Exposure Notification Reference Key Server

View on GitHub

Getting Started

    How to Deploy
    Application Configuration
    How to Publish Keys
    How to Download Keys
    Key Server Migration Guide
    Estimating the Cost of Deployment

Design

    Server Deployment Options
    Server Functional Requirements
    Verification Protocol Design
    API Definitions

Recommended Temporary Exposure Key Validation

Here, we document the data and metadata validation approach taken by this server implementation.

These validations were developed in conjunction with the Android and iOS engineering teams as we developed this server.

Diagnosis verification

We recommend that a system is used to verify COVID diagnosis / test results. For reference, see our verification protocol design.

TEK validation

These are the validations that this server performs.

Embargo

Revision validation

If a server is implementing revised keys as indicated in the export.proto format, it is important that only the original uploader be allowed to change the key value.

Our implementation accomplishes this by returning an encrypted token on successful upload that must be sent on future uploads.

The server should validate that only valid key transitions are allowed. There are only 2 valid key transitions.

  1. CONFIRMED_CLINICAL_DIAGNOSIS -> CONFIRMED_TEST
  2. CONFIRMED_CLINICAL_DIAGNOSIS -> REVOKED
Edit this page