Public key infrastructure (PKI) uses public and private key cryptography and digital certificates to provide security services like authentication, non-repudiation, and data integrity. A PKI system uses certification authorities to validate users' identities and issue digital certificates that bind public keys to those identities. These certificates allow users to securely exchange information and digitally sign documents online through services like SSL/TLS and S/MIME. Smart cards can serve as portable devices for storing users' private keys and certificates to enable strong authentication on untrusted devices.