Key takeaways on ensuring security
1. Vaccination certificates have an essential role to play. They enable people to move; facilitate commerce; help economies get back to speed.
2. Governments will have to issue vaccination certificates so that people can move around safely for example when a person goes from one city to another or goes from country to another country the destination authorities would like to know the vaccination status and should be able to validate quickly and efficiently.
3. The implications of people travelling without vaccination, with fake certificates are quite severe. We will be back to square one and will be starting a pandemic 2.0.
4. Technology can fix the problem of vaccination proof in the form of trustworthy vaccination certificates, and secure QR codes can play a significant role.
5. A vaccination certificate, embedded with secure QR Code, can help address the problem of checking the vaccination status.
6. A centralised government database can let citizens of a country login through their National ID credentials to request a certificate or download a PDF.
7. Airline officials, immigration officers and third parties can scan the QR code and validate the QR code’s authenticity.
8. The vaccination certificates are signed by the private key of the issuing authority (e.g the health department).
9. All that is needed for validation is the public key. Validation can be done for hundreds of millions of people having these certificates Validation can be done programmatically using an API or through an App without even network connectivity, hence it works offline.
10. Since all data is inside this QR code, data privacy is inbuilt in the solution. This also means countries can be confident that data of their citizens is always within their borders.
Is Tampering of vaccination certificates a global phenomenon?
We had first written about what health authorities can do for COVID-19 test results, way back in March 2020. Since then, we have covered scams and incidents across the world from Cyprus to Bangladesh, on how fake COVID19 certificates are global. We even made available the Qryptal Secure Generation and Validation system for free to the laboratories carrying out Covid tests .
Last week, almost a year since the outbreak of COVID-19, we had a fire-side chat on how countries should issue COVID-19 Vaccination Certificates. We discussed how authorities could ensure that they have tamper-proof vaccination certificates with vaccination drives beginning in all countries across the world. This is important as Vaccination certificates have an essential role to play.
They enable easier movement of people
Vaccination proofs enable activity to resume or carry on with minimum friction. This facilitates commerce and allows economies to bounce back
For this to work as intended, governments will have to issue tamper proof, verifiable, vaccination certificates. When a person travels from one place to another within a country or goes from one country to another, the destination authorities should be able to validate the information quickly.
Most governments will have a centralised database of citizens with data on who has been vaccinated. They’ll typically issue a piece of paper/vaccination certificates or an electronic confirmation code of the vaccination. But just by itself, this paper or electronic document is not easily verifiable across locations/countries.
Secure QR codes can fix this problem
A Secure QR code with the relevant data is embedded as a part of the vaccination certificate. Any verifier can scan the QR code to check whether the person has indeed received the vaccination and get all relevant details as required. Those who have got vaccinated can download a PDF for their records and to show to authorities, which will show the details, something like the sample here
Sample Vaccination Certificate with Secure QR Code
They can print it or use a smartphone or an app to carry the certification in an electronic PDF format The secure QR code is on the certificate, as seen above. Inside this QR code, it (data) is digitally signed cryptographically, and to verify all that anyone needs to do is to visit the authorised domain, which can be something like verify.country.gov, or a similar, appropriate country/issuing authority domain.
Here you can find different mechanisms for validation - using an App with the public key or by uploading the image or the PDF having the QR code or even scanning the code with the mobile or laptop camera. With hundreds of millions of people travelling each day globally, not having an easy validation method can be a nightmare for any online check-in process or for an immigration authority in a foreign country.
Validation can also be done programmatically with an API. The key to note is that since the information in the QR code is self contained, the validation can work without even network connectivity; in other words - it works offline. This validation allows trust in the issuing country’s certificates.
It is designed for privacy because no database access is needed for validation and also no data is required to be stored outside the country; for verification - all data is inside this QR code. Many countries have stringent requirements with respect to privacy and security of data such that the citizen’s healthcare data cannot be stored outside the country’s borders. It is a total non-issue with secure QR Code since all the data is inside the QR code itself. Needless to say, Secure QR code enabled vaccination certificates have an essential role to play to help economies get back to speed.