PathCheck
  • Paper-first Vaccination Journey
  • Introduction
  • Benefits and Limitations
  • Working Groups
  • FAQ
  • Videos & Demos
  • Participate
  • Join Our Slack
  • QR Credential Specifications
    • Trifold Card Design
    • PaperCreds Specification
    • PaperCreds Demonstration
  • Opensource Codebase
    • Boost Vaccine Diary App
    • Credential Issuing Portal UI
    • Credential Issuing Portal API
    • Business Checkin App
  • Vaccine Dashboard
  • MIT Media Lab
  • Trusted Pandemic Tech at MIT
  • PathCheck Foundation
  • About us
  • News and Updates
  • Our Team & Volunteers
  • Exposure Notification App
Powered by GitBook
On this page
  • Benefits
  • Limitations

Was this helpful?

Benefits and Limitations

All you need to know to understand if our solution works for you

Benefits

  1. Easy of Learn and Use:

    1. Everyone knows how to work with paper

    2. Holders do not have to remember any secrets at all

    3. Users carry a minimal additional physical object

    4. No electronics, no accounts, no payments

    5. Error-proof procedure for any age

  2. Trusted:

    1. The signed payload is cryptographically protected and thus impossible to tamper

    2. Issuers place their public keys on their DNS records, facilitating trust from a known website

    3. Observation-proof: Signed cards are bound to a person's ID. An attacker cannot impersonate a user after observing them present a credential

    4. Knowledge-proof: It is not possible for an attacker to impersonate a holder by exploiting knowledge of personal details

    5. Hack-proof: Nothing a verifier could possibly leak can help an attacker impersonate the user to another verifier

    6. Theft-proof: An attacker in possession of a Holder's credentials cannot use them for presentation to another party.

  3. Small:

    1. Complete QR-code payloads range between 100 and 200 bytes, ideal for low-end and feature phones

    2. It is ideal to cheaply transfer the payload via SMS

  4. Private with selective disclosure:

    1. Users can easily choose which attributes to present and withhold the rest

    2. No centralized PII, no exposure to government, private companies

    3. No central point of failure

    4. No need for PII at the vaccination site or at tracking systems

    5. Protection for vulnerable populations

  5. Easy to backup: A picture serves as a backup of the code

  6. Negligible Cost per User

  7. Generalizable: Any record/payload can be created and signed in the same format

  8. Modular: Add QR Codes to app/computers for additional features

    1. Scheduling, Reminders, Backups, Self-reporting, etc

  9. OpenSource Specifications under MIT License

Limitations

  1. Traceability of the QR Codes is possible by colluding verifiers

    1. Solutions include generating multiple salted QR Codes to be given away as opposed to one code that is read everywhere

  2. Chance of losing the card, losing the data

    1. The issuer might have a copy of the event record, but it is not a requirement

    2. Apps and pictures of the card can serve as a backup

  3. No Revocation of cards/credentials

    1. The only option is to remove the public key from the database, invalidating all certificates

  4. Card information itself is not encrypted

    1. The only information security feature is on the tri-fold mechanism of the paper card

PreviousIntroductionNextWorking Groups

Last updated 4 years ago

Was this helpful?