View All Documents & Correspondence
System And Method For Digitizing Issuance And Verification Of A Cryptographically Signed Document Using Blockchain
Abstract: ABSTRACT SYSTEM AND METHOD FOR DIGITIZING ISSUANCE AND VERIFICATION OF A CRYPTOGRAPHICALLY SIGNED DOCUMENT USING BLOCKCHAIN A system and method are provided for digitizing an issuance and a verification of a cryptographically signed document of a holder using a distributed ledger. The method includes (i) generating a first digital record of the holder for input data in the distributed ledger, (ii) generating a second digital record of the issuing authority for the attributes, (iii) generating a credential offer for the issuing authority, (iv) receiving a credential request and a master secret key by sending the credential offer, (v) issuing cryptographically signed and the master secret key attached document to the holder after receiving the credential request, (vi) sending request by setting up the pairwise connection between a third decentralized identifier and the first decentralized identifier, (vii) receiving a proof in response to the request, and (viii) validating the proof comprising the master secret key with the public key of the issuing authority from the distributed ledger. FIGS. 6A&6B
Notices, Deadlines & Correspondence
Patent Information
Applicants
ASSET CHAIN TECHLLIGENCE PRIVATE LIMITED
Inventors
1. Mayur Zanwar
2. Samit Singhai
Specification
DESC:SYSTEM AND METHOD FOR DIGITIZING ISSUANCE AND VERIFICATION OF A CRYPTOGRAPHICALLY SIGNED DOCUMENT USING BLOCKCHAIN
BACKGROUND
Technical Field
[0001] The embodiments herein generally relate to blockchain technology, and more particularly, to a system and method an issuance and a verification of a cryptographically signed document of a holder using a distributed ledger, thereby enabling security by binding a master secret key to the cryptographically signed document.
Description of the Related Art
[0002] A credential is a piece of any document that details a qualification, competence, or authority issued to an individual by a third party with a relevant or de facto authority or assumed competence to do so. Examples of credentials include academic diplomas, academic degrees, certifications, security clearances, identification documents, badges, passwords, user names, keys, power of attorney, or soon. Counterfeiting credentials is a constant and serious problem, irrespective of the type of credential. A great deal of effort goes into finding methods to reduce or prevent counterfeiting. In general, the greater the perceived value of the credential, the greater the problem with counterfeiting and the greater the lengths to which the issuer of the credential must go to prevent fraud.
[0003] Existing techniques employ the issuance of credentials in a physical format that is paper-based credentials. The issuance of credentials in the physical format may have chances of being forged or might get lost or even misplaced. Moreover, high costs are incurred on the verification of paper-based credentials. Also, the verification process is highly time-consuming, has high life-cycle costs, and is a tedious job. There might be a challenge to the legitimacy of the credentials issued. This leads to improper utilization of resources, time.
[0004] Some existing techniques employ digitization of records by proving a soft copy in a low-tech digital format. The low-tech digital format may be a pdf format or jpeg format. The low-tech digital format is not a secure way of issuance of credentials.
[0005] Some current existing techniques employ a centralized identity system. The centralized identity system maintains identities and data of the users using an operator. The centralized identity system fails to employ cyber security. Thereby, the centralized identity system is easily available to hack the digital identities and the data of the users. The centralized identity system fails to create international identity repositories as there is no proper data warehousing to access the data and the identities of the users.
[0006] Accordingly, there remains a need for a more efficient system and method for mitigating and/or overcoming drawbacks associated with current methods.
SUMMARY
[0007] In view of foregoing, an embodiment herein provides a system for digitizing an issuance and a verification of a cryptographically signed document of a holder using a distributed ledger, thereby enabling security by binding a master secret key to the cryptographically signed document. The system includes a holding unit, an issuing unit, and a verifying unit. The holding unit is configured to receive input data of the holder through a cloud for generating a first digital record in a distributed ledger. The holding unit includes a memory comprising a set of instructions and a processor that is configured to retrieve and execute the set of instructions from the memory, and is configured to: (i) generate the first digital record of the holder for the input data in the distributed ledger, the distributed ledger provides a first decentralized identifier, and a decentralized descriptor object for the first digital record. The issuing unit is configured to receive attributes from an issuing authority of the document through the cloud for generating a second digital record in the distributed ledger using a second decentralized identifier. The issuing unit includes a memory comprising a set of instructions and a processor that is configured to retrieve and execute the set of instructions from the memory, and is configured to: (ii) generate the second digital record of the issuing authority for the attributes, the distributed ledger provides a second decentralized identifier, and a public key for the second digital record, the second decentralized identifier is stored in a second wallet of the issuing authority, (iii) generate a credential offer for the issuing authority by setting up a pairwise connection between the first decentralized identifier and the second decentralized identifier, (iv) receive, from the processor of the holding unit, a credential request by sending the credential offer to the processor of the holding unit, the credential request comprises the credential offer, and a master secret key, the credential request and the master secret key are generated by the processor of the holding unit based on the credential offer, (v) issue, by the processor of the issuing unit, a cryptographically signed and the master secret key attached document to the holder after receiving the credential request from the issuing authority, the cryptographically signed and the master secret key attached document is stored in a wallet of the first digital record of the holding unit. The verifying unit includes a memory comprising a set of instructions and a processor that is configured to retrieve and execute the set of instructions from the memory, and is configured to: (vi) send, by the processor of the verifying unit (108), a request to the processor of the issuing unit by setting up the pairwise connection between a third decentralized identifier and the first decentralized identifier, (vii) receive a proof from the holding unit, the proof is generated by the processor of the holding unit in response to the request, and (viii) validate the proof comprising the master secret key with the public key of the issuing authority from the distributed ledger, thereby enabling the security for the verification of the cryptographically signed document.
