QuantumLock

Sovereign Cryptographic Control Platform

Protect software licenses, control customer-owned keys, sign artifacts, manage certificates, export audit evidence, and operate across cloud, BYOC, HSM-backed, sovereign and air-gapped environments.

Request Pilot View Documentation

ML-DSA-65 Post-Quantum ReadyBYOC & HSM ReadyAir-Gapped Ready

quantumlock --init

# Install QuantumLock SDK

$ pip install quantumlock-sdk

# Protect your application

from quantumlock.sdk import LicenseValidator

validator = LicenseValidator("license.qlicense")

if validator.validate():

app.run() # License valid

<5ms

Offline Validation

KMS Providers

FIPS 203

NIST PQC Standard

99.99%

API Uptime SLA

A complete cryptographic control platform

QuantumLock goes far beyond license enforcement. Six integrated capabilities for enterprise software governance.

Software Licensing

Time-based, perpetual, floating, feature-gated, machine-locked, and node-locked licenses. Offline validation under 5ms with zero network dependency.

KMS & BYOC

Keep keys in your own AWS KMS, Azure Key Vault, GCP Cloud KMS, or PKCS#11 HSM. QuantumLock orchestrates without accessing private key material.

Cipher API

AES-256-GCM and ChaCha20-Poly1305 envelope encryption. Data key generation, wrapping, HMAC, and hashing as a service.

PKI & OCSP

Private X.509 certificate authority. Root CA generation, certificate issuance, CSR signing, CRL distribution, and RFC 6960 OCSP responder.

Evidence & Audit

JCS RFC 8785 cryptographically sealed evidence bundles. Merkle-tree transparency log with signed checkpoints. SIEM export via webhook, syslog, Splunk, and Elastic.

Trust Badges

Cryptographically signed SVG badges for your product pages and documentation. Public verification pages. Eight badge types including PQC-Ready and HSM-Backed.

Deployment Options

Deploy where your security policy requires

From local self-hosted to fully air-gapped. From your own cloud KMS to hardware security modules.

Local

Self-hosted Docker deployment with PostgreSQL and Redis. Full API, KMS, and PKI running in your infrastructure.

BYOC Cloud KMS

QuantumLock orchestrates while your private keys stay in AWS KMS, Azure Key Vault, or GCP Cloud KMS.

HSM / PKCS#11

Thales Luna, Entrust nShield, Utimaco CryptoServer, YubiHSM 2. Keys never leave the hardware security module.

Sovereign Cloud

OVHcloud, Scaleway, Outscale (SecNumCloud), T-Systems. Deploy in European sovereign infrastructure.

Air-Gapped

Fully offline Docker deployment. Keys delivered as offline package. No external API calls, no cloud dependency.

Trust Console

Enterprise control panel for cryptographic governance

One dashboard to manage licenses, keys, certificates, evidence, trust badges, API keys, billing, and security readiness across your entire organization.

Live dashboard with key health, certificate expiry, and license usage

Scoped API keys: quantumlock:use, quantumlock:keys, quantumlock:sign, quantumlock:read

SIEM export to webhook, syslog, Splunk, and Elastic

Explore Trust Console

Trust Console

Products

1,247

Licenses

KMS Keys

PKI Status

Recent Audit Events

[18:42:11] license.validated — acme-corp/qcos-pro

[18:41:05] kms.key.rotated — azure-keyvault/hsm-3

[18:40:22] evidence.bundle.sealed — sha256:7f83b1...

Enterprise Security

Built for regulated environments

Post-quantum cryptography, cryptographic evidence, SIEM integration, and a clear shared responsibility model.

PQC-Ready

NIST FIPS 203/204/205 algorithms. ML-DSA-65 primary signature, ML-KEM-768 key encapsulation, hybrid RSA+ML-DSA defense-in-depth.

Evidence Bundles

JCS RFC 8785 sealed containers, dual-signed (classical + PQC), Merkle-tree transparency log with immutable audit trail.

SIEM Export

Security events exported via webhook, syslog, Splunk, or Elastic. Full audit trail with SHA256-chained log integrity.

Responsibility Matrix

Clear separation: SoftQuantus runs the policy engine. You own the keys, HSMs, cloud accounts, and access control.

Read the Security Whitepaper

Scientific Validation

Verifiable, not just claimed

QuantumLock implements NIST-standardized post-quantum cryptography. Every license operation, key lifecycle event, and cryptographic action produces verifiable artifacts for compliance and auditability.

Scientific Foundations

NIST FIPS 203 (ML-KEM) for quantum-resistant key encapsulation at Security Level 3
NIST FIPS 204 (ML-DSA) for digital signatures with post-quantum security guarantees
NIST FIPS 205 (SLH-DSA) for stateless hash-based signatures
Hybrid RSA-4096 + ML-DSA-65 signatures for defense-in-depth cryptographic assurance
Crypto-agility architecture per NIST SP 800-131A for algorithm migration

What you can verify

Offline license validation with cryptographic proofs requiring zero network connectivity
Cryptographically sealed evidence bundles (JCS RFC 8785) with dual classical + PQC signatures
Merkle-tree transparency log with signed checkpoints and inclusion proofs
SHA256-chained immutable audit log with SIEM export capability

Standards alignment

NIST FIPS 203 (ML-KEM)NIST FIPS 204 (ML-DSA)NIST FIPS 205 (SLH-DSA)RFC 6960 (OCSP)JCS RFC 8785

Scientific references

NIST FIPS 203 (ML-KEM) ↗NIST FIPS 204 (ML-DSA) ↗NIST FIPS 205 (SLH-DSA) ↗

Enterprise product. Deployment options: cloud, VPC/private endpoints, or on-prem. Pilot access is provisioned after technical scoping.

Request a Pilot View SDK Documentation

Ready to deploy QuantumLock?

Request a pilot, get procurement-ready documentation, or explore our security architecture.

Request Pilot Read Documentation

Enterprise updates and security advisories

Get QuantumLock release notes, compliance updates, and security best practices.