This website is
under development.
This website is
under development.
Introduction Pre-register Demonstration How it works Research Project origin

How is my information accessed?

The emergency professional uses his or her smartphone to scan your QR-Code which translates into a web address that can be opened instantly.

That web address shows the data you chose to be visible that way, which is used to save your life.

Are the QR-Code and weblink secure?

  • Yes, it is safe, because without that link, no one can see your data, and that link can only be obtained by physically accessing your bracelet.
  • The link is composed of two parts, the Alias, which is a nine character long combination of characters from a pool of 67 different characters, and a Key.
  • Those nine characters form 2.72x1016 possible combinations and one will be yours.
  • Only one in each million addresses is used to reduce chances of a valid address being found.
  • But, to access a profile, a Key is still needed, which is a combination of 11 characters from the same pool as the Alias.
  • Combined, they provide 3.32x1036 different combinations, making it virtually impossible to simply guess or access by brute force, thus requiring physical access to the QR-Code.

What goes on behind the scenes?

Someone scans the QR-Code on the device and the browser connects to the server requesting the page.

The front-end server then makes a request to a secondary server that actually contains the data.

The secondary server checks if the credentials are valid returning either an error or the data.

The front-end server formats the received information and returns it to the client.

What happens if a brute force attack to our server begins?

  • During a typical brute force attack, several attempts are made to access different aliases, either randomly or sequentially.
  • Since the addresses are to be referred from a QR-Code, it is not possible to call an accidentally mistaken address.
  • If an attempt is made to access an invalid address, a delay is introduced for subsequent accesses made from the same IP address.
  • The delay grows exponentially as further attempts are made, reinforcing its security and rendering an attack fruitless.