HealthCerts — Part 3

Who has access to my HealthCert data?

A quick recap on HealthCerts?

HealthCerts is a set of digital standards and schema for issuing digital COVID-19 test results certificates that are in line with international standards and the Singapore Government’s requirements.

They currently include

1. Pre-Departure Test (PDT) results
2. Vaccination certificates

What’s inside a HealthCert?

A HealthCert contains a snapshot of one’s medical record. It could either be test result, or a vaccination record.

For the PDTs, they contain information of the type of COVID-19 test that was performed, the medical facility which conducted the test, and the results from the test.

Sample PDT HealthCert

Vaccination records, as the name suggests, documents the dates, as well as the types of vaccination that had been administered.

Sample of Vaccination HealthCert

After the HealthCert has been issued, Notαrise proceeds to create a QR code which can be presented by person(s) wanting to show proof of their health status.

To generate a QR code

1. The system randomly generates a public-private key pair, encrypts the HealthCert with the private key
2. Upload encrypted payload to a cloud endpoint
3. Construct an URL based on the cloud endpoint address, public key and the URL to perform verification
4. Generate a QR based on URL in step (3)

For added security, the public-private key pair is then purged from our system. At this point, even us being the issuer, are no longer able to read the encrypted contents stored on the cloud endpoint.

Who has access to my data?

Only the recipient of the QR code, aka the requestor, now has access to the data, and the means to decrypt its contents. Of course, anyone person who has been shared a copy of the QR, may also then verify and view the HealthCert contents.

The verification starts when a camera-enabled mobile device or PC with QR scanner, scans the HealthCert QR. The URL encoded in the QR, allows for verifier to

1. Fetch from endpoint referenced in QR code
2. Decrypt the encrypted contents fetched from the cloud endpoint
3. Perform the verification of the decrypted contents on Verify (a system hosted by the Government Technology Agency)

Some question you might already start asking:

Is my data safe with Verify?

No data is communicated to Verify.

The verification takes place entirely on the client-side. Upon redirection to Verify.gov.sg, some verification libraries are downloaded onto the browser, to locally verify the authenticity of the HealthCert contents.

External queries to validate the issuer’s public key, only involves sending information on the issuer’s domain name.

In summary, your HealthCert data is only shared to the verification party, for purposes of verification. No third party has access to the your personal and medical data.

Are the verifications being tracked?

The verification process occurs in a decentralised manner. At no time is your personal or medical data within the HealthCert communicated to a third party. This can be easily be confirmed with an inspection of the network logs.

View of network logs

Samples of HealthCerts are available here.

The QR codes can be scanned by any camera enabled mobile device. Does that make the QR code less secure?

During our design of the HealthCerts, we had made a concerted effort to allow for verifications to be performed easily, to avoid the need of having to install dedicated application(s) to read the QR code.

To secure the QR code, you can consider storing your HealthCerts in a mobile wallet, which have the capability to dynamically generate QR codes. These QR codes could be

1. Usage-limited (eg. only allows for 1 scan), or
2. Time-limited (ie. only valid within a pre-defined time duration)

Privacy Filter

Future iterations could include the addition of a privacy filter, to allow users to redact portions of their HealthCert before sharing to others.