Credentialing FAQ ( Frequently Asked Questions )

On this page, you will find answers to the most popular questions of our customers. Didn’t find what you need? Just send us a request.

General

  • Are you a European company?

    Yes, Block.co is a European company based in Nicosia, Cyprus.

  • Is forgery hard to prove?

    For forgery to be proved, valuable resources and time need to be allocated. BLOCK.CO’s solution helps you prevent forgery with blockchain technology, providing a fast and easy validation mechanism without the need for intermediaries.

  • What types of institutions benefit the most from licensing your product?

    Any institution, may it be a public one, a local authority, or any private corporation that issues documents for which they wish to have an enhanced level of security and immutability.

  • How do you link the blockchain transaction back to the certificate?

    We insert the metadata transaction ID and the Merkle proof back to the certificate once the transaction is complete.

  • Which university in Cyprus specializes in blockchain technology?

    The University of Nicosia (UNIC) in Cyprus. In 2014, UNIC became the first university globally to offer a Masters’ degree in Digital Currencies, the first university to accept bitcoin for tuition fees, and the first globally to develop a solution to issue academic certificates on the Blockchain, out of which the company BLOCK.CO was spined off.

  • Where can one find the webapp to validate the certificate?

    https://block.co/verify-credentialing

  • Where else can your validators be found?

    You can see examples of our validators as follows:

    University of Nicosia: https://www.unic.ac.cy/verify/

    University of Finance and Economics Mongolia: https://www.ufe.edu.mn/English/Default.aspx?page=9067

    Ayia Napa Municipality: https://www.ayianapa.org.cy/validator.php

    Block.co validators:

    https://validator.block.co

    https://block.co/verify-credentialing

    https://testnet-validator.block.co

    Please note that the list is not exhaustive as our technology is Open Source Code.

  • How can I see at which block height my certificate is anchored?

    Copy and paste the transaction id on any public bitcoin/litecoin block explorer to see all the details.

  • Why the Bitcoin blockchain?

    It has proved over the years to be the most secure blockchain.

  • Why is Bitcoin the most secure network?

    Proof-of-Work public blockchain security is measured by the processing power (aka hashrate, because it calculates cryptographic hashes) that the network spends on security. Bad actors need to get a majority of the hash rate to attack the network and even so they are limited to what they can do. Bitcoin is the most secure because it has the highest hash rate, so much so that even global companies and state actors cannot really be incentivized to amass that much processing power.

  • Why not Ethereum blockchain?

    We feel there is not much to gain by using Ethereum blockchain.For more insights regarding our design principles, please read the relevant article on our blog: http://staging-blockco.temp312.kinsta.cloud/design-principles-future-directions/

  • Why not use Ethereum smart contracts?

    We managed to create a solution that covers our requirements without needing complex smart contract functionality, which is prone to more attack vectors.

  • Can we use Ethereum without smart contracts?

    Yes. Our solution just requires storing some data on a public blockchain and thus it is blockchain agnostic.

  • How secure is issuing on the Litecoin blockchain?

    Being able to make attacks requires significant processing power, or hashrate. Hashrate depends on the specific hashing algorithm used by the network. As long as the network has the highest hashrate for the specific algorithm it is very secure. Bitcoin is the network with the highest hashrate on the SHA-256 algorithm. Litecoin is the network with the highest hashrate on the Scrypt algorithm.

  • Can we issue in a private blockchain? How useful or secure would that be?

    Yes, since our solution is blockchain agnostic. All is needed is to be able to store a small amount of data on that blockchain. However, using a private blockchain limits the solution significantly given that it will only be auditable and transparent for the members of the private blockchain. However, that can also have its uses.

  • Why not use PDF signatures?

    With PDF signatures, one uses the traditional centralized Public Key Infrastructure (PKI). The issuers need to register with a Certificate Authority (CA) that will verify their signature and sign in turn that it is valid. This process is centralized and has several single points of failure that we want to avoid through decentralization. Please see article on our design principles.

  • What is a cryptographic hash function?

    A hash function takes an arbitrary size of binary data and produces a fixed size random sequence of bytes, call a hash (or hash value or digital fingerprint or digest). This is a one-way process and there is no way to get back to the data from the hash value. Even the smallest modification to the original data would produce a completely different hash value which is impossible to relate with any other hash value.

  • What is a key-pair in public key cryptography?

    In public key or asymmetric cryptography, a key-pair is two keys that are mathematically related. One is called public key and the other private (or secret) key. The mathematical relation ensures that what one key can do the other key can undo. Only the public key can be shared with others. In practice, this allows two participants to exchange encrypted messages or authenticate messages via digital signatures.

  • How does signing work with public key cryptography?

    The owner of a private key can sign a message and send both the message and the signature to the recipient. The recipient can use the corresponding public key to ensure that the message was not tampered with.

