Trust Certification System: Safeguarding Academic Integrity with Blockchain

Sergio Sánchez Sánchez
12 min readSep 12, 2023

--

In the expansive realm of academia, certificates stand as beacons of achievement and unwavering dedication. However, in the digital age, a lurking threat emerges: certificate forgery. This is where the Trust Certification System (TCS) steps in as a robust solution, combining the might of blockchain with an intuitive decentralized application (DApp). In this exhaustive exploration, let’s delve into the core of the TCS DApp, unraveling its intricate technological architecture and emphasizing its steadfast commitment to preserving the authenticity of academic certificates.

TCS offers a simple system that eliminates paper traffic and complex operating procedures. Allows the creation of unique certificates, immediately verifiable and unfalsifiable for all types of academic diplomas.

TCS uses Blockchain technology in order to provide inviolability, immutability and easy verification for all your certificates. This platform guarantees students and certificate authorities the possibility of issuein a digital and unforgeable version of their certificates and it is guaranteed that any interested third party can verify their integrity.

A Certification Authority and a Student reach an agreement in order to issue a certificate on the platform, this certificate is generated, signed and stored using cryptographic techniques. After that, the Student can go to any other institution and share their certificate, whose veracity can be verified directly on the platform without having to contact the institution that issued it again

Why Blockchain Technology?

The Blockchain technology is a new technology that appeared in 2008 that allows information to be recorded with guarantees of originality and security never possible before. It is based on a cryptographic system that allows the issuers to be irrefutably identified and that guarantees the immutability of the information.

The application of this technology in this context makes it possible to create a new sort of qualification that is more reliable, transparent, economical and faster. Its ability to guarantee the identity of the certification authority of the certificate represents a paradigm shift that is already beginning to revolutionize the sector.

The implementation of the blockchain network means that there are many copies of the information, all of them necessary and absolutely identical. This makes fraud impossible, and also guarantees the survival of the certificates issued by the certification authority, even though that said Institution disappears. The certificates thus issued are perennial and immutable.

Taking into account all of this, blockchain technology can hasten the end of the paper certification system. Until now, the use of digital certificates had been paralyzed due to the ease with which they could be forged. Blockchain provides organizations with a way to issue digital certificates that are unalterable and valid in perpetuity, since their authenticity can be checked against the system itself. Certificates are transferred as a token on the blockchain and are always available. These advantages over current systems significantly increase the value proposition of digital certificates, possibly leading to their widespread use.

Trust Certification System Platform Objectives

The Trust Certification System (TCS) platform stands with a clear vision and defined objectives that set the course towards a more reliable and efficient academic ecosystem. The following objectives encapsulate TCS’s core mission and its commitment to academic integrity:

  1. Eradicating Certificate Forgery: TCS’s primary goal is to eliminate the possibility of academic certificate forgery. By leveraging blockchain’s immutability and decentralized verification, the platform ensures that every issued certificate is authentic and tamper-proof.
  2. Simplifying Verification and Validation: TCS aims to streamline the processes of certificate verification and validation. By providing an instant solution for verifying certificate authenticity, TCS reduces the administrative burden on educational institutions and offers employers a reliable way to verify candidate credentials.
  3. Facilitating Certificate Issuance: The platform strives to simplify the certificate issuance process for educational institutions. Through the automation of issuance operations and the use of smart contracts, TCS reduces manual workload and eliminates human errors in certificate issuance.
  4. Promoting Transparency and Trust: TCS is committed to fostering transparency in the certificate issuance and validation process. By utilizing blockchain and decentralized technologies, the platform ensures that each step of the process is traceable and verifiable, promoting trust among all stakeholders.
  5. Establishing a Digital Certification Standard: TCS aims to establish a globally recognized digital certification standard. By providing a secure and verifiable digital format for certificates, the platform contributes to the creation of a standard that transcends borders and educational systems.
  6. Driving Innovation in Education: By offering an innovative technological solution for certificate management, TCS aims to inspire educational institutions to adopt advanced technologies in their operations. The platform stands as a catalyst for change, driving innovation in the education sector.
  7. Protecting Student Privacy: TCS values student privacy and is committed to safeguarding their personal data. By employing encryption and decentralization technologies, the platform ensures that sensitive information remains secure and accessible only to authorized parties.

TCS-signed, self-generated certificates, securely stored in a private Blockchain

Benefits for students, certification authorities and third parties

Students

  • Comfortable system to share and validate certificates
  • Really easy to use, students can request new certificates through a couple steps.

Certificate Authorities

  • Eliminate the possibility of forging certificates.
  • Fast certification process.
  • Cheaper process, we use our own monetary system based on ERC 20 tokens.
  • It stick off as an innovative and avant-garde institution.
  • Provides greater value for students.
  • Preserves the prestige of the certificaction authority by ensuring the veracity of the certificates.

Third parties such as companies or other verification institutions.

