Certified for Life — International exchange & authentication of diplomas via blockchain
Student & labor mobility are well established within Europe. For example, in 2015 about 1.6 million students were undertaking tertiary level studies in a foreign country, across the EU-28 . When doing this, students need to present their diploma such that the admission requirements can be checked. Likewise, employees should show their diplomas to proof their qualifications when applying for a job.
No European authentic diploma database
In this era of increased student & labor mobility, we should be able to easily obtain a cross-country overview of one’s diplomas and to check the authenticity of these diplomas. Keep in mind also that diploma fraud is still a current issue, and in many cases even go unnoticed. However, a European central authentic diploma database does not exist. Even within Belgium, there is no one central solution. In Flanders, the LED is used as the authentic source, but there is no equivalent in Wallonia. In the end, the schools are contacted to confirm the authenticity of a diploma, which means a lot of administrative work. Furthermore, when going abroad, your diploma also has to be recognized, which can be a cumbersome process. Now, imagine for a second that you are a refugee, you have lost your paper diploma and your school doesn’t exist anymore. Imagine the administrative processes you face at that point . And let’s admit: even if you never go abroad for work or studies, managing your degree is an annoying process. You have to keep the actual inconveniently sized paper diploma, scan it and show it when needed (if you still know where it is at that moment). Let it be clear that there is a need for an easy way to authenticate diplomas and to exchange them across borders. Regional ad hoc solutions exist, but these are difficult to scale, and each has its limitations.
Certified for life solution
In assignment of Informatie Vlaanderen, AHOVOKS and la Fédération Wallonie-Bruxelles, TheLedger worked out a blockchain solution for this. We prototyped a decentralized system in which different governments and schools can join, and which enables their students to obtain their complete and authentic diploma profile and share it internationally.
“Blockchain solution” you said? Blockchain is an append-only distributed database, with on top of it shared business logic. This technology enables different parties to share data immediately without the need for a central administrator. With permissioned or enterprise blockchains, the data is only shared with certain parties, such that not just everybody can see and access the data. As such, a blockchain forms a decentralized system, maintained by a consortium of partners. The consortium will decide on the data and rules in the system and will decide which new partners can join. Of course, such a solution will only work if the consortium has a shared incentive. When the data is shared among all relevant stakeholders, this system could form a single source of the overall truth. All transactions are immutably logged within a blockchain, thereby offering build-in auditability and traceability. These aspects together ensure data integrity. Furthermore, a blockchain allows sharing not only data, but also business rules. This means that we could enforce certain rules over the network, and also enable inter-company automation.
The idea for the certified for life project is that the different governments together form a blockchain consortium. Together, they will be able to provide the civilians with a cross-country and authentic diploma profile. In countries where the government does not interfere with education, or in the case of private schools, the schools themselves could become part of the blockchain consortium. This idea is also visualized in Figure 1.
So different governments can together maintain a diploma blockchain, but which functionalities did we include? First, governments and school should be able to add diplomas to the blockchain. Governments will likely use batch processes to upload the data they already have in their regionally centralized system (i.e. in case such a system exists). Schools can then add missing diploma data manually (on demand), for example in the case of older diplomas. Civilians should be able to consult their diplomas and manage the visibility of individual diplomas. For sharing their diploma profile, the civilians can use access keys or access links. Different access links with different time frames can be created to distribute to different people. A third-party user can then consult this profile using the access link. When accessing the data, this anonymous user should provide a reason for accessing the data, since he is accessing personal data. The fact that the access link was used, will be reported to the individual concerned, together with the reason provided by the anonymous user, as shown in Figure 2. This way, we bring ownership back to the individual.
In the built prototype, schools have an overview of their students (i.e. of the diplomas obtained at that school), but they can also add possible future students and consult their profiles, if this student gave them permission (access key).
Furthermore, because different governments might use a different diploma standard, we followed the “bring-your own-standard” principle.
Of course, in a later stage, other functionalities could be added. Here are some examples:
- Include diploma supplements & transcripts of records. These documents provide additional valuable information which is for example also needed for the admission checks at schools.
- Include mappings (or even groupings) between diploma standards, which could mean a great deal for the automatization of diploma recognition and equivalence.
- Link the diploma profiles to the processes of study program registration and admission, allowing for further automation and acceleration of administration.
- Consider mergers and discontinuations of schools for reasons of governance.
- Include other learning institutions and certificates, in order to build complete resumes for individuals.
- Include accreditors and sworn translators.
Identification of civilians
There is an aspect we did not discuss yet, but which is of utmost importance for the diploma case. Governments and schools assign diplomas to individuals, and therefore they have to uniquely identify the individuals. However, each government knows its civilians by a unique identifier which is only known within that country. There is no such thing as a European national number. You could have a national number in more than one country (e.g. if you study abroad or if you have a double nationality), but no records are kept of their linking. Unfortunately, even the combination of your name, date of birth and place of birth is not unique. How to create a cross-country overview of one’s diplomas, if we do not have a unique way to identify people across countries? A solution is to let the civilians link their different national identifiers in the current system, whereby they have to sign this transaction digitally with both identifiers. We followed this idea for the prototype. A prerequisite for this is that civilians can digitally proof that a certain national identifier is theirs. This is in fact not that straightforward, since for example foreign students don’t usually get a national ID card in that foreign country. This problem could be alleviated with the eIDAS project, which will allow foreigners to identify themselves on governmental sites using their own national ID, which would then be translated to an identification number in that country.
Blockchain architecture & set-up
So different governments can share diploma data and functionality using the certified for life blockchain solution. However, what is often forgotten when thinking about blockchain, is that blockchain is a backend component: it forms a shared database and shared functionality but for example does not contain a front-end. Furthermore, it is up to each consortium partner to integrate its existing IT systems with the blockchain. As such, blockchain is only a piece of the puzzle.
Already existing regionally centralized diploma databases — such as the LED — can be synchronized with the blockchain. The consortium partners can also create user interfaces for other stakeholders: e.g. a front-end for civilians, and an API for schools. Figure 3 visualizes this architectural set-up. Of course, we did not implement the complete picture for the prototype, but enough to make the concepts and ideas clear. The set-up for our prototype is shown in Figure 4. The development was done on Hyperledger Fabric (HLF).
Advantages of the proposed solution
The proposed solution provides a cross-country diploma overview for civilians and creates a platform where the authenticity of diploma data can be checked. As explained above, ownership and ease of use for the civilian are central aspects of the solution (see also Figure 5): he can decide who can see his profile by creating access links or access keys, and he gets insight into all actions done on his profile.
The decentralized nature of the system implies that no one central administrator needs to be appointed, and that the system could outlive the lifespan of individual institutions. It is up to the consortium to decide if new partners (i.e. schools or governments) can join this decentralized system. This cross-country system allows not only to share data, but also business rules: the way the data is handled is enforced over and controlled by the network. By design all transactions — i.e. diploma additions or even modifications — are immutable, traceable and auditable. Therefore, the integrity and authenticity of the diplomas are ensured. Furthermore, the solution can also be integrated with governments’ and schools’ current IT systems, allowing for easy ways to update and receive student information. The certified for life blockchain solution can be seen as a part of the puzzle that helps smoothen and simplify the administrative processes of governments and schools (see also Figure 6).
Lessons learned & alternative architectures
In the set-up for the prototype, we exchange all diploma information via the blockchain, meaning that both the diploma data, the person’s national number and the permissions (access keys) are stored on the blockchain. Using this set-up, we obtain the most advantages and ease of use for the civilians, and we could leverage the shared business rules on blockchain the most. However, concerns are raised in terms of the “right to be forgotten”, increased risk for data breaches (due to duplication of personal data across different consortium partners) and the potential misuse of the data by individual consortium partners. Indeed, even if the data is encrypted, if the logic should be able to decrypt the information, then the consortium partners themselves are in principle able to decrypt and read the data.
Solutions exist, but they limit the advantages of the solution as well. For example, we could also work out a solution where only the proof of the diploma is kept on the blockchain in the form of a hash, and the permissions and the encrypted diploma data is kept in the “side databases” of Hyperledger Fabric version 1.2. Here, the diploma data could be symmetrically encrypted with a key, which is by itself asymmetrically re-encrypted with the public key of each individual user that gets access. In these side databases of HLF v1.2, private transactions can be kept, and data can be deleted. In this solution, the private key of the user that got permission to view the diploma data is needed to decrypt the symmetric key and thus the diploma. Therefore, malicious consortium partners are not able to decrypt the diploma data. However, we will not be able to work with access links as proposed in the prototype, and we won’t be able to leverage the shared logic as much (such as including mappings between diplomas, as discussed above).
A second option is the idea of “self-sovereign” identity. Here, the proof of the diploma — again in the form of a hash — would be kept on the blockchain, and a digital version of the diploma would be given to the civilians. This way, the individual is truly the owner of his own personal data and only proofs are kept on-chain. However, be aware that then the student would e.g. get the digital diploma at graduation, and he would have to keep the data himself on his devices or on his cloud storage.
To conclude, I would like to add that there is a non-technical solution as well for the risk of malicious consortium partners: that is to put in place the necessary legal agreements with these consortium partners. Keep in mind as well that it is the existing consortium that decides on new partners, so the best option might be to only involve only parties in which you have relative trust.
With this prototype, we came to a solution for the authentication and cross-country exchange of diploma data using blockchain technology. This prototype shows that the immutability and access control ensure data integrity and proof of authenticity, and that the build in traceability increases insight, trust & control for the individual.
Next steps are to involve the necessary stakeholders at European level and start creating a consortium. The consortium should come to an agreement on which set-up to follow and can then together to take this set-up to production.
Besides to our clients — Fédération Wallonie-Bruxelles, Informatie Vlaanderen and AHOVOKS –, we would like to send out a special thanks to our stakeholders at the different schools and educational institutions that participated in this project. We received a lot of valuable input from them during the project, and their enthusiastic collaboration and constructive feedback ensured a workable prototype and important steps taken towards making this a successful European project.