This article discusses:
Windows Smart Card Programming Basics
How to implement a sample smart card application
Write a managed package that implements smart card functionality
Smart card Transaction Management
This article is written based on a pre-release version of Windows Vista. The information contained therein may be changed.
This article uses the following techniques:
Windows Vista, C + +, C #
Directory
Windows Smart Card Programming
The development of smart cards
How the sample application is implemented
Winscard API Packaging Program
Getsmartcard Helper Routines
Card Module API Packaging program
Handling Cardacquirecontext
Transaction management
The basic principle of Card module interface design
Using CLR encryption
Dependencies and Testing
The concept of a smart card (simply, a credit card embedded in a microchip) has been proposed for nearly 30 years. But now the focus of security work is to get companies and governments and other institutions to re-examine some of the ideas that have already existed.
Smart cards are an attractive alternative to vulnerable connections (that is, passwords) for authentication systems. The industry is in great need of technology that can replace passwords. With embedded cryptographic processors, smart cards provide a very secure and easy-to-use authentication mechanism.
However, the deployment of smart cards also poses a unique challenge. The entire industry needs better products to deploy and manage complex authentication technologies. In his keynote address at the RSA 2006 Conference, Bill Gates demonstrated Microsoft certificate Lifecycle Manager, which took full advantage of the APIs discussed in this article.
The industry also has to deal with the requirements of customer privacy protection. Consumers need a way to protect privileged information, for example, the U.S. online banking industry will soon require strict authentication. In this process, consumers will use technology such as Windows®cardspace to disclose which personal information is disclosed in various online transactions. For example, during an online banking transaction, I might have been able to prove confidentially that my Social Security number (SSN) was tied to my identity, but I could not share my credit card number with it. Instead, I will authorize the disclosure of my credit card number (not the SSN) to the ecommerce website.
Microsoft has recognized the important role that smart cards play in the security strategy of its platform. Developers need to understand how smart card-aware applications work and what methods the Windows operating system uses to make life easier.