According to the data published by Worldometers, the coronavirus COVID-19 is now affecting 210 countries and territories around the world and 2 international conveyances. The countries with the highest number of total cases are currently: the USA, Spain, and Italy, followed by France, Germany, Great Britain, and Turkey.
At the same time, policymakers in Germany, Italy, and the UK, plus some US health experts, have floated the notion of rolling out “immunity passports” to certify that a person has contracted the virus, recovered, has the antibodies or received a vaccination, once one is available.
The idea is that, at the end of lockdown, citizens can show their immunity passports to prove their immunity status and return to work, board an airplane, or just relax their social distancing. However, the concept has its issues, especially in terms of privacy and security of data.
Immunity passports, privacy and security issues
Speaking about digital identity management we can distinguish two main models based on two different approaches.
In a traditional centralized approach, an organization issues to users (or allows them to create) a digital credential (account) that users can use to access its service (e. g. the immunity passport). Trust between users and organizations is established through the use of shared secrets, username, and a password.
But the most important thing to consider is that in a centralized approach users’ data is stored within the organization’s “database”. That means that data are more exposed to the risk of cyberattacks and users do not have full control over their identities.
SELF SOVEREIGN APPROACH
An innovative approach based on Self Sovereign Identity aims at giving back to the user full control of its identity.
This model, based on Blockchain technology, allows each user to control everything related to its identity in a «digital wallet» that contains verifiable claims related to him (curriculum, passport, bachelor degree certificate).
Each verifiable claim related to the user is digitally signed and can cryptographically prove to any verifier: who is the issuer, to whom it was issued, whether it has been altered since it was issued, Its validity.
There is no central authority needed for the system to work. The user keeps its data and on the Blockchain are stored only the results of cryptographic hash functions with no readable content. That means no risks for privacy.
A concrete example of a system based on this second approach is the Sovrin Network.
From the Self-Sovereign Identity to the Covid Credential Initiative
InfoCert is one of the Founding Steward and Blockchain nodes of the Sovrin Network, an open-source project creating a global public utility for Self-Sovereign Identity, since 2017.
More recently, InfoCert took a step forward implementing DIZME, a platform running on top of the Sovrin Network to add the eIDAS Regulation compliance to the Self Sovereign Identity world.
Today, InfoCert is also part of the Covid Credential Initiative, a global, cross-sector community of organizations using digital identity as a way to mitigate the spread of COVID-19, and is part of Kraken project, with the aims to provide market-ready tools and services, fully compliant with privacy regulations, to share and trade personal data leveraging on self-self-sovereign identity.
COVID CREDENTIAL INITIATIVE
The Covid Credential Initiative is a direct response to the calls for an immunity passport. It brings together 60+ organizations from around the world, including governments, large tech companies, startups, institutions across a wide range of industries.
All members are working together to deploy digital certificates, using the recently approved World Wide Web Consortium (W3C) Verifiable Credentials standard, in order to enable society to return to ‘normal’ in a controlled, measurable, and privacy-preserving way.
The main goals are:
- define a set of immediately useful verifiable credentials and the technical requirements for issuing and verifying them;
- defining the rules of how this technology is to be used, as well as the algorithmic and human trust mechanisms to ensure that data remains secure, private, and tamper-proof;
- publish architecture guidance, tools, and documentation that all of the participants can use to solve COVID-19 credential use cases in an aligned, synergistic, and interoperable way;
- cooperate on advancing existing verifiable credential-focused open source technology such that a greater number of organizations can more easily make use of it;
- to extend an open invitation for any organization or individual looking to join this endeavor.
InfoCert is involved in several international Research & Development projects. Learn more at infocert.digital.