The main goal of proximity tracing mobile applications is to notify people that they have been in close proximity of COVID-19 virus carriers in the last X days even though the carriers who did not have symptoms and were not even tested at the time of interaction. Ensuring the highest data protection and security standards will encourage a quick and broad adoption by citizens. Any proposed solution should preserve user privacy, but should also be robust against attacks that aim at decreasing the performance or reliability of the system. A system that does not protect user privacy will not be accepted neither by the citizens nor by the Data Protection Authorities. A system that does not provide reliable results will just be useless. The challenge is to build a solution that is privacy-preserving and robust against malicious users and "honest-but-curious" authorities at the same time. Although it might seem attractive in term of privacy to adopt a fully decentralized solution, such approaches face important challenges in term of security and robustness against malicious users [6]. This document proposes a ROBust and privacy-presERving proximity Tracing (ROBERT) scheme that relies on a federated server infrastructure and temporary anonymous identifiers with strong security and privacy guarantees. The ROBERT scheme is the result of a collaborative work between Inria and Fraunhofer AISEC, and a candidate proposal for the Pan European Privacy-Preserving Proximity Tracing (PEPP-PT) initiative. This proposal is not final and is subject to discussions, modifications and improvements.