VeriCert

Blockchain-Powered Academic Credential Verification

By Manish Reddy Nandineni, Gayatri Ambati, Aravind Jetty

VeriCert Banner

Abstract

In a world where the pursuit of education is at an all-time high and the need to verify academic achievements is more crucial than ever, a pressing demand arises for modern methodologies to securely manage academic credentials. These credentials, often highly sensitive, necessitate the utmost level of protection against forgery and inaccuracies. Digitalizing academic credentials offers an efficient solution to manage the ever-increasing volume of verification requests, provided that the process is absolutely tamper-proof.

Blockchain technology, renowned for its capability to maintain a shared and immutable ledger of transactions, emerges as the ultimate answer to meet the rigorous security requirements while simplifying the process of digitizing academic credentials. Smart Contracts, seamlessly integrated into the blockchain, form the backbone of credential issuance and authentication. The resulting digital certificates can be effortlessly shared with relevant entities, offering the added benefit of real-time re-verification of their authenticity within the same blockchain network. By deploying the blockchain across multiple nodes, each owned by specific stakeholders, we guarantee that no single individual can manipulate or issue credentials without unanimous consensus.

Our project, aptly named VeriCert, embodies this methodology to issue verifiable certificates to students within an institution. What sets VeriCert apart is its self-sustained model, allowing each institution to take full ownership of the system without external dependencies. In an era marked by rapid digitization, VeriCert offers a secure, efficient, and institution-centric approach to academic credential management, setting new standards for trust and verification.

Introduction

Credential Verification Overview: Credential verification encompasses checks such as education, employment, licenses, and certificates. Candidates often submit falsified qualifications or fall victim to illegitimate institutions during recruitment.

Key Reasons for Verification

  • Legitimacy Assessment: Thorough investigation is essential for candidates with diverse educational backgrounds.
  • Legal and Financial Risks: Inadequate qualifications can pose significant legal and financial risks.
  • Resource Efficiency: Hiring unqualified individuals wastes time and resources.
  • Reputation Protection: Unqualified personnel can harm an organization's reputation and client relationships.

Challenges in Certification

  • Susceptibility to Damage: Paper certificates are easily damaged, lost, or misplaced, especially during disasters.
  • Inflexibility for Changes: Editing paper documents is time-consuming and less flexible compared to digital copies.
  • Time-Consuming Manual Processes: Manual certificate distribution is laborious and time-consuming.
  • Security Concerns: Paper certificates are less secure and can easily fall into the wrong hands.
  • Higher Costs: The use of paper documents incurs ongoing costs for ink, paper and the special security features.

Objective

The primary objectives of the 'VeriCert' project are as follows:

  1. Efficient Certificate Issuance: Develop a secure and streamlined process that allows authorized users to issue certificates to eligible candidates with ease and speed.

  2. Seamless Certificate Sharing: Enable certificate recipients to seamlessly share their credentials with potential verifiers, ensuring a transparent and efficient exchange of information.

  3. Immutable Certificate Verification: Implement a blockchain-based verification system that allows any user to verify the authenticity of issued certificates by checking their hash on the blockchain, thus ensuring tamper-proof verification.

  4. Scalability for Multiple Organizations: Create a versatile blockchain architecture that supports the creation of blockchain clones without data, ensuring adaptability for multiple organizations with similar verification requirements.

History

Manual Certificate Verification

Manual certificate verification, a traditional approach to validating certificates, has long been a fundamental method for confirming the authenticity of academic credentials. This process relies on a dedicated team of individuals responsible for meticulously examining submitted documents.

In the manual certificate verification process, experts within the department carefully assess these documents to ensure their legitimacy, leaving no room for error in the confirmation process. Any signs of forgery or misrepresentation on the part of the candidate are met with appropriate actions and consequences.

The implementation of manual certificate verification primarily involves the careful examination of historical records and documentation within an organization. This method operates without the need for additional software or complex setups, making it a straightforward and autonomous process.

However, manual certificate verification comes with inherent limitations. The human element introduces the risk of errors, potentially leading to false verifications. Moreover, the process is often time-consuming, requiring a substantial workforce and significant effort.

Manual certificate verification, while a trusted approach in the past, has encountered challenges that necessitate exploring more efficient and secure methods for the validation of academic credentials.

