Chapter one

1.0 INTRODUCTION

This section recovers all the section processes of this chapter like background of
the study, statement of the problem, research objectives scope of the study,
research significance and research questions.

1.1 BACKGROUND

student verification system is software which is helpful for students as well as the
university authorities. In the current system all the activities are done manually. It
is very time consuming and costly. Our student verification system deals with the
various activities related to the students.

There are mainly 3 modules in this software

 Administrator Module
 Faculty Module
 Student Module.
In the Software we can register as a faculty as well as a student for every student
the authentication code and the roll no is provided by the head of the department
faculty and for the registration of a faculty the Registration ID and the
authentication code is provided by the administrator the institute.

In this project an admin can manage the faculty and take decision about the
students like deletion of any student admin is authorized to create the token for the
registration of the faculty as same as a faculty is authorized for creating token for
the registration of a student.

1.2 Problem statement

as we are aware off There are places where fake things could be done. and that
could mislead our society in an ethical and for personal information. for instance,
education such as making a fake certificate or transfer paper. Given that problem,
we are working to prevent it by building a web app that protects the system and
verifies false credentials from learning sites.

In many institutions this is very difficult to maintain student data. Due to this
reason this is very difficult to check information about any student.

Solution
Due to many reasons, we want to create a system which can handled student
information so that these difficulties can be decrease. So, we can call this
system student verification system.

1.3 Objectives

The main objective of this research is:

To verify student's certificate or transfer paper
1.3.1 Specific objectives

 To store details of quality information

 To make them available as an integrated system.

1.4 Scope of the study

 Without a student verification System, managing and maintaining the details

of the student is a tedious job for any organization.
  Student verification system will store all the details of the students including
their background information, educational qualifications, personal details
and all the information related to their resume.
1.1 Significance of the study
 protection the system of corruption.
 making certificates quality ones
 the last distinguish between the fake certificate and the correct one
1.6 Research questions

1. How to verify student’s certificate and identity?

2. why it’s a necessary storing details of quality information?

when making quality information available as an integrated system

 CHAPTER TWO

LITERATURE REVIEW

2.0 INTRODUCTION

This chapter will consist of the concepts of Server-Based Certificate Validation

Protocol, to store details of quality information, to make them available as an
integrated system, integrating web-based training into an annual training plan,
Cryptography Implementation and QR Code for Verification of the authenticity, A
Blockchain Zed Certificate Verifying Support System.

2.1 SERVER-BASED CERTIFICATE VALIDATION PROTOCOL

The Server-based Certificate Validation Protocol (SCVP) is a standard developed
by the Internet Engineering Task Force (IETF) Public- Key Infrastructure (PKIX)
working group. It was finalized as RFC 5055 in December 2007. The primary goal
of SCVP is to make it easier to deploy Public Key Infrastructure (PKI)-enabled
applications by delegating path discovery and/or validation processing to a server.
The path construction is performed by dynamically discovering the next certificate
(issuer certificate) in the chain using the Authority Information Access (AIA)
extension present in the certificate until the specified trust anchor is reached.
(IETF, December 2007)
Validation involves making sure that none of the certificates in the path is expired
or revoked and it has been issued under the appropriate certificate policy. The
SCVP protocol uses a simple request-response model. That is, a client creates a
request and sends it to the SCVP server, and then the SCVP server creates a single
response and sends it back to the client. The typical use of SCVP is over HTTP. In
general, SCVP can be useful in two kinds of scenarios (Farrell, S. and R. Housley,
April 2002.)

1. Relying parties completely delegate certification path construction and

validation to an SCVP server. This is often referred to as delegated path validation
(DPV).
2. Relying parties delegate only the certification path construction to the SCVP
server, but not validation of the returned certification path. This is referred to as
delegated path discovery (DPD). Neither mode (DPV or DPD) is better than the
other. Both are equally relevant and environmental/architectural circumstances
dictate when one is preferred over the other. (Housley, R., July2004)

