Smart Certificate 2.0 - Issue and share certified and trusted digital documents
CVTrust developed their Smart Certificate platform which enables institutions to digitally issue and share certified and trusted documents, which are checkable in a click.
Read on to learn how iText 7 is used in their improved Smart Certificate 2.0 platform.
Background
Founded in 2010, CVTrust recognized a need for both a way for schools, universities, training centers, companies and other organizations to digitally issue and distribute certified qualifications, and for individuals to receive and share their certified documentation and allow their verification in a secure, yet simple way. The Smart Certificate platform has become a recognized standard since it launched in 2012, and in 2015 was acknowledged by the U.S. Patent and Trademark Office with the granting of a patent for their innovative and revolutionary technology.
The success of Smart Certificate, in addition to their experience and customer base it has collected has resulted in CVTrust receiving the support of the European Commission under the “Horizon 2020 project” which aims to ensure Europe produces world-class technologies and solutions; by removing barriers to innovation and making it easier for the public and private sectors to work together in delivering innovation.
Smart Certificate 2.0 offers many improvements such as an enhanced user experience and UI, additional features, and is designed to be available as a SaaS (Software as a Service) that can be used by any organizations to issue certified and verifiable documents, whatever their purpose. It also provides an extremely advanced level of data encryption as well as complying with GDPR and privacy requirements.
Smart Certificate 2.0 also guarantees the validity of documents issued using the platform. At any time, a qualification or other accreditation can be verified by clicking a link or scanning a QR code. This ensures that anyone who claims they have attained a qualification can be proven to have done so.
Goals
- Adapt the existing PDF generation infrastructure to use the GlobalSign API
- Integrate iText 7 into the Smart Certificate back-end
- Enable the mass generation of digitally signed and secured PDFs
Challenges
For one of their largest Belgian customers, CVTrust needed to use the GlobalSign API to generate the certificates required for digital signatures. In order to achieve this, it was necessary to integrate iText 7 into the Smart Certificate back-end. The new solution using iText 7 and the GlobalSign API needed to extend the capabilities of the Smart Certificate platform, while also being easy to integrate into the existing infrastructure.
Offered solution
Smart Certificates can be downloaded as secured PDFs, containing digital signatures with certificates which prove the validity of the document, and ensure that it has not been tampered with.
As it allows PDF documents to be programmatically signed, iText has always been at the forefront of digital signature technology in PDFs. Our free ebook “Digital signatures for PDF documents” has been seen as a reference in the field since it was originally published in 2013 and led to a number of solutions using different Certificate Authorities (CA) to be developed using iText, thanks to its enterprise-grade capabilities for bulk generation of PDFs, huge userbase and reputation for standards-compliance.
One such CA is GlobalSign, which now implements iText 7 as part of its digital signing API. CVTrust had previous experience with using iText 5 for generating the PDF documents they required, though iText 7 adds support for PDF 2.0 and superior support for PAdES (PDF Advanced Electronic Signatures), along with a refined and reimplemented API and many more features. All of this continues to strengthen iText’s position as a global leader in PDF technology.
When a PDF document is signed using the Public Key Infrastructure (PKI), a message digest is created using a cryptographic hash function from all the bytes of the file, except for the area where the digital signature will be stored. This hash value is signed using a private key, and the signed hash is stored.
Anyone with the corresponding public key can view the PDF, but if the PDF is modified without being decrypted with the private key then the hash will not match, and the signature will be invalidated.
iText 7 enables the mass generation of the required PDF documents, and also handles the addition and appearance of digital signatures within the PDF. When a Smart Certificate is being awarded, the Smart Certificate platform creates a unique PDF based on a pre-existing PDF template. Then, using the GlobalSign API a verified digital signature is added to the document.
At the same time, a unique hash of the PDF is also generated and sent to the Woleet servers, in order for the hashes to be securely stored in the blockchain. CVTrust uses blockchain technology to enhance document security and make it virtually impossible to falsify, as any changes to the hash would have to be replicated across all the nodes of the blockchain.
All of this means documents are:
- Accessible in a click (including their blockchain hash/verification)
- Downloadable with a click
- Shareable with a click, e.g. on LinkedIn
- Checkable in a click (via a link/QR code), to guarantee the integrity, authenticity and validity of each document
By using iText 7 and the GlobalSign API for Smart Certificate 2.0, it enables us to mass generate PDF documents and sign them with GlobalSign certificates.
David Goldenberg, Founder & CEO - CVTrust
Result
Adapting the existing infrastructure to use iText 7 and the GlobalSign API went extremely smoothly, with no additional support required. The Smart Certificate 2.0 platform is already in operation and is currently producing around 500,000 Smart Certificate documents annually.
This number is only expected to grow as the customer base increases, and CVTrust has plans to extend the Smart Certificate 2.0 platform to cover a wider range of business uses where secure documents are issued, such as banks, healthcare companies and insurers.
Ready to use iText?
As always, if you have any technical questions, you can contact support with your valid support subscription or head over to one of our community support pages on Stack Overflow to see if your question has already been answered for our open source AGPL users.