  • Ability to verify candidates’ qualifications through a secure, fast and free system for the verifier.
  • Safer selection processes that enable economic savings derived from hiring errors.

Understanding the Technologies Behind Trust Certification System: A Closer Look

Delving into the inner workings of the Trust Certification System (TCS) reveals a harmonious interplay of technologies, each contributing to the platform’s robustness and efficacy. This section will demystify the technical landscape of TCS, providing a simplified overview of how these technologies interact to safeguard academic certificates.

  1. Blockchain: The Immutable Foundation

At the heart of TCS lies the blockchain — a distributed and immutable ledger that records every certificate-related transaction. It acts as an unalterable archive, thwarting attempts at tampering or falsification. Each certificate issuance, verification, and validation is securely recorded on the blockchain, ensuring transparency and traceability.

  1. Smart Contracts: Automated Gatekeepers

Smart contracts are self-executing contracts with predefined rules. In TCS, they automate critical processes. When a certificate is issued, a smart contract generates a unique digital certificate token and records it on the blockchain. This contract also stipulates conditions for verification, enabling instant confirmation of a certificate’s authenticity.

  1. Kafka: Seamless Data Streaming

Kafka, the data streaming platform, facilitates smooth communication between TCS components. It ensures that data flows seamlessly between smart contracts, the private Ethereum blockchain, and the MongoDB database. This real-time exchange of information guarantees rapid responses even during high demand periods.

  1. Private Ethereum Blockchain: A Fortified Citadel

TCS operates within a private Ethereum blockchain network, isolating it from public networks and enhancing security. The private blockchain validates transactions swiftly, providing a foundation for secure certificate issuance and verification.

  1. TCS Token (TCS): A Key for Interactions

The TCS token serves as the universal key for interactions within the platform. Using Ethereum’s ERC-20 standard, the token simplifies processes like fee payments for issuing certificates and enables seamless engagement with the TCS ecosystem.

  1. MongoDB: Safekeeping Authenticity

MongoDB, a NoSQL database, ensures the integrity of certificate records. All transactions and certificates are stored in MongoDB, forming a tamper-proof repository. This database acts as a digital vault, preserving the authenticity of certificates and transaction history.

  1. IPFS: Secured Data Storage

IPFS, or InterPlanetary File System, manages secure and decentralized storage of certificates and associated files. IPFS ensures that files are accessible from multiple nodes, enhancing durability and availability.

The Synchronized Dance of Technologies: A Unified Experience

These technologies are more than just cogs in a machine — they form a synchronized dance that upholds the authenticity and security of academic certificates. As a certificate is issued, smart contracts interact with Kafka to record the transaction on the private Ethereum blockchain. Simultaneously, MongoDB stores the certificate data, ensuring its authenticity. IPFS secures associated files, while the TCS token eases interactions throughout this process.

In conclusion, the Trust Certification System seamlessly integrates these technologies to create an ecosystem that assures academic certificate integrity. This interwoven tapestry of blockchain, smart contracts, Kafka, private Ethereum, TCS tokens, MongoDB, and IPFS results in a platform that not only guards against certificate forgery but also paves the way for a new era of trust and transparency in the academic realm.

Architecture overwiew

  • HashiCorp Vault: Secures, stores and tightly controls access to user wallets.
  • OpenLDAP: Stores the information of the platform administration users.
  • MongoDB: Storage of platform information and metadata.
  • MongoDB Express: It allows us to view and manage the information stored in MongoDB, it is widely used for the purposes of validation and checking the status of the information.
  • Grafana: It allows us to view real-time metrics of the performance of the platform components, collects information from the Prometheus database.
  • akhq.io: It allows us to view the information stored in the Kafka topics, it is a very useful tool for the purpose of validating the messages stored in each topic.
  • Kafka: Central and key element of the architecture, it offers the necessary support to implement a robust and efficient messaging flow.
  • IPFS private swarm: Distributed and secure storage of digital certificates
  • Private Ethereum network: Decentralized application designed to guarantee the transparency, traceability, security and truthfulness of the certificates issued by certification authorities.
  • PayPal: Gateway that allows the purchase of ETH on the platform.
  • Firebase Cloud Messaging: Offers a robust and easy-to-implement service for notification delivery to registered devices.
  • Spring Cloud Config Server: Server-side and client-side support for externalized configuration in a distributed system.
  • Spring Boot Blockchain Monitoring Service: Recording events from the blockchain network.
  • Spring Eureka Discovery Service: Eureka instances can be registered and clients can discover the instances using Spring-managed beans.
  • Spring Boot API Gateway: Microservice that acts as a front for the rest of the clients, offers a wide API and implements the necessary security rules to control access to certain resources.
  • Spring Boot Notification Events Processor: Microservice responsible for notification delivery.
  • Spring Boot Certificate Events Processor: Microservice responsible for the generation and registration of certificates.
  • Spring Boot User Events Processor: Microservice responsible for user management.
  • Spring Boot Course Events Processor: Microservice responsible for the management of certification courses.

