Case Study: LegitDoc implementation by Maharashtra State Board of Skill Development(MSBSD)

This case study has been co-authored by Dr. Anil M Jadhao, Chairman- MSBSD. It was originally published by the MSBSD chairman on LinkedIn.

1. Introduction:

Since the advent of the internet, Governments across the world have started moving online to deliver a majority of their services to the citizens. The process of providing online services formally called “E-Governance”, has helped the Governments in reducing the bureaucratic red tape faced by its citizens and the cost of delivery of services to the public. The practice of E-Governance in India was pioneered by the state of Kerala in 2002 through the project “AKSHAYA”, aimed at spreading digital literacy across the state. Following Kerala’s lead, Indian state Governments, as well as the central Government, have increasingly adopted E-Governance tools across verticals such as E-Identity, land registration, voting, taxation, payments, energy, vaccination etc. Despite these initiatives, India is currently ranked 100 in the UN’s E-Government Development Index(EGDI) among the 193 member nations. Hence, there is a greater need for India to aggressively accelerate its E-Governance programs if it wants to be a formidable economy in the world.

2. Government documents and their history:

Among the various Government services, government-issued documents are of an important kind. These include documents / ID’s ranging from Birth certificates, Matriculation certificate, Driver’s License, Passport, Land Records, Caste certificates, Income certificates, business registration certificates etc. The majority of social and business interactions spanning every citizen’s life, all the way from birth to death, are aided by various government-issued documents. Historically, government documents have been issued in the form of paper documents. These paper documents generally consist of seals, holograms, signatures and watermarks that help to uniquely identify the issuing authority. However, in the last 10 years, there has been a rampant increase in forgery of government-issued documents which have caused huge financial & reputational losses to the stakeholders involved. Let us look into a few busted forgery cases to understand the gravity of the problem at hand.

E.g.1: In 2018, Delhi Crime department had arrested a forgery racket that forged thousands of birth certificates.

E.g.2: A fake land allotment racket valued at around Rs.300 crores was busted in Bangalore in the year 2020.

E.g.3: Central crime branch of Police had seized more than 20,000 fake Voter ID, PAN cards and other government ID cards, in the year 2021.

E.g.4: A fake degree certificate racket busted in 2017 in the state of Karnataka was found to have forged nearly 160,000 Educational certificates.

The above cases are indicative of the magnitude of forgeries that are happening around us. Why do you think there’s been a sudden spike in the number of forged documents in the last decade? The answer is pretty simple. We are still majorly dependent on the century-old method of paper documents whereas advancements in computer graphics technology have enabled even a common man with basic computer graphics knowledge to create a fake document that is difficult to distinguish from the original. Moreover, paper documents take several weeks, sometimes months together to verify since it needs manual verification by the document issuer. Apart from these problems, paper documents are susceptible to physical damage, difficult to store and index.

3. Digital documents — the nuances:

Recognising the pitfalls of paper documents, several government departments have migrated to traditional digital solutions such as Digi-Locker for document issuance and verification. These solutions have a centralized data architecture, whereby, typically a centralized server maintained by the administrator stores all the document data. This data is exposed to the internet in a secure manner via various APIs for the purpose of document access and verification. These types of solutions have brought in huge efficiencies and cost savings when compared to operating on traditional paper documents. However, the stories of government documents built using centralized digital solutions are not all roses. These solutions have posed new challenges centred around security and privacy. Since Governments have moved online, there have been a rising number of cases related to hacks, data theft, data corruption and privacy violations. Let’s look at a few recent incidents to wrap our heads around the new challenges introduced:

E.g.1: In 2020, security researchers in India demonstrated a flaw in Digi-Locker that exposed data of 38 million users to the internet.

E.g.2: In 2018, data of 240,000 NEET students was sold on the internet due to insider involvement, in the State of Andhra Pradesh.

E.g.3: A security breach reported in 2018 left a billion citizens at risk of identity theft.

These are only a few of the notable cases among the hundreds of hacks that have happened in our country in recent years. When we think from the first principles, exposing centralized databases to the internet, despite taking numerous security measures, leaves a large attack surface; It’s a never-ending, cat and mouse game between the security engineers trying to secure the database and hackers looking to infiltrate the database. Even corporate giants like Facebook and Twitter, which employ the best & highly paid security researchers, have not been able to prevent data hacks of their centralized databases that are exposed to the internet.

