This case study will examine an implementation strategy to record degrees and certificates onto the Blockchain for authenticity and verification purposes.
This Case Study discussed an implementation strategy for recording Degrees and Certificates on the Blockchain for authenticity and verification purposes.
This POC is for ICB: International Consortium for Blockchain.
ICB accredits training providers (known as REPs – Registered Educational Partners) for blockchain-related courses.
The REPs can then train people on the accredited Courses and ICB issues certificates on successful course completion.
This POC deals with storing the details of the generated certificates on the blockchain and retrieving it upon request.
Introduction to Public Key InfrastructureTheo Gravity
Adonis Fung and I worked on a project where we defined and built PKI (Public Key Infrastructure) for our local development and deployed environments. I gave a talk to our engineers on how PKI works, covering encryption, signing, trust stores, and how the HTTPS handshake works.
This Case Study discussed an implementation strategy for recording Degrees and Certificates on the Blockchain for authenticity and verification purposes.
This POC is for ICB: International Consortium for Blockchain.
ICB accredits training providers (known as REPs – Registered Educational Partners) for blockchain-related courses.
The REPs can then train people on the accredited Courses and ICB issues certificates on successful course completion.
This POC deals with storing the details of the generated certificates on the blockchain and retrieving it upon request.
Introduction to Public Key InfrastructureTheo Gravity
Adonis Fung and I worked on a project where we defined and built PKI (Public Key Infrastructure) for our local development and deployed environments. I gave a talk to our engineers on how PKI works, covering encryption, signing, trust stores, and how the HTTPS handshake works.
Presentation by DHS S&T at the NY Blockchain 360 Conference regarding Blockchain's relevance to the Homeland Security Enterprise. Results of security and privacy research and development over the last 2+ years and next steps.
The release of the Azure Blockchain Development Kit represents a milestone in the adoption of blockchain technologies in the enterprise space. Thanks to the Blockchain Development Kit, you can now build solutions that seamlessly integrate blockchain with the best of Microsoft and third-party software applications. Blockchain Development Kit works in combination with Azure Logic Apps to dramatically simplify the development of end-to-end blockchain applications that access on- and off-chain data, handle events generated by the digital ledger, and leverage the Azure ecosystem for a seamless and integrated solution. This session describes how to automate document sign and verify workflows in SharePoint using Azure Logic App and Azure Blockchain Workbench for persisting files’ hash and metadata on a blockchain digital ledger.
A presentation explaining the concepts of public key infrastructure. It covers topics like Public Key Infrastructure (PKI) introduction, Digital Certificate, Trust Services, Digital Signature Certificate, TLS Certificate, Code Signing Certificate, Time Stamping, Email Encryption Certificate
Trust, Blockchains, and Self-Soveriegn IdentityPhil Windley
This talk discusses sovereignty as a foundational model for a new kind of identity system that not only establishes all entities as peers, but also provides the means of using verifiable claims to build trustworthy relationships. A self-soversign identity system with verifiable claims provides increased privacy and control for individuals, more transparent consent, opens new opportunities for relying parties and third party claims providers, and reduces or eliminates integration costs while making systems simpler.
Document verification using blockchain technology is yet another generic that got recently explored. bloctick is one such application that helps you to ascertain the integrity of your records.
Blockchain technology has changed the revolution of data storage and privacy. Decentralized data storage technique in Blockchain introduced the dependent ledger system. The main motive of Blockchain is to avoid the third party authorization and validation process and intermediaries. This research process shows the different areas where Blockchain can be implemented and some guidelines. And what are the factors need to be considered while deploying the distributed ledgers. Nitin | Dr. Lakshmi J. V. N | Sharique Raza "A Study on Applications of Blockchain" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd33693.pdf Paper Url: https://www.ijtsrd.com/computer-science/other/33693/a-study-on-applications-of-blockchain/nitin
Hackbama Presentation
Presenter: Jason Cuneo
Abstract: The revolution of blockchain centered technologies provides security practitioners with a unique opportunity to participate in shaping the future of secure networking and has the potential to redefine how organizations and society transact and determine value. The objective of this discussion is to introduce how blockchains are disrupting the status quo and how they can be used to improve the Cybersecurity landscape.
Blockchain and BPM - Reflections on Four Years of Research and ApplicationsIngo Weber
In this keynote, delivered at the Blockchain Forum of BPM 2019, I summarized and reflected on research on BPM and blockchain over the last four years, including model-driven engineering, process execution, and analysis and process mining. I also covered selected use cases and applications, as well as recent insights on adoption. The keynote closed with a discussion of open research questions.
