Ethereum-Blockchain-Based

Technology of Decentralized
Smart Contract Certificate System
Rui Xie, Yuhui Wang, Mingzhou Tan, Wei Zhu, Zhongjie Yang, Jiaji Wu, and Gwanggil Jeon

Abstract
Traditional paper certificates and electronic certificates have difficulties in preservation and management, not to mention other
problems concerning inconvenient verification, poor reliability, anti-counterfeiting and anti-tampering. This paper proposes a scheme
designed to build a decentralized certificate system that is based on blockchain technology and smart contract, in which a set of
blockchain certificate system aiming at providing blockchain certificate services for college students’ innovation and entrepreneur-
ship competition is developed. In this system, certain functions of the certificate about management, issuing, verification and revoca-
tion are realized via smart contract. Signer information, certificate template and certificate information are stored in a smart contract
that adopts structured data, thereby realizing more convenient callings in querying and validating certificate.

Introduction This article proposes a decentralized system based on block-

Certificates in earlier eras were paper made, they needed to be
designed and produced by issuing agencies within the issuing
process, at a time certificate holders’ personal information was
needed to finish issuing. After the holders obtained their certif-
icates, which had to be stored on their own, these certificates
needed to be shown when necessary. Paper certificates are so
inconvenient that due limitations owed emergence to difficul-
ties in preservation, verification, and in anti-counterfeiting.
As the IT industry develops, certificates change from printed
to electronic. Electronic certificates enable electronic equip-
ment storing, thereby providing corresponding applications and
interfaces to facilitate previously required issuance, query and
verification, which greatly reduces inconvenience in certificate
use, as well as the cost of issuance, management and preser-
vation.
However, since electronic certificates are issued by certif-
icate agencies independently, the following factors must be
taken account into. First, certificate verification is realized by
the agencies that store certificate information within their data-
base providing applications and interfaces, under which may be
attacked and/or tampered by hackers, thereby voiding certifi-
cates [1, 2]. Second, the data stored in the agencies’ database
would have voided and lose its accessibility if the agencies
disappear for certain reasons. Third, more difficulties will occur
when applications or interfaces are hard to be verified that
whether the verification tool is provided by the agencies [3].
Fourth, it is inconvenient and inefficient to verify certificates,
because few verification tools provided are shared by various
agencies, among which end users have to shift from one tool
to another.
On January 3, 2009, the bitcoin network [4] was born,
simultaneously generating a new technology called blockchain.
The very fundamentals of blockchain are new models of combi-
nation of applications, in which distributed data storage, point-
to-point transmission, consensus mechanism, and cryptographic
algorithm are embodied. Meanwhile, blockchain properties
of decentralization, anti-tampering and traceability are char-
acterized by the above technologies. Based on decentralized
blockchain [6, 7], Ethereum [5] was proposed to realize pro-
grammable smart contracts at the end of 2013, which makes
possible building a easy-verifying, anti-tampering, anti-counter-
feiting and decentralized certificate system.
Digital Object Identifier: 10.1109/IOTM.0001.1900094
chain technology, which makes possible certificate sharing
while enabling thorough trust among certificate receiver, cor-
responding issuing authority and end users who will verify the
certificate validation by adopting smart contract without any
other systems.
Related Works
Based on the bitcoin network, the MIT Media Lab Learning
Initiative, together with Learning Machine, proposed the Block-
Cert research project [8]. The project performed hash opera-
tion on the certificate data that accords with the Open Badges
[22] format, which is provided by the issuing agencies. Then, by
initiating the transaction, the Hash value computed based on
certificate data is stored in a bitcoin transaction data together
with a simple bitcoin script which is used for checking. Verifica-
tion re-performed Hash operation on the certificate information
provided, and the calculated value, through bitcoin script, was
compared with the value that is stored in bitcoin transaction,
thereby verifying the authenticity of the certificate.
In 2018, the project LLP (Blockchain for Education: Lifelong
Learning Passport) [9] was proposed by Gräther, Wolfgang
and some others, in which IPFS [23] was introduced as the per-
sistent storage of the certificate receiver’s information, thereby
adopting a centralized document management system to store
all the certificate information, as well as using smart contract to
record and verify the authenticity of the certificate.
Moreover, Clemens and Brunner proposed a project named
SPROOF (a platform for issuing and verifying documents in a
public blockchain) [10], using HD Wallet to enable better opti-
mized key security, store certificate information in DHT (Distrib-
uted Hash Table) [11], and user privacy protection.
Problems
There are three roles in certificate systems:
1. Roles of designing, issuing and managing certificates.
2. Roles of certificate acquisition and acceptance.
3. Roles in need of verifying certificates, which can be further
categorized into four types, thus requiring different functions
of the system.
The first type are the roles of designing, issuing and managing
certificates who is responsible for the designing of certificates
according to the real situation in granting certificates. The sec-
ond type is the administrative role. Unauthorized certificate
issuing will cause chaos in the real world, in which distinguish-
ing issuers becomes impossible. On the contrary, the admin-

