Mr. Vikas Malhotra Founder & CEO WOPLLI® TECHNOLOGIES, Founder & Managing Director, Navandine Chair for IEEE program "Cyber Security for Next Generation Connectivity Systems"

Abstract

Education and its delivery are changing with the changing norms of society. More of our interactions including education are being done via digital. This is different from the expectation where the education institution, educators, students and anything interacting with these will be in the same space. These entities will have to interact from different spaces via digital means and perhaps across time as well.

Plus, our digital environment is failing us from a security perspective. Databases are usually seen as a way to enable transactions between two entities. However, this architecture leads to a lot of information collected in centralized islands that eventually gets hacked, shared, sold without any control available to us. Also, we are not able to identify who and what we are interacting with in an authentic manner. Both situations lead to cybersecurity and cybercrime problems. As Education is moved to more digital scenarios; there is a need for better ways to establish Trust between entities that are otherwise disconnected and are in different places. As an example, an educational institution should be able to form trust with a student who is taking the test remotely or via digital methods or a student should be able to prove their education credentials to a potential employer or another school without a back and forth for verification. Decentralized identity methods and verifiable credentials (new proposed standard from World Wide Web Consortium (W3C)) provides a way for an education institution to verify a student and vice versa in different spaces and even in the same physical space where credentials can be verified by counter parties that may not know each other from before; in an authentic manner. This also reduces the need for large databases and data propagation by acts of copying etc. and hence will reduce the hackable surface area.

Education is considered a necessity where everyone must get a basic education and have access to higher education. We are in the 21st century, where more of our experiences are influenced by digital technologies. We are more online to achieve the work, learn and even intermingle with others. Situations like pandemic (COVID 19), wars and other events such as advanced connectivity, tools and solutions have led to and gradually will lead to more education being done online.

The earliest educational institutions in India were often isolated from populated areas, where students followed strict monastic rules set by their teacher (guru) and lived in schools (ashrams) away from cities, where the teacher and students interacted directly. However, the present-day society and education brings different expectations –

1. With growing populations, people may settle anywhere and expect education to be delivered to them that they may want to consume at their own pace. There would be an expectation that the schools would live up to and exceed the standards of delivery to the paying students. This may mean 1:1 (peer to peer) connection establishment with the students while they learn as a group or class, instead of mass media delivery such as YouTube etc.

2. While the physical presence of educational institutions is expected at these times, schools may not be present everywhere or in the future anywhere. This would require the establishment of different means of delivery so that everyone gets an education.

3. Students in these scenarios may take multiple courses from different schools to complete their coursework; none of which may have presence where student is located. For a student to be able to complete their coursework, a student will be required to prove the credentials of what they have studied from a cross-section of education institutions.

4. Each school or a brand of education institution cannot be located everywhere and to increase the presence of a brand of a school, they may want to offer other modes of delivery of education that would normally be delivered over web and Internet establishments. For this, they will have to prove their credentials authentically & remotely.

5. The norms of an education system; as having a teacher (guru), student (shishya), organization, other activities, exams and tests, recognition with other organizations would likely be maintained; however, how will these be carried out in an increasingly online world is yet to be seen. In these scenarios, it is imperative that a teacher’s credentials can be proven to a student and student’s credentials can be proven to a teacher for their presence and attendance; an education institution is able to prove their credentials with other education institutions / organizations and last but not the least; credentials of who is taking the test can be proven authentically.

6. In an increasingly accessible world, students may take admission to an institution and would want to know the standing of that institution (i.e. how and where they are authorized from) without visiting that institution themselves.

7. The students would want to go to other institutions for higher studies or join an employment where they will be required to prove their education credentials quickly and authentically.

8. Large classes will be formed either physically, virtually or hybrid, where there will be an expectation of attendance instantaneously. A person would be required to prove their credentials authentically and quickly.

9. Students will expect their results to be delivered with authenticity and in real time.

Along with, as we know and understand, society is witnessing an increasing threat of cyber security. As education becomes more online or includes digital methods to do business; there will be cyber security issues. The current architecture has led us towards cyber-crimes being a major problem which is heading towards becoming a USD 13 Trillion problem by 2028, unless something is changed. An education institution is trusted to handle a lot of information on staff, students, other parties etc. and in the position of trust, the education institution must safeguard the information and transactions between parties.

There are 3 primary causes behind cybersecurity problem and these problems exist today with our current digital architectures and services –

1. Information is collected and stored in large databases; and that grows over time. A person’s information is in 100+ locations on average. These databases become the honeypot of information for hackers. Time and time again; it has been proven that these databases get hacked.

2. Some of these organizations & databases may further share or sell the information to others; not only causing privacy issues but propagating the information without a person’s control that again becomes a honeypot for hackers.

3. We as people do not know who and what we are interacting with. In physical space this may not be a big issue; but the problems become big when we are connecting using digital media or are expected to do transactions in different spaces.

