MyVeriPort Frequently Asked Questions
Q. Is an encrypted document made and stored on client server with the encryption key on the blockchain?
A: After a user creates a document using MyVeriPort services, MyVeriPort backend converts the document into a cryptographic hash and stores it on a blockchain network like Ethereum, in the form of a transaction. Once the transaction containing the hash is finalised, the transaction ID and hash are stored in MyVeriPort’s server. The original document itself is stored locally on the client’s secured server as MyVeriPort do not offer any document storage service. Every time, whenever a user scans a QR code present on any document generated using MyVeriPort services, at the time of verification, the original document is retrieved from the client’s server, is converted into a hash, the hash is retrieved from MyVeriPort database and from the blockchain. All these 3 hashes are compared as part of three-step hash verification. Also, the document preview is shown on the verification page.
Please note that MyVeriPort requires a permanent access to the document stored on the client’s server, so that user can visually compare the contents of the document to verify that the data is not compromised in any manner and for MyVeriPort to ensure the original document is not altered by converting it into a hash and checking it against the hash value on blockchain.
Q. How is the hash retrieved from the blockchain?
A: MyVeriPort is responsible for converting document into a cryptographic unique hash and storing it on a blockchain in the form of a transaction. When the user scans the QR code, it triggers the verification URL to retrieve document from the client server and convert it into a hash. After the hash is retrieved the hash value is searched in the blockchain. If the hash value comes back with a positive response containing transaction ID and hash of the transaction, it is looked up in MyVeriPort’s server. If the transaction record matches the blockchain record, the hash is retrieved from the blockchain.
Q. Can you please clarify what makes up the metadata requirements (record info, file information)?
A: Metadata can be used to instantly identify and validate the important information such as document holder name, any reference numbers or values from the document upon scanning. Metadata for each document is taken as strings of information from the document describing the characteristics of that document and are available to be displayed on the verify screen when the user scans the QR code present on the document. Our clients have an option to choose between a two-step verification available for the metadata fields. One on verify screen and other on blockchain explorer where certain fields of the data from the document are displayed in the form of metadata in the input field.
Q. Is pdf required? Can an alternate image file be utilised, jpg, bmp etc.
A: PDF format is the most desirable format, but image format is also acceptable too. The only condition is that the link of where the file is stored should never be replaced with a different file format.
Q. Please advise the preferred method of sharing these files, at present, our document printing application is connectivity based and heavily dependent on data from alternate sources, not hosting. So, we have limited exposure on this front.
A: When you say you are using alternate sources and not hosting them, does that mean that you are not storing the files in a database management system on your server (cloud or on-premises)? If you are storing the files in a third-party storage solution, we will need access to where it is stored. If granting access is not possible, other ways can be worked out after discussion.
Q. Is it possible to just return just the data/string used to generate the QR Code? The reason for is that our document printing application can generate QR Codes from data fields, and if static data like URL/additional data is required we can add this, even if the Unique Hash ID doesn’t include it.
A: Yes, this is possible if you are willing to generate QRs from the URLs which we will send to you.
Q. Is there any record specific data (primary key, record details etc) that needs to be provided when lodging this request?
A: No, the request can be made at time of saving the document which will generate and send a URL within seconds (in almost real-time).
Q. If there is no record specific information required, is it possible to request a batched lot of strings to pre-populate a list for future use.
A: The URLs attached to the QRs are generated in real time (within fraction of seconds). Batching of verify links to be used throughout a time period can be developed, if you decide to receive batches of URLs instead of getting a URL in real-time.
Q. If a client has a system capable of the application required, what is the implementation cost?
A: Implementation costs differ from client to client. In saying that, to integrate MyVeriPort as a plugin into a client’s existing server, MyVeriPort will work as an API to fetch information from client’s domain. To do this, the API will conduct transactions on MyVeriPort server on behalf of client. This will require our development team to calculate the effort and number of hours required in integrating MyVeriPort services into client’s existing domain. Thus, the cost of implementation will be directly proportional to the hours of work required for integration. Secondly, each implementation will require one or more template designs dedicated for each document type that the user wants to create documents for. This will also form part of implementation cost.
Also, MyVeriPort tokens are used to pay for transactions and to send data to the blockchain. The utility token covers the fees that are associated with creating a new record, such as gas on the Ethereum blockchain. In addition to using gas to perform computations, gas is also used to pay miners who provide their resources to the Ethereum blockchain, in the form of a transaction fee.
Q. Can the system handle different authorisation levels accessing different amounts of information on an encrypted document? How would that be implemented?
A: The QR present on all MyVeriPort generated documents can be password-protected. In which case, when a user scans the QR code they will only be able to access the information for which they have access to. To do so, when a person scans the password-protected QR code, they will be redirected to a password authentication page. The user will be asked to enter password to get access to the desired information encrypted in that QR. If the person fails to provide that password, then he/she will be unable to see information from the encrypted document.
Q. In terms of supply chain tracking, can one QR code on a product be used to track the entire history, including all transfer documents?
A: In simple terms, MyVeriPort verifies each step in the supply chain by registering a “digital handshake”, that marks exactly when and where the goods have changed hands. Thus, a record of entire history including all transfer documents can be added on the same QR for ease of access and supply chain tracking.
Q. Can all versions of a document be accessed using a single QR code?
A: MyVeriPort never deletes any files generated by using our technology. All files are stored locally on our client’s secured server. When the QR code is scanned, our backend fetches the most recent document containing the QR from the client’s server and previews it on our verification page. Using this algorithm, multiple versions of the same document can be added to the same QR code. When users will scan this QR code, they will be able to verify, preview and download all existing versions of the same document using a single QR code.
