Please clarify “... is then transferred to the venue owner“

[ralfr]

Thanks for providing the Security Concept behind Luca. In the introductory paragraphs you’re stating:

This Check-In is encrypted in a way that only the public health authorities can read it. The encrypted Check-In is then transferred to the venue owner via a QR code, where the Check-In is encrypted once again by the venue owner so that nobody can access the user’s personal information at this stage.

Since there is no Luca “server“ infrastructure operated or owned by the venue owner, what exactly does “transferred to the venue owner” mean?

[reneme]

You are right, that formulation mixes the person "venue owner" with the technical component "Scanner Frontend". Please see this glossary for a short description of both. Obviously, the actions described in the quoted text are performed by a software component, rather than the venue owner personally.

We'll adapt the formulation.

[ralfr]

We'll adapt the formulation.

Thanks. I understand this document is undergoing continuous development. I assume that similar ambiguities will be addressed in future releases.