Private-Yet-Verifiable Contact Tracing
This addresses privacy and verification challenges in contact tracing for public health and facility management, though it appears incremental as it builds on existing privacy-preserving techniques.
The paper tackles the problem of enabling private and verifiable contact tracing for facility access by proposing PrYVeCT, a system that uses oblivious automata evaluation to enforce policies without disclosing personal data, allowing users to prove authorization to third parties.
We propose PrYVeCT, a private-yet-verifiable contact tracing system. PrYVeCT works also as an authorization framework allowing for the definition of fine-grained policies, which a certain facility can define and apply to better model its own access rules. Users are authorized to access the facility only when they exhibit a contact trace that complies with the policy. The policy evaluation process is carried out without disclosing the personal data of the user. At the same time, each user can prove to a third party (e.g., a public authority) that she received a certain authorization. PrYVeCT takes advantage of oblivious automata evaluation to implement a privacy-preserving policy enforcement mechanism.