Public Key Infrastructure (PKI) is a system based on the Public Key Cryptography concepts to provide public key creation and management for users to encrypt data and exchange keys effectively.

PKI architecture is defined by the Internet standard groups and US National Institute of Standards (NIST). In the PKI architecture, a key component is the Certificate Authority, which is a third party organization to manage and sigh the certificates for users identity checking. The PKI Architecture has the following major functional components:

• System Security-enabling Services: provide the functionality allowing a user's identity to be established and associated with their actions in the PKI system.
• Cryptographic Primitives and Services: provide the cryptographic functions on which public-key security is based, including secret-key primitives, such as the International Data Encryption Algorithm (IDEA).
• Long-term Key Services: allow users to manage their own long-term keys and certificates and to retrieve and check the validity of other principals' certificates.
• Protocol Security Services: provide security functionalities such as data origin authentication, data integrity protection, data privacy protection, and non-repudiation,
• Secure Protocols: enable secure inter-application communications for security-unaware andlimited security-aware applications.
• Security Policy Services: provide the security policy information to enable access control, and conduct access control checking facilities to security-aware applications for policy enforcement.

Supporting Services: functionalities for secure operation (but not the security policy enforcement functions).

PKI Architecture

PKI: Public-Key Infrastructure

Related Terms: Public Key Cryptography, Private Key, Certificate Authority

Reference Links:
http://www.rsasecurity.com/rsalabs/node.asp?id=2124: Public-Key Cryptography Standards
http://csrc.nist.gov/pki/twg/BridgeCA/: Proposed Federal PKI Architecture