Terminology

This document uses the following special terminology:

Winlogon

Winlogon.exe is the executable image responsible for implementing interactive logon. There are many aspects of interactive logon, including an actual collection of Identification and Authentication (I & A) information (see GINA below), and a number of other functions, such as window-station and desktop management, screen saver control, and multiple-network provider notifications.

GINA

This specification is for developers who want to replace the component of Windows NT that performs Identification and Authentication of interactive users. This replacable functionality is implemented as a dynamic-link library (DLL) that is loaded and called by Winlogon.exe. This DLL is refered to as the Graphical Identification and Authentication DLL, or GINA for short.

MSGINA.DLL

The standard GINA shipped with Windows NT is called MSGINA.DLL.

Secure Attention Sequence (SAS)

Winlogon uses a special sequence of events to recognize when a user wants to log on or perform other secure operations. This sequence of events is refered to as the Secure Attention Sequence or SAS. The SAS provides a secure way for users to enter identification and authentication information. Users are protected from password-collection programs and other flaws inherent in timeshare systems.

In Windows NT, users can enter a Secure Attention Sequence, prompting Winlogon to switch to a secure desktop that no trojan program has access to. The SAS for a standard Windows NT system is the CTRL+ALT+DEL key combination. Developers writing a replacement GINA are encouraged to achieve the same level of security with their Secure Attention Sequence through the use of devices like smart-card readers. The SAS could be, for example, the insertion or removal of a smart card. Developers can also choose to retain the CTRL+ALT+DEL key combination as the SAS.