π Trust Certification System - Your Platform for Seamless Management and Issuance of Digital Certificates, Reinforced by Blockchain Technology for Ultimate Trust and Security. ππ‘οΈ
π Issuance of academic certificates or attendance certificates with Blockchain. π
TCS offers a simple system that eliminates paper traffic and complex operating procedures. Allows the creation of unique certificates, immediately verifiable and unfalsifiable for all types of academic diplomas. π
TCS uses Blockchain technology in order to provide inviolability, immutability and easy verification for all your certificates. This platform guarantees students and certificate authorities the possibility of issuing a digital and unforgeable version of their certificates and it is guaranteed that any interested third party can verify their integrity. π
A Certification Authority and a Student reach an agreement in order to issue a certificate on the platform, this certificate is generated, signed and stored using cryptographic techniques. After that, the Student can go to any other institution and share their certificate, whose veracity can be verified directly on the platform without having to contact the institution that issued it again. π
TCS uses a private IPFS swarm to quickly process and store any number of files on multiple computers simultaneously. π₯οΈπ
Also you can read more detail information about this project in this Medium article.
This repository is based on the following projects:
- Decentralized application designed to guarantee the transparency, traceability, security and truthfulness of the certificates issued by certification authorities.
- Configuration for TCS microservices platform powered by Spring Cloud Config.
The Blockchain technology is a new technology that appeared in 2008 that allows information to be recorded with guarantees of originality and security never possible before. It is based on a cryptographic system that allows the issuers to be irrefutably identified and that guarantees the immutability of the information.
The application of this technology in this context makes it possible to create a new sort of qualification that is more reliable, transparent, economical and faster. Its ability to guarantee the identity of the certification authority of the certificate represents a paradigm shift that is already beginning to revolutionize the sector.
The implementation of the blockchain network means that there are many copies of the information, all of them necessary and absolutely identical. This makes fraud impossible, and also guarantees the survival of the certificates issued by the certification authority, even though that said Institution disappears. The certificates thus issued are perennial and immutable.
Taking into account all of this, blockchain technology can hasten the end of the paper certification system. Until now, the use of digital certificates had been paralyzed due to the ease with which they could be forged. Blockchain provides organizations with a way to issue digital certificates that are unalterable and valid in perpetuity, since their authenticity can be checked against the system itself. Certificates are transferred as a token on the blockchain and are always available. These advantages over current systems significantly increase the value proposition of digital certificates, possibly leading to their widespread use.
Digital certificates cannot be altered or manipulated. They are generated and securely stored on a private blockchain network. Nothing and no one can change the information registered in the Blockchain.
They assure in the face of third parties the authenticity of the identity and the information they contained. The registered information can be verified by third parties, such as companies, selection committees, etc.
Students or third parties can confirm the authenticity of the certificates immediately, using only the mobile phone.
The student or professional is the sovereign owner of the information and decides with whom to share it. The unequivocal identification of the individual or the products is guaranteed without the possibility of the information being falsified.
- Comfortable system to share and validate certificates
- Really easy to use, students can request new certificates through a couple steps.
- Eliminate the possibility of forging certificates.
- Fast certification process.
- Cheaper process, we use our own monetary system based on ERC 20 tokens.
- It stick off as an innovative and avant-garde institution.
- Provides greater value for students.
- Preserves the prestige of the certification authority by ensuring the veracity of the certificates.
- Ability to verify candidates' qualifications through a secure, fast and free system for the verifier.
- Safer selection processes that enable economic savings derived from hiring errors.
- HashiCorp Vault: Secures, stores and tightly controls access to user wallets.
- OpenLDAP: Stores the information of the platform administration users.
- MongoDB: Storage of platform information and metadata.
- MongoDB Express: It allows us to view and manage the information stored in MongoDB, it is widely used for the purposes of validation and checking the status of the information.
- Grafana: It allows us to view real-time metrics of the performance of the platform components, collects information from the Prometheus database.
- akhq.io: It allows us to view the information stored in the Kafka topics, it is a very useful tool for the purpose of validating the messages stored in each topic.
- Kafka: Central and key element of the architecture, it offers the necessary support to implement a robust and efficient messaging flow.
- IPFS private swarm: Distributed and secure storage of digital certificates
- Private Ethereum network: Decentralized application designed to guarantee the transparency, traceability, security and truthfulness of the certificates issued by certification authorities.
- PayPal: Gateway that allows the purchase of ETH on the platform.
- Firebase Cloud Messaging: Offers a robust and easy-to-implement service for notification delivery to registered devices.
- Spring Cloud Config Server: Server-side and client-side support for externalized configuration in a distributed system.
- Spring Boot Blockchain Monitoring Service: Recording events from the blockchain network.
- Spring Eureka Discovery Service: Eureka instances can be registered and clients can discover the instances using Spring-managed beans.
- Spring Boot API Gateway: Microservice that acts as a front for the rest of the clients, offers a wide API and implements the necessary security rules to control access to certain resources.
- Spring Boot Notification Events Processor: Microservice responsible for notification delivery.
- Spring Boot Certificate Events Processor: Microservice responsible for the generation and registration of certificates.
- Spring Boot User Events Processor: Microservice responsible for user management.
- Spring Boot Course Events Processor: Microservice responsible for the management of certification courses.
Below I would like to list several important implementation details:
- For each user registered on the platform (except users with the role of checker), a wallet will be generated to be able to operate with smart contracts.
- The secrets of the wallets are stored in the HashiCorp Vault, the wallet hash must be provided in order to get the wallet credentials to be able to interact with smart contracts
- Each Certification Authority registered on the platform will be managed by a user account, which will also be able to register additional members (CA Members) so that they work on behalf of the entity and can register certification courses, validate certificate requests, etc.
