Educational Blockchain: A Secure Degree Attestation and Veriﬁcation Traceability Architecture for Higher Education Commission

: Degree attestation veriﬁcation and traceability are complex one-to-one processes between the Higher Education Commission (HEC) and universities. The procedure shifted to the digitalized manner, but still, on a certain note, manual authentication is required. In the initial process, the university veriﬁed the degree and stamp seal ﬁrst. Then, a physical channel of degree submission to the receiving ends is activated. After that, the degree is attested while properly examining and analyzing the tamper records related to degree credentials through e-communication with the university for veriﬁcation and validation. This issue poses a serious challenge to educational information integrity and privacy. Potentially, blockchain technology could become a standardized platform to perform tasks including issuing, verifying, auditing, and tracing immutable records, which would enable the HEC, universities, and Federal Education Ministry (FEM) to quickly and easily get attested and investigate the forge proof versions of certiﬁcates. Besides, decentralized distributed data blocks in chronological order provide high security between distributed ledgers, consensus engine, digital signature, smart contracts, permissioned application, and private network node transactions that guarantee degree record validation and traceability. This paper presents an architecture (HEDU-Ledger) and detail design of blockchain-enabled hyperledger fabric applications implementation for degree attestation veriﬁcation and traceable direct channel design between HEC and universities. The hyperledger fabric endorses attestation records ﬁrst, and then validates (committer) the degree and maintains the secure chain of tracing between stakeholder peer nodes. Furthermore, this HEDU-Ledger architecture avoids language and administrative barriers. It also provides robustness in terms of security and privacy of records and maintains integrity with secure preservation as compared to that of the other state-of-the-art methods.


Introduction
Higher educational institutions and universities play a pivotal role in creating an enabling environment and opportunities to uplift social mobility, economic turnaround, and a skilled workforce that promotes and achieves humanity's well-being around the globe [1]. It helps to create innovations in the job market to fulfil local and international departments in different provinces to provide easy and accessible services across different provincial headquarters. The current degree attestation and verification process involves a collaborative mechanism comprising of both online and manual process as shown in Figure 1.
Appl. Sci. 2021, 11, x FOR PEER REVIEW 3 of 24 The higher education degree attestation and verification process involves several stakeholders. The Ministry of Federal Education is the root node of the stakeholder's hierarchy, in which the higher education commission is distributed in regional-based departments in different provinces to provide easy and accessible services across different provincial headquarters. The current degree attestation and verification process involves a collaborative mechanism comprising of both online and manual process as shown in Figure 1. During a degree attestation and verification process, if an applicant wants to attest or verify his/her degree, they need to generate an online request through the HEC online portal. Once the request is generated, the applicant gets an appointment to submit the required list of documents online or through a designated courier service. In the next phase, the HEC starts the scrutiny process of degree verification and attestation and forwards the submitted documents to the appropriate degree issuing university or institute to verify the credentials [5,11]. Furthermore, this process also involves various other stakeholders and subordinated HEC regulatory bodies who regulate and verify the degree verification and attestation process between the applicant and HEC and HEC to universities. The current system used by HEC involves the following stakeholders, who are directly or indirectly involved in the degree attestation process. Blockchain technology serves various potential advantages in pervasive higher education, learning, and development, such as enabling students' certifications to be quickly attested and easily verified in a secure fashion [6,9]. They could also allow to analyze forge proof versions, as well as guarantee the secrecy and integrity of their mark certificates. During a degree attestation and verification process, if an applicant wants to attest or verify his/her degree, they need to generate an online request through the HEC online portal. Once the request is generated, the applicant gets an appointment to submit the required list of documents online or through a designated courier service. In the next phase, the HEC starts the scrutiny process of degree verification and attestation and forwards the submitted documents to the appropriate degree issuing university or institute to verify the credentials [5,11]. Furthermore, this process also involves various other stakeholders and subordinated HEC regulatory bodies who regulate and verify the degree verification and attestation process between the applicant and HEC and HEC to universities. The current system used by HEC involves the following stakeholders, who are directly or indirectly involved in the degree attestation process. Blockchain technology serves various potential advantages in pervasive higher education, learning, and development, such as enabling students' certifications to be quickly attested and easily verified in a secure fashion [6,9]. They could also allow to analyze forge proof versions, as well as guarantee the secrecy and integrity of their mark certificates. Moreover, there is no additional cost for permanence, accessibility, or a high level of security pertinent to preserving the data records [7]. For instance, a modular blockchain enterprise architecture of hyperledger fabric acts on a permissioned distributed ledger technology [8]. At the same time, the HEC technical steering committee handles a diverse set of maintenance protocols and automates a configurable architecture that enables versatility, innovation, and optimization for a vast range of organizational stakeholders. This hash-encrypted distributed ledger architecture can support authored smart contacts in the general-purpose programming language, a private network that is a truly trustworthy and pluggable consensus protocol, with a more effective and customizable crash fault tolerance (CFT) [8,9]. Through the experiment, the encrypted, hash-based transaction nodes decentralized in chronological order can succeed by avoiding administrative barriers and third-party authenticity. The higher educational degree attestation verification design performs better, allowing smooth transaction processing, confirmation latency, and transactional smart contract privacy and confidentiality.
The main motivation behind this research is to address the issues and challenges of degree attestation and verification in Pakistan using blockchain technology. The research proposes a new blockchain-enabled degree attestation and verification system for the Higher Education Commission of Pakistan, a federal government body responsible for attesting and verifying the degrees issued by HEC-recognized universities and institutes. In our proposed solution, we used Hyperledger Fabric technology to create a private permissioned blockchain network. Different stakeholders are identified and added to the private permissioned network to achieve transparency, privacy, and secrecy. The proposed solution provides a robust, decentralized, and distributed hash-enabled chain-like structure called a ledger to store and record various transactions performed on the network. The research achieves the following objectives:

•
We studied, examined, and analyzed several online degree credential verification methods, including traditional centralized database storage systems.

•
In this paper, we evaluated the data authentication and privacy protection mechanisms used by the HEC to verify and attest to the degrees/certificates. • A new and novel hyperledger fabric blockchain architecture is proposed for HEC to replace the existing e-portal centralized system that delivers improved performance, transparency, security, and complete provenance to authenticate and verify the originality of academic credentials.

•
The transaction activities and operations of events delivery are illustrated using sequence diagrams to show how various steps are executed on the blockchain network while performing a degree verification traceability process. • Finally, we designed the consensus policy for nodes transactions execution and explained their uses along with some open challenges, and we also discussed implementationrelated issues that emerged while simulating this proposed solution in the future by the use of an educational benchmark dataset.
The rest of this paper is organized as follows. The related work section discusses different degree verification and attestation processes and solutions using blockchain technology. Section 3 focuses on blockchain-enabled digital ledger technology and its impact on higher education degree attestation security and privacy process. Section 4 explains the proposed novel architecture using hyperledger fabric technology for degree attestation and verification using the distributed application (DAPP). Section 5 presents the sequence diagrams to show the implementation of the proposed solution. Finally, various implementation challenges are discussed, and conclude this paper in Section 6.

Literature Review
Blockchain technology has high scientific and distinct network attention, the positive use of permissioned network architecture, a potentially distributed role in different domains, and operates free from central authorities [10]. Due to the devoted disruptive nature, the adaptation of blockchain technology is highly preferred in every aspect in real-time application with the needs of society. Despite this, most related work was discussed in relation to the limitations it may pose and not the use of blockchain technology in digital education.
The advent of blockchain and its radical impact compared to that of the new technological innovation of the internet proposed by Beck et al. also indicate the potential transformation within distinct business enterprises [11]. However, the concept of digital distributed ledger and manual ledger metamorphosis was proposed by Haber et al. [12]. With this concept, robust timestamping and the creation of intellectual property management established the modern blockchain-enabled distributed ledger innovation. Hyperledger enabled consortium, public, and fully private network is used as one of the strategic pillars in blockchain technology. There are various hyperledgers proposed for distinct purposes, and hyperledger fabric is one of the main research topics, as shown in Table 1.
In fact, the majority of research was conducted on blockchain security, information immutability, decentralized transaction, encrypted node privacy, distributed data preservation and storage, and hyperledger [13]. Based on these highlights, some critical disruptive and traditional centralized technological drawbacks in higher education, pervasive learning, investigating degree tampering and forgery, certificate attestation, traceability, and the importance of hyperledger are as follows: This study provides a studentcentric solution, which also presents some crucial use cases within the educational domain. A preliminary review and study of these cases identified that the student-centric approach is better than the record-keeping procedure.

Blockchain-Based Secure Record Preservation and Security for HEC
The blockchain distributed ledger of digital transactions duplicates maintains across the stakeholders in the network [27]. Every node in the chain contains more than one transaction, and each transaction is recorded and immutable data are added and shared in the network to the entire participant ledger. These ledgers operate as a decentralized database handled by several stakeholders in the chain. However, this technology has a unique block-based hash-encrypted structure in chronological order, and crucial characteristics of the distributed ledger technology are as follows: timestamp, secure, unanimous, anonymous, and programmable smart contract [28]. Moreover, this technology security and data preservation are at the peak. The nodes are connected in sequential form. Each new block is attached at the end of the chain and generates a cipher code to protect data in the block [29]. In this way, blockchain networks are categories depending on the stakeholders' permissioned or permissionless, either public or private architecture. Some security features of this technology for the higher education commission are discussed below [30]: • Firstly, the connected stakeholders get a complete ledger as long as the federal Ministry of Education is allowing them to participate. These stakeholders access the data records and make any further queries regarding the degree of data modification in the chain via the open interface of SDK/DAPP. • Secondly, a peer-to-peer network connection is used to communicate individual participants in the decentralized higher education ledger architecture. Each block of stakeholders is treated uniformly. Furthermore, no additional vendor support or connection to third-party platforms are required.
• Most importantly, the individual node has a sort of cipher-encrypted address since the hash was previously stored in each block in the educational chain. For every single data record of a specific node, the transaction updates. After the change, the updated records of the attached nodes in the chain are recalculated. Furthermore, consensus approval is required; most probably degree record modification is impossible because of the digital contract sign between participants to achieve node data. Therefore, the digital ledger architecture stores educational data in the form of a node. Once the records are stored, the verification is also stored on it.

