3.1.37 Public Key Infrastructure
set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke Certificates based on Asymmetric Cryptography
Note 1 to entry: The core PKI functions are to register users and issue their public-key Certificates , to revoke Certificates when required, and to archive data needed to validate Certificates . Key pairs for data Confidentiality could be generated by a Certificate authority (CA); but it is better to have the Private Key owner generate the key pair locally, provided they have a trusted key generation capability, since it improves security because the Private Key is never transmitted to the CA. See PKI and X509 for more details on Public Key Infrastructures.
OPC Unified Architecture - Part 2: Security Model