![[MS-TPMVSC]: Trusted Platform Module (TPM) Virtual Smart Card .](/img/62/5bms-tpmvsc-5d-210407.jpg)
Transcription
[MS-TPMVSC]:Trusted Platform Module (TPM) Virtual Smart CardManagement ProtocolIntellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open Specifications documentation (“thisdocumentation”) for protocols, file formats, data portability, computer languages, and standardssupport. Additionally, overview documents cover inter-protocol relationships and interactions.Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any otherterms that are contained in the terms of use for the Microsoft website that hosts thisdocumentation, you can make copies of it in order to develop implementations of the technologiesthat are described in this documentation and can distribute portions of it in your implementationsthat use these technologies or in your documentation as necessary to properly document theimplementation. You can also distribute in your implementation, with or without modification, anyschemas, IDLs, or code samples that are included in the documentation. This permission alsoapplies to any documents that are referenced in the Open Specifications documentation.No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.Patents. Microsoft has patents that might cover your implementations of the technologiesdescribed in the Open Specifications documentation. Neither this notice nor Microsoft's delivery ofthis documentation grants any licenses under those patents or any other Microsoft patents.However, a given Open Specifications document might be covered by the Microsoft OpenSpecifications Promise or the Microsoft Community Promise. If you would prefer a written license,or if the technologies described in this documentation are not covered by the Open SpecificationsPromise or Community Promise, as applicable, patent licenses are available by contactingiplg@microsoft.com.License Programs. To see all of the protocols in scope under a specific license program and theassociated patents, visit the Patent Map.Trademarks. The names of companies and products contained in this documentation might becovered by trademarks or similar intellectual property rights. This notice does not grant anylicenses under those rights. For a list of Microsoft trademarks, visitwww.microsoft.com/trademarks.Fictitious Names. The example companies, organizations, products, domain names, emailaddresses, logos, people, places, and events that are depicted in this documentation are fictitious.No association with any real company, organization, product, domain name, email address, logo,person, place, or event is intended or should be inferred.Reservation of Rights. All other rights are reserved, and this notice does not grant any rights otherthan as specifically described above, whether by implication, estoppel, or otherwise.Tools. The Open Specifications documentation does not require the use of Microsoft programmingtools or programming environments in order for you to develop an implementation. If you have accessto Microsoft programming tools and environments, you are free to take advantage of them. CertainOpen Specifications documents are intended for use in conjunction with publicly available standardsspecifications and network programming art and, as such, assume that the reader either is familiarwith the aforementioned material or has immediate access to it.Support. For questions and support, please contact dochelp@microsoft.com.1 / 37[MS-TPMVSC] - v20210407Trusted Platform Module (TPM) Virtual Smart Card Management ProtocolCopyright 2021 Microsoft CorporationRelease: April 7, 2021
Revision 0/20121.0NewReleased new document.7/12/20121.0NoneNo changes to the meaning, language, or formatting of thetechnical content.10/25/20121.0NoneNo changes to the meaning, language, or formatting of thetechnical content.1/31/20131.0NoneNo changes to the meaning, language, or formatting of thetechnical content.8/8/20132.0MajorSignificantly changed the technical content.11/14/20132.0NoneNo changes to the meaning, language, or formatting of thetechnical content.2/13/20142.0NoneNo changes to the meaning, language, or formatting of thetechnical content.5/15/20142.0NoneNo changes to the meaning, language, or formatting of thetechnical content.6/30/20153.0MajorSignificantly changed the technical content.10/16/20153.0NoneNo changes to the meaning, language, or formatting of thetechnical content.7/14/20163.0NoneNo changes to the meaning, language, or formatting of thetechnical content.6/1/20173.0NoneNo changes to the meaning, language, or formatting of thetechnical content.9/15/20174.0MajorSignificantly changed the technical content.12/1/20174.0NoneNo changes to the meaning, language, or formatting of thetechnical content.9/12/20185.0MajorSignificantly changed the technical content.4/7/20216.0MajorSignificantly changed the technical content.2 / 37[MS-TPMVSC] - v20210407Trusted Platform Module (TPM) Virtual Smart Card Management ProtocolCopyright 2021 Microsoft CorporationRelease: April 7, 2021
Table of Contents1Introduction . 51.1Glossary . 51.2References . 51.2.1Normative References . 51.2.2Informative References . 61.3Overview . 61.4Relationship to Other Protocols . 71.5Prerequisites/Preconditions . 81.6Applicability Statement . 81.7Versioning and Capability Negotiation . 81.8Vendor Extensible Fields . 81.9Standards Assignments. 82Messages . 102.1Transport . 102.2Common Data Types . 102.2.1Enumerations . 102.2.1.1TPMVSCMGR ERROR . 112.2.1.2TPMVSCMGR STATUS . 122.2.1.3SmartCardPinCharacterPolicyOption . 132.2.1.4TPMVSC ATTESTATION TYPE . 132.2.2Structures . 132.2.2.1PinPolicySerialization . 143Protocol Details . 153.1ITpmVirtualSmartCardManager Server Details . 153.1.1Abstract Data Model . 153.1.2Timers . 153.1.3Initialization . 153.1.4Message Processing Events and Sequencing Rules . 153.1.4.1CreateVirtualSmartCard (Opnum 3). 163.1.4.2DestroyVirtualSmartCard (Opnum 4) . 173.1.5Timer Events . 183.1.6Other Local Events . 183.2ITpmVirtualSmartCardManagerStatusCallback Server Details. 183.2.1Abstract Data Model . 183.2.2Timers . 183.2.3Initialization . 183.2.4Message Processing Events and Sequencing Rules . 193.2.4.1ReportProgress (Opnum 3) . 193.2.4.2ReportError (Opnum 4) . 193.2.5Timer Events . 203.2.6Other Local Events . 203.3ITpmVirtualSmartCardManager2 Server Details . 203.3.1Abstract Data Model . 203.3.2Timers . 203.3.3Initialization . 203.3.4Message Processing Events and Sequencing Rules . 203.3.4.1CreateVirtualSmartCardWithPinPolicy (Opnum 5) . 203.3.5Timer Events . 223.3.6Other Local Events . 223.4ITpmVirtualSmartCardManager3 Server Details . 223.4.1Abstract Data Model . 233.4.2Timers . 233.4.3Initialization . 233 / 37[MS-TPMVSC] - v20210407Trusted Platform Module (TPM) Virtual Smart Card Management ProtocolCopyright 2021 Microsoft CorporationRelease: April 7, 2021
3.4.4Message Processing Events and Sequencing Rules . 233.4.4.1CreateVirtualSmartCardWithAttestation (Opnum 6) . 233.4.5Timer Events . 253.4.6Other Local Events . 254Protocol Examples . 264.1Create a VSC without Status Callback . 264.2Create a VSC with Status Callback . 265Security . 285.1Security Considerations for Implementers . 285.2Index of Security Parameters . 286Appendix A: Full IDL . 297Appendix B: Product Behavior . 338Change Tracking . 349Index . 354 / 37[MS-TPMVSC] - v20210407Trusted Platform Module (TPM) Virtual Smart Card Management ProtocolCopyright 2021 Microsoft CorporationRelease: April 7, 2021
1IntroductionThe DCOM Interfaces for Trusted Platform Module (TPM) Virtual Smart Card Management Protocol isused to manage virtual smart cards (VSCs) on a remote machine, such as those based on trustedplatform modules (TPM). It provides methods for a protocol client to request creation and destructionof VSCs and to monitor the status of these operations.Sections 1.5, 1.8, 1.9, 2, and 3 of this specification are normative. All other sections and examples inthis specification are informative.1.1GlossaryThis document uses the following terms:certification authority (CA): A third party that issues public key certificates. Certificates