Post Pandemic, Technologists Pose Secure Certification for Immunity

  /     /     /  
Publicated : 23/11/2024   Category : security


Post Pandemic, Technologists Pose Secure Certification for Immunity


Going digital with immunity passports could speed rollout and allow for better warnings of potential hot spots. But security and privacy issues remain.



With signs that the coronavirus pandemic is waning in several countries, world leaders have begun to consider how their economies can be reopened, with a focus on the large — and growing — group of people who have already survived infection and should be able to return to work.
Yet to do that, businesses and the government need to be able to identify and certify those who have gained immunity. Enter the concept of immunity passports.
The promise of such immunity certificates is that people who have already had their bout with the novel coronavirus and gained immunity can go back to work because they are presumably vaccinated against reinfection. Germany plans to introduce immunity certificates for citizens who have been exposed and are now immune. China has already implemented a red-amber-green system that classifies citizens according to the risk they pose to others. And in the United States, immunity cards are being considered, Anthony Fauci, director of the National Institute of Allergy and Infectious Diseases,
told CNN
.
While paper certificates may be an option, a digital certificate will likely be preferable. Already, China has deployed such certificates to its citizens mobile devices. Its likely that other countries will do the same, making the infrastructure easier to roll out and maintain but raising the possibility of privacy and security issues.
This can be a catalyst for how best we can use technology to help us, if done in the right way, says Husayn Kassai, CEO of digital-identity startup Onfido. We cant argue with the fact that the Chinese model is effective —if your phone cannot say you are green, then you cannot be out — but there is zero privacy. There does not need to be a trade-off, however. You can offer all those benefits and have a privacy-first approach with a decentralized model.
For decades, decentralized systems that rely on certifying attributes — such as that the bearer is old enough to consume alcohol — as opposed to identity have been a dream of privacy-conscious technologists. Cryptographer Stefan Brands built on efforts by David Chaum to
create the technical underpinnings
needed for anonymous credentials in the 1990s and early 2000s. While digital tickets for events and gift certificates have adopted some digital certificate technology, neither attests to an attribute of the bearer nor disconnects the use of the certificate from the identity of the user.
Anonymous certification of immunity could be the first widely used application to do both.
Yet digital immunity certificates also pose a number of challenges in terms of infrastructure, education, and economics, says Kayne McGladrey, chief information security officer at prototyping firm Pensar Development and a member of the IEEE, the worlds largest technical professional organization. 
Businesses and organizations would need to ... educate their workforce on how to validate that a certificate was correct, he says. And there would need to be a substantial educational investment to combat the inevitable phishing campaigns that’d spring up, such as fake websites to collect personally identifiable information and fake security alerts associated with these digital certificates.
The basic infrastructure of a privacy-preserving architecture would include public-key certification infrastructure that verifies approved test kits, certifies the results either remotely (for a home test kit) or through a provider (at a doctors office of clinic), links the result to a credential stored on the users mobile device, and then provide the public version of the certificate to others when approved by the user.
Getting it right is necessary because if an immunity certification is needed to return to work, cheating could become an issue, says Onfidos Kassai. The company has gained new funding to apply its artificial-intelligence technology for verifying identity to, among other applications, the positive identification of people taking a coronavirus test by matching a photo ID with a selfie.
Lets say a testing kit arrives at my house — the question is how do I prove that I was the one that was tested? Kassai says. And if you are out and you are asked to show your certification that you are immune, you need to be able to re-authenticate with your face.
All the components of the infrastructure for a digital passport exist, but creating open standards and certifying tests are both hurdles that need to be overcome, says Jasson Casey, chief technology officer for Beyond Identity,
an identity provider aiming to ditch passwords
.
There are a lot of details that do not have to do with technology, but more with the chain of custody, that have to be addressed and handled, Casey says.
Other problems exist for any immunity passport system, whether digital or paper-based. The number of false-negatives — people who initially test negative for COVID-19 even though they have the virus — may be higher than scientists believe, making the re-evaluation of a certification a necessary element. Digital credentials could more easily be rescinded if a class of testing is found to be too inaccurate.
In addition, how long immunity to the novel coronavirus lasts is still an open question. People only retain immunity to the common cold, also caused by the same category of viruses, for a few months. Any immunity certificate infrastructure would have to be able to have an expiration date on the certificate.
Finally, because the digital certificate has to do with health information, privacy becomes a major issue, as does who can request access to the certificate. 
Off the cuff, people will say certainly I dont mind saying Im COVID-free, but we dont know what stigmas might come or go in the future for those infected by COVID, says Beyond Identitys Casey. 
Yet, if done correctly, immunity certification could be help jump-start the economies of many nations and prove the concept of digital credentials, he says.
Attestation to claims prior to this, honestly, has always felt like something that it is nice to have. This is clearly different, Casey says. Some very large percentage of the US workforce is sitting at home. If this is an enabling capability to get them back out the door, that is a much stronger use case than giving people the anonymous ability to log in to an 18-plus site.
Related Content:
Latest Security News & Commentary about COVID-19
Web Pioneers Launch Identity Startup That Ditches Passwords
Babel of IoT Authentication Poses Security Challenges
Keep Your Eye on Digital Certificates
More Focus on Security as Payment Technologies Proliferate
How Data Breaches Affect the Enterprise
 
A listing of 
free products and services
 compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 
 
Check out The Edge, Dark Readings new section for features, threat data, and in-depth perspectives. Todays top story:

Which InfoSec Jobs Will Best Survive a Recession?


Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Post Pandemic, Technologists Pose Secure Certification for Immunity