44 2576-3180/20/$25.00 © 2020 IEEE IEEE Internet of Things Magazine • June 2020

Authorized licensed use limited to: University of Glasgow. Downloaded on June 30,2020 at 07:32:12 UTC from IEEE Xplore. Restrictions apply.
 Field Description
id Uuid of agency
name Name of agency
pubkey Ethereum address of agency
authaddress Ethereum address of who authorize this agency
sign Signature
Table 1. Data fields for certification authority.
Field Description
id Uuid of certifier
name Name of certifier
pubkey Public key of certifier
agencyid Id of agency which this certifier works for
state State of certifier, valid or invalid
sign Signature
Table 2. Data fields for certificate issuer.
istrative role contributes to coordinating works that by whom
or by which organizations these certificates are designed and
issued, thereby tracking system status and eliminating chaos.
The third type is the role of certificate acquisition and accep-
tance. Certificate issuance needs to be delivered to a designat-
ed person, organization or institution. A certificate is meaningful
only when it is been acquired and accepted. The fourth role
type is certificate verifier. The certificate is regarded as an inter-
medium proving to people that the receiver has accomplished
something or has met certain qualifications. After being issued,
certificates need to be seen, recognized, and/or to be proven,
in which the role of certificate verifier is performed and real-
ized. To fulfill different various requirements, certificate systems
demand feasible and authentic administration, providing com-
plete information while preventing certificates from being coun-
terfeited and tampered, thus realizing convenience within its
issuing, verifying and managing process. Moreover, the system’s
adequate independence and reliability owe its priority above
other critical factors.
BlockCert solves certificate issuing and verifying problems
via blockchain, whereas LLP solves certificate issuing, verifying
and data storing problems by introducing a centralized docu-
ment management system and DHT storage matching smart
contract. By implementing cryptographic algorithms, the bitcoin
network and DHT storages, SPROOF solves certificate issuing,
verifying and data storing problems. While the above methods
partly meet the certificate system’s requirement, despite solv-
ing certificate counterfeiting and tampering problems to some
extent, there exists no effective method that solves all potential
difficulties and problems in certificate systems.
To meet the requirements in both certificate systems and in
reality, this article proposes a decentralized certificate system
based on blockchain technology and smart contract, providing
a novel perspective for issuing, verifying and managing certifi-
cates, which makes possible blockchain digital certificates shar-
ing while enabling thorough trust between certificate receiver
and corresponding issuing authority.
Overview in System Designing
This system adopts smart contract to realize authority manage-
ment, certificate issuing, certificate verification and certificate
revocation. Authority management is structured as a three-lev-
el adjustable mode, in which the contract deployer decides
whether to adopt three-level or non-three-level authority mode
IEEE Internet of Things Magazine • June 2020
Authorized licensed use limited to: University of Glasgow. Downloaded on June 30,2020 at 07:32:12 UTC from IEEE Xplore. Restrictions apply.
when deploying. This mode divides the participants of certifi-
cate authority into system managers, certificate issuing agen-
cies and certificate issuers, in which the managers deal with
the authority of certificate issuing agencies, while the agencies
handle the authority of the corresponding issuers. Yet, the non-
three-level mode classifies the participants of certificate author-
ity into certificate issuing agencies and certificate issuers, in this
mode, certificate issuing agencies can directly issue certificates
based on their own demands without requiring the system man-
agers’ administration, while certificate issuers’ authority need to
be managed under scrutiny by certificate issuing agencies.
Certificate data is stored in independent smart contracts,
through which the relevant data is accessed when it is issued,
verified, and revoked. Any access to the data will be checked
by authorities; only users with corresponding permissions can
access the data by calling the certificate management contract,
and the smart contracts storing the data can only be operated
by the certificate management contract.
The whole system does not rely on any third-party system
other than blockchain smart contract. The system provides cer-
tificate export for external data interface. The format of export
data is compatible with version 2.0 of the Open Badges proto-
col mentioned in the BlockCert project with due modifications,
improving system convenience, designing optional graphical
tools, as well as facilitating user friendliness.
By adopting the smart contract language called Solidity, the
system is developed on the version of Ethereum permissioned
blockchain, which shows no difference against direct implemen-
tation on the Ethereum.
Smart Contract Based Certificate Data Model
According to the characteristics of blockchain storage, we pro-
pose a protocol that conforms to the blockchain smart con-
tract storage, a temporary calling named Open Certificates, of
which is used to standardize the certificate information, thereby
facilitating data compatibility between different systems. In the
protocol, only the key information of the certificate is kept,
and the certificate data is categorized into issuing agencies
data, issuer data, certificate template data, receiver data and
certificate data. The public key is to map the 32-byte private
key to 65 bytes by adopting the elliptic curve ecdsa-secp256k1
[14, 15] algorithm, while ultimately determining the relationship
between public key and private key through the cryptography
algorithm. Hence, all the data in this system are scrutinized by
the public key contained in the data for signature verifications,
thereby examining whether the certificate data is modified [16].
The certification authority data shown in Table 1 is applied
by the certification authority in the three-level authority mode
and is accordingly added to the blockchain by the system man-
ager. The data contains information concerning the issuing
authority, the key pair applied by the authority, and the key pair
used by the system manager who added the authority’s infor-
mation; the data signature is also stored in the corresponding
data simultaneously. In non-three-level mode, the certificate
issuing authority can submit the data to the blockchain on its
own.
Certificate issuer data is supervised by the certificate issuing
authorities. According to its own operation demands, the certifi-
cate issuer adds and manages the certificate issuer, in which the
data includes the issuer information, issuer public key, and the
issuing authority that adds the data and the signature of issuer
status and data. Table 2 shows the data of a certificate issuer.
In practice, countless certificate copies of the same kind
are given to different certificate receivers. For example, within
this year, 120 college students from the School of Computer
Science and Technology in a university will receive their degree
certificates issued by the university upon graduation, among
