UPDATE: Zenodo migration postponed to Oct 13 from 06:00-08:00 UTC. Read the announcement.

Conference paper Open Access

Disposable Yet Official Identities (DYOI) for Privacy-Preserving System Design - The case of COVID-19 digital document verification and credential-based access control in ad hoc outdoor and indoor settings (and beyond)

Petros Kavassalis; Nikos Triantafyllou; Panagiotis Georgakopoulos; Antonis Stasis; Rob van Kranenburg

In this paper we report on the design of a service system to endow next-generation COVID-19 mobile applications with the capacity: a) to instantly manage and verify a wide range of possible COVID-19 digital documents (circulation attestations, work or travel permits based on approved COVID-19 tests, vaccination certificates, etc.) and, b) to provide credential-based access control, especially in cases where the Verifier is not a web entity but a human agent with a smartphone, or an IoT device -- mainly in ad hoc outdoor and indoor settings. The system has been designed as a response to the specific needs of a health emergency situation, but it may have a broader application in different cased and areas of control (such as airport and train stations checking points and board controls), where the verification process must exclude the possibility of a physical interaction between the controller and the subject of control, by maintaining a “safe distance” between them and while preserving a certain privacy for the subject of control. Our approach levers the potential of Disposable Identities, Self-Sovereign Identities technologies and Verifiable Credentials (VCs) to enable digital document verification and credential-based access control in ad hoc outdoor and indoor settings (and beyond). Towards this, we specifically introduce the concept of “Derivative” (i.e., transcoded/contextual) Verifiable Credentials. A Derivative VC is a derived bond contract guaranteeing the validity and ownership over the underlying contracts (VCs) whose: a) usability is restricted in a very specific context (that of the “local” and time-limited interaction between a Subject and a Service Provider) and, b) linking table points only to a specific “Pairwise DID”.

This research has received partial funding from the European Commission (SEAL project funded by CEF Grant Agreement No INEA/CEF/ICT/A2018/1633170 & NGI Forward project funded by H2020 Grant Agreement number 825652), and from SIEMENS (SBchain project funded via Settlement Agreement with Hellenic Republic)
All versions This version
Views 3,4353,435
Downloads 1,0951,095
Data volume 1.8 GB1.8 GB
Unique views 2,7292,729
Unique downloads 1,0231,023


Cite as