ACC: Blockchain Based Trusted Management of
Academic Credentials
Md. Suman Reza
Computer Science and Engineering Dept. Computer Science and Engineering Dept.
Faridpur Engineering College, Bangladesh Faridpur Engineering College, Bangladesh Najran University , Saudi Arabia
suman.reza@fec.ac.bd sujitedu@fec.ac.bd
Mesfer Alrizq Anupam Kumar Bairagi
Information System Dept. Computer Science and Engineering Discipline
Najran University, Saudi Arabia Khulna University, Bangladesh
msalrizq@nu.edu.sa anupam@ku.ac.bd
Abstract—Justification of authenticity of academic credentials
is a very clumsy task from a global perspective. For digital
certificates to be widely accepted requires secure verifications of
the issuer, credential holders, and secure data sharing. Physical
verification and a traditional centralized digital system are
entirely viable for the current era. This paper proposes ACC, a
blockchain-based Academic Credentials Chain(ACC), for global
authenticity verifications and sharing. The proposed system
recognizes from a credential who is certifying whom. In the
proposed Blockchain network, a decentralized application allows
users to store their credentials data privately. The evaluation
results in proof of the feasibility, security and exhibits the level
of performance.
Index Terms—Blockchain, E-Health Systems, Digital Assets,
Access Control.
I. I NTRODUCTION
Credential (i.e., certificate, diploma) is a piece of any
document that details a qualification, competence, or authority
issued to an individual by a third party with a relevant authority
or assumed competence to do so. Sharing credentials is a secu-
rity and privacy concern [1]. Academic credentials signify and
provide information about who, issuing institution, the course
title, and the average result. Paper-based typical document
management faces many difficulties such as security of storage
space, security issues (i.e., losing, damage, mishandled, wrong
spelled, etc.), high cost, authentication justification, etc. These
manual processes often turned out to be inefficient, error-
prone, and time-consuming, but still, that was the overall
process in the absence of any other option. Statistics state that
the average employee uses 10,000 paper sheets in a year, 14%
of which is unnecessary [2] where workers spend an average of
50% of their time creating and preparing documents [3]. Hard
document based account issuing for more than 21% of daily
productivity loss [4]. 65% of staff experience challenges when
checking and approving office documents. 86% of employees
say that they usually experience difficulty searching for office
files when they need it [5]. Companies spend an average of
$20 to file and store paper documents [6]. 1
1 Sujit Biswas is the corresponding Author
Sujit Biswas1 Abdullah Alghamdi
Information System Dept.
abdulresearch@hotmail.com
Mehedi Masud
Department of Computer Science
Taif University, Saudi Arabia
mmasud@tu.edu.sa
Human Resource Department(HRD) rarely bothers to re-
view applicants’ educational records due to lack of credentials
details and asked for Curriculum Vitae (CV) as an additional
document. Moreover every paper certificate is vulnerable to
counterfeiting. In most cases, the quality of forged certificates
is practically the same as the original owing to the high-
tech printing and photocopying machines. [7] Technological
advancement has made it extremely easy to make a counterfeit
certificate. From a global perspective, it is not straightforward
to justify the authenticity of such records. Considering the
limitations leading institutions are trying to migrate typical
management to digitized certifications systems. Digital creden-
tials promise to make education more relevant by documenting
learning to empower people to plan, track, and share their
accomplishments in a secure and verifiable way. Digital man-
agement starts with the conversion of typical credentials into
digitized images. Such electronically converted (i.e., scanned
), a high-resolution digital copy is stored in a centralized server
along with indexed information such as reference number, who
belongs to, date created, and other academic achievements.
Such a traditional credentials management system primarily
uses a client-server system where files are stored locally or on
cloud-based servers. Electronic records management using this
centralized system carries a substantial security risk in various
ways, such as hacking by intruders, confidential company
information may end up in the wrong hands, etc. In addition, a
centralized electronic records management system poses risks
of a single point of failure, data security, data forking, etc.
It is also very challenging to allow restricted access of multi
parties (i.e., employers) without compromising privacy.
Distributed Ledger Technology (DLT) is becoming an im-
portant new direction to meet up the above challenges. It
allows to significantly reduce costs and enhance security where
there is a need for reliable and unchangeable documents.