Finally, there is the raging debate around data ownership. As the world is migrating online at a rapid pace, there is a significant movement towards citizen ownership of data. Even though paper documents are not efficient compared to traditional digital documents, two things they are really good at are document ownership and privacy. Let’s say you have been issued a matriculation certificate in paper certificate form, it’s considered an original copy and you have full ownership of the same. If any third party is interested in the content of your certificate, the only way it can access it is if you share it. This ensures the highest level of privacy. However, in the case of the majority of centralized digital solutions, you don’t really own your documents. These documents sit in a trusted third party database and your access to the same too is permissioned in nature. In an age where the de-platform phenomenon is on the rise, issuing documents using centralized digital solutions is not an ideal solution.

4. Blockchain — a solution to digital privacy and security:

The evolution of crypto powered blockchain technology has helped mankind reimagine digital ownership and security. To put it simply, blockchain is a revolutionary, bullet-proof record-keeping database with unparalleled security and decentralized ownership. In a blockchain architecture, there’s no single administrator or owner who is responsible for storing data in a single place. Instead, tens of thousands of users or nodes will maintain identical copies of a database synchronized together in real-time. No single user or actor has full control over this database. Entries into this database are governed by a consensus mechanism which makes it impossible for any insider or outsider to hack or cheat the system. Once a data entry is made to this database, the new entry is copied across all the nodes in the system to be stored permanently, making it a permanent, decentralized store of records. In order to compromise the blockchain, all the thousands of nodes need to be attacked simultaneously and this kind of attack is proven to be economically infeasible. Moreover, blockchains are open source and open state in nature with the code deployed and the historical data stored on them being completely open for anyone to view and audit.

Hence any data entered into highly decentralized, public blockchains like Ethereum cannot be modified, cannot be hacked but can be audited instantaneously. To summarize, blockchains do not have a central point of failure which neither can be bribed nor can their security be compromised. Data on the blockchains are open and easily auditable by nature, providing a transparent mechanism for instantaneous verification of data. Government departments can make use of the power of open public blockchains combined with modern cryptography to issue digital documents that are tamper-proof, hack-proof, instantaneously verifiable, whose ownership solely lies with the document holders. The answers to how blockchain digital documents work and how they mitigate the challenges faced by traditional digital solutions have been explained in the subsequent sections. However, before we get into the details, let’s look into a few of the successful real-world implementations of blockchain digital documents.

• Digital Diploma project by Massachusetts Institute of Technology (MIT): Massachusetts Institute of Technology, most commonly known as MIT, is one of the top tech universities in the world. It’s home to 97 Nobel laureates and technological inventions such as GPS, touchscreens, wearables, the world wide web, e-Ink etc. It was MIT that pioneered the use of blockchain digital documents for tamper-proof digital diplomas in 2017. Since then it has issued hundreds of student-owned, tamper-proof digital diplomas that are verifiable within a matter of minutes.
• Blockchain digital documents initiatives by Malta: Following MIT’s lead, Malta, which is currently ranked 22nd in UN’s E-Government Development Index(EGDI), became the first country to issue blockchain-powered tamper-proof education certificates (in the year 2018). This was implemented with the aim of making it a blockchain island. Following the success of educational certificates, Malta has expanded the same to Notary services by migrating to blockchain-based digital warrants.
• Singapore’s adoption of blockchain digital documents for E-Governance: Singapore, touted to be the smartest city in the world, is well known for its disruptive initiatives in E-Governance. It’s currently ranked 11th in the UN’s E-Government Development Index. Given its track record in adopting disruptive digital technologies, Singapore has doubled down quite aggressively in adopting blockchain digital documents. In 2019, Singapore rolled out “OpenCerts” , an open standard to issue and verify digital academic certificates. Under the OpenCerts initiatives, graduates from the local schools-including secondary schools, junior colleges and tertiary institutions are being given blockchain digital certificates. Going a step further, Singapore has rolled out an open standard called “HealthCerts”, aimed at issuing tamper-proof health records. The HealthCerts initiative has greatly aided Singapore’s fight against COVID by making it seamless to issue and verify Covid test reports and Vaccination certificates.

Drawing inspiration from the above implementations, we at Maharashtra State Board of Skill Development- Govt. of Maharashtra, in collaboration with LegitDoc, have implemented a blockchain standard for issuing and verifying digital diplomas belonging to our students. With this implementation, nearly 1 million digital diploma certificates belonging to a total of 8 academic years have been issued using the LegitDoc blockchain standard, making it the largest blockchain implementation in the world for educational certificates, the first of its kind in India.

