Computer system with file security function
First Claim
1. A computer system with file security function, comprising:
- first storage means for storing user files and user programs;
input means for inputting ID information for recognizing a user;
second storage means for storing operator profile information corresponding to the ID information, environment profile information corresponding to the contents of the user programs, and access protection information corresponding to access types for the user files;
user recognizing means for reading out the operator profile information from said second storage means according to the ID information input via said input means and performing a process to recognize a user based on the readout operator profile information;
program verifying means for reading out the environment profile information from said second storage means when one of the user programs is requested to start, and for determining whether execution of the user program is permitted or not based on the environment profile information when the user recognized by said user recognizing means is recognized to correctly correspond to the operator profile information; and
access verifying means for reading out the access protection information from said second storage means when an access request from the user is made with respect to a specified file stored in said first storage means according to the user program which is permitted to be executed by said program verifying means, and for determining whether execution of file access is permitted or not based on the access protection information.
1 Assignment
0 Petitions
Accused Products
Abstract
In a computer system having a security function, environment profile information defining a file to be accessed and an executable user program are previously stored into a storage unit. The environment profile information is selected by operator profile information corresponding to ID information input via a work station by a user. A host computer executes the user program defined by the environment profile information. When a specified file access is requested after the execution of the user program, whether execution of the file access is permitted or not is determined according to access protection information. The access protection information is information having access types and file contents defined by the environment profile information.
-
Citations
13 Claims
-
1. A computer system with file security function, comprising:
-
first storage means for storing user files and user programs; input means for inputting ID information for recognizing a user; second storage means for storing operator profile information corresponding to the ID information, environment profile information corresponding to the contents of the user programs, and access protection information corresponding to access types for the user files; user recognizing means for reading out the operator profile information from said second storage means according to the ID information input via said input means and performing a process to recognize a user based on the readout operator profile information; program verifying means for reading out the environment profile information from said second storage means when one of the user programs is requested to start, and for determining whether execution of the user program is permitted or not based on the environment profile information when the user recognized by said user recognizing means is recognized to correctly correspond to the operator profile information; and access verifying means for reading out the access protection information from said second storage means when an access request from the user is made with respect to a specified file stored in said first storage means according to the user program which is permitted to be executed by said program verifying means, and for determining whether execution of file access is permitted or not based on the access protection information. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A security control method for a computer system, comprising the steps of:
-
storing user files and user programs into first storage means; processing ID information as inputted for recognition of a user; storing into second storage means operator profile information corresponding to the ID information, environment profile information corresponding to contents of the user programs, and access protection information corresponding to access types for the user files; reading out the operator profile information from said second storage means according to the ID information and performing a user recognizing process based on the readout operator profile information; reading out the environment profile information from said second storage means when one of the user programs is requested to start, and determining whether execution of the user program is permitted or not based on the environment profile information when the user is recognized to correctly correspond to the operator profile information; and reading out the access protection information from said second storage means when an access request from the user is made with respect to a specified file stored in said first storage means according to the user program which is permitted to be executed, and determining whether execution of file access is permitted or not based on the access protection information.
-
-
9. A computer system with file security function, comprising:
-
input means for inputting user recognizing ID information; first storage means for storing operator profile information which includes the user recognizing ID information and an environment profile information name corresponding to the user recognizing ID Information; second storage means for storing environment profile information which includes at least information on an activable user program, and a file name to be accessed from the user program, said environment profile information being stored in correspondence to each environment profile information name; third storage means for storing information representing at least an access type which is permitted for each file to be executed from the user program; means for checking whether or not the operator profile information which corresponds to the user recognizing ID information input from the input means is stored in the first storage means; means for accessing the environment profile information stored in the second storage means on the basis of the environment profile information name stored in the checked operator profile information, and for activating an activable user program corresponding to the accessed second storage means; and means for determining whether or not an access type to be executed from the user program is permitted, on the basis of the information stored in the third storage means. - View Dependent Claims (10, 11, 12, 13)
-
Specification