How can you bring people back to physical locations such as the workplace or airports without compromising on safety protocols? And, how can you ensure that the information being shared is secure? IBM Digital Health Pass can help. Digital Health Pass is an open standards-based platform that allows the secure, privacy-preserving, and verifiable exchange of data between organizations and their patients, employees, customers, and citizens, to drive agile and responsive businesses. Data is exchanged as verifiable credentials that, in combination with sophisticated cryptographic and obfuscation techniques, makes data tamper-proof so that it can be trusted by all parties.
In this tutorial, learn about Digital Health Pass, and explore features like creating a schema and issuing credentials using the Digital Health Pass API, which can be integrated into different applications to build end-to-end solutions effectively.
Estimated time
It should take you approximately 45 minutes to complete this tutorial.
Prerequisites
- Be registered for and have access to IBM Digital Health Pass
- Have access to Digital Health Pass APIs, and have downloaded the Digital Health Pass Wallet and Digital Health Pass Verify mobile applications
Steps
Step 1. Authorize the user
Log in to the Digital Health Pass API in the Swagger UI using your credentials, then click Execute.
Copy the access token (excluding the double quotation marks), and click Authorize.
Paste the access token in the
Value
field.Click Authorize, then Close. You are now authorized to make API calls.
Step 2. Choose a schema
Use the following steps to query existing schemas or create your own. To query existing schemas:
Navigate to the schemas Manage schemas section in the Swagger UI, click GET /schemas Get schemas, then click Try it out.
Update the
Issuer ID
field, and click Execute.
Upon successful execution of the query, you see the following message with the retrieved schema information. You can download this information to your local file system.
To create a new schema:
Navigate to the schemas Manage schemas section in the Swagger UI, click POST /schemas Create schema, and click Try it out.
Update the details in the text boxes, and click Execute. The server response should return with the code
200
to confirm successful execution.
The following images show a sample Temperature Scan
schema.
Step 3. Issue a credential
To issue a credential:
Navigate to the credentials Manage credentials section in the Swagger UI, and click Try it out.
Update the fields such as the Issuer ID, Credential type (string or encoded), Output type (string or qrcode), and click Execute.
The following image shows a sample temperature
credential with a (string format)
.
The following image shows a sample temperature
credential with a (qrcode format)
.
Step 4. Verify a credential
To verify a credential, your application must be able to read a credential (QR code or file) and verify it. Minimally, verification involves looking up the ledger to:
- Check that the Issuer DID is a valid and trusted one. (The issuer DID is in the credential.)
- Retrieve the DID document, which contains the public key used for verifying signatures.
- Retrieve the schema of the credential. (The schema DID is in the credential.)
- Check that the credential has not been revoked. (The credential DID is in the credential, and is in the revocation registry if it has been revoked.)
After you have all of this data in your application, you can run the verification logic. This can vary depending on your application requirements, but minimally requires:
- Checking that the credential is not expired (
expiryDate
in the credential). - Checking that the credential is not revoked. (This is already done in the ledger look-up.)
- Checking the credential signature block (using
PK
retrieved from the ledger). - Checking any application-specific logic, such as verifying the identity and checking field values.
A future tutorial will explain in more detail how verification works, including providing code samples. To quickly get started, you can download the IBM Digital Health Pass Verify app from the Apple App Store. The app lets you scan a QR Code, then verifies the credential. The demo video in the next section shows how the Digital Health Pass Verify app works.
Step 5. Manage credentials
If you want to build a wallet directly into your existing mobile application, then there are a few things that you must consider:
- Secure storage of the wallet data
- Loading a credential into a wallet, such as scanning a QR Code, and performing verification before loading it
- Providing a credential viewer so that the holder can view the data in the credential
- Generating a QR Code to let the holder share the credential with a third party
A future tutorial will explain in more detail how you can integrate credentials into existing mobile applications. To quickly get started, you can download the IBM Digital Health Pass Wallet app from the Apple App Store. The app lets you scan a QR Code to load a credential into your wallet, verifies the credential, saves it in your wallet, lets you view the details, and generates a QR Code to share with a third party.
The following video shows how the Digital Health Pass Wallet app works.
Summary
In this tutorial, you learned about IBM Digital Health Pass and also explored features such as creating schemas and issuing credentials using the Digital Health Pass API, which can be integrated into different applications to build end-to-end solutions effectively. If you have questions, look at the FAQs to get more details.