Covid-19 Vaccination Status Verification

Owned by Andrew Watkins
Last updated: 01-12-2021
14 min read

https://voluntarily.atlassian.net/browse/VP-1894

To enter a school site a volunteer must have a current COVID-19 vaccine certificate. (NZ COVID Pass). This is not optional under current (Nov 2021) settings. This paper describes the changes required to include checking of NZ Covid Pass certificates using the Voluntarily platform.

GOAL: The Voluntarily Platform should pre-validate volunteers to avoid inviting people who would not be permitted to attend and help to streamline any onsite validation processes.

NZ Covid Pass specification: https://nzcp.covid19.health.nz/

Schools and other volunteering venues are required to verify that volunteers and attendees meet the requirements of the current COVID control system. This includes verifying that people have a valid NZ COVID Pass as well as managing PPE and physical distancing requirements.

A typical onsite process would be:

  • Volunteer shows the NZ Covid Pass QR code on digital or paper copy . This is scanned with a mobile or web application on entry and the name and date of birth are compared to a separate identity document provided by the visitor e..g Drivers Licence, Passport etc.

  • Sights also have the choice of validating only a random subset of visitors and manually viewing the NZ COVID Pass - trusting it and comparing name to the volunteer/visitor.

The design of the NZ COVID Pass means that full confidence that the holder has been fully vaccinated occurs only if the the pass:

  • contains a data record that validates against the NZ govt signature public keys.

  • has not expired or been invalidated due to key changes

  • shows a name and dob that correspond to independent photo ID held by the visitor. e.g. Drivers Licence.

To avoid volunteers turning up at events without a pass voluntarily should pre-validate the volunteers status using similar mechanisms to the identity and police check verification.

Existing identity Verification.

Voluntarily.nz already provides mechanisms to validate the identity and police check status of potential volunteers. These are carried out with the support of a third party software service (CloudCheck) The identify verification process

Identity status is shown using icons on the website associated with a person’s username. A shield is shown with a popup hover box indicating the status e.g. email-verified. identity-verified etc.

When a opportunity has a specific requirement e.g. verified status, vaccinated status then volunteers are not given the option of volunteering on the site unless they have matching or better status. In addition the status of offering volunteers should be shown to the requestor/asker to allow them to confirm such status even if it is not set as mandatory.

 

In the case of schools events an NZ Covid Pass would only be required for volunteers attending in person and not for remote/video contributions hence the status is not generic to all school events - only those that are using in person volunteers.

The verified information is included in the person record

verified: [ { status: 'verified', _id: '5f4439fd37643200114b4704', name: 'email', value: 'andrew@voluntarily.nz', createdAt: '2020-08-24T22:06:53.345Z', updatedAt: '2020-08-24T22:06:53.345Z' } ],

NZ COVID PASS - Getting a pass

 

On completing vaccination a person can visit https://mycovidrecord.health.nz/ Here they have to register and login to gain access to their vaccination status.

The registration process requires signing up for a MyHealth account with the Ministry of Health

This account requires a validated identity. which is achieved either by providing identity documents (Passport, Drivers License) during the sign up process or by already having a validated RealMe Account

This online verification may be considered a high barrier to entry - its a complex process that requires showing documents to a mobile phone or laptop camera, or visiting a Post Office with documents. Many people will choose not to do this. However, as the covid pass is required to gain access to many events and venues we might reasonably expect our volunteers to have already taken this step. They will recognise the same process when we validate their identity.

Once signed in the person can view their vaccination status and request a pass. The pass is not downloaded - it is sent by email as a PDF attachment.

People can also request a copy of their pass on the phone  0800 222 478 and receive a physical (paper) copy to be sent in the mail. Pharmacies that are providing COVID-19 vaccinations can also help you request and print a My Vaccine Pass. 

The pass looks like this. The QR code decodes to a JSON object containing name/dob, expiry and some metadata.

 

Pre Validating the NZ COVID PASS

We can use the existing validation records to hold the vaccination status for a volunteer. To obtain the status we must view in some form the NZ Covid Pass. Currently there is no centralised API available to check a status so the only option is to somehow read the pass via the Voluntarily website.

This process conforms to the Large Scale out of band verification workflow identified in the covid pass spec https://github.com/minhealthnz/nzcovidpass-spec

Reading via the camera

To read by the camera the website would need to run client side javascript that can

  • gain permission to access the camera

  • start the camera

  • prompt the person to position the QR code on the screen

  • capture the image and send for validation.

