Covi-ID: Privacy-Preserving COVID-19 Status Verification

Co Georg
Published in
11 min readApr 5, 2020


The latest info about our project:

Following the COVID-19 outbreak around the world, much has been written about China, Italy, and the United States. Much less has been written about emerging countries who face their very own COVID-19 challenge: That many of the tools that work in countries with high cellphone coverage don’t work in a country where a sizeable part of the population — in particular the most vulnerable part of our population — does not have a smart phone.

In response to this challenge, a group of South African academics, students and entrepreneurs have come together to build Covi-ID, a uniquely “African” solution to this problem with the help of some of South Africa’s largest corporate players.

Covi-ID gives everyone the ability to prove their COVID-19 status, reliable, secure, and without loss of privacy. We combine self-sovereign identity and the latest blockchain technology with extensive use of QR codes so that literally anyone can use Covi-ID.

You have a smart phone? Great! You will be able to get our self-sovereign identity wallet on your phone to make sure that your sensitive health data stays safe and is never used without your control.

You don’t have a phone? Don’t worry, we got you covered as well. In this case you can go to one of our corporate partners who offer so-called custodial wallets. These are accounts that securely store your data on the servers of one of our partners, but so that you have full control over what happens with it. Our corporate partners will take a picture of you, take your name and the phone number of a friend or relative, and then issue a QR code for you. You can then use this QR code to prove your COVID-19 status in the same way someone with a phone can.

So, what makes our system different from the system used e.g. in China? In one word: privacy. We believe that information as sensitive as your health status, should be controlled by exactly one person: you! Proving your status will help restore your freedom of movement while still complying with necessary restrictions applied to ensure public health.

In addition, Covi-ID will implement a simple track and trace system even for users who don’t have phones. But instead of collecting everybody’s data centrally, we communicate possible infection hotspots to the user’s wallets once a day so that our app then checks whether there is any overlap with the locally stored geo-location history. We can therefore achieve the same track and trace functionality as centralized solutions simply by flipping the direction in which data flows.

In developing Covi-ID we want to show that another, better, way of using technology to address the COVID-19 challenge is possible. Governments around the world engage in incredibly privacy-invasive measures in the interest of public health. The centralized solutions built in this endeavour create a massive cyber security risk and the associated privacy concerns will lead to evasion, further compromising the solution.

Our approach is radically different from the walled garden solutions so happily proposed by consultants. We choose an open systems design where open standards enable interoperability, and open source enables rapid development and adaptation.

We don’t do this for purely ideological reasons. A system with a single solution provider is more likely to have choke points, either from a performance or price perspective. Interoperability enables competition for the best possible solutions. Similarly, opting for open source enables other players to rapidly adapt a solution to their specific needs, better addressing the demand in the market. Through Covi-ID, different custodial wallet providers can offer their solutions and compete with different SSI wallet providers and the infrastructure itself.

If you are interested in working with us, contact us at or check out our website for more ways to link up. Below you’ll find more detailed explainers of various aspects of our platform.

Background: How Covi-ID works

User Story 1: Getting a Covi-ID account and receiving a COVID-19 status

There are two basic user stories implemented in Covi-ID. The first is that a user wants to create a Covi-ID account with one of our partners who offer custodial wallets. These partners are for example large corporations, but can also include government institutions like the Department of Health or the Council for Scientific and Industrial Research, universities, NGOs, and international organizations like UNICEF. Each of these custodians ensures the safety of the user data. A user can freely choose between custodians or whether to keep her data separate in a self-sovereign identity wallet, one of which is being developed directly by Covi-ID. We call these accounts identity accounts. Using identity accounts is also a great way to cater for children and the elderly. Not everyone will feel comfortable with a smart phone solution and by using custodial wallets we cater for this group as well.

The advantage of a self-sovereign identity wallet is that the user can be sure her data never leaves her phone. The advantage of having an account with a custodian is that it is a little easier and also does not require the user to have a phone. Once a user goes to a custodian, the custodian takes a picture for simple visual confirmation during the verification stage, her name and contact details. This can be the user’s own phone number, or the number of someone she knows. This latter step is important so that when there is a future outbreak, Covi-ID has the ability to contact the user and warn her that she might have been exposed to COVID-19 or a future version thereof.

How a user receives a digital health credential.

Once the user has her identity account, she can go and visit a doctor if she is symptomatic. Or she can go and visit a medical professional, for example in one of the mobile testing units currently being deployed across the country. There, she can get tested and to do that, the medical professional scans her QR code, verifies that she indeed is the person on the picture, and then sends her test results to a lab or conducts the test right on site. The lab then receives the sample together with the QR code and will be able to reliably attest a user’s status. If a user has indeed COVID-19 the attestation from the lab would be that the status is red, i.e. that the user urgently needs to self-isolate.

However, once the user is recovered, she can go and see a doctor to receive a verification that she has in fact recovered and is thus no longer susceptible to the virus. Alternatively, a user can go and see a doctor to receive a vaccination once they are available. With the vaccination received, the doctor then directly verifies that the user’s status is always green and that she does not pose a potential public health risk. In a similar spirit, once tests are available that retroactively test whether a user had COVID-19, such a test can also be used to issue a credential for a green status.

