視窗系統下使用者身分驗證機制的建立 -以智慧卡和PDA為輸入裝置

Abstract

本文探討如何以PDA(Personal Digital Assistant) 及智慧卡(Smart Card)在微軟視窗作業系統(Microsoft Windows)上建立使用者驗證機制。視窗作業系統上，使用者驗證機制架構，包括了區域安全驗證元件(Local Security Authority，LSA)，GINA元件( Graphical Identification and Authentication dynamic-link library )，以及如何自訂認證包裹( Authentication Package )等。在PDA的實作上，探討如何應用紅外線通訊協定( Inferred Protocols ) ，在視窗端系統及PDA端建立安全的通訊管道傳送使用者的辨識資料，進而進行使用者身份的驗證。Smart Card有不易複製、容易攜帶、將普遍取代磁卡等優點，將它用來做使用者身分驗證是一個很自然的選擇。最後分析系統的安全增強，以及進一步整合生物辨識系統的可能性。

This thesis describes how to implement a user authentication system on the Microsoft Windows platform by using a personal digital assistant (PDA) or a smart card. It surveys in detail the security architecture of the Microsoft Windows and the components of the users authentication system, including the local security authority (LSA), the graphical Identification and authentication dynamic-link library (GINA) and the customized authentication package. Then two different mechanisms are implemented to verify the identity of a user: one uses a PDA, the other uses a smart card. Finally, it analyzes the enhancement of this user authentication system and the further development by utilizing the biometrics identification.