Chapter 1. Overview
12
When an OCSP responder is set up with a Certificate Manager, and publishing is set up to the OCSP
responder, CRLs are published to the OCSP responder when they are issued or updated.
1.2.5. Token Key Service
The Token Key Service (TKS) provides secure channels for communication between smart card
tokens and a TPS instance. It creates these channels by using a pre-generated master key to derive
secret keys that are specific for each individual token enrolled through the TPS. These secure
channels allow the commands and keys sent to the smart card to be encrypted, and the shared
secrets between tokens and the TKS help the smart card validate that the privileged commands
sent to it are from the appropriate TPS. During server-side key generation, the TKS also generates
transport keys which wrap, or encrypt, the user's private keys to secure them during transit.
1.2.6. Token Processing System
The Token Processing System (TPS) is the conduit between the Enterprise Security Client, the user
interface for end users to manage their smart cards, and the other subsystems in the Certificate
System. It automatically initiates certificate enrollments with the CA and key recovery through the
DRM. It uses the TKS to generate and store master keys used to derive token-specific secret keys.
1.3. Deployment Scenarios
1.3.1. Single Certificate Manager
Some deployments require a single Certificate Manager to handle all end-entity interactions. No DRM
is necessary to provide key archival or recovery capabilities, and no OCSP is required for certificate
verification. This Certificate Manager can use a signing certificate issued by a public certificate
authority or its self-signed CA signing certificate to sign all the certificates it issues.
Содержание CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE
Страница 36: ...Chapter 1 Overview 16 Figure 1 4 Certificate System Architecture ...
Страница 144: ...124 ...
Страница 160: ...140 ...
Страница 208: ...188 ...
Страница 210: ...190 ...
Страница 256: ...236 ...
Страница 282: ...Chapter 12 Certificate Profiles 262 Parameter IssuerName_n IssuerType_n ...
Страница 285: ...Freshest CRL Extension Default 265 Parameter PointName_n PointIssuerName_n ...
Страница 335: ...Configuring Mappers 315 Figure 14 9 Selecting a New Mapper Type 6 Edit the mapper instance and click OK ...
Страница 362: ...342 ...
Страница 376: ...356 ...
Страница 436: ...416 ...
Страница 490: ...470 ...
Страница 504: ...484 ...