We’re in the midst of a challenging time that is taking a huge toll on our lives. Everyone wants to be able to get back to some level of normalcy, but in a way that keeps ourselves, our families and our communities safe.
Being able to track—and selectively share—individual COVID-19 status is one small step in helping to control the spread of the virus. There has been significant news media coverage of digital health passports (apps that display health information) and how can they can help society get back to physical locations.
Empowering individuals with the ability to selectively share their COVID-19 status is one small step in helping to manage the virus. However, this must be done in a privacy-preserving way without requiring exposure of the underlying personal data used to generate a credential.
We built a platform designed to allow individuals to maintain control of their personal health information and share it in a way that is secured, verifiable and trusted, between organizations and:
- General individuals
Many individuals may need to present their health status to return to sports arenas, university campuses, airports and other venues. Therefore, organizations are looking for ways to create verifiable health credentials, in a privacy-preserving manner.
Built on IBM Blockchain technology, Digital Health Pass is designed to enable organizations to verify health credentials for employees, customers and visitors entering their site based on criteria specified by the organization. It can allow an individual to manage their information through an encrypted digital wallet on their smartphone and maintain control of what they share, with whom and for what purpose. It’s one solution in our Watson Works suite of workplace solutions.
Read on to learn how your organization can use Digital Health Pass to help you adapt to the world around us.
Digital Health Pass has reimagined how personal data is exchanged, adopting a decentralized identity architecture underpinned by w3c open standards. Unlike traditional data exchange which happens between organizations—with the individual providing consent but fundamentally excluded from the data exchange—a decentralized identity architecture allows the individual to become an active participant, giving them control over their data and the agency to choose how it will be used.
Decentralized identity can allow an organization to issue verifiable data to an individual, the individual to share that data or subset and a receiving organization to verify validity. Trust in the data exchanged is achieved through a distributed ledger, with strict governance practices and verification of signatures. This approach is depicted below.
A person-centric model can help present potential benefits to the flow of data:
Digital Health Pass is a hybrid cloud solution comprised of the following:
- Cloud services to address core requirements of credential generation, exchange and verification
- Mobile and cloud software development kits (SDKs) to fast-track solution development
- Applications that address standard use cases for those who do not want to build their own
It’s built on a cloud platform and meets required security and privacy regulatory requirements.
Here is how each entity interacts along the blockchain as is designed under Digital Health Pass:
An application that can issue credentials, with APIs to help integration into existing enterprise data infrastructure.
A encrypted digital wallet that can allow individuals to manage and share their credentials. Behind the scenes, it includes keys, credentials, consent, encryption, obfuscation, identity challenges, signatures and QR Codes.
A mobile application to verify credentials, that can include processing identity challenges and responses, scanning QR codes, verifying signatures which requires retrieving keys and schemas from the ledger.
Packages up key capabilities for application developers, such as secured storage, key management, encryption, decryption, signatures, QR code handling, data compression, PoBox for anonymous data exchange, backup and restore.
Allows consent to be captured, recorded, and audited.
Comprises a suite of APIs for handing credentials, which includes APS for publishing schemas, issuing credentials, signing credentials, obfuscating data, and retrieving public DIDs, schemas, renovation, etc.
Allows business rules to be applied to credentials. For example, an airline may define a green health pass for boarding as a COVID-19 negative test less than 48 hours old or a COVID-19 vaccination less than 12 months old.
Allows a Verifier to generate an identity challenge and verify a challenge response.
A secured, encrypted, and personal data vault, that can be used to anonymously exchange data, such as allowing a Holder to securely retrieve their newly issued test credential.
Manages Issuer data, such as DIDs, keys, and schemas, to make credential exchange tamperproof and verified against issuer signatures and credential hashes. No personal DIDs or data is stored on the ledger.
As you have learned, Digital Health Pass is designed to help support organizations aiming to re-open their businesses. As individuals look to return to public gatherings, organizations need to assess the risk of COVID-19 while protecting privacy. This can be key for airlines, stadiums and other large businesses.
If you answer “yes” to any or all of the following questions, we recommend contacting IBM for a consultation.
1. Have you been impacted by a lockdown? Do you want to introduce data-driven policies to help re-open your business, while prioritizing health and safety for your employees and customers?
2. Are you looking for ways to create verifiable health credentials, in a privacy-preserving manner?
3. Are you concerned about the collection of personally identifiable information (PII), either for reputational or regulatory reasons?