Professional Documents
Culture Documents
ACC Blockchain Based Trusted Management
ACC Blockchain Based Trusted Management
ACC Blockchain Based Trusted Management
Academic Credentials
Md. Suman Reza Sujit Biswas1 Abdullah Alghamdi
Computer Science and Engineering Dept. Computer Science and Engineering Dept. Information System Dept.
Faridpur Engineering College, Bangladesh Faridpur Engineering College, Bangladesh Najran University , Saudi Arabia
suman.reza@fec.ac.bd sujitedu@fec.ac.bd abdulresearch@hotmail.com
Abstract—Justification of authenticity of academic credentials Human Resource Department(HRD) rarely bothers to re-
is a very clumsy task from a global perspective. For digital view applicants’ educational records due to lack of credentials
certificates to be widely accepted requires secure verifications of details and asked for Curriculum Vitae (CV) as an additional
the issuer, credential holders, and secure data sharing. Physical
verification and a traditional centralized digital system are document. Moreover every paper certificate is vulnerable to
entirely viable for the current era. This paper proposes ACC, a counterfeiting. In most cases, the quality of forged certificates
blockchain-based Academic Credentials Chain(ACC), for global is practically the same as the original owing to the high-
authenticity verifications and sharing. The proposed system tech printing and photocopying machines. [7] Technological
recognizes from a credential who is certifying whom. In the advancement has made it extremely easy to make a counterfeit
proposed Blockchain network, a decentralized application allows
users to store their credentials data privately. The evaluation certificate. From a global perspective, it is not straightforward
results in proof of the feasibility, security and exhibits the level to justify the authenticity of such records. Considering the
of performance. limitations leading institutions are trying to migrate typical
Index Terms—Blockchain, E-Health Systems, Digital Assets, management to digitized certifications systems. Digital creden-
Access Control. tials promise to make education more relevant by documenting
I. I NTRODUCTION learning to empower people to plan, track, and share their
accomplishments in a secure and verifiable way. Digital man-
Credential (i.e., certificate, diploma) is a piece of any
agement starts with the conversion of typical credentials into
document that details a qualification, competence, or authority
digitized images. Such electronically converted (i.e., scanned
issued to an individual by a third party with a relevant authority
), a high-resolution digital copy is stored in a centralized server
or assumed competence to do so. Sharing credentials is a secu-
along with indexed information such as reference number, who
rity and privacy concern [1]. Academic credentials signify and
belongs to, date created, and other academic achievements.
provide information about who, issuing institution, the course
Such a traditional credentials management system primarily
title, and the average result. Paper-based typical document
uses a client-server system where files are stored locally or on
management faces many difficulties such as security of storage
cloud-based servers. Electronic records management using this
space, security issues (i.e., losing, damage, mishandled, wrong
centralized system carries a substantial security risk in various
spelled, etc.), high cost, authentication justification, etc. These
ways, such as hacking by intruders, confidential company
manual processes often turned out to be inefficient, error-
information may end up in the wrong hands, etc. In addition, a
prone, and time-consuming, but still, that was the overall
centralized electronic records management system poses risks
process in the absence of any other option. Statistics state that
of a single point of failure, data security, data forking, etc.
the average employee uses 10,000 paper sheets in a year, 14%
It is also very challenging to allow restricted access of multi
of which is unnecessary [2] where workers spend an average of
parties (i.e., employers) without compromising privacy.
50% of their time creating and preparing documents [3]. Hard
Distributed Ledger Technology (DLT) is becoming an im-
document based account issuing for more than 21% of daily
portant new direction to meet up the above challenges. It
productivity loss [4]. 65% of staff experience challenges when
allows to significantly reduce costs and enhance security where
checking and approving office documents. 86% of employees
there is a need for reliable and unchangeable documents.
say that they usually experience difficulty searching for office
Moreover, it eliminates the involvement of a third party that
files when they need it [5]. Companies spend an average of
reduces the cost and processing time where employers can
$20 to file and store paper documents [6]. 1
get secure access. As a well-known DLT, Blockchain is the
1 Sujit Biswas is the corresponding Author best choice for the applications. Blockchain is highly secure
because of its immutable ledger, while decentralized data there is no mechanism to store the certificate image in any
storage ensures data security. Peer-to-Peer (P2P) back-end net- storage area. Also, the admin registration mechanism is not
works approve every transaction using consensus technology clear here. In [14], the authors designed a Blockchain-based
that enhances security one step more [8]. Smart contract- digital document verification that allows degree certificate and
based user-specific access control policy creates the best-fitted testimonial verification. It allows verifying the uploaded file
technology for the credential management application. of users by the authorized authority (i.e., school or university,
This article contributes a blockchain-based credential man- etc.) Their solutions suggest delivering the documents to a
agement framework that stores traditional paper-based cer- third-party system for verification. Unfortunately, the third
tificates in a distributed ledger. Besides certifications, it also party may compromise the records as well. Our proposed
provides testimonials of a student, which is more important architecture allows direct access of faculties to update the
for employers to justify track records. Furthermore, the con- regular records that create an extensive information system
tribution allows multi-users access based upon rights that will for the alumni students. Moreover, we have designed the
play a significant role in the production environment in the architecture for best utilized for private Blockchain, which
following ways. overcomes the state-of-art challenges.
• Eliminates the third party for document verification that
cut off the cost. B. Background Studies
• The documents are securely placed that only authorized
persons can access. Blockchain(BC) started its journey as a decentralized, dy-
• Data becomes unalterable. It is practically impossible to
namic new technology introduced with bitcoin (a public BC)
hack. in 2009. This technology is not only a single technique, it
is a combination of many techniques such as cryptography,
II. R ELATED W ORKS AND BACKGROUND mathematics, algorithms and distributed consensus algorithms
[15]. Like an old fashion account book, a decentralized ledger
A. Related Work only adjusted to computer specifications that can send files
OpenKM [9], a web-based document management system or blocks of information to all participating computer nodes
store and manage their files and document using a cloud- in a shared activity, bitcoin, banking, or e-government. In
based system. It synchronizes with other devices and allows Blockchain, data is distributed over many computers (nodes).
access to files anytime and anywhere. LogicalDOC uses a It is harder to hack than centralized networks because each
web-based user interface for file sharing, setting security node receives the same information, and any tampering is
roles, and finding and auditing enterprise records and registers transparent to all nodes. Moreover, information once entered
[10]. These systems can improve efficiency by organizing all is permanent and cannot be changed or removed. Each block
of our files and making them accessible for anyone in the is identified with a hashtag that is signed and dated. If a
organization to find. It also provides some essential features correction is entered, it appears next to the original entry.
like time savings, easy scaling, quick and easy document Therefore, the issues of revision and update still need to be
retrieval, better regulatory compliance, and improved collabo- addressed. Nowadays, without changing the basic principle
ration. Data security is a vital part nowadays. As we have seen, of BC, due to security reasons, commercial and industrial
all these systems are cloud-based, and a third party handles applications are going to be migrated in private Blockchain
everything. As a result, valuable data may be compromised. In where only authorized users are eligible to access the data.
2019, reports TechRepublic, the number of breaches increased According to [16] academic credentials are significant as they
by 54%, 89% of which were outside attacks [11]. Jiin-Chiou serve as an indicator of the human capital of their bearers. So
Cheng et al [12] developed a decentralized application and any fraud regarding this issue may cause a severe problem.
designed a certificate system based on Ethereum blockchain Blockchain-based management of such credentials can ensure
to avoid counterfeiting certificates. The system first generates security and faster service as well as minimize the cost.
the electronic file of a paper certificate and then stores the hash
value created for the certificate in the Blockchain system. The III. S YSTEM A RCHITECTURE
authenticity of the paper certificate is ensured by creating a
related QR-code and inquiry string code to affix to the paper The architecture shown in Figure 1 comprised of three
certificate. The system saves on paper, cuts management costs, sections such as Application section, Management section,
prevents document forgery, and provides accurate and reliable and Blockchain Section. The application section presents a
digital certificates. However, risks exist because private data front-end application interacting with management server and
is released on a public Blockchain. A. Gayathiri et al. [13] Blockchain network. Overall architecture provides support for
proposed a solution to the problem of certificate forgery based academic record management. Records might be two types
on Blockchain technology. The system converts the paper such as 1) academic achievements 2) certificates or diploma.
certificates into digital certificates and stores the hash value Academic achievements is recorded through instructors and
of the digital certificate. Finally, use a mobile application to certificates might be issued a scanned version or system
validate the certificate. Still, it is in public Blockchain, and generated version.
Ma age e Se e
I c
E d e
I e
S de
Ad Off-c a S age B c c a Ne
have been illustrated in the next section. sponsible for unique identity generation for every user,
The application connects with peers with the help of the including students. Algorithm 1 presents the identity
Application Programming Interface (API) to access the ledger registration and enrollment process, which is the crucial
and chaincode. API allows the application to invoke chaincode, stage for being a member of the network to get access to
generate transactions, and execute a transaction to the network. the Blockchain network. As academic institutions hold
The invocation result is returned to the application after com- sensitive academic data, it is important to ensure the
pleting the process such as ordering, validation, and commit access of the right person. In the proposed system, we
to the ledger. Finally, the application executes chain codes use a compound key in combination with the user’s
to query or update a ledger. Application is also linked with biometric data, personal id assigned by the organization,
off-chain storage, which is responsible for storing certificate and secret key. The user executes the registration request
images. In addition, the application interacting with the man-
agement server provides the interface to process organization-
Algorithm 1: User Registration
level data, such as class test scores, student’s semester-specific
achievements, etc. Input : (BioID, InsID, Pass) as registration request
Output: A newly registered user Un
1 Uid ← createU serId();
B. Management Section
2 Kcompound ← hash(BioID, InsID, P ass);
The management section comprises an organizational server 3 (Kpub , Kpr ) ← generateKeys(setInf o);
and off-chain storage. The server maintains web application 4 Kpub → ∀Uwallet ;
space and other identity management and registration pro- 5 Un
W allet
← createBlockChainW allet(Kpub , Kpr );
cess. Off-chain storage is responsible for storing credentials’ 6 Un ← distributeW allet(n, Un
wallet
) |Un ∈ UN ;
scanned or soft images.
1. a da Re e 2) Off-chain Storage: As the certificate is an image, it
C e 7. T . E ec e BC requires ample space and will be very costly to store in BC. In
A
8. N f ca
addition, considering the scalability of the BC network, it is
best to hold such heavy data in off-chain storage. Furthermore,
BC
e
I c da
De a
considering the security issue of the credentials, we have
Va
Ne
6.P e a e T f
proposed to store the hash of the credentials in a BC ledger
f
2. Ge Va da
e
B c cha
that protects the certificate from forking info. In the proposed
e
R
3.
4. C Ma age e Q e
C. Blockchain Network
Ad a e f ca Se e DB Re e Blockchain network comprises a typical DLT supported P2P
I f
network. A private Blockchain network consists of multiple
Fig. 2: Records Validation and Storage peers as core components of the network, Certificate Authority
(CA), and Orderer. Peers are interconnected and also linked
with CA, and Orderer serves ordering services of all connected
to the management server through the application with peers. Every peer holds smart contracts for validating and
the compound key. This combination is then hashed and approving valid users agreement which is known as consensus.
sent to create a private and public key pair. A public key Peers are also responsible for maintaining every committed
is distributed to users’ wallets (line 4). A user-specific transaction in a sequential chain called Blockchain or ledger.
wallet is created in line 5 for using the public and private CA provides secure communication and authentication certifi-
keys. The newly created wallet is distributed to the user. cates to different network components, including management
• Records Validation: Records validation refers validation server and application and off-chain storage. CA verifies the
and issuance of submitted records from an assigned credential (certificates) for any transactions forwarded from
instructor. This system is designed in such a way that the management server and issues a pass to execute in the BC
the administrator sets the role of every registered user. network. The management server is responsible for validating
For example, an instructor can submit the students’ exam the end-user (e.g., instructor, students, etc.) and carrying the
scores and other track records for a specific course. The transaction to the BC network on behalf of users. Hence, the
corresponding academic head (Validator) is responsible BC network serves many education organizations for the same
for viewing, validating and finalizing the records. The services and employers. Every organization is linked with the
management server prepares the executed documents and BC network with agreements (smart contracts). According to
decides which data should be executed in BC and what the smart contract, during transaction execution, such as query
should be kept in the local server. Management servers through management server or other employer organization is
divide records into two categories, such as performance responded.
records and general records. The performance records
carry academic achievements, which are executed in IV. E VALUATIONS AND D ISCUSSION
BC, and general information (i.e., course details, utility, Application is implemented using nodeJS and uses JSON
library record, etc.) stored in the management server. as payload. Cloud-based webserver (i.e., management server)
As we know, Blockchain suffers scalability issues, so provides the front-end services, allowing the participants to
we have avoided storing every local record to store in use their devices like smartphones, laptops, desktops, etc.
Blockchain. The whole procedure is being illustrated in The management server store only the general information;
Figure 2. The instructor (1) sends a request for validation on the other hand, the core sensitive data is stored in the
of his submitted records along with his unique ID (UID) Blockchain ledger. Blockchain network is implemented using
and validator details to the application. The application Hyperledger fabric in docker platform. To connect the front-
(2) collects the validator details from Management server end web application with the blockchain network, we use
and (3) forwards the request to the validator. The validator gPRC() REST API and smart contract written in Javascript.
verifies (4) instructors information against the course The system with Core-i7, 2.7GHz, 16GB Ram, and 512GB
enrollment data from identity and fact data stored in SSD has been used for the implementation.
the local cloud storage. The validator then signs the Figure 3 presents the different view of credentials. It demon-
records and executes them to the server (5). Finally, the strates the sample output at employer end and Blockchain
server prepares the transaction proposal for BC network storage. Figure 3a demonstrate the credential (i.e., diplo-
and forward to application, if it is performance record; ma/certificate) images that the employer can ask to ensure
otherwise, it is stored in its local database. Application the authentication of the certificate. The certificate images are
executes the proposal to BC network (7) and Blockchain retrieved from off-chain storage. Here credential images are
does its own process for further validation and storing it shown as an example, and other academic achievements can
to ledger. Finally the app will notify the instructor (8). be added with this evaluation system. Figure 3b shows the hash
(a) Credentials Front-view from Employers End (b) Credentials Record View in Blockchain
Fig. 3: System Output Template