Update README.md

Added PKA description.

README.md

@@ -106,6 +106,11 @@ A key usage counter is a counter that is reduced by 1 everytime that the private
 
 Key usage can also be used to perform and auditory and track the usage of a particular key.
 
+### Public Key Authentication
+Public Key Authentication (PKA) allows to authenticate by using a secondary device with a private key and a registered public key in the primary device. A challenge is generated by the primary Pico HSM and given to the secondary for signature. The secondary device signs the challenge and returns the signature. Then, the primary device verifies the signature with the registered public key and if it is valid, it grants full access, as normal PIN authentication.
+
+In PKA, neither PIN nor retry counters are used, since a private key is needed. Therefore, this mechanism provides a higher degree of security, since it needs a secondary Pico HSM to authenticate the primary one.
+
 [^1]: PKCS11 modules (`pkcs11-tool` and `sc-tool`) do not support CMAC and key derivation. It must be processed through raw APDU command (`opensc-tool -s`).
 [^2]: Available via SCS3 tool. See [SCS3](/doc/scs3.md "SCS3") for more information.
 [^3]: Imports are available only if the Pico HSM is previously initialized with a DKEK and the DKEK shares are available during the import process. 
@@ -170,6 +175,8 @@ For storing and retrieving arbitrary data, check [doc/store_data.md](/doc/store_
 
 For extra options, such as set/get real datetime or enable/disable press-to-confirm button, check [doc/extra_command.md](/doc/extra_command.md).
 
+For Public Key Authentication, check [doc/public_key_authentication.md](/doc/public_key_authentication.md).
+
 ## Operation time
 ### Keypair generation
 Generating EC keys is almost instant. RSA keypair generation takes some time, specially for `3072` and `4096` bits.