With the fast development of information technology, system security has become a more and more important issue that attracts people's attention. And identity authentication, acting as the first barrier to protect the system, plays a vital role in these aspects. However, traditional identity authentication mechanism for Windows is based on the account and corresponding password, which has some hidden troubles such as guessing or caputring password or pseudo identity, ect.We have no our own OS in our country, so it's very important and significative to do some research on Windows identity authentication and access control mechanism. And our paper emerges as the times require.In this paper, we first introduce seurity subsystem 's principle, model and interaction between components in Windows 2000 and write up the access control mechanism. Then, we introduce Kerberos protocol and its application into Windows 2000. we elaborate on Windows logon procedure and Gina.dll—the Windows default indenty authentication module. We then describe how to replace the default gina.dll with our customized epgina.dll to support the identy authentication mechanism based on Usb Key, we also provide advanced access control through filter drvier. Lastly, we introduce the archtecture and implement flow of our system, and summarize its features briefly. |