By Mrityunjaya “Jay” Prajapati, Founder & Architect, Skill Passport
You can buy a fake internship certificate in India for less than Rs 2,000. The transaction completes on Telegram in about fifteen minutes. The output is a PDF or printed document with a company letterhead, signature, project description, and duration. Pay extra, get a project report. Some operators run referral programs. Some have customer reviews. Several operate out of office space in Noida and Hyderabad.
This is a market built on the absence of cryptographic verification. It exists because India mandates credentials but does not verify them at the protocol layer. Every fake certificate in circulation is fraud carried out against a verification system that is functionally manual, optional, and trust-based.
For a blockchain audience, this is a familiar problem class. The fix is not better paper. The fix is moving credential issuance into a system where the credential carries its own verification.
The Scale Problem Most People Are Not Reading Correctly
AICTE, India’s statutory regulator for technical education, requires engineering students to complete a minimum of three internships during their degree. The mandate is in policy. It is not in infrastructure.
India produces 1.5 million engineering graduates per year. Three internships per student means roughly 3 to 4 million internship slots required annually. The available supply of high-quality internships is a fraction of that. Large IT services firms run structured programs. Mid-size companies take interns occasionally. The bulk of the gap is filled by smaller firms that cannot mentor properly, plus an unknown but substantial tail of fabricated records.
The downstream data tells the story. The Unstop Talent Report 2025 found that 83% of India’s engineering graduates from the Class of 2024 received neither a job nor an internship offer. The Mercer-Mettl Graduate Skill Index 2025 measured employability at 42.6%, down from 44.3% the year before. The National Apprenticeship Promotion Scheme set a target of 13 lakh apprentices for 2025-26 and engaged 3.99 lakh by July 2025, a 69% shortfall.
In December 2025, Indian law enforcement uncovered what is being called the largest credential forgery operation in the country’s history. A network spanning multiple states had issued approximately one million fake certificates across 500 document types. The seals and holograms replicated those of 22 real universities with nearly identical specifications. Eleven arrests followed, with hundreds of printers, computers, forged seals, and stamps seized.
These data points describe a single failure: a credential layer with no verification primitive at the issuance step.
Why Off-Chain Verification Cannot Close the Gap
The existing verification stack in India is composed of layers, none of which solves the issuance problem.
DigiLocker holds copies of certificates. Storage is not verification. A DigiLocker entry confirms that a document exists in a state-operated repository. It does not confirm that the credential was issued by an authorized party, that the qualification was actually met, or that the document has not been altered between issuance and storage.
The Academic Bank of Credits and APAAR track academic records and student IDs. They are registry layers. They tell you which institution recorded which credit for which student. They do not score capability.
Background verification firms run manual checks against issuer records. The unit economics are poor. WES, the standard international evaluator, processes credential reports in four to seven weeks at over $180 per credential. For a domestic Indian employer making a fresher hire, manual verification is rarely worth the cost-per-applicant economics, so most do not run it.
None of these layers do what a developer reading this would expect: cryptographically sign a credential at issuance such that any downstream party can verify both authenticity and integrity in a single call.
The Architecture That Closes It
Skill Passport, the consortium-built platform launched in March 2026, moves credential issuance onto a verification-native layer. The technical design follows the W3C Verifiable Credentials Data Model 2.0 for interoperability, anchored on a permissioned blockchain layer powered by Kalp DLT.
The flow at the protocol level:
Issuance. When an institution issues a credential, the issuer signs the credential payload with a private key tied to its DID (decentralized identifier). The signed credential conforms to the W3C Verifiable Credential specification. A hash of the credential is anchored on the permissioned blockchain. The holder, a student or professional, receives the credential into a digital wallet they control.
Presentation. When a verifier wants to confirm the credential, the holder presents either the full credential or a selectively disclosed subset using a Verifiable Presentation. Selective disclosure means the holder can prove “I have a degree from this institution” without revealing other attributes on the credential, using BBS+ signatures or equivalent zero-knowledge primitives where supported.
Verification. The verifier validates three things in a single call: the issuer’s signature against the issuer’s published DID document, the credential hash against the on-chain anchor, and the revocation status against the issuer’s revocation registry. The call returns a cryptographic yes or no. No email to a registrar. No four-week wait. No manual cross-check against a holographic seal.
This is the same primitive set deployed for supply-chain provenance, financial attestations, and self-sovereign identity systems globally. The Skill Passport choice was to apply it to the credential layer specifically, which is the highest-volume identity attestation problem in the Indian economy and the one with the weakest existing infrastructure.
Why a Permissioned Chain, Not a Public One
A common question from the developer audience: why permissioned blockchain instead of Ethereum or Solana mainnet?
