Now, authentication can also be accomplished through the use of digital certificates, one of the central features of public key encryption. Now, these can be looked at as a special specific use message format, but these digital certificates typically are issued with the key pairs, public and private, and are attached to the public key when distributed that is published to other users to facilitate secure communications and exchanges between the two parties.

This particular digital certificate is valid for all of the four uses scene: authentication, non-repudiation, integrity, and confidentiality. Now, PKI makes secure communications, authentication, and cryptographic operations such as encryption and decryption possible. It is the security infrastructure that uses public key concepts to provide services for secure E-commerce transactions and end user communications. This makes use of the X.509 standard for certificates and makes possible strong authorization capabilities by providing privileged management infrastructure, using the X.509 attributes, attribute authorities, target gateways, and authorization policies.

Now, here you see the details of what is included that was employed to generate this digital certificate. It shows algorithms used, the various key links, and very importantly, the validity dates and the validity lifetime. Now, PKI manages the generation and distribution of public and private key pairs, which are sent along with the certificates.

Now, PKI itself consists of the following components. Visualize a pyramid. At the top of this pyramid, we'll set a certificate authority or CA which is the top-level trusted entity that issues the digital certificate that holds the public and private key-related information for the subject. Along with that or beneath that in this pyramid structure will be a registration authority, which functions as a verifier for the CA before a digital certificate is issued by the CA to the requester.

Now, the CA itself can perform that same service, but a registration authority could be seen as an administrative assistant to the CA for certain types of implementations. Within this structure is a certificate management system with directories in which the certificates can be held. And with revocation abilities to revoke certificates at any time whose private keys have been compromised or whose owner simply wishes to cancel them and perhaps get a new one.

Now, for each transaction, the CA will publish and make available a transaction to verify against the certificate revocation lists or CRL, which contain all certificates revoked by the CA. These CRLs make it possible to withdraw a certificate whose private key has been disclosed or in some other way compromised. In order to verify the validity of a certificate, the public key of the CA is required. And a check against the CA's CRL is made. The certificate authority itself, of course, needs to have its own certificates. These are self-signed, which means the subject data and the certificate is the same as the name of the authority who signs and issues the certificates.

Now, PKI management includes the creation of all these different components, including key pairs, certification and creation, private key revocation, and listing in the CRL when the key is compromised. Storage and archival of keys and certificates and the destruction of these certificates at their end of life. PKI is therefore a means to achieve intercompany trust and enforcement of restrictions on the usage of issued certificates.