Authentication Services OS Design Development

Windows Mobile 6.5
A version of this page is also available for

Authentication Services for Windows Mobile devices provide security services for user authentication, credential management, and message protection through the Security Support Provider Interface (SSPI). Within SSPI, different security options are available. These options include NTLM security support provider (SSP) and Kerberos SSP. Each of these options contains different authentication and cryptographic schemes. You can also provide your own security package and add it to the registry for applications to use.

In addition to the SSPI credential management functionality, a component called Credential Manager is included automatically with Kerberos and NTLM services. Credential Manager allows users an option to save a name, password, and other authentication information on the device. The Credential Manager keeps track of the information and updates it when necessary.

Passport Authentication is a centralized service provided by Microsoft that offers a single logon and core profile services to member sites. This technology is automatically included with WinInet and is fully implemented. This frees application developers from dealing with the details of interacting with the Passport infrastructure.

The following table shows operating system design information for Authentication Services.

Element Information

Dependencies for Schannel

Requires CryptoAPI 2.0 for certificate management. Schannel is exposed through Winsock and Wininet and not through SSPI.

Dependencies for Passport Authentication

Included automatically with WinInet.

The following table shows the components and modules that implement Authentication Services.

Item Module Component

Authentication Services



Kerberos Security Support Service Provider

kerberos, cryptdll


NTLM Security Support Service Provider



Passport Authentication



Schannel Security Support Service Provider



The following table shows the Sysgen variables that enable Authentication Services.

Sysgen variable Description


Security Support Provider Interface (SSPI) provides a programming interface for user authentication, credential management, and message protection. Available authentication providers include NTLM, Kerberos, and Secure Sockets Layer (SSL). Each provider contains different authentication and cryptographic schemes.


Kerberos security support provider for mutual authentication between entities.


NTLM security support provider that uses challenge and response authentication protocol.


Schannel security support provider that uses SSL2, SSL3, and Transport Layer Security (TLS/SSL 3.1) public key-based protocols.

Community Additions