Presentation is loading. Please wait.

Presentation is loading. Please wait.

Credential Transparency

Published byLeo Lehtilä Modified over 6 years ago

Similar presentations

Presentation on theme: "Credential Transparency"— Presentation transcript:

1 Credential Transparency
Stanford University Joyce Li Stephen Arod Shirreffs

2 Digital Enables a student to stack their achievements
Enables integration Breaks things down like Lego blocks Degrees and certificates Transcripts and their elements Cocurricular records Specific artifacts Meta data Stephen – enables a student to stack their achievements – enable integration – break things down like Lego blocks – degrees, certificates, also co-curricular, transcripts, specific artifacts and meta-data

3 Unprecedented Convenience and Potential
B ut this raises the issue of control

4 Authenticity? Integrity? How to verify?

5 Keeping a record using cryptographic means and a Merkle Tree structure

6 Authority vs “The Truthless Society” or …

7 Authority vs A dystopian world without sovereign control
Now what has this to do with the price of bread in Palo Alto, you ask

8 The Private Ledger We control it: We believe that our authority matters Share technology with other verticals: HR, procurement, legal, etc. Consortium Model: Shared servers with multiple ledgers Gateway with Gatekeepers: Known, accredited institutions

9 Our Current Approach

10 University Intranet Vendor
1. Vendor generates Adobe-certified PDF credential files. Campus SIS Vendor 2. Send certified credential files to storage. 3. Students download files University Intranet

11 Platform/Software dependency
PDF format only Cost Irrevocable

12 1. Vendor generates Adobe-certified PDF credential files.
Validation Website Vendor 1. Vendor generates Adobe-certified PDF credential files. Campus SIS Vendor 2. Send certified credential files to storage server (cloud-based vendor). 3. Students download files

13 Stanford hosted validation website

14 As a Trusted Credential Issuer
Promote trust through verifiability Independent from vendor-specific ecosystems Support various data types and contexts Support credential revoking Ease of Adoption Reliability of System(s)

15 Hypervisor Mobile Apps Bitcoin Preprocessor Docker Performance Artificial Intelligence Robotics Big Data Spark Cloud Computing Blockchain Cryptography Database Distributed System Agile Development Responsive Design Cyber Security

16 Stanford Ph.D. student, Consultant
Developers Brendan Farmer Consultant Jared Dunnmon Stanford Ph.D. student, Consultant Tom Black Stanford Registrar

17 New development based on proven technology
Proposed Solution New development based on proven technology Start with dedicated model with potential to be easily replicated and expanded as distributed systems

18 Cryptographic Hashes sha ( X ) = 8c110a8dbeb6cc4b67dcf3deceaeee45301dbbb9fb8589b50da1d88e a X could be document file, a statement in Linked in, or even unstructured meta data. One-Way function

19 Merkle Tree Data Structure
Merkle Root R h ( x + y ) h ( h(a) + h(b) ) x y h ( h(c) + h(d) ) a c leaf h (a) h (b) h (c) h (d) b d

20 Loosely-Coupled Components
Transparency Server: Maintain one or more transparency logs for holding credential data Connector: Controlled write access to transparency server Verification Interface: Verification by inclusion proof checking

21 Validation Website Validation Website Vendor 1. Vendor generates Adobe-certified PDF credential files. Vendor 3. Students download files Campus SIS 1.1 certify / revoke credentials 2. Send certified credential files to storage server (cloud-based vendor) 1.2 certify / revoke credentials Connector Transparency Server

22 Transparency Server No access to student data
Accessible by public without privacy concerns API to certify, revoke, and verify Managed by university, hosted anywhere Write only by the dedicated connector

23 Connector API to certify, revoke
Hosted within university’s secure intranet Controls write access to transparency server Complete separation of campus student data from transparency server

24 Verification Interface
Hash student data input on client side for verification Verify credential by checking inclusion proof

25 certify / revoke credentials
Validation Website Validation Website Campus SIS verify credentials verify credentials certify / revoke credentials certify / revoke credentials Connector Transparency Server

26 Credential Issuing Process
Credential Conferred Digital Artifact Generated Register Credential on Transparency Server Digital Credential Released to Learners

27 Credential Issuing Process
Campus SIS add add Connector Transparency Server Generate digital credential documents Generate SHA256 hash of credential documents Send “certify” requests to transparency server via connector Digital credential documents awarded to learners

28 Questions/Comments Joyce Li Stephen Arod Shirreffs

Download ppt "Credential Transparency"

Similar presentations

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.
This paper states that one of the major problem to the adoption of cloud computing is that of security.  Existing cloud computing problem or concerns.

This paper states that one of the major problem to the adoption of cloud computing is that of security.  Existing cloud computing problem or concerns.
DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases.

DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases.
ALT-C2010 7/09/2010 14:50 Giving you back control of your data: An e-Qualification system for e-Portfolios Learning Societies Laboratory, School of Electronic.

ALT-C2010 7/09/ :50 Giving you back control of your data: An e-Qualification system for e-Portfolios Learning Societies Laboratory, School of Electronic.
DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases.

DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 15: Internet Explorer and Remote Connectivity Tools.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 15: Internet Explorer and Remote Connectivity Tools.
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Public Key Infrastructure from the Most Trusted Name in e-Security.

Public Key Infrastructure from the Most Trusted Name in e-Security.
For more notes and topics visit:

For more notes and topics visit:
M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.

M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Cryptography and Network Security (CS435) Part Fourteen (Web Security)
21-09-0059-00-0sec1 IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-09-0059-00-0sec Title: TGa_Proposal_Antonio_Izquierdo (Protecting the Information Service.

sec1 IEEE MEDIA INDEPENDENT HANDOVER DCN: sec Title: TGa_Proposal_Antonio_Izquierdo (Protecting the Information Service.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.

DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.
Using SaaS and Cloud computing For “On Demand” E Learning Services Application to Navigation and Fishing Simulator Author Maha KHEMAJA, Nouha AMMARI, Fayssal.

Using SaaS and Cloud computing For “On Demand” E Learning Services Application to Navigation and Fishing Simulator Author Maha KHEMAJA, Nouha AMMARI, Fayssal.
DIGITAL SIGNATURE.

DIGITAL SIGNATURE.

Similar presentations

Ads by Google