  • Do we usually sign the whole digital file in asymmetric cryptography?

    For efficiency reasons we typically sign the cryptographic hash of a digital file. The hash uniquely represents the file and is faster to sign.

  • What is public key infrastructure (PKI)?

    PKI uses public key cryptography to allow for secure message exchange between participants online. More importantly it allows for uniquely identifying users/entities online, i.e., what is the public key of John Smith. John Smith will be validated the same way he would be validated in real life (ID, passport) and a digital certificate that contains John’s public key will be created and disseminated as needed. PKI, effectively tries to solve identity and secure distribution of public keys. Certificate Authorities (CAs) are the entities responsible for creating the digital certificates and are federated for scalability.

  • What is a web of trust?

    Web of Trust tries to solve the same problem as PKI in a decentralized way, i.e., without the Certificate Authorities (CA). To achieve that, it allows users to vouch for other users, e.g. John says that Mary is who she says she is, and that her public key is X. If several people, maybe known in real life, claim that a public key corresponds to Mary then others will be more inclined to trust it. Since there are several such trust connections between the participants, it is called a web of trust.

  • Do PDF signatures use public key infrastructure or web of trust? (note that PDFs support both e-signatures and digital signatures... we care for the latter)

    It uses PKI.

  • Does BLOCK.CO use public key infrastructure or web of trust?

    It uses neither (arguably, it uses a Decentralized form of PKI).It uses neither (arguably, it uses a Decentralized form of PKI).

  • Why do we say that BLOCK.CO’s solution is decentralized?

    Verifiable PDFs (or vPDFs) is the open-source technology that Block.co leverages. VPDFs allow anyone to ensure that a PDF’s integrity is secured by anchoring a hash of that PDF on a public blockchain. Since public blockchains are decentralized and immutable the hash will be tamperproof. Thus, it can be trusted that it was never modified, which allows anyone with the PDF to validate the document by consulting directly with the blockchain (and not necessarily the entity that created the PDF). In addition, we make sure that the identity of the person that created and anchored the PDF document can be validated in a decentralized way by consulting several public online resources that the entity controls.

  • In what way is it and how does it differentiate with the traditional solutions like PKI? I.e. Why would someone use our vPDFs instead of the traditional PKI signature scheme that PDFs support natively?

    PKI signature scheme with CAs issuing digital certificates has been in operation for many years. It works, albeit not without issues. There have been several occasions that CAs have been hacked (and in some cases it was even an inside job) so that certificates, and thus all security depending on them, were compromised. I.e. CAs are a central point of failure. vPDFs provide a practical way to ensure that several public online sources are consulted to ensure identification of an entity’s public key thus improving on the centralized nature of CAs. The actual data and signatures are also immutable and tamperproof further improving on trustworthiness.

    In addition, the PDF signature mechanism makes use of a feature called Incremental Updates to add signatures which was proved to be prone to several attacks, effectively bypassing the signature. VPDFs use the simpler and more practical solution of hashing the entire document, therefore eliminating this type of attacks.

  • What is a Bitcoin address?

    A bitcoin address is constructed by the public key of a key-pair. It can be thought of as an account in Bitcoin where you can receive funds and send funds from.

  • How do we (in BLOCK.CO) uniquely identify a client in public?

    From the client's Bitcoin address which can be seen during validation. All different identity mechanisms used to ensure the client’s identity are also displayed, to a user validating a vPDF document.

  • How does a validator verify the identity of a client? We currently use two methods. Which ones? Are they decentralized?

    We currently make use of three methods although more can be easily added according to the clients’ requirements. First, a domain name verification is used where our client proves ownership of a domain name that they are using. Second, Block.co provides a verification service that can also be used. And finally, a GitHub verification method can be used where the client uses their GitHub account to prove ownership of their identity.

    Although, each one of the identity verification methods above are centralized, when used in conjunction ensure that there is no centralized point of failure.

  • When we say issuing/anchoring to the blockchain what do we mean, i.e. what are we issuing/anchoring/storing to the blockchain?

    We are issuing/anchoring/storing the cryptographic hash of the digital document. This is an over-simplification that we use for the purpose of this Q&A. In reality more data are stored based on a meta-protocol that has been constructed to allow for additional functionality like timestamping, batching, etc.

  • How does BLOCK.CO ensures that a PDF file is not tampered with? I.e. what does a vPDF contain that a PDF does not?

    A vPDF contains a blockchain proof in the metadata (the non-visible, machine-readable part of the PDF). The proof can be used to validate the document.

  • Why do we say that our PDFs are self-contained and self-verifiable?

    Our vPDFs are self-contained as they include the blockchain proof within the document itself. They are self-verifiable because you do not need any software download to verify its authenticity, just drag’n’drop on an open-source validator that anyone can host.

  • Do the self-contained/self-verifiable attributes tamper with the PDF?

