Licensing and Commercial Support
Commercial access to a unified post-quantum security stack for products, infrastructure, and long-lifecycle deployments
QRCS technologies are intended to be licensed as deployable system components, not merely reviewed as isolated research artifacts. The portfolio can be embedded into firmware, gateways, appliances, enterprise services, and regulated infrastructure programs that require deterministic behavior, clear specification boundaries, and controlled long-term support.
From a commercial standpoint, the licensing model is designed to align with how secure infrastructure is actually procured: evaluation first, pilot second, production deployment under a written commercial agreement, and support tiers that scale from internal engineering teams to regulated and certification-sensitive operators.
Customers typically begin with the core library and add transport, messaging, access, key-management, or domain-security components according to deployment need.
Selected reference materials are publicly reviewable, while production use, redistribution, and supported hardened deployments remain commercial.
Support scales from maintenance and advisories to direct engineering access, lifecycle planning, and custom deployment profiles.
Most programs begin with scope definition and a time-bounded evaluation before expanding into pilot and commercial deployment planning.
Designed for organizations that need disciplined cryptographic integration without building a security platform from first principles
The licensing and support model is aimed at OEMs, embedded manufacturers, infrastructure and security vendors, industrial integrators, regulated enterprises, and public-sector deployments that need verifiable engineering discipline and long service-life maintainability.
Where QRCS licensing fits best
QRCS is appropriate when a buyer wants to integrate secure transport, messaging, administrative access, or structured key lifecycle management without re-implementing the cryptographic substrate. The commercial value lies in compressing design, review, and integration effort into a pre-aligned stack.
| Buyer type | Typical licensing rationale |
|---|---|
| OEM / embedded | Static library integration, controlled device classes, long-lifecycle support |
| Infrastructure vendor | Secure back-end engines for tunnels, messaging, and appliance data planes |
| Regulated enterprise | Internal deployment under explicit support and assurance controls |
| Public sector / sovereign | Strategic licensing for controlled, analyzable, non-fragmented cryptographic infrastructure |
Why the commercial model is structured this way
QRCS technologies are not positioned as generic downloadable toolkits for unrestricted production use. The model deliberately separates public reviewability from commercial deployment rights so that transparency supports due diligence while production integration, maintenance, and support remain contractually governed.
- Evaluation can occur without surrendering production licensing boundaries.
- Commercial deployment can be matched to device count, product line, or internal organizational scope.
- Support can be aligned to certification, lifecycle, and escalation requirements rather than treated as an afterthought.
- Licensing terms can be structured to reflect long lifecycle deployments, including firmware, appliances, and infrastructure systems.
- Commercial agreements can incorporate integration support and transition pathways from evaluation to production environments.
Modular components can be licensed individually or as a broader platform package
Customers commonly begin with the QSC library as a foundation, then add protocol engines according to trust model, performance envelope, and deployment environment.
QSC Library
The foundational cryptographic substrate used across the QRCS stack, designed for disciplined C integration, deterministic behavior, and long-lifecycle environments.
Secure Transport and Tunneling
QSTP, DKTP, SATP, and SKDP engines for authenticated secure channels and tunnels suitable for gateways, appliances, services, and device communications.
Secure Messaging
QSMP semantics for command and control, telemetry, event streams, and service-to-service messaging, typically embedded behind an application layer.
Key Provisioning and Lifecycle
HKDS and SKDP systems for device and fleet key distribution, lifecycle management, and rotation models suited to constrained or intermittently connected environments.
Infrastructure Access
PQS and SIAP components for administrative access, authentication, and controlled operational entry points designed to fit existing workflows.
Domain Security Systems
MPDC-class components for high-assurance domain trust and distributed security architectures where compartmentalization and multi-party contribution are operational requirements.
Licensing models and support tiers are mapped to real deployment patterns
The portfolio is licensed to match how customers actually deploy secure infrastructure: internally, inside commercial products, across fleets of embedded systems, or inside strategic multi-domain programs.
Licensing models
| Model | Commercial intent |
|---|---|
| Evaluation | Time-limited internal feasibility testing; non-redistributable |
| Commercial product | Redistribution rights for embedding QRCS components into a product line |
| OEM / embedded | Per-device, per-device-class, or per-production-run terms for long-lifecycle products |
| Enterprise internal use | Organization-wide deployment for internal systems and infrastructure |
| Strategic | Tailored scope for high-assurance or multi-domain deployments, commonly paired with deeper support |
Commercial support options
| Tier | Designed for | Typical inclusions |
|---|---|---|
| Standard | Teams with internal integration capability | Maintenance releases, bug fixes, security advisories, documentation updates |
| Professional | Active integration and pilot deployments | Integration guidance, architecture review, build and deployment assistance, priority response |
| Enterprise | Regulated, long-lifecycle, or high-assurance deployments | Long-lifecycle support, coordinated disclosure, upgrade planning, custom profiles, direct engineering access |
Most customer work is packaging, deployment, and assurance rather than re-implementing cryptography
QRCS protocol engines are designed to be integrated as secure back-end components. This sharply reduces the need for customers to build or maintain a cryptographic platform from scratch.
Common integration patterns
- Embedded SDK integration: static library integration into firmware, gateways, and appliances.
- Infrastructure services: deployable tunnel, messaging, or access services that provide a hardened data plane.
- Sidecar and agent patterns: secure transport modules integrated into existing service meshes or control planes.
- Reference implementations: console demonstrations that validate protocol behavior and provide integration examples.
- Hardware-backed deployments: integration with secure elements, TPMs, or custom silicon for key isolation and protected execution.
- Gateway and edge consolidation: centralized enforcement of secure transport and messaging policies across distributed device fleets.
- Protocol replacement strategies: phased substitution of legacy TLS, SSH, or VPN components with QRCS-native transport and access layers.
Typical evaluation and pilot path
| 1 | Initial technical discussion and scope definition |
|---|---|
| 2 | NDA execution, if required |
| 3 | Evaluation license issuance and delivery of integration materials |
| 4 | Integration or proof-of-concept period, typically 30 to 90 days |
| 5 | Acceptance review and production planning |
| 6 | Commercial license and support agreement |
Transparency supports assurance. Commercial deployment remains explicitly licensed.
QRCS publishes selected reference implementations, test code, and supporting materials to enable public review, cryptographic analysis, interoperability testing, and evaluation. Publicly available source code and associated materials are provided under the Quantum Resistant Cryptographic Solutions Public Research and Evaluation License (QRCS-PREL), unless explicitly stated otherwise.
That public availability does not permit commercial use, production deployment, commercial redistribution, or incorporation into any product or service without a separate written agreement executed with QRCS. This separation is intentional: it supports independent scrutiny and regulatory transparency without collapsing the commercial licensing boundary.
For licensing inquiries, supported implementations, or commercial use, contact licensing@qrcscorp.ca.
Specification-driven implementation, controlled licensing boundaries, and direct commercial channels
QRCS maintains a specification-driven development approach in which protocol documents define message formats, state machines, constants, and error handling, while implementations are supported with validation tooling for byte-level verification during integration and long-term maintenance.
Licensing, transparency, and assurance
QRCS does not rely on security through obscurity. Supported, hardened, and production-grade implementations are provided under commercial agreement, while public review materials remain available for due diligence, interoperability, and cryptographic scrutiny.
For regulated deployments, QRCS can provide additional due diligence materials under NDA, including architecture notes, protocol specifications, implementation analyses, and integration guidance. These materials are structured to support formal review processes, certification preparation, and independent technical validation.
Commercial contact channels
| Licensing | licensing@qrcscorp.ca |
|---|---|
| Support | support@qrcscorp.ca |
| General | info@qrcscorp.ca |
| Related | Publications and Papers, Source Code Repositories, Investors and Due Diligence |