Last week I received an e-mail from the design firm Ideo. Last year I did a couple of online courses with them (which were great by the way). They now sent me a hyperlink to a digital certificate. Didn’t I receive their certificates already? In pdf and digitally added to my LinkedIn profile? Curious anyways, I followed the link and viewed my new certificate. The credential is blockchain secured, it says. There is a “Verify” button, clicking it delivers the result in this picture. Accredible’s website states that the credentials are stored using the Bitcoin blockchain. Sounds interesting.
Proving credentials
First, let’s step back in time 5 years. One of my best friends was leaving for Singapore in a couple of weeks. In order for her to be able to prove her academic credentials in this high tech country, she had to visit the embassy in Brussels, where a copy of her diploma was ornamented with the appropriate stamps (it was a nice road trip, but that is another story).
Back in time another 6 years when I graduated from university. I received a paper document with a rubber stamp and signature, together with the warning that this would be the only copy. Reissuance is impossible. I guess nobody kept digital records of credentials issued? So this piece of paper truly is the only proof of my Masters’ degree (better keep it safe).
What problem are we solving?
Fast forward to today. In the UK, since 2006 12 people were arrested for pretending to have a medical degree. Of course, we need secure electronic records of credentials. It should be no hassle at all to verify them when somebody applies for a job. Or for further studies with prerequisites. And even more so in times when credentials are earned in bits and pieces. An academic title is only the start. Or not even, in a lot of areas of expertise you could earn similar knowledge and skills combining online courses, books, and work experience.
Then how can you be sure about these credentials on Accredible? Looking at this webpage with my own blockchain secured a certificate from Ideo, I wonder: couldn’t any web developer build a website that displays this information? How would I know that it is actually stored on the Bitcoin blockchain?
How do blockchain secured credentials work?
So I did some research. This is how it works: the issuer digitally signs a one-way hashed credential. This is issued in a blockchain transaction to a recipient who is identified by the public key they own. This key, together with a time stamp, allows the recipient to prove ownership. Interesting enough, with Accredible it is possible to change your credential data (recipient name, e-mail, issuer name, description). Then using the verify button will return the message that the credential is blockchain secured, but some data was changed. So how can it be secured, then? Changing information will change the hash. The blockchain record itself is immutable. That will make it impossible to verify.
That said, I would still like to know how to be sure my certificate is actually blockchain secured. So I was happy to find out Accredible wrote an instruction for manual verification. Luckily I am not afraid of a few lines of code. However, it ended for me at the instruction to “Calculate the SHA256 of the stringified JSON data, for example in Ruby”. Seems there are specific credentials needed for this manual verification process. And still I have no idea where this code lives and if I am really querying the Bitcoin blockchain.
Where does this leave us?
There are several other digital credential solutions using blockchain technology, Blockcerts for example. And there could be great value in this kind of solution: it makes it unnecessary to prove credentials using a paper document. The blockchain they use is distributed and can be accessed online anytime. It is not necessary to contact the individual issuer of credentials or provide physical documents. We will trust the technology, not some paper document or stamps. However, there’s still work to be done: how will I trust the stuff between the blockchain and me, user interfaces, API’s? How can I be sure of the issuer’s identity? Do we need a worldwide trusted credential verification application and enter the third party again that we thought we were phasing out with blockchain technology? Or should we all become more code-savvy, do a manual verification and just check the Bitcoin blockchain? Exciting new world.
Joleen van der Zwan is Global Community Manager for SogetiLabs. She has a diverse background in media, retail, health care, aviation and banking industries. She provides customers with insights and advice on new technologies related to their strategy.
Joleen is experienced in innovation management, project management and business analysis.
She is always up to date with the latest developments in technology. And she knows how to apply this due to her knowledge and experience in strategy and design thinking for innovation.
We use cookies to improve your experience on our website. They help us to improve site performance, present you relevant advertising and enable you to share content in social media.
You may accept all cookies, or choose to manage them individually. You can change your settings at any time by clicking Cookie Settings available in the footer of every page.
For more information related to the cookies, please visit our cookie policy
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
_GRECAPTCHA
5 months 27 days
This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
cookielawinfo-checkbox-advertisement
1 year
Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
PHPSESSID
session
This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Cookie
Duration
Description
lang
session
This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
sp_landing
1 day
The sp_landing is set by Spotify to implement audio content from Spotify on the website and also registers information on user interaction related to the audio content.
sp_t
1 year
The sp_t cookie is set by Spotify to implement audio content from Spotify on the website and also registers information on user interaction related to the audio content.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Cookie
Duration
Description
_gat
1 minute
This cookie is installed by Google Universal Analytics to restrain request rate and thus limit the collection of data on high traffic sites.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Cookie
Duration
Description
_ga
2 years
The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid
1 day
Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT
16 years 3 months 9 days 11 hours
These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie
Duration
Description
IDE
1 year 24 days
Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
NID
6 months
NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
test_cookie
15 minutes
The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE
past
A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC
session
YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices
never
YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id
never
YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId
never
These cookies are set via embedded youtube-videos.
yt.innertube::requests
never
These cookies are set via embedded youtube-videos.