Supporting Exposure Notifications Express
Configure servers to notify users of potential exposures to COVID-19 without an app.
Overview
iOS 13.7 and later can inform people of potential exposure to COVID-19 without a dedicated Exposure Notifications app. This app-less functionality is called Exposure Notifications Express and is only available when a Public Health Authority (PHA) supports it.
iOS continues to support dedicated Exposure Notifications apps, and a PHA can offer Exposure Notifications apps and the app-less Exposure Notifications Express at the same time. When a user enables Exposure Logging, iOS uses the PHA’s app if one is installed, and falls back to the app-less experience if no app is installed and the PHA supports Exposure Notifications Express.
Deploy Exposure Notifications Express Servers
To support Exposure Notifications Express, a PHA must deploy two different types of servers:
Test verification server: Validates positive diagnoses during key upload. For more information, see Setting Up an Exposure Notifications Express Test Verification Server.
Key server: Handles key uploads and downloads. The same key server handles key upload and download for Exposure Notifications apps and Exposure Notifications Express. For more information, see Configuring a Key Server for Exposure Notifications Express. For information on setting up a key server, see Setting Up a Key Server.
Verify Diagnoses and Send Notifications
Exposure Notifications Express works by communicating with the test verification server and the key server at specific times in a defined process, as depicted in the figure below.
[Image]
Here are the steps involved with verifying and submitting a positive diagnosis with Exposure Notifications Express.
First, a user with Exposure Notifications enabled on their iPhone running iOS 13.7 or later gets tested for COVID-19.
The test center or other health care provider determines that the user has a positive test result and reports it to the PHA.
The PHA generates a verification code using the test verification server.
The PHA sends the verification code to the user. The code may be emailed, read over the phone, or provided as a clickable deep link in a text message.
The user enters the verification code or clicks the provided link to inform their iPhone of the positive diagnosis.
The user’s iPhone contacts the test verification server to validate the verification code. If the code is valid, it receives back a long-term authentication token from the test verification server and stores it.
If necessary, the user’s iPhone prompts the user for additional information.
The user’s iPhone creates a hashed message authentication code (HMAC) calculated from the user’s exposure key data and sends it to the test verification server along with the user’s authentication token, receiving in return a certificate and additional per-key metadata. For more information on the HMAC calculation, see Public Health Authority Diagnosis Verification Protocol.
The user’s iPhone validates the returned certificate and metadata and stores them.
iPhone prompts the user for permission to submit their keys to the key server.
If the user grants permission, their iPhone uploads their temporary exposure keys to the key server along with the authentication token, certificate, and metadata received from the test verification server.
If the test verification server validates the uploaded keys, it adds them to its database and returns a revision token that can be used to upload a diagnosis change for the uploaded keys.
The validated and uploaded keys are available for download by other devices to be used for on-device exposure detection. To look at a sample implementation of a key server that supports both Exposure Notifications Express as well as Exposure Notifications client apps, see Exposure Notifications Reference Key Server. To look at a sample implementation of a test verification server, see Exposure Notifications Verification System Reference Server.