Smart Card Resource Manager Service

  • Article

The Smart Card Resource Manager (SCRM) provides the basic infrastructure that all other smart card components.  It manages smart card readers on the system and application interactions.  It is fully PC/SC 1.0 compliant.

 

The smart card resource manager is implemented as a shared service living in an svchost process.  It runs in the context of Local Service.

 

The smart card resource manager service has the following service description:

  <serviceData name="SCardSvr"

displayName="@%SystemRoot%\System32\SCardSvr.dll,-1"

errorControl="normal" group="SmartCardGroup"

imagePath="%SystemRoot%\system32\svchost.exe /k

LocalService" start="demand" tag=""

type="win32ShareProcess" security=""

description="@%SystemRoot%\System32\SCardSvr.dll,-5

requiredPrivileges="SeCreateGlobalPrivilege,SeChangeNotifyPrivilege,SeImpersonatePrivilege"

dependOnGroup="" dependOnService="PlugPlay"

objectName="NT AUTHORITY\LocalService">

          <failureActions resetPeriod="900">

              <actions>

                 <action type="restartService" delay="120000"/>

                 <action type="restartService" delay="300000"/>

                 <action type="none" delay="0"/>

              </actions>

          </failureActions>

          <registryKeys>

             <registryKey keyName="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr\Parameters">

                <registryValue name="ServiceDll" valueType="REG_EXPAND_SZ" value="%SystemRoot%\System32\SCardSvr.dll" buildFilter=""></registryValue>

                <registryValue name="ServiceMain" valueType="REG_SZ" value="CalaisMain" buildFilter=""></registryValue>

                <registryValue name="ServiceDllUnloadOnStop" valueType="REG_DWORD" value="1" buildFilter=""></registryValue>

             </registryKey>

          <securityDescriptor name="ServiceXKeySecurity"/>

          </registryKeys>

          <securityDescriptor name="ServiceXSecurity" buildFilter=""/>

    </serviceData>

By default, the service is set into manual mode.  It is the responsibility of any smart card driver author to set the service state of Automatic and call a predefined entry point in winscard.dll that will start the service.  This ensures that the service is enabled when needed but is also disabled for the vast majority of users that don’t use smart cards.

When the service is started it performs several book keeping functions.  The first function it performs is registers itself for service notifications.  In addition, it registers itself for PnP notifications for device removal and additions.  It also initializes its data cache and a global event that signals that the service is started.

 

All communications with smart card readers on Windows should take place through the SCRM.  It provides a rich interface to track, select, and communicate with all drivers that declare themselves as a member of the smart card reader device group. The SCRM views each smart card reader slot as a unique reader and each slot is managed separately regardless of the actual physical characteristics of the device.  The SCRM handles the following high level actions:

  • Device introduction
  • Reader initialization
  • Notify clients of new readers
  • Serializing access to readers
  • Card Access
  • Tunneling of reader specific commands