The Role of Hyperledger
Hyperledger focuses on the development suite of a stable blockchain-enabled (such as 'HEDU-Ledger') architecture and records traceability, libraries, and tools [31]. It provides a modular approach for implementing the degree traceability system, including digital ledgers and customized smart contracts. Higher education degree attestation traceability-based blockchain applications rely on the permissioned trust relations, intrinsic stakeholder interest in the defined consensus policy, and not required to run proof-of-work algorithm [32]. In addition, hyperledger promises, educational records, transparency, distributed data transactions, and immutable digital ledgers are spread across the nodes in a private network. If one maintains the duplication of the common system and keeps the data recorded, nothing will be erased or altered. However, the copy of the digital ledger is identical to the other stored ledgers in the peer network. There are distinct hyperledgers available, differentiating the role in a different enterprise environment, and its critical features and importance (shown in Table 2) are described as follows: Table 2. Role of hyperledger.

Hyperledger Features Details
Hyperledger Sawtooth [33] Distributed private network ledger and applications; business rules; smart contract; enterprise enabled and consortium-based policy decision; consortium blockchain; permissioned network; parallel transactional execution; event-based execution; pluggable and customize consensus algorithm Hyperledger Indy [34] Interoperable platform; distributed storage; shared components; libraries and client tools facility; decentralized identifier correlation-resistant; permissionless network Hyperledger Besu [35] Open-source; allow to develop Ethereum client; enterprise Ethereum alliance; user-facing APIs; IBFT and clique consensus algorithms; consortium blockchain network Hyperledger Grid [36] A framework for building supply chain solution (business enterprises); modular components; client interface; domain-specific data model; digital contracts.
Hyperledger Iroha [37] A role-based access; assets; identity management; general purpose system; permissioned network, easy deployment; command query and separation Hyperledger Fabric [38,39] A modular architecture; plug and play services; customized consensus mechanism; scalability; secure data preservation; distributed ledger solution and storage; private network

Hyperledger Fabric-Enabled Paperless Education Degree Issuance and Secure Attestation and Verification Platform
Through the proper implementation and sequence-of-working of digital contracts of high education degree issuance, attestation, verification, and traceability using blockchain security technology, the fabric is an extensible blockchain solution that enables developers to maintain a distributed digital ledger [40]. It provides robust security features and credential privacy that allow block data scalability and node transaction flexibility, and no additional cost is required to run the distributed application. The operational advantage is to maintain self-sovereign of the online proof of educational credentials and to preserve the evidence of higher education, academic protection, and digital achievement secrecy. The digital proof can handle timestamping efficiently, integrate existing application requests seamlessly, ensure academic credential protection and high data integrity, and provide a secure pathway and intellectual property rights to the connected stakeholders [41,42]. Here, we discuss some key factors of blockchain hyperledger fabric enabling ubiquitous credential attestation traceability security:

•
The higher education degree attestation traceability system requires a private key. The main objective is to sign the university academic credentials and issuance certificate to adding verification signature in every aspect.

•
In this regard, a unique hash-encrypted ID generates in every content verification of the education certificate that allows stakeholders to trace records.

•
This system also ensures the credential contents, consistency, and degree records. • At every level, hyperledger fabric smart contract technology manages and executes the digital contract, and a digital multigeniture is used to verify the contents of degree and information authorization. Figure 2 presents the blockchain distributed ledger architecture that enables hyperledger fabric smart contract technology to execute the smart contract and digital signature for degree attestation traceability. This block-based architecture is categorized into three main phases or levels; the one-to-one communication between the Higher Education commission and universities starts hiring bodies and state government officials to apply for scrutiny. However, the scrutiny process in the blockchain is quite different, as there is a digital verification of candidates' degree credentials and tracing of the signature of the document attestation. Through phase 1, the application layer of blockchain architecture aims to conduct the attestation traceability procedure and provide HEC eportal distributed platform. In this regard, the blockchain-enabled distributed SDK application allows stakeholders to generate a request for degree attestation and traceability. Phase 2 maintains the overall transactions between the smart contracts and architectural validation, handles hash-based encrypted blocks, and keeps ledgers private in the network. Moreover, the transactional layer also manages the digital rewards between consensus and makes distributed copies of the transaction in the private network ledger in the smart contract. In phase 3, there is a digital degree record exchange within the chain because of peer-to-peer network connection, and data are preserved in the decentralized storage.