[0008] In some embodiments, the processor of the issuing unit is configured to publish the public key corresponding to the second decentralized identifier corresponding to the public key for the issuing authority, the second decentralized identifier is used while issuing the cryptographically signed document to the holder.
[0009] In some embodiments, the first digital record and the second digital record are hashed using a secure hashing method and stored in the distributed ledger using a cryptographic link.
[0010] In some embodiments, the distributed ledger stores the hashed first digital record in a form of a first key and the hashed second digital record in the form of a second key using an ordered mapping method.
[0011] In some embodiments, the hashed first digital record and the second digital record are determined by processing the input data and the attributes to determine a string of random numbers.
[0012] In one aspect, a method is provided for digitizing an issuance and a verification of a cryptographically signed document of a holder using a distributed ledger, thereby enabling security by binding a master secret key to the cryptographically signed document. The method includes generating, by a processor of a holding unit, a first digital record of a holder for input data in the distributed ledger. The distributed ledger provides a first decentralized identifier, and a decentralized descriptor object for the first digital record. The input data of the holder is received by the holding unit through a cloud. The method includes generating, by a processor of an issuing unit, a second digital record of the issuing authority for the attributes, the distributed ledger provides a second decentralized identifier, and a public key for the second digital record. The second decentralized identifier is stored in a second wallet of the issuing authority. The attributes are received by the issuing unit from the issuing authority. The method includes generating a credential offer for the issuing authority by setting up a pairwise connection between the first decentralized identifier and the second decentralized identifier by the processor of the issuing unit. The method includes receiving a credential request and a master secret key from the processor of the holding unit by sending the credential offer to the processor of the holding unit by the processor of the issuing unit. The credential request, and the master secret key are generated by the processor of the holding unit based on the credential offer. The method includes issuing a cryptographically signed and the master secret key attached document to the holder after receiving the credential request from the issuing authority by the processor of the issuing unit. The cryptographically signed and the master secret key attached document is stored in a wallet of the first digital record of the holding unit. The method includes sending, by the processor of the verifying unit, a request to the processor of the issuing unit by setting up the pairwise connection between a third decentralized identifier and the first decentralized identifier. The method includes receiving a proof from the holding unit, the proof is generated by the processor of the holding unit in response to the request. The method includes validating the proof comprising the master secret key with the public key of the issuing authority from the distributed ledger, thereby enabling the security for the verification of the cryptographically signed document.
[0013] In some embodiments, the processor of the issuing unit is configured to publish the public key corresponding to the second decentralized identifier corresponding to the public key for the issuing authority, the second decentralized identifier is used while issuing the cryptographically signed document to the holder.
[0014] In some embodiments, the first digital record and the second digital record are hashed using a secure hashing method and stored in the distributed ledger using a cryptographic link.
[0015] In some embodiments, the distributed ledger stores the hashed first digital record in a form of a first key and the hashed second digital record in the form of a second key using an ordered mapping method.
[0016] In some embodiments, the hashed first digital record and the second digital record are determined by processing the input data and the attributes to determine a string of random numbers.
BRIEF DESCRIPTION OF THE DRAWINGS
[0017] The embodiments herein will be better understood from the following detailed description with reference to the drawings, in which:
[0018] FIG. 1 illustrates a system for digitizing an issuance and a verification of a cryptographically signed document of a holder using a distributed ledger according to some embodiments herein;
[0019] FIG. 2 is a block diagram of a holding unit and the issuing unit according to some embodiments herein;
[0020] FIG. 3 is a block diagram of a verifying unit according to some embodiments herein according to some embodiments herein;
[0021] FIG. 4 is an interaction diagram that illustrates a method for digitizing issuance a cryptographically signed document of a holder according to some embodiments herein;
[0022] FIG. 5 is a flow diagram that illustrates a method for verifying a cryptographically signed document of a holder by a verifier for a purpose according to some embodiments herein;
[0023] FIGS. 6A and 6B are flow diagrams that illustrate a method for digitizing an issuance and a verification of a cryptographically signed document of a holder using a distributed ledger according to some embodiments herein; and
[0024] FIG. 7 is a block diagram of a schematic diagram of a server used in accordance with embodiments herein.
DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS
[0025] The embodiments herein and the various features and advantageous details thereof are explained more fully with reference to the non-limiting embodiments that are illustrated in the accompanying drawings and detailed in the following description. Descriptions of well-known components and processing techniques are omitted so as to not unnecessarily obscure the embodiments herein. The examples used herein are intended merely to facilitate an understanding of ways in which the embodiments herein may be practiced and to further enable those of skill in the art to practice the embodiments herein. Accordingly, the examples should not be construed as limiting the scope of the embodiments.
[0026] There remains a need for a system and method for digitizing issuance and verification of a digital educational certificate using blockchain technology. Referring now to the drawings, and more particularly to FIGS. 1 through 7, where similar reference characters denote corresponding features consistently throughout the figures, preferred embodiments are shown.
[0027] FIG. 1 illustrates a system 100 for digitizing an issuance and a verification of a cryptographically signed document of a holder using a distributed ledger 110 according to some embodiments herein. The system 100 includes an issuing unit 102, a holding unit 104, a verifying unit 108, and a distributed ledger 110. The issuing unit 102, the holding unit 104, the verifying unit 108, and the distributed ledger 110 may communicate with each other through a cloud 106. In some embodiments, the cloud 106 is a wireless network based on at least one of wi-fi or Bluetooth. In some embodiments, the cloud 106 is a combination of a wired network and a wireless network. In some embodiments, the cloud106 is the Internet. In some embodiments, the issuing unit 102, the holding unit 104, and the verifying unit 108, without limitation, may be selected from a mobile phone, a Personal Digital Assistant (PDA), a tablet, a desktop computer, or a laptop.
[0028] The holding unit 104 receives the input data of the holder. The input data may be demographic details of the holder, and educational details of the holder. In some embodiments, the demographic details of the holder include name, age, sex, mobile/phone number, and date of birth of the holder. In some embodiments, the education details include such as place of education, name of the educational institution, address of the educational institution, name of the university, address of the university, degree of education, marks obtained, specialization subjects, percentage obtained, etc. The input data may be used for issuing a digital educational certificate or a digital badge to the holder. The issuing unit 102 may be the educational institution or university. In some embodiments, the issuing authority includes the signing authority for the digital educational certificate or the digital badge to the user 102.
[0029] The holding unit 104 generates a first digital record for the input data of the holder and a timestamp in the distributed ledger 110. In some embodiments, the distributed ledger 110 is a blockchain. In some embodiments, the digital record is a block in the blockchain network. The distributed ledger 110 indicates a system of data recording including created digital records of the holder. For each digital record of the holder, the distributed ledger 110 provides a first decentralized identifier (DID) for the holder. The holder of the holding unit 102 may provide his/her name as a unique key. The unique key is known as the first decentralized identifier (DID). Each DID has an associated value called a DID descriptor object (DDO). The combination of the first DID and DDO forms the first digital record. Digital records of the users are hashed and added to the distributed ledger 110 via a cryptographic link. The distributed ledger 110 connects the digital records in chronological order. In some embodiments, the blocks are connected in chronological order in the blockchain network. For example, block 1 is connected to block 2, and block 2 is connected to block 3, etc., wherein the hash of block 1 is stored in block 2, and the hash of block 2 is stored in block 3, etc. When the digital record is added to the distributed ledger 110, the digital record is hashed using a secure hash algorithm. In some embodiments, the distributed ledger 110 processes input data in the digital record by producing a string of random characters or hash. For example, the type of input data may be integers, strings, dates, images, etc. For example, the string of random characters or hash may be CJQ4FjkuA8, PSd7mlIfID, 647J5k*! etc. The hash is then included in the next digital record so that both digital records are connected. Thereby, a digital chain is generated in the distributed ledger 110. The issuing unit 102 receives attributes from an issuing authority of the document through the cloud 106. The attributes may be the name of the educational institution, the address of the educational institution, the digital signature of the authorized signatory, the stamp of the institution, etc. The issuing unit 102 generates a second digital record of the issuing authority for the attributes. The second digital record includes a second DID for an issuing authority and a public key to the distributed ledger 110. The issuing unit 102 provides the attributes of the issuing authority on the distributed ledger 110 so that the attributes of the issuing authority may be visible to other issuing authorities in the network. The issuing unit 102 publishes the public key corresponding to a private key (the second DID), wherein the issuing authority uses the private key while issuing the digital educational certificate to the holder.
