Successful roll-out of vaccination programmes is at last providing relief from the grip of Covid-19. However, governments are recognising that fully unlocking economic activity and personal freedom will also require deployment of some form of citizens’ health pass.
Providing trusted proof that the holder has had either a vaccination or a negative PCR test, will enable the safe resumption of hugely important business sectors such as hospitality, events and domestic and international travel & tourism, and a return to every-day normal life.
Several bodies, including the ICAO (International Civil Aviation Organization), the WHO (World Health Organization) and the European Commission, are working on international or regional standards for health pass schemes. But in the meantime, governments simply cannot afford to wait. In 2020, the pandemic is estimated to have cost the global travel and tourism industry $4,711 billion, and over 174 million jobs. To start repairing the damage within their own borders, it’s important that governments issue health passes as soon as possible. Subsequently, passes initially designed to address domestic needs will have to adapt and evolve to support cross-border travel, in line with the emerging international initiatives.
How can governments achieve this?
Successfully meeting these twin objectives represents a significant challenge. However, governments do not need to reinvent the wheel. By leveraging existing ISO standards for 2D optical encoding along with data structures as defined by ICAO Visible Digital Seal standard (VDS-NC) or the European Commission Digital Covid Certificate (DCC), one can build a health pass solution that not only ticks all the necessary boxes but can also be implemented quickly and efficiently.
But governments should also regard the pandemic as an opportunity to look beyond the short-term requirements of economic recovery, and create a platform for more ambitious digitalisation of their identity and health credentials. The foundation for this broader vision is a digital ID wallet, as foreseen by the EU commission, which establishes a highly secure home for numerous official documents.
What are the key ingredients for success?
In the short term, any successful domestic health pass will need to encompass several key characteristics. Inclusiveness is the obvious starting point. Smartphone-based solutions provide huge reach, but to ensure universal coverage any scheme must be supplemented by the option of printing on paper, and as a sticker for passports. Convenience is another priority; employing a Sealed QR code will facilitate intuitive verification in a matter of seconds. With widespread reports of fake Covid certificates, Trust also needs to be woven into the DNA of any scheme. That means ensuring stakeholders are confident the data embedded within the pass is from a trusted source. Furthermore, that data must remain private. Compliance with relevant data protection legislation and regulations is essential.
Utilising a standardised 2D bar code ensures the pass can be verified by standard mobile/2D barcode scanners, eliminating the need for specialist infrastructure. Finally, the overriding aim of any domestic health pass is to unlock economic activity faster than would otherwise be possible. Deployment therefore needs to be swift. While some governments may prefer to create a dedicated CSCA (Country Signing Certification Authority), the ability to use existing PKI (Public Key Infrastructure) will speed roll-out.
The process of issuing and using health passes can and should be straightforward too. When a citizen is vaccinated by a health professional, a digitally signed certificate is issued. This supports the generation of the QR code, which securely incorporates the type of proof (e.g. vaccination, PCR test), the unique document number, and the digital signature. As and when required, the holder simply presents their QR code for verification, along with an identity credential to prove that they are who they claim to be.
A digital opportunity for governments
For lockdown-weary citizens and businesses, the additional freedom offered by a domestic health pass will provide welcome relief. But as they move out of emergency mode, governments are also looking to learn wider lessons. In almost every country on the planet, Covid-19 has served as a wake-up call. Many governments have realised that, in a crisis, they simply do not possess the IT infrastructures necessary to enable timely and secure digital delivery of vital benefits and public services. For example, emergency welfare payments have proved particularly vulnerable to fraud during the pandemic, simply because of the widespread lack of trusted digital ID credentials for citizens.
At the same time, there is growing appreciation of the degree to which enthusiasm for digitalisation has been accelerated by the pandemic. Having been obliged to shift to digital, mobile and online channels – for services ranging from grocery shopping to medical consultations – citizens are sticking with them as a matter of choice. For governments, this profound behavioural change can now be harnessed to advance their digital transformation agendas.
Adding value with a digital ID wallet
To facilitate the transition from short-term relief to ambitious redesign of public service delivery, the health pass can be extended into a wide-ranging and capable digital ID/health wallet. Significantly, this provides a secure and intuitive smartphone-based location for an array of digital ID and health credentials. As with a health pass, these wallets should be standards-based. For example, compliance with ISO/IEC 18013-5 can ensure that the security and privacy issues inherent in any digital identity credential are addressed.
Governments and citizens both stand to reap significant benefits. To begin with, the user experience is transformed. With a standalone health pass, the holder is obliged to present a QR code to prove the authenticity of their vaccine certificate, then show a separate physical credential to prove their identity. Because the wallet incorporates digital ID and health pass (as well as the potential for numerous other official credentials and documents), it can perform both these functions. What’s more, whereas a health pass can only work in connected mode, the wallet is designed to function online and offline, anytime and anywhere. Identity and health status can still be proved in locations where there is no connectivity.
The wallet also offers a step change in security, privacy and user control. The data is encrypted end-to-end, so the wallet effectively establishes an ultra-secure vault on the user’s phone. Moreover, the user can select the attributes that they wish to share. In contrast to a standard health pass, only the information essential for the transaction needs to be revealed.
A future-proof platform for transformation
For governments, the multi-document capability of a wallet provides a future-proof platform for ambitious, medium term, digital transformation. Crucially, by supporting both face-to-face and online verification, authentication and registration by users, it facilitates the digitalisation of a host of public services. The pandemic has also highlighted the value of instant and effective messaging by public bodies. The wallet creates a direct channel of communication between government and citizen, via the near-ubiquitous smartphone.
The opportunities created by a wallet extend right across government. In health, forward-thinking ministries can digitalise not just vaccine certificates, but also general health and insurance credentials, as well as donor cards. Trusted online authentication also opens the door to efficient and user-friendly services such as ePrescriptions, and secure, user-controlled sharing of health attributes. Similarly, ministries responsible for travel credentials can use the wallet to facilitate the creation of digital companions for physical passports. Based on ICAO standards, these Digital Travel Credentials (DTCs) are recognised globally and can host all the trusted documents now essential for cross-border travel.
Modernisation of public service delivery is no longer another ‘nice to have’ on the road map for governments worldwide. Digitalisation and dematerialisation, already powerful forces, have moved to the very top of the agenda. In particular, digitalisation of identities has become essential. Reflecting this, the EU recently committed to the implementation of a digital ID wallet for all its 400 million plus citizens. The vision of the EU Commission is for everyone to be able to prove their identity and share official documents with the click of a button on their phone, in any member state. Alongside convenience and usability, the emphasis is very much on freedom of choice, user control and privacy.
Looking forward
As far as the pandemic is concerned, we can at last see light at the end of the tunnel. But there is still a long way to go. Swift and effective deployment of domestic health passes will certainly help citizens and businesses return to normality. However, the environment remains dynamic and the response needs to be flexible and scalable. Governments have been forced to re-evaluate many aspects of their operations and should now reflect on the potential for a positive legacy to be built. To do so, they will need to rely on the support of partners that have the technology, experience and skillset necessary to create solutions that can meet the demands of trusted credentials – not just in health, but right across the digital identity domain.
The post Covid-19 health passes can open the door to a digital ID revolution appeared first on Cybersecurity Insiders.
July 07, 2021 at 09:10AM
0 comments:
Post a Comment