Smart Cards for Windows Service

This topic for the IT professional and smart card developers describes how the Smart Cards for Windows service (formerly called Smart Card Resource Manager) manages readers and application interactions.

The Smart Cards for Windows service provides the basic infrastructure for all other smart card components as it manages smart card readers and application interactions on the computer. It is fully compliant with the specifications set by the PC/SC Workgroup. For information about these specifications, see the PC/SC Workgroup Specifications website.

The Smart Cards for Windows service runs in the context of a local service, and it is implemented as a shared service of the services host (svchost) process. The Smart Cards for Windows service, Scardsvr, has the following service description:

<serviceData
    dependOnService="PlugPlay"
    description="@%SystemRoot%\System32\SCardSvr.dll,-5"
    displayName="@%SystemRoot%\System32\SCardSvr.dll,-1"
    errorControl="normal"
    group="SmartCardGroup"
    imagePath="%SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation"
    name="SCardSvr"
    objectName="NT AUTHORITY\LocalService"
    requiredPrivileges="SeCreateGlobalPrivilege,SeChangeNotifyPrivilege"
    sidType="unrestricted"
    start="demand"
    type="win32ShareProcess"
    >
  <failureActions resetPeriod="900">
       <actions>
          <action
              delay="120000"
              type="restartService"
          />
          <action
              delay="300000"
              type="restartService"
          />
          <action
               delay="0"
              type="none"
          />
      </actions>
  </failureActions>
  <securityDescriptor name="ServiceXSecurity"/>
</serviceData>

  <registryKeys buildFilter="">
      <registryKey keyName="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr\Parameters">
      <registryValue
          name="ServiceDll"
          value="%SystemRoot%\System32\SCardSvr.dll"
          valueType="REG_EXPAND_SZ"
          />
      <registryValue
          name="ServiceMain"
          value="CalaisMain"
          valueType="REG_SZ"
          />
      <registryValue
          name="ServiceDllUnloadOnStop"
          value="1"
          valueType="REG_DWORD"
          />
      </registryKey>
  </registryKeys>

By default, the service is configured for manual mode. Creators of smart card reader drivers must configure their INFs so that they start the service automatically and winscard.dll files call a predefined entry point to start the service during installation. The entry point is defined as part of the SmartCardReader class, and it is not called directly. If a device advertises itself as part of this class, the entry point is automatically invoked to start the service when the device is inserted. Using this method ensures that the service is enabled when it is needed, but it is also disabled for users who do not use smart cards.

When the service is started, it performs several functions:

1. It registers itself for service notifications
2. It registers itself for Plug and Play (PnP) notifications related to device removal and additions
3. It initializes its data cache and a global event that signals that the service has started

The Smart Cards for Windows service categorizes each smart card reader slot as a unique reader, and each slot is also managed separately, regardless of the device's physical characteristics. The Smart Cards for Windows service handles the following high-level actions:

• Device introduction
• Reader initialization
• Notifying clients of new readers
• Serializing access to readers
• Smart card access
• Tunneling of reader-specific commands

See also

How Smart Card Sign-in Works in Windows