Windows CE 3.0
This section describes the following technologies that Windows CE offers for adding enhanced security to Windows CE-based networking and communications.
- Security Support Provider Interface (SSPI): SSPI provides a common interface between transport-level applications and security providers. It provides a mechanism by which a transport application can call one of several security providers and obtain an authentic connection without knowing the details of the security protocol. Security providers included with Windows CE: Windows NT® LAN Manager (NTLM), Secure Sockets Layer (SSL) version 2.0; SSL version 3.0; and Private Communication Technology (PCT) version 1.0 are provided through the Schannel Cryptographic Provider. The Schannel Cryptographic Provider is accessed through Winsock. Security Support Provider Interface (SSPI) functions are available through the Secur32.dll module.
- Cryptography (CAPI): Windows CE also supports the Microsoft Cryptographic API (CAPI) for enhancing secure communication. The following illustration shows the relationship between these elements and your application.
- Digital Certificate Handling: Authentication is crucial to enhancing secure communications. Users must be able to prove their identity to those with whom they communicate and must be able to verify the identity of others. Windows CE now supports a subset of CAPI version 2.0 for managing digital certificates on Windows CE based devices.
- Smart Card Support: The Windows CE smart card subsystem supports the Cryptography API and the Windows CE–based device driver model for developing smart card readers. Additional PC/SC support facilitates the porting of existing smart card reader drivers and service providers.
On a Windows CE–based device, the smart card subsystem provides a link between smart card reader hardware and applications that are smart card-aware. This link consists of DLLs, the smart card resource manager API, and the smart card reader hardware device drivers. The smart card subsystem supports the CryptoAPI and the Windows CE–based device driver model.
The cryptographic functions supported in Windows CE exist as an integral part of CAPI. Services provided by these functions enable you to add encryption to your Windows CE–based application without requiring extensive knowledge of cryptography.
The algorithms and standards used by CAPI are implemented through cryptographic service providers (CSPs). CAPI functions are available through the Coredll.dll module.