Certificates and licences

Certificates and licences

The certification processes lack transparency and clear validation mechanisms. Blockchain-based certificates provide a solution. Read this in-depth use case study exploring the problems existing with traditional certification and how blockchain can address them.


1 | ISO certificates in numbers
2 | The standard way of certifying
3 | The non-standard side of certification
4 | Mindset and tech shift
5 | Certification on the blockchain

1 | ISO certificates in numbers

Standard-based certification of quality and processes is a huge industry. In 2018 alone, over 1,3 million ISO-based certificates were granted across the globe to certify compliance with the latest industry and management standards, generating a multi-billion revenue stream for certification bodies and standard-publishing institutions.

The mother of all standards - the ISO 9001 for Quality management systems - has taken the biggest chunk of the market share with nearly 880,000 copies. On a geographic scale, China has led the certification game and on average amassed nearly 1,300 ISO certificates per day across industries.

Certificates are a formal and trusted way of demonstrating that a product, service or system complies with preset quality, safety, and management standards, and thus add their share to facilitating the world trade. Reaching wider than the realm of individual organizations and industries, certificates and standards even contribute to various global causes, such as the UN Sustainable Development Goals.

Yet despite impressive numbers and world-wide recognition, the growth rate of issued ISO certificates has been cooling down in the last few years. This trend comes as either a direct or indirect consequence of overly complicated bureaucratic and auditing processes, a decline in value due to a number of fake certificates flooding the market, and even a lack of any serious consequences in case of certificate withdrawal.

2 | The standard way of certifying

Obviously, the ISO standards are not the sole player in the certification industry. But even other standards that come from non-ISO sources and institutions do their issuing and management in a similar way.

To obtain a certificate, an organization or a company should rely on an accredited registrar or certification body (CB), such as SGS, Bureau Veritas, TÜV Rheinland and TÜV SÜD, among others. They perform the audit of the applicant's system and determine its compliance with the standard.

For businesses, the need for certificates comes as either a voluntary investment into the brand reputation or as a contract-stipulated requirement and an obligatory prerequisite for market positioning.

Regardless of the reason, certificates were made to increase confidence and faith in the product holding it. To the company and its brand, they provide a competitive edge. And for the industry regulators, certificates make it easier to inspect and attest to the companies' compliance with health, safety, and environmental requirements.

But while their benefits may be significant, the issuing and management of certificates have struggled to keep pace with the evolution of industries, information systems, and consumer-oriented verification approach.

3 | The non-standard side of certification

Certificates have been managed by individual parties in a centralized way. Since they all relied on their own systems, the level of data protection has not been universal, and control over issuers has not been able to follow up. This brought about several challenges for both companies and certification bodies.

1. Centralized fragmentation and lack of uniformity

The issuing of certificates relies on accredited third-party CBs which execute certification processes based on different regional, systemic, and administrative terms. Issuers and holders of certificates store and publish their digital records on sites that normally run on central servers.

A central point of management/storage also means a central point (i. e., easier way) of unauthorized third-party access to record entries, even intentional mismanagement, and tampering of document validity and contents.

At the same time, hundreds of these central points inevitably mean industry fragmentation. This far-from-standardized way of accessing and managing certificates across industries and regions has hindered the optimization of processes and approach to consumers.

If the world of norms was to connect and build common ground, it should leverage a universal and plug-and-play system of cross-industry access and verification of certificate-related data.

2. Data forgeries and fakes

A certain number of digitally issued certificates have indeed found their way onto websites of companies, of standard-publishing organizations or into digital records of certifying bodies. Stamps, signatures and active validity periods all add to the authenticity and trustworthiness of an online-published certificate. However, these lack a hack-proof validity check that would serve as an undeniable testimony to the genuineness of presented contents.

To verify the authenticity of a perfectly good looking certificate it takes more than just a click. First, you'd have to check the IAF record for accreditation bodies grouped by regions, for example, the ANSI-ASQ National Accreditation Board (ANAB) listed under the USA section. Then, you'd continue your search on the chosen accreditor's website and browse the list of accredited certifiers looking for the issuer stated on the certificate. If you fail to find the accreditation or certification body on the provided lists, it could only mean two things: either your search skills need improvement or the certificate you're checking is as fake as a three dollar bill.

