Privacy-Preserving Medical Credentials for Access Authorization

To combat the present Covid-19 pandemic, vaccination campaigns are being rolled out globally. Vaccine records can potentially be demanded for relatively casual use cases, e.g., access to gyms, bars, events, etc., heightening the risk of leaking PII (personally identifiable information) or medical information at inappropriate granularity. This disclosure describes possible techniques for privacy-preserving verification of medical credentials that are simple, flexible, tamper-evident, resistant to fraud, and interoperable with a wide variety of health standards and vaccine providers. Per the techniques, the holder of a vaccine card presents the card to a trusted witness, which coarsens vaccine information and strips the card of PII and trackable data to generate a vaccine summary. A verifier, e.g., one who grants the holder access to an event or a venue, is provided with just enough information to make an accept/reject decision.