Технический справочник по смарт-карте Smart Card Technical Reference
Применимо к: Windows 10, Windows Server 2016 Applies To: Windows 10, Windows Server 2016
Технический справочник по смарт-картам описывает инфраструктуру смарт-карт Windows для физических смарт-карт и работу компонентов, связанных с смарт-картами, в Windows. The Smart Card Technical Reference describes the Windows smart card infrastructure for physical smart cards and how smart card-related components work in Windows. В этом документе также содержатся сведения о средствах, которые ИТ-разработчики и администраторы могут использовать для устранения неполадок, отладки и развертывания проверки подлинности на основе смарт-карт на предприятии. This document also contains information about tools that information technology (IT) developers and administrators can use to troubleshoot, debug, and deploy smart card-based strong authentication in the enterprise.
Аудитория Audience
В этом документе объясняется, как работает инфраструктура смарт-карт Windows. This document explains how the Windows smart card infrastructure works. Чтобы понять эту информацию, необходимо иметь базовые знания об инфраструктуре открытых ключей (PKI) и понятиях смарт-карт. To understand this information, you should have basic knowledge of public key infrastructure (PKI) and smart card concepts. Этот документ предназначен для: This document is intended for:
Корпоративные ИТ-разработчики, менеджеры и сотрудники, плановые развертывание или использование смарт-карт в организации. Enterprise IT developers, managers, and staff who are planning to deploy or are using smart cards in their organization.
Поставщики смарт-карт, которые записывают мини-диски смарт-карт или поставщики учетных данных. Smart card vendors who write smart card minidrivers or credential providers.
Что такое смарт-карты? What are smart cards?
Смарт-карты — это устойчивые к взлому переносимые устройства хранения, которые могут повысить безопасность таких задач, как проверка подлинности клиентов, подписание кода, защита электронной почты и вход с помощью учетной записи домена Windows. Smart cards are tamper-resistant portable storage devices that can enhance the security of tasks such as authenticating clients, signing code, securing e-mail, and signing in with a Windows domain account.
Смарт-карты предоставляют: Smart cards provide:
Защищенное от взлома хранилище для защиты закрытых ключей и других форм личной информации. Tamper-resistant storage for protecting private keys and other forms of personal information.
Изоляция критически важных для безопасности вычислений, которые включают проверку подлинности, цифровые подписи и обмен ключами с других частей компьютера. Isolation of security-critical computations that involve authentication, digital signatures, and key exchange from other parts of the computer. Эти вычисления выполняются на смарт-карте. These computations are performed on the smart card.
Переносимость учетных данных и другой частной информации между компьютерами на работе, дома или в пути. Portability of credentials and other private information between computers at work, home, or on the road.
Смарт-карты можно использовать только для входов в учетные записи домена, а не локальные учетные записи. Smart cards can be used to sign in to domain accounts only, not local accounts. При использовании пароля для интерактивного доступа к учетной записи домена Windows использует для проверки подлинности протокол Kerberos версии 5 (v5). When you use a password to sign in interactively to a domain account, Windows uses the Kerberos version 5 (v5) protocol for authentication. Если вы используете смарт-карту, операционная система использует проверку подлинности Kerberos v5 с сертификатами X.509 v3. If you use a smart card, the operating system uses Kerberos v5 authentication with X.509 v3 certificates.
Виртуальные смарт-карты были представлены в Windows Server 2012 и Windows 8, чтобы снизить потребность в физической смарт-карте, устройстве чтения смарт-карт и связанном администрировании этого оборудования. Virtual smart cards were introduced in Windows Server 2012 and Windows 8 to alleviate the need for a physical smart card, the smart card reader, and the associated administration of that hardware. Сведения о технологии виртуальных смарт-карт см. в обзоре виртуальных смарт-карт. For information about virtual smart card technology, see Virtual Smart Card Overview.
В этом техническом справочнике In this technical reference
Эта справка содержит следующие разделы. This reference contains the following topics.