    We add the PDF metadata in a deterministic way which allows us to remove them without influencing the integrity of the remaining document.

  • If the Bitcoin is immutable how do we revoke erroneous issuances?

    We add additional transactions that can invalidate previous transactions according to the meta-protocol that we have designed and implemented.

Features  

  • Can digital documents be issued in bulk?

    Yes. Thousands of documents can be issued in a single transaction.

  • Can documents have an expiry date, as this may be necessary?

    Expiration dates can be set during the issuance phase as part of the embedded metadata. Therefore, when the validity period lapses, the verification process will indicate that the document has expired.

  • Can documents be revoked in case of a mistake or a change in circumstances?

    Indeed. We have developed a methodology whereby documents can be revoked in case there is a need for that.

  • What happens to the issued documents if for whatever reason our account is discontinued?

    Any already issued document has no ongoing dependence on Block.co. These records are anchored on the blockchain that recipients own them for a lifetime.

  • We use a document or license number unique to our organization - can we use that one instead?

    Yes. BLOCK.CO allows you to upload and display all sorts of custom data on your document designs. In this case, you can use your unique number as a custom attribute on the document.

User Experience

  • How does the issuance work?

    ISSUANCE OF DOCUMENTS
    Metadata relating to the document is attached to a PDF file.
    A fingerprint of the whole document (PDF incl. the metadata) is included in a blockchain transaction.
    The transaction details are added back to the metadata on the PDF file.
    The vPDF documents are disseminated to owners.

  • How does the validation work?

    VALIDATION OF DOCUMENTS
    Go to an online validator found on issuer’s and other websites.
    Upload the VPDF file.
    Get an immediate response as to its validity including detailed information.

  • How does the revocation or expiry work?

    REVOCATION OF DOCUMENTS
    An additional transaction is created on the Blockchain that
    invalidates previous records without erasing audit trail. You may also set a date for an automatic expiry in the future.

  • What are the technical details that can be seen when you validate a vPDF?

    During validation, a user validating a vPDF document will see the blockchain address that uniquely identifies the entity that anchored (or issued) PDFs. There also is a technical section that displays which blockchain and in exactly which transaction is the PDF’s hash stored. Finally, a timestamp of exactly when the document was anchored on the blockchain is displayed.

  • In which ways can our clients interact and use our services?

    We provide a SaaS (or BaaS) platform that greatly simplifies the process of creating vPDFs. We also provide an API that allows programmatic access to the same functionality allowing complex integrations with other platforms.

  • We would like to be further educated about the product before committing to its adoption. Do you provide any kind of training?

    Indeed, we do. We in fact consider this as a must for us to also get a better understanding of your company’s specific needs, requirements, and structure, so that we can deliver a product that best fits your profile.

  • Do we need to have a digital wallet set up through which to make the bitcoin transactions or can you take care of it for us?

    We can certainly take care of it for you.

  • Does our organization have to setup a blockchain node or manage a crypto-currency?

    No. BLOCK.CO makes it easy to anchor records on a blockchain and manages the transaction fees for you behind the scenes.

  • Do we need people with programming skills in order to use BLOCK.CO?

    No. Our issuing system is a web-based application and can be used by anyone with basic administrative skills.

  • What does a user receive when a document was issued? a PDF? A link?

    Recipients receive their vPDF documents via email, and are able to share them for a decentralized and independent validation with whoever they choose to.

  • Who sends the self-verifiable documents? You? Us?

    You have full control over the recipients, the appearance and other email settings through our platform.

Privacy-Data

  • How compliant is Blockchain with GDPR legislation?

    The issue of Blockchain and GDPR compliance is one that will be discussed for some time still and until legislators decide to do something about it. GDPR legislation was passed in a pre-blockchain era and was fashioned with an implicit assumption that a database is a centralized mechanism for collecting, storing and processing of data. Which of course is no longer the case especially with public blockchains. In discussions we had with MEPs, they confirmed that GDPR legislation is meant primarily to protect against very large corporations exploiting their users’/clients’ personal data to make a profit. On the positive side, both GDPR and Blockchain at heart share the objective of data sovereignty, so blockchain could become a tool to achieve this objective. Blockchain could in theory make it easier for platforms and applications to become GDPR compliant by having this compliance inserted in the code, thus supporting data protection by design, one of the law’s primary objectives.

  • How is the issuer identity verified?

    The identity of the issuer is important and needs to be verified. We deal with this by including several identity verification mechanisms. Right now, we support two such mechanisms. One is domain verification where the identity is proved by proving ownership of a specific Domain Name Server (DNS). Additionally, we provide a Block.co verification service where we take care of manually verifying the issuers. More verification methods will follow, like Keybase, Github or social media accounts.

  • Is there any possibility you would share, sell, distribute, document holders information?

