[La version française suit.](#serveur-de-diagnostic-covid-shield)
# COVID Alert Diagnosis Server
> **COVID Alert is now retired**: For more information, visit the [Government of Canada COVID Alert home page](https://www.canada.ca/en/public-health/services/diseases/coronavirus-disease-covid-19/covid-alert.html).
Adapted from <https://github.com/CovidShield/server>
This repository implements a diagnosis server to use as a server for Apple/Google's [Exposure
Notification](https://covid19.apple.com/contacttracing) framework, informed by the [guidance
provided by Canada's Privacy
Commissioners](https://priv.gc.ca/en/opc-news/speeches/2020/s-d_20200507/).
The choices made in implementation are meant to maximize privacy, security, and performance. No
personally-identifiable information is ever stored, and nothing other than IP address is available to the server. No data at all is retained past 21 days. This server is designed to handle
use by up to 38 million Canadians, though it can be scaled to any population size.
In this document:
- [Overview](#overview)
- [Retrieving diagnosis keys](#retrieving-diagnosis-keys)
- [Retrieving Exposure Configuration](#retrieving-exposure-configuration)
- [Submitting diagnosis keys](#submitting-diagnosis-keys)
- [Data usage](#data-usage)
- [Generating one-time codes](#generating-one-time-codes)
- [Protocol documentation](#protocol-documentation)
- [Deployment notes](#deployment-notes)
- [Metrics and Tracing](#metrics-and-tracing)
- [Contributing](#contributing)
- [Who Built COVID Alert?](#who-built-covid-alert)
## Overview
_[Apple/Google's Exposure Notification](https://covid19.apple.com/contacttracing) specifications
provide important information to contextualize the rest of this document._
There are two fundamental operations conceptually:
* **Retrieving diagnosis keys**: retrieving a list of all keys uploaded by other users; and
* **Submitting diagnosis keys**: sharing keys returned from the EN framework with the server.
These two operations are implemented as two separate servers (`key-submission` and `key-retrieval`)
generated from this codebase, and can be deployed independently as long as they share a database. It
is also possible to deploy any number of configurations for each of these components, connected to
the same database, though there would be little value in deploying multiple configurations of
`key-retrieval`.
For a more technical overview of the codebase, especially of the protocol and database schema, see
[this video](https://www.youtube.com/watch?v=5GNJo1hEj5I).
### Retrieving diagnosis keys
When diagnosis keys are uploaded, the `key-submission` server stores the data defined and required
by the Exposure Notification API in addition to the time at which the data was received by the
server. This submission timestamp is rounded to the nearest hour for privacy preservation (to
prevent correlation of multiple keys to the same user).
The hour of submission is used to group keys into buckets, in order to prevent clients ([COVID Alert mobile app](https://github.com/cds-snc/covid-alert-app)) from having to download a given set of key data
multiple times in order to repeatedly check for exposure.
The published diagnosis keys are fetched—with some best-effort authentication—from a Content
Distribution Network (CDN), backed by `key-retrieval`. This allows a functionally-arbitrary number
of concurrent users.
### Retrieving _Exposure Configuration_
[_Exposure Configuration_](https://developer.apple.com/documentation/exposurenotification/enexposureconfiguration),
used to determine the risk of a given exposure, is also retrieved from the `key-retrieval` server. A JSON
document describing the current exposure configuration for a given region is available at the path
`/exposure-configuration/<region>.json`, e.g. for Ontario (region `ON`):
```sh
$ curl https://retrieval.covidshield.app/exposure-configuration/ON.json
{"minimumRiskScore":0,"attenuationLevelValues":[1,2,3,4,5,6,7,8],"attenuationWeight":50,"daysSinceLastExposureLevelValues":[1,2,3,4,5,6,7,8],"daysSinceLastExposureWeight":50,"durationLevelValues":[1,2,3,4,5,6,7,8],"durationWeight":50,"transmissionRiskLevelValues":[1,2,3,4,5,6,7,8],"transmissionRiskWeight":50}
```
### Submitting diagnosis keys
In brief, upon receiving a positive diagnosis, a health care professional will generate a _One Time
Code_ through a web application frontend ([COVID Alert Portal](https://github.com/cds-snc/covid-alert-portal)), which
communicates with `key-submission`. This code is sent to the patient, who enters the code into their
[COVID Alert mobile app](https://github.com/cds-snc/covid-alert-app). This code is used to authenticate the
Application (once) to the diagnosis server. Encryption keypairs are exchanged by the Application
and the `key-submission` server to be stored for fourteen days, and the One Time Code is immediately
purged from the database.
These keypairs are used to encrypt and authorize _Diagnosis Key_ uploads for the next fourteen
days, after which they are purged from the database.
The encryption scheme employed for key upload is _NaCl Box_ (a public-key encryption scheme using
Curve25519, XSalsa20, and Poly1305). This is widely regarded as an exceedingly secure implementation
of Elliptic-Curve cryptography.
## Data usage
The _Diagnosis Key_ retrieval protocol used in _COVID Alert_ was designed to restrict the data
transfer to a minimum. With large numbers of keys and assuming the client fetches using compression,
there is minimal protocol overhead on top of the key data size of 16 bytes.
In all examples below:
* Each case may generate up to 28 keys.
* Keys are valid and distributed for 14 days.
* Each key entails just under 18 bytes of data transfer when using compression.
* Key metadata and protocol overhead should in reality be minimal, but:
* Assume 50% higher numbers than you see below to be on the safe side. This README will be updated
soon with more accurate real-world data sizes.
**Data below is current at May 12, 2020**. For each case, we assume the example daily new cases is a
steady daily recurrence.
