Technical Details (newer version available 1.1)

Right now I am looking at a X.509v3 infrastructure widely used by the Internet and also a blockchain application.

Since I know how the X.509v3 part works and have the IP to use this in the US, this would be my preference, but there are political problems in getting states and cities to implement the basic schema, which has existed in digital certificates since 1991.

If you have gotten a digital certificate or created a digital certificate you know how the schema works.

The actual structure of the attribute certificate is less well known, and to my knowledge
not as well implemented as identity certificates.  This is both proprietary, open source, and importantly a ISO standard.

Blockchain

Microsoft is helping with blockchain development, and  I want to pull in partners from my blockchain healthcare contacts.

This is open source. As such there is a delay to get up to speed that will match the delay in the availability of the tests.  Part of the prototype backend is being built on Microsoft Azure, for simplification, it should be able to be built and deployed on any cloud provider however for the targeted community of interest related to your use case.

Who is your use case?  I am focusing on Uber/Lyft drivers. Maybe you are a developer for Epic or a hospital IT admin who develops apps. Perhaps you work for a large company that has an Active Directory foot print. A large college or University. A city government public health department. Maybe a Navy secretary. Someone who focuses on the under served such as the homeless? At some point the solution (or any developed version of the solution) has to be administered and maintained by someone and then scale to specific communities of interest that have their own unique privacy and security requirements.

The TL/dr is that a blockchain approach is very attractive, your blockchain is private,  the labs and healthcare providers are on a public blockchain and they attest to the validity of the serology test by digitally signing the result. There are existing healthcare data transfer and verification mechanisms that can be pulled in.

As a patient you have every right to voluntarily share your Covid status with whomever you want. This is a vast simplification from public health that must maintain a privacy shield around people who test positive with the rtPCR test. Your right to use your health data is informed consent and part of a larger set of immutable rights for every human regardless of political location.

What we see now in some Covid applications is a questionable application of human rights. So this must be addressed in the requirements. Public Health, Law Enforcement and National Security can share this data as they see fit per regulations. As an individual you do not have these restrictions but neither can you stop them from gathering data. Ultimately they need to commit resources, but at this point they failed the containment phase by allowing the spread of the virus. We don't also want them to fail the recovery phase by stopping people from working who have tested immune. I hope that is logical, it has been endorsed by public health officials.


A healthcare provider must share it with you in a format you choose. To make it simple for the prototype  we will use the already exisiting FHIR protocol that can transfer data into Apple health. At that point the app or native applications will display the data or communicate the data in the format that you wish, QR code, NFC, Air Drop, email as an attachment, and so on.