Case Study

Trust (or not) but verify: Infosys uses Hyperledger Indy and ACA-Py to create fast, secure, and private credential verification

Trust (or not) but verify: Infosys uses Hyperledger Indy and ACA-Py to create fast, secure, and private credential verification

Summary: 

PROJECT NAME: LEX Verifiable Credentials

● Individuals maintain control over their data and what is shared
● Information is easy to share
● Verifiers have confidence that certifications are accurate
● Built on Hyperledger Indy, an LF Decentralized Trust project, and OpenWallet Foundation’s ACA-Py

Business

Goals

  • Make verifying credentials seamless, trustworthy, and secure
  • Protect the privacy of users and give them control over their own credentials
  • Reduce the time and cost of verifying credentials

Systematic

Approach

  1. Understand the hidden costs of unvalidated verification
  2. Identify the necessary technology
  3. Bringing the solution together with Hyperledger Indy and ACA-Py
  4. Roll out the platform to Infosys employees
Proven

Results

  • Successfully rolled out the platform to over 300,000 employees.
  • More than 150k badges issued on the platform in less than a year
  • Users appreciate having control over sharing their data
  • Faster credential checking with verifiable accuracy

With seemingly endless access to information, it should be easy for a company to verify someone has the credentials they say they have, shouldn’t it? 

In some cases, it is. Many universities and educational institutions have verification portals. Or they have a process to request verification. But not all do. 

And, if there’s no easy way to confirm a degree or certification, how can you tell if it’s legitimate? 

Even with complete trust in the source's legitimacy, verification may not be easy. 

For example, Infosys is a global leader and consultant for next-generation digital services. The company also provides courses and training to its 300,000+ employees through its online education platform, Lex.

Lex issued electronic “badges” when employees completed a course. The information was predominantly shared within the company, which held the records, but the internal system still had verification problems Infosys wanted to solve.

“The core challenges we set out to tackle revolved around elevating trust, fortifying security, eliminating fraud, and establishing an immutable framework for verifying learning achievements within Lex,” said Ashima Seth, Principal Blockchain Consultant at Infosys. 

Infosys also wanted to put control over credential sharing into the hands of its employees. 

The company knew if they could create a system that worked for them, it would work for other educational platforms, too. 

It also knew the solution would be blockchain based. The immutable nature of blockchain would ensure credentials couldn't be altered once issued, while its decentralized structure would enable privacy-preserving verification without requiring constant access to a central authority. Most importantly, blockchain's cryptographic foundations would allow for secure credential issuance and trustworthy verification without compromising user privacy.

Blockchain itself was a mature technology when Infosys first started considering these changes. Unfortunately, Self-Sovereign Identity (SSI) frameworks were not. And Infosys needed one to build the solution they envisioned. 

So they waited. 

Finally, SSI matured enough to make their solution a reality. And Infosys was more than ready to use it.

“The core challenges we set out to tackle revolved around elevating trust, fortifying security, eliminating fraud, and establishing an immutable framework for verifying learning achievements within Lex,” 

Ashima Seth, Principal Blockchain Consultant at Infosys. 

 

Understanding the hidden costs of unvalidated verification

If an Infosys manager required more verifiable proof than a screenshot of a Lex Badge, there was no easy process. They’d need to coordinate with HR and Lex platform admins. This took time, resulting in lost production. It also meant employees weren’t in control over who was seeing what, which meant the company was at risk of violating privacy. 

But at least they would ultimately receive confirmation they could rely on. 

That’s not always the case. 

In August 2023, ResumeLab, a service provider for job seekers, surveyed US-based workers about their job application behaviors. Seven of ten respondents admitted to lying during a job search. Specifically, 11% admitted to lying about their education credentials. 

The sample size was small. And self-reported data can’t be verified…though in these surveys, undesirable activities are usually underreported, not overreported. 

There’s no information on how many people who fabricated their credentials get hired. But some undoubtedly do. 

