cskeogh
commented
4 years ago The reason for a second encounter token is so the back-end can't match two front-ends performing a query only (trust no-one principle, assuming the back-end is compromised). The back-end can only match against confirmed positive cases.
As two users come into close proximity, the system shall create an second encounter token using the exchanged data via Bluetooth, so that there is a record of this close encounter and privacy is preserved.
The second encounter token is for the upload table.