Three reasons.
Throughput at peak load. India has approximately 280 million students enrolled across schooling and higher education. Peak credential issuance load at exam result publication is in the tens of millions of transactions over a few hours. Public chains at current throughput cannot serve this load economically. A permissioned chain tuned for credential throughput can.
The regulatory perimeter. India’s Digital Personal Data Protection Act, 2023, treats credentials as personal data with specific consent and processing requirements. A permissioned chain with named validators provides the audit trail and access controls that DPDP compliance requires. A public chain with anonymous validators introduces compliance ambiguity that an issuer cannot easily resolve.
Governance model. The credential layer of a country should be governed by institutions, not by token holders. A permissioned chain with validator seats held by recognized educational and industry bodies maps to that governance requirement directly. Kalp DLT’s permissioned consensus supports this without requiring a token-based incentive layer to secure validators.
The on-chain content is intentionally minimal: credential hashes, issuer DIDs, revocation registry entries. Personal data and credential bodies stay off-chain in the holder’s wallet. This is the standard pattern for VC implementations that need cryptographic verifiability and data protection compliance together.
The AI Scoring Layer on Top
Verification is the floor, not the ceiling. A verified credential confirms that an institution issued it. It does not confirm what the credential holder can actually do.
The Skill Strength Score, generated by InCruiter’s AI engine, addresses this. The score is computed from assessed work performed during the credentialed program, internship, or course. It is bound to the credential at issuance and rides along inside the Verifiable Credential payload as a signed claim.
The Industry Fit Index maps the holder’s verified skill profile against live hiring demand, broken out by city and sector. The output is a vector of capability against a vector of demand, both updated in near real-time.
For an AI hiring tool, this changes the input signal substantially. Instead of probabilistic inferences over self-reported text, the model receives a signed, scored, and demand-mapped credential payload. Input variance from credential fraud goes to zero. The remaining bias surface area is the model’s own training data, which is a tractable problem with active research.
What This Looks Like for an Internship
When a company hosts an intern through a Skill Passport-enabled flow, the internship record is created at the start of the engagement. The company confirms the student’s participation, the duration, the role, and the project scope. The credential is signed and anchored at the start, with a draft status. At the end of the internship, the AI engine analyzes the work performed and writes a Skill Strength Score against the credential. The credential transitions to issued status on completion.
The credential the student walks away with carries the company’s signature, the start and end timestamps anchored on-chain, the assessed work output as a verifiable claim, and the score. An employer reviewing that credential later can verify all of it in a single call. The cost of verification is effectively zero at the margin.
The Rs 2,000 fake certificate market depends on verifiers not running verification calls because verification is too expensive. Drop the verification cost to zero, and the demand side of the market collapses. That is the design intent.
The Bigger Pattern
India already has the deepest digital identity infrastructure in the world. Aadhaar for identity. UPI for payments. DigiLocker for storage. ABC for academic credits. APAAR for student IDs. The National Credit Framework for credit portability.
What is missing is a cryptographically verifiable capability layer. Not “did this person attend Institution X,” but “what can this person actually do, signed by an issuer, scored against demonstrated work, and verifiable in a single call.”
That is the layer Skill Passport is building, and the W3C Verifiable Credentials standard makes it interoperable with every other VC-compliant system globally. The EU’s eIDAS 2.0 wallet mandate, due in December 2026, requires this standard. Singapore’s OpenCerts uses it. The international credential rails are converging on this protocol.
“We did not build this as a startup chasing a funding round. We built it as a foundation, because the credential layer of a country should be neutral, open, and governed by institutions,” is how the positioning has been stated since launch. The foundation model, the permissioned chain, and the open standard all stack toward the same architectural commitment.
A country that built UPI should not be six weeks behind on credential verification. The technical primitives have been available for a decade. The choice was where to apply them first.
About SkillPassport
SkillPassport is a consortium-built, blockchain and AI-powered platform that creates a unified digital skill identity for students, professionals, institutions, and employers. Built on the W3C Verifiable Credentials standard and powered by a permissioned blockchain infrastructure from Kalp DLT, the platform verifies, scores, and analyzes professional credentials at the point of issuance. The consortium partners include InCruiter (AI-powered skill assessment), Trikaya (hiring and recruitment), GyaanSetu (upskilling and university distribution in tier-2 and tier-3 cities), BeetleX (campus engagement partner for Skill Yatra), and Kalp Studio (blockchain infrastructure). The platform is operated by the Open Skill Foundation, a non-profit company based in Bangalore.
Mrityunjaya “Jay” Prajapati is Founder & Architect, Skill Passport.
