AWS Partner Network (APN) Blog
How to Build and Deploy a Contact Tracing Solution with AWS IoT Core and SafeTrack Lite
By Adam Sobol, Founder and CEO at CareBand
By Steven Chen, Product Manager at CareBand
By Irshad A Buchh, Sr. Partner Solutions Architect at AWS
As COVID-19 cases continue to surge across the United States and worldwide, institutions are working tirelessly to ensure they are prepared, whether that means teaching remotely, hosting virtual appointments, or planning outdoor alternatives.
In addition to creating new procedures, adjusting learning plans, and managing work-from-home fatigue, organizations large and small are faced with a vexing problem: how will we respond to viral transmission if a case is detected?
An effective response requires the capability to carry out contact tracing to identify individuals who have been exposed. The question is: are institutions equipped with the resources to instill confidence for their customers? Let’s take a look.
Each new case of COVID-19 requires an average of 36 individuals to be traced. Even if organizations only spent 15 minutes reaching out to those individuals, it would take someone nine hours—an entire workday— just to let the contacts of a single infected individual know they need to quarantine.
When you consider that 15 percent of cases result in at least one secondary infection that cannot be identified, nearly 1 in 6 cases doesn’t stop with that one person even if robust contact tracing is completed.
Contact tracing is a complex problem to solve, and CareBand’s SafeTrack is a solution. This post covers how to get started partnering with CareBand’s technology and building a solution using Amazon Web Services (AWS) that includes two components:
- Collecting data from CareBand’s SafeTrack wearables and integrating that with AWS IoT.
- Generating a report of all the individuals who have been exposed to a detected case of COVID-19 using AWS services.
To implement the initial platform, CareBand had the opportunity to work with Trek10, an AWS Premier Consulting Partner and Managed Service Provider (MSP) who specializes in architecting, building, and managing serverless applications on AWS.
Trek10 has AWS Competencies in IoT, DevOps, and SaaS, and have AWS service validations in AWS IoT Core, AWS Lambda, Amazon API Gateway, Amazon DynamoDB, all of which they used to support the initial application design and build of CareBand’s SafeTrack contact tracing solution.
Solution Overview
CareBand is a location-based safety and health IoT company. Their flagship wearable, designed for people living with dementia, provides real-time indoor and outdoor location tracking to reduce wandering events and monitor behaviors for adverse health condition changes.
Most recently, that technology has been adapted to mitigate risks associated with COVID-19 through developing SafeTrack, an automated contact tracing and social distancing solution.
Local health authorities across the world have responded to the pandemic by creating task forces to mobilize manual contact tracing. However, these methods require a high degree of trust in an infected person’s ability to trace their locations and are error-prone.
CareBand’s SafeTrack contact tracing solution solves these problems using the SafeTrack wearable’s automated proprietary machine learning (ML) algorithms to calculate the distance between two people based on Centers for Disease Control (CDC) guidelines.
SafeTrack automatically generates a customizable contact tracing report based on the infected person’s interactions. This automated solution effectively removes the need to hire a team of people to perform manual contact tracing. To meet the increased demand for contact tracing, AWS serverless infrastructure provides a fast and reliable way to build a digital contact tracing solution.
Using AWS IoT Core, the SafeTrack wearable seamlessly integrates with the LoRaWAN network server, enabling the process of offloading contact tracing data to AWS securely, quickly, and effectively.
Figure 1 – Architecture overview of CareBand’s SafeTrack contact tracing solution.
Walkthrough
The architecture includes the following steps:
- The SafeTrack wearable is used in the field for collecting various interactions with other SafeTrack devices.
- When the SafeTrack wearable is within range of a LoRaWAN gateway, it will automatically join the network.
- The LoRaWAN gateway’s network server will forward the wearable data to AWS IoT Core.
- AWS IoT Core’s Rules Engine will trigger the Lambda function to decode the message and create a record in Amazon DynamoDB.
- Amazon API Gateway enables frontend applications (SafeTrack Lite) to retrieve the device data and create a report of all the contact tracing data.
