InfoconDB

Presented at ShmooCon 2023, Jan. 21, 2023, 2:30 p.m. (30 minutes)

Presenting personal information in the form of a QR code has become a daily reality for many during the Covid pandemic. In many jurisdictions across the globe, people showed their immunization information using a SMART Health Card (SHC) credential, a medical standard that gained rapid adoption. The paradigm of presenting information about oneself can easily be generalized beyond this health scenario.

In this presentation, I’ll first give an overview of the SHC framework, focusing on its security features and describing its deployment in the United States and Canada, sharing the lessons learned from such a challenging effort. I’ll then present a generic framework to issue QR codes that can encode attributes of any type. I’ll also introduce a strong privacy feature allowing users to only disclose a subset of the encoded attributes, addressing one privacy critique of SHCs. Finally, I’ll give a demonstration and describe the open-source specification and reference implementation for this generic framework.

Presenters:

Christian Paquin
Christian Paquin (@chpaquin) is a crypto/security specialist in MSR’s Security and Cryptography team. He’s currently involved in projects related to post-quantum cryptography, such as the openquantumsafe.org project. He’s also leading the development of the microsoft.com/uprove technology. He is generally interested in bringing cryptographic research into real-life applications. He has recently helped develop the SMART Health Card framework, subject of this talk, contributing to the specifications and open-source tools. Prior to joining Microsoft, Christian was the Chief Security Engineer at Credentica, a crypto developer at Silanis Technology working on digital signature systems, and a security engineer at Zero-Knowledge Systems building a precursor to TOR.

US Covid19 Immunization Credentials + Privacy-friendly QR Codes for Identity

Presenters:

Similar Presentations: