FAQ

Blockchain is a secure and transparent information storage and transmission technology. The data and all manipulations are irreversibly stored there in a register that can be accessed by everyone.

Thus, it allows to indicate 'who' wrote 'what' and 'when', and this in an indisputable way.

In particular, in the case of the BCdiploma solution, the blockchain is used to identify a certificate issuer by a unique address, which will be used to store and timestamp the certificate data over the very long term, thus eliminating the need for a centralized database.

The security of the blockchain is based on cryptographic algorithms. The register is stored and checked by a large number of computers running these algorithms, called "nodes" guaranteeing its integrity.

The certificate was issued by the Institution itself, from its own blockchain address. Only Institutions whose legal existence has been verified by a "validator" can use BCdiploma technology to issue Digital Credentials. The formal proof of this verification is itself written on the blockchain. The list of authorized institutions is available here.

All the data you see has been entered on the blockchain. It guarantees, by its very nature, that the data it contains cannot be modified.

The issuing Institution has declared on the blockchain the authorized site to display the data of its certificates. This information is publicly accessible from an open source blockchain explorer, and can be directly accessed from the certificate by clicking on the link of the blockchain address of the institution. For example, for the University of Lille, one can read directly on the blockchain in the “host” field that “univ-lille.fr” is the domain on which the attestations should be displayed.

Reading the issuer's information on the blockchain can indeed seem complex. It has the flaw of its qualities: it allows for real-time consultation of information on the blockchain through an open source tool, called a 'blockchain explorer', without the need for a trusted intermediary, in full transparency. However, the information is raw and not formatted. On BCdiploma certificates, the third-party site mycrypto.com is used, which allows, with one click, to consult the blockchain address of the issuer and the domain name(s) they have authorized for viewing their certificates. To promote adoption and simplify the verification of certificates, BCdiploma provides an online verifier that automates the verification of elements publicly verifiable on the issuer's blockchain registry, without technical manipulation. Issuers can deploy this verifier on their own domain

Blockchain is a tool associated with technologies that are perceived as particularly advanced and complex. Nonetheless, implementing a blockchain-based credential issuing and verification solution is anything but unnecessary or disproportionate. Considering diplomas and certificates and their digitalization, note that:

• The phenomena of fake diplomas and diploma mills are no small problem, quite the contrary. The global fake diploma market is today worth over 500 million US dollars, and, therefore, a credential verification market, of over 4 billion US dollars, continues to develop in response to this growing problem (Allen Ezell et John Bear, Degree Mills: The Billion-dollar Industry That Has Sold Over A Million Fake Diplomas).
• The e-administration sector is booming and pushing higher education and training to digitize all of its processes, including, naturally, the issuing of diplomas and certificates.
• Blockchain technology is widely recognized as a first-class solution in responding to the global trend towards digitalization and the security issues that it entails.

Initially used in the financial world, blockchain technology has since begun to conquer other sectors that have everything to gain from it. Its fundamental properties of durability, security and immutability, are qualities naturally sought after for the digitalization of such important documents as diplomas, certificates and credentials.

The blockchain is rightly considered a complex technology to use, but our know-how and goal consist of absorbing this complexity to leave only the best of its qualities to users, regardless of their technical skills.

Well, the problem of fake diplomas has existed for centuries, just as solutions trying to mitigate the problem. Such solutions include background checking procedures, centralized national platforms, online directories of institutions, and so on.

However, with the increasing use of digital technology, the problem of fake diplomas is evolving, so the solutions on offer have to do so too. This is where BCdiploma comes in, which came about precisely because none of the previous solutions, including the most recent solutions based on digital vaults or electronic signatures, have succeeded in adapting themselves effectively to the higher education sector.

While blockchain technology may not be the only possible solution, it is unquestionably the most natural solution to solve the problem of fake diplomas. Its intrinsic properties of security, durability and immutability, not to mention its other more innovative features, which are arousing great interest in its adoption, make it the ideal foundation for the secure digitalization of diplomas, certificates and credentials. This is why the ecosystem established by BCdiploma now lists the largest number of public and private higher education institutions using a blockchain protocol in production.

Consulting certificates from the issuer's domain is interesting: it increases trust while highlighting the issuer's website and brand during consultation. However, the domain name alone cannot guarantee the authenticity of a certificate. Firstly, it's important to remember that a domain name can change, especially over the long periods during which certificates must remain valid (e.g., 50 years for diplomas). In such cases, what will attest to the correct domain of the issuer? What will become of the certificates issued on the old domain? Furthermore, an issuer's domain name can be a victim of 'phishing': its content can simply be copied to a fraudulent site, and even be subject to 'typosquatting' (published on a similar domain). While the blockchain does not fully solve the problem of phishing (which, by the way, goes far beyond the scope of digital certificates), it allows issuers to record, on a transparent and decentralized ledger, the domain name(s) on which its certificates are valid, thus enabling verification to be carried out 'manually' or in an automated manner, over the long term.

Digital vault technology can certainly be used to secure documents, such as the PDF version of a diploma or certificate. An operator authorized to archive the documents “for verification purposes” can thus host them on its own secure servers. The principles of electronic timestamping, fingerprinting and signing can then protect the integrity of documents stored in this way. This technology, adopted in particular by the banking sector and certain large industrial groups, has not, however, been successfully implemented in the higher education market.

