ICAO publishes public key Master List for digital health passes

A master list for authenticating digital health passes has been published by the International Civil Aviation Organization (ICAO) to help countries and organizations process trusted COVID-19 credentials.

The Health Master List provides the root of trust public key certificates for use with digital health passes including digitally-signed barcodes. The barcode is verified with its associated public key.

The system allows aviation stakeholders to verify the authenticity of digital documents, and therefore health status, without having to collect additional personal information, and has been anticipated by experts since the first digital health passes started rolling out.

The ICAO has also partnered with Luxembourg state computer security service InCert on a Public Key Infrastructure (PKI) initiative to back the Master List.

“The presentation of documentation related to COVID-19 health interventions has become commonplace since the onset of the COVID-19 pandemic, and many States originally issued health proofs appropriate for domestic and/or regional use cases,” comments ICAO Secretary General Juan Carlos Salazar. “The result was a variety of different national or regional formats being deployed, and proliferating travel restrictions due to low levels of confidence among State border, immigration and health authorities in the validity of travelers’ health documents.”

The public key certificates included have been verified according to strict procedures similar to the ICAO Public Key Directory used to verify the authenticity of biometric passports.

“The Health Master List concept is based on the same principles as the generic ICAO Master List now used to verify electronic travel documents,” Salazar adds. “It will complement existing national and/or regional solutions and provide an essential international mechanism for sharing public key certificates in line with WHO recommendations.”

Article Topics

authentication  |  biometrics  |  data protection  |  data sharing  |  digital ID  |  document verification  |  health passes  |  ICAO  |  ICAO PKD  |  mobile app  |  PKI