A Holistic Approach to Enhanced Security and Privacy in Digital Health Passports

As governments around the world decide to deploy digital health passports as a tool to curb the spread of Covid-19, it becomes increasingly important to consider how these can be constructed with privacy-by-design. In this paper we discuss the privacy and security issues of common approaches for constructing digital health passports. We then show how to construct, and deploy, secure and private digital health passports, in a simple and efficient manner. We do so by using a protocol for distributed password-based token issuance, secret sharing and by leveraging modern smart phones' secure hardware. Our solution only requires a constant amount of asymmetric cryptographic operations and a single round of communication between the user and the party verifying the user's digital health passport, and only two rounds between the user and the server issuing the digital health passport.