Proposed Degree Attestation Traceability Architecture for Higher Education Commission
The proposed blockchain peer-to-peer network-enabled architecture provides a structural development solution for HEC degree attestation traceability, which is deployed on fabric hyperledger. This solution uses two distinct sorts of traceability for the organization: hiring bodies to the respective university and universities to HEC. Individual universities and record-keeping departments contain a minimum of two peers of hyperledger fabric-based nodes that are used to create the distributed network as shown in Figure 3. In this peer node, a single-order node in the Apache KAFKA ordering service provides the solution in solo mode. This service also handles degree credentials or record data block creation and consensus verification. Moreover, the fabric hyperledger uses the consensus algorithm to manage certificate's identity verification and validation. In addition, it is deployed in the node and provides membership services to the institutes, state government officials, hiring bodies, and HEC regional sectors.
Although the InterPlanetary File System (IPFS) storage is used as an external storage structure for HEC degree attestation, traceability to preserve candidate degree credentials

Proposed Degree Attestation Traceability Architecture for Higher Education Commission
The proposed blockchain peer-to-peer network-enabled architecture provides a structural development solution for HEC degree attestation traceability, which is deployed on fabric hyperledger. This solution uses two distinct sorts of traceability for the organization: hiring bodies to the respective university and universities to HEC. Individual universities and record-keeping departments contain a minimum of two peers of hyperledger fabric-based nodes that are used to create the distributed network as shown in Figure 3. In this peer node, a single-order node in the Apache KAFKA ordering service provides the solution in solo mode. This service also handles degree credentials or record data block creation and consensus verification. Moreover, the fabric hyperledger uses the consensus algorithm to manage certificate's identity verification and validation. In addition, it is deployed in the node and provides membership services to the institutes, state government officials, hiring bodies, and HEC regional sectors.  The bundle of degree records is used to trigger the hyperledger fabric-enabled smart contract specifically. The transaction proposal is sent to the peer nodes in the chain for endorsement, where smart contract executes the endorsing for the ledger to satisfy the successful transaction shown in Figure 4. After this process, the endorsing peer digitally signs and returns to the committer. The committer in the peer validates the integrity of the transaction and concatenates it to the digital ledger. However, the REST API (used for obtaining HTTP requests to access and use data) runs through the fabric Swagger directly, where the system can GET (current state) and POST (target smart contract) block services in the peer network. Block API retrieves the degree contents or credentials in the various blocks from the blockchain. The programmable ledger of higher education degree attestation is preserved on the blockchain fabric IPFS file storage; moreover, the smart contract is implemented for robust information integrity preservation and secure interaction among stakeholders. These privately permissioned encrypted blockchain ledgers are immutable, as shown in Figure 4, meaning they cannot be manipulated, and thereby enhance the attestation traceability features for the HEC. A hyperledger fabric comprising the three main parts discussed are as follows: Although the InterPlanetary File System (IPFS) storage is used as an external storage structure for HEC degree attestation, traceability to preserve candidate degree credentials and personal information are protected and shared only among the stakeholders within the permissioned private chain network architecture. This file-sharing system more efficiently leverages data record preservation. Furthermore, the system allows to transfer, share, track, and store large files along with domain efficiency. The IPFS depends on the cryptographic hash encryption as a direct and robust way to store on the blockchain, as shown in Figure 3. However, the storage does not require or permit users to share any files with the selected stakeholders. The implementation of the node transaction and the process of execution are shown in Figure 4. Appl. Sci. 2021, 11, x FOR PEER REVIEW 13 of 24

Blockchain Enabled Fabric Certificate Authority for Participating Candidate Registration Contract (DARC())
The degree attestation registration contract and design consensus for participating stakeholders are initiated and deployed between universities and HEC to register new enrolments of degree and degree programs along with stakeholder registration. The degree attested register() function is created to add and execute degree-related information used by HEC engineers, which also records stakeholder participation according to the policy of consensus in the DARC(). This contract also records additional data such as degree code, degree title, degree program, candidate details, timestamp, degree counter, and other activation registration steps. Furthermore, the degree attestation and participating stakeholders' registration are recorded on the DARC(). Then, the system initiates another contract named AAC() as mentioned in Appdendix A, deployed between DARC() and universities, and managed by HEC Engineers.

