Whenever a seller uploads a certificate on GeM (Government-e-marketplace) platform, there is no mechanism in place to verify whether the certificate is authentic, or, was approved by the correct laboratory.
A need is identified to make the entire ecosystem transparently verifiable so that any user can view and verify the certifications received by the product seller. Such transparency requires a robust security system so that only the authorized personnel are able to make any changes to the certificate.
A blockchain based Certificate Authentication system is proposed to be developed. Key objective of this system is:
- Automation of process of authentication of Lab from which product testing certificate has been provided by the seller
- Provision to view NABL certificate of Lab who has conducted product testing for a product
- Check the authenticity of product certificates uploaded by seller and generate its authenticity report
- Generate a trail of certificates generated by different Labs to different users
- Check authenticity of supplier
A public key cryptography (also known as Asymmetric encryption) is implemented with the Blockchain acting as the universal ledge with following process implementation.
- On registration of the actors, their account credentials (public key, private key, and other identifier parameters) created on Hyperledger Sawtooth.
- The privileges, rights, and restrictions of the actors maintained on-chain.
- The public keys of the actors generated from their provided mnemonics mapped to the distributed database.
- The certificate generated by a Testing Lab appended with identifier tags of the Testing Lab before getting sent to the User.
- The certificate data and the s3 URL encrypted using a randomly generated AES key.
- To view/share the certificate, the Consumer must ask for the User's Private Key and the AES key to decrypt the s3 URL and the certificate.
- Backend: Node.js
- Blockchain: Hyperledger Sawtooth