Prerequisites
To get started, you will need to have the following prerequisites:
- An AWS account and permission to access AWS IoT Core, AWS Lambda, and Amazon DynamoDB.
- CareBand’s SafeTrack Demo Kit.
- A LoRaWAN gateway and Helium (sign up for access to Helium Console).
- A SafeTrack Lite account (request an account).
Tutorial Overview
- Steps 1 to 2: Preparing LoRaWAN connection
- Steps 3 to 5: Preparing the AWS infrastructure
- Steps 6 to 10: Preparing SafeTrack Lite and running a test
Preparing LoRaWAN Connection
In this tutorial, Helium will be used to set up and manage the LoRaWAN network. Helium is building the world’s first peer-to-peer wireless network to simplify connecting devices to the internet by rewarding anyone to become a network operator.
Helium is already available in over 2,000 cities and is expanding to more every day. Check out their network coverage map to see if there’s a Helium network near you.
SafeTrack wearables connect to a nearby Helium Hotspot, which mines HNT (a new cryptocurrency) by providing LoRaWAN network coverage to these SafeTrack wearables and any Helium-enabled devices within range.
Step 1: Set Up AWS IoT Integration on Helium Console
- Log in to the Helium Console.
- Add the AWS IoT Core integration by selecting the Integrations tab and choose AWS IoT Core under Custom Integrations.
- Verify details, use the Access Key and Secret Key created from your credentials, and input into their corresponding fields.
- For the region, this post is using us-east-1, and the topic will be set to helium-devices.
- Name your integration; you can put down SafeTrack but any name will work.
- Apply a label, and add a new label named SafeTrack.
- Complete this process by clicking on Create Integration.
Step 2: Set Up SafeTrack Device on Helium Console
- Log in to the Helium Console.
- Add the two SafeTrack wearable devices into Helium by selecting the Devices tab and choose Add a new Device. For additional information, see the Helium documentation.
- Fill out the following fields:
- Name: ST20-1
- The Dev EUI, App EUI, and App Key are provided in the SafeTrack Demo Kit. Input those values to their corresponding fields.
- Attach a Label to connect the integration created earlier (SafeTrack) and click Submit.
- Repeat these steps for the second device.
Preparing the AWS Infrastructure
For the solution’s backbone, this post will start by setting up the required services on AWS.
To quickly launch the stack, access the AWS Cloud Development Kit (CDK) which is composed of Amazon API Gateway, DynamoDB, and Lambda functions. Once that’s completed, jump down to complete Step 5 as the other steps have been completed by the CDK.
Step 3: Set Up Amazon DynamoDB
- Log in to Amazon DynamoDB.
- Create a new table and name it safetrack-data as the table name.
- For the partition key, name it dev_eui and leave it as String.
- Select the Add sort key checkbox and name it as server_time (leave it as String).
- Leave the table settings as the default and choose Create.
Step 4: Implement the Code
- Log in to AWS Lambda.
- Create a new Lambda function named safeTrackDataFunction (any will work).
- For the Runtime, leave it as the default Node.js 12.x
- For the execution role, leave it as the default Create a new role with basic Lambda permissions.
- Update the execution role with the policy to include access to DynamoDB.
- Using this Lambda function will decode the message from the wearable to DynamoDB.
- Save the function.
Step 5: Set Up AWS IoT Core
- Log in to AWS IoT Core.
- To confirm that data is transmitted from SafeTrack to AWS, expand the Manage link and select Things to see the devices that were added to the Helium Console. No additional action needs to be taken, as it’s now integrated with AWS IoT Core.
.
If you do not see the devices, make sure the previous steps were completed correctly and move the devices around to transmit messages.
- Expand the Act link and select Rules to create a rule that triggers the Lambda function (safeTrackDataFunction) to process the device data as soon as it’s received.
- Name the rule as HeliumToDynamoDB.
- In the Rule query statement, add the following SQL:
SELECT * FROM 'helium-devices'
. - Click on Add Action and then choose Send a message to a Lambda function. Click on Configure action.
- Select the Lambda function safeTrackDataFunction and then click Add action.
