Smart Card Base Cryptographic Service Provider (Base CSP)
Downloading Base CSP for Windows
Today, the Smart Card Base Cryptographic Service Provider (Base CSP) is available as a free download from the Windows Update site (https://www.microsoft.com/downloads/details.aspx?FamilyID=e8095fd5-c7e5-4bee-9577-2ea6b45b41c6&DisplayLang=en). If you are using Windows Update tool, then check out the hirearchy "Windows Update, Custom, optional software, Base CSP".
About Base CSP architecture
Smart Card support exists in W2K, W2K3 and XP. With this users are able to logon, digitally sign and encrypt email. Also, scenarios such as Terminal Server Logon, RunAs, NetUse using Smart Cards are supported. The smart card supports only a single certificate on the card and only one container which is marked default. Card life cycle management like, pin change and ability to unblock a card via self service is achievable only after a user logged on. This means that the user had to have standard user name password based logon available to perform these tasks.
Vendors and Partners are very important for the success of Smart Card based scenarios. Vendors provide Smart Cards and Card Readers and in many cases the card and reader vendors are different. Reader drivers are written to the PC/SC standard. For each Smart Card there must exist a Cryptographic Service Provider (CSP) which will use the CAPI interfaces on the top and the WinSCard APIs at the bottom. Added to this, there exists a GINA module which provides the relevant LogonUI to capture the credentials and marshal it appropriately to the LSALogonUser for authentication.
Writing a Smart Card CSP has not been trivial. This has been addressed by splitting the CSP architecture to a Base CSP and Card Module architecture. The Base CSP is provided by Microsoft as a part of the platform (with this Base CSP release). Card Module is a interface supported by Microsoft for card vendors to write their implementations for the same to their card. This is analogous to writing a printer driver for a printer.
It is this new Card Module architecture that will also be available as a part of Windows Vista. With this release, one of the goals that we want to accomplish is that the same card module works on older platforms and also Vista.
Stay tuned on more information on writing a Card Module.
Interfaces_btn_cardmodule_and_basecsp.jpg
Comments
Anonymous
December 16, 2005
It's great to hear that CSP writing has become simpler. But how can we do that? Where is the documentation for the Card Module interface?Anonymous
January 12, 2006
This will be available soon on http://msdn.microsoft.com/ Please stay tuned. Also, when Vista Beta2 SDK ships, you will be able to use the same.Anonymous
March 09, 2006
Any further updates on the schedule for the Card Module code? I need to start work on a redirected card implementation and don't want to reinivent the wheel.Anonymous
March 10, 2006
Further - any clues on how to implement remote smart card support? Is there a concept of a virtual smart card for redirection or do we need to implement our own CSP?
CarlAnonymous
March 12, 2006
I write a simple Card Module.
When i insert a smartcard to my reader, my card moudule receive two command. They are ReadFile cardid and ReadFile cardcf. But i cann't find any document about these files: cardid and cardcf. Can you give me some document?Anonymous
March 28, 2006
I write a card module.
All the microsoft tools work with if (testcard, pintool and cmodtestsuite). Nevertheless when I use CryptAcquireContext and I use Smart Card Base Cryptographic Service Provider, I don't work : In the "Insert Smart Card" dialogue I
can only see the message "The card is available for use. However, the card is not the one being requested, and cannot be used for the current operation."
My card module receive a first CardAcquireContext and after 3 CardReadFile (cardid, cardcf , cmapfile)
But after I receive a other CardAcquireContext and the Insert Smart Card displays the strange message.
Can you help me ?
Yann.Anonymous
March 30, 2006
Where is cardmod.h and other files? I have the 2003 Server SDK, but it's not there...
Any chance someone could mail me the files/libraries?Anonymous
March 30, 2006
You can find cardmod.h in vista sdk.Anonymous
March 30, 2006
Are we talking Vista Beta 1? If so, I had it installed and it wasn't present on my system. Are you referring to a newer version of the Vista SDK?
It's also not in the PSDK 2003 R2.Anonymous
June 21, 2006
cockliujun@hotmail.com asked already on Monday, March 13, 2006 12:01 about documentation of the Files cardid and cardcf.
Hey Microsoft, where have you described these Files?
The API is described in the SDK, but this is not enough. You also have to give us the rest of the documentation. Or a sample where we can see how to do it.
It would be really nice to be able to use this new CSP! ThanksAnonymous
July 05, 2006
Hi!
I've developed a card module and pintool or CA call CardReadFile('cardid') & CardReadFile('cardcf') after CardAcquireContext(). What should I generate the file blob for them to step next?
Thank for your help in advance.Anonymous
August 02, 2006
Hi everybody,
I have started implementing a smart card module. I'd like to try it, but I am having some problems. I have implemented the 'dllregister' function, which calls the 'ScardIntroduceCardType' and the
'SCSetCardTypeProviderName' functions, as explained in the msdn documentation. Do I have to do anything to register my smart card module so so that it is invoked whenever I
try to request a certificate?