For example, if the relying party has the capability to perform certification path
validation, but lacks a reliable or efficient method of constructing a valid
certification path, DPD might be an acceptable option. Moreover, if the relying
party is using the services of SCVP server(s) that is outside its Enterprise and that
it does not trust, DPD is extremely useful. On the other hand, if the relying party
has complete trust in the SCVP Server, the work of certification path construction
and validation can be delegated to the authoritative and trusted SCVP Server. Since
validation is performed by the server, operating in DPV mode ensures that policies
are consistently enforced throughout the organization. For the remainder of this
document, it is assumed that SCVP is used in the DPV mode unless explicitly
stated otherwise. (Myers, M., A., Galperin, S.,June 1999.)
The client MAY allow the server to use a cached SCVP response. When doing so,
the client MAY use the produced at item to express requirements on the freshness
of the cached response. The produced At item tells the earliest date and time at
which an acceptable cached response could have been produced. The produced at
item represents the date and time in UTC, using the GeneralizedTime type. The
value in the producedAt item is independent of the validation time (Ankney, R.,
Malpani, June 1999)
2.2 To store details of quality information
information quality is a measure of the condition of data based on factors such as
accuracy, completeness, consistency, reliability and whether it's up to date.
Measuring data quality levels can help researcher to identify data errors that need
to be resolved and assess whether the data in their IT systems is fit to serve its
intended purpose. Bad details can have significant identification consequences for
companies. Poor-quality data is often pegged as the source of operational
inaccurate analytics and ill-conceived strategies. Good Data accuracy is a key
attribute of high-quality data. To avoid incomplete identification problems in
operational systems and faulty results in analytics applications, the data that's used
must be correct. Inaccurate data needs to be identified, documented and fixed to
ensure that executives, data analysts and other end users are working with good
information
2.3 To make them available as an integrated system
Many computer assisted intervention (CAI) systems are created by integrating a
number of different devices, such as imaging, robotics, visualization, and haptics,
to solve a clinical problem. It is therefore important to consider the processes,
tools, and best practices in the area of system integration.
In very broad terms, system integration is the process of connecting different sub-
systems (components) into a single larger system that functions as one. With
regards to software solutions, system integration is typically defined as the process
of linking together various IT systems, services and/or software to enable all of
them to work functionally together
The main reason for organizations to use system integration is their need to
improve productivity and quality of their operations. The goal is to get the
organizations various IT systems to “talk to each other” through the integration, to
speed up information flows and reduce operational costs for the organization. But
system integration is not used only to connect an organization’s internal systems,
but also third parties that the organization operates with.
2.3.1 Integrating web-based training into an annual training plan
Over the years there have been a great need of easy and fasted means of verify
result/certificate to reduce the level or certificate forgery and to ease the stress and
also save the time of certificate verification which is done manually today, an
employer or anybody concern will have to come or send delegate to school to
verify a particular certificate, some employer never did and this has resulted on
accepting a forge certificate. The system can be implemented as a standalone site
(recommended) or can also be embedded in an already existing institution official
website. The aim of this study is to design an online certificate verification system
based on the verification process adopted by the university to verify her results
(Howard, n.d.)
2.4.1 Cryptography Implementation and QR Code for Verification of the
Authenticity
“In general, cryptography is the science and art of encryption that aims to maintain
the security and confidentiality of data. Cryptography also does not mean only
providing information security, but cryptography is more about the techniques
(Bhaudhayana and Widiartha, 2015).
Advanced Encryption Standard (AES) is a cryptographic algorithm that can be
used to secure data. The AES algorithm is a symmetric block ciphertext that can
encrypt (encipher) and decrypt (decipher) information. Encryption changes data
that can no longer be read called ciphertext, on the other hand decryption is
changing the ciphertext data into its original form known as plaintext. The AES
algorithm uses 128,192- and 256-bit cryptographic keys to encrypt and decrypt
data in 128-bit blocks. Previous research entitled Development of Certificate
Authentication Method Using QR Code Images made an application for letter
security. This study adds a QR Code to the certificate to make it easier to detect the
authenticity of certificate ownership information via mobile devices. From this
research, it can be concluded that the QR Code can be used quickly to verify the
certificate of a graduate of Stik bank UNISBANK University quickly and
accurately. However, the authors suggest that it is necessary to think about internet
security to encrypt diploma data (Ardhianto et all, 2016).
Another research on QR Code that has been conducted is entitled Development of
QR Code Generator Application and QR Code Reader from Image-Shaped Data.
This application is successful in making QR Code with image data, but it is
considered not feasible to be implemented in the real world because of its large
size and difficult to read (Nugraha and Munir, 2011).

The research entitled Certificate Verification System Using Qr code at the Central
Event Information creates a certificate security system with a QR Code.
Certificates that are printed through this system are added with a QR Code for
security. QR Code can be scanned using QR Code Reader on smartphone. If the
QR Code is successfully scanned, it will be redirected to a verification page which
will provide detailed information regarding certificate ownership, type of activity,
and activity time. Students can also view certificates in digital form which can be
scanned and verified so that if there is damage to the certificate it has been printed,
the student still has the digital certificate document (Febriyanto et all, 2019).

Traditional in-class face-to-face instructional methods are becoming more difficult

and costlier to deliver as instructor fees and hourly salaries of employees attending
courses rise in addition to making specific training topics available to all
members of an organization (Sprenger, 2002).

Instruction and learning can occur using a web-based, on-line, electronic

or a hybrid approach. Several EMS organizations throughout the country
have used hybrid learning delivery systems to lower training costs,
adjust topics to varying emergency responders’ schedules and deliver
quality uniform training to members as a solution to traditional learning
platforms (Eastham, 2006).

2.4 A Blockchain Zed Certificate Verifying Support System

A blockchain (Abdellaoui, A., Y.I. Khamlichi, and H. Chaoui,, 2016.) is a chain of

blocks of valid transactions. Each block includes the hash to the prior block in the
blockchain. It uses a peer-to-peer network, which means every node in the network
is connected to every other in the network. After the transaction is verified, it is
broadcasted to the network and is added to everyone copy of the blockchain.

