FAQ
What is CERTUS?
CERTUS is an novel digital solution that allows document issuers like educational institutions, government bodies or notaries to secure sensitive paper-based and digital documents and credentials with a secure QR-code marking inserted on the document.

The tamper proof technology behind the solution enables document holders to secure lifelong proof of the validity and authenticity of their credentials. Any third-party verifiers like employers, government officials, auditors etc. have a very simple, reliable and cost-effective means to carry out independent verification without having to revert to the original issuing authority.
Why adopt CERTUS to secure certificates?
The CERTUS solution is primarily designed to help protect the reputation of issuers, safeguard trust among document holders and assure verifiers who all need a simple and low-cost means to authenticate claims. The main advantages of CERTUS are:
- Simple, reliable and cost-effective solution that is easy to implement ‐ No installation needed as CERTUS is a fully cloud-based service with seamless web/mobile app authentication.
- CERTUS secures both paper and digital documents without storing any sensitive data, which makes it a unique solution on the market.
- CERTUS provides third parties like employers, government officials, auditors etc. with a simple mean to carry out independent verification using an open and self-contained verification feature that functions independently from the issuer and does not require any special infrastructure.
- CERTUS enables document holders to have 100 percent and lifelong confidence in their ability to irrefutably authenticate/certify the content of the document issued to them and in the integrity of the issuing process.
Who is CERTUS for?
CERTUS is a versatile solution designed for use by a range of document-issuing authorities worldwide, such as educational institutions, government authorities and any other official bodies. The type of documents and records that can be protected by CERTUS includes:
- Academic Records: Degree and Diploma Certificates, Course Completion Certificate.
- Civic Records: Certificates of Birth, Death, Marriage.
- Legal Records: Notarial acts, Property Title deeds, Will, Apostille.
- Official documents: Vehicle registration, Licence to operate.
- Financial Records: Grant, Loan, Proof of insurance.
- Health Records: Prescription, Personal medical record, Licence to practice.
- Business Records: Trade licence, Tax certificate, Invoices.
Certificates, official documents and records carry lifelong importance and value for holders. CERTUS helps protect the reputation of issuers and offers peace of mind to document holders as well as a simple, reliable and cost-effective means for verifiers to carry out checks. CERTUS also helps issuers free up resources spent on traditional verification processes.
Why SICPA?
Founded in 1927 and based in Lausanne, Switzerland, SICPA is the world’s leading provider of secure identification, traceability and authentication solutions and services. Every day, governments, companies and millions of people rely on us to protect the integrity and value of their currency, personal identity, products, documents and brands. SICPA operates worldwide, with offices and factories on five continents, providing technologies and services to more than 180 countries. Making the world more secure for everyone is our business purpose.
SICPA has partnered with Guardtime, the first provider of a nationwide blockchain solution called KSI Blockchain, which has been operational for a wide range of public services in Estonia for more than a decade. CERTUS is the result of our joint efforts to ensure the integrity and reliability of public and official services in a digital society. We help governments and authorities to rethink public services in a transitional physical/digital environment, while preserving the full confidence of people and businesses in the integrity and authenticity of documents and processes.
Do issuers need to install on-premise infrastructure?
CERTUS is a software solution delivered as a service (SaaS). All functionalities of the solution are available through a web user interface secured by a https internet connection. There is no requirement for any additional software to be installed on desktops or for any additional on-premise infrastructure.
Can i integrate CERTUS into my existing processes and systems?
CERTUS’ open API allows seamless integration into your existing environment and enables Issuer to automatically manage the entire process of issuing and activating secured documents without leaving your user’s familiar environment.
What are the minimum technical requirements for CERTUS?
The CERTUS solution requires the following minimum operating requirements:
- Stable internet connection (> 5 Mbps);
- Latest version of the Edge OR Chrome web browser;
- Screen width of 1366px or more.
Can issuers revoke or expire documents?
The CERTUS document manager includes a life cycle management component. Each document (or batch of documents) can be revoked or expired at any time by the issuer, for example in the case of credentials that have a time-bound validity.

