Information Technology Reference
In-Depth Information
-
Subjectivity
: Trust is always perceived individually;
-
Fuzziness
: There is a smooth transition between trust and distrust;
-
Direction
: Trust is unidirectionally bound to an entity;
-
Conditional transitivity
: Trust can be transitive. With transitivity, the level
of trust decreases.
In order to establish trust toward an entity, different trust models have emerged.
3.2 Trust Models
In literature, various types of trust models can be found. An accepted clas-
sification differentiates between policy-based trust and reputation-based trust
[2,22]. Policy-based systems mostly address the problem of authorization and
access-control [2]. To establish trust, credentials are exchanged [22]. An example
for the usage of credentials is the login on a computer, where username and
password have to be provided. The possession of these credentials proof the ad-
ministrator's trust toward the user [2]. In a reputation-based model in contrast,
trustworthiness is measured by means of collective referrals or ratings [2,17]. Ox-
ford Dictionary defines reputation as “the beliefs or opinions that are generally
held about someone or something” [19]. Hereby the subjective trust is deduced
from a combination of personal experience and referrals obtained over social net-
works or across trust paths [2,22]. For trust paths, transitivity is an important
characteristic. Two parties don't need to have direct information about each
other, they can rely on the information of a trusted third [2]. A trust model that
takes advantage of this property is the Web of Trust. The following example is
commonly used to describe this coherence.
Alice, a friend of Carol's knows that Bob's public-key certificate is authentic.
Therefore she signs it. Carol however doesn't know Bob. If they want to commu-
nicate in private, Bob hands over his public-key certificate. Carol doesn't know
if it is authentic by herself. But she sees that Alice signed and trusts it. Hence
Carol can trust Bob's certificate in a transitive way [1].
4 Concept and Implementation
Subject of this section is the design and implementation of a system which
ensures the authenticity of a biometric profile in open environments. Authenticity
refers to the profile's genuineness and trustworthiness by means of a definite
identity [10]. For this purpose, we introduce the role of the
observer
,whichisa
trusted person that supervises the enrollment process.
4.1 Biometric Observer or Four-Eyes Principle
The authenticity of the biometric data captured during the enrollment process
should be verified by a trusted instance to prevent fraudulent use. Especially
when the enrollment is conducted at home or at an open registry point, this is
