Source

Background

The following information is based on a proof of concept. There is still a lot of work to achieve in order to make this a real, working app in the field. Given the current situation, we are working extremely hard to make this a reality for those that need it most.

Coronavirus is in widespread mode now. Viruses do not know of boundaries and race. In order to control such a pandemic, it is everyone’s responsibility to follow certain safety rules to keep themselves and their loved ones safe.

Medical professionals are fighting in the hospitals.

What can we do at the community level?

Community level control is the most complicated case. Everyone (including businesses) are involved. Currently, the most effective solution is to completely shut down certain areas and request that people stay at home. This kind of isolation helps a lot for us to overcome the disease in its early stage. China had the outbreak in January, and the entire country spent resources on getting the disease in control. This was achieved in 1.5 months.

Use case

The disease outbreak is the reality, but our daily life should still go on. There are several use cases we’ve studied during this period, all of which fit perfectly into the platform we have quickly developed as a solution.

Should we just simply shut down the universities, shopping malls, and office buildings?

The simple solution is yes, we should.

However this is not sustainable.

During the crucial time of a disease spreading, we need to give people certain level access to buildings. The solution is to make sure people who want to have access, have a safe code that the gatekeeper/security can check. The current practice in China is to measure your body temperature at the gate, then check a code provided by a mobile carrier which indicates you are not from the infected area in the past 14 days. If both statuses are green, you are free to go. This is just part of the normal day to day life in China now. People are very cooperative, and it works very well in society. By showing the code, I can access almost everywhere I want to. It’s a nice balance between strict control and freedom.

To implement this solution, there are lots of hurdles. This is putting a lot of workload on the people at the frontline. Most of them have to do it manually. In most cases, they just ask you several questions and grant you access based on your yes or no answers. It’s easy to make mistakes, and it is also easy to get infected by being too close to another person during the process.

In order to make it safe, and also make it sustainable, we need to have a system in place. It should have several basic elements:

Gather important data (with person’s permission) for the green code.

Check temperature and submit with evidence.

Remote appointment and approval (touch-free process instead of a lot of contact with pens, paper and desks).

This can reduce the workload and improve accuracy. If all this raw evidence and data points are recorded on the blockchain, it will be immutable, which is also good for tracing back to a particular point when any incident happens.

People will more than likely comply during this chaotic period. However, will they do it in the future if some areas make it a regular access policy?

Doubtful.

Because of this, an incentive plan needs to be put into place inside the system. We need to encourage people to report data into the system and maintain their green status QR code. We also need to recognise the people who actively scan and check codes at the gate, and provide them with good rewards.

The value of this system is not just for the present, it’s very important for the recovery period and long term process. When a company, school, or factory is back to normal, if they don’t have these kind of tools and measurements in place, one sick case will cripple the whole organisation back to ground zero. It will cause huge financial losses across the board. The mortality rate caused by coronavirus is around 2%, but the financial loss to a company and their families could cause a much higher risk and danger.

In the long term, this becomes the dynamic personal health status passport. All of which will be under strict privacy control.

Solution

We quickly came up with a solution: GreenPass

The prototype was created from scratch within a week (yes, that’s a fairly accomplished mission impossible.) The first version focuses on the three most used scenarios:

Regular reagent check status: Positive or negative.

Regular body temperature measurement data: Value and range check.

Travel region data: Personal trace of past 14 days, have they accessed certain areas?

If all of the conditions are met in normal range, the person will get the green QR code as pass. They might also get a yellow or red pass if there is an issue. By showing the code to the guard of the location, the guard uses the same app to scan the QR code and either grant or deny access. At the same time, it records the data point on the blockchain, utilising the joint digital signature of the guard and visitor.

The platform has an open structure for the data type and rules. More rules can be added quickly as needed. The data and statuses are updated daily, so it’s a dynamic pass to ensure the safety of the person and the area they are visiting.

The app also provides a simple appointment service. The visitor can make appointments remotely and share his pass status. The guard or administrator of the location can approve or deny the access in advance. At the gate, the verification is a simple QR code scan. This completely streamlines the process and reduces close contact risk.

All data points are recorded onto the blockchain, associated with the personal ID. In this case, we are using the Elastos DID sidechain + eID Chain.

In order to make the app relevant and sustainable, an incentive program is implemented via smart contract to encourage all parties to participate actively in the loop. They will be rewarded by doing so.

Privacy Protection

Because this is personal data we are dealing with, it requires strict privacy control. This is the most important aspect of “You own your data”.

The identity is using personal eID and DID. All data associated with this ID confirms the true ownership. The data is encrypted and stored in personal cloud disks, or other places with the user’s digital signature. The hash of the data is stored on chain — in the eID chain and DID sidechain.

The data analysis service can read user data with the owner’s personal permission. This will generate the results, such as a QR code with colour status. The code can be presented to the person who needs to validate the green status. The analysis process is essentially an algorithm. It’s simple now. When it evolves, we will place into the future Leo trusted execution environment.

Product (Phase 1)

The first working version of the app (Android) is the results of one week of hard work by the DMA dev team, built from scratch to fully-functioning. It has already been demonstrated to some potential clients:

The following are some typical screenshots of the app.

GreenPass Personal Status Code

Detailed Records

Multi-type data submission (Reagent test, temp check, mobile carrier.)

Appointment and Access Control

Competitive Analysis

There are a number of players in this field in China. The most popular being the health QR code by Alipay. It’s a centralised solution that gathers data through their channels without anyone’s permission, such as mobile carriers.

There are two problems with this approach.

Firstly, the data source is just not enough. It doesn’t have the ability to collect daily health data. So the status it shows in the QR code is partial and not sufficient at all. It’s mainly showing a person’s geolocation over the past 14 days.

Secondly, the data gathering doesn’t have the permission from the individual. The data belongs to the platform not the person. It can be a quick solution but cannot sustain long term. No one is willing to give a monopolistic platform more personal data for free.

GreenPass solves these issues in a completely new way. It’s an open platform that can accept any type of raw data, which can then be put on the blockchain where it is completely immutable.

The platform doesn’t own any user data. All data is associated with the personal digital identity (DID and eID).

This helps users submit data to the personal data space, but it has no ability to use the data without the data owners permission. At the same time, it helps users maintain their lifetime health record and associated data in a decentralised world. This becomes the user’s property in the long run.

If we analyse the competition space, the key points are:

Platform being the owner of data, not the user

Platform can use data as they wish, vs needing user permission

Centralised solution vs decentralised solution

Without privacy vs based on privacy control

Participants

This is the joint effort of the LEO community team, MPF team, eID vendor team, and the Elastos Ecosystem team. DMA team is part of the LEO on Elastos community team, and led the product development in this phase.

Call For Action

This is a use case that has a clear global fit. I encourage our dear community members to think about the fitting use case in your own community, your school, your church, your company, and your city. etc. We will be happy to work with you to tailor this solution to your individual case.

Please feel free to share your thoughts, ideas, and opportunities in the DMA Telegram Group

When problems arise, most people just see it as a finalised problem and walk away. The entrepreneurs see it as an opportunity, and solve it. Let’s work on the latter together. This is affecting everyone’s life globally, and if it can be adopted in certain places, the user growth will be solid.

-Brian Xin (Shanghai, China)