摘要 |
The invention provides methods, apparatus, systems, and software for cross-certification in Public Key Infrastructure (PKI) systems. A Public Key Infrastructure is provided having a hierarchy of certification authorities. A first CA is arranged to issue a cross-certificate. A second certification authority, hierarchically superior to the first is arranged so as not to issue any trust anchors which can be used successfully to validate the cross-certificate. Trust within the certifying organisation does not extend to the entire certifying organisation but is limited to only a predetermined part of it. |