[0030] The distributed ledger 110 may include a master node that maintains a full copy of the distributed ledger 110. The distributed ledger 110 may use a redundant byzantine fault tolerance (RBFT) algorithm for verifying the genuineness of the users as the consensus mechanism. The distributed ledger 110 may use a merkle tree process for backing up the distributed ledger 110 for indexing. The distributed ledger 110 may use a combination of merkle tree and radix tree processes to manage the current state of the distributed ledger 110. The distributed ledger 110 may store the hash data of the digital record in the form of value/key using an ordered mapping method.
[0031] The issuing unit 102 and the holding unit 104 generate a connection between the holder and the issuing authority by pairwise connection of the first DID of the holder and the second DID of the issuing authority. The connection between the holder and the issuing authority is not assigned on the distributed ledger 110 and the connection remains private. The issuing unit 102 creates a credential offer for the issuing authority and shares with the holder once the pairwise DID connection is set up. Thereby, the holder creates a master secret after receiving the credential offer from the issuing authority. The master secret is only known to the user 102. In some embodiments, the master secret is used to prove that the issued digital educational certificate is actually issued to that holder by the issuing authority. The holding unit 104 generates a credential request for the holder. The issuing unit 106 receives the credential request. The credential request includes the received credential offer and the master secret key. In some embodiments, the actual master secret is not assigned to the credential request. The issuing authority receives the credential request from the holder. The issuing authority issues a cryptographically signed and the master secret key attached document. The master secret binds with the digital educational certificate. The cryptographically signed and the master secret key attached document is stored in a wallet of the first digital record of the holding unit.
[0032] In some embodiments, the verifying unit 108 verifies the digital educational certificate for a purpose, wherein the purpose may be an employer verification, verification during the issuance of government identity cards like aadhar, passport, etc. The verifying unit 108 sends a request to the issuing unit by setting up the pairwise connection between a third decentralized identifier and the first decentralized identifier. The holding unit generates a proof for the request based on the master secret key. The proof for the request proves the cryptographically signed and the master secret key attached document and shared with the verifying unit 108. The verifying unit 108 validates the proof comprising the master secret key with the public key of the issuing authority from the distributed ledger, thereby enabling the security for the verification of the cryptographically signed document.
[0033] FIG. 2 is a block diagram of a holding unit and the issuing unit according to some embodiments herein. The block diagram of the holding unit includes a database 200, an input data receiving module 202, a first decentralized identifier generating module 204. The input data receiving module 202 receives input data of the holder. The input data may be demographic details of the holder, and educational details of the holder. The first decentralized identifier generating module 204 generates a first digital record for the input data of the holder and a timestamp in the distributed ledger 110. In some embodiments, the distributed ledger 110 is a blockchain. The distributed ledger provides a first decentralized identifier, and a decentralized descriptor object for the first digital record. The input data and the first centralized identifier are stored in the database 200.
[0034] The block diagram of the issuing unit includes a database 201, an attributes receiving module 206, a second decentralized identifier generating module 208, a credential offer generating module 210, a credential request receiving module 212, and a cryptographically signed and master secret key attached document issuing module 214. The attributes receiving module 206 receives attributes from the issuing authority of the document through the cloud. The second decentralized identifier generating module 208 generates a second digital record in the distributed ledger using a second decentralized identifier. The second decentralized identifier generating module 208 generates the second digital record of the issuing authority for the attributes. The distributed ledger provides the second decentralized identifier, and a public key for the second digital record. The second decentralized identifier is stored in a second wallet of the issuing authority. The credential offer generating module 210 generates a credential offer for the issuing authority by setting up a pairwise connection between the first decentralized identifier and the second decentralized identifier. The credential request receiving module 212 receives a credential request by sending the credential offer from the processor of the holding unit. The credential request includes the credential offer, and a master secret key. The credential request and the master secret key are generated by the holding unit based on the credential offer. The cryptographically signed and master secret key attached document issuing module 214 issues a cryptographically signed and the master secret key attached document to the holder after receiving the credential request from the issuing authority. The cryptographically signed and the master secret key attached document is stored in a wallet of the first digital record of the holding unit. The attributes and the second centralized identifier are stored in the database 201.
[0035] FIG. 3 is a block diagram of a verifying unit according to some embodiments herein according to some embodiments herein. The block diagram of the verifying unit includes a database 300, a request sending module 302, a proof receiving module 304, and a proof validating module 306. The request sending module 302 sends a request to the processor of the issuing unit by setting up the pairwise connection between a third decentralized identifier and the first decentralized identifier. The proof receiving module 304 receives a proof from the holding unit. The proof is generated by the holding unit in response to the request. The proof validating module 306 validates the proof comprising the master secret key with the public key of the issuing authority from the distributed ledger, thereby enabling the security for the verification of the cryptographically signed document.