serve tobind public keys to a user identity. Each user and certification authority (CA) can decide whetherto trust another user or CA for a specific purpose, and whether this trust should be transitive.For more information, see [RFC3280].virtual smart card (VSC): A combination of hardware, software and firmware that implementsthe same interface as a smart card but is not necessarily restricted to the same physical formfactors. For example, virtual smart cards may be implemented entirely in software, or they mayuse the cryptographic capabilities of specific hardware such as a TPM.MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as definedin [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.1.2ReferencesLinks to a document in the Microsoft Open Specifications library point to the correct section in themost recently published version of the referenced document. However, because individual documentsin the library are not updated at the same time, the section numbers in the documents may notmatch. You can confirm the correct section numbering by checking the Errata.1.2.1 Normative ReferencesWe conduct frequent surveys of the normative references to assure their continued availability. If youhave any issue with finding a normative reference, please contact dochelp@microsoft.com. We willassist you in finding the relevant information.[C706] The Open Group, "DCE 1.1: Remote Procedure Call", C706, August 1997,https://publications.opengroup.org/c706Note Registration is required to download the document.[MS-DCOM] Microsoft Corporation, "Distributed Component Object Model (DCOM) Remote Protocol".[MS-DTYP] Microsoft Corporation, "Windows Data Types".[MS-ERREF] Microsoft Corporation, "Windows Error Codes".[MS-RPCE] Microsoft Corporation, "Remote Procedure Call Protocol Extensions".[MS-SPNG] Microsoft Corporation, "Simple and Protected GSS-API Negotiation Mechanism (SPNEGO)Extension".5 / 37[MS-TPMVSC] - v20210407Trusted Platform Module (TPM) Virtual Smart Card Management ProtocolCopyright 2021 Microsoft CorporationRelease: April 7, 2021
[PCSC3] PC/SC Workgroup, "Interoperability Specification for ICCs and Personal Computer Systems Part 3: Requirements for PC-Connected Interface Devices", June ons/pcsc3 v2.01.09.pdf[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC2119, March 1997, http://www.rfc-editor.org/rfc/rfc2119.txt[RFC4178] Zhu, L., Leach, P., Jaganathan, K., and Ingersoll, W., "The Simple and Protected GenericSecurity Service Application Program Interface (GSS-API) Negotiation Mechanism", RFC 4178, October2005, 7] National Institute of Standards and Technology., "Special Publication 800-67, Revision 1,Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher", January 800-67/rev-1/archive/2012-01-231.2.2 Informative ReferencesNone.1.3OverviewThe DCOM Interfaces for the Trusted Platform Module (TPM) Virtual Smart Card Management Protocolprovides a Distributed Component Object Model (DCOM) Remote Protocol [MS-DCOM] interface usedfor creating and destroying VSCs. Like all other DCOM interfaces, this protocol uses RPC [C706], withthe extensions specified in [MS-RPCE], as its underlying protocol. A VSC is a device that presents adevice interface complying with the PC/SC specification for PC-connected interface devices [PCSC3] toits host operating system (OS) platform. This protocol does not assume anything about the underlyingimplementation of VSC devices. In particular, while it is primarily intended for the management ofVSCs based on TPMs, it can also be used to manage other types of VSCs. The protocol defines twointerfaces: a primary interface which is used to request VSC operations on a target system, and asecondary interface which is used by that target system to return status and progress information tothe requestor.In a typical scenario, this protocol is used by a requestor (generally an administrative workstation) tomanage VSC devices on a target (generally an end-user workstation). The requestor, acting as aclient, connects to the