To strengthen privacy, this protocol leverages a new concept — Bluetooth pseudorandom identifiers, referred to as Rolling Proximity Identifiers. Each Rolling Proximity Identifier is derived from a Rolling Proximity Identifier Key, which is in turn derived from aTemporary Exposure Key, and a discretized representation of time. The Rolling Proximity Identifier changes at the same frequency as the Bluetooth randomized address, to prevent link-ability and wireless tracking. Non-user identifying Associated Encrypted Metadata is associated with Rolling Proximity Identifiers. The broadcast metadata from a user can only be decrypted later when the user tests positive.
In this protocol, the time is discretized in 10 minute intervals that are enumerated starting from Unix Epoch Time. ENIntervalNumber allows conversion of the current time to a number representing the interval it’s in.
Temporary Exposure Keys roll at a frequent cadence called EKRollingPeriod, which is set to 144, achieving a key validity of 24 hours. Each key is randomly and independently generated using a cryptographic random number generator. All devices sharing the same EKRollingPeriod roll keys at the same time — at the beginning of an interval whose ENIntervalNumber is a multiple of EKRollingPeriod.
ENIntervalNumber
This function provides a number for each 10 minute time window that’s shared between all devices participating in the protocol. These time windows are derived from timestamps in Unix Epoch Time.
EKRollingPeriod
The EKRollingPeriod is the duration for which a Temporary Exposure Key is valid (in multiples of 10 minutes). In our protocol, EKRollingPeriod is defined as 144, achieving a key validity of 24 hours.
Temporary Exposure Key
When setting up the device for exposure detection, the first Temporary Exposure Key is generated on the device and associated with a ENIntervalNumber , corresponding to the time from which the key is valid. That value is aligned with the EKRollingPeriod and is derived as follows:
The use of 16-byte keys limits the server and device requirements for transferring and storing Diagnosis Keys while preserving low false-positive probabilities.
Rolling Proximity Identifier Key
The Rolling Proximity Identifier Key (RPIK) is derived from the Temporary Exposure Key and is used in order to derive the Rolling Proximity Identifiers.
Rolling Proximity Identifier
Rolling Proximity Identifiers are privacy-preserving identifiers that are broadcast in Bluetooth payloads.
Each time the Bluetooth Low Energy MAC randomized address changes, we derive a new Rolling Proximity Identifier using the Rolling Proximity Identifier Key:
The use of 16-byte identifiers yields a low probability of collisions, and limits the risk of false-positive matches, while keeping device storage requirements low. The Associated Metadata Encryption keys
The Associated Metadata Encryption keys are derived from the Temporary Exposure Keys in order to encrypt additional metadata.
Associated Encrypted Metadata
The Associated Encrypted Metadata is data encrypted along with the Rolling Proximity Identifier, and can only be decrypted later if the the user broadcasting it tested positive and reveals their Temporary Exposure Key.
The 16-byte Rolling Proximity Identifier and the appended encrypted metadata are broadcast over Bluetooth Low Energy wireless technology.
Key Schedule for Exposure Notification
Value Matching of Positive Users
Privacy Considerations
Test Vectors
Revision History
Comentários