To tackle this issue, certificate-managing authorities should find a way to provide the latest, complete and verifiably accurate information about the contents and validity of certificates. A one-stop platform and tamper-proof data records could make the verification process a minute and a reliable task.

3. Cert mills and print shops

For a certificate to be accepted as truly valid, a certification body that issues it should perform thorough audit procedures, should be accredited under the control of the appropriate schemes, e. g. the IAF, and normally follow the ISO/IEC 17021 accreditation guidelines.

Their rivals for market share - unaccredited or self-accredited certification bodies, also known as certificate mills - don't shy away from the public, though. These can be either consultant firms or auditors who issue certificates based on a quite superficial or no audit at all, without proper authorization for their services.

And companies who lack interest in actually implementing the standards yet still want a legit-looking, framed document on their wall/website, can even choose from an array of online fake cert providers or simply print shops that print any certificate to their liking.

Do you need to acquire an ISO Standardization Certification for your business? Don't bother contacting the…www.diplomaoutlet.com

So, while accreditation institutions normally provide lists of officially accredited certification bodies, such records appear individually and on different addresses/sites. This makes it harder to check every provider before assuring they are a legit auditor or certifier. A universal platform for authenticating both certification providers as well as their products (certificates) could make the control process faster and more reliable.

4. Weak traceability and transparency

The current certification system that issues certificates in both paper and digital form does instill some level of trust. Yet with fake certificates and unaccredited registrars that are always ahead of control, the tracking of the source of certificates is only available to a certain extent.

Also, even though a company is certified by an officially accredited certification body, it does not make it safe from bad practices or scandal-proof. But so long as the violators don't seem to face direct financial consequences of losing a certificate, it's harder to implement stricter control and sanctions for accountable subjects.

In such cases and other instances of breach of standard-based provisions, a clear and reliable tracking and identification method of certificates and their issuers could uncover some crucial answers. This would allow for easier - and more impactful - withdrawal of certificates, and potentially increase their long-term value for standard-abiding companies.

In order to provide and enhance a closed-loop of information, the ability to trace all the partakers in a certification process is essential for backing the transparency of a company and its operations.

4 | Mindset and tech shift

Clearly, the current way of managing certificates comes with flaws. These could manifest in all sorts of ways detrimental to businesses, employees, and customers.

As centralized businesses and approaches are becoming aware of the leaks and cracks in the present system, decentralized solutions along with the blockchain tech keep popping up in strategic conversations more and more frequently.

What is blockchain?

Blockchain, or a chain of data blocks, is a specific data-recording structure that operates in a decentralized way. Each block contains a data record and a hash of the previous block, and new data can only be inscribed on a new block appended to the chain. This means all the blocks before it are hashed and cannot accept any alterations, edits, or changes without these being detected.

What are the main benefits of blockchain?

  1. Decentralized/distributed database: The decentralized network of participants allows every one of them to access the entire database and transaction history. No third-party or centralized party permission is needed to verify all the entries.

  2. Peer-to-peer interaction: Every transaction can be done with only two nodes participating, without the need for an intermediary/middle man that would provide trust between the two.

  3. Irreversibility of data records: Executed and recorded transactions cannot be retroactively altered, thanks to the progressive block-appending structure of the blockchain.

  4. Transparency combined with pseudonymity: While all transactions are visible to all participants in the network, users can cover their identity and sensitive data linked to their addresses.

  5. Computational logic: To prevent man-made errors, transactions can be designed to follow algorithms and execute automatically.

What about other blockchain-based mechanisms?

The blockchain tech in itself provides immense opportunities for businesses and their safe data transmission. But when combined with other advanced mechanisms, it serves as a go-to tech package to redefine the existing business and operation practices.

  • ERC-721 non-fungible tokens: Tokens that represent unique data records on the (Ethereum) blockchain are called non-fungible since they cannot be replaced by no other token. As such, they serve as a 100% unique imprint of any unique asset, be it digital or tangible. They are perfect for storing data about unique documents such as certificates.

  • Xcert: Xcert is an enhanced, certified and contextualized ERC-721-based non-fungible token with extra functionalities, namely interoperability and asset imprint.

