Vaccine credentials will be a critical driver for economic recovery and safe return to commercial and social activities. But there are a number of technologies and issues to consider while choosing a type of vaccine credential and verification process to deploy. So far, the U.S. administration has recently identified at least 17 different existing initiatives. It makes it difficult for decision-makers to decide what kind of vaccine credential and verification process to issue. To demystify paper-based credentials for the public officials, the MIT Pandemic Response hosted an event on 9 April.

The vaccine credentials can take a form of a paper credential or an online platform. The paper-based vaccine credentials are easy to implement and easy to verify, they can be used in offline settings and do not require a lot of new technological developments. A patient gets vaccinated in a clinic and a receipt with a QR code is issued for her/him. A QR code is secured by a cryptographically secure signature that is printed on the vaccine credential. Individuals can then present this QR code while entering public venues.

Think about a paper-based credential as a ten-dollar bill as opposed to an online system with a mobile app that would be more like a credit card. When you purchase a service, you can pay with a paper banknote and get a receipt, or a merchant/venue can validate your payment in real-time when you pay with a credit card. The state officials’ decision ultimately boils down to whether it is good enough to get started with a system that is more like a ten-dollar bill as opposed to building a complex “credit card” system.

The choice between those two “mental models” revolves around six major issues: equity, privacy, security, fraud, open standards, and a level of centralized oversight of the system. A paper-based approach allows for more equitable access for the population as it does not require digital literacy or the use of additional devices. The privacy is preserved by minimal personal information being gathered, no additional data collection limits security breaches, and imprinted encrypted signature minimizes risk of fraud. Paper credentials do not require one centralized system as different states can issue their own QR codes and develop their own processes (just like different countries and regions can issue their own currency) as opposed to a credit card like system where a complex ecosystem of stakeholders needs to align on the use of the specific protocols.

The vaccine credentials developed by the MIT Pandemic Response modifies an existing CDC vaccination card. It is a foldable two-sided paper credential with instructions on one side and dosage information and a vaccination history on the inside. The inside also includes the QR codes credentials: 1) a badge QR code issued by a state with an encrypted full vaccine and dose information and a minimal personal identifier (for instance, name, date of birth), and 2) a status QR code that is used to enter a venue.

The state will issue a credential to an individual by using his/her data (name, date of birth) available from the vaccine registry or from the pre-registration site and encrypting it with a private key into a digital signature. And then print it as a QR code (badge) on a paper card. The status of the vaccination will be encrypted in the status QR code by the vaccination clinic. When an individual shows up at a venue, s/he shows the same QR code (status) and the venue can decode it and its digital signature via an app, using the public key provided by the state. The venue will also have to validate an individual’s ID information. And an individual cannot just modify that QR code as it would cause a mismatch with a digital signature.

There is no internet access required to verify credentials. The verifying venue can use an app in an offline mode as long as the app has the public key issued by the state. That is opposed to more complex online solutions, where both an individual and the verifying app have to have access to the internet. In the short term, no standardization of QR codes across the states is required as long as the states are deploying public and private keys. The complexity across the states can be later managed via a free universal scanning app that can scan any QR code.

The paper vaccination credential is like a one-way offline output with no linkage back to electronic health records for verification. And because there is no reverse linkage, you don't need a PII audit trail. There is no user data collection required. The paper-first approach also free-of-charge for businesses and individuals and requires minimal investment as opposed to commercial solutions as a pay-per-verification model or combined with paid cloud services. And it can be further modified so that the undocumented population can also be vaccinated without giving away their date of birth or full name.

Finally, no standards are required for the QR scanning apps deployed by the states. As long as public keys are available proprietary apps can emerge.