Several things to be consider.

Below I would like to list several important implementation details:

  • For each user registered on the platform (except users with the role of checker), a wallet will be generated to be able to operate with smart contracts.
  • The secrets of the wallets are stored in the HashiCorp Vault, the wallet hash must be provided in order to get the wallet credentials to be able to interact with smart contracts
  • Each Certification Authority registered on the platform will be managed by a user account, which will also be able to register additional members (CA Members) so that they work on behalf of the entity and can register certification courses, validate certificate requests, etc.
  • Each user registered on the platform will receive an initial income in ethers and TCS ERC20 tokens to cover the initial registration costs.
  • The members of the certifying entity may register several editions for the same course with a different certificate generation cost.
  • Each edition of a certification course may require that the certificate be renewed after a while, it is possible to define the cost of certificate renewal.
  • For each certification course it is possible to define an attendance control policy, in such a way that users will only be able to request achievement or attendance certificates when they have reached the minimum percentage of attendance.
  • Students and users members of a certification authority may acquire new ERC20 TCS tokens to carry out transactions such as certificate generation, registration of certification courses, for the purchase will be made through a PayPal gateway.
  • Any request related to a certification generation request must be accepted or rejected by a user who is a member of the certification authority to which the certification course belongs. At the time of acceptance, the certification will be generated, stored on the IPFS network, and their information (file signature hash, base58 IPDS id) will be stored at certification smart contract in the blockchain. Users involved in the process will receive notifications about the status of the request.
  • Platform administrator users will be authenticated against an OpenLDAP server, they will have sufficient permissions to manage certification authorities and other privileged operations.
  • Each certificate contains a QR code that stores its encrypted identifier. Reading this payload will allow validation of the certificate on the platform.

Using the Ethereum NetStats dashboard we can visualize the state of the nodes that make up the blockchain network, more specifically we can deduce relevant information such as: the speed of mining, the difficulty established for the generation of blocks, the level of consensus of the network

If it is necessary to obtain specific information for a mined block, we can use the Ethereum Lite Explorer tool to obtain all the relevant information related to the block.

The private blockchain network is made up of 7 nodes, 2 of these nodes are mining nodes that will be responsible for generating the blocks.

The deployment and set-up of the contracts has been carried out through Remix IDE, using a MetaMask account it is possible to make the necessary configurations

Extinguishing the Specter of Certificate Forgery

The goals of the TCS DApp mirror the aspirations of academia:

  • Champion of Academic Trust: By harnessing blockchain’s immutability, the DApp repels efforts to forge certificates, fostering an environment of unwavering academic honesty.
  • Accelerated Verification: Through the TCS DApp, certificate verification occurs in an instant, freeing educational institutions and students from prolonged verification processes.
  • Innovative Sustainability: The DApp’s ingenious faucet mechanism generates ETH revenue, ensuring its sustainability while facilitating seamless certificate issuance.

Guiding Academia toward an Enriched Future

The influence of the TCS DApp extends beyond its present impact:

  • Pioneering a Verification Renaissance: The DApp leads the charge in cross-institutional verification, cultivating trust without compromising data privacy.
  • Establishing Universal Standards: As digital certificates gain prominence, the DApp lays the groundwork for standardized certificate formats, promoting uniformity across diverse educational domains.

A Promise Unveiled: The DApp’s Symphony of Impact

Amid the era of digital transformation, the TCS DApp emerges as an unwavering defender of academic integrity. By melding blockchain security with a meticulously designed DApp architecture, TCS redefines certificates, transforming them into emblems of resolute trust. The TCS DApp stands as a beacon of innovation, guiding academia toward a future where educational achievements are not only safeguarded but also celebrated, unequivocally.

Used technology.

  • Spring Cloud Starter Config.
  • Spring Cloud Starter Netflix Eureka Client.
  • Spring Cloud Stream.
  • Spring Cloud Starter Stream Kafka.
  • Spring Boot Jasypt.
  • Spring Boot Starter Actuator.
  • Micrometer Prometheus registry.
  • Spring Cloud Config Monitor.
  • Spring Vault Core.
  • Spring Ldap Core.
  • Spring Boot Starter Data MongoDB.
  • Spring Boot Starter Data Redis.
  • Spring Boot Starter Web.
  • Spring Boot Starter Security.
  • Spring Boot Starter Mail.
  • Spring Boot Starter Thymeleaf.
  • Apache POI / PdfBox / Docx4j.
  • Web3j.
  • PayPal Checkout Sdk.
  • Java IPFS Http Client.

This is it. I have really enjoyed developing and documenting this little project. Thanks for reading it. I hope this is the first of many.

If you are interested in the complete code, here is the link to the public repository:

--

--

Sergio Sánchez Sánchez

Mobile Developer (Android, IOS, Flutter, Ionic) and Backend Developer (Spring, J2EE, Laravel, NodeJS). Computer Security Enthusiast.