Skip to main content
This section outlines the security architecture of the Quepass SDK, including encryption mechanisms and secure communication protocols designed to protect sensitive data and ensure safe interaction with the Quepass platform. The Quepass SDK applies strong encryption and secure communication practices to ensure that all sensitive information such as biometric data, identity documents, and verification tokens remains protected during transmission.

Security Standards & Protocol Support

  • TLS 1.2+ / 1.3 Secure Transport
  • Hybrid Encryption Model (Asymmetric + Symmetric)
  • AES-256 Data Encryption
  • Secure Key Exchange Mechanism
  • Enterprise Network Routing Support (APIM / Proxy-based)

1. Communication Flow

SDK communication follows a secure architecture that ensures all requests pass through the client’s infrastructure before reaching the Quepass platform. Flow Client App
  • Integrates Quepass SDK
  • SDK sends requests to Client Proxy / APIM
  • Traffic routed through approved network channels
  • Domain whitelisting & IP validation enforced
  • Quepass Environment
  • Secure response served back through the same controlled channel
This architecture ensures that SDK communication does not directly connect to the Quepass backend and instead follows the client’s network security policies.

2. Secure Data Transmission

All data transmitted between the SDK and the Quepass platform is encrypted using a hybrid cryptographic approach. This method combines:
  • Secure key exchange mechanisms
  • High-performance symmetric encryption for data protection
Before any data is transmitted from the SDK, it is encrypted to prevent unauthorized access or interception during network communication. The backend system then securely processes and decrypts the data within the protected Quepass environment.

3. Encryption Workflow

When the SDK communicates with backend services, a secure encryption workflow is executed to protect sensitive information at every stage.
1

Secure Session Establishment

A secure TLS (1.2+/1.3) connection is established between the SDK and the client’s proxy/APIM layer to initiate protected communication.
2

Key Exchange

A secure asymmetric key exchange mechanism is used to safely generate and exchange encryption keys between the SDK and backend services.
3

Data Encryption

Sensitive data (biometric information, identity documents, tokens) is encrypted using AES-256 symmetric encryption before transmission.
4

Secure Transmission

Encrypted payloads are routed through approved enterprise network channels with domain whitelisting and IP validation enforced.
5

Backend Decryption & Processing

The Quepass backend securely decrypts and processes the data within the protected environment.

4. Security Benefits

The encryption architecture provides several security advantages.
  1. Strong Data Protection
All sensitive SDK data is encrypted before transmission, preventing exposure of personal or biometric information.
  1. Secure Key Exchange
Secure mechanisms are used to safely exchange encryption keys between the SDK and backend services.
  1. Data Integrity Protection
Built-in verification mechanisms ensure that transmitted data cannot be modified or tampered with during communication.
  1. Secure Bidirectional Communication
The same secure communication model protects both incoming and outgoing data between the SDK and the backend platform.

5. Sensitive Data Protection

The Quepass SDK ensures that sensitive data remains protected during transmission, including:
  • Biometric information
  • Identity document data
  • Authentication tokens
  • Verification results
All such data is protected using industry-standard encryption practices to maintain compliance with enterprise security requirements.