Application-oriented cross-CA certificate trust

Cross-CA certificate trust is often required in the application of Public Key Infrastructure (PKI). Contrary to the CA-oriented approach for it such as cross-certification, the approach proposed in this paper is application-oriented. In the proposed scheme, various CAs and applications are connected through a number of Trust Gateways (TGWs), which form a backbone to propagate the certificate trust chains from trusted CAs to relying applications. As a result, a trust community is formed. A Community Trust Authority (CTA) acts as a root of trust of the community by asserting the root certificates of the trusted CAs and the relevant security policies. It also asserts the mappings between CAs´ private certificate policies and the public ones of the community. An application can rely on the trust built up by this system, and choose to trust certificates from specific CAs by relying on specific certificate trust chains according to its own security policies.