ProfileBlocks

Overview

ProfileBlocks' mission: combatting credential fraud through blockchain-anchored digital certificates:

Certificate Issuance

• Only authorized institution users can issue certificates via a secure, guided web form.
• Supports flexible certificate types: academic results, awards, and more. Metadata is entered as JSON for extensibility.
• System validates student identifiers, certificate type, and JSON structure before proceeding.
• Upon confirmation, the certificate is:
  • Hashed (Solidity keccak256 over certificate info and metadata)
  • Signed with the institution’s RSA private key (using secure backend logic)
  • Stored in the database along with signature and hash
  • Pushed to the Ethereum blockchain via a custom smart contract (CertificateRegistry)
• Issuance logs are kept for full auditability.

Only authorized institution users can issue certificates
With built in hierarchial institution model support.

Certificate Issuance
Admin users issue certificates via a secure form, with JSON metadata and validation before blockchain registration.

Profile Management
Students group certificates into profiles, sign them, and generate shareable verification links or QR codes.

Instant Verification Portal
Anyone can instantly verify a certificate or profile—checking database, signature, and blockchain status in one click.

Hashing & Cryptographic Signing

• Each certificate’s hash is generated using Solidity’s keccak256 algorithm to ensure it is unique, tamper-evident, and compatible with smart contract verification.
• The institution’s private RSA key signs the certificate hash using RSA-PSS and SHA-256.
• The resulting signature (hex) and the keccak hash of this signature are both stored, enabling robust off-chain and on-chain verification.
• All key management is handled by the backend. Private keys are never exposed to the frontend or external users.

Instant Multi-Layer Verification

• Verification is available as both a public portal for external parties and a dashboard for students/institutions.
• Anyone can verify a certificate or profile by entering a hash or following a shared link.
• Three-step verification:
  • Database existence: Checks if the certificate exists in the backend database.
  • Signature validation: Ensures the RSA signature over the hash is valid using the institution’s public key.
  • Blockchain proof: Queries the Ethereum blockchain (via Web3.py) to confirm the hash is registered and untampered.
• All verification results are visually indicated (success/failure) and can be performed in real time.

Certificate Verification Portal
Supports both Certificate and Profile Verification.

Fetch, Verify, Proceed
Execute three-step verification that you can trust.

Student Profile Management & Sharing

• Students can group certificates into named profiles, sign them with their private key, and generate a shareable link or QR code.
• Profiles are cryptographically signed and can aggregate multiple certificates for streamlined, one-click verification.
• Students control the visibility of each certificate. Certificates included in a profile must remain public to ensure verifiability.
• Employers or universities can verify the entire profile (and all included certificates) instantly through the public verification portal.

Grouping Certificates into Profiles
By selecting certificates you wish to share.

One Click Full Profile Verification
Made possible through ProfileBlocks.

Key Links & Downloads

System Architecture & Technology

• Backend: Django (Python) modular apps for accounts, institutions, certificates, profiles, blockchain integration.
• Frontend: Django Templates + Bootstrap 5 for a responsive, mobile-friendly UI.
• Blockchain: Ethereum (Solidity smart contracts), deployed to Sepolia testnet.
  Integration: Web3.py for all contract interactions.
• Database: PostgreSQL (or MySQL/SQLite for development).
• Cryptography: RSA (2048-bit) for signing, SHA-256 and keccak256 hashing.
• Security: All private keys stored server-side only; system adheres to Hong Kong’s Personal Data (Privacy) Ordinance.

Contact & Credits