- Security TWENTY
- Women in Security
Jim Yip, Regional Marketing Director, Asia Pacific at Thales e-Security writes of the black market of degree certificates.
Counterfeit degree certificates are nothing new. For almost as long as there have been universities, unscrupulous people have bought or made fake certificates to con employers into giving them jobs. One of the more unfortunate consequences of the explosion in e-commerce, however, has been the growth in the bogus degree market, to the extent that universities have to take tangible steps to tackle the issue.
Diploma ‘mills’ churn out counterfeit documents with astonishing resemblance to detail. With just a few clicks, you can purchase one of these degrees from wherever you in the world. How can universities safeguard their reputation by issuing certificates that are impossible to forge but easy for prospective employers to authenticate?
The University of Malaya addressed this problem by pioneering the world’s first e-scroll, a digital degree certificate that is digitally signed and time stamped using encryption technology, allowing for employers to easily establish its authenticity online. Graduates of the University of Malaya can now attach their e-scroll when applying online for jobs. E-scrolls can also provide cost savings by eliminating the need for the printing of paper-based certificates.
The e-scroll is based on the concept of a ‘digital’ signature, the virtual equivalent of a traditional written signature, indicating that the message is authentic and that the information has not been altered. The security that underpins the digital signature depends on a Public Key Infrastructure (PKI). PKIs are a widely used technology that already supports the authentication processes in areas such as e-commerce, e-passports, payments and gaming. Public key encryption generates and authenticates digital signatures on a mass scale, allowing for the creation of unique credentials that cannot be forged.
To create each e-scroll, the University of Malaya uses a purpose-built program to convert the credentials of each graduate into an Adobe PDF. The e-scroll is then digitally signed by the University’s Registrar and Vice-Chancellor using another program in a batch-signing process. Underpinning the process are Hardware Security Modules (HSMs), which provide strong protection for the digital identities of the Registrar and Vice-Chancellor by securely storing their private signing keys and preventing any unauthorised access.
To add an additional layer of security, the e-scrolls are then time-stamped against the Malaysian National Clock to indicate the exact date that the documents are issued. This means that unlike paper certificates, e-scrolls cannot be post-dated or pre-dated.
While digital signatures provide a host of benefits, they also pose challenges for any organisation that issues them. As digital signatures and identities rely on PKIs, it is paramount that private keys are protected if the integrity of the whole system is to not be compromised. For the University of Malaya, if the e-scroll digital signing process is not secured, criminals can create fake digital signatures, allowing for the creation of bogus degrees which compromise the University’s reputation. The University, moreover, needs to be aware that failure to maintain adequate procedures means that the e-scroll might get rejected in certain jurisdictions.
This means that the independently certified HSMs need to be deployed which can offer a much higher level of assurance and performance versus software-based digital signing. Thales e-Security HSMs make use of cutting-edge cryptography to provide a powerful weapon against the bogus degree of black market. As of last year, each of the 7,000 students that graduates each year from the University of Malaya receives an e-scroll along with a printed certificate at their graduation ceremony, meaning that they can assure employers of their credentials as well as having something they can frame.