Marko is on a team looking for solution for the world's future: He reveals all about Covid passports

Marko Vukolic/Illustration: Nikola Jovanovic; Photo: Private archive

Digital passports have become a term most often spoken of as salvation in the time of coronavirus. It is one of the passes for travel, and many see it as a way of life in "the new normal." Because of that, many eyes around the world have been focused on those who are trying to design and find a solution, that is, create a "document" that should eventually become the Covid passport.

Recommended

Marko Vukolic, a scientist working for IBM in the Sweden based branch IBM Research, is one of the members of a team whose job was just that - to find a solution for a digital passport. In an interview with Telegraf Biznis, Marko talks about the technology behind it, the importance of blockchain, teamwork and perhaps the most important question - how safe are such passports.

• Everybody abroad is talking about Covid passports, how safe are they, that is, will our data be protected?

- That largely depends on the technology that underlies a given decision for a health passport. Decision makers need to be aware of technological differences between different solutions offered by different suppliers.

As for IBM's Digital Health Pass, the solution I deal with, the health certificate is kept only by the user (individual) in digital or paper form. The architecture is, therefore, GDPR compliant in terms of design and protects user data.

• How will digital passports function? What technology are they based on?

Homepage news

- Our solution is based on the Hyperledger Fabric open source blockchain platform. Authorized publishers (laboratories, hospitals, general practitioners) are included (by the health authorities) in the system and their public cryptographic keys are stored on blockchain.

An individual who does a Covid PCR or antigen test, receives a vaccine or simply tests for antibodies for Covid, receives a health certificate signed with the issuer's private key, which is linked to the individual's ID card and the issuer's public key.

The health certificate is kept in the form of QR code in paper or digital/mobile form, by the individual.

When the time of verification comes, the individual shows the QR code to the verifier (airline, border control, employer, public event organizer, etc.). The verifier retrieves the publisher's public key from the blockchain and verifies the health data. The verifier retains sole jurisdiction over the access decision, and technology does not make such decisions.

Photo: Private archive

• Is there a possibility of data abuse, especially since, as we can see, these passes will be used on planes, and during many other "checks" when we will show whether we have been vaccinated?

- IBM Digital Health Passport is much more secure than the current "paper" approach.

• When you speak about Covid passports being recognized depending on the vaccine, that is, if a vaccine is accepted in the EU, do you think there is discrimination there?

- I am not in a position to answer this question. That's a political issue, not a technological one. The technology is agnostic regarding the origin of the vaccine.

• What type of data will be used, what does a Covid passport have to contain?

- The IBM Digital Health Pass health certificate in case of a PCR test/vaccine contains the national identification number of the individual (but not their name or date of birth, for example), time of the testing/vaccination, type of testing/vaccinating and result (e..g negative/positive test)

• Is there a time limit, i.e., do Covid passports expire?

- Health certificates do not have an expiration date, but contain the time of testing/vaccination. It's up to the verifier to decide whether to take this into account.

• What kind of technical preparations did you have to go through to create a system that will support the whole scheme? How difficult was that?

- We built the solution on the Hyperledger Fabric platform, an open source blockchain system in whose architecture I was also involved. Fabric enables IBM Digital Health Pass an easy decentralized application of the solution, and the rest of the development, specific to IBM Digital Health Pass, comncerns the management of keys, implementation of W3C digital certificate standards and mobile application development.

We had an early prototype in three days and after about three months of hard work the product was ready.

• What was the work on the technology like, what was going through your head?

- Several of my colleagues, including me, love to travel. Shortly after the pandemic began, IBM formed an internal team called the IBM COVID-19 Task Force, where they asked us to design and find solutions for the current pandemic, but also for the future.

Many ideas were launched at the initial virtual meeting, but we all went back to travel: how about building a solution that would allow us to travel as quickly as possible while protecting user data.

In doing so, we wondered what personal data should be available in such a solution and the answer was clear, only that which is necessary.

Therefore, we have designed a solution that only informs the verifier about the national ID card/passport number and does not store any personal data on the blockchain.

Photo: Shutterstock

• Serbia plans to introduce digital certificates, can you explain the difference between certificates and passes?

- As far as I understand the goal of both is practically the same, but I am convinced that IBM Digital Health Pass is the safest and most appropriate privacy-wise.

• Germany has decided that digital passports should be done precisely by IBM, how significant is it for you to be a part of such an important project in the world?

- The state of New York has publicly announced that it uses the IBM Digital Health Pass, which is certainly a great recognition of our work. I don't know about any official announcement in Germany.

• How important is blockchain as such, bearing in mind its increased use, and what do you think is the next big thing for humanity that will be done with the help of blockchain?

- In addition to the decentralization of the monetary, financial and payment systems, another use of blockchain refers to trust and transparency of the food supply chain or container transport. Examples are IBM FoodTrust and TradeLens blockchain networks.

For example, by scanning the QR code on a food product, e.g. olive oil, consumers can follow its production from the farms where the olives are grown, to the mills where they are processed into oil, to the stores where they are sold.

In my opinion, in the future, the use of blockchain will be extended to decentralized cloud computing, decentralized databases and so on.

Whenever centralization is not desirable or not possible, blockchain can be considered.

(Telegraf Biznis)