Imagine you found out even just 1%-2% of your talent didn’t have the experience they claimed.

Filling any position costs about 150% of an employee's salary to recruit, hire, and train their replacement. 

Replacing someone because of fraud has other potential impacts as well:

  • Loss of production
  • Loss of a customer or client, if a specific account was affected
  • Loss of reputation, if they share their story
  • Loss of trust between employees and their colleagues and managers, which decreases morale and could cause more workers to leave, further increasing replacement costs. 
  • Loss of potential employees, if they hear that working conditions aren’t great

But revenue loss from unverifiable information doesn’t happen only if there’s fraud. It can come from missed opportunities.

Picture this scenario: You’re about to win an impressive project with a prestigious client. All you need is an IT specialist with a particular certification. Fortunately, you have the perfect person on your team. 

Unfortunately, the client won’t accept unverifiable proof, and you only have a copy of the completion certificate. You tried contacting the issuing organization, but the ownership has changed, and no one has responded to your calls. 

If you can’t verify the credential, you’ll miss out on this project and the future opportunities it could’ve opened up for you. 

Quantifying those losses is difficult, though it’s easy to see they’re significant. 

Easy, trusted verification is the solution. But creating trusted verification isn’t easy. 

 

“Through Wingspan, our learning management platform offering for external customers such as clients and partners, we can extend the reach of our solution beyond our internal LEX platform, which is specifically designed for our employees. By doing so we can take this solution to partner universities and training platforms to get the most benefit for all stakeholders--individuals, companies, and their clients," 

Nishant Singh, Blockchain Consultant at Infosys

Identify the necessary technology

Lex already stored digital information about employees and their completed coursework. But it wasn’t robust or secure enough to qualify as proof for trusted verification. 

As a first step, Lex Badges needed to evolve from a simple electronic record to a true digital asset, or Verifiable Credential (VC). VCs use open standards, are cryptographically signed, and can be verified on a blockchain. 

VCs would meet the solution goals of elevating trust, fortifying security, mitigating fraud, and establishing an immutable framework. 

To speed up verification and give individuals ownership and control of their data, the solution needed more than VCs.

Infosys wanted a public-facing verification portal. Anyone with the link could confidently verify the credentials tied to the link. A digital wallet would let users access and hold their credentials and create a link. 

For this, Infosys needed a framework to manage communication protocols between the users and the blockchain, with APIs to connect user-facing applications.

Finally, to give individuals ownership and complete control over their identities and credential data, Infosys needed a Self-Sovereign Identity (SSI) framework. 

With SSI, personal identity is verified through a decentralized system. Individuals can prove who they are without the risk of leaking personal information. 

SSI has been a highly anticipated use for distributed ledger technology since blockchain’s inception. The technology took time to develop but is now ready to implement in specific solutions.  

With the technology identified, Infosys needed to choose platforms and frameworks that could seamlessly integrate them. 

Bringing the solution together with Hyperledger Indy and ACA-Py

“We wanted our solution to be based on open-source technologies,” said Seth.

One of the most mature open-source SSI frameworks is Hyperledger Indy, a project of LF Decentralized Trust. It provides a distributed ledger technology (DLT) framework for decentralized identity management. 

Two key features of the framework are: 

  • Decentralized Identifiers (DIDs): These unique and verifiable identifiers allow users to prove who they are without sharing private information. Individuals control what they share with whom, and no one else can change their information. 
  • Zero-Knowledge Proofs (ZKPs): This cryptographic layer between the individual and the verifier can hide information about credentials while still proving it knows the information. 

Hyperledger Indy also supports the necessary Verifiable Credential digital assets. 

Now Infosys needed something to manage the communication protocols between the parties and the ledger. It chose ACA-Py, which also provides APIs to build user-facing applications. ACA-Py is an agent technology developed by the Hyperledger Aries community and now hosted by the OpenWallet Foundation. 