Preparing SafeTrack Lite and Running a Test
To process the data and get a contact tracing report, use SafeTrack Lite to analyze the data.
Step 6: Set Up Device on SafeTrack Lite
- Log in to SafeTrack Lite.
- Select Devices from the sidebar menu.
- Input the Device EUI that can be found from the SafeTrack Demo Kit box.
- Add a name to the Device to identify whoever is wearing the device.
- Select Add Device.
- Repeat this process for the second device.
Step 7: Implement the Code
- Log in to AWS Lambda.
- Create a new Lambda function named safeTrackApiFunction.
- For the Runtime, leave it as the default Node.js 12.x
- For the execution role, leave it as the default. Create a new role with basic Lambda permissions.
- Using this Lambda function will allow SafeTrack Lite to query data from the DynamoDB table via Amazon API Gateway.
- Save the function.
Step 8: Create an API on Amazon API Gateway
- Log in to Amazon API Gateway.
- Create a new API by choosing Build under HTTP API.
- Click on Add Integration and select Lambda.
- Find the Lambda function called safeTrackApiFunction in the drop-down. Name this API order-safetrack-lite.
- Choose Review and Create and then Create.
- Copy the Invoke URL to be used in the next section.
Step 9: Set Up Integration with AWS on SafeTrack Lite
- Log in to SafeTrack Lite.
- Select Integrations from the sidebar menu.
- Choose HTTP as the integration type.
- Paste in the Invoke URL from the previous step as the Endpoint.
- Select Add Integration.
Step 10: Running a Contact Tracing Test
- By having two people wearing each of the devices, walk around your home or office to gather contact tracing data for about 5-10 minutes. Try to do various distances between you and the other person to get a bigger sample.
. - Once complete, log in to SafeTrack Lite and click on Reports. Select one of the devices to view an overview of all contact tracing collected. Click on Generate Report to view it in PDF format.
Cleaning Up
This solution is estimated to run entirely free for the 12 months following your initial sign-up date to AWS through AWS Free Tier. To avoid incurring future charges after 12 months, delete all of the resources that were created in the walkthrough.
Next Steps
For additional security measures, you can include authorization into Amazon API Gateway’s HTTP API to ensure that SafeTrack Lite communicates securely with an authenticated API.
SafeTrack prioritizes security and privacy to enable a robust architecture that safeguards against cyberattacks. Each SafeTrack wearable includes a hardware security module (Secure Element) used for handling cryptographic operations. The Secure Element enables end-to-end encryption, protecting the SafeTrack wearable from attacks, such as man-in-the-middle and session hijacking.
On AWS, SafeTrack’s enterprise-ready platform has built-in security measures, such as data encryption at rest, TLS connection using MQTT/HTTPS protocols for transporting data, enhanced privacy controls for PII data, and continuous monitoring of malicious actors.
Find more details around security and privacy on the SafeTrack Enterprise Solution.
Conclusion
Institutions around the world have faced unprecedented challenges responding to the viral transmission of COVID-19. An effective response requires an automated contact tracing solution to quickly identify and isolate individuals who have been exposed.
This post discussed how you can quickly deploy SafeTrack’s technology on a highly scalable and secure AWS architecture to support an automated COVID-19 contact tracing solution. We taught you how to ingest data from CareBand’s SafeTrack wearables, organize the data with AWS IoT services, and publish the data to the SafeTrack Lite application to keep your organization healthy and safe.
As a next step, we recommend exploring the advanced features of the SafeTrack enterprise portal, including but not limited to automated contact tracing, customizable reports, organizational management, and proactive risk analysis.
If you have any questions or feedback about this walkthrough, please leave comments below or contact CareBand Support at support@careband.co.
Trek10 – AWS Partner Spotlight
Trek10 is an AWS Premier Consulting Partner with a focus on AWS that provides professional and managed services, specializing in serverless, IoT, and cloud-native architectures.
Contact Trek10 | Partner Overview
*Already worked with Trek10? Rate the Partner
*To review an AWS Partner, you must be a customer that has worked with them directly on a project.