PKI Derivatives


The basic idea of PKI -- which can be thought of as a coordinated suite of technlogies, standards, management processes and agreements -- has led to numerous spin off approaches. Some like SPKI ("Simple PKI") have attempted to streamline the approach at the certificate protocol level. Others have deployed the basic elements in different form factors, such as wireless.




Smartcards are not strictly speaking a derivative of PKI (many would argue that smartcards pre-date PKI), but we cover them here under derivatives for two reasons. First, PKI has become prevalent as an integrated part of most modern smartcards, including banking cards, national ID, employee ID, and health & welfare. And second, the attractive features of on-chip key generation and integrated digital signing services make smartcards an increasingly important key medium in PKI.

US Government smartcard resources


Important PKI enabled smartcard schemes



Important smartcard standards


  • FIPS 201 "Personal Identity Verification (PIV) of Federal Employees and Contractors"
  • ISO 7816 "Identification cards - Integrated circuit(s) cards with contacts"




SPKI (stands for "Simple PKI") was an effort, now defunct, to streamline traditional PKI.

The SPKI Working Group of the IETF worked in the late 1990s but was disbanded around 2001.

"The task of the SPKI working group [was] to develop Internet standards for an IETF sponsored public key certificate format, associated signature and other formats, and key acquisition protocols. The key certificate format and associated protocols [were] to be simple to understand, implement, and use. For purposes of the working group, the resulting formats and protocols [are] known as the Simple Public Key Infrastructure, or SPKI.

"The SPKI is intended to provide mechanisms to support security in a wide range of internet applications, including IPSEC protocols, encrypted electronic mail and WWW documents, payment protocols, and any other application which will require the use of public key certificates and the ability to access them. It is intended that the Simple Public Key Infrastructure will support a range of trust models.]


In the view of this author at least, the sorts of things that need simplifying in traditional PKI are not related to certificate format or key acquisition protocols. Rather, it is the needless complexity of trying to create a legal basis for general purpose identity certificates, and "stranger-to-stranger" e-business that has made orthodox PKI so difficult. Embedded PKI, with focussed applications and usage agreements, has proven to be simple without the formal low level approaches anticipated by SPKI in the late 1990s.

Some important SPKI drafts include:

RFC 2692 - SPKI Requirements. The SPKI Working Group first established a list of things one might want to do with certificates (attached at the end of this document), and then summarized that list of desires into requirements. This document presents that summary of requirements.

RFC 2693 - SPKI Certificate Theory. This memo defines an Experimental Protocol for the Internet community. It does not specify an Internet standard of any kind. Discussion and suggestions for improvement are requested.


Wireless PKI


WPKI is simply the deployment of public key infrastructure using private keys and cryptographic functions in wireless devices, especially mobile phones.

WPKI standards were developed by the WAP (Wireless Application Protocol) Forum, until that group merged with the Open Mobile Alliance (OMA).  

See also: