Privacy Challenges and Requirements in the Diploma Record Ledger

In a previous blog post we saw a prototype service that Greek graduates can use to prove to a third-part that they indeed have a university degree. However, bringing the framework in the DLT context brings up a number of privacy challenges. In this post we first describe this context and then we present the emerging requirements that PRIViLEDGE will address.

A DLT-based system that can verify the authenticity of an academic title in a privacy-preserving manner involves three distinct entities, namely: issuers, holders, and verifiers.

An issuer is an organization (e.g., a university) that issues titles. Holders are persons that have titles and may want to present them to an interested entity. This entity can be an organization or a person that wishes to verify a title, i.e., a verifier. To do so, the verifier must contact the corresponding Issuer, who in turn, will provide the evidence needed. Note that the aforementioned concepts are in line with the World Wide Web Consortium’s “Verifiable Credentials Data Model”.

In this context, there are four basic requirements that the technologies produced in PRIViLEDGE need to address.
  • The first involves “title privacy”. That is, tiles are private data, meaning that they should not be accessible to anyone else except for the issuer. Also, it is important to ensure that once an issuer provides proof to a verifier that a specific person indeed holds a title, the verifier should not be able to provide this information to other third-parties
  • Then there is “access control”, i.e., the data inside the titles are personal data belonging to their holders. The holders should be able to control who and when gains access to their titles. In addition, holders should control which parts of the verifiable credentials can be presented to a verifier (e.g. full transcript or bare title). 
  • In addition, all entities should be held “accountable" for all their actions. For instance, issuers are not expected to issue forged titles. Furthermore, verifiers should accept only valid credentials, and be held responsible for any proof they leak. 
  • Finally, an important requirement involves the “audibility” of the system, i.e., an honest external auditor should be able to inspect all the recorded transactions.

Written by Dimitris Mitropoulos, GRNet
Photo by Pixabay