SSO Cache
The SSO cache service is used as a global data store for different types of data. The common usage is to avoid the reading of public data from slow tokens. That is, reading certificates from the smart cards. But it can also store information like PIN attempts left or the actual PIN value.
The cache service allows all processes to access the data store, including sensitive information such as PIN value. The data can be protected to avoid misuse.
[Service Cache]
UserProtect=<0|1|2>
Protection means that it is protected with whatever is possible for each platform. That is, CredProtect is used on the Windows platform. As a result, all processes that run in the same environment as the logged-on user are able to decrypt the data (CredUnprotect).
The SSO cache enables single sign-on for all applications as long as they can read the PIN value from the cache. With the user protection enabled, this requires that they are running in the same environment.
Normally, this component will only run as a system service.
When using both user and administrator certificates on the same smart card, Pointsharp recommends that administrator certificates use the PIN3 setting. The reason is that the PIN3 is never cached. Not all smart cards have PIN3 functionality. |