Distributed HEC Accumulator and Accreditation Contract (AAC())
The HEC accumulation and accreditation contract is deployed and automates updates whenever a new event is added to the DARC(). The AAC() contract is preserving the accreditation-related information, even though all distinct types of degree programs registered by HEC and updated in the DARC() contract. The addAccrediation() function The bundle of degree records is used to trigger the hyperledger fabric-enabled smart contract specifically. The transaction proposal is sent to the peer nodes in the chain for endorsement, where smart contract executes the endorsing for the ledger to satisfy the successful transaction shown in Figure 4. After this process, the endorsing peer digitally signs and returns to the committer. The committer in the peer validates the integrity of the transaction and concatenates it to the digital ledger. However, the REST API (used for obtaining HTTP requests to access and use data) runs through the fabric Swagger directly, where the system can GET (current state) and POST (target smart contract) block services in the peer network. Block API retrieves the degree contents or credentials in the various blocks from the blockchain. The programmable ledger of higher education degree attestation is preserved on the blockchain fabric IPFS file storage; moreover, the smart contract is implemented for robust information integrity preservation and secure interaction among stakeholders. These privately permissioned encrypted blockchain ledgers are immutable, as shown in Figure 4, meaning they cannot be manipulated, and thereby enhance the attestation traceability features for the HEC. A hyperledger fabric comprising the three main parts discussed are as follows: 1.
The HEC distributed ordering service initiates the proposal of the transaction, with the order being endorsed by the peer nodes on the blockchain fabric network. The degree-related block transaction contains a digital signature and hash encrypted by each peer for endorsement, which is then submitted to the orderer service and forwarded to the committer with the HEDU digital ledger. After completing this process, the service is broadcast from the orderer to the committer on the blockchain hyperledger fabric for validation (KAFKA) and verified according to the defined consensus policy, as shown in Figures 3 and 4.
• In this proposed educational blockchain-ledger architecture, we built private channels and restrict the direct path of messages delivered and received because of transaction privacy and confidentiality between a subspace of network members. The HEDU-ledger relates information including node transactions, participating stakeholders, communication channels, and channel-related details, which are inaccessible, and there is no visibility of any member on the network, so this channel cannot be operated by a third-party participant.

•
The execution of block transactions is completely private and separate from ordering to the committer. It provides an efficient procedure of transaction execution, including maintaining the ledger maintenance, consensus workload, and comparing with that of other state-of-the-art blockchain technologies.

•
The smart contract functionality enables transaction encryption and business logic invoked specific kinds of block transaction execution on the private communication channel. Meanwhile, it tackles the entire execution transaction and private channel operations in this blockchain system.

2.
In this proposed network, multiple peer channels are used to update and query (log and state) execution on the HEDU-ledger. This system auto-synchronizes and executes two roles mainly, such as endorsing to committing transactions or vice versa. This block-based transaction proposal is submitted according to the policy of endorsement after the procedure of peering; in the private network channel of the blockchain ledger architecture, as shown in Figure 4.

3.
For permissioned private blockchain networks, we designed a Certificate Authority (CA) network of distinct untrusted participating stakeholders in the Higher Education Commission. These identified stakeholders are enrolled only if they have a unique root certification. The Certificate Authority provided by the Ministry of Education to HEC (and HEC to universities) that binds specific peers and order. By allocating Certificate Authority to individual stakeholders, the private HEDU-ledger network mimics where the participants (also responsible for transaction renewal and revocation) use their own Certificate Authority. The transaction and private communication ledger are signed by the stakeholder's private key, and for verification, it uses the public key within the fabric hyperledger.
In this proposed HEDU-ledger, a hyperledger fabric enabled architecture is presented for the degree attestation traceability system that connects participating stakeholders from a peer-to-peer (P2P) private permissioned network, as shown in Figure 4.

Blockchain Enabled Fabric Certificate Authority for Participating Candidate Registration Contract (DARC())
The degree attestation registration contract and design consensus for participating stakeholders are initiated and deployed between universities and HEC to register new enrolments of degree and degree programs along with stakeholder registration. The degree attested register() function is created to add and execute degree-related information used by HEC engineers, which also records stakeholder participation according to the policy of consensus in the DARC(). This contract also records additional data such as degree code, degree title, degree program, candidate details, timestamp, degree counter, and other activation registration steps. Furthermore, the degree attestation and participating stakeholders' registration are recorded on the DARC(). Then, the system initiates another contract named AAC() as mentioned in Appdendix A, deployed between DARC() and universities, and managed by HEC Engineers.

Distributed HEC Accumulator and Accreditation Contract (AAC())
The HEC accumulation and accreditation contract is deployed and automates updates whenever a new event is added to the DARC(). The AAC() contract is preserving the accreditation-related information, even though all distinct types of degree programs registered by HEC and updated in the DARC() contract. The addAccrediation() function is created to add program accreditation and execute update-related information in the AAC() contract. This contract also preserves relevant records such as accreditation ID, accreditation program, current semester enrolment, timestamp, add, TDRUC, HEC accreditation manager for the count. Moreover, the successfully deployed AAC() contract shares its updated addresses of the contract with the connected DARC().

Digital Signature and Permissioned Private Transaction of Degree Record Update Contract (TDRUC())
The HEC transaction of degree record update contract (TDRUC()) is deployed and automates the updates whenever new accreditation-related information is added to the AAC contract. In this contract, the information is shared among the stakeholders according to the Certificate Authority and mentioned policy. This updated information is all about the degree-related transaction added to DARC() and AAC(), respectively. The updatetrans() function is created to add transaction records and execute updates of the transaction history of new degree-related accreditation information in the TDRUC() contract. This contract also preserves related information records such as assignee, present transactions, past transactions, timestamp, and transaction count to added and updated in respective smart contract. Furthermore, the well-deployed TDRUC() contract shares its updated addresses of the contract to the AAC() contract.