Existing Solutions

Blockcerts

Introduction:

Blockcerts is an open standard designed for the creation and verification of blockchain-based official records. These records encompass a wide range of applications, including certificates for civic records, academic credentials, professional licenses, and workforce development. Blockcerts comprises open-source libraries, tools, and mobile applications, fostering a decentralized, standards-based, recipient-centric ecosystem. This ecosystem enables trustworthy verification through blockchain technologies while promoting the adoption of open standards. Blockcerts is committed to the principles of self-sovereign identity for all participants and empowers recipients with control over their claims, facilitated by user-friendly tools such as the certificate wallet mobile app. Additionally, it emphasizes the availability of credentials without single points of failure, enhancing accessibility.

Implementation:

Blockcerts is built upon the Bitcoin blockchain, providing the capability for anyone to issue certificates that are verifiable by others. This innovative solution was developed by Learning Machine at the MIT Media Lab, offering an open-source software platform for issuing digital certificates. Users can leverage the tools provided by the software to efficiently create and issue certificates in batches. Recipients can accept these certificates and forward them to relevant entities for verification. The verification process takes place on the Bitcoin blockchain, where batches are scrutinized for authenticity and the presence of the certificate. Blockcerts Implementation Diagram

Merits:

  • Automation: The entire process of issuing, receiving, and verifying certificates is fully automated, significantly reducing the time required for each action.
  • Blockchain Security: The utilization of the Bitcoin blockchain enhances the reliability of the verification process.

Demerits:

  • Lack of Central Authority: Blockcerts lacks a central authority to prevent potential scammers from issuing duplicate certificates with identical credentials.
  • Cryptocurrency Dependency: The platform relies on the Bitcoin network as a proof of authenticity, allowing only individuals with access to it to issue certificates.

Digital Certificate Platforms

Credly:

Credly is a well-established platform that specializes in digital credentialing. It enables organizations to issue and manage digital badges and certificates, making it easier for recipients to share and showcase their achievements. Credly's platform is designed to enhance the credibility and recognition of digital credentials in various industries.

Accredible:

Accredible is another prominent player in the digital certificate platform space. It empowers organizations to issue secure and verifiable digital certificates and badges. Accredible's platform is known for its user-friendly interface and customization options, allowing organizations to create a branded and engaging certificate experience for their recipients.

Merits:

  • Efficient Credential Management: These platforms simplify the process of issuing, distributing, and managing digital certificates, reducing administrative burdens.
  • Recipient Engagement: Digital certificates from platforms like Credly and Accredible enhance recipient engagement by providing a visually appealing and shareable representation of achievements.
  • Verification: Recipients and third parties can easily verify the authenticity of digital certificates, reducing the risk of credential fraud.

Demerits:

  • Cost Considerations: Depending on the scale and features required, there may be associated costs for using these platforms.
  • Centralization: Digital certificate platforms are centralized services, which can pose challenges in scenarios where decentralization is desired.
  • Lack of Ledger: These platforms may lack a ledger, making it difficult to trace if a certificate was ever modified by a malicious entity, which can be a security concern.

Solution

Proof-of-Authority Blockchain System for Certificate Verification

An Overview of the Proposed System

The proposed system leverages a private Ethereum blockchain built on the Proof-of-Authority (PoA) consensus algorithm. Stakeholders in the blockchain network are categorized into three distinct roles:

  1. Issuers: Typically, the management of educational institutions or organizations with the authority to issue certificates.
  2. Receivers: Students or employees for whom certificates are issued.
  3. Verifiers: Employers, admission departments, or other entities responsible for verifying certificates issued to receivers.

The core concept involves granting issuers and receivers access to the blockchain through designated accounts. Issuers possess the authority to generate and add certificates to the blockchain, while receiver accounts serve as the value to the owner key, ensuring certificate ownership verification. Verifiers access a web interface that retrieves blockchain data for certificate integrity verification.

Proposed System Architecture

Proposed System Mind Map

Mind Map

Process of Verification

Documents are converted into hashes, and these hashes are stored in the blockchain using transactions. Verification involves checking if the hash of a specific document exists in the blockchain.

Verification Process

Private Blockchain

The proposed system employs a private blockchain, characterized by its permissioned nature and centralized control by a single organization. Access to these blockchains is restricted, ensuring data is accessible only to authorized individuals. Notable examples include Hyperledger Fabric, known for its efficiency and faster transaction processing.