Moreover, it eliminates the involvement of a third party that
reduces the cost and processing time where employers can
get secure access. As a well-known DLT, Blockchain is the
best choice for the applications. Blockchain is highly secure
because of its immutable ledger, while decentralized data
storage ensures data security. Peer-to-Peer (P2P) back-end net-
works approve every transaction using consensus technology
that enhances security one step more [8]. Smart contract-
based user-specific access control policy creates the best-fitted
technology for the credential management application.
This article contributes a blockchain-based credential man-
agement framework that stores traditional paper-based cer-
tificates in a distributed ledger. Besides certifications, it also
provides testimonials of a student, which is more important
for employers to justify track records. Furthermore, the con-
tribution allows multi-users access based upon rights that will
play a significant role in the production environment in the
following ways.
• Eliminates the third party for document verification that
cut off the cost.
• The documents are securely placed that only authorized
persons can access.
• Data becomes unalterable. It is practically impossible to
hack.
II. R ELATED W ORKS AND BACKGROUND
A. Related Work
OpenKM [9], a web-based document management system
store and manage their files and document using a cloud-
based system. It synchronizes with other devices and allows
access to files anytime and anywhere. LogicalDOC uses a
web-based user interface for file sharing, setting security
roles, and finding and auditing enterprise records and registers
[10]. These systems can improve efficiency by organizing all
of our files and making them accessible for anyone in the
organization to find. It also provides some essential features
like time savings, easy scaling, quick and easy document
retrieval, better regulatory compliance, and improved collabo-
ration. Data security is a vital part nowadays. As we have seen,
all these systems are cloud-based, and a third party handles
everything. As a result, valuable data may be compromised. In
2019, reports TechRepublic, the number of breaches increased
by 54%, 89% of which were outside attacks [11]. Jiin-Chiou
Cheng et al [12] developed a decentralized application and
designed a certificate system based on Ethereum blockchain
to avoid counterfeiting certificates. The system first generates
the electronic file of a paper certificate and then stores the hash
value created for the certificate in the Blockchain system. The
authenticity of the paper certificate is ensured by creating a
related QR-code and inquiry string code to affix to the paper
certificate. The system saves on paper, cuts management costs,
prevents document forgery, and provides accurate and reliable
digital certificates. However, risks exist because private data
is released on a public Blockchain. A. Gayathiri et al. [13]
proposed a solution to the problem of certificate forgery based
on Blockchain technology. The system converts the paper
certificates into digital certificates and stores the hash value
of the digital certificate. Finally, use a mobile application to
validate the certificate. Still, it is in public Blockchain, and
there is no mechanism to store the certificate image in any
storage area. Also, the admin registration mechanism is not
clear here. In [14], the authors designed a Blockchain-based
digital document verification that allows degree certificate and
testimonial verification. It allows verifying the uploaded file
of users by the authorized authority (i.e., school or university,
etc.) Their solutions suggest delivering the documents to a
third-party system for verification. Unfortunately, the third
party may compromise the records as well. Our proposed
architecture allows direct access of faculties to update the
regular records that create an extensive information system
for the alumni students. Moreover, we have designed the
architecture for best utilized for private Blockchain, which
overcomes the state-of-art challenges.
B. Background Studies
Blockchain(BC) started its journey as a decentralized, dy-
namic new technology introduced with bitcoin (a public BC)
in 2009. This technology is not only a single technique, it
is a combination of many techniques such as cryptography,
mathematics, algorithms and distributed consensus algorithms
[15]. Like an old fashion account book, a decentralized ledger
only adjusted to computer specifications that can send files
or blocks of information to all participating computer nodes
in a shared activity, bitcoin, banking, or e-government. In
Blockchain, data is distributed over many computers (nodes).
It is harder to hack than centralized networks because each
node receives the same information, and any tampering is
transparent to all nodes. Moreover, information once entered
is permanent and cannot be changed or removed. Each block
is identified with a hashtag that is signed and dated. If a
correction is entered, it appears next to the original entry.
Therefore, the issues of revision and update still need to be
addressed. Nowadays, without changing the basic principle
of BC, due to security reasons, commercial and industrial
applications are going to be migrated in private Blockchain
where only authorized users are eligible to access the data.
According to [16] academic credentials are significant as they
serve as an indicator of the human capital of their bearers. So
any fraud regarding this issue may cause a severe problem.
Blockchain-based management of such credentials can ensure
security and faster service as well as minimize the cost.
III. S YSTEM A RCHITECTURE
The architecture shown in Figure 1 comprised of three
sections such as Application section, Management section,
and Blockchain Section. The application section presents a
front-end application interacting with management server and
Blockchain network. Overall architecture provides support for
academic record management. Records might be two types
such as 1) academic achievements 2) certificates or diploma.
