GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → BlockTechCert → BTCert

BlockTechCert / BTCert

Licence: MIT license
BTCert authenticates academic certificates by means of a digital credential that allows immediate verification by third parties. BTCerts uses blockchain and cryptographic techniques to create a certification infrastructure based on the standard Blockcerts

Programming Languages

javascript
184084 projects - #8 most used programming language
CSS
56736 projects
HTML
75241 projects
java
68154 projects - #9 most used programming language

Labels

certificatemerkle-treebitcoin-blockchainblcokchainblockcertsbtcert

Projects that are alternatives of or similar to BTCert

CTjs
CTjs is a full set of classes necessary to work with any kind of Certificate Transparency log (V1 as from RFC6962, or V2 as from RFC6962-bis). In CTjs you could find all necessary validation/verification functions for all related data shipped with full-featured examples showning how to validate/verify. Also in scope of CTjs I made code showing e…
Stars: ✭ 2 (-90.48%)
Mutual labels:  certificate, merkle-tree
proofable-image
Build trust into your image by creating a blockchain certificate for it
Stars: ✭ 17 (-19.05%)
Mutual labels:  certificate, merkle-tree
sslcontext-kickstart
🔐 A lightweight high level library for configuring a http client or server based on SSLContext or other properties such as TrustManager, KeyManager or Trusted Certificates to communicate over SSL TLS for one way authentication or two way authentication provided by the SSLFactory. Support for Java, Scala and Kotlin based clients with examples. Av…
Stars: ✭ 295 (+1304.76%)
Mutual labels:  certificate
merkle sigs.rs
🎄🖋 A Rust implementation of Merkle signing
Stars: ✭ 13 (-38.1%)
Mutual labels:  merkle-tree
openssl ca
openssl_ca with QT GUI
Stars: ✭ 16 (-23.81%)
Mutual labels:  certificate
iavl
Merkleized IAVL+ Tree implementation in Go forked from cosmos/iavl(https://github.com/cosmos/iavl)
Stars: ✭ 17 (-19.05%)
Mutual labels:  merkle-tree
Bubbly
Better SSL in Nginx in 10 minutes. Configuration files and setup scripts for Certbot.
Stars: ✭ 217 (+933.33%)
Mutual labels:  certificate
dockerizing-django
🐳 Dockerize your Django application.
Stars: ✭ 27 (+28.57%)
Mutual labels:  certificate
aws-solutions-architect-associate-certificate
Note to pass the AWS Solutions Architect Associate Exam
Stars: ✭ 58 (+176.19%)
Mutual labels:  certificate
Coursera-Certifications
A repository to showcase my completed courses on the Coursera platform.
Stars: ✭ 20 (-4.76%)
Mutual labels:  certificate
pymerkletools
Python tools for creating Merkle trees, generating Merkle proofs, and verification of Merkle proofs
Stars: ✭ 128 (+509.52%)
Mutual labels:  merkle-tree
app-certificate-requests
🎖 Repository for requesting app certificates
Stars: ✭ 23 (+9.52%)
Mutual labels:  certificate
prune-horst
Signature scheme submitted to NIST's Post-Quantum Cryptography Project
Stars: ✭ 23 (+9.52%)
Mutual labels:  merkle-tree
gb merkle trees
General balanced binary Merkle trees for Erlang
Stars: ✭ 25 (+19.05%)
Mutual labels:  merkle-tree
Simple-TLS-Client-Server-with-Node.js
Simple TLS Client/Server with Node.js
Stars: ✭ 22 (+4.76%)
Mutual labels:  certificate
cloud-signature-consortium
Cloud Signature Consortium Remote Signature Service Provider in Node.js
Stars: ✭ 19 (-9.52%)
Mutual labels:  certificate
qdigidoc
DEPRECATED DigiDoc3 Client is a program that can be used to sign digitally with ID-card and Mobile-ID, check the validity of digital signatures and open and save documents inside the signature container.
Stars: ✭ 25 (+19.05%)
Mutual labels:  certificate
gravity-sphincs
Signature scheme submitted to NIST's Post-Quantum Cryptography Project
Stars: ✭ 67 (+219.05%)
Mutual labels:  merkle-tree
Mirror
Deploy Google and Wikipedia mirror with one command using now.sh.
Stars: ✭ 93 (+342.86%)
Mutual labels:  certificate
smtplib-bruteforce
bruteforcing gmail (TLS/SSL)
Stars: ✭ 26 (+23.81%)
Mutual labels:  certificate
View All Similar Projects ➔

