Veritas Certifications
Get certified

How it works

Integrity from the first question to the final check

Veritas protects the value of your credential at two moments: while you take the exam, and forever afterwards when someone verifies it.

During the exam — Sentinel

1

Identity-bound media check

Before the first question, your browser requests camera and microphone access. The live feed is shown back to you and stays active for the whole session. The exam will not start until access is granted.

2

Environment lockdown

Sentinel registers listeners for the behaviours people actually use to cheat: switching tabs, losing window focus, leaving full-screen, and copy/paste. Each event is captured the instant it happens.

3

Real-time integrity log

Every signal is POSTed to the server and written to an append-only integrity log on your attempt, with a severity. Nothing is computed in the browser where it could be tampered with.

4

Integrity scoring & review

On submission the server derives an integrity score from the logged events. Clean sessions pass straight through; flagged sessions are surfaced for review before a certificate is issued.

After the exam — verification

1

Unguessable code

On passing, we mint a random 15-character code (≈75 bits of entropy) in the format FMC-XXXXX-XXXXX-XXXXX. It is not derived from a counter, so codes cannot be enumerated or predicted.

2

Cryptographic signature

The certificate's holder, credential, score and issue date are HMAC-SHA256 signed with a server secret. The signature is recomputed at verification time, so editing any field on a printed certificate makes it fail.

3

Public verification portal

Anyone — no login — can paste a code into the verify page and see the holder, credential, score and date pulled live from our database, plus a clear valid / invalid / revoked status.

Try the verification portal

Straight talk: what is enforced vs. what is deterrence

We think credibility starts with honesty, so here is the unvarnished version. No browser-based system can make cheating truly impossible — and any vendor who claims otherwise is overselling. What a serious system can do is make cheating risky, costly, and detectable, which is what protects the credential's value.

Genuinely implemented & enforced

  • • Camera + mic capture via the browser (getUserMedia).
  • • Tab-switch / visibility-change detection.
  • • Window focus-loss and full-screen-exit detection.
  • • Copy / paste detection during the exam.
  • • Periodic webcam snapshots taken client-side.
  • • Server-side, append-only integrity event log.
  • • Server-side grading (answers never trusted from the client).
  • • Random, non-sequential codes + HMAC-signed records.

Narrative / would need more in production

  • • Snapshots are captured but not uploaded/stored by default (privacy).
  • • No face-match or “second person in the room” AI yet.
  • • No gaze tracking or audio transcription/analysis.
  • • No OS-level lockdown — a determined user can leave the browser.
  • • “Human review” of flagged sessions is modelled, not staffed.

The point of the integrity log is that the building blocks a real review process needs are actually in place and tamper-resistant — not that a web page alone can stop every cheat.