关键词: 交叉证书, 桥CA, 跨域认证, 信任传递, 证书路径

Abstract: In the E-government extranet, the basic network environment is complex, and there are many independent CA operating organizations which form their own certificate application domains. How to realize the unified identity authentication across many certificate domains involves two problems, one is how to label the identity uniquely, the other is how to identify the identity. In a certificate domain, identity is identified by a certificate. Across many certificate domains, there are multiple trust anchors (the starting point of trust). The problem of trust between trust anchors should be solved first, and then the uniqueness of identity information represented by the certificate can be explained. The second is to solve the problem of certificate validation, that is, the problem of identity authentication. This paper proposes a solution of inter-domain identity authentication based on bridge CA to solve the problem of multi-CA trust through bridge CA and realize crossdomain identity authentication through interdomain gateway, and presents the implementation process of crossdomain identity. Under the premise of not changing the existing application scenarios, this scheme can well solve the identity authentication problem of crossdomain identity by building a new trust chain and using a new method.K

Key words: cross certificate, bridge CA, trust transfer, inter-domain identity, certificate path