You can log on or off the Cryptographic Coprocessor by working with role-restricted APIs.
You need to log on only if you wish to use an API that uses an access control point that is not enabled in the default role. Log on with a profile that uses a role that has the access control point you want to use enabled.
After you log on to your Cryptographic Coprocessor, you can run programs to utilize the cryptographic functions for your Cryptographic Coprocessor. You can log on by writing an application that uses the Logon_Control (CSUALCT) API verb.
When you have finished with your Cryptographic Coprocessor, you should log off of your Cryptographic Coprocessor. You can log off by writing an application that uses the Logon_Control (CSUALCT) API verb.