This system requires a Certificate Authority who has a private/public key pair and also some other publicly available information, when a user wants to generate a key they make a secret and combine it with some of the public information made available by the certificate authority in such a way so that their secret is not revealed. This is then given to the CA who after verifying the user's identity gives the user an implicit certificate which binds the users secret to their identity information. From this the user can generate their private/public key pair.
When the user receives a signed message they can use the CA's public key and the implicit certificate to recover the signer's public key. If the implicit certificate is invalid then the signature will not be verifiable.