This blog post is the second of a two-piece series on COVID certificate verifications by the Global COVID Certificate Network (GCCN), an LFPH initiative that facilitates the safe and free movement of individuals globally during the COVID pandemic. LFPH recently completed the proof-of-concept (POC) of the GCCN Trust Registry Network, a highly scalable and flexible trust infrastructure for COVID certificates, and will host two webinars about the POC: on May 10, 2022 at 8 am ET / 2 pm CEST, and May 11, 2022 at 7 pm PT / (+1d) 10 am HKT, to have a live demo and Q&A session.
The crisis of the global pandemic has finally forced the use of electronic credentials to help validate health status, and with it a myriad of rules and procedures. The idea is simple—show a valid certificate that suggests satisfactory COVID status and you are cleared to travel. In the first piece of the series, we explained the technical mechanism that could enable border control officers to check the validity of the various forms of COVID certificates. However, other than the validity of COVID certificates, a border control officer also needs to know if a traveler’s COVID status meets the entry requirements, e.g. tested negative within the last 48 hours, set by the country/jurisdiction the traveler is about to enter. In this second post, we are going to dive into the technical mechanism of how to do exactly that and where in the complete end-to-end verification process our GCCN Trust Registry Network plays a role.
Step 0: Build a trust list using the GCCN Trust Registry Network
For a country/jurisdiction to enable its border officers to verify COVID certificates properly, it needs to define who they are going to trust as the sources of COVID certificates since there are many out there who are implementing different technical standards and policies for COVID certificate issuance.
The GCCN Trust Registry Network provides exactly the platform for countries/jurisdictions or any other verifiers that need to create a list of trusted issuers. By browsing through all the listed issuers or searching for issuers that meet certain keywords/criteria on the Network, a country/jurisdiction can build or reference a customized trust list that provides the public keys border officers need to download to their verifier apps. The country/jurisdiction can update the list using the Network and broadcast the changes to the verifier apps as they take place so the border control officers can access the most up-to-date list for their verifications.
Step 1: Check the validity of a certificate issuer using the trust list
Once the border control officers are equipped with a list of trusted issuers, they are ready to handle incoming COVID certificates. What we see most often is a COVID certificate presented in the form of a QR code. By scanning a QR code, a verifier app will be able to determine the issuer of the certificate. With a reference trust list created through the GCCN Trust Registry Network, a verifier app filters trusted issuers from the registry and determines if the certificate presented comes from a trusted issuer. If it does not come from a trusted issuer included in the trust list, the verifier app will notify the border control officer immediately that verification failed due to an untrusted source. If the issuer is known and trusted, then the verifier app will pinpoint the public key of the issuer and proceed to Step 3.
Step 2: Decode and decrypt the QR code
To issue COVID certificates in QR codes securely, a system needs to encode and encrypt the COVID health data into QR codes. Encoding is the process of transforming human-readable data into QR code formats while encryption is a separate process that provides a higher level of security to the QR code. As described in the ePasspost case in the first article, it is the issuance/encryption process that requires the private key of the issuer, and the encryption allows each COVID certificate to have a digital signature embedded in it to increase data security.
Once border control officers know a certificate comes from a trusted issuer, they need to make sure the traveler’s COVID status meets the entry requirements. For this the verifier app needs to read the actual data by decoding and decrypting the QR code. To do that, a country/jurisdiction needs to build/use verifier apps that are capable of processing the specific encoding method of the QR code and the cryptography used for its encryption. The encoding and cryptographic methods applied to the QR codes are based on a limited number of implemented technical standards (see major COVID standards in an article we wrote here). The GCCN Trust Registry Network doesn’t play a role in providing these necessary capabilities but as long as the verifier apps have these capabilities, they will be able to use the public key of the issuer pinpointed from Step 2 to decrypt the QR code and read the actual data.
Step 3: Compare QR code data to entry rules
When the verifier app finishes decoding and decrypting the QR code, it will be able to compare the actual data to the entry rules and determine if the traveler is eligible to enter the border. Depending on the capabilities of the verification system, border control officers may be able to directly get a ‘yes’ or ‘no’ answer from the verifier app, or they will need to read the actual data presented on the verifier app and compare it with the rules manually to make a decision. The GCCN Trust Registry Network is not relevant in this last step.
We completed the GCCN Trust Registry Network PoC in March 2022, which demonstrates the above process from Step 1 and 2. You can check the release here and reach out to us at firstname.lastname@example.org if you have any questions.