Smart Card Base Cryptographic Service Provider (Base CSP)

Downloading Base CSP for Windows

Today, the Smart Card Base Cryptographic Service Provider (Base CSP) is available as a free download from the Windows Update site (https://www.microsoft.com/downloads/details.aspx?FamilyID=e8095fd5-c7e5-4bee-9577-2ea6b45b41c6&DisplayLang=en). If you are using Windows Update tool, then check out the hirearchy "Windows Update, Custom, optional software, Base CSP". 

About Base CSP architecture

Smart Card support exists in W2K, W2K3 and XP. With this users are able to logon, digitally sign and encrypt email. Also, scenarios such as Terminal Server Logon, RunAs, NetUse using Smart Cards are supported. The smart card supports only a single certificate on the card and only one container which is marked default. Card life cycle management like, pin change and ability to unblock a card via self service is achievable only after a user logged on. This means that the user had to have standard user name password based logon available to perform these tasks.

Vendors and Partners are very important for the success of Smart Card based scenarios. Vendors provide Smart Cards and Card Readers and in many cases the card and reader vendors are different. Reader drivers are written to the PC/SC standard. For each Smart Card there must exist a Cryptographic Service Provider (CSP) which will use the CAPI interfaces on the top and the WinSCard APIs at the bottom. Added to this, there exists a GINA module which provides the relevant LogonUI to capture the credentials and marshal it appropriately to the LSALogonUser for authentication.

Writing a Smart Card CSP has not been trivial. This has been addressed by splitting the CSP architecture to a Base CSP and Card Module architecture. The Base CSP is provided by Microsoft as a part of the platform (with this Base CSP release). Card Module is a interface supported by Microsoft for card vendors to write their implementations for the same to their card. This is analogous to writing a printer driver for a printer.

It is this new Card Module architecture that will also be available as a part of Windows Vista. With this release, one of the goals that we want to accomplish is that the same card module works on older platforms and also Vista.

Stay tuned on more information on writing a Card Module.

Interfaces_btn_cardmodule_and_basecsp.jpg