5. Maharashtra State Board of Skill Development(MSBSD):

Maharashtra State Board of Skill Development (formerly known as Maharashtra State Board of Vocational Education Examination) is an educational board set up by the Government of Maharashtra in 1986. MSBSD runs various diploma courses aimed at skilling part-time dropouts as well as students who are looking to develop new competencies in order to adapt to the changing technologies as well the new socio-economic changes. Board courses are implemented at the district-taluka level in the state through a total of 1,084 training institutions approved by the board. Generally, 70,000 to 75,000 students are admitted for these courses every year. The students who have completed the training are examined by the board and the candidates who pass are given marks cards as well as graduation certificates by the board on behalf of the Government. Many of the industries in Maharashtra hire MSBSD students for their industrial readiness and the special skills acquired through the diploma courses. The certificates issued by the board help these industries to identify the skill set imparted to the applicants (students) and gauge their competency level. The hiring process is typically followed by a certificate verification request from the industries. Whenever the board receives such requests, it handles them manually and confirms the authenticity of the student certificates.

Since its inception, MSBSD has been issuing paper certificates (marks card & graduation certificate) to its students. A typical life cycle of paper certificates issued is as follows:

Certificate Issuance:

1. The training institutions conduct examinations and evaluations of students as per the directions of the board.
2. Post evaluation, individual student scores along with student data are submitted to the respective district offices (35 in number), who in turn aggregate the same and submit it to the board.
3. The board stores the student data in a local database (FoxPro).
4. The database has an export command using which PDF soft-copies of student certificates are created.
5. The PDF softcopies are printed on special paper to generate paper-based marks cards and graduation certificates.
6. The printed certificates are sorted into 35 districts at the board and dispatched to respective district offices.
7. The district offices further sort the recipient certificates based on training institute ID. Post sorting, the certificates are dispatched to respective training institutes.
8. The training institutes finally issue the certificates to their respective students.

The entire process of dispatching paper certificates, starting from creation of PDFs to receipt by students, spans about a month, requiring coordinated efforts by a minimum of 1122 personnel (Board: 3 Nos, District Offices: 35 Nos & Training institutes: 1,084 Nos), making it highly complex and laborious.

Certificate Verification:

1. Employers who receive the certificates from applicants, send a written request for verification to the board address.
2. The board has dedicated employees who handle such requests. Based on the request made, the employees scour through the student records for the purpose of verification.
3. If the student’s credentials (requested by the employer) are found to be true, the secretary of the board will send a signed verification report to the employer.

The verification process is manual in nature; Hence it takes about 3 to 4 weeks, from the moment verification request is made to the moment verification confirmation is received by the employer. Additionally, the verification process requires intervention by 4 board employees. Due to all the above reasons, we at MSBSD felt a strong need to automate our certificate issuance and verification process. However, instead of migrating to traditional digital solutions, we made a historic decision to leapfrog to blockchain digital documents leading to the largest blockchain implementation in the world for educational certificates!

6. MSBSD blockchain diploma certificates — How does it work?

MSBSD has implemented the blockchain diploma certificate issuance and verification system using the LegitDoc standard. As explained earlier, highly decentralized public blockchains do not have a central point of failure which neither can be bribed nor can their security be compromised. Data on these blockchains are open and easily auditable by nature, providing a transparent mechanism for instantaneous verification of data. LegitDoc makes use of Ethereum blockchain combined with modern cryptography to issue digital diplomas that are tamper-proof, hack-proof, instantaneously verifiable and privacy-centric. The following figure explains how this can be achieved:

LegitDoc consists of 2 software applications: i] Issuance software, ii] Verification software. The issuance software is a standalone desktop app installed at MSBSD premises that also houses student data in the FoxPro database. MSBSD generates PDFs of student certificates as usual. Instead of printing the same, the LegitDoc Issuance software application calculates the Hash(digital fingerprint) of each PDF certificate. The hash is unique to each certificate and is irreversible in nature. Given a digital certificate(PDF), no matter how many times you calculate its hash, the result is always the same. However, even a byte-level change in a digital certificate will result in drastic changes to its hash. Additionally, irrespective of the size of the certificate, the hash is always fixed in size. For example, the SHA-256 hash function always produces 32-byte size hashes irrespective of the size of document data. Click here to know more about hash and Hashing functions.

Once a certificate hash is calculated, the Issuance software will push it to be stored permanently on the blockchain, mapped against the digital signature of MSBSD. Upon successful entry of hash into the blockchain, the blockchain will return the transaction data. Subsequently, the issuer software will combine the blockchain transaction data with the original digital certificate[PDF] to form a tamper-proof blockchain certificate file [“legitdoc.zip” file]. This blockchain file is issued to respective students directly via mail. To view the certificate, students can simply open the Certificate PDF inside the “legitdoc.zip” file. Moreover, the students can share the digital certificate file with employers, as easily as sharing an image over WhatsApp.

