Standardised COVID-19 Immunity Test Certificates

Abstract

The NHS already has tests for COVID-19 antibodies in the blood, and soon will have a vaccine. People who have been tested or vaccinated will benefit from being issued with a COVID-19 Certificate (or Passport) so as to show to others that they are immunised and/or protected and not at risk of infecting themselves or others. This will help the UK to formulate its exit strategy from lockdown/self-isolation, and be immensely beneficial in many circumstances, e.g. staff in critical care wards may no longer need to wear the full PPE that currently restricts their movements, causes great discomfort and means they can only work for a few hours at a time.

However, we must ensure that these COVID-19 certificates are not easily forged, copied or passed between people, as this would undermine trust in the entire system. Our solution is to use cryptographically-protected and privacy-preserving electronic certificates, that people can store on their mobile phones, laptops or other devices, as an alternative to physical copies, and can show to anyone or any computer system at anytime, anywhere.

Our COVID-19 Certificate Infrastructure conforms to the latest international standards and all messages are carried by HTTPS (which secures the entire Internet). In particular we do not rely on operationally-unproven, non-standard technologies such as distributed ledgers and zero knowledge proofs, which only serve to complicate the installation, add costs and complexity to the set up, and make the system more likely to have bugs. Consequently, our system is lightweight, and easy to integrate with existing technologies and systems through 3 simple application programmable interfaces.

Our electronic COVID-19 certificates can be strongly bound to their owner, preferably through biometrics, so that they cannot be passed from person to person (or device to device) and the user can access these certificates without needing yet more usernames and passwords. Our infrastructure allows the NHS to instantly revoke these certificates when circumstances demand e.g. a new strain of the virus starts to circulate.
Our proposal is to take our existing proof of concept infrastructure that uses laptops and web browsers, and

* port it to mobile phones, both iOS and Android,
* write supporting mobile phone apps,
* perform user trials with at least 3 NHS Trusts, to prove the viability and utility of the certificate infrastructure.
.
A demonstration of our laptop-based proof of concept is available on YouTube at https://youtu.be/Q-1X1FRSTss

Lead Participant

Project Cost

Grant Offer

Verifiable Credentials Limited £73,897 £ 73,897

Publications

10 25 50