Security expert develops vaccine passport storage platform
A cybersecurity expert has proposed a framework for the secure storage of vaccine passports and other digital identities for each of the world’s 8 billion people.
Koji Fusa, a visiting professor at the Cyber Security Innovation Research Centre at Birmingham’s Aston University, has made progress towards developing a framework with the capability to distribute over 200 individual keys to each person in the world.
Each key could be assigned to personal information such as vaccine passports. Vaccine administrators would be able to send details of each individual to a dedicated server that would issue a QR code which would be assigned to the vaccinated person as the digital key for access.
The vaccine passport holder would keep the QR code to enable them to check their own record at any time. Under the framework, private data would be segmented into a separate database that could only be accessed with this key as well as biometric authentication such as fingerprint, face and voice recognition technology.
Fusa is the CEO of Japan’s GVE, which is developing a vaccine passport system based on the research, and has also developed a secure central bank digital currency platform designed for the monetary authorities of developing countries.
Fusa said the proposed framework would help the EU Green Pass initiative and World Health Organization’s vaccine passport initiative find the solution they have been searching for to enable private data protection and counterfeit prevention.
“We have a solution that is secure, something that others have failed to achieve so far,” he said.
“By having a cloud security server which gives unique reference numbers to all devices, [the system] will allow people to verify all of their personal information, like address, electronic health record and bank details, individually and instantly with whichever third party they choose. That could be anything from a home-buying process or getting into a nightclub.”
Under the proposed system, GVE’s Cloud Security Server would ensure the security passway between devices and the vaccine passport server.
Each server would contain multiple GV Hardware Security Modules that would fulfil the functions of encryption, storing digital keys and assigning digital signatures for all communications.
Data transmission between servers and devices would use digital signatures to prevent any counterfeiting or intervention by an unauthorised party.
The vaccinated person would be able to access the information on their smartphone or other device through a mobile app, which would display a QR code which contains the identification number for access to the vaccination record.
Immigration officers would be able to scan this code to gain access to the right record and confirm the traveller’s vaccination status in real time.
To further safeguard against the risk of forgery or fraud, each vaccination record would be assigned a unique reference number which will not overlap for 8 billion people around the world for more than 100 years.
The proposed system also includes security built in at the server end by using multiple-layer protection architecture for confidential data. This would split up data and ensure it is stored in physically separated servers, with each split data encrypted using a different encryption record.
In this way, even if unauthorised access is made to one of these stories, the intruder would never be able to reconstruct the original data.
CICTAR has urged the government to exclude ICT companies engaging in aggressive tax minimisation...
The Community and Public Sector Union has urged the government to address the policies leading to...
There are any number of applications for AI across industry sectors, but the role of AI in the...