which the information merely differ in various individual names.
At the same time, certain certificate receivers accept various
certificates. For example, as a record breaker of Guinness
45
 Field Description
id Uuid of certificate template
name Name of certificate
narrative Detail information and criteria of certificate
certified Id of certifier
sign Signature
Table 3. Data fields for certificate template.
Field Description
id Uuid of the certificate receiver
recipient Name of receiver
identity Hash value of the identity of receiver
certified Id of certifier
sign Signature
Table 4. Data fields for certificate receiver.
Field Description
templateid Id of certificate template
recipientid id of receiver
issueon Issue date of certificate
expiredate Expire date of certificate (optional)
certifierid Id of certifier
sign Signature
Table 5. Data fields for certificate.
record, Ashrita Furman has broken more than 600 official Guin-
ness World Records, keeping 226 Guinness World Records
until now, which means he owns more than 600 certificates
that share the same receiver information whereas the certifi-
cates’ information differs. Therefore, we divide and further cat-
egorize the certificate information into three types, certificate
template information, certificate receiver information and certif-
icate information. In a certificate, the certificate template infor-
mation records all the general information other than receiver
information. The certificate receiver information focuses on the
personal data of the certificate receiver. The certificate infor-
mation records the issuing date and the certificate issuer, asso-
ciating the adopted template with recipient information. When
multiple copies of the certificate need to be issued in this way,
only the relational data between the template and the recipient
is added, which greatly improves the efficiency in data storage
and in processing. In Table 3, the template data that matches
the paper certificate information is designed and filled by the
issuer, which contains the template name, certificate details,
the issuer who generated the template, and the signature of the
template data.
In practice, countless certificate copies of the same kind
are given to different certificate receivers. For example, within
this year, 120 college students from the School of Comput-
er Science and Technology in a university will receive their
degree certificates issued by the university upon graduation,
among which the information merely differs in various indi-
vidual names. At the same time, certain certificate receivers
accept various certificates. For example, as a record breaker
of Guinness record, Ashrita Furman has broken more than 600
official Guinness World Records, keeping 226 Guinness World
Records until now, which means he owns more than 600 cer-
tificates that share the same receiver information whereas the
46
Authorized licensed use limited to: University of Glasgow. Downloaded on June 30,2020 at 07:32:12 UTC from IEEE Xplore. Restrictions apply.
certificates’ information differs. Therefore, we divide and further
categorize the certificate information into three types, certifi-
cate template information, certificate receiver information and
certificate information.
In a certificate, the certificate template information records
all the general information other than receiver information. The
certificate receiver information focuses on the personal data of
the certificate receiver. The certificate information records the
issuing date and the certificate issuer, associating the adopted
template with recipient information. When multiple copies of a
certificate need to be issued in this way, only the relational data
between the template and the recipient is added, which greatly
improves the efficiency in data storage and in processing. In
Table 3, the template data that matches the paper certificate
information is designed and filled by the issuer, which contains
the template name, certificate details, the issuer who generated
the template, and the signature of the template data.
The receiver information displayed on the paper certificate is
public. In this system, the corresponding information is designed
as independent data, in which only the receiver names and user
identities are preserved. It only needs to retain the recipient’s
name and user’s identities. The user identity performs the Hash
value by calculating the receivers’ identity information, there-
by ensuring the irreversibility of Hash query. Only when the
certificate receiver provides the identity information can hash
comparison be performed, thus enabling the protection for user
privacy [17, 18]. In Table 4, the certificate receiver data is filled
in by the issuing authority and can only be added instead of
being modified. The receiver data contains the name, the Hash
value calculated from the identity information, the issuer infor-
mation and the data signature.
In Table 5, certificate data is generated by the issuer with
regard to certain factors concerning template, receiver infor-
mation and issuing time, which is embodied with template ID,
receiver ID, issuing date, optional expiration date, issuer infor-
mation and data signature.
The public and private key pair of the user is generated
throughout the cryptographic algorithm, which enjoys a unique
correspondence relation and is adopted in the smart contract
to confirm the user’s identity and authority. By checking the
recorded certificate content and the public key used for signa-
ture, we can scrutinize whether the certificate data is fabricated
or tampered [19, 20].
In this system, all the data is stored in smart contracts and
can only be accessed through the data management contract
named CertManage Contract. The caller’s permissions are
checked against their address to guarantee that only the issuing
authority adds a new issuer within its agency, thereby further
ensuring that only authorized issuers add templates, issue and
revoke certificates within their agency.
The issuing authority data is stored in the CertAgency Con-
tract, the issuer data is stored in the Certifier Contract, the tem-
plate data is stored in CertTemplate Contract, the receiver data
is stored in the Receiver Contract, and the certificate informa-
tion is stored in the Certificates Contract.
Authority Management for Three-Level Sysytem
In the three-level system authority management, the system
manager, the certificate issuing agency and the issuer have
different authorities and access methods. The manager can
be selected by forming an alliance committee or by the smart
contract deployer. In the process of adding a certificate issuing
agency, the certificate issuing agency first provides the system
manager with the agency information and the public key it
uses, then the system manager reviews and verifies the authen-
ticity and qualification of the certificate issuing agency applying
for registration. After the approval, the certificate issuing agency
can implement routine operations within the system.
The information of the certificate issuing agency and the
public key it uses are stored in the CertAgency Contract. Add-
IEEE Internet of Things Magazine • June 2020
 Subsequent management operations of the certificate issuer
Ce r t if ica t e
Ag e n cy
Ad m in is t r a t or / c) Ch e ck on the certificate will undergo throughout the permission check
Com m it t e e
by CertManage Contract.
P e r m is s io n

