Part 5: Solution components in context
Both domestic and international travels have been heavily limited in the fight to limit the spreading of COVID-19 and breaking the curve. Many countries and their population managed this in the first wave quite well, thanks to their strong economy and wealth. Others, as many as 100 countries and especially their poverty stricken population are struggling, forced into compromises. This series of publications seeks to spark further thoughts into a responsible international travel scheme during this and future pandemics.
Part 1 covered the general assumptions and boundaries, reflections on risk management and commercial impacts. Part 2 studied tools and processes that might lead the way to an open new normal. Part 3 expanded on some select case-studies currently deployed and discusses some up- and downsides. Part 4 elaborates on the travel industry in change. Part 5 sheds some light on various solution components and how they fall in place.
By Stephan D. Hofstetter, Managing Partner SECOIA Executive Consultants Ltd
Whenever possible, use what is already available and improve it in time.
Design solutions that are workable for different GDP-type countries, income levels and age groups. Guiding principle: "Do not leave anyone behind by technical, political or commercial barriers".
Give preference to contactless technologies, where available
Provide integrated approaches based on documents, capacity building and biometrics
Adapt to the phases, from lock-down (perhaps the first 3 months) to containment (1-2 years) to the New Normal (indefinite period). The latter is important in order to be seen as "preparedness for the reoccurrence of further pandemics".
Identify the stakeholders and validate the models based on their specific needs. These include aircraft crews, workers, migrants, tourists, business and humanitarian workers, etc.
Can immunity really be achieved through recovery or vaccination? At present, this cannot be assumed.
Priority use cases along the time axis can consist of
In the short term: repatriation of migrant workers
In the medium term: facilitating more freedom of movement, including facilitating business and engineering trips
Long term: revovery of "normal" movement
Three scenarios are discussed: The first is the regular scenario for a free movement certificate, as required, for example, to be able to move around with restricted local or national freedom of movement. The second develops the first scenario further and facilitates international travel. The emphasis is on supporting a more predictable, internationally regulated travel policy, however short-term such a certificate may be. It is linked to cases where the visa waiver has been suspended and a medical risk profile must now be established before being allowed to travel. Finally, the third scenario combines the first two, applied to the specific requirements of refugee management.
This paper does not deal with early detection efforts and technologies. An interesting article on this subject has been prepared by "Biometric Update".
Categories of technical responses
The technical responses to these scenarios are clustered by the authors into four main segments that are evolving from purely digital to purely analogue system designs. The first are purely digital, app-based ID cards or certificates, perhaps comparable to digital ISO driving licence systems. The second includes home electronics that converts digital information into analogue certificates produced at the individual's home. A representative of this category could be flight or train tickets printed at home. The extension of existing ePassport technology or Logical Data Structure (LDS) with health-related information could also be a representative of this category in the medium term. The third method uses (existing) physical documents and adds digital certificates or links containing the last health status recorded. The yellow WHO International Vaccination Certificate, with a special dated seal for COVID testing or vaccination, could serve as a model. The fourth category is a purely physical security document, which may have a long life span and is enriched with data encrypted on the document.
Each of these categories contains characteristic advantages:
App-based ID/certificates are likely to be very flexible, require little perceived logistics, could be combined with other COVID apps and can be designed to respect privacy. Home-printable PDFs are based on home infrastructure and pragmatic workflows. These are advantages when the average resident has access to such infrastructure and networks, and a practical advantage in other cases. The ePassport infrastructure option would use the existing infrastructure and even increase its use. Given that most countries still lag behind basic implementations in terms of border control, adding this feature as a fast-deployment solution would require a detailed assessment. The use of the international vaccination certificate uses existing processes, is low cost and scalable, with processes supported by databases. However, in the digital economy, this would be seen by many as a very old-school approach. Finally, the use of dedicated physical security documents can be very versatile in difficult environments and can offer high credibility even when used offline. It offers flexible form factors as a card or archive document. Furthermore, the scheme is scalable and is proposed for various humanitarian use cases.
The following overview of technologies can by no means be exhaustive. Its presentation is intended to be an inspiration without being an explicit endorsement by the authors.
ISO certified digital driving license as a technology model
The concept is to carry a digital Covid ID in a single digital wallet to track pandemic risks and travel authorizations. The implementation is based on an interoperable ISO standard certificate that can be used both online and offline. The data is managed centrally and can be updated at any time when the device is online. This means that the fragile COVID check or potential immunity status itself may expire or be frequently updated.
© Image by courtesy of Scytales
CovidPass uses block chain technology to store encrypted data from individual blood tests so that users can prove that they have tested negative for COVID-19. Using block chain technology, it provides an encrypted record of the test results. The developers say it could allow healthy travellers to avoid quarantine. The app could also enable the safe re-opening of sports and entertainment venues and the global conference and exhibition industry.
CovidPass is the idea of Mustapha Mokass, one of the Young Global Leaders of the World Economic Forum.
