The TraceCORONA platform developed in Germany enables efficient and comprehensive pandemic tracing without disclosing personal data.

Worms, Darmstadt. Together with the important industrial partners KOBIL and Intel, a partial sponsor, and the University of California San Diego, the team of the System Security Lab of the Cyber Security (CYSEC) profile area at the Technical University of Darmstadt is working intensively on a pandemic tracking and information system. The integrated "contact tracing app" works context-based, user-controlled and data-protected. The system is currently targeted at Europe and the USA.

With its secure, software-based mPower system, KOBIL offers a security communication platform and links it to a contact tracing app that is currently being developed by the team at the TU Darmstadt. The overall solution is called TraceCORONA. The app from Darmstadt is an open source software, which should enable a wide and fast distribution of users of this platform. The Worms-based company KOBIL is a German pioneer and the largest IT security company in Europe in terms of customer numbers. Its TAN generators are used by 20 to 30 million people in this country for online banking. "The TU Darmstadt has been working successfully with KOBIL for many years with multiple research groups on various security projects," says Prof. Sadeghi, spokesperson of the CYSEC team at the TU Darmstadt, underlining the long-term partnership.

The TraceCORONA platform, with its mobile, fully anonymous app for contact tracking, can be used by various stakeholders such as users, patients, doctors, hospitals, pharmacies, health organizations, insurance companies and government agencies. "With our platform mPower we guarantee a secure channel among health-related companies and authorities and offer secure communication from A to B. Data can be exchanged securely among each other. Fake web pages and fraudulent domains have no chance to connect to the platform. Even cyber-attacks are not successful", says Ismet Koyun, CEO of KOBIL.

The server-based secure platform can also be docked and used by other apps. It operates anonymously and does not collect any user data except for "Encounter Tokens" generated from random data, which cannot be connected to individual users by the service operator. The app is expected to be available free of charge to users of all current Android smartphones and iPhone in May.

The system offers a number of important functions: It notifies users of encounters with infected persons and uses state-of-the-art security techniques to provide the highest level of data protection without compromising the effectiveness and accuracy of the overall system. In particular, no personal data need to be provided in order to use the app.

The only personal information that the app uses is a rough positional information, such as the postcode of the area where the user is located, which is voluntarily provided by the user. However, this information cannot be used to identify individual users. It only serves to enable the technical implementation of efficient contact tracking even in countries with a very high population such as Germany.

In contrast to other approaches, TraceCORONA makes contacts completely anonymous. Differentiating information about individual users is not collected - not even pseudonymised. Furthermore, the operators of the system do not receive any information about the identity of the users or with which other users these contacts had.

The used security platform also offers the possibility to extend the basic functionality of the TraceCORONA application with useful components, if desired by users. Such services are for example secure messaging, secure document exchange and an integrated secure browser. With the help of these services, users can obtain information from trustworthy organizations, such as the Robert Koch Institute, to prevent fake news and websites, which unfortunately is often the case with popular social media and messaging services today.

The underlying technology is based on the security platform mPower from KOBIL, which has been used for several years to protect security and privacy-critical applications such as online banking or health insurance apps. It is robust against sophisticated cyber-attacks and fraud. The anonymous tracing approach used by the researchers of the TU Darmstadt also ensures that the anonymity and traceability of system users is maintained in case the smartphone of a participating user is hacked or a user maliciously tries to provide false data.

Contact tracing in the fight against pandemic

Secure, data-protected traceability and information system to break chains of infection

Darmstadt/Worms, 14.04.2020. Caused by coronavirus SARS-CoV-2, COVID-19 disease spreads particularly through direct contact between people. Health authorities face the challenge of identifying and isolating infection chains in order to prevent the pandemic from spreading further. The problem: contact information voluntarily provided by infected persons is usually incomplete or inaccurate, and traceability must be reconstructed by authorities under enormous effort for each individual case. Due to often justified concerns about privacy policies during and after the pandemic, this process does not keep pace with the rapid spread of the virus in many countries.

Using advanced digital tracing apps on mobile devices can help reduce manual effort and significantly increase tracing accuracy. This has already been successfully demonstrated in Asia (e.g. Singapore, China, Korea). These tracing technologies collect highly sensitive data from individuals. However, data protection and privacy, especially with regard to medical data, are different in countries outside Asia, and are usually more strictly regulated.

At first sight, it may seem obvious that in a crisis and disaster situation, the abolition or relaxation of data protection rules should be allowed. While some governments have already decided to temporarily remove or relax data protection rules in their countries, others remain reluctant to do so, raising concerns about privacy invasive solutions that might continue to be used after the current disaster situation.

Even if new, looser laws and regulations are passed, many users may not be willing to use the tracing apps and systems for privacy and security reasons. This is an obstacle to the effectiveness of tracing contact chains through apps, as they are only effective if many people use the system voluntarily.

In order to solve the dilemma between a systematic fight against the spread of Corona by superordinate authorities and the protection of individual data security, a heavyweight German-American consortium from industry and research is now presenting a novel solution.

The industrial companies KOBIL and Intel, the latter as partial sponsor, the University of California San Diego as well as the System Security Lab of the Cyber Security Profile Area (CYSEC) of the Technical University of Darmstadt are working on the joint "TraceCORONA platform", which enables efficient and comprehensive pandemic tracing without disclosing the personal data of the users.

Further information:
KOBIL GmbH, Ismet Koyun, CEO, Pfortenring 11, D-67547 Worms, +49 6241 - 30040 0

TU Darmstadt, Prof. Dr.-Ing. Ahmad-Reza Sadeghi, Spokesperson of the Cyber Security profile area +49 6151 - 16-25328