COVID TAPPA is a system, based on an innovative TAPPA architecture, that can be backed and deployed by the state in order to track the exposure and spread of a contagious virus through the general population. The major focus of the system is preserving the privacy and anonymity of the end user and at the same time giving enough information to the state (including geolocation data) that can aid on the monitoring, planning and strategy containing the virus.
- Accurate Disease/Virus Exposure and Spread Tracking along with Targeted Measures can succesfully tackle an epidemic such as COVID-2019 with a minimum impact on society and economy.
- Specifically for COVID-2019 a second wave of infection is expected on Late Fall 2020.
- Propose an architecture to monitor and contain the spread of the virus.
- Initiative backed up by state.
- Monitor disease/virus spreading.
- Preserve Privacy/Anonymity of the end users.
- Make educated decisions on available resources (population testing, distributing health related equipment etc).
- Build the
TAPPA
System.
- Each
User
ofTAPPA
(citizen) is assigned with aPseudo ID
(PID), NOT linked to their Actual Identity. - Locations that have a higher risk of contamination such as Super Markets, Retail Stores, Buses, Ships and others are allocated with a
Location ID
(LID) that need to meet a certain number of rules (e.g. max capacity per location, max time per end user, hours of operations). - End user "registers" their
Pseudo ID
with theLocation ID
upon entrance and exit. - Data that includes
Pseudo IDs
with registeredLocation IDs
andTime Windows
(time spent on theLocation ID
) are sent and stored on a centralized location (TAPPA Central Service
).
- Given that a
User
is tested positive they can optionally send an alert to theTAPPA Central Service
. - Upon alerting,
TAPPA Central Service
corelates the data from theUser
and alerts all the otherUsers
that are potentially exposed to the disease/virus based on the whether or not they have been on the sameLocation ID
for the sameTime Window
. - The state can take further actions (e.g. disinfecting the
Location ID
, increasing the support on the health facilities in proximity of highly contaminated locations etc). - The potential contaminated
Users
can proceed with testing or self-quarantine.
User
operates aTAPPA mobile app
(iOS/Android) that creates thePseudo ID
and "registers" theirPseudo ID
with theLocation ID
. The use of the app is only required upon entering and exiting aLocation ID
.- The
Location ID
administrator (e.g. retail store owner) registers with theTAPPA Central Service
the geolocation of theLocation ID
and downloads aQR Code
that they place in clear sight on the entrance of the location. TheUser
scans theQR code
upon entry and exit and "registers" theirPseudo ID
with theLocation ID
. - The
QR code
can be generated and printed on paper, or can be generated using the same mobile app that theUser
uses running on a different mode (Location Mode). - Data regarding the registrations of the
Pseudo ID
withLocation IDs
andTime Windows
are sent by the mobile app to a centralized location (TAPPA Central Service
) implemented on a cloud based server using a standard Web, Application and Database server model. The mobile app does not have to send the data in real time (mobile data may not be available to allUsers
/Location IDs
). Instead they can send the data when connected on a WiFi hotspot. - On the event that a
User
is tested positive to the virus, they can use their mobile app to send theirPseudo ID
information to theTAPPA Central Service
. TAPPA Central Service
correlates the data and alerts all possibly contaminatedUsers
.- An
Administration Interface
is used at theTAPPA Central Service
to administer data and do data analysis.
- Does the system needs to be mandatory by the state in order to be efficient? Yes in order to make the system efficient it needs to be implemented by the state. The state will be also the main
Administrator
. - What happens for users that do not have a smart phone? Those users do not participate on the system.
- What happens for users who do not want to use the mobile app? The usage of the app is not enforced but instead it relies on the User's social responsibility in order to tackle the transmission of a devastating virus.
- What happens for users that are tested positive and do not want to report their status using the mobile app? See previous question.
- How private are the data transmitted to the
TAPPA Central Service
? There is absolutely no association between thePseudo ID
of theUser
and their actual Identity. Only the Administrator of theTAPPA Central Service
can have information such as the set ofPseudo IDs
perLocation IDs
for a givenTime Window
. However even the administrator cannot further track the real Identity of the people that have been in the sameLocation ID
at the same time. - A malicious user can make a photo of a QR code on a specific location and use it within an online community/group to introduce noise to the system. How do you handle this? The system relies on the User's social responsibility. However the
QR code
is a simple and fast implementation. TheQR code
can potentially change periodically (not using printed ones). Instead a tablet with the mobile app running in a specialLocation ID
mode can be used to generate aQR code
every few minutes. TheUsers
just need to scan theQR Code
directly from the screen of the device. - Can you increase the Privacy and Anonymity by somehow eliminating the use of the
Pseudo IDs
? We are investigating and exploring different cryptography techniques to further anonymize the data similar to the Contact Tracing SPEC published by Apple and Google.
- Nikos Kalogeropoulos nikalog@chemeng.ntua.gr
- Panagiotis Sebos psebos@gmail.com