Design And Implement Of Identity Authentication System Based Windows Security Architecture

With the rapid development of computer technology and the popularity of the Internet, information security is increasingly becoming the focus of people’s attention. Authentication technology is an important part of information security infrastructure, whose main purpose is to provide cryptography and signature service and management of key and certificates to internet applications. Authentication technology as the key basic technology for e-commerce dedicated to solve the problem of mutual trust between individuals, to build trust system, to determine the uniqueness, authenticity and legality of individuals in the internet, to protect the legitimate security interests of various individuals.The author has made a deep research on Windows security model and authentication technology. At the same time, found out that the password-based Windows single-factor authentication mechanism cannot fully meet its need of confidentiality, integrity and effectiveness for higher security requirements of certain conditions. However, Windows has a comprehensive security architecture that can provide a rich interfaces for third-party applications to do their own products.This paper designs and implements an authentication system based on Windows security model. By using Windows security interfaces and optimizing Windows authentication mechanisms, we can develop an authentication system to meet the high security scenarios. This paper proposes a three-lay model of identity authentication system, and demonstrate the architecture of system in details, including the overall framework of the three-lay structure of the model and the design of each layer module, and proposed a Windows double-factor authentication login mechanism based on smart card technology and identity authentication technology to meet the higher security needs.Firstly, this paper designs and implement access control module and authentication negotiation module of the system’s server part and also implement single sign-on function through smart card technology and Windows security mechanism. Among them, the access control module implement access control policy by extracting static characteristics of applications. The achievement of single sign-on function intimates the principle of Windows cache authentication mechanism. That caching the PIN code in this authentication system can implement smart card unified authentication function.Again, using ActiveX technology, and relying on the server part of identity authentication module implement identity authentication controller part. Controller module communicates with CA certificate server through self-designed security protocols. Meanwhile, controller can be easily integrated into other third-part business systems for providing identity authentication service.Finally, with the help of smart card technology, and relying on the server part of authentication system, this paper implements a smart-card-based Windows login authentication. This authentication method is a two-factor authentication method, which is more secure and reliable than traditional password-based authentication.