    No. Our agreements clearly state that we’re not able to share your data with any third party that’s not bound by our data privacy agreement and that isn’t named on our data privacy agreement.

  • Does the data contained on Block.co belong to users or BLOCK.CO?

    You’re always able to remove data you’ve provided to BLOCK.CO from our platform.

  • Can I get my data off of the system if I decide to stop using BLOCK.CO?

    Yes, this may be easily done. You can export your issuance data as a spreadsheet, and your certificates as PDFs at any time, free of charge. You may also submit a request at any time to oc.kcolb%40seiriuqne if you’d like BLOCK.CO to remove data that you’ve provided to our platform.

  • If we decide to stop using BLOCK.CO, do our vPDFs still work?

    Your vPDF will be working fine, and vPDF recipients will be able to use them even if you stop using Block.co or even in the case that BLOCK.CO does not exist as an entity. You can visit or deploy the open source validating tool at any point and continue using the self-verifiable and self-contained digital documents at your will.

Getting Started

  • What pricing plans do you offer?

    BLOCK.CO offers tailor made packages to accommodate your organization's individual needs.

  • Is your pricing in Euros?

    Yes.

  • Do you accept cryptocurrency as payment?

    Talk with one of our client service officers.

  • Can we at any time, based on our growth, upgrade our package?

    Yes.

  • We'd like to use BLOCK.CO. What are our next steps?

    Contact us today to discuss your requirements and provide you with a bespoke package.

Integrations

  • Can the product be hosted on existing legacy system?

    Yes, but extra charges will be levied.

  • Can we have custom branding on our accounts and issued records?

    Indeed. The product allows you to brand your records however you see fit. Also, if you choose to disseminate your blockchain-anchored documents using our "public links" or "QR code" features, there's the option to serve them under a subdomain of your organization.

  • At what GitHub address is the final version of your technology?

    https://github.com/verifiable-pdfs/blockchain-certificates

  • Will our IT department have to carry out any configuration work that would be necessary?

    All configuration work will be carried out by us, but we will, however, require a contact person in your IT department to work with during the setup/configuration process and also for any account maintenance work.

  • What systems do you integrate with?

    We provide access to our API so anyone interested can build an integration with their internal or external system of choice. You can find the API documentation here: https://api.block.co

NFT FAQ ( Frequently Asked Questions )

On this page, you will find answers to the most popular questions of our customers. Didn’t find what you need? Just send us a request.

General

  • What is an NFT? (Non-Fungible Token)

    A non-fungible token is a unit of data stored on a digital ledger, called a blockchain, that certifies a digital asset to be unique and therefore not interchangeable.​Simply put, a non-fungible token is a one-of-a-kind asset that lives online and is managed in a digital ledger.​
    The "non-fungible" part of the name means they are not mutually interchangeable and cannot be replaced or exchanged with one another.

  • How do NFTs work in general?

    Non-fungible tokens and their smart contracts allow for detailed attributes to be added, like the identity of the owner, rich metadata, or secure file links. The potent of non-fungible tokens to immutably prove digital ownership is an important progression for an increasingly digital world. They could see blockchain’s promise of trust-less security applied to the ownership or exchange of almost any asset.

  • What is the value in NFTs for Brands?

    NFTs provide many benefits and added value to marketeers, such as:
    ● It is the latest thing in tech● Appeals to younger and tech-savvy crowds● Differentiates● Provides something truly special and unique● In acknowledgement of● Creates an affiliation, a bond and an expectation for future NFT items● Creates a community● Could be used to support community foundations● Reinforces connection with a brand● Could have monetary value in time● Provides valuable information about users and clients

  • How do you claim an NFT from BLOCK.CO's platform?

    Step1: Scan a QR code or receive a link via email that will redirect you to the registration/claim page.Step2: Provide your personal details/emailStep3: Claim the NFTStep4: Transfer the NFT to your wallet (in case you have one). If not, set up your blockchain wallet address with the help of our guidelines and claim your NFTStep5: Create an account as a client of the issuer to register and claim NFTs. Alternatively, receive the NFT in your blockchain wallet address in Step 1.

  • What is the value in NFTs?

    NFTs provide many benefits and added value to products, such as:
    ● Verifiable uniqueness● Emotional attachment● Being part of the tech revolution● Imposing scarcity on non-scarce items● Performance● Turning stories into scarce assets● Reflecting on the appreciation of moments● New monetization models

  • How do the BLOCK.CO NFTs work?

    Each NFT includes a unique identification code that’s recorded on a blockchain like Ethereum. When you buy/receive an NFT, you own the underlying code and the rights to the asset. A public record of ownership is then encoded into the blockchain, which makes it indisputable. ​Someone might be able to take a screenshot of the asset, but they won’t be able to copy the actual code behind it. This is a powerful protection against fraud and counterfeits.​