BLOCK.CO’s Proposed Solution for "SafePass" - Part II

It was clear for us from the outset that for a solution that would involve citizens with different levels of technology literacy to work effectively, it would have to be above all simple to use.

BLOCK.CO’s Proposed Solution for "SafePass" - Part II

In continuation to our previous blog concerning Cyprus Deputy Ministry’s of Innovation and Research RFP for a blockchain-based “COVID Pass”, in building our proposal, it was clear for us from the outset that for a solution that would involve citizens with different levels of technology literacy to work effectively, it would have to be above all simple to use. No need for software downloads, easily accessible, with as little as possible for the citizen to have to do. At the same time given the sensitive nature of the process, the security of citizen data was for the Government a top priority, followed by the need for flexibility of the system given the fluctuating time periods of tests, vaccinations, and recoveries, coming in and out of effect.

Based on the published document, there would have been 3 types of certificates:

· Rapid/PCR Test (expire automatically after 3 days)

· Recovery (expires automatically after 6 months)

· Vaccinations, dose 1&2 (no expiry date)

Data entry

Data for each type of certificate would have been submitted to BLOCK.CO either through a web-app at the point of collection, or centrally through an API endpoint (individually or in batches), or a combination of these two.

Only required data:

- anything that can uniquely identify a person (ID card number, passport number, yellow slip number). These could be only partially registered, i.e., last 3 digits.

- A means of communication with the person (email or phone number), for sending the issued certificate and possibly other notifications (expiry of certificate etc.)

If the Government so wished, any additional data could have been included in the certificate, either on the face of the PDF document or as embedded metadata that would be displayed when the certificate was validated.

Data processing

Once the data arrived at BLOCK.CO's servers, a PDF document would have been generated and stored for each certificate needed (according to a given template or design for every different certificate type).

Blockchain anchoring

The PDF document would then be processed to generate a unique digital fingerprint. Every ~5 minutes these digital fingerprints are broadcasted together as a transaction to the blockchain network.

Once the transaction was accepted (mined) in the blockchain (average time 2.5 minutes), it would become irreversible. Thus, the PDF documents would have been "anchored" on the blockchain.

Dissemination of certificates

The anchored PDF certificates would then be disseminated to their respective owners via the means of communication they provided. In either case (email or SMS), a unique link would be sent which points to the PDF certificate's validation page.

For people without access to smartphones, email or internet, the certificate would be returned at the point of collection (vaccination or test center) where it could have been printed, containing a Blockchain anchored QR code, and handed to the owner.

Certificate validation

At any point where the certificate needed to be validated, the citizen would need to present the printed certificate or visit the validation link that had been sent to him.

The validating party then would scan the QR code displayed on the certificate which would take them to the same validation page. The validation page displays the stored PDF certificate and validates the PDF document against the data contained in the transaction on the blockchain. If the validation displays a "valid" status for the certificate, the validating party should check that the identity of the person was the same as displayed on the certificate (ID card, passport etc.)

Certificate revocation

A certificate revocation would have been possible independently by the authorities for a specific certificate for whatever reason. If such a transaction was encountered during the validation process of a document, then the document would have been rendered invalid.

To sum up, all the citizen needed to do at the collection (vaccination/testing) point, was to present a personal identification document and give an email address or phone number.  At the validation point, either present a paper document or an electronic file/link attached to an email, and have it checked to the personal document.

For more info, contact BLOCK.CO directly or email at

Tel +357 70007828

Get the latest from BLOCK.CO, like and follow us on social media: