Digital Credentials on the Blockchain – an innovative test case with Singapore
The ability to globally transfer educational credentials digitally benefits both learners and employers, provided GDPR and online safety are kept paramount. How can this be achieved? TU Delft has been testing the possibilities and the results are encouraging.
As a pre-millennium student and or professional, you probably remember how proudly you received your educational achievements (degrees and the occasional certificate) and carefully put these away in a file to avoid creases (perhaps some of you showcased your degree on the wall). However, for most of us from that period, we most likely didn’t pick up those files again except occasionally to photocopy or scan our educational track records for a new employer.
Fast forward to today – if you are a lifelong learner, that bulky file gathering dust is now most likely a digital file. However, the storage, shareability and verifiability of your learning achievements remains a cumbersome process. Especially in a world where we are increasingly global citizens. Enter blockchain – a way of storing immutable, digital credentials on a system – a one click away from sharing and authenticating your educational portfolio.
Since 2013, the TU Delft Extension School of Continuing Education has been dedicated to educating the world and enhancing the quality of online education. Today we have over three million learners from across the globe. Having a verifiable credential is an important part of completing a course. We entered into a pilot to put certificates on the blockchain and explore the benefit this would bring to an international learner – to be precise, we wanted to know how a learner who takes a course offered by the TU Delft Extension School but who lives and works in Singapore could benefit from this technology.
Piloting a test case with Singapore
We did this pilot together with Accredify, a driver of the adoption of digital credentials in Singapore. Accredify was introduced to us through the Blockchain program between the Netherlands and Singapore (facilitated by Partners for International Business Blockchain Solutions). This was the first time Accredify partnered with an institute in Europe. Accredify uses Blockchain Ethereum technology to issue and verify tamper-proof, digital academic certificates[1]. As a public university that is based in Europe, we were keen to explore what benefit it would bring the professional learner with minimal effort from their side, provided that all General Data Protection Regulations (GDPR) were being taken into account (Europe having one of the strictest Data Protection laws in the world).
As with any pilot or joint project, we started by signing an agreement between the respective institutes (TU Delft and Accredify) but also with the learner. As this pilot involves learner personal data, we had to fulfil all the obligations we have in this regard about how we would process the data and how we would ensure the learner was aware of this. We identified a willing volunteer, a Singaporean-based professional learner, who had successfully completed a TU Delft Professional Education Certificate.
[1] 8 Benefits of Verifiable Digital Certificates for Educational Institutions (https://newsroom.accredify.io/blog/8-benefits-of-verifiable-digital-certificates-for-educational-institutions/)
Blockchain technology to safeguard learner’s data
Accredify creates a unique fingerprint, or hash, for the certificate, which is generated based on the certificate’s content. This hash is then published to the blockchain. The certificate is then issued and distributed to learners as an OpenCert file, a format that is easily shareable and verifiable. With this OpenCert file, the learner can instantly verify their certificate by dragging and dropping the file to an online verifiable portal, and can decide whom they want to share their certificate with, for example their employer or via LinkedIn.
Fingerprints and identfiers – how does it all work?
Behind the scenes of the verification process, Accredify creates a new fingerprint for the uploaded certificate based on its content. The new fingerprint is compared with the original fingerprint published to the blockchain. If the new fingerprint and original fingerprint match, the certificate is verified to be a true certificate. Accredify’s system will then return a Yes / No answer as to whether the learner’s certificate a) has not been tampered with; b) has been issued; c) was issued by an authorised institution; and, d) is still valid at the time of verification. If the fingerprints do not match, the certificate will fail verification. This could mean that the certificate was modified or has not been issued.
One of the most fundamental principles of the GDPR indicates that processing of personal data must ensure confidentiality; this means that any data made public that identifies the learner is a breach of GDPR. Information on an educational certificate would include the full name, date of birth and in some cases, country of birth, of the learner - all of which are personal data. Another principle indicates that all individuals have a ‘right to be forgotten’ – this means that an individual can request that their personal data be removed (erased) from the institute’s records. Is the application of blockchain for credentials GDPR compliant?
Hashed data is considered as personal data on the blockchain if it can be related to a specific person. To respond to this, the solution is to create an “intermediate” identifier. The hashes appended on the blockchain will cease to be deemed as personal data as from the deletion of this “intermediate” identifier.
Once on the blockchain always on the blockchain?
The question of the right to be forgotten is a bit more challenging. Once on the blockchain, always on the blockchain. From our internal systems we can ‘revoke’ the certificate. From the learner’s side, they can choose to no longer share their certificate with anyone; however, the hashed data related to the certificate can never be removed from the blockchain. The action of revocation means that the certificate, if it ever goes through the verification process, will no longer be verifiable. However, when we delete the “intermediate” identifier of the learner at their request, the hashes appended on the blockchain will cease to be personal data. This thus provides the learner with the ‘right to be forgotten’ as we cease to have control over the learner’s personal data. As an institute within Europe, it is crucial to let the learner know how their data will be processed before putting their certificate on the blockchain.
Encouraging results for future adoption
To conclude, the lessons learnt from this pilot are very encouraging. Learners and employers can enjoy ease of shareabilty and verifiability. However, as with any (relatively) new technology, a cultural change is required. Many universities and organisation still have their own ‘legal’ obligations and/or outdated processes for receiving and storing certificates. With on-going initiatives in the field of digital credentials on the blockchain and the boom in lifelong learning opportunities, we hope that the increase in learners and institutes using this technology will be the required catalyst for change for wider societal acceptance of these forms of digitally verifiable certificates.
TU Delft is a member of the Digital Credential Consortium – a university led initiative where 12 universities are developing infrastructure for issuing, sharing and verifying digital credentials of academic achievement. Learn more at digitalcredentials.mit.edu
Founded in 2019, Accredify is pioneering the adoption of verifiable data by providing organisations with an end-to-end solution to create and issue verifiable documents. Serving clients in the education and healthcare sector and with a presence in more than five markets globally, documents issued by Accredify have been verified close to 5 million times. With a dedicated team that embraces the highest standards of customer service, security, and privacy, Accredify’s objective is to be the trusted solution for managing and verifying documents anywhere and anytime. Learn more at https://accredify.io/
Partners for International Business (PIB) Blockchain Solutions. In this programme Dutch companies, knowledge institutes and government are working together to connect the Dutch and Singapore’s blockchain ecosystems and explore and develop blockchain solutions. Learn more at https://www.dutchblockchainsolutions.com/