What does CERTUS secure?
CERTUS enables all parties (issuers, holders and verifiers) to have 100% confidence and trust in the integrity of certificate issuing process, and provides independent lifelong proof of:
- The date and time of issuance of the document;
- The name of the issuing authority;
- The current validity of the document (Active, Expired, Revoked);
- The authenticity of the underlying claim.
How do issuers manage secure certificates?
The CERTUS document manager enables issuers to easily generate, activate, expire and revoke documents and certificates in five simple steps.

- Using the web user interface, the issuer uploads content to be secured into the document manager;
- The CERTUS document manager generates a secure QR-code and the linked digital seal;
- The issuer downloads the secure QR-code and the digital seal, the two key elements for universal and independent verification. The document manager automatically deletes all personal information from the server leaving only the digital seal for future verification;
- The issuer activates the document by digitally signing the seal and automatically registering it in the KSI Blockchain, rendering it tamper proof for life;
- The issuer can then apply the secure QR code to the document.
What is independent and universal verification?
CERTUS generates universally verifiable documents, whatever the format – paper or digital. Any verifier such as an employer, a government official, a notary, or auditor etc. can verify, with a smartphone or a computer, paper or digital documents independently from the issuer and any third-party infrastructure.
The open verification algorithm can be executed manually and requires just three elements:
- The secured data set with the QR code;
- The cryptographic seal;
- The widely published (UK Financial Times / Twitter) Guardtime monthly security token.
A simple tool empowers anyone to fully verify the independent proof of:
- The date and time of issuance of the document;
- The name of the issuing authority;
- The authenticity of the underlying claim.
The open and self-contained CERTUS verification features allow any party to build a fully autonomous verification service and share it within its own community. To facilitate the implementation of CERTUS, SICPA also offers its own universal verifier service which allows one click verification of any CERTUS-linked certificate.

How does CERTUS guarantee lifelong verification?
The underlying mathematical proofs and the immutability of the data embedded within the KSI Blockchain technology underlying the CERTUS solution ensure verifiability for life. The public anchor of the KSI Blockchain (published every month in the UK Financial Times and on other mass media channels such as Twitter), combined with the digital seal of the CERTUS secured document, allows any verifier to run the open algorithm and guarantee the document’s integrity.
How does the verifier know the document is authentic?
Generic verification tools are available in the form of a web and mobile applications. In addition, the self-contained CERTUS verification feature allows any party to build a fully autonomous verification service and share it within its own community. The universal verification service enables any verifier to upload a digital document or scan the secure QR code of a paper document via a desktop computer or smartphone and quickly authenticate the content of the document.
How can verifiers be sure they are using the right verifier?
The CERTUS universal verification technology is an open algorithm which means that anyone can use it to build a verification application.
SICPA operates a standard verifier that serves as a point of reference (www.CERTUSdoc.com). SICPA also certifies trusted verifiers from known partners and keeps an updated that can be found here: www.CERTUSdoc.com/verifier/#/trustedPartners.
Caution: Accurate certificate authentication can only be undertaken using a trusted verifier. Fraudulent operators are known to manipulate users into utilising imitation verifiers and deceptive verification processes. The best way to verify documents is either by using the verifier service operated directly by your trusted issuer or the official SICPA verifier (www.CERTUSdoc.com).
How can holders use CERTUS to get secure certificates?
To guarantee the integrity of the issuing process and the authenticity of a holders’ certificates, the issuer of this certificate should enrol in the CERTUS network of trusted partners. Talk to your issuer about the CERTUS solution and invite him to contact us. The more issuers start protecting their assets with this universal technology the stronger the trust network will grow.
Why use secure qr code as a medium?
Machine readable QR-codes allow seamless verification of both the paper and the digital version of any certificate using largely available mobile computing devices.
Why use blockchain?
A blockchain is a trust anchor which secures the integrity of any given data. CERTUS is based upon the KSI Blockchain which assures data integrity and authenticity by underlying mathematic proofs. No individual party can change or manipulate CERTUS data and processes once it is secured by the KSI Blockchain.
What is the ksi blockchain?
The KSI Blockchain was invented in the late 1990s / early 2000s by Estonian cryptographers. The first patent was filed in 2002 and it was launched in early 2008 in an initial pilot for the Estonian Government. Since 2012, all transactions between the different databases of the various Estonian administrations are secured via the KSI Blockchain. The technology has been accredited by three major governments for deployment on government networks and secures billions of documents, not only for the Estonian Government but also for other public and private entities around the world including the North Atlantic Treaty Organization (NATO), the U.S. Department of Defense, Lockheed Martin, Boeing and Ericsson.
The KSI Blockchain has the following unique properties that make it the logical, pragmatic and reliable choice for document issuers.
- Application agnostic
- No data sharing/exposure
- Full scalability (1012/s)
- Settlement time of 1 second
- Public trust anchor
- No electricity consumption
- No cryptocurrency
- Quantum Proof
- Fully interoperable
- Running 24/7 since 2008
How is the QR code secured?
When generating a secure digital or paper document, the unique and sensitive dataset of the document is embedded in a secure QR code (the secure mark) which is applied to each document. The QR code contains two parts:
- The unique sensitive data to be protected (which do not need to be encrypted);
- A Cryptographic Signature, which acts as a mathematically indisputable cryptographic link between the data to be protected and the cryptographic seal, secured by the KSI Blockchain. It is the heart of the security mechanism which protects the integrity of the sensitive data, making the QR code content impossible to tamper with or forge.