“Hyperledger Indy is a distributed ledger purpose-built for decentralized identity,” explained Seth. “These identities are interoperable across administrative domains, applications, and organizational silos, so we chose this as our framework.”  

Once Infosys selected Hyperledger Indy and ACA-Py it began building its new blockchain-based credentialing system. 

Now when an employee completes a course or certification on Lex, it automatically generates a verifiable credential using the Hyperledger Indy framework. 

The credential includes all relevant information and is cryptographically signed by Lex, the trusted issuer.

For employees, this isn’t that different from the old system. For them, the notable change happens when they open their digital wallet. 

Rolling out the solution to employees

Employees automatically see new Lex Badges in their wallets. And that’s just the beginning. 

Infosys carefully designed the wallet to be user-friendly and full of valuable features.

Employees can:

  • Log in with their existing login credentials for authentication
  • Choose which specific credentials or parts of credentials to share
  • Back up their wallet to a personal Google Drive, which allows them to recover their wallet if their device is lost or damaged. 
  • Generate links to a public-facing verification portal. Employees can post these links across platforms, like LinkedIn, to share their achievements and allow colleagues, clients, and potential employers to verify the credentials.  

In the first three months following the platform’s release, over 3,000 Infosys employees used the solution. And that number has continued to grow, as has the positive feedback. 

It’s particularly popular among younger, digital-native employees, but they’re not the only ones who appreciate the easy access and ownership over their data. 

Other employees, managers, and clients appreciate the new system, too. Faster verification improves efficiency, and the secure, blockchain-based ledger increases trust. 

Infosys will continue adding user-friendly features for its employees. Future versions might include features like job matching based on skills, suggested courses based on career goals, and improved integration with professional networking sites.

But it’s also looking to do more. 

What's next/future steps

“Through Wingspan, our learning management platform offering for external customers such as clients and partners, we can extend the reach of our solution beyond our internal LEX platform, which is specifically designed for our employees. By doing so we can take this solution to partner universities and training platforms to get the most benefit for all stakeholders--individuals, companies, and their clients," says Nishant Singh, Blockchain Consultant at Infosys. 

Revolutionizing how educational institutions issue verifiable credentials is just the beginning. 

Potential applications stretch beyond education into verifying safety certifications in the Oil and Gas Industry, tracking equipment operating qualifications in Manufacturing, and issuing and validating business licenses in Governments.

Infosys also sees a future in industry-specific consortiums. “Imagine a network where multiple companies in an industry participate in a shared, secure credential verification system. This would simplify employee transitions between companies and eliminate costly, redundant verifications,” says Singh.

“Financial services were early adopters of blockchain technology. Now we’re seeing more industries explore its benefits,” he added. He concludes, “As the blockchain credentialing ecosystem grows, Infosys is committed to helping other industries achieve the same success we’ve seen with our Lex platform.”

infosys

Infosys LEX Verifiable Credentials – Wallet Sample Interface

About Infosys

Infosys is a global leader in next-generation digital services and consulting. With over four decades of experience in managing the systems and workings of global enterprises, Infosys expertly steers clients from more than 55 countries as they navigate their digital transformation powered by cloud and AI. The company is deeply committed to being a well-governed, environmentally sustainable organization where diverse talent thrives in an inclusive workplace. To learn more, visit https://www.infosys.com/


About LF Decentralized Trust

LF Decentralized Trust is the neutral home for the open development of technologies that empower organizations to innovate with secure and resilient code. It is the Linux Foundation’s flagship organization for a broad range of technologies and standards that deliver the transparency, reliability, security, and efficiency required for a digital-first economy. Supported by a diverse, global base of members and communities, LF Decentralized Trust champions open source best practices across a growing ecosystem of blockchain, ledger, identity, cryptographic, and related technologies. To learn more, visit: www.lfdecentralizedtrust.org.
Back to all case studies