ISSUANCE OF DOCUMENTS
Metadata relating to the document is attached to a PDF file.
A fingerprint of the whole document (PDF incl. the metadata) is included in a blockchain transaction.
The transaction details are added back to the metadata on the PDF file.
The vPDF documents are disseminated to owners.
Can digital documents be issued in bulk?blockco12022-05-30T17:22:23+03:00
Expiration dates can be set during the issuance phase as part of the embedded metadata. Therefore, when the validity period lapses, the verification process will indicate that the document has expired.
Can the product be hosted on existing legacy system?blockco12022-05-31T15:47:11+03:00
Indeed. The product allows you to brand your records however you see fit. Also, if you choose to disseminate your blockchain-anchored documents using our “public links” or “QR code” features, there’s the option to serve them under a subdomain of your organization.
What pricing plans do you offer?blockco12022-09-26T11:45:04+03:00
The issue of Blockchain and GDPR compliance is one that will be discussed for some time still and until legislators decide to do something about it. GDPR legislation was passed in a pre-blockchain era and was fashioned with an implicit assumption that a database is a centralized mechanism for collecting, storing and processing of data. Which of course is no longer the case especially with public blockchains. In discussions we had with MEPs, they confirmed that GDPR legislation is meant primarily to protect against very large corporations exploiting their users’/clients’ personal data to make a profit. On the positive side, both GDPR and Blockchain at heart share the objective of data sovereignty, so blockchain could become a tool to achieve this objective. Blockchain could in theory make it easier for platforms and applications to become GDPR compliant by having this compliance inserted in the code, thus supporting data protection by design, one of the law’s primary objectives.
We’d like to use Block.co. What are our next steps?blockco12022-09-26T11:41:44+03:00
The identity of the issuer is important and needs to be verified. We deal with this by including several identity verification mechanisms. Right now, we support two such mechanisms. One is domain verification where the identity is proved by proving ownership of a specific Domain Name Server (DNS). Additionally, we provide a Block.co verification service where we take care of manually verifying the issuers. More verification methods will follow, like Keybase, Github or social media accounts.
Is there any possibility you would share, sell, distribute, document holders information?blockco12022-05-31T14:18:04+03:00
Yes, this may be easily done. You can export your issuance data as a spreadsheet, and your certificates as PDFs at any time, free of charge. You may also submit a request at any time to firstname.lastname@example.org if you’d like Block.co to remove data that you’ve provided to our platform.
If we decide to stop using Block.co, do our vPDFs still work?blockco12022-09-26T11:47:23+03:00
Your vPDF will be working fine, and vPDF recipients will be able to use them even if you stop using Block.co or even in the case that Block.co does not exist as an entity. You can visit or deploy the open source validating tool at any point and continue using the self-verifiable and self-contained digital documents at your will.
How does the validation work?blockco12022-05-31T11:45:51+03:00
REVOCATION OF DOCUMENTS
An additional transaction is created on the Blockchain that
invalidates previous records without erasing audit trail. You may also set a date for an automatic expiry in the future.
What are the technical details that can be seen when you validate a vPDF?blockco12022-05-31T11:52:51+03:00
During validation, a user validating a vPDF document will see the blockchain address that uniquely identifies the entity that anchored (or issued) PDFs. There also is a technical section that displays which blockchain and in exactly which transaction is the PDF’s hash stored. Finally, a timestamp of exactly when the document was anchored on the blockchain is displayed.
In which ways can our clients interact and use our services?blockco12022-05-31T11:54:24+03:00
We provide a SaaS (or BaaS) platform that greatly simplifies the process of creating vPDFs. We also provide an API that allows programmatic access to the same functionality allowing complex integrations with other platforms.
We would like to be further educated about the product before committing to its adoption. Do you provide any kind of training?blockco12022-05-31T12:09:13+03:00
Indeed, we do. We in fact consider this as a must for us to also get a better understanding of your company’s specific needs, requirements, and structure, so that we can deliver a product that best fits your profile.
Do we need to have a digital wallet set up through which to make the bitcoin transactions or can you take care of it for us?blockco12022-05-31T12:10:46+03:00
For forgery to be proved, valuable resources and time need to be allocated. Block.co’s solution helps you prevent forgery with blockchain technology, providing a fast and easy validation mechanism without the need for intermediaries.
What types of institutions benefit the most from licensing your product?Andreas Kitsios2022-05-27T17:27:37+03:00
The University of Nicosia (UNIC) in Cyprus. In 2014, UNIC became the first university globally to offer a Masters’ degree in Digital Currencies, the first university to accept bitcoin for tuition fees, and the first globally to develop a solution to issue academic certificates on the Blockchain, out of which the company Block.co was spined off.
Where can one find the webapp to validate the certificate?Andreas Kitsios2022-05-30T10:18:16+03:00
Proof-of-Work public blockchain security is measured by the processing power (aka hashrate, because it calculates cryptographic hashes) that the network spends on security. Bad actors need to get a majority of the hash rate to attack the network and even so they are limited to what they can do. Bitcoin is the most secure because it has the highest hash rate, so much so that even global companies and state actors cannot really be incentivized to amass that much processing power.
Why not Ethereum blockchain?blockco12022-05-30T10:20:07+03:00
We feel there is not much to gain by using Ethereum blockchain.For more insights regarding our design principles, please read the relevant article on our blog: http://staging-blockco.temp312.kinsta.cloud/design-principles-future-directions/
Why not use Ethereum smart contracts?blockco12022-05-30T10:23:59+03:00
Being able to make attacks requires significant processing power, or hashrate. Hashrate depends on the specific hashing algorithm used by the network. As long as the network has the highest hashrate for the specific algorithm it is very secure. Bitcoin is the network with the highest hashrate on the SHA-256 algorithm. Litecoin is the network with the highest hashrate on the Scrypt algorithm.
Can we issue in a private blockchain? How useful or secure would that be?blockco12022-05-30T10:46:18+03:00
Yes, since our solution is blockchain agnostic. All is needed is to be able to store a small amount of data on that blockchain. However, using a private blockchain limits the solution significantly given that it will only be auditable and transparent for the members of the private blockchain. However, that can also have its uses.
Why not use PDF signatures?blockco12022-05-30T11:09:36+03:00
With PDF signatures, one uses the traditional centralized Public Key Infrastructure (PKI). The issuers need to register with a Certificate Authority (CA) that will verify their signature and sign in turn that it is valid. This process is centralized and has several single points of failure that we want to avoid through decentralization. Please see article on our design principles.
What is a cryptographic hash function?blockco12022-05-30T11:17:19+03:00
A hash function takes an arbitrary size of binary data and produces a fixed size random sequence of bytes, call a hash (or hash value or digital fingerprint or digest). This is a one-way process and there is no way to get back to the data from the hash value. Even the smallest modification to the original data would produce a completely different hash value which is impossible to relate with any other hash value.
What is a key-pair in public key cryptography?blockco12022-05-30T11:19:23+03:00
In public key or asymmetric cryptography, a key-pair is two keys that are mathematically related. One is called public key and the other private (or secret) key. The mathematical relation ensures that what one key can do the other key can undo. Only the public key can be shared with others. In practice, this allows two participants to exchange encrypted messages or authenticate messages via digital signatures.
How does signing work with public key cryptography?blockco12022-05-30T11:34:13+03:00
The owner of a private key can sign a message and send both the message and the signature to the recipient. The recipient can use the corresponding public key to ensure that the message was not tampered with.
Do we usually sign the whole digital file in asymmetric cryptography?blockco12022-05-30T11:43:05+03:00
PKI uses public key cryptography to allow for secure message exchange between participants online. More importantly it allows for uniquely identifying users/entities online, i.e., what is the public key of John Smith. John Smith will be validated the same way he would be validated in real life (ID, passport) and a digital certificate that contains John’s public key will be created and disseminated as needed. PKI, effectively tries to solve identity and secure distribution of public keys. Certificate Authorities (CAs) are the entities responsible for creating the digital certificates and are federated for scalability.