How does CERTUS protect against tampering?
CERTUS is designed to secure simultaneously a batch of documents at a given time (a batch may contain only one document if required). In order to compute the \”cryptographic signature\” of each document, the hashes of the sensitive data of each document are aggregated and linked together to generate a \”cryptographic seal\”. This cryptographic seal thus secures the whole batch of generated documents through its mathematical link with the cryptographic signature of each document. In contrast to the document’s QR code, the cryptographic seal does not contain any sensitive or personal data.

The cryptographic signature of each secure QR code provides an indisputable mathematical path to derive the batch’s cryptographic seal and thus verify its authenticity. With access to the publicly available cryptographic seal, anyone, anywhere and at any time, can receive a document protected by CERTUS and verify the authenticity of the private data.
The cryptographic seal is further digitally signed by the issuer and secured on the KSI Blockchain making it tamper proof for life. Together, these security elements prove (i) the time of the batch generation, (ii) the identity of the issuer and (iii) the integrity of the private data, all without reliance on a central trust authority and without storing the data in a central database.
How is process integrity guaranteed?
CERTUS protects the integrity of the issuing process by generating irrefutable proofs at each step of the secured process. Prior to changing any state, the current environment is verified to make sure no irregular changes have affected the integrity of the data process. The state change is then triggered following the process definition and the new state and environment is secured by a new layer of proofs. The cumulation of all the proofs guarantees the integrity of the issuing process.

How does CERTUS protect privacy?
One of the strongest competitive advantages of CERTUS is that it secures both paper and digital documents without storing any sensitive data (the sensitive data remains only on the document and in the QR-code attached to it). After generation, the sensitive data of the document is deleted from the CERTUS servers and is not required for the verification of the documents.
CERTUS stores only the digital seals (which do not contain any sensitive data) and some meta data like the date of issuance. The issuer keeps full control of the document holder’s personal information.
Is data publicly available on the blockchain?
Personal or sensitive data is never shared with the blockchain, neither directly, nor encrypted. Only the digital seals needed to verify a secure mark are stored on the CERTUS servers, which are secured by the blockchain to ensure their lifelong immutability.