New app CovidPass aims to help people free of coronavirus to move around safely.
After testing negative to COVID-19 or a positive antibody/immunity test, the patient receives a downloadable document that he can print out at home. It can be reprinted several times. The link with the actual identity is ensured by recording an official identification document when the test sample is taken at the doctor's office or at the test site. The data is protected by visual and digital coding that can be verified by smartphone apps or, in some cases, by lenses of simple, well-trained visual controls. In addition, the document and data can be verified online in special databases.
The ePassports standards have evolved over the years to allow for improved facilitation without compromising security. Notable developments are the Optional Logical Data Structure (AKA LDS2), Visible Digital Seal (VDS) and Digital Travel Credentials (DTCs). All of these innovations happened before the onset of this pandemic and could possibly be extended to dealing with the pandemic situation.
The driver for LDS2 was the desire to store travel related information like visas and travel stamps in the chip instead of being attached to the blank pages of the passport booklet. This was intended to facilitate easier reading at the various touchpoint of the travel continuum. Extending it store additional health related information would be easy. However, the adoption and implementation of LDS2 itself is not trivial and reaching the minimum threshold required for it to be useful for health related information is going to take some time and may not be of benefit in the near term.
The Visible Digital Seal was designed to extend cryptographic protection to paper documents that do not have an embedded chip in them. They are currently defined for two use cases. One, to protect the integrity of Visa Stickers and two, for Emergency Travel Documents. Extending it to include the use case for health information is trivial and could be used in both the app based model and the Home-Printable PDF model. This is the most likely candidate for the current situation.
The Digital Travel Credential was designed to improve the possibility of touchless interaction for a seamless travel journey. It seems to be the most appropriate option for the current situation. The ICAO TAG/TRIP has just endorsed the first part of the specifications written by ISO and the next part is expected by middle of 2021. Once these specifications are in place, the deployment and use of DTCs could be the long term solution for the current and future crises situations.
Visible Digital Seal demo screen © Image by courtesy of Auctorizium
Roadmap of the LDS and Access Security of ePassports © Image: Infineon
WHO Intl. Vaccination Certificate
After a negative COVID test or positive antibody/immunity test, the patient receives an entry in his international vaccination card from his medical practitioner. The entry is made with a security seal. The doctor MUST confirm with a permanent pen that the exact passport or identity card is noted on the document. The document is tracked by a registered seal linked to the test report and possibly reported to the national database. Such security seals can integrate numerous physical and logical security features, which are very different from the traditional vaccination entries in the current document. This allows both offline and online validation of the status, which can be used internationally even in low-tech areas.
© Image of seal by courtesy of Schreiner Printrust
Other options are security solutions where the physical protection of the certificate is combined with the digital protection of the personalised data. For such approaches, Diffractive Optically Variable Image Devices (DOVIDs) can be used, where a key pair of a hashed public key in the form of an optically protected, metallised QR code is used in combination with a printed, signed 2D barcode. This enables the authentication of the certificate's carrier material and additionally ensures that the personalised data of the document has not been manipulated or altered.
© Image of CryptoSeal by courtesy of OVD Kinegram
Physical security documents
The issuance of physical documents poses some logistical and infrastructural challenges: there is a need to distribute a normalised set of system components to numerous places of registration or output. The adopted processes are divided into two subgroups: centralised issuance and decentralised issuance:
A) Initiation of process
A person who thinks they are immune to COVID goes to the doctor, or the person has tested positive and has a double negative test status, or the patient is treated directly in hospital.
Staff take the biographical data from a government document (ID/passport) and record it.
The medical staff guarantees the correct identification
The doctor sends the probe with the random unique identity (RUID) to the laboratory to validate the immune status.
B1) Central issuance
The biographical data will be sent along with the test-sample, including the postal address
Laboratory confirms a positive immune status
Central issuance prints certificate with joined RUID and personal data and sends document to patient and feedback to doctor
B2 - Decentral issuance
Laboratory confirms a positive immune-status
The status is returned to the doctor, together with the RUID
The doctor issues the document and provides it to patient
The centralised issuing procedure has the advantage of a less decentralised, specialised technology. Decentralised output better protects the privacy of individuals, such as avoiding genetic fingerprinting.
The technology components for such documents are based on substrates and printers and on some appropriate track-and-trace IT systems.
When considering that documents have a long life span, are subject to wear and tear or should be placed in a wallet with little effort and cost, synthetic security papers can be the first choice. They offer a high level of security, can be security printed and have the same features as those mentioned above. They can also be complemented by digital security technologies.
© Image of synthetic substrate Neobond® with diverse security features. Courtesy of Lahnpaper
The use of encrypted QR codes and patterns as well as physical security inks for personalised UV features (or others) is a considerable value that needs to be evaluated in decentralised, non-networked environments.
© Document personalized with dynamic images in UV and security patterns and codes. Image of Troy Group