Academic achievements is recorded through instructors and
certificates might be issued a scanned version or system
generated version.
 Ma age e Se e

I c
E d e
I e
S de

Ad Off-c a S age B c c a Ne

A ca Sec Ma age e Sec B c c a Sec

Fig. 1: System Architecture

A. Application Section 1) Management Server: The management server serves as

a local server of an organization, such as a typical server of
The application comprises front-end supports for interacting
a university. It is also used as a store of a web application.
with the system and end-users. It allows users to show the
Besides application hosting services, it is also responsible for
different dashboards and restricted access based upon access
identity management and credential management. Manage-
rights. For example, the Administrator (System Admin) is
ment server reduces the dependency of a local organization on
responsible for adding users and their roles, instructors (Course
a Blockchain server. The management server approves every
Teachers) for academic record entry, moderators to validate
user registration using algorithm 1. It also works as a gateway
submitted records, students for viewing, and employers for
of the blockchain network, which means while transactions are
record justification. To access the system, all users need to
required to be executed in the BC network, the server prepares
register themselves using a unique identity that makes the
and makes it suitable to execute to network.
system very flexible in managing different data types. The
whole registration process and unique id generation technique • Identity Management: Management server is also re-

have been illustrated in the next section.
The application connects with peers with the help of the
Application Programming Interface (API) to access the ledger
and chaincode. API allows the application to invoke chaincode,
generate transactions, and execute a transaction to the network.
The invocation result is returned to the application after com-
pleting the process such as ordering, validation, and commit
to the ledger. Finally, the application executes chain codes
to query or update a ledger. Application is also linked with
off-chain storage, which is responsible for storing certificate
images. In addition, the application interacting with the man-
agement server provides the interface to process organization-
level data, such as class test scores, student’s semester-specific
achievements, etc.
B. Management Section
The management section comprises an organizational server
and off-chain storage. The server maintains web application
space and other identity management and registration pro-
cess. Off-chain storage is responsible for storing credentials’
scanned or soft images.
sponsible for unique identity generation for every user,
including students. Algorithm 1 presents the identity
registration and enrollment process, which is the crucial
stage for being a member of the network to get access to
the Blockchain network. As academic institutions hold
sensitive academic data, it is important to ensure the
access of the right person. In the proposed system, we
use a compound key in combination with the user’s
biometric data, personal id assigned by the organization,
and secret key. The user executes the registration request
Algorithm 1: User Registration
Input : (BioID, InsID, Pass) as registration request
Output: A newly registered user Un
1 Uid ← createU serId();
2 Kcompound ← hash(BioID, InsID, P ass);
3 (Kpub , Kpr ) ← generateKeys(setInf o);
4 Kpub → ∀Uwallet ;
5 Un
W allet
← createBlockChainW allet(Kpub , Kpr );
6 Un ← distributeW allet(n, Un
wallet
) |Un ∈ UN ;
 1. a da Re e 2) Off-chain Storage: As the certificate is an image, it
C e 7. T . E ec e
A
8. N f ca
BC
e
I c da
De a
Va
6.P e a e T f
f
2. Ge Va da
e
e
R
3.
5. T E ec e
Se e
4. C Ma age e
Ad a e f ca Se e DB
I f
Fig. 2: Records Validation and Storage
to the management server through the application with
the compound key. This combination is then hashed and
sent to create a private and public key pair. A public key
is distributed to users’ wallets (line 4). A user-specific
wallet is created in line 5 for using the public and private
keys. The newly created wallet is distributed to the user.
• Records Validation: Records validation refers validation
and issuance of submitted records from an assigned
instructor. This system is designed in such a way that
the administrator sets the role of every registered user.
For example, an instructor can submit the students’ exam
scores and other track records for a specific course. The
corresponding academic head (Validator) is responsible
for viewing, validating and finalizing the records. The
management server prepares the executed documents and
decides which data should be executed in BC and what
should be kept in the local server. Management servers
divide records into two categories, such as performance
records and general records. The performance records
carry academic achievements, which are executed in
BC, and general information (i.e., course details, utility,
library record, etc.) stored in the management server.