BTCert

BTCert authenticates academic certificates by means of a digital receipt that allows immediate verification by third parties. BTCert is inspired by the open source project Blockcerts. As in Blockcerts, BTCert issues a digital credential by sending a Bitcoin transaction from the awarding institution to the recipient/certificate owner. As illustrated in Figure 1, a set of hash value of certificates would be attached to the Bitcoin transaction when Alice paid 5 BTC to Tom. By the design of BTCert, Alice replaces the note "thank you" by the Merkle root corresponding a group of certificates. Then, BTCert allows an independent verifier to check the authenticity of such certificates by retreiving the hash value from the Bitcoin blockchain and comparing it to the local receipt.

Figure 1. Working mechanism of BTCerts/Blockcerts

BTCert uses additional cryptographic techniques to improve robustness and availability of the credentials issuing operation. BTCert uses multiple signatures to improve on the security of digital credentials issuing. BTCert adds a revocation mechanism based on BTC address to revoke a certificate more reliably, and establishing a secure federated identity aimed at verifying the awarding institution's identity. The core cryptographic parts of BTCert are implemented in JavaScript, which made it possible to handle all the sensitive data on the client side (browser). In other words, BTCert never transfers nor stores any sensitive data such as private keys on the server side.

Prototype workflow

For helping the readers to have a better understanding of BTCert, we created a prototype model workflow from four primary roles, including student, checker, issuer, system and employer. The prototype workflow is shown in figure 2 below. Figure 2. Workflow of prototype.

Firstly, the student applies to the school for a certificate, and the certifiers check the students’ information and merge the certificate with a Bitcoin transaction once it is approved. Then a given threshold of issuing committee members sign it with their private keys. After that, the system broadcasts the transaction which contains the Merkle root of all the certificates. Next, the student receives a JSON-based certificate once the transaction is confirmed and added to the Bitcoin blockchain. In the next stage, the student provides the JSON-based certificate to the verifier (e.g. a company where he or she applies for a job). Lastly, the company verifies the certificate via access to the Blockchain and checks the authentication code to confirm the identity of the school.

System architecture

As it is shown in Figure 3, the system consists of four components in our implementation: verification application including federated identity, issuing application involving multi-signature and BTC-address based revocation, Blockchain and local Database adopted by MongoDB.

Figure 3. System architecture diagram

The issuing application is responsible for the main business logic, including requesting, examining, signing and issuing of the credential attesting for the existence of an academic certificate. The issuing application is designed to merge the hash of the certificate with a Merkle tree and send the Merkle root to the Bitcoin blockchain. Also, the issuing application deals with the revocations of certificates. The main component functions in the issuing application are:

  • Login function
  • Privilege control (RBAC mode)
  • The approval process (student->>checker->>supervisor->>administration staff->>head of school)
  • Multi-signature function
  • Auditing the certificate
  • View the published certificate
  • View the signed certificate
  • View the certificate ready to sign
  • Revoking the certificate batchly
  • Administration page to manage the user, the privilege and certificate.
  • Cold storage for the keys (will release in next version)

