Crypto (hardware) tokens may have restrictions wrt the keys that can be created on them due to security or implementation issues. For JCA/JCE providers implemented on top of such tokens, it may be impossible to determine these limitations in advance and the actual key creation operation will fail (e.g. token storage exhausted).

In order to allow such hardware based providers to be used by Java applications in a transparent and reliable way, the JCA/JCE framework needs to implement a failover to the next available provider if such an error occurs.