a ) A p p ly b ) S u b m it
Da t a
d ) W r it e After being authorized successfully, the certificate issuer
Ce r t Ma n a g e Ce r t Ag e n cy
can add or revoke certificates, and the relevant operations will
Con t r a ct Con t r a ct
be checked by CertManage Contract, in which any certificates
B lock cha in cannot be operated without permission.

Figure 1. The workflow of adding agency through smart contract. the realIZatIon of
certIfIcate management vIa smart contract
The certificate issuer calls CertManage Contract, adding a tem-
Cer t if ica t e plate in CertTemplate Contract. When issuing a certificate, the
A g ency b ) Ch e ck
Ce r t Ag e n cy
issuer chooses the suitable template, fills in the receiver infor-
c) Ch e ck Con t r a ct
P e r m is s io n
P e r m is s io n mation, and signs the information. After signing, CertManage
a) Ad d Ce r t i f i e r Contract will write the relevant data into the Certifier Contract.
I s s uer Con t r a ct
If the receiver does not exist, its information will be added into
Ce r t Ma n a g e
Con t r a ct
d ) W r it e
the Receiver Contract.
The specific procedure of certificate issuance is shown in
B lochcha in Fig. 3:
• Certificate issuer gathers receiver information.
• Submit information of the certificate being issued by calling
Figure 2. The workflow of adding issuer through smart contract. CertManage Contract.
• Check permission through CertManage Contract.
ing data can only be operated by the system manager through • Call the Certifier Contract to check the issuing authority.
the CertManage Contract. The process of adding its authority is • Call the CertAgency Contract to check the current issuing
shown in Fig. 1: authority.
• The certificate issuing agency submits its application to the • Call the CertTemplate Contract.
system administrator or certificate alliance committee. • Call the Receiver Contract to check receiver.
• The system administrator or the certificate alliance committee • Write the certificate information into Certifier Contract after
calls CertManage Contract to submit both the certificate passing all checks.
agency’s public key and its information. • Give feedback of the certificate issuing result to the issuer.
• CertManage Contract checks whether the caller’s permission • The issuer informs the receiver of the issued certificate infor-
conforms to the management permission. mation.
• After the check is passed, the issuing agency data is written The certificate receiver obtains from the issuer its own certifi-
into CertAgency Contract. cate which includes number, hash value, name, issuing date and
Under the non-three-level authority mode, the certificate receiver information.
issuing agency can register itself as the issuer in the contract The certificate receiver provides the certificate information
by calling CertManage contract without the system manager’s to the person or institution who needs to verify the certificate
permission. if necessary. By calling the smart contract or adopting the tools
After being authorized successfully, the certificate issuing provided, the certificate verifier performs its verification.
agency can use its private key to call CertManage Contract to Figure 4 shows the smart contract algorithm in verifying
register its own staff’s information and its public key information certificate information, which can be divided into seven steps:
into Certifier Contract, making its staff become the certificate • Call the smart contract, retrieve data of the entered Certifi-
issuer by setting its authority. cate to check whether the certificate is in the blockchain; if
The procedure of adding a certificate issuer to the smart so, proceed to next verification.
contract is shown in Fig. 2: • If the certificate can be found in the blockchain, the certif-
• Submit certificate issuer data. icate information is checked by the smart contract. If the
• Check the corresponding calling permission. calculated signature is consistent with the existing signature,
• Check the caller’s authority via CertAgency Contract. proceed to next verification.
• Write the issuer data into Certifier Contract after the permis- • If the certificate signature checking is passed, the public key
sion check is passed. corresponding to the signature, the public key used by the

