‘Digital Vaccine Certificates or Immunity Passports’ - How to make them tamper proof and easily verifiable across borders?
- Rajesh Soundararajan
- Apr 12, 2020
- 5 min read
....without compromising on privacy !
‘Immunity Certificates’ - How do we make them tamper proof and easily verifiable everywhere?
And how can this be done without compromising on privacy?
When US Attorney General Barr commented on Bill Gates wanting digital vaccine certificates, one of the concerns was about privacy and how much one would end up on a slippery slope once you open up the data on digital certificates. He said “I’m very concerned about” slippery slope.
https://www.dailywire.com/news/ag-barr-on-bill-gates-wanting-digital-vaccine-certificates-im-very-concerned-about-slippery-slope - Bill Gates & The Gates Foundation are in favor of developing digital certificates that would certify that individuals, American citizens, have an immunity to this virus and potentially other viruses going forward to then facilitate travel and work and so forth
https://www.politico.com/news/2020/04/10/fauci-coronavirus-immunity-cards-for-americans-are-being-discussed-178784 - Even the Director of National Institute of Allergy and Infectious Diseases, Dr Anthony Fauci also mentioned this recently
Its not just the US - There are talks of immunity passports and certificates in other countries too
Note: We are not advocating on the issue of the Vaccine or Immunity certificates and are neither for nor against this proposal. We are offering a technology solution, should the American administration or the world in general want to adopt such a method.The question therefore that we are addressing in this post is -
How would you ensure that ‘Vaccine or Immunity Certificates’ that are issued are secure, tamperproof and easily verifiable - either in physical or in electronic/digital formats?
This question once again throws up the traditional answers on using complex technologies like hyperledger or blockchain and artificial intelligence. But we believe the solution can be far simpler, quickly actionable, leveraging on currently existing commercial technology with minimal set-up requirements. It can be universally verifiable without compromising individual privacy and without the need for any database dependencies.
Let us rephrase the problem at hand the world is trying to solve
If the consensus moves towards having immunity certificates then we are going to have tens and thousands if not millions of certificates issued by approved agencies. These ‘documents’ will need to be verified by third-party government and non-government agencies for various purposes. It could be travel, school admissions, immigration, entry into restricted areas or designated areas and so on.
The fear in the minds is that this would mean an additional hassle with the need for quick and efficient verification to check that the documents are genuine while balancing privacy on the other side so that the information is only used for the purpose for which it is intended.
What will define a successful solution ?
The traditional method of looking at this would be to get a test done and get a certificate issued from approved authorities. But this comes with attendant problems - the testing and issuance will be done by thousands of laboratories and all these documents would need to be verified far away from the source of issuance without the verifier having direct access to this source. There will have to be a system which can enable this while tackling fake certificates and tampering by unscrupulous agencies who will invariably try to muscle into such a lucrative business opportunity.
It is therefore crucial that these ‘immunity’ certificates maintain their integrity on issuance and are yet extremely simple to verify. Solutions like hyperledger, blockchain and RFID may come to mind, but are far too expensive to execute and complex to implement across the board and within a short period of time. The other solutions like holograms and stickers are easily tampered with. Moreover there is a need to use such certificates in both digital and physical format and that is where we can think of an elegant solution which takes into account all these aspects.
Enter PKI based Secure QR code enabled certificates facilitating de-centralised validation
Secure QR is a highly sophisticated technology that combines military grade cryptography with a PKI mechanism to allow simple day-day documents to have security and verification using ubiquitous QR code. Unlike traditional QR, ‘Secure QR code’ has an inbuilt fail-safe mechanism. Such QR codes are generated only by authorized entities and institutions using a private key to digitally sign the QR. This code encapsulates the key information that needs to be communicated and verified and can be generated in a small size. This secure QR code is tamper proof and can be easily verified by the corresponding public key.
You can use a dedicated smartphone app to validate such a document or even web validation mechanisms in all of which the verifier would just need to scan the QR code and check the output. This entire system uses a standard public key-private key mechanism with appropriate levels of security and encryption.
In advanced implementations, such a solution can be extended to updating and revoking the QR code where the given QR code based digital certificate is updated by the issuing authorities to extend the validity or even cancel/expire the certificate remotely. This makes it simpler to control the information.
Secure QR code provides an easy and foolproof way to create and verify authentic health and immunity certificates
This is how it works in 3 simple steps
The issuing entity carries out the tests and issues the health certificate just as before but with an embedded secure QR code that stores the details on the ‘certificate’ itself. This certificate can be in an electronic or a physical format.
These secure codes are digitally signed by the private key of the issuer to make sure that they can only be generated by authorized entities and are tamper-proof.
The QR code on the certificate is scanned by an App which carries the corresponding public key to validate the information and present it to the verifier.
The image below shows how this can be done.
Sample Immunity Certificate with Secure QR Code
The most important thing is this technology is commercially tested and readily available at the desired scale for authorities and agencies across the world looking to solve this problem !
Sign up for a free trial by clicking on the button on top right.
You may also like
This is what health authorities can do for COVID-19 test results and reports
Fake Vaccination records leading to a possible public health crisis