3.1.1.1 Abstract Data Model

This section describes a conceptual model of data organization that a possible implementation would maintain to participate in this protocol. The described organization is provided to facilitate understanding of how the protocol behaves. This protocol specification does not mandate that implementations adhere to this model as long as their external behavior is consistent with the behavior described in this specification.

The following abstract data model elements are defined:

Client_HardwareKeyInfo: Contains one of the following DER-encoded ASN.1 structures where trust module public keys and trust module certificates are initialized from the TPM. Trust module public keys MUST be present. Trust module certificates can contain up to 4 certificates.

For syntactical details and semantics in the case of EK attestation (authority and subject) (section 3.1.1.4.3.4.1), see section 2.2.2.7.13. For syntactical details and semantics in the case of AIK attestation (subject only) (section 3.1.1.4.3.4.2), see section 2.2.2.7.15.

Client_KeyAttestationStatement: Contains the CSP-specific KeyAttestationStatement structure (section 2.2.2.5) that is generated for each TPM key associated with a certificate request.

Returned_Request_ID: A ULONG that contains the request ID created by the CA when it receives a request for a certificate. This value is returned in the pdwRequestId parameter of the ICertRequestD::Request and ICertRequestD2::Request2 methods.