What is a trust hierarchy?
• A simplified example of a common class of trust hierarchies is illustrated below. In this illustration, it is assumed that root certificate CA X is installed in the device, whereas root certificate CA Y is not. This means that root CA X is assumed to be a trust anchor in the device. Accordingly, the user of the device trusts that CA X only issues certificates to organizations or persons who have proven that: • Their identity is correct • They are the rightful owner of a private key that matches the public key to be stored in their certificate. • They do not reveal their private key to other persons/organizations. With this CA certificate, the device can then verify that, for example, the identity and public key given in CA certificates 1 and 2 as well as in end-user certificate C can be trusted. Furthermore, this implies that the device can use CA1 and CA2 to verify that the public key and identity contained in the certificates of end-user certificates A, B, and D can be verified. Ho
