Information Technology Reference
In-Depth Information
modes of biometric systems, verification and identification, since both modes
aim for authenticating a person and confirm the binding between digital identity
and the natural person behind. Because biometric profiles and trust relations are
maintained by the biometric system, it is responsible to ensure the authenticity of
this data. If a person wants to prove his trust in other persons' digital identities,
he cannot do this on his own, he has to rely on the information provided by the
biometric system instead. A decentralized approach in which participants inform
each other about their trust relations would release the biometric system from
maintaining the trust relations, but ensuring the authenticity of the biometric
profiles would still lie in the biometric system's area of responsibility.
Because a user to be observed and a potential observer do not initially know
each other, the user has to discover a qualified one and physically meet him.
This requires efforts regarding coordination and travelling and is not explicitly
supported by the system proposed.
6Conluon
To secure the biometric enrollment in Web-based environments, we propose the
biometric observer principle and provide a respective prototype implementation.
The concept applies major ideas of the Web of Trust. The supervision of a user's
enrollment by an observer increases the authenticity of the created biometric
template. A comprehensive trust model enables the subjective formalization of
the trustworthiness of the biometric identities of both observers and other enti-
ties. The relations between observer and observed persons are maintained in the
system's database.
Future work should include the design of a user-based trust-metric configu-
ration and the convergence of the four-eyes principle with a public key infras-
tructure to allow users to sign trust paths and biometric templates.
References
1. Abdul-Rahman, A.: The PGP Trust Model. EDI-Forum: The Journal of Electronic
Commerce 10(3), 27-31 (1997)
2. Artz, D., Gil, Y.: A survey of trust in computer science and the semantic web. Web
Semant. 5(2), 58-71 (2007)
3. Bakdi, I.: Benutzerauthentifizierung anhand des Tippverhaltens bei Verwendung
fester Eingabetexte. Universitäts Verlag, Regensburg (2007)
4. Bartmann, D., Bakdi, I., Achatz, M.: On the Design of an Authentication Sys-
tem Based on Keystroke Dynamics Using a Predefined Input Text. International
Journal of Information Security and Privacy 1(2), 1-12 (2007)
5. Bergando, F., Gunetti, D., Picardi, C.: User Authentication through Keystroke
Dynamics. ACM TISSEC 5(4), 367-397 (2002)
6. Bless, R., Mink, S., Blaß, E.-O., Conrad, M., Hof, H.-J., Kutzner, K., Schöller,
M.: Sichere Netzwerkkommunikation: Grundlagen, Protokolle und Architekturen.
Springer, Berlin (2005)
