W3C compliant Privacy Preserved Offline vaccine credential

8 min readMar 9, 2021


Blog by: Sethuraman T V, Rohan Sukumaran, Parth Patwa, Tony Rose and Team.


With the advent of COVID 19 vaccines, designing efficient solutions for equitable distribution and enhancing the user journey has gained significant traction. Though some research has been done in developing privacy-preserved credentials to enable a smooth user journey, they are limited to online authentication and verification. So we implement a specification to communicate COVID-related Verifiable Credentials via digitally signed QR Code stickers on paper cards that can operate in an offline environment. Due to its physical nature and simplicity, digitally-signed QR codes may be a convenient and nonintrusive modality for some users seeking vaccination while enabling verification of user-controlled immunization records. The protocol expects the verifier app to be offline and that the user doesn’t need anything more than a Paper Card (no electronic needs on the user side). Personally identifiable contact and health information are stored on the QR Codes themselves, allowing a user to go through the vaccination procedures in a Peer-to-Peer fashion without the need to ever transfer the user’s information to any centralized, or private, or public blockchain system. The proposed approach improves efficiency, privacy, equity, and effectiveness by augmenting the existing protocols to work with fully offline information flows.


With the development of potential vaccines for Covid-19 progressing quickly, we need to invest in technology for distributing vaccines globally on an equitable basis as soon as proven safe and effective. But With the advent of COVID-19 vaccines, we face the challenges of strategic, equitable, and privacy preserved ways for last-mile vaccine distribution.

First, the vaccine recipients must be dynamically prioritized to ensure an equitable reach, especially as multiple vaccines with different protocols are approved in various areas. The dependence on cold storage makes it impossible to deliver some vaccines directly to people’s doorsteps, as has been the case with other vaccination programs. Second, if recipients take one dose of the vaccine but do not follow up with a second dose, they will not be fully inoculated. Poor compliance experience for diseases like diabetes, tuberculosis, and hypertension does not give us a reason for complacence. Third, a small number of vaccine recipients may either forget, not understand the requirement, or may choose to take more than two doses with unknown consequences. The last and essential component is to ensure equitable distribution of the vaccines. So the entire user journey, which includes immunization prioritization, vaccine management, vaccine eligibility confirmation, vaccine administration, record keeping, and vaccine verification, has become a daunting challenge.

To address the challenges mentioned above, multiple technological solutions are being leveraged at different verticals. Traditional systems like VAMS can streamline the vaccine distribution process for jurisdictions, employers, and healthcare providers. Other methods like Immunization information systems (IISs) are confidential, population-based, computerized databases that record all immunization doses administered by participating providers to persons residing within a given geopolitical area. Systems like Vaccine Adverse Event Reporting System (VAERS) can monitor health outcomes. However, systems like VAMS, VAERS and V-Safe, Vaccination Cards, and IIS systems are heavily centralized and don’t provide a deep-seeded distribution of vaccines. These traditional systems fail to address the need of the vulnerable population, which results in poor penetration of vaccine distribution. In addition to that, conventional methods fail to preserve the user’s privacy since they operate in a centralized fashion. Although systems like CCI, Microsoft Health wallet cards, and other intelligent health card frameworks exist, they operate online and utilize computationally heavy DIDs and algorithms.

Hence, in this work, we propose a new offline vaccination user journey protocol that can work with minimal internet connectivity and operate in a decentralized manner to ensure user privacy. The current follows w3c and FHIR standards and utilizes optimized HMAC MD5, resilient to brute force attacks, and ECC algorithms to improve security and reduce the space consumed. By this, we ensure that these QR codes can be scanned in resource-constrained devices, which are predominant in developing countries. Healthcare authorities facilitate the current system for managing vaccine distribution with disconnected IT systems. Vaccine distribution requires both granular and expansive administration that is provided by this proposed mechanism. A card for vaccine recipients, an app for pharmacies, and a decentralized system for coordination by authorities like the CDC can create an effective transport chain for vaccine distribution. Furthermore, the personal identity information is decentralized and is handled in an encrypted manner, thus creating a secure mechanism to prevent corruption of health data. The usage of encrypted pseudo-random identifiers for identifying users leverages additional security.

So, The Vaccination Journey is designed to meet the urgent public health demand to vaccinate everyone. For Public Health Authorities, the solution includes real-time dashboards that provide predictive analytics for demand logistics down to the regional, local, and individual levels, metrics, and reporting on critical data to ensure equitable distribution, vaccines administered per site, wastage, scheduling logistics, and more.
The Citizen Journey seamlessly supports the use of paper credentials, SMS, web, and mobile application interfaces, ensuring equitable access to vaccination through the process.

Vaccination Card by PathCheck Foundation

The Patient Journey

The patient journey goes through 3 major stages:

  1. Eligibility Check/Scheduling: Vaccination coupon QR codes are distributed to everyone by the appropriate regional vaccination administrator. This can be done either with paper vaccination cards, by SMS, using a website, or downloading an application. The coupon code behaves as a User ID for the entire vaccination flow.
  2. User Check-in: At the vaccination site, the patient arrives, and their vaccination coupon is scanned, and their eligibility and appointment are verified.
  3. Vaccination Certificate: Once the vaccination is administered, the patient receives another QR code in the form of a sticker. This QR code, a badge, indicates the vaccination was administered, providing “proof” of immunization and other important information.