The Vaxx.nz group (walt, ilya etc) have a prototype web based validator. However there are problems.

  • iOS wallet display of the QR code is too small to read

  • error/fail rate is high.

Reading the PDF directly

To read the PDF the person can drag/drop or attach their pass to their profile. This can be uploaded in the same fashion as their avatar photo. On the server side we can open the PDF and try to identify the QR Code.

  • We should be able to find the image in the PDF ( or it is an entire image)

  • There’s a chance that the QR content is also placed in the PDF metadata. - I looked, this is not the case.

using script pdf-parser.py I decoded the elements in an example covid pass. The metadata in the record does not contain any useful information. The contents contain text strings - with associated font, and one image obj185 that contains the QR Code as an RGB Byte array.

Cut and Paste from screen.

Similar to reading the PDF but using screen tools to capture the qr code to the paste buffer and paste onto the website. - we receive just an image stream. but complicated for the user.

Manual Validation and update of the Volunteer status

Following the existing model for identity validation we may also provide an Admin function that allows a volunteer to gain the required status value following a manual (mobile app) check of the pass.

This might apply during a volunteer onboarding session where many people are signed up. In a single step the admin may view identity documents, validate the covid pass and update the person’s status using admin privileges. However to provide this function would add an API entry point to set the verification status that is not usually required.

Security

Most people choosing to volunteer will have the required vaccination status and no interest in bypassing the security model. The negative case is for an unvaccinated person (or not fully vaccinated) who still wants to volunteer and is prepared to violate the trust of the school, or has been generally using a fake covid pass that they believe is sufficient.

Intermediate cases:

  • person has a valid pass that has expired - the person must be turned away or a local decision made.

  • the person is vaccinated but does not have a copy of their pass. or only has a paper copy. - the person can be validated at the event and given temporary access.

  • QR code appears ok but cannot be read accurately

To actively fake a pass requires the creation of a QR code that passes the validation checks and returns a persons name and dob. As it is very difficult to generate the signed pass it is most likely that the person hopes that the name is sufficient or they are able to get an independent ID in the name of the person vaccinated. As we independently check identity this would not work for Voluntarily.

Privacy

There are strict rules about storing personal health information. But the spec implies we can save the registration that the person has been checked and when we might want to ask again.

 

Exemptions

In the case of government approved exemptions we don’t have to take any decisions. If a person gains an exemption they will be issued a valid pass. The spec states

The Pass provides a verifiable proof that the person named on the pass is considered vaccinated for COVID-19, until the pass expires.
A person is eligible for a My Vaccine Pass when they meet certain health requirements for COVID-19 vaccination. These requirements are evaluated at the time the person requests the pass. If the person meets the requirements, the pass will be issued and valid for a set period of time.

https://github.com/minhealthnz/nzcovidpass-spec

Hence the pass is sufficient for meeting the conditions of the traffic light system regardless of the underlying health or status.

You can request a My Vaccine Pass if you are aged 12 or over and:

  • have had 2 doses of the Pfizer or AstraZeneca COVID-19 vaccine in New Zealand, or

  • been vaccinated overseas with an approved vaccine, or

  • have a medical exemption.

 

User Interface

The primary entry point for all forms of validation is the personal profile page

Here we can expand the verify identity button or add a NZ Covid Pass specific button.

The next page is the acceptance of terms and conditions and code of conduct

We have the option here of adding a COVID or General health and safety principle.

The next step is preparation for hand over to the identify verification.

 

We can either add the COVID pass on the end of this process or more likely offer both entry points so that people can return later.

 

The next step is after the hand off to cloudcheck live and is at url https://voluntarily.cloudcheck.co.nz/

On completion the cloudcheck site returns the updated verification. e.g Name Confirmed.

The person record now contains a longer verified object.