Presentation by DHS S&T at the NY Blockchain 360 Conference regarding Blockchain's relevance to the Homeland Security Enterprise. Results of security and privacy research and development over the last 2+ years and next steps.
The release of the Azure Blockchain Development Kit represents a milestone in the adoption of blockchain technologies in the enterprise space. Thanks to the Blockchain Development Kit, you can now build solutions that seamlessly integrate blockchain with the best of Microsoft and third-party software applications. Blockchain Development Kit works in combination with Azure Logic Apps to dramatically simplify the development of end-to-end blockchain applications that access on- and off-chain data, handle events generated by the digital ledger, and leverage the Azure ecosystem for a seamless and integrated solution. This session describes how to automate document sign and verify workflows in SharePoint using Azure Logic App and Azure Blockchain Workbench for persisting files’ hash and metadata on a blockchain digital ledger.
A presentation explaining the concepts of public key infrastructure. It covers topics like Public Key Infrastructure (PKI) introduction, Digital Certificate, Trust Services, Digital Signature Certificate, TLS Certificate, Code Signing Certificate, Time Stamping, Email Encryption Certificate
Trust, Blockchains, and Self-Soveriegn IdentityPhil Windley
This talk discusses sovereignty as a foundational model for a new kind of identity system that not only establishes all entities as peers, but also provides the means of using verifiable claims to build trustworthy relationships. A self-soversign identity system with verifiable claims provides increased privacy and control for individuals, more transparent consent, opens new opportunities for relying parties and third party claims providers, and reduces or eliminates integration costs while making systems simpler.
Document verification using blockchain technology is yet another generic that got recently explored. bloctick is one such application that helps you to ascertain the integrity of your records.
Blockchain technology has changed the revolution of data storage and privacy. Decentralized data storage technique in Blockchain introduced the dependent ledger system. The main motive of Blockchain is to avoid the third party authorization and validation process and intermediaries. This research process shows the different areas where Blockchain can be implemented and some guidelines. And what are the factors need to be considered while deploying the distributed ledgers. Nitin | Dr. Lakshmi J. V. N | Sharique Raza "A Study on Applications of Blockchain" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd33693.pdf Paper Url: https://www.ijtsrd.com/computer-science/other/33693/a-study-on-applications-of-blockchain/nitin
Hackbama Presentation
Presenter: Jason Cuneo
Abstract: The revolution of blockchain centered technologies provides security practitioners with a unique opportunity to participate in shaping the future of secure networking and has the potential to redefine how organizations and society transact and determine value. The objective of this discussion is to introduce how blockchains are disrupting the status quo and how they can be used to improve the Cybersecurity landscape.
Blockchain and BPM - Reflections on Four Years of Research and ApplicationsIngo Weber
In this keynote, delivered at the Blockchain Forum of BPM 2019, I summarized and reflected on research on BPM and blockchain over the last four years, including model-driven engineering, process execution, and analysis and process mining. I also covered selected use cases and applications, as well as recent insights on adoption. The keynote closed with a discussion of open research questions.
Securing & Verifying Digital Certificates using BlockChain Technology
LearningChain is an online platform for educational institutions to issue tamper proof and instantly
Authentication and Authorization ModelsCSCJournals
In computer science distributed systems could be more secured with a distributed trust model based on either PKI or Kerberos. However, it becomes difficult to establish trust relationship across heterogeneous domains due to different actual trust mechanism and security policy as well as the intrinsic flaw of each trust model. Since Internet has been used commonly in information systems technologies, many applications need some security capabilities to protect against threats to the communication of information. Two critical procedures of these capabilities are authentication and authorization. This report presents a strong authentication and authorization model using three standard frameworks. They are PKI, PMI, and Directory. The trust in this approach is enabled by the use of public key infrastructure (PKI) which is applied for client two-factor authentication and secures the infrastructure. We introduce the preventive activity-based authorization policy for dynamic user privilege controls. It helps prevent successive unauthorized requests in a formal manner. At the core, we apply the Multi-Agent System (MAS) concept to facilitate the authentication and the authorization process in order to work with multi-applications and multi-clients more dynamically and efficiently.
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
Presentation by Scott Rea, DigiCert's Sr. PKI Architect, at AppSec California 2015.
Abstract:
Traditional PKI focuses on binding a public key to the keyholder’s identity, which is implicitly assumed to be a well-defined, relatively static thing (such as individual’s full name or email address, or the hostname of a public webserver). However, in the envisioned smart grid, for example, the relevant properties of the keyholder are not just the device’s identity (i.e. this is a meter made by ACME or this is a refrigerator made by GE) but its context: This is a refrigerator in the apartment rented by Alice, who buys power from X.
This context information will not necessarily be known until device installation and also may change dynamically. What if Alice sells her fridge on Craigslist or sublets her apartment to Bob? What if repair personnel replace Alice’s meter? This information may also not be particularly simple. What if Alice’s landlord owns many apartment buildings, and changes power vendors to get a better rate?
If our cryptographic infrastructure is going to enable relying parties to make the right judgments about IoT devices (such as the example provided using Smart Grid), this additional contextual information needs to be available. We can try to modify a traditional identity-based PKI to attest to these more dynamic kinds of identities, and we can also try to adapt the largely experimental world of attribute certificates to supplement the identity certificates in the smart-grid PKI. Either of these approaches will break new ground.
Alternatively, we can leave the identity PKI in place and use some other method of maintaining and distributing this additional data; which would require supplementing our scalable PKI with a non-scalable database.
In any of these approaches, we also need to think about who is authorized to make these dynamic updates or who is authoritative for making these types of attestations. Who witnesses that Alice has sold her refrigerator? Thinking about this organizational structure IoT devices also complicates the revocation problem. If we can’t quite figure out who it is that speaks for where a device currently lives, how will we figure out who it is who is authorized to say it has been compromised?
In this presentation, all of these issues and more will be explored and actionable guidelines will be proposed to build a secure and scalable system of IDs and attributes for the complex networked world that awaits us all.
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfJUSTSTYLISH3B2MOHALI
I would appreciate help with these 4 questions. Thank You.
1) Explain what the following are: root certificates, self-signed certificates. Describe how they
are used. Provide some examples of each explaining how they are used. You should be able to
find examples of each on your system by looking through various options available on your
browser.
2) Provide a listing of the fields associated with a certificate of your choosing. Use the X509
definition to match the general fields of a certificate with the certificate you choose to look at.
Describe each field.
3) Your manager is considering implementing a PKI infrastructure. They are considering using
RSA encryption technology for the central part of their infrastructure. You manager would like
to know some products or services that utilize RSA encryption technology. Provide three
examples and explain how they make use of the RSA encryption technology. Provide a few
original sentences describing each of your examples.
4) Compare the functionality offered by the RSA and Diffie-Hellman algorithms.
Solution
A Root SSL certificate could be a certificate issued by a trusty certificate authority (CA).In the
SSL system, anyone will generate a language key and sign a replacement certificate therewith
signature. However, that certificate isn\'t thought-about valid unless it\'s been directly or
indirectly signed by a trusty CA.A trusty certificate authority is Associate in Nursing entity that
has been entitled to verify that somebody is effectively World Health Organization it declares to
be. so as for this model to figure, all the participants on the sport should agree on a group of CA
that they trust. All operational systems and most of net browsers ship with a group of trusty
CAs.The SSL system is predicated on a model of trust relationship, conjointly known as “chain
of trust”. once a tool validates a certificate, it compares the certificate establishment with the list
of trusty CAs. If a match isn\'t found, the shopper can then check to check if the certificate of the
supplying CA was issued by a trusty CA, so on till the tip of the certificate chain. the highest of
the chain, the basis certificate, should be issued by a trusty Certificate Authority.
Self-signed certificates or certificates issued by a non-public CAs aren\'t appropriate to be used
with the overall public.A certificate serves two essential purpose distribute the public key and
verifying the individuality of the server so guests know they aren’t sending their information to
the wrong person. It can only properly verify the identity of the server when it is signed by a
trusted third party because any attacker can create a self-signed certificate and launch a man-in-
the-middle attack. If a user just accept a self-signed certificate, an attacker could drop on all the
traffic or try to set up an imitation server to phish additional information out of the user. Because
of this, you will approximately on no account want to use a self signe.
Demystify blockchain development with hyperledger fabricBenjamin Fuentes
The World has been following blockchain technology last year with the raise of the public blockchains, the Bitcoin value overpassing Gold and now private blockchains for Business.
Why so many interest on permissioned blockchain ? Which industries are impacted ? What is new for 2017 ? You will have a short presentation on blockchain and a demo on the latest Hyperledger Fabric V1 around an original use case for airline industry
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSAWS User Group Kochi
AWS Community Day Kochi 2019 - Technical Session
Enterprise grade security for web and mobile applications on AWS by Robin Varghese , Chief Architect - TCS
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
PHP Frameworks: I want to break free (IPC Berlin 2024)
Blockchain PoC For Education
1. Record Educational Certificates on
Blockchain for Authentication and digital
verification
(Implementation of proof of concept)
2. Digital Blockchain Certificates POC – What we are trying to
solve..
• Academic credentialing fraud is a reality and comes both by counterfeiting and through the
complicity of institution’s authorities and staff.
• No straightforward process to verify the authenticity and genuineness of certificates.
• Manual process of submitting certificates(documents) in paper records to various authorities
increase chances of misusing the paper records by third person.
• Breach of privacy and personal security as no control on who is allowed to access the certificates.
• Centralized storage of documents not a solution as it is difficult to integrate the issuer, receiver and
viewer entities together in a workflow to authenticate the documents and centralized storage may
be a single point of failure .
• A cryptographic hash function shall be applied on document and result may be stored on public
blockchain in a transaction signed by private key of issuer institution which ensures the non
repudiation of document.
• Blockchain with distributed storage like IPFS allows the document to be stored locally and shared
with requester after proper validation.
www.ramantech.com
3. For whom?
• This POC is for ICB(International Consortium for
Blockchain)
• ICB accredits the training providers(REPs – Registered
Educational Partners) for blockchain related courses
• The REPs can then train people on the accredited
Courses and ICB issues certificates on successful course
completion
• This POC deals with storing the details of the generated
certificates on the blockchain and retrieving it upon
request from the Students
www.ramantech.com
4. Digital Blockchain Certificates POC– Solution Overview
Our Digital Blockchain certificates POC based on Ethereum Platform consists of
following components:
• Certificate Issuer program - The certificate issuer (ICB) issues blockchain
certificates by creating a transaction from issuing institution to the recipient on
the ethereum blockchain that includes the hash of the certificate itself. The
blockchain may not be running locally on the machine of certificate issuer and
may use REST web service API to lookup and broadcast transactions.
• Certificate Verifier program - The blockchain certificate contains the issuer
information. The certificate verifier program provides mechanism to check
certificate integrity and authenticity. The blockchain certificate also contains
the Issuer revocation list to check if certificate has not been revoked by the
Issuer or user and is not expired.
• Certificate Viewer - The cert-viewer project is a php/angularjs webapp to
display and verify blockchain certificates after they have been issued and to
allow learners to request a certificate and generate their own ethereum
identity needed for the certificate creation process.
www.ramantech.com
5. Digital Blockchain Certificates POC– Solution Overview…
• API Management - The API calls between issuer, requester, user and
blockchain platform are made using secure REST web service calls. These API
calls are made as wrappers to web3.js API calls which invoke smart contract
functions related to Digital Blockchain certificates (issue certificates, request
certificate, verify certificate and share certificate and transaction history.)
• IPFS (distributed storage) - The certificates stored on blockchain has associated
registry smart contract with data structure that links to the document path
URL (documents stored on IPFS) The requester after proper authentication and
security verification will access the document URL and retrieve the document
for access.
• Messaging framework - The messaging framework based middleware will be
used to send request and response between requester and user and the actual
document exchange.
www.ramantech.com
7. Digital Blockchain Certificates POC – Solution Overview
Our Blockchain based certification is designed to be:
• Secure in Access, Transmission and Distributed Storage of documents owned by
document owners.
• Based on Modular components.
• Smart contracts with fine grained ownership checking rules to secure transactions.
• Smart transactions. Example:
– when a issuer issues certificate– it updates transactions with certificate hash and generate receipt.
– when a document requester requests a certificate – validates certificate, sends request to document
owner, receive document along with signed digital certificate by issuing authority.
• Distributed Storage Architecture using IPFS , document owner can decide with
whom to share documents.
• Ethereum Blockchain distributed transaction ledger to provide information on
members identity and roles, certificate transaction history (issue, validation,
revocation etc.)
• Authentication mechanism to validate the requestor using public/private key pair
based credentialing.
www.ramantech.com
8. Digital Blockchain Certificates POC– Technologies Used
The technology stack used in developing this POC is
1.Ethereum Blockchain (ethereum ropsten network)
2.PHP/Angularjs for webApp development
3.Solidity smart contracts
4.IPFS distributed file storage
5.RabbitMq /whisper – messaging framework
6.PHP MVC for development of model view controller
7.PHP laravel for RESTful web service framework
8.PKI and digital certificates (X.509 digital certificates)
www.ramantech.com
9. Digital Blockchain Certificates POC– Results
As a result of successful POC , our team would be able to
• Setup a ethereum Blockchain to store transactions about the digital certificates
issued by academic institution and verified by requester.
• Shared distributed transaction ledger allows proof of existence of digital certificates
issued by academic institutions and verified by the requester. The users can access
and store documents on their IPFS storage and exchange documents with requesters.
• WebApps and (in future mobile apps) to interact with digital certificate smart
contracts deployed in blockchain.
• Future Scope of work to extend POC use cases e.g.
o Android and iOS mobile apps to store and validate the digital certificates.
o Development of real time notifications to notify the requests made by various
document requester and document exchanged by users.
www.ramantech.com