From df7e770370347fe99319c4adb9ec051826e5644b Mon Sep 17 00:00:00 2001
From: "jk7744.park" <jk7744.park@samsung.com>
Date: Sat, 24 Oct 2015 17:01:25 +0900
Subject: [PATCH] tizen 2.4 release

---
 CMakeLists.txt                                     |  20 +-
 build/key-manager.pc.in                            |   2 +-
 data/scripts/migrate_1.sql                         |   1 +
 data/scripts/migrate_2.sql                         |   2 +
 .../images/capi_key_manager_overview_diagram.png   | Bin
 doc/{wearable => }/key-manager-client_doc.h        |   0
 doc/{wearable => }/key-manager-control_doc.h       |   1 -
 doc/{wearable => }/key-manager-types_doc.h         |   0
 doc/{mobile => }/key-manager_doc.h                 |   4 +-
 .../images/capi_key_manager_overview_diagram.png   | Bin 20153 -> 0 bytes
 doc/mobile/key-manager-client_doc.h                |  31 --
 doc/mobile/key-manager-control_doc.h               |  32 --
 doc/mobile/key-manager-types_doc.h                 |  32 --
 doc/wearable/key-manager_doc.h                     |  84 ----
 packaging/key-manager-listener.manifest            |  13 -
 packaging/key-manager.manifest                     |  14 +-
 packaging/key-manager.spec                         | 108 ++---
 src/CMakeLists.txt                                 |  30 +-
 src/include/ckm/ckm-client-info.h                  |  58 +++
 src/include/ckm/ckm-control.h                      |  15 +-
 src/include/ckm/ckm-error.h                        |   3 +
 src/include/ckm/ckm-type.h                         |   1 +
 src/include/ckmc/ckmc-control.h                    |  60 ++-
 src/include/ckmc/ckmc-error.h                      |   3 +-
 src/include/ckmc/ckmc-manager.h                    | 445 ++++++++++++++++-----
 src/include/ckmc/ckmc-type.h                       | 405 ++++++++++++-------
 src/listener/CMakeLists.txt                        |  33 --
 src/listener/listener-daemon.cpp                   | 117 ------
 src/manager/CMakeLists.txt                         |  16 +-
 src/manager/client-capi/ckmc-control.cpp           |  55 ++-
 src/manager/client-capi/ckmc-manager.cpp           | 200 +++++++--
 src/manager/client-capi/ckmc-type-converter.cpp    |  24 +-
 src/manager/client-capi/ckmc-type-converter.h      |   1 +
 src/manager/client-capi/ckmc-type.cpp              |  63 +++
 src/manager/client/client-control.cpp              |  48 +--
 src/manager/client/client-manager-impl.cpp         |  19 +-
 src/manager/client/client-manager-impl.h           |  12 +
 src/manager/common/client-info-impl.cpp            |  65 +++
 src/manager/common/key-impl.cpp                    |  12 +-
 src/manager/common/key-impl.h                      |   1 -
 src/manager/common/protocols.cpp                   |  84 ++--
 src/manager/common/protocols.h                     |   6 +-
 src/manager/dpl/core/include/dpl/serialization.h   |   5 +-
 src/manager/dpl/core/src/exception.cpp             |  11 +
 src/manager/dpl/db/src/sql_connection.cpp          |   6 +-
 src/manager/dpl/log/src/log.cpp                    |  22 +-
 src/manager/listener/listener-thread.cpp           | 159 ++++++++
 .../smack-check.h => listener/listener-thread.h}   |  43 +-
 src/manager/main/generic-socket-manager.h          |   2 +-
 src/manager/main/key-manager-main.cpp              |   9 +-
 src/manager/main/smack-check.cpp                   |  34 --
 src/manager/main/socket-manager.cpp                | 130 +++---
 src/manager/main/socket-manager.h                  |   7 +-
 src/manager/service/CryptoService.cpp              | 236 ++++++-----
 src/manager/service/CryptoService.h                |   3 +-
 src/manager/service/access-control.cpp             |  14 +-
 src/manager/service/certificate-store.cpp          |   2 +
 src/manager/service/ckm-logic.cpp                  | 230 +++++++----
 src/manager/service/ckm-logic.h                    |  17 +-
 src/manager/service/ckm-service.cpp                |  40 +-
 src/manager/service/crypto-logic.cpp               |   5 +
 src/manager/service/crypto-logic.h                 |   1 +
 src/manager/service/db-crypto.cpp                  |  69 ++--
 src/manager/service/digest.cpp                     |   5 +-
 src/manager/service/file-lock.cpp                  |  12 +-
 src/manager/service/file-system.cpp                |  96 ++---
 src/manager/service/file-system.h                  |  11 +-
 src/manager/service/key-provider.cpp               | 158 ++++++--
 src/manager/service/key-provider.h                 |  10 +
 src/manager/service/ocsp-logic.cpp                 |  74 +++-
 src/manager/service/ocsp-logic.h                   |   6 +-
 src/manager/service/ocsp.cpp                       |  25 +-
 src/manager/sqlcipher/sqlcipher.c                  | 101 +++--
 src/plugin/password-plugin.cpp                     |  90 +++--
 systemd/CMakeLists.txt                             |   2 -
 systemd/central-key-manager-api-control.socket     |  13 +-
 systemd/central-key-manager-api-ocsp.socket        |  13 +-
 systemd/central-key-manager-api-storage.socket     |  13 +-
 systemd/central-key-manager-listener.service       |  11 -
 systemd/central-key-manager.service.in             |   5 +-
 systemd/central-key-manager.target                 |   4 -
 tests/CMakeLists.txt                               |  36 ++
 tests/main_lcov.cpp                                |  63 +++
 tests/test_db_crypto.cpp                           |   1 +
 tests/test_lcov_certificate-impl.cpp               |  89 +++++
 tests/test_lcov_ckmc-type-converter.cpp            | 215 ++++++++++
 tests/test_lcov_client-error.cpp                   |  89 +++++
 tests/test_lcov_key-impl.cpp                       |  43 ++
 tools/ckm_so_loader.cpp                            |  19 +-
 89 files changed, 2864 insertions(+), 1505 deletions(-)
 rename doc/{wearable => }/images/capi_key_manager_overview_diagram.png (100%)
 rename doc/{wearable => }/key-manager-client_doc.h (100%)
 rename doc/{wearable => }/key-manager-control_doc.h (99%)
 rename doc/{wearable => }/key-manager-types_doc.h (100%)
 rename doc/{mobile => }/key-manager_doc.h (92%)
 delete mode 100755 doc/mobile/images/capi_key_manager_overview_diagram.png
 delete mode 100644 doc/mobile/key-manager-client_doc.h
 delete mode 100644 doc/mobile/key-manager-control_doc.h
 delete mode 100644 doc/mobile/key-manager-types_doc.h
 delete mode 100644 doc/wearable/key-manager_doc.h
 delete mode 100644 packaging/key-manager-listener.manifest
 create mode 100644 src/include/ckm/ckm-client-info.h
 delete mode 100644 src/listener/CMakeLists.txt
 delete mode 100644 src/listener/listener-daemon.cpp
 create mode 100644 src/manager/common/client-info-impl.cpp
 create mode 100644 src/manager/listener/listener-thread.cpp
 rename src/manager/{main/smack-check.h => listener/listener-thread.h} (50%)
 delete mode 100644 src/manager/main/smack-check.cpp
 delete mode 100644 systemd/central-key-manager-listener.service
 delete mode 100644 systemd/central-key-manager.target
 create mode 100644 tests/main_lcov.cpp
 create mode 100644 tests/test_lcov_certificate-impl.cpp
 create mode 100644 tests/test_lcov_ckmc-type-converter.cpp
 create mode 100644 tests/test_lcov_client-error.cpp
 create mode 100644 tests/test_lcov_key-impl.cpp

diff --git a/CMakeLists.txt b/CMakeLists.txt
index b968db6..c2c1511 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -58,15 +58,15 @@ IF (CMAKE_BUILD_TYPE MATCHES "DEBUG")
     ADD_DEFINITIONS("-DBUILD_TYPE_DEBUG")
 ENDIF (CMAKE_BUILD_TYPE MATCHES "DEBUG")
 
-IF (PROFILE_TARGET MATCHES "WEARABLE")
-    MESSAGE("PROFILE_TARGET_WEARABLE DEFINED")
-    ADD_DEFINITIONS("-DPROFILE_TARGET_WEARABLE")
-ENDIF (PROFILE_TARGET MATCHES "WEARABLE")
+IF (DEFINED PASSWORD_PROTECTION_DISABLE)
+    MESSAGE("PASSWORD_PROTECTION_DISABLE ENABLED !")
+    ADD_DEFINITIONS("-DPASSWORD_PROTECTION_DISABLE")
+ENDIF (DEFINED PASSWORD_PROTECTION_DISABLE)
 
-IF (FORM_FACTOR MATCHES "CIRCLE")
-    MESSAGE("FORM_FACTOR_CIRCLE DEFINED")
-    ADD_DEFINITIONS("-DFORM_FACTOR_CIRCLE")
-ENDIF (FORM_FACTOR MATCHES "CIRCLE")
+IF (DEFINED DB_PER_ZONE_ENABLE)
+    MESSAGE("DB_PER_ZONE ENABLED !")
+    ADD_DEFINITIONS("-DDB_PER_ZONE_ENABLE")
+ENDIF (DEFINED DB_PER_ZONE_ENABLE)
 
 IF (DEFINED SYSTEMD_ENV_FILE)
     ADD_DEFINITIONS(-DSYSTEMD_ENV_FILE="${SYSTEMD_ENV_FILE}")
@@ -80,6 +80,7 @@ SET(TARGET_LISTENER "key-manager-listener")
 SET(TARGET_PASSWORD_PLUGIN "security-server-plugin")
 
 SET(TARGET_TEST_MERGED "ckm-tests-internal")
+SET(TARGET_TEST_LCOV "ckm-tests-lcov-internal")
 
 INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/data/scripts/230.key-manager-migrate-dkek.patch.sh
     DESTINATION /etc/opt/upgrade
@@ -90,5 +91,8 @@ INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/data/scripts/230.key-manager-migrate-d
 ADD_SUBDIRECTORY(src)
 ADD_SUBDIRECTORY(build)
 ADD_SUBDIRECTORY(systemd)
+
+IF (DEFINED CKM_BUILD_INTERNAL_TEST)
 ADD_SUBDIRECTORY(tests)
 ADD_SUBDIRECTORY(tools)
+ENDIF (DEFINED CKM_BUILD_INTERNAL_TEST)
diff --git a/build/key-manager.pc.in b/build/key-manager.pc.in
index 4867073..e3c8834 100644
--- a/build/key-manager.pc.in
+++ b/build/key-manager.pc.in
@@ -6,6 +6,6 @@ includedir=${prefix}/include
 Name: key-manager
 Description: Central Key Manager Package
 Version: @VERSION@
-Requires: openssl libsmack
+Requires: openssl
 Libs: -L${libdir} -lkey-manager-client -lkey-manager-common -lkey-manager-control-client
 Cflags: -I${includedir}/ckm
diff --git a/data/scripts/migrate_1.sql b/data/scripts/migrate_1.sql
index 39e2d70..1ced1dd 100644
--- a/data/scripts/migrate_1.sql
+++ b/data/scripts/migrate_1.sql
@@ -24,6 +24,7 @@
 -- isolate old data
 ALTER TABLE PERMISSION_TABLE RENAME TO OLD_PERMISSION_TABLE;
 DROP INDEX perm_index_idx;
+DROP INDEX ckm_index_label;
 
 
 -- create new structure
diff --git a/data/scripts/migrate_2.sql b/data/scripts/migrate_2.sql
index 5c629fe..8bd2fd2 100644
--- a/data/scripts/migrate_2.sql
+++ b/data/scripts/migrate_2.sql
@@ -23,12 +23,14 @@
 
 -- isolate old data
 DROP INDEX perm_index_idx;
+DROP INDEX name_index_idx;
 
 
 -- create new structure
 CREATE TABLE SCHEMA_INFO(name TEXT PRIMARY KEY NOT NULL,
                          value TEXT);
 ALTER TABLE NAME_TABLE RENAME TO NAMES;
+CREATE INDEX name_index_idx ON NAMES(idx);
 -- need to create OBJECT table from scratch,
 -- as SQLite does not support "ALTER COLUMN"
 -- (REFERENCES NAME_TABLE --> NAMES)
diff --git a/doc/wearable/images/capi_key_manager_overview_diagram.png b/doc/images/capi_key_manager_overview_diagram.png
similarity index 100%
rename from doc/wearable/images/capi_key_manager_overview_diagram.png
rename to doc/images/capi_key_manager_overview_diagram.png
diff --git a/doc/wearable/key-manager-client_doc.h b/doc/key-manager-client_doc.h
similarity index 100%
rename from doc/wearable/key-manager-client_doc.h
rename to doc/key-manager-client_doc.h
diff --git a/doc/wearable/key-manager-control_doc.h b/doc/key-manager-control_doc.h
similarity index 99%
rename from doc/wearable/key-manager-control_doc.h
rename to doc/key-manager-control_doc.h
index 8c42b39..70675d8 100644
--- a/doc/wearable/key-manager-control_doc.h
+++ b/doc/key-manager-control_doc.h
@@ -16,7 +16,6 @@
 #ifndef __TIZEN_CORE_KEY_MANAGER_CONTROL_DOC_H__
 #define __TIZEN_CORE_KEY_MANAGER_CONTROL_DOC_H__
 /**
- * @internal
  * @ingroup CAPI_KEY_MANAGER_MODULE
  * @defgroup CAPI_KEY_MANAGER_CONTROL_MODULE Key Manager Control
  * @brief    These APIs control the key manager state (Unlocked/Locked) and reflects the user's password change.
diff --git a/doc/wearable/key-manager-types_doc.h b/doc/key-manager-types_doc.h
similarity index 100%
rename from doc/wearable/key-manager-types_doc.h
rename to doc/key-manager-types_doc.h
diff --git a/doc/mobile/key-manager_doc.h b/doc/key-manager_doc.h
similarity index 92%
rename from doc/mobile/key-manager_doc.h
rename to doc/key-manager_doc.h
index 9c2723d..81e2979 100644
--- a/doc/mobile/key-manager_doc.h
+++ b/doc/key-manager_doc.h
@@ -73,9 +73,7 @@
  * Alias Format
  *   - The format of alias is "package_id name".
  *   - If package_id is not provided by a client, the key-manager will add the package_id of the client to the name internally.
- *   - Alias should not include whitespace except the case of using as delimiter between package_id and name.
- *   - If the client use "package_id name" format of alias when saving something in key-manager, the client should use package_id of the client itself.
-       If the client doesn't, key-manager will return error code related to input parameter error.
+ *   - The client can specify only its own package id in the alias when storing a key, certificate, or data.
  *   - A client should specify the package id of the owner in the alias to retrieve a a key, certificate, or data shared by other applications.
  *   - Aliases are returned as the format of "package_id name" from the key-manager.
  *
diff --git a/doc/mobile/images/capi_key_manager_overview_diagram.png b/doc/mobile/images/capi_key_manager_overview_diagram.png
deleted file mode 100755
index 945390932025fe04a6829f2b5bd78d779299cb81..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 20153
zcmce;byStzw?B$>igbr`ccUQE(k&gEW+O_7w1D)cQ;_a<lhPuv>8_2G(%qfEhu8Q0
zp7)%4eq-Em|F~nwa6CNgnQN|@pEcK9gsH2_<6x3wA|N2(C@RQkA|N0tARs)lKt}|A
z6Oj8=5cuzri>CZbgo+``P2d69MoL8r0Rb9~bz_bKJY&37(04&Vc--;u^QhaY$PxiT
zRaH?&O8bM!Zn{?jaaa2J<@)oc8HVj%QIF$puc~#hs`LAEE0r^bZnxZ~v=q{1i#ePI
zJAB2HND6^4yk$WnLh~Ogq~G6t!*V7w3-15OGZ&mT*GbDKXP%&hOe~9yofY#*Y0k%Q
zQpeaB_@{P${OtDG{P6K@#_(uiX=$miv2okg`*VK&lPenZ09y2tr|ocB^nk3?I6LtD
z?xqiVfJKB&q(U~s5?Z(}E&4023>msyZxq<s=J1U)H}H15Pt9-bM-UbXw@I`2<x%F{
z3A00hEXF3PRDMsok3Upna{asw3n3IEUs+9Uc&6HBI9*&`6jrU2r}gydJOT@f`xyo(
zm(G$LAuKCF^uxigSbBNYFCvF~P5ZEOp*#u%#-$+%YjDls-Ss~GID!JQ(&zQeMSzSy
z5*ka>P^P5c<<V*YEZ7w(%XMxB4TO}Xz+xpPCMM+gb7FGR?POyV7;Dn}AyzZ2P&Xmw
z4MIYc`1L2~s5B)X&PN&bzM9(Fa)Vm?^`Z2T$5diISFXw+>BdLubbC92&`0VF34ENK
zoc+n%i>*G_z>J=ro?J%X5P(?_zg6SHP+!EV_YI_r*SECzY)_S6pYKb$Z4p9nKKA_@
zk|3o(kVOPW8YC>j$(`~WTPi3gtP=G6$=pxU@z^*hl&-8-1ge$4D2<42^_jHLl|ZFb
zkLe0R#cOjCSmt9KvhY`UBIak3=iu;7<N5QcQm@m-+)=oW-59kBgQ3)tF(PSN4)SKO
z5mF*;vc8cu$WWk1iGNyA7n{Lwve)WWLPSj@P6I02ORnl~&9EuKU)3$1^Nli>zxFK(
zeNI1;?W{Be*locX&rqwPRlh|U9L;D%e5fUJ55+IXB0nib!(M9YOs}lBM3*g$PXgaO
z0mUm3SCPo~rF<3h<{uLEJkV1!GN}E)`8xLqbCt8rPqVCjBjP0?wX*CT<JazeltuTL
zT5e9pvO^nUOg<HmbcJ1-QPtOy1{gEvHFvTuv$JIm?kF^)QZJO_aTcuK1`JNApdRU!
z@EVO6#`Y5m9Y03Z_U5WliVCe$!q=ClP`Q2Wgc#<r?~{aKC$lF=&3m=;qBX*lZAQ-$
zivv~k67JdgILsxA+P)&Vi3R@h!~?1jK=51ow+{MG-k%Wh6tEWcYLp~hT~^S>1wUrG
zW;hJS<xh&^Xo=ok%U+}8E%aWIZrhf`Kyr%r`I4#Ddov!{#8x^(GhS`>>E`ho6RPu`
z*SMo$&rB_$kApOYK%n(9T=^%i8<ddI`h5#&ZW|lqShtC7JR`S9;^EPi)P)WDSw6a2
zX*91I%E)T6K6MWL#G<Y8K@ywFeDX=yHmCSCr^v99w{GKGql8a^o6*XyH&d+xc>D%Y
zl5cc6(hW4iKfmb_EH|3MHc)?QVY7?!WTy2I6$P&zs5VQUh?3gNa)Mfra-Ch0y<MEk
zz1#*WejP_@xY7A~uQ#hB`BhXdC|USP(9pAzC`uJW5~(oFNc6@t3>x+Wt}&a<CD}n-
zntT+Gw%mcQBI`vRjb=x=;iE6JkB_)?-*Q`vI?TNMpr@XLThOox>fGN@s#9mV!+yz}
zk_7cwk1}$pSFbhVSJiq0qakw{FB}Pd8o@~T+5<9pY!i_%KBcBeu@q_yj-S_8kj3_|
zjdFg@(ZPJal|0yH5PSj>-FZRG>=jhrx&Ow0*GgYXOI>jkU?J-5g*+-|t@=T8GiJNB
z|F)GY9&gH(wdKw4)&TsrpnyXgTug38z>LD2-Lb$<g3f~?Dh*_QmIEr80rYD+=t5Wn
z$hi@(+gBJPif5`w)7+t}=>Z?pqggn3I`Nt;!$RC8Em-w5wpga6TM)iv$+U&z8PA%b
z9epxS4>$Y~z&WB(lYBo7?+Se;zfAbUW(DMw{X%=^=(Htq>!Lm<Dgxh+hbsBSJhm{Y
z%yxauuSQFhM(j;e3TMvQ2J0^ca}Y_sy8=(N4%N2rmvj+Gww-<EU_3l85++jl)mFvN
zSy9GJuuwz5K>Bv#N{wHm8t;UUql8QnI@*&=&Ige6+N?Ik^5BJ3e@rBy1@o7XIAB#2
z!L2L~S#nnzS!8hv=<n1`eV?7^*Zm5YO#7zA{wipklhhGs#UK>2k~+uXW0})O)?-2B
ze%2*e*K-nMv+aY9&nG~4X59XIR;WCvor$8;ENjxb#rW=drRY>U;%~<)EiCuGk)P)!
zVM=>%+Gib*3u>I6%m1KY<n*0UXeQ3d)s*{4wVfWcoRg9k)vg`fgV$DCnbi)TW@K0Q
zwj-qwf45>#-~wpDihr+%H0@E(Qi^&LBSqT#IwlL^Be6awQRGvqCUmEd-m=(IGE|ig
zRz&J0C@%BO;n*3ttqJ0UIIEu5X?Fu}>%I@^NyY*uP}{p@>q7Sqivf?wf%!Gdj1Q$a
z*17D{C7c3J47z3a(|keFeL(J*&>I-6yYCyZ#6k?+^am>3_pMi93`2yv%qgWc^>49Y
zc3WvsIT(E6YX*136aBImD#^dY%6V>T%9Hz`rA*n!I0a_9#q|+!h<g*^nq*@*4NSeV
z75Va1HoTDXu@RgIXO{$>EfK~(6iE5j3jOq0Zd5fXOjoLzUuS{TGDS=^%=r<hlu5L&
z_M~W;<GqdPB@pq&a_xb1FpmU6q9rl|BWPm*;lKDHQ5bxOBPgH%Pm_qi05;&Mh?qwR
zLGuytRQnN1G<-xQp5gnRZM4~TqUf_^yg=>a_0@<>!+NXzcgscg&^PC;9uBh~%s?5J
zLF7E#UuvCoyN8Tn8k3CCyh>(ZeFVi+p&1AnED5_Y+_iWk_10p51jGm4qS8td(6tiN
zgbkTIce=TGio|>-m=nI_|4w*hC$HgK>vq<tfmIJ^K-UaBiTFSxnhZuv(s)WCe2%wl
z&ltcL`35)AS}VXBmvO6O*@@3W0a;~kvdKiqKsEXqYzG0R>k*S@7oVJB4i3r&+og;y
zeiQ1XS2L0Hw$6-oamx65l14Dwmj5!S&2z25U&WO7@l)zFZ;Iy)6vhd7joW!1AlFyV
zMD~=V3+EO5pF<C}<!T}weTuy|Abwu9H_4D(^jD{6j%kr5eM;0IE_6tF9Iaw(9vhDk
z$!wFFs^OHSQM9?*c{Y}i)oD5ZlwT#S*7U;9Zx<8^2ItW&s*a!H-p=p&$hk9GM7~!)
z#>rj3@77{(bwnoaTG6S8INpj4%I2mQO#MzX5w$pZE#?6cW#Xyp`^b<;tH{Vxr?Bxj
z=*`>;N)`n{V_R-N$mnZ|derD(gy;Iv_iq%|l^Hg!1_E+5$b;DhtBZU;LUGes(<@WA
zaHHFb9YG<ZPOK}uYZu?)YzT3LiuNclYa3siCQA2!Hwc?`L*HJ?^7zcV%MV<p{yZ8V
zRuydILiEfj#7=M=8=S~XT;y%!dMvgrU+Aq<r##X_+Cm~v4N^sha5~21Q8L((lBS^u
znr~2lg_c*o(|Pr2&z;)i$a6+E%q~||q7j!|aDOp!@0AUBd)kiD@_W8o`!m=VLQ=yL
zT1A|g2k8+AnxhK&Fs?aV<&79;dv<8L{w#{$|BYeFHGQj1N{)8waHd&c21p!{)X<Yw
zvHU?CLXoG&XsfGvzq$I;B3U3ctV^871$t3EnN9h<dMA2VyxF7bg=X>^Z71>FDG^Ap
zBzy%;GzHDa5EW3uy;8azGq$`+nm@rc)9q#!@9<3kjiG;UcQ!BC1jkfDH`8KW%XJ=}
zrqmIs%e(JzO+>{lRK-`{;fU7dU%KSa?x558=NpbM^tA5?r!Fp~Au*IiPM}wpPxJGX
z^{J5Onr##C64Rc+j0AY<1YX3!9w}mi2u31PyxU@7(|M1XIBuEtlV7)jLhw=&IlZF$
zZRLkrW^8#J$!7!FatZFa(E&|qeuO4cG1z%;JyYzr22+?m7j<zt2SwE1yzPtQ7Er$I
zmd`AEHvMej=60>lzdS8<x~2I{m>GgT-y`1sVA;V<h}d3@xckr7Zh!4e9$VIoPy0;U
zmLp=Pzo*Bgy=&0{#2Ex3HC!OjLQzZ&^;8`@BAxv-*;Jay|ClAV?tP}v%gC2^_)GAq
zN(zwiqYQ&X#|80uu2GeEJi`=ot^Hr8nXg|5*@gkO7Wb&z`)NjZiqcaom@ZOSaR7sg
z%yVYDVwl`{pewVj^4!kbWB5#jJGGF-<8i193C-Yjx5@f9HT@%)p|{cFwwy#K?+_BD
zmT$Z;E~G};C0@cCdN=*hq)-~3Sb%C?BTSd#fhy-WcI9~{fbQAtnvkgeeX;o#Nv478
z?KqVWG5GFh+&a5j<`k#!fPu?=9^*9R%hTM(cP9e@^&v+@-3On2AR4;15(Dx<C#uz&
zcl{N|Ij=_zjm77ilsAaOy44S4<%x3`<%aL0Qyvj`KpJF99Kf})DQpU3HO$_ejCP7J
zq4%p?qAIK|t#uzlc(Y4;l9{+~ySr0AfX@dF9c12&G}{u=yqac@(lf~$6*-oxc8{G9
zfBbId=9&cRu@-46=6)E5aEZOZliP-uAqC8}gr*GW8NWCOI;m^{_`-O`L2W`_7sc$)
z#V_C14%cWsUh;q2GLpR2r>6exyZ`harw~J_%??u4>6L2jPId$R*{1O6-ApG{Wc?=G
ziVp}m&w`(-`E;WX(_)R{A0jaU#v7*H54UIK)rrYd%w^mXQj8F;TXW++F7_C#EU?;2
zQeVyN9$J%<5bz7cYYV^W6SxuvHAlR=n_)beX|mCv?&z`_@7lMbY~q;PzwdIOe-;Rl
zQR>7_0YWsRCMT#gzf)T(uHgA^2UdWxP-?8Vy@{}07_UQh2Tt|W0d3oS&G%4K*}EE@
zmC6|}y-~mSXB8FhvrCS_Toi2wDDU-S{BS1#cIij)dH)ByLGNdZhZ#5*;4Agxrk@-7
zQfg<i)wYSLS4hYUNDoVUB**xn^LJ@yHx08fe*Rrn)z9_C-+xv%W~cs6L+uy;-zA&`
zoz#4gFxGCBdcC4SGqm^o!slllS+!6=h3r05&h&#+0>mrck$QVib1Q*{n!&uYa%@8E
z3$9hCq;LDa%1iuns?~;^lZ#;xsnF?TKnxs!7;yi)7(DYt{+5F%cjP5`WRj%h{vFcn
zhkf|)puLqG%&xQY=%iZfQvK(BIOH6mqFIIMLU1kmH$Yh6^9StZH3^GPHZg!lUHol-
zR$%8J6k$(P-amNgR_xNJ%6x|MIH()7I85RU!oQtBLsp2_*0;1ib(rn_;YV_$2Ga%7
zw|6=pvd>9PGT6l??hX0IlLX0rlUY7Bp!5AM19*I_5xF4@|6laNp}T(mx2AJXuR>p{
z`MsX##k^#X%_1Le{B$12r%LaexI52Gb9R55U3A`G{9t28X#P{X3pSr@UW`8e!t%zR
zQZglt?MU7^3<$@O=p7Fh-J1=y;`+<xiq{#+1EB9Voem~fejn|TnQoZVEY1y=5}j|E
z0s?WO^%H#uACFpWRKvRLKjZade%BW#XOg-122#M*QJI0KG>~HBYu-sL`w*<=$SCxt
z9(eyNTCtJNVmW#0XSeQsT@7=W>^Tl!WIh@WGmYyJiM+sBSyZG?WxJ?+f)}qhPq&W@
zy7LfdG*1}Sy<6BSCR$8-#O?bg9nX*uaCAav8}N*>GSQz{TWSvG4#keepl_|5>N0gb
zFm~l<*}4enln2<Qk-Mwe2GGR*1x1#XO^@XvE-jA7miR2_UTXXBIOHIgn*2V$c=KNT
z2R=F3rQWOfyTQMbz$JfO8B+mfoWNs+u`SXx@2>Xv&TqUEPb&AlOw78&^=`sq-jN@M
z=r6h*Ji4cu$z`?x&1t>7)7Q!InYE^8Km*_aohgvc51r(yH+e0Frau%4=%TdQ@c?cp
z8!r#)w|+40<&O;INzhAC`USI4S53m^nJ4bCc{#qw`VWG(TKFj>@$J*CjY)qWe2UgQ
z)gXkToiGo;1<#uK7R5$VdZ=y6zgTq=gaBEK@=~A<^1$!}PFzA!2DF!iYRPv*;pu8(
zOHa+O?=lY(&Luq_;9hxBm?~ud13S%A{)=BD59CHHT`=y5P@CD5)pU1_ca5&66lx{-
zU<n$uilT`Ebr!6<?hck;<Zd*;`x3<kIK~rIZMGS$dre0TX>J<eA8%I{v1m~R7kOBZ
za8rnJBM~A4cY<KdchlIqKrquh0)e|UXC7isuvA>h%6EA9-TPGfWq~Dkv%Ep+<u+{?
z%@ccryK?!AW)mS3iyv<%SU=pux8(+}-E+q^vs?=CVs?`qj#hcsWG0%SIuZ|@u_<T<
z?ogy%W-zcm*t@Vm=T?UZuPdzWdF|3HtX8oTfMz|5W4}gfIi8z~0RB|Wi3`38-!{d9
zpba)ZAR@>2b93^2B9{P%-uCnGl6W9#0Eoe!@fxPf2GG0{sd1X+@Ou%;Z+V0Rz{&W#
zFTBPIuS9FpL%J6Q+N$R_DrCgo@5S98AcwpOl^bdiJ)+4DHQV}WnECp`?KCP;f!>TR
znzuV|DzaSrL3oN%aj#<X;>7ssb}Q3a0|qNwFIRq;ZzcZ1wr@4>{8FjGr>yVj(V&+6
z*5bN;<7dCAp9b0OfDeVK1lU!ZxNh%ue&UQdaxXN5+1mp??z5rGzBO&YTz>Po9HqnN
zEVk`c4qvO)+gCss3iIgRw!xssqWlh@1GN5*3z30ULsF5PnP9sIzCjp1W$L>!TzP%2
zc6V~<C&UH8oDX}=ozWLrf3tgkCrN`JS-=#2W_soQgKGB{RGI6Ybf1+;WbZ$eYCy1C
zP&@#;5%wGR>Mw1ZtvX+++soLUFI=9bpuz&V&@P_@H(<YvD=6QBePJOe_H7}ZJ#=$W
zS~=KSWj7#~6P&j&Dhzlg@mtcs=KkncNxocQu`^huyAcJ%tbElT2&%QY7lAke-j0&H
z;T<V7&J@TyK499kt+2iaqG*cJGC73sIk$%cbuH}>m^Jo?Fd+XH81ORp$+(}j!*@o4
zW~z$p?#j?Mx5o1MxTvK(WSgv?```|KoYt))3(?D%->ps>r1~jvd9R@@O<ubX3p0&s
zitWRAwL_)EG~OxrxDt~r?6dV<&QQhKpqKc2N~8O+w8NG`po9_tO~hibLn*Qx2;&<~
z_em5Gy7S7Cy;FrCkrnbPBXs&(-<?dIRwp|;Y|lxP)gG?a*SnotPQh7tM1M!hC@2_Q
zvc$e4M|%7*QRef;P-{-);92f>l)F(TQi>irf#Yr!!-;40prNDPexd#CIUjKULj0_$
zI4Dn=)ZJdT_z1@2OEq}Y?juN})vE%`_zU5+VnW#74*Ojg=S_cFGs6{)V*u2j<0XHa
z`O*$-Gs33E@pbdvsv9?TIVWh@V_orD#{rm%_%H4mft~Yh1J%A-f!H0U2n5FxFZEKo
zdytghqkST1`={7>*}U7QmbpqY(DB{EGIZ~Dft^_JdaO@A3^Gpo7NLycLEwo;RB4Ao
zd_D2Mq67F9OI_xk8VEOF-g}Ypse)1vLXie<x-(LQN*b*CZUoD>O$?5=J8CV#NAKfp
z@{ff0_-N>l^f<Y{B!2og$&(KHpR)>g2;CB;bt{VA+r*z0>WoV)1;zi+l+JP0d<PU?
z*&M(oLWjsJekGD0D993{vyruNNr2@a#j_C1&*;TLi=F5jdV}uDzKDBV*!XCvwT(Cy
zp!`wPQw_1=hpGpWpwJ<8oZs$XwX$a%Jq=@ar}7bQb+1U|Bed_Ya+F<dOzmLA&5<iK
zG8R3VKaPl0sp(?_21lUEJVG(lVPlG2fKim>K{vUHf?PAJS3oj%CFQ*XZcmp5P$?1E
z|A?6!*rv{O;0H=t>%YP8=<Sf4eM5c9Tqgo}r8y$)<A11RK@V#%dv7OSSl(fN=##%c
zaQXOeq1c1%k3!ek_LNg!_AX0qZEBVlj~%f=fFVo>OEE0z+H=K3`F&(*tJJZ~ByHK+
z#~PQEv28FAB?KoS{V!`9i&SaNLf?`1u{uP&rhJuQ7SDQ8-P6vcCe^QN`31)F=t+po
zX5Nx&Ig8E!ylheJ_~mdC9fXt3Pp2c|{G}|+4qF647vCyJ{JPH!tOI0K?D%wjcjL)Y
zwFv#OQqw?9e42f@iCo||`ISB<|Hsg&aTT0b*(CNKEVq!zAwRt>N`(Lgekc3gyQZR=
zmu+Rag-RaXM?Skm1xpwte9-L<>2a{*8MTm7aSZzYL8<39#>_~e-u}Ypv~)t9Cu0NV
zEw_1WjIs7~7zFw8e+2+lP`{G}9S)g-bmYStC6b}1={(WH{S@nE!Uf>q*UcS?lIAsv
zFV0;V^9X*|3hnGI=*>UZBCea8C|#V_PqW|I(^2wr;xt<~IVVf}TZ&_m<@*;m%uHi3
zfdbkJ4-V!+Hv7C<@7UuqpLKVwY!F*`X!d*H4XlS1#xsM#BxM_S8I;i}lYN42LQ-bf
zw7j>lRbU%=H+x+{l@nud@M=XHbZ*<4(8S*-Z9;4b`c_ahptP5BEiP%suc}+_p6Oer
zI7>LaN8n~zWIr%<Hke|SKBk**FU=go4Z5D;FLlmLX}1JbquY^Uhmu#<-jb_G2MlH7
z!-S6X5BYwZ!UhGc9p8U@GloySa;s7eF|VRui#)=o{YZ4g+Rqol940gzfEkb_=%+h6
zmv0@I3$Gyv`D(|xKXfC5xz<=-pxN^hKQnjf1Q%Bt2UWC^UK+<D3cLsr6=CRRc*RWg
z5PDoe6i~3&9)Z>XrO<dxFgBU}6Bo;C!Oy`m4^EQV4=3J#Hc-g)uA@v4);WkMJhXTc
z9W8i>ZZl{n7~K0f4SC1yS=%wb76Y7d9ZkhbqA-yIQ;oLmlQp$dcnd;y-&yfm{bm;}
z--xkRKeA*~jWpOXSTR8ZWww5Lfc<X|VVj5ld{5cuW8pcDVMj`9h~;M{0-Ca4OZi*#
zc<zHn?KbO@&lkSb66UNlSg&AHFK~hisEn&&q)g&q{35cPftOCnbkK--E)U^EK1alf
zhOPpR!L||Y@zlg>t$7N4{%=~Ki-vL?`k<fK^iF#}dXQ>yOL9QEST0!U=B*G%uk%ec
z-{UiH<^tjFnBYf8FLnb<Hc}>kJd<YDe+n|ZP9vC(P8nKfIjkfgw)}l<-}i-E#e~fX
zqmt@p4QSID1fd&cew0@AJIvz8@h7I59_YtkPxg~a+Wq<~2Sq&+JZFivCJd?%%5$P?
zdA>^u8Rej4`KfDQ%?lpO{T=oCEWr2M(tekdzXwHCm3`J|aZV9VaM|p$o2(!INd{)%
z&Vj*sQ`;0et)jjQ(Of>KH)*^txCRuz@3r03-`uslE=s+?C^d7wW|@Sa&mNuDbLj1j
zHe-&GS(O)C1|;9yRCB7<s!%Na<^#1<*D**sWvgEsWP|xDM~c>l;2Q@~Q~A?4Sk2{q
z3@XZQV!ScIzlpclaWKf?ePk3;!;X?)=vpy{2p363t&W%A!}gSJ*2s)}#c=GiJT*e0
z`CG+;oI2Rng*?jY!rZCr<UEc=L5X~WLpWx}n=Sf18vRxEFZO8~A8ej74C#rgJG9UE
z9_V+1$v)q_I9wlvvmE(QmF|(>*TfR)XT7xuE@WqyA}8mZ&>+Wm#RS6nPz_GyoS;kB
zAjpOy{@ana+Xw#D<1*3mcWrv?=_1F1ZnjC=9*_H^{t>4w_=^=5@#3ODM02M?d|$jL
z5KbIY{|cDMFc`+V&hzgkv^`#>uYT~&4AZ^O)jKV#ki!2v{JaO1(!>PUsysLW4W#@D
zST(*xDDhI<N9~)MG77mqso|6q`P3tUZ$O2%@1MK{lym>2?Ler%C-dKl2pI4up|-<c
zw8Z}jM2tX{_fNnz17|HLCaAIj1!jB*&fkfJM@W7DZ~w%Aq5gpsz$syo``_FlgOL8@
zFd7KXg!tc16aal>#;C#6_;A{|mHv0UZ-*m%jeAI%z<KAX>fe(2|G;LrKpn2%1$VJT
zLWaby5?H!;6N%;`B74~y^10b;>xY|Ty4Td6Sey??8c|n{=CVir1G(?bG7X8Wy8Ww!
zFzvP**x4NWewpuY96p`!Utz4}9n8=8U3X68yOmK^m%Lgb&gv!`k7J#S|0lYcuR6Dc
zMdDz*CPRI8Bcj&Pw09W<#Y#xd`<xO0ZFwIIN!W4ih3Q$>I@zVRSnN#HjmED<dzYXj
zU}dN><WeRiYYcJ<xcyJ~#jy<wMlK`7eJ&PW_*)I_8F&YAmC=r=zyfS|p8oUedU@jP
zd40vaO0i&htqXu};th2Jo!iI5EE58&q_x~Vx36aU>uTNhHsSByF84b*ZSQ4!ycxLR
z(Gd`0FtZ{RD+w$7?Sm_6zk_JStihBt14mCXSm=)#BDr^1jY3iqZfPv4j=+b!{<bEo
zPW(YE_F?((X5({wm0tibWlf%HJ7MxFU-S{HhRM-BVuz&^S|1B|uZ)_KHNEgqObuHV
z77ExS>s4Z{6?#uqxMR??-LplqfME5hkf4_Z&B|u55_cSVZ_Wq8<l?PIUt$GD#{bGE
zFlaC^elQyR4#uVa9^cA>4F&@?|KieAPV?^e03IboUL|Frf0nKwC#ryy`duKhm+b?W
z)gnCRW1_i1KW0X7babli4x-%?NrGkaSt30nDV=OcXd!_jSbAn0P4c2WDJf~SKiO%q
z_4d0z((~uf4<m6lldyc22r_@!U0e?PnGj0N#E4%bg07co?mrx@C{{_7)LV3gPfbmE
z9Ip-fmoNZ2gW^~zyVfgsOioSJ*-w_Fi@Q^cxo(_njstxI5Ie9!y^(EaDBd$18qbZV
z8pu{JP^#5PDIDYHV>eq4VH8d7`wL&qJNgpYlQ|9R2utDs;dTlo@YdGXYX!Kvx`Kb!
z6qlB6Z;a;J3}-|>kZUf2LSqYm102iZB|IV;X#Ec7GHyIs@Y<)6^u0NqHZ8QAg@U@L
z$_?vZ=-{g{$H9ZEm|w-LXZraLXFNxHOeykisq^x9o!hikd8QKpo(lDpc0X(Ep5cVx
zP%wpOfq~|R0k}fVplS3MQJ1yd`b7!vi-Yz+G}cvxN~y^we^KOPdKGzleXf;CDeC;`
zXlvemF+YUoRZaj*?q%buEEWmZik*n{0O^0$8@5N+d&n{~1awGTPK}Sd;Fo0lS?Ke0
zF}Lusm7SUD1inM#NGw49ZmzBe0$)Vl<*)=)J#{}rfyw13fNQSD@|6II=9MJ4sn>Rn
zhcVP;D~FGLiVNZhUr$Umc=L4LIs0^b`dHwLfL$C*03W?P@FlFvU8_%OlIRc592tUi
zL2;opEC&8ng@b9rz*s)3a9}LcU#%aXVW?IzfHhfA1Z0J8H>_tY+ljbsX=@~?P<{Ep
zdA(ZUz)Veu;>Ja4DA)Bc|5FyuFxgS9E?v1TfyvgsabHo0N`$4`y-CYeB{9V+fgqNe
z77D1p=&yw$=QCQZs@Tof7O6&ZGLE{H4p{X^n1RXuu$EPmSJB*#shGdSs>=0w;Os+h
zXV~<SrkkuAB?aLJ**@zJgUKzSJ{-+=w=<7wRK!>D%7~^Uwv!PxqcCb|YREoO^i=6N
z9Oq^>eWoxRdGppp3Tz;q1LDVj|FJ%>SiQ|Rdn{D^rYBx-X{G9nNU}s33znpTVHgON
zDpt}5+o3Geoboww#$R8&?4K6)E4&i*E;CS4D9&Tu=t>@=V1;uVX3=>-=E`e^$-nxn
zRqYcwda8j<Z?r3;7x=tOelqNysR>%-*LM~>A^Uv34M&}k-;ZDXEG<RkRlTECglA}a
znA=xp{~aFSU=Y`=R5?GQt@C4Qi9F5c$;KCpOtsI!czv0j6E>RD0<vW(ObR@oSHK#D
zkr!amq+PmV0uGBe_APJ81aHZupyYvb>QQ57A)a6NiSloB7({2=7WgOMo2=>Ex^+^Q
ztA72xGtIr6xrwA$Or`lY<>$xxRY3>XregV)UmeYxV%A}Sxi`cKaQFl}iO;L4cgl)a
z`8-6z`1knMvU8IP3%c#qUvXc?_5Y%V^_9kH6%8?lq)LQxm}NpXv#dhDaBkJ$WpZ|7
zYM|gRlDzY&HTgD>>TSrX1B#*0xQ;9@YFWB3fZEB&oxmr^+yCY!-XzemZ<L=%dlL7k
z{zN2bqU6rz`gdLGj4mH2*G02{3P*Q>%%Gc>u>no&4TFA@(La2IWUla8IwG)%25lMj
zsgKJ`;H;pr>H^I)(H7i>_!os)Jl<g1hG+?R1^28|LWq4;z};=&OX5I$vil;+{JLV_
zzZAs>YPxixNvxzBJkFuZ7Zd}kP$0}LWC|%$xwa~-Q+|?C8>*SCk{11|6%y2{Q!B|i
zDjnj)PB`4-r&`$VZ;R_dPEnaw+vMve-O6B*&|RWi*8G=8BX_sA{*UXeWh^$M*x~IF
ziQ#t`6tRYcu1p<xI#wszmfroly;Jk+5?7;YK3lok&bytHyhA@0s>Hz79|~S$Ig?&8
zFF*O2T?@kuWYgHiMA3*4dU>esPielK06Iq`q8B>43&N?W;@enbY<j=cY36oZS!Q5M
zS!yEb@r4E3lNj?<2}O>v@|C(A-fQ0)DF?|E-#QG-nbO+JV(#$Fa1K(#5&UwcJ8D7v
z-H)NZw+LM}`C1Mq%3J1j)`KF?^{?=0d{|}cQpt1?L7-)a=k!)1H}Q2*^u0}TQ*s*$
zzMpR1zNMQ_xTJ}!u*wf5uDxA~FUSgbLKLd|I^wPs=r_uI@k+9abs?-(UT9bT$tcx4
zW0kkFB=pkJmXjR^HG~yMU1!$gz+y_3=P~T*iDYg=Xx&T9D8i~vY1u7wk|@%Wj1q6f
zlf7|txf=Z_n)8s7tR+Zfh3Bu0g#f}H!^i|3#d!S+D)zHbR@tVjN|V8T&w<ZMvr_!+
zs)h~*(RG+FrPw`feDw^(&FwhR9LGl)X1+|-z(Y5pGT;*K{QWGI-+t-C4RjwzpsNv4
zbut)2spxX!e;?!~5Pa>ERPCGkFjB<q#&5!{zAB@a=b0QhNL_m_5P;|S1MXbHP)Rp)
zWbs*TO#sA4%*xtg^jveMW7c>+bNA?uBK4d06M^OZ+WLYTicu=Pk&uP7u}0sIT(!F|
z%CwDRYYV#MWZYw61!shWvj)0nrD(D};-PoT)78{JD6kueEJ7L}A!plYaB^V-95>Cc
zB<O7QW?)gB92#o#evL=+c$k&1j655v7ND|9d*(P1!V|6tUXxUB7AglNjuv*yS)a?f
zt%sfViffSTNwDv}?y@(?$)mH1rY5;(kt_;&464oyDz`f2(Y5_#qk#PpKVbLC6rC~o
zXbGJSnpAEp$E5!FD=JWY{|pv#q9IS+7q(a^FO*2T&(s6%NzV{26V@Q`xm0H)^~l)4
z_H$jCRh9fc8cwILgM&Q--aPMUMOJcF28RGWu2OKPI4JFv(SrPx;)UTG2lqxO(KD=a
zE3zW;8axw)G88hdN^|i}_T%~lOg>j#;xDO{Z?&@V*<xCF!Z3fT#Sw0x1oW|!8mcD3
z;aT{EDe_W>u5@9$14SdE3?kk5+Mi9bJV_v&g#l0<%}e3BmujzS+7N@aKAX^@!;-Yx
z;e2d=K@X`~*6Vrd`6gTLg56iQ?NtBmU4yn%NB~r76`+&5v?+r>`y@fB9iGJoP|$do
z%@O^T$_m|2-1In8biLTS9~=xfp!za+@;=W_%-xw}WWmJapI__C$kWJ7Xy2F7Krbw{
z3#bgl%Xo_L-;6%_i#aRpKM7MaZs}=>hWh7Ld9hDU!~?W9RllljDEv)X9E&iq<?ZzC
zctn)#K9+3Bbz;57%6Vq=`OZdw(7x*_AOM|5AeVt$2CcH8zq0yM7Ajt0jl2s)#e%}5
z5({ZH)1OCCI?X|fvlCbNU3E!`9dtjIbGDR^J{YdPHM(J8Jh5#DY?gz<kcVJf{SP-|
zc>IBHi7_K$#A~#PC_JyO4CQ{ZrP-@VLCdYI+C0@2Ox&)bO*;%e3lq7rbUtRcbpk8_
z^S`8`NG$wBwvXBxiH<_Q_*}zR9czYJ&@oZPUixywudcR?8it9*LEHXrs;{j4F6{pC
z7v={=_Q2tUCyX{2X@(V&1e2zBUUsb<O+PrRMVUJ>%Z#V1{>A}J^fL*k8LR2%u@arP
z4sT(%MYeP7SS88pmF-ZFRhD;Vd6nLp6D!dKKNQH)T13~KOzU`=rQW_@qmSa@yDIc<
zS0e8{#?G$eHFVUolm0-FqSTx+c1uJu-O<qwKpK{?g83bEca3$(z5X$^kEZNSRc#qr
zTKP-Ph`->kx?sM|yVlOBD7wH9=&H6NL?xZZf3t{x;hyrhiSm^3SyG@H9+AENKWONI
z5k_92uK11Id;L?+$s$Deu?1lR_ZdT7$^nyqm_RT2_Tb7@da(oA-%j>@RX_v<U3q{U
zjHZn1l5SHMtYxN4Y^D<a2ttbJ!M@qfLgcd&{w(6p_eB4(R%9Kc|E8A!HUN96{uiYB
zLm>eAj}c~tKk)fqzM<X)j4l2T$f7M;3IG<%QwIqzB(S4dQG{S=>$IFs87_HFgb;HX
z^^8A(C2{}xJZ7The8FpTjFDGNU64WVQj8G7Y5Fh|?z4lB3amXO^HLF`{w3KocLyO$
zuO>3rhSJ&P9`ywRlTG$>w>|Sb*+4DI{yikVzY>83DQ{fT^Jm~vo-Zmc-Yl<Qz|Tck
zl_CaRJE`qUs|yKuU%YM2*qd+CBLv`e8z!)$kRp2`%<<c#RRDB-Vsj^TlWmUP2dQYg
z^K8xV-2u@M$f^r=Rw4rX81+-v)j~;^-#>yP0C3#ueW~Vm6>sj83f0(sXik1n@WJ+%
zdTR!k!Fdi8OB>&p2-qtjB!<kD6c(-nm>cK~rVm+OVEUpgD8v>7^~Xj8^`qag#Xy`9
z*l-&r0ni@}0Q{xSF!x2D=>s8iaLp~ytlR;Af$9&nLjH$Z!{qVsK0plElB_tc4`;S{
zU-Ch4R!{+;{7cW@G66~5qo@3TYg{&hh#Q!JPbh)CJ{dAB3GYIOmTVP4o7%awuC7j}
zRCjl-;dmrlx=<}M80!D*(Z6}qQBvwZTJ5iQTJ-((-9IBE1K4wXhrf99@n3w++3(FY
z?C$Ow*1wr=^SdwBDl`Mrs(pv^Ap%0qrTo~Zr3!LrPAq}Dt(LnR_1^iNejIYo+^1ai
z5prA2s#rhg-ej-)(U=>1x}^8bEiB)mWrR6LMPI+OW0o7iZNfcxPTQc)9Y+)GU#uI%
z9ovChv;$fD;0n#YMxbr-1ASe!v(k)8lIAiDHZ%w){XyvqzP?9A&uW+o57;zc2ibr$
z7$sVt+qUMXCPgi2W>VGma7Tl{_GuBQ#=D8da)x=(_OTMIe}BoRHwm|%YY#`NSFiww
z7c&S7mGfAFw{laQGJi~Z8~fz9vJNQ;bmeDo?C)(o3cR>9d2SXgNxOv9i$!ajoi&Px
z`fq9<bw}ae$(Y!^_Al9dgQS|JpjXL<VJa?yTvK3d(6Nd^;$pF1fstiWDvDf>uh<Kq
z4eCFtGLR^>0*|px$P>&X5MJWi_$y(!9O>SRz^w5qE6FG-cS0DN!<`yUWv^N;crO-;
zg-T^uA|sP83VIC3qfxj3fAKd(iPL!eVl{iRS`1e3oc~Y^qCkL2k#_&NR{ayScRHmJ
zda1B%9&Qd!lKYX3+MSAI0k#juH2RkwrAuuDAu3?DJvwx<k72q}5;a}Cbv;6|JU?V*
zv{Efd)4IZCd@2#6vwwa34#!9OmmQU7Bnk`NGv*zEA|-kuoVMYmuApO6jPO2ht@}&7
zCTMXa`h+itJk3u8!YKqqj_;L-K)oXCXk<&@4s=WtmeBG@F_QBuT|r!=$}_~PDE60=
zktz~a_OP{cI?z|2Zd4Gv<bVIn95kK@)#klF*lnj<NbSn^F63AzNaHf+k&-vzX@t&1
zpNa=T^HKh-AJ4S~_zkT8m@4f)Pc{dCKE_hsB+L$MfD-3?#Zx!&Z<E&@e(2GE^>0@J
zJdxsGo(Q<W;=e=(bah^${+B*8Amp=A)5G|{Q6JLBG&CQOgW<6Qh@^<&Pf!r?))7v+
zO6d6ly`5jYHQfSkNo-whSFUewc1xV`Y9Q-K1LHb{kUg$u+isgUEAQSs92+)z)wyR@
zKw31~X844*R>xcj9)<QEpzSSfZ#ofU3%~b&_2VzGx;^IHba1EI1Wp@4)9;)`_8ehV
zrthn)z^*@lGcNRh77-{Gl5`@QZoHdz{(eW~+g-je`?4b$pODxjaFFc}^_Th2@+L%U
z^3<G+CB0_q>V}@LI8vDUdKtRo0%c2*|0v~Q(&Yk9`;1v$o69q+v~#yTi8`x&MT4!#
z)3#>I0eGVt5bx;zW2jq{24fUVLvOycevq3D?%FmrIbYHMs-r0XQA3f7ts;%s8(2y&
zRsomM^i+e*ZUz00gAg$2@qZ&j<7M%)Xf28Lc)F&-%MK`kb-)o=5dP8pvGV<W-f59u
z<vk^cb!T$>Cy|snYY!@LRidGd!}MJ>3%jZOq`xWx3>Adb`_JSa85k6^F|fAtaL-$}
zWpDl0bm7q3Tj568?43|#kP@~VCJ0INKl=872?*V@mOv`xLQN_zuiJE=L5MsV8AuH+
zinM^USppkz3Sm`>o2E&%gTb%R-Hh`O?uJPB*kj8VeY~zuecRqWTU-GW8#_4daw9vR
ze%1Q%D5U(F`VBv^-myEcvCHt2$`JwCfa@Gnsio=W%b!_?yeFTNV-P`F3u-0N?p55Y
zqTKLpkr+H=KNr7+%AdKr6X*-erosyy+f83G-gm%(VlzT6^&LiehUC5<nkc0sIqd8Q
z_)s|3PA4(sW0iE^eZ06+;X7*agTm%dxZ+_>Lo~+-K6mDAvr$|$T}sZO7OECq^<}?O
zZ9Xia(sDe#_&FeqRE;u&b)7}&wTn4#{e$W<GJ;t7(pa9R=rSp%hZ<*=cr1PF<Jq6N
zqZg(#xwER}?*fE$K)Hoztv}<YRH=)oQTiT#CZ@4({G6q7_gN;hcVK1VnPkmnlFP7g
z#i0ZbS;U2RtCGahfpoJ9h{T;W0_~#ZV4ZW=IVD$JWe}c_gwbD-^=>i7f`-LgRpP+I
zi>lC?dLzKT{jUX|u)y?`4aDq5wId@X8Dn}DE{-V`a2uh&a#hrZU6tA;<84Wv!w!c}
zK9p0(3E!-yDYm{JUu4A0<XLU;CzNPklyk1uSX90WHL*=T;P<8V2)2GH@x$qxKpF;l
zv_}?;1~uIzl5rvN7B6`TDhR0j|4`u1b<^@)5OMtK{VHo1_B3m!Xt;ZqfM$(G;mGmr
z(4sW{7`$_=QWArg&SW)=$kc<PH*G9k?n%n04@jGdJl7Mqz5B*Qi$qnQQ_zBM)jVFg
zWRUNVo=&EI+WKorJSSPOWYstU{)Qe2=iziYpBQ{sr1owj6O^%A$xFQZ?~6q1pJU8>
zLa6VFzP!G@b^pjT#{4Y^ZaT->^3{H6bYzjCm}v#ALs+&=734y>;cWp-@DPxNp3q!U
zbCi9#XD}JcnnmZ`Yuu0sq~3(|dC*&u_PIb<PRdoQarRiK`^GgBaEe+&hZ~vo!Eyo=
z9q=W}4e^RoaiQ(vLnL!B??<Tr#m$>jf+IYY$(8PXLHhu0jm!+4$<EndG3G2m1v)HM
zei-Z1xY=h*hFFzlo?&45czgc$AQx)V3xVXrG?&prR8RyC1c$+5RjZ9KqNtMQtV!k0
zm!gQ&mH#Q%$4Uba3b0_^ceXtLV$`e#a%lm4wq)Cu(1Hv4ge|pH42>{*&TNro>Z1L8
z)l;OfP%VCncP~!Oz(C+bSbk2bpRVyp8=>*DdK-xTx8vIv7hYx9pyqlGtO;re4h$9l
zAPuFXOLOaX;N@N0L@)c6n(UI}*YEdH;k|btdL8*^TV&zB-#Ae1pZpaqQbbm$0mPYc
z{tW<y*p2xY9{1uKY;zu7lFc~8$Uv9DOh0u&ed6>ax;+8#L8)n7EoA>X9-4XIP7rpn
z?n~c#-Lmg@d+koK`YvlPBi%pbS>#d$;^C_Aj{JR_=WL*y2j$zR_N1f~kn)O4gL{i9
ztpMV2zs+;@TplLVZ=f<fxpb`)9onn8_lts(q#!~VGD(iEKeQdbMGnd@C6yy}i{ceY
z><mSoK;;o4H8iFt`BsTL`}&ck`@<_rV$ioS=`&jyM0=#arijJ*0zJt8v@?XBI~3bt
zfvxA+LmjE`!Vv+m?nyyse}3ZDgqV3U^9fPs*O1?@aA$JyFp6-@z(AL5*C0VCR@#fG
z{|kw;-&mDUatfeFjJIysd#iHeNf9aoi3sSo62?sW2K5m`NEd0vNzC(b^sIsH@ywfx
zhSTMtN~fC+*rDH?z=ETbHVrHZ4llX`+K!}fX#e>VSU>&WUy{du9C%r}7e+*{RzdFL
zIY|0f-s|JY?&GPmgvsS9o<>TciOO=lh5bmzuM($+h{->W;5FKO>Loz;=yQ<n{PY^G
z=)@TuYK2p%8~NUgLMIps^tF?BW2KpaYXgmbL4vp$|EJveu*w?^ndj>rV1e_TfxWXs
zWj;%|6u`Bf@9-_khVNuprmuSTAUs=?q8zZd`5`-_p~#lR25!mGdyAsKZMY?FN1SGZ
zGmHeUZm#4EA|n}7r4!A;y^zQZzv5Qj4cfvUl%dxbnlInme9~C&G3O0te{LBq$3R;>
zQqp9$u{#{K*XDTSQ^`$wG}IRhTuCqkyG8xq8FfLuH`@#q&vc+3ndiIc43Ax(iVlR%
z_(LZ}|992)aMWx`@Nd+0;Yj|RaNTe92wXJbMT8M!K+1<=v5bOve-ybu+KU<faD)YV
z*r5$wPK(3H*p01tfR`n1MCkPRG5WTXLC`J~nC`kjbf!a@E0Nj8!Dqk#Rdp&5{jp-{
z|9*{%fG`uHYfNfrWClL%DQl|8QR<l}?1JlrCZ&0vI{eC{xbjfBNLyvtko}Y@q8eBw
zY%7h84s@hceQ7+?(JsXCS)xu`D)!%!P9_HKsgN2{RRL`qt|$$0aG=j*;T<bQ+JX`p
z@phFkX^;iDW&h_>OxgVmAT@s282bTVLIjmcUTDrXEvhVpmp(Hj%pr&AqV_GA5n8;c
z*iyMwbT<z&!2nKW!$Y_@A)H)1b&Y}CekTg%`e@Q7L}evg@n~VM0{Yr#>wYN)WlNBo
zxYgf?qIhJD6^QUmD2XWG#WA;tujZS^p~_<D?VDHMIO~1Uy}1(B_~a{YQe%R_s#=I`
zHFs5G3tRj4f*2G*>KCK5LHCC*;ZBQg>WNOz@@IV_Q-d+m7l|sD(H~O>KO9Z#cKf4v
zD;O6Cc^6{1lN3q~GWlE<n*KtT?imHqT=aTAqF7tmn|L3keDiuHsAz|$ZsQQG;Zp_e
zUn>xk=I8HPxiDF8v?I@M+q<4xs_aRUovIuV9z?ojgil3GMTw{jE8Km{t=q?*oywwo
zv`dKDNhUWzqV~ZgZRd%YQ3SI|p+zP70^FhP#a3|xjAjMD(U+(08({xfK&Jt>AKte0
zC+G}&#Bf1#pQ7hG&M6@ostP)CZIDYh8B-DW4a8lAIG=iBPoP<Edx9*^vy4TUh!Xt>
z)mY*$J8+Zjbl_@OXh=RnhOO<eC~_xtrRwoxw0W?XNNLP?vA8}^*-w|y0Wp@bp1yD|
z{N0i|DJrdLPuw^{>o>9*_?O+Og`!N*9WJqlt%|Tm1Wo#d6~^b0xam(PeV`f*@FQF#
zY+<%nj~t}3A<dU4o$-Rtm$kMjhL0A*OK(KNri%F)@~ze{0*ziy6a29&JQD#7$N7`=
z;X9OQ_(a>1Gk4Y9!bNHIXoNM=(hJFtSq0Fjh(h6cI3-SF+g^AmKg3|s>9by4dTW!`
zIpf!T9koHhJKE%t(?9G<%FJ~+^w;kOQ7dwU_L(@#@4g6b^$bo6Uk#Px#wo#7#8qG2
z#pfhto69<VA^8>YU9kH0byA1?tjNe@@hPR^Zx@Z#-N|ROybm;qKK-?1;SF3aObZkN
z8bpQcOs(@wq$N^{?27VNZ9$K<y?DJ@igpxv?YeM_`1XJJ3AqWA?l2ZdSLc(aNtFCX
zq8GQaUALg7@bQ;Plj6o(#&yOpmibE^2naDg|BJW&|MKg65m3{TG)<QD!{zh7jX=LU
zoBu~d17ct}f8DuQH?`k;<axo7C)^a5%a_sf5?*iH^pTv95D;=IxpOHA(VmyamU5DM
zURUQ{JEeIqZes;ES39p<o<{NriOZ5w;4sd!j@<t64~lN(x%IDI_G<)BL?_>D4as)+
zA;%qE3}3$kN;}SjoDcmAlo1rZG7dXOqqpMBH#=R0G*^zZBk`qj9dJ6<A-Hc_Hq_=c
zC08kAKV3Mq*-`2Eql(J;8}FlaT2}W9pn%aMXkh@dNX9h))vGo-O+(O{3{hzer`}rc
z68OPIGJxi?u(j{-I5LW-i*k1rpb5WPTuJy9+~GJRrUS2XhzcG5klz%jMm5MOJ1Fn)
zNtJE`f!Z$r`NSD%!_Q)!+~IN>`E4G^pei0rZbX`5o+G9{-Go1QXBWr--I-L6!hb#e
zug{MT&%*I)#(<QRs%u<dipNuD0f}sj$&0<c4Tc?WQ`jZ+uDrm*KC?<digD<yfpv1R
z*NlyMD&Z2%O`3sY32nfX5>+d2vuvr4|1(7OQGNcq2arI)lAa9+48b`vWhw=(16+0l
z?nu&I$KGevJsBq_XacTu0XGe0EG3U<CWs$|qKEMSOHxC3<nIE1zI<37+amyq=n%x-
z_V}qAhT27j88ZUduFjsWislm69*eh}7g~x8AURzXnKSx(DaWS;f=urdKLUuTB&^4G
zMY4$Vf$0kT2Q(yzHxqq>RvYyHo*BbKSa2JWz8Kwg$Ya4isj$vVFHc>b(*A%460A>b
z-gNv6-?+~20sS)hn*f^maMSkj%}0G>xv&S0B^Xm@{{?3r^^gnjFW;x>pr%aH_A>zQ
zfSZ~Fa9e=~2!LSuDE0H<eWE$hfPKt6{6WVOY!GmzQy_{&$Q%QKEXaCoO7VO*_0Y_{
z->mPR-y!p&1NH+JtdCQrmeZgDfC-?Zh<;?iNTShi{ZnSk#ffyABZa5)<i>+8VdUd*
zglcljOc|FnwvGoAdw#F!0~&eMgDAjHg57dEGkROE(z<_&BE6t5%2xn2*A0Zk+rH7V
z0@Q*tfiA$mj(yiYhUYFZ{Vc1=>HxrAfUyBZNWmBXp4{7d#1U|jn&Qm`pJUXv77IW@
z6R2TpLIA=7TB9Og@B`r3KJE__KsuJo`iue4Q2aNIPf-6<hS9l#K0t94MR>N>Kj1G^
z;{MHwIXH_+QJ}t<55nmLn;Hp0JeUNqLmCnJRT#R;sRNI_ZVb@b+Vv70wS2Xp1g7<7
zV{WSp-kE<g3AA*|1s!QjFlemZKY)qUBOUFv@VV%BVB3;)Dlsx3@&T7p#P{}8TDJSv
z<{|}zG$)&7`p-UhG($f@SBKz)Uh0!xaE@y0Uc%>!z*%QXh3y~#gp<sb56FZogK!xO
zBe!#9CoP8Pw$H3GU|2Y9Ql7wmB?t*burdI@5hiXAidS=5&D6^$pVevE{IJPYHo^}4
zm5n$lW+YIA(op2!ImW7S$d!T(dB)Xa{?~{vALlXRF3tjps#$%Gu*nk-9;qTw!SMo5
zrMIICjcHYY%vlt~w>OoTt8nz4c6QRsCNA?n){%UfHZOy!jd-%9Hwyu{8!<rm>#M${
z>ShW_Kks;)Dn3!$Od1PnTa@r+3x1r1=n!fm^5(cjugYrkL`%CiZoSs3z5ykn5C9z-
zyoidMKWX51ROu-UnYkHYg#~^8OnqnabpMGwH)ggq+1;z(;wr9Mo^6_AIWjS+H?5G<
zP(^`lAtAlAHIbTwL+s`xy-<TSHe^}#Wf)UMme&^oV~%cRB{4;9nd&+2%add05uQRs
z9D}hW#s0x8_gbrY_|hu4ARD+#{I2&mZgh$Vsj|Z{b>#Gf^NV^MPU!CD)28@{fKn2o
z`xg;6I;?WvkA&ui-}>+#<sO}Tc5e-a8#fo!DRCIyg^AB%?+OO42NpaF(?!9|mVgY>
zycZASO7bdTOl4rpv2H`HM5&Z;A=&EsY&xXR9H~2N2!{_yEu-}fdcVK}cD!-YAkam%
zsRBGPWvT$)?9PccbP_t}z*a<i;G&uQK6AsKZKBe^LX@hub)nX19)0(P&tUj;0e<v*
zkv4kWGhMXsN3f&=iy-z=#xSO^SL$3h5MkMB-ag-#Xa;AnzCrc=cP>KX>fax%X9Dis
zIj}Z9{Z^b+$fwqu=WRg<d|MLK;PpEM>%`j1o>gcW+_$4=Xu(lPf5x`&?Rw~2oA}bS
z8ncEhs(U}EcHrC~q&`Re$*DQ`XApYqhJ~n&L6ssM7RCaH_{etZV{^u`)SsbE?FS}~
zh-k*4E%rY71^lDVNGRA3mIvW<&Z({;9G|`tQtn4Xvhn;hwlEnHJX1En)qpILhAEq$
z^jekK$TR~z*&Xwz|5d6EP{`3YWDk`7ARlg{hZUX!i{$K6fHTHSbB%Uk4pY`Lj526w
z^yx=0G3(!`#7&1bNkR2Q@lN4yr|~$uhh~(eZ4iKo7c$_T+CnW-X?=Gx^{XHKvKqxg
zhkZ+~(|-ED`aiW?do+}382@%@DeHE2rEy;rk%Ww$+=YyB+tRoWHn+h{?j})grQOWv
z(7KM1TS&%6V??QyT!(|0&0XUbLXktl%)T=^XScS0_K*GRJLmnr_x+ytJm2^Je(&@A
z-Y2mB;!k^hF}*btuEcm>#&Aw&BYU-ENn)uzJL8N)4MzTo8NPyaAqLS&Se>n^FbN%K
zsP1@OWTO$MxEVw!N}2H_Y}ufWgAdJC)2dPEwE>~Kp?q{rj~c_gBd6!DBW%H)`m%>b
zXC?aJB|9YMhk8a-LG}=<*kGm6pq8flv@azwchG3|>uIcY)t=nMRP(UF)va_`)h`?6
zFgNV&@Y(>FK(c|dbY1iJR^8Il;#%G_Ok_m$zAl>bO>+whhka#w=lcFw&rmqFd&4<L
z8o|7ZLy!Yh{kSX5rYt#sZ!7;<|9c1mldpCZP5I-)L+x29)`CUBA$p>G5}xHiPQNBl
zog<4R`)Df;G}`7@<}X<bu~}*O;WpD&n3iBhvf>>9Z*Q!Vb^SA<x#Znm8`LqRqtAWZ
z8JjRR_V!HHwfm+mBW6$3UbegU`SqfRdELi(|22ZcN|Um5ldMT`HY!5bS)VK%NU4@c
z*f}@jQ_3`qAbH_JLBcAdOH*$FL+9*4G7Fu(aQodQLB3FQPO6E!iDIZBwBa+9)3t@z
z&u{V7@^{;S<r}$+V<2KCmEd;>fPwP=2L>Rh6Ud*N17PsxF0_IuukP3XGy{dhImOQL
zMF{fy+RAUgGbZc27eJjF-E@B!zns~mf+iA!aoJ3V%nX1wmq19@JLdQB#TEZky%;{>
zm6|l;e9qv~eSr<K?pruiAvo4^dRFsG#8QhS44^i%BwU&s$iS-3+a)YZiX4euyE-pg
zDa+~iEx!C{+KF&fime1yv`;3>_Zj>fwX=E9Zu7ie*jv5zGir%W(CFra>yABK>A1z`
zfWgY0r$kIt!9=6#zBQs(vbu&<*!MyWY+b#jq`lBdivY)YkZ*djV`60c6JFWtYVzm=
zK>=bW`n}|GNw{2K3{jgiP|>$0W*J^vP%X}5DwL69^k;xmE@_M%=~W8>As1IcyUGL6
z+e6}zBc;xXSTJ-UjEM#O1w%>#jKrpB*KDjwfJDLHgfajDDG2rAN)X8XEjq@Jc_ibz
zI3AUPi^#jU3PJ5s%QQl~i?Fs`9(RQCK~N~mM~ursASiI(f4}N*CC$wP;{2v!j(i_d
zL}R_?9>Ba0X=XQsVBB8i*FH=gD6Tf#=+wXKc_E2Nv1ENJTL!xw%{dp6JM~MFWeRL0
z$iKa-<9QY?))&2%SvsWNYKNCL3}CmHxdOYVQ-Cg+7Jq|GFONRomNzq!g&%)WzvXNw
zHS*`BGWcS2(9HS{HHdJt&NgT%Pdl!AI+F>yg$Zc9?00+7<3XoV!|mHrlRl<ksOzmC
zJUz61a96;Aq|M1V>S(Cfe5sRUWK>$SxX_D7f)J!|>K-#@3`HZ>1&^bu=pfBAB#9d<
zd(9XWyogmYRtX*%jLciagWL+3F4!TN$hm+MT{I$L*~k)g(bt^>vQ#UQ=@F}3g>=n^
zvM_&+3<SmJnK6FUm|c7J6hoCGk(%xE5!}}8GceSY&j8m$@ssh@UqMj$VW2wS^%H2z
z1*9K>3Q9k@b)CO8szt)d0naTj)>&ipzDbl$qaE>l9J{r?1cbJ8^YgzRryH|ZZm8Jj
zD{mB6sG}>fcsxZfcwC0pg~)RUm5OIpoYf~R8$`_Y&i9vra${I6xSC>{(nQP@NiXWn
zc;nB_$r<WSN8RYS!@&9czLp@XJ#8y1D@%ss7Zw&y0J#CEKc+-l0wUQrK)J9o)#e$u
z6S+#4)sMoBHAD*WdLgH6dyF~T`Gzq-1RMgg`tM%#0Aq8AME%@j@bp;e=-IBEx{1qM
zZ&}R(qH@aDlp4PQZ!;YdtAEbk+3F}vl|h(Qt%Ley9uGniwi)Me%D@x-O2NQ(nISh&
z1P#fXR<<4GgoQ}t`l3sidNb21m+J<{sgL^IVV^KCq}Xq|X(!X{`<f3BYOTDdCUx6c
zV0)~f%9u<(ILgRs;Z|x>P<;Z_OW<MM63*r=jwl}8BqqWhV*sx}NDDjjDl@OdzW}qq
B1@iy^

