Smart Card Base Cryptographic Service Provider (Base CSP)
![David Cross [MS]'s profile photo](https://lh3.googleusercontent.com/a/default-user=s40-c)
David Cross [MS]
Downloading Base CSP for Windows
Today, the Smart Card Base Cryptographic Service Provider (Base CSP) is
available as a free download from the Windows Update site
(http://www.microsoft.com/downloads/details.aspx?FamilyID=e8095fd5-c7e5-4bee-9577-2ea6b45b41c6&DisplayLang=en).
If you are using Windows Update tool, then check out the hirearchy "Windows
Update, Custom, optional software, Base CSP".
About Base CSP architecture
Smart Card support exists in W2K, W2K3 and XP. With this users are able to
logon, digitally sign and encrypt email. Also, scenarios such as Terminal
Server Logon, RunAs, NetUse using Smart Cards are supported. The smart card
supports only a single certificate on the card and only one container which
is marked default. Card life cycle management like, pin change and ability
to unblock a card via self service is achievable only after a user logged
on. This means that the user had to have standard user name password based
logon available to perform these tasks.
Vendors and Partners are very important for the success of Smart Card based
scenarios. Vendors provide Smart Cards and Card Readers and in many cases
the card and reader vendors are different. Reader drivers are written to
the PC/SC standard. For each Smart Card there must exist a Cryptographic
Service Provider (CSP) which will use the CAPI interfaces on the top and the
WinSCard APIs at the bottom. Added to this, there exists a GINA module
which provides the relevant LogonUI to capture the credentials and marshal
it appropriately to the LSALogonUser for authentication.
Writing a Smart Card CSP has not been trivial. This has been addressed by
splitting the CSP architecture to a Base CSP and Card Module architecture.
The Base CSP is provided by Microsoft as a part of the platform (with this
Base CSP release). Card Module is a interface supported by Microsoft for
card vendors to write their implementations for the same to their card.
This is analogous to writing a printer driver for a printer.
It is this new Card Module architecture that will also be available as a
part of Windows Vista. With this release, one of the goals that we want to
accomplish is that the same card module works on older platforms and also
Vista.
Stay tuned on more information on writing a Card Module. From:
http://blogs.msdn.com/shivaram/archive/2005/11/30/498134.aspx
--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Mike Sumner
will this new Base CSP provide an API for card management functions
such as PIN reset and card erase, or is it purely for crypto functions?
Do you know when vendors (e.g. Gemplus) plan to release the card
specific modules that will enable us to use the new Base CSP?
Are any vendor specific modules bundled with the Base CSP?
Thanks,
Mike Sumner