### Deployed only to province of Ontario
There were 350 new cases in Ontario on May 10, 2020. 350 * 28 * 18 = 170kB per day, thus, deploying
to the province of Ontario at current infection rates would cause **7.1kB of download each hour**.
### Deployed to Canada
There were 1100 new cases in Canada on May 10, 2020. 1100 * 28 * 18 = 540kB per day, thus,
deploying to Canada at current infection rates would cause **23kB of download each hour**.
### Deployed to entire United States of America
There were 18,000 new cases in America on May 10, 2020. 18,000 * 28 * 18 = 8.9MB per day, thus,
deploying to the all of America at current infection rates would cause: **370kB of download each
hour**.
### Deployed to entire world
If _COVID Alert_ were deployed for the entire world, we would be inclined to use the "regions"
built into the protocol to implement key namespacing, in order to not serve up the entire set of
global diagnosis keys to each and every person in the world, but let's work through the number in
the case that we wouldn't:
There were 74,000 new cases globally on May 10, 2020. 74,000 * 28 * 16 = 36MB per day, thus,
deploying to the entire world at current infection rates would cause: **1.5MB of download each
hour**.
## Generating one-time codes
We use a one-time code generation scheme that allows authenticated case workers to issue codes,
which are to be passed to patients with positive diagnoses via whatever communication channel is
convenient.
This depends on a separate service, holding credentials to talk to this (`key-submission`) server.
We have a sample implementation we will open source soon, but we anticipate that health authorities
will prefer to integrate this feature into their existing systems. The integration is extremely
straightforward, and we have [minimal examples in several
languages
没有合适的资源?快使用搜索试试~ 我知道了~
曝光通知:诊断服务器实施通知说明:Miseenœuvred.zip
共159个文件
go:77个
yml:14个
sh:14个
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
0 下载量 10 浏览量
2023-04-05
12:59:59
上传
评论
收藏 239KB ZIP 举报
温馨提示
曝光通知:诊断服务器实施通知说明:Miseenœuvred.zip
资源推荐
资源详情
资源评论
收起资源包目录
曝光通知:诊断服务器实施通知说明:Miseenœuvred.zip (159个子文件)
CODEOWNERS 111B
commit-msg 53B
Procfile.dev 112B
Dockerfile 1KB
Dockerfile 1KB
.dockerignore 88B
Gemfile 159B
.gitignore 174B
proto.pb.go 69KB
proto.pb.go 50KB
queries_test.go 39KB
db_test.go 27KB
upload_test.go 25KB
keyclaim_test.go 21KB
queries.go 15KB
db.go 11KB
qr_submission_test.go 11KB
Conn.go 11KB
qr_retrieve_test.go 8KB
retrieve_test.go 8KB
keyclaim.go 7KB
metrics_test.go 7KB
migrator.go 7KB
upload.go 7KB
metrics.go 6KB
test_tools_test.go 6KB
authenticator_test.go 5KB
events.go 5KB
events_test.go 5KB
retrieve.go 4KB
qr_retrieve.go 4KB
telemetry.go 4KB
app.go 4KB
qr_submission.go 3KB
stats.go 3KB
services_test.go 3KB
server_test.go 3KB
retrieval.go 3KB
authenticator_test.go 2KB
services.go 2KB
config.go 2KB
metric_queries.go 2KB
otk_duration.go 2KB
expiration.go 2KB
retrieval_test.go 2KB
test_tools_test.go 2KB
signer_test.go 2KB
authenticator.go 2KB
test_tools.go 2KB
otk_duration_test.go 2KB
authenticator.go 2KB
server.go 2KB
defs_test.go 1KB
outbreak_events_test.go 1KB
outbreak_events.go 1KB
test-tools_test.go 1KB
timemath_test.go 1KB
Authenticator.go 1KB
metric_queries_test.go 1KB
defs.go 1KB
eventType.go 1KB
Server.go 1KB
migrator_test.go 899B
timemath.go 872B
main_test.go 802B
defs.go 801B
main_test.go 797B
signer.go 764B
Worker.go 744B
Worker.go 744B
logging.go 743B
queryRower.go 696B
test_tools.go 651B
Signer.go 628B
Authenticator.go 576B
deviceType.go 565B
cmd.go 522B
eventType_test.go 443B
main.go 354B
deviceType_test.go 353B
test-tools.go 337B
Cleanuper.go 321B
main.go 238B
main.go 218B
main.go 197B
commitlint.config.js 806B
.clconfig.js 717B
node.js 581B
package-lock.json 53KB
appspec-template.json 525B
devcontainer.json 328B
package.json 299B
LICENSE 11KB
Gemfile.lock 497B
Makefile 3KB
README.md 27KB
CODE_OF_CONDUCT.md 12KB
README.md 7KB
README.md 7KB
CONTRIBUTING.md 6KB
共 159 条
- 1
- 2
资源评论
快撑死的鱼
- 粉丝: 1w+
- 资源: 9154
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- HTML5小游戏【阳光高尔夫球-优秀H5小游戏合集】游戏源码分享下载 - golfblast.zip
- 二层半独栋别墅结构水电施工图结构施工图.dwg
- 数据结构,常用的数据结构
- 某三层别墅建筑施工图编号D061-三层-12.54&12.24米-施工图.dwg
- 某三层别墅施工图带效果图D060-三层-23.04&15.39米- 施工图.dwg
- 流水灯,8个灯,不同花样
- TikTokPlugin-1.39-for-rezvorck.apk
- 某三层豪华型别墅建筑施工图D059-三层-27.00&16.00米- 施工图.dwg
- 11111111111111111111
- process-data-final.c
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功