ITpmVirtualSmartCardManager, ITpmVirtualSmartCardManager2, orITpmVirtualSmartCardManager3 interface on the target (which acts as the server) and requests thetarget to either create or destroy a VSC by passing appropriate parameters. These parameters includea reference to an ITpmVirtualSmartCardManagerStatusCallback DCOM interface on the requestor thatcan be used to provide status updates through callbacks.The principal difference between the ITpmVirtualSmartCardManager2 interface and theITpmVirtualSmartCardManager3 interface is that the latter supports creation of attestation-capablevirtual smart cards.The principal difference between the ITpmVirtualSmartCardManager interface and theITpmVirtualSmartCardManager2 interface is that the latter supports policies to define valid values forthe smart-card PIN.The target, after validating these parameters, starts executing the requested operation. It also opensa second connection back to the requestor over which it invokes the back interface as a client, and calls the appropriate functionsof that interface to provide progress or error codes. When the operation is completed, the targetcloses this second connection and returns the result for the requestor’s original method invocation.This entire process is illustrated in Figure 1.6 / 37[MS-TPMVSC] - v20210407Trusted Platform Module (TPM) Virtual Smart Card Management ProtocolCopyright 2021 Microsoft CorporationRelease: April 7, 2021
Figure 1: Typical protocol scenario1.4Relationship to Other ProtocolsThe DCOM Interfaces for the TPM Virtual Smart Card Management Protocol relies on the DistributedComponent Object Model (DCOM) Remote Protocol, as specified in [MS-DCOM], which uses RPC [MSRPCE] as its transport. A diagram of these relationships is shown in the following figure:7 / 37[MS-TPMVSC] - v20210407Trusted Platform Module (TPM) Virtual Smart Card Management ProtocolCopyright 2021 Microsoft CorporationRelease: April 7, 2021
Figure 2: Protocol Relationships1.5Prerequisites/PreconditionsThis protocol is implemented over DCOM and RPC. Therefore, it has the prerequisites specified in [MSDCOM] and [MS-RPCE] as being common to protocols that depend on DCOM and RPC respectively.This protocol also requires a compliant implementation of [PCSC3], as well as any additional host OSfacilities required to support the creation of VSCs, on the target.This protocol requires the use of a secure RPC connection. The requestor is required to possess thecredentials of an administrative user on the target, and both requestor and target are required tosupport security packages that implement support for impersonation as well as packet privacy andintegrity.1.6Applicability StatementThis protocol is applicable to scenarios where it is desirable to remotely manage VSC devices on acomputer with a smart card implementation compliant with [PCSC3].1.7Versioning and Capability NegotiationThis document covers versioning issues in the following areas: Supported Transports: This protocol uses the Distributed Component Object Model (DCOM)Remote Protocol [MS-DCOM], which in turn uses RPC over TCP as its only transport, as specified insection 2.1. Protocol Versions: This protocol includes two DCOM interfaces (namelyITpmVirtualSmartCardManager and ITpmVirtualSmartCardManagerStatusCallback), both of whichare version 0.0 as defined in section 2.2. Security and Authentication Methods: Microsoft RPC, as defined in [MS-RPCE], is used tonegotiate the authentication mechanism, as specified in [MS-SPNG] and in section 3.1. Localization: This protocol uses predefined status codes and error codes. It is the caller’sresponsibility to localize the status and error codes to localized strings. Capability Negotiation: This protocol does not support explicit capability negotiation. However,as specified in section 3.1.4, the requestor can disable the use of theITpmVirtualSmartCardManagerStatusCallback interface by providing a NULL callback parameter.Even if a callback parameter is provided by the requestor, the target can choose to not use theITpmVirtualSmartCardManagerStatusCallback interface.1.8Vendor Extensible FieldsThis protocol uses HRESULT values as defined in [MS-ERREF] section 2.1. Vendors can define theirown HRESULT values, provided they set the C bit (0x20000000) for each vendor-defined value,indicating the value is a customer code.1.9Standards AssignmentsParameterValueReferenceUUID for -d67fee7cb591[C706]8 / 37[MS-TPMVSC] - v20210407Trusted Platform Module (TPM) Virtual Smart Card Management ProtocolCopyright 2021 Microsoft CorporationRelease: April 7, 2021
