Comparison of Certificate Policies for Merging Public Key Infrastructures during Merger and Acquisition of Companies

The Public Key Infrastructure(PKI) provides facilities for data encryption, digital signature and time stamping. It is a system where different authorities verify and authenticate the validity of each participant with the use of digital certificates. A Certificate Policy (CP) is a named set of rules and it indicates the applicability of a certificate in a Public Key Infrastructure. Sometimes two companies or organizations with different PKIs merge. Therefore it would be necessary that their PKIs are also able to merge. Sometimes, the unification of different PKIs is not possible because of the different certificate policies. This paper presents a method to compare and assess certificate policies during merger and acquisition of companies.

[1]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[2]  Warwick Ford,et al.  Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework , 2003, RFC.

[3]  Jordi Forné,et al.  Building a Virtual Hierarchy for Managing Trust Relationships in a Hybrid Architecture , 2006, J. Comput..

[4]  George J. Klir,et al.  Fuzzy sets and fuzzy logic - theory and applications , 1995 .

[5]  Peter Hesse,et al.  Managing Interoperability in Non-Hierarchical Public Key Infrastructures , 2002, NDSS.

[6]  J. Linn Trust Models and Management in Public-Key Infrastructures , 2000 .

[7]  D. Polemi,et al.  Interoperability among healthcare organizations acting as certification authorities , 2003, IEEE Transactions on Information Technology in Biomedicine.

[8]  Scott O. Bradner,et al.  Key words for use in RFCs to Indicate Requirement Levels , 1997, RFC.

[9]  Balachandra Design of a public key infrastructure to handle interoperability issues , 2010 .

[10]  Stephen Farrell,et al.  Internet X.509 Public Key Infrastructure Certificate Management Protocols , 1999, RFC.

[11]  Sean W. Smith,et al.  A Computational Framework for Certificate Policy Operations , 2009, EuroPKI.

[12]  Jordi Forné,et al.  Building a virtual hierarchy to simplify certification path discovery in mobile ad-hoc networks , 2007, Comput. Commun..

[13]  Richard Nicholas,et al.  Internet X.509 Public Key Infrastructure: Certification Path Building , 2005, RFC.

[14]  Yuefei Zhu,et al.  An Efficient Scheme of Merging Multiple Public Key Infrastructures in ERP , 2005, WAIM.

[15]  Zheng Guo,et al.  A New Trust Model for PKI Interoperability , 2005, Joint International Conference on Autonomic and Autonomous Systems and International Conference on Networking and Services - (icas-isns'05).

[16]  Kouichi Sakurai,et al.  A merging method of certification authorities without using cross-certifications , 2004, 18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004..