| |
_Public
Key Infrastructure (PKI)
One other such sensitive operation is initialization
of PKI functionality on the iKey 1000 token. In the Windows
version, it is a function of the Security Officer to decide
whether to dedicate some of the overall iKey 1000 memory
for exclusive use by PKI functionality embodied in the
iKey 1000 series software libraries.
When enabled, the PKI libraries divide the dedicated memory
into two areas. One area is for public storage where digital
certificates, public keys, cookies and other unprotected
data can be stored. The second storage area is for private
storage of shared secrets and private keys. This private
area has authenticated secure access and the data is held
in encrypted form.
All PKI functions are performed within a Security Module
embedded within the iKey 1000 Series Windows Client Software.
When operations involving secure private objects are required,
then the Security Module retrieves the necessary Private
keys from the iKey 1000 token after first meeting the
authentication requirements with a User PIN. |
|
