So the incoming authentication is handled by the cpu owner factotum? That means the authentication information is held by the cpu owner factotum and the user factotum just handles the users keys? And the user factotum is run after authentication.