HealthCerts — Part 2
In Part 1, I wrote about vaccination certificates and passports, and ways they can complement each other. I also wrote about visual inspection as a form of faith.
Trust but verify. Or faith in disguise?
Now that I got the common confusion out of the way, let’s dive into the design of HealthCerts and help more countries with safe travel. ✈️🌎
HealthCerts is a set of digital standards and schema for issuing digital COVID-19 test results certificates that are in line with international standards — such as Fast Healthcare Interoperability Resources (FHIR) and the Singapore Government’s requirements.
It is designed for global interoperability and to maximise adoption among three groups of users — medical institutions, travellers and government officers.
1) Medical Institutions 🏥
Medical institutions such as clinics/labs/hospitals can either purchase HealthCerts issuance as a software service from any of these providers or issue HealthCerts by themselves.
To issue HealthCerts, you can use OpenAttestation, a document signing framework that we open-sourced in 2018.
- Here’s how the schema.json and sample-document.json look like.
Fun Facts
1) OpenAttestation is the same technology behind OpenCerts. OpenCerts is a set of digital standards and schema to issue educational credentials for all educational institutions in Singapore.
2) OpenAttestation is similarly used by TradeTrust to digitise trade documents such as bill-of-lading in Singapore and other countries.
In a nutshell, OpenAttestation takes a bunch of HealthCerts, creates hashes from them, and writes the merkle root to Ethereum — which can then be used for verification. It allows document revocation and decentralised issuer identity verification. As of today, DNS is the primary way to verify issuer’s identity.
We chose a public permissionless blockchain, so anyone with access to the internet can issue HealthCerts. To overcome the Ethereum gas fee, we recently introduced DID Verifiable Credential (zero fee & real time transaction) and more…
We have made all things possibly free, free.
As of now, we have nine providers across five countries who are helping medical institutions issue HealthCerts. ❤️
2) Travellers 🧳
Travellers have to provide their HealthCerts as part of travel requirements.
After a COVID-19 PCR test, the traveller will receive an email with a HealthCerts document attached to it, sent from the medical institution.
In addition to the email, some medical institutions or HealthCerts providers provide their customers a mobile app with an e-wallet so that travellers can receive, store, view and share HealthCerts from the e-wallet.
We recognise the convenience of having an e-wallet. To encourage adoption, we have developed and open-sourced the e-wallet reference implementation.
For privacy reason, travellers can select or omit a subset of their info to share, aka selective disclosure, from the e-wallet.
As of now, we have SingPass Mobile, Accredify’s Digital Health Passport, AOKpass, Trybe.ID and Riverr that provide this e-wallet service. Stay tuned for more HealthCerts digital passports… 😎
3) Government Officers 👮
The last group of users is the authorities who screen incoming travellers for valid negative PCR test results, positive serology test results and/or vaccination certificates.
There are two ways to verify the HealthCerts.
a) In-person verification: Scan the QR code from the traveller’s HealthCerts — embedded in email or e-wallet — with any QR code reader app.
b) Contactless verification: Submit the HealthCerts document online so that verification can be done before arrival. Your border checkpoint officers will thank you for this safer approach.
The verification process checks for three things:
- The integrity of the HealthCerts by verifying the hash of the certificate against that from the blockchain — here’s how
- The identity of the issuer is MOH
- And the certificate is still valid — not revoked. Here’s how
Our QR Code can be dynamically generated from the e-wallet and it requires no special QR code reader app to read. This will greatly ease the verification ops and reduce the security attack vectors such as spoof apps and data theft.
No surprise that our verifier is open-sourced too! 😁
This helps other governments and private companies to develop their versions of Verify such as Affinidi’s Unifier, to check against their own list of recognised medical institutions.
To help more countries with safe travel ✈️🌎
We have designed HealthCerts to
- Allow any medical institution to issue HealthCerts
- Allow any digital passport to store, view and share HealthCerts
- Be verifiable on any platform
We have open-sourced the codebase of all components, to maximise reach and global interoperability.
Free as in beer. Better than beer, if you help us make it better.
Look forward to your contribution.
Together, let’s make travel great again! 🏖️😎
Our team is looking for software/quality and devops engineers who are passionate about tech and want to help us build awesome 🇸🇬 digital services!
Reach me at steven_koh@tech.gov.sg (ゝ‿ ・)
Want to know more? Here’s how we operate and the work we do.
Cheers! 🍻😊