User story 2: Verifying a user’s status

A user getting verified using Covi-ID

With users receiving verifiable information about their COVID-19 status, the second part of Covi-ID kicks in. Whenever a user wants to enter a public space or any other point that has implemented health-screenings for access control, she shows her QR code, either directly on her phone or in a printed version e.g. on laminated paper or even on a debit-card like identity card. This code is scanned by e.g. a security guard who queries the Covi-ID API and is re-directed to the user’s self-sovereign identity wallet (e.g. the identity account with a custodian). By showing her QR code, the user consents to giving read-access to the information held in this wallet. The security guard who acts as a verifier then receives the information and is either shown a green, yellow, or red signal on his phone. Consequently, access to the place is granted or a security protocol is followed, e.g. by implementing additional social distancing measures for users with a yellow status. Users with a red status will likely be denied access and they will be asked to return home and continue self-isolation unless in medical emergencies.

Background: Why is proving your COVID-19 status useful?

We are currently in a national lockdown in South Africa and many countries around the world have severe restrictions on movement. These restrictions are unnecessary for anyone who already had the virus and they will be unnecessary for anyone who is vaccinated (once a vaccine is available). Similarly, patients who have recently been tested pose less of a risk than those who have not been tested. In order to get our economy going again we need to enable all those who pose no public health risk to move about freely.

The exact economic impact of the lockdown is difficult to quantify. But without a doubt it will be devastating for South Africa and a long and deep recession is ahead of us. Covi-ID uses a simple red-yellow-green system to indicate a user’s health status. In the typical scenario we have in mind, a user goes for example to a taxi rank. Currently, strict restrictions on the taxi operators are in place that require them to leave seats open in their taxis. With Covi-ID the taxi operator would be allowed to fill up the seats in the taxi to capacity if all passengers have a green status. For passengers having a yellow status — where their COVID-19 status is such that they haven’t been vaccinated, have not contracted the virus, or have not recently been tested — restrictions apply to protect them and their fellow passengers.

Would this not lead to discrimination against users with a yellow status? Covi-ID should not and will not exist in an unregulated environment. One easy way to prevent discrimination in the case above is if the government would give taxi operators a small top up per passenger to compensate them for lost revenue. This will align incentives and in a similar way various restrictions can be lifted for users who do not pose a public health risk.

Background: Why Covi-ID is different from other systems

Many countries have created applications to restrict access to public spaces. So what exactly is different about Covi-ID?

First, by using custodial wallets, we cater to a population where not everybody has a phone. The reality in South Africa is that many people have access to a phone, but do not necessarily own one themselves. This is particularly true in informal settlements, which is one of our most vulnerable communities.

Second, by using QR codes and status verification at various check-points, we create simple track and trace functionality even for users without phone: Whenever a user proves her status using the QR code, a token with the current geo-location and timestamp is sent to her wallet. This leaves a trail on her phone which can be used when there is a confirmed COVID-19 case to warn users who possibly have been in contact to self-isolate and get tested.

Third, and this is fundamental for what we do, Covi-ID is built privacy-first. What this means is that we put the data in the user’s hands. They are in control what happens with it and when. In contrast, the centralized solution used for example in China puts all control over the data into the hands of the government (or whoever operates this database). This unprecedented invasion of privacy will cause users to evade the technology, which leads to unreliable data that in turn leads to bad policy decisions. What is more, centralizing this data in a single database creates a massive cybersecurity risk. Any database that contains detailed health and possibly even geo-location information becomes a prime target for hackers.

It is also important to understand that Covi-ID uses medical professionals to provide health status verification. This ensures that data about a user’s health status is actually trustworthy. By using self-sovereign identity, we can furthermore ensure that a user’s status cannot be tampered with once it has been issued by a medical professional and that faulty data can easily be traced to the source, which will prevent corruption and manipulation.

Background: How Covi-ID implements privacy-preserving track and trace

Another benefit of our system is that by verifying a user’s COVID-19 status, the system creates a “breadcrumb trail” of the user’s location. This enables a basic track and trace functionality even for users who don’t have a phone. Our system can directly interface with existing geo-location data, collected e.g. through bluetooth contact tracing, or reported by mobile network operators. This flexibility allows us to eventually have the most accurate track and trace functionality for the widest possible number of users — without violating their right to privacy.

Background: Covi-ID’s business model and our timeline

We are building Covi-ID to provide a critical functionality that currently is only provided by companies who invade user’s privacy. Our goal is to provide an open, free, and privacy-preserving platform because we believe that this is the most efficient way of achieving positive public health effects. Consequently, Covi-ID will be offered free of charge to anyone, we will publish our standards to enable other SSI providers to integrate their solutions with our platform and innovate on this new and open system. The creation of the internet has shown how powerful free and open standards are, and we follow this blueprint.

In the short-term we offer a free and open source version of Covi-ID, but we envisage that eventually the self-sovereign identity wallets we offer and our custodial wallets will have both an open source and a white-label solution for corporate partners. In addition to COVID-19 status, we can provide for health verification for other diseases as well, but also for things like allergies and medical history so that when a patient is admitted to a hospital or to a new doctor, they already know the patient’s medical history.

We will have a demo of our platform by 10 April and release a first public version by 24 April.