PKI and Bridge Certification Architecture

PKI (Public Key Infrastructure) is the organization and application of public-key cryptography in digital certificates and certification authorities. PKI is mainly concerned with secure identification, verification and key exchange between parties.

Traditional PKIs rely on the sender and recipient (relying party) to be in the same “trust domain”: they both must trust the same root Certificate Authority. Cross Certification allows the relying party to map trust between trust domains, allowing the replying party to verify a certificate issued by a CA that he/she does not normally trust. A Bridge Certificate Authority joins many trust domains, by cross-certifying with the separate root CAs, and providing an array of certification paths, easing the process of cross-certification.

ITC's PKI/digital certificates website

© 2008 by the Rector and Visitors of the University of Virginia.

The information contained on the University of Virginia’s Department of Information Technology and Communication (ITC) website is provided as a public service with the understanding that ITC makes no representations or warranties, either expressed or implied, concerning the accuracy, completeness, reliability or suitability of the information, including warrantees of title, non-infringement of copyright or patent rights of others. These pages are expected to represent the University of Virginia community and the State of Virginia in a professional manner in accordance with the University of Virginia’s Computing Policies.