Comparison of Certificate Policies for Merging Public Key Infrastructures during Merger and Acquisition of Companies
This addresses a practical issue for companies undergoing mergers, but it is incremental as it focuses on comparing existing policies rather than introducing a new paradigm.
The paper tackles the problem of merging Public Key Infrastructures (PKIs) during company mergers and acquisitions by presenting a method to compare and assess certificate policies, which can prevent unification due to policy differences.
The Public Key Infrastructure(PKI) provides facilities for data encryption, digital signature and time stamping. It is a system where different authorities verify and authenticate the validity of each participant with the use of digital certificates. A Certificate Policy (CP) is a named set of rules and it indicates the applicability of a certificate in a Public Key Infrastructure. Sometimes two companies or organizations with different PKIs merge. Therefore it would be necessary that their PKIs are also able to merge. Sometimes, the unification of different PKIs is not possible because of the different certificate policies. This paper presents a method to compare and assess certificate policies during merger and acquisition of companies.