At its core, our technology makes any document tamper-proof and instantly verifiable by a third party in a server-less architecture.
Qryptal's solution plugs into existing document production systems and generates a highly secure digital signature with embedded data to be placed on the document as a barcode. After that, anyone can instantly verify the credibility of the information, through an App on their smartphone.
This novel architecture provides many benefits:
Security is one of the primary concerns for us as well as our customers. Apart from ensuring security in the core technology, making validation easy is the key for ensuring a holistic system security. There are many secure options which are complicated and hence end up not working for the customers because of the friction that arises in the end-user adoption.
Digital Signature: Each organisation has its own private-public key pair and all codes are signed by the private key of that customer. The signature itself is based on industry standard algorithms equivalent to a RSA 3072 bit key as per the National Institute of Standards and Technology (NIST). Since this signature can only be generated with the organisation's private key, others cannot generate this code.
No Database Required: This is critical in ensuring ongoing document security. Many systems link verification to online databases whose security can get compromised with time. This is particularly important for ensuring security of low verification frequency documents with a long life span like university certificates, birth-death certificates, diamond grading certificates etc. Further not being dependent on a database reduces operational costs significantly.
EDC Attachment Security: EDC attachments (images, PDFs) are stored AES encrypted in the ADR Object Store. The decryption key is embedded inside the QR Code ensuring access to the information via the secure QR Code.
Offline Verification: Since database connectivity is not needed, the verification can be done with the App with just the organisation’s public key. This not only improves performance but also reduces the attack surface area.
No URL - No Phishing: Many verification systems have started incorporating a QR Code on their documents to facilitate validation. This QR Code typically contains a URL, which when scanned displays the information from their server. This is terrible for security because a malicious person can easily generate a QR Code with a URL to their server. QR Phishing is much harder to detect than email phishing and should be avoided in any verification system.
Privacy: Since the Qryptal code is an integral part of the document - user privacy is protected in the most sensible manner. It is all user controlled by deciding with whom to share the document. There are no complicated systems to create & maintain thus preventing any privacy issues.Schedule Qryptal Discussion
We have cusomers and users in most parts of the world.