Abstract: X.509 based Public Key Infrastructures use classical certificates. To verify a classical certificate the public key of the issuer Certificate Authority (CA) must be known and that CA must be trusted. The nested certificates have been proposed to relax the trust requirements of certificate issuance and to by-pass the necessity of public key information to verify a classical certificate. This paper describes the basic principles and the certificate path verification scheme of a Nested certificate based Public Key Infrastructure (NPKI). In NPKI, the classical certificates are used together with the nested certificates and it is a generic system. The basic advantage of NPKI is the ability to connect the disconnected classical certificate paths by using nested certificates and by this way, the verifiers can form alternative certificate paths that cannot be formed using only the classical certificates. Moreover, in NPKI, the authorities are more flexible than the authorities of the classical PKIs, since they can issue nested certificates in situations where the classical certificates cannot be issued.
Paper in PDF (206K)
Back to Albert Levi's home page
Back to M. Ufuk Caglayan's home page