set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke Certificates based on Asymmetric Cryptography

Note 1 to entry: The core PKI functions are to register users and issue their public-key Certificates, to revoke Certificates when required, and to archive data needed to validate Certificates. Key pairs for data Confidentiality could be generated by a Certificate authority (CA); but it is better to have the Private Key owner generate the key pair locally, provided they have a trusted key generation capability, since it improves security because the Private Key is never transmitted to the CA. See PKI and X509 for more details on Public Key Infrastructures.