Secure QR Code Based Document Security Gets a Boost from the Pandemic

Nikhil Jhingan, Co-Founder of Qryptal tells us about documents security during the pandemic.

First of all, how are you and your family doing in these COVID-19 times? 

Nikhil Jhingan: We are fortunately doing well, thank you! It has been a tough period with both work and family getting impacted, but overall we seem to have adjusted well. The silver lining has been more time with family, particularly kids, and a tailwind for our business.

Tell us about you, your career, and how you founded Qryptal?

Nikhil Jhingan: I have been an accidental serial entrepreneur, and my recent ventures have been in the IT security space. There is an interesting story behind the inspiration for my current venture – Qryptal.

About a decade ago, I was traveling and happened to be in a city where I could order a cholesterol test over the phone. The next morning they sent their agent to collect my blood sample, and later in the evening, a courier dropped off my report. The report indicated normal levels – surprising considering my history of high cholesterol. To confirm the same, the next morning, I went to another lab to be tested. The second report killed my joy – my levels were unfortunately still elevated.

This discrepancy got me curious, and I called the first lab and asked them about my results. I was shocked to learn that they had no record of my test though the agent who collected my sample was part of their “authorized” network. Apparently, what had happened was that this agent never sent my sample to the lab and just manufactured a fake report and collected the fee. The fake report just looked like the “original”: same letterhead, paper, and style! This incident prompted me to go down the rabbit hole, and together with my co-founder, we started Qryptal to reimagine document security.

That’s interesting! Now that you mention this problem, how does Qryptal solve it?

Nikhil Jhingan: This is a complex problem where fraud happens via many vectors. After many iterations, our position is that for a technology to successfully solve this problem, it must meet the following criteria:

• Ease of verification: this is an obvious point, but most potential solutions fail to meet these criteria, and without the ease, fraud continues unabated because the victims find it too difficult to validate.
• Physical-Digital: The reality is that we are still in a world where documents are often both​ electronic and on paper. Any solution needs to work for both mediums. Digital-only solutions (mobile Document Wallets/many blockchain-based implementations) get disqualified since many use-cases still rely on paper or printout-based workflows.
• Avoiding reliance on databases: The obvious and common approach is to enable access​ to databases to help with validation. This is bad for security and increases attack surface area by both external hackers and bad internal actors.
• Privacy: Many solutions rely upon tracking everything: who is issuing these documents, to​ whom, and who is verifying. This often rules them out because often the information is sensitive, and many societies are not willing to trade privacy for convenience. A good solution needs to protect privacy for all: document issuer, holder, and verifier.

Once we understood the problem, we were able to architect a solution that meets the above criteria.

At its core – the Qryptal solution is conceptually simple: a document issuing system can seal and encapsulate the information inside a QR Code which is digitally signed by the issuer’s private key. For verification, only the QR Code and the public key is needed – it can be made as simple as scanning the code by an App for instant and even offline verification.

Millions of documents can be signed by a private key – and any third party can validate the document (even offline) with just the QR and the corresponding public key.

How has the coronavirus pandemic affected your business, and how are you coping?

Nikhil Jhingan: As we are all aware, the pandemic has boosted remote working/work from home due to severe restrictions in the movements of people. This brought about its own challenges and opportunities. Thankfully for us, the focus on things like e-documents and remote verification & authentication, contactless or not-present transactions – made potential customers realize the benefit of using Qryptal’s technology and solutions for solving such day-to-day problems.

There was an increased awareness of fraud in this kind of backdrop, and our emphasis on security and privacy has made people understand how we can help tackle it.

In addition, one significant benefit for us – has been a level playing field for smaller technology-focused companies like Qryptal. Now we are able to interact with and sell to enterprise & government customers remotely, in all parts of the world, without face-to-face contact. This cannot be overemphasized as it has made the landscape more democratic and allowed us to compete better. This has also helped customers to source best-of-breed solutions and not be limited to what is offered by local & traditional vendors.

The pandemic has also opened up a new opportunity tailor-made for our technology: Covid-19 testing and vaccination certificates. How do health authorities and governments, and even private labs help people in getting access to verifiable credentials which can facilitate travel? This is where secure QR has a big role to play. It’s a technology that is ready and cost-effective and seems custom-built for this exact purpose! All these things add up to the tailwind that I spoke about earlier in our business.

How did this pandemic contribute to the change of strategy and product development at Qryptal? Did you have to make major changes and come up with new tools?

Nikhil Jhingan: Early in the pandemic, we were approached by partners to help authorities issue lockdown passes. One difficulty was that in many places, the connectivity was poor, and they wanted something where critical information like name of essential services worker, vehicle number, date, etc. can be validated offline, and enhanced information such as photographs can be displayed when online.

Qryptal always had primary data codes (PDC), which can be validated offline, and extended data codes (EDC) which can contain additional data like images, PDFs to be validated with network connectivity. For these passes, both capabilities were needed. So in April 2020, we combined the two and launched hybrid data codes (HDC) which can provide critical info when offline and all the info when data connectivity is available.

Later in the pandemic, Qryptal began to be used for the Covid-19 test and vaccination certificates to facilitate travel. This brought up some interesting challenges where immigration departments and border control authorities needed to validate these documents in air-gapped environments. So we developed tools to help such organizations validate these documents seamlessly within their environments.

What are the barriers to the adoption of a technology like yours?

Nikhil Jhingan: Being a new category of a solution, we primarily have to contend with established biases and home-grown solutions. There are a few barriers to adoption:

• The costs and benefits for the implementation often accrue to different stakeholders:​ Qryptal needs to work with a document issuer, and the benefits of implementation primarily flow to the validators. For example, hospitals incur the cost of implementing Qryptal, but the beneficiaries are insurance companies that can instantly validate the bills and process claims.
• QR Code re-education: Earlier, most QR Codes just contained a URL that, when scanned,​ opened a web page. This makes many enterprises think that the solution is simple: just create a unique URL for every document. We then have to explain and guide customers that this is really bad for security for two reasons: a) fake QR codes with phishing URLs can point verifiers to malicious websites b) Making sensitive information available to “free” QR code scanning Apps can potentially leak this information to unknown entities.

We believe, for better security, QR codes should never have URLs and should not be usable by unauthorized Apps and readers.

Your final thoughts?

Nikhil Jhingan: Apart from health and well-being, the pandemic has fundamentally changed how we work. There is no going back, and these changes have opened up new opportunities to explore and build upon.

Your website?

www.qryptal.com