The verification software is a WebApp hosted on the MSBSD website that points directly to the blockchain data. Any verifier with the blockchain digital file (“legitdoc.zip”) can upload it to the verification portal for the purpose of authentication. The verification portal will,

1. Separate the digital certificate (PDF) from the blockchain transaction data,
2. Calculate hash of the digital certificate,
3. Check the availability and validity of certificate hash on the blockchain with the help of blockchain transaction data.

If all three steps are successful, the student certificate is determined to be authentic. The actual working of LegitDoc is more complex compared to the process described. However, the above process gives us a high-level view of how MSBSD digital diploma certificates work.

With this top-level understanding of how blockchain-based document issuance-verification works, let us try to understand how it actually addresses the concerns we have with traditional digital solutions. In the earlier sections, we concluded that traditional solutions have 4 major problems. i,e, security, transparency, privacy and ownership. Since blockchains are highly decentralized and immutable, no single actor(admin or hacker) can change its state. (For example, the bitcoin blockchain, the most decentralized blockchain in the world, has never been hacked in its 12 years of history despite having a billion-dollar bounty on it).

This solves the problem of security issues arising either due a hacker or an insider involvement. Moreover, public blockchains like Ethereum are open source in nature; Code deployed and data stored on them is public, instantaneously auditable. This solves the problem of transparency of verification code & data. Lastly, only hashes (digital fingerprints) of documents, which themselves are of irreversible nature, are published on the blockchain. Hence no third party (including the LegitDoc team that has built the software) has any access to the student certificate or any student data. Any verifier will be able to view the certificates only if the students share the same with them. MSBSD and students alone will be the owners of the certificate, thereby solving the problem of privacy and document ownership.

Additionally, implementing the blockchain-based digital diploma system has brought in huge efficiencies to the board. The process of issuance of student certificates, which typically needed coordinated efforts by more than 1122 personnel spanning 3 to 4 weeks, can now be done by just two board staff, within a day! Moreover, the certificate verification process, which typically took around a month to complete owing to its manual nature, can now be done within 10 seconds, without the requirement of any manual intervention by the board staff.

7. Role of MSINS in implementation of LegitDoc at MSBSD:

Maharashtra State Innovation Society(MSINS) is a nodal government agency set up by the Government of Maharashtra (in 2018) to boost innovation-driven entrepreneurial ecosystems in the state. MSINS has been the key driver in making Maharashtra a startup-friendly state. Among its various initiatives, the annually held Maharashtra Startup Week Challenge is one of a kind in the country. Through this event, top-24 startups across the country working in various verticals such as Governance, Mobility, Health etc., are chosen and given direct work orders to pilot their solutions within various state departments. The event has 2 major impacts:

1. The selected startups get the best platform in the country to showcase their product or services by having a government as their first customer.
2. The government departments are given direct access to the most disruptive technologies offered by startups across the country without being constrained by the tender regulations.

Being the winner of the 2nd cohort of the Maharashtra Startup week challenge, LegitDoc (owned by CrossForge Solutions Pvt. Ltd) was introduced to MSBSD. Upon careful deliberation, LegitDoc was found to be the best platform for MSBSD to leapfrog to blockchain digital diplomas.

8. The future of blockchain digital documents in Maharashtra E-Governance:

Earlier, we understood that India has a lot of catching up to do in its E-Governance initiatives in order to become a formidable economy in the upcoming digital era. Crypto-native blockchain technology which is causing huge disintermediation to the way humans trust each other is said to be a key enabler for the world to evolve into highly efficient, inter-connected digital societies. Countries that are at the forefront of digital innovation such as Singapore have realized this trend and hence, have openly embraced blockchain by building country-wide E-Governance standards (Healthcerts, OpenCerts etc) on the same. Through the blockchain-based digital diploma certificate implementation, MSBSD has shown that India too can be a world leader in implementing disruptive technologies for the betterment of its citizens. The Maharashtra government can use this implementation as a reference project and establish a statewide blockchain standard (could be called “MahaCerts”, perhaps!) to secure and notarize all the government documents spanning verticals such as Educational Certificates, Health records, Land records, Law enforcement records, Administrative documents, Identity management etc. Similar to how “UPI” has become India’s most appreciated brand worldwide for digital payments, MahaCerts could become India’s brand, looked upon by the world, for E-notarization and E-verification of government-issued documents/records.