Sure.

Exactly. Then on both the tablet and my phone, there is a success message displayed. Then at this point, the bouncer knows I have a valid vaccine record, and I can be allowed into the bar. Let me now do a quick context switch back to my slides.

Yes. Now on the app, what it’s actually asking, it’s asking me for my permission to reveal these four attributes and I have to grant consent to reveal it to the IRMA server. I hit yes, and then the tablet would be displaying.

Now I will do the same thing. I will on the IRMA app, scan this QR code. It’s again, asking me to enter a pairing code, but of course, I think at the bar this would probably be disabled.

Correct. Yes, but it’s analogous to a bouncer checking someone’s ID. In terms of, yeah.

Exactly. This would be corresponding to, for example, the bouncer at the bar having a tablet that is constantly showing these new QR codes for people to scan as they enter.

Exactly. Sorry, good question.

Mm-hmm.

Now, if you scroll down on the demo website a bit more, you can now verify this vaccine record. Again, I won’t read all of the text here. It explains a little bit what’s happening. What essentially, this is doing is it’s starting another IRMA session that is checking if ...

Fortunately, Jimi Hendrix has been vaccinated and boosted. Then at the bottom it asks me if I want to save this credential. I want to save. Then back on the front end, it gives me a success message. This was the entire issuance process.

Now on my laptop screen it’s saying follow steps in the IRMA app. What’s happening in the IRMA app, it’s showing me, hopefully you can see this. Tell me if you can’t. Showing me the credential I just downloaded. This is for Jimi Hendrix. It has all the information.

When I press that, I can now scan the QR on my screen. Now at this point, what it’s doing, this is the default behavior of the JavaScript front end. It asks for a pairing code, which is displayed on my phone and that’s just to prevent session hijacking, but ...

It’s very simple. This corresponds to a website that maybe the CDC would run, where people can download their vaccine record. When I open the IRMA app on my phone, it takes me to this welcome screen that is an empty collection of credentials. At the bottom, I’m not sure ...

This vaccination record is a single credential that contains this set of attributes, so it contains your name, your ID number, whether you are fully vaccinated against COVID, the name of the vaccine, when you finished getting vaccinated, if you’ve been boosted, the name of the booster, and when you ...

Great. The very first thing that you’ll see at the top there is a banner that says download your vaccine record here. I won’t read all of this text. What it’s basically saying is that I made a dummy vaccination record that you can download using my fork of the ...

At this point, I’m just going to give you a short demo of how this looks like. I have two demos. This is the first half. If you want to look at any of this up close, I have some links on this slide for you.

As a bonus, all of these verification and issuing sessions are anonymized. This prevents verifiers and issuers from tracking users even if they’re cooperating and colluding with each other.

They don’t reveal all the attributes of a credential. They just reveal the ones that are necessary, but prove the entire credential they own is a valid one. I have a valid vaccine card for example. The verifier will learn then only about the revealed attributes but nothing about the ...

Users are then only required to reveal certain attributes, the necessary ones, while they basically cryptographically prove that they have possession of the authentic parent credential.

Additionally, we have verifiers who need to know certain attributes to provide some service. They don’t need to know all attributes. In this case, a verifier might be the bouncer at a night club who should know my age and vaccine status to let me in. They don’t need to ...

An attribute could be, for example, a vaccination date like the date of your last booster. Or it could be that you are over 18. Or it could be your address or the city you live in to prove that you’re a resident of Taipei, for example.

A credential itself, though, is not the fact that you are over 18. It’s actually a set of attributes where each attribute is an atomic piece of information.

At a basic level, the way IRMA works or Idemix works is that users are obtaining a cryptographically signed credential from some issuing body, an issuer. This could be for instance, the Taiwan CDC issuing a vaccine record or your city or county government issuing you a record stating that ...

On this slide, what I’ve done to try and make the information clear because there will be a lot of text, I’ve tried to put actors and people in italics and any vocabulary that’s necessary to pay attention to in bold.

They have their fingers in a lot of different privacy-preserving technologies. IRMA is based on this protocol called Idemix which is doing exactly what we’re trying to do which is prove you have some attribute based on a selective disclosure that only requires you to reveal information that is relevant ...

IRMA is an existing smartphone app that’s an online service that’s developed by a privacy non-profit, Privacy by Design Foundation, in Nijmegen in the Netherlands. I’m not sure if you’ve heard of the before.

Also, that you have some attribute that you are vaccinated. This problem of implementing an attribute-based credential system that is private is exactly the problem that this tool IRMA has been designed to solve.

That’s an excellent point, and also, a very good segue to my next slide. Basically, what this type of procedure or this type of process is called is a so-called attribute-based credential. For example, showing that you are old enough to go to bar in the first place is showing ...

Yes.

Please.

This isn’t the only problem, which is that even if these are authentic vaccine records, they still contain things like your name, your date of birth, your passport number, your ID number. This is a lot of private information on these cards that you would be revealing to someone when ...

However, there’s a problem, which is that, for instance, these yellow cards are incredibly easy to forge. This was a recent article in the English language “Taiwan News” that showed somebody selling fake vaccine records on Shopee for 500 NTD. This is itself quite a problem, going back to our ...

We want to be able to ensure that these credentials are authentic and that they belong to the person who’s presenting them. On top of that, of course, we would love to protect people’s individual privacy as much as possible. These are the overarching goals that we’re trying to achieve ...

As a very broad start to this discussion, what we really are trying to do is when someone needs to show vaccination record, for instance go to a nightclub or a bar, then what they’re really showing is that they own some credential. Here, we’re showing we have a vaccination ...

Some of this discussion actually predates the recent changes. There’s one aspect that we were still interested in discussing, which was this idea of using privacy preserving vaccine passports, and to specifically use this protocol, Idemix, and this tool called IRMA.

Just to maybe say one or two quick things about the background of this. This comes from actually several months of discussion that Tanja, D.T., Bo-Yin, and I have been having. I believe D.T., on his side as well, has been having discussions about making the various COVID-19 contact tracing ...

From this point, I’m going to full-screen the slides, which actually means I can’t see anybody. You’ll have to interrupt me vocally if necessary. Please feel free.

I know for a fact that some of us have smaller screens than others, just so that everyone is able to access the information. One other quick thing I wanted to say is that the slides are actually uploaded to the URL that you might see at the top of ...

…Sorry.

If anything is hard to see, please interrupt me so I can make it easier. The other thing…

Sure, I’ll happily take it from here. Just a quick note before I begin, most of the presentation, it will just be me going over a slide presentation, but I do have a demo that requires me showing a few things on my phone to the webcam. You can resize ...