“What would an academic degree look like if it were designed today? Or a professional certificate? Or a certificate for an online course? As the question of trusted verification and authentication of learning and credentials arises with increased urgency, we need to redesign the way we issue, recognize and transact with academic credentials.” Digital Credentials C.
The challenge of free access to certified digital credentials is a key issue, and is particularly relevant in the academic world, where several leading international projects are being developed. This challenge is meeting with the evolution of digital practices, the use of professional social networks, short trainings and micro-credentials to give rise to a booming issue: how to rethink credentials (diplomas, transcripts, badges, Open Badges, micro-certifications… )?
Beyond the technical aspects, the values of blockchain ecosystems meet those of the academic world: transparency, durability, free use of blockchain credentials by students. Faced with the use of this new technology, the issue of interoperability of solutions and standards is a key issue for the efficiency of the work and experiments underway.
In this article, we will discuss the major challenges of digital credentials: the role of private data, data storage, scalability, and emerging standards. We will detail the use case developed by BCdiploma, the first blockchain credentials ecosystem in production with almost a hundred universities and schools in +16 countries.
Digital Credentials: state of play
Digital Credentials: definition
Digital credentials are forgery-proof, verifiable and 100% digital certificates. They are the digital equivalent of paper certificates. We all know the paper versions of passports, driver’s licenses, diplomas, training certificates, titles of ownership, etc. Imagine a digital version of these documents that can be verified online and cannot be falsified… you get a digital credential! Of course, to be recognized by everyone as documents or data with probative value, standardization and education work is necessary. This work of standardization is led by the W3C, as for the education work, please read this article!
Here are the keywords to describe a digital credential:
- verifiable online, without third party interrogation;
- usable without time limit if not revoked;
- usable on any platform using the Verifiable Credentials standards (W3C).
Digital Credentials Solutions: predictions
The International Council for Open and Distance Education (ICDE) has over 190 institutional members from over 70 countries, speaking over 40 languages, impacting over 15 million students across 6 continents.
Here is the analysis of the ICDE Working Group Report on the Present and Future of A. Digital Credentials (ADCs) :
ICDE institutional members will be profoundly influenced by the shift in importance from traditional forms of learning attestation to the new forms embodied by Digital Credentials. First, the demonstration of acquired skills and knowledge will be more important than where or how the learning occurred. Second, students will be the owners of their Digital Credentials and will have control over dissemination. Currently, institutions control the dissemination of academic transcripts and effectively limit public access through transcript fees and restrictions on the student data they are allowed to release. The advent of secure, un-hackable authentication processes will make Digital Credentials as, or even more secure, than traditional transcripts.
The ICDE Working Group Report on the Present and Future of A. Digital Credentials (ADCs) made the following predictions:
- Blockchain will disrupt the market in student information systems.
- Blockchain technology will become the standard underlying technology for the issuance of Digital Credentials.
- Blockchain technology will accelerate the end of paper-based certification systems.
International initiatives of Digital Credentials
The subject of blockchain digital credentials is addressed by many actors:
- European Commission – European Blockchain Partnership – EBSI: the European Blockchain Services Infrastructure, which has a budget of €4M, has dedicated one of its four application cases to the issue of digital credentials. “Giving control back to citizens when managing their education credentials; significantly reducing verification costs and improving authenticity trust.”
- Digital Credentials Consortium – a consortium of universities including MIT and Harvard University, is conducting open source work towards an open and standardized ecosystem. “Our mission is to create a trusted, distributed, and shared infrastructure that will become the standard for issuing, storing, displaying, and verifying academic credentials, digitally.” (DCC white paper).
- In the world of private companies, BCdiploma, a French company created in 2017, is the blockchain credentials ecosystem with the largest number of institutions: nearly 100, from 4 continents. BCdiploma has patented a method that combines cryptography and blockchain, and markets a turnkey solution enabling any institution to issue latest-generation blockchain credentials.
Digital Credentials: standardization
The mission of the Verifiable Credentials Working Group (VCWG, W3C) is to facilitate and secure the expression and exchange of third-party verified credentials on the Web. This specification provides a mechanism for expressing such credentials on the Web in a way that is cryptographically secure, privacy compliant, and machine-verifiable.
The data model for verifiable credentials is a World Wide Web Consortium Recommendation, “Verifiable Credentials Data Model 1.0 – Expressing verifiable information on the Web” published on November 19, 2019.
Now in beta phase, these standards are being implemented by the Digital Credentials Consortium, EBSI and BCdiploma.
Challenges faced while implementing Digital Credentials Solutions
We can select four major challenges related to the adoption of blockchain digital credentials: for each, the research work of BCdiploma will be presented.
Data “on chain” or “off chain”?
We can observe this injunction in a lot of invitations to tender: “no storage of personal data on chain”.
