Windows has a set of built in cryptographic security providers called CSP. There are a lot more written by various cryptographic device manufacturers such as Athena, Gemalto and Safenet.
Some vendors do not implement the full CSP API, instead, the rely on on the Microsoft Base Smartcard Cryptographic Provider which works with plugins called mini drivers.
The right mini driver is selected by checking the ATR of the smart card.
Every CSP maintains a key database which is a list of key containers.
A key container holds up to 2 key pairs - one for authentication (Exchange) and one for signature.
So when we want to perform some operation with a private key, we first check the key provider name (CSP) and then get the key container with the CryptAcquireContext method.
Then we choose the key specs (Signature or Exchange)
When using a digital signature we get a pointer to the certificate context which points internally to the actually key pair.
This glossary is a must for anyone who is working with windows security environment.