Digital Green Certificates: A Decentralized and Interoperable Infrastructure
In the last few months, one discussion has been ongoing all over the world: what is the best way to allow people to travel again, given the restrictions imposed by the current pandemic? And what is the best technology solution to support credentialing?
Though some governments are still waiting to take a position, and others are analyzing or testing the best solutions the market has to offer, the European Union (EU) Commission has set some requirements to drive this market in a newly-released proposal for the creation of a Digital Green Certificate. The aim is to facilitate the safe, free movement of citizens within the EU during the COVID-19 pandemic. Once deployed, the Digital Green Certificate will enable travelers within the EU to present a credential that validates if he or she has been vaccinated against, tested negative for, or recovered from COVID-19. This certificate will enable travelers to avoid the otherwise applicable quarantine restrictions and more freely move between the EU Member States.
Since the emergence of the COVID-19 virus in early 2020, the IOTA Foundation has been busy prototyping solutions that would allow people to prove they have tested negative in a trusted, secure and seamless way.
In particular, the IOTA Foundation has been working with Zebra Technologies to accelerate the deployment and availability of an open, secure, and interoperable infrastructure for certificate creation and verification.
Our resulting approach is:
- Secure: The identity of issuers and holders and their verification status cannot be tampered with due to the immutability of the IOTA ledger.
- Respectful of privacy and GDPR compliant: Vaccination data is held locally in the certificate holder’s device and accessed only at the time of verification. Any identifier is pseudonymized.
- Interoperable: Certificates are digitally issued as standard W3C verifiable credentials and follow recommendations from the Linux Foundation Public Health Working Group.
- Open: Any authorized issuer can write – and any verifier can read – certificate verification information from the ledger, only for verification purposes and directly, without a need for third-party integration.
- Inclusive: The creation of Self-Sovereign Identities (SSIs) is free for everybody thanks to the feeless and permissionless nature of the IOTA ledger.
The idea is simple and based on the immutability and scalability of the IOTA Ledger and its Decentralized Identity Protocol.
How it works:
- Certificate issuers (centers that administer the test or vaccine) and holders (citizens being vaccinated) both have a self-sovereign identity (a unique pseudonymous key registered in the ledger). Issuers’ identities are validated in a one-time process by a central organization, such as a government agency.
- Holders’ identities are verified at the time of receiving a COVID-19 test, vaccination, or certificate of recovery through adequate “Know Your Customer” (KYC) validation – such as assigning a dedicated agent administering the vaccine to check an ID card. Once identities are verified, holders can then collect digital certificates containing either their vaccination, test, or recovery information. The certificate is stored locally and can be either downloaded on the holder’s smartphone, loaded onto a uniquely identified physical card, or printed on paper. Both digital and physical certificates will have either a barcode or QR code that can later be scanned by certificate verifiers, such as border agents.
- Together with a minimum set of the legally required information (in our implementation, we have already considered the EU eHealth Network recommendations), the certificate contains the holder’s identity (its verified pseudonymous public key), issuer identity, and issuer digital signature (generated using its private key). Certificates stored on cards and mobile phones can even be encrypted with the holder’s private key for additional security.
- A verifier (i.e., a border agent) can then scan the barcode or QR on the card or phone to retrieve and review the required information, including holder and issuer identities and the certificate signature. It then uses the IOTA ledger to verify that the signature is authentic and belongs to a verified issuer.
While our considered data model for certificate information can be adapted to final EU needs, based on the above, our infrastructure meets the following fundamental technical requirements:
The “Digital Green Certificate” framework should ensure that these certificates can be issued in an interoperable format and be reliably verified when presented by the holder in other Member States, thereby facilitating free movement within the EU (cit.).
And thanks to its user-centric nature, the framework we have outlined helps to ensure that:
The personal data accessed pursuant to this paragraph shall not be retained (cit.).
In fact, no data is stored centrally or in the ledger, nor transferred, but only presented and verified locally.
Together with Zebra, we have proven that physical cards with barcodes or QR codes can be used by those who don’t have access to mobile phones, making the certificate program accessible to all. This is important because an average of 20% of people in the EU do not have a smartphone and cannot store – and thus present – a passport digitally. This number rises to 70% in less developed countries.
This is also a good solution for those worried about losing or damaging a paper certificate, as this model allows for card replacement and a digital backup version. Besides, biometric cards, such as photo IDs, simplify and speed up automated secure verification processes, which will be important when the volume of travelers starts to rise again.
Our solution is fully decentralized and allows for ease of integration and interoperability across EU Member States. However, to simplify and speed up the deployment of an initial solution, the EU recommends adaptation and re-use of the European Federation Gateway Services. Such Gateway was already deployed to share tracing information during cross-border travels pseudonymously.
At this stage, our proposed approach is fully compatible with this recommendation (see the complementary workflow integrating the Gateway and represented with green dashed lines in the figure above). We believe that the process of registering to the Gateway can be used to streamline the verification process for issuers’ identities across EU Member States and before these are registered to the ledger. Integrating the proposed ledger infrastructure as Public Key Infrastructure and a way to verify a certificate’s integrity also offers a more redundant and reliable complementary mechanism in case of any scalability issue should the Gateway model be adopted initially. Keys for certificate verification are always available to verifiers, thus increasing interoperability across countries (outside the EU).
In the future, we expect that a fully decentralized infrastructure such as the one we have proposed will simplify integration, reduce costs and provide an adequate level of security and accountability, especially if it were to eventually be integrated with the evolving European Blockchain Service Infrastructure (EBSI).
We also believe that decentralized identities will enhance interoperability, which is why we are supporting members of the Good Health Pass Collaborative and its joint initiative on interoperability with the Trust over IP group.
The IOTA Foundation and its partners believe that self-sovereign decentralized identities and verifiable credentials are the keystones for addressing the current emergency. We also believe that this innovation will allow Europe to respond to future emergencies in an agile way to better support citizens’ needs.
We are collecting support from several industrial partners, and we are collaborating with top-class security research groups as well as standardization bodies like Object Management Group, to develop a decentralized identity framework that reduces the risks currently associated with traditional centralized identity systems, such as uncontrolled data disclosure, linkability, and traceability.
We are looking to further support from private and public sector organizations as we continue to build out this infrastructure. If you want to start the integration of your solution with this infrastructure or have developed a solution or tool that could facilitate other integrations, you can reach us at [email protected] or on Discord.
We look forward to the day when people have the opportunity to enjoy life without too many restrictions, and we are working hard to make it feasible to travel again or to participate in organized events.
For more information about the IOTA Foundation, visit our website. You can also learn more about this initiative on Zebra’s blog post or on the company’s website.
Tools for the creation and verification of card-based identities and certificates
IOTA Identities: Create and Verify mobile-based Identities and VCs examples