diff --git a/doc/mobile/key-manager-client_doc.h b/doc/mobile/key-manager-client_doc.h
deleted file mode 100644
index 25d2084..0000000
--- a/doc/mobile/key-manager-client_doc.h
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the License);
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an AS IS BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef __TIZEN_CORE_KEY_MANAGER_CLIENT_DOC_H__
-#define __TIZEN_CORE_KEY_MANAGER_CLIENT_DOC_H__
-/**
- * @ingroup CAPI_KEY_MANAGER_MODULE 
- * @defgroup CAPI_KEY_MANAGER_CLIENT_MODULE Key Manager Client
- * @brief    It provides APIs accessing on the secure repository and additional secure cryptographic operations.
- *
- * @section CAPI_KEY_MANAGER_CLIENT_MODULE_HEADER Required Header
- * \#include <ckmc/ckmc-manager.h>
- *
- * @section CAPI_KEY_MANAGER_CLIENT_MODULE_OVERVIEW Overview
- * It provides APIs for storing, getting, and removing APIs for keys, certificates, and sensitive data on/from the Key Manager secure repository which is protected by a user’s passwords.
- * Additionally, it provides secure cryptographic operations for non-exportable keys without revealing key values to clients.
- */
-
-#endif /* __TIZEN_CORE_KEY_MANAGER_CLIENT_DOC_H__ */
diff --git a/doc/mobile/key-manager-control_doc.h b/doc/mobile/key-manager-control_doc.h
deleted file mode 100644
index 8c42b39..0000000
--- a/doc/mobile/key-manager-control_doc.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the License);
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an AS IS BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef __TIZEN_CORE_KEY_MANAGER_CONTROL_DOC_H__
-#define __TIZEN_CORE_KEY_MANAGER_CONTROL_DOC_H__
-/**
- * @internal
- * @ingroup CAPI_KEY_MANAGER_MODULE
- * @defgroup CAPI_KEY_MANAGER_CONTROL_MODULE Key Manager Control
- * @brief    These APIs control the key manager state (Unlocked/Locked) and reflects the user's password change.
- *
- * @section CAPI_KEY_MANAGER_CONTROL_MODULE_HEADER Required Header
- * \#include <ckmc/ckmc-control.h>
- *
- * @section CAPI_KEY_MANAGER_CONTROL_MODULE_OVERVIEW Overview
- * It provides APIs encrypting, decrypting, and re-encrypting a DKEK (with which a user's data file is encrypted).
- * When a user logs in for the first time, the DKEK will be generated randomly.
- */
-
-#endif /* __TIZEN_CORE_KEY_MANAGER_CONTROL_DOC_H__ */
diff --git a/doc/mobile/key-manager-types_doc.h b/doc/mobile/key-manager-types_doc.h
deleted file mode 100644
index c13d822..0000000
--- a/doc/mobile/key-manager-types_doc.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the License);
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an AS IS BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef __TIZEN_CORE_KEY_MANAGER_TYPES_DOC_H__
-#define __TIZEN_CORE_KEY_MANAGER_TYPES_DOC_H__
-/**
- * @ingroup CAPI_KEY_MANAGER_MODULE
- * @defgroup CAPI_KEY_MANAGER_TYPES_MODULE Key Manager Data Types
- * @brief    It defines data types used in these APIs and provides utility methods handling them.
- *
- * @section CAPI_KEY_MANAGER_TYPES_MODULE_HEADER Required Header
- * \#include <ckmc/ckmc-type.h>
- *
- * @section CAPI_KEY_MANAGER_TYPES_MODULE_OVERVIEW Overview
- * It defines data types for key, certificate,raw buffer, and linked list used in these APIs.
- * It also provides new and free methods for them.
- *
- */
-
-#endif /* __TIZEN_CORE_KEY_MANAGER_TYPES_DOC_H__ */
diff --git a/doc/wearable/key-manager_doc.h b/doc/wearable/key-manager_doc.h
deleted file mode 100644
index 9c2723d..0000000
--- a/doc/wearable/key-manager_doc.h
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the License);
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an AS IS BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef __TIZEN_CORE_KEY_MANAGER_DOC_H__
-#define __TIZEN_CORE_KEY_MANAGER_DOC_H__
-/**
- * @ingroup CAPI_SECURITY_FRAMEWORK
- * @defgroup CAPI_KEY_MANAGER_MODULE Key Manager
- * @brief    The key manager provides a secure repository protected by a user’s passwords for keys, certificates, and sensitive data of users and/or their APPs. 
- *           Additionally, the key manager provides secure cryptographic operations for non-exportable keys without revealing key values to clients.
- *
- * @section CAPI_KEY_MANAGER_MODULE_OVERVIEW Overview
- * <table>
- *   <tr><th>API</th><th>Description</th></tr>
- *   <tr>
- *     <td> @ref CAPI_KEY_MANAGER_CLIENT_MODULE</td>
- *     <td> Provides APIs for accessing the secure repository and additional secure cryptographic operations.</td>
- *   </tr>
- *   <tr>
- *     <td> @ref CAPI_KEY_MANAGER_TYPES_MODULE</td>
- *     <td> Defines data types used in these APIs and provides utility methods handling them.</td>
- *   </tr>
- * </table>
- *
- * It provides a secure repository for keys, certificates, and sensitive data of users and/or their APPs which are protected by a user’s passwords.
- * Additionally, it provides secure cryptographic operations for non-exportable keys without revealing key values to clients.
- *
- * @image html capi_key_manager_overview_diagram.png
- *
- * The key manager provides 2 types of API.
- * - secure repository APIs : These APIs provides storing, retrieving, and removing functions for keys, certificates, and data.
- * - secure crypto APIs : These APIs provides additional cryptographic operations (create asymmetric key pair, sign/verify signature, verify certificate).
- *
- * Data Store Policy:
- *   A client can specify simple access rules when storing a data in Key Manager.
- *   - Exportable/Non-Exportable:
- *     Only for data tagged as exportable, Key Manager returns the raw value of the data.
- *     If data is tagged as non-exportable, Key Manager does not return its raw value. 
- *     In that case, Key Manager provides secure cryptographic operations for non-exportable keys without revealing key values to clients.
- *   - Per Key Password:
- *     All data in Key Manager is protected by a user’s password.
- *     Besides, a client can encrypt its data using its own password additionally.
- *     If a client provides a password when storing a data, the data will be encrypted with the password. 
- *     This password should be provided when get the data from Key Manager.
- *
- * User Login/Logout and Data Protection
- *   - When a user logs in, logs out or changes his/her password, Key Manager should know about it.
- *     Privileged APPs such as LockScreen APP or Setting APP can notify the key manager using these control APIs.
- *   - When a user logs in, the key manager decrypts the user's DKEK (with which a user's data file is encrypted) with a user password.
- *     So during the login period, any client can access its data which is protected by a user's password.
- *     "user key" in API means DKEK.
- *   - When a user logs out, the key manager removes the user's DKEK from memory.
- *     Therefore, clients cannot access any data.
- *   - When a user changes his/her password, the key manager re-encrypts the user's DKEK with the new password.
- *
- * Data Access Control
- *   - By default, only the owner of a data can access to the data.
- *   - If the owner grants the access to other applications, those applications can read or delete the data from key-manager DB.
- *   - When an application is deleted, the data and access control information granted by the application are also removed.
- *
- * Alias Format
- *   - The format of alias is "package_id name".
- *   - If package_id is not provided by a client, the key-manager will add the package_id of the client to the name internally.
- *   - Alias should not include whitespace except the case of using as delimiter between package_id and name.
- *   - If the client use "package_id name" format of alias when saving something in key-manager, the client should use package_id of the client itself.
-       If the client doesn't, key-manager will return error code related to input parameter error.
- *   - A client should specify the package id of the owner in the alias to retrieve a a key, certificate, or data shared by other applications.
- *   - Aliases are returned as the format of "package_id name" from the key-manager.
- *
- */
-
-#endif /* __TIZEN_CORE_KEY_MANAGER_DOC_H__ */
diff --git a/packaging/key-manager-listener.manifest b/packaging/key-manager-listener.manifest
deleted file mode 100644
index c3b5d51..0000000
--- a/packaging/key-manager-listener.manifest
+++ /dev/null
@@ -1,13 +0,0 @@
-<manifest>
-	<define>
-		<domain name="key-manager-listener" />
-		<request>
-			<smack request="pkgmgr::info" type="r" />
-			<smack request="pkgmgr::db" type="rlx" />
-			<smack request="ail::db" type="rlx" />
-		</request>
-	</define>
-	<request>
-		<domain name="key-manager-listener" />
-	</request>
-</manifest>
diff --git a/packaging/key-manager.manifest b/packaging/key-manager.manifest
index 195c0a5..9e277de 100644
--- a/packaging/key-manager.manifest
+++ b/packaging/key-manager.manifest
@@ -3,15 +3,27 @@
 		<domain name="key-manager"/>
 		<request>
 			<smack request="system::use_internet" type="w"/>
+			<smack request="device::app_logging" type="rw"/>
+			<smack request="device::sys_logging" type="rw"/>
+			<smack request="security-server" type="rx"/>
+			<smack request="sys-assert::core" type="rwxat"/>
+			<smack request="pkgmgr::info" type="r" />
+			<smack request="pkgmgr::db" type="rlx" />
+			<smack request="key-manager::api-control" type="w"/>
+			<smack request="ca-certificates::ssl-certs" type="rx"/>
+			<smack request="systemd" type="rx"/>
+			<smack request="connman" type="w"/>
 		</request>
 		<permit>
 			<smack permit="system::use_internet" type="w"/>
+			<smack permit="connman" type="w"/>
 		</permit>
 	</define>
 	<request>
 		<domain name="key-manager" />
 	</request>
 	<assign>
-		<filesystem path="/etc/opt/upgrade/230.key-manager-migrate-dkek.patch.sh" label="_" exec_label="_"/>
+		<filesystem path="/etc/opt/upgrade/230.key-manager-migrate-dkek.patch.sh" label="_" exec_label="none"/>
+		<filesystem path="/opt/data/ckm" label="key-manager" type="transmutable"/>
 	</assign>
 </manifest>
diff --git a/packaging/key-manager.spec b/packaging/key-manager.spec
index 1d7728a..7a99765 100644
--- a/packaging/key-manager.spec
+++ b/packaging/key-manager.spec
@@ -1,3 +1,5 @@
+%define ckm_build_internal_test 0
+
 Name:       key-manager
 Summary:    Central Key Manager and utilities
 Version:    0.1.13
@@ -6,20 +8,16 @@ Group:      System/Security
 License:    Apache-2.0 and BSL-1.0 and PD
 Source0:    %{name}-%{version}.tar.gz
 Source1001: key-manager.manifest
-Source1002: key-manager-listener.manifest
-Source1003: libkey-manager-client.manifest
-Source1004: libkey-manager-common.manifest
+Source1002: libkey-manager-client.manifest
+Source1003: libkey-manager-common.manifest
 BuildRequires: cmake
-BuildRequires: zip
-BuildRequires: pkgconfig(dlog)
 BuildRequires: pkgconfig(openssl)
-BuildRequires: libattr-devel
-BuildRequires: pkgconfig(libsmack)
 BuildRequires: pkgconfig(libsystemd-daemon)
-BuildRequires: pkgconfig(libsystemd-journal)
+BuildRequires: pkgconfig(vasum)
+BuildRequires: pkgconfig(capi-system-info)
 BuildRequires: boost-devel
-BuildRequires: pkgconfig(security-server)
-BuildRequires: model-build-features
+BuildRequires: pkgconfig(glib-2.0)
+BuildRequires: pkgconfig(pkgmgr)
 Requires: libkey-manager-common = %{version}-%{release}
 Requires(post): /sbin/ldconfig
 Requires(postun): /sbin/ldconfig
@@ -30,23 +28,13 @@ Central Key Manager daemon could be used as secure storage
 for certificate and private/public keys. It gives API for
 application to sign and verify (DSA/RSA/ECDSA) signatures.
 
-%package -n key-manager-listener
-License:    Apache-2.0
-Summary:    Package with listener daemon
-Group:      System/Security
-BuildRequires: pkgconfig(glib-2.0)
-BuildRequires: pkgconfig(capi-appfw-package-manager)
-Requires:   libkey-manager-client = %{version}-%{release}
-
-%description -n key-manager-listener
-Listener for central key manager. This daemon is responsible for
-receive notification from dbus about uninstall application
-and pass them to key-manager daemon.
-
 %package -n libkey-manager-common
 License:    Apache-2.0
 Summary:    Central Key Manager (common libraries)
 Group:      Development/Libraries
+BuildRequires: pkgconfig(dlog)
+BuildRequires: pkgconfig(libcrypto)
+BuildRequires: pkgconfig(libsystemd-journal)
 Requires(post): /sbin/ldconfig
 Requires(postun): /sbin/ldconfig
 
@@ -57,6 +45,8 @@ Central Key Manager package (common library)
 License:    Apache-2.0
 Summary:    Central Key Manager (client)
 Group:      Development/Libraries
+BuildRequires: pkgconfig(capi-base-common)
+BuildRequires: pkgconfig(security-server)
 Requires:   key-manager = %{version}-%{release}
 Requires:   libkey-manager-common = %{version}-%{release}
 Requires(post): /sbin/ldconfig
@@ -70,44 +60,52 @@ License:    Apache-2.0
 Summary:    Central Key Manager (client-devel)
 Group:      Development/Libraries
 BuildRequires: pkgconfig(capi-base-common)
-Requires:   pkgconfig(capi-base-common)
 Requires:   libkey-manager-client = %{version}-%{release}
 
 %description -n libkey-manager-client-devel
 Central Key Manager package (client-devel)
 
+%if 0%{?ckm_build_internal_test}
 %package -n key-manager-tests
 License:    Apache-2.0 and BSL-1.0
 Summary:    Internal test for key-manager
 Group:      Development
-Requires:   boost-test
+BuildRequires: boost-test
 Requires:   key-manager = %{version}-%{release}
 
 %description -n key-manager-tests
 Internal test for key-manager implementation.
+%endif
 
 %prep
 %setup -q
 cp -a %{SOURCE1001} .
 cp -a %{SOURCE1002} .
 cp -a %{SOURCE1003} .
-cp -a %{SOURCE1004} .
 
 %build
 export CFLAGS="$CFLAGS -DTIZEN_DEBUG_ENABLE"
 export CXXFLAGS="$CXXFLAGS -DTIZEN_DEBUG_ENABLE"
 export FFLAGS="$FFLAGS -DTIZEN_DEBUG_ENABLE"
+
 export LDFLAGS+="-Wl,--rpath=%{_libdir},-Bsymbolic-functions "
 
+# password protection enabled
+%define ckm_password_protection_disable 0
+# zone disabled on 2.4
+%define ckm_db_per_zone_enable 0
 
 %cmake . -DVERSION=%{version} \
         -DCMAKE_BUILD_TYPE=%{?build_type:%build_type}%{!?build_type:RELEASE} \
         -DCMAKE_VERBOSE_MAKEFILE=ON \
-%if "%{?tizen_profile_name}" == "wearable"
-        -DPROFILE_TARGET=WEARABLE \
+%if 0%{?ckm_password_protection_disable}
+        -DPASSWORD_PROTECTION_DISABLE=1 \
 %endif
-%if "%{?model_build_feature_formfactor}" == "circle"
-        -DFORM_FACTOR=CIRCLE \
+%if 0%{?ckm_db_per_zone_enable}
+        -DDB_PER_ZONE_ENABLE=1 \
+%endif
+%if 0%{?ckm_build_internal_test}
+        -DCKM_BUILD_INTERNAL_TEST=1 \
 %endif
         -DSYSTEMD_UNIT_DIR=%{_unitdir} \
         -DSYSTEMD_ENV_FILE="/etc/sysconfig/central-key-manager"
@@ -121,21 +119,23 @@ cp LICENSE %{buildroot}/usr/share/license/%{name}
 cp LICENSE.BSL-1.0 %{buildroot}/usr/share/license/%{name}.BSL-1.0
 cp LICENSE %{buildroot}/usr/share/license/libkey-manager-client
 cp LICENSE %{buildroot}/usr/share/license/libkey-manager-control-client
-mkdir -p %{buildroot}/etc/security/
 mkdir -p %{buildroot}/usr/share/ckm/scripts
 cp data/scripts/*.sql %{buildroot}/usr/share/ckm/scripts
+
+%if 0%{?ckm_build_internal_test}
 mkdir -p %{buildroot}/usr/share/ckm-db-test
 cp tests/testme_ver1.db %{buildroot}/usr/share/ckm-db-test/
 cp tests/testme_ver2.db %{buildroot}/usr/share/ckm-db-test/
+%endif
 
 %make_install
 mkdir -p %{buildroot}%{_unitdir}/multi-user.target.wants
 mkdir -p %{buildroot}%{_unitdir}/sockets.target.wants
 ln -s ../central-key-manager.service %{buildroot}%{_unitdir}/multi-user.target.wants/central-key-manager.service
-ln -s ../central-key-manager-listener.service %{buildroot}%{_unitdir}/multi-user.target.wants/central-key-manager-listener.service
 ln -s ../central-key-manager-api-control.socket %{buildroot}%{_unitdir}/sockets.target.wants/central-key-manager-api-control.socket
 ln -s ../central-key-manager-api-storage.socket %{buildroot}%{_unitdir}/sockets.target.wants/central-key-manager-api-storage.socket
 ln -s ../central-key-manager-api-ocsp.socket %{buildroot}%{_unitdir}/sockets.target.wants/central-key-manager-api-ocsp.socket
+mkdir -p %{buildroot}/opt/data/ckm
 
 %clean
 rm -rf %{buildroot}
@@ -175,35 +175,13 @@ fi
 
 %postun -n libkey-manager-common -p /sbin/ldconfig
 
-%post -n key-manager-listener
-systemctl daemon-reload
-if [ $1 = 1 ]; then
-    # installation
-    systemctl start central-key-manager-listener.service
-fi
-if [ $1 = 2 ]; then
-    # update
-    systemctl restart central-key-manager-listener.service
-fi
-
-%preun -n key-manager-listener
-if [ $1 = 0 ]; then
-    # unistall
-    systemctl stop central-key-manager-listener.service
-fi
-
-%postun -n key-manager-listener
-if [ $1 = 0 ]; then
-    # unistall
-    systemctl daemon-reload
-fi
 
 %files -n key-manager
 %manifest key-manager.manifest
+%defattr(-,system,system,-)
 %{_bindir}/key-manager
 %{_unitdir}/multi-user.target.wants/central-key-manager.service
 %{_unitdir}/central-key-manager.service
-%{_unitdir}/central-key-manager.target
 %{_unitdir}/sockets.target.wants/central-key-manager-api-control.socket
 %{_unitdir}/central-key-manager-api-control.socket
 %{_unitdir}/sockets.target.wants/central-key-manager-api-storage.socket
@@ -212,22 +190,18 @@ fi
 %{_unitdir}/central-key-manager-api-ocsp.socket
 %{_datadir}/license/%{name}
 %{_datadir}/license/%{name}.BSL-1.0
-%{_datadir}/ckm/scripts/*.sql
-%attr(444, root, root) %{_datadir}/ckm/scripts/*.sql
+%attr(444, system, system) %{_datadir}/ckm/scripts/*.sql
 /etc/opt/upgrade/230.key-manager-migrate-dkek.patch.sh
-
-%files -n key-manager-listener
-%manifest key-manager-listener.manifest
-%{_bindir}/key-manager-listener
-%{_unitdir}/multi-user.target.wants/central-key-manager-listener.service
-%{_unitdir}/central-key-manager-listener.service
+%attr(700, system, system) /opt/data/ckm
 
 %files -n libkey-manager-common
 %manifest libkey-manager-common.manifest
+%defattr(-,system,system,-)
 %{_libdir}/libkey-manager-common.so.*
 
 %files -n libkey-manager-client
 %manifest libkey-manager-client.manifest
+%defattr(-,system,system,-)
 %{_libdir}/libkey-manager-client.so.*
 %{_libdir}/libkey-manager-control-client.so.*
 %{_libdir}/libsecurity-server-plugin.so*
@@ -235,7 +209,7 @@ fi
 %{_datadir}/license/libkey-manager-control-client
 
 %files -n libkey-manager-client-devel
-%defattr(-,root,root,-)
+%defattr(-,system,system,-)
 %{_libdir}/libkey-manager-client.so
 %{_libdir}/libkey-manager-control-client.so
 %{_libdir}/libkey-manager-common.so
@@ -248,6 +222,7 @@ fi
 %{_includedir}/ckm/ckm/ckm-password.h
 %{_includedir}/ckm/ckm/ckm-pkcs12.h
 %{_includedir}/ckm/ckm/ckm-raw-buffer.h
+%{_includedir}/ckm/ckm/ckm-client-info.h
 %{_includedir}/ckm/ckm/ckm-type.h
 %{_includedir}/ckm/ckmc/ckmc-manager.h
 %{_includedir}/ckm/ckmc/ckmc-control.h
@@ -255,9 +230,12 @@ fi
 %{_includedir}/ckm/ckmc/ckmc-type.h
 %{_libdir}/pkgconfig/*.pc
 
+%if 0%{?ckm_build_internal_test}
 %files -n key-manager-tests
-%defattr(-,root,root,-)
+%defattr(-,system,system,-)
 %{_bindir}/ckm-tests-internal
+%{_bindir}/ckm-tests-lcov-internal
 %{_datadir}/ckm-db-test/testme_ver1.db
 %{_datadir}/ckm-db-test/testme_ver2.db
 %{_bindir}/ckm_so_loader
+%endif
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 147638b..cb8c377 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -1,12 +1,19 @@
 PKG_CHECK_MODULES(KEY_MANAGER_DEP
-    dlog
+    REQUIRED
     openssl
-    libsmack
-    libcrypto
     libsystemd-daemon
-    capi-base-common
+    vasum
+    capi-system-info
+    glib-2.0
+    dlog
+    pkgmgr
+    )
+
+PKG_CHECK_MODULES(KEY_MANAGER_CLIENT_DEP
     REQUIRED
+    capi-base-common
     )
+
 FIND_PACKAGE(Threads REQUIRED)
 
 SET(KEY_MANAGER_SRC_PATH ${PROJECT_SOURCE_DIR}/src)
@@ -16,7 +23,6 @@ SET(KEY_MANAGER_SOURCES
     ${KEY_MANAGER_PATH}/main/generic-socket-manager.cpp
     ${KEY_MANAGER_PATH}/main/socket-manager.cpp
     ${KEY_MANAGER_PATH}/main/key-manager-main.cpp
-    ${KEY_MANAGER_PATH}/main/smack-check.cpp
     ${KEY_MANAGER_PATH}/service/certificate-store.cpp
     ${KEY_MANAGER_PATH}/service/certificate-config.cpp
     ${KEY_MANAGER_PATH}/service/digest.cpp
@@ -32,6 +38,7 @@ SET(KEY_MANAGER_SOURCES
     ${KEY_MANAGER_PATH}/service/db-crypto.cpp
     ${KEY_MANAGER_PATH}/service/ocsp-service.cpp
     ${KEY_MANAGER_PATH}/service/ocsp-logic.cpp
+    ${KEY_MANAGER_PATH}/listener/listener-thread.cpp
     ${KEY_MANAGER_PATH}/dpl/core/src/assert.cpp
     ${KEY_MANAGER_PATH}/dpl/db/src/sql_connection.cpp
     ${KEY_MANAGER_PATH}/dpl/db/src/naive_synchronization_object.cpp
@@ -53,6 +60,7 @@ INCLUDE_DIRECTORIES(
     ${KEY_MANAGER_PATH}/main
     ${KEY_MANAGER_PATH}/common
     ${KEY_MANAGER_PATH}/service
+    ${KEY_MANAGER_PATH}/listener
     ${KEY_MANAGER_PATH}/sqlcipher
     ${KEY_MANAGER_PATH}/dpl/core/include
     ${KEY_MANAGER_PATH}/dpl/log/include
@@ -66,6 +74,7 @@ TARGET_LINK_LIBRARIES(${TARGET_KEY_MANAGER}
     ${CMAKE_THREAD_LIBS_INIT}
     ${KEY_MANAGER_DEP_LIBRARIES}
     ${TARGET_KEY_MANAGER_COMMON}
+    ${TARGET_KEY_MANAGER_CONTROL_CLIENT}
     -ldl -pie
     )
 
@@ -78,6 +87,10 @@ SET(KEY_MANAGER_CLIENT_SRC_PATH ${KEY_MANAGER_PATH}/client)
 SET(KEY_MANAGER_CLIENT_ASYNC_SRC_PATH ${KEY_MANAGER_PATH}/client-async)
 SET(KEY_MANAGER_CLIENT_CAPI_SRC_PATH ${KEY_MANAGER_PATH}/client-capi)
 
+INCLUDE_DIRECTORIES(SYSTEM
+    ${KEY_MANAGER_CLIENT_DEP_INCLUDE_DIRS}
+    )
+
 INCLUDE_DIRECTORIES(
     ${KEY_MANAGER_PATH}/client
     ${KEY_MANAGER_PATH}/client-async
@@ -116,7 +129,7 @@ SET_TARGET_PROPERTIES(
     )
 
 TARGET_LINK_LIBRARIES(${TARGET_KEY_MANAGER_CLIENT}
-    ${KEY_MANAGER_DEP_LIBRARIES}
+    ${KEY_MANAGER_CLIENT_DEP_LIBRARIES}
     ${TARGET_KEY_MANAGER_COMMON}
     )
 
@@ -154,7 +167,7 @@ SET_TARGET_PROPERTIES(
     )
 
 TARGET_LINK_LIBRARIES(${TARGET_KEY_MANAGER_CONTROL_CLIENT}
-    ${KEY_MANAGER_DEP_LIBRARIES}
+    ${KEY_MANAGER_CLIENT_DEP_LIBRARIES}
     ${TARGET_KEY_MANAGER_COMMON}
     )
 
@@ -175,9 +188,11 @@ INSTALL(FILES
     ${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-password.h
     ${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-pkcs12.h
     ${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-raw-buffer.h
+    ${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-client-info.h
     ${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-type.h
     DESTINATION /usr/include/ckm/ckm
     )
+
 INSTALL(FILES
     ${KEY_MANAGER_SRC_PATH}/include/ckmc/ckmc-manager.h
     ${KEY_MANAGER_SRC_PATH}/include/ckmc/ckmc-control.h
@@ -188,5 +203,4 @@ INSTALL(FILES
 ################################################################################
 
 ADD_SUBDIRECTORY(manager)
-ADD_SUBDIRECTORY(listener)
 ADD_SUBDIRECTORY(plugin)
diff --git a/src/include/ckm/ckm-client-info.h b/src/include/ckm/ckm-client-info.h
new file mode 100644
index 0000000..c6c7e2b
--- /dev/null
+++ b/src/include/ckm/ckm-client-info.h
@@ -0,0 +1,58 @@
+/*
+ *  Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License
+ *
+ *
+ * @file        ckm-client-info.h
+ * @author      Kyungwook Tak (k.tak@samsung.com)
+ * @version     1.0
+ * @brief       ClientInfo implementation.
+ */
+#pragma once
+
+#include <string>
+
+#include <sys/types.h>
+
+#include <ckm/ckm-type.h>
+
+namespace CKM {
+
+// ClientInfo consists of (zone name & uid)
+class KEY_MANAGER_API ClientInfo {
+public:
+    ClientInfo() = delete;
+
+    ClientInfo(const uid_t uid);
+
+    ClientInfo(const std::string &zone, const uid_t uid);
+
+    virtual ~ClientInfo();
+
+    uid_t getUID() const;
+
+    ClientID getClientID() const;
+
+    std::string getZone() const;
+
+private:
+    const static std::string ZONE_DEFAULT;
+    const static std::string DELIMITER;
+    std::string m_zone;
+    uid_t m_uid;
+
+};
+
+
+} // namespace CKM
diff --git a/src/include/ckm/ckm-control.h b/src/include/ckm/ckm-control.h
index 67250fe..15dfda9 100644
--- a/src/include/ckm/ckm-control.h
+++ b/src/include/ckm/ckm-control.h
@@ -25,6 +25,7 @@
 #include <memory>
 
 #include <ckm/ckm-error.h>
+#include <ckm/ckm-client-info.h>
 #include <ckm/ckm-type.h>
 
 // Central Key Manager namespace
@@ -38,32 +39,32 @@ class KEY_MANAGER_API Control
 {
 public:
     // decrypt user key with password
-    virtual int unlockUserKey(uid_t user, const Password &password) = 0;
+    virtual int unlockUserKey(const ClientInfo &clientInfo, const Password &password) = 0;
 
     // remove user key from memory
-    virtual int lockUserKey(uid_t user) = 0;
+    virtual int lockUserKey(const ClientInfo &clientInfo) = 0;
 
     // remove user data from Store and erase key used for encryption
-    virtual int removeUserData(uid_t user) = 0;
+    virtual int removeUserData(const ClientInfo &clientInfo) = 0;
 
     // change password for user
-    virtual int changeUserPassword(uid_t user, const Password &oldPassword, const Password &newPassword) = 0;
+    virtual int changeUserPassword(const ClientInfo &clientInfo, const Password &oldPassword, const Password &newPassword) = 0;
 
     // This is work around for security-server api - resetPassword that may be called without passing oldPassword.
     // This api should not be supported on tizen 3.0
     // User must be already logged in and his DKEK is already loaded into memory in plain text form.
     // The service will use DKEK in plain text and encrypt it in encrypted form (using new password).
-    virtual int resetUserPassword(uid_t user, const Password &newPassword) = 0;
+    virtual int resetUserPassword(const ClientInfo &clientInfo, const Password &newPassword) = 0;
 
     // Required for tizen 2.3.
     // It will remove all application data owned by application identified
     // by smackLabel. This function will remove application data from unlocked
     // database only. This function may be used during application uninstallation.
-    virtual int removeApplicationData(const std::string &smackLabel) = 0;
+    virtual int removeApplicationData(const std::string &zone, const Label &smackLabel) = 0;
 
     virtual int updateCCMode() = 0;
 
-    virtual int setPermission(uid_t user,
+    virtual int setPermission(const ClientInfo &clientInfo,
                               const Alias &alias,
                               const Label &accessor,
                               PermissionMask permissionMask) = 0;
diff --git a/src/include/ckm/ckm-error.h b/src/include/ckm/ckm-error.h
index 671ec25..372bd98 100644
--- a/src/include/ckm/ckm-error.h
+++ b/src/include/ckm/ckm-error.h
@@ -93,6 +93,9 @@ extern "C" {
 /*! \brief   indicating that files are corrupted or access to files was denied */
 #define CKM_API_ERROR_FILE_SYSTEM -20
 
+/*! \brief   indicating that device needed to run API is not supported */
+#define CKM_API_ERROR_NOT_SUPPORTED -21
+
 #define CKM_API_OCSP_STATUS_GOOD                (1<<0)
 #define CKM_API_OCSP_STATUS_UNSUPPORTED         (1<<1)
 #define CKM_API_OCSP_STATUS_UNKNOWN             (1<<2)
diff --git a/src/include/ckm/ckm-type.h b/src/include/ckm/ckm-type.h
index 53b87a7..1dbba03 100644
--- a/src/include/ckm/ckm-type.h
+++ b/src/include/ckm/ckm-type.h
@@ -35,6 +35,7 @@ namespace CKM {
 typedef std::vector<RawBuffer> RawBufferVector;
 typedef std::string Alias;
 typedef std::string Label;
+typedef std::string ClientID;
 typedef std::vector<Alias> AliasVector;
 
 enum class KeyType : int {
diff --git a/src/include/ckmc/ckmc-control.h b/src/include/ckmc/ckmc-control.h
index 0424e2c..6666950 100644
--- a/src/include/ckmc/ckmc-control.h
+++ b/src/include/ckmc/ckmc-control.h
@@ -33,7 +33,6 @@ extern "C" {
 #endif
 
 /**
- * @internal
  * @addtogroup CAPI_KEY_MANAGER_CONTROL_MODULE
  * @{
  */
@@ -43,7 +42,7 @@ extern "C" {
  *        A decrypted user key exists only on memory. If this API is called for the first time, a
  *        user key will be generated internally.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel platform
  * @privilege %http://tizen.org/privilege/keymanager.admin
  *
@@ -72,7 +71,7 @@ int ckmc_unlock_user_key(uid_t user, const char *password);
 /**
  * @brief Removes a decrypted user key(DKEK) from memory
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel platform
  * @privilege %http://tizen.org/privilege/keymanager.admin
  *
@@ -95,7 +94,7 @@ int ckmc_lock_user_key(uid_t user);
 /**
  * @brief Removes user data from Store and erases a user key(DKEK) used for encryption.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel platform
  * @privilege %http://tizen.org/privilege/keymanager.admin
  *
@@ -120,7 +119,7 @@ int ckmc_remove_user_data(uid_t user);
  *        The key manager decrypts a user key (DKEK) with old password and re-encrypts a user key
  *        with new password.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel platform
  * @privilege %http://tizen.org/privilege/keymanager.admin
  *
@@ -147,7 +146,7 @@ int ckmc_change_user_password(uid_t user, const char *old_password, const char *
 /**
  * @brief Changes a password for a user without old password.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel platform
  * @privilege %http://tizen.org/privilege/keymanager.admin
  *
@@ -173,9 +172,10 @@ int ckmc_change_user_password(uid_t user, const char *old_password, const char *
 int ckmc_reset_user_password(uid_t user, const char *new_password);
 
 /**
+ * @deprecated, see ckmc_set_permission_by_adm()
  * @brief Allows another application to access client's application data
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel platform
  * @privilege %http://tizen.org/privilege/keymanager.admin
  *
@@ -198,9 +198,8 @@ int ckmc_reset_user_password(uid_t user, const char *new_password);
  *
  * @pre User is already logged in and the user key is already loaded into memory in plain text form.
  *
- * @see ckmc_allow_access()
- * @see ckmc_deny_access()
- * @see ckmc_deny_access_by_adm()
+ * @see ckmc_set_permission_by_adm()
+ * @see ckmc_set_permission()
  */
 int ckmc_allow_access_by_adm(uid_t user,
                              const char *owner,
@@ -209,9 +208,43 @@ int ckmc_allow_access_by_adm(uid_t user,
                              ckmc_access_right_e granted);
 
 /**
+ * @brief Allows another application to access client's application data
+ *
+ * @since_tizen 3.0
+ * @privlevel platform
+ * @privilege %http://tizen.org/privilege/keymanager.admin
+ *
+ * @remarks Data identified by @a alias should exist
+ * @remarks @a alias must contain owner label (<owner label><ckmc_label_name_separator><name>)
+ *
+ * @param[in] user        User ID of a user whose data will be affected
+ * @param[in] alias       Data alias for which access will be granted
+ * @param[in] accessor    Package id of the application that will gain access rights
+ * @param[in] permissions Mask of permissions granted for @a accessor application
+ *                        (@a ckmc_permission_e)
+ *                        (previous permission mask will be replaced with the new mask value)
+ *
+ * @return @c 0 on success, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE                 Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER    Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED            A user key is not loaded in memory (a user is not logged
+ *                                          in)
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN     Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED    Failed to access key manager
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_set_permission()
+ */
+int ckmc_set_permission_by_adm(uid_t user, const char *alias, const char *accessor, int mask);
+
+
+/**
+ * @deprecated, see ckmc_set_permission_by_adm()
  * @brief Revokes another application's access to client's application data
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel platform
  * @privilege %http://tizen.org/privilege/keymanager.admin
  *
@@ -235,9 +268,8 @@ int ckmc_allow_access_by_adm(uid_t user,
  *
  * @pre User is already logged in and the user key is already loaded into memory in plain text form.
  *
- * @see ckmc_allow_access()
- * @see ckmc_deny_access()
- * @see ckmc_allow_access_by_adm()
+ * @see ckmc_set_permission()
+ * @see ckmc_set_permission_by_adm()
  */
 int ckmc_deny_access_by_adm(uid_t user, const char *owner, const char *alias, const char *accessor);
 
diff --git a/src/include/ckmc/ckmc-error.h b/src/include/ckmc/ckmc-error.h
index 8c95db7..8a5729b 100644
--- a/src/include/ckmc/ckmc-error.h
+++ b/src/include/ckmc/ckmc-error.h
@@ -33,7 +33,7 @@ extern "C" {
 
 /**
  * @brief Enumeration for Key Manager Errors.
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  */
 
 typedef enum{
@@ -41,6 +41,7 @@ typedef enum{
 	CKMC_ERROR_INVALID_PARAMETER        = TIZEN_ERROR_INVALID_PARAMETER,  /**< Invalid function parameter */
 	CKMC_ERROR_OUT_OF_MEMORY            = TIZEN_ERROR_OUT_OF_MEMORY,      /**< Out of memory */
 	CKMC_ERROR_PERMISSION_DENIED        = TIZEN_ERROR_PERMISSION_DENIED,  /**< Permission denied */
+	CKMC_ERROR_NOT_SUPPORTED            = TIZEN_ERROR_NOT_SUPPORTED,      /**< Device needed to run API is not supported*/
 
 	CKMC_ERROR_SOCKET                   = TIZEN_ERROR_KEY_MANAGER | 0x01, /**< Socket error between client and Central Key Manager */
 	CKMC_ERROR_BAD_REQUEST              = TIZEN_ERROR_KEY_MANAGER | 0x02,  /**< Invalid request from client */
diff --git a/src/include/ckmc/ckmc-manager.h b/src/include/ckmc/ckmc-manager.h
index d0cd41f..c4a4580 100644
--- a/src/include/ckmc/ckmc-manager.h
+++ b/src/include/ckmc/ckmc-manager.h
@@ -15,7 +15,7 @@
  *
  *
  * @file        ckmc-manager.h
- * @version     1.0
+ * @version     1.2
  * @brief       Provides management functions(storing, retrieving, and removing) for keys,
  *              certificates and data of a user and additional crypto functions.
  */
@@ -25,11 +25,11 @@
 #define __TIZEN_CORE_CKMC_MANAGER_H
 
 #include <stddef.h>
+#include <stdbool.h>
 #include <sys/types.h>
 #include <tizen.h>
-#include <ckmc/ckmc-type.h>
 #include <ckmc/ckmc-error.h>
-
+#include <ckmc/ckmc-type.h>
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -43,7 +43,7 @@ extern "C" {
 /**
  * @brief Stores a key inside key manager based on the provided policy.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel public
  * @privilege %http://tizen.org/privilege/keymanager
  *
@@ -61,8 +61,7 @@ extern "C" {
  * @param[in] key     The key's binary value to be stored
  * @param[in] policy  The policy about how to store a key securely
  *
- * @return @c 0 on success,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
  * @retval #CKMC_ERROR_NONE              Successful
  * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
@@ -75,18 +74,20 @@ extern "C" {
  *
  * @pre User is already logged in and the user key is already loaded into memory in plain text form.
  *
- * @see ckmc_remove_key()
+ * @see ckmc_remove_alias()
  * @see ckmc_get_key()
  * @see ckmc_get_key_alias_list()
+ * @see ckmc_key_free()
  * @see #ckmc_key_s
  * @see #ckmc_policy_s
  */
 int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy);
 
 /**
+ * @deprecated Deprecated since 2.4. [Use ckmc_remove_alias() instead]
  * @brief Removes a key from key manager.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel public
  * @privilege %http://tizen.org/privilege/keymanager
  *
@@ -95,8 +96,7 @@ int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s p
  *
  * @param[in] alias The name of a key to be removed
  *
- * @return @c 0 on success,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
  * @retval #CKMC_ERROR_NONE              Successful
  * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
@@ -111,13 +111,14 @@ int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s p
  * @see ckmc_save_key()
  * @see ckmc_get_key()
  * @see ckmc_get_key_alias_list()
+ * @see ckmc_remove_alias()
  */
 int ckmc_remove_key(const char *alias);
 
 /**
  * @brief Gets a key from key manager.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel public
  * @privilege %http://tizen.org/privilege/keymanager
  *
@@ -128,11 +129,10 @@ int ckmc_remove_key(const char *alias);
  * @param[in] alias     The name of a key to retrieve
  * @param[in] password  The password used in decrypting a key value \n
  *                      If password of policy is provided in ckmc_save_key(), the same password
- *                      should be provided.
- * @param[out] ppkey    The pointer to a newly created ckmc_key_s handle
+ *                      should be provided
+ * @param[out] ppkey    The pointer to a newly created #ckmc_key_s handle
  *
- * @return @c 0 on success,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
  * @retval #CKMC_ERROR_NONE              Successful
  * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
@@ -142,20 +142,22 @@ int ckmc_remove_key(const char *alias);
  * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN  Alias does not exist
  * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
  * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
- *                                       Decryption failed because password is incorrect.
+ *                                       Decryption failed because password is incorrect
  *
  * @pre User is already logged in and the user key is already loaded into memory in plain text form.
  *
  * @see ckmc_save_key()
- * @see ckmc_remove_key()
+ * @see ckmc_remove_alias()
  * @see ckmc_get_key_alias_list()
+ * @see ckmc_key_free()
+ * @see #ckmc_key_s
  */
 int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **ppkey);
 
 /**
  * @brief Gets all the alias of keys that the client can access.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel public
  * @privilege %http://tizen.org/privilege/keymanager
  *
@@ -163,12 +165,11 @@ int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **ppkey);
  * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
  *          if it is no longer needed.
  *
- * @param[out] ppalias_list  The pointer to a newly created ckmc_alias_list_s handle containing all
+ * @param[out] ppalias_list  The pointer to a newly created #ckmc_alias_list_s handle containing all
  *                           available alias of keys \n
- *                           If there is no available key alias, *ppalias_list will be null.
+ *                           If there is no available key alias, @a *ppalias_list will be null
  *
- * @return @c 0 on success,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
  * @retval #CKMC_ERROR_NONE              Successful
  * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
@@ -181,8 +182,10 @@ int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **ppkey);
  * @pre User is already logged in and the user key is already loaded into memory in plain text form.
  *
  * @see ckmc_save_key()
- * @see ckmc_remove_key()
+ * @see ckmc_remove_alias()
  * @see ckmc_get_key()
+ * @see ckmc_alias_list_all_free()
+ * @see #ckmc_alias_list_s
  */
 int ckmc_get_key_alias_list(ckmc_alias_list_s** ppalias_list);
 
@@ -192,7 +195,7 @@ int ckmc_get_key_alias_list(ckmc_alias_list_s** ppalias_list);
 /**
  * @brief Stores a certificate inside key manager based on the provided policy.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel public
  * @privilege %http://tizen.org/privilege/keymanager
  *
@@ -203,8 +206,7 @@ int ckmc_get_key_alias_list(ckmc_alias_list_s** ppalias_list);
  * @param[in] cert   The certificate's binary value to be stored
  * @param[in] policy The policy about how to store a certificate securely
  *
- * @return @c 0 on success,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
  * @retval #CKMC_ERROR_NONE               Successful
  * @retval #CKMC_ERROR_INVALID_PARAMETER  Input parameter is invalid
@@ -217,7 +219,7 @@ int ckmc_get_key_alias_list(ckmc_alias_list_s** ppalias_list);
  *
  * @pre User is already logged in and the user key is already loaded into memory in plain text form.
  *
- * @see ckmc_remove_cert()
+ * @see ckmc_remove_alias()
  * @see ckmc_get_cert()
  * @see ckmc_get_cert_alias_list()
  * @see #ckmc_cert_s
@@ -226,9 +228,10 @@ int ckmc_get_key_alias_list(ckmc_alias_list_s** ppalias_list);
 int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy);
 
 /**
+ * @deprecated Deprecated since 2.4. [Use ckmc_remove_alias() instead]
  * @brief Removes a certificate from key manager.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel public
  * @privilege %http://tizen.org/privilege/keymanager
  *
@@ -237,8 +240,7 @@ int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_
  *
  * @param[in] alias The name of a certificate to be removed
  *
- * @return @c 0 on success,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
  * @retval #CKMC_ERROR_NONE               Successful
  * @retval #CKMC_ERROR_INVALID_PARAMETER  Input parameter is invalid
@@ -253,13 +255,14 @@ int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_
  * @see ckmc_save_cert()
  * @see ckmc_get_cert()
  * @see ckmc_get_cert_alias_list()
+ * @see ckmc_remove_alias()
  */
 int ckmc_remove_cert(const char *alias);
 
 /**
  * @brief Gets a certificate from key manager.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel public
  * @privilege %http://tizen.org/privilege/keymanager
  *
@@ -271,11 +274,10 @@ int ckmc_remove_cert(const char *alias);
  * @param[in] alias    The name of a certificate to retrieve
  * @param[in] password The password used in decrypting a certificate value \n
  *                     If password of policy is provided in ckmc_save_cert(), the same password
- *                     should be provided.
- * @param[out] ppcert  The pointer to a newly created ckmc_cert_s handle
+ *                     should be provided
+ * @param[out] ppcert  The pointer to a newly created #ckmc_cert_s handle
  *
- * @return @c 0 on success,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
  * @retval #CKMC_ERROR_NONE               Successful
  * @retval #CKMC_ERROR_INVALID_PARAMETER  Input parameter is invalid
@@ -285,20 +287,21 @@ int ckmc_remove_cert(const char *alias);
  * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN   Alias does not exists
  * @retval #CKMC_ERROR_PERMISSION_DENIED  Failed to access key manager
  * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
- *                                        Decryption failed because password is incorrect.
+ *                                        Decryption failed because password is incorrect
  *
  * @pre User is already logged in and the user key is already loaded into memory in plain text form.
  *
  * @see ckmc_save_cert()
- * @see ckmc_remove_cert()
+ * @see ckmc_remove_alias()
  * @see ckmc_get_cert_alias_list()
+ * @see #ckmc_cert_s
  */
 int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **ppcert);
 
 /**
  * @brief Gets all alias of certificates which the client can access.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel public
  * @privilege %http://tizen.org/privilege/keymanager
  *
@@ -306,12 +309,11 @@ int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **ppcert)
  * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
  *          if it is no longer needed.
  *
- * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
+ * @param[out] ppalias_list The pointer to a newly created #ckmc_alias_list_s handle containing all
  *                          available alias of keys \n
- *                          If there is no available key alias, *ppalias_list will be null.
+ *                          If there is no available key alias, @a *ppalias_list will be null
  *
- * @return @c 0 on success,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
  * @retval #CKMC_ERROR_NONE               Successful
  * @retval #CKMC_ERROR_INVALID_PARAMETER  Input parameter is invalid
@@ -324,17 +326,95 @@ int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **ppcert)
  * @pre User is already logged in and the user key is already loaded into memory in plain text form.
  *
  * @see ckmc_save_cert()
- * @see ckmc_remove_cert()
+ * @see ckmc_remove_alias()
  * @see ckmc_get_cert()
+ * @see ckmc_alias_list_all_free()
+ * @see #ckmc_alias_list_s
  */
 int ckmc_get_cert_alias_list(ckmc_alias_list_s** ppalias_list);
 
 
 
+
+/**
+ * @brief Stores PKCS12's contents inside key manager based on the provided policies.
+ * All items from the PKCS12 will use the same alias.
+ *
+ * @since_tizen 2.4
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @param[in] alias         The name of a data to be stored
+ * @param[in] pkcs          Pointer to the pkcs12 structure to be saved
+ * @param[in] key_policy    The policy about how to store pkcs's private key
+ * @param[in] cert_policy   The policy about how to store pkcs's certificate
+ *
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE               Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER  Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED          A user key is not loaded in memory (a user is not logged
+ *                                        in)
+ * @retval #CKMC_ERROR_DB_ALIAS_EXISTS    Alias already exists
+ * @retval #CKMC_ERROR_DB_ERROR           Failed due to a database error
+ * @retval #CKMC_ERROR_PERMISSION_DENIED  Failed to access key manager
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_remove_alias()
+ * @see ckmc_get_pkcs12()
+ * @see ckmc_get_data_alias_list()
+ * @see ckmc_pkcs12_load()
+ * @see #ckmc_pkcs12_s
+ * @see #ckmc_policy_s
+ */
+int ckmc_save_pkcs12(const char *alias,
+                     const ckmc_pkcs12_s *pkcs,
+                     const ckmc_policy_s key_policy,
+                     const ckmc_policy_s cert_policy);
+
+/**
+ * @brief Gets a pkcs12 from key manager.
+ *
+ * @since_tizen 2.4
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @remarks A client can access only data stored by the client.
+ * @remarks You must destroy the newly created @a pkcs12 by calling ckmc_pkcs12_free() if it is no
+ *          longer needed.
+ *
+ * @param[in]  alias         The name of a data to retrieve
+ * @param[in]  key_password  Password that was used to encrypt privateKey (may be NULL)
+ * @param[in]  cert_password Password used to encrypt certificates (may be NULL)
+ * @param[out] pkcs12        The pointer to a newly created #ckmc_pkcs12_s handle
+ *
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE               Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER  Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED          A user key is not loaded in memory (a user is not logged
+ *                                        in)
+ * @retval #CKMC_ERROR_DB_ERROR           Failed due to a database error
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN   Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED  Failed to access key manager
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
+ *                                        keyPassword or certPassword does not match with password
+ *                                        used to encrypt data
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_save_pkcs12()
+ * @see ckmc_remove_alias()
+ * @see ckmc_pkcs12_free()
+ * @see #ckmc_pkcs12_s
+ */
+int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cert_password, ckmc_pkcs12_s **pkcs12);
+
 /**
  * @brief Stores a data inside key manager based on the provided policy.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel public
  * @privilege %http://tizen.org/privilege/keymanager
  *
@@ -342,8 +422,7 @@ int ckmc_get_cert_alias_list(ckmc_alias_list_s** ppalias_list);
  * @param[in] data   The binary value to be stored
  * @param[in] policy The policy about how to store a data securely
  *
- * @return @c 0 on success,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
  * @retval #CKMC_ERROR_NONE               Successful
  * @retval #CKMC_ERROR_INVALID_PARAMETER  Input parameter is invalid
@@ -355,7 +434,7 @@ int ckmc_get_cert_alias_list(ckmc_alias_list_s** ppalias_list);
  *
  * @pre User is already logged in and the user key is already loaded into memory in plain text form.
  *
- * @see ckmc_remove_data()
+ * @see ckmc_remove_alias()
  * @see ckmc_get_data()
  * @see ckmc_get_data_alias_list()
  * @see #ckmc_raw_buffer_s
@@ -364,9 +443,10 @@ int ckmc_get_cert_alias_list(ckmc_alias_list_s** ppalias_list);
 int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy);
 
 /**
+ * @deprecated Deprecated since 2.4. [Use ckmc_remove_alias() instead]
  * @brief Removes a data from key manager.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel public
  * @privilege %http://tizen.org/privilege/keymanager
  *
@@ -375,8 +455,7 @@ int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_
  *
  * @param[in] alias The name of a data to be removed
  *
- * @return @c 0 on success,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
  * @retval #CKMC_ERROR_NONE               Successful
  * @retval #CKMC_ERROR_INVALID_PARAMETER  Input parameter is invalid
@@ -391,13 +470,14 @@ int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_
  * @see ckmc_save_data()
  * @see ckmc_get_data()
  * @see ckmc_get_data_alias_list()
+ * @see ckmc_remove_alias()
  */
 int ckmc_remove_data(const char *alias);
 
 /**
  * @brief Gets a data from key manager.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel public
  * @privilege %http://tizen.org/privilege/keymanager
  *
@@ -408,11 +488,10 @@ int ckmc_remove_data(const char *alias);
  * @param[in]  alias     The name of a data to retrieve
  * @param[in]  password  The password used in decrypting a data value \n
  *                       If password of policy is provided in ckmc_save_data(), the same password
- *                       should be provided.
- * @param[out] ppdata    The pointer to a newly created ckmc_raw_buffer_s handle
+ *                       should be provided
+ * @param[out] ppdata    The pointer to a newly created #ckmc_raw_buffer_s handle
  *
- * @return @c 0 on success,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
  * @retval #CKMC_ERROR_NONE               Successful
  * @retval #CKMC_ERROR_INVALID_PARAMETER  Input parameter is invalid
@@ -426,15 +505,17 @@ int ckmc_remove_data(const char *alias);
  * @pre User is already logged in and the user key is already loaded into memory in plain text form.
  *
  * @see ckmc_save_data()
- * @see ckmc_remove_data()
+ * @see ckmc_remove_alias()
  * @see ckmc_get_data_alias_list()
+ * @see ckmc_buffer_free()
+ * @see #ckmc_raw_buffer_s
  */
 int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **ppdata);
 
 /**
  * @brief Gets all alias of data which the client can access.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel public
  * @privilege %http://tizen.org/privilege/keymanager
  *
@@ -442,12 +523,11 @@ int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **p
  * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
  *          if it is no longer needed.
  *
- * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
+ * @param[out] ppalias_list The pointer to a newly created #ckmc_alias_list_s handle containing all
  *                          available alias of keys \n
- *                          If there is no available key alias, *ppalias_list will be null.
+ *                          If there is no available key alias, @a *ppalias_list will be null
  *
- * @return @c 0 on success,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
  * @retval #CKMC_ERROR_NONE               Successful
  * @retval #CKMC_ERROR_INVALID_PARAMETER  Input parameter is invalid
@@ -460,8 +540,10 @@ int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **p
  * @pre User is already logged in and the user key is already loaded into memory in plain text form.
  *
  * @see ckmc_save_data()
- * @see ckmc_remove_data()
+ * @see ckmc_remove_alias()
  * @see ckmc_get_data()
+ * @see ckmc_alias_list_all_free()
+ * @see #ckmc_alias_list_s
  */
 int ckmc_get_data_alias_list(ckmc_alias_list_s** ppalias_list);
 
@@ -472,7 +554,7 @@ int ckmc_get_data_alias_list(ckmc_alias_list_s** ppalias_list);
  * @brief Creates RSA private/public key pair and stores them inside key manager based on each
  *        policy.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel public
  * @privilege %http://tizen.org/privilege/keymanager
  *
@@ -480,14 +562,13 @@ int ckmc_get_data_alias_list(ckmc_alias_list_s** ppalias_list);
  *          in policy.
  *
  * @param[in] size                The size of key strength to be created \n
- *                                @c 1024, @c 2048, and @c 4096 are supported.
+ *                                @c 1024, @c 2048, and @c 4096 are supported
  * @param[in] private_key_alias   The name of private key to be stored
  * @param[in] public_key_alias    The name of public key to be stored
  * @param[in] policy_private_key  The policy about how to store a private key securely
  * @param[in] policy_public_key   The policy about how to store a public key securely
  *
- * @return @c 0 on success,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
  * @retval #CKMC_ERROR_NONE               Successful
  * @retval #CKMC_ERROR_INVALID_PARAMETER  Input parameter is invalid
@@ -503,6 +584,7 @@ int ckmc_get_data_alias_list(ckmc_alias_list_s** ppalias_list);
  * @see ckmc_create_key_pair_ecdsa()
  * @see ckmc_create_signature()
  * @see ckmc_verify_signature()
+ * @see #ckmc_policy_s
  */
 int ckmc_create_key_pair_rsa(const size_t size,
                              const char *private_key_alias,
@@ -514,7 +596,7 @@ int ckmc_create_key_pair_rsa(const size_t size,
  * @brief Creates DSA private/public key pair and stores them inside key manager based on each
  *        policy.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel public
  * @privilege %http://tizen.org/privilege/keymanager
  *
@@ -522,14 +604,13 @@ int ckmc_create_key_pair_rsa(const size_t size,
  *          in policy.
  *
  * @param[in] size                The size of key strength to be created \n
- *                                @c 1024, @c 2048, @c 3072 and @c 4096 are supported.
+ *                                @c 1024, @c 2048, @c 3072 and @c 4096 are supported
  * @param[in] private_key_alias   The name of private key to be stored
  * @param[in] public_key_alias    The name of public key to be stored
  * @param[in] policy_private_key  The policy about how to store a private key securely
  * @param[in] policy_public_key   The policy about how to store a public key securely
  *
- * @return @c 0 on success,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
  * @retval #CKMC_ERROR_NONE               Successful
  * @retval #CKMC_ERROR_INVALID_PARAMETER  Input parameter is invalid
@@ -545,6 +626,7 @@ int ckmc_create_key_pair_rsa(const size_t size,
  * @see ckmc_create_key_pair_ecdsa()
  * @see ckmc_create_signature()
  * @see ckmc_verify_signature()
+ * @see #ckmc_policy_s
  */
 int ckmc_create_key_pair_dsa(const size_t size,
                              const char *private_key_alias,
@@ -556,7 +638,7 @@ int ckmc_create_key_pair_dsa(const size_t size,
  * @brief Creates ECDSA private/public key pair and stores them inside key manager based on each
  *        policy.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel public
  * @privilege %http://tizen.org/privilege/keymanager
  *
@@ -569,8 +651,7 @@ int ckmc_create_key_pair_dsa(const size_t size,
  * @param[in] policy_private_key  The policy about how to store a private key securely
  * @param[in] policy_public_key   The policy about how to store a public key securely
  *
- * @return @c 0 on success,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
  * @retval #CKMC_ERROR_NONE               Successful
  * @retval #CKMC_ERROR_INVALID_PARAMETER  Input parameter is invalid
@@ -587,6 +668,7 @@ int ckmc_create_key_pair_dsa(const size_t size,
  * @see ckmc_create_signature()
  * @see ckmc_verify_signature()
  * @see #ckmc_ec_type_e
+ * @see #ckmc_policy_s
  */
 int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
                                const char *private_key_alias,
@@ -597,7 +679,7 @@ int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
 /**
  * @brief Creates a signature on a given message using a private key and returns the signature.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel public
  * @privilege %http://tizen.org/privilege/keymanager
  *
@@ -611,12 +693,11 @@ int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
  * @param[in]  message            The message that is signed with a private key
  * @param[in]  hash               The hash algorithm used in creating signature
  * @param[in]  padding            The RSA padding algorithm used in creating signature \n
- *                                It is used only when the signature algorithm is RSA.
+ *                                It is used only when the signature algorithm is RSA
  * @param[out] ppsignature        The pointer to a newly created signature \n
- *                                If an error occurs, @a *ppsignature will be null.
+ *                                If an error occurs, @a *ppsignature will be null
  *
- * @return @c 0 on success,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
  * @retval #CKMC_ERROR_NONE               Successful
  * @retval #CKMC_ERROR_INVALID_PARAMETER  Input parameter is invalid
@@ -626,7 +707,7 @@ int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
  * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN   Alias does not exist
  * @retval #CKMC_ERROR_PERMISSION_DENIED  Failed to access key manager
  * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
- *                                        Decryption failed because password is incorrect.
+ *                                        Decryption failed because password is incorrect
  *
  * @pre User is already logged in and the user key is already loaded into memory in plain text form.
  *
@@ -634,6 +715,7 @@ int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
  * @see ckmc_create_key_pair_ecdsa()
  * @see ckmc_verify_signature()
  * @see ckmc_buffer_free()
+ * @see #ckmc_raw_buffer_s
  * @see #ckmc_hash_algo_e
  * @see #ckmc_rsa_padding_algo_e
  */
@@ -648,7 +730,7 @@ int ckmc_create_signature(const char *private_key_alias,
  * @brief Verifies a given signature on a given message using a public key and returns the signature
  *        status.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel public
  * @privilege %http://tizen.org/privilege/keymanager
  *
@@ -661,10 +743,9 @@ int ckmc_create_signature(const char *private_key_alias,
  * @param[in] signature         The signature that is verified with public key
  * @param[in] hash              The hash algorithm used in verifying signature
  * @param[in] padding           The RSA padding algorithm used in verifying signature \n
- *                              It is used only when the signature algorithm is RSA.
+ *                              It is used only when the signature algorithm is RSA
  *
- * @return @c 0 on success and the signature is valid,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success and the signature is valid, otherwise a negative error value
  *
  * @retval #CKMC_ERROR_NONE                 Successful
  * @retval #CKMC_ERROR_VERIFICATION_FAILED  The signature is invalid
@@ -675,13 +756,14 @@ int ckmc_create_signature(const char *private_key_alias,
  * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN     Alias does not exist
  * @retval #CKMC_ERROR_PERMISSION_DENIED    Failed to access key manager
  * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
- *                                          Decryption failed because password is incorrect.
+ *                                          Decryption failed because password is incorrect
  *
  * @pre User is already logged in and the user key is already loaded into memory in plain text form.
  *
  * @see ckmc_create_key_pair_rsa()
+ * @see ckmc_create_key_pair_dsa()
  * @see ckmc_create_key_pair_ecdsa()
- * @see ckmc_verify_signature()
+ * @see #ckmc_raw_buffer_s
  * @see #ckmc_hash_algo_e
  * @see #ckmc_rsa_padding_algo_e
  */
@@ -695,7 +777,7 @@ int ckmc_verify_signature(const char *public_key_alias,
 /**
  * @brief Verifies a certificate chain and returns that chain.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel public
  * @privilege %http://tizen.org/privilege/keymanager
  *
@@ -704,14 +786,13 @@ int ckmc_verify_signature(const char *public_key_alias,
  * @remarks You must destroy the newly created @a ppcert_chain_list by calling
  *          ckmc_cert_list_all_free() if it is no longer needed.
  *
- * @param[in] cert               The certificate to be verified
- * @param[in] untrustedcerts     The untrusted CA certificates to be used in verifying a certificate
+ * @param[in]  cert              The certificate to be verified
+ * @param[in]  untrustedcerts    The untrusted CA certificates to be used in verifying a certificate
  *                               chain
  * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
- *                               If an error occurs, @a *ppcert_chain_list will be null.
+ *                               If an error occurs, @a *ppcert_chain_list will be null
  *
- * @return @c 0 on success and the signature is valid,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success and the signature is valid, otherwise a negative error value
  *
  * @retval #CKMC_ERROR_NONE                 Successful
  * @retval #CKMC_ERROR_VERIFICATION_FAILED  The certificate chain is not valid
@@ -722,22 +803,24 @@ int ckmc_verify_signature(const char *public_key_alias,
  * @retval #CKMC_ERROR_INVALID_FORMAT       The format of certificate is not valid
  * @retval #CKMC_ERROR_PERMISSION_DENIED    Failed to access key manager
  * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
- *                                          Decryption failed because password is incorrect.
+ *                                          Decryption failed because password is incorrect
  *
  * @pre User is already logged in and the user key is already loaded into memory in plain text form.
  *
  * @see ckmc_get_cert_chain_with_alias())
  * @see ckmc_cert_list_all_free()
+ * @see #ckmc_cert_list_s
  */
 int ckmc_get_cert_chain(const ckmc_cert_s *cert,
                         const ckmc_cert_list_s *untrustedcerts,
                         ckmc_cert_list_s **ppcert_chain_list);
 
 /**
+ * @deprecated Deprecated since 2.4. [Use ckmc_get_cert_chain() instead]
  * @brief Verifies a certificate chain using an alias list of untrusted certificates and return that
  *        chain.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel public
  * @privilege %http://tizen.org/privilege/keymanager
  *
@@ -745,15 +828,15 @@ int ckmc_get_cert_chain(const ckmc_cert_s *cert,
  *          storage.
  * @remarks You must destroy the newly created @a ppcert_chain_list by calling
  *          ckmc_cert_list_all_free() if it is no longer needed.
+ * @remarks @a untrustedcerts shouldn't be protected with optional password.
  *
- * @param[in] cert               The certificate to be verified
- * @param[in] untrustedcerts     The alias list of untrusted CA certificates stored in key manager
+ * @param[in]  cert              The certificate to be verified
+ * @param[in]  untrustedcerts    The alias list of untrusted CA certificates stored in key manager
  *                               to be used in verifying a certificate chain
  * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
- *                               If an error occurs, @a *ppcert_chain_list will be null.
+ *                               If an error occurs, @a *ppcert_chain_list will be null
  *
- * @return @c 0 on success and the signature is valid,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success and the signature is valid, otherwise a negative error value
  *
  * @retval #CKMC_ERROR_NONE                 Successful
  * @retval #CKMC_ERROR_VERIFICATION_FAILED  The certificate chain is not valid
@@ -766,32 +849,111 @@ int ckmc_get_cert_chain(const ckmc_cert_s *cert,
  * @retval #CKMC_ERROR_PERMISSION_DENIED    Failed to access key manager
  * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
  *                                          Some certificates were encrypted with password and could not
- *                                          be used.
+ *                                          be used
  *
  * @pre User is already logged in and the user key is already loaded into memory in plain text form.
  *
  * @see ckmc_get_cert_chain()
  * @see ckmc_cert_list_all_free()
+ * @see #ckmc_cert_s
+ * @see #ckmc_alias_list_s
+ * @see #ckmc_cert_list_s
  */
 int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert,
                                    const ckmc_alias_list_s *untrustedcerts,
                                    ckmc_cert_list_s **ppcert_chain_list);
 
+/**
+ * @brief Verifies a certificate chain and returns that chain using user entered trusted and
+ *        untrusted CA certificates.
+ *
+ * @since_tizen 2.4
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @remarks If the trusted root certificates are provided as a user input, these certificates do not
+ *          need to exist in the system's certificate storage.
+ * @remarks You must destroy the newly created @a ppcert_chain_list by calling
+ *          ckmc_cert_list_all_free() if it is no longer needed.
+ *
+ * @param[in] cert                    The certificate to be verified
+ * @param[in] untrustedcerts          The untrusted CA certificates to be used in verifying a
+ *                                    certificate chain
+ * @param[in] trustedcerts            The trusted CA certificates to be used in verifying a
+ *                                    certificate chain
+ * @param[in] use_trustedsystemcerts  The flag indicating the use of the trusted root certificates
+ *                                    in the system's certificate storage
+ * @param[out] ppcert_chain_list      The pointer to a newly created certificate chain's handle \n
+ *                                    If an error occurs, @a *ppcert_chain_list will be null
+ *
+ * @return #CKMC_ERROR_NONE on success and the signature is valid, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE                 Successful
+ * @retval #CKMC_ERROR_VERIFICATION_FAILED  The certificate chain is not valid
+ * @retval #CKMC_ERROR_INVALID_PARAMETER    Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED            A user key is not loaded in memory (a user is not logged
+ *                                          in)
+ * @retval #CKMC_ERROR_DB_ERROR             Failed due to the error with unknown reason
+ * @retval #CKMC_ERROR_INVALID_FORMAT       The format of certificate is not valid
+ * @retval #CKMC_ERROR_PERMISSION_DENIED    Failed to access key manager
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_cert_list_all_free()
+ * @see #ckmc_cert_s
+ * @see #ckmc_cert_list_s
+ */
+int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s *cert,
+                                         const ckmc_cert_list_s *untrustedcerts,
+                                         const ckmc_cert_list_s *trustedcerts,
+                                         const bool use_trustedsystemcerts,
+                                         ckmc_cert_list_s **ppcert_chain_list);
+
+/**
+ * @brief Perform OCSP which checks certificate is whether revoked or not.
+ *
+ * @since_tizen 2.4
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @param[in]  pcert_chain_list  Valid certificate chain to perform OCSP check
+ * @param[out] ocsp_status       The pointer to status result of OCSP check
+ *
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE                 Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER    Input parameter is invalid
+ * @retval #CKMC_ERROR_PERMISSION_DENIED    Failed to access key manager
+ * @retval #CKMC_ERROR_NOT_SUPPORTED        Device needed to run API is not supported
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ * @pre @a pcert_chain_list is created with ckmc_get_certificate_chain() or
+ *      ckmc_get_certificate_chain_with_alias().
+ *
+ * @see ckmc_get_cert_chain()
+ * @see ckmc_get_cert_chain_with_alias()
+ * @see ckmc_get_cert_chain_with_trustedcert()
+ * @see ckmc_cert_list_all_free()
+ * @see #ckmc_cert_list_s
+ * @see #ckmc_ocsp_status_e
+ */
+int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status);
 
 /**
- * @brief Allows another application to access client's application data
+ * @deprecated Deprecated since 2.4. [Use ckmc_set_permission() instead]
+ * @brief Allows another application to access client's application data.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel public
  * @privilege %http://tizen.org/privilege/keymanager
  *
- * @remarks Data identified by @a alias should exist
+ * @remarks Data identified by @a alias should exist.
  *
  * @param[in] alias       Data alias for which access will be granted
  * @param[in] accessor    Package id of the application that will gain access rights
  * @param[in] granted     Rights granted for @a accessor application
  *
- * @return @c 0 on success, otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
  * @retval #CKMC_ERROR_NONE                 Successful
  * @retval #CKMC_ERROR_INVALID_PARAMETER    Input parameter is invalid
@@ -804,24 +966,56 @@ int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert,
  * @pre User is already logged in and the user key is already loaded into memory in plain text form.
  *
  * @see ckmc_deny_access()
+ * @see ckmc_set_permission()
+ * @see #ckmc_access_right_e
  */
 int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted);
 
+/**
+ * @brief Allows another application to access client's application data.
+ *
+ * @since_tizen 2.4
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @remarks Data identified by @a alias should exist.
+ *
+ * @param[in] alias       Data alias for which access will be granted
+ * @param[in] accessor    Package id of the application that will gain access rights
+ * @param[in] permissions Mask of #ckmc_permission_e granted for @a accessor application \n
+ *                        Previous permission mask will be replaced with the new mask value
+ *
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE                 Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER    Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED            A user key is not loaded in memory (a user is not logged
+ *                                          in)
+ * @retval #CKMC_ERROR_DB_ERROR             Failed due to the error with unknown reason
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN     Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED    Failed to access key manager
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see #ckmc_permission_e
+ */
+int ckmc_set_permission(const char *alias, const char *accessor, int permissions);
 
 /**
- * @brief Revokes another application's access to client's application data
+ * @deprecated Deprecated since 2.4. [Use ckmc_set_permission() instead]
+ * @brief Revokes another application's access to client's application data.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  * @privlevel public
  * @privilege %http://tizen.org/privilege/keymanager
  *
- * @remarks Data identified by @a alias should exist
- * @remarks Only access previously granted with ckmc_allow_access can be revoked.
+ * @remarks Data identified by @a alias should exist.
+ * @remarks Only access previously granted with ckmc_allow_access() can be revoked.
  *
  * @param[in] alias       Data alias for which access will be revoked
  * @param[in] accessor    Package id of the application that will lose access rights
  *
- * @return @c 0 on success, otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
  * @retval #CKMC_ERROR_NONE                 Successful
  * @retval #CKMC_ERROR_INVALID_PARAMETER    Input parameter is invalid or the @a accessor doesn't
@@ -835,9 +1029,44 @@ int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right
  * @pre User is already logged in and the user key is already loaded into memory in plain text form.
  *
  * @see ckmc_allow_access()
+ * @see ckmc_set_permission()
  */
 int ckmc_deny_access(const char *alias, const char *accessor);
 
+/**
+ * @brief Removes a an entry (no matter of type) from the key manager.
+ *
+ * @since_tizen 2.4
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @remarks To remove item, client must have remove permission to the specified item.
+ * @remarks The item owner can remove by default.
+ *
+ * @param[in] alias Item alias to be removed
+ *
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE              Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED         A user key is not loaded in memory (a user is not logged
+ *                                       in)
+ * @retval #CKMC_ERROR_DB_ERROR          Failed due to a database error
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN  Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_save_key()
+ * @see ckmc_save_cert()
+ * @see ckmc_save_data()
+ * @see ckmc_save_pkcs12()
+ * @see ckmc_create_key_pair_rsa()
+ * @see ckmc_create_key_pair_dsa()
+ * @see ckmc_create_key_pair_ecdsa()
+ */
+int ckmc_remove_alias(const char *alias);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/include/ckmc/ckmc-type.h b/src/include/ckmc/ckmc-type.h
index ef9cc7c..ad0100e 100644
--- a/src/include/ckmc/ckmc-type.h
+++ b/src/include/ckmc/ckmc-type.h
@@ -15,7 +15,7 @@
  *
  *
  * @file        ckmc-type.h
- * @version     1.0
+ * @version     1.2
  * @brief       Definitions of struct for the Key Manager's CAPI and their utility functions.
  */
 
@@ -23,7 +23,7 @@
 #define __TIZEN_CORE_CKMC_TYPE_H
 
 #include <stddef.h>
-#include <ckmc/ckmc-error.h>
+#include <stdbool.h>
 
 #define KEY_MANAGER_CAPI __attribute__((visibility("default")))
 
@@ -38,18 +38,20 @@ extern "C" {
  */
 
 /**
- * alias can be provided as an alias alone, or together with label - in this
- * case, separator " " (space bar) is used to separate label and alias.
+ * @brief Sperator between alias and label.
+ * @since_tizen 2.3
+ * @remarks Alias can be provided as an alias alone, or together with label - in this
+ *          case, separator " " (space bar) is used to separate label and alias.
  * @see key-manager_doc.h
  */
 KEY_MANAGER_CAPI extern char const * const ckmc_label_name_separator;
 
 /**
  * @brief Enumeration for key types of key manager.
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  */
 typedef enum __ckmc_key_type {
-    CKMC_KEY_NONE = 0,       /**< key type not specified */
+    CKMC_KEY_NONE = 0,       /**< Key type not specified */
     CKMC_KEY_RSA_PUBLIC,     /**< RSA public key */
     CKMC_KEY_RSA_PRIVATE,    /**< RSA private key */
     CKMC_KEY_ECDSA_PUBLIC,   /**< ECDSA public key */
@@ -61,7 +63,7 @@ typedef enum __ckmc_key_type {
 
 /**
  * @brief Enumeration for data format.
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  */
 typedef enum __ckmc_data_format {
     CKMC_FORM_DER_BASE64 = 0,  /**< DER format base64 encoded data */
@@ -72,7 +74,7 @@ typedef enum __ckmc_data_format {
 
 /**
  * @brief Enumeration for elliptic curve.
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  */
 typedef enum __ckmc_ec_type {
     CKMC_EC_PRIME192V1 = 0, /**< Elliptic curve domain "secp192r1" listed in "SEC 2" recommended
@@ -84,7 +86,7 @@ typedef enum __ckmc_ec_type {
 
 /**
  * @brief Enumeration for hash algorithm.
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  */
 typedef enum __ckmc_hash_algo {
     CKMC_HASH_NONE = 0, /**< No Hash Algorithm  */
@@ -96,7 +98,7 @@ typedef enum __ckmc_hash_algo {
 
 /**
  * @brief Enumeration for RSA padding algorithm.
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  */
 typedef enum __ckmc_rsa_padding_algo {
     CKMC_NONE_PADDING = 0,  /**< No Padding */
@@ -105,17 +107,28 @@ typedef enum __ckmc_rsa_padding_algo {
 } ckmc_rsa_padding_algo_e;
 
 /**
+ * @deprecated Deprecated since 2.4. [Use ckmc_permission_e() instead]
  * @brief Enumeration for database access rights.
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  */
 typedef enum __ckmc_access_right{
-    CKMC_AR_READ = 0,       /**< access right for read*/
-    CKMC_AR_READ_REMOVE     /**< access right for read and remove*/
+    CKMC_AR_READ = 0,       /**< Access right for read*/
+    CKMC_AR_READ_REMOVE     /**< Access right for read and remove*/
 } ckmc_access_right_e;
 
 /**
+ * @brief Enumeration for permissions to access/modify alias.
+ * @since_tizen 2.4
+ */
+typedef enum __ckmc_permission{
+    CKMC_PERMISSION_NONE        = 0x00, /**< Clear permissions */
+    CKMC_PERMISSION_READ        = 0x01, /**< Eead allowed */
+    CKMC_PERMISSION_REMOVE      = 0x02  /**< Remove allowed */
+} ckmc_permission_e;
+
+/**
  * @brief the structure for binary buffer used in key manager CAPI.
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  */
 typedef struct __ckmc_raw_buff {
     unsigned char* data; /**< Byte array containing binary data */
@@ -124,7 +137,7 @@ typedef struct __ckmc_raw_buff {
 
 /**
  * @brief The structure for a policy for storing key/certificate/binary data.
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  */
 typedef struct __ckmc_policy {
     char* password;   /**< Byte array used to encrypt data inside CKM. If it is not null, the data
@@ -135,7 +148,7 @@ typedef struct __ckmc_policy {
 
 /**
  * @brief The structure for key used in key manager CAPI.
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  */
 typedef struct __ckmc_key {
     unsigned char* raw_key;   /**< Byte array of key. raw_key may be encrypted with password */
@@ -146,7 +159,7 @@ typedef struct __ckmc_key {
 
 /**
  * @brief The structure for certificate used in key manager CAPI.
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  */
 typedef struct __ckmc_cert {
     unsigned char* raw_cert;  /**< Byte array of certificate */
@@ -156,7 +169,7 @@ typedef struct __ckmc_cert {
 
 /**
  * @brief The structure for linked list of alias.
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  */
 typedef struct __ckmc_alias_list {
     char *alias;  /**< The name of key, certificate or data stored in key manager */
@@ -164,35 +177,59 @@ typedef struct __ckmc_alias_list {
 } ckmc_alias_list_s;
 
 /**
- * @brief The structure for linked list of ckmc_cert_s
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @brief The structure for linked list of #ckmc_cert_s.
+ * @since_tizen 2.3
  */
 typedef struct __ckmc_cert_list {
-    ckmc_cert_s *cert; /**< The pointer of ckmc_cert_s */
-    struct __ckmc_cert_list *next; /**< The pointer pointing to the next ckmc_cert_list_s */
+    ckmc_cert_s *cert; /**< The pointer of #ckmc_cert_s */
+    struct __ckmc_cert_list *next; /**< The pointer pointing to the next #ckmc_cert_list_s */
 } ckmc_cert_list_s;
 
+/**
+ * @brief Enumeration for OCSP status.
+ * @since_tizen 2.4
+ */
+typedef enum __ckmc_ocsp_status {
+    CKMC_OCSP_STATUS_GOOD = 0,          /**< OCSP status is good */
+    CKMC_OCSP_STATUS_REVOKED,           /**< The certificate is revoked */
+    CKMC_OCSP_STATUS_UNKNOWN,           /**< Unknown error */
+    CKMC_OCSP_ERROR_UNSUPPORTED,        /**< The certificate does not provide OCSP extension */
+    CKMC_OCSP_ERROR_INVALID_URL,        /**< The invalid URL in certificate OCSP extension */
+    CKMC_OCSP_ERROR_INVALID_RESPONSE,   /**< The invalid response from OCSP server */
+    CKMC_OCSP_ERROR_REMOTE,             /**< OCSP remote server error */
+    CKMC_OCSP_ERROR_NET,                /**< Network connection error */
+    CKMC_OCSP_ERROR_INTERNAL            /**< OpenSSL API error */
+} ckmc_ocsp_status_e;
 
 /**
- * @internal
- * @brief Creates a new @a ckmc_key_s handle and returns it.
+ * @brief The structure for PKCS12 used in key manager CAPI.
+ * @since_tizen 2.4
+ */
+typedef struct __ckmc_pkcs12 {
+    ckmc_key_s  *priv_key;      /**< The private key, may be null */
+    ckmc_cert_s *cert;          /**< The certificate, may be null */
+    ckmc_cert_list_s *ca_chain; /**< The chain certificate list, may be null */
+} ckmc_pkcs12_s;
+
+
+/**
+ * @brief Creates a new #ckmc_key_s handle and returns it.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.4
  *
- * @remarks You must destroy the newly created @a ckmc_key_s by calling ckmc_key_free() if it is no
- *          longer needed.
+ * @remarks You must destroy the newly created @a ppkey by calling ckmc_key_free()
+ *          if it is no longer needed.
  *
- * @param[in] raw_key  The byte array of key \n
- *                     @a raw_key may be encrypted with password.
+ * @param[in] raw_key  The byte array of key @a raw_key may be encrypted with password
  * @param[in] key_size The byte size of @a raw_key
  * @param[in] key_type The @a raw_key's type
  * @param[in] password The byte array used to decrypt @a raw_key inside key manager \n
- *                     If @a raw_key is not encrypted, @a password can be null.
- * @param[out] ppkey   The pointer to a newly created @a ckmc_key_s handle
+ *                     If @a raw_key is not encrypted, @a password can be null
+ * @param[out] ppkey   The pointer to a newly created #ckmc_key_s handle
  *
- * @return @c 0 on success,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
+ * @retval #CKMC_ERROR_NONE              Successful
  * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
  * @retval #CKMC_ERROR_OUT_OF_MEMORY     Not enough memory
  *
@@ -202,75 +239,74 @@ typedef struct __ckmc_cert_list {
 int ckmc_key_new(unsigned char *raw_key,
                  size_t key_size,
                  ckmc_key_type_e key_type,
-                 char *password, ckmc_key_s **ppkey);
+                 char *password,
+                 ckmc_key_s **ppkey);
 
 /**
- * @brief Destroys the @a ckmc_key_s handle and releases all its resources.
+ * @brief Destroys the #ckmc_key_s handle and releases all its resources.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  *
- * @param[in] key The @a ckmc_key_s handle to destroy
+ * @param[in] key The #ckmc_key_s handle to destroy
  *
  */
 void ckmc_key_free(ckmc_key_s *key);
 
 /**
- * @internal
- * @brief Creates a new @a ckmc_raw_buffer_s handle and returns it.
+ * @brief Creates a new #ckmc_raw_buffer_s handle and returns it.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.4
  *
- * @remarks You must destroy the newly created @a ckmc_raw_buffer_s by calling ckmc_buffer_free() if
- *          it is no longer needed.
+ * @remarks You must destroy the newly created @a ppbuffer by calling ckmc_buffer_free()
+ *          if it is no longer needed.
  *
  * @param[in]  data      The byte array of buffer
  * @param[in]  size      The byte size of buffer
- * @param[out] ppbuffer  The pointer to a newly created @a ckmc_buffer_s handle
+ * @param[out] ppbuffer  The pointer to a newly created #ckmc_buffer_s handle
  *
- * @return @c 0 on success,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
+ * @retval #CKMC_ERROR_NONE               Successful
  * @retval #CKMC_ERROR_INVALID_PARAMETER  Input parameter is invalid
  * @retval #CKMC_ERROR_OUT_OF_MEMORY      Not enough memory
  *
  * @see ckmc_buffer_free()
  * @see #ckmc_raw_buffer_s
  */
-int ckmc_buffer_new(unsigned char *data, size_t size,ckmc_raw_buffer_s **ppbuffer);
+int ckmc_buffer_new(unsigned char *data, size_t size, ckmc_raw_buffer_s **ppbuffer);
 
 /**
- * @brief Destroys the @a ckmc_raw_buffer_s handle and releases all its resources.
+ * @brief Destroys the #ckmc_raw_buffer_s handle and releases all its resources.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  *
- * @param[in] buffer The @a ckmc_raw_buffer_s handle to destroy
+ * @param[in] buffer The #ckmc_raw_buffer_s structure to destroy
  *
  */
 void ckmc_buffer_free(ckmc_raw_buffer_s *buffer);
 
 /**
- * @internal
- * @brief Creates a new @a ckmc_cert_s handle and returns it.
+ * @brief Creates a new #ckmc_cert_s handle and returns it.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.4
  *
- * @remarks You must destroy the newly created @a ckmc_cert_s by calling ckmc_cert_free() if it is
- *          no longer needed.
+ * @remarks You must destroy the newly created @a ppcert by calling ckmc_cert_free()
+ *          if it is no longer needed.
  *
  * @param[in]  raw_cert     The byte array of certificate
  * @param[in]  cert_size    The byte size of raw_cert
  * @param[in]  data_format  The encoding format of raw_cert
- * @param[out] ppcert       The pointer to a newly created @a ckmc_cert_s handle
+ * @param[out] ppcert       The pointer to a newly created #ckmc_cert_s handle
  *
- * @return @c 0 on success,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
+ * @retval #CKMC_ERROR_NONE               Successful
  * @retval #CKMC_ERROR_INVALID_PARAMETER  Input parameter is invalid
  * @retval #CKMC_ERROR_OUT_OF_MEMORY      Not enough memory
  *
  * @see ckmc_cert_free()
  * @see ckmc_load_cert_from_file()
- * @see ckmc_load_from_pkcs12_file()
+ * @see #ckmc_data_format_e
  * @see #ckmc_cert_s
  */
 int ckmc_cert_new(unsigned char *raw_cert,
@@ -279,31 +315,31 @@ int ckmc_cert_new(unsigned char *raw_cert,
                   ckmc_cert_s **ppcert);
 
 /**
- * @brief Destroys the @a ckmc_cert handle and releases all its resources.
+ * @brief Destroys the #ckmc_cert handle and releases all its resources.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  *
- * @param[in] cert The @a ckmc_cert_s handle to destroy
+ * @param[in] cert The #ckmc_cert_s handle to destroy
  *
  * @see ckmc_load_cert_from_file()
  * @see ckmc_load_from_pkcs12_file()
+ * @see #ckmc_cert_s
  */
 void ckmc_cert_free(ckmc_cert_s *cert);
 
 /**
- * @brief Creates a new @a ckmc_cert_s handle from a given file and returns it.
+ * @brief Creates a new #ckmc_cert_s handle from a given file and returns it.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  *
- * @remarks You must destroy the newly created @a ckmc_cert_s by calling ckmc_cert_free() if it is
- *          no longer needed.
+ * @remarks You must destroy the newly created @a cert by calling ckmc_cert_free()
+ *          if it is no longer needed.
  *
  * @param[in]  file_path  The path of certificate file to be loaded \n
- *                        The only DER or PEM encoded certificate file is supported.
- * @param[out] cert       The pointer of newly created @a ckmc_cert_s handle
+ *                        The only DER or PEM encoded certificate file is supported
+ * @param[out] cert       The pointer of newly created #ckmc_cert_s handle
  *
- * @return #CKMC_ERROR_NONE on success,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
  * @retval #CKMC_ERROR_NONE                Successful
  * @retval #CKMC_ERROR_OUT_OF_MEMORY       Not enough memory space
@@ -311,39 +347,75 @@ void ckmc_cert_free(ckmc_cert_s *cert);
  * @retval #CKMC_ERROR_FILE_ACCESS_DENIED  Provided file does not exist or cannot be accessed
  *
  * @see ckmc_cert_free()
- * @see ckmc_load_from_pkcs12_file()
  * @see #ckmc_cert_s
  */
 int ckmc_load_cert_from_file(const char *file_path, ckmc_cert_s **cert);
 
 /**
- * @brief Creates a new @a ckmc_key_s(private key), @a ckmc_cert_s(certificate), and
- *        @a ckmc_cert_list_s(CA certificates) handle from a given PKCS#12 file and returns them.
+ * @brief Creates a new #ckmc_pkcs12_s handle and returns it.
+ *
+ * @since_tizen 2.4
+ *
+ * @remarks You must destroy the newly created @a pkcs12_bundle by calling ckmc_pkcs12_free()
+ *          if it is no longer needed.
+ * @remarks On success, @a private_key, @a cert and @a ca_cert_list ownership is transferred
+ *          into newly returned #ckmc_pkcs12_s.
+ *
+ * @param[in]  private_key      #ckmc_key_s handle to the private key (optional)
+ * @param[in]  cert             #ckmc_cert_s handle to the certificate (optional)
+ * @param[in]  ca_cert_list     #ckmc_cert_list_s list of chain certificate handles (optional)
+ * @param[out] pkcs12_bundle    The pointer to a newly created #ckmc_pkcs12_s handle
+ *
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE               Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER  Input parameter is invalid or @a private_key, @a cert
+ *                                        and @a ca_cert_list all are null
+ * @retval #CKMC_ERROR_OUT_OF_MEMORY      Not enough memory
+ *
+ * @see ckmc_pkcs12_free()
+ * @see ckmc_load_from_pkcs12_file()
+ * @see ckmc_pkcs12_load()
+ * @see #ckmc_key_s
+ * @see #ckmc_cert_s
+ * @see #ckmc_cert_list_s
+ * @see #ckmc_pkcs12_s
+ */
+int ckmc_pkcs12_new(ckmc_key_s *private_key,
+                    ckmc_cert_s *cert,
+                    ckmc_cert_list_s *ca_cert_list,
+                    ckmc_pkcs12_s **pkcs12_bundle);
+
+/**
+ * @deprecated Deprecated since 2.4. [Use ckmc_pkcs12_load() instead]
+ * @brief Creates a new @a private_key, @a cert and @a ca_cert_list handle from a given
+ *        PKCS12 file and returns them.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  *
- * @remarks You must destroy the newly created @a ckmc_key_s, @a ckmc_cert_s, and
- *          @a ckmc_cert_list_s by calling ckmc_key_free(), ckmc_cert_free(), and
+ * @remarks You must destroy the newly created @a private_key, @a cert and
+ *          @a ca_cert_list by calling ckmc_key_free(), ckmc_cert_free() and
  *          ckmc_cert_list_all_free() if they are no longer needed.
  *
  * @param[in]  file_path    The path of PKCS12 file to be loaded
  * @param[in]  passphrase   The passphrase used to decrypt the PCKS12 file \n
- *                          If PKCS12 file is not encrypted, passphrase can be null.
- * @param[out] private_key  The pointer of newly created @a ckmc_key_s handle for a private key
- * @param[out] cert         The pointer of newly created @a ckmc_cert_s handle for a certificate \n
- *                          It is null if the PKCS12 file does not contain a certificate.
- * @param[out] ca_cert_list The pointer of newly created @a ckmc_cert_list_s handle for CA
+ *                          If PKCS12 file is not encrypted, passphrase can be null
+ * @param[out] private_key  The pointer of newly created #ckmc_key_s handle for a private key
+ * @param[out] cert         The pointer of newly created #ckmc_cert_s handle for a certificate \n
+ *                          It is null if the PKCS12 file does not contain a certificate
+ * @param[out] ca_cert_list The pointer of newly created #ckmc_cert_list_s handle for CA
  *                          certificates \n
- *                          It is null if the PKCS12 file does not contain CA certificates.
+ *                          It is null if the PKCS12 file does not contain CA certificates
  *
- * @return #CKMC_ERROR_NONE on success,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
  * @retval #CKMC_ERROR_NONE                Successful
  * @retval #CKMC_ERROR_OUT_OF_MEMORY       Not enough memory space
  * @retval #CKMC_ERROR_INVALID_FORMAT      Invalid PKCS12 file format
  * @retval #CKMC_ERROR_FILE_ACCESS_DENIED  Provided file does not exist or cannot be accessed
  *
+ * @see ckmc_pkcs12_new()
+ * @see ckmc_pkcs12_load()
  * @see ckmc_key_free()
  * @see ckmc_cert_free()
  * @see ckmc_cert_list_all_free()
@@ -353,27 +425,67 @@ int ckmc_load_cert_from_file(const char *file_path, ckmc_cert_s **cert);
  */
 int ckmc_load_from_pkcs12_file(const char *file_path,
                                const char *passphrase,
-                               ckmc_key_s **private_key, ckmc_cert_s **cert,
+                               ckmc_key_s **private_key,
+                               ckmc_cert_s **cert,
                                ckmc_cert_list_s **ca_cert_list);
 
 /**
- * @internal
- * @brief Creates a new @a ckmc_alias_list_s handle and returns it.
- *        The alias pointer in the returned @a ckmc_alias_list_s handle points to the provided
+ * @brief Creates a new #ckmc_pkcs12_s handle from a given PKCS#12 file and returns it.
+ *
+ * @since_tizen 2.4
+ *
+ * @remarks You must destroy the newly created @a pkcs12_bundle by calling ckmc_pkcs12_free() if
+ *          they are no longer needed.
+ *
+ * @param[in]  file_path     The path of PKCS12 file to be loaded
+ * @param[in]  passphrase    The passphrase used to decrypt the PCKS12 file \n
+ *                           If PKCS12 file is not encrypted, passphrase can be null
+ * @param[out] pkcs12_bundle The pointer of newly created #ckmc_cert_list_s handle for CA
+ *                           certificates \n
+ *                           It is null if the PKCS12 file does not contain CA certificates
+ *
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE                Successful
+ * @retval #CKMC_ERROR_OUT_OF_MEMORY       Not enough memory space
+ * @retval #CKMC_ERROR_INVALID_FORMAT      Invalid PKCS12 file format
+ * @retval #CKMC_ERROR_FILE_ACCESS_DENIED  Provided file does not exist or cannot be accessed
+ *
+ * @see ckmc_pkcs12_free()
+ * @see #ckmc_pkcs12_s
+ */
+int ckmc_pkcs12_load(const char *file_path,
+                     const char *passphrase,
+                     ckmc_pkcs12_s **pkcs12_bundle);
+
+/**
+ * @brief Destroys the #ckmc_pkcs12_s handle and releases all its resources.
+ *
+ * @since_tizen 2.4
+ *
+ * @param[in] pkcs12 The #ckmc_pkcs12_s handle to destroy
+ *
+ * @see ckmc_pkcs12_new()
+ * @see ckmc_pkcs12_load()
+ */
+void ckmc_pkcs12_free(ckmc_pkcs12_s *pkcs12);
+
+/**
+ * @brief Creates a new #ckmc_alias_list_s handle and returns it.
+ *        The alias pointer in the returned #ckmc_alias_list_s handle points to the provided
  *        characters and next is null.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.4
  *
- * @remarks You must destroy the newly created @a ckmc_alias_list_s
- *          by calling ckmc_alias_list_free() or ckmc_alias_list_all_free() if it is no longer
- *          needed.
+ * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_free()
+ *          or ckmc_alias_list_all_free() if it is no longer needed.
  *
- * @param[in]  alias        The first item to be set in the newly created @a ckmc_alias_list_s
- * @param[out] ppalias_list The pointer to a newly created @a ckmc_alias_list_s handle
+ * @param[in]  alias        The first item to be set in the newly created #ckmc_alias_list_s
+ * @param[out] ppalias_list The pointer to a newly created #ckmc_alias_list_s handle
  *
- * @return @c 0 on success,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
+ * @retval #CKMC_ERROR_NONE              Successful
  * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
  * @retval #CKMC_ERROR_OUT_OF_MEMORY     Not enough memory
  *
@@ -383,21 +495,20 @@ int ckmc_load_from_pkcs12_file(const char *file_path,
 int ckmc_alias_list_new(char *alias, ckmc_alias_list_s **ppalias_list);
 
 /**
- * @internal
- * @brief Creates a new @a ckmc_alias_list_s handle, adds it to a previous @a ckmc_alias_list_s and
- *        returns it. The alias pointer in the returned @a ckmc_alias_list_s handle points to the
+ * @brief Creates a new #ckmc_alias_list_s handle, adds it to a @a previous and returns it.
+ *        The alias pointer in the returned #ckmc_alias_list_s handle points to the
  *        provided characters and next is null.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.4
  *
- * @param[in]  previous  The last @a ckmc_alias_list_s handle to which a newly created
- *                       @a ckmc_alias_list_s is added
- * @param[in]  alias     The item to be set in the newly created @a ckmc_alias_list_s
- * @param[out] pplast    The pointer to a newly created and added @a ckmc_alias_list_s handle
+ * @param[in]  previous  The last #ckmc_alias_list_s handle to which a newly created
+ *                       #ckmc_alias_list_s is added
+ * @param[in]  alias     The item to be set in the newly created #ckmc_alias_list_s
+ * @param[out] pplast    The pointer to a newly created and added #ckmc_alias_list_s handle
  *
- * @return @c 0 on success,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
+ * @retval #CKMC_ERROR_NONE               Successful
  * @retval #CKMC_ERROR_INVALID_PARAMETER  Input parameter is invalid
  * @retval #CKMC_ERROR_OUT_OF_MEMORY      Not enough memory
  *
@@ -409,15 +520,14 @@ int ckmc_alias_list_add(ckmc_alias_list_s *previous,
                         ckmc_alias_list_s **pplast);
 
 /**
- * @internal
- * @brief Destroys the @a ckmc_alias_list_s handle and releases resources of @a ckmc_alias_list_s
- *        from the provided first handle cascadingly.
+ * @brief Destroys the #ckmc_alias_list_s handle and releases resources from the provided
+ *        @a first handle cascadingly.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.4
  *
- * @remarks It does not destroy an alias itself in @a ckmc_alias_list_s.
+ * @remarks It does not destroy an alias itself in #ckmc_alias_list_s.
  *
- * @param[in] first The first @a ckmc_alias_list_s handle to destroy
+ * @param[in] first The first #ckmc_alias_list_s handle to destroy
  *
  * @see ckmc_alias_list_all_free()
  * @see #ckmc_alias_list_s
@@ -425,36 +535,36 @@ int ckmc_alias_list_add(ckmc_alias_list_s *previous,
 void ckmc_alias_list_free(ckmc_alias_list_s *first);
 
 /**
- * @brief Destroys the @a ckmc_alias_list_s handle and releases all its resources from the provided
- *        first handle cascadingly.
+ * @brief Destroys the #ckmc_alias_list_s handle and releases all its resources from the provided
+ *        @a first handle cascadingly.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.4
  *
- * @remarks It also destroys the alias in @a ckmc_alias_list_s.
+ * @remarks It also destroys the alias in #ckmc_alias_list_s.
  *
- * @param[in] first The first @a ckmc_alias_list_s handle to destroy
+ * @param[in] first The first #ckmc_alias_list_s handle to destroy
  *
+ * @see ckmc_alias_list_free()
  * @see #ckmc_alias_list_s
  */
 void ckmc_alias_list_all_free(ckmc_alias_list_s *first);
 
 /**
- * @internal
- * @brief Creates a new @a ckmc_cert_list_s handle and returns it.
- *        The cert pointer in the returned @a ckmc_cert_list_s handle points to the provided
- *        @a ckmc_cert_s and next is null.
+ * @brief Creates a new #ckmc_cert_list_s handle and returns it.
+ *        The cert pointer in the returned #ckmc_cert_list_s handle points to the provided
+ *        #ckmc_cert_s and next is null.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.4
  *
- * @remarks You must destroy the newly created @a ckmc_cert_list_s by calling ckmc_cert_list_free()
+ * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_cert_list_free()
  *          or ckmc_cert_list_all_free() if it is no longer needed.
  *
- * @param[in]  cert          The first item to be set in the newly created @a ckmc_cert_list_s
- * @param[out] ppalias_list  The pointer to a newly created @a ckmc_alias_list_s handle
+ * @param[in]  cert          The first item to be set in the newly created #ckmc_cert_list_s
+ * @param[out] ppalias_list  The pointer to a newly created #ckmc_alias_list_s handle
  *
- * @return @c 0 on success,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
+ * @retval #CKMC_ERROR_NONE               Successful
  * @retval #CKMC_ERROR_INVALID_PARAMETER  Input parameter is invalid
  * @retval #CKMC_ERROR_OUT_OF_MEMORY      Not enough memory
  *
@@ -464,21 +574,20 @@ void ckmc_alias_list_all_free(ckmc_alias_list_s *first);
 int ckmc_cert_list_new(ckmc_cert_s *cert, ckmc_cert_list_s **ppalias_list);
 
 /**
- * @internal
- * @brief Creates a new @a ckmc_cert_list_s handle, adds it to a previous @a ckmc_cert_list_s and
- *        returns it. The cert pointer in the returned @a ckmc_alias_list_s handle points to the
- *        provided @a ckmc_cert_s and next is null.
+ * @brief Creates a new #ckmc_cert_list_s handle, adds it to a previous #ckmc_cert_list_s and
+ *        returns it. The cert pointer in the returned #ckmc_alias_list_s handle points to the
+ *        provided #ckmc_cert_s and next is null.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.4
  *
- * @param[in]  previous  The last @a ckmc_cert_list_s handle to which a newly created
- *                       @a ckmc_cert_list_s is added
- * @param[in]  cert      The item to be set in the newly created @a ckmc_cert_list_s
- * @param[out] pplast    The pointer to a newly created and added @a ckmc_alias_list_s handle
+ * @param[in]  previous  The last #ckmc_cert_list_s handle to which a newly created
+ *                       #ckmc_cert_list_s is added
+ * @param[in]  cert      The item to be set in the newly created #ckmc_cert_list_s
+ * @param[out] pplast    The pointer to a newly created and added #ckmc_alias_list_s handle
  *
- * @return @c 0 on success,
- *         otherwise a negative error value
+ * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
  *
+ * @retval #CKMC_ERROR_NONE               Successful
  * @retval #CKMC_ERROR_INVALID_PARAMETER  Input parameter is invalid
  * @retval #CKMC_ERROR_OUT_OF_MEMORY      Not enough memory
  *
@@ -488,15 +597,14 @@ int ckmc_cert_list_new(ckmc_cert_s *cert, ckmc_cert_list_s **ppalias_list);
 int ckmc_cert_list_add(ckmc_cert_list_s *previous, ckmc_cert_s *cert, ckmc_cert_list_s **pplast);
 
 /**
- * @internal
- * @brief Destroys the @a ckmc_cert_list_s handle and releases resources of @a ckmc_cert_list_s
- *        from the provided first handle cascadingly.
+ * @brief Destroys the #ckmc_cert_list_s handle and releases resources from the provided
+ *        @a first handle cascadingly.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.4
  *
- * @remarks It does not destroy @a ckmc_cert_s itself in @a ckmc_cert_list_s.
+ * @remarks It does not destroy #ckmc_cert_s itself in #ckmc_cert_list_s.
  *
- * @param[in] first The first @a ckmc_cert_list_s handle to destroy
+ * @param[in] first The first #ckmc_cert_list_s handle to destroy
  *
  * @see ckmc_cert_list_all_free()
  * @see #ckmc_cert_list_s
@@ -504,15 +612,16 @@ int ckmc_cert_list_add(ckmc_cert_list_s *previous, ckmc_cert_s *cert, ckmc_cert_
 void ckmc_cert_list_free(ckmc_cert_list_s *first);
 
 /**
- * @brief Destroys the @a ckmc_cert_list_s handle and releases all its resources from the provided
- *        first handle cascadingly.
+ * @brief Destroys the #ckmc_cert_list_s handle and releases all its resources from the provided
+ *        @a first handle cascadingly.
  *
- * @since_tizen @if MOBILE 2.3 @elseif WEARABLE 2.3.1 @endif
+ * @since_tizen 2.3
  *
- * @remarks It also destroys @a ckmc_cert_s in ckmc_cert_list_s.
+ * @remarks It also destroys #ckmc_cert_s in #ckmc_cert_list_s.
  *
- * @param[in] first The first @a ckmc_cert_list_s handle to destroy
+ * @param[in] first The first #ckmc_cert_list_s handle to destroy
  *
+ * @see ckmc_cert_list_free()
  * @see #ckmc_cert_list_s
  */
 void ckmc_cert_list_all_free(ckmc_cert_list_s *first);
diff --git a/src/listener/CMakeLists.txt b/src/listener/CMakeLists.txt
deleted file mode 100644
index 25be929..0000000
--- a/src/listener/CMakeLists.txt
+++ /dev/null
@@ -1,33 +0,0 @@
-PKG_CHECK_MODULES(LISTENER_DEP
-    REQUIRED
-    dlog
-    glib-2.0
-    capi-appfw-package-manager
-    libsystemd-daemon
-    )
-
-SET(LISTENER_SOURCES ${PROJECT_SOURCE_DIR}/src/listener/listener-daemon.cpp)
-
-# fPIE flag is added for ASLR
-SET_SOURCE_FILES_PROPERTIES(
-    ${LISTENER_SOURCES}
-    PROPERTIES
-        COMPILE_FLAGS "-D_GNU_SOURCE -fvisibility=hidden -fPIE")
-
-INCLUDE_DIRECTORIES(
-    ${PROJECT_SOURCE_DIR}/src/include
-    ${LISTENER_DEP_INCLUDE_DIRS}
-    )
-
-ADD_EXECUTABLE(${TARGET_LISTENER} ${LISTENER_SOURCES})
-
-# pie flag is added for ASLR
-TARGET_LINK_LIBRARIES(
-    ${TARGET_LISTENER}
-    ${LISTENER_DEP_LIBRARIES}
-    ${TARGET_KEY_MANAGER_CLIENT}
-    ${TARGET_KEY_MANAGER_CONTROL_CLIENT}
-    -pie
-    )
-
-INSTALL(TARGETS ${TARGET_LISTENER} DESTINATION bin)
diff --git a/src/listener/listener-daemon.cpp b/src/listener/listener-daemon.cpp
deleted file mode 100644
index b86ffcf..0000000
--- a/src/listener/listener-daemon.cpp
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- *  Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License
- */
-/*
- * @file        listener-daemon.cpp
- * @author      Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version     1.0
- * @brief       Listener daemon handle some events for key-manager
- */
-#include <fcntl.h>
-#include <unistd.h>
-
-#include <glib.h>
-#include <package_manager.h>
-#include <ckm/ckm-control.h>
-#include <ckm/ckm-type.h>
-#include <dlog.h>
-
-#define CKM_LISTENER_TAG "CKM_LISTENER"
-
-namespace {
-const char* const CKM_LOCK = "/var/run/key-manager.pid";
-};
-
-bool isCkmRunning()
-{
-    int lock = TEMP_FAILURE_RETRY(open(CKM_LOCK, O_RDWR));
-    if (lock == -1)
-        return false;
-
-    int ret = lockf(lock, F_TEST, 0);
-    close(lock);
-
-    // if lock test fails because of an error assume ckm is running
-    return (0 != ret);
-}
-
-void packageUninstalledEventCallback(
-    const char *type,
-    const char *package,
-    package_manager_event_type_e eventType,
-    package_manager_event_state_e eventState,
-    int progress,
-    package_manager_error_e error,
-    void *userData)
-{
-    (void) type;
-    (void) progress;
-    (void) error;
-    (void) userData;
-
-    if (eventType != PACKAGE_MANAGER_EVENT_TYPE_UNINSTALL ||
-            eventState != PACKAGE_MANAGER_EVENT_STATE_STARTED ||
-            package == NULL) {
-        SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "PackageUninstalled Callback error of Invalid Param");
-    }
-    else {
-        SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "PackageUninstalled Callback. Uninstalation of: %s", package);
-        auto control = CKM::Control::create();
-        int ret = 0;
-        if ( CKM_API_SUCCESS != (ret = control->removeApplicationData(std::string(package))) ) {
-            SLOG(LOG_ERROR, CKM_LISTENER_TAG, "CKM::Control::removeApplicationData error. ret : %d\n", ret);
-        }
-        else {
-            SLOG(LOG_DEBUG, CKM_LISTENER_TAG,
-                "CKM::Control::removeApplicationData success. Uninstallation package : %s\n", package);
-        }
-    }
-}
-
-int main(void)
-{
-    SLOG(LOG_DEBUG, CKM_LISTENER_TAG, "%s", "Start!");
-
-    // Let's start to listen
-    GMainLoop *main_loop = g_main_loop_new(NULL, FALSE);
-
-    package_manager_h manager;
-
-    while (true) {
-        if (PACKAGE_MANAGER_ERROR_NONE != package_manager_create(&manager)) {
-            SLOG(LOG_ERROR, CKM_LISTENER_TAG, "%s", "Error in create package_manager");
-
-            sleep(5);
-            continue;
-        }
-
-        if (PACKAGE_MANAGER_ERROR_NONE != package_manager_set_event_cb(manager, packageUninstalledEventCallback, NULL)) {
-            SLOG(LOG_ERROR, CKM_LISTENER_TAG, "%s", "Error in package_manager_set_event_cb");
-            package_manager_destroy(manager);
-
-            sleep(5);
-            continue;
-        }
-
-        break;
-    }
-
-    g_main_loop_run(main_loop);
-
-    package_manager_destroy(manager);
-
-    return 0;
-}
-
diff --git a/src/manager/CMakeLists.txt b/src/manager/CMakeLists.txt
index a50d7b7..1e92e40 100644
--- a/src/manager/CMakeLists.txt
+++ b/src/manager/CMakeLists.txt
@@ -1,8 +1,6 @@
 PKG_CHECK_MODULES(COMMON_DEP
     REQUIRED
     dlog
-    openssl
-    libsmack
     libcrypto
     libsystemd-journal
     )
@@ -20,6 +18,7 @@ SET(COMMON_SOURCES
     ${COMMON_PATH}/common/certificate-impl.cpp
     ${COMMON_PATH}/common/key-impl.cpp
     ${COMMON_PATH}/common/pkcs12-impl.cpp
+    ${COMMON_PATH}/common/client-info-impl.cpp
     ${COMMON_PATH}/common/log-setup.cpp
     ${COMMON_PATH}/dpl/log/src/abstract_log_provider.cpp
     ${COMMON_PATH}/dpl/log/src/dlog_log_provider.cpp
@@ -35,17 +34,12 @@ SET(COMMON_SOURCES
     ${COMMON_PATH}/dpl/core/src/errno_string.cpp
     )
 
-INCLUDE_DIRECTORIES(SYSTEM
-    ${COMMON_DEP_INCLUDE_DIRS}
-    )
-
 INCLUDE_DIRECTORIES(
+    SYSTEM
+    ${COMMON_DEP_INCLUDE_DIRS}
     ${COMMON_PATH}/common
     ${COMMON_PATH}/dpl/core/include
     ${COMMON_PATH}/dpl/log/include
-    ${COMMON_PATH}/dpl/db/include
-    ${COMMON_PATH}/sqlcipher
-	${COMMON_PATH}/service
     )
 
 ADD_LIBRARY(${TARGET_KEY_MANAGER_COMMON} SHARED ${COMMON_SOURCES})
@@ -62,8 +56,4 @@ TARGET_LINK_LIBRARIES(${TARGET_KEY_MANAGER_COMMON}
     ${COMMON_DEP_LIBRARIES}
     )
 
-##########################################################################
-
 INSTALL(TARGETS ${TARGET_KEY_MANAGER_COMMON} DESTINATION ${LIB_INSTALL_DIR})
-
-
diff --git a/src/manager/client-capi/ckmc-control.cpp b/src/manager/client-capi/ckmc-control.cpp
index 997cf02..5caf087 100644
--- a/src/manager/client-capi/ckmc-control.cpp
+++ b/src/manager/client-capi/ckmc-control.cpp
@@ -14,7 +14,7 @@
  *  limitations under the License
  *
  *
- * @file        ckmc-control.h
+ * @file        ckmc-control.cpp
  * @author      Yuseok Jeon(yuseok.jeon@samsung.com)
  * @version     1.0
  * @brief       provides conversion methods to C from C++ for key-manager control functions.
@@ -34,20 +34,13 @@ CKM::Password _toPasswordStr(const char *str)
     return CKM::Password(str);
 }
 
-int _ckmc_set_permission_by_adm(uid_t user, const char *alias, const char *accessor, int permissions)
-{
-    if (!alias || !accessor)
-        return CKMC_ERROR_INVALID_PARAMETER;
-
-    auto control = CKM::Control::create();
-    return to_ckmc_error(control->setPermission(user, alias, accessor, permissions));
-}
-
 KEY_MANAGER_CAPI
 int ckmc_unlock_user_key(uid_t user, const char *password)
 {
     auto control = CKM::Control::create();
-    int ret = control->unlockUserKey(user, _toPasswordStr(password));
+    int ret = control->unlockUserKey(
+                CKM::ClientInfo(user),
+                _toPasswordStr(password));
     return to_ckmc_error(ret);
 }
 
@@ -55,7 +48,7 @@ KEY_MANAGER_CAPI
 int ckmc_lock_user_key(uid_t user)
 {
     auto control = CKM::Control::create();
-    int ret = control->lockUserKey(user);
+    int ret = control->lockUserKey(CKM::ClientInfo(user));
     return to_ckmc_error(ret);
 }
 
@@ -63,7 +56,7 @@ KEY_MANAGER_CAPI
 int ckmc_remove_user_data(uid_t user)
 {
     auto control = CKM::Control::create();
-    int ret = control->removeUserData(user);
+    int ret = control->removeUserData(CKM::ClientInfo(user));
     return to_ckmc_error(ret);
 }
 
@@ -71,9 +64,10 @@ KEY_MANAGER_CAPI
 int ckmc_change_user_password(uid_t user, const char *oldPassword, const char *newPassword)
 {
     auto control = CKM::Control::create();
-    int ret = control->changeUserPassword(user,
-                                          _toPasswordStr(oldPassword),
-                                          _toPasswordStr(newPassword));
+    int ret = control->changeUserPassword(
+                CKM::ClientInfo(user),
+                _toPasswordStr(oldPassword),
+                _toPasswordStr(newPassword));
     return to_ckmc_error(ret);
 }
 
@@ -81,7 +75,9 @@ KEY_MANAGER_CAPI
 int ckmc_reset_user_password(uid_t user, const char *newPassword)
 {
     auto control = CKM::Control::create();
-    int ret = control->resetUserPassword(user, _toPasswordStr(newPassword));
+    int ret = control->resetUserPassword(
+                CKM::ClientInfo(user),
+                _toPasswordStr(newPassword));
     return to_ckmc_error(ret);
 }
 
@@ -97,7 +93,21 @@ int ckmc_allow_access_by_adm(uid_t user, const char* owner, const char *alias, c
         return ec;
 
     // if label given twice, service will return an error
-    return _ckmc_set_permission_by_adm(user, CKM::AliasSupport::merge(CKM::Label(owner), CKM::Name(alias)).c_str(), accessor, permissionMask);
+    return ckmc_set_permission_by_adm(user, CKM::AliasSupport::merge(CKM::Label(owner), CKM::Name(alias)).c_str(), accessor, permissionMask);
+}
+
+KEY_MANAGER_CAPI
+int ckmc_set_permission_by_adm(uid_t user, const char *alias, const char *accessor, int permissions)
+{
+    if (!alias || !accessor)
+        return CKMC_ERROR_INVALID_PARAMETER;
+
+    auto control = CKM::Control::create();
+    return to_ckmc_error(control->setPermission(
+                CKM::ClientInfo(user),
+                alias,
+                accessor,
+                permissions));
 }
 
 KEY_MANAGER_CAPI
@@ -109,8 +119,9 @@ int ckmc_deny_access_by_adm(uid_t user, const char* owner, const char *alias, co
     // if label given twice, service will return an error
     auto control = CKM::Control::create();
     return to_ckmc_error(control->setPermission(
-                                user,
-                                CKM::AliasSupport::merge(CKM::Label(owner), CKM::Name(alias)).c_str(),
-                                accessor,
-                                CKM::Permission::NONE));
+                CKM::ClientInfo(user),
+                CKM::AliasSupport::merge(CKM::Label(owner),
+                CKM::Name(alias)).c_str(),
+                accessor,
+                CKM::Permission::NONE));
 }
diff --git a/src/manager/client-capi/ckmc-manager.cpp b/src/manager/client-capi/ckmc-manager.cpp
index 1f3da2f..65bc9aa 100644
--- a/src/manager/client-capi/ckmc-manager.cpp
+++ b/src/manager/client-capi/ckmc-manager.cpp
@@ -14,10 +14,10 @@
  *  limitations under the License
  *
  *
- * @file        ckmc-control.h
+ * @file        ckmc-manager.cpp
  * @author      Yuseok Jeon(yuseok.jeon@samsung.com)
  * @version     1.0
- * @brief       provides conversion methods to C from C++ for key-manager control functions.
+ * @brief       provides conversion methods to C from C++ for key-manager storage functions.
  */
 
 #include <ckm/ckm-type.h>
@@ -27,7 +27,6 @@
 #include <ckmc/ckmc-error.h>
 #include <ckmc-type-converter.h>
 #include <client-common.h>
-#include <iostream>
 #include <string.h>
 
 namespace
@@ -117,25 +116,6 @@ ckmc_cert_list_s *_toNewCkmCertList(const CKM::CertificateShPtrVector &certVecto
     return start;
 }
 
-int _ckmc_remove_alias(const char *alias)
-{
-    if(!alias)
-        return CKMC_ERROR_INVALID_PARAMETER;
-
-    CKM::ManagerShPtr mgr = CKM::Manager::create();
-    int ret =  mgr->removeAlias(alias);
-    return to_ckmc_error(ret);
-}
-
-int _ckmc_set_permission(const char *alias, const char *accessor, int permissions)
-{
-    if (!alias || !accessor)
-        return CKMC_ERROR_INVALID_PARAMETER;
-
-    CKM::ManagerShPtr mgr = CKM::Manager::create();
-    return to_ckmc_error(mgr->setPermission(alias, accessor, permissions));
-}
-
 }
 
 
@@ -169,7 +149,7 @@ int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s p
 KEY_MANAGER_CAPI
 int ckmc_remove_key(const char *alias)
 {
-    return _ckmc_remove_alias(alias);
+    return ckmc_remove_alias(alias);
 }
 
 KEY_MANAGER_CAPI
@@ -264,7 +244,7 @@ int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_
 KEY_MANAGER_CAPI
 int ckmc_remove_cert(const char *alias)
 {
-    return _ckmc_remove_alias(alias);
+    return ckmc_remove_alias(alias);
 }
 
 KEY_MANAGER_CAPI
@@ -331,6 +311,95 @@ int ckmc_get_cert_alias_list(ckmc_alias_list_s** alias_list) {
 }
 
 KEY_MANAGER_CAPI
+int ckmc_save_pkcs12(const char *alias, const ckmc_pkcs12_s *ppkcs, const ckmc_policy_s key_policy, const ckmc_policy_s cert_policy)
+{
+    CKM::KeyShPtr private_key;
+    CKM::CertificateShPtr cert;
+    CKM::CertificateShPtrVector ca_cert_list;
+
+    if(alias==NULL || ppkcs==NULL) {
+        return CKMC_ERROR_INVALID_PARAMETER;
+    }
+    CKM::Alias ckmAlias(alias);
+    private_key = _toCkmKey(ppkcs->priv_key);
+    cert = _toCkmCertificate(ppkcs->cert);
+    ca_cert_list = _toCkmCertificateVector(ppkcs->ca_chain);
+
+    CKM::Policy keyPolicy(_tostring(key_policy.password), key_policy.extractable);
+    CKM::Policy certPolicy(_tostring(cert_policy.password), cert_policy.extractable);
+
+    CKM::PKCS12ShPtr pkcs12(new CKM::PKCS12Impl(private_key, cert, ca_cert_list));
+
+    CKM::ManagerShPtr mgr = CKM::Manager::create();
+    int ret = mgr->savePKCS12(ckmAlias, pkcs12, keyPolicy, certPolicy);
+
+    return to_ckmc_error(ret);
+}
+
+KEY_MANAGER_CAPI
+int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cert_password, ckmc_pkcs12_s **pkcs12)
+{
+    int ret;
+    CKM::PKCS12ShPtr pkcs;
+    CKM::Password keyPass, certPass;
+    ckmc_key_s *private_key = NULL;
+    ckmc_cert_s *cert = NULL;
+    ckmc_cert_list_s *ca_cert_list = 0;
+
+    if(!alias || !pkcs12) {
+        return CKMC_ERROR_INVALID_PARAMETER;
+    }
+
+    if (key_password)
+        keyPass = key_password;
+
+    if (cert_password)
+        certPass = cert_password;
+
+    auto mgr = CKM::Manager::create();
+
+    if((ret = mgr->getPKCS12(alias, keyPass, certPass, pkcs)) != CKM_API_SUCCESS) {
+        return to_ckmc_error(ret);
+    }
+
+    if(!pkcs)
+        return CKMC_ERROR_BAD_RESPONSE;
+
+    auto pkcsKey = pkcs->getKey();
+    if(pkcsKey)
+    {
+        CKM::RawBuffer buffer = pkcsKey->getDER();
+        ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(pkcsKey->getType());
+        ret = ckmc_key_new(buffer.data(), buffer.size(), keyType, NULL, &private_key);
+        if(ret != CKMC_ERROR_NONE)
+            return ret;
+    }
+
+    auto pkcsCert = pkcs->getCertificate();
+    if(pkcsCert)
+    {
+        CKM::RawBuffer buffer = pkcsCert->getDER();
+        ret = ckmc_cert_new(buffer.data(), buffer.size(), CKMC_FORM_DER, &cert);
+        if(ret != CKMC_ERROR_NONE) {
+            ckmc_key_free(private_key);
+            return ret;
+        }
+    }
+
+    ca_cert_list = _toNewCkmCertList(pkcs->getCaCertificateShPtrVector());
+
+    ret = ckmc_pkcs12_new(private_key, cert, ca_cert_list, pkcs12);
+    if(ret != CKMC_ERROR_NONE)
+    {
+        ckmc_key_free(private_key);
+        ckmc_cert_free(cert);
+        ckmc_cert_list_free(ca_cert_list);
+    }
+    return ret;
+}
+
+
+KEY_MANAGER_CAPI
 int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy)
 {
     if(alias == NULL) {
@@ -354,7 +423,7 @@ int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_
 KEY_MANAGER_CAPI
 int ckmc_remove_data(const char *alias)
 {
-    return _ckmc_remove_alias(alias);
+    return ckmc_remove_alias(alias);
 }
 
 KEY_MANAGER_CAPI
@@ -616,6 +685,64 @@ int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, const ckmc_alias_lis
 }
 
 KEY_MANAGER_CAPI
+int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s* cert,
+                                         const ckmc_cert_list_s* untrustedcerts,
+                                         const ckmc_cert_list_s* trustedcerts,
+                                         const bool sys_certs,
+                                         ckmc_cert_list_s** ppcert_chain_list)
+{
+    int ret;
+    CKM::ManagerShPtr mgr = CKM::Manager::create();
+    CKM::CertificateShPtrVector ckm_cert_chain;
+
+    if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) {
+        return CKMC_ERROR_INVALID_PARAMETER;
+    }
+    CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert);
+
+    if(ckm_cert.get() == NULL) {
+        return CKMC_ERROR_INVALID_PARAMETER;
+    }
+
+    CKM::CertificateShPtrVector ckm_untrusted = _toCkmCertificateVector(untrustedcerts);
+    CKM::CertificateShPtrVector ckm_trusted = _toCkmCertificateVector(trustedcerts);
+
+    ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain);
+    if( ret != CKM_API_SUCCESS) {
+        return to_ckmc_error(ret);
+    }
+
+    *ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain);
+
+    return CKMC_ERROR_NONE;
+}
+
+KEY_MANAGER_CAPI
+int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status)
+{
+    if (pcert_chain_list == NULL
+        || pcert_chain_list->cert == NULL
+        || pcert_chain_list->cert->raw_cert == NULL
+        || pcert_chain_list->cert->cert_size <= 0
+        || ocsp_status == NULL) {
+        return CKMC_ERROR_INVALID_PARAMETER;
+    }
+
+    int ret = CKMC_ERROR_UNKNOWN;
+    int tmpOcspStatus = -1;
+    CKM::ManagerShPtr mgr = CKM::Manager::create();
+    CKM::CertificateShPtrVector ckmCertChain = _toCkmCertificateVector(pcert_chain_list);
+
+    if (ckmCertChain.size() < 2) {
+        return CKMC_ERROR_INVALID_PARAMETER;
+    }
+
+    ret = mgr->ocspCheck(ckmCertChain, tmpOcspStatus);
+    *ocsp_status = to_ckmc_ocsp_status(tmpOcspStatus);
+    return to_ckmc_error(ret);
+}
+
+KEY_MANAGER_CAPI
 int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted)
 {
     int ec, permissionMask;
@@ -623,7 +750,17 @@ int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right
     if(ec != CKMC_ERROR_NONE)
         return ec;
 
-    return _ckmc_set_permission(alias, accessor, permissionMask);
+    return ckmc_set_permission(alias, accessor, permissionMask);
+}
+
+KEY_MANAGER_CAPI
+int ckmc_set_permission(const char *alias, const char *accessor, int permissions)
+{
+    if (!alias || !accessor)
+        return CKMC_ERROR_INVALID_PARAMETER;
+
+    CKM::ManagerShPtr mgr = CKM::Manager::create();
+    return to_ckmc_error(mgr->setPermission(alias, accessor, permissions));
 }
 
 KEY_MANAGER_CAPI
@@ -635,3 +772,14 @@ int ckmc_deny_access(const char *alias, const char *accessor)
     CKM::ManagerShPtr mgr = CKM::Manager::create();
     return to_ckmc_error(mgr->setPermission(alias, accessor, CKM::Permission::NONE));
 }
+
+KEY_MANAGER_CAPI
+int ckmc_remove_alias(const char *alias)
+{
+    if(!alias)
+        return CKMC_ERROR_INVALID_PARAMETER;
+
+    CKM::ManagerShPtr mgr = CKM::Manager::create();
+    int ret =  mgr->removeAlias(alias);
+    return to_ckmc_error(ret);
+}
diff --git a/src/manager/client-capi/ckmc-type-converter.cpp b/src/manager/client-capi/ckmc-type-converter.cpp
index 479e327..97fcfe7 100644
--- a/src/manager/client-capi/ckmc-type-converter.cpp
+++ b/src/manager/client-capi/ckmc-type-converter.cpp
@@ -23,12 +23,6 @@
 #include <ckmc/ckmc-type.h>
 #include <ckmc-type-converter.h>
 
-typedef enum __ckmc_permission{
-    CKMC_PERMISSION_NONE        = 0x00, /**< clear permissions */
-    CKMC_PERMISSION_READ        = 0x01, /**< read allowed */
-    CKMC_PERMISSION_REMOVE      = 0x02  /**< remove allowed */
-} ckmc_permission_e;
-
 int to_ckm_error(int ckmc_error) {
     switch(ckmc_error) {
     case CKMC_ERROR_NONE:                  return CKM_API_SUCCESS;
@@ -52,9 +46,10 @@ int to_ckm_error(int ckmc_error) {
     case CKMC_ERROR_FILE_ACCESS_DENIED:    return CKM_API_ERROR_FILE_ACCESS_DENIED;
     case CKMC_ERROR_NOT_EXPORTABLE:        return CKM_API_ERROR_NOT_EXPORTABLE;
     case CKMC_ERROR_FILE_SYSTEM:           return CKM_API_ERROR_FILE_SYSTEM;
+    case CKMC_ERROR_NOT_SUPPORTED:         return CKM_API_ERROR_NOT_SUPPORTED;
     case CKMC_ERROR_UNKNOWN:               return CKM_API_ERROR_UNKNOWN;
     }
-    return CKMC_ERROR_UNKNOWN;
+    return CKM_API_ERROR_UNKNOWN;
 }
 
 int to_ckmc_error(int ckm_error) {
@@ -80,11 +75,26 @@ int to_ckmc_error(int ckm_error) {
     case CKM_API_ERROR_FILE_ACCESS_DENIED:    return CKMC_ERROR_FILE_ACCESS_DENIED;
     case CKM_API_ERROR_NOT_EXPORTABLE:        return CKMC_ERROR_NOT_EXPORTABLE;
     case CKM_API_ERROR_FILE_SYSTEM:           return CKMC_ERROR_FILE_SYSTEM;
+    case CKM_API_ERROR_NOT_SUPPORTED:         return CKMC_ERROR_NOT_SUPPORTED;
     case CKM_API_ERROR_UNKNOWN:               return CKMC_ERROR_UNKNOWN;
     }
     return CKMC_ERROR_UNKNOWN;
 }
 
+ckmc_ocsp_status_e to_ckmc_ocsp_status(int ckm_ocsp_status) {
+    switch(ckm_ocsp_status) {
+    case CKM_API_OCSP_STATUS_GOOD:             return CKMC_OCSP_STATUS_GOOD;
+    case CKM_API_OCSP_STATUS_UNSUPPORTED:      return CKMC_OCSP_ERROR_UNSUPPORTED;
+    case CKM_API_OCSP_STATUS_REVOKED:          return CKMC_OCSP_STATUS_REVOKED;
+    case CKM_API_OCSP_STATUS_NET_ERROR:        return CKMC_OCSP_ERROR_NET;
+    case CKM_API_OCSP_STATUS_INVALID_URL:      return CKMC_OCSP_ERROR_INVALID_URL;
+    case CKM_API_OCSP_STATUS_INVALID_RESPONSE: return CKMC_OCSP_ERROR_INVALID_RESPONSE;
+    case CKM_API_OCSP_STATUS_REMOTE_ERROR:     return CKMC_OCSP_ERROR_REMOTE;
+    case CKM_API_OCSP_STATUS_INTERNAL_ERROR:   return CKMC_OCSP_ERROR_INTERNAL;
+    default:                                   return CKMC_OCSP_STATUS_UNKNOWN;
+    }
+}
+
 int access_to_permission_mask(ckmc_access_right_e ar, int & permissionMask)
 {
     switch(ar)
diff --git a/src/manager/client-capi/ckmc-type-converter.h b/src/manager/client-capi/ckmc-type-converter.h
index 20dbb1c..1de3325 100644
--- a/src/manager/client-capi/ckmc-type-converter.h
+++ b/src/manager/client-capi/ckmc-type-converter.h
@@ -33,6 +33,7 @@ extern "C" {
 
 int to_ckmc_error(int ckm_error);
 int to_ckm_error(int ckmc_error);
+ckmc_ocsp_status_e to_ckmc_ocsp_status(int ckm_ocsp_status);
 int access_to_permission_mask(ckmc_access_right_e ar, int & permissionMask);
 
 #ifdef __cplusplus
diff --git a/src/manager/client-capi/ckmc-type.cpp b/src/manager/client-capi/ckmc-type.cpp
index 41c718a..5775929 100644
--- a/src/manager/client-capi/ckmc-type.cpp
+++ b/src/manager/client-capi/ckmc-type.cpp
@@ -202,6 +202,30 @@ void ckmc_cert_free(ckmc_cert_s *cert)
 }
 
 KEY_MANAGER_CAPI
+int ckmc_pkcs12_new(ckmc_key_s *private_key, ckmc_cert_s *cert,
+        ckmc_cert_list_s *ca_cert_list, ckmc_pkcs12_s **pkcs12_bundle)
+{
+    ckmc_pkcs12_s *pkcs12;
+
+    if(!pkcs12_bundle ||
+       (private_key==NULL && cert==NULL && (ca_cert_list==NULL || ca_cert_list->cert==NULL))) {
+        return CKMC_ERROR_INVALID_PARAMETER;
+    }
+
+    pkcs12 = static_cast<ckmc_pkcs12_s*>(malloc(sizeof(ckmc_pkcs12_s)));
+    if(pkcs12 == NULL) {
+        return CKMC_ERROR_OUT_OF_MEMORY;
+    }
+    // ownership is transferred into pkcs12 - mentioned in the docs
+    pkcs12->priv_key = private_key;
+    pkcs12->cert = cert;
+    pkcs12->ca_chain = ca_cert_list;
+
+    *pkcs12_bundle = pkcs12;
+    return CKMC_ERROR_NONE;
+}
+
+KEY_MANAGER_CAPI
 int ckmc_load_from_pkcs12_file(const char *file_path, const char *passphrase, ckmc_key_s **private_key, ckmc_cert_s **ckmcert, ckmc_cert_list_s **ca_cert_list)
 {
     class Pkcs12Converter {
@@ -368,6 +392,45 @@ int ckmc_load_from_pkcs12_file(const char *file_path, const char *passphrase, ck
 }
 
 KEY_MANAGER_CAPI
+int ckmc_pkcs12_load(const char *file_path, const char *passphrase, ckmc_pkcs12_s **pkcs12_bundle)
+{
+    int ec;
+    ckmc_key_s *private_key = 0;
+    ckmc_cert_s *cert = 0;
+    ckmc_cert_list_s *ca_cert_list = 0;
+
+    if(!file_path || !pkcs12_bundle)
+        return CKMC_ERROR_INVALID_PARAMETER;
+
+    ec = ckmc_load_from_pkcs12_file(file_path, passphrase, &private_key, &cert, &ca_cert_list);
+    if(ec != CKMC_ERROR_NONE)
+        return ec;
+
+    ec = ckmc_pkcs12_new(private_key, cert, ca_cert_list, pkcs12_bundle);
+    if(ec != CKMC_ERROR_NONE)
+    {
+        ckmc_key_free(private_key);
+        ckmc_cert_free(cert);
+        ckmc_cert_list_free(ca_cert_list);
+        return ec;
+    }
+
+    return CKMC_ERROR_NONE;
+}
+
+KEY_MANAGER_CAPI
+void ckmc_pkcs12_free(ckmc_pkcs12_s *pkcs12)
+{
+    if(pkcs12 == NULL)
+        return;
+
+    ckmc_key_free(pkcs12->priv_key);
+    ckmc_cert_free(pkcs12->cert);
+    ckmc_cert_list_all_free(pkcs12->ca_chain);
+    free(pkcs12);
+}
+
+KEY_MANAGER_CAPI
 int ckmc_alias_list_new(char *alias, ckmc_alias_list_s **ppalias_list)
 {
     ckmc_alias_list_s *previous = NULL;
diff --git a/src/manager/client/client-control.cpp b/src/manager/client/client-control.cpp
index 37cbf66..f29ba0a 100644
--- a/src/manager/client/client-control.cpp
+++ b/src/manager/client/client-control.cpp
@@ -15,10 +15,10 @@
  *  See the License for the specific language governing permissions and
  *  limitations under the License
  *
- * @file        client-common.cpp
+ * @file        client-control.cpp
  * @author      Bartlomiej Grzelewski (b.grzelewski@samsung.com)
  * @version     1.0
- * @brief       This file is implementation of client-common functions.
+ * @brief       This file is implementation of client-control functions.
  */
 #include <dpl/log/log.h>
 
@@ -38,15 +38,15 @@ public:
     ControlImpl& operator=(const ControlImpl &) = delete;
     ControlImpl& operator=(ControlImpl &&) = delete;
 
-    virtual int unlockUserKey(uid_t user, const Password &password) {
+    virtual int unlockUserKey(const ClientInfo &clientInfo, const Password &password) {
         return try_catch([&] {
-            if((int)user < 0) {
+            if((int)clientInfo.getUID() < 0) {
                 return CKM_API_ERROR_INPUT_PARAM;
             }
 
             MessageBuffer recv;
             auto send = MessageBuffer::Serialize(static_cast<int>(ControlCommand::UNLOCK_USER_KEY),
-                                                 user,
+                                                 clientInfo.getClientID(),
                                                  password);
 
             int retCode = m_controlConnection.processRequest(send.Pop(), recv);
@@ -59,14 +59,15 @@ public:
         });
     }
 
-    virtual int lockUserKey(uid_t user) {
+    virtual int lockUserKey(const ClientInfo &clientInfo) {
         return try_catch([&] {
-            if((int)user < 0) {
+            if((int)clientInfo.getUID() < 0) {
                 return CKM_API_ERROR_INPUT_PARAM;
             }
 
             MessageBuffer recv;
-            auto send = MessageBuffer::Serialize(static_cast<int>(ControlCommand::LOCK_USER_KEY), user);
+            auto send = MessageBuffer::Serialize(static_cast<int>(ControlCommand::LOCK_USER_KEY),
+                                                 clientInfo.getClientID());
 
             int retCode = m_controlConnection.processRequest(send.Pop(), recv);
             if (CKM_API_SUCCESS != retCode)
@@ -77,15 +78,15 @@ public:
             return retCode;
         });
     }
-
-    virtual int removeUserData(uid_t user) {
+    virtual int removeUserData(const ClientInfo &clientInfo) {
         return try_catch([&] {
-            if((int)user < 0) {
+            if((int)clientInfo.getUID() < 0) {
                 return CKM_API_ERROR_INPUT_PARAM;
             }
 
             MessageBuffer recv;
-            auto send = MessageBuffer::Serialize(static_cast<int>(ControlCommand::REMOVE_USER_DATA), user);
+            auto send = MessageBuffer::Serialize(static_cast<int>(ControlCommand::REMOVE_USER_DATA),
+                                                 clientInfo.getClientID());
 
             int retCode = m_controlConnection.processRequest(send.Pop(), recv);
             if (CKM_API_SUCCESS != retCode)
@@ -96,17 +97,16 @@ public:
             return retCode;
         });
     }
-
-    virtual int changeUserPassword(uid_t user, const Password &oldPassword, const Password &newPassword) {
+    virtual int changeUserPassword(const ClientInfo &clientInfo, const Password &oldPassword, const Password &newPassword) {
         return try_catch([&] {
-            if((int)user < 0) {
+            if((int)clientInfo.getUID() < 0) {
                 return CKM_API_ERROR_INPUT_PARAM;
             }
 
             MessageBuffer recv;
             auto send = MessageBuffer::Serialize(
                     static_cast<int>(ControlCommand::CHANGE_USER_PASSWORD),
-                    user,
+                    clientInfo.getClientID(),
                     oldPassword,
                     newPassword);
 
@@ -120,16 +120,16 @@ public:
         });
     }
 
-    virtual int resetUserPassword(uid_t user, const Password &newPassword) {
+    virtual int resetUserPassword(const ClientInfo &clientInfo, const Password &newPassword) {
         return try_catch([&] {
-            if((int)user < 0) {
+            if((int)clientInfo.getUID() < 0) {
                 return CKM_API_ERROR_INPUT_PARAM;
             }
 
             MessageBuffer recv;
             auto send = MessageBuffer::Serialize(
                     static_cast<int>(ControlCommand::RESET_USER_PASSWORD),
-                    user,
+                    clientInfo.getClientID(),
                     newPassword);
 
             int retCode = m_controlConnection.processRequest(send.Pop(), recv);
@@ -142,14 +142,16 @@ public:
         });
     }
 
-    virtual int removeApplicationData(const Label &smackLabel) {
+    virtual int removeApplicationData(const std::string &zone, const Label &smackLabel) {
         return try_catch([&] {
             if (smackLabel.empty()) {
                 return CKM_API_ERROR_INPUT_PARAM;
             }
 
             MessageBuffer recv;
-            auto send = MessageBuffer::Serialize(static_cast<int>(ControlCommand::REMOVE_APP_DATA), smackLabel);
+            auto send = MessageBuffer::Serialize(static_cast<int>(ControlCommand::REMOVE_APP_DATA),
+                                                 zone,
+                                                 smackLabel);
 
             int retCode = m_controlConnection.processRequest(send.Pop(), recv);
             if (CKM_API_SUCCESS != retCode)
@@ -176,7 +178,7 @@ public:
         });
     }
 
-    virtual int setPermission(uid_t user,
+    virtual int setPermission(const ClientInfo &clientInfo,
                               const Alias &alias,
                               const Label &accessor,
                               PermissionMask permissionMask)
@@ -185,7 +187,7 @@ public:
             MessageBuffer recv;
             AliasSupport helper(alias);
             auto send = MessageBuffer::Serialize(static_cast<int>(ControlCommand::SET_PERMISSION),
-                                                 static_cast<int>(user),
+                                                 clientInfo.getClientID(),
                                                  helper.getName(),
                                                  helper.getLabel(),
                                                  accessor,
diff --git a/src/manager/client/client-manager-impl.cpp b/src/manager/client/client-manager-impl.cpp
index b27e180..cae0973 100644
--- a/src/manager/client/client-manager-impl.cpp
+++ b/src/manager/client/client-manager-impl.cpp
@@ -33,9 +33,8 @@
 
 namespace CKM {
 
-namespace {
 template <class T>
-int getCertChain(
+int ManagerImpl::getCertChain(
     ServiceConnection & serviceConnection,
     LogicCommand command,
     int counter,
@@ -61,8 +60,11 @@ int getCertChain(
 
         int retCommand;
         int retCounter;
+        bool retCCModeState;
         RawBufferVector rawBufferVector;
-        recv.Deserialize(retCommand, retCounter, retCode, rawBufferVector);
+        recv.Deserialize(retCommand, retCounter, retCode, rawBufferVector, retCCModeState);
+
+        LogDebug("CCModeState[" << (retCCModeState ? "TRUE" : "FALSE") << "]");
 
         if ((counter != retCounter) || (static_cast<int>(command) != retCommand)) {
             return CKM_API_ERROR_UNKNOWN;
@@ -79,12 +81,19 @@ int getCertChain(
             certificateChainVector.push_back(cert);
         }
 
+        if (retCCModeState) {
+            int ocspStatus;
+            retCode = ocspCheck(certificateChainVector, ocspStatus);
+
+            if ((retCode == CKM_API_SUCCESS) && (ocspStatus != CKM_API_OCSP_STATUS_GOOD)) {
+                retCode = CKM_API_ERROR_VERIFICATION_FAILED;
+            }
+        }
+
         return retCode;
     });
 }
 
-} // namespace anonymous
-
 ManagerImpl::ManagerImpl()
   : m_counter(0), m_storageConnection(SERVICE_SOCKET_CKM_STORAGE), m_ocspConnection(SERVICE_SOCKET_OCSP)
 {
diff --git a/src/manager/client/client-manager-impl.h b/src/manager/client/client-manager-impl.h
index 8111150..ff70fdf 100644
--- a/src/manager/client/client-manager-impl.h
+++ b/src/manager/client/client-manager-impl.h
@@ -90,6 +90,7 @@ public:
         bool useTrustedSystemCertificates,
         CertificateShPtrVector &certificateChainVector);
 
+
     int createSignature(
         const Alias &privateKeyAlias,
         const Password &password,           // password for private_key
@@ -136,6 +137,17 @@ protected:
         const Policy &policyPrivateKey,
         const Policy &policyPublicKey);
 
+    template <class T>
+    int getCertChain(
+        ServiceConnection & serviceConnection,
+        LogicCommand command,
+        int counter,
+        const CertificateShPtr &certificate,
+        const T &untrustedVector,
+        const T &trustedVector,
+        bool useTrustedSystemCertificates,
+        CertificateShPtrVector &certificateChainVector);
+
     int m_counter;
     CKM::ServiceConnection m_storageConnection;
     CKM::ServiceConnection m_ocspConnection;
diff --git a/src/manager/common/client-info-impl.cpp b/src/manager/common/client-info-impl.cpp
new file mode 100644
index 0000000..e5b268e
--- /dev/null
+++ b/src/manager/common/client-info-impl.cpp
@@ -0,0 +1,65 @@
+/*
+ *  Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License
+ *
+ *
+ * @file        client-info-impl.cpp
+ * @author      Kyungwook Tak (k.tak@samsung.com)
+ * @version     1.0
+ * @brief       ClientInfo implementation.
+ */
+
+#include <ckm/ckm-client-info.h>
+
+namespace CKM {
+	const std::string ClientInfo::ZONE_DEFAULT = "host";
+	const std::string ClientInfo::DELIMITER = "-";
+
+
+uid_t ClientInfo::getUID() const
+{
+    return m_uid;
+}
+
+ClientInfo::~ClientInfo()
+{
+}
+
+ClientInfo::ClientInfo(const std::string &zone, const uid_t uid)
+  : m_zone(zone), m_uid(uid)
+{
+}
+
+ClientInfo::ClientInfo(const uid_t uid)
+  : m_zone(ZONE_DEFAULT), m_uid(uid)
+{
+}
+
+ClientID ClientInfo::getClientID() const
+{
+#ifdef DB_PER_ZONE_ENABLE
+    return ClientID(m_zone
+        + DELIMITER
+        + std::to_string(m_uid));
+#else
+    return ClientID(std::to_string(m_uid));
+#endif
+}
+
+std::string ClientInfo::getZone() const
+{
+    return m_zone;
+}
+
+} // namespace CKM
diff --git a/src/manager/common/key-impl.cpp b/src/manager/common/key-impl.cpp
index 47bc69b..ae70dbb 100644
--- a/src/manager/common/key-impl.cpp
+++ b/src/manager/common/key-impl.cpp
@@ -98,12 +98,12 @@ KeyImpl::KeyImpl(const KeyImpl &second) {
     m_type = second.m_type;
 }
 
-KeyImpl &KeyImpl::operator=(const KeyImpl &second)
-{
-    if (&second != this) {
-        m_pkey = second.getEvpShPtr();
-        m_type = second.getType();
-    }
+KeyImpl &KeyImpl::operator=(const KeyImpl &second) {
+    if (this == &second)
+        return *this;
+
+    m_pkey = second.m_pkey;
+    m_type = second.m_type;
 
     return *this;
 }
diff --git a/src/manager/common/key-impl.h b/src/manager/common/key-impl.h
index 1360627..826ca4f 100644
--- a/src/manager/common/key-impl.h
+++ b/src/manager/common/key-impl.h
@@ -36,7 +36,6 @@ public:
     KeyImpl();
     KeyImpl(const KeyImpl &second);
     KeyImpl &operator=(const KeyImpl &second);
-
     KeyImpl(const RawBuffer& buffer, const Password &password = Password());
     KeyImpl(EvpShPtr pkey, KeyType type);
 
diff --git a/src/manager/common/protocols.cpp b/src/manager/common/protocols.cpp
index e86e180..aa4a273 100644
--- a/src/manager/common/protocols.cpp
+++ b/src/manager/common/protocols.cpp
@@ -34,62 +34,29 @@ char const * const SERVICE_SOCKET_CKM_STORAGE = "/tmp/.central-key-manager-api-s
 char const * const SERVICE_SOCKET_OCSP = "/tmp/.central-key-manager-api-ocsp.sock";
 char const * const LABEL_NAME_SEPARATOR = " ";
 
-PolicySerializable::PolicySerializable()
-{}
-
-
+PolicySerializable::PolicySerializable() {}
+PolicySerializable::~PolicySerializable() {}
 PolicySerializable::PolicySerializable(const Policy &policy)
   : Policy(policy)
 {}
 
-PolicySerializable::PolicySerializable(IStream &stream) {
-    Deserialization::Deserialize(stream, password);
-    Deserialization::Deserialize(stream, extractable);
-}
-
 void PolicySerializable::Serialize(IStream &stream) const {
     Serialization::Serialize(stream, password);
     Serialization::Serialize(stream, extractable);
 }
 
+void PolicySerializable::Deserialize(IStream &stream) {
+    Deserialization::Deserialize(stream, password);
+    Deserialization::Deserialize(stream, extractable);
+}
+
 
 PKCS12Serializable::PKCS12Serializable() {}
+PKCS12Serializable::~PKCS12Serializable() {}
 PKCS12Serializable::PKCS12Serializable(const PKCS12 &pkcs)
     : PKCS12Impl(pkcs)
 {}
 
-PKCS12Serializable::PKCS12Serializable(IStream &stream)
-{
-    // key
-    size_t numKeys;
-    Deserialization::Deserialize(stream, numKeys);
-    if(numKeys > 0) {
-        int keyType;
-        RawBuffer keyData;
-        Deserialization::Deserialize(stream, keyType);
-        Deserialization::Deserialize(stream, keyData);
-        m_pkey = CKM::Key::create(keyData);
-    }
-
-    // cert
-    size_t numCerts;
-    Deserialization::Deserialize(stream, numCerts);
-    if(numCerts > 0) {
-        RawBuffer certData;
-        Deserialization::Deserialize(stream, certData);
-        m_cert = CKM::Certificate::create(certData, DataFormat::FORM_DER);
-    }
-
-    // CA chain
-    size_t num_CA;
-    Deserialization::Deserialize(stream, num_CA);
-    for(size_t i=0; i<num_CA; i++)
-    {
-        RawBuffer CAcertData;
-        Deserialization::Deserialize(stream, CAcertData);
-        m_ca.push_back(CKM::Certificate::create(CAcertData, DataFormat::FORM_DER));
-    }
-}
 PKCS12Serializable::PKCS12Serializable(const KeyShPtr &privKey, const CertificateShPtr &cert, const CertificateShPtrVector &chainCerts)
 {
     m_pkey = privKey;
@@ -123,7 +90,40 @@ void PKCS12Serializable::Serialize(IStream &stream) const
     Serialization::Serialize(stream, getCaCertificateShPtrVector().size());
     for(auto it : getCaCertificateShPtrVector())
         Serialization::Serialize(stream, it->getDER());
-};
+}
+
+void PKCS12Serializable::Deserialize(IStream &stream)
+{
+    // key
+    size_t numKeys;
+    Deserialization::Deserialize(stream, numKeys);
+    if(numKeys > 0) {
+        int keyType;
+        RawBuffer keyData;
+        Deserialization::Deserialize(stream, keyType);
+        Deserialization::Deserialize(stream, keyData);
+        m_pkey = CKM::Key::create(keyData);
+    }
+
+    // cert
+    size_t numCerts;
+    Deserialization::Deserialize(stream, numCerts);
+    if(numCerts > 0) {
+        RawBuffer certData;
+        Deserialization::Deserialize(stream, certData);
+        m_cert = CKM::Certificate::create(certData, DataFormat::FORM_DER);
+    }
+
+    // CA chain
+    size_t num_CA;
+    Deserialization::Deserialize(stream, num_CA);
+    for(size_t i=0; i<num_CA; i++)
+    {
+        RawBuffer CAcertData;
+        Deserialization::Deserialize(stream, CAcertData);
+        m_ca.push_back(CKM::Certificate::create(CAcertData, DataFormat::FORM_DER));
+    }
+}
 
 } // namespace CKM
 
diff --git a/src/manager/common/protocols.h b/src/manager/common/protocols.h
index 302ff54..2de2443 100644
--- a/src/manager/common/protocols.h
+++ b/src/manager/common/protocols.h
@@ -247,20 +247,22 @@ class IStream;
 
 struct COMMON_API PolicySerializable : public Policy, ISerializable {
     PolicySerializable();
+    ~PolicySerializable();
     explicit PolicySerializable(const Policy &);
-    explicit PolicySerializable(IStream &);
     void Serialize(IStream &) const;
+    void Deserialize(IStream &);
 };
 
 struct COMMON_API PKCS12Serializable : public PKCS12Impl, ISerializable {
     PKCS12Serializable();
+    ~PKCS12Serializable();
     explicit PKCS12Serializable(const PKCS12 &);
-    explicit PKCS12Serializable(IStream &);
     PKCS12Serializable(
             const KeyShPtr &privKey,
             const CertificateShPtr &cert,
             const CertificateShPtrVector &chainCerts);
     void Serialize(IStream &) const;
+    void Deserialize(IStream &);
 };
 
 } // namespace CKM
diff --git a/src/manager/dpl/core/include/dpl/serialization.h b/src/manager/dpl/core/include/dpl/serialization.h
index 581fedd..078607d 100644
--- a/src/manager/dpl/core/include/dpl/serialization.h
+++ b/src/manager/dpl/core/include/dpl/serialization.h
@@ -47,6 +47,7 @@ class ISerializable
     /*    ISerializable(){};
      *    ISerializable(IStream&){}; */
     virtual void Serialize(IStream &) const = 0;
+    virtual void Deserialize(IStream &) = 0;
     virtual ~ISerializable(){}
 };
 
@@ -253,12 +254,12 @@ struct Deserialization {
     template <typename T>
     static void Deserialize(IStream& stream, T& object)
     {
-        object = T(stream);
+        object.Deserialize(stream);
     }
     template <typename T>
     static void Deserialize(IStream& stream, T*& object)
     {
-        object = new T(stream);
+        object->Deserialize(stream);
     }
 
     // char
diff --git a/src/manager/dpl/core/src/exception.cpp b/src/manager/dpl/core/src/exception.cpp
index 32d6024..792c97f 100644
--- a/src/manager/dpl/core/src/exception.cpp
+++ b/src/manager/dpl/core/src/exception.cpp
@@ -22,6 +22,7 @@
 #include <stddef.h>
 #include <dpl/exception.h>
 #include <dpl/log/log.h>
+#include <cstdio>
 
 namespace CKM {
 Exception* Exception::m_lastException = NULL;
@@ -30,6 +31,9 @@ void (*Exception::m_terminateHandler)() = NULL;
 
 void LogUnhandledException(const std::string &str)
 {
+    // Logging to console
+    printf("%s\n", str.c_str());
+
     // Logging to dlog
     LogPedantic(str);
 }
@@ -39,6 +43,13 @@ void LogUnhandledException(const std::string &str,
                            int line,
                            const char *function)
 {
+    // Logging to console
+    std::ostringstream msg;
+    msg << "\033[1;5;31m\n=== [" << filename << ":" << line << "] " <<
+    function << " ===\033[m";
+    msg << str;
+    printf("%s\n", msg.str().c_str());
+
     // Logging to dlog
     CKM::Log::LogSystemSingleton::Instance().Log(CKM::Log::AbstractLogProvider::LogLevel::Error,
                                                  str.c_str(),
diff --git a/src/manager/dpl/db/src/sql_connection.cpp b/src/manager/dpl/db/src/sql_connection.cpp
index e71918d..7214a73 100644
--- a/src/manager/dpl/db/src/sql_connection.cpp
+++ b/src/manager/dpl/db/src/sql_connection.cpp
@@ -629,13 +629,13 @@ boost::optional<RawBuffer> SqlConnection::DataCommand::GetColumnOptionalBlob(
     }
     const unsigned char *value = reinterpret_cast<const unsigned char*>(
             sqlcipher3_column_blob(m_stmt, column));
+    if (!value) {
+        return boost::optional<RawBuffer>();
+    }
 
     int length = sqlcipher3_column_bytes(m_stmt, column);
     LogPedantic("Got blob of length: " << length);
 
-    if (!value)
-        return boost::optional<RawBuffer>();
-
     RawBuffer temp(value, value + length);
     return boost::optional<RawBuffer>(temp);
 }
diff --git a/src/manager/dpl/log/src/log.cpp b/src/manager/dpl/log/src/log.cpp
index 1707ebe..d460871 100644
--- a/src/manager/dpl/log/src/log.cpp
+++ b/src/manager/dpl/log/src/log.cpp
@@ -53,9 +53,7 @@ const char * const CONSOLE =  "CONSOLE";
 const char * const DLOG =     "DLOG";
 const char * const JOURNALD = "JOURNALD";
 
-const char * DEFAULT_PROVIDER = "DLOG";
-const char * DEFAULT_LEVEL = "1";
-
+const char * const NO_ENV_SET = "NO_ENV_VARIABLE";
 } // namespace anonymous
 
 LogSystem::LogSystem() : m_providerCtor({
@@ -66,19 +64,17 @@ LogSystem::LogSystem() : m_providerCtor({
             { JOURNALD, []{ return static_cast<AbstractLogProvider*>(new JournalLogProvider()); } }
     })
 {
-    const char *env_level = getenv(CKM_LOG_LEVEL);
-    if (!env_level)
-        env_level = DEFAULT_LEVEL;
-
-    SetLogLevel(env_level);
+    const char* logLevel = getenv(CKM_LOG_LEVEL);
+    if(logLevel == NULL)
+        logLevel = NO_ENV_SET; // To solve a prevent issue
+    SetLogLevel(logLevel);
 
     AbstractLogProvider* prv = NULL;
+    const char* logProvider = getenv(CKM_LOG_PROVIDER);
+    if(logProvider == NULL)
+        logProvider = NO_ENV_SET; // To solve a prevent issue
     try {
-        const char *env_provider = getenv(CKM_LOG_PROVIDER);
-        if (!env_provider)
-            env_provider = DEFAULT_PROVIDER;
-
-        prv = m_providerCtor.at(env_provider)();
+        prv = m_providerCtor.at(logProvider)();
     } catch(const std::exception&) {
         prv = m_providerCtor[DLOG]();
     }
diff --git a/src/manager/listener/listener-thread.cpp b/src/manager/listener/listener-thread.cpp
new file mode 100644
index 0000000..9722e65
--- /dev/null
+++ b/src/manager/listener/listener-thread.cpp
@@ -0,0 +1,159 @@
+/*
+ *  Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License
+ */
+/*
+ * @file        listener-daemon.cpp
+ * @author      Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version     1.0
+ * @brief       Listener daemon handle some events for key-manager.
+ */
+
+#include <fcntl.h>
+#include <unistd.h>
+
+#include <thread>
+#include <glib.h>
+#include <ckm/ckm-control.h>
+#include <ckm/ckm-type.h>
+#include <dlog.h>
+#include <listener-thread.h>
+
+
+#include <map>
+#include <utility>
+#include <string>
+#include <package-manager-zone.h>
+
+#define CKM_LISTENER_TAG "CKM_LISTENER"
+
+#define LISTENER_SLOGD(format, arg...) SLOG(LOG_DEBUG, CKM_LISTENER_TAG, format, ##arg)
+#define LISTENER_SLOGE(format, arg...) SLOG(LOG_ERROR, CKM_LISTENER_TAG, format, ##arg)
+
+namespace { // anonymous namespace
+const char *const ZONE_DEFAULT = "host";
+typedef std::pair<std::string, CKM::Label> PkgmgrEvent;
+typedef std::map<const int, PkgmgrEvent> EventMap;
+
+int _pkgmgr_event_callback(
+    int req_id,
+    const char *pkg_type,
+    const char *pkgid,
+    const char *key,
+    const char *val,
+    const void *pmsg,
+    void *data,
+    const char *zone)
+{
+    (void) pmsg;
+    EventMap *eventMap = static_cast<EventMap *>(data);
+
+    LISTENER_SLOGD(
+        "req_id(%d), pkg_type(%s), pkgid(%s), key(%s), val(%s)",
+        req_id, pkg_type, pkgid, key, val);
+
+    // uninstall package start event
+    if (strncmp(key, "start", strlen(key)) == 0
+     && strncmp(val, "uninstall", strlen(val)) == 0) {
+        if (zone) {
+            eventMap->insert(
+                std::pair<const int, PkgmgrEvent>(
+                    req_id,
+                    PkgmgrEvent(std::string(zone), CKM::Label(pkgid))
+                )
+            );
+        }
+        else {
+            eventMap->insert(
+                std::pair<const int, PkgmgrEvent>(
+                    req_id,
+                    PkgmgrEvent(std::string(ZONE_DEFAULT), CKM::Label(pkgid))
+                )
+            );
+        }
+        return 0;
+    }
+    // uninstall package success event
+    else if (strncmp(key, "end", strlen(key)) == 0
+          && strncmp(val, "ok", strlen(val)) == 0) {
+        EventMap::iterator it;
+        it = eventMap->find(req_id);
+
+        if (it == eventMap->end()) {
+            LISTENER_SLOGE("cannot find req_id(%d) in eventMap. Maybe not in case of uninstallation.", req_id);
+        }
+        else {
+            LISTENER_SLOGD("Uninstallation success. pkgid(%s)", pkgid);
+
+            auto control = CKM::Control::create();
+            int ret = control->removeApplicationData(std::get<0>(it->second), std::get<1>(it->second));
+            if (ret != CKM_API_SUCCESS) {
+                LISTENER_SLOGE("removeApplicationData error. ret(%d)", ret);
+            }
+            eventMap->erase(it);
+        }
+    }
+
+    // zone can be "personal", "knox" or "host".
+    LISTENER_SLOGD("zone_name is (%s)", zone);
+
+    return 0;
+}
+
+int listener_main(GMainLoop *main_loop) {
+    LISTENER_SLOGD("Start!");
+
+    EventMap eventMap;
+    int req_id = 0;
+    pkgmgr_client *client = pkgmgr_client_new(PC_LISTENING);
+    if (client == NULL) {
+        LISTENER_SLOGE("Error in pkgmgr client creation");
+        return -1;
+    }
+
+    req_id = pkgmgr_client_listen_status_with_zone(client, _pkgmgr_event_callback, &eventMap);
+    if (req_id < 0) {
+        LISTENER_SLOGE("Error in pkgmgr callback registeration req_id(%d)", req_id);
+        pkgmgr_client_free(client);
+        return -1;
+    }
+
+    LISTENER_SLOGD("Ready to listen!");
+    g_main_loop_run(main_loop);
+    SLOG(LOG_ERROR, CKM_LISTENER_TAG, "%s", "Listener main loop ended.");
+    return 0;
+}
+
+} // namespace  anonymous
+
+namespace CKM {
+
+ListenerThread::ListenerThread()
+{
+    main_loop = g_main_loop_new(NULL, FALSE);
+}
+
+void ListenerThread::start()
+{
+    SLOG(LOG_INFO, CKM_LISTENER_TAG, "%s", "Listener will start!");
+    std::thread thread(listener_main, main_loop);
+    thread.detach();
+}
+
+ListenerThread::~ListenerThread()
+{
+}
+
+
+} // namespace CKM
diff --git a/src/manager/main/smack-check.h b/src/manager/listener/listener-thread.h
similarity index 50%
rename from src/manager/main/smack-check.h
rename to src/manager/listener/listener-thread.h
index 942578b..657279e 100644
--- a/src/manager/main/smack-check.h
+++ b/src/manager/listener/listener-thread.h
@@ -1,9 +1,5 @@
 /*
- *  ckm-manager
- *
- *  Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- *  Contact: Bumjin Im <bj.im@samsung.com>
+ *  Copyright (c) 2014 Samsung Electronics Co.
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -16,27 +12,34 @@
  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  *  See the License for the specific language governing permissions and
  *  limitations under the License
+ *
+ *
+ * @file        listener-thread.h
+ * @author      Dongseon Lee(ds72.lee@samsung.com)
+ * @version     1.0
+ * @brief       Listener thread header file.
  */
+#pragma once
+
+#include <glib.h>
 
-#ifndef _SMACK_CHECK_H_
-#define _SMACK_CHECK_H_
 
 namespace CKM {
 
-/*
- * A very simple runtime check for SMACK on the platform
- * Returns 1 if SMACK is present, 0 otherwise
- */
+class ListenerThread
+{
+public:
+    ListenerThread();
+    ListenerThread(const ListenerThread &) = delete;
+    ListenerThread(ListenerThread &&) = delete;
+    ListenerThread& operator=(const ListenerThread &) = delete;
+    ListenerThread& operator=(ListenerThread &&) = delete;
+    virtual ~ListenerThread();
 
-int smack_runtime_check(void);
+    virtual void start();
 
-/*
- * A very simple runtime check for SMACK on the platform
- * Returns 1 if SMACK is present, 0 otherwise. If SMACK_ENABLED is not defined
- * It returns 0.
- */
-int smack_check(void);
+private:
+    GMainLoop *main_loop;
+};
 
 } // namespace CKM
-
-#endif // _SMACK_CHECK_H_
diff --git a/src/manager/main/generic-socket-manager.h b/src/manager/main/generic-socket-manager.h
index 5d1521e..abd6260 100644
--- a/src/manager/main/generic-socket-manager.h
+++ b/src/manager/main/generic-socket-manager.h
@@ -45,7 +45,7 @@ namespace CKM {
 typedef int InterfaceID;
 
 struct Credentials {
-    uid_t uid;
+    ClientID clientID;
     Label smackLabel;
 };
 
diff --git a/src/manager/main/key-manager-main.cpp b/src/manager/main/key-manager-main.cpp
index a92f8d3..930e053 100644
--- a/src/manager/main/key-manager-main.cpp
+++ b/src/manager/main/key-manager-main.cpp
@@ -38,6 +38,7 @@
 #include <key-provider.h>
 #include <CryptoService.h>
 #include <file-system.h>
+#include <listener-thread.h>
 
 #define REGISTER_SOCKET_SERVICE(manager, service) \
     registerSocketService<service>(manager, #service)
@@ -97,12 +98,18 @@ int main(void) {
         CKM::CryptoService::initialize();
 
         {
-            LogInfo("Start!");
+            LogInfo("Register socket services!");
             CKM::SocketManager manager;
 
             REGISTER_SOCKET_SERVICE(manager, CKM::CKMService);
             REGISTER_SOCKET_SERVICE(manager, CKM::OCSPService);
 
+            // Start listener thread for listening app unstall events and vconf key change event
+            LogInfo("Start app event listening!");
+            CKM::ListenerThread listener;
+            listener.start();
+
+            LogInfo("Start socket services!");
             manager.MainLoop();
         }
         // Manager has been destroyed and we may close external libraries.
diff --git a/src/manager/main/smack-check.cpp b/src/manager/main/smack-check.cpp
deleted file mode 100644
index ce7899a..0000000
--- a/src/manager/main/smack-check.cpp
+++ /dev/null
@@ -1,34 +0,0 @@
-#include <smack-check.h>
-
-#include <stdlib.h>
-#include <sys/smack.h>
-
-#include <dpl/log/log.h>
-
-namespace CKM {
-
-int smack_runtime_check(void)
-{
-    static int smack_present = -1;
-    if (-1 == smack_present) {
-        if (NULL == smack_smackfs_path()) {
-            LogDebug("no smack found on device");
-            smack_present = 0;
-        } else {
-            LogDebug("found smack on device");
-            smack_present = 1;
-        }
-    }
-    return smack_present;
-}
-
-int smack_check(void)
-{
-#ifndef SMACK_ENABLED
-    return 0;
-#else
-    return smack_runtime_check();
-#endif
-}
-
-} // namespace CKM
diff --git a/src/manager/main/socket-manager.cpp b/src/manager/main/socket-manager.cpp
index 405add5..30acc9f 100644
--- a/src/manager/main/socket-manager.cpp
+++ b/src/manager/main/socket-manager.cpp
@@ -29,11 +29,9 @@
 #include <sys/signalfd.h>
 #include <sys/types.h>
 #include <sys/socket.h>
-#include <sys/smack.h>
 #include <sys/un.h>
 #include <sys/stat.h>
 #include <unistd.h>
-#include <fcntl.h>
 #include <signal.h>
 #include <errno.h>
 #include <time.h>
@@ -44,15 +42,14 @@
 #include <dpl/log/log.h>
 #include <dpl/assert.h>
 
-#include <smack-check.h>
+#include <ckm/ckm-client-info.h>
 #include <socket-manager.h>
 
 namespace {
-
 const time_t SOCKET_TIMEOUT = 1000;
 
-int getCredentialsFromSocket(int sock, CKM::Credentials &cred) {
-    CKM::Credentials credentials;
+int getCredentialsFromSocket(int sock, CKM::Credentials &cred, vsm_context_h &vsmCtx)
+{
     std::vector<char> result(1);
     socklen_t length = 1;
     ucred peerCred;
@@ -80,10 +77,42 @@ int getCredentialsFromSocket(int sock, CKM::Credentials &cred) {
 
     result.push_back('\0');
     cred.smackLabel = result.data();
-    cred.uid = peerCred.uid;
+    if (!vsmCtx) {
+        CKM::ClientInfo clientInfo(peerCred.uid);
+        cred.clientID = clientInfo.getClientID();
+        LogError("vsmCtx == NULL. ClientID[" << cred.clientID << "]");
+    } else {
+        vsm_zone_h _vsm_zone = vsm_lookup_zone_by_pid(vsmCtx, peerCred.pid);
+        if (!_vsm_zone) {
+            if (0 > vsm_cleanup_context(vsmCtx)) {
+                LogError("Failed to vsm_cleanup_context.");
+            } else if (!(vsmCtx = vsm_create_context())) {
+                LogError("Failed to vsm_create_context.");
+                return -1;
+            }
+            LogDebug("Recreate vsm context Success. vsm_lookup_zone_by_pid:[" << peerCred.pid << "] returned NULL");
+            _vsm_zone = vsm_lookup_zone_by_pid(vsmCtx, peerCred.pid);
+
+            if (!_vsm_zone) {
+                LogError("Failed. vsm_zone lookedup by pid:[" << peerCred.pid << "]");
+                vsm_cleanup_context(vsmCtx);
+                vsmCtx = NULL;
+                return -1;
+            }
+            LogDebug("Success. vsm_lookup_zone_by_pid:[" << peerCred.pid << "]");
+        }
+
+        // construct clientInfo with default zone
+        CKM::ClientInfo clientInfo(peerCred.uid);
+
+        if (!vsm_is_host_zone(_vsm_zone))
+            clientInfo = CKM::ClientInfo(std::string(vsm_get_zone_name(_vsm_zone)), peerCred.uid);
+
+        cred.clientID = clientInfo.getClientID();
+        LogDebug("sock[" << sock << "] clientID[" << cred.clientID << "]");
+    }
     return 0;
 }
-
 } // namespace anonymous
 
 namespace CKM {
@@ -172,6 +201,7 @@ SocketManager::CreateDefaultReadSocketDescription(int sock, bool timeout)
 SocketManager::SocketManager()
   : m_maxDesc(0)
   , m_counter(0)
+  , m_vsmCtx(NULL)
 {
     FD_ZERO(&m_readSet);
     FD_ZERO(&m_writeSet);
@@ -202,6 +232,8 @@ SocketManager::SocketManager()
         desc2.service = signalService;
         LogInfo("SignalService mounted on " << filefd << " descriptor");
     }
+    m_vsmCtx = vsm_create_context();
+    // TODO: handle error
 }
 
 SocketManager::~SocketManager() {
@@ -239,7 +271,7 @@ void SocketManager::ReadyForAccept(int sock) {
     }
 
     Credentials peerCred;
-    if (0 > getCredentialsFromSocket(client, peerCred)) {
+    if (0 > getCredentialsFromSocket(client, peerCred, m_vsmCtx)) {
         LogDebug("Error in getCredentialsFromSocket. Socket closed.");
         TEMP_FAILURE_RETRY(close(client));
         return;
@@ -464,78 +496,20 @@ int SocketManager::GetSocketFromSystemD(
         ThrowMsg(Exception::InitFailed, "Error in sd_listend_fds");
     }
 
-    for(fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START+n; ++fd) {
-        if (0 < sd_is_socket_unix(fd, SOCK_STREAM, 1,
-                                  desc.serviceHandlerPath.c_str(), 0))
-        {
+    for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START+n; ++fd) {
+        if (0 < sd_is_socket_unix(fd, SOCK_STREAM, 1, desc.serviceHandlerPath.c_str(), 0)) {
             LogInfo("Useable socket " << desc.serviceHandlerPath <<
                 " was passed by SystemD under descriptor " << fd);
+            if (m_vsmCtx) {
+                int ret = vsm_declare_link(m_vsmCtx, desc.serviceHandlerPath.c_str(), desc.serviceHandlerPath.c_str());
+                if (ret)
+                    LogError("Failed to socket declare link: " << desc.serviceHandlerPath.c_str());
+            }
             return fd;
         }
     }
-    LogError("No useable sockets were passed by systemd.");
-    return -1;
-}
-
-int SocketManager::CreateDomainSocketHelp(
-    const GenericSocketService::ServiceDescription &desc)
-{
-    int sockfd;
-
-    if (-1 == (sockfd = socket(AF_UNIX, SOCK_STREAM, 0))) {
-        int err = errno;
-        LogError("Error in socket: " << GetErrnoString(err));
-        ThrowMsg(Exception::InitFailed, "Error in socket: " << GetErrnoString(err));
-    }
 
-    if (smack_check()) {
-        LogInfo("Set up smack label: " << desc.smackLabel);
-
-        if (0 != smack_fsetlabel(sockfd, desc.smackLabel.c_str(), SMACK_LABEL_IPIN)) {
-            LogError("Error in smack_fsetlabel");
-            ThrowMsg(Exception::InitFailed, "Error in smack_fsetlabel");
-        }
-    } else {
-        LogInfo("No smack on platform. Socket won't be securied with smack label!");
-    }
-
-    int flags;
-    if (-1 == (flags = fcntl(sockfd, F_GETFL, 0)))
-        flags = 0;
-
-    if (-1 == fcntl(sockfd, F_SETFL, flags | O_NONBLOCK)) {
-        int err = errno;
-        close(sockfd);
-        LogError("Error in fcntl: " << GetErrnoString(err));
-        ThrowMsg(Exception::InitFailed, "Error in fcntl: " << GetErrnoString(err));
-    }
-
-    sockaddr_un serverAddress;
-    memset(&serverAddress, 0, sizeof(serverAddress));
-    serverAddress.sun_family = AF_UNIX;
-    strcpy(serverAddress.sun_path, desc.serviceHandlerPath.c_str());
-    unlink(serverAddress.sun_path);
-
-    mode_t originalUmask;
-    originalUmask = umask(0);
-
-    if (-1 == bind(sockfd, (struct sockaddr*)&serverAddress, sizeof(serverAddress))) {
-        int err = errno;
-        close(sockfd);
-        LogError("Error in bind: " << GetErrnoString(err));
-        ThrowMsg(Exception::InitFailed, "Error in bind: " << GetErrnoString(err));
-    }
-
-    umask(originalUmask);
-
-    if (-1 == listen(sockfd, 5)) {
-        int err = errno;
-        close(sockfd);
-        LogError("Error in listen: " << GetErrnoString(err));
-        ThrowMsg(Exception::InitFailed, "Error in listen: " << GetErrnoString(err));
-    }
-
-    return sockfd;
+    ThrowMsg(Exception::GetSystemdSocketFailed, "No useable sockets were passed by systemd.");
 }
 
 void SocketManager::CreateDomainSocket(
@@ -543,8 +517,6 @@ void SocketManager::CreateDomainSocket(
     const GenericSocketService::ServiceDescription &desc)
 {
     int sockfd = GetSocketFromSystemD(desc);
-    if (-1 == sockfd)
-        sockfd = CreateDomainSocketHelp(desc);
 
     auto &description = CreateDefaultReadSocketDescription(sockfd, false);
 
@@ -556,7 +528,9 @@ void SocketManager::CreateDomainSocket(
         " Handler: " << desc.serviceHandlerPath.c_str());
 }
 
-void SocketManager::RegisterSocketService(GenericSocketService *service) {
+void SocketManager::RegisterSocketService(
+    GenericSocketService *service)
+{
     service->SetSocketManager(this);
     auto serviceVector = service->GetServiceDescription();
     Try {
diff --git a/src/manager/main/socket-manager.h b/src/manager/main/socket-manager.h
index 978dbee..230a182 100644
--- a/src/manager/main/socket-manager.h
+++ b/src/manager/main/socket-manager.h
@@ -32,8 +32,9 @@
 #include <mutex>
 #include <thread>
 
-#include <dpl/exception.h>
+#include <vasum.h>
 
+#include <dpl/exception.h>
 #include <generic-socket-manager.h>
 
 namespace CKM {
@@ -44,6 +45,7 @@ public:
     public:
         DECLARE_EXCEPTION_TYPE(CKM::Exception, Base)
         DECLARE_EXCEPTION_TYPE(Base, InitFailed)
+        DECLARE_EXCEPTION_TYPE(Base, GetSystemdSocketFailed)
     };
     SocketManager();
     virtual ~SocketManager();
@@ -58,8 +60,6 @@ protected:
     void CreateDomainSocket(
         GenericSocketService *service,
         const GenericSocketService::ServiceDescription &desc);
-    int CreateDomainSocketHelp(
-        const GenericSocketService::ServiceDescription &desc);
     int GetSocketFromSystemD(
         const GenericSocketService::ServiceDescription &desc);
 
@@ -119,6 +119,7 @@ protected:
     int m_notifyMe[2];
     int m_counter;
     std::priority_queue<Timeout> m_timeoutQueue;
+    vsm_context_h m_vsmCtx;
 };
 
 } // namespace CKM
diff --git a/src/manager/service/CryptoService.cpp b/src/manager/service/CryptoService.cpp
index c57c840..15f5081 100644
--- a/src/manager/service/CryptoService.cpp
+++ b/src/manager/service/CryptoService.cpp
@@ -28,6 +28,8 @@
 #define OPENSSL_SUCCESS 1       // DO NOTCHANGE THIS VALUE
 #define OPENSSL_FAIL    0       // DO NOTCHANGE THIS VALUE
 
+#define RAND_READ_BYTES 32
+
 namespace CKM {
 
 CryptoService::CryptoService(){
@@ -38,30 +40,22 @@ CryptoService::~CryptoService(){
 
 
 
-int CryptoService::initialize() {
-    int hw_rand_ret = 0;
-    int u_rand_ret = 0;
-
+void CryptoService::initialize() {
     // try to initialize using ERR_load_crypto_strings and OpenSSL_add_all_algorithms
     ERR_load_crypto_strings();
     OpenSSL_add_all_algorithms();
 
     // initialize entropy
     std::ifstream ifile(DEV_HW_RANDOM_FILE);
-    if(ifile.is_open()) {
-        u_rand_ret= RAND_load_file(DEV_HW_RANDOM_FILE, 32);
-    }
-    if(u_rand_ret != 32 ){
-        LogError("Error in HW_RAND file load");
-        hw_rand_ret = RAND_load_file(DEV_URANDOM_FILE, 32);
 
-        if(hw_rand_ret != 32) {
-            LogError("Error in U_RAND_file_load");
-            ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in U_RAND_file_load");
-        }
-    }
-
-    return CKM_CRYPTO_INIT_SUCCESS;
+    if (ifile.is_open()
+        && (RAND_READ_BYTES == RAND_load_file(DEV_HW_RANDOM_FILE, RAND_READ_BYTES)))
+        LogDebug("Success to read from [" << DEV_HW_RANDOM_FILE << "]");
+    else if (RAND_READ_BYTES == RAND_load_file(DEV_URANDOM_FILE, RAND_READ_BYTES))
+        LogDebug("Success to read from [" << DEV_URANDOM_FILE << "]");
+    else
+        ThrowMsg(CryptoService::Exception::Crypto_internal,
+            "Error in U_RAND_file_load");
 }
 
 const EVP_MD *CryptoService::getMdAlgo(const HashAlgorithm hashAlgo) {
@@ -188,111 +182,111 @@ int CryptoService::createKeyPairRSA(const int size, // size in bits [1024, 2048,
 
 
 int CryptoService::createKeyPairDSA(const int size, // size in bits [1024, 2048, 3072, 4096]
-		KeyImpl &createdPrivateKey,  // returned value
-		KeyImpl &createdPublicKey)  // returned value
+        KeyImpl &createdPrivateKey,  // returned value
+        KeyImpl &createdPublicKey)  // returned value
 {
-	EVP_PKEY_CTX *pctx = NULL;
-	EVP_PKEY_CTX *kctx = NULL;
-	EVP_PKEY *pkey = NULL;
-	EVP_PKEY *pparam = NULL;
-
-	// check the parameters of functions
-	if(size != 1024 && size !=2048 && size !=3072 && size != 4096) {
-		LogError("Error in DSA input size");
-		ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in DSA input size");
-	}
-
-	// check the parameters of functions
-	if(&createdPrivateKey == NULL) {
-		LogError("Error in createdPrivateKey value");
-		ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in createdPrivateKey value");
-	}
-
-	// check the parameters of functions
-	if(&createdPublicKey == NULL) {
-		LogError("Error in createdPrivateKey value");
-		ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in createdPublicKey value");
-	}
-
-	Try {
-		/* Create the context for generating the parameters */
-		if(!(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DSA, NULL))) {
-			LogError("Error in EVP_PKEY_CTX_new_id function");
-			ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_new_id function");
-		}
-
-		if(EVP_SUCCESS != EVP_PKEY_paramgen_init(pctx)) {
-			LogError("Error in EVP_PKEY_paramgen_init function");
-			ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_paramgen_init function");
-		}
-
-		if(EVP_SUCCESS != EVP_PKEY_CTX_set_dsa_paramgen_bits(pctx, size)) {
-			LogError("Error in EVP_PKEY_CTX_set_dsa_paramgen_bits(" << size << ") function");
-			ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_set_dsa_paramgen_bits(" << size << ") function");
-		}
-
-		/* Generate parameters */
-		if(EVP_SUCCESS != EVP_PKEY_paramgen(pctx, &pparam)) {
-			LogError("Error in EVP_PKEY_paramgen function");
-			ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_paramgen function");
-		}
-
-		// Start to generate key
-		if(!(kctx = EVP_PKEY_CTX_new(pparam, NULL))) {
-			LogError("Error in EVP_PKEY_CTX_new function");
-			ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_new function");
-		}
-
-		if(EVP_SUCCESS != EVP_PKEY_keygen_init(kctx)) {
-			LogError("Error in EVP_PKEY_keygen_init function");
-			ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_keygen_init function");
-		}
-
-		/* Generate the key */
-		if(EVP_SUCCESS != EVP_PKEY_keygen(kctx, &pkey)) {
-			LogError("Error in EVP_PKEY_keygen function");
-			ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_keygen function");
-		}
-	}
-	Catch(CryptoService::Exception::opensslError)
-	{
-		if(pkey) {
-			EVP_PKEY_free(pkey);
-		}
-
-		if(pparam) {
-			EVP_PKEY_free(pparam);
-		}
-
-		if(pctx) {
-			EVP_PKEY_CTX_free(pctx);
-		}
-
-		if(kctx) {
-			EVP_PKEY_CTX_free(kctx);
-		}
-
-		ReThrowMsg(CryptoService::Exception::opensslError,"Error in openssl function !!");
-	}
-
-	KeyImpl::EvpShPtr ptr(pkey, EVP_PKEY_free); // shared ptr will free pkey
-
-	createdPrivateKey = KeyImpl(ptr, KeyType::KEY_DSA_PRIVATE);
-	createdPublicKey = KeyImpl(ptr, KeyType::KEY_DSA_PUBLIC);
-
-	if(pparam) {
-		EVP_PKEY_free(pparam);
-	}
-
-	if(pctx) {
-		EVP_PKEY_CTX_free(pctx);
-	}
-
-	if(kctx) {
-		EVP_PKEY_CTX_free(kctx);
-	}
-
-	return CKM_CRYPTO_CREATEKEY_SUCCESS;
+    EVP_PKEY_CTX *pctx = NULL;
+    EVP_PKEY_CTX *kctx = NULL;
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY *pparam = NULL;
+
+    // check the parameters of functions
+    if(size != 1024 && size !=2048 && size !=3072 && size != 4096) {
+        LogError("Error in DSA input size");
+        ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in DSA input size");
+    }
+
+    // check the parameters of functions
+    if(&createdPrivateKey == NULL) {
+        LogError("Error in createdPrivateKey value");
+        ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in createdPrivateKey value");
+    }
+
+    // check the parameters of functions
+    if(&createdPublicKey == NULL) {
+        LogError("Error in createdPrivateKey value");
+        ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in createdPublicKey value");
+    }
+
+    Try {
+        /* Create the context for generating the parameters */
+        if(!(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DSA, NULL))) {
+            LogError("Error in EVP_PKEY_CTX_new_id function");
+            ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_new_id function");
+        }
+
+        if(EVP_SUCCESS != EVP_PKEY_paramgen_init(pctx)) {
+            LogError("Error in EVP_PKEY_paramgen_init function");
+            ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_paramgen_init function");
+        }
+
+        if(EVP_SUCCESS != EVP_PKEY_CTX_set_dsa_paramgen_bits(pctx, size)) {
+            LogError("Error in EVP_PKEY_CTX_set_dsa_paramgen_bits(" << size << ") function");
+            ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_set_dsa_paramgen_bits(" << size << ") function");
+        }
+
+        /* Generate parameters */
+        if(EVP_SUCCESS != EVP_PKEY_paramgen(pctx, &pparam)) {
+            LogError("Error in EVP_PKEY_paramgen function");
+            ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_paramgen function");
+        }
+
+        // Start to generate key
+        if(!(kctx = EVP_PKEY_CTX_new(pparam, NULL))) {
+            LogError("Error in EVP_PKEY_CTX_new function");
+            ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_new function");
+        }
+
+        if(EVP_SUCCESS != EVP_PKEY_keygen_init(kctx)) {
+            LogError("Error in EVP_PKEY_keygen_init function");
+            ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_keygen_init function");
+        }
+
+        /* Generate the key */
+        if(EVP_SUCCESS != EVP_PKEY_keygen(kctx, &pkey)) {
+            LogError("Error in EVP_PKEY_keygen function");
+            ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_keygen function");
+        }
+    }
+    Catch(CryptoService::Exception::opensslError)
+    {
+        if(pkey) {
+            EVP_PKEY_free(pkey);
+        }
+
+        if(pparam) {
+            EVP_PKEY_free(pparam);
+        }
+
+        if(pctx) {
+            EVP_PKEY_CTX_free(pctx);
+        }
+
+        if(kctx) {
+            EVP_PKEY_CTX_free(kctx);
+        }
+
+        ReThrowMsg(CryptoService::Exception::opensslError,"Error in openssl function !!");
+    }
+
+    KeyImpl::EvpShPtr ptr(pkey, EVP_PKEY_free); // shared ptr will free pkey
+
+    createdPrivateKey = KeyImpl(ptr, KeyType::KEY_DSA_PRIVATE);
+    createdPublicKey = KeyImpl(ptr, KeyType::KEY_DSA_PUBLIC);
+
+    if(pparam) {
+        EVP_PKEY_free(pparam);
+    }
+
+    if(pctx) {
+        EVP_PKEY_CTX_free(pctx);
+    }
+
+    if(kctx) {
+        EVP_PKEY_CTX_free(kctx);
+    }
+
+    return CKM_CRYPTO_CREATEKEY_SUCCESS;
 }
 
 
diff --git a/src/manager/service/CryptoService.h b/src/manager/service/CryptoService.h
index 6828ddb..3ab24c2 100644
--- a/src/manager/service/CryptoService.h
+++ b/src/manager/service/CryptoService.h
@@ -23,7 +23,6 @@
 #define EVP_SUCCESS 1	// DO NOTCHANGE THIS VALUE
 #define EVP_FAIL    0	// DO NOTCHANGE THIS VALUE
 
-#define CKM_CRYPTO_INIT_SUCCESS 1
 #define CKM_CRYPTO_CREATEKEY_SUCCESS 2
 #define CKM_VERIFY_CHAIN_SUCCESS 5
 #define NOT_DEFINED -1
@@ -48,7 +47,7 @@ public:
     // And system certificates are loaded in the memory during initialization.
     //    FIPS_MODE - ON, OFF(Default)
     //    antropy source - /dev/random,/dev/urandom(Default)
-    static int initialize();
+    static void initialize();
 
     static int createKeyPairRSA(const int size,      // size in bits [1024, 2048, 4096]
                         KeyImpl &createdPrivateKey,  // returned value ==> Key &createdPrivateKey,
diff --git a/src/manager/service/access-control.cpp b/src/manager/service/access-control.cpp
index 009e7f6..356cd97 100644
--- a/src/manager/service/access-control.cpp
+++ b/src/manager/service/access-control.cpp
@@ -30,9 +30,7 @@ namespace CKM {
 void AccessControl::updateCCMode() {
     int fipsModeStatus = 0;
     int rc = 0;
-    bool newMode;
-
-    newMode = false;
+    bool newMode = false;
 
     if (newMode == m_ccMode)
         return;
@@ -41,17 +39,17 @@ void AccessControl::updateCCMode() {
 
     fipsModeStatus = FIPS_mode();
 
-    if(m_ccMode) {
-        if(fipsModeStatus == 0) { // If FIPS mode off
+    if (m_ccMode) {
+        if (fipsModeStatus == 0) { // If FIPS mode off
             rc = FIPS_mode_set(1); // Change FIPS_mode from off to on
-            if(rc == 0) {
+            if (rc == 0) {
                 LogError("Error in FIPS_mode_set function");
             }
         }
     } else {
-        if(fipsModeStatus == 1) { // If FIPS mode on
+        if (fipsModeStatus == 1) { // If FIPS mode on
             rc = FIPS_mode_set(0); // Change FIPS_mode from on to off
-            if(rc == 0) {
+            if (rc == 0) {
                 LogError("Error in FIPS_mode_set function");
             }
         }
diff --git a/src/manager/service/certificate-store.cpp b/src/manager/service/certificate-store.cpp
index 565f4fd..47e0be6 100644
--- a/src/manager/service/certificate-store.cpp
+++ b/src/manager/service/certificate-store.cpp
@@ -111,6 +111,8 @@ int CertificateStore::verifyCertificate(
 
     switch (result) {
     case 0:
+        ret = X509_STORE_CTX_get_error(csc.get());
+        LogError("verify error[" << ret << "]: " << X509_verify_cert_error_string(ret));
         return CKM_API_ERROR_VERIFICATION_FAILED;
     case 1:
         return CKM_API_SUCCESS;
diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp
index b324a20..e3b4544 100644
--- a/src/manager/service/ckm-logic.cpp
+++ b/src/manager/service/ckm-logic.cpp
@@ -60,20 +60,40 @@ CKMLogic::CKMLogic()
 
 CKMLogic::~CKMLogic(){}
 
-void CKMLogic::loadDKEKFile(uid_t user, const Password &password, bool apiReq) {
-    auto &handle = m_userDataMap[user];
+void CKMLogic::loadDKEKFile(
+    const ClientID &clientID,
+    const Password &password,
+    bool apiReq)
+{
+    auto &handle = m_userDataMap[clientID];
 
-    FileSystem fs(user);
+    FileSystem fs(clientID);
 
     auto wrappedDKEKMain = fs.getDKEK();
     auto wrappedDKEKBackup = fs.getDKEKBackup();
 
+#ifdef PASSWORD_PROTECTION_DISABLE
+    if (wrappedDKEKMain.empty()) {
+        wrappedDKEKMain = KeyProvider::generateDomainKEK(clientID, Password(""));
+        fs.saveDKEK(wrappedDKEKMain);
+    }
+
+    try{
+        chooseDKEKFile(handle, Password(""), wrappedDKEKMain, wrappedDKEKBackup);
+    } catch (const KeyProvider::Exception::Base &e) {
+        chooseDKEKFile(handle, password, wrappedDKEKMain, wrappedDKEKBackup);
+        fs.saveDKEK(handle.keyProvider.getWrappedDomainKEK(Password("")));
+        handle.isMainDKEK = true;
+        LogInfo("Password Protected DB was migrated to Password Protection Disabled DB.");
+    }
+#else
     if (wrappedDKEKMain.empty()) {
-        wrappedDKEKMain = KeyProvider::generateDomainKEK(std::to_string(user), password);
+        wrappedDKEKMain = KeyProvider::generateDomainKEK(clientID, password);
         fs.saveDKEK(wrappedDKEKMain);
     }
 
     chooseDKEKFile(handle, password, wrappedDKEKMain, wrappedDKEKBackup);
+#endif
 
     if (!password.empty() || apiReq) {
         handle.isDKEKConfirmed = true;
@@ -103,10 +123,10 @@ void CKMLogic::chooseDKEKFile(
     }
 }
 
-void CKMLogic::saveDKEKFile(uid_t user, const Password &password) {
-    auto &handle = m_userDataMap[user];
+void CKMLogic::saveDKEKFile(const ClientID &clientID, const Password &password) {
+    auto &handle = m_userDataMap[clientID];
 
-    FileSystem fs(user);
+    FileSystem fs(clientID);
     if (handle.isMainDKEK)
         fs.createDKEKBackup();
 
@@ -116,20 +136,24 @@ void CKMLogic::saveDKEKFile(uid_t user, const Password &password) {
     handle.isDKEKConfirmed = false;
 }
 
-RawBuffer CKMLogic::unlockUserKey(uid_t user, const Password &password, bool apiRequest) {
+RawBuffer CKMLogic::unlockUserKey(
+    const ClientID &clientID,
+    const Password &password,
+    bool apiRequest)
+{
     int retCode = CKM_API_SUCCESS;
 
     try {
-        if (0 == m_userDataMap.count(user) || !(m_userDataMap[user].keyProvider.isInitialized())) {
-            auto &handle = m_userDataMap[user];
-            FileSystem fs(user);
+        if (0 == m_userDataMap.count(clientID) || !(m_userDataMap[clientID].keyProvider.isInitialized())) {
+            auto &handle = m_userDataMap[clientID];
+            FileSystem fs(clientID);
 
-            loadDKEKFile(user, password, apiRequest);
+            loadDKEKFile(clientID, password, apiRequest);
 
             auto wrappedDatabaseDEK = fs.getDBDEK();
 
             if (wrappedDatabaseDEK.empty()) {
-                wrappedDatabaseDEK = handle.keyProvider.generateDEK(std::to_string(user));
+                wrappedDatabaseDEK = handle.keyProvider.generateDEK(clientID);
                 fs.saveDBDEK(wrappedDatabaseDEK);
             }
 
@@ -140,11 +164,12 @@ RawBuffer CKMLogic::unlockUserKey(uid_t user, const Password &password, bool api
             // remove data of removed apps during locked state
             AppLabelVector removedApps = fs.clearRemovedsApps();
             for(auto& appSmackLabel : removedApps) {
+                handle.crypto.removeKey(appSmackLabel);
                 handle.database.deleteKey(appSmackLabel);
             }
-        } else if (apiRequest == true && m_userDataMap[user].isDKEKConfirmed == false) {
+        } else if (apiRequest == true && m_userDataMap[clientID].isDKEKConfirmed == false) {
             // now we will try to choose the DKEK key and remove old one
-            loadDKEKFile(user, password, apiRequest);
+            loadDKEKFile(clientID, password, apiRequest);
         }
     } catch (const KeyProvider::Exception::PassWordError &e) {
         LogError("Incorrect Password " << e.GetMessage());
@@ -166,7 +191,7 @@ RawBuffer CKMLogic::unlockUserKey(uid_t user, const Password &password, bool api
     if(retCode != CKM_API_SUCCESS) {
         // When not successful, UserData in m_userDataMap should be erased.
         // Because other operations make decision based on the existence of UserData in m_userDataMap.
-        m_userDataMap.erase(user);
+        m_userDataMap.erase(clientID);
     }
 
     return MessageBuffer::Serialize(retCode).Pop();
@@ -177,35 +202,47 @@ RawBuffer CKMLogic::updateCCMode() {
     return MessageBuffer::Serialize(CKM_API_SUCCESS).Pop();
 }
 
-RawBuffer CKMLogic::lockUserKey(uid_t user) {
+RawBuffer CKMLogic::lockUserKey(const ClientID &clientID) {
     int retCode = CKM_API_SUCCESS;
     // TODO try catch for all errors that should be supported by error code
-    m_userDataMap.erase(user);
+
+#ifdef PASSWORD_PROTECTION_DISABLE
+    (void) clientID;
+#else
+    m_userDataMap.erase(clientID);
+#endif
 
     return MessageBuffer::Serialize(retCode).Pop();
 
 }
 
-RawBuffer CKMLogic::removeUserData(uid_t user) {
+RawBuffer CKMLogic::removeUserData(const ClientID &clientID) {
     int retCode = CKM_API_SUCCESS;
     // TODO try catch for all errors that should be supported by error code
-    m_userDataMap.erase(user);
 
-    FileSystem fs(user);
+    m_userDataMap.erase(clientID);
+
+    FileSystem fs(clientID);
     fs.removeUserData();
 
     return MessageBuffer::Serialize(retCode).Pop();
 }
 
 RawBuffer CKMLogic::changeUserPassword(
-    uid_t user,
+    const ClientID &clientID,
     const Password &oldPassword,
     const Password &newPassword)
 {
     int retCode = CKM_API_SUCCESS;
+
+#ifdef PASSWORD_PROTECTION_DISABLE
+    (void) clientID;
+    (void) oldPassword;
+    (void) newPassword;
+#else
     try {
-        loadDKEKFile(user, oldPassword, true);
-        saveDKEKFile(user, newPassword);
+        loadDKEKFile(clientID, oldPassword, true);
+        saveDKEKFile(clientID, newPassword);
     } catch (const KeyProvider::Exception::PassWordError &e) {
         LogError("Incorrect Password " << e.GetMessage());
         retCode = CKM_API_ERROR_AUTHENTICATION_FAILED;
@@ -219,25 +256,29 @@ RawBuffer CKMLogic::changeUserPassword(
         LogError("CKM::Exception: " << e.GetMessage());
         retCode = CKM_API_ERROR_SERVER_ERROR;
     }
+#endif
 
     return MessageBuffer::Serialize(retCode).Pop();
 }
 
 RawBuffer CKMLogic::resetUserPassword(
-    uid_t user,
+    const ClientID &clientID,
     const Password &newPassword)
 {
     int retCode = CKM_API_SUCCESS;
-
+#ifdef PASSWORD_PROTECTION_DISABLE
+    (void) clientID;
+    (void) newPassword;
+#else
     try {
-        if (0 == m_userDataMap.count(user)) {
+        if (0 == m_userDataMap.count(clientID)) {
             // Check if key exists. If exists we must return error
-            FileSystem fs(user);
+            FileSystem fs(clientID);
             auto wrappedDKEKMain = fs.getDKEK();
             if (!wrappedDKEKMain.empty())
                 retCode = CKM_API_ERROR_BAD_REQUEST;
         } else {
-            saveDKEKFile(user, newPassword);
+            saveDKEKFile(clientID, newPassword);
         }
     } catch (const FileSystem::Exception::Base &e) {
         LogError("Error in FileSystem " << e.GetMessage());
@@ -246,30 +287,30 @@ RawBuffer CKMLogic::resetUserPassword(
         LogError("CKM::Exception: " << e.GetMessage());
         retCode = CKM_API_ERROR_SERVER_ERROR;
     }
+#endif
 
     return MessageBuffer::Serialize(retCode).Pop();
 }
 
-RawBuffer CKMLogic::removeApplicationData(const Label &smackLabel) {
+RawBuffer CKMLogic::removeApplicationData(const std::string &zone, const Label &smackLabel) {
     int retCode = CKM_API_SUCCESS;
 
     try {
-
         if (smackLabel.empty()) {
             retCode = CKM_API_ERROR_INPUT_PARAM;
         } else {
-            UidVector uids = FileSystem::getUIDsFromDBFile();
-            for (auto userId : uids) {
-                if (0 == m_userDataMap.count(userId)) {
-                    FileSystem fs(userId);
+            ClientIDVector clientIDVec = FileSystem::getClientIDsFromDBFile(zone);
+            for (auto clientID : clientIDVec) {
+                if (0 == m_userDataMap.count(clientID)) {
+                    FileSystem fs(clientID);
                     fs.addRemovedApp(smackLabel);
                 } else {
-                    auto &handle = m_userDataMap[userId];
+                    auto &handle = m_userDataMap[clientID];
+                    handle.crypto.removeKey(smackLabel);
                     handle.database.deleteKey(smackLabel);
                 }
             }
         }
-
     } catch (const DB::Crypto::Exception::InternalError &e) {
         LogError("DB::Crypto couldn't remove data: " << e.GetMessage());
         retCode = CKM_API_ERROR_DB_ERROR;
@@ -298,7 +339,6 @@ int CKMLogic::checkSaveConditions(
         LogWarning("Invalid parameter passed to key-manager");
         return CKM_API_ERROR_INPUT_PARAM;
     }
-
     // check if allowed to save using ownerLabel
     int access_ec = m_accessControl.canSave(ownerLabel, cred.smackLabel);
     if(access_ec != CKM_API_SUCCESS)
@@ -387,7 +427,7 @@ RawBuffer CKMLogic::saveData(
     const PolicySerializable &policy)
 {
     int retCode;
-    if (0 == m_userDataMap.count(cred.uid))
+    if (0 == m_userDataMap.count(cred.clientID))
         retCode = CKM_API_ERROR_DB_LOCKED;
     else
     {
@@ -481,7 +521,7 @@ RawBuffer CKMLogic::savePKCS12(
     const PolicySerializable &certPolicy)
 {
     int retCode;
-    if (0 == m_userDataMap.count(cred.uid))
+    if (0 == m_userDataMap.count(cred.clientID))
         retCode = CKM_API_ERROR_DB_LOCKED;
     else
     {
@@ -517,7 +557,7 @@ int CKMLogic::removeDataHelper(
         const Name &name,
         const Label &ownerLabel)
 {
-    if (0 == m_userDataMap.count(cred.uid))
+    if (0 == m_userDataMap.count(cred.clientID))
         return CKM_API_ERROR_DB_LOCKED;
 
     if (!isNameValid(name) || !isLabelValid(ownerLabel)) {
@@ -525,7 +565,7 @@ int CKMLogic::removeDataHelper(
         return CKM_API_ERROR_INPUT_PARAM;
     }
 
-    auto &database = m_userDataMap[cred.uid].database;
+    auto &database = m_userDataMap[cred.clientID].database;
     DB::Crypto::Transaction transaction(&database);
 
     // read and check permissions
@@ -584,14 +624,14 @@ int CKMLogic::readSingleRow(const Name &name,
     {
         // read all key types
         row_optional = database.getRow(name,
-                                         ownerLabel,
-                                         DataType::DB_KEY_FIRST,
-                                         DataType::DB_KEY_LAST);
+                                       ownerLabel,
+                                       DataType::DB_KEY_FIRST,
+                                       DataType::DB_KEY_LAST);
     } else {
         // read anything else
         row_optional = database.getRow(name,
-                                         ownerLabel,
-                                         dataType);
+                                       ownerLabel,
+                                       dataType);
     }
 
     if(!row_optional) {
@@ -604,7 +644,6 @@ int CKMLogic::readSingleRow(const Name &name,
     return CKM_API_SUCCESS;
 }
 
-
 int CKMLogic::readMultiRow(const Name &name,
                            const Label &ownerLabel,
                            DataType dataType,
@@ -615,31 +654,35 @@ int CKMLogic::readMultiRow(const Name &name,
     {
         // read all key types
         database.getRows(name,
-                          ownerLabel,
-                          DataType::DB_KEY_FIRST,
-                          DataType::DB_KEY_LAST,
-                          output);
+                         ownerLabel,
+                         DataType::DB_KEY_FIRST,
+                         DataType::DB_KEY_LAST,
+                         output);
     }
     else if (dataType.isChainCert())
     {
         // read all key types
         database.getRows(name,
-                          ownerLabel,
-                          DataType::DB_CHAIN_FIRST,
-                          DataType::DB_CHAIN_LAST,
-                          output);
+                         ownerLabel,
+                         DataType::DB_CHAIN_FIRST,
+                         DataType::DB_CHAIN_LAST,
+                         output);
     }
     else
     {
         // read anything else
         database.getRows(name,
-                          ownerLabel,
-                          dataType,
-                          output);
+                         ownerLabel,
+                         dataType,
+                         output);
     }
 
     if(!output.size()) {
-        LogError("No row for given name, label and type");
+        /*
+         *  readMultiRow is only used to get row which cannot exist
+         *  So, it shouldn't print error log
+         */
+        LogDebug("No row for given name, label and type");
         return CKM_API_ERROR_DB_ALIAS_UNKNOWN;
     }
 
@@ -670,7 +713,7 @@ int CKMLogic::readDataHelper(
     const Password &password,
     DB::RowVector &rows)
 {
-    if (0 == m_userDataMap.count(cred.uid))
+    if (0 == m_userDataMap.count(cred.clientID))
         return CKM_API_ERROR_DB_LOCKED;
 
     // use client label if not explicitly provided
@@ -679,7 +722,7 @@ int CKMLogic::readDataHelper(
     if (!isNameValid(name) || !isLabelValid(ownerLabel))
         return CKM_API_ERROR_INPUT_PARAM;
 
-    auto &handler = m_userDataMap[cred.uid];
+    auto &handler = m_userDataMap[cred.clientID];
 
     // read rows
     DB::Crypto::Transaction transaction(&handler.database);
@@ -722,7 +765,7 @@ int CKMLogic::readDataHelper(
     const Password &password,
     DB::Row &row)
 {
-    if (0 == m_userDataMap.count(cred.uid))
+    if (0 == m_userDataMap.count(cred.clientID))
         return CKM_API_ERROR_DB_LOCKED;
 
     // use client label if not explicitly provided
@@ -731,7 +774,7 @@ int CKMLogic::readDataHelper(
     if (!isNameValid(name) || !isLabelValid(ownerLabel))
         return CKM_API_ERROR_INPUT_PARAM;
 
-    auto &handler = m_userDataMap[cred.uid];
+    auto &handler = m_userDataMap[cred.clientID];
 
     // read row
     DB::Crypto::Transaction transaction(&handler.database);
@@ -900,8 +943,8 @@ RawBuffer CKMLogic::getDataList(
     int retCode = CKM_API_SUCCESS;
     LabelNameVector labelNameVector;
 
-    if (0 < m_userDataMap.count(cred.uid)) {
-        auto &database = m_userDataMap[cred.uid].database;
+    if (0 < m_userDataMap.count(cred.clientID)) {
+        auto &database = m_userDataMap[cred.clientID].database;
 
         Try {
             if (dataType.isKey()) {
@@ -941,7 +984,7 @@ int CKMLogic::saveDataHelper(
     const RawBuffer &data,
     const PolicySerializable &policy)
 {
-    auto &handler = m_userDataMap[cred.uid];
+    auto &handler = m_userDataMap[cred.clientID];
 
     // use client label if not explicitly provided
     const Label &ownerLabel = label.empty() ? cred.smackLabel : label;
@@ -968,7 +1011,7 @@ int CKMLogic::saveDataHelper(
     const PolicySerializable &keyPolicy,
     const PolicySerializable &certPolicy)
 {
-    auto &handler = m_userDataMap[cred.uid];
+    auto &handler = m_userDataMap[cred.clientID];
 
     // use client label if not explicitly provided
     const Label &ownerLabel = label.empty() ? cred.smackLabel : label;
@@ -1004,7 +1047,7 @@ int CKMLogic::createKeyPairHelper(
     const PolicySerializable &policyPrivate,
     const PolicySerializable &policyPublic)
 {
-    if (0 == m_userDataMap.count(cred.uid))
+    if (0 == m_userDataMap.count(cred.clientID))
         return CKM_API_ERROR_DB_LOCKED;
 
     KeyImpl prv, pub;
@@ -1036,7 +1079,7 @@ int CKMLogic::createKeyPairHelper(
         return CKM_API_ERROR_SERVER_ERROR; // TODO error code
     }
 
-    auto &database = m_userDataMap[cred.uid].database;
+    auto &database = m_userDataMap[cred.clientID].database;
     DB::Crypto::Transaction transaction(&database);
 
     retCode = saveDataHelper(cred,
@@ -1249,7 +1292,8 @@ RawBuffer CKMLogic::getCertificateChain(
     auto response = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_CHAIN_CERT),
                                              commandId,
                                              retCode,
-                                             chainRawVector);
+                                             chainRawVector,
+                                             m_accessControl.isCCMode());
     return response.Pop();
 }
 
@@ -1290,7 +1334,8 @@ RawBuffer CKMLogic::getCertificateChain(
     auto response = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_CHAIN_ALIAS),
                                              commandId,
                                              retCode,
-                                             chainRawVector);
+                                             chainRawVector,
+                                             m_accessControl.isCCMode());
     return response.Pop();
 }
 
@@ -1360,22 +1405,46 @@ RawBuffer CKMLogic::verifySignature(
     try {
         do {
             CryptoService cs;
+            DB::RowVector rowVec;
             DB::Row row;
             KeyImpl key;
 
             // try certificate first - looking for a public key.
             // in case of PKCS, pub key from certificate will be found first
             // rather than private key from the same PKCS.
-            retCode = readDataHelper(false, cred, DataType::CERTIFICATE, publicKeyOrCertName, ownerLabel, password, row);
-            if (retCode == CKM_API_SUCCESS) {
-                CertificateImpl cert(row.data, DataFormat::FORM_DER);
+            retCode = readDataHelper(
+                    false,
+                    cred,
+                    DataType::CERTIFICATE,
+                    publicKeyOrCertName,
+                    ownerLabel,
+                    password,
+                    rowVec);
+
+            // output cannot be more than 1
+            if (rowVec.size() > 1) {
+                ThrowMsg(CKM::Exception,
+                    "More than one certificate mapped to a label[" << ownerLabel << "]");
+            }
+            else if (retCode == CKM_API_SUCCESS && rowVec.size() == 1) {
+                CertificateImpl cert(rowVec[0].data, DataFormat::FORM_DER);
                 key = cert.getKeyImpl();
-            } else if (retCode == CKM_API_ERROR_DB_ALIAS_UNKNOWN) {
-                retCode = readDataHelper(false, cred, DataType::DB_KEY_FIRST, publicKeyOrCertName, ownerLabel, password, row);
+            }
+            else if (retCode == CKM_API_ERROR_DB_ALIAS_UNKNOWN && rowVec.size() == 0) {
+                retCode = readDataHelper(
+                        false,
+                        cred,
+                        DataType::DB_KEY_FIRST,
+                        publicKeyOrCertName,
+                        ownerLabel,
+                        password,
+                        row);
+
                 if (retCode != CKM_API_SUCCESS)
                     break;
                 key = KeyImpl(row.data);
-            } else {
+            }
+            else {
                 break;
             }
 
@@ -1441,11 +1510,10 @@ int CKMLogic::setPermissionHelper(
     int access_ec = m_accessControl.canModify(ownerLabel, cred.smackLabel);
     if(access_ec != CKM_API_SUCCESS)
         return access_ec;
-
-    if (0 == m_userDataMap.count(cred.uid))
+    if (0 == m_userDataMap.count(cred.clientID))
         return CKM_API_ERROR_DB_LOCKED;
 
-    auto &database = m_userDataMap[cred.uid].database;
+    auto &database = m_userDataMap[cred.clientID].database;
     DB::Crypto::Transaction transaction(&database);
 
     if( !database.isNameLabelPresent(name, ownerLabel) )
diff --git a/src/manager/service/ckm-logic.h b/src/manager/service/ckm-logic.h
index 912f44c..dc66322 100644
--- a/src/manager/service/ckm-logic.h
+++ b/src/manager/service/ckm-logic.h
@@ -59,22 +59,23 @@ public:
     CKMLogic& operator=(CKMLogic &&) = delete;
     virtual ~CKMLogic();
 
-    RawBuffer unlockUserKey(uid_t user, const Password &password, bool apiRequest = true);
+    RawBuffer unlockUserKey(const ClientID &clientID, const Password &password, bool apiRequest = true);
 
-    RawBuffer lockUserKey(uid_t user);
+    RawBuffer lockUserKey(const ClientID &clientID);
 
-    RawBuffer removeUserData(uid_t user);
+    RawBuffer removeUserData(const ClientID &clientID);
 
     RawBuffer changeUserPassword(
-        uid_t user,
+        const ClientID &clientID,
         const Password &oldPassword,
         const Password &newPassword);
 
     RawBuffer resetUserPassword(
-        uid_t user,
+        const ClientID &clientID,
         const Password &newPassword);
 
     RawBuffer removeApplicationData(
+        const std::string &zone,
         const Label &smackLabel);
 
     RawBuffer saveData(
@@ -185,7 +186,7 @@ public:
 private:
 
     void loadDKEKFile(
-        uid_t user,
+        const ClientID &clientID,
         const Password &password,
         bool apiReq);
 
@@ -196,7 +197,7 @@ private:
         const RawBuffer &second);
 
     void saveDKEKFile(
-        uid_t user,
+        const ClientID &clientID,
         const Password &password);
 
     int verifyBinaryData(
@@ -335,7 +336,7 @@ private:
         const PermissionMask permissionMask);
 
 
-    std::map<uid_t, UserData> m_userDataMap;
+    std::map<ClientID, UserData> m_userDataMap;
     AccessControl m_accessControl;
     //FileLock m_lock;
 };
diff --git a/src/manager/service/ckm-service.cpp b/src/manager/service/ckm-service.cpp
index 79c08d7..6c99c36 100644
--- a/src/manager/service/ckm-service.cpp
+++ b/src/manager/service/ckm-service.cpp
@@ -111,7 +111,7 @@ bool CKMService::processOne(
 
 RawBuffer CKMService::processControl(MessageBuffer &buffer) {
     int command = 0;
-    uid_t user = 0;
+    ClientID clientID;
     ControlCommand cc;
     Password newPass, oldPass;
     Label smackLabel;
@@ -124,25 +124,26 @@ RawBuffer CKMService::processControl(MessageBuffer &buffer) {
 
     switch(cc) {
     case ControlCommand::UNLOCK_USER_KEY:
-        buffer.Deserialize(user, newPass);
-        return m_logic->unlockUserKey(user, newPass);
+        buffer.Deserialize(clientID, newPass);
+        return m_logic->unlockUserKey(clientID, newPass);
     case ControlCommand::LOCK_USER_KEY:
-        buffer.Deserialize(user);
-        return m_logic->lockUserKey(user);
+        buffer.Deserialize(clientID);
+        return m_logic->lockUserKey(clientID);
     case ControlCommand::REMOVE_USER_DATA:
-        buffer.Deserialize(user);
-        return m_logic->removeUserData(user);
+        buffer.Deserialize(clientID);
+        return m_logic->removeUserData(clientID);
     case ControlCommand::CHANGE_USER_PASSWORD:
-        buffer.Deserialize(user, oldPass, newPass);
-        return m_logic->changeUserPassword(user, oldPass, newPass);
+        buffer.Deserialize(clientID, oldPass, newPass);
+        return m_logic->changeUserPassword(clientID, oldPass, newPass);
     case ControlCommand::RESET_USER_PASSWORD:
-        buffer.Deserialize(user, newPass);
-        return m_logic->resetUserPassword(user, newPass);
+        buffer.Deserialize(clientID, newPass);
+        return m_logic->resetUserPassword(clientID, newPass);
     case ControlCommand::REMOVE_APP_DATA:
-        buffer.Deserialize(smackLabel);
-        return m_logic->removeApplicationData(smackLabel);
-    case ControlCommand::UPDATE_CC_MODE:
-        return m_logic->updateCCMode();
+    {
+        std::string zone;
+        buffer.Deserialize(zone, smackLabel);
+        return m_logic->removeApplicationData(zone, smackLabel);
+    }
     case ControlCommand::SET_PERMISSION:
     {
         Name name;
@@ -150,8 +151,8 @@ RawBuffer CKMService::processControl(MessageBuffer &buffer) {
         Label accessorLabel;
         PermissionMask permissionMask = 0;
 
-        buffer.Deserialize(user, name, label, accessorLabel, permissionMask);
-        Credentials cred = { user, label };
+        buffer.Deserialize(clientID, name, label, accessorLabel, permissionMask);
+        Credentials cred = { clientID, label };
         return m_logic->setPermission(
             cred,
             command,
@@ -161,6 +162,8 @@ RawBuffer CKMService::processControl(MessageBuffer &buffer) {
             accessorLabel,
             permissionMask);
     }
+    case ControlCommand::UPDATE_CC_MODE:
+        return m_logic->updateCCMode();
     default:
         Throw(Exception::BrokenProtocol);
     }
@@ -173,7 +176,6 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer)
     int tmpDataType = 0;
     Name name;
     Label label, accessorLabel;
-    std::string user;
 
     buffer.Deserialize(command);
     buffer.Deserialize(msgID);
@@ -184,7 +186,7 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer)
     // So, to unlock user data when lock type is None, key-manager always try to unlock user data with null password.
     // Even if the result is fail, it will be ignored.
     Password nullPassword("");
-    m_logic->unlockUserKey(cred.uid, nullPassword, false);
+    m_logic->unlockUserKey(cred.clientID, nullPassword, false);
 
     LogDebug("Process storage. Command: " << command);
 
diff --git a/src/manager/service/crypto-logic.cpp b/src/manager/service/crypto-logic.cpp
index d6eb241..5f0e778 100644
--- a/src/manager/service/crypto-logic.cpp
+++ b/src/manager/service/crypto-logic.cpp
@@ -75,6 +75,11 @@ void CryptoLogic::pushKey(const Label &smackLabel,
     m_keyMap[smackLabel] = applicationKey;
 }
 
+void CryptoLogic::removeKey(const Label &smackLabel)
+{
+    m_keyMap.erase(smackLabel);
+}
+
 RawBuffer CryptoLogic::encryptDataAesCbc(
     const RawBuffer &data,
     const RawBuffer &key,
diff --git a/src/manager/service/crypto-logic.h b/src/manager/service/crypto-logic.h
index ceda146..43e4b9c 100644
--- a/src/manager/service/crypto-logic.h
+++ b/src/manager/service/crypto-logic.h
@@ -54,6 +54,7 @@ public:
     bool haveKey(const Label &smackLabel);
     void pushKey(const Label &smackLabel,
                  const RawBuffer &applicationKey);
+    void removeKey(const Label &smackLabel);
 
 private:
 	static const int ENCR_BASE64 =   1 << 0;
diff --git a/src/manager/service/db-crypto.cpp b/src/manager/service/db-crypto.cpp
index 04f4022..1fcf77a 100644
--- a/src/manager/service/db-crypto.cpp
+++ b/src/manager/service/db-crypto.cpp
@@ -63,7 +63,7 @@ namespace {
             "   VALUES(?101, ?103);";
 
     const char *DB_CMD_SCHEMA_GET =
-            "SELECT * FROM SCHEMA_INFO WHERE name=?101;";
+            "SELECT * FROM SCHEMA_INFO WHERE name IS ?101;";
 
     const char *DB_SCHEMA_VERSION_FIELD = "schema_version";
 
@@ -74,13 +74,13 @@ namespace {
             "   VALUES(?101, ?102);";
 
     const char *DB_CMD_NAME_COUNT_ROWS =
-            "SELECT COUNT(idx) FROM NAMES WHERE name=?101 AND label=?102;";
+            "SELECT COUNT(idx) FROM NAMES WHERE name IS ?101 AND label IS ?102;";
 
     const char *DB_CMD_NAME_DELETE =
-            "DELETE FROM NAMES WHERE name=?101 AND label=?102;";
+            "DELETE FROM NAMES WHERE name IS ?101 AND label IS ?102;";
 
     const char *DB_CMD_NAME_DELETE_BY_LABEL =
-            "DELETE FROM NAMES WHERE label=?102;";
+            "DELETE FROM NAMES WHERE label IS ?102;";
 
 
     const char *DB_CMD_OBJECT_INSERT =
@@ -90,35 +90,35 @@ namespace {
             "   iv, dataSize, data, tag, idx) "
             "   VALUES(?001, ?002, ?003, ?004, ?005, "
             "          ?006, ?007, ?008,"
-            "          (SELECT idx FROM NAMES WHERE name=?101 and label=?102)"
+            "          (SELECT idx FROM NAMES WHERE name IS ?101 and label IS ?102)"
             "         );";
 
     const char *DB_CMD_OBJECT_SELECT_BY_NAME_AND_LABEL =
             "SELECT * FROM [join_name_object_tables] "
             " WHERE (dataType BETWEEN ?001 AND ?002) "
-            " AND name=?101 and label=?102;";
+            " AND name IS ?101 and label IS ?102;";
 
 
     const char *DB_CMD_KEY_INSERT =
             "INSERT INTO KEYS(label, key) VALUES (?, ?);";
     const char *DB_CMD_KEY_SELECT =
-            "SELECT key FROM KEYS WHERE label=?;";
+            "SELECT key FROM KEYS WHERE label IS ?;";
     const char *DB_CMD_KEY_DELETE =
-            "DELETE FROM KEYS WHERE label=?";
+            "DELETE FROM KEYS WHERE label IS ?;";
 
 
     const char *DB_CMD_PERMISSION_SET = // SQLite does not support updating views
             "REPLACE INTO PERMISSIONS(permissionLabel, permissionMask, idx) "
-            " VALUES (?104, ?105, (SELECT idx FROM NAMES WHERE name=?101 and label=?102));";
+            " VALUES (?104, ?105, (SELECT idx FROM NAMES WHERE name IS ?101 and label IS ?102));";
 
     const char *DB_CMD_PERMISSION_SELECT =
             "SELECT permissionMask FROM [join_name_permission_tables] "
-            " WHERE permissionLabel=?104 "
-            " AND name=?101 and label=?102;";
+            " WHERE permissionLabel IS ?104 "
+            " AND name IS ?101 AND label IS ?102;";
 
     const char *DB_CMD_PERMISSION_DELETE = // SQLite does not support updating views
-            "DELETE FROM PERMISSIONS WHERE permissionLabel=?104 AND "
-            " idx=(SELECT idx FROM NAMES WHERE name=?101 and label=?102);";
+            "DELETE FROM PERMISSIONS WHERE permissionLabel IS ?104 AND "
+            " idx IS (SELECT idx FROM NAMES WHERE name IS ?101 AND label IS ?102);";
 
 
     /*
@@ -129,8 +129,8 @@ namespace {
      */
     const char *DB_CMD_NAME_SELECT_BY_TYPE_AND_PERMISSION =
             "SELECT label, name FROM [join_all_tables] "
-            " WHERE dataType>=?001 AND dataType<=?002 "
-            " AND permissionLabel=?104 AND permissionMask&?004!=0 GROUP BY idx;";
+            " WHERE (dataType BETWEEN ?001 AND ?002) "
+            " AND permissionLabel IS ?104 AND permissionMask&?004 IS NOT 0 GROUP BY idx;";
 }
 
 namespace CKM {
@@ -217,26 +217,37 @@ namespace DB {
     bool Crypto::getDBVersion(int & schemaVersion)
     {
         SchemaInfo SchemaInfo(this);
-        if(SchemaInfo.getVersionInfo(schemaVersion)) {
+
+        /*
+         *  SCHEMA_INFO (o)
+         *  SCHEMA_INFO exists from schema version 3
+         */
+        if (m_connection->CheckTableExist("SCHEMA_INFO")
+           && SchemaInfo.getVersionInfo(schemaVersion)) {
             LogDebug("Current DB version: " << schemaVersion);
             return true;
         }
-        else
-        {
-            LogDebug("No DB version known or DB not present");
 
-            // special case: old CKM_TABLE exists
-            if(m_connection->CheckTableExist("CKM_TABLE")) {
-                schemaVersion = DB_VERSION_1;
-                return true;
-            }
+        /*
+         *  SCHEMA_INFO (x) / CKM_TABLE (o)
+         *  CKM_TABLE exists only in schema version 1
+         *  -> schema version 1
+         */
+        if (m_connection->CheckTableExist("CKM_TABLE")) {
+            schemaVersion = DB_VERSION_1;
+            return true;
+        }
 
-            // special case: new scheme exists, but no SCHEMA_INFO table present
-            else if(m_connection->CheckTableExist("NAME_TABLE")) {
-                schemaVersion = DB_VERSION_2;
-                return true;
-            }
+        /*
+         *  SCHEMA_INFO (x) / CKM_TABLE (x) / NAME_TABLE (o)
+         *  NAME_TABLE exists only in schema version 2
+         *  -> schema version 2
+         */
+        if (m_connection->CheckTableExist("NAME_TABLE")) {
+            schemaVersion = DB_VERSION_2;
+            return true;
         }
+
         // not recognized - proceed with an empty DBs
         return false;
     }
diff --git a/src/manager/service/digest.cpp b/src/manager/service/digest.cpp
index 681c16b..0bec6fc 100644
--- a/src/manager/service/digest.cpp
+++ b/src/manager/service/digest.cpp
@@ -47,11 +47,8 @@ void Digest::reset()
 
     m_initialized = false;
     m_finalized = false;
-
     m_ctx = EVP_MD_CTX_create();
-    if (!m_ctx) {
-        ThrowMsg(Exception::InternalError,
-                 "Failed to memory allocation on EVP_MD_CTX");
+    if (m_ctx == nullptr) {
     }
 
     ret = EVP_DigestInit_ex(m_ctx, m_md, NULL);
diff --git a/src/manager/service/file-lock.cpp b/src/manager/service/file-lock.cpp
index 6c77098..445e239 100644
--- a/src/manager/service/file-lock.cpp
+++ b/src/manager/service/file-lock.cpp
@@ -21,6 +21,8 @@
 
 #include "file-lock.h"
 
+#include <dpl/errno_string.h>
+
 #include <fcntl.h>
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -48,30 +50,28 @@ std::runtime_error io_exception(const Args&... args)
 
 FileLock::FileLock(const char* const file)
 {
-    char errbuf[512] = {0, };
-
     // Open lock file
     m_lockFd = TEMP_FAILURE_RETRY(creat(file, 0644));
     if (m_lockFd == -1) {
-        throw io_exception("Cannot open lock file. Errno: ", strerror_r(errno, errbuf, sizeof(errbuf)));
+        throw io_exception("Cannot open lock file. Errno: ", GetErrnoString(errno));
     }
 
     if (-1 == lockf(m_lockFd, F_TLOCK, 0)) {
         if (errno == EACCES || errno == EAGAIN)
             throw io_exception("Can't acquire lock. Another instance must be running.");
         else
-            throw io_exception("Can't acquire lock. Errno: ", strerror_r(errno, errbuf, sizeof(errbuf)));
+            throw io_exception("Can't acquire lock. Errno: ", GetErrnoString(errno));
     }
 
     std::string pid = std::to_string(getpid());
 
     ssize_t written = TEMP_FAILURE_RETRY(write(m_lockFd, pid.c_str(), pid.size()));
     if (-1 == written || static_cast<ssize_t>(pid.size()) > written)
-        throw io_exception("Can't write file lock. Errno: ", strerror_r(errno, errbuf, sizeof(errbuf)));
+        throw io_exception("Can't write file lock. Errno: ", GetErrnoString(errno));
 
     int ret = fsync(m_lockFd);
     if (-1 == ret)
-        throw io_exception("Fsync failed. Errno: ", strerror_r(errno, errbuf, sizeof(errbuf)));
+        throw io_exception("Fsync failed. Errno: ", GetErrnoString(errno));
 }
 
 FileLock::~FileLock()
diff --git a/src/manager/service/file-system.cpp b/src/manager/service/file-system.cpp
index 7a02fe1..e2b953a 100644
--- a/src/manager/service/file-system.cpp
+++ b/src/manager/service/file-system.cpp
@@ -47,44 +47,44 @@ const std::string CKM_KEY_BACKUP_PREFIX = "key-backup-";
 const std::string CKM_DB_KEY_PREFIX = "db-key-";
 const std::string CKM_DB_PREFIX = "db-";
 const std::string CKM_REMOVED_APP_PREFIX = "removed-app-";
-const std::string CKM_LOCK_FILE = "/var/run/key-manager.pid";
+const std::string CKM_LOCK_FILE = "/run/key-manager.pid";
 
 } // namespace anonymous
 
 namespace CKM {
 
-FileSystem::FileSystem(uid_t uid)
-  : m_uid(uid)
+FileSystem::FileSystem(const ClientID &clientID)
+  : m_clientID(clientID)
 {}
 
 std::string FileSystem::getDBPath() const
 {
     std::stringstream ss;
-    ss << CKM_DATA_PATH << CKM_DB_PREFIX << m_uid;
+    ss << CKM_DATA_PATH << CKM_DB_PREFIX << m_clientID;
     return ss.str();
 }
 
 std::string FileSystem::getDKEKPath() const {
     std::stringstream ss;
-    ss << CKM_DATA_PATH << CKM_KEY_PREFIX << m_uid;
+    ss << CKM_DATA_PATH << CKM_KEY_PREFIX << m_clientID;
     return ss.str();
 }
 
 std::string FileSystem::getDKEKBackupPath() const {
     std::stringstream ss;
-    ss << CKM_DATA_PATH << CKM_KEY_BACKUP_PREFIX << m_uid;
+    ss << CKM_DATA_PATH << CKM_KEY_BACKUP_PREFIX << m_clientID;
     return ss.str();
 }
 
 std::string FileSystem::getDBDEKPath() const {
     std::stringstream ss;
-    ss << CKM_DATA_PATH << CKM_DB_KEY_PREFIX << m_uid;
+    ss << CKM_DATA_PATH << CKM_DB_KEY_PREFIX << m_clientID;
     return ss.str();
 }
 
 std::string FileSystem::getRemovedAppsPath() const {
     std::stringstream ss;
-    ss << CKM_DATA_PATH << CKM_REMOVED_APP_PREFIX << m_uid;
+    ss << CKM_DATA_PATH << CKM_REMOVED_APP_PREFIX << m_clientID;
     return ss.str();
 }
 
@@ -217,15 +217,15 @@ int FileSystem::init() {
     return 0;
 }
 
-UidVector FileSystem::getUIDsFromDBFile() {
-    UidVector uids;
+ClientIDVector FileSystem::getClientIDsFromDBFile(const std::string zone) {
+    ClientIDVector clientIDVec;
     std::unique_ptr<DIR, std::function<int(DIR*)>>
         dirp(::opendir(CKM_DATA_PATH.c_str()), ::closedir);
 
     if (!dirp.get()) {
         int err = errno;
         LogError("Error in opendir. Data directory could not be read. Error: " << GetErrnoString(err));
-        return UidVector();
+        return ClientIDVector();
     }
 
     size_t len = offsetof(struct dirent, d_name) + pathconf(CKM_DATA_PATH.c_str(), _PC_NAME_MAX) + 1;
@@ -234,20 +234,31 @@ UidVector FileSystem::getUIDsFromDBFile() {
 
     if (!pEntry.get()) {
         LogError("Memory allocation failed.");
-        return UidVector();
+        return ClientIDVector();
     }
 
     struct dirent* pDirEntry = NULL;
 
     while ( (!readdir_r(dirp.get(), pEntry.get(), &pDirEntry)) && pDirEntry ) {
-        // Ignore files with diffrent prefix
         if (strncmp(pDirEntry->d_name, CKM_KEY_PREFIX.c_str(), CKM_KEY_PREFIX.size())) {
+            LogDebug("Not DomainKEK file.");
             continue;
         }
-
-        // We find database. Let's extract user id.
+#ifdef DB_PER_ZONE_ENABLE
+        if (strlen(pDirEntry->d_name + CKM_KEY_PREFIX.size()) <= zone.size()) {
+            LogError("Should not happen. "
+                "Key file[" << pDirEntry->d_name << "] clientID(zone + uid) length should be longer than zone name size");
+            continue;
+        }
+        if (strncmp(pDirEntry->d_name + CKM_KEY_PREFIX.size(), zone.c_str(), zone.size())) {
+            LogDebug("Another zone's DomainKEK file.");
+            continue;
+        }
+#else
+        (void) zone;
+#endif
         try {
-            uids.push_back(static_cast<uid_t>(std::stoi((pDirEntry->d_name)+CKM_KEY_PREFIX.size())));
+            clientIDVec.push_back(pDirEntry->d_name + CKM_KEY_PREFIX.size());
         } catch (const std::invalid_argument) {
             LogError("Error in extracting uid from db file. Error=std::invalid_argument."
                 "This will be ignored.File=" << pDirEntry->d_name << "");
@@ -256,49 +267,38 @@ UidVector FileSystem::getUIDsFromDBFile() {
                 "This will be ignored. File="<< pDirEntry->d_name << "");
         }
     }
-
-    return uids;
+    return clientIDVec;
 }
 
 int FileSystem::removeUserData() const {
-    int err, retCode = 0;
 
-    if (unlink(getDBPath().c_str())) {
-        retCode = -1;
-        err = errno;
-        LogError("Error in unlink user database: " << getDBPath()
-            << "Errno: " << errno << " " << GetErrnoString(err));
-    }
+    if (removeFile(getDBPath())
+        || removeFile(getDKEKPath())
+        || removeFile(getDKEKBackupPath())
+        || removeFile(getDBDEKPath())
+        || removeFile(getRemovedAppsPath())) {
 
-    if (unlink(getDKEKPath().c_str())) {
-        retCode = -1;
-        err = errno;
-        LogError("Error in unlink user DKEK: " << getDKEKPath()
-            << "Errno: " << errno << " " << GetErrnoString(err));
+        return -1;
     }
 
-    if (unlink(getDKEKBackupPath().c_str())) {
-        retCode = -1;
-        err = errno;
-        LogDebug("Unlink user backup DKEK failed (file probably does not exists): " << getDKEKBackupPath()
-            << "Errno: " << errno << " " << GetErrnoString(err));
-    }
+    return 0;
+}
 
-    if (unlink(getDBDEKPath().c_str())) {
-        retCode = -1;
-        err = errno;
-        LogError("Error in unlink user DBDEK: " << getDBDEKPath()
-            << "Errno: " << errno << " " << GetErrnoString(err));
-    }
+int FileSystem::removeFile(const std::string &path) const
+{
+    if (access(path.c_str(), F_OK) == 0
+        && unlink(path.c_str()) != 0) {
 
-    if (unlink(getRemovedAppsPath().c_str())) {
-        retCode = -1;
-        err = errno;
-        LogError("Error in unlink user's Removed Apps File: " << getRemovedAppsPath()
-            << "Errno: " << errno << " " << GetErrnoString(err));
+        int err = errno;
+
+        LogError("Unlink Path[" << path
+            << "] Errno[" << errno
+            << "] ErrnoString[" << GetErrnoString(err) << "]");
+
+       return -1;
     }
 
-    return retCode;
+    return 0;
 }
 
 FileLock FileSystem::lock()
diff --git a/src/manager/service/file-system.h b/src/manager/service/file-system.h
index 9058c42..2e7767f 100644
--- a/src/manager/service/file-system.h
+++ b/src/manager/service/file-system.h
@@ -21,14 +21,14 @@
  */
 #pragma once
 
-#include <ckm/ckm-type.h>
 #include <string>
+#include <ckm/ckm-type.h>
 #include <file-lock.h>
 
 namespace CKM {
 
 typedef std::vector<std::string> AppLabelVector;
-typedef std::vector<uid_t> UidVector;
+typedef std::vector<ClientID> ClientIDVector;
 
 class FileSystem {
 public:
@@ -40,7 +40,7 @@ public:
         DECLARE_EXCEPTION_TYPE(Base, RenameFailed)
     };
 
-    FileSystem(uid_t uid);
+    FileSystem(const ClientID &clientID);
 
     std::string getDBPath() const;
 
@@ -65,7 +65,7 @@ public:
     AppLabelVector clearRemovedsApps() const;
 
     static int init();
-    static UidVector getUIDsFromDBFile();
+    static ClientIDVector getClientIDsFromDBFile(std::string zone);
     static FileLock lock();
 
     virtual ~FileSystem(){}
@@ -77,8 +77,9 @@ protected:
     void saveFile(const std::string &path, const RawBuffer &buffer) const;
     std::string getRemovedAppsPath() const;
     void moveFile(const std::string &from, const std::string &to) const;
+    int removeFile(const std::string &path) const;
 
-    uid_t m_uid;
+    ClientID m_clientID;
 };
 
 } // namespace CKM
diff --git a/src/manager/service/key-provider.cpp b/src/manager/service/key-provider.cpp
index a50e5b2..6da61dd 100644
--- a/src/manager/service/key-provider.cpp
+++ b/src/manager/service/key-provider.cpp
@@ -49,6 +49,23 @@ CKM::RawBuffer toRawBuffer(T *)
     return CKM::RawBuffer();
 }
 
+int cleanMemory(void *targetPtr, size_t targetSize)
+{
+    char *ptr = reinterpret_cast<char *>(targetPtr);
+
+    // overwrite ptr
+    for (size_t size = 0; size < targetSize; ++size)
+        ptr[size] = 0;
+
+    // verification
+    for (size_t size = 0; size < targetSize; ++size) {
+        if (0 != ptr[size]) {
+            return -1; // fail
+        }
+    }
+    return 0; // success
+}
+
 } // anonymous namespace
 
 using namespace CKM;
@@ -59,6 +76,25 @@ WrappedKeyAndInfoContainer::WrappedKeyAndInfoContainer()
     memset(wrappedKeyAndInfo, 0, sizeof(WrappedKeyAndInfo));
 }
 
+WrappedKeyAndInfoContainer::WrappedKeyAndInfoContainer(const WrappedKeyAndInfoContainer &second)
+{
+    wrappedKeyAndInfo = new WrappedKeyAndInfo;
+    memcpy(wrappedKeyAndInfo, second.wrappedKeyAndInfo, sizeof(WrappedKeyAndInfo));
+}
+
+WrappedKeyAndInfoContainer &WrappedKeyAndInfoContainer::operator=(const WrappedKeyAndInfoContainer &second)
+{
+    if (this == &second)
+        return *this;
+
+    if (wrappedKeyAndInfo)
+        delete wrappedKeyAndInfo;
+
+    wrappedKeyAndInfo = new WrappedKeyAndInfo;
+    memcpy(wrappedKeyAndInfo, second.wrappedKeyAndInfo, sizeof(WrappedKeyAndInfo));
+    return *this;
+}
+
 WrappedKeyAndInfoContainer::WrappedKeyAndInfoContainer(const unsigned char *data)
 {
     wrappedKeyAndInfo = new WrappedKeyAndInfo;
@@ -113,6 +149,31 @@ KeyAndInfoContainer::KeyAndInfoContainer()
     memset(keyAndInfo, 0, sizeof(KeyAndInfo));
 }
 
+KeyAndInfoContainer::KeyAndInfoContainer(const KeyAndInfoContainer &second)
+{
+    keyAndInfo = new KeyAndInfo;
+    memcpy(keyAndInfo, second.keyAndInfo, sizeof(KeyAndInfo));
+}
+
+KeyAndInfoContainer &KeyAndInfoContainer::operator=(const KeyAndInfoContainer &second)
+{
+    if (this == &second)
+        return *this;
+
+    if (keyAndInfo) {
+        if (cleanMemory(keyAndInfo, sizeof(KeyAndInfo))) {
+            delete keyAndInfo;
+            ThrowMsg(Exception::Base,
+                     "KeyAndInfo in KeyAndInfoContainer was not destroyed!");
+        }
+        delete keyAndInfo;
+    }
+
+    keyAndInfo = new KeyAndInfo;
+    memcpy(keyAndInfo, second.keyAndInfo, sizeof(KeyAndInfo));
+    return *this;
+}
+
 KeyAndInfoContainer::KeyAndInfoContainer(const unsigned char *data)
 {
     keyAndInfo = new KeyAndInfo;
@@ -136,18 +197,13 @@ void KeyAndInfoContainer::setKeyInfo(const KeyComponentsInfo *keyComponentsInfo)
 
 KeyAndInfoContainer::~KeyAndInfoContainer()
 {
-    // overwrite key
-    char *ptr = reinterpret_cast<char*>(keyAndInfo);
-    for (size_t size = 0; size < sizeof(KeyAndInfo); ++size)
-        ptr[size] = 0;
-    // verification
-    for (size_t size = 0; size < sizeof(KeyAndInfo); ++size) {
-        if (0 != ptr[size]) {
-            delete keyAndInfo;
-            ThrowMsg(Exception::Base, "KeyAndInfo in KeyAndInfoContainer "
-                "was not destroyed!");
-        }
+    if (cleanMemory(keyAndInfo, sizeof(KeyAndInfo))) {
+        // destroy verification failed.
+        delete keyAndInfo;
+        ThrowMsg(Exception::Base,
+                 "KeyAndInfo in KeyAndInfoContainer was not destroyed!");
     }
+
     delete keyAndInfo;
 }
 
@@ -165,19 +221,20 @@ KeyProvider::KeyProvider(
     , m_isInitialized(true)
 {
     if (domainKEKInWrapForm.size() != sizeof(WrappedKeyAndInfo)) {
-        LogError("input size:" << domainKEKInWrapForm.size()
-            << " Expected: " << sizeof(WrappedKeyAndInfo));
-        ThrowMsg(Exception::InputParamError, "buffer doesn't have proper size to store WrappedKeyAndInfo in KeyProvider Constructor");
+        ThrowMsg(Exception::InputParamError,
+            "domainKEKInWrapForm "
+            "input size:" << domainKEKInWrapForm.size() <<
+            " Expected:" << sizeof(WrappedKeyAndInfo));
     }
 
-    WrappedKeyAndInfoContainer wkmcDKEK = WrappedKeyAndInfoContainer(domainKEKInWrapForm.data());
+    WrappedKeyAndInfoContainer wkmcDKEK(domainKEKInWrapForm.data());
 
     char *concat_user_pass = NULL;
     uint8_t PKEK1[MAX_KEY_SIZE];
 
     concat_user_pass = concat_password_user(
         wkmcDKEK.getWrappedKeyAndInfo().keyInfo.label,
-        password.c_str());
+        getConvertedStr(password));
 
     if (!PKCS5_PBKDF2_HMAC_SHA1(
         concat_user_pass,
@@ -204,7 +261,8 @@ KeyProvider::KeyProvider(
         wkmcDKEK.getWrappedKeyAndInfo().keyInfo.iv,
         m_kmcDKEK->getKeyAndInfo().key))) {
 
-        ThrowMsg(Exception::PassWordError, "VerifyDomainKEK failed in KeyProvider Constructor");
+        ThrowMsg(Exception::PassWordError,
+            "VerifyDomainKEK failed in KeyProvider Constructor");
     }
 
     m_kmcDKEK->setKeyInfo(&(wkmcDKEK.getWrappedKeyAndInfo().keyInfo));
@@ -243,7 +301,9 @@ RawBuffer KeyProvider::getPureDomainKEK()
         ThrowMsg(Exception::InitFailed, "Object not initialized!");
     }
 
-    return RawBuffer(m_kmcDKEK->getKeyAndInfo().key, (m_kmcDKEK->getKeyAndInfo().key) + m_kmcDKEK->getKeyAndInfo().keyInfo.keyLength);
+    return RawBuffer(m_kmcDKEK->getKeyAndInfo().key,
+            (m_kmcDKEK->getKeyAndInfo().key)
+                + m_kmcDKEK->getKeyAndInfo().keyInfo.keyLength);
 }
 
 RawBuffer KeyProvider::getWrappedDomainKEK(const Password &password)
@@ -252,14 +312,14 @@ RawBuffer KeyProvider::getWrappedDomainKEK(const Password &password)
         ThrowMsg(Exception::InitFailed, "Object not initialized!");
     }
 
-    WrappedKeyAndInfoContainer wkmcDKEK = WrappedKeyAndInfoContainer();
+    WrappedKeyAndInfoContainer wkmcDKEK;
 
     char *concat_user_pass = NULL;
     uint8_t PKEK1[MAX_KEY_SIZE];
 
     concat_user_pass = concat_password_user(
         m_kmcDKEK->getKeyAndInfo().keyInfo.label,
-        password.c_str());
+        getConvertedStr(password));
 
     if (!PKCS5_PBKDF2_HMAC_SHA1(
         concat_user_pass,
@@ -305,15 +365,14 @@ RawBuffer KeyProvider::getPureDEK(const RawBuffer &DEKInWrapForm)
     }
 
     if (DEKInWrapForm.size() != sizeof(WrappedKeyAndInfo)){
-        LogError("input size:" << DEKInWrapForm.size()
-                  << " Expected: " << sizeof(WrappedKeyAndInfo));
         ThrowMsg(Exception::InputParamError,
-                "buffer doesn't have proper size to store "
-                "WrappedKeyAndInfo in KeyProvider::getPureDEK");
+            "DEKInWrapForm "
+            "input size:" << DEKInWrapForm.size() <<
+            " Expected:" << sizeof(WrappedKeyAndInfo));
     }
 
-    KeyAndInfoContainer kmcDEK = KeyAndInfoContainer();
-    WrappedKeyAndInfoContainer wkmcDEK = WrappedKeyAndInfoContainer(DEKInWrapForm.data());
+    KeyAndInfoContainer kmcDEK;
+    WrappedKeyAndInfoContainer wkmcDEK(DEKInWrapForm.data());
 
     uint8_t PKEK2[MAX_KEY_SIZE];
     int keyLength;
@@ -347,7 +406,8 @@ RawBuffer KeyProvider::getPureDEK(const RawBuffer &DEKInWrapForm)
     LogDebug("getPureDEK SUCCESS");
     return RawBuffer(
         kmcDEK.getKeyAndInfo().key,
-        (kmcDEK.getKeyAndInfo().key) + kmcDEK.getKeyAndInfo().keyInfo.keyLength);
+        (kmcDEK.getKeyAndInfo().key)
+            + kmcDEK.getKeyAndInfo().keyInfo.keyLength);
 }
 
 RawBuffer KeyProvider::generateDEK(const std::string &smackLabel)
@@ -357,7 +417,7 @@ RawBuffer KeyProvider::generateDEK(const std::string &smackLabel)
                 "Object not initialized!");
     }
 
-    WrappedKeyAndInfoContainer wkmcDEK = WrappedKeyAndInfoContainer();
+    WrappedKeyAndInfoContainer wkmcDEK;
     std::string resized_smackLabel;
 
     if (smackLabel.length() < APP_LABEL_SIZE)
@@ -413,16 +473,15 @@ RawBuffer KeyProvider::reencrypt(
     const Password &newPass)
 {
     if (domainKEKInWrapForm.size() != sizeof(WrappedKeyAndInfo)) {
-        LogError("input size:" << domainKEKInWrapForm.size()
-                  << " Expected: " << sizeof(WrappedKeyAndInfo));
         ThrowMsg(Exception::InputParamError,
-                "buffer doesn't have proper size to store "
-                "WrappedKeyAndInfo in KeyProvider::reencrypt");
+            "domainKEKInWrapForm "
+            "input size:" << domainKEKInWrapForm.size() <<
+            " Expected:" << sizeof(WrappedKeyAndInfo));
     }
 
-    WrappedKeyAndInfoContainer wkmcOldDKEK = WrappedKeyAndInfoContainer(domainKEKInWrapForm.data());
-    WrappedKeyAndInfoContainer wkmcNewDKEK = WrappedKeyAndInfoContainer();
-    KeyAndInfoContainer kmcDKEK = KeyAndInfoContainer();
+    WrappedKeyAndInfoContainer wkmcOldDKEK(domainKEKInWrapForm.data());
+    WrappedKeyAndInfoContainer wkmcNewDKEK;
+    KeyAndInfoContainer kmcDKEK;
 
     char *concat_user_pass = NULL;
     uint8_t PKEK1[MAX_KEY_SIZE];
@@ -431,7 +490,7 @@ RawBuffer KeyProvider::reencrypt(
 
     concat_user_pass = concat_password_user(
         wkmcOldDKEK.getWrappedKeyAndInfo().keyInfo.label,
-        oldPass.c_str());
+        getConvertedStr(oldPass));
 
     if (!PKCS5_PBKDF2_HMAC_SHA1(
         concat_user_pass,
@@ -464,7 +523,7 @@ RawBuffer KeyProvider::reencrypt(
 
     concat_user_pass = concat_password_user(
         kmcDKEK.getKeyAndInfo().keyInfo.label,
-        newPass.c_str());
+        getConvertedStr(newPass));
 
     if (!PKCS5_PBKDF2_HMAC_SHA1(
         concat_user_pass,
@@ -507,7 +566,7 @@ RawBuffer KeyProvider::generateDomainKEK(
     const std::string &user,
     const Password &userPassword)
 {
-    WrappedKeyAndInfoContainer wkmcDKEK = WrappedKeyAndInfoContainer();
+    WrappedKeyAndInfoContainer wkmcDKEK;
     uint8_t key[MAX_KEY_SIZE], PKEK1[MAX_KEY_SIZE];
 
     if (!RAND_bytes(wkmcDKEK.getWrappedKeyAndInfo().keyInfo.salt, MAX_SALT_SIZE) ||
@@ -517,7 +576,7 @@ RawBuffer KeyProvider::generateDomainKEK(
 
     int wrappedKeyLength;
     char *concat_user_pass = NULL;
-    concat_user_pass = concat_password_user(user.c_str(), userPassword.c_str());
+    concat_user_pass = concat_password_user(user.c_str(), getConvertedStr(userPassword));
     if (!PKCS5_PBKDF2_HMAC_SHA1(
         concat_user_pass,
         strlen(concat_user_pass),
@@ -569,7 +628,12 @@ KeyProvider::~KeyProvider()
     LogDebug("KeyProvider Destructor");
 }
 
-int KeyProvider::encryptAes256Gcm(const unsigned char *plaintext, int plaintext_len, const unsigned char *key, const unsigned char *iv, unsigned char *ciphertext, unsigned char *tag)
+int KeyProvider::encryptAes256Gcm(const unsigned char *plaintext,
+                                  int plaintext_len,
+                                  const unsigned char *key,
+                                  const unsigned char *iv,
+                                  unsigned char *ciphertext,
+                                  unsigned char *tag)
 {
 
     EVP_CIPHER_CTX *ctx;
@@ -611,7 +675,12 @@ int KeyProvider::encryptAes256Gcm(const unsigned char *plaintext, int plaintext_
     return ciphertext_len;
 }
 
-int KeyProvider::decryptAes256Gcm(const unsigned char *ciphertext, int ciphertext_len, unsigned char *tag, const unsigned char *key, const unsigned char *iv, unsigned char *plaintext)
+int KeyProvider::decryptAes256Gcm(const unsigned char *ciphertext,
+                                  int ciphertext_len,
+                                  unsigned char *tag,
+                                  const unsigned char *key,
+                                  const unsigned char *iv,
+                                  unsigned char *plaintext)
 {
 
     EVP_CIPHER_CTX *ctx;
@@ -679,9 +748,14 @@ char * KeyProvider::concat_password_user(const char *user, const char *password)
 
     memset(concat_user_pass, '\0', concat_user_pass_len);
     memcpy(concat_user_pass, password, strlen(password));
-    memcpy(&(concat_user_pass[strlen(password)]), user, strlen(user));
+    memcpy(&(concat_user_pass[strlen(password)]), resized_user, strlen(resized_user));
     concat_user_pass[strlen(resized_user) + strlen(password)] = '\0';
 
     delete[] resized_user;
     return concat_user_pass;
 }
+
+const char* KeyProvider::getConvertedStr(const Password &password)
+{
+    return password.c_str();
+}
diff --git a/src/manager/service/key-provider.h b/src/manager/service/key-provider.h
index 612dcd3..8e08c8a 100644
--- a/src/manager/service/key-provider.h
+++ b/src/manager/service/key-provider.h
@@ -85,6 +85,10 @@ typedef struct WrappedKeyAndInfo_ {
 class WrappedKeyAndInfoContainer{
 public:
     WrappedKeyAndInfoContainer();
+
+    WrappedKeyAndInfoContainer(const WrappedKeyAndInfoContainer &);
+    WrappedKeyAndInfoContainer &operator=(const WrappedKeyAndInfoContainer &);
+
     WrappedKeyAndInfoContainer(const unsigned char*);
     WrappedKeyAndInfo& getWrappedKeyAndInfo();
     void setKeyInfoKeyLength(const unsigned int);
@@ -103,6 +107,10 @@ public:
         DECLARE_EXCEPTION_TYPE(CKM::Exception, Base)
     };
     KeyAndInfoContainer();
+
+    KeyAndInfoContainer(const KeyAndInfoContainer &);
+    KeyAndInfoContainer &operator=(const KeyAndInfoContainer &);
+
     KeyAndInfoContainer(const unsigned char*);
     KeyAndInfo& getKeyAndInfo();
     void setKeyInfoKeyLength(const unsigned int);
@@ -172,6 +180,7 @@ public:
     static int closeLibrary();
 
     virtual ~KeyProvider();
+
 private:
     // KeyAndInfoContainer class
     std::shared_ptr<KeyAndInfoContainer> m_kmcDKEK;
@@ -197,6 +206,7 @@ private:
         const char *user,
         const char *password);
 
+    static const char* getConvertedStr(const Password &password);
 };
 
 } // namespace CKM
diff --git a/src/manager/service/ocsp-logic.cpp b/src/manager/service/ocsp-logic.cpp
index bd62d2c..61433fd 100644
--- a/src/manager/service/ocsp-logic.cpp
+++ b/src/manager/service/ocsp-logic.cpp
@@ -29,25 +29,81 @@
 #include <ocsp-logic.h>
 #include <ocsp.h>
 
+#include <system_info.h>
+
+#define FEATURE_WIFI         "tizen.org/feature/network.internet"
+#define FEATURE_TELEPHONY    "tizen.org/feature/network.telephony"
+#define FEATURE_TETHERING_BT "tizen.org/feature/network.tethering.bluetooth"
+#define FEATURE_ETHERNET     "tizen.org/feature/network.ethernet"
+
 namespace CKM {
 
+namespace {
+
+bool isFeatureOn(const char *feature)
+{
+    bool value = false;
+
+    if (SYSTEM_INFO_ERROR_NONE != system_info_get_platform_bool(feature, &value)) {
+        // system info capi error.
+        return false;
+    }
+
+    return value;
+}
+
+} // namespace anonymous
+
+
+OCSPLogic::OCSPLogic()
+  : m_isNetAvailable(false)
+{
+    setNetAvailable();
+}
+
+void OCSPLogic::setNetAvailable()
+{
+    if (isFeatureOn(FEATURE_WIFI)
+        || isFeatureOn(FEATURE_TELEPHONY)
+        || isFeatureOn(FEATURE_TETHERING_BT)
+        || isFeatureOn(FEATURE_ETHERNET)) {
+        m_isNetAvailable = true;
+    }
+    else {
+        m_isNetAvailable = false;
+    }
+}
+
 RawBuffer OCSPLogic::ocspCheck(int commandId, const RawBufferVector &rawChain) {
     CertificateImplVector certChain;
     OCSPModule ocsp;
     int retCode = CKM_API_SUCCESS;
     int ocspStatus = CKM_API_OCSP_STATUS_INTERNAL_ERROR;
 
-    for (auto &e: rawChain) {
-        certChain.push_back(CertificateImpl(e, DataFormat::FORM_DER));
-        if (certChain.rbegin()->empty()) {
-            LogDebug("Error in parsing certificates!");
-            retCode = CKM_API_ERROR_INPUT_PARAM;
-            break;
-        }
+
+    if (!m_isNetAvailable) {
+        // try again for in case of system-info error
+        setNetAvailable();
+    }
+
+    if (!m_isNetAvailable) {
+        retCode = CKM_API_ERROR_NOT_SUPPORTED;
     }
+    else {
+       for (auto &e: rawChain) {
+           certChain.push_back(CertificateImpl(e, DataFormat::FORM_DER));
+           if (certChain.rbegin()->empty()) {
+               LogDebug("Error in parsing certificates!");
+               retCode = CKM_API_ERROR_INPUT_PARAM;
+               break;
+           }
+        }
 
-    if (retCode == CKM_API_SUCCESS)
-        ocspStatus = ocsp.verify(certChain);
+        if (certChain.size() < 2)
+            retCode = CKM_API_ERROR_INPUT_PARAM;
+        else if (retCode == CKM_API_SUCCESS)
+            ocspStatus = ocsp.verify(certChain);
+    }
 
     return MessageBuffer::Serialize(commandId, retCode, ocspStatus).Pop();
 }
diff --git a/src/manager/service/ocsp-logic.h b/src/manager/service/ocsp-logic.h
index f0dcab4..725e757 100644
--- a/src/manager/service/ocsp-logic.h
+++ b/src/manager/service/ocsp-logic.h
@@ -27,7 +27,7 @@ namespace CKM {
 
 class OCSPLogic {
 public:
-    OCSPLogic(){}
+    OCSPLogic();
     OCSPLogic(const OCSPLogic &) = delete;
     OCSPLogic(OCSPLogic &&) = delete;
     OCSPLogic& operator=(const OCSPLogic &) = delete;
@@ -35,6 +35,10 @@ public:
 
     RawBuffer ocspCheck(int commandId, const RawBufferVector &rawChain);
     virtual ~OCSPLogic(){}
+private:
+    void setNetAvailable();
+
+    bool m_isNetAvailable;
 };
 
 
diff --git a/src/manager/service/ocsp.cpp b/src/manager/service/ocsp.cpp
index 4f4477e..22b8b25 100644
--- a/src/manager/service/ocsp.cpp
+++ b/src/manager/service/ocsp.cpp
@@ -71,14 +71,13 @@ int OCSPModule::verify(const CertificateImplVector &certificateChain) {
     // create trusted store
     X509_STACK_PTR trustedCerts = create_x509_stack();
 
-    // skip first 2 certificates
-    for (auto it=certificateChain.cbegin()+2; it != certificateChain.cend(); it++)
-    {
-        if (it->empty()) {
+    for (unsigned int i=1; i < certificateChain.size(); i++) { // except leaf certificate
+        if (certificateChain[i].empty()) {
             LogError("Error. Broken certificate chain.");
             return CKM_API_OCSP_STATUS_INTERNAL_ERROR;
         }
-        sk_X509_push(trustedCerts.get(), it->getX509());
+        sk_X509_push(trustedCerts.get(), certificateChain[i].getX509());
+        // these trusted certs will be changed while verifying ocsp status.
     }
 
     for (unsigned int i=0; i < certificateChain.size() -1; i++) {// except root certificate
@@ -183,7 +182,7 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, STACK_OF(X509) *trustedCer
     }
 
     if (BIO_do_connect(cbio) <= 0) {
-        LogDebug("Error in BIO_do_connect.");
+        LogError("Error in BIO_do_connect.");
         ERR_print_errors(bioLogger.get());
         /* report error */
 
@@ -217,17 +216,17 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, STACK_OF(X509) *trustedCer
     req = OCSP_REQUEST_new();
 
     if(req == NULL) {
-        LogDebug("Error in OCPS_REQUEST_new");
+        LogError("Error in OCPS_REQUEST_new");
         return CKM_API_OCSP_STATUS_INTERNAL_ERROR;
     }
     certid = OCSP_cert_to_id(NULL, cert, issuer);
     if(certid == NULL)  {
-        LogDebug("Error in OCSP_cert_to_id");
+        LogError("Error in OCSP_cert_to_id");
         return CKM_API_OCSP_STATUS_INTERNAL_ERROR;
     }
 
     if(OCSP_request_add0_id(req, certid) == NULL) {
-        LogDebug("Error in OCSP_request_add0_id");
+        LogError("Error in OCSP_request_add0_id");
         return CKM_API_OCSP_STATUS_INTERNAL_ERROR;
     }
 
@@ -284,7 +283,7 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, STACK_OF(X509) *trustedCer
         OCSP_REQUEST_free(req);
         OCSP_RESPONSE_free(resp);
 
-        LogDebug("Error in OCSP_response_get1_basic");
+        LogError("Error in OCSP_response_get1_basic");
         return CKM_API_OCSP_STATUS_INVALID_RESPONSE;
     }
 
@@ -317,7 +316,7 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, STACK_OF(X509) *trustedCer
             OCSP_RESPONSE_free(resp);
             OCSP_BASICRESP_free(bs);
             X509_STORE_free(trustedStore);
-            LogDebug("Error in OCSP_check_nonce");
+            LogError("Error in OCSP_check_nonce");
             return CKM_API_OCSP_STATUS_INVALID_RESPONSE;
         }
     }
@@ -333,7 +332,7 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, STACK_OF(X509) *trustedCer
         OCSP_BASICRESP_free(bs);
         X509_STORE_free(trustedStore);
 
-        LogDebug("Error in OCSP_resp_find_status");
+        LogError("Error in OCSP_resp_find_status");
         return CKM_API_OCSP_STATUS_INVALID_RESPONSE;
     }
 
@@ -350,7 +349,7 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, STACK_OF(X509) *trustedCer
         OCSP_BASICRESP_free(bs);
         X509_STORE_free(trustedStore);
 
-        LogDebug("Error in OCSP_check_validity");
+        LogError("Error in OCSP_check_validity");
         return CKM_API_OCSP_STATUS_INVALID_RESPONSE;
     }
 
diff --git a/src/manager/sqlcipher/sqlcipher.c b/src/manager/sqlcipher/sqlcipher.c
index f40a67e..92e26bc 100644
--- a/src/manager/sqlcipher/sqlcipher.c
+++ b/src/manager/sqlcipher/sqlcipher.c
@@ -13384,7 +13384,7 @@ int sqlcipher_codec_ctx_set_pass(codec_ctx *ctx, const void *zKey, int nKey, int
   c_ctx->derive_key = 1;
 
   if(for_ctx == 2)
-    if((rc = sqlcipher_cipher_ctx_copy(ctx->read_ctx, c_ctx)) != SQLCIPHER_OK) 
+    if((rc = sqlcipher_cipher_ctx_copy(ctx->read_ctx, c_ctx)) != SQLCIPHER_OK)
       return rc; 
 
   return SQLCIPHER_OK;
@@ -13595,7 +13595,7 @@ int sqlcipher_page_hmac(cipher_ctx *ctx, Pgno pgno, unsigned char *in, int in_sz
 int sqlcipher_page_cipher(codec_ctx *ctx, int for_ctx, Pgno pgno, int mode, int page_sz, unsigned char *in, unsigned char *out) {
   cipher_ctx *c_ctx = for_ctx ? ctx->write_ctx : ctx->read_ctx;
   unsigned char *iv_in, *iv_out, *hmac_in, *hmac_out, *out_start;
-  int tmp_csz, csz, size;
+  int tmp_csz, csz, size, rc;
 
   /* calculate some required positions into various buffers */
   size = page_sz - c_ctx->reserve_sz; /* adjust size to useable size and memset reserve at end of page */
@@ -13642,13 +13642,15 @@ int sqlcipher_page_cipher(codec_ctx *ctx, int for_ctx, Pgno pgno, int mode, int
     }
   } 
 
-  EVP_CipherInit(&c_ctx->ectx, c_ctx->evp_cipher, NULL, NULL, mode);
+  rc = EVP_CipherInit(&c_ctx->ectx, c_ctx->evp_cipher, NULL, NULL, mode);
   EVP_CIPHER_CTX_set_padding(&c_ctx->ectx, 0);
-  EVP_CipherInit(&c_ctx->ectx, NULL, c_ctx->key, iv_out, mode);
-  EVP_CipherUpdate(&c_ctx->ectx, out, &tmp_csz, in, size);
+  rc = EVP_CipherInit(&c_ctx->ectx, NULL, c_ctx->key, iv_out, mode);
+  rc = EVP_CipherUpdate(&c_ctx->ectx, out, &tmp_csz, in, size);
   csz = tmp_csz;  
   out += tmp_csz;
-  EVP_CipherFinal(&c_ctx->ectx, out, &tmp_csz);
+  rc = EVP_CipherFinal(&c_ctx->ectx, out, &tmp_csz);
+  // patch to fix unchecked return value warning from prevent
+  (void) rc;
   csz += tmp_csz;
   EVP_CIPHER_CTX_cleanup(&c_ctx->ectx);
   assert(size == csz);
@@ -20302,7 +20304,10 @@ SQLCIPHER_API sqlcipher3_int64 sqlcipher3_soft_heap_limit64(sqlcipher3_int64 n){
   sqlcipher3_int64 priorLimit;
   sqlcipher3_int64 excess;
 #ifndef SQLCIPHER_OMIT_AUTOINIT
-  sqlcipher3_initialize();
+  // patch to fix unchecked return value warning from prevent
+  // sqlcipher3_initialize();
+  int rc = sqlcipher3_initialize();
+  (void) rc;
 #endif
   sqlcipher3_mutex_enter(mem0.mutex);
   priorLimit = mem0.alarmThreshold;
@@ -28548,7 +28553,10 @@ static int dotlockLock(sqlcipher3_file *id, int eFileLock) {
 #ifdef HAVE_UTIME
     utime(zLockFile, NULL);
 #else
-    utimes(zLockFile, NULL);
+    // patch to fix unchecked return value warning from prevent
+    // 0 on success, -1 on error. But it doesn't affect on any feature on program.
+    int rcTimeUpdate = utimes(zLockFile, NULL);
+    (void) rcTimeUpdate;
 #endif
     return SQLCIPHER_OK;
   }
@@ -28627,13 +28635,16 @@ static int dotlockUnlock(sqlcipher3_file *id, int eFileLock) {
 ** Close a file.  Make sure the lock has been released before closing.
 */
 static int dotlockClose(sqlcipher3_file *id) {
-  int rc;
+  int rc = SQLCIPHER_INTERNAL;
   if( id ){
     unixFile *pFile = (unixFile*)id;
     dotlockUnlock(id, NO_LOCK);
     sqlcipher3_free(pFile->lockingContext);
+
+    // patch to fix dereference pointer without null checking
+    rc = closeUnixFile(id);
   }
-  rc = closeUnixFile(id);
+  // rc = closeUnixFile(id);
   return rc;
 }
 /****************** End of the dot-file lock implementation *******************
@@ -30595,9 +30606,8 @@ static int unixShmMap(
       void *pMem;
       if( pShmNode->h>=0 ){
         pMem = mmap(0, szRegion,
-            pShmNode->isReadonly ? PROT_READ : PROT_READ|PROT_WRITE, 
-            MAP_SHARED, pShmNode->h, ((off_t)(pShmNode->nRegion))*szRegion
-        );
+            pShmNode->isReadonly ? PROT_READ : PROT_READ|PROT_WRITE,
+            MAP_SHARED, pShmNode->h, ((off_t)(pShmNode->nRegion))*szRegion);
         if( pMem==MAP_FAILED ){
           rc = unixLogError(SQLCIPHER_IOERR_SHMMAP, "mmap", pShmNode->zFilename);
           goto shmpage_out;
@@ -31894,7 +31904,12 @@ static void unixDlError(sqlcipher3_vfs *NotUsed, int nBuf, char *zBufOut){
   const char *zErr;
   UNUSED_PARAMETER(NotUsed);
   unixEnterMutex();
-  zErr = dlerror();
+  /*
+   * Tizen patch. disable dlerror because of prevent defect.
+   * zErr = dlerror();
+   * fix error code for dlerror case.
+   */
+  zErr = "[Tizen] dlfcn function error occured";
   if( zErr ){
     sqlcipher3_snprintf(nBuf, zBufOut, "%s", zErr);
   }
@@ -42588,7 +42603,7 @@ static int pagerPlaybackSavepoint(Pager *pPager, PagerSavepoint *pSavepoint){
   */
   if( pSavepoint ){
     u32 ii;            /* Loop counter */
-    i64 offset = ((i64)(pSavepoint->iSubRec))*(4+pPager->pageSize);
+    i64 offset = pSavepoint->iSubRec*((i64)(4+pPager->pageSize));
 
     if( pagerUseWal(pPager) ){
       rc = sqlcipher3WalSavepointUndo(pPager->pWal, pSavepoint->aWalData);
@@ -43435,7 +43450,7 @@ static int subjournalPage(PgHdr *pPg){
     ** write the journal record into the file.  */
     if( rc==SQLCIPHER_OK ){
       void *pData = pPg->pData;
-      i64 offset = ((i64)(pPager->nSubRec))*(4+pPager->pageSize);
+      i64 offset = pPager->nSubRec*((i64)(4+pPager->pageSize));
       char *pData2;
   
       CODEC2(pPager, pData, pPg->pgno, 7, return SQLCIPHER_NOMEM, pData2);
@@ -62333,7 +62348,7 @@ SQLCIPHER_PRIVATE u32 sqlcipher3VdbeSerialGet(
       return 3;
     }
     case 4: { /* 4-byte signed integer */
-      pMem->u.i = (((signed char)buf[0])<<24) | (buf[1]<<16) | (buf[2]<<8) | buf[3];
+      pMem->u.i = (i64)(buf[0]<<24) | (buf[1]<<16) | (buf[2]<<8) | buf[3];
       pMem->flags = MEM_Int;
       return 4;
     }
@@ -63387,7 +63402,10 @@ SQLCIPHER_API void *sqlcipher3_aggregate_context(sqlcipher3_context *p, int nByt
       pMem->flags = MEM_Null;
       pMem->z = 0;
     }else{
-      sqlcipher3VdbeMemGrow(pMem, nByte, 0);
+      // patch to fix unchecked return value warning from prevent
+      int rc = sqlcipher3VdbeMemGrow(pMem, nByte, 0);
+      (void) rc;
+
       pMem->flags = MEM_Agg;
       pMem->u.pDef = p->pFunc;
       if( pMem->z ){
@@ -73596,6 +73614,7 @@ static int resolveExprStep(Walker *pWalker, Expr *pExpr){
       const char *zId;            /* The function name. */
       FuncDef *pDef;              /* Information about the function */
       u8 enc = ENC(pParse->db);   /* The database encoding */
+      int rc;                     // patch to fix unchecked return value warning from prevent
 
       testcase( pExpr->op==TK_CONST_FUNC );
       assert( !ExprHasProperty(pExpr, EP_xIsSelect) );
@@ -73643,7 +73662,9 @@ static int resolveExprStep(Walker *pWalker, Expr *pExpr){
         pNC->hasAgg = 1;
       }
       if( is_agg ) pNC->allowAgg = 0;
-      sqlcipher3WalkExprList(pWalker, pList);
+      // patch to fix unchecked return value warning from prevent
+      rc = sqlcipher3WalkExprList(pWalker, pList);
+      (void) rc;
       if( is_agg ) pNC->allowAgg = 1;
       /* FIX ME:  Compute pExpr->affinity based on the expected return
       ** type of the function 
@@ -82497,6 +82518,7 @@ SQLCIPHER_PRIVATE void sqlcipher3CreateView(
   DbFixer sFix;
   Token *pName = 0;
   int iDb;
+  int rc;            // patch to fix unchecked return value warning from prevent
   sqlcipher3 *db = pParse->db;
 
   if( pParse->nVar>0 ){
@@ -82510,7 +82532,10 @@ SQLCIPHER_PRIVATE void sqlcipher3CreateView(
     sqlcipher3SelectDelete(db, pSelect);
     return;
   }
-  sqlcipher3TwoPartName(pParse, pName1, pName2, &pName);
+  rc = sqlcipher3TwoPartName(pParse, pName1, pName2, &pName);
+  // patch to fix unchecked return value warning from prevent
+  (void) rc;
+
   iDb = sqlcipher3SchemaToIndex(db, p->pSchema);
   if( sqlcipher3FixInit(&sFix, pParse, iDb, "view", pName)
     && sqlcipher3FixSelect(&sFix, pSelect)
@@ -87848,6 +87873,7 @@ static void fkScanChildren(
   NameContext sNameContext;       /* Context used to resolve WHERE clause */
   WhereInfo *pWInfo;              /* Context used by sqlcipher3WhereXXX() */
   int iFkIfZero = 0;              /* Address of OP_FkIfZero */
+  int rc;                         // patch to fix unchecked return value warning from prevent
   Vdbe *v = sqlcipher3GetVdbe(pParse);
 
   assert( !pIdx || pIdx->pTable==pTab );
@@ -87920,7 +87946,9 @@ static void fkScanChildren(
   memset(&sNameContext, 0, sizeof(NameContext));
   sNameContext.pSrcList = pSrc;
   sNameContext.pParse = pParse;
-  sqlcipher3ResolveExprNames(&sNameContext, pWhere);
+  rc = sqlcipher3ResolveExprNames(&sNameContext, pWhere);
+  // patch to fix unchecked return value warning from prevent
+  (void) rc;
 
   /* Create VDBE to loop through the entries in pSrc that match the WHERE
   ** clause. If the constraint is not deferred, throw an exception for
@@ -93219,12 +93247,12 @@ SQLCIPHER_PRIVATE void sqlcipher3Pragma(
 #if defined(SQLCIPHER_HAS_CODEC) || defined(SQLCIPHER_ENABLE_CEROD)
   if( sqlcipher3StrICmp(zLeft, "activate_extensions")==0 ){
 #ifdef SQLCIPHER_HAS_CODEC
-    if( sqlcipher3StrNICmp(zRight, "see-", 4)==0 ){
+    if( zRight && sqlcipher3StrNICmp(zRight, "see-", 4)==0 ){
       sqlcipher3_activate_see(&zRight[4]);
     }
 #endif
 #ifdef SQLCIPHER_ENABLE_CEROD
-    if( sqlcipher3StrNICmp(zRight, "cerod-", 6)==0 ){
+    if( zRight && sqlcipher3StrNICmp(zRight, "cerod-", 6)==0 ){
       sqlcipher3_activate_cerod(&zRight[6]);
     }
 #endif
@@ -93330,15 +93358,17 @@ SQLCIPHER_PRIVATE int sqlcipher3InitCallback(void *pInit, int argc, char **argv,
     */
     int rc;
     sqlcipher3_stmt *pStmt;
-    TESTONLY(int rcp);            /* Return code from sqlcipher3_prepare() */
+    int rcp;            /* Return code from sqlcipher3_prepare() */
 
     assert( db->init.busy );
     db->init.iDb = iDb;
     db->init.newTnum = sqlcipher3Atoi(argv[1]);
     db->init.orphanTrigger = 0;
-    TESTONLY(rcp = ) sqlcipher3_prepare(db, argv[2], -1, &pStmt, 0);
+    rcp = sqlcipher3_prepare(db, argv[2], -1, &pStmt, 0);
     rc = db->errCode;
     assert( (rc&0xFF)==(rcp&0xFF) );
+    (void) rcp;
+
     db->init.iDb = 0;
     if( SQLCIPHER_OK!=rc ){
       if( db->init.orphanTrigger ){
@@ -96946,7 +96976,12 @@ static int flattenSubquery(
 
   /* Authorize the subquery */
   pParse->zAuthContext = pSubitem->zName;
-  sqlcipher3AuthCheck(pParse, SQLCIPHER_SELECT, 0, 0, 0);
+
+  // patch for unchecked return value warning from prevent
+  // sqlcipher3AuthCheck(pParse, SQLCIPHER_SELECT, 0, 0, 0);
+  int authResult = sqlcipher3AuthCheck(pParse, SQLCIPHER_SELECT, 0, 0, 0);
+  (void) authResult;
+
   pParse->zAuthContext = zSavedAuthContext;
 
   /* If the sub-query is a compound SELECT statement, then (by restrictions
@@ -101357,8 +101392,10 @@ SQLCIPHER_PRIVATE void sqlcipher3VtabBeginParse(
   ** The second call, to obtain permission to create the table, is made now.
   */
   if( pTable->azModuleArg ){
-    sqlcipher3AuthCheck(pParse, SQLCIPHER_CREATE_VTABLE, pTable->zName, 
+    int rc = sqlcipher3AuthCheck(pParse, SQLCIPHER_CREATE_VTABLE, pTable->zName,
             pTable->azModuleArg[0], pParse->db->aDb[iDb].zName);
+    // patch to fix unchecked return value warning from prevent
+    (void) rc;
   }
 #endif
 }
@@ -104288,7 +104325,12 @@ static sqlcipher3_index_info *allocateIndexInfo(
     testcase( pTerm->eOperator==WO_IN );
     testcase( pTerm->eOperator==WO_ISNULL );
     if( pTerm->eOperator & (WO_IN|WO_ISNULL) ) continue;
+
+    // patch to fix dead code warning from prevent
+    // TERM_VNULL is always 0 if SQLCIPHER_ENABLE_STAT3 feature is not defined.
+#ifdef SQLCIPHER_ENABLE_STAT3
     if( pTerm->wtFlags & TERM_VNULL ) continue;
+#endif
     nTerm++;
   }
 
