A threshold number of Secret Shares (m) out of the total number of Secret Shares created and distributed for a particular hardware cryptographic module (n) is required to activate a CA private key stored on the module. Using m-out-of-n to control IC card groups, the IC card groups are separately kept by an administrator and issuer.

Two months prior to expiration of the private key, the CA Re-key the key pair for certificate issuance. After Re-key, it is necessary to apply for a new certificate with the Government CA.

1. The key of a signature key pair used to create a digital signature.
2. It is also the key of the key pair for decrypting confidential information.

In both cases, this key must be kept secret.

1. The key of a signature key pair used to validate a digital signature.
2. It is also the key of the key pair for encrypting confidential information.

In both cases, this key is made publicly available normally in the form of a digital certificate.

To change the value of a cryptographic key that is being used in a cryptographic system application; this normally entails issuing a new certificate on the new public key. It uses a new serial number and possibly specified a new validity period.

Two months prior to the expiration of a private key, it is necessary for the Subscriber to Re-key the certificate to maintain continuity of Certificate usage. It is also necessary to apply for a new certificate with the Certification Authority.

Two mathematically related public and private keys with following characteristics:

1. One key can be used for data encryption, and the other key for decryption.
2. It is impossible to find out another key even though you know one key (from view of computing).