process. The user retrieves the certificate to verify
from its location (1) and initiates a new transac-
tion on the blockchain network, transferring the authenticity token (2) to the verification author-
ity. The authority obtains the signed content and metadata of the certificate being verified (3), which
is stored on the immutable digital ledger, and then compares them with the equivalent hash values IPFS from the off-chain copy. If the values match, the document is verified (4).
3
On-Chain Content Hash Metadata Hash
Verifies
Verified Certificate
4
Retrieves Certificate
1
Once documents and unstructured data are signed and verified—and a hash of their content and metadata are stored on a blockchain—it cre- ates an immutable and independent, verifiable record of transactions. This process is referred to as proof of existence and proof of authenticity of digital assets.
2
Proof of existence refers to creating an unalterable date and time stamp for a specific object. This means that you can prove that a certain information object—like an e-mail, document or image— existed at a certain point in time.
Proof of authenticity asserts that an object is authentic—that is, it hasn’t been changed since it was stored at the indicated time instant. This is accomplished by digitally signing an object and thus creating a hash, its unique identifier. The identifier then gets com- mitted into the distributed blockchain ledger, and the transaction gets time-stamped, as well. Because every entry in the blockchain is immutable, this means you have proof that this specific object existed at a certain point in time.
Using the same approach, an object can be verified and val- idated. A flow similar to the one I described for the signing process creates a unique identifier and verifies this unique iden- tifier against the blockchain ledger. If there’s a match, the smart contract returns the original hash value. If not, the document being verified isn’t identical to the original copy and should not be trusted implicitly. Thus, you’re able, beyond any doubt, to prove that the document, or any digital object, is authentic and existed at a certain moment in time.
The FileContract smart contract exposes a GetFile method that, given a file ID in input, returns its contract address on the block- chain. From the file contract address it’s possible to obtain the file content and metadata hash values and compare them with the hash values of the document being verified, like so:
function GetFile(string fileId) public constant returns(address fileContractAddress)
{
return Registry[fileId].FileContractAddress;
Wrapping Up
Why use blockchain to sign and verify digital assets, when solutions for electronic signature already exist and are broadly adopted in the industry? In short, blockchains remove the need for a central cer- tificate authority or central time-stamping server and enable digital signatures stored on a blockchain to live independently of the object being signed. This opens to opportunities for parallel signing and independent verification, with or without the object itself.
msdnmagazine.com
Traditional e-signing solutions store digital signatures inside the document. This means that whoever needs to check if a document is signed will have full read access to all the content in the document. Also, because the document changes with each signature, signing documents in parallel isn’t possible—everybody needs to sign the document sequentially. By signing documents on a blockchain, the object itself isn’t changed by the signature, and this enables you to sign documents in parallel and implement business rules based on mandates, 4-eyes, majority vote, seniority and the like.
Finally, but not less important, you can register multiple actions in a sequence on a blockchain. Each registration is linked to a spe- cific case, document and task performed by the parties involved, creating a chain of transactions: an auditable trail. This audit trail can be verified by authorized third parties, providing transparency, compliance and, most importantly, trust.
To learn more about the Azure Blockchain Development Kit, you can find a host of videos on Channel 9, under the “Block Talk” show (aka.ms/bcblocktalk). If you wish, you can also stay up-to-date with the latest announcements from the Azure Blockchain prod- uct group by following the @MSFTBlockchain Twitter handle (twitter.com/MSFTBlockchain).
The Azure Blockchain Development Kit project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant Microsoft the rights to use your contribution. When you submit a pull request, a CLA-bot will automatically determine whether you need to pro- vide a CLA and decorate the request appropriately (that is, add labels or comments to your code). n
Stefano tempeSta is a Microsoft Regional Director, MVP on AI and Business Applications, and member of the Blockchain Council. A regular speaker at inter- national IT conferences, including Microsoft Ignite and Tech Summit, Tempesta’s interests extend to blockchain and AI-related technologies. He created “Blogchain Space” (blogchain.space), a blog about blockchain technologies, writes for MSDN Magazine and MS Dynamics World, and publishes machine learning experiments on the Azure AI Gallery.
thankS to the following technical expert for reviewing this article: Jonathan Waldman
}
Authenticity Token
Figure 7 The Verification Actors and Process
March 2019 33