Confidentiality services supported by a PKI depend on a combination of cryptographic techniques used to protect the data communications between parties. These services typically rely on public-key cryptography to provide a public and ready means for unknown parties to authorize a confidential data exchange with one another, and they rely on another form of cryptography "under the covers" (symmetric-key cryptography) to "hide" and protect the actual data in the communications from access by unauthorized parties.
Note: It is possible for a PKI to support confidentiality services using public-key cryptography alone, but implementations of confidentiality services almost always include a symmetric-key cryptography component for practical reasons. For more information, see Cryptography in a PKI.
Thus, with a confidentiality service supported by a PKI, one of many clients in the enterprise can authenticate communications with a given server and exchange data with that server with reasonable confidence that the data will not be intercepted and read by any unauthorized agent, including other clients talking confidentially with the same server.
