eToken removal detection



Hello,

Currently I develop an application with schannel secure connection
which uses an eToken to authenticate the user. I approached the task
by the following way. I've enumerated the certificates in the users my
store, then the user can choose a certificate which is used for the
authentication. (The eTokens provider copies the certificate from the
token to the My store if it doesn't exists already) Then the user is
prompted for pin and the authentication works fine.
My next goal is, when the user removes the token from the computer the
secure connection should be closed. And here is my problem, how can I
associate the certificate exactly to the hardware? I've already
learned that, I can get the handle to the right CSP from the chosen
certificate with the CertGetContextProperty function called with the
CERT_KEY_PROV_HANDLE_PROP_ID flag. In the documentation of the
CryptGetProvParam function I've found a flag PP_SMARTCARD_GUID, which
should return the GUID of the smartcard, which I think I can use with
the RegisterDeviceNotification, but this flag is only valid in Vista
and Server 2008, but my application should be compatible with XP, and
Windows 2000.
So my questions:
1, how can I associate a certificate with an exact etoken hardware
under XP and Windows 2000?
2, how can I detect the hardware removal?

Thanks for your help!


.



Relevant Pages

  • Re: Need help configuring Wireless Connection profile
    ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless ... Vaillancourt,4155,1,4154,Use Windows authentication for all ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • Re: Need help configuring Wireless Connection profile
    ... Just go there and do a search for 'WPA2'. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • Re: PEAP-TLS vs EAP-TLS
    ... It covers the deployment of PEAP with digital certificates (what you are ... PEAP-TLS as MS docs pretty much all were about PEAP-MSCAHPV2 or generally ... Of course user certificate authentication used in PEAP-TLS ...
    (microsoft.public.windows.server.security)
  • Re: PEAP-TLS vs EAP-TLS
    ... and PEAP is that PEAP is a two-step process where 1) the RADIUS server is ... authenticated to the client via the RADIUS server's certificate, ... encrypted TLS channel is set up for 2) client authentication (either using ... But I wonder how much more secure PEAP-TLS is than EAP-TLS, ...
    (microsoft.public.windows.server.security)
  • Re: Need help configuring Wireless Connection profile
    ... Just go there and do a search for 'WPA2'. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)