Re[2]: What's the mean of PIN cache in smart card csp

From: Skybird Le <skybird.le@xxxxxxxxx>
Date: Wed, 12 Dec 2007 16:37:01 +0800

Can any one give me some help?

On Tue, 11 Dec 2007 18:04:49 +0800
Skybird Le <skybird.le@xxxxxxxxx> wrote:

I know how to get logon id by using Windows function OpenProcessToken, OpenThreadToken
and GetTokenInformation(TokenStatistics), but should SR_Service.exe and
SR_CAPI.exe share the pin cache ?

On Tue, 11 Dec 2007 17:47:31 +0800
Skybird Le <skybird.le@xxxxxxxxx> wrote:

Hi, every one
In "The Smart Card Cryptographic Service Provider Cookbook"
whose URL is http://msdn2.microsoft.com/en-us/library/ms953432.aspx,
there is a "PIN caching" Design Considerations. I read it one time and
again and again, but still can not get its mean. How can I add the PIN
to the cache with the logon ID for the security context of the current
thread?
I notice it is very important, because the "Microsoft Base Smart Card Crypto Provider"
can behave correctly with "checkpoint SecureClient NGX R60 HFA2" in
vista, but my csp can not work perfectly. Checkpoint SecureClient's
SR_Service.exe is a service, it call csp at first and then create a
child process SR_CAPI.exe with normal user's identity. The SR_CAPI.exe
calls csp to generate rsa key pair and sigh hash, during this progress
the csp will require smart card PIN with prompting PIN dialog, so
SR_CAPI.exe process's csp state is smart card pin provided and the pin
is cached in process. Now the SR_Service.exe will call csp to sign hash
using the generated rsa key bu SR_CAPI.exe, the "Microsoft Base Smart Card Crypto Provider" does not
prompt PIN dialog as this process's csp state is pin provided and cached,
but my csp will prompt to require smart card PIN.
According to smart card csp cookbook, the pin cache is
per-process, so the pin cache should not shared by two process, but why
"Microsoft Base Smart Card Crypto Provider" can share the pin cache in
two different process?

I expect your help!

Skybird Le

Follow-Ups:
- Re: Re[2]: What's the mean of PIN cache in smart card csp
  - From: Jan Spooren

References:
- What's the mean of PIN cache in smart card csp
  - From: Skybird Le
- Re: What's the mean of PIN cache in smart card csp
  - From: Skybird Le

Prev by Date: Re: What's the mean of PIN cache in smart card csp
Next by Date: GetFullResponseProperty and certificate serial number
Previous by thread: Re: What's the mean of PIN cache in smart card csp
Next by thread: Re: Re[2]: What's the mean of PIN cache in smart card csp
Index(es):
- Date
- Thread

Relevant Pages

Re: Whats the mean of PIN cache in smart card csp
... SR_CAPI.exe share the pin cache? ... I notice it is very important, because the "Microsoft Base Smart Card Crypto Provider" ... but my csp can not work perfectly. ...
(microsoft.public.platformsdk.security)
Re: [SmartCard CSP] How can I obtain a PIN to sign HASH ?
... CRYPT_IMPL_HARDWARE implies that all crypto functions are implemented with ... CRYPT_IMPL_MIXED implies that some functions are implemented in hardware ... > "CRYPT_IMPL_MIXED" means not call other CSP. ... > the user's PIN by myself. ...
(microsoft.public.platformsdk.security)
Re: Re[2]: Whats the mean of PIN cache in smart card csp
... The PIN cache described by the Smart Card Cryptographic Service Provider ... smart card CSP. ...
(microsoft.public.platformsdk.security)
Re: Service caching Smart Card credentials
... You must check your CSP documentation. ... >Does the PIN prompt happen from the service? ... >PIN caching behavior is not absolutely standard. ... I open the private key for a cert. ...
(microsoft.public.platformsdk.security)
Re: Caching PIN
... I know how a CSP name associated with a card be identified.But after getting ... The usual approach taken by smart card CSP's implementors is to cache the ... PIN in the context of the CSP dll, thus you don't need to care about the ... I had a list of available readers on the system and the PIN is ...
(microsoft.public.platformsdk.security)