Comment on page
Benefits and Limitations
All you need to know to understand if our solution works for you
- 1.Easy of Learn and Use:
- 1.Everyone knows how to work with paper
- 2.Holders do not have to remember any secrets at all
- 3.Users carry a minimal additional physical object
- 4.No electronics, no accounts, no payments
- 5.Error-proof procedure for any age
- 2.Trusted:
- 1.The signed payload is cryptographically protected and thus impossible to tamper
- 2.Issuers place their public keys on their DNS records, facilitating trust from a known website
- 3.Observation-proof: Signed cards are bound to a person's ID. An attacker cannot impersonate a user after observing them present a credential
- 4.Knowledge-proof: It is not possible for an attacker to impersonate a holder by exploiting knowledge of personal details
- 5.Hack-proof: Nothing a verifier could possibly leak can help an attacker impersonate the user to another verifier
- 6.Theft-proof: An attacker in possession of a Holder's credentials cannot use them for presentation to another party.
- 3.Small:
- 1.Complete QR-code payloads range between 100 and 200 bytes, ideal for low-end and feature phones
- 2.It is ideal to cheaply transfer the payload via SMS
- 4.Private with selective disclosure:
- 1.Users can easily choose which attributes to present and withhold the rest
- 2.No centralized PII, no exposure to government, private companies
- 3.No central point of failure
- 4.No need for PII at the vaccination site or at tracking systems
- 5.Protection for vulnerable populations
- 5.Easy to backup: A picture serves as a backup of the code
- 6.Negligible Cost per User
- 7.Generalizable: Any record/payload can be created and signed in the same format
- 8.Modular: Add QR Codes to app/computers for additional features
- 1.Scheduling, Reminders, Backups, Self-reporting, etc
- 9.OpenSource Specifications under MIT License
- 1.Traceability of the QR Codes is possible by colluding verifiers
- 1.Solutions include generating multiple salted QR Codes to be given away as opposed to one code that is read everywhere
- 2.Chance of losing the card, losing the data
- 1.The issuer might have a copy of the event record, but it is not a requirement
- 2.Apps and pictures of the card can serve as a backup
- 3.No Revocation of cards/credentials
- 1.The only option is to remove the public key from the database, invalidating all certificates
- 4.Card information itself is not encrypted
- 1.The only information security feature is on the tri-fold mechanism of the paper card
Last modified 2yr ago