d ) Ch e ck e ) Ch e ck
Receiv er I s s u er P e r m is s io n P e r m is s io n
a ) S u b m it
Ce r t if ie r
Co n t r a ct

f ) Fe t ch
b ) S ig n in g r e q u e s t T e m p la t e Ce r t T e m p la t e Ce r t A g e n cy
Co n t r a ct Co n t r a ct
i) Re t r u n r e s u lt
g ) P r o ce s s
Ce r t Ma n a g e c) Ch e ck Re ce iv e r
Co n t r a ct P e r m is s io n
j) No t if y Ce r t
Ce r t if ica t e s Re ce iv e r
Co n t r a ct Co n t r a ct
h ) W r it e

B lock cha in

Figure 3. The workflow of issuing certificate through smart contract.

IEEE Internet of Things Magazine • June 2020 47

Authorized licensed use limited to: University of Glasgow. Downloaded on June 30,2020 at 07:32:12 UTC from IEEE Xplore. Restrictions apply.
 PROCEDURE VERIFY(certificatehash)
certificate <- Get from Certificate Contract according to certificatehash f ) Ma r k a s r e v o k e d
Ce r t if ica t e
IF certificate NOT EXIST THEN Ag e n cy
RETURN FALSE b ) Ch e ck
P e r m is s io n
Ce r t i f i e r
Con t r a ct
c) Ch e ck
template <- Get from CertTemplate Contract according to certificate.certid a ) Re v o k e
P e r m is s io n
g ) Ma r k a s r e v o k e d
IF template NOT EXIST THEN Ce r t if ica t e
d ) Ch e ck
RETURN FALSE Issuer Ce r t Ma n a g e
Con t r a ct
P e r m is s io n

recipient <- Get from Receiver Contract according to certificate.recipientid

IF recipient NOT EXIST THEN e ) S e a r ch Ce r t Ag e n cy
Con t r a ct
RETURN FALSE Ce r t if ica t e
Ce r t i f i ca t e s
issuer <- Get from Certifier Contract according to certificate.issuerid Con t r a ct

IF issuer NOT EXIST THEN

RETURN FALSE B lock cha in
agency <- Get from CertAgency Contract according to issuer.agencyid
Figure 5. The workflow of revoking certificate through smart
IF agency NOT EXIST THEN
contract.
RETURN FALSE
IF TRUE != check_signature(recipient.recipient, recipient.identity, recipient.sign,
issuer.pubkey) THEN
RETURN FALSE
Et hereum C h e ck
IF template.issuerid != issuer.uuid OR TRUE != check_signature(template.name, web 3 SDK P e r m is s io n
G U I To o l I n t e r a ct
template.narrative, template.sign, issuer.pubkey) THEN
C e r t M a na g e
RETURN FALSE C ont r a ct

IF TRUE != check_signature(certificate.certid, certificate.recipientid, Verify

Verify

certificate.issueon, certificate.expiredate, certificate.sign, issuer.pubkey) THEN Et hereum

