PKI is generally considered as the most appropriate solution for e-commerce and mutual authentication, owing to its digital signature and non-repudiation features. Asymmetric key operations of PKI require by far more CPU cycles than a symmetric cryptographic algorithm. It hampers the usability of PKI on resource-constrained devices. To overcome these limitations, we propose a new PKIbased authentication protocol and security infrastructure enhanced with single sign-on and delegation technology for a device with a restricted computing power. Although a conventional delegation mechanism cannot support nonrepudiation mechanism against malicious user's behavior, our proposed protocol and security infrastructure can provide the mechanism by devising a referee server that generates binding information between a device and authentication messages, and retains the information in its local storage for future accusation.