PC Authentication Architecture (Windows CE 5.0)
The PC Authentication Catalog item provides a Windows CE Local Authentication Plugin (LAP) and sample desktop computer application. Using this Catalog item, along with the Local Authentication Subsystem (LASS) functionality in Windows CE, a Windows CE-based application can determine if a desktop computer running a Windowsoperating system is locked or unlocked. For more information about LASS, see Local Authentication Subsystem (LASS).
Using the desktop computer's lock/unlock status, the Windows CE-based application can help protect private data by requiring additional user input when the desktop computer is locked.
Note The desktop computer application is provided as a sample only. It has not been tested and should not be deployed in a production environment without additional testing, security evaluation, and other verification.
LASS provides a general-purpose architecture that enables Windows CE-based applications to call a single LASS function, VerifyUser, to authenticate a user. This LASS function then uses the currently active LAP to actually determine if the user is authenticated. LAPs can authenticate users by any mechanism. For example, you might have a LAP that uses a fingerprint reader, a smart card, and so on.
The PC Authentication functionality provides a LAP that communicates with an application running on a desktop computer running Windows and that authenticates the user only when the associated desktop computer running Windows is unlocked.
The PC Authentication LAP uses TCP/IP sockets to communicate with the desktop computer application, which listens for requests from the PC Authentication LAP. When the desktop computer application receives a request from the LAP it determines if the desktop computer is locked or unlocked and returns this information to the PC Authentication LAP.
The communication between the desktop computer and the Windows CE-based device uses Kerberos authentication. Because of how the data is encrypted, the credentials used on the desktop computer and on the Windows CE-based device must be the same.
The Telephony User Interface (TUI) application is a good example of an application that uses PC Authentication functionality. For detailed information about how TUI uses PC Authentication, including the steps you might be able to take to use this functionality in other applications, see Limiting Access to Sensitive Information in the TUI.
See Also
PC Authentication Application Development
Send Feedback on this topic to the authors