In the context of COVID-19 pandemic, the Moroccan Interior and Health Ministries have proposed to use the health pass with a QR code to identify vaccinated people. Additionally, the government suggested a mobile application to control the health passport authenticity. However, the key problem is the possibility of anyone scanning the QR code and figuring out citizens' private information, causing severe issues about individual privacy. In this work, the main contribution is integrating a private Blockchain-based digital health passport to ensure high protection of sensitive information, security and privacy among all the actors (Government, Ministry of Interior, Ministry of Health, verifiers) that comply with the CNDP (National Commission for the Control of Personal Data Protection) and the Moroccan Law 09-08. In our proposed architectural framework solution, we identify two types of actors: authorized and unauthorized, to limit and control access to the citizens' personal information. Besides, to preserve individuals' privacy, we adopt on-chain and off-chain storage (Interplanetary File Systems IPFS). In our case, smart contracts improve security and privacy in the health passport verification process. Our system implementation describes the proposed solution to grant individual privacy. To verify and validate our approach, we used Remix-IDE and Ethereum Blockchain to build smart contracts.
Keywords: Blockchain; CNDP and Law 09–08; Ethereum; Health pass vaccination; Individual privacy and security; Smart contract.
© 2022 The Authors.