Building a Virtual Hierarchy for Managing Trust Relationships in a Hybrid Architecture

Trust models provide a framework to create and manage trust relationships among the different entities of a Public Key Infrastructure (PKI). These trust relationships are verified through the certification path validation process, which involves: path discovery, signature verification and revocation status checking. When trust relationships are bidirectional, multiple paths can exist between two entities, which increase the runtime of the path discovery process. In addition, validation of long paths can be difficult, especially when storage and processing capacities of the verifier are limited. In this paper, we propose a protocol to establish a hierarchical trust model from a hybrid PKI. This protocol makes more efficient certification path discovery since in a hierarchical model, trust relationships are unidirectional and paths are easy to find. In addition, our protocol does not require issuing new certificates and allows setting a maximum path length, so it can be adapted to the features of users' terminals.