RETURN FALSE
IF certificate.id IN issuer.revokelist or certificate.id IN agency.revokelist THEN
RETURN FALSE
authorityaddress <- Authority address is set by the contract deployer
authoritypubkey <- Authority public key is set by the contract deployer
IF agency.authaddress != authorityaddress OR TRUE != check_signature(agency.name,
agency.address, agency.sign, authoritypubkey) THEN
RETURN FALSE
IF issuer.state == FALSE or TRUE != check_signature(issuer.name, issuer.address,
issuer.agencyid, issuer.sign, agency.pubkey) THEN
RETURN FALSE
nowdate <- Get the timestamp from transaction
IF issuer.expiredate < nowdate THEN
RETURN FALSE
return TRUE
Figure 4. Algorithm to verify certificate in smart contract.
template and the public key pair publicized by the issuer are
checked; if they are all valid, proceed to next verification.
• Match the corresponding certificate issuer with the public
key, check whether the issuer revokes the certificate; if not,
proceed to next verification.
• Check whether the certificate issuer has been removed; if
not, proceed to next verification.
• Check if the current certificate expires using the expiry date
in the certificate; if not, proceed to next verification.
• Accomplish certificate verification and return the validation
result to the smart contract caller.
Once the certificate needs to be revoked due to certain
problems, the certificate can only be revoked by the issuer or
agency that issues the certificate. Records of certificate revo-
cation will be kept in the issuer’s or issuing authority’s certif-
icate revocation list [21]. Expired status validation has been
performed during the certificate validation process, which is not
included in the scope of revocation.
The certificate revocation process is shown in Fig. 5:
• Call CertManage Contract, submit certificate hash value.
• Check caller permission.
• Check whether the caller has issuer permission.
• Check whether the caller has issuing agency permission.
• Retrieve data of the certificate to be revoked.
• Write the certificate revocation record into the Certifier Con-
tract after passing the check.
• Write the certificate revocation record into the CertAgency
Contract.
B lo c k c ha in
web 3 SDK
W e b To o l
Figure 6. Demonstration of GUI tools.
cases In PractIce
Based on the above implementations, we develop a block-
chain certificate system on the Ethereum permissioned block-
chain, thereby providing the blockchain certificate service for
college students’ innovation and entrepreneurship compe-
tition. The system’s function includes the authority manage-
ment of the certificate issuing agency and issuer, as well as
the function of certificate issuing, verification and revocation.
Although users can directly access the smart contract to per-
form all system operations, certain graphical interface tools
are accordingly developed to provide better user-friendliness,
as is shown in Fig. 6. The Ethereum web3.js is built within the
tools, thereby realizing convenient certificate quick query,
verification and social sharing. Meanwhile, the developed
small tools facilitate the process for calling smart contract that
performs permission and certificate batch management, as
shown in Fig. 7.
In this practice, the system provides interface-friendly design,
facilitating compatibility with other tools or systems. The data
obtained by calling the smart contract is expressed in JSON
format, which merely demands format changing to be easily
compatible with the other protocols.
dIscussIon
We introduce two modes in this system designing, i.e., three-lev-
el authority management and non-three-level authority manage-
ment, which can be respectively applied in the situation where
the authority management of the issuing agency is required,
and where the corresponding management is not required. In
practical application, smart contract is fully used to store and to
manage certificates without relying on any third-party system,
which is completely decentralized and enjoys good reliability.
The information of the certificate receiver is not fully preserved,
thereby eliminating information leakage of users’ privacy on the
premise of guaranteeing the integrity of certificate information.
The protocol in this system is flexible, independent of certificate
control, of which moderate modification helps achieve general-
ized document storage.
Compared with BlockCert, LLP and SPROOF, the system
enjoys the following advantages, as shown in Table 6:

48 IEEE Internet of Things Magazine • June 2020

Authorized licensed use limited to: University of Glasgow. Downloaded on June 30,2020 at 07:32:12 UTC from IEEE Xplore. Restrictions apply.
 BlockCert LLP SPROOF This System

Smart contract No Partial No Yes

Permission
No Yes No Yes
management

Independency No No No Yes

Storage Third party Third party Third party Self-contained

Privacy protection Yes Yes Yes Yes

Full certificate
No No No Yes
information

Decentralization No No Yes Yes

Transparency Yes Yes Yes Yes

Completeness No No Yes Yes

Table 6. Distinctive features of Blockchain certificate system.

