Authorized applications that require a highly secured environment for cryptographic components generally use a cryptographic card that serves as storage for cryptographic keys.
An LDAP (Lightweight Directory Access Protocol) directory normally uses cryptographic keys for SSL (Secure Sockets Layer) based authentication. The server establishes connection with the crypto hardware during startup using the vendor specific APIs (application programming interfaces). This connection is kept persistent throughout the lifetime of server. When the LDAP clients send requests to the server over SSL connection, the server retrieves a security certificate corresponding to the client from the hardware and compares it with the one provided by the client. If the two certificates match, the client is authenticated.