mechanisms have been created through which trust based identity can be established and conveyed. These mechanisms tend to fall into three distinct categories:

1. Physical infrastructures – the actors, components and processes are constrained by a physical ecosystem.
2. Biometric infrastructures – the identities of actors are determined using markers comprised of physical characteristics of each person.
3. Digital infrastructures – an environment based on digital exchange of encrypted information, using private or public mechanisms.

As with any social ecosystem, the trust infrastructure for an identification system and its processes must be defined first. Its existence is specifically necessary to enable the creation of elements of the policy infrastructure which form the interaction basis for the system. Further, it should be noticed that the containing trust infrastructure cannot be modified from within the policy infrastructure; that is, the root of the trust infrastructure governs and subsumes the entire policy infrastructure. A policy infrastructure may contain subordinate trust infrastructures, thereby allowing policy controlled change of those trust infrastructures, however at the top of the conceptualization is a trust infrastructure that is essentially unchangeable, once created.

Socially, we’re used to dealing or living in physical trust infrastructures. Indeed, some computer systems and networks make use of physical trust infrastructures in the form of locked rooms to protect systems against physical access, and firewalled, private circuit networks to insulate network connections against electronic access. Biometric infrastructures add to physical trust infrastructures by providing means to recognize identity based on physical properties of a person. As we discussed in Chapter 6, there are many biometric indicators, such as fingerprints, hand geometry, and face features. However, while biometric indicators are good at matching a person with a computer record of that person’s characteristics, they are not meant to answer questions like: can you vouch for that person? For this, digital infrastructures have been created that can use third parties to convey trust to actors of computer networks.

Digital trust infrastructures are based on keys. We’ve discussed this more than once in previous chapters, but perhaps it will help to refresh the illustration. So, for example let us say that my friend and I both have a key for a box that nobody else can open. Then it’s safe for me to put a secret message in the box, give it to a messenger, and have my friend get delivery of the box and open it to read the message. This can also be done in the digital world, using mathematics instead of physical boxes. This is called a private key system because, for it to work the keys must all remain private to each of the participants. While this is a robust way of enforcing security on computer networks, it is nevertheless cumbersome in that great care must be given to the distribution of keys, which is an impediment to the scalability of the scheme. Today, private key security is used extensively, albeit in small to medium size networks. A better architecture is needed for extensive networks.

So the idea was to split the operation of transmitting a secret message. In the private key example above, my friend and I are using a single mechanism to communicate. Whether I send a message to her or she sends a message to me, we are using the same box and the same key. This is why it’s called symmetric key cryptography, where cryptography is the mathematical technique equivalent of opening a box in the digital world. Is there an asymmetrical version of the scheme, where my friend would have her own key, and I would have mine, and all we’d have to do would be to keep our keys protected, and there would be no key distribution problem?

Book available at Midori Press (regular)
Book available at Midori Press (signed)
Book available at Amazon (regular)