PRESENTATION ON

Authentically secure
certificates
 PREsented by :

Amulya Singh
Aparna Kulshrestha
Anvita Mishra
Bhawana Tyagi
Inderprastha Engineering College,
Ghaziabad
PREPARED UNDER THE
GUIDANCE OF:

Ms. Aruna Dullo

 INTRODUCTION

 The academic and professional institutions and several government

and autonomous organizations award certificates to the students and
participants as proof of completion of courses and training
programmes.

 But one often reads about non-deserving people taking advantages of

the loopholes in the system by getting fraudulent certificates , which
demoralizes the deserving candidates and leaves a question mark on
the credibility of the certificates and awards.

 The technologies currently used to make certificates secure against

such malpractice are Watermarking and Holograms.
CURRENT SOLUTIONS
WATERMARKING

A certificate of deposit having a

watermarked background
 HOLOGRAMS

Certificate depicting a hologram in

the lower right corner.
 RFID

An RFID tag used for electronic toll collection

Limitations of Existing System
 Holograms and Watermarking which are currently the most commonly used
have hardware available which can create a fake of the same.And RFID
tags have a costly setup.

 The process of verification is quite difficult as it involves physically

presenting the certificates to the issuing authority. This requires physical
transfer of the original certificates and carries the risk of loss or damage to
the certificates during the transit , which is a great loss to the holder of the
certificate.
 This is a time consuming and costly process causing the organizations to
neglect the verification, which eventually is a loss to the deserving
candidates.

Thus, a simple yet a credible system of easy and

quick authentication of certificates needs to be developed.
 Proposed Solution

 The proposed system uses a combination of a hash algorithm and a

public key encrypting algorithm.

 The hash code produced would be encrypted and thus produce a

unique code for each database entry(candidate) which would be
embedded on the certificate.
 The code can be directly printed on the certificate or it could be
encoded as a barcode which might be printed on the certificate.

 This code eliminates the need for physical transportation of the

certificate, as only a photocopy of the credentials or even a scanned
copy sent via e-mail would do.
 The system can even be enhanced to an IVRS system.
 FEATURES
 It provides a standard format for assigning of unique certificate

numbers which do not fall into the trap of coincidences .

 It is far more authentically & confidentially secure than current

systems.
 The verification process of our system is quick, easy and secure in

which only a photocopy of the original credentials would do to verify

the certificates.
 Also for the future implementations, we have proposed to bring the

system on the IVRS in which no physical transfer of even the

photocopy would be required.
THE SOLUTION
 (A) THE PROCESS
(a) CERTIFICATE GENERARTION
 Authentication process
 Confidentiality process
 Embedding process

(b) CERTIFICATE VERIFICATION

 Verification process :
AUTHENTICATION ,CONFIDENTIALITY &
EMBEDDING
Stud
Info
Hashing
Student
Info
Student Secret Code
DataBase Generation Encryptio Key

n
Secret
Code

Secret Code
Student Info
Certificate
Generation
VERIFICATION

Student info on Certificate

Secure Code
Certificate
Generation

Secure Code generated

according to student details

Secure Code printed on certificate

Result
Comparison
OUR IMPLEMENTATION
SCANNED COPY OF ORIGINAL ICSE PASS CERTIFICATE
This is how the certificate will look like after embedding the secure code
Verification Process
The results of the verification process
 CONCLUSION
 Presently the most commonly used technologies for authenticating the
certificates have a major drawback of physical transfer.
 The secret code embedded on our certificate is used in the verification process
which does not require the originals of the certificate to be transmitted thus
overcoming much of the problems faced by the current technologies.
 The proposed system makes it possible for the verification process to be carried
out via e-mail, telephone, fax, etc. In the near future we plan to implement our
system on the IVRS which would further simplify the verification process
reducing the work load on the organisations.
 In the fast growing IT Industry this would certainly reduce the time and
cost spent in the verification process of certificates, thus proving to be a great
boon to the developing economy.
 FUTURE SCOPE

The near future scope of our project involves the implementation of an

IVRS system. Further we plan to implement some enhanced version
of Bar-Coding and Digital Watermarking in our system which
would thus provide more security to our system. Any institute which
provides certificates to their students would like to implement our
system.
 
 REFERENCES
 William Stallings , Cryptography and Network Security;Fourth
Edition.
 Bruce Scheiner, Applied Cryptography; Second Edition; John Wiley &
Sons, 1996.
 Handbook of Applied Cryptography - Alfred J. Menezes, Paul C. Van
Oorschot, Scott A. Vanstone :CRC Press.
 http://www.cryptography.com/resources/index.html
 http://www.sans.org/reading_room/
THANK
YOU!!
TECHNICAL ISSUES
 Authentication : Hashing(SHA- I)

 Hashing is the technique used in cryptography for providing authentication

between two communicating parties.

 It is a function,to which when some message is fed , it produces a fixed

length code depending upon the buffer size of the chosen algorithm.
Example of hash value generated by
SHA-1
STRING HASH VALUE

TEST VECTORS FOR

“a” 86f7e437faa5a7fce15d1d
SHA-1
dcb9eaeaea377667b8

“abc” a9993e364706816aba3e2
5717850c26c9cd0d89d

“abcdefghijklmnopqrstuv 32d10c7b8cf96570ca04ce
wxyz” 37f2a19d84240d3a89
 Confidentiality : Encryption(RSA)

 Encryption is the process through which two communicating parties

can maintain confidentiality in their conversation.

 We have made use of the public key algorithm, RSA which encrypts
the 160 bit hashed code it receives from its preceeding hashing block ,
to produce the secret code which will be embedded on the certificate.