Our next step is to extend the smart contract to adopt new

Figure 7. Display of certificate information.
• Complete information. The system provides complete cer-
tificate information, preventing meaningless Hash values,
whereas not requiring the certificate issuer to provide a sys-
tem for user verification.
• Authority separation. The system introduces the three-level
authority mechanism of the manager, the issuing agency
and the issuer. By revealing the public key information and
other information of the manager, the issuing agency and the
issuer, the verifier can distinguish different issuers and issuing
agencies.
• High reliability. The system only adopts smart contract to
solve the certificate system problems, neither does it rely on
any third-party tools and systems, nor will it cause any prob-
lems concerning verification cheating. As long as the block-
chain network is running, the certificate can be verified.
Conclusion and the Future
Compared with existing traditional certificate systems and other
blockchain solutions, the blockchain certificate system pro-
posed in this article is a set of certificate system based on block-
chain technology, which completely adopts the smart contract
and does not rely on any other third-party system, and can
meet the requirements for practical applications, replace the
existing traditional electronic certificate system, solve the prob-
lems that exist in the past blockchain certificate system, thereby
further realizing practical application of the blockchain technol-
ogy within the field of education, which enjoys great guiding
significance in practice.
The current system is only focused on certificates while the
basic idea of adopting smart contract for role definition, author-
ity management, data anti-tampering and privacy protection
can be used in other fields. In a traditional IoT system, typical
devices are facing problems of security vulnerabilities [24] while
the thought of authority management based on blockchain can
be used to solve these problems. Also, the idea of using smart
contract and blockchain in this article can be used to secure
data transition [25], secure data storage, control data access
[26, 27] and protect privacy.
The potential issue we have is in three-level authority man-
agement, the system will be affected if the private key is lost or
compromised. There should be a voting schema in the authority
management system to make decisions according to all attend-
ees’ opinions in this system to avoid the affect from that private
key.
authority management schema, to develop general processes
and to define the protocol for digital data storage in smart con-
tract for general purpose.
References
[1] S. A Brands, Rethinking Public Key Infrastructures and Digital Certificates: Build-
ing in Privacy, MIT Press, 2000.
[2] M. Chase and S. S. Chow, “Improving Privacy and Security in Multi-Authority
Attribute-Based Encryption,” Computer and Communications Security, 2009,
pp. 121–30.
[3] D. Boneh et al., “A Method for Fast Revocation of Public Key Certificates and
Security Capabilities,” USENIX Security Symp., 2001, pp. 22–22.
[4] S. Nakamoto, “Bitcoin: A Peer-to-Peer Electronic Cash System,” 2008, https://
bitcoin.org/en/bitcoin-paper, accessed Nov. 20, 2019.
[5] V. Buterin, “Ethereum: A Next Generation Smart Contract & Decentralized
Application Platform,” https://github.com/ethereum/wiki/wiki/White-Paper,
accessed Nov. 20, 2019.
[6] L. Luu et al., “Making Smart Contracts Smarter,” Computer and Communica-
tions Security, 2016, pp. 254–69.
[7] K. Ohara, “Smart Contracts — Dumb Idea,” IEEE Internet Computing, vol. 22,
no. 2, 2017, pp. 97–101.
[8] J. Nazaré and K. Hamilton, “Digital Certificates Project,” http://certificates.
media.mit.edu/, accessed Nov. 20, 2019.
[9] W. Gräther et al., “Blockchain for Education: Lifelong Learning Passport,”
https://dl.eusset.eu/handle/20.500.12015/3163, accessed Nov. 20, 2019.
[10] C. Brunner, K. Fabian, and E. Dominik, “SPROOF: A Platform for Issuing and
Verifying Documents in a Public Blockchain,” Int’l. Conf. Information Systems
Security, 2019, pp. 15–25.
[11] P. Maymounkov and D. Mazieres, “Kademlia: A Peer-to-Peer Information
System Based on the XOR Metric,” Int’l. Wksp. Peer to Peer Systems, 2002,
pp. 53–65.
[12] W. Cai et al., “Decentralized Applications: The Blockchain-Empowered Soft-
ware System,” IEEE Access, 2018, pp. 53019–033.
[13] C. Konstantinos and M. Devetsikiotis, “Blockchains and Smart Contracts for
the Internet of Things,” IEEE Access, 2016, pp. 2292–303.
[14] D. H. Johnson, A. Menezes, and S. A. Vanstone, “The Elliptic Curve Digital
Signature Algorithm (ECDSA),” Int’l. J. Information Security, vol.1, no. 1, 2001,
pp. 36–63.
[15] SECG, “SEC 2: Recommended Elliptic Curve Domain Parameters,” http://
secg.org/sec2-v2.pdf, accessed Nov 20, 2019.
[16] A. Ezell and J. Bear, Degree Mills: The Billion-Dollar Industry That Has Sold
over a Million Fake Diplomas, Prometheus Books, 2005.
[17] G. Zyskind, O. Nathan, and A. Pentland, “Decentralizing Privacy: Using
Blockchain to Protect Personal Data,” IEEE Symp. Security and Privacy, 2015,
pp. 180–84.
[18] K. Ahmed, “Hawk: The Blockchain Model of Cryptography and Privacy-Pre-
serving Smart Contracts,” IEEE Symp. Security and Privacy, 2016, pp. 839–58.
[19] R. L. Rivest, A. Shamir, and L. M. Adleman, “A Method for Obtaining Digital
Signatures and Public-Key Cryptosystems,” Commun. ACM, vol. 21, no. 2,
1978, pp. 120–26.
[20] R. C. Merkle, “A Certified Digital Signature,” Int’l. Cryptology Conf., 1989,
pp. 218–38.
[21] M. Naor and K. Nissim, “Certificate Revocation and Certificate Update,” IEEE
JSAC, vol. 18, no. 4, 2000, pp. 561–70.
[22] Open Badges, “Open Badges v2.0 IMS Final Release,” https://www.imsglob-
al.org/sites/default/files/Badges/OBv2p0Final/index.html, accessed Nov. 20,
2019.
[23] IPFS, “Peer-to-Peer Hypermedia Protocol,” https://ipfs.io, accessed Nov. 20,
2019.

