Design Of Windows Identity Authentication Mechanism Based On Smart Key

With the fast development of information technology, system security has become a more and more important issue that attracts people's attention. And identity authentication, acting as the first barrier to protect the system, plays a vital role in these aspects. However, traditional identity authentication mechanism for Windows is based on the account and corresponding password, which has some hidden troublesWe have no our own OS in our country, so it's very important and significative to do some research on Windows identity authentication and access control mechanism.The Windows operate system provided in registering a safety according to the third square the attestation method of the smart card, this kind of way compares more traditional attestation method of the user's name/password to on the safety biggest raise.In this paper, we first introduce windows seurity subsystem 's principle, model and interaction between components in Windows 2000 and write up the access control mechanism. Then, we introduce Kerberos protocol and its application into Windows 2000. we elaborate on Windows logon procedure and Windows default indenty authentication module. We notice, the Windows domain controller supports another the verification method that domain register, and this is to register through an smate card. Smart card is a kind of equipments that has microprocessor and inside micro operate system, Be support a Windows domain logging in, it still needs to support standard software standard of the PC/SC intelligence card of Microsoft, and has to provide the CSP procedure of Microsoft authorization.Moreover, usage according to the area of the intelligence card the logging is the identity verification which passes a certificate attestation's method to carry out an area a customer, therefore have to build up a set of CA system that can combine together with area controller, and can distribute signature certificate through an intelligence card, the customer make use of thus of the intelligence card can succeed of carry on registering a verification according to the area of intelligence card.Then, we explained how to carry out to provide a kind a mechanism according to the identity attestation of the USB Key from the EpGina.dll mold piece of definition.Here we use Sinorail Xinan (Beijing) information Security technology co., Ltd develop of the CopLock-Key-Key intelligence card equipments.Finally introduced carry out of the whole structure of system and project process, and gave some characteristicses of system, the work of outlook next movement.