The COVID-19 pandemic has emerged as a highly transmissible disease which has caused a disastrous impact worldwide by adversely affecting the global economy, health, and human lives. This sudden explosion and uncontrolled worldwide spread of COVID-19 has revealed the limitations of existing healthcare systems regarding handling public health emergencies. As governments seek to effectively re-establish their economies, open workplaces, ensure safe travels and progressively return to normal life, there is an urgent need for technologies that may alleviate the severity of the losses. This article explores a promising solution for secure Digital Health Certificate, called NovidChain, a Blockchain-based privacy-preserving platform for COVID-19 test/vaccine certificates issuing and verifying. More precisely, NovidChain incorporates several emergent concepts: (i) Blockchain technology to ensure data integrity and immutability, (ii) self-sovereign identity to allow users to have complete control over their data, (iii) encryption of Personally Identifiable Information to enhance privacy, (iv) W3C verifiable credentials standard to facilitate instant verification of COVID-19 proof, and (v) selective disclosure concept to permit user to share selected pieces of information with trusted parties. Therefore, NovidChain is designed to meet a high level of protection of personal data, in compliant with the GDPR and KYC requirements, and guarantees the user's self-sovereignty, while ensuring both the safety of populations and the user's right to privacy. To prove the security and efficiency of the proposed NovidChain platform, this article also provides a detailed technical description, a proof-of-concept implementation, different experiments, and a comparative evaluation. The evaluation shows that NovidChain provides better financial cost and scalability results compared to other solutions. More precisely, we note a high difference in time between operations (i.e., between 46% and 56%). Furthermore, the evaluation confirms that NovidChain ensures security properties, particularly data integrity, forge, binding, uniqueness, peer-indistinguishability, and revocation.
Keywords: Blockchain; COVID‐19 pandemic; GDPR; KYC; W3C verifiable credentials; digital health certificate; privacy self‐sovereignty.
© 2021 John Wiley & Sons Ltd.