BCdiploma’s approach allows us to think differently about the problem at hand. We observe that the difficulties of scaling up and the difficulties of designing and creating a standardized ecosystem of digital credentials are increasing, whether it is the Digital Credential Consortium, Blockcerts or EBSI, around the question: how to store credential data? In each holder’s wallet? In Secure Data Stores (Encrypted Data Vaults)? etc.
For BCdiploma, this issue is central and must be addressed first. So, our first R&D subject, now patented, was: “How to store, secure and authenticate data from a digital credentials register in a decentralized environment and then access it in one click – all in compliance with the GDPR?“.
To sum up: we stored the encrypted data directly on a perennial and secure register. This storage is carried out once and for all, which allows the issuers to manage and exploit this data over time. We use symmetrical cryptography (AES 256 GCM) to manage all issues relating to access to this data and respect for confidentiality.
What are we trying to do? We promote a technology that is non-adherent to data models, capable of adapting to changes in standards and output formats expected for digital credentials.
The innovation of BCdiploma is that the output format (to be compatible with the W3C VC on-line verifier, Open Bagdes on-line verifier, EBSI standard etc…) is a feature that can be developed on demand, from certified raw data.
Legal & Data privacy and security
EU’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act of 2018 (CCPA) may impose limitations on how personal data is transacted on the blockchain.
We invite you to read the complete research note published by the jurist Aurélie Bayle: “Digital Credentials: legal proof and data privacy”.
The right to be forgotten is not the only modality of the GDPR that is intended to apply, but it is instinctively one of the first questions that arise when it comes to blockchain. The compliance demonstrated by BCdiploma is a guarantee of credibility and responsibility towards its clients and partners.
Scalability and energy policy
The relatively slow speed of blockchain transactions may impose bottlenecks when it comes to scaling blockchain-in-education solutions worldwide. The issue of energy consumption is also a key point to monitor in order to develop the technology on a large scale.
BCdiploma handles this challenge in an extremely advanced way, being the first “multi-blockchain” application: the application interacts with different public or consortium blockchains. It allows it to:
- respond to institutional projects that wish to work on their own consortium blockchain, for ecological issues among others.
- be able to optimize writing costs by arbitration between different public blockchains, and thus to offer an unequalled level of durability to these users.
Indeed, blockchain technologies are evolving rapidly, and the stability of a blockchain ecosystem depends on its ability to keep pace with these changes without jeopardizing the data already published and the framework components.
Market adoption and UX design
Lack of knowledge on how to harness the potential of blockchain-in-education solutions may lead to a slow market adoption of such innovations. However, the key point could be the ease of use of blockchain applications.
To address this point, BCdiploma has built a product with a “data centric” & “user centric” approach. We are freeing ourselves from the management of “data hash” which leads to a centralization or complexification of verification procedures. This makes our solution new compared to traditional blockchain applications on the market.
The BCdiploma tool is very easy to use and to interface with management tools (it accepts all data models), and the digital credentials by BCdiploma is:
- a nice “web object” designed by the issuer;
- accessible in one click;
- verified by a simple on chain consultation of proofs of authenticity.
An example of how a Digital Credentials Solution works
How does it work
The BCdiploma (Blockchain Certified diploma) solution allows the certification of credentials by direct storage on the blockchain. It is based on a blockchain framework that guarantees the authenticity of the data stored and the respect of confidentiality.
The application, which controls access to the blockchain, as well as the writing and reading of data, is a DApp (decentralized application). The BCdiploma DApp integrates all the features required by the solution and provides users (institutions, graduates, recruiters) with ease of use.
The BCdiploma DApp was developed to enable :
- Reading and writing data in the blockchain;
- The encryption of data in order to respect the right of personal data;
- Storage of encryption keys;
- Data visualization (multilingual diplomas) from a simple url link that can be shared by the graduate.
Three types of blockchain credentials users
Appendix 1 – The three types of users
The BCdiploma solution addresses three types of users:
- For academic institutions (ISSUER): Each new institution has its identity verified upon registration by third party validators. Once its identity has been verified, the institution has a certified address on the Ethereum blockchain and can upload its diplomas with the BCdiploma DApp (operating in the cloud) deployed as a SaaS solution. The data of the submitted diplomas are then automatically encrypted by the solution and registered on an EVM-blockchain transaction, Ethereum or Smart Chain for example. The key to decrypting the data is divided into three parts: one for the institution, one for the graduate, and a last one, called “persistence”, stored in a keystore. The storage of the diploma then generates a unique and secure url link that the institution sends securely to the graduate concerned. Finally, the application sends a completion report to the issuing institution.
- For graduates (LEARNER): each graduate is assigned a unique url link to his/her diploma. The encryption key is included in the url and allows access to the data. The graduates are free to share this url link at their discretion: they can choose to send it only to recruiters or to share it on a social network such as LinkedIn to prove the authenticity of their diploma. If they wish, the graduates can use their right to be forgotten to make the diploma indecipherable by removing the associated persistence key.