Hashing

Hashing plays a crucial role in the blockchain, serving as a fingerprint of data and ensuring its originality. The Bitcoin hash algorithm used is SHA-256 (Secure Hashing Algorithm), producing a fixed-length 256-bit output. Hashing enhances data security and authenticity.

Consensus

Consensus algorithms are vital for achieving agreement among peers in a blockchain network. The proposed system adopts the Proof of Authority (PoA) consensus, which emphasizes identity verification over computational power.

Proof of Authority (PoA)

PoA is a permissioned consensus mechanism where validators are verified and selected to generate new blocks. PoA provides high performance and fault tolerance, making it suitable for private and public networks. It leverages the reputation of validators rather than cryptocurrency staking.

Tools and Technologies

  • Hyperledger Besu: An enterprise-friendly Ethereum client supporting various consensus algorithms, including PoW and PoA.
  • Ethereum Lite Explorer by Alethio: A client-side web application for Ethereum blockchain data visualization.
  • Solidity: A high-level, object-oriented language for writing Ethereum smart contracts.
  • Web3-eth: A package for interacting with Ethereum blockchains and smart contracts.

Implementation

Prototype Implementation

Overview

The following section provides a brief overview of the prototype implementation of the VeriCert system. This prototype serves as a proof of concept to demonstrate the practical application of the proposed solution. The prototype utilizes an IBFT 2.0 (Proof of Authority Consensus mechanism) blockchain built over Hyperledger Besu.

Key Operations

The prototype allows the following key operations:

  1. Certificate Generation: Issuers, who possess the authority, can initiate the certificate generation process using smart contracts. This operation results in the creation of a certificate on the blockchain.

    Contract Call:

    veriCertContract.generateCertificate(hash, certData.publicKey);

    Contract Response:

     {
         nonce: 0,
         gasPrice: BigNumber {_hex: '0x03e8', _isBigNumber: true},
         gasLimit: BigNumber {_hex: '0x055643', _isBigNumber: true},
         to: '0x30753E4A8aad7F8597332E813735Def5dD395028',
         value: BigNumber {_hex: '0x00', _isBigNumber: true},
         data: '0xe900dff70000000000000000000000000000000000000000000000000000000000000040000000000000000000000000ade4ebe5a83858d68c2f2759bfeeabec3793521e000000000000000000000000000000000000000000000000000000000000004061636638643964656336393635633232383935646463653032646434313337d7c3f0676f110d6496d4dda20997665f3',
         chainId: 1337,
         v: 2709,
         r: '0x7cf07f5e941bcd8affa795ab3314204f1f4482f0365c375ca22885d404e3ed76',
         s: '0x0b7d44f1c54156ea3c8eaa12346adfcfb0cf6a0773d71943486fdf539c1e70fa',
         from: '0xFE3B557E8Fb62b89F4916B721be55cEb828dBd73',
         hash: '0x31792cd1831fc07e1a41bd07faa0c00f73147f696e6fbc988b21205408cc8d52',
         type: null,
         confirmations: 17,
         wait: [Function (anonymous)]
    }
  2. Certificate Validation: The system enables the verification of certificate authenticity. This operation returns a boolean response, indicating whether the certificate is valid or not.

    Contract Call:

    veriCertContract.isCertificateValid(certHash, address);

    Contract Response:

    false
  3. Listing Issued Certificates: Issuers can view a list of certificates they have issued. This operation retrieves the certificates issued by the issuer's wallet.

    Contract Call:

    veriCertContract.getIssuedCertificates();

    Contract Response:

    ["acf8d9dec6965c22895ddce02dd4137d7c3f0676f110d6496d4dda20997665f3"]
  4. Listing Owned Certificates: Certificate recipients can view the certificates they own. This operation fetches the certificates associated with the owner's wallet.

    Contract Call:

    veriCertContract.getOwnedCertificates();

    Contract Response:

    ["acf8d9dec6965c22895ddce02dd4137d7c3f0676f110d6496d4dda20997665f3"]
  5. Listing Holding Certificates: Certificate holders can view the certificates they are holding. This operation retrieves the certificates held by the holder's wallet.