[0036] FIG. 4 is an interaction diagram that illustrates a method for digitizing issuance a cryptographically signed document of a holder according to some embodiments herein. At step 402, the method includes creating and storing DID of the holder to the distributed ledger 110. At step 404, the method includes creating and storing DID of the issuing authority to the distributed ledger 110. At step 406, the method includes creating and storing DID of the holder to the distributed ledger 110 creating a pairwise connection of DID of the holder and the DID of the issuing authority. At step 408, the method includes creating a credential offer and sharing it with the holder. At step 410, the method includes creating master key and a credential request. At step 412, the method includes sharing the credential request to the issuing authority, the credential request includes the credential offer and the master secret key. At atep 414, the method includes sending the cryptographically signed digital educational certificate to the holder by combining the credential and the master secret key after receiving the credential request from the holder.
[0037] FIG. 5 is a flow diagram that illustrates a method for verifying a cryptographically signed document of a holder by a verifier for a purpose according to some embodiments herein. At step 502, the method includes sending a credential offer by the issuing authority. At step 504, the method includes sending a credential request by the holder. At step 506, the method includes issuing digital educational certificate credentials. At step 508, the method includes sending proof offer to the verifying unit 108 by the holder. At step 510, the method includes receiving the proof request by the holder from the verifying unit 108. At step 512, the method includes sending proof by the holder to the verifying unit 108. At step 514, the method includes verifying the digital educational certificate credentials with public key of the distributed ledger 110.
[0038] FIGS. 6A and 6B are flow diagrams that illustrate a method for digitizing an issuance and a verification of a cryptographically signed document of a holder using a distributed ledger according to some embodiments herein. At step 602, the method includes generating, by a processor of a holding unit, a first digital record of a holder for input data in the distributed ledger. The distributed ledger provides a first decentralized identifier, and a decentralized descriptor object for the first digital record. The input data of the holder is received by the holding unit through a cloud. At step 604, the method includes generating, by a processor of an issuing unit, a second digital record of the issuing authority for the attributes, the distributed ledger provides a second decentralized identifier, and a public key for the second digital record. The second decentralized identifier is stored in a second wallet of the issuing authority. The attributes are received by the issuing unit from the issuing authority. At step 606, the method includes generating a credential offer for the issuing authority by setting up a pairwise connection between the first decentralized identifier and the second decentralized identifier by the processor of the issuing unit. At step 608, the method includes receiving a credential request and a master secret key from the processor of the holding unit by sending the credential offer to the processor of the holding unit by the processor of the issuing unit. The credential request, and the master secret key are generated by the processor of the holding unit based on the credential offer. At step 610, the method includes issuing a cryptographically signed and the master secret key attached document to the holder after receiving the credential request from the issuing authority by the processor of the issuing unit. The cryptographically signed and the master secret key attached document is stored in a wallet of the first digital record of the holding unit. At step 612, the method includes sending, by the processor of the verifying unit, a request to the processor of the issuing unit by setting up the pairwise connection between a third decentralized identifier and the first decentralized identifier. At 614, the method includes receive a proof from the holding unit, the proof is generated by the processor of the holding unit in response to the request. At 616, the method includes validating the proof comprising the master secret key with the public key of the issuing authority from the distributed ledger, thereby enabling the security for the verification of the cryptographically signed document.
[0039] In an exemplary embodiment, a user who wants to apply for a job and share the educational certificate issued by an educational institute with employer for verification. The educational institute creates a decentralized digital identity (DID) and public key to a distributed ledger. The educational institute publishes attributes on the distributed ledger to make visible to other organizations in the network. The educational institute publishes public key and its corresponding private key. Similarly, the user also creates DID on the distributed ledger. The educational institute and the user create a connection using pairwise DID. The educational institute creates a credential offer and shares it with the user after setting up the connection using pairwise DID. The user receives the credential offer and creates a master secret.
[0040] The master secret is only known to the user. The master secret is used to prove that the issued digital educational certificate is actually issued to that user by the educational institute. The user creates a credential request and shares to the educational institute. The credential request includes the received credential offer and the master secret. The actual master secret is not assigned to the credential request. The educational institute receives the credential request from the user and signs the educational certificate cryptographically and sends to the user. The master secret binds with the educational certificate. The user stores the signed digital educational certificate in the block.
[0041] The employer sends a proof request by requesting claims from the educational institute after creating a pairwise connection with the user. The user generates proof for requested claims, using master secret and shares with the employer. The employer verifies the proof with the educational institute public keys from the distributed ledger.
[0042] The embodiments herein may include a computer program product configured to include a pre-configured set of instructions, which when performed, can result in actions as stated in conjunction with the methods described above. In an example, the pre-configured set of instructions can be stored on a tangible non-transitory computer-readable medium or a program storage device. In an example, the tangible non-transitory computer readable medium can be configured to include the set of instructions, which when performed by a device, can cause the device to perform acts similar to the ones described here. Embodiments herein may also include tangible and/or non-transitory computer-readable storage media for carrying or having computer executable instructions or data structures stored thereon.