Q. Why MyVeriPort is not storing documents on their server?
A: MyVeriPort is not a document management and storage solution and therefore do not store their client’s documents on their server. Since blockchain itself is not efficient to store digital records (considering the size of digital records and excessive cost of such transactions), MyVeriPort has developed a mechanism to store digital documents in client’s secured server and send the encrypted data from the document to the blockchain.
In simple terms, the digitisation of the document involves, extracting data from the document, cryptographically encrypting the data extracted from client’s document and converting it into a unique hash value of the original source file. This unique hash is stored on the blockchain and the URL to the transaction record is embed into a unique QR code which is present on the original document issued by the issuer.
Q. Why MyVeriPort will require permanent access to client’s secured server (CSS)?
A: At the time of verification, user is redirected to a secure MyVeriPort webpage that displays the unique hash value, blockchain transaction record and a preview of the original document. To carry out the verification, ensures the accuracy of the document, by checking whether it has been manipulated in any manner or not. After the check is completed, the document preview is retrieved directly from where the document is stored (i.e., client’s secured server). This preview is available for the customer for comparison against the document that they have scanned to verify document’s integrity. Since MyVeriPortis not storing client’s document on their servers, MyVeriPortAPI will call client’s database to preview the original document for verification. Which is why, VeriDoc backend will require permanent access to client’s server.
Q. What if the client is not willing to grant permanent access to the MyVeriPort Protocol?
A: In such cases, the client can opt to store the documents that contains QR codes issued by VeriDoc on a secondary database and give MyVeriPort permission to access that database. Cloud solutions such as Google Drive, Dropbox, Amazon Cloud Drive can be used as secondary document storage solutions.
As stated in EULA, MyVeriPort will not:
1. create copies of the Customer Data (save for temporary copies created by the platform in the course of its normal operations);
2. retain copies of the Customer Data (save for so long as is necessary to complete the operations conducted by the Platform in the course of its normal operations); or
3. facilitate any restoration of the Customer Data.
MyVeriPort Mobile Application FAQs
Q. How does the QR scanner works?
A: Tap the big QR scanner button on the green screen and then scan a QR code. The app will then display the information embedded in that QR code.
Q. Can the QR scanner only be used to scan MyVeriPort QR codes?
A: You may use the QR scanner to scan any QR code. The app is not limited to QR codes generated by MyVeriPort.
Q. What is Smart Login? How does it work?
A: Smart login enables MyVeriPort account holders to sign-in into their MyVeriPort web account using the app’s QR scanner. This feature adds an extra layer of security to user’s account, enabling users to take full control of the login activity of their account. When someone tries to log into an account, and if the user has smart login setup, they will be notified about login timestamps and can sign out of their web account directly from the app.
Q. Will you use my phone number to send me promotional messages?
A: MyVeriPort only uses phone numbers for two factor authentication which is required at the time of registering and signing into the application.
Q. What is 2FA and how does MyVeriPort uses it?
A: Two factor authentication (2FA) is an extra layer of security that ensures that people trying to gain access to an online account, are who they say they are. First, a user will enter their username and a password. Then, instead of immediately gaining access, they will be required to provide another piece of information which is a one-time password (OTP) sent to them via the registered phone number.
Q. What is OTP?
A: One-Time Password (OTP) is a technological mechanism through which a single-use password is generated and sent to the registered mobile number for the user to access the application.
Q. Can I change my phone number after registering?
A: You can change your phone number any time, given that you will require access to the registered email. To change your phone number, you will receive an OTP in your email, which will be required to make the desired change.
Q. Does MyVeriPort store any information that I scan using the app’s QR scanner?
A: No, the app retrieves the information to display onto the screen and once you exit the information screen, the information is erased permanently without any record being stored on our database.
Q. Is there a way to use Smart Login QR Scanner without registering my phone number?
A: Smart Login feature uses 2FA and a registered phone number is required to ensure we are letting the right person into their web account. Smart Login feature is only available to users with a registered phone number. If you do not wish to provide your phone number, you can still use the normal QR scanner on the green screen.
Q. What is the Change of State (CoS) Scanner?
A: This new app feature will be widely used within the supply chain industry. It will enable each step to be tracked and verified on the blockchain by the end customer. The solution uses MyVeriPort secured QR codes which are scanned by operators in the supply chain. These operators will update the blockchain using the CoS Scanner.
If we consider a loaf of bread as an example, the end customer will be able to scan a QR code on the packaging and they will be able to verify things such as: where the wheat came from, where the flour was milled, where the bread was baked and where the bread is being sold. Each step is time stamped, location stamped and includes the name of the business that was part of the supply chain. The CoS Scanner will also be used for track-and-trace and change of ownership solutions.
There are two types of CoS QR Codes:
Public CoS QR Code: It is a MyVeriPort’s QR code which is access controlled. Anyone using the MyVeriPort CoS Scanner application can scan this QR code to see information secured using blockchain platform. Each person that scans this QR code, is prompted to save a location, device and time stamp to ensure that the information creator has access to a log of everyone that has seen that information.
Private CoS QR Code: It is a MyVeriPort’s QR code which is access controlled similar to Public CoS QR code. The feature that makes it different from the Public QR code is the fact that only people with rights from the creator can access the information secured under the Private QR code which makes this QR code highly secured. Each person that scans this QR code, is prompted to save a location, device and time stamp to ensure that the information creator has access to a log of everyone that has seen that information. Information Sender (creator) will have access to a dashboard which will contain a real-time log of people who have scanned the QR code to access the information.