This is retired content. This content is outdated and is no
longer being maintained. It is provided as a courtesy for
individuals who are still using these technologies. This content
may contain URLs that were valid when originally published, but now
link to sites or pages that no longer exist.
This section describes the following technologies that Windows
CE offers for adding enhanced security to Windows CE-based
networking and communications.
Security
Support Provider Interface(SSPI): SSPI provides a common
interface between transport-level applications and security
providers. It provides a mechanism by which a transport application
can call one of several security providers
and obtain an authentic connection without knowing the
details of the security protocol. Security providers included with
Windows CE: Windows NT LAN Manager (NTLM), Secure Sockets Layer
(SSL) version 2.0; SSL version 3.0; and Private Communication
Technology (PCT) version 1.0 are provided through the Schannel
Cryptographic Provider. The Schannel Cryptographic Provider is
accessed through Winsock. Security Support Provider
Interface (SSPI) functions are available through the Secur32.dll
module.
Cryptography(CAPI): Windows
CE also supports the Microsoft Cryptographic API (CAPI) for
enhancing secure communication. The following illustration shows
the relationship between these elements and your application.
Digital Certificate
Handling: Authentication is crucial to enhancing secure
communications. Users must be able to prove their identity to those
with whom they communicate and must be able to verify the identity
of others. Windows CE now supports a subset of CAPI version 2.0 for
managing digital certificates on Windows CE based devices.
Smart Card
Support: The Windows CE smart card subsystem supports the
Cryptography API and the Windows CE–based device driver model for
developing smart card readers. Additional PC/SC support facilitates
the porting of existing smart card reader drivers and service
providers.
On a Windows CE–based device, the smart
card subsystem provides a link between smart card reader hardware
and applications that are smart card-aware. This link consists of
DLLs, the smart card resource manager API, and the smart card
reader hardware device drivers. The smart card subsystem supports
the CryptoAPI and the Windows CE–based device driver
model.
The cryptographic functions supported
in Windows CE exist as an integral part of CAPI. Services provided
by these functions enable you to add encryption to your Windows
CE–based application without requiring extensive knowledge of
cryptography.
The algorithms and standards used by
CAPI are implemented through cryptographic service providers
(CSPs). CAPI functions are available through the Coredll.dll
module.