Several observations help explain the low rate of adoption of digital vault technology:

• Their usage implies a long-term dependence on the chosen service provider.
• The solution requires the creation and management of an account for each and every end user (in our case, students or trainees), which constitutes an enormous burden and obstacle to its implementation.
• The usage of the digital vaults does not make it easier at all for institutions wishing to simplify their processes for the issuing and verification of diplomas, certificates and credentials.

It is precisely such technological barriers that BCdiploma strives to remove entirely, in order to facilitate the adoption of digital systems for securing and sharing documents, diplomas and certificates. In fact, our solution:

• Does not require any long-term dependence on a single provider.
• Does not require the creation of an account for each and every student or trainee.
• Completely does away with the document management burden, as institutions can directly certify their own data, and allow verification of them on request, simply by the sharing of a link (URL).

Blockchain anchoring can indeed be used to authenticate a diploma. This involves depositing a proof on a blockchain, which is more precisely a 256 character fingerprint taken of the original data by means of a “hash”, or one-way encryption, of the data, using a Secure Hash Algorithm (SHA). This allows authentication of any copy of the data through a comparison of its hash with the hash of the original copy of the data, thus guaranteeing that no modification has been made to the data.

This method, which forms the basis of almost all blockchain applications used today, whether for document notarization or traceability, is theoretically applicable to digital diplomas, credentials and certificates. However, in practice, no project based on this model has been deployed on a large scale for digital diplomas. It is for this reason that Vincent Langard and Luc Jarry-Lacombe launched the 3videnZ project back in 2017, of which BCdiploma is a partner. With their first clients, ESCP Business School and the University of Nantes, they sought to put blockchain technology directly at the service of higher education institutions and their students.

The result was a patent published across 8 regions of the world, allowing students from over 170 institutions to access certified data stored on a decentralized network, in just one simple click. Unlike blockchain anchoring, which is difficult to automate, this approach has made it possible to deploy a turnkey service now already adopted in over 20 countries around the world.

No, quite the opposite. This is where the solution proposed by BCdiploma comes into its own! Unlike the majority of digital services that everyone uses on a daily basis, BCdiploma is a decentralized application based on blockchain technology. Let us recall the difference between centralized and decentralized applications:

• A centralized service is based on a set of servers and databases that are the property of and under the control of a particular service operator. If the service operator one day ceases to operate the service, the user will no longer have access to either the service or its data. We are therefore all dependent, to a greater or lesser degree, on popular services, such as, for example, the Google cloud, including hosting, Gmail, Docs, Drive, Calendar, and so on.
• A decentralized application, or “DApp”, is based on one or more components or programs deployed over a decentralized network, such as smart contracts on a blockchain. These programs are then autonomous in the wild, with no time limit or expiry. It is therefore impossible for a public blockchain to cease to exist, unless the tens of thousands of operators and users scattered around the world all decide by mutual agreement to stop their servers.

BCdiploma is a decentralized application based on smart contracts, which allows for the complete storage of authenticated data on a blockchain that guarantees access to the data at any time. Whatever happens to your supplier, the data of your Digital Credentials stored on the blockchain will always be accessible, and with them your diplomas, certificates and credentials!

Centralized national solutions, sometimes state-run, often do not address the issues of internationalization and mobility that higher education institutions face today. More and more students are studying or working in a country different from where they obtained their degree. The sharing and verification of these diplomas must be ensured by a service that is not limited to a single country and whose ease of use transcends borders. Indeed, diploma verification is not a national issue, but an international one.

We are already seeing the emergence of standards in favor of automation and standardization of diploma formats on a global scale, notably with verifiable credentials coded according to the recommendations issued by the W3C (World Wide Web Consortium), the implementation by the European Commission of the EBSI blockchain, and the creation of the Digital Credentials Consortium, which aims to implement W3C's recommendations.

Or, 'Institutions could just as well publish their diplomas on their own website by their own means, it's a matter of a few hours of development!'

Really? While it's easy to imagine an institution developing its own graduate directory and publishing it on its website by its own means, what about the actual implementation of this idea? While the development might seem very simple at first glance, here are some issues to consider before choosing this direction…

• How can the school itself guarantee the reliability of the data in one of its databases for a very long period (meaning that no one within the institution modifies, alters, or deletes the data)?
• Doesn't the fact that the certificates need to be preserved and secured over the very long term (> 50 years for diplomas), subject to changes in standards and regulations, require too significant resources, considering that they are not shared?
• What about, as with any publicly accessible software, compliance with current and future accessibility standards (e.g., RGAA, multi-device compatibility, etc.), data protection laws (GDPR), interoperability standards (VC/VP norms, Open Badges), etc.? What resources are required to ensure day-to-day compliance with these increasingly comprehensive and stringent standards, often specific to the world of Digital Credentials?
• What about ongoing maintenance (updating libraries, development, support for new browsers, bug fixes, etc.): what resources are needed to support them?
• What about managed services (updating servers, trust certificates, managing possible domain name changes) to have a high-availability solution and thus guarantee to graduates a service accessible 7 days a week, 365 days a year, everywhere in the world?
• What about the level of security, especially since the data is sensitive and highly coveted, therefore likely to attract the interest of hackers? BCdiploma regularly faces all types of attacks, including Distributed Denial of Service (DDoS) attempts with tens of millions of requests in a few minutes: are you prepared?
• What about multilingual management, compatibility with sharing on social networks? All these features are made available to users and need to be maintained over time.

Are all of these questions really within the core expertise of the issuing institution? What is its actual added value in their implementation?