Venue Registration

Professional Venue Owners can register their venue with the luca system via a web application. The venue can then be managed via a web interface in order to set up individual Scanner Frontends and to configure other venue-specific parameters (for example auto checkout behavior).

Overview

Preconditions

  • the venue is not registered

Postconditions

Secrets

The following secrets are involved in this process:

Secret

Use / Purpose

Location

venue keypair

Encrypt the contact data reference of Guests during check-in and decrypt it during Tracing the Check-In History of an Infected Guest.

Both the public and private key are stored locally by the Venue Owner Frontend. The public key is shared with Scanner Frontends when they are set up.

Process

To initiate the process the Venue Owner registers with their email address and a password. They enter further information, such as the name of the venue and their contact information in the Venue Owner Frontend (see Venue Information for the complete list of the data collected).

Subsequently, the Venue Owner Frontend generates the venue keypair. Both the public and private key are stored locally. The keypair’s public key is used to set up new Scanner Frontends, which utilize it to encrypt Guests’ contact data reference during Check-In via Mobile Phone App. The keypair’s private key is needed by the Venue Owner Frontend in order to lift this encryption when assisting a Health Department in the process of Tracing the Check-In History of an Infected Guest.

Security Considerations

Authenticity of the Venue Keypair’s Public Key

As the Venue Owner holds no certificate with which they could sign the public key of the venue keypair there is no secure way to validate its authenticity when it is used in the check-in process. This affects both the Check-In via Mobile Phone App and the Check-In via a Printed QR Code.

It is therefore important that the public key is transmitted to the Scanner Frontend on a secure out-of-band channel (specifically, not the Luca Server).

Prospectively, this will be implemented by attaching the venue keypair’s public key to the fragment component of the link to the Scanner Frontend, which is created in the Venue Owner Frontend. For printed QR codes for self Check-In the public key will be part of the QR code.

Note that the impact of this only affects the outer layer of the contact data reference’s encryption. It is still encrypted with the daily keypair and thus only accessible for the Health Department.

Sensitivity of the Venue Keypair

The venue keypair’s private key must not be lost or made accessible to third parties. Hence, organizational measures are taken to specifically inform the Venue Owner that special care must be taken when dealing with this key.