SSO Cache

The SSO cache service is used as a global data store for different types of data. The common usage is to avoid reading of public data from slow tokens, that is, reading certificates from the smart cards, but may also store information like PIN attempts left or the actual PIN value.

As mentioned, the cache service will allow all processes to access the data store, including sensitive information like the PIN value. To avoid misuse can the data be protected:

[Service Cache]
UserProtect=0/1/2

Values

0

Unprotected

1

Private data protected

2

All data protected

Protection means that it will be protected with whatever is possible for each platform, that is, CredProtect will be used on Windows platform. As a result, all processes that executes in the same environment as the logged-on user are able to unprotect the data (CredUnprotect).

The SSO cache will enable single sign-on for all applications as long as they can read the PIN value from the cache. With user protection enabled this will require that they are running in the same environment.

Normally, this component will only run as system service.