The verification application focuses on checking the authenticity and integrity of the certificates that have been issued. It includes two main components: a web-based page and an Android-based application. They use the same mechanism: fetching the transaction message through the blockchain API and comparing the transaction message to the verification data from the digital receipt. The mechanism can be briefly described in the following way: checking the authentication code; checking the hash with the local certificate; confirming the hash in the Merkle tree; examining the Merkle root in the blockchain; verifying the certificate has not been revoked; validating the expired date of the certificate. Also, for the convenience of sharing the certificates, the Android-based application allows the verification by scanning the QR code directly. The main component functions for verification application are the following:

  • Upload the PDF/JSON files / Scan the QR code
  • Calculate the hash value for the PDF file
  • The interaction with blockchain API
  • Authentication management: the issuing address relationship with the school identity.
  • The logic of the verification:

The verification of hash value on the certificate (to avoid tampering)
The verification to confirm if the hash value is in the merkle tree
The verification to confirm if the hash value of the merkle tree root is on the blockchain
The verification of the validity of the certificate (to avoid the revoked certificate)
The verification of the valid date of the certificate (to avoid the expired certificate)

The blockchain acts as the infrastructure of trust and a distributed database for saving the authentication data. Typically, the authentication data consists of the Merkle root generated using hashed data from several dozens of certificates. The MongoDB is employed as our local database since the MongoDB can successfully manage JSON-based certificates while providing high availability and scalability.

System security analysis

Network security
Currently, it's dangerous to open server for receiving the internet request directly, so most companies buffer their contact with the outside world by employing a DMZ. The DMZ create a security gap between intranet and internet. Ideally, to access internal resources, every request has to go through this DMZ. However, even DMZ has the most stringent rules, there is still the probability that hacker from the outside still can access the internal side. In our project, our core database and issuing service run on the internal network that is an envelope environment, in other words, our deployed environment is physically isolated from the outside. A hacker from the outside has no possibility of accessing the internal side except for physical intrusion. This is much more secure than traditional service running inside a DMZ. Figure 4. System architecture diagram

Data security
The database has been designed to contain two categories of data: the public authentication data and the private certificate data. The public authentication data is available to the public and released to the blockchain; the private certificate data is stored in the MongoDB where it is securely protected and isolated in the intranet. *Figure 5. top level data flow diagram * Figure 5 maps out the high-level data flow diagram. It shows that the data flow is unidirectional from the internal areas to the internet. The issuing system reads the certificate from the MongoDB and broadcasts its "point" data to the blockchain. The verification service only needs access to the blockchain to check the authenticity of the certificate.

System deployment

Code structure :

├── README.md
├── pom.xml
├── app.log
└── src
    ├── main
    │   ├── java
    │   │   └──  org.bham.btcert
    │   │   		└── config
    │   │           └── controller
    │   │           └── exception
    │   │           └── filter
    │   │           └── model
    │   │           └── persistence
    │   │           └── service
    │   │           └── utils
    │   │           └── StartApplication.java
    │   └── resources
    │       └── config
    │       └── static
    │       └── templates
    │       └── application.properties
    └── test
        └── java
            └──  org.bham.btcert

Project prerequisites:
Operating system: Centos 7 x86_64
JDK: 1.8
Docker: Docker CE 17.6
Maven: Maven 3.3

Project deploy instruction:

  1. Install the running environment.
  2. Import the code from repository
  3. Switch to directory
  4. Start the project without Docker

Cd /BTCert
mvn package && java -jar target/Boot-0.0.1-SNAPSHOT.jar
nohup java -jar target/Boot-0.0.1-SNAPSHOT.jar &

  1. Start the project with Docker

mvn package docker:build
docker images
docker run image_name:tag_name

System resource

Project screenshots:

Project home page: http://www.btcert.org/
Intranet home page: https://btcert.com
Public verifying page: https://btcert.com/verify
Intranet login page: https://btcert.com/login

Futrue work

As The Telegraph reported, Bitcoin transaction fees have skyrocketed in the past, with a typical transaction costing up to £15. In the future BTCert may replace the bitcoin blockchain infrastructure by using Ethereum or Hyperledger to avoid high transaction fees.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].