Fight against Corona: This is how the digital vaccination pass works

display

The technology for the digital proof of vaccination of the corona vaccination will come from Cologne.

Ubirch is the name of the start-up that developed the solution for a forgery-proof vaccination pass that does not require a central register.

After a tendering phase of just one and a half weeks between the start of the tender and the announcement of the contractor, the Federal Ministry of Health decided on the solution from Cologne as the technical basis.

IBM and the system house Bechtle are to implement the connection to existing practice systems, such as Gematik, and the implementation of the technology in test apps for organizers.

“The Ubirch solution was probably also awarded the contract because it was already programmed and is in use in two districts in Bavaria and Baden-Württemberg,” says Ubirch boss Stephan Noller.

IBM and Bechtle were selected as partners because the companies have experience in dealing with the Gematik infrastructure, which is intended to ensure secure communication in medical practices in Germany.

“It's a good combination of large companies and local startups,” commented Noller.

"We will now do everything we can to make the solution available nationwide as quickly as possible."

The Ubirch idea is relatively simple, it is based on a decentralized storage solution, a so-called blockchain: If someone is vaccinated in a doctor's practice or a vaccination center, a QR code is generated on site, a digital image for the data relating to the vaccination: included are name, date of birth, possibly an identity card or passport number, type of vaccine, date of vaccination, a signature of the vaccination center or the vaccination doctor and information about whether the patient received the first or second vaccination.

display

"All of this data remains with the vaccinated person, they are not stored centrally," explains Noller in an interview with WELT.

The patient takes the QR code with the data stored in it, either via the app on the smartphone, in the digital wallet of Apple's iOS or Google's Android, or as a printout on a plastic card for all those who cannot or do not want to use a smartphone.

At the same time, the Ubirch software generates a test value from the data using an encryption algorithm.

This is then stored in a blockchain, a decentralized data set that is stored distributed on the servers of the digital cooperative "Govdigital", an association of public companies and administrations.

If a person wants to identify himself as vaccinated - for example at the airport gate or when entering a football stadium - the organizer's software only checks whether the checksums from the blockchain and those from the presented QR code match.

The actual data is never transmitted online and should thus remain safe from data leaks.

display

The advantage of this solution is that it is impossible to change the blockchain unnoticed - e.g. deleting a data record - and reading out the data or falsifying the QR code is also impossible.

The only obvious weak point is the vaccination doctor himself, he could issue a certificate and sign it with his digital doctor's ID, although in reality he did not vaccinate the person in question.

"But that would risk the doctor's license to practice medicine," says Noller.

The solution is fully compatible with the requirements of the eHealth network of the European Union - this means that the vaccination certificate should also work at the airport in Paris or in the stadium in Spain.

The location information stored in the QR code is sufficient for this.

“From this, the system recognizes from other EU countries that it has to ask GovDigital in Germany in order to get the confirmation,” explains Noller.

A corresponding routing table for forwarding such international inquiries is currently being developed at EU level.

The schedule for the project is quite ambitious - this is one of the reasons why Ubirch was selected by the Federal Ministry of Health: The digital vaccination certificate, including practice connection and apps, should be programmed within eight weeks, then the software can be integrated into app stores and installed on practice computers.

At least that's what Noller hopes.

IBM was not ready to respond to a request from WELT, and the Federal Ministry of Health only referred to the publicly available tender details.

For all those who are currently vaccinated or will be vaccinated in the coming weeks, Noller wants to create an option for subsequent certification - but the doctor or the vaccination center who originally carried out the vaccination must be involved in any case. This is to guarantee protection against forgery. Since the data from the vaccination certificate remain with the patient, the patient must not lose the vaccination certificate - if this does happen, the only way to go is to the doctor again, because only the doctor can generate a QR code with the patient's data again, explains Noller . "We therefore recommend printing out the QR code and keeping it in a safe place."