eToken removal detection


Currently I develop an application with schannel secure connection
which uses an eToken to authenticate the user. I approached the task
by the following way. I've enumerated the certificates in the users my
store, then the user can choose a certificate which is used for the
authentication. (The eTokens provider copies the certificate from the
token to the My store if it doesn't exists already) Then the user is
prompted for pin and the authentication works fine.
My next goal is, when the user removes the token from the computer the
secure connection should be closed. And here is my problem, how can I
associate the certificate exactly to the hardware? I've already
learned that, I can get the handle to the right CSP from the chosen
certificate with the CertGetContextProperty function called with the
CERT_KEY_PROV_HANDLE_PROP_ID flag. In the documentation of the
CryptGetProvParam function I've found a flag PP_SMARTCARD_GUID, which
should return the GUID of the smartcard, which I think I can use with
the RegisterDeviceNotification, but this flag is only valid in Vista
and Server 2008, but my application should be compatible with XP, and
Windows 2000.
So my questions:
1, how can I associate a certificate with an exact etoken hardware
under XP and Windows 2000?
2, how can I detect the hardware removal?

Thanks for your help!