Communicates with server authentication packages to authenticate users. To prevent this from occurring, the registry can be modified to delay the Smart Card Removal Policy Service. For container specification levels III and IV, a broader method is used to match an appropriate smart card with a user context, because multiple cached smart cards might meet the criteria provided. To protect against this vulnerability, features have been included in the YubiKey Minidriver to alert users and administrators to potentially vulnerable devices and allow for the option to prevent weak RSA keys from being generated on those YubiKey 4s. If you are planning to implement additional functions of the YubiKey NEO that is, U2F protocol or one or both of the configuration slots and your Group Policy specifies that Windows locks the user’s workstation or logs the user out, this temporarily disconnects the smart card from the operating system and locks the workstation or logs out the user account. If the user cancels the operation, the operation fails.

Uploader: Kigazilkree
Date Added: 19 February 2008
File Size: 50.43 Mb
Operating Systems: Windows NT/2000/XP/2003/2003/7/8/10 MacOS 10/X
Downloads: 67045
Price: Free* [*Free Regsitration Required]

Since the YubiKey Minidriver prioritizes assigning slots for keys by smart card usage, it will place the first two authentication keys in slots 9a and 9d during enrollment. Communicates with server authentication packages to authenticate users.

Smart Card Minidrivers – Windows drivers | Microsoft Docs

The following graphic shows the architecture for credential providers in the Windows operating system. If auto-enrollment has been set up in your environment, your users should be prompted to register a smart card the next time they log into their accounts. The TLS-related private key operation occurs on the smart card, and the user is authenticated and signed in.


This section provides instructions on setting up a CA to support an Enrollment Agent to allow for the Enroll on Behalf functionality. For more information about compatibility, see the following table. For more information, see the Smart Card Minidriver specification.

For Certificate recipient catd the micrlsoft Windows operating system in your domain environment.

Test the presence of a minidriver or a CSP

In a typical test run, if no configuration file is found, the test will ask you for confirmation to continue by using default values. To prevent this from occurring, the registry can be modified to delay the Smart Card Removal Policy Service.

Microsoft has built an impressive collection of integrated cloud service capabilities that span infrastructure, platforms and applications. Gemalto was formed in June by the combination of Axalto and Gemplus.

To run the test, you must have your smart card minidriver installed on the computer and registered in the registry. Enterprises and IT professionals can develop and deploy custom authentication mechanisms for all domain users, and they may explicitly minidricer users to use this custom sign-in mechanism. For example, a user certificate is to be read from the smart card.

On the File to Export page, type the path and filename of the. For example, to extract the contents to the C: Credential providers password and smart card Describes credential information and serializing credentials.

Container operations The following three container smagt can be requested by using CryptAcquireContext: Product feedback Sign in to give documentation feedback. Open an existing GUID-named container no reader specified.


If a smart card is registered by a CSP and a smart card minidriver, the one that was installed most recently will be used to communicate with the smart card. There are no open issues. Our new feedback system is built on GitHub Issues.

Smart Card Minidriver Versions – Windows drivers | Microsoft Docs

Handling communication and logic with external authentication authorities. This is an additional protection against use of a private key without explicit user intent. If the user context is silent, this operation fails and no UI is displayed. The YubiKey Minidriver sets the touch policy are set when a key is first imported or generated.

Smart Card Architecture

The Welcome to the Certificate Wizard dialog box appears. Locate and select the enroll-on-behalf-of template you just created, and then click OK. To alter the policy behavior, the registry must xard configured prior to setting up keys, either on the station enrolling the keys or pushed out to all machines using Group Policy Objects.

Similarly, in response to a NCryptOpenKey call in CNG, the smart card KSP tries to match the container the same way, and it takes the same container format, as shown in the following table.

Repeat this and the following steps for each one. Click Applyand then click OK to close the template properties window.