BIND

Edit online
Bind a Key Receiving Device (KRD) to a Key Distribution Host (KDH). These are the steps, in sequence, with the CCA service APIs identified:
  1. On KDH
    • The KDH TR-34 application requests the CredKRD from the KRD.
  2. On KRD
    1. The CredKRD request is received and processed by the TR-34 application.
    2. Create the token that contains the CredKRD.
      1. Overview: Call CCA service CSNDT34C: "BINDKRDC" to create the TR-34 token that contains CredKRD for the KDH.
      2. INPUT:
        • CredKRD: KRD credential with ID and public key.
          • KEY STORAGE: Stored in application space or key ring.
      3. OUTPUT:
        • CT-KRD: Credential token for KRD, containing CredKRD.
          • KEY STORAGE: Stored in application space until sending. This is an opaque blob useable only in this protocol step.
    3. TR-34 application sends CT-KRD to KDH.
  3. On KDH
    • Refresh CRL-CA if needed:
      • If CRL-CA held by the KDH, representing the CA shared between the KRD and KDH, is not fresh any longer, the KDH should obtain a new CRL-CA before doing the next step.
    • Create the ‘BIND’ token needed for the next protocol step:
      • Overview: Call CCA service CSNDT34B: "BINDCR"
      • INPUT:
        • CT-KRD: Credential token received from KRD, containing CredKRD.
          • KEY STORAGE: Stored in application space until calling into the service.
        • CRL-CA: Certificate Revocation List from CA
          • KEY STORAGE: Stored in application space or key ring.
        • CredKDH: KDH credential with ID and public key.
          • KEY STORAGE: Stored in application space or key ring.
      • OUTPUT:
        1. CredKRD: KRD credential needed for future key distribution calls.
          • KEY STORAGE: Stored in application space or key ring.
        2. CT-KRD: BIND token.
          • KEY STORAGE: Stored in application space until send to KRD
    • KDH TR-34 application sends the CT-KRD token to the KRD.
  4. On KRD
    • The KRD receives the CT-KRD token from the KDH and processes it to complete the BIND.
      1. Overview: Call CCA service CSNDT34C: "BINDRV".
      2. INPUT:
        • CT-KDH: Token BIND token received from KDH.
          • KEY STORAGE: Stored in application space until processed in the service call.
      3. OUTPUT:
        • CredKDH: Credential for the KDH, needs to be stored in the KRD.
          • KEY STORAGE: Stored in application space or key ring.