ParameterValueReferenceUUID for 6-aa85ab5e5267[C706]UUID 5f-abb8-451c-a1ae-33d98f1bef4a[C706]UUID for 75950F694C699[C706]9 / 37[MS-TPMVSC] - v20210407Trusted Platform Module (TPM) Virtual Smart Card Management ProtocolCopyright 2021 Microsoft CorporationRelease: April 7, 2021
2Messages2.1TransportThis protocol uses RPC dynamic endpoints as defined in Part 4 of [C706].The client and server MUST communicate by using the DCOM Remote Protocol [MS-DCOM]. DCOM, inturn, uses RPC with the ncacn ip tcp (RPC over TCP) protocol sequence, as specified in [MS-RPCE].The server MUST use the RPC security extensions specified in [MS-RPCE] in the manner specified insection 3.1.3 and section 3.1.4. It MUST support the use of Simple and Protected GSS-API NegotiationMechanism (SPNEGO) [MS-SPNG] [RFC4178] to negotiate security providers, and it MUST register oneor more security packages that can be negotiated using this protocol.A server RPC interface implementing one of the DCOM interfaces specified by this protocol MUST usethe appropriate UUID as specified in section 1.9.The RPC version number for all interfaces MUST be 0.0.2.2Common Data TypesThis protocol MUST indicate to the RPC runtime that it is to support both the NDR and NDR64 transfersyntaxes and provide a negotiation mechanism for determining which transfer syntax will be used, asspecified in [MS-RPCE] section 3.In addition to the RPC base types and definitions specified in [C706] and [MS-RPCE], additional datatypes are defined in this section.The following data types are specified in [MS-DTYP]:Data type nameSectionBOOL[MS-DTYP] section 2.2.3BYTE[MS-DTYP] section 2.2.6DWORD[MS-DTYP] section 2.2.9HRESULT[MS-DTYP] section 2.2.18LONG[MS-DTYP] section 2.2.27LPCWSTR[MS-DTYP] section 2.2.34LPWSTR[MS-DTYP] section 2.2.362.2.1 EnumerationsThe following table summarizes the enumerations defined in this specification.Enumeration nameSectionDescriptionTPMVSCMGR ERROR2.2.1.1See section 2.2.1.1.TPMVSCMGR STATUS2.2.1.2See section 2.2.1.2.10 / 37[MS-TPMVSC] - v20210407Trusted Platform Module (TPM) Virtual Smart Card Management ProtocolCopyright 2021 Microsoft CorporationRelease: April 7, 2021
Enumeration ption2.2.1.3See section 2.2.1.3.TPMVSC ATTESTATION TYPE2.2.1.4See section 2.2.1.4.2.2.1.1 TPMVSCMGR ERRORtypedef [v1 enum] enum {TPMVSCMGR ERROR IMPERSONATION,TPMVSCMGR ERROR PIN COMPLEXITY,TPMVSCMGR ERROR READER COUNT LIMIT,TPMVSCMGR ERROR TERMINAL SERVICES SESSION,TPMVSCMGR ERROR VTPMSMARTCARD INITIALIZE,TPMVSCMGR ERROR VTPMSMARTCARD CREATE,TPMVSCMGR ERROR VTPMSMARTCARD DESTROY,TPMVSCMGR ERROR VGIDSSIMULATOR INITIALIZE,TPMVSCMGR ERROR VGIDSSIMULATOR CREATE,TPMVSCMGR ERROR VGIDSSIMULATOR DESTROY,TPMVSCMGR ERROR VGIDSSIMULATOR WRITE PROPERTY,TPMVSCMGR ERROR VGIDSSIMULATOR READ PROPERTY,TPMVSCMGR ERROR VREADER INITIALIZE,TPMVSCMGR ERROR VREADER CREATE,TPMVSCMGR ERROR VREADER DESTROY,TPMVSCMGR ERROR GENERATE LOCATE READER,TPMVSCMGR ERROR GENERATE FILESYSTEM,TPMVSCMGR ERROR CARD CREATE,TPMVSCMGR ERROR CARD DESTROY,} TPMVSCMGR ERROR;TPMVSCMGR ERROR IMPERSONATION: An error occurred during impersonation of the caller.TPMVSCMGR ERROR PIN COMPLEXITY: The user personal identification number (PIN) orpersonal unblocking key (PUK) value does not meet the minimum length requirement.TPMVSCMGR ERROR READER COUNT LIMIT: The limit on the number of Smart Card Readershas been reached.TPMVSCMGR ERROR TERMINAL SERVICES SESSION: The TPM Virtual Smart CardManagement Protocol cannot be used within a Terminal Services session.TPMVSCMGR ERROR VTPMSMARTCARD INITIALIZE: An error occurred during initialization ofthe VSC component.TPMVSCMGR ERROR VTPMSMARTCARD CREATE: An error occurred during creation of the VSCcomponent.TPMVSCMGR ERROR VTPMSMARTCARD DESTROY: An error occurred during deletion of the VSCcomponent.TPMVSCMGR ERROR VGIDSSIMULATOR INITIALIZE: An error occurred during initialization ofthe VSC simulator.TPMVSCMGR ERROR VGIDSSIMULATOR CREATE: An error occurred during creation of the VSCsimulator.TPMVSCMGR ERROR VGIDSSIMULATOR DESTROY: An error occurred during deletion of theVSC simulator.11 / 37[MS-TPMVSC] - v20210407Trusted Platform Module (TPM) Virtual Smart Card Management ProtocolCopyright 2021 Microsoft CorporationRelease: April 7, 2021
TPMVSCMGR ERROR VGIDSSIMULATOR WRITE PROPERTY: An error occurred duringconfiguration of the VSC simulator.TPMVSCMGR ERROR VGIDSSIMULATOR READ PROPERTY: An error occurred finding the VSCsimulator.TPMVSCMGR ERROR VREADER INITIALIZE: An error occurred during the initialization of theVSC reader.TPMVSCMGR ERROR VREADER CREATE: An error occurred during creation of the VSC reader.TPMVSCMGR ERROR VREADER DESTROY: An error occurred during deletion of the VSC reader.TPMVSCMGR ERROR GENERATE LOCATE READER: An error occurred preventing connection tothe VSC reader.TPMVSCMGR ERROR GENERATE FILESYSTEM: An error occurred during generation of the filesystem on the VSC.TPMVSCMGR ERROR CARD CREATE: An error occurred during creation of the VSC.TPMVSCMGR ERROR CARD DESTROY: An error occurred during deletion of the VSC.2.2.1.2 TPMVSCMGR STATUStypedef [v1 enum] enum {TPMVSCMGR STATUS VTPMSMARTCARD INITIALIZING,TPMVSCMGR STATUS VTPMSMARTCARD CREATING,TPMVSCMGR STATUS VTPMSMARTCARD DESTROYING,TPMVSCMGR STATUS VGIDSSIMULATOR INITIALIZING,TPMVSCMGR STATUS VGIDSSIMULATOR CREATING,TPMVSCMGR STATUS VGIDSSIMULATOR DESTROYING,TPMVSCMGR STATUS VREADER INITIALIZING,TPMVSCMGR STATUS VREADER CREATING,TPMVSCMGR STATUS VREADER DESTROYING,TPMVSCMGR STATUS GENERATE WAITING,TPMVSCMGR STATUS GENERATE AUTHENTICATING,TPMVSCMGR STATUS GENERATE RUNNING,TPMVSCMGR STATUS CARD CREATED,TPMVSCMGR STATUS CARD DESTROYED,} TPMVSCMGR STATUS;TPMVSCMGR STATUS VTPMSMARTCARD INITIALIZING: Initializing the VSC component.TPMVSCMGR STATUS VTPMSMARTCARD CREATING: Creating the VSC component.TPMVSCMGR STATUS VTPMSMARTCARD DESTROYING: Deleting the VSC component.TPMVSCMGR STATUS VGIDSSIMULATOR INITIALIZING: Initializing the VSC simulator.TPMVSCMGR STATUS VGIDSSIMULATOR CREATING: Creating the VSC simulator.TPMVSCMGR STATUS VGIDSSIMULATOR DESTROYING: Destroying the VSC simulator.TPMVSCMGR STATUS VREADER INITIALIZING: Initializing the VSC reader.TPMVSCMGR STATUS VREADER CREATING: Creating the VSC reader.TPMVSCMGR STATUS VREADER DESTROYING: Destroying the VSC reader.TPMVSCMGR STATUS GENERATE WAITING: Waiting for the VSC device.12 / 37[MS-TPMVSC] - v20210407Trusted Platform Module (TPM) Virtual Smart Card Management ProtocolCopyright 2021 Microsoft CorporationRelease: April 7, 2021
TPMVSCMGR STATUS GENERATE AUTHENTICATING: Authenticating to the VSC.TPMVSCMGR STATUS GENERATE RUNNING: Generating the file system on the VSC.TPMVSCMGR STATUS CARD CREATED: The VSC is created.TPMVSCMGR STATUS CARD DESTROYED: The VSC is deleted.2.2.1.3 SmartCardPinCharacterPolicyOptionThis enumeration is used in fields of the PinPolicySerialization structure specified in section2.2.2.1. 1 enum SmartCardPinCharacterPolicyOption{Allow 0,RequireAtLeastOne 1,Disallow 2};Allow: The value is 0. This character class is allowed.RequireAtLeastOne: The value is 1. At least one item belonging to this character class is required.Disallow: The value is 2. This character class is not allowed.2.2.1.4 TPMVSC ATTESTATION TYPEenum TPMVSC ATTESTATION TYPE{TPMVSC AT
The DCOM Interfaces for Trusted Platform Module (TPM) Virtual Smart Card Management Protocol is used to manage virtual smart cards (VSCs) on a remote machine, such as those based on trusted platform modules (TPM). It provides methods for a protocol client to request creation and destruction of VSCs and to monitor the status of these operations.
