Contact Tracing Scanner

This demo requires the Web Bluetooth API, which your browser does not seem to support.

How to use: Click the Start Scan button in a browser that supports the Web Bluetooth API (i.e. Desktop Chrome via enabling chrome://flags/#enable-experimental-web-platform-features) and Allow Bluetooth permission. You should begin to see the table being populated with near-by devices which are emitting Exposure Notifications.


View source

    

How it works

The Exposure Notification system designed by Apple and Google uses the GATT Bluetooth LE protocol to emit advertisements using the registered service UUID 0xfd6f. These advertisements are sent using the format outlined in the Exposure Notification Bluetooth Specification.

Using the Web Bluetooth API we are able to scan for devices which are emitting these kinds of service advertisement. We are then able to parse the payloads service data to retrieve the current Rolling Proximity Identifier and Encrypted Metadata for that device. You will notice that every 10 minutes or so both the device UUID and Rolling Proximity Identifier change, this is for privacy concerns and in-line with the Exposure Notification Cryptography Specification.

The Encrypted Metadata includes the transmitted power (txPower) value which the Bluetooth device is currently emitting at. Upon a positive diagnosis the last 14 days Temporary Exposure Key's are sent to the Diagnosis Server. Every interested device can then download these keys and verify if they are aware of any derived Rolling Proximity Identifier. If there is a match, then the associated payloads Encrypted Metadata can then be decrypted using the days' Temporary Exposure Key. This leads to a more accurate distance value being calculated based on the Received Signal Strength Indicator (RSSI) and transmitted power.