As we know, Blockchain suffers scalability issues, so
we have avoided storing every local record to store in
Blockchain. The whole procedure is being illustrated in
Figure 2. The instructor (1) sends a request for validation
of his submitted records along with his unique ID (UID)
and validator details to the application. The application
(2) collects the validator details from Management server
and (3) forwards the request to the validator. The validator
verifies (4) instructors information against the course
enrollment data from identity and fact data stored in
the local cloud storage. The validator then signs the
records and executes them to the server (5). Finally, the
server prepares the transaction proposal for BC network
and forward to application, if it is performance record;
otherwise, it is stored in its local database. Application
executes the proposal to BC network (7) and Blockchain
does its own process for further validation and storing it
to ledger. Finally the app will notify the instructor (8).
BC requires ample space and will be very costly to store in BC. In
addition, considering the scalability of the BC network, it is
best to hold such heavy data in off-chain storage. Furthermore,
considering the security issue of the credentials, we have
Ne
proposed to store the hash of the credentials in a BC ledger
B c cha
that protects the certificate from forking info. In the proposed
framework, the management server maintains the off-chain
storage [17].
Q e
C. Blockchain Network
Re e Blockchain network comprises a typical DLT supported P2P
network. A private Blockchain network consists of multiple
peers as core components of the network, Certificate Authority
(CA), and Orderer. Peers are interconnected and also linked
with CA, and Orderer serves ordering services of all connected
peers. Every peer holds smart contracts for validating and
approving valid users agreement which is known as consensus.
Peers are also responsible for maintaining every committed
transaction in a sequential chain called Blockchain or ledger.
CA provides secure communication and authentication certifi-
cates to different network components, including management
server and application and off-chain storage. CA verifies the
credential (certificates) for any transactions forwarded from
the management server and issues a pass to execute in the BC
network. The management server is responsible for validating
the end-user (e.g., instructor, students, etc.) and carrying the
transaction to the BC network on behalf of users. Hence, the
BC network serves many education organizations for the same
services and employers. Every organization is linked with the
BC network with agreements (smart contracts). According to
the smart contract, during transaction execution, such as query
through management server or other employer organization is
responded.
IV. E VALUATIONS AND D ISCUSSION
Application is implemented using nodeJS and uses JSON
as payload. Cloud-based webserver (i.e., management server)
provides the front-end services, allowing the participants to
use their devices like smartphones, laptops, desktops, etc.
The management server store only the general information;
on the other hand, the core sensitive data is stored in the
Blockchain ledger. Blockchain network is implemented using
Hyperledger fabric in docker platform. To connect the front-
end web application with the blockchain network, we use
gPRC() REST API and smart contract written in Javascript.
The system with Core-i7, 2.7GHz, 16GB Ram, and 512GB
SSD has been used for the implementation.
Figure 3 presents the different view of credentials. It demon-
strates the sample output at employer end and Blockchain
storage. Figure 3a demonstrate the credential (i.e., diplo-
ma/certificate) images that the employer can ask to ensure
the authentication of the certificate. The certificate images are
retrieved from off-chain storage. Here credential images are
shown as an example, and other academic achievements can
be added with this evaluation system. Figure 3b shows the hash
 (a) Credentials Front-view from Employers End
Fig. 3: System Output Template
of credential images that are stored in the BC ledger. As it is
immutable, nobody can fork the certificate’s information. If
off-chain storage compromises the security and changes the
certificate’s information, the hash stored in the Blockchain
ledger will be mismatched and denied the query result.
A. Privacy and Security
The proposed system is designed to overcome the global
credential verification and authentication, time-consuming and
costly process. Furthermore, it ensures security requirements:
integrity, confidentiality, authentication, access control, avail-
ability, and non-repudiation. The following issues prove the
effectiveness of the proposed system.
• Data stored in the Blockchain cannot be modified once
registered due to its immutability. As a consequence,
integrity is achieved while at the same time only core
sensitive information is saved on the chain. Academic
digitized documents are stored in off-chain encrypted
with a secret key which protects intruders. Even if the
issuer and administrator are compromised, credential in-
formation cannot be changed as a Blockchain ledger.
• Information exchanges, like any other networked system,
must be done across secure channels. Therefore, the
security of the Blockchain nodes and their interface with
educational institution access points must be securely
guarded.
• Only authorized third-party verifiers can access informa-
tion to confirm or recover educational data, and every
operation is tamper-proof stored in the system to ensure
responsibility.
• Only recognized entities and organizations are allowed
to be part of the private Blockchain. However, every
organization is allowed for transactions as a chain code
agreement.