We must solve these problems; else everyone including education institutions and people associated with them will face crimes directed at them. We need architecture that enables safe environments and especially that provides better control to a person, can enable trust transaction between two parties within same or different locations and where the data is generally distributed rather than being a sitting duck for some hackers to come and take away.

An example of this can be administration of a test remotely. There have been long-standing problems of examination tests getting leaked before exams, hence giving unfair advantages to some students or people who may be behind such leaks. However, what if in a remote setting or even in near physical setting of tests via digital means; the hacker changes the examination test administered to the student where the test is already known by the student? A student can gain unfair advantage in such a situation if there is no means to determine if the examination test that student got was authentic and administered by the education institution.

Another example of an interaction could be where a person / bad actor goes to a potential employer or another school and shows a degree certificate from a well-known school. There are limited ways for the employer or the other school to find if the degree / certificate is authentic and if indeed the person presenting it has attended the school and earned that degree / certificate. Time and money may be spent to get to the root; but many places take these degrees / certificates at face value. There have been instances where people have faked their degrees / certificates to gain employment or admission to other institutions; hence denying the opportunity to another legitimate candidate. This is a crime and in digital interaction scenarios; it can be more prevalent cyber crime as these degrees / certificates could be easily faked with new tools that allow to create ‘deep fake’ with current Artificial Intelligence systems.

While there are a total of 5  principles that WOPLLI® Technologies has proposed for digital architecture; we will primarily focus on the decentralized identity. The premise behind the decentralized identity is that the 3 parties; issuer, holder and verifier are indeed 3 different parties and there is no direct connection (or database) between the issuer and verifier of the credentials. Yet, the verifier can verify the credentials (called verifiable credentials) authentically from the holder’s wallet. The Worldwide Consortium, W3C has as of May 15th, 2025, standardized specification of Verifiable Credentials  (Verifiable Credentials Data Model v2.0). It changes the way in how we can communicate using digital means in a more decentralized and distributed ways across boundaries (separated by digital space or otherwise) while getting verified or verifying the counterparty authentically. The following diagram shows the relationship between 3 different parties.

Source: https://www.w3.org/TR/2025/REC-vc-data-model-2.0-20250515/

This setup can help with authentic peer to peer connection and delivery between a teacher and student. If a student is taking multiple courses from different schools, completion and progress can be measured authentically and in real time towards completion of the coursework from various institutions. A school can present its authentic credentials and can be verified remotely by students looking to join it. A student can verify the teacher’s credentials, and the presence of student (with credentials) can be done in remote learning scenarios, including while taking tests. Student attendance can be taken in large, physical, virtual and hybrid settings. Results of an exam can be delivered from authentic source (school) in a peer-to-peer manner. While doing so, this method also distributes the data (in person’s or organization’s wallet) leading to a decentralized and distributed architecture which become less prone to hacks.

In summary, Education and society and hence our interactions are changing bringing different expectations for how the interactions will happen between various parties. Plus, the current digital architecture has become a liability for cybersecurity and resulting cybercrime. Institutions and specifically schools must deliver services in a different way and with different architecture to maintain and increase trust in the institution, education, learning and its delivery, testing and students. Building and deploying new architecture in a decentralized and distributed manner will lead to better outcomes.

Vikas Malhotra’s Bio

Vikas is a seasoned executive, technologist and entrepreneur with 25+ years of international experience. He considers himself an artist, an innovator who works with technologies to build art. Vikas is interested in 'human experience' and specifically, in creating safe, fair and trusted experiences; whether it be in context of human-human; human-org; human-machine, machine-machine; human-environment. He is specifically focused on decentralized, distributed & personal models (identity, compute) that lead to formation of inferred intelligence networks - Trust Fabric; that are closer to how we are as humans, instead of our data and beings getting centralized.

Vikas is the founder of WOPLLI® that is the next-generation experiences company, making our experiences [as we Work, Play, Learn, Live] safe, fair, trusted. Vikas is also the founder of Navandine, which is the next generation hospitality experiences startup.

Previously, Vikas worked for 20+ years for various firms, with 14+ years at Microsoft (2006-2020), where he helped create, form and grow service & markets for Office 365 and cloud, from within engineering division. In prior companies (Microline, CyberTech, CIBER and INS (now British Telecom)); Vikas worked in system integration space enhancing the value and implementation of digital systems and framework for many clients across various verticals; with focus on networking and messaging. He helped pioneer Application Service Provider (ASP) service in early 2000s for one of his employers; a service delivered from remote datacenters which was at least 5 years prior to the term ‘cloud’ being recognized.

Vikas is a contributor to standards, where he contributes to many projects within Linux Foundation and International web level & is the chair of IEEE IC program on Cyber Security for Next Generation Connectivity Systems along with contributing to many IEEE standards workgroups.

Vikas has always been interested in new technologies and how to fix stuff as he grew up in a family of engineers and entrepreneurs. Vikas holds Master of Science (MS) in Telecom Management from Stevens Institute of Technology, USA and Bachelor of Engineering (BE) in Electronics & Telecommunication from University of Pune, India. Vikas resides in New Jersey, USA with his wife and 2 daughters.