Diagram of a public key infrastructure
A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke
digital certificates and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred.
cryptography, a PKI is an arrangement that binds
public keys with respective identities of entities (like people and organizations). The binding is established through a process of registration and issuance of certificates at and by a
certificate authority (CA). Depending on the assurance level of the binding, this may be carried out by an automated process or under human supervision.
The PKI role that assures valid and correct registration is called a registration authority (RA). An RA is responsible for accepting requests for digital certificates and authenticating the entity making the request.
 In a
Microsoft PKI, a registration authority is usually called a subordinate CA.
An entity must be uniquely identifiable within each CA domain on the basis of information about that entity. A third-party
validation authority (VA) can provide this entity information on behalf of the CA.