To enhance the security of the Windows login system,Microsoft's latest Credential Provider logon authentication model was studied,and the advantages and disadvantages of the currently existing enhanced authentication methods were analyzed,a thirdparty authentication mode using USB Key was presented.The equipment was independently developed employing national security encryption chip which blocked the hidden possibility of the information leakage during third-party certification phase.Two-factor strong authentication system using Credential Provider model based on USB Key was designed and implemented,to avoid the security threats posed by the traditional username--password login way on Windows 7 platform.The security level of the system is effectively improved using the proposed model.%为提高当前Windows登录系统的安全性,在对微软最新推出的身份认证登录模型——凭据提供(Credential Provider)模型进行研究的基础上,分析当前已有的增强认证方式的优缺点,提出第三方身份认证方式密钥(USB Key)认证,选用的USB Key设备为实验室自主研发的全国产化安全加密芯片设备,阻断第三方认证阶段信息泄露的可能.基于Windows 7平台,设计并实现基于USB Key的Credential Provider模型双因子强身份认证系统,避免“用户名+密码”传统登录方式的安全隐患,有效提高系统的安全级别.
展开▼