Information Technology Reference
In-Depth Information
4.3 Prototype Implementation
To implement the described observer principle, a cloud-based biometric authen-
tication system was developed. Biometric systems require suitable biometric
reading devices (sensors) to collect and to digitize an individual's biometric raw
data [15]. Here, it explicitly depends on the respective applied method, which
kind of sensor is needed. For instance, whereas voice, face, or keystroke data
can be acquired with common and standardized devices such as microphones,
webcams and computer keyboards, procedures like iris or fingerprint recognition
require specific dedicated sensors, thus restricting the applicability of such meth-
ods. Consequently, for the application in open environments (e.g. public cloud
computing), the former methods are preferable. Below, we particularly apply
keystroke dynamics. Keystroke dynamics is determined by unique characteris-
tics such as speed, rhythm and the continuity and precision of typing [4,5]. These
characteristics are represented by a combination of key events, that is, pressing
and releasing of a key as well as hold and transition periods [3,16].
The current prototype implementation of the four-eyes principle allows the
biometric system's administrator to enable an observed enrollment for new users.
In this case the administrator is in charge of selecting observers to supervise new
users' enrollment processes. The biometric system's administrative graphical user
interface allows the assignment of a certain observer and invites the respective
user to enroll. This invitation is sent via e-mail which also contains a one-time
access token to the enrollment application. This collects typing samples from the
user and generates the biometric template. After the user successfully finished
the enrollment process the application demands for the observer to authenticate
biometrically. Thus it is possible for new users to create a biometric profile and
enroll all over the world, as long as an observer is available.
5 Discussion
This work aims for increasing the security of the biometric enrollment process
by implementing the four-eyes principle. Here, the quality and security of the
biometric authentication system is out of scope and not considered by the model
developed. For a secured enrollment, an observer already known to the biomet-
ric system supervises the enrollment process of another person. The observer
verifies this physical person's identity and then confirms the binding to the dig-
ital identity created. Therefore the observer's trust in observed persons' digital
identities is strengthened.
Referring to the Web of Trust model, other individuals trusting the observer's
digital identity also benefit from the observed enrollment. Because the newly
enrolled user's digital identity is on their trust path, the conditional transitivity
of trust allows them to calculate a trust value for it. Another positive effect of
such an observed enrollment is the possibility to decrease the number of failed
enrollments. Since the observer has to be enrolled to the biometric system, he is
already familiar with the enrollment process and can help the enrolling person to
avoid mistakes. The proposed four-eyes principle can be used for both operational
