CardDeauthenticateEx function

The CardDeauthenticateEx function must always be provided. If it is not possible within the card minidriver to efficiently reverse the effect of an authentication operation without resetting the card, the call must return SCARD_E_UNSUPPORTED_FEATURE. In this situation, the Base CSP/KSP performs deauthentication by resetting the card. Because a card reset is a time-consuming operation, the card minidriver must implement this function if it can be done.


DWORD WINAPI CardDeauthenticateEx(
  _In_ PCARD_DATA pCardData,
  _In_ PIN_SET    PinId,
  _In_ DWORD      dwFlags


pCardData [in]

Context information for the call. For more information, see CardAcquireContext.

PinId [in]

Set of PINs to be deauthenticated.

dwFlags [in]

Reserved. Set to 0.

Return value

Zero on success; otherwise, nonzero.


The PinId parameter can contain multiple PINs for deauthentication. For example, a PinId that contains the value 0x06 means to deauthenticate ROLE_USER and ROLE_ADMIN. A value of 0xFF means to deauthenticate all PINs that are currently authenticated. If the ROLE_EVERYONE bit is set in the PinId parameter, it should be ignored.

If the card minidriver returns a nonzero value from this function, the Base CSP/KSP resets the card.

If the function returns 0 (success), all specified PINs have been deauthenticated. After successfully de-authenticating the user, the minidriver should clear any cache content that it may have created during the duration of the authenticated session using the call back caching functions set by Smart card Base CSP/SC KSP.


Target platform


Cardmod.h (include Cardmod.h)



Send comments about this topic to Microsoft