Professor David Chadwick, Managing Director and CEO of Verifiable Credentials, and Professor of Information Systems Security at the School of Computing, has been interviewed by CNBC on his company’s trialling of COVID-19 vaccination passports.
Verifiable Credentials is a cyber security company which aims to provide everyone with free to use verifiable credentials apps. The company has been testing COVID-19 certificate apps with the NHS in East Kent and believes that this could be rolled out across the rest of the UK.
David explains in the interview how Verifiable Credentials sees the passport working across different countries with varying privacy laws: ‘There are many different certificate formats to adopt and cryptographies that can be used, and we don’t have technical inter-working at the moment. Assuming we could address those technical issues and get interworking, what we’ve done with our particular solution is to make it the most privacy protecting as possible, so that it complies with GDPR and allows the absolute minimum of data to be revealed. In fact, it’s possible for no data to be revealed, the passport will just let you know that “I have been vaccinated”’.
In the interview, David also addresses how Verifiable Credentials achieves the security of the product: ‘Test certificates have been pirated, but there have been no examples of the vaccine passports being pirated. When you use cryptographic protection and the certificate is digitally signed by the issuing authority, it’s not possible to fake it. You don’t have the digital keys of the NHS so it is simply not possible to fabricate the certificate. It is possible to copy a certificate, but then you would have to prove that you own it. In our case, the owner has their ‘keys’ built into their phone hardware, so you can’t prove that you own the certificate unless you own the phone.’
Professor David Chadwick is an Honorary member of the Institute of Cyber Security for Society (iCSS), at the University of Kent. iCSS represent the University as one of only 19 universities in the UK recognised as Academic Centres of Excellence in Cyber Security Research (ACE-CSR). You can see some of David’s talks on Verifiable Credentials and Covid 19 Certificates on the iCSS YouTube Channel.