EasyTrace COVID-19
Guestbook

The first end-to-end encrypted guestbook, powered by Kerkaporta IT Security GmbH

EasyTrace is FREE due to the legal requirement!

Following Vienna and Lower Austria there are also mandatory guest lists in Tyrol ,  Upper Austria and Salzburg

Simple

Guests only need to scan the QR Code and enter their name, address, contact details and table number - done!

Secure

Due to the end-to-end encryption and the 4-eye principle, only the restaurant business sees your data after the operator has given his approval. It is not possible for the operator to read out data!

Privacy by Design 

Thanks to the 4-eyes-principle it is practically impossible that your data can be misused.

Partner:

    .   

Known from:

            

Both large and small businesses choose EasyTrace:



and many more...

HOW DOES IT WORK?

What is a COVID-19 guestbook?

With a COVID-19 guestbook you can, if a COVID-19 (suspected) case occurs in your business, quickly and easily forward the necessary data of your guests to the health authorities. You do not have to worry about data protection, various deletion periods etc.
Use this program to create a QR-Code, print it out and place it on your tables or on the menu.
Guests can then immediately register voluntarily.

Everything done with just 4 clicks:

To create a QR Code, simply click on the "Start here" button, enter a name and save two passwords. After that an A4 sheet with QR-Codes will be generated. These can be used immediately and can be applied to various surfaces. Done. More is not to be done.

What happens with the guests' data?

In the guestbook you can enter your name, address, contact information (e-mail or phone) and the table number. This data is encrypted on your device and only then transmitted to the operator (Kerkaporta IT Security GmbH). No metadata such as IP address, user agent, etc. are logged.
Entries are automatically deleted from the system after 28 days. The 4-eyes-principle ensures that the gastronomy business only receives the encrypted data if it submits an official request of the health authority. The operator has no access to your data at any time.

How does the company access the data?

Should a COVID case occur in your company, you will be notified by the health authorities. To get the data from the guestbook, send the notification from the authority to easytrace@kerkaporta.at. We will check the notification and send you a link, with which it is possible to open the data after entering your passwords.
The decryption of the data takes place locally on your device. We as the operator do not see any data of the guests here either.

How does end-to-end encryption and the 4-eye principle work?

When generating a QR code, an RSA key pair is generated on the client of the restaurant business. The open source library Opencrypto is used for this. Then a password consisting of 10 random bytes is generated. With this password the private key is encrypted. 5 more random bytes form the secret ID of the QR Code. This ID is used to identify the restaurant business. All these calculations are performed exclusively on the client of the restaurant business.

Only the following data is transferred to the server:
- the public key
- the encrypted private key
- the secret ID
- the name of the farm 

In response, the restaurant receives a QR code, which guests can use to sign the guestbook. This code simply has to be stuck on the tables.

If a guest scans a QR code, the browser of the device opens and a form is displayed. The guest can enter his name, contact information (e-mail or telephone) and the table number.

If "Send" is pressed, the guest's browser encrypts the entered data with the public key of the restaurant. This is also done on the device without support of the server. Once all data has been encrypted, it is sent to the server.

The 4-eye-principle:

If the restaurant business has to read the guest book due to a Covid-19 case, the operator must send the official confirmation of the health authority to the operator. After a check, the operator gives access to the encrypted data so that the restaurant can decrypt it with its secret password and pass it on to the health authorities. The decryption of the data also takes place on the client browser of the restaurant business.

Thus it is only possible for the restaurant business in connection with the authorization of the operator to read out the customer data. In addition, all logs of the web server have been switched off, so that no metadata such as IP address, user agent, etc. can be logged. 

Can I verify this?

YES! - You need a little IT background knowledge for this: Every modern browser has developer tools with which it is possible to read requests. This makes it easy to check that only already encrypted data is transferred.

And how can it be prevented that the public key is not exchanged by the operator?
The link in the QR Code contains a hash value. This is the md5 hash of the public key.

What does it cost?

Nothing - The basic function, i.e. creating QR codes and entering guests is FREE!

It is also possible to link your current MENUE with the guestbook and to add your LOGO to the QR-Codes. This service costs 80€ once and can be ordered via our e-mail address easytrace@kerkaporta.at

For large companies and groups we offer a customized system - EasyTrace Pro. With this system it is possible to generate hundreds of QR codes with a few clicks and centrally manage your businesses. Please contact us via e-mail or telephone. 

You want to support us?

We want to offer our service free of charge to all restaurants that are struggling at this time.
Are you excited about this idea? You can support us via https://paypal.me/kerkaporta . We are happy about every contribution! Thanks 😊

CONTACT

Kerkaporta IT Security GmbH
E-Mail: easytrace@kerkaporta.at
Phone: +43 664 369 77 09
or via the contact form at https://kerkaporta.at

 Press     Imprint

Information according to Article 13 of the basic data protection regulation:

Responsible and operator of the service: 
Valentin Schuhmann BSc, Kerkaporta IT Security GmbH, Anastasius-Grün-Gasse 17/17 - 1180 Wien
Basis of data processing: Consent of customers to contact registration, legitimate interest
Retention period: 28 Days
Purpose: Passing on to the health authorities in the event of a Covid-19 (suspected) case
Description of the data: Name, address, contact data (e-mail or phone), table number, time stamp
Access to data: Gastronomy business, after approval by operator