How Qryptal Works

At its core, our technology makes any document tamper-proof and instantly verifiable by a third party in a server-less architecture.

Qryptal's solution plugs into existing document production systems and generates a highly secure digital signature with embedded data to be placed on the document as a barcode. After that, anyone can instantly verify the credibility of the information, through an App on their smartphone.

This novel architecture provides many benefits:

  • Server-less: this enables the solution to scale and also makes it virtually maintenance free. Since there are no servers, once the document is issued - no further infrastructure is required needed to keep it verifiable
  • Security: Based on PKI, it is much more secure than typical internet banking
  • Off-line Verification: Since the Qryptal code is self-contained, no network connectivity is needed to validate the information
  • Works for electronic as well as printed documents: The Qryptal code has a physical embodiment (barcode) which makes it transcend both electronic and printed copies of the document
  • Privacy: Qryptal helps safeguard and protect the privacy of the customer and institution in an uncomplicated logical manner
Learn more

Overview

The essential workflow for deploying Qryptal is to integrate with the Qryptal Generator API so that the Qryptal Secure QR Code can be generated and seamlessly added to your documents in order to enable easy validation.

Sample Document with Qryptal Code

For validation, users can install the Document Validator App. You can try the following steps to install it on your mobile phone:

  • 1. On your mobile, visit verify.demobank.in and install the app
  • 2. After the app has been installed, scan the code below:

The code is digitally signed by the organisation’s private key. The keys are generated initially as part of setup. The mobile app uses the organisation’s public key to validate the digital signature. Further, the entire code is compressed specifically to create the smallest possible QR Code size. Contact us to learn more about this.

  The Qryptal Generator offers a REST API which can be called from nearly any programming language/system.
Free signup is also available to try the API..

Qryptal Secure QR Codes are of two types:

  • - Primary Data Codes (PDC): These are self- contained codes which encapsulate all the information within the code itself. The recommended capacity of these codes is about 2,000 characters - enough for a textual bank account statement like the sample given above.
  • - Extended Data Codes (EDC): These codes can also contain attachments like images and PDF files. The attachments are encrypted and stored as BLOBS in object store. The decryption key and their fingerprints are stored within the QR. This prevents any subsequent tampering of the codes.

Both the codes can be revoked or chained with a new code.

The easiest way to understand our technology is by signing up for a free trial account.

Schedule Qryptal Discussion

Deployment Options

Depending upon customer needs, Qryptal supports the full range of deployment options:

  • On-premise Software: Qryptal software is run in-house,on customer servers in their own data centers or on their cloud
  • Qryptal Cloud: Customer applications make API calls to our cloud infrastructure
  • Hybrid: some components are run in-house while the rest leverage the Qryptal Cloud
Product Cloud Options On-Premise (in customer data-center or cloud)
Qryptal Generator: For generating digitally signed Qryptal Secure QR Codes Code revocation and chaining API is included Qryptal Cloud Linux 64-bit1 Windows 64-bit
Qryptal Validation Server: For programmatically (API) validating digitally signed Qryptal Secure QR Codes Qryptal Cloud Linux 64-bit1
ADR Object Store: For EDC, code-chaining & revocation AWS S3 (customer’s account) Linux 64-bit1
ADR Reverse Proxy: For front-ending ADR Object Store in the DMZ N.A. Linux 64-bit1

1 Most Linux distributions supported with the following:

  • - Supports TLS/HTTP2 with TLS Mutual Authentication option for intergation with API Gateways
  • - No database or other dependencies for core operations: download and run
  • - Multi-threaded for concurrent API Calls
  • - Multiple instances can be run to scale to any desired capacity

Please contact us in order to schedule a discussion to determine the best deployment option for your use case.

Schedule Qryptal Discussion

Integration Options

Generation:

We have designed our solutions to provide flexible integration options depending upon customer needs and the configuration of their existing systems.

Primarily there are three kinds of integration options to choose from:

Qryptal Secure QR Code Only: The Qryptal Generator provides the code graphic image file which can be integrated into document by the customer’s document production system. The Qryptal Generator can provide different sizes of the code to enable easier incorporation and avoid error-prone image resizing. This is the most common and preferred integration method which provides maximum level of flexibility to customers.

Finished Document PDF (not available for on-premise): This requires creating a document template and importing it into the Qryptal Generator. After the template has been imported, the Qryptal Generator will not only generate the code but also create the PDF of the finished document with the code and the variable data. This option is useful if the customer does not already have such a system.

Secure Document Generation and Management (not available for on-premise): This option not only generates the finished PDF but also provides an end user UI for your staff to generate secure documents on demand or on a bulk batch mode basis.

 

Validation:

There are three validation options available:

Document Validator App: This App is maintained by us and has a mechanism to add customer public key for validation. Validation as well as any decryption for EDC attachments is done on the device with full privacy.

Custom App/Existing App: We provide the Qryptal Mobile Validation SDK to embed validation functionality within an iOS or Android App.

Qryptal Validation Server: This provides an API which accepts file image uploads and returns the Qryptal Secure QR Code details. This is useful for automated processing of inbound documents containing Qryptal codes. An example use case is of insurance policy holders uploading scanned receipts for the processing of claims.

Schedule Qryptal Discussion

Security & Privacy

Security is one of the primary concerns for us as well as our customers. Apart from ensuring security in the core technology, making validation easy is the key for ensuring a holistic system security. There are many secure options which are complicated and hence end up not working for the customers because of the friction that arises in the end-user adoption.

Digital Signature: Each organisation has its own private-public key pair and all codes are signed by the private key of that customer. The signature itself is based on industry standard algorithms equivalent to a RSA 3072 bit key as per the National Institute of Standards and Technology (NIST). Since this signature can only be generated with the organisation's private key, others cannot generate this code.

No Database Required: This is critical in ensuring ongoing document security. Many systems link verification to online databases whose security can get compromised with time. This is particularly important for ensuring security of low verification frequency documents with a long life span like university certificates, birth-death certificates, diamond grading certificates etc. Further not being dependent on a database reduces operational costs significantly.

EDC Attachment Security: EDC attachments (images, PDFs) are stored AES encrypted in the ADR Object Store. The decryption key is embedded inside the QR Code ensuring access to the information via the secure QR Code.

Offline Verification: Since database connectivity is not needed, the verification can be done with the App with just the organisation’s public key. This not only improves performance but also reduces the attack surface area.

No URL - No Phishing: Many verification systems have started incorporating a QR Code on their documents to facilitate validation. This QR Code typically contains a URL, which when scanned displays the information from their server. This is terrible for security because a malicious person can easily generate a QR Code with a URL to their server. QR Phishing is much harder to detect than email phishing and should be avoided in any verification system.

Privacy: Since the Qryptal code is an integral part of the document - user privacy is protected in the most sensible manner. It is all user controlled by deciding with whom to share the document. There are no complicated systems to create & maintain thus preventing any privacy issues.

Schedule Qryptal Discussion

Integration Options

Schedule Qryptal Discussion

Frequently asked questions

A Few queries we come across everyday, let's connect to get into more details.

Qryptal is designed to be placed on documents that may last very long term, i.e more than 50 years, such as university transcripts, degrees, birth certificates etc. Hence we have chosen to use a large key size equivalent to 3072 bit RSA, much higher security than existing internet banking which is typically 1024 bit.

Leading organisations and brands rely on Qryptal

We have cusomers and users in most parts of the world.