[0043] Generally, program modules utilized herein include routines, programs, components, data structures, objects, and the functions inherent in the design of special-purpose processors, etc. that perform particular tasks or implement particular abstract data types. Computer executable instructions, associated data structures, and program modules represent examples of the program code means for executing steps of the methods disclosed herein. The particular sequence of such executable instructions or associated data structures represents examples of corresponding acts for implementing the functions described in such steps. The embodiments herein can include both hardware and software elements. The embodiments that are implemented in software include but are not limited to, firmware, resident software, microcode, etc. A data processing system suitable for storing and/or executing program code will include at least one processor coupled directly or indirectly to memory elements through a system bus. The memory elements can include local memory employed during actual execution of the program code, bulk storage, and cache memories which provide temporary storage of at least some program code in order to reduce the number of times code must be retrieved from bulk storage during execution.
[0044] Input/output (I/O) devices (including but not limited to keyboards, displays, pointing devices, etc.) can be coupled to the system either directly or through intervening I/O controllers. Network adapters may also be coupled to the system to enable the data processing system to become coupled to other data processing systems or remote printers or storage devices through intervening private or public networks. Modems, cable modem, and Ethernet cards are just a few of the currently available types of network adapters.
[0045] A representative hardware environment for practicing the embodiments herein is depicted in FIGS. 6A-6B, with reference to FIGS. 1 through 7. This schematic drawing illustrates a hardware configuration of a server/ a computer system/ a user device in accordance with the embodiments herein. The user device includes at least one processing device 10 and a cryptographic processor 11. The special-purpose CPU 10 and the cryptographic processor (CP) 11 may be interconnected via system bus 14 to various devices such as a random access memory (RAM) 15, read-only memory (ROM) 16, and an input/output (I/O) adapter 17. The I/O adapter 17 can connect to peripheral devices, such as disk units 12 and tape drives 13, or other program storage devices that are readable by the system. The user device 104 can read the inventive instructions on the program storage devices and follow these instructions to execute the methodology of the embodiments herein. The user device 104 further includes a user interface adapter 20 that connects a keyboard 18, mouse 19, speaker 25, microphone 23, and/or other user interface devices such as a touch screen device (not shown) to the bus 14 to gather user input. Additionally, a communication adapter 21 connects the bus 14 to a data processing network 26, and a display adapter 22 connects the bus 14 to a display device 24, which provides a graphical user interface (GUI) 30 of the output data in accordance with the embodiments herein, or which may be embodied as an output device such as a monitor, printer, or transmitter, for example. Further, a transceiver 27, a signal comparator 28, and a signal converter 29 may be connected with the bus 14 for processing, transmission, receipt, comparison, and conversion of electric or electronic signals.
[0046] The system and method for issuing and verification of a digital educational certificate using blockchain are provided. The system provides a faster and more secured issuance and verification process of the digital educational certificate by reducing prone to hacks, downtime and forgery. The time and the cost involved in the issuing and verification of a digital educational certificate gets reduced. The personal data of the user is more secured due to the self-sovereign identity. The unwanted correlation between the issuing authority and the user is prevented due to the connection using pairwise DID. As DIDs are created by the users, there is no dependency on any central authority. Also, there is no dependency on issuing authority for verification process since credentials are verified through distributed ledger.
[0047] The foregoing description of the specific embodiments will so fully reveal the general nature of the embodiments herein that others can, by applying current knowledge, readily modify and/or adapt for various applications such specific embodiments without departing from the generic concept, and, therefore, such adaptations and modifications should and are intended to be comprehended within the meaning and range of equivalents of the disclosed embodiments. It is to be understood that the phraseology or terminology employed herein is for the purpose of description and not of limitation. Therefore, while the embodiments herein have been described in terms of preferred embodiments, those skilled in the art will recognize that the embodiments herein can be practiced with modification.
