An efficient method to merge hierarchical public key infrastructures

Security threats are most common in e-commerce and e-business transactions. Public key infrastructure (PKI) is a framework on which the security services are established. It can provide various secure services in e-commerce and e-business transactions by providing a comprehensive infrastructure for issuing and managing public keys in the form of digital certificates to a set of users. During acquisition of companies, the multiple PKIs deployed by them must be interoperated. Hierarchical PKI is one of the most popular PKI trust models that the companies deploy as their security infrastructure. Considering the specialties of such context, an efficient scheme to merge hierarchical PKIs during acquisition of companies is proposed. The proposed merging process is simple, fast and low cost. Compared with the common ways of merging PKIs with cross-certification at the root, the certificate verification in new PKI is more efficient and straightforward. Also the employment cost of root certification authorities is reduced. In the proposed method, there is no cross-certification at the root and so certificate verification time reduces significantly as compared to the normal method of merging with cross-certification.