HEC Degree Attestation and Credential Verification Transactions Flow
The advantage of employing the proposed hyperledger fabric enabled degree attestation and credential verification traceability solution in the higher education commission ensures the availability of complete and abiding records among the stakeholders without the direct involvement of the federal educational authority. In the processes of degree attestation traceability, the involved stakeholders can investigate the history of attestation, track and trace provenance, source, and degree number along with the program accreditation and enrolment registration through mobile DAPP. The registered stakeholders are authorized to preserve, update, and retrieve degree attestation and verification-related transaction information on the HEDU-ledger. In this proposed architecture, the highlighted and most significant aspect is that the system validates, authenticates, and authorizes, and will only be updated and added to the ledger on the HEDU-ledger transaction based on the Certificate Authority verification. This section discusses the implementation of HEDU-ledger-related events' flow, and the node transactions' execution, verification, and validation procedural steps are explained in Figure 5 (activity diagram) and Table 3 (description).

Fabric with Hash Re-Encryption and Privacy Measurement
In the proposed architecture, the hash protocol used as a proof of stake in the degree attestation traceability allows proxy reEncrption of degree credentials. Moreover, the system builds an encryption infrastructure such as managing secret SSH credentials, X.509 certificate, and signing key generation between DARC(), AAC(), and TDRUC() contracts. HEC engineers utilize hash (reEncrypt()) dynamic control, access, or invoke to access sensitive degree-related information to the stakeholders. This information is encrypted while preserving the records in the IPFS storage. This information is encrypted while preserving the records in the IPFS storage, as shown in Appdendix A. Table 3. List of events of nodes transactions and execution of proposed HEC degree attestation traceability architecture.

Series of Events
Working Description 1 HEC degree attestation registration (register()) ledger deployed by the Higher Education Commission.

2
The HEC Engineers received a request (applicational request) for degree attestation and verification through the distributed application in the registration contract (register()). 3 A new HEC accumulation and accreditation contract is deployed and created in the image of it. 4 The addresses of HEC accumulation and accreditation manages contract to the HEC Engineer registration contract (register()). 5 Send the registration details to the transactions (addAccrediation()) of degree record and update the contract. 6 Return the addresses of transaction of degree record and update contract to the HEC accreditation and accreditation contract. 7 Similarly, return addresses of the registration contract (register()) to the degree attestation. 8 Once the degree-related information is added to the HEC registration (register()) contract, updated in the respective contract, and attached to the stakeholder participation consensus, this information is passed by the HEC to state regions/regional offices. 9 The new registered candidates' contract will be deployed for degree credentials and verification.

10
HEC registration contract added new degree related information and registration updates to HEC accumulation and accreditation contract (AAC()). 11 Return the addresses. 12 HEC regional office/state office added new university accreditation and board of studies-related transactions in the accumulation contract (AAC()) and deployed. 13 Get acknowledgment back to the HEC accumulation and accreditation contract (addAccrediation()). 14 The new transaction of degree record update contract is deployed (updateTrans()).

15
Addresses of transactions of degree record updates maintain contract to HEC accumulation and accreditation contract. 16 Maintain a new copy of updated HEC accumulation and accreditation contract, and deploy in the image of update contract. 17 Return addresses to the HEC accumulation and accreditation contract, and acknowledge back the addresses. 18 The universities update the information of registered candidates passed from the university to HEC, then HEC/regional office/state office updates and passes on to the transaction of degree record to update the contract.

19
The candidate registration related information is passed on from HEC to universities, then universities pass on to transaction degree record to update contract. 20 The registered degree record (credentials) is passed from university to HEC. 21 The HEC get approval for the educational activities from the federal Education Regulatory Authority.

22
The federal education regulatory authority tracks and trace individual records of the candidate traceability system using the transaction degree record update contract. 23 The registered degree record (credentials) is passed from HEC to government officials/Hiring bodies.

24
The registered degree record (credentials) individuals will be passed between government officials/hiring bodies to candidates.

25
The candidate will trace and track the degree credentials and verify easily from the traceability system using transaction degree record update contract.

26
The federal education regulatory authority will trace and track the degree credentials and verify easily from the traceability system using transaction degree record update contract. 27 Maintain a new copy of updated transaction degree and record update to contract and deploy. 28 Return addresses to the transaction degree record update contract and acknowledge back (addresses). Appl. Sci. 2021, 11, x FOR PEER REVIEW 15 of 24 Figure 5. Event of nodes transactions execution through activity diagram. Table 3. List of events of nodes transactions and execution of proposed HEC degree attestation traceability architecture.

Series of Events Working Description
1 HEC degree attestation registration (register()) ledger deployed by the Higher Education Commission.

2
The HEC Engineers received a request (applicational request) for degree attestation and verification through the distributed application in the registration contract (register()). 3 A new HEC accumulation and accreditation contract is deployed and created in the image of it.

4
The addresses of HEC accumulation and accreditation manages contract to the HEC Engineer registration contract (register()).

5
Send the registration details to the transactions (addAccrediation()) of degree record and update the contract. 6 Return the addresses of transaction of degree record and update contract to the HEC accreditation and accreditation contract. 7 Similarly, return addresses of the registration contract (register()) to the degree attestation.