Windows. Devices. Smart Cards Namespace
Gets info about smart card readers and smart cards; configures physical smart cards; and creates, configures, and deletes Trusted Platform Module (TPM) virtual smart cards.
The Smart cards sample application shows how to use Windows.Devices.SmartCards APIs to work with smart cards and smart card readers programmatically. The Near field communication (NFC) sample application also shows how to communicate with a smart card.
Classes
Provides data for the CardAdded event.
Provides data for the CardRemoved event.
A class that represents a selection of known smartcard applet IDs; exposing them via its properties.
Represents info about a smart card.
The SmartCard sample application shows how to use Windows.Devices.SmartCards APIs to work with smart cards and smart card readers programmatically. The Near field communication (NFC) sample application also shows how to communicate with a smart card.
A class that represents a digitized card, which may either be self-managed (Host Card Emulation) or backed by a physical embedded secure element (eSE). This class can also be thought of as defining a collection of smart card applet IDs.
Represents a registered group of applet IDs.
Represents the smart card automatic response Application Protocol Data Unit (APDU).
Represents a smart card authentication challenge/response operation.
Represents a connection to a smart card.
Represents the mechanism for providing hardware supported for secure payment applications and protocols.
This class contains information that is returned by GetAllCryptogramMaterialCharacteristicsAsync.
This class contains information that is returned by GetAllCryptogramStorageKeyCharacteristicsAsync.
This class contains characteristics of cryptogram material.
This class contains characteristics of a cryptogram material package.
Contains the result of calling TryProvePossessionOfCryptogramMaterialPackageAsync with a challenge token to prove that the device possesses the identified cryptogram material.
Contains instructions for placing a cryptogram in an outgoing message.
This class contains characteristics of storage keys.
Contains information about the storage key so that apps can register and certify the key information with their service.
Represents a smart card emulator device.
Provides data for the ApduReceived event.
Provides data for the ConnectionDeactivated event.
Provides information about a smart card emulator connection to an NFC reader.
Represents a set of personal identification number (PIN) rules on a Trusted Platform Module (TPM) virtual smart card.
Represents a wait time for a requested smart card personal identification number (PIN) reset.
Represents a smart card personal identification number (PIN) reset request.
Represents info about, and operations for, configuring smart cards.
Represents info about a smart card reader.
The Smart cards sample application shows how to use Windows.Devices.SmartCards APIs to work with smart cards and smart card readers programmatically. The Near field communication (NFC) sample application also shows how to communicate with a smart card.
Provides details about a smart card trigger.
Structs
Enums
Defines the return values for the RequestActivationPolicyChangeAsync method.
Defines the valid values that can be passed to the RequestActivationPolicyChangeAsync method.
Defines the status of the smart card readers automatic response.
Defines the cryptogram generation algorithm for a cryptogram placement step.
Defines the statuses for cryptogram generator methods.
Defines the format of the proof of possession returned when calling the TryProvePossessionOfCryptogramMaterialPackageAsync method.
Defines the cryptogram material package format.
Defines the cryptogram material protection method.
Defines the cryptogram material type.
Defines cryptogram placement options.
Defines cryptogram storage key algorithms.
Defines cryptogram storage key capabilities.
Defines the attestation status of a key.
Defines the valid categories of smart cards that can be emulated.
Defines the mechanism by which the device emulates a smart card.
Defines the reasons a smart card connection to an NFC reader could become deactivated.
Defines the valid types of smart card connection sources.
Represents the current card emulation policy set by the user in the phone settings.
Specifies how a smart card app should be launched.
Specifies the rules for characters in a smart card personal identification number (PIN).
Represents the smart card reader’s type.
Specifies the smart card reader’s status.
Specifies the smart card’s status.
Represents the valid smart card trigger types.
Defines the unlock prompting behavior.
Delegates
Represents a method that handles a smart card personal identification number (PIN) reset.