What is a web of trust?blockco12022-05-30T12:13:22+03:00
Web of Trust tries to solve the same problem as PKI in a decentralized way, i.e., without the Certificate Authorities (CA). To achieve that, it allows users to vouch for other users, e.g. John says that Mary is who she says she is, and that her public key is X. If several people, maybe known in real life, claim that a public key corresponds to Mary then others will be more inclined to trust it. Since there are several such trust connections between the participants, it is called a web of trust.
Do PDF signatures use public key infrastructure or web of trust? (note that PDFs support both e-signatures and digital signatures… we care for the latter)blockco12022-05-30T12:49:18+03:00
Verifiable PDFs (or vPDFs) is the open-source technology that Block.co leverages. VPDFs allow anyone to ensure that a PDF’s integrity is secured by anchoring a hash of that PDF on a public blockchain. Since public blockchains are decentralized and immutable the hash will be tamperproof. Thus, it can be trusted that it was never modified, which allows anyone with the PDF to validate the document by consulting directly with the blockchain (and not necessarily the entity that created the PDF). In addition, we make sure that the identity of the person that created and anchored the PDF document can be validated in a decentralized way by consulting several public online resources that the entity controls.
In what way is it and how does it differentiate with the traditional solutions like PKI? I.e. Why would someone use our vPDFs instead of the traditional PKI signature scheme that PDFs support natively?blockco12022-05-30T16:08:33+03:00
PKI signature scheme with CAs issuing digital certificates has been in operation for many years. It works, albeit not without issues. There have been several occasions that CAs have been hacked (and in some cases it was even an inside job) so that certificates, and thus all security depending on them, were compromised. I.e. CAs are a central point of failure. vPDFs provide a practical way to ensure that several public online sources are consulted to ensure identification of an entity’s public key thus improving on the centralized nature of CAs. The actual data and signatures are also immutable and tamperproof further improving on trustworthiness.
In addition, the PDF signature mechanism makes use of a feature called Incremental Updates to add signatures which was proved to be prone to several attacks, effectively bypassing the signature. VPDFs use the simpler and more practical solution of hashing the entire document, therefore eliminating this type of attacks.
What is a Bitcoin address?blockco12022-05-30T16:09:42+03:00
We currently make use of three methods although more can be easily added according to the clients’ requirements. First, a domain name verification is used where our client proves ownership of a domain name that they are using. Second, Block.co provides a verification service that can also be used. And finally, a GitHub verification method can be used where the client uses their GitHub account to prove ownership of their identity.
Although, each one of the identity verification methods above are centralized, when used in conjunction ensure that there is no centralized point of failure.
When we say issuing/anchoring to the blockchain what do we mean, i.e. what are we issuing/anchoring/storing to the blockchain?blockco12022-05-30T16:13:35+03:00
We are issuing/anchoring/storing the cryptographic hash of the digital document. This is an over-simplification that we use for the purpose of this Q&A. In reality more data are stored based on a meta-protocol that has been constructed to allow for additional functionality like timestamping, batching, etc.
How does Block.co ensures that a PDF file is not tampered with? I.e. what does a vPDF contain that a PDF does not?blockco12022-09-26T11:44:17+03:00
Our vPDFs are self-contained as they include the blockchain proof within the document itself. They are self-verifiable because you do not need any software download to verify its authenticity, just drag’n’drop on an open-source validator that anyone can host.
Do the self-contained/self-verifiable attributes tamper with the PDF?blockco12022-05-30T16:16:59+03:00
All configuration work will be carried out by us, but we will, however, require a contact person in your IT department to work with during the setup/configuration process and also for any account maintenance work.
What systems do you integrate with?blockco12022-06-03T14:30:17+03:00