IEEE Internet of Things Magazine • June 2020 49

Authorized licensed use limited to: University of Glasgow. Downloaded on June 30,2020 at 07:32:12 UTC from IEEE Xplore. Restrictions apply.
[24] F. Meneghello et al., “IoT: Internet of Threats? A Survey of Practical Security Zhongjie Yang ([email protected]

) is a co-founder and vice
Vulnerabilities in Real IoT Devices,” IEEE Internet of Things J., vol. 6, no. 5,
2019, pp. 8182–210.
[25] O. Bello and and S. Zeadally, “Intelligent Device-to-Device Communication
in the Internet of Things,” IEEE Systems J., vol. 10, no. 3, 2016, pp. 1172–82.
[26] Y. Zhang et al., “Smart Contract-Based Access Control for the Internet of
Things,” IEEE Internet of Things J., vol. 6, no. 2, 2019, pp. 1594–605.
[27] O. Novo, “Blockchain Meets IoT: An Architecture for Scalable Access Man-
agement in IoT,” IEEE Internet of Things J., vol. 5, no. 2, 2018, pp. 1184–95.
[28] A. Zanella et al., “Internet of Things for Smart Cities,” IEEE Internet of Things
J., vol. 1, no. 1, 2014, pp. 22–32.
president of Beijing Mobike Technology Co. Ltd. His focus
is on AI and IOT and mobile communication technology. He
developed the world’s first smart shared bicycle lock, and cre-
ated the smart shared bicycle mode. He is a senior member of
the China Electronics Society. He is an expert member of the
International Industry University Research Internet of Things
Alliance. He graduated in communication engineering from
Xi’an University of Electronic Science and Technology. He is
a senior engineer and NPI project manager at Motorola Mobility Technologies
China Ltd.

bIograPhIes Jiaji Wu ([email protected]) received the B.S. degree in

electrical engineering from Xidian University, Xi’an, China, in
Rui Xie ([email protected]) received the B.S. degree in 1996, the M.S. degree in astrometry and celestial mechanics
network engineering from Beijing University of Posts and Tele- from the National Time Service Center, Chinese Academy
communications, Beijing, China, in 2008. He is a co-founder of Sciences, in 2002, and the Ph.D. degree in electrical engi-
of Consensus Approach Co. Ltd. His current research is main- neering from Xidian University, Xi’an, China, in 2005. He is
ly focused on Blockchain technologies. currently a professor with Xidian University. His research inter-
ests include image processing, still image coding, hyperspec-
tral/multispectral image compression, communication, and
high-performance computing.

Gwanggil Jeon ([email protected]) received the B.S., M.S.,

Yuhui Wang ([email protected]) received a B.S. and Ph.D. (summa cum laude) degrees from the Department
degree in computer science from Beijing University of Posts of Electronics and Computer Engineering, Hanyang University,
and Telecommunications, Beijing, China, in 2005. He is the Seoul, Korea, in 2003, 2005, and 2008, respectively. He was
founder of Consensus Approach Co. Ltd. His current research with the School of Information Technology and Engineering,
is mainly focused on Blockchain technologies. University of Ottawa, Ottawa, ON, Canada, as a Post-Doc-
toral Fellow, from 2009 to 2011. He was with the Graduate
School of Science and Technology, Niigata University, Niigata,
Japan, as an assistant professor, from 2011 to 2012. He was a
prestigious visiting professor in the Dipartimento di Informatica, Università degli
Studi di Milano Statale, from 2019 to 2020. He is currently a professor at Xidian
Mingzhou Tan ([email protected]) is an expert in artifi- University, Xi’an, China and Incheon National University, Incheon, Korea. Dr. Jeon
cial intelligence, an adjunct professor at Xidian University, an was a recipient of the IEEE Chester Sall Award in 2007 and the ETRI Journal Paper
angel investor, the chief strategy officer of Turing Robot, an Award in 2008.
expert consultant for the People’s Network Research Institute,
and he served as the entrepreneurial mentor of several univer-
sities. Currently he is focusing on artificial intelligence, mobile
Internet technology, blockchain technology and IoT related
research work.

Wei Zhu ([email protected]) is a Master of Engineering and

a senior engineer. He is currently the Deputy Dean of the
School of Innovation and Entrepreneurship at Xidian Universi-
ty. He has long been engaged in innovation and entrepreneur-
ship in universities, mainly focusing on artificial intelligence,
Internet of Things, big data, intelligent hardware, mobile Inter-
net, cultural creativity and other fields. In the cultivation of
innovative entrepreneurship talents, entrepreneurship project
incubation, crowdfunding space and incubator construction
and operation, university scientific and technological achievements in terms of
transformation and cooperation between industry, university and research, he has
rich practical experience and strong theoretical research ability.

50 IEEE Internet of Things Magazine • June 2020

Authorized licensed use limited to: University of Glasgow. Downloaded on June 30,2020 at 07:32:12 UTC from IEEE Xplore. Restrictions apply.