Health Department Registration

luca helps Health Departments to trace contact persons and identify infection clusters. In order to participate in the system Health Departments need to be registered and onboarded first.

Overview

Preconditions

Postconditions

Secrets

The following secrets are involved in this process:

Secret

Use / Purpose

Location

HDEKP

Encrypt/decrypt the daily keypair.

The private key is stored locally on the device that runs the Health Department Frontend. The public key is stored on the Luca Server.

HDSKP

Sign the daily keypair during Daily Public Key Rotation.

The private key is stored locally on the device that runs the Health Department Frontend. The public key is stored on the Luca Server.

Health Department Certificate

Authenticate to the Health Department Frontend and sign the HDSKP and HDEKP.

Stored locally on devices that run the Health Department Frontend or the Health Department Certificate Signing Tool.

Process

Acquisition of a Health Department Certificate

Health Departments require the Health Department Certificate for two purposes:

  1. Log into luca’s Health Department Frontend to use luca as an authenticated Health Department for contact tracing

  2. Sign the Health Department’s HDSKP and HDEKP to securely communicate with Venue Owners, other Health Departments and individual Guests.

The certificate is issued by a Trusted 3rd Party; in this case the Bundesdruckerei. It is the responsibility of the Trusted 3rd Party to issue Health Department Certificates to legitimate and eligible Health Departments only and that an effective validation of legitimacy is in place. Luca is not involved in the issuing of the Health Department Certificate.

Registration of the Health Department

In order to be onboarded to luca the Health Department contacts the Luca Service Operator. The Luca Service Operator helps to provide the Health Department Information to the Luca Server and to set up an admin user account for one of the Health Department’s employees. The admin user can now access the Health Department Frontend using the Health Department Certificate (TLS client authentication) and the credentials for their user account.

Generation and Signing of Health Department Key Pairs

When the admin user logs into the Health Department Frontend for the first time the Health Department Frontend automatically generates two keypairs 1: the HDEKP (Health Department Encryption Key Pair) and the HDSKP (Health Department Signing Key Pair). These keypairs are used to secure various communications in luca, most notably the Daily Key Rotation Process.

After keypair generation, the administrator is requested to download the Health Department Certificate Signing Tool, a small desktop application used to sign the public keys of HDSKP and HDEKP using the Health Department Certificate. The Health Department Certificate Signing Tool guides the admin user through the signing process, asks for their consent to associate the freshly generated public keys with the identity of the Health Department, and signs them with the Health Department Certificate’s private key.

Once successfully signed, HDSKP and HDEKP are effectively certificates allowing the Health Department to securely communicate within the luca system. All above-mentioned private keys remain local and never leave the Health Department’s IT infrastructure.

Signing of existing Health Department Keypairs

Before the end of July 2021 the above-described HDSKP/HDEKP signing process was not implemented. Since then, Health Department administrators of existing Health Departments are requested to retroactively sign their Health Department keypairs as described above. Once all Health Departments have signed their key pairs, all relevant clients will start verifying the full certificate chain to the trust anchor of the Trusted 3rd Party where necessary.

Re-Encryption of the Daily Keypair

In the final step of the onboarding process all recent (epidemiologically relevant) daily keypairs need to be re-encrypted for the new Health Department. This is necessary in order for the new Health Department to be able to decrypt existing daily keypairs with its HDEKP. The re-encryption process is triggered automatically and carried out by any other Health Department that is currently logged in to the Health Department Frontend as follows:

  • fetch and verify all Health Departments’ HDEKP certificates (including the new Health Department’s recently created key)

  • download all relevant daily keypairs

  • decrypt them using its own HDEKP’s private key

  • encrypt them for all other Health Departments’ HDEKPs

  • upload them back to the Luca Server

This process is very similar to the rotation of the daily keypair. Please refer to that chapter for further details.

Adding Further (Non-Admin) Employees

The admin user can create further user accounts that do not have administrative access in the Health Department Frontend. Like the admin user, those users can authenticate to the Health Department Frontend using their individual credentials and the Health Department Certificate and use it for contact tracing.


1

Both HDSKP and HDEKP are ECC key pairs on NIST’s P-256 curve.