    Contract Call:

    veriCertContract.getHoldingCertificates();

    Contract Response:

    ["acf8d9dec6965c22895ddce02dd4137d7c3f0676f110d6496d4dda20997665f3"]

Block with a transaction as seen on the explorer. Explorere Screenshot

Outcomes

The prototype demonstrates the core functionalities of the VeriCert system, including issuing, validating, and managing certificates on the blockchain. While this implementation is a simplified representation of the full system, it serves as a tangible proof of the concept's viability.

Please note that this prototype is a starting point and is expected to evolve into a fully functional system over time.

Smart Contract

Solidity File
VeriCert.sol
pragma solidity >=0.4.22 <0.9.0;
 
contract VeriCert {
struct Certificate {
address owner;
address issuer;
address holder;
uint256 timeStamp;
}
 
    mapping(address => string[]) issuerCertMap;
    mapping(address => string[]) ownerCertMap;
    mapping(address => string[]) holderCertMap;
    mapping(string => Certificate) certificatesMap;
    mapping(string => bool) certificateExists;
 
    function generateCertificate(string memory certId, address owner) public {
        //can add another check for the issuer to be available in the permissioned accounts
        require(
            certificateExists[certId] == false,
            "An equivalent certificate exists already."
        );
        require(!(owner == address(0)), "Owner address should be valid");
        Certificate memory certificate = Certificate(
            owner,
            msg.sender,
            owner,
            block.timestamp
        );
        certificateExists[certId] = true;
        certificatesMap[certId] = certificate;
        issuerCertMap[msg.sender].push(certId);
        ownerCertMap[owner].push(certId);
        holderCertMap[owner].push(certId);
    }
 
    function generateCertificateBatch(
        string[] memory certIds,
        address[] memory owners
    ) public {
        //can add another check for the issuer to be available in the permissioned accounts
        uint256 l = certIds.length;
        for (uint256 i = 0; i < l; i++) {
            string memory certId = certIds[i];
            address owner = owners[i];
            require(
                certificateExists[certId] == false,
                "An equivalent certificate exists already."
            );
            require(!(owner == address(0)), "Owner address should be valid");
            Certificate memory certificate = Certificate(
                owner,
                msg.sender,
                owner,
                block.timestamp
            );
            certificateExists[certId] = true;
            certificatesMap[certId] = certificate;
            issuerCertMap[msg.sender].push(certId);
            ownerCertMap[owner].push(certId);
            holderCertMap[owner].push(certId);
        }
    }
 
    function transferCertificate(string memory certId, address newHolder)
        public
    {
        require(
            msg.sender == certificatesMap[certId].holder,
            "Only the current holder has the ability to transfer the certificate."
        );
        address oldHolder = certificatesMap[certId].holder;
        deleteCertificateFromHolderList(certId, oldHolder);
        certificatesMap[certId].holder = newHolder;
        holderCertMap[newHolder].push(certId);
    }
 
    function deleteCertificateFromHolderList(
        string memory certId,
        address oldHolder
    ) internal {
        uint256 l = holderCertMap[oldHolder].length;
        for (uint256 i = 0; i < l; i++) {
            if (areStringsEqual(holderCertMap[oldHolder][i], certId)) {
                holderCertMap[oldHolder][i] = holderCertMap[oldHolder][l - 1];
                delete holderCertMap[oldHolder][l - 1];
            }
        }
    }
 
    function getOwnedCertificates() public view returns (string[] memory) {
        return ownerCertMap[msg.sender];
    }
 
    function getIssuedCertificates() public view returns (string[] memory) {
        return issuerCertMap[msg.sender];
    }
 
    function getHoldingCertificates() public view returns (string[] memory) {
        return holderCertMap[msg.sender];
    }
 
    function isCertificateValid(string memory certId, address ownerAddress)
        public
        view
        returns (bool)
    {
        if (certificateExists[certId] == true) {
            return certificatesMap[certId].owner == ownerAddress;
        }
        return false;
    }
 
    /**------------------------------
            Helper Functions
    ---------------------------------*/
 
    function areStringsEqual(string memory a, string memory b)
        internal
        pure
        returns (bool)
    {
        if (keccak256(abi.encodePacked(a)) == keccak256(abi.encodePacked(b))) {
            return true;
        }
        return false;
    }
 
}
 

Benefits and Advantages

  • No Dependency on External Networks: VeriCert operates independently without relying on external networks, ensuring consistent and reliable performance.

