University of Malaya Pioneers the First E-Scroll with Technology from Thales
Thales HSMs and Time Stamp Servers Help Create High Assurance Digital Credentials.
The Goal: To Create a Hard-To-Forge And Easy-To-Authenticate Degree Certificate
Many universities around the world are faced with the growing problem of counterfeit degree certificates. People who had never attended university were buying forged degrees and presenting themselves to employers as graduates. University of Malaya decided to address this problem by pioneering a digitally signed and time stamped certificate called the e-Scroll. This e-Scroll is not only hard to forge but also can be easily verified by a prospective employer.
As University of Malaya looked for a way forward to produce degree certificates that could not be forged and that could be easily authenticated, Dr. David Asirvatham, Director of IT Centre at University of Malaya, struck on the idea of an e-Scroll: a digital degree that can be digitally signed and time stamped, allowing it to be authenticated online. The potential advantages were significant. In a world where a growing number of graduates apply for jobs online, an applicant could attach an e-Scroll certificate to an online job submission, and employers would be able to quickly and easily validate its authenticity. An e-Scroll would also provide cost savings by eliminating the need to print expensive specialized paper-based certificates. Delivery of e-Scrolls is also made easy as students can login to a portal to download their e-Scroll. Most importantly, University of Malaya could virtually eliminate the negative impact of fraudulent certificates.
The challenge was in finding the right technology to implement the solution. It would need to be easy for university officials to create the certificates the graduating classes included 7,000 students on average. It would need to allow employers to authenticate the certificates quickly. Most of all, it would need to be secured in order to foil the highly sophisticated forgers who had been making a great deal of money selling counterfeit certificates.
Benefits of High Assurance Digital Signatures
Thales solutions provide a mechanism to assure the integrity and authenticity of almost any form of electronic document or message, enabling you to:
- Implement secure digital signing with high-availability solutions appropriate for critical processes
- Take advantage of high performance capabilities that can support the most demanding online applications and transaction volumes
- Employ fine-grained security controls to enforce policies requiring separation of duties, strong authentication for administrators and quorum authorized signing operations
- Accelerate deployments with standard APIs and out-of-thebox integrations
- Utilize globally respected product level security certifications such as FIPS 140-2 to streamline auditing and compliance reporting
The solution: Thales High Assurance Hardware With Digital Signature Applications From GiAT Infosys Sdn Bhd
To implement their innovative e-Scroll solution, the university chose a complete digital signature solution offered by Thales in collaboration with GiAT Infosys Sdn Bhd, a Malaysian IT provider together with their business partner, Haynik Holding Sdn Bhd. Using a specialpurpose software program, the university converts each student’s particulars and credentials into an Adobe PDF e-Scroll certificate. Each approved e-Scroll is digitally signed by the university’s Registrar and Vice Chancellor using GlobalSign® Digital IDs in an automated batch signing process. Thales nShield HSMs high-assurance tamperresistant hardware security modules provide strong protection for the digital identities of the two signatories by securely storing their private signing keys and preventing any unauthorized access. As part of the process, each e-Scroll is issued a secure time stamp against the Malaysian National Clock (located at SIRIM) by Thales Time Stamp Server. The inclusion of a protected time stamp as part of the digital signature process provides an additional layer of security indicating the exact date that the credential was issued. Paper-based certificates can be post-dated or pre-dated but not e-Scrolls.
The Challenge of Digital Signatures
Organizations use digital signatures today in a wide variety of applications. As the virtual equivalent of a traditional wet ink signature, a digital signature is intended to verify the authenticity of messages, transactions, digital documents and software, proving that the information originated with the signer and has not been altered. Digital signatures offer a host of potential benefits in addition to document security, including greater efficiencies and cost reductions realized through the automation of manual processes.
Digital signatures, however, pose a number of challenges for organizations. Because digital signatures and digital identities rely on the use of public key cryptography, the protection of private keys is critical to the integrity of the whole system. If the digital signing process is not secured, attackers can create seemingly legitimate signatures over forged data, compromising the system and the organization’s reputation. Moreover, organizations that fail to maintain adequate documentation and certification for policies and practices can risk rejection of digital signatures in certain jurisdictions. Finally, some digital signing processes can be computationally intensive, slowing down business processes and limiting their ability to scale.
Thales Digital Signature Solutions
Thales e-Security helped create a high-assurance digital signing processes that give University of Malaya valuable flexibility in automating and integrating with critical business processes. Thales offers proven, independently certified HSMs that provide a much higher level of assurance and performance versus software-based digital signing. Thales nShield HSMs meet the highest security standards, provide the capacity and performance you need, and are straightforward to deploy and manage. In addition, Thales time stamping products provide organizations with a source of trusted time for digital signing applications in which time is an important factor. By adopting industry best practices and Thales proven technology you can be confident of staying ahead of the security curve, ensuring authenticity and integrity and complying with evolving legal standards and regulatory requirements.