Security Overview (Windows Embedded CE 6.0)
1/6/2010
The following technologies are available for providing increased security to your Windows Embedded CE devices and applications:
- Credential Manager
Provides information on using Credential Manager, which provides storage for cached credentials, and enables the sharing of common credentials.
- Local Authentication Subsystem (LASS)
LASS is the infrastructure to provide user authentication independent of the invoking application and authentication mechanism. It also supports policy-based authentication using the registry.
- Cryptographyand Certificates
Provide services for using cryptography. These services allow data encryption/decryption schemes, authentication using digital certificates, and encoding/decoding to and from ASN.1 to their Microsoft Win32®–based applications. Application developers can use the functions in CryptoAPI without detailed knowledge of the underlying implementation. The cryptographic service providers (CSPs) included with Windows Embedded CE are RSA Base Provider, Diffie-Hellman/DSS Provider and RSA Enhanced Provider.
- Protected Store
To help protect sensitive information and to help prevent data tampering, the protected store application programming interface (API) provides a convenient solution to cryptography, key management, and user experience issues. The protected store APIs take the user's logon credentials to lock and unlock the private data.
- Secure Socket Layer (SSL)
Windows Embedded CE supports SSL versions 2.0 and 3.0. These are available through Windows Internet Services (WinInet) or directly from Windows Sockets (Winsock). SSL uses secure sockets to send and receive encoded data over the communication lines.
- Security Support Provider Interface Architecture
Security Support Provider Interface (SSPI) is a well-defined common interface for obtaining integrated security services for authentication, message integrity, and message privacy. It provides an abstraction layer between application-level protocols and security protocols. You can use one of several security providerswithout knowing the details of the security protocol. The security providers included with Windows Embedded CE are Windows NTLM Security Support Provider (SSP), Schannel (SSL/TLS) and Kerberos SSP.
- Smart Card Support
The Windows Embedded CE smart card subsystem supports CryptoAPI and the Windows Embedded CE–based device driver model for developing smart card readers. Additional PC/SC support facilitates the porting of existing smart card reader drivers and service providers.
- Trusted environment model
To help secure your operating system from potentially unsafe operations, operating system developers can specify a trusted environment where only certified applications can run. You can prevent unknown applications from loading, restrict access to system APIs, and prevent write access to certain parts of the system registry.
The following illustration shows the relationship between the security services elements and your application.