A minidriver is a hardware-specific DLL that uses a Microsoft-provided class driver to accomplish most actions through function calls, and provides only device-specific controls.

Under WDM, the minidriver registers its associated hardware adapters with the class driver, and the class driver creates a file object to represent each adapter that registers. The minidriver uses the class driver’s device object to make system calls. The class driver is accessed by user-mode clients through WDM Streaming.

In relation to a usb token or smart card, a minidriver provides a simpler alternative to developing a legacy cryptographic service provider (CSP) by encapsulating most of the complex cryptographic operations from the card minidriver developer.

The CSP-Minidriver is build on top of the token interface, which is part of the PKCS#11 module. It inherits card and crypto support from the PKCS#11 module.

The CSP-Minidriver is a read-only driver that exposes RSA and ECDSA private keys, public keys and certificates at it’s interface. The CSP-Minidriver is based on the Smart Card Minidriver Specification v7.07. It supports Windows 7, Windows 8 (8.1) and Windows 10. As it is a read-only driver, generating keys and writing certificates is not supported. Key and certificate provisioning can be done using OpenSCDP and the Smart Card Shell or via an application that supports the PKCS#11 interface. A read/write CSP for the SmartCard-HSM is available as part of the OpenSC Project.

Beginning with Windows Vista, applications can use the Microsoft Cryptography API: Next Generation (CNG) for smart card–based cryptographic services. As part of the elliptic curve cryptography (ECC) effort that was introduced in Windows Vista, ECC smart cards are supported in the new cryptographic framework. Applications and interfaces that interact with existing Rivest-Shamir-Adleman (RSA) card minidrivers through the legacy CAPI subsystem continue to work without modification.

RSA smart card minidrivers can also be registered with the smart card key storage provider (KSP) so that they can be called through the CNG interface. Dual-mode ECC/RSA + ECC-only requests are routed to the KSP and, through it, to the appropriate card minidrivers. For Windows Vista–based clients, ECC-only and ECC/RSA dual-mode cards are supported by using the Windows smart card framework. Dual-mode cards can also be accessed through CAPI primarily to expose RSA-only features.

Related Products

Related Articles

New software from Intercede provides added protection using Intel® Authenticate for enterprise PCs

March 1st, 2016|

RSA CONFERENCE 2016, San Francisco, March 1, 2016 – Today, digital identity and credentials expert Intercede announced new security software designed for deployment alongside Intel’s latest hardware-based identity protection technology, Intel® Authenticate. Intercede software, running on the 6th Gen Intel® Core™ vPro™

New Smart Card Management System from Versatile Security

December 15th, 2012|

Stockholm, Sweden, December 15, 2012 -- Versatile Security Sweden AB announces the release of vSEC:CMS T-Series version 3.0. New features in this version include: Smart card printing capability, new graphical interface with intuitive lifecycle navigation, support of new Smart Cards,

New Smart Card Management System from Versatile Security

December 14th, 2012|

Stockholm, Sweden, December 14th, 2012 – Versatile Security Sweden AB announces the release of vSEC:CMS T-Series version 3.0. New features in this version include: Smart card printing capability, new graphical interface with intuitive lifecycle navigation, support of new Smart Cards, support of

« Back to Glossary Index