Advantages of the blockchain technology includes:

1. Immutability: nothing on the blockchain can change any confirmed

transaction cannot be altered.

2. Permanence: A public blockchain will act as a public ledger, data will be

accessible if the blockchain remains active.

3. Removal of intermediaries: The peer-to-peer nature of the blockchain does

away with the need of
4. intermediaries. Speed: Transactions are much faster than a centrally
controlled ledger.

5. Security: Neither the node nor anyone else except the sender and the
receiver can access the data sent across the blockchain.

Bloom (Jesse Leimgruber, A.M., John Backus,, 2018.), a blockchain project for
credit scoring and identity management that uses Ethereum and IPFS. it is an all-
encompassing protocol it that it allows for each traditional and digital currency
holders to serve as lenders to users who are unable to obtain a bank account or
credit score. users will create an id contract (BloomID) to be attested by friends,
family and corporation. The BloomIQ system then reports and tracks debt
obligations, ensuing in a BloomScore as a metric of client’s credit worthiness.

The bloom protocol creates a globally portable and inclusive credit profile,
reducing the need for classic banking infrastructure and opaque, proprietary credit
score

Blockchain is a technology that has applications in the world of learning at the

institutional, group, individual, national, and even international levels.
Where this applies to all types of terms of reference such as elementary schools to
high schools, universities, colleges, fields of cooperation, scholarships, and
knowledge. With trust migrating toward technology rather than institutions,
technology is the main target compared to the old hierarchical structure. According
to Donald Clark, this technology is very decentralized. (M. Crosby, 2016))

Is a platform that protects and also shares student records using a blockchain base
on this platform is a new educational platform raised by the IBM ministry. Sony's
global education and Sony corporation announced that they will form a system on
August 10, 217, which specifically blockchain technology will be applied in the
education system. Sony will begin establishing its service offering in 2018, to
bring 150000 from all over the world by being eager to help to begin the global
mathematical challenges (M. B. Hoy, 2017).
Conclusion of the literature review

In conclusion, fake news are false stories in order create propaganda or influence
the public on a political or sociological issue with the assistance of social media,
internet, and established news sources. Fake news serves various purposes to
society such as influencing and persuade people through the means of fake
material and damaging a person, event, idea, concept, or people in general. As
shown, the three main causes are; the social media and internet impact, the rise of
unreliable news sources and fall of authoritative news outlets, and lastly the
anonymity behind the creation of fake news and misinformation advertisements.

REFERENCES

Rouse, M. (2006) Definition of Certification.

https://whatis.techtarget.com/definition/certification

ISO/IEC/IEEE (2010) ISO/IEC/IEEE International Standard—Systems and

Software

Engineering—Vocabulary 24765(E). Verification 5: Product, Service, or System

Complies with a Regulation, Requirement, Specification, or Imposed Condition.

Tran, E. (1999) Verification.

https://users.ece.cmu.edu/~koopman/des_s99/verification/

SCVP

IETF, December 2007. RFC-5055 – Server-Based Certificate Validation Protocol

DOI=http://www.ietf.org/rfc/rfc5055.txt

Cryptography

Pramusinto, W., Trya Sartana, B., Mulyati, S., & Amini, S. (2021). Implementation
of AES-192 Cryptography and QR Code to Verify The Authenticity of Budi Luhur
University Student Certificate. JURNAL PENDIDIKAN TEKNOLOGI
KEJURUAN, 3(4), 209–215. https://doi.org/10.24036/jptk.v3i4.14823

Bhaudhayana, G. W. and Widiartha, I. M., 2015. Implementasi Algoritma

Kriptografi AES 256 dan Metode Steganografi LSB Pada Gambar Bitmap. Jurnal
Ilmu Komputer Universitas Udayana, Vol 8 no 2, pp. 15–25.

Ardhianto E., Handoko, W.T, and Wahyudi, W.N., 2016. Pengembangan Metode
Otentikasi Keaslian Ijasah Dengan Memanfaatkan Gambar Qr Code. Jurnal
Teknologi Informasi Dinamik., vol. 20, no. 2, p. 106-114.

Nugraha, M.P., and Munir, R., 2011. Pengembangan Aplikasi QR Code Generator
dan QR Code Reader dari Data Berbentuk Image. Konferensi. Naional.
Informatika. – KNIF 2011, Bandung, 23 November 2011.

Blcokchain

Abdellaoui, A., Y.I. Khamlichi, and H. Chaoui, A Novel Strong Password

Generator for Improving Cloud Authentication. Procedia Computer Science, 2016.
85: p. 293-300.

Jesse Leimgruber, A.M., John Backus, Bloom Protocol:

 Decentralized credit scoring powered by Ethereum and IPFS. 2018.

Design web-based CVS

Adams, A., & Blandford, A. (2002). Acceptability of medical digital libraries.

Health

Informatics Journal, 8(2), 58-66. Adams, A., & Blandford, A. (2004).

2.1An enhanced web Base certificate verification system.