1. »
  2. Abschlussarbeiten
  3. »
  4. Netz- und Datensicherheit
  5. »
  6. Bachelor Thesis: Automated Trust Establishment and Management

Bachelor Thesis: Automated Trust Establishment and Management




Mutually perceived trust among the parties involved is a decisive factor for concluding a contract. In a company, building trust is part of risk management. Formal criteria are used in a structured process to decide whether potential contract partners are sufficiently trustworthy. Only when trustworthiness is judged to be sufficient can a successful business relationship be established. But how can trust be created if the business relationship is established by software agents? [1]

The relevant data about potential contract partners, which provides information about their trustworthiness, is stored in so-called trustworthiness profiles (TWP). In order to process the information, evaluate it and, in addition, derive further actions, a software is needed that manages trust autonomously: a so-called trust agent. By integrating trustworthiness profiles as well as trust agents, trust management can be handled in an automated way. [1]

Your Task

In this thesis, you will be challenged to implement a distributed trust agent for automated trust establishment and management. Security plays a prime importance for building trust in the context of automated trust management, as the integrity and authenticity of trust must be guaranteed. You should implement both static and dynamic trust worthiness profiles (TWPs) [3].

Therefore, you should:

  • Define an appropriate data format for a modular TWP (JWT). The information contained in the TWP should be made as variable as possible, to further extend the informational content of the TWP in the future.

  • Define some initial information that should be included in the TWP, like the company’s legal name, address, tax ID number, …

  • Build an editor that allows the parties to fill / edit the structure and content of the TWP.

  • Implement a distributed trust agent that is run on each contract partner. This also includes the key management for signing / verifying the TWPs.

The trust agent should:

  • Serve its static TWP to other parties. It should only include information that the other party queried.

  • Contain several connectors to third parties (i.e., Handelsregister) that can automatically fill and verify the information contained in the TWP.

  • Enable multiple parties to trust each other (→ distributed trust like in PGP; party X signs TWP of party Y).

Research Questions

  • How can trust be made tangible and managed in an automated way?

  • How and to what extent can third parties be used to automatically verify the information contained in the TWP?

  • Which IT-Security certifications should be included in the TWP, and how can they be verified automatically?

  • How can parties take advantage of distributed trust while sharing their trust with other parties?


Build a small API in NodeJS that can automatically verify certificates issued by TÜVRheinland. Specifically, on input of the certificate ID (see example shown below), the API should return the legal company name and address of the certificate holder.


  1. https://legaltestbed.org/en/automated-trust/

  2. https://legaltestbed.org/en/trust-demonstrator/

  3. https://legaltestbed.org/en/trustworthiness-profile/



Technologies for Implementation Task

  • Docker, Git

  • NodeJS for API (preferably with TypeScript)

React & Bootstrap for frontend (preferably with TypeScript)