PKI describes a system that uses public keys and Digital IDs to ensure security of the system and to confirm the identity of its users. For example, a company might use PKI to control who accesses the company's computer network. In the future, companies might use PKI to control access to everything from entrance into buildings to procurement of goods.

PKI lets people and companies conduct business in private. Employees can securely send e-mail over the Internet, without worrying that a competitor could intercept the e-mail. Companies can build private Web sites, sending information only to known customers.

PKI is based on a system of trust, where two parties (these can be people or computers) mutually trust a CA to check and confirm the identity of both parties. For example, most people and companies trust the validity of a driver's license or passport. This is because they trust the way the government issues these documents. However, a student ID is typically accepted as proof of your identity only to the school that issues the ID. The same holds true for Digital IDs.

With PKI, both parties in a transaction (be it an online bank and its customers or an employer and its employees) agree to trust a CA who issues their Digital IDs. Typically, the software application that uses your Digital ID has some mechanism for trusting CAs. For example, a Web browser contains a list of CAs that it trusts. When the Web browser is presented a Digital ID (say from an online mall doing secure commerce), the browser looks up the CA who issued the Digital ID. If the CA is in the list of trusted CAs, the browser accepts the identity of the Web site and displays the web page for you. However, if the CA is not in the list of trusted CAs, the browser displays a warning message that asks you if you want to trust the new CA. Usually your browser gives you options for permanently or temporarily trusting the CA or not trusting it at all. As a user, you have control over which CAs you want to trust, but the trust management is done by the software application (in this example, it is by the Web browser).