QR codes 馃憤
Hey! Happy to learn that you will integrate QR codes by following Apple / Google decentralized strategy!
So, I tried something. I don't know if it can help, but it's fully open-source.
Here are some ideas presented in the project.
Rolling code
First, we have a rolling code. A code is associated to a place or to a person: you can generate a printable code for your grandma distributed by scan / business card. So it's really inclusive.
You can manage scanned / generated codes for you or for anyone in your family.
A rolling code is basically a UUIDv4. First, it's easy to note on a paper and easy to generate from any platform. It's random and secured. And, it's a 16-bytes random key that can be compressed on URL using Base64. This 16-bytes random key will be used to generate transportable key.
The rolling code will be securely stored on device.
QR code
QR code will simply contain URL with rolling code (Base64 encoded) and parameters.
Transportable key
Transportable key is generated on device each time you scan or manually enter a date.
Transportable key is based on rolling code + contact date (date only, not hour) and eventually a date offset for different periods of the day. Date offset can be provided by URL parameters from QR code.
To generate transportable keys from the generator of the code, you must create a key per period of the day.
And it will be slow because, to avoid brute-force attacks, PBKDF2 is used to generate transportable key from rolling code + contact date (and offset). Generate a transportable key can take up to 1 second.
So, we have:
- 128-bits transportable key securely derived from code + contact date (and offset)
- locally stored 128-bits key (from rolling code)
Positive diagnosis
User is positive and receive a code to validate app authenticity while declaring to distribution server. By using the third party validation provided by Apple / Google, app will be authenticated with a token to server. Connection is secured.
Metadata are provided in a compressed protobuf message:
- contact details (date + time, duration and other useful infos)
- diagnosis details (contagiousness,...)
Transportable Key + Rolling Code key are used to encrypt metadata using PKCS7-padded AES-128 encryption:
- Rolling code key is used as encryption key
- Transportable key is used as initialization vector.
And a protobuf message is generated for each transportable key (code + date period):
- transportable key
- transportable key encrypted metadata (capacity of place)
- all the contact metadata associated to this transportable key.
And all the diagnosis messages are stored in an archive.
The server will receive the archive and randomly store the data. The server will add fake data.
Transportable keys (real and fake) will be extracted from database and distributed.
If a matching transportable key is found on device, associated metadata will be downloaded for diagnosis. Diagnosis is done locally. Ensuring privacy.