Why must a certificate be stored on a cryptographic hardware device to be AATL Enabled?
Certificates are stored on cryptographic hardware devices for additional security and as an option to use them from multiple computers.
For AATL Enabled certificates TrustID Medium Assurance | Business Identity | Hardware Storage | Trusted By Adobe® and TrustID Medium Assurance | Individual Identity | Hardware Storage | Trusted By Adobe®, Adobe®'s technical requirements specify that the issuing Certification Authority must generate them is cryptographic devices with at least FIPS 140-2 Level 2 security. This security feature disable exportation and duplication of the private keys. For this purpose, IdenTrust supports only HID smart cards and HID USB Tokens compliant with the AATL requirement.