Feature Update : Qryptal's PDF Stamping using Secure QR Code technology to prevent document forgery
- Nikhil Jhingan
- Feb 22, 2019
- 4 min read
Secure PDF Stamped documents with Qryptal QR Code can be instantly verified by third-parties
PDF Stamping with Qryptal QR Code - You asked for it and here it is
In our interactions, with users like yourself, you said that you wanted to secure PDF Stamped documents and make them easily and instantly verifiable by third-parties. The new functionality in Qryptal Secure QR Code can help you do this in a simpler, faster and secure way.
The typical flow for PDF stamping is fairly programmatic: the customer integrates their document production system with the Qryptal API (web or on-premise). So if it is a bank using it for account statements, whenever the existing document production system generates a statement, it makes an API call to Qryptal and adds the resulting secure QR code to the electronic or printed document.
Many of you wanted to secure un-structured reports. A typical use case, would be a test and certification agency producing reports created by their subject matter human experts. Reports may have images and data unique to that test. These reports are then used by third-party organizations for various purposes such as audits, financial transactions. Hence the need to protect the integrity of the reports’ contents.
So this is what we have done. The new workflow looks like this -
- Users create the reports like today and once finished - publish it as a PDF
- The user then logs into Qryptal, uploads the PDF to be stamped and gets the “Stamped PDF” which contains the Qryptal code
- This “Stamped PDF” is then sent to the client who can then forward it to third-parties which can scan the secure code to instantly validate. The validation gives them access to the full “Stamped PDF” as well as well any additional metadata that is secured in the Qryptal code
Issuers of such documents want to do this because they wish to preserve their hard-earned reputation by preventing any middleman with the reports or even creating fake reports.
Addresses all your pains
Qryptal’s solution overcomes the other options that exist today that are cumbersome and/ or expensive:
A. Digitally signed PDFs:
- Too difficult to validate by the public: even after all these years, most people do not know how to validate a digital signature. It is a technology like SFTP meant to be used by technologists and not by the average person. At Qryptal we believe that good security works in practice only if it is easy to implement and use. Unfortunately, digitally signed PDFs fall far short on this parameter
- Does not work for printed documents: In real business, documents are still being printed, scanned and even shared on emails and social media. In such cases, digitally signed PDFs don’t work.
B. Custom Portal: A method in which third parties can create accounts on portal and view the actual report on the portal. This also has several drawbacks:
Cumbersome: creating yet another account to verify is cumbersome and time-consuming. Most users simply will not end up verifying.
Data privacy issues: Both with public awareness and legislation (e.g. GDPR) the document issuer (testing agency) does not want to get in the middle of who can verify what. Any lapses can have serious consequences.
Expensive: A separate system is expensive to create and maintain
Security : Having a portal requires regular audits and maintenance to keep it secure as it becomes another possible entry point to an organization’s systems.
Qryptal Secure QR Code solution - A win-win system for every one
Document Issuer (for example a testing agency): Simply gets the document securely stamped with the Qryptal Secure QR code on the document and it’s done
Document Verifier: Just scans the code with the Qryptal Validator App and instantly verifies the authenticity of the document and its details
This has all the inherent security features of the Qryptal Secure QR code: i.e
Secure and Trustworthy: The data in the Qryptal Code is digitally signed with the organization’s private key equivalent to a 3072-bit RSA key. The attached stamped PDF is encrypted with its own unique key which is embedded in the digitally signed Qryptal code. The validation process checks that the document has not been tampered with.
Privacy for all
How to use this Qryptal PDF Stamping
The PDF Stamping feature is easy to set up and use:
Create a template which has a few structured fields and decide on the location where the secure QR Code should be stamped:
To stamp PDF on demand, simply upload PDF and click:
Distribute the stamped PDF to clients. Now any third party can instantly validate the report by scanning with the Document Validator App.
Contact us and we will be happy to demonstrate this solution to you.Download PDF Stamping Approach Paper