8
Once the degree-related information is added to the HEC registration (register()) contract, updated in the respective contract, and attached to the stakeholder participation consensus, this information is passed by the HEC to state regions/regional offices. 9 The new registered candidates' contract will be deployed for degree credentials and verification.

10
HEC registration contract added new degree related information and registration updates to HEC accumulation and accreditation contract (AAC()). 11 Return the addresses. 12 HEC regional office/state office added new university accreditation and board of studies-related transactions in the accumulation contract (AAC()) and deployed. 13 Get acknowledgment back to the HEC accumulation and accreditation contract (addAccrediation()). 14 The new transaction of degree record update contract is deployed (updateTrans()).

15
Addresses of transactions of degree record updates maintain contract to HEC accumulation and accreditation contract. 16 Maintain a new copy of updated HEC accumulation and accreditation contract, and deploy in the image of update contract.  Figure 6 presents the identification and registration of degree attestation traceability sequence process in which HEC engineers maintain the main chain code of the system. The chain code is able to initialize procedures until the completion of transaction. Firstly, the proposal sends to the HEC regulatory authority, responsible for creating, executing, transferring, tracking, verifying, and validating transactions of the submitted proposal among the registered stakeholders. Then smart contract assists in acquainting, preparing, analyzing, uploading, transfer, and sharing degree credential registration details on the HEDU-ledger, as shown in Figure 6.

Working Operations of the Proposed Architecture and Discussion
This contract designed to check the corresponding credentials is already submitted previously or not; if yes, then it reverts. If the system is not registered yet, then the degree attestation and credential verification register() function is added a new records and update ledgers successfully in the smart contract, as defined in Appendix A.
The attestation and credential verification process are executed between the universities and HEC once the consensus reaches the specific point of record submission, in which both stakeholders at the level of interaction sign digital and encrypted. After the universities receive updated record authentication from HEC and smart contracts update information, the (updateTrans()) function is used to preserve according to that shown in Figure 7. The implementation of the degree attestation traceability process executes the updateTrans() functions in which government state officials track and trace individual records before the procedure of hiring bodies and schedule employment interviews. HEC engineers and registration smart contract manager produces proper statistics information on the basis of university program activities and accreditation, board of studies, admission, semester course enrolment related information, year of passing out, degree related credential information including meta-record, record timestamp, and affiliation information. The attestation and credential verification process are executed between the universities and HEC once the consensus reaches the specific point of record submission, in which both stakeholders at the level of interaction sign digital and encrypted. After the universities receive updated record authentication from HEC and smart contracts update information, the (updateTrans()) function is used to preserve according to that shown in Figure 7. The implementation of the degree attestation traceability process executes the updateTrans() functions in which government state officials track and trace individual records before the procedure of hiring bodies and schedule employment interviews. HEC engineers and registration smart contract manager produces proper statistics information on the basis of university program activities and accreditation, board of studies, admission, semester course enrolment related information, year of passing out, degree related credential information including meta-record, record timestamp, and affiliation information.   The attestation and credential verification process are executed between the universities and HEC once the consensus reaches the specific point of record submission, in which both stakeholders at the level of interaction sign digital and encrypted. After the universities receive updated record authentication from HEC and smart contracts update information, the (updateTrans()) function is used to preserve according to that shown in Figure 7. The implementation of the degree attestation traceability process executes the updateTrans() functions in which government state officials track and trace individual records before the procedure of hiring bodies and schedule employment interviews. HEC engineers and registration smart contract manager produces proper statistics information on the basis of university program activities and accreditation, board of studies, admission, semester course enrolment related information, year of passing out, degree related credential information including meta-record, record timestamp, and affiliation information.  The HEC authority needs to consider, design, and develop distinct educational policies and pathways regarding the blockchain technology-based hyperledger fabric smart contract implications and ascriptions such as digital record, protected maintainability and block stakeholder on the ledger, decentralized storage preservation, and stakeholder changes permission along with the rights of consensus in the private ledger network architecture [27,43]. The HEC needs to collaborate with universities and other state regional sectors and facilitate with manual degree attestation verification, a regulatory architecture for certificate credentials, privacy, and compatibility for the development of the online secure blockchain-enabled system for degree attestation traceability, and also evaluate the HEC environs to calculate the difference and formulate new authoritative policies and objectives.

Cross-Chaining
The primary objective of using blockchain is to protect critical data organizations of data to gratify the particular kind of data that will be preserved on the digital ledger using the blockchain technology along with the process of storage, such as off-chain and on-chain data preservation storage [44]. In the higher education degree attestation, the overall data is more sensitive and confidential; therefore, the data must be preserved and checked against and investigate the hashes of on-chain. The most prominent aspect of structured critical data is the size and storage of data in chunks and data preservation on the distributed ledger. Additional storage of noncrucial data records on the private network ledger creates more cost of the transactional size that will impact the blockchain performance in terms of efficiency and accuracy [27].
The cross-chain platform of HEC allows multiple institutes, federal education officials, and regional offices to use an effective and efficient business service model for degree attestation and traceability. The end-users of the platform and distinct various users of the different domains of blockchain platform can intercommunicate, interact, proper utilization of services, and conduct meaningful education transaction. The existing legacy HEC degree attestation and verification solution, the current blockchain-based platform, has a lack of cross-platform because of disunion and less connection, which make it difficult to adoptability and platform implementation among the users of the system [43].

