Actors and Components



A person that is required to securely provide their Contact Data to the Luca system before entering a venue and later (on infection) submit their location history (Check-In History) to the Health Department.

Technically the Guest can be in one of three roles: Uninfected Guest, Traced Guest or Infected Guest. Depending on their role, the security guarantees provided for the Guest change. For example, no component in the system other than the Guest App will ever learn an Uninfected Guest’s Contact Data. In contrast, the Contact Data of Traced Guests is made available to the Health Department.

Uninfected Guest

The default role of a Guest. Neither the Check-In History nor Contact Data has been shared with the Health Department.

Traced Guest

A Guest who is part of a Contact Tracing Process. This Guest’s Contact Data is revealed to the Health Department.

Infected Guest

A Guest who is suspected of being infected with Sars-CoV2 and has consented to sharing their Check-In History with the Health Department.

Health Department

A local Health Department responsible for identification of contact persons. This term is used synonymously for an employee that represents this Health Department.

Venue Owner

A private person or business owner/manager of a venue that has Guests and uses luca to trace contact information.

Scanner Operator

The person who operates the Scanner Frontend at a venue.

Luca Service Operator

culture4life GmbH as the creator and operator of the Luca system as a whole, their backend services, phone and web applications. The Luca Service Operator has unrestricted access to the Luca Server database.

Trusted 3rd Party

A person or institution that is not affiliated with luca, its developers or operators. A trusted 3rd party is required to perform vital initialization steps regarding luca’s system setup. Note that different mentions of Trusted 3rd Party throughout the document can refer to different institutions.


Badge Personalization Frontend

A web application to encrypt and store Contact Data for Guest’s that are wishing to use a Badge to check-in at Luca locations.

Badge Generator

Generates printable QR codes to be used by people without smartphones to allow check-ins at luca venues.


A printable QR code in the form of small badge to allow people without a smartphone to check-in at luca locations.

Certificate Authority

Provides a trust anchor for application-specific certificates in the luca system. See here for further details.

Email Service Provider

Used to Venue Owners and Health Departments.

Guest App

The Luca Guest App is the interface for Guests. Guests enter their Contact Data in the app and use the app to check-in at several locations without re-entering their contact details.

Health Department Frontend

Enables the Health Department to trace infection cases and contact potential contact persons.

Health Department Certificate Signing Tool

Uses the Health Department Certificate to sign a Health Department’s HDSKP and HDEKP during the registration of new health departments.

Luca Server

Stores encrypted Check-Ins and Contact Data and centrally orchestrates the other technical components. The Luca Server is never in possession of personal Contact Data in plain text.

Operator App

A mobile app that is used by the Venue Owner to respond to tracing requests and by the Scanner Operator to check-in Guests.

Scanner Frontend

A web app that can be used to check-in Guests as an alternative to the Operator App.

SMS Service Provider

Used to validate a Guest’s phone number upon entering Contact Data in the Guest App.

Venue Owner Frontend

The frontend for the managers/organizers of venues/locations/restaurants. Here, a professional or private user can create locations or events which will enable them to check-in Guests.

Web-Check-In Frontend

The Web-Check-In frontend enables venues to let Guests enter their information directly on-site on tablet device or something similar. This is useful if Guests are not users of the Guest App.

Component Diagram