For my CAS transfer project, I chose to focus on a very practical problem:
How can important company record documents be secured while remaining easy to verify, even many years later?
Examples quickly come to mind:
- company statutes and official filings
- training and education certificates
- professional qualifications
- compliance and audit documentation
Today, verifying such documents is often inefficient. It typically involves emails, phone calls, manual checks, or trust in internal systems that may no longer exist in the future. In some cases, verification becomes impossible simply because the original issuing system has been replaced.
At the same time, fully storing documents on a blockchain is neither sensible nor appropriate — for legal, privacy, and operational reasons.
How the Prototype Works
The prototype I built deliberately takes a conservative, realistic approach.
The documents themselves are stored securely off-chain, using conventional storage mechanisms that organisations already trust and understand. No sensitive content is written to the blockchain.
Instead, only a unique cryptographic fingerprint (hash) of each document, along with minimal metadata, is anchored on a permissioned blockchain network. This fingerprint is mathematically tied to the document’s content. If even a single character changes, the fingerprint no longer matches.
This makes it possible to instantly verify:
- that a document is authentic
- that it has not been altered
- that it existed in exactly this form at a specific point in time
Verification can be done independently, without contacting the issuing organisation or relying on a central database.
To manage who is allowed to issue or verify documents, the system uses Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs). These allow organisations to prove their role, for example, as a company, training provider, or authority, without fragile username/password setups.
Identity proofing can be linked to established mechanisms such as Swiss e-ID, keeping the model aligned with existing legal and institutional frameworks as well as ready for future changes in society.
What This Enables in Practice
While working on the prototype, it quickly became clear how broadly applicable this approach is.
In practice, it enables:
- no more emails or phone calls just to verify a certificate
- strong protection against fake or altered documents
- A.I. generated documents are easy to identify
- portable, long-term proof that remains valid even if systems or providers change
- reduced administrative effort for organisations issuing or checking records
Importantly, none of this requires public blockchains, tokens, or speculative components. The network can be permissioned, predictable, and operated by known participants, which is often exactly what compliance-heavy and conservative environments prefer.
Academic Validation and Realism
The academic feedback on the project was very positive. I was told that the scope and depth exceeded what is normally expected for a CAS project, particularly given that it was developed independently.
More importantly, the approach itself was confirmed as technically sound and aligned with real-world use cases, including ideas already being discussed around blockchain-secured certificates and records.
There are, of course, organisational and political hurdles, especially in public-sector contexts. But these are not technical problems. From an implementation perspective, the model is viable today.
From Prototype to Implementation Readiness
Although this started as a learning project, it did not remain a purely academic exercise.
As part of the work, I researched and addressed practical implementation details that matter in real deployments, including:
- QR codes for simple verification access
- secure web-based verification flows
- protection against fake or misleading verification links
- long-term operability and system independence
As a result, I am now in a position to adapt and implement similar solutions for real organisations, whether as:
- a simple hosted setup
- an on-premise deployment
- an integration into existing systems
- or hands-on consulting and architectural support
The emphasis remains on reliability, clarity, and long-term trust, not on technological novelty for its own sake.
A Calm Next Step
I am currently exploring how this work could be applied in real organisational contexts, particularly where documents must remain trustworthy over many years.
If you work with training, certification, compliance documentation, or other long-lived records, and think this could be useful, I am happy to demonstrate the prototype in a short, informal conversation. Contact
Sometimes the most valuable digital solutions are the ones that are quietly reliable, straightforward to use, and still work long after the original system has been replaced.
