How to make ‘dynamic’ tamper proof freedom passes that are easily verifiable everywhere?
When UK’s former health secretary Jeremy Hunt threw his backing behind the ‘freedom pass’ concept, it addressed both the concerns - (1) Dramatically increasing the numbers signing up for voluntary testing and (2) Focusing a nation’s resources only on potential sources of spread for better effectiveness. Freedom is one of the ‘key incentives’ for people to get tested so that those infected can self isolate. Yet, it has an immense potential to be misused.
The idea is that a COVID-ve certificate/ freedom pass would be stored on a phone and would allow people to live a relatively normal life until the government’s vaccination programme gets up to the speed. It would even allow Britons to get away without wearing a mask, it is thought, and visit family and friends without the need to socially distance. Under new plans, Britons tested twice a week could get a freedom pass. The freedom pass holders will for example wander down the streets, and if someone else asks why they are not wearing a mask, they can show the card, letter or an App.
But how would you ensure that ‘Freedom Passes’ remain secure, tamperproof and easily verifiable - either in physical or in electronic/digital formats?
The traditional method of looking at this would be to get a test done and get a ‘freedom pass’ issued from approved authorities. But this comes with related problems - the testing and issuance will be done by thousands of laboratories and all these documents would need to be verified from the source of issuance without the verifier having direct access to this source.
Covid test being administered
There are going to be tens and thousands if not millions of freedom passes issued. These passes will need to be verified by third-party agencies or individuals for various purposes. It could be travel, school admissions, immigration, entry into restricted areas or designated areas and so on.
The fear is that this would mean an additional hassle. There is a need for quick and efficient verification to check that the documents are genuine while balancing privacy on the other side so that the information is only used for the purpose for which it is intended.
It is hence crucial that these freedom passes maintain their integrity on issuance and are yet extremely simple to verify. Solutions like hyperledger, blockchain and RFID may come to mind, but are far too expensive to execute and complex to implement across the board and within a short period of time. The other solutions like holograms and stickers are easily tampered with. Moreover there is a need to use such passes in both digital and physical format and that is where we can think of an elegant solution which takes into account all these aspects.
A secure QR code led solution can be far simpler, quickly actionable, leveraging on currently existing commercial technology with minimal set-up requirements. It can be universally verifiable without compromising individual privacy and without the need for any database dependencies.
What will define a successful solution ?
Enter PKI based Secure QR code enabled passes enabling de-centralised validation. Secure QR is a highly sophisticated technology that combines military grade cryptography with a PKI mechanism to allow simple day-day documents to have security and verification using ubiquitous QR code. Unlike traditional QR, ‘secure QR code’ has an inbuilt fail-safe mechanism. Such QR codes are generated only by authorized entities and institutions using a private key to digitally sign the QR. This code encapsulates the key information that needs to be communicated and verified and can be generated in a small size. This secure QR code is tamper proof. It is signed by the issuer’s private key and can be easily verified by the corresponding public key.
You can use a dedicated smartphone app to validate such a document or even web validation mechanisms in all of which the verifier would just need to scan the QR code and check the output. This entire system uses a standard public key-private key mechanism with appropriate levels of security and encryption.
In advanced implementations, such a solution can be extended to updating and revoking the QR code where the given QR code based digital certificate is updated by the issuing authorities to extend the validity or even cancel/expire the certificate remotely. This makes it simpler to control the information.
Secure QR code provides an easy and foolproof way to create and verify authentic Health and Freedom Passes.
This is how it works - Simple 3 steps
The issuing entity carries out the tests and issues the COVID-ve/ freedom pass just as before but with an embedded secure QR code that stores the details on the ‘certificate’ itself. This certificate can be in an electronic or a physical format.
These secure codes are digitally signed by the private key of the issuer to make sure that they can only be generated by authorized entities and are tamper-proof.
The QR code on the certificate is scanned by an App which carries the corresponding public key to validate the information and present it to the verifier.
The image below shows how this can be done.
Sample Lab Certificate for Covid test with Secure QR Code
You may also like