Any help would be appreciated.Anonymous
October 24, 2006
Does anybody know what should I do in response to CardReadFile("cardid"), CardReadFile("cardcf") and CardReadFile("cmapfile") ? Thanks in advance.Anonymous
December 04, 2006
I am seeing this error as well while developing a smart card cardmodule minidriver, and using the sample application from the MSDN article by Dan Griffin. I have a smart card initialized with the files described in the minidriver spec 5.05 (cardid, cardcf, cardapps, and mscpcmapfile). I see reads of cardid, cardcf, and mscpcmapfile, but then the error indicated in the title. Any clues from anyone on what the smart card base crypto csp is looking for would be appreciated. Brian C. BarnesAnonymous
March 14, 2007
I'm developing a 'card mini driver' for use with Base CSP. The card is recognized and ReadFile() is called on cardid, cardcf and mscp/cmapfile. The cmapfile should be ok, because the IE accepted the card for SSL client authentication. But there was no access to mscp/kxc0 and no usage of the private key. I've two questions: 1) How to import the certificates into the store and assign the container. I did it as follows: CertCreateCertificateContext(), CertSetCertificateContextProperty() and CertAddCertificateContextToStore(). In IE the certificate is visible but there is no further access to the driver. In Outlook the certificate is not visible. 2) In debug mode I realized that CardDeleteContext() ist called after DllMain(PROCESS_DETACH). Is that Ok? Thanks in advace. NormannAnonymous
July 20, 2007
Hi, Does the CSP export functions that allow you to write arbitrary binary data to the card? I mean is there a corresponding export in the CSP related to CardReadFile or CardWriteFile in the card module? thanks! Royston.Anonymous
July 20, 2007
Hi, I trying to call LsaLogonUser using KERB_SMART_CARD_LOGON. What should I pass for the CspData fields in the structure? Is there any documentation for this by Microsoft? thanks! Royston.Anonymous
July 20, 2007
Is there a way to obtain the "Challenge" key for PIN unblock for the BASE CSP without the full blown Certificate Lifecycle Manager? I would like to be able to unblock user's cards for a test environment. Thanks,Anonymous
August 11, 2008
Hi i have developed a smart card operating system as per iso and pkcs but now i need to test it with real environment i mean along with some CSP. could anybody tell me "how can i integrate my card with CSP?" Regards, RishabhAnonymous
June 15, 2009
As a certification authority we are currently detecting the (monolithic) CSP name and limiting the key generation to a certain subset of CSPs (e.g. CSPs related to FIPS certified smart cards). With the new Base CSP the name is not related to the smart card anymore. How could we detect the smart card type (ATR would be sufficient) using the new Base CSP architecture?Anonymous
June 17, 2009
PingBack from http://patioumbrellasource.info/story.php?id=224Anonymous
August 30, 2009
Hi, For those trying to use LsaLogonUser with KERB_SMART_CARD_LOGON or KERB_CERTIFICATE_LOGON, I have written two working samples that show how this can be achieved. You can get the source from the following links : http://www.idrix.fr/Root/Samples/LsaSmartCardLogon2.cpp http://www.idrix.fr/Root/Samples/LsaSmartCardLogon.cppAnonymous
October 25, 2012
Dear Sir, It has been some time since our last contact. Our company, (ACC) Asia Credit Card Production Co. Ltd. is a well-established Smart Card manufacturer, with production facility in Shenzhen, China. From our rich experience in making many kinds of RFID cards, we can support you with a vast range of RFID inlays. By utilizing our inlays, you can widen you product range immediately. Time and costs for product design, sampling can be much reduced. Products we offer:
- Material : PVC, PETG
- Antenna : Automatic wiring (HF), Air Core Coil (LF/HF), Etched Circuit (HF/UHF)
- Combi : LF+HF, HF+HF, HF+UHF
- HF Chips : NXP: Mifare 1k/4k, Desfire EV1 2k/4k/8k, Mifare Plus, Icode, Ultralight. : Infineon: SLE66R35, My-D. : Fudan: FM11RF08
- LF Chips : Atmel: AT5577, Q-5 : EM: EM4200 : NXP: Hitag
- UHF : Alien Higg3, Impinj Monza
- Readers : HF and UHF handheld, desktop and long range readers Should you have any requirements for the mentioned products and services please feel free to send us your enquiries or sample requests. Looking forward to hearing from you. Thank you Luis Liu Asia Credit Card Production Ltd. Tel: +86-755-2978 0288 Ext. 8388 Fax: +86-755-2953 0336 Cell: +86-138243 58479 luis@asia-cc.com.hk www.asiacreditcard.com.hk