Authentication services for a PKI are supported by asymmetric (or public) key cryptography in order to confirm identity matches. Public-key cryptography relies on the existence of a uniquely matched key pair. Each key represents a means to uniquely match an identity defined by the other key. One party has a private key from the key pair that is known only to that party and that identifies its identity uniquely to all other parties. All other parties share a public key from that key pair known to all of them that can uniquely authenticate the party that owns the matching private key. This provides a convenient means to allow many unknown parties to authenticate communications with a party that has a given identity. For more information on the use of public-key cryptography in a PKI, see Cryptography in a PKI.

PKI authentication services support all other core security services used by a PKI, as well as more derivative security services, such as nonrepudiation, which assures that an author who produces data cannot later deny having produced it.