So The 4 QR Codes designed for vaccination procedures create a possibility of selective disclosure of health information by choosing which one to show at any point in time.

The following are components of the vaccination journey where the user would interact.

  • Coupon: Vaccination coupon QR codes are distributed to everyone by the appropriate regional vaccination administrator. This can be done either with paper vaccination cards, by SMS, using a website, or downloading an application.
  • Registration: Once the person has a vaccination coupon, they can register their coupon, provide their eligibility information, and enter the vaccination queue for scheduling. It is here where individual preferences are captured. The State Public Health Department now has the data and communications channels to predict demand and allocate resources.
  • Scheduling: Depending on the local situation, Public Health Authorities are able to communicate with the population via broadcast, SMS, mobile app, or e-mail to each patient, letting them know the scheduling details. Reminders can be sent to the patient via their preferred means of communication, App, SMS, or e-mail.
  • Vaccination: At the vaccination site, the patient arrives and their vaccination coupon is scanned and their eligibility and appointments are verified. If a second dose is required, the patient schedules their next vaccination using the app, SMS, or with the administration center.
  • Credentialing: Once the vaccination is administered, the patient receives another QR code in the form of a sticker to be placed on their coupon. This QR code, a badge, indicates the vaccination was administered providing “proof” of vaccination along with other important information.
  • Follow-up care: After the vaccination has been administered, follow-up guidance can be provided via SMS, App, or E-mail.


The distribution of a vaccination coupon signifies the beginning of the vaccination process. When everyone is given a vaccination coupon, the fear and anxiety around the vaccination process and when and if someone will be vaccinated is alleviated. By starting the patient journey with the distribution of the vaccination coupon e, everyone has more peace of mind with the knowledge that they are on the list to be vaccinated and can play an active role in the process.

Because the patients take an active role in the eligibility and scheduling process and can interact and provide data to the system, public health authorities have the vital information they need to plan for the demand and deployment of the vaccination program.
The entire patient Vaccination Journey is digital instead of other credential programs that only provide proof of immunization after the vaccination journey is completed.

Integration With Existing Operations

Most solutions being deployed today are starting on the supply side. Vaccination supplies are coming in and public health is setting up vaccination administration centers and scheduling. The Vaccination Journey is a perfect complement to deploy in parallel on the demand side. The Vaccination Journey is able to integrate with existing Immunization Information Systems, Scheduling solutions, and other infrastructure that is already available in a given program.

The Vaccination Journey is a perfect complement to the operation already in flight, helping to provide peace of mind to the population while at the same time providing valuable demand, demographic, and other critical metrics to Public Health.

General Offline Credential Data Format

All QR codes contain a type, a version, a payload, and a cryptographic signature. The cryptographic signature is a SHA256 signature in hexadecimal form, calculated using the private ECDSA key of the ISSUER. The payload sections are designated the DATA block and the SIGNATURE block. A block is an object containing a number of key-value pairs. The type field defines the payload type and the version is a NUMERIC field defining the version of the type communicated in this QR code. Data represented in QR codes can be encoded in JSON and URI formats, described in this document.

Case Sensitivity

All fields (keys as well as values) are case-insensitive in both JSON and URI format. For clarity and ease of reading, examples in this document are given in a mixed case. When performing operations such as hash comparison, a case-insensitive comparison function MUST be used. Note that the Alphanumeric QR Code character set does not include lowercase characters, so implementations MUST encode output in uppercase only.

Signature and Hash Verification

Due to the Alphanumeric QR code character set, cryptographic signatures and hashes MUST be calculated against uppercased versions of the underlying data. Data to be used for hashes is serialized in the specified order. Signatures should be calculated against the actual data and order encoded to QR to permit signature verification. In some cases, Percent encoding is used to address QR code character set limitations. This encoding should be reversed before signature or hash verification.

Although the possible social benefits and harms of immunity passports are outside of the scope of technical analysis and so will only be briefly discussed, it should go without saying that the status of a person’s COVID-19 antibody test results is sensitive personal data. Therefore a technical analysis should provide a comprehensive overview of the privacy and security properties of any given immunity passport system. The particular use-case of immunity passports and the wider context of digital identity is reviewed. Then each component of the proposed technical architecture of the COVID Credentials Initiative (CCI), which has already gained considerable media coverage5 and claims over a hundred members, will be inspected. CCI currently has at least fifteen members building on World Wide Web Consortium (W3C) standards, a membership-driven standards bodies known for such standards as XML and early versions of HTML. Note that while we use the term ‘immunity passport’ (as well as ‘immunity credential,’ the digital implementation of an ‘immunity passport) in this analysis, our usage of the term and analysis also covers antibody test results in general, including vaccination test results.