Frequently Asked Questions

Common questions about QuantumLock™.

---

General

What is QuantumLock™?

QuantumLock™ is a software licensing platform that uses post-quantum cryptography to create secure, tamper-proof licenses. It provides a complete solution for generating, validating, and managing software licenses.

What makes it "quantum-safe"?

We use ML-DSA-65 (FIPS 204), a post-quantum digital signature algorithm that remains secure even against attacks from quantum computers. This is combined with traditional RSA signatures in a hybrid approach.

Do I need a quantum computer to use QuantumLock™?

No! QuantumLock™ runs on standard computers. "Post-quantum" means the cryptography is resistant to future quantum computer attacks, not that it requires quantum hardware.

---

Integration

How long does integration take?

Most developers can complete basic integration in under an hour:

1. Get API key (5 minutes)
2. Install SDK (2 minutes)
3. Add license creation code (15 minutes)
4. Add validation code (15 minutes)
5. Test (20 minutes)

What languages are supported?

• Python: Full SDK support
• Any language: REST API available

Future SDKs planned for: JavaScript/Node.js, Go, Rust, C#

Can I use it offline?

Yes! QuantumLock™ supports offline validation using StatusProofs—signed statements about license status that can be verified without internet access.

How do I migrate from another licensing system?

See our Migration Guide. The general process:

1. Export existing license data
2. Map features to QuantumLock entitlements
3. Create equivalent artifacts
4. Update your application code
5. Provide migration path for users

---

Security

How secure is QuantumLock™?

QuantumLock™ uses multiple security layers:

• Dual signatures: RSA-PSS-SHA256 + ML-DSA-65
• Anti-rollback: Epoch-based revocation with secure storage
• Device binding: Hardware fingerprint verification
• Binary protection: Nuitka-compiled SDK/CLI

Can licenses be cracked?

While no system is unbreakable, QuantumLock™ is designed to be extremely difficult to bypass:

• Cryptographic signatures prevent forgery
• Server-side validation is always authoritative
• Revocation is immediate and enforced

What happens if my API key is compromised?

1. Immediately rotate your API key in the portal
2. Existing licenses remain valid
3. Attacker cannot modify or revoke existing licenses
4. Contact support if you suspect abuse

Is the connection to the API secure?

Yes, all API communication uses TLS 1.3 encryption. We also support certificate pinning in the SDK for additional security.

---

Pricing & Plans

Is there a free tier?

Yes! The Free plan includes:

• 100 licenses per month
• Basic features
• Email support

How is pricing calculated?

Pricing is based on:

• Number of licenses generated per month
• Features required (PQC, binding, etc.)
• Support level

See pricing page for details.

Can I upgrade or downgrade my plan?

Yes, you can change plans at any time:

• Upgrades take effect immediately
• Downgrades take effect at next billing cycle
• No penalty for changes

---

Technical

What's the difference between v1 and v2 API?

Feature	v1 (Legacy)	v2 (Current)
Format	Simple key	JWT-like artifact
Signatures	RSA only	RSA + ML-DSA hybrid
Revocation	Basic	Epoch-based with anti-rollback
Offline	Limited	Full StatusProof support
Entitlements	Features only	Full entitlement system

We recommend v2 for all new integrations.

How large are license artifacts?

Configuration	Approximate Size
Minimal (RSA only)	~800 bytes
With ML-DSA	~3 KB
With entitlements	+100 bytes per entitlement
With metadata	+size of metadata

What's the API rate limit?

Plan	Requests/Minute
Free	60
Startup	300
Business	1,000
Enterprise	Unlimited

How fast is validation?

• Online validation: ~50-100ms (network dependent)
• Offline validation: ~5-10ms

Do you support high availability?

Yes, our infrastructure is deployed across multiple Azure regions with:

• 99.99% uptime SLA (Enterprise)
• Automatic failover
• Global CDN for key distribution

---

Troubleshooting

"Invalid signature" error

1. Ensure you're using the correct public keys
2. Check that the artifact hasn't been modified
3. Verify both RSA and ML-DSA signatures
4. Make sure key hasn't been rotated

"License not found" error

1. Verify the license ID is correct
2. Check that the license was created successfully
3. Ensure you're using the correct API environment

"Epoch rollback detected" error

This security feature prevents using old revocation sets:

1. Sync the latest revocation set
2. Clear locally stored epoch state (testing only)
3. Contact support if persistent

Offline validation not working

1. Ensure StatusProof hasn't expired
2. Verify public keys are cached correctly
3. Check device fingerprint matches (if bound)
4. Confirm revocation epoch is current

---

Billing & Account

How do I get an invoice?

Invoices are automatically generated and available in:

• Portal → Billing → Invoices
• Email (sent monthly)

Can I get a refund?

• Monthly plans: Refund within 7 days of charge
• Annual plans: Pro-rated refund within 30 days
• Contact billing@softquantus.com

How do I cancel my subscription?

1. Go to Portal → Settings → Subscription
2. Click "Cancel Subscription"
3. Subscription remains active until end of billing period
4. Data retained for 90 days after cancellation

---

Support

How do I contact support?

• Email: support@softquantus.com
• Portal Chat: Business+ plans
• Phone: Enterprise plans only

What are the support hours?

• Free/Startup: Business hours (9am-5pm EST, Mon-Fri)
• Business: Extended hours (6am-10pm EST, Mon-Sat)
• Enterprise: 24/7/365

Where can I report bugs?

• GitHub Issues: github.com/softquantus/quantumlock/issues
• Security Issues: security@softquantus.com (responsible disclosure)

---

Still have questions?

• 📧 Email: support@softquantus.com
• 💬 Portal Chat: portal.softquantus.com
• 📚 Knowledge Base: kb.softquantus.com