  • Asset ledger: A ledger works like a folder containing the assets of a specific issuer and related owners. Depending on its configuration, only authorized accounts are allowed to handle the ledger, create and manage its assets.

  • Atomic operations: This type of operations allows for only two possible outcomes, a) successful completion of a transaction or b) error in the process and return to the initial point. Atomic - or indivisible - operations prevent unauthorized access and interruption of asset creation which reduces the possibility of tampering, hacks, and frauds.

  • Orders in bundles: Instead of issuing and managing one blockchain-based asset (certificate) at a time, orders in bundles allow for the management of several files simultaneously. While the accomplished outcome is the same for all assets, the certification process is done in a much shorter time and at a lower cost.

  • 0xcert Framework: The open-source Framework for building decentralized applications (dapps) encompasses all the above mechanisms to provide a go-to source for decentralized management of unique assets. It's built to support dapp creation on either Ethereum or Wanchain blockchain.

  • 0xcert API: The API is the first fully decentralised API. It is built on top of the open-source infrastructure and wraps 0xcert functionalities in a common API interface.

5 | Certification on the blockchain

For unique assets such as certificates that by definition hold valuable data, blockchain-based management proves to be the most appropriate choice. The technology provides mechanisms to increase data control, reliability, and general access to public data.

But despite the benefits it brings, the implementation of a technology that is as niche, as advanced, and as complex as blockchain, does not come easy. This leaves businesses - especially the ones that lack solid in-house IT brains - without a clear plan for the next steps.

To encourage the adoption of the blockchain tech, the path reaching it should be cut short, yet still focused on the destination and benefits for the business. The blockchain tech should be implemented in everyday operations and processes seamlessly, without the need for hiring new manpower or spending tons on the development budget.

0xcert API is the key when it comes to adoption. The API is a fully decentralised web service built on top of the existing 0xcert open-source infrastructure, which wraps 0xcert functionalities in a common API interface.

Certificates as unique tokens on the blockchain

Each certificate is a one-of-a-kind document that normally contains:

  • a unique registration/certification number
  • name of the company/recipient of a certificate
  • name/number of the standard the company/department complies with
  • (name of a specific segment/process to which the certificate is granted)
  • name and stamp of certification body issuing the certificate or accreditation body
  • certificate validity period
  • place and date of issue.

With the 0xcert API, certificates can be issued as unique blockchain-based tokens. What makes them non-fungible is their unique content (metadata) and hash that is sealed as a data block on the blockchain. To increase the value and features of such unique tokens, 0xcert provides tokenization of certificates in the form of Xcerts, which are enhanced ERC-721 non-fungible tokens.

Such non-fungible tokens stand the test of time, as they are ever-verifiable, tamper-proof, immutable and interoperable imprints of unique data.

Blockchain-based certification

The blockchain tech that supports unique imprints of tokenized certificates, allows for clear traceability and clear provenance verification of assets.

What's more, blockchain-based certification goes beyond the stamps and signatures of paper-based certificates. It provides a clear unbiased verification of existence, authenticity, and ownership of digital assets at any time and any place.

The chain dependency from new blocks to older blocks makes it impossible to alter (or tamper) issued certificates without detection. However, the issuer or certification provider is still able to make updates in the form of a new data block.

Also, due to the decentralized nature, the 0xcert API does not have the authority to decide on the legitimacy of a certificate. Rather, it simply provides a record of the issued assets and their issuers. A user or holder of the certified asset can check a certificate and match the identity of the issuer with the accredited provider.

It's true that this approach cannot prevent non-accredited certifiers from joining the blockchain-based certification game. However, the provenance of doubtful or suspicious documents can be easily traced back and matched with the issuer and checked for their status and references within the industry.

The common ground across sectors for new business models

By combining all the relevant blockchain-based features, the 0xcert API can easily serves as a uniform reference point for all actors in the certification industry.

Certification bodies, auditors, businesses and organizations from all sectors, as well as their clients and customers can validate their certificates at a single, yet decentrally accessible spot.

0xcert allows all partakers to easily find and trade blockchain-based certificates enhanced with stronger data protection and higher value for the business. Apart from reducing the time and cost related to certificate issuing and validation, blockchain-based certificates are able to enhance reputation, create new revenue streams and open up business opportunities that go beyond the established practices.