• Blockchain replicates information by design, and avail-
ability is a fundamental element that overcomes the
single-point-failure issue.
(b) Credentials Record View in Blockchain
V. C ONCLUSION
Credential fraud is far from being over. The combat meth-
ods, especially in the paper model, proved to be quite inef-
fective. Digital degrees have grown due to digitization, but
they do not provide students with enough privacy to feel
comfortable freely disseminating their credentials. Moreover,
the security mechanism of the storage of academic records is
vulnerable nowadays. The disruptive technology of Blockchain
allows for a breakthrough in distribution while also ensur-
ing that data is protected from tampering. Furthermore, the
technology’s anonymity level is achieved by recording only
the hash records on the Blockchain, making the solution less
vulnerable to data leaking than digital certificate alternatives
that do not use Blockchain. We have appropriately utilized
the blockchain technology during the development of this
application in which it was possible to operate issuance,
storage, shares, and verification of academic credentials. The
proposed system allows to reliably store and secure access of
a third party to any academic record without compromising
personal data privacy. On the other hand, the system layout,
based on a set of Blockchain, enhances the performance and
scalability of the system.
ACKNOWLEDGEMENT
Dr. Sujit Biswas is the corresponding authors of the paper.
The work of Sujit Biswas was supported by Information and
Communication Technology Division, Ministry of Post and
telecommunication, Bangladesh.
R EFERENCES
[1] R. Mukta, J. Martens, H.-y. Paik, Q. Lu, and S. S. Kanhere, “Blockchain-
based verifiable credential sharing with selective disclosure,” in 2020
IEEE 19th International Conference on Trust, Security and Privacy in
Computing and Communications (TrustCom), 2020, pp. 959–966.
[2] hcondon, “The true cost of a paper-based document management pro-
cess,” 2020, Accessed: 15 April’ 2021.
 [3] Nitro, “7 facts that will make you rethink document
management,” Accessed: 15’July 2021. [Online]. Avail-
able: https://www.gonitro.com/blog/2015/05/7-facts-will-make-rethink-
document-management/
[4] S. Melo, “8 disadvantages of paper document management
system,” 2019. [Online]. Available: https://mydatascope.com/blog/en/8-
disadvantages-of-paper-document-management-system/
[5] G. Hollander, “[infographic] 18 startling in-
formation management statistics,” 2019. [Online].
Available: https://resources.m-files.com/blog/infographic-18-startling-
information-management-statistics-3
[6] “The paperless office and document management.” [Online]. Avail-
able: https://learn.ademero.com/infographic-paperless-office-document-
management-statistics/
[7] O. Ghazali and O. S. Saleh, “A graduation certificate verification model
via utilization of the blockchain technology,” Journal of Telecommuni-
cation, Electronic and Computer Engineering, vol. 10, pp. 29–34, 2018.
[8] S. Biswas, K. Sharif, F. Li, B. Nour, and Y. Wang, “A scalable blockchain
framework for secure transactions in iot,” IEEE Internet of Things
Journal, vol. 6, no. 3, pp. 4650–4659, 2019.
[9] “Openkm review.” [Online]. Available:
https://comparecamp.com/openkm-review-pricing-pros-cons-features/
[10] “Electronic document management system.” [Online]. Available:
https://www.logicaldoc.com/solutions/document-management
[11] J. Sanders, “Data breaches increased 54% in 2019 so far,” August 2019.
[Online]. Available: https://www.techrepublic.com/article/data-breaches-
increased-54-in-2019-so-far/
[12] J. Cheng, N. Lee, C. Chi, and Y. Chen, “Blockchain and smart contract
for digital certificate,” pp. 1046–1051, 2018.
[13] A. Gayathiri, J. Jayachitra, and S. Matilda, “Certificate validation using
blockchain,” pp. 1–4, 2020.
[14] S. Sunitha kumari and D. Saveetha, “Blockchain and smart contract for
digital document verification,” pp. 1–4, 2018.
[15] Y. Perwej, N. Akter, and F. Parwej, “A technological perspective of
blockchain security,” vol. 9, no. November, pp. 1–4, 2018.
[16] OECD, The Well-being of Nations, 2001. [Online]. Available:
https://www.oecd-ilibrary.org/content/publication/9789264189515-en
[17] S. Biswas, K. Sharif, F. Li, I. Alam, and S. Mohanty, “DAAC: Digital
asset access control in a unified blockchain based e-health system,” IEEE
Transactions on Big Data, pp. 1–1, 2020.