Radian: Leveraging PKI for Long-Term Validation Enabled Digital Academic Testimonials - A Case-Study

Abstract

Portable Document Formats (PDFs) are widely used throughout the world for exchanging documents. The main reason of their popularity is that this format maintains the structure of the original document without taking into consideration the software that was used to draft the document. PDFs also provide authenticity and integrity of documents by using and verifying signatures. Since this all happens digitally the security notion of the verification has to be stronger than in analog world. Nowadays digital certificates and digital contracts have equivalent importance as that of physical certificates and contracts. Digital signatures using cryptographic algorithms provide a way to verify a PDF's authenticity and integrity. In this paper, we show how Public-Key Infrastructure (PKI) can be leveraged to seamlessly deploy a solution that can revolutionize the way academic testimonials are distributed. The solution not only uses digital signatures using PKCS11 hardware tokens to provide authenticity to documents but also used an interesting feature in PDF ISO standard that allows embedding of revocation information in the document itself for allowing Long-Term Validation (LTV). All this is combined to develop Radian, a software conceived and designed in IIT Bhilai to provide digitally signed academic testimonials. These testimonials hold an immediate advantage over physical counterparts as they are tamper proof and self-contained in terms of their verification. Finally, this work showcases an interesting combination of PKI mechanism with advances in PDF technology to present a high impact use-case that can change the way academic testimonials will be issued in the future.