- Each user registered on the platform will receive an initial income in ethers and TCS ERC20 tokens to cover the initial registration costs.
- The members of the certifying entity may register several editions for the same course with a different certificate generation cost.
- Each edition of a certification course may require that the certificate be renewed after a while, it is possible to define the cost of certificate renewal.
- For each certification course it is possible to define an attendance control policy, in such a way that users will only be able to request achievement or attendance certificates when they have reached the minimum percentage of attendance.
- Students and users members of a certification authority may acquire new ERC20 TCS tokens to carry out transactions such as certificate generation, registration of certification courses, for the purchase will be made through a PayPal gateway.
- Any request related to a certification generation request must be accepted or rejected by a user who is a member of the certification authority to which the certification course belongs. At the time of acceptance, the certification will be generated, stored on the IPFS network, and their information (file signature hash, base58 IPDS id) will be stored at certification smart contract in the blockchain. Users involved in the process will receive notifications about the status of the request.
- Platform administrator users will be authenticated against an OpenLDAP server, they will have sufficient permissions to manage certification authorities and other privileged operations.
- Each certificate contains a QR code that stores its encrypted identifier. Reading this payload will allow validation of the certificate on the platform.
- Spring Cloud Starter Config.
- Spring Cloud Starter Netflix Eureka Client.
- Spring Cloud Stream.
- Spring Cloud Starter Stream Kafka.
- Spring Boot Jasypt.
- Spring Boot Starter Actuator.
- Micrometer Prometheus registry.
- Spring Cloud Config Monitor.
- Spring Vault Core.
- Spring Ldap Core.
- Spring Boot Starter Data MongoDB.
- Spring Boot Starter Data Redis.
- Spring Boot Starter Web.
- Spring Boot Starter Security.
- Spring Boot Starter Mail.
- Spring Boot Starter Thymeleaf.
- Apache POI / PdfBox / Docx4j.
- Web3j.
- PayPal Checkout Sdk.
- Java IPFS Http Client.
The available tasks are detailed below (rake --task)
| Task | Description |
|---|---|
| tcs:check_docker_task | Check Docker and Docker Compose Task |
| tcs:cleaning_environment_task | Cleaning Evironment Task |
| tcs:deploy | Deploys Trust certification System Blockchain and launches all services and daemons needed to properly work |
| tcs:ethereum:check_network_deployment_file | Check Private Ethereum Network Deployment File |
| tcs:ethereum:start | Start Private Ethereum Network |
| tcs:ethereum:stop | Stop Private Ethereum Network |
| tcs:ethereum:undeploy | UnDeploy Private Ethereum Network |
| tcs:ipfs:check_cluster_deployment_file | Check IPFS Cluster Deployment File |
| tcs:ipfs:start | Start IPFS Cluster |
| tcs:ipfs:stop | Stop IPFS Cluster |
| tcs:ipfs:undeploy | UnDeploy IPFS Cluster |
| tcs:login | Authenticating with existing credentials |
| tcs:platform:check_deployment_file | Check Platform Deployment File |
| tcs:platform:compile | Compile Project |
| tcs:platform:init_ldap_backup | Load initial ldap backup |
| tcs:platform:package | Build Docker Images |
| tcs:platform:start | Start Platform |
| tcs:platform:stop | Stop Platform |
| tcs:platform:undeploy | UnDeploy Platform |
| tcs:start | Start Trust certification System Blockchain |
| tcs:status | Status Containers |
| tcs:stop | Stop Containers |
| tcs:undeploy | UnDeploy Trust certification System Blockchain |
To start the platform make sure you have Ruby installed, go to the root directory of the project and run the rake deploy task, this task will carry out a series of preliminary checks, discard images and volumes that are no longer necessary and also proceed to download all the images and the initialization of the containers.
In this table you can view the ports assigned to each service to access to the Web tools or something else you can use to monitoring the flow.
| Container | Port |
|---|---|
| Ethereum Lite Explorer | localhost:3001 |
| Ethereum Netstats | localhost:3000 |
| Kafka Topics UI | localhost:8088 |
| MongoDB Express | localhost:8083 |
| Swagger UI API Gateway | localhost:8080 |
| IPFS WebUI | localhost:5001/webui |
| Prometheus WebUI | localhost:8086 |
| Grafana | localhost:8085 (user admin/admin) |
As follow, I include some images that help us to understand how each part of the system works.
Using the Ethereum NetStats dashboard we can visualize the state of the nodes that make up the blockchain network, more specifically we can deduce relevant information such as: the speed of mining, the difficulty established for the generation of blocks, the level of consensus of the network
If it is necessary to obtain specific information for a mined block, we can use the Ethereum Lite Explorer tool to obtain all the relevant information related to the block.
The private blockchain network is made up of 7 nodes, 2 of these nodes are mining nodes that will be responsible for generating the blocks.
It is possible to review the logs of the nodes that make up the blockchain network, for the mining nodes you can see information about the transactions mined in the blocks.
The deployment and set-up of the contracts has been carried out through Remix IDE, using a MetaMask account it is possible to make the necessary configurations
Documents that represent the information about the events generated during the execution of the contracts will be registered in MongoDB, they will have the following format
The IPFS private swarm will consist of 4 nodes and 4 clusters
It is possible to access the web interface of the private swarm, to explore the stored files and check the configuration of the nodes that constitute it
Through the akHQ.io tool we can explore the information of the events stored in the kafka topics, it is the central pillar of the architecture, through these topics the operation of the rest of the components will be orchestrated
The Spring Eureka web dashboard allows us to know the status of the microservices that make up the platform
With the combination of Prometheus and Grafana we can explore the performance metrics of the different services and components that make up the platform