verified: [ { status: 'verified', _id: '61a58a42dce92000125ddb14', name: 'name', value: { given: 'ANDREW', middle: 'VINCENT', family: 'WATKINS' }, verificationReference: '0e07f79e-930d-4755-bc69-ed95032510bc', updatedAt: '2021-11-30T02:19:46.289Z', createdAt: '2021-11-30T02:19:46.289Z' }, { status: 'verified', _id: '61a58a42dce92000125ddb15', name: 'dob', value: '1962-07-19', verificationReference: '0e07f79e-930d-4755-bc69-ed95032510bc', updatedAt: '2021-11-30T02:19:46.289Z', createdAt: '2021-11-30T02:19:46.289Z' }, { status: 'not_verified', _id: '61a58a42dce92000125ddb16', name: 'address', value: { address: { city: '', street: '', postcode: '', suburb: '' }, dateofbirth: '1962-07-19', dateofbirthChanged: false, name: { given: 'ANDREW', middle: 'VINCENT', family: 'WATKINS' }, nameChanged: false }, verificationReference: '0e07f79e-930d-4755-bc69-ed95032510bc', updatedAt: '2021-11-30T02:19:46.289Z', createdAt: '2021-11-30T02:19:46.289Z' }, { status: 'verified', _id: '61a58a4296336600113bf708', name: 'email', value: 'andrew@voluntarily.nz', createdAt: '2021-11-30T02:19:46.716Z', updatedAt: '2021-11-30T02:19:46.716Z' } ], dob: '2021-11-30T02:19:46.000Z',

 

The additional record would a verification object. This is only written if both the pass decodes correctly and matches the person’s name so we don’t store anything other than the pass validated and the expiry date.

{ status: 'verified', _id: '61a58a42dce92000125ddb15', name: 'nz-covid-pass', "nbf": 1635883530, "exp": 1951416330, updatedAt: '2021-11-30T02:19:46.289Z', createdAt: '2021-11-30T02:19:46.289Z' },

 

Test verified status

The file api/personalVerification/verified.js provides a set of isXxxxVerified() functions that allow testing of the user verification record - this is simple to extend to include isNzCovidPassVerified().

This test checks for a validation record and that it has not expired.

Display Verification status

The existing method of showing verified is to show a single green shield icon with a numeric value - 0,1,2,3 etc showing the level where:

 

Currently the PersonVerificationBadge scans the list of verifications and just shows the highest level. However as COVID pass is independent the badge should be made more direct - showing each status.

We can extend this to show a second icon beside the shield. using the isNzCovidPassVerified() test directly and a suitable icon


Apply status to volunteering

We need to show the status of each person volunteering to the requestor of each opportunity. This is visible in the Manage tab of the opportunity where the volunteers are listed and can be accepted.

Here we can also show the verified status badges. We might also mark the row or grey out the accept button. Usually people should not get this far but that depends on the op having a suitable requirement marked.

How does an opportunity indicate its verification requirements?

The Op or template Act record must flag the required verification level. This requires a selection box (or set of check boxes on the form )

e.g

To participate in this event volunteers require which of these checks?

Email verified
Name & age verified
NZ COVID Pass verified
Police Vet.

The result is stored in the Opportunity record as an array of verification requirements.

How does a volunteer know the verification requirements?

The set of verification requirements should be shown in the summary and detail of an opportunity.

In the summary we can show this in the table following the date as an icon list. If the icon is hovered it should say [ NZ COVID Pass required ]. The icons might follow the location as they appear to be specific to the venue.

The offer to help button is the common entry point for a volunteer to indicate their interest in an opportunity. Clicking the button pops up a short dialog

Rather than disable the offer to help button we should at this point compare the volunteers validation with those required for the task. If they match or exceed then we should the Thanks for helping out dialog above. If they do not match we should show a similar dialog detailing what is required.

 

Thanks for Volunteering X

For this event you need to be:

email verified

name verified

NZ COVID Pass verified - (Get Covid pass Button)

Police Checked. (Start Police Check Button)

Implementation

Work required

  • UI Design - clarify where we inject the COVID pass

  • design standard set of icons for the verification states.

  • confirm Text for dialogs.

  • Start validation entry page, purpose & instructions - see verification/safety for model. must do identity check first.

  • Upload NZ Covid Pass PDF to server.

  • Verify pass

    • Code to extract image from PDF

    • code to convert QR code byte array to decodable byte string.

    • obtain & Cache updated valid public keys from the MOH source site.

    • decode QR Code & validate

    • confirm names match with identity verification.

    • write record to person verification - store errors somewhere.

    • remove uploaded file.

  • Add isNZCovidPassVerified function - include expiry check.

  • Add Icon to profile badges.

    • Hover should show expiry date

    • change representation if expired or close to expiry

  • Add verification badges to Manage opportunity volunteer list.

  • Add verify requirements check list to Opp and Activity Forms

  • store verify requirements in Op record & schema

  • Show verify requirements on Op (and Act) summaries.

  • function to match verify requirements for volunteer & op.

  • RegisterInterestItem dialog to show match between requirements and actual with buttons to complete verification. - Only enable COVID button if identity available.

  • Perhaps add to onboarding flow ?

  •