- For recruiters (or third parties consulting the certificate – VERIFIER): Having the url of the diploma allows recruiters to directly verify its authenticity. The visualization of the diploma is done via the “Reader” app, brick of the DApp of BCdiploma. This makes it possible to verify the authenticity of the diploma and its validity. At each reading, a set of verifications are automatically carried out, and can be checked on the blockchain: validity of the authorizations of the issuer of the data, non-deletion of the diploma, authorized display area. All the data accessed is read in real time on the blockchain: BCdiploma is the only player mastering this process.
Blockchain credentials users journey
Appendix 2 – Blockchain Credential issuers user journey
Appendix 3 – Graduates and third parties’ journey
Compatibility with Open Badges, Verifiable credentials and DID standards
Interoperability between standards and ecosystems is one of the major challenges for the coming years. BCdiploma allows you to embark on the blockchain adventure with a framework that offers, by design, compatibility with open standards, whether they are already in use as Open Badges, or in the process of being implemented, such as Verifiable Credentials.
How does it work? The BCdiploma technology provides one-click access to certified and stored data, but without imposing a fixed data model. Each issuing institution is free to use its own data model.
When the data model used is compatible with the desired standard (Open Badges or Verifiable Credentials), the online blockchain certificate, called blockchain digital credentials, is recognized by the services or platforms using this standard. In other words, BCdiploma addresses the dual challenges of storage and exchange format. The Open Badges by BCdiploma product has been certified by IMS Global.
Of course, the key question remains the use of decentralized DID identifiers to link the identity of the certificate holder to the credential. The development of the decentralized identity systems is ongoing, and BCdiploma interacts with these DIDs by enabling the cryptographic signature of the Digital Credential by its holder, via the DID.
BCdiploma thus received a grant from EBSI to implement this system based on the DID of the European EBSI Blockchain.
Technical aspects of the blockchain credentials solution
The public blockchain is an efficient tool for the development of certification and notarization solutions. Its intrinsic property of distributed trust ensures the immutability of the registered data. In addition, it facilitates the creation of smart contracts, real contracts that are automatically performed after all the parameters have been checked.
However, there are three key issues in the use of the blockchain to build a solution for the general public to certify academic documents:
(i) How is the data issuer identity ascertained?
(ii) How is the GDPR complied with?
(iii) How is it possible to view a blockchain certificate immediately, i.e. without complex or centralized verification manipulation?
By answering these three questions, the BCdiploma solution enriches the state of the art. In 2018, the company filed a patent describing its process, which was granted on first reading and in its entirety in the US in July 2020.
There are components deployed on EVM blockchains, an application part and key registries deployed in the Microsoft Azure cloud.
- On the blockchain: BCdiploma’s main smart contract is deployed on the Ethereum blockchain, and its Identification, Validation and Publication methods help to answer the question (i) How is the identity of the data issuer verified?
Appendix 4 – Main features of the smart contract
- In the Cloud: the web part of the application, including the cryptographic algorithm enabling data encryption, is deployed in the Cloud. The algorithm allows to answer the question (ii) How is the GDPR complied with? In this regard, the Legal Opinion from the law firm Alain Bensoussan confirms the adequacy between the original process of BCdiploma (use of a persistence key allowing to “cut” definitively the access to the data) and the constraints of the GDPR.
Appendix 5 – Cryptographic algorithm
In addition, the “Reader App” component allows one-click access to certificates and their proofs, thus answering the question (iii) How is it possible to view a certificate blockchain immediately, i.e. without complex or centralized verification manipulation?
In this regard, the details of the evidence accessible from the certificate are described here – https://www.bcdiploma.com/faq.htm :
Appendix 6 – Proof of authenticity accessible from a BCdiploma certificate
- In addition, key registries (including HSM) offering secure management of the 3 cryptographic keys allow access to the certificate and its “deletion” (in the sense of “permanent impossibility to decrypt the data”).
In the face of any technological revolution, the key question remains: does it benefit the parties and user communities? Does this lead to dependency on third party actors or a centralization of data that can be exploited for other purposes?
The great value of blockchain digital credentials lies in the answers to these questions.
For the first time, digital credentials can be freely presented by their holders without the need for external verification. Considering that the background checking market is worth more than 3 billion dollars, it’s a breakthrough!
The institutions of higher education benefit from several advantages: the end of fake diplomas, the end of requests for duplicates or provisional certificates. Not to mention the immediate benefits in the administrative process of issuing and sending credentials.
Finally (and most importantly), the credential data remains the property of each certificate holder: no centralization or exploitation by a third party is possible. Combined with unequalled durability (data is issued and secured for a very long period of time), we are definitely witnessing a major change in the way we work with academic data.