. You can get degree certificates, birth certificates, death certificates, experience certificates; you name it.
On one hand, someone may argue, it is the responsibility of the government and law and order machinery to take note of these fake degree sellers and bring them to book. However, the primary responsibility of ensuring that documents are authentic and tamper-proof rests with the organizations issuing such certificates. Unless the issuing organization takes that extra effort to ensure the documents are tamper proof and easily verifiable, how can you expect the rest of the ecosystem to trust them or not manipulate them ? It is akin to one forgetting to lock their car and yet expecting it not to be stolen.
Historically, creating an authentic document involved solutions like holograms, stamps, seals, embossings and the like. They did serve a purpose decades ago when the documents were primarily physical. Maybe then it was too difficult to duplicate and forge such documents. However, with advances in technology, this is no longer the case and the traditional document security measures are found wanting.
Though there have been technological advances in the area of digital documents and sharing, it is still not easy to verify digital documents and moreover there aren’t solutions that straddle the electronic and physical document world together. Most such certificates are designed for single-user use or validation. In reality, though, many certificates like the ones used in education, birth and death certificates or passports and such identity documents are issued to an individual but validated by others several times, often people who are not part of a closed-loop. They find verification extremely time consuming and cumbersome. Digitally signed PDFs are one such example where users are hardly able to verify the documents.
While technologies like blockchain/hyperledger are being experimented with to solve this problem, they also have some requirements and are not easy for everyone to use. The average user is still not up to the mark in using such specialized technology. In addition, they also consume significant resources computationally.
The creation of documents is a small part of the problem. What is even more complicated is that the higher the security and more complex the encryption, the validation side becomes extremely cumbersome, and its sometimes even impossible to authenticate such documents
How would you build a system that achieves these three objectives?
1. It should be simple, easy and cost-effective to create secure documents.
2. It should be possible to create secure documents in both electronic format and physical format depending on the use and convenience.
3. Finally, the verification of such secure documents should be easy and universally understood so that everyone can follow the verification process and be able to trust the documents.
This is where Qryptal, arguably the world’s most secure QR code-based document security solution comes in. With Qrypal QR code generator, the issuing organization can generate any number of documents (ranging from a few to several million) that are secure and tamper-proof and do this with speed and simplicity in an affordable manner.
The validation of such documents has been made really simple and can be done across both electronic and physical formats.
This is how the Qryptal system works -
1. At the time of generation of the document, a Secure QR code is added with the critical details that need to be verified.
2. Such information is signed by the private key of the issuer. This ensures that the document is generated by the authorised entity.
3. Subsequently the verification, that may be needed by a third party, is done with the corresponding public key. This public key would decrypt the critical information and display authenticated content to verifier.
Validation is flexible and can be done through multiple channels - via website of issuer using a web browser camera, uploading a PDF or image of the document with the QR code, or using an app.
Here is a simple schematic showing a bank account statement carrying the Qryptal Secure QR code :
Bank statement with Secure QR code
Document tampering/fake documents is a stark reality and simple but effective solutions like above can go a long way in helping issuers tackle document security while enabling users to trust these documents.
You may also like these interesting use cases