www.dbasko.com : Main page, DES (56 bits) 8051 core, development of PnP serial device and WDM driver, PC/SC driver for WINDOWS and other projects.
PC / SC compatible device driver for WINDOWS

Part 1.
 Common ideology of PC/SC in MS WINDOWS. PC/SC - what is it?

If you are interested to know what PC/SC exactly is, please visit PC/SC Workgroup . It contains a lot of information on this subject, additionally you can check MSDN , it also has several articles regarding PC/SC . And one more hint: DDK contains several smartcard related samples - check them thoroughly if you really want to start the development of your own PS/SC device driver from scratch. It will not be an easy task, such a driver has its own internal structure (the driver is linked with smclib) what is not always obvious. In case if you do not have a solid experience on this subject, you should get the information from somewhere else. DDK is the best place to start. I do not think, that it makes sense to publish here the part of the PC/SC specification, below you can find simple explanation what it is at least as I understand it.
I did not plan to create fully functional PC/SC device driver, working with SC reader and real SC(smartcard). As you know the existence of such a driver (IFD handler) with certain degree of approximation will allow your device (SC reader for instance (IFD, interface device)) be seen and accessable in OS through the standard Microsoft smartcard components.You may ask: "What can it be good for?" First of all it is needed if you want to use secure token (it does not matter, what token(dongle) do you plan to use, USB, parallel port or even serial port based one) by way of SC + SC reader. And believe me, this task is not less compex than creation of device driver for real SC reader. Ok, now everything is clear.
This picture demonstrates common ideology of PC/SC in MS WINDOWS (MSDN).

About used terminalogy:
  1. ICC - integrated circuit cards;
  2. IFD handler - handler of interface device (simpy speaking - driver);
  3. IFD - interface device (SC reader + any auxilary equipment);
  4. Resource Manager - service, responsible for managing and controlling all application access to any smart card inserted into any reader attached to a Windows-based computer. The Resource Manager provides a given application with a virtual direct connection to the requested smart card. (MSDN);
  5. Service Providers - cryptographic (CSP) and noncryptographic(SCSP) service providers (one or more, for all SC installed in OS).Usually this is a SC specific software part, necesary for management of this type of SI It may be needed if you try to use your own device. In this case you could want to add some additional functionality, like random number generation, and so on.

So, as you can see this architecture allows to hide real nature of your device and other device specific things, like used communication interface, SC specific functionality (because it can be expanded or modified inside of the correspondent SP). And main andvantage for Application is its ability to work with different devices without knowledge about their implemenation's details, vendor specific API and other unpleasent things, occuring when the clearly defined interface between application and device is absent. Simple example: you developed a commercial product with PC/SC support included. Part of the data (sensitive information, keys, certificates) can be stored in PC/SC aware device, thus your product does not limit of the range of the used devices - ANY if it has necessary functionality and supports mentioned standard. The best example is SSH/PGP and many other products. It can work witn many external secure devices, created by different vendors.

So, one more time - if your PC/SC IFD handler satisfies certain conditions then any of our IFD can be considered by OS as a SC reader with SC. It's excellent, is't it? Why? Because in this case we are able to develop lots of different interesting projects, like SmartCard Logon (GINA support), replacement of SC + SC reader for different applications (in cases when our device's functionality may satisfy application requirements. And it goes without saying, this is the way to replace SC + SC reader with low-cost secure tokens (But sometimes the price of it can be compared with a pair of SC + SC reader). Though I have to admit, this is the very moment when arguments about comparison between real SCs and external secure tokens(dongles) are coming from (What is better and why, what range of tasks etc). But we will try to save our time and just continue ...
Now it is time to give some details about current state of the market of secure tokens (IMHO). There are many firms, dealing with producing secure tokens, but I'd like to tell about two biggest secure token's manufacturers: Aladdin and Rainbow.(I personally worked with the mentioned and other products (tokens and token specific software) and like all of them.)

 

Aladdin eToken R2. Token contains simple MCU (CY63141) and supports next certifications and standarts: PKCS#11 v2.01, CAPI (Microsoft Crypto API), APDU level commands PC/SC, X.509 v3 certificate storage, SSL v3, IPSec/IKE. eToken R2 can be used with different applications: Windows 2000 Smartcard network logon, CheckPoint SecuRemote VPN client,RAS Dialup / RADIUS, Solution partner's NT logon, PC security and file encryption support, e-commerce, e-banking, e-mail communications, and so on. There are lots of commercial applications, using PC/S interface.

Rainbow iKey1000. This token does not use smartcard chip as well, although is able to execute tasks, which previously were done with usage of smartcards. Remarkably, all PKI functions are performed within a "Security Module", embedded within the iKey 1000 Series Windows Client Software. Details can be found here. I should admit, this key is my favorite. It has smartcard compatible file system and all necessary software in order to be successful on the market of relatively cheap secure tokens (There are more powerful, more secure tokens but they cost more). The token can be accessed through : Microsoft Crypto API (MS CAPI), other PKI systems via a Crypto API based on PKCS#11, PC/SC interface.

And it makes no sense to speak about such powerful tokens like Aladdin eToken Pro, Rainbow iKey2000, iKey3000 - this is an absolutelly different category. All of them contain real smartcard chips, therefore they can be used in all ICC aware applications, and be an excellent replacement of smartcards and readers.
Conclusion: PC/SC driver is a very important part of software package for smartcards and smartcard compatible secure tokens. And I hope this project can be useful for all people who are interesting in it. I consciously do not publish this project under GPL in order to escape any limitations regarding usage of the project and its parts in any way. Herewith I release this project into public domain.
© 2003 Dmitry Basko