Usage Domain CT-KIP is only one step in the overall authN token provisioning process, which typically involves: User enrolls for a cryptographic token via a provisioning application (CT-PA) CT-PA fulfills a token (e.g., hardware device and/or software application that runs on a device) to the end-user User triggers initialization and configuration of a key on the token using CT-KIP Upon success, the CT-PA binds the key to the token and activates it for future authentications. CT-KIP-WS is a mechanism for performing Step 3. |