- Does Windows even allow a custom, unsigned user application to be registered to handle a smart card? Surely this would compromise the logon system's security...
- If it doesn't, what are the options? Microsoft's proprietary smart card applet and logon infrastructure?
Answers:
Google right away gave hits from Windows Hardware Developer Central where I found the answers to the above questions. Smart Card and Biometric Devices – Architecture and Driver Support:To work with the smart card support in Microsoft Windows operating systems, smart card readers and cards should be compatible with Interoperability Specification for ICCs and Personal Computer Systems. Smart card readers and device drivers should also be Plug and Play compliant.
Microsoft Smart Card Minidriver specification v6.2:
Smart card vendors can write card minidrivers to present a consistent interface to their smart card type to the Microsoft Smart Card Base Cryptographic Service Provider (CSP) or Crypto Next Generation (CNG) Key Storage Provider (KSP) and to the Smart Card Management Interface. These card minidrivers plug in to Windows operating system code. The functionality in a card minidriver is narrowly scoped and carefully defined so that the card-dependent code is simple to implement and easy to verify functionally.
More information was forthcoming about Smart Card Drivers from Windows Embedded Developer Library and Smart Cards from MSDN. (Edit: I also found a general overview of MS smart card integration and various subsystems.) This private blog about Smart Card infrastructure in Windows provides useful tips and addenda which might not be easily accessable otherwise. However, I think I'll start with these cookbooks from Microsoft TechNet on integrating smart cards as authentication devices.
Edit: info about the MS authentication function library.