@@ -104339,7 +104381,12 @@ static sqlcipher3_index_info *allocateIndexInfo(
     testcase( pTerm->eOperator==WO_IN );
     testcase( pTerm->eOperator==WO_ISNULL );
     if( pTerm->eOperator & (WO_IN|WO_ISNULL) ) continue;
+
+    // patch to fix dead code warning from prevent
+    // TERM_VNULL is always 0 if SQLCIPHER_ENABLE_STAT3 feature is not defined.
+#ifdef SQLCIPHER_ENABLE_STAT3
     if( pTerm->wtFlags & TERM_VNULL ) continue;
+#endif
     pIdxCons[j].iColumn = pTerm->u.leftColumn;
     pIdxCons[j].iTermOffset = i;
     pIdxCons[j].op = (u8)pTerm->eOperator;
diff --git a/src/plugin/password-plugin.cpp b/src/plugin/password-plugin.cpp
index 988de24..5d42f9a 100644
--- a/src/plugin/password-plugin.cpp
+++ b/src/plugin/password-plugin.cpp
@@ -19,6 +19,7 @@
  */
 #include <security-server-plugin-api.h>
 
+#include <ckm/ckm-client-info.h>
 #include <ckm/ckm-control.h>
 #include <ckm/ckm-type.h>
 
@@ -31,78 +32,99 @@ namespace SecurityServer {
 
 class KEY_MANAGER_API Plugin : public PasswordPlugin {
 public:
-    Plugin();
-    virtual int changeUserPassword(uid_t user, const std::string &oldPass, const std::string &newPass);
-    virtual int login(uid_t user, const std::string &password);
-    virtual int logout(uid_t user);
-    virtual int resetUserPassword(uid_t user, const std::string &newPass);
-    virtual int removeUserData(uid_t user);
-    virtual ~Plugin(){}
+    Plugin() {}
+    virtual int changeUserPassword(const std::string &zone, uid_t user, const std::string &oldPass, const std::string &newPass);
+    virtual int login(const std::string &zone, uid_t user, const std::string &password);
+    virtual int logout(const std::string &zone, uid_t user);
+    virtual int resetUserPassword(const std::string &zone, uid_t user, const std::string &newPass);
+    virtual int removeUserData(const std::string &zone, uid_t user);
+    virtual ~Plugin() {}
 private:
-    CKM::ControlShPtr m_control;
+    CKM::ClientInfo getClientInfo(const std::string &zone, uid_t user);
 };
 
-Plugin::Plugin() {
-    m_control = CKM::Control::create();
+CKM::ClientInfo Plugin::getClientInfo(const std::string &zone, uid_t user)
+{
+    return CKM::ClientInfo(zone, user);
 }
 
-int Plugin::changeUserPassword(uid_t user, const std::string &oldPass, const std::string &newPass) {
+int Plugin::changeUserPassword(
+    const std::string &zone,
+    uid_t user,
+    const std::string &oldPass,
+    const std::string &newPass)
+{
+    auto control = CKM::Control::create();
+    if (!control)
+        return SECURITY_SERVER_PLUGIN_FAIL;
+
     CKM::Password oldPwd(oldPass.begin(), oldPass.end());
     CKM::Password newPwd(newPass.begin(), newPass.end());
-
-    if (!m_control)
-        return SECURITY_SERVER_PLUGIN_FAIL;
+    CKM::ClientInfo clientInfo = getClientInfo(zone, user);
 
     // CKM does not allow to change user password if database does
     // not exists. We must create database before change password.
-    if (CKM_API_SUCCESS != m_control->unlockUserKey(user, oldPwd))
+    if (CKM_API_SUCCESS != control->unlockUserKey(clientInfo, oldPwd))
         return SECURITY_SERVER_PLUGIN_FAIL;
-
-    if (CKM_API_SUCCESS != m_control->changeUserPassword(user, oldPwd, newPwd))
+    if (CKM_API_SUCCESS != control->changeUserPassword(clientInfo, oldPwd, newPwd))
         return SECURITY_SERVER_PLUGIN_FAIL;
 
     return SECURITY_SERVER_PLUGIN_SUCCESS;
 }
 
-int Plugin::login(uid_t user, const std::string &password) {
-    CKM::Password pwd(password.begin(), password.end());
-
-    if (!m_control)
+int Plugin::login(
+    const std::string &zone,
+    uid_t user,
+    const std::string &password)
+{
+    auto control = CKM::Control::create();
+    if (!control)
         return SECURITY_SERVER_PLUGIN_FAIL;
 
-    if (CKM_API_SUCCESS != m_control->unlockUserKey(user, pwd))
+    CKM::Password pwd(password.begin(), password.end());
+
+    if (CKM_API_SUCCESS != control->unlockUserKey(getClientInfo(zone, user), pwd))
         return SECURITY_SERVER_PLUGIN_FAIL;
 
     return SECURITY_SERVER_PLUGIN_SUCCESS;
 }
 
-int Plugin::logout(uid_t user) {
-    if (!m_control)
+int Plugin::logout(const std::string &zone, uid_t user)
+{
+    auto control = CKM::Control::create();
+    if (!control)
         return SECURITY_SERVER_PLUGIN_FAIL;
 
-    if (CKM_API_SUCCESS != m_control->lockUserKey(user))
+    if (CKM_API_SUCCESS != control->lockUserKey(getClientInfo(zone, user)))
         return SECURITY_SERVER_PLUGIN_FAIL;
 
     return SECURITY_SERVER_PLUGIN_SUCCESS;
 }
 
-int Plugin::resetUserPassword(uid_t user, const std::string &newPass) {
-    CKM::Password pwd(newPass.begin(), newPass.end());
-
-    if (!m_control)
+int Plugin::resetUserPassword(
+    const std::string &zone,
+    uid_t user,
+    const std::string &newPass)
+{
+    auto control = CKM::Control::create();
+    if (!control)
         return SECURITY_SERVER_PLUGIN_FAIL;
 
-    if (CKM_API_SUCCESS != m_control->resetUserPassword(user, pwd))
+    CKM::Password pwd(newPass.begin(), newPass.end());
+
+    if (CKM_API_SUCCESS != control->resetUserPassword(getClientInfo(zone, user), pwd))
         return SECURITY_SERVER_PLUGIN_FAIL;
 
     return SECURITY_SERVER_PLUGIN_SUCCESS;
 }
 
-int Plugin::removeUserData(uid_t user) {
-    if (!m_control)
+int Plugin::removeUserData(const std::string &zone, uid_t user)
+{
+    auto control = CKM::Control::create();
+    if (!control)
         return SECURITY_SERVER_PLUGIN_FAIL;
 
-    if (CKM_API_SUCCESS != m_control->removeUserData(user))
+    if (CKM_API_SUCCESS != control->removeUserData(getClientInfo(zone, user)))
         return SECURITY_SERVER_PLUGIN_FAIL;
 
     return SECURITY_SERVER_PLUGIN_SUCCESS;
@@ -119,5 +141,3 @@ KEY_MANAGER_API
 void destroy(SecurityServer::PasswordPlugin *obj) {
     delete obj;
 }
-
-
diff --git a/systemd/CMakeLists.txt b/systemd/CMakeLists.txt
index f9005e7..070106a 100644
--- a/systemd/CMakeLists.txt
+++ b/systemd/CMakeLists.txt
@@ -3,8 +3,6 @@ CONFIGURE_FILE(${CMAKE_SOURCE_DIR}/systemd/central-key-manager.service.in
 
 INSTALL(FILES
     ${CMAKE_SOURCE_DIR}/systemd/central-key-manager.service
-    ${CMAKE_SOURCE_DIR}/systemd/central-key-manager.target
-    ${CMAKE_SOURCE_DIR}/systemd/central-key-manager-listener.service
     ${CMAKE_SOURCE_DIR}/systemd/central-key-manager-api-control.socket
     ${CMAKE_SOURCE_DIR}/systemd/central-key-manager-api-storage.socket
     ${CMAKE_SOURCE_DIR}/systemd/central-key-manager-api-ocsp.socket
diff --git a/systemd/central-key-manager-api-control.socket b/systemd/central-key-manager-api-control.socket
index 7c132a6..0f76e14 100644
--- a/systemd/central-key-manager-api-control.socket
+++ b/systemd/central-key-manager-api-control.socket
@@ -1,14 +1,15 @@
+[Unit]
+Description=key manager socket for control API
+Before=central-key-manager.service
+
 [Socket]
+SocketUser=system
+SocketGroup=system
 ListenStream=/tmp/.central-key-manager-api-control.sock
+Service=central-key-manager.service
 SocketMode=0777
 SmackLabelIPIn=key-manager::api-control
 SmackLabelIPOut=@
 
-Service=central-key-manager.service
-
-[Unit]
-Wants=central-key-manager.target
-Before=central-key-manager.target
-
 [Install]
 WantedBy=sockets.target
diff --git a/systemd/central-key-manager-api-ocsp.socket b/systemd/central-key-manager-api-ocsp.socket
index b20e7e7..f5d55a1 100644
--- a/systemd/central-key-manager-api-ocsp.socket
+++ b/systemd/central-key-manager-api-ocsp.socket
@@ -1,14 +1,15 @@
+[Unit]
+Description=key manager socket for ocsp API
+Before=central-key-manager.service
+
 [Socket]
+SocketUser=system
+SocketGroup=system
 ListenStream=/tmp/.central-key-manager-api-ocsp.sock
+Service=central-key-manager.service
 SocketMode=0777
 SmackLabelIPIn=key-manager::api-ocsp
 SmackLabelIPOut=@
 
-Service=central-key-manager.service
-
-[Unit]
-Wants=central-key-manager.target
-Before=central-key-manager.target
-
 [Install]
 WantedBy=sockets.target
diff --git a/systemd/central-key-manager-api-storage.socket b/systemd/central-key-manager-api-storage.socket
index 7bc5350..fc725d5 100644
--- a/systemd/central-key-manager-api-storage.socket
+++ b/systemd/central-key-manager-api-storage.socket
@@ -1,14 +1,15 @@
+[Unit]
+Description=key manager socket for storage API
+Before=central-key-manager.service
+
 [Socket]
+SocketUser=system
+SocketGroup=system
 ListenStream=/tmp/.central-key-manager-api-storage.sock
+Service=central-key-manager.service
 SocketMode=0777
 SmackLabelIPIn=key-manager::api-storage
 SmackLabelIPOut=@
 
-Service=central-key-manager.service
-
-[Unit]
-Wants=central-key-manager.target
-Before=central-key-manager.target
-
 [Install]
 WantedBy=sockets.target
diff --git a/systemd/central-key-manager-listener.service b/systemd/central-key-manager-listener.service
deleted file mode 100644
index ba2b8bc..0000000
--- a/systemd/central-key-manager-listener.service
+++ /dev/null
@@ -1,11 +0,0 @@
-[Unit]
-Description=Start the Central Key Manager Listener
-Requires=dbus.service
-After=central-key-manager.service
-
-[Service]
-Type=simple
-ExecStart=/usr/bin/key-manager-listener
-
-[Install]
-WantedBy=multi-user.target
diff --git a/systemd/central-key-manager.service.in b/systemd/central-key-manager.service.in
index 469db7a..5455de7 100644
--- a/systemd/central-key-manager.service.in
+++ b/systemd/central-key-manager.service.in
@@ -1,8 +1,11 @@
 [Unit]
 Description=Start the Central Key Manager
-DefaultDependencies=no
+Requires=central-key-manager-api-storage.socket central-key-manager-api-control.socket central-key-manager-api-ocsp.socket
 
 [Service]
+User=system
+Group=system
+SmackProcessLabel=key-manager
 Type=notify
 ExecStart=/usr/bin/key-manager
 Sockets=central-key-manager-api-storage.socket
diff --git a/systemd/central-key-manager.target b/systemd/central-key-manager.target
deleted file mode 100644
index 01eaa8e..0000000
--- a/systemd/central-key-manager.target
+++ /dev/null
@@ -1,4 +0,0 @@
-[Unit]
-Description=Central Key Manager sockets
-DefaultDependencies=true
-
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index e3d39af..5d84ba1 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -17,6 +17,7 @@ INCLUDE_DIRECTORIES(
     ${KEY_MANAGER_PATH}/service
     ${KEY_MANAGER_PATH}/common/
     ${KEY_MANAGER_PATH}/client-async/
+    ${KEY_MANAGER_PATH}/client-capi/
     ${KEY_MANAGER_SRC_PATH}/include
     ${KEY_MANAGER_TEST_MERGED_SRC}/
     )
@@ -51,3 +52,38 @@ TARGET_LINK_LIBRARIES(${TARGET_TEST_MERGED}
     )
 
 INSTALL(TARGETS ${TARGET_TEST_MERGED} DESTINATION bin)
+
+################################################################################
+PKG_CHECK_MODULES(KEY_MANAGER_TEST_LCOV_DEP
+    REQUIRED
+    openssl
+    )
+
+
+SET(KEY_MANAGER_TEST_LCOV_SRC ${PROJECT_SOURCE_DIR}/tests)
+
+SET(TEST_LCOV_SOURCES
+    ${KEY_MANAGER_TEST_LCOV_SRC}/main_lcov.cpp
+    ${KEY_MANAGER_TEST_LCOV_SRC}/test_common.cpp
+    ${KEY_MANAGER_TEST_LCOV_SRC}/colour_log_formatter.cpp
+    ${KEY_MANAGER_TEST_LCOV_SRC}/test_lcov_certificate-impl.cpp
+    ${KEY_MANAGER_TEST_LCOV_SRC}/test_lcov_ckmc-type-converter.cpp
+    ${KEY_MANAGER_TEST_LCOV_SRC}/test_lcov_client-error.cpp
+    ${KEY_MANAGER_TEST_LCOV_SRC}/test_lcov_key-impl.cpp
+    ${KEY_MANAGER_PATH}/client/client-error.cpp
+    ${KEY_MANAGER_PATH}/client-capi/ckmc-type-converter.cpp
+    ${KEY_MANAGER_PATH}/dpl/core/src/assert.cpp
+    ${KEY_MANAGER_PATH}/dpl/core/src/colors.cpp
+    )
+
+ADD_EXECUTABLE(${TARGET_TEST_LCOV} ${TEST_LCOV_SOURCES})
+
+TARGET_LINK_LIBRARIES(${TARGET_TEST_LCOV}
+    ${TARGET_KEY_MANAGER_COMMON}
+    ${CMAKE_THREAD_LIBS_INIT}
+    ${KEY_MANAGER_TEST_LCOV_DEP_LIBRARIES}
+    boost_unit_test_framework
+    -ldl
+    )
+
+INSTALL(TARGETS ${TARGET_TEST_LCOV} DESTINATION bin)
diff --git a/tests/main_lcov.cpp b/tests/main_lcov.cpp
new file mode 100644
index 0000000..9dd21f0
--- /dev/null
+++ b/tests/main_lcov.cpp
@@ -0,0 +1,63 @@
+/*
+ *  Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License
+ */
+/*
+ * @file       main.cpp
+ * @author     Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version    1.0
+ */
+
+#define BOOST_TEST_MODULE CKM_TEST_LCOV_INTERNAL
+#define BOOST_TEST_MAIN
+
+
+#include <iostream>
+#include <key-provider.h>
+#include <boost/test/unit_test.hpp>
+#include <boost/test/unit_test_log.hpp>
+#include <boost/test/results_reporter.hpp>
+#include <colour_log_formatter.h>
+#include <dpl/log/log.h>
+
+struct TestConfig {
+    TestConfig() {
+        boost::unit_test::unit_test_log.set_threshold_level( boost::unit_test::log_test_units);
+        boost::unit_test::results_reporter::set_level(boost::unit_test::SHORT_REPORT);
+        boost::unit_test::unit_test_log.set_formatter(new CKM::colour_log_formatter);
+    }
+    ~TestConfig(){
+    }
+};
+
+bool isLibInitialized = false;
+
+struct KeyProviderLib {
+    KeyProviderLib() {
+    }
+    ~KeyProviderLib() {
+    }
+};
+
+struct LogSetup {
+    LogSetup() {
+        CKM::Singleton<CKM::Log::LogSystem>::Instance().SetTag("CKM_INTERNAL_TESTS");
+    }
+    ~LogSetup() {}
+};
+
+BOOST_GLOBAL_FIXTURE(KeyProviderLib)
+BOOST_GLOBAL_FIXTURE(TestConfig)
+BOOST_GLOBAL_FIXTURE(LogSetup)
+
diff --git a/tests/test_db_crypto.cpp b/tests/test_db_crypto.cpp
index 93c70ad..785e5d8 100644
--- a/tests/test_db_crypto.cpp
+++ b/tests/test_db_crypto.cpp
@@ -39,6 +39,7 @@ int getRandom()
 
     return randVal;
 }
+
 } // namespace anonymous
 
 BOOST_FIXTURE_TEST_SUITE(DBCRYPTO_TEST, DBFixture)
diff --git a/tests/test_lcov_certificate-impl.cpp b/tests/test_lcov_certificate-impl.cpp
new file mode 100644
index 0000000..56f89f7
--- /dev/null
+++ b/tests/test_lcov_certificate-impl.cpp
@@ -0,0 +1,89 @@
+#include <boost/test/unit_test.hpp>
+#include <test_common.h>
+
+#include <certificate-impl.h>
+#include <base64.h>
+#include <openssl/x509.h>
+
+#include <string>
+
+
+using namespace CKM;
+
+BOOST_AUTO_TEST_SUITE(CKM_CERTIFICATE_IMPL_TEST)
+
+
+BOOST_AUTO_TEST_CASE(CKM_CERTIFICATE_IMPL_TESTS) {
+    std::string certStr = 
+        "MIIDOzCCAiOgAwIBAgIBADANBgkqhkiG9w0BAQUFADBYMRowGAYDVQQKDBFUaXpl\n"
+        "biBBc3NvY2lhdGlvbjEaMBgGA1UECwwRVGl6ZW4gQXNzb2NpYXRpb24xHjAcBgNV\n"
+        "BAMMFVRpemVuIERldmVsb3BlcnMgUm9vdDAeFw0xMjAxMDEwMDAwMDBaFw0zMjAx\n"
+        "MDEwMDAwMDBaMFgxGjAYBgNVBAoMEVRpemVuIEFzc29jaWF0aW9uMRowGAYDVQQL\n"
+        "DBFUaXplbiBBc3NvY2lhdGlvbjEeMBwGA1UEAwwVVGl6ZW4gRGV2ZWxvcGVycyBS\n"
+        "b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2rCwXTYh28vcagX\n"
+        "WLIeVtEvXA5EeTR9UnL4Dzyd7hIq8rkxLbIMMOcCrXMTc7bEH2twFaTuXxyKXMW/\n"
+        "2c+id3m3Z1B5caCqwSPr72oKPSI4jSkvrAC5W7EHx16M818aG4tQkXIUBhDrtSmH\n"
+        "6dFOdt8zGq2fanj1sETfUmXAeLGE7OQYcEb2SoWGXR75Ytfp1LAw/L3luuG/kbzB\n"
+        "crZt1Cv05jfCP575eope6p5p80Gl0tieXyPYhSLVTLwhEdWx18CMaC7IXQo2Bm+J\n"
+        "djDH0Ruh/vTRnjFtmVB+nBOZNVzMHNOPUVFKSgysX/+PlM4jBTvbaTnPCZUkC/O7\n"
+        "5tYIpwIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQBw\n"
+        "95ibcuAiKpAEqBMyTZtOf0okhSi9NYfs/AFIPLH5REnhtQkPmKsvDp21OSdzrFEL\n"
+        "42rV94K98QChD9tGO6Mwp1ZHM3No7/PLC3EelOwmn4dr3KPGdjvQNSwKRblGh0Hj\n"
+        "n4fI+studFLLv6ldCLIpA/Ssgf9GuUbcjTC8OWBYPVUQ6YoXAcuHbfhr6a2IXRTj\n"
+        "lJUCt3qWyciP2H/R+oNBSjtlq13ZT+D9AQMmIG/5w1tK0HzDRhORfWlKCo5JKn0A\n"
+        "iQq2fwtoB0JQEHRKCKZYWghG41HuKc82xLf6H7x24XWOAlXb0SpvVENT1i89XNrj\n"
+        "XS4modIY545rYjI1amfL\n";
+
+    CertificateImpl cert(RawBuffer(certStr.begin(),certStr.end()), DataFormat::FORM_DER_BASE64);
+    X509* certX509 = cert.getX509();
+
+    CertificateImpl cert2(certX509, true);
+
+    CertificateImpl cert3(cert);
+    CertificateImpl cert4(CertificateImpl(cert));
+
+    CertificateImpl cert5 = cert;
+    CertificateImpl cert6 = CertificateImpl(cert);
+
+    KeyImpl::EvpShPtr certEvpShPtr = cert.getEvpShPtr();
+
+    KeyImpl keyImpl = cert.getKeyImpl();
+
+    std::string issuer = cert.getOneLine(CertificateFieldId::ISSUER);
+    std::string subject = cert.getOneLine(CertificateFieldId::SUBJECT);
+
+    std::string issuerCommonNameField = cert.getField(CertificateFieldId::ISSUER, NID_commonName);
+
+    std::string commonName = cert.getCommonName(CertificateFieldId::SUBJECT);
+    std::string country = cert.getCountryName(CertificateFieldId::SUBJECT);
+    std::string state = cert.getStateOrProvinceName(CertificateFieldId::SUBJECT);
+    std::string locality = cert.getLocalityName(CertificateFieldId::SUBJECT);
+    std::string organization = cert.getOrganizationName(CertificateFieldId::SUBJECT);
+    std::string ouName = cert.getOrganizationalUnitName(CertificateFieldId::SUBJECT);
+    std::string email = cert.getEmailAddres(CertificateFieldId::SUBJECT);
+    std::string ocspUrl = cert.getOCSPURL();
+}
+
+BOOST_AUTO_TEST_CASE(CKM_BASE64_TESTS) {
+    std::string origStr = "test data";
+    RawBuffer origBuffer(origStr.begin(), origStr.end());
+
+    Base64Encoder encoder;
+    encoder.reset();
+    encoder.append(origBuffer);
+    encoder.finalize();
+    RawBuffer base64 = encoder.get();
+
+    Base64Decoder decoder; 
+    decoder.reset();
+    decoder.append(base64);
+    decoder.finalize();
+    RawBuffer decoded = decoder.get();
+
+    std::string decodedStr = std::string(decoded.begin(), decoded.end());
+
+    BOOST_REQUIRE_MESSAGE(origStr.compare(decodedStr) == 0, "Base64 encoding/decoding returned a wrong value");
+}
+
+
+BOOST_AUTO_TEST_SUITE_END()
diff --git a/tests/test_lcov_ckmc-type-converter.cpp b/tests/test_lcov_ckmc-type-converter.cpp
new file mode 100644
index 0000000..642e43c
--- /dev/null
+++ b/tests/test_lcov_ckmc-type-converter.cpp
@@ -0,0 +1,215 @@
+#include <boost/test/unit_test.hpp>
+#include <test_common.h>
+
+#include <ckmc/ckmc-type.h>
+#include <ckmc-type-converter.h>
+
+
+#include <string>
+
+
+using namespace CKM;
+
+BOOST_AUTO_TEST_SUITE(CKMC_TYPE_CONVERTER_TEST)
+
+
+BOOST_AUTO_TEST_CASE(CKMC_TYPE_CONVERTER_to_ckm_error) {
+    int ckm_error = -1;
+
+    ckm_error = to_ckm_error(CKMC_ERROR_NONE);
+    BOOST_REQUIRE_MESSAGE( ckm_error == CKM_API_SUCCESS, "invalid ckm error returned");
+
+    ckm_error = to_ckm_error(CKMC_ERROR_SOCKET);
+    BOOST_REQUIRE_MESSAGE( ckm_error == CKM_API_ERROR_SOCKET, "invalid ckm error returned");
+
+    ckm_error = to_ckm_error(CKMC_ERROR_BAD_REQUEST);
+    BOOST_REQUIRE_MESSAGE( ckm_error == CKM_API_ERROR_BAD_REQUEST, "invalid ckm error returned");
+
+    ckm_error = to_ckm_error(CKMC_ERROR_BAD_RESPONSE);
+    BOOST_REQUIRE_MESSAGE( ckm_error == CKM_API_ERROR_BAD_RESPONSE, "invalid ckm error returned");
+
+    ckm_error = to_ckm_error(CKMC_ERROR_SEND_FAILED);
+    BOOST_REQUIRE_MESSAGE( ckm_error == CKM_API_ERROR_SEND_FAILED, "invalid ckm error returned");
+
+    ckm_error = to_ckm_error(CKMC_ERROR_RECV_FAILED);
+    BOOST_REQUIRE_MESSAGE( ckm_error == CKM_API_ERROR_RECV_FAILED, "invalid ckm error returned");
+
+    ckm_error = to_ckm_error(CKMC_ERROR_AUTHENTICATION_FAILED);
+    BOOST_REQUIRE_MESSAGE( ckm_error == CKM_API_ERROR_AUTHENTICATION_FAILED, "invalid ckm error returned");
+
+    ckm_error = to_ckm_error(CKMC_ERROR_INVALID_PARAMETER);
+    BOOST_REQUIRE_MESSAGE( ckm_error == CKM_API_ERROR_INPUT_PARAM, "invalid ckm error returned");
+
+    ckm_error = to_ckm_error(CKMC_ERROR_BUFFER_TOO_SMALL);
+    BOOST_REQUIRE_MESSAGE( ckm_error == CKM_API_ERROR_BUFFER_TOO_SMALL, "invalid ckm error returned");
+
+    ckm_error = to_ckm_error(CKMC_ERROR_OUT_OF_MEMORY);
+    BOOST_REQUIRE_MESSAGE( ckm_error == CKM_API_ERROR_OUT_OF_MEMORY, "invalid ckm error returned");
+
+    ckm_error = to_ckm_error(CKMC_ERROR_PERMISSION_DENIED);
+    BOOST_REQUIRE_MESSAGE( ckm_error == CKM_API_ERROR_ACCESS_DENIED, "invalid ckm error returned");
+
+    ckm_error = to_ckm_error(CKMC_ERROR_SERVER_ERROR);
+    BOOST_REQUIRE_MESSAGE( ckm_error == CKM_API_ERROR_SERVER_ERROR, "invalid ckm error returned");
+
+    ckm_error = to_ckm_error(CKMC_ERROR_DB_LOCKED);
+    BOOST_REQUIRE_MESSAGE( ckm_error == CKM_API_ERROR_DB_LOCKED, "invalid ckm error returned");
+
+    ckm_error = to_ckm_error(CKMC_ERROR_DB_ERROR);
+    BOOST_REQUIRE_MESSAGE( ckm_error == CKM_API_ERROR_DB_ERROR, "invalid ckm error returned");
+
+    ckm_error = to_ckm_error(CKMC_ERROR_DB_ALIAS_EXISTS);
+    BOOST_REQUIRE_MESSAGE( ckm_error == CKM_API_ERROR_DB_ALIAS_EXISTS, "invalid ckm error returned");
+
+    ckm_error = to_ckm_error(CKMC_ERROR_DB_ALIAS_UNKNOWN);
+    BOOST_REQUIRE_MESSAGE( ckm_error == CKM_API_ERROR_DB_ALIAS_UNKNOWN, "invalid ckm error returned");
+
+    ckm_error = to_ckm_error(CKMC_ERROR_VERIFICATION_FAILED);
+    BOOST_REQUIRE_MESSAGE( ckm_error == CKM_API_ERROR_VERIFICATION_FAILED, "invalid ckm error returned");
+
+    ckm_error = to_ckm_error(CKMC_ERROR_INVALID_FORMAT);
+    BOOST_REQUIRE_MESSAGE( ckm_error == CKM_API_ERROR_INVALID_FORMAT, "invalid ckm error returned");
+
+    ckm_error = to_ckm_error(CKMC_ERROR_FILE_ACCESS_DENIED);
+    BOOST_REQUIRE_MESSAGE( ckm_error == CKM_API_ERROR_FILE_ACCESS_DENIED, "invalid ckm error returned");
+
+    ckm_error = to_ckm_error(CKMC_ERROR_NOT_EXPORTABLE);
+    BOOST_REQUIRE_MESSAGE( ckm_error == CKM_API_ERROR_NOT_EXPORTABLE, "invalid ckm error returned");
+
+    ckm_error = to_ckm_error(CKMC_ERROR_FILE_SYSTEM);
+    BOOST_REQUIRE_MESSAGE( ckm_error == CKM_API_ERROR_FILE_SYSTEM, "invalid ckm error returned");
+
+    ckm_error = to_ckm_error(CKMC_ERROR_NOT_SUPPORTED);
+    BOOST_REQUIRE_MESSAGE( ckm_error == CKM_API_ERROR_NOT_SUPPORTED, "invalid ckm error returned");
+
+    ckm_error = to_ckm_error(CKMC_ERROR_UNKNOWN);
+    BOOST_REQUIRE_MESSAGE( ckm_error == CKM_API_ERROR_UNKNOWN, "invalid ckm error returned");
+
+    ckm_error = to_ckm_error(-99999);
+    BOOST_REQUIRE_MESSAGE( ckm_error == CKM_API_ERROR_UNKNOWN, "invalid ckm error returned");
+}
+
+
+BOOST_AUTO_TEST_CASE(CKMC_TYPE_CONVERTER_to_ckmc_error) {
+    int ckmc_error = -1;
+
+    ckmc_error = to_ckmc_error(CKM_API_SUCCESS);
+    BOOST_REQUIRE_MESSAGE( ckmc_error == CKMC_ERROR_NONE, "invalid ckmc error returned");
+
+    ckmc_error = to_ckmc_error(CKM_API_ERROR_SOCKET);
+    BOOST_REQUIRE_MESSAGE( ckmc_error == CKMC_ERROR_SOCKET, "invalid ckmc error returned");
+
+    ckmc_error = to_ckmc_error(CKM_API_ERROR_BAD_REQUEST);
+    BOOST_REQUIRE_MESSAGE( ckmc_error == CKMC_ERROR_BAD_REQUEST, "invalid ckmc error returned");
+
+    ckmc_error = to_ckmc_error(CKM_API_ERROR_BAD_RESPONSE);
+    BOOST_REQUIRE_MESSAGE( ckmc_error == CKMC_ERROR_BAD_RESPONSE, "invalid ckmc error returned");
+
+    ckmc_error = to_ckmc_error(CKM_API_ERROR_SEND_FAILED);
+    BOOST_REQUIRE_MESSAGE( ckmc_error == CKMC_ERROR_SEND_FAILED, "invalid ckmc error returned");
+
+    ckmc_error = to_ckmc_error(CKM_API_ERROR_RECV_FAILED);
+    BOOST_REQUIRE_MESSAGE( ckmc_error == CKMC_ERROR_RECV_FAILED, "invalid ckmc error returned");
+
+    ckmc_error = to_ckmc_error(CKM_API_ERROR_AUTHENTICATION_FAILED);
+    BOOST_REQUIRE_MESSAGE( ckmc_error == CKMC_ERROR_AUTHENTICATION_FAILED, "invalid ckmc error returned");
+
+    ckmc_error = to_ckmc_error(CKM_API_ERROR_INPUT_PARAM);
+    BOOST_REQUIRE_MESSAGE( ckmc_error == CKMC_ERROR_INVALID_PARAMETER, "invalid ckmc error returned");
+
+    ckmc_error = to_ckmc_error(CKM_API_ERROR_BUFFER_TOO_SMALL);
+    BOOST_REQUIRE_MESSAGE( ckmc_error == CKMC_ERROR_BUFFER_TOO_SMALL, "invalid ckmc error returned");
+
+    ckmc_error = to_ckmc_error(CKM_API_ERROR_OUT_OF_MEMORY);
+    BOOST_REQUIRE_MESSAGE( ckmc_error == CKMC_ERROR_OUT_OF_MEMORY, "invalid ckmc error returned");
+
+    ckmc_error = to_ckmc_error(CKM_API_ERROR_ACCESS_DENIED);
+    BOOST_REQUIRE_MESSAGE( ckmc_error == CKMC_ERROR_PERMISSION_DENIED, "invalid ckmc error returned");
+
+    ckmc_error = to_ckmc_error(CKM_API_ERROR_SERVER_ERROR);
+    BOOST_REQUIRE_MESSAGE( ckmc_error == CKMC_ERROR_SERVER_ERROR, "invalid ckmc error returned");
+
+    ckmc_error = to_ckmc_error(CKM_API_ERROR_DB_LOCKED);
+    BOOST_REQUIRE_MESSAGE( ckmc_error == CKMC_ERROR_DB_LOCKED, "invalid ckmc error returned");
+
+    ckmc_error = to_ckmc_error(CKM_API_ERROR_DB_ERROR);
+    BOOST_REQUIRE_MESSAGE( ckmc_error == CKMC_ERROR_DB_ERROR, "invalid ckmc error returned");
+
+    ckmc_error = to_ckmc_error(CKM_API_ERROR_DB_ALIAS_EXISTS);
+    BOOST_REQUIRE_MESSAGE( ckmc_error == CKMC_ERROR_DB_ALIAS_EXISTS, "invalid ckmc error returned");
+
+    ckmc_error = to_ckmc_error(CKM_API_ERROR_DB_ALIAS_UNKNOWN);
+    BOOST_REQUIRE_MESSAGE( ckmc_error == CKMC_ERROR_DB_ALIAS_UNKNOWN, "invalid ckmc error returned");
+
+    ckmc_error = to_ckmc_error(CKM_API_ERROR_VERIFICATION_FAILED);
+    BOOST_REQUIRE_MESSAGE( ckmc_error == CKMC_ERROR_VERIFICATION_FAILED, "invalid ckmc error returned");
+
+    ckmc_error = to_ckmc_error(CKM_API_ERROR_INVALID_FORMAT);
+    BOOST_REQUIRE_MESSAGE( ckmc_error == CKMC_ERROR_INVALID_FORMAT, "invalid ckmc error returned");
+
+    ckmc_error = to_ckmc_error(CKM_API_ERROR_FILE_ACCESS_DENIED);
+    BOOST_REQUIRE_MESSAGE( ckmc_error == CKMC_ERROR_FILE_ACCESS_DENIED, "invalid ckmc error returned");
+
+    ckmc_error = to_ckmc_error(CKM_API_ERROR_NOT_EXPORTABLE);
+    BOOST_REQUIRE_MESSAGE( ckmc_error == CKMC_ERROR_NOT_EXPORTABLE, "invalid ckmc error returned");
+
+    ckmc_error = to_ckmc_error(CKM_API_ERROR_FILE_SYSTEM);
+    BOOST_REQUIRE_MESSAGE( ckmc_error == CKMC_ERROR_FILE_SYSTEM, "invalid ckmc error returned");
+
+    ckmc_error = to_ckmc_error(CKM_API_ERROR_NOT_SUPPORTED);
+    BOOST_REQUIRE_MESSAGE( ckmc_error == CKMC_ERROR_NOT_SUPPORTED, "invalid ckmc error returned");
+
+    ckmc_error = to_ckmc_error(CKM_API_ERROR_UNKNOWN);
+    BOOST_REQUIRE_MESSAGE( ckmc_error == CKMC_ERROR_UNKNOWN, "invalid ckmc error returned");
+
+    ckmc_error = to_ckmc_error(-9999);
+    BOOST_REQUIRE_MESSAGE( ckmc_error == CKMC_ERROR_UNKNOWN, "invalid ckmc error returned");
+}
+
+BOOST_AUTO_TEST_CASE(CKMC_TYPE_CONVERTER_to_ckmc_ocsp_status) {
+    int ckmc_ocsp= -1;
+
+    ckmc_ocsp = to_ckmc_ocsp_status(CKM_API_OCSP_STATUS_GOOD);
+    BOOST_REQUIRE_MESSAGE( ckmc_ocsp == CKMC_OCSP_STATUS_GOOD, "invalid ckmc ocsp status returned");
+
+    ckmc_ocsp = to_ckmc_ocsp_status(CKM_API_OCSP_STATUS_UNSUPPORTED);
+    BOOST_REQUIRE_MESSAGE( ckmc_ocsp == CKMC_OCSP_ERROR_UNSUPPORTED, "invalid ckmc ocsp status returned");
+
+    ckmc_ocsp = to_ckmc_ocsp_status(CKM_API_OCSP_STATUS_REVOKED);
+    BOOST_REQUIRE_MESSAGE( ckmc_ocsp == CKMC_OCSP_STATUS_REVOKED, "invalid ckmc ocsp status returned");
+
+    ckmc_ocsp = to_ckmc_ocsp_status(CKM_API_OCSP_STATUS_NET_ERROR);
+    BOOST_REQUIRE_MESSAGE( ckmc_ocsp == CKMC_OCSP_ERROR_NET, "invalid ckmc ocsp status returned");
+
+    ckmc_ocsp = to_ckmc_ocsp_status(CKM_API_OCSP_STATUS_INVALID_URL);
+    BOOST_REQUIRE_MESSAGE( ckmc_ocsp == CKMC_OCSP_ERROR_INVALID_URL, "invalid ckmc ocsp status returned");
+
+    ckmc_ocsp = to_ckmc_ocsp_status(CKM_API_OCSP_STATUS_INVALID_RESPONSE);
+    BOOST_REQUIRE_MESSAGE( ckmc_ocsp == CKMC_OCSP_ERROR_INVALID_RESPONSE, "invalid ckmc ocsp status returned");
+
+    ckmc_ocsp = to_ckmc_ocsp_status(CKM_API_OCSP_STATUS_REMOTE_ERROR);
+    BOOST_REQUIRE_MESSAGE( ckmc_ocsp == CKMC_OCSP_ERROR_REMOTE, "invalid ckmc ocsp status returned");
+
+    ckmc_ocsp = to_ckmc_ocsp_status(CKM_API_OCSP_STATUS_INTERNAL_ERROR);
+    BOOST_REQUIRE_MESSAGE( ckmc_ocsp == CKMC_OCSP_ERROR_INTERNAL, "invalid ckmc ocsp status returned");
+
+    ckmc_ocsp = to_ckmc_ocsp_status(-9999);
+    BOOST_REQUIRE_MESSAGE( ckmc_ocsp == CKMC_OCSP_STATUS_UNKNOWN, "invalid ckmc ocsp status returned");
+}
+
+
+BOOST_AUTO_TEST_CASE(CKMC_TYPE_CONVERTER_to_permission_mask) {
+    int ret = -1;
+    int permissionMask = -1;
+
+    ret = access_to_permission_mask(CKMC_AR_READ, permissionMask);
+    BOOST_REQUIRE_MESSAGE( ret == CKMC_ERROR_NONE , "error returned");
+    BOOST_REQUIRE_MESSAGE( permissionMask == CKMC_PERMISSION_READ, "invalid permission mask returned");
+
+    ret = access_to_permission_mask(CKMC_AR_READ_REMOVE, permissionMask);
+    BOOST_REQUIRE_MESSAGE( ret == CKMC_ERROR_NONE , "error returned");
+    BOOST_REQUIRE_MESSAGE( permissionMask == (CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE),
+                           "invalid permission mask returned");
+}
+
+BOOST_AUTO_TEST_SUITE_END()
diff --git a/tests/test_lcov_client-error.cpp b/tests/test_lcov_client-error.cpp
new file mode 100644
index 0000000..36cc2bf
--- /dev/null
+++ b/tests/test_lcov_client-error.cpp
@@ -0,0 +1,89 @@
+#include <boost/test/unit_test.hpp>
+#include <test_common.h>
+
+#include <ckm/ckm-type.h>
+#include <ckm/ckm-error.h>
+
+#include <string>
+
+
+using namespace CKM;
+
+BOOST_AUTO_TEST_SUITE(CKM_ERROR_TEST)
+
+
+BOOST_AUTO_TEST_CASE(CKM_ERROR_ErrorToString) {
+    std::string errString;
+
+    errString = std::string(ErrorToString(CKM_API_SUCCESS));
+    BOOST_REQUIRE_MESSAGE(errString.compare("CKM_API_SUCCESS") == 0, "Invalid Error String");
+
+    errString = std::string(ErrorToString(CKM_API_ERROR_SOCKET));
+    BOOST_REQUIRE_MESSAGE(errString.compare("CKM_API_ERROR_SOCKET") == 0, "Invalid Error String");
+
+    errString = std::string(ErrorToString(CKM_API_ERROR_BAD_REQUEST));
+    BOOST_REQUIRE_MESSAGE(errString.compare("CKM_API_ERROR_BAD_REQUEST") == 0, "Invalid Error String");
+
+    errString = std::string(ErrorToString(CKM_API_ERROR_BAD_RESPONSE));
+    BOOST_REQUIRE_MESSAGE(errString.compare("CKM_API_ERROR_BAD_RESPONSE") == 0, "Invalid Error String");
+
+    errString = std::string(ErrorToString(CKM_API_ERROR_SEND_FAILED));
+    BOOST_REQUIRE_MESSAGE(errString.compare("CKM_API_ERROR_SEND_FAILED") == 0, "Invalid Error String");
+
+    errString = std::string(ErrorToString(CKM_API_ERROR_RECV_FAILED));
+    BOOST_REQUIRE_MESSAGE(errString.compare("CKM_API_ERROR_RECV_FAILED") == 0, "Invalid Error String");
+
+    errString = std::string(ErrorToString(CKM_API_ERROR_AUTHENTICATION_FAILED));
+    BOOST_REQUIRE_MESSAGE(errString.compare("CKM_API_ERROR_AUTHENTICATION_FAILED") == 0, "Invalid Error String");
+
+    errString = std::string(ErrorToString(CKM_API_ERROR_INPUT_PARAM));
+    BOOST_REQUIRE_MESSAGE(errString.compare("CKM_API_ERROR_INPUT_PARAM") == 0, "Invalid Error String");
+
+    errString = std::string(ErrorToString(CKM_API_ERROR_BUFFER_TOO_SMALL));
+    BOOST_REQUIRE_MESSAGE(errString.compare("CKM_API_ERROR_BUFFER_TOO_SMALL") == 0, "Invalid Error String");
+
+    errString = std::string(ErrorToString(CKM_API_ERROR_OUT_OF_MEMORY));
+    BOOST_REQUIRE_MESSAGE(errString.compare("CKM_API_ERROR_OUT_OF_MEMORY") == 0, "Invalid Error String");
+
+    errString = std::string(ErrorToString(CKM_API_ERROR_ACCESS_DENIED));
+    BOOST_REQUIRE_MESSAGE(errString.compare("CKM_API_ERROR_ACCESS_DENIED") == 0, "Invalid Error String");
+
+    errString = std::string(ErrorToString(CKM_API_ERROR_SERVER_ERROR));
+    BOOST_REQUIRE_MESSAGE(errString.compare("CKM_API_ERROR_SERVER_ERROR") == 0, "Invalid Error String");
+
+    errString = std::string(ErrorToString(CKM_API_ERROR_DB_LOCKED));
+    BOOST_REQUIRE_MESSAGE(errString.compare("CKM_API_ERROR_DB_LOCKED") == 0, "Invalid Error String");
+
+    errString = std::string(ErrorToString(CKM_API_ERROR_DB_ERROR));
+    BOOST_REQUIRE_MESSAGE(errString.compare("CKM_API_ERROR_DB_ERROR") == 0, "Invalid Error String");
+
+    errString = std::string(ErrorToString(CKM_API_ERROR_DB_ALIAS_EXISTS));
+    BOOST_REQUIRE_MESSAGE(errString.compare("CKM_API_ERROR_DB_ALIAS_EXISTS") == 0, "Invalid Error String");
+
+    errString = std::string(ErrorToString(CKM_API_ERROR_DB_ALIAS_UNKNOWN));
+    BOOST_REQUIRE_MESSAGE(errString.compare("CKM_API_ERROR_DB_ALIAS_UNKNOWN") == 0, "Invalid Error String");
+
+    errString = std::string(ErrorToString(CKM_API_ERROR_VERIFICATION_FAILED));
+    BOOST_REQUIRE_MESSAGE(errString.compare("CKM_API_ERROR_VERIFICATION_FAILED") == 0, "Invalid Error String");
+
+    errString = std::string(ErrorToString(CKM_API_ERROR_INVALID_FORMAT));
+    BOOST_REQUIRE_MESSAGE(errString.compare("CKM_API_ERROR_INVALID_FORMAT") == 0, "Invalid Error String");
+
+    errString = std::string(ErrorToString(CKM_API_ERROR_FILE_ACCESS_DENIED));
+    BOOST_REQUIRE_MESSAGE(errString.compare("CKM_API_ERROR_FILE_ACCESS_DENIED") == 0, "Invalid Error String");
+
+    errString = std::string(ErrorToString(CKM_API_ERROR_NOT_EXPORTABLE));
+    BOOST_REQUIRE_MESSAGE(errString.compare("CKM_API_ERROR_NOT_EXPORTABLE") == 0, "Invalid Error String");
+
+    errString = std::string(ErrorToString(CKM_API_ERROR_FILE_SYSTEM));
+    BOOST_REQUIRE_MESSAGE(errString.compare("CKM_API_ERROR_FILE_SYSTEM") == 0, "Invalid Error String");
+
+    errString = std::string(ErrorToString(CKM_API_ERROR_UNKNOWN));
+    BOOST_REQUIRE_MESSAGE(errString.compare("CKM_API_ERROR_UNKNOWN") == 0, "Invalid Error String");
+
+    errString = std::string(ErrorToString(-99999));
+    BOOST_REQUIRE_MESSAGE(errString.compare("Error not defined") == 0, "Invalid Error String");
+}
+
+
+BOOST_AUTO_TEST_SUITE_END()
diff --git a/tests/test_lcov_key-impl.cpp b/tests/test_lcov_key-impl.cpp
new file mode 100644
index 0000000..c72421d
--- /dev/null
+++ b/tests/test_lcov_key-impl.cpp
@@ -0,0 +1,43 @@
+#include <boost/test/unit_test.hpp>
+#include <test_common.h>
+
+#include <key-impl.h>
+#include <ckm/ckm-type.h>
+
+#include <string>
+
+
+using namespace CKM;
+
+BOOST_AUTO_TEST_SUITE(CKM_KEY_IMPL_TEST)
+
+
+BOOST_AUTO_TEST_CASE(CKM_KEY_IMPL_TESTS) {
+
+    std::string keyPem = "-----BEGIN PUBLIC KEY-----\n"
+        "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2b1bXDa+S8/MGWnMkru4\n"
+        "T4tUddtZNi0NVjQn9RFH1NMa220GsRhRO56F77FlSVFKfSfVZKIiWg6C+DVCkcLf\n"
+        "zXJ/Z0pvwOQYBAqVMFjV6efQGN0JzJ1Unu7pPRiZl7RKGEI+cyzzrcDyrLLrQ2W7\n"
+        "0ZySkNEOv6Frx9JgC5NExuYY4lk2fQQa38JXiZkfyzif2em0px7mXbyf5LjccsKq\n"
+        "v1e+XLtMsL0ZefRcqsP++NzQAI8fKX7WBT+qK0HJDLiHrKOTWYzx6CwJ66LD/vvf\n"
+        "j55xtsKDLVDbsotvf8/m6VLMab+vqKk11TP4tq6yo0mwyTADvgl1zowQEO9I1W6o\n"
+        "zQIDAQAB\n"
+        "-----END PUBLIC KEY-----";
+
+    CKM::RawBuffer buffer(keyPem.begin(), keyPem.end());
+    KeyImpl key(buffer, CKM::Password());
+
+    KeyImpl key2(key);
+    KeyImpl key3 = key2;
+
+    KeyImpl::EvpShPtr keyEvpShPtr = key3.getEvpShPtr();
+    ElipticCurve curve = key.getCurve();
+    int size = key.getSize();
+
+    BOOST_REQUIRE_MESSAGE(keyEvpShPtr != NULL, "Null Key Pointer");
+    BOOST_REQUIRE_MESSAGE(curve == ElipticCurve::prime192v1, "Invalid Curve");
+    BOOST_REQUIRE_MESSAGE(size >= 0, "Invalid Key Size");
+}
+
+
+BOOST_AUTO_TEST_SUITE_END()
diff --git a/tools/ckm_so_loader.cpp b/tools/ckm_so_loader.cpp
index a39adb6..2af4d06 100644
--- a/tools/ckm_so_loader.cpp
+++ b/tools/ckm_so_loader.cpp
@@ -94,12 +94,27 @@ int main(int argc, char* argv[])
     string so_path(argv[3]);
     string symbol(argv[4]);
 
+    /*
+     *  perform sanity check of user input string
+     *  which will be used for dlopen
+     */
+    if (so_path.compare(so_path.size() - 3, 3, ".so")
+        && so_path.compare(so_path.size() - 5, 3, ".so")
+        && so_path.compare(so_path.size() - 9, 3, ".so")) {
+        cerr << "[" << so_path << "] doesn't has .so postfix." << endl;
+        return -1;
+    }
+    if (access(so_path.c_str(), R_OK)) {
+        cerr << "cannot read [" << so_path << "]" << endl;
+        return -1;
+    }
+
     cout << "dlopen[us];dlsym[us]" << endl;
     for (int cnt = 0 ; cnt < repeats; cnt++)
     {
         /*
-         * It has to be a different process each time. Glibc somehow caches the library information
-         * and consecutive calls are faster
+         *  It has to be a different process each time. Glibc somehow caches the library information
+         *  and consecutive calls are faster
          */
         pid_t pid = fork();
         if (pid < 0) {
-- 
2.7.4