Public Key Infrastructure

The sections above describe key encryption algorithms, applications, and protocols, but how are the systems actually deployed and managed?
Public Key Infrastructure (PKI), based on hybrid public/symmetric key encryption, has emerged as the foundation for network security for organizations. PKI is deployed by organizations wishing to provide remote access to �external clients� residing outside the organization's network, such as customers, business partners, travelling employees, or citizens.
PKI encompasses the technology, software/hardware infrastructure, and practices required to deliver secure transmission over the Internet. The PKI-enabled organization essentially operates as a certification authority, issuing and managing the public/private key pairs required for authentication, message integrity and confidentiality. The organization verifies the identity of the external client, sets rules governing access, and provides certificates. When the external client wishes to engage in secure communication, certificates are traded for mutual authentication. In addition, the public keys attached to the certificate are used to ensure message integrity and confidentiality through hybrid public/symmetric encryption.
Certificate Authorities themselves operate PKI systems in the issuing and management of certificates to online merchants or S/MIME email clients. In addition, some enterprises purchase PKI systems from vendors and operate it themselves, while others outsource their PKI needs to a CA which serves as their PKI provider.