,CLAIMS:Claims
I/We Claim:
1. A system (100) for digitizing an issuance and a verification of a cryptographically signed document of a holder using a distributed ledger (110), thereby enabling security by binding a master secret key to the cryptographically signed document, the system (100) comprising:
a holding unit (102) configured to receive input data of the holder through a cloud for generating a first digital record in a distributed ledger (110), wherein the holding unit (102) comprises,
a memory comprising a set of instructions; and
a processor that is configured to retrieve and execute the set of instructions from the memory, and is configured to:
generate the first digital record of the holder for the input data in the distributed ledger (110), wherein the distributed ledger (110) provides a first decentralized identifier, and a decentralized descriptor object for the first digital record;
an issuing unit (102) configured to receive attributes from an issuing authority of the document through the cloud for generating a second digital record in the distributed ledger using a second decentralized identifier, wherein the issuing unit (102) comprises,
a memory comprising a set of instructions; and
a processor that is configured to retrieve and execute the set of instructions from the memory and is configured to:
generate the second digital record of the issuing authority for the attributes, wherein the distributed ledger (110) provides a second decentralized identifier, and a public key for the second digital record, wherein the second decentralized identifier is stored in a second wallet of the issuing authority;
generate a credential offer for the issuing authority by setting up a pairwise connection between the first decentralized identifier and the second decentralized identifier;
receive, from the processor of the holding unit (104), a credential request by sending the credential offer to the processor of the holding unit (104), wherein the credential request comprises the credential offer, and a master secret key, wherein the credential request and the master secret key are generated by the processor of the holding unit based on the credential offer;
issue, by the processor of the issuing unit (102), a cryptographically signed and the master secret key attached document to the holder after receiving the credential request from the issuing authority, wherein the cryptographically signed and the master secret key attached document is stored in a wallet of the first digital record of the holding unit; and
a verifying unit (108) configured to verify an issued document, wherein the verifying unit (108) comprises:
a memory comprising a set of instructions; and
a processor that is configured to receive the request for verification and is configured to:
send, by the processor of the verifying unit (108), a request to the processor of the issuing unit by setting up the pairwise connection between a third decentralized identifier and the first decentralized identifier; and
receive a proof from the holding unit, wherein the proof is generated by the processor of the holding unit (104) in response to the request; and
validate the proof comprising the master secret key with the public key of the issuing authority from the distributed ledger (110), thereby enabling the security for the verification of the cryptographically signed document.
2. The system as claimed in claim 1, wherein the processor of the issuing unit (102) is configured to publish the public key corresponding to the second decentralized identifier corresponding to the public key for the issuing authority, wherein the second decentralized identifier is used while issuing the cryptographically signed document to the holder.
3. The system as claimed in claim 1, wherein the first digital record and the second digital record are hashed using a secure hashing method and stored in the distributed ledger (110) using a cryptographic link.
4. The system as claimed in claim 3, wherein the distributed ledger (110) stores the hashed first digital record in a form of a first key and the hashed second digital record in the form of a second key using an ordered mapping method.
5. The system as claimed in claim 3, wherein the hashed first digital record and the second digital record are determined by processing the input data and the attributes to determine a string of random numbers.
6. A method for digitizing an issuance and a verification of a cryptographically signed document of a holder using a distributed ledger (110), thereby enabling security by binding a master secret key to the cryptographically signed document, the method comprises:
generating, by a processor of a holding unit (102), a first digital record of a holder for input data in the distributed ledger (110), wherein the distributed ledger (110) provides a first decentralized identifier, and a decentralized descriptor object for the first digital record, wherein the input data of the holder is received by the holding unit through a cloud;
generating, by a processor of an issuing unit, a second digital record of the issuing authority for the attributes, wherein the distributed ledger (110) provides a second decentralized identifier, and a public key for the second digital record, wherein the second decentralized identifier is stored in a second wallet of the issuing authority, wherein the attributes are received by the issuing unit from the issuing authority;
generating, by the processor of the issuing unit, a credential offer for the issuing authority by setting up a pairwise connection between the first decentralized identifier and the second decentralized identifier;
receiving, by the processor of the issuing unit, from the processor of the holding unit, a credential request and a master secret key by sending the credential offer to the processor of the holding unit, wherein the credential request, and the master secret key are generated by the processor of the holding unit based on the credential offer;
issuing, by the processor of the issuing unit, a cryptographically signed and the master secret key attached document to the holder after receiving the credential request from the issuing authority, wherein the cryptographically signed and the master secret key attached document is stored in a wallet of the first digital record of the holding unit;
sending, by a processor of the verifying unit, a request to the processor of the issuing unit by setting up the pairwise connection between a third decentralized identifier and the first decentralized identifier;
receiving, by the processor of the verifying unit, a proof from the holding unit, wherein the proof is generated by the processor of the holding unit in response to the request; and
validating, by the processor of the verifying unit, the proof comprising the master secret key with the public key of the issuing authority from the distributed ledger, thereby enabling the security for the verification of the cryptographically signed document.
7. The method as claimed in claim 6, wherein publishing, by the processor of the issuing unit, the public key corresponding to the second decentralized identifier corresponding to the public key for the issuing authority, wherein the second decentralized identifier is used while issuing the cryptographically signed document to the holder.
8. The method as claimed in claim 6, wherein the first digital record and the second digital record are hashed using a secure hashing method and stored in the distributed ledger using a cryptographic link.