  • No Need to Spend on Transaction Fees: The system eliminates the need for transaction fees, reducing operational costs for all stakeholders.

  • No Scope for External Malicious Activity: By operating on a private and secure blockchain, VeriCert minimizes the risk of external malicious activities, ensuring data integrity.

  • Scalable and Replicable: The system is designed to be scalable and replicable, making it suitable for deployment across multiple institutions and organizations.

Challenges and Risks

1. Embracing Emerging Technology with Deployment Risks

VeriCert relies on cutting-edge blockchain technology, which, like any new technology, may pose deployment challenges and potential errors during the initial stages.

2. Single-Point Data Encryption with Risk of Passphrase Loss

Individual data security relies on a single private passphrase. Forgetting this passphrase can result in data loss, making data recovery a complex endeavor.

3. Learning Curve for Issuers

Adapting to the new system may require issuers to navigate a learning curve, potentially leading to initial challenges during the transition.

4. Time and Effort Needed for Trust Establishment and Validations

Establishing trust in the system and its validation processes may demand time and effort, particularly in the early stages of implementation.

Future Developments

1. Development of a Comprehensive Client-Side Application

Our next milestone involves creating a full-fledged application accessible through web and mobile platforms for end-users. This user-friendly application will enhance the certificate issuance and verification process.

2. Deployment of a Robust Proof-of-Authority (POA) Blockchain

To further strengthen the system's infrastructure, we plan to build a dedicated POA-based blockchain over Hyperledger Fabric. This blockchain will be deployed on the cloud, ensuring scalability, security, and optimal performance.

3. Initial Deployment for Events and Competitions

Our initial deployment phase will focus on serving a select group of institutions and organizations. We will begin by issuing certificates for events and competitions. This phased approach allows us to build trust and validate the system's performance.

4. Transition to Vital Credentials

Once the system demonstrates its reliability and earns the trust of users, we will expand our services to cover more critical credentials, such as degree certificates. This strategic progression ensures that the system's infrastructure is robust and dependable before handling vital academic qualifications.

These future developments underscore our commitment to enhancing VeriCert's capabilities and extending its value to a wider range of users and organizations.

Conclusion

In a world where academic and professional credentials play a pivotal role in shaping one's career, the need for a secure, efficient, and scalable system for credential verification is paramount. VeriCert, our innovative blockchain-based solution, is designed to address the persistent challenges associated with academic credential verification.

Our private Ethereum blockchain, powered by the Proof-of-Authority consensus algorithm, offers a decentralized yet secure environment for issuers, receivers, and verifiers. By providing dedicated accounts to each stakeholder, we ensure a reliable and tamper-proof system for issuing, sharing, and verifying certificates.

The advantages of VeriCert extend beyond security and efficiency. It significantly reduces the carbon footprint associated with traditional paper-based certificates, saving valuable resources. Furthermore, VeriCert is poised to eliminate the threat of fake credentials, benefiting institutions, employers, and candidates alike.

As we progress, we look forward to enhancing VeriCert with comprehensive user-friendly applications and building a robust blockchain infrastructure over Hyperledger Fabric. Our phased approach, starting with events and competitions, will lead to the secure verification of essential academic qualifications.

In conclusion, VeriCert is set to revolutionize the world of academic credential verification, making it faster, secure, and eco-friendly. With a commitment to innovation and trust, VeriCert is well-positioned to meet the evolving needs of educational institutions, employers, and individuals in an increasingly digital world.

References

  1. MIT Media-Lab, "Building the digital credential infrastructure for the future", 2019. (opens in a new tab)
  2. Urogulf Certificate Verification (opens in a new tab)
  3. Blockcerts - About (opens in a new tab)
  4. Coursera Blog - The Anatomy of a Verified Certificate (opens in a new tab)
  5. Vitalik Buterin, "A next generation smart contract & decentralized application platform", 2013. (opens in a new tab)
  6. Hyperledger Besu - IBFT Consensus Protocol (opens in a new tab)
  7. Hyperledger Besu - Create an IBFT Network (opens in a new tab)
  8. GeeksforGeeks - Practical Byzantine Fault Tolerance (PBFT) (opens in a new tab)