The pandemic was a new way of living, and vaccine passports aided by digital identification methods are not a quick fix but a stepping stone to a universally recognised digital identification system where paper verification is obsolete on its own.
The proposal and implementation of vaccine passports have come up against much contention over the last few months. Many countries have applied digital vaccine passports to their list of requirements for international travel.
While it might be a point of contention, many professionals claim that this is a very exciting and vital moment as the evolution of vaccine certificates will drive the whole digital identity field in the future.
What challenges come with digital certificates?
There are various challenges to overcome when creating a universally recognised digital identification system.
1: There need to be verifiable credentials. International and industry-based initiatives must be developed using international verifiable credentials and standards.
An example of this is the Digital Green Certificate, a type of mobile health passport backed by the European Union, which entitles all member states to adopt the technology from June 2021 onwards.
The Common Pass and COVID-19 Credentials Initiative are consortiums working toward primarily Appbased digital solutions using a QR code displayed without releasing sensitive personal information.
2: Be based on a platform of interoperable technologies. The technology must meet specific standards for interoperability (HL7 FHIR standards), which is the ability of systems to work together within and across organisational and technical boundaries to enable different information technology systems to communicate and exchange useable data.
3: There are privacy and forgery issues. Products allow individuals to share their vaccination and health status (to employers and authorities) while preserving privacy.
Technical challenges exist, such as form (digital, paper), forgery, and attention to privacy and identity proofing.
How can digital certificates uphold privacy?
Digital certificates need a stringent and robust verification system. There will need to be a secure system that can maintain data security to make it safe for users.
Governments can do this through Public Key Infrastructure technology, which enables digital signatures on the certificate to show that a health authority issued it, making the contents tamperproof.
The World Health Organisation published guidance on the role of digital proof of vaccination and the technology that enables Smart Vaccination Certificates (SVC’s).
Currently, SVC’s test some ambitious visions of technology.
SVC’s provide a way to mitigate fraud and falsification of ‘paper only’ vaccination certificates by having a ‘digital twin’, that can be verified through a reliable and trusted manner – done through electronic signatures on PKI’s.
There are currently a few digital proof’s that boast the verifiability of electronic signatures: the self-regulating blockchain and the Self Sovereign Identity.
These digital twins uphold privacy by harnessing the public key (PKI), bound to a data carrier controlled by the Subject (usually a cryptographic wallet). The credential carries a fresh secondary signature created by the Subject’s private key when the certificate is presented.
This private key allows the receiver to tell what sort of data carrier it came from and, depending on the type of carrier, be sure the user made the presentation with the consent of the Data Subject.
Despite the conflict that this is one way of securing a future of ‘identity on the blockchain’, we have had cryptographically verifiable credentials for many years in the form of smart credit cards.
When you use a Chip-and-PIN smartcard, the merchant terminal cryptographically verifies the digital signatures of the card-issuer (proving the account details are genuine) and of the cardholder (confirming the transaction was created afresh on the spot, under the cardholder’s control).
So what does the future hold for digital identification?
For now, the goal for digital identification methods should be nothing more than representing that someone has received their jab.
The technology will need to be simplistic, robust and mature. It will also need to be scalable, like PKI, and available passively through barcodes and other biometrics accessible on smartphones and medical devices.
The true extent of PKI’s ability will be tested, but ultimately, there is no need for a new identity framework.