Internet credentials in the form of private/public key pairs and certificates are managed by the user. The Windows NT Directory Service is used to publish public-key certificates for users and standard directory access protocols are used to locate them. Private keys and certificates issued to end users are kept in secure storage, either on the local system or smart card. The secure storage is provided with the Internet security technologies and is known as a Wallet.
The implementation of the Wallet is based on Microsoft's CryptoAPI architecture for Windows NT. CryptoAPI provides key management functionality and other cryptographic functionality for building a secure store. The Windows NT implementation of public key-based security protocols will use keys and certificates stored in the Wallet as user credentials for accessing Internet-based servers. In many cases, user defined properties of certificates in the Wallet allow the security protocols to automatically select and use the correct certificate and signature key. Advances in Internet security protocols (SSL3/TLS) allow a server to request specific credentials from the client that will automatically be used from the Wallet if they are available.