|
Security Support Provider Interface (SSPI) is an API used by Microsoft Windows systems to perform a variety of security-related operations such as authentication. SSPI functions as a common interface to several Security Support Providers (SSPs):〔(SSP Packages Provided by Microsoft )〕 A Security Support Provider is a dynamic-link library (DLL) that makes one or more security packages available to applications. ==Windows SSPs== The following SSPs are installed with Windows: * NTLM (Introduced in Windows NT 3.51) (msv1_0.dll) - Provides NTLM challenge/response authentication for client-server domains prior to Windows 2000 and for non-domain authentication (SMB/CIFS).〔(User Authentication - Security (Windows 2000 Resource Kit Documentation) : MSDN )〕 * Kerberos (Introduced in Windows 2000 and updated in Windows Vista to support AES) 〔(Kerberos Enhancements in Windows Vista: MSDN )〕 (kerberos.dll) - Preferred for mutual client-server domain authentication in Windows 2000 and later.〔(Windows 2000 Kerberos Authentication )〕 * Negotiate (Introduced in Windows 2000) (secur32.dll) - Selects Kerberos and if not available, NTLM protocol. Negotiate SSP provides single sign-on capability, sometimes referred to as Integrated Windows Authentication (especially in the context of IIS).〔(Windows Authentication )〕 On Windows 7 and later, NEGOExts is introduced which negotiates the use of installed custom SSPs which are supported on the client and server for authentication. * Secure Channel (aka SChannel) - Introduced in Windows 2000 and updated in Windows Vista to support stronger AES encryption and ECC 〔(TLS/SSL Cryptographic Enhancements in Windows Vista )〕 This provider uses SSL/TLS records to encrypt data payloads. (schannel.dll) * PCT (obsolete) and Microsoft's implementation of TLS/SSL - Public key cryptography SSP that provides encryption and secure communication for authenticating clients and servers over the internet.〔(Secure Channel: SSP Packages Provided by Microsoft )〕 Updated in Windows 7 to support TLS 1.2. * Digest SSP (Introduced in Windows XP) (wdigest.dll) - Provides challenge/response based HTTP and SASL authentication between Windows and non-Windows systems where Kerberos is not available.〔(Microsoft Digest SSP: SSP Packages provided by Microsoft )〕 * Credential (CredSSP) (Introduced in Windows Vista and available on Windows XP SP3) (credssp.dll) - Provides SSO and Network Level Authentication for Remote Desktop Services.〔(Credential Security Service Provider and SSO for Terminal Services Logon )〕 * Distributed Password Authentication (DPA) - (Introduced in Windows 2000) (msapsspc.dll) - Provides internet authentication using digital certificates.〔(DCOM Technical Overview: Security on the Internet )〕 * Public Key Cryptography User-to-User (PKU2U) (Introduced in Windows 7) (pku2u.dll) - Provides peer-to-peer authentication using digital certificates between systems that are not part of a domain. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Security Support Provider Interface」の詳細全文を読む スポンサード リンク
|