An approach for evaluating trust in X.509 certificates

摘要

Today, X.509 certificates is largely adopted for the identity verification of an entity. Such organizations and people use it to confirm their identities in online transaction. Then, it is necessary to verify the certificate trustworthiness in order to accept or reject it for a particular transaction. Besides, certificates are issued by the certificate authority based on the procedures which are described in a certificate policy. Any deficiency in these procedures may influence a certificate authority trustworthiness, which creates a trust lack in the certificates signed by this authority. In this context, relying parties need an automated mechanism to evaluate a trust level of certificate which come into question. In this paper, we grant them this mechanism to have information about its trustworthiness. In fact, we propose a trust framework architecture which is composed from the several components involved in the trust level calculation. Then, we suggest a trust level calculation algorithm which is based on three parameters that are the calculated CA trust level, the quality of procedures indicated in the certificate policy and the rating assigned to certification fields content. Our proposed solution allows relying parties to make a decision about certificate trustworthiness.