A QR-code is scanned unsing a smartphone.
Scanning QR-codes to register: The QRONITON service can assist authorities to contact people who were in a particular place at a particular time and warn them in case of covid-19 infections while protecting personal data. A test run was conducted at TUM's Mathematics and Computer Science Building.
Image: Uli Benz / TUM
  • Covid-19, Research news, Studies
  • Reading time: 4 MIN

QRONITON covid-19 tracing service developed at TUMContact tracing while protecting privacy

The latest regulations require restaurants to record the contact details of their guests to help the authorities to issue warnings in case of covid-19 infections. A team at the Technical University of Munich (TUM) has developed an IT service that simplifies the registration and contact tracing process while protecting personal data. The service could complement the coronavirus warning app launched by the German Ministry of Health and might also be used at locations where contact lists are not mandatory.

In these days of the corona pandemic, visits to hair salons and restaurants generally involve filling out forms. Along with the conventional pen-and-paper method, the first digital solutions are now available. These require users to scan QR codes or to complete online forms. “In both cases, unauthorized persons can access personal data, which may have serious consequences especially in connection with a critical issue such as an infection,” says Georg Carle, Professor of Network Architectures and Services at TUM.

Still, effective contact tracing is important for successfully limiting the spread of pandemics, says Prof. Carle. In search of a solution, he worked with his former doctoral candidate Johann Schlamp to develop QRONITON. This service, which uses QR codes that can be scanned with a mobile phone, will enable organizations to meet their documentation obligations and help public health authorities to identify endangered individuals quickly. Any location – whether it's at a restaurant table or an seat in a lecture hall – can be provided with an individual QR code. When scanned by a user, the code is captured along with a time stamp and contact data. What sets this solution apart from similar approaches is a sophisticated, multi-stage encryption system that protects the data.

Restricted access

“The data are stored centrally on a server,” says Georg Carle. “However, they are encrypted in a form that cannot be read by the server operator, and which the authorities can access only in the form of subsets – and even then, only with the consent of the concerned parties.” If an infection with the novel coronavirus SARS-CoV-2 is reported to a public health authority, it will provide a personal authorization code to the infected individual. The authority can access data on the places visited and the direct contact persons only if the infected person enters the code in QRONITON. “The principle of data minimization was very important to us,” says Johann Schlamp. “The system captures only a telephone number and a postal code. The latter is used to determine which authority can access the data in case of a concrete infection risk.”

QRONITON is a browser-based tool, which means that the user does not need to install an app. It also means that users can be sure that data are not being collected in the background. They can decide themselves whether or how often they wish to scan QR codes. The developers also had users without smartphones in mind: These users can print out a personal QR code to be scanned by restaurants and other places they visit.

Test run at TUM

In recent weeks, the system was tested and optimized at TUM. QRONITON QR codes are already posted at numerous locations in the Mathematics and Computer Science Building. “During this test phase we found out which features are useful and were able to optimize the system to run on as many smartphones as possible,” says Schlamp. The project was closely monitored by researchers at the TUM Munich Center for Technology in Society (MCTS), who focused in particular on issues surrounding the acceptance of such systems. They also helped to ensure that QRONITON is compatible with the German General Data Protection Regulation.

“The system is now ready to be rolled out for everyday use,” says Prof. Carle. “We're also in touch with the public health authorities and the Robert Koch Institute. The Munich District Administration Office, along with the public health authority responsible for Garching, already has access to the system. I would like to see our proposal taken up by politicians to create the conditions for widespread adoption. Implementation would be useful in any location where large numbers of people gather and where there is a chance of a coronavirus infection. Along with restaurants and hair salons, this would include fitness studios, cinemas, public spaces and churches.”

Complementing the Bluetooth-based corona app

Jens Spahn, the German federal health minister, will soon introduce an official coronavirus warning app. It will use Bluetooth technology to determine when app users come within a certain distance of each other. “A decentralized Bluetooth-based solution like that one and our QR code system both have individual strengths,” says Georg Carle. “The Bluetooth app makes sense for sending out individual warnings and will work without users having to actively scan codes. What we want to do is make contact tracing easier for public health authorities while offering restaurants and other facilities as well as their guests an easy way of meeting their documentation obligations, while complying with data protection regulations – and perhaps to encourage others to offer a voluntary tracing tool.”



Detailed information on how QRONITON works and the underlying encryption principle is available here: https://qroniton.eu. The application is coded in JavaScript. The JavaScript program code can also be accessed directly with a browser.

More information:

Technical University of Munich

Corporate Communications Center Paul Hellmich

Contacts to this article:

Prof. Dr.-Ing. Georg Carle
Technical University of Munich

Chair of Network Architectures and Services
Tel.: +49 89 289 18030

Article at tum.de

The new research project "COVID Kids Bavaria" will investigate the situation of children during the pandemic.

Effects of Covid-19 on children

The new research project "COVID Kids Bavaria" will investigate the situation of children during the pandemic. The six university clinics in Bavaria, including the TUM Klinikum rechts der Isar, will evaluate, among other...

Prof. Klaus Bengler is standing in the hall of the department for machine engineering.

"We shouldn't withdraw into the virtual world"

The Corona crisis changed the working world in no time at all: Home office, web meetings and hygiene measures are now part of our everyday routine. Prof. Klaus Bengler of the Chair of Ergonomics at the Technical University...

Prof. Jan Baumbach

Researchers develop software for drug repurposing

Currently, the corona pandemic is dominating the entire social life in Germany and in many other parts of the world. We are working flat out in order to better help the more than one hundred thousand seriously ill people in...

Person wachting at a smartphone

Encryption system for a secure contact tracing app

In the fight against Covid-19, an interdisciplinary research team at the Technical University of Munich (TUM) has developed a model for a contact tracing app that protects personal data. The concept is based on an...

Scientists will collect biodata using in-ear sensors

In-ear sensors to help in fight against COVID-19

A team at the Technical University of Munich (TUM) plans to use high-tech biometric sensors for 24-hour monitoring of COVID-19 patients in home isolation. The goal of the study is to find out whether rapid treatment in...