How does CERTUS protect against tampering?
CERTUS is designed to secure simultaneously a batch of documents at a given time (a batch may contain only one document if required). In order to compute the \”cryptographic signature\” of each document, the hashes of the sensitive data of each document are aggregated and linked together to generate a \”cryptographic seal\”. This cryptographic seal thus secures the whole batch of generated documents through its mathematical link with the cryptographic signature of each document. In contrast to the document’s QR code, the cryptographic seal does not contain any sensitive or personal data.
The cryptographic signature of each secure QR code provides an indisputable mathematical path to derive the batch’s cryptographic seal and thus verify its authenticity. With access to the publicly available cryptographic seal, anyone, anywhere and at any time, can receive a document protected by CERTUS and verify the authenticity of the private data.
The cryptographic seal is further digitally signed by the issuer and secured on the KSI Blockchain making it tamper proof for life. Together, these security elements prove (i) the time of the batch generation, (ii) the identity of the issuer and (iii) the integrity of the private data, all without reliance on a central trust authority and without storing the data in a central database.