9. The method as claimed in claim 8, wherein the distributed ledger stores the hashed first digital record in a form of a first key and the hashed second digital record in the form of a second key using an ordered mapping method.
10. The method as claimed in claim 8, wherein the hashed first digital record and the second digital record are determined by processing the input data and the attributes to determine a string of random numbers.
Dated this September 03rd, 2023
Arjun Karthik Bala
(IN/PA 1021)
Agent for Applicant
Documents
Application Documents
| # | Name | Date |
|---|---|---|
| 1 | 202221011508-STATEMENT OF UNDERTAKING (FORM 3) [03-03-2022(online)].pdf | 2022-03-03 |
| 2 | 202221011508-PROVISIONAL SPECIFICATION [03-03-2022(online)].pdf | 2022-03-03 |
| 3 | 202221011508-PROOF OF RIGHT [03-03-2022(online)].pdf | 2022-03-03 |
| 4 | 202221011508-FORM FOR STARTUP [03-03-2022(online)].pdf | 2022-03-03 |
| 5 | 202221011508-FORM FOR SMALL ENTITY(FORM-28) [03-03-2022(online)].pdf | 2022-03-03 |
| 6 | 202221011508-FORM 1 [03-03-2022(online)].pdf | 2022-03-03 |
| 7 | 202221011508-EVIDENCE FOR REGISTRATION UNDER SSI(FORM-28) [03-03-2022(online)].pdf | 2022-03-03 |
| 8 | 202221011508-EVIDENCE FOR REGISTRATION UNDER SSI [03-03-2022(online)].pdf | 2022-03-03 |
| 9 | 202221011508-DRAWINGS [03-03-2022(online)].pdf | 2022-03-03 |
| 10 | 202221011508-PostDating-(03-03-2023)-(E-6-46-2023-MUM).pdf | 2023-03-03 |
| 11 | 202221011508-APPLICATIONFORPOSTDATING [03-03-2023(online)].pdf | 2023-03-03 |
| 12 | 202221011508-FORM-26 [20-03-2023(online)].pdf | 2023-03-20 |
| 13 | 202221011508-FORM FOR STARTUP [15-05-2023(online)].pdf | 2023-05-15 |
| 14 | 202221011508-EVIDENCE FOR REGISTRATION UNDER SSI [15-05-2023(online)].pdf | 2023-05-15 |
| 15 | 202221011508-DRAWING [03-09-2023(online)].pdf | 2023-09-03 |
| 16 | 202221011508-CORRESPONDENCE-OTHERS [03-09-2023(online)].pdf | 2023-09-03 |
| 17 | 202221011508-COMPLETE SPECIFICATION [03-09-2023(online)].pdf | 2023-09-03 |
| 18 | Abstract1.jpg | 2024-01-12 |
| 19 | 202221011508-STARTUP [25-03-2024(online)].pdf | 2024-03-25 |
| 20 | 202221011508-FORM28 [25-03-2024(online)].pdf | 2024-03-25 |
| 21 | 202221011508-FORM 18A [25-03-2024(online)].pdf | 2024-03-25 |
| 22 | 202221011508-FER.pdf | 2024-06-12 |
| 23 | 202221011508-OTHERS [28-08-2024(online)].pdf | 2024-08-28 |
| 24 | 202221011508-FER_SER_REPLY [28-08-2024(online)].pdf | 2024-08-28 |
| 25 | 202221011508-CORRESPONDENCE [28-08-2024(online)].pdf | 2024-08-28 |
| 26 | 202221011508-CLAIMS [28-08-2024(online)].pdf | 2024-08-28 |
| 27 | 202221011508-ABSTRACT [28-08-2024(online)].pdf | 2024-08-28 |
| 28 | 202221011508-US(14)-HearingNotice-(HearingDate-14-11-2024).pdf | 2024-10-28 |
| 29 | 202221011508-Correspondence to notify the Controller [05-11-2024(online)].pdf | 2024-11-05 |
| 30 | 202221011508-Correspondence to notify the Controller [11-11-2024(online)].pdf | 2024-11-11 |
| 31 | 202221011508-Annexure [11-11-2024(online)].pdf | 2024-11-11 |
| 32 | 202221011508-Written submissions and relevant documents [26-11-2024(online)].pdf | 2024-11-26 |
| 33 | 202221011508-POA [26-11-2024(online)].pdf | 2024-11-26 |
| 34 | 202221011508-FORM 13 [26-11-2024(online)].pdf | 2024-11-26 |
| 35 | 202221011508-PatentCertificate28-03-2025.pdf | 2025-03-28 |
| 36 | 202221011508-IntimationOfGrant28-03-2025.pdf | 2025-03-28 |
Search Strategy
| 1 | Search_202221011508E_22-04-2024.pdf |
| 2 | Cerberus_A_Blockchain-Based_Accreditation_and_DegrE_22-05-2024.pdf |