TrustGrid on The Need for Secure Digital Vaccine Passports

By Benjamin, Kiunisala is Head of Customer Engagement for TrustGrid Pty, Ltd., in Sydney, Australia., http://trustgrid.com.

The impact of COVID-19 on public health has raised new questions about public safety and personal privacy. With the ongoing political controversy over coronavirus vaccinations, government agencies and private companies struggle with strategies to verify inoculations to protect people from possible infection. The issuance of vaccine verifications or “vaccine passports” is one solution to prove the holder has been immunized and therefore no longer considered a risk to others. However, there are ongoing privacy concerns about vaccine passports and fears that they may compromise individual health records. The number of forged vaccine cards and vaccination passports is on the rise, making the need for a foolproof form of vaccine validation even more acute.

As with any form of valid identification, vaccine passports need to be verified, private, and spoof-proof to be effective. Just as driver’s licenses have become verified forms of identification thanks to Real ID and passports bear hologram watermarks to prevent forgery, vaccine passports need to be authenticated and issued in a cost-effective form to produce and easy to read. Digital vaccine passports are emerging as the best way to go.

Creating a Truly Secure Digital ID

TrustGrid has developed a new technology that makes it easy to create secure personalized credentials that are easy to read and easy to share. These digital identifiers also allow complete privacy, verifying the bearer without exposing any personal data associated with the ID.

With most identity cards you have one responsible agency, such as the Department of Motor Vehicles of the U.S. Passport Office. In the case of vaccine passports, there are additional challenges, such as decentralized medical records that may be held by different healthcare providers. There also is concern about securing medical data. According to HIPAA Journal, there was a 25% increase in healthcare data breaches in 2020 as more hackers look to steal patient information for identity theft and black-market activities such as Medicare scams or illicit drug prescriptions.

Using data encryption and distributed ledger technology provided by TrustGrid, healthcare providers can create a digital trust ecosystem that can validate vaccinations, certifications, or any other credentials without exposing the underlying personal data. The data itself is encrypted and stored in a distributed ledger system, like that used in blockchain technology, so information is synchronized across multiple servers so it cannot be hacked. A unique identifier is then issued to the individual verifying their credentials, such as inoculation. The approach is relatively simple:

1. A trusted attribute authority such as a healthcare provider validates the vaccine information and is stored in a distributed ledger system. Multiple agencies can share the same database as a consortium, using the same individual identifier for different purposes.

2. Users who choose to participate on board the healthcare consortium are given their unique identifier, probably in the form of a QR code, that can be downloaded and displayed, and scanned on their smartphone. The user must give consent to anyone wanting to verify their vaccine status.

3. During onboarding, the individual’s identity and vaccine status are verified using whatever information is necessary, such as social security number, birth date, and the individual code is issued for use in their smartphone.

4. Using a smartphone app, vaccinated individuals can prove their vaccine status. Any other organization can opt into the same consortium to share the validation codes. For example, airlines, sports complexes, movie theaters, and others can register to use the same system to verify vaccine status without accessing personal records. This approach makes boarding an airplane or entering a stadium fast and easy since it can be done with a hand scanner.

At the same time, the underlying credentials themselves are never exposed. There is no risk of identity theft and no need to share passwords or personal login identifications.

Giving individuals a unique identifier has the added advantage of having the identifier follow the user. The same code can be used for multiple applications, whether it’s for a security clearance at an airport, for an operator’s license, or to validate a permit or professional credential. The approach is entirely self-service with little or no overhead, making it easy and cost-effective to use. What’s more, any organization can sign up to use the same digital trust ecosystem, so the same digital ID can serve multiple functions.

It’s unclear what the future holds for vaccine passports. For now, many universities, schools, airlines, businesses, sporting arenas, and others are requiring proof of coronavirus vaccination. Adopting an easy-to-use, opt-in system that simplifies inoculation validation protects personal data, and can’t be faked is the ideal solution. It’s simple, scalable, and inexpensive.

If digital vaccination passports catch on, you can expect the same technology to be adopted for other applications. It’s already being used in New South Wales to issue digital driver’s licenses and commercial trade licenses. If there is an application where validation is needed and personal privacy is a concern, TrustGrid has the solution.

This article does not necessarily reflect the opinions of the editors or the management of EconoTimes