Streamlined Process Automation of Attestation Traceability with Digital Contracts
A blockchain is a decentralized private digital ledger where universities exchange critical information such as educational credentials, previous candidate information, recent records, and complete certification in a chain of blocks [27,45]. The stakeholders record these core ledgers electronically for further employment or admission to a higher education certificate and trace accordingly. These education-related data records were provided on the blockchain hyperledger fabric enabled platform that allows access to this sensitive private information. The challenging problem is to restrict several repetitive activities that consume high time, increase execution cost, and utilize more computation power. However, manual insertion is tedious, difficult, leads to apathy and is considered a timewasting strategy in the current distributed environment. The tasks are identified in a way that is robust to automate the processes of higher education certificate attestation traceability, which is still a platform implementation challenge with blockchain Hyperledger-enabled technology. The major problem is to design customized digital contracts and certificate authority verification policies between stakeholders and automate (smart contract) them along with the digital signature.

HEC Standardization and Compliances Limitations
The HEC regulatory authority plays an important role to manage the standards of degree attestation and verification including the secrecy of candidate certificate credentials and authenticity, checking system quality and maintainability, safety, data protectability, sensibility, resource effectiveness, transfer and exchange records between the universities and federal education authorities. These regulatory authorities look after the complete mechanism of retrieval, preserve, share, transfer, store, and exchange degree, attestation, and verification related data records, and more crucial to provide transparency, scalability, cross-chaining, and security [43,44]. In this way, the degree traceability limitations and issues can be solved with more efficiency, and they can be reorganized to deliver a better educational solution for HEC. Another challenging aspect is to cope with the manual credential records feeding to the distributed system and the requirement of system and legislation in blockchain networks. Until now, blockchain technology is still not decisive on the laws and rules regarding the predefined system of HEC.

Security & Privacy of Nodes Issues and Domain Efficiency Challenge
In this era, the blockchain services enabled solutions are more demanding as a proficient-based and private platform for different organizations. However, the exist-ing security technology and its solutions are untrusted and unreliable [27,43]; moreover, it cannot provide large scalability services with a high rate of data dependency. In addition, it restricts the continuous process of node transaction, data records, transparency, domain efficiency, size of inheriting data and latency, and the robust additional cost of security scalability [45]. In this regard, the HEC degree attestation and verification, permissionedbased private blockchain network architecture solution, is considered the most crucial and important compared to the collaboration of the manual and digital procedural mechanism regarding robustness of performance and efficiency of solutions. It also has more powerful computational abilities as well as high processing execution compared to that of the permissionless public and customized blockchain hyperledger technology.

Conclusions
This paper discusses the security-and privacy-related issues and procedures in the existing HEC degree attestation and record traceability architecture. Identified the solution of such mentioned issues by using blockchain, especially hyperledger fabric-enabled attested degree verification. For this purpose, we proposed HEDU-ledger (educational blockchain ledger), which is a permissioned private network architecture created between stakeholders for certificate record traceability. In addition, this proposed novel and secure architecture provides robust security and protection in terms of maintaining decentralized candidate degree credentials and data records in a distributed ledger. These ledgers are completely immutable in nature, registration, transfer, and tracking through hash encryption and collaboration between smart contracts, used to protect node transaction and information secrecy, timestamp, anonymous, unanimous, and programmed for permissioned private network interface.
The HEDU-Ledger solution is a complete package that is purely decentralized. The processes such as nonrepudiation with provenance and traceability for agile courage are without a single conflict in the HEC degree attestation. The stakeholders and other connecting parties are initially identified and authenticated by HEC engineers using their digital signature and cryptography encryption. Moreover, we described and presented the whole mechanism of the proposed architecture, including the policy of HEC, attestation and verification criteria, and the other elements involved through the activity diagram. Additionally, the HEDU-Ledger also records more detail regarding the stored ledger in an IPFS data storage structure in the protected and immutable form. This system also provides transparency, security, forgery-proofing, and auto tackling cyberattacks such as distributed denial of service.

Conflicts of Interest:
The authors did not have any conflict of interest.  HEC Engineer also Initiates System and manages Addresses int main: x [file], HEC uses encryption symmetric to encrypt information gets (encryptedInformation); HEC uses public symmetric for a candidate degree submission to encrypt credentials, gets (encryptedInformationOfCandidate); Stakeholder requests for datafile, IPFS sends encrypted symmetric to HEC; Then, stakeholder uses private key for candidate's credentials to decrypt encrypted symmetric of HEC, gets (encryptedSymmetric); Finally, stakeholder uses encryptedSymmetric to decrypt candidate's credentials, gets (information).