A look into product management: Signing and verifying digital certificates
You would like to enrol at a university and need a digitally certified copy of your school leaving certificate? You would like to apply for a job offer and want to submit your certificate in a verifiable digital form? Today, educational certificates such as diplomas or certificates must either be requested from each individual educational institution as a certified copy or even authenticated by a notary or local court. This process is cumbersome and time-consuming. “Mein Bildungsraum” aims to provide a nationwide software solution for education providers to issue digital certificates and verify their authenticity.
Infobox
What are digital certificates?
Digital certificates are documents in electronic form that certify, for example, educational qualifications or special knowledge and have been issued by a trustworthy educational institution. It must be possible to check and confirm the authenticity of digital certificates at any time.
What does this mean exactly?
Digital certificates are issued by different institutions. Each individual issuing institution must be trusted. Small educational institutions and providers in particular often have difficulties with the high requirements for seals and signatures. This is because certificates must be transmitted between the educational institution and learners for processing and certification. These processes require time and expertise, which small educational institutions often do not have.
The use of the digital certificates component as a service ensures that education providers
- can easily generate, sign and withdraw the corresponding educational certificates themselves using an online service or in their own system (e.g. school administration system).
- have the option of verifying a digital certificate.The workflows associated with the digital certificates do not have to be mapped digitally individually and separately, but are combined in one place and can be implemented by educational institutions easily and in a resource-saving manner. This also helps to minimise the sealing costs.
Benefits for...
... education providers:
For “Mein Bildungsraum”, we are working on a domain-specific Public Key Infrastructure (PKI, see info box below), which creates an anchor of trust for the connected educational institutions such as schools, universities or further education providers. All clearly identified and authorised institutions will be able to sign, verify and withdraw digital certificates and copies of certificates. This will enable educational institutions to fulfil the current demands of the digital world with little effort. The institutions themselves always retain control over the content of the digital certificates.
... users:
Users of “Mein Bildungsraum” will be able to request digitally signed documents, such as a digital copy of their own Bachelor's certificate, from the university via the “Mein Bildungsraum” app. The university administration system then generates a PDF with machine-readable data and provides it with a digital signature that can be clearly verified. Users receive their certificate in their “Mein Bildungsraum” app. They can then use this to apply to a university, for example for a Master's degree programme. This can simplify time-consuming processes such as the authentication of certificates.
Local module as a technical interface to "Mein Bildungsraum"
A separate software component is being developed to ensure that education sector-specific administration systems (e.g. school administration system) use uniform standards for the verification signature and that the signature can be executed independently of the administration system. The so-called local module is installed locally as a software package in the infrastructure of the educational institution. It is located between the education administration system for generating educational certificates and the central services of “Mein Bildungsraum”.
This is where the educational institution controls all processes, such as signing, revoking and checking the certificates. The advantage here is that no data is passed on to third parties. The entire process is mapped in the organisation's own education administration system.
Infobox
What is a public key infrastructure (PKI)?
A public key infrastructure (PKI) is a hierarchical system for issuing, distributing and verifying digital certificates. The principle of a PKI is based on asymmetric cryptography. A key pair is created for each institution or person who wishes to communicate securely. This pair consists of a private (secret) and a public key.
If, for example, a certificate has been digitally signed with a private key, the authenticity and integrity of this certificate can be checked using the corresponding public key. This ensures that the certificate has not been changed since it was signed.
The authenticity of public keys is verified by so-called trust chains, which are established by certification authorities (CAs). These authorities confirm the identity of the institutions and the authenticity of the associated public keys by issuing so-called digital certificates. This facilitates the secure exchange of digitally signed certificates, even if the communication partners do not know each other personally beforehand.
The PKI method is used in many areas, for example in e-mail traffic, in the digital signature of documents, as SSL/TLS certificates for secure surfing on the Internet or in securing communication for IoT (Internet of Things) devices.
For a simple explanation of how cryptographic communication works, the fictitious communication partners Alice (A) and Bob (B) and Mallory (M), a “malicious” eavesdropper, are usually used. If you want to delve deeper into asymmetric cryptography, you can find numerous examples on the internet.
