An efficient, dynamic and trust preserving public key infrastructure

Abstract

Nested certification is a methodology for efficient certificate path verification. Nested certificates can be used together with classical certificates in the Public Key Infrastructures (PKIs). Such a PKI, which is called nested certificate based PKI (NPKI), is proposed as an alternative to classical PKI. The NPKI formation model is a transition from an existing PKI by issuing nested certificates. Thus, we can extract efficiently verifiable nested certificate paths instead of classical certificate paths. NPKI is a dynamic system and involves several authorities in order to add a new user to the system. This uses the authorities' idle time to the benefit of the verifiers. We analyze the trade-off between the nested certification overhead and the time improvement on the certificate path verification. This trade-off is acceptable in order to generate quickly verifiable certificate paths. Moreover, PKI-to-NPKI transition preserves the existing hierarchy and trust relationships in the PKI, so that it can be used for strictly hierarchical PKIs.