Computer system with file security function

US 5,163,147 A
Filed: 08/30/1990
Issued: 11/10/1992
Est. Priority Date: 08/31/1989
Status: Expired due to Fees

First Claim

Patent Images

1. A computer system with file security function, comprising:

first storage means for storing user files and user programs;

input means for inputting ID information for recognizing a user;

second storage means for storing operator profile information corresponding to the ID information, environment profile information corresponding to the contents of the user programs, and access protection information corresponding to access types for the user files;

user recognizing means for reading out the operator profile information from said second storage means according to the ID information input via said input means and performing a process to recognize a user based on the readout operator profile information;

program verifying means for reading out the environment profile information from said second storage means when one of the user programs is requested to start, and for determining whether execution of the user program is permitted or not based on the environment profile information when the user recognized by said user recognizing means is recognized to correctly correspond to the operator profile information; and

access verifying means for reading out the access protection information from said second storage means when an access request from the user is made with respect to a specified file stored in said first storage means according to the user program which is permitted to be executed by said program verifying means, and for determining whether execution of file access is permitted or not based on the access protection information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a computer system having a security function, environment profile information defining a file to be accessed and an executable user program are previously stored into a storage unit. The environment profile information is selected by operator profile information corresponding to ID information input via a work station by a user. A host computer executes the user program defined by the environment profile information. When a specified file access is requested after the execution of the user program, whether execution of the file access is permitted or not is determined according to access protection information. The access protection information is information having access types and file contents defined by the environment profile information.

Citations

13 Claims

1. A computer system with file security function, comprising:
- first storage means for storing user files and user programs;
  
  input means for inputting ID information for recognizing a user;
  
  second storage means for storing operator profile information corresponding to the ID information, environment profile information corresponding to the contents of the user programs, and access protection information corresponding to access types for the user files;
  
  user recognizing means for reading out the operator profile information from said second storage means according to the ID information input via said input means and performing a process to recognize a user based on the readout operator profile information;
  
  program verifying means for reading out the environment profile information from said second storage means when one of the user programs is requested to start, and for determining whether execution of the user program is permitted or not based on the environment profile information when the user recognized by said user recognizing means is recognized to correctly correspond to the operator profile information; and
  
  access verifying means for reading out the access protection information from said second storage means when an access request from the user is made with respect to a specified file stored in said first storage means according to the user program which is permitted to be executed by said program verifying means, and for determining whether execution of file access is permitted or not based on the access protection information.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A system according to claim 1, wherein said user recognizing means effects a logoff operation to inhibit use of the system when the result of recognition of the recognizing process by the user shows that the user cannot be recognized.
  - 3. A system according to claim 1, wherein said program verifying means compares the name of a user program specified by the environment profile information with the name of a user program requested to be started, permits execution of the user program requested to start when the comparison result shows a coincidence between the compared names, and effects an error process when the comparison result shows a noncoincidence between the compared names.
  - 4. A system according to claim 1, wherein said access verifying means compares the content of an access type specified by the access protection information with the access content of the user program, permits execution of the file access when the comparison result shows a coincidence between the compared contents, and effects an error process when the comparison result shows a noncoincidence between the compared contents.
  - 5. A system according to claim 1, wherein said environment profile information is constructed by information including the content of the user program and the file content to be accessed.
  - 6. A system according to claim 1, wherein said access protection information in constructed by information including the access contents having the contents of "deletion", "modification", "write-in" and "readout" for the file and the file contents.
  - 7. A system according to claim 6, wherein said access verifying means compares the file content specified by the access protection information with the file content to be accessed by the user program, permits execution of the file access when the comparison result shows a coincidence between the compared contents, and effects an error process when the comparison result shows a noncoincidence between the compared contents.

8. A security control method for a computer system, comprising the steps of:
- storing user files and user programs into first storage means;
  
  processing ID information as inputted for recognition of a user;
  
  storing into second storage means operator profile information corresponding to the ID information, environment profile information corresponding to contents of the user programs, and access protection information corresponding to access types for the user files;
  
  reading out the operator profile information from said second storage means according to the ID information and performing a user recognizing process based on the readout operator profile information;
  
  reading out the environment profile information from said second storage means when one of the user programs is requested to start, and determining whether execution of the user program is permitted or not based on the environment profile information when the user is recognized to correctly correspond to the operator profile information; and
  
  reading out the access protection information from said second storage means when an access request from the user is made with respect to a specified file stored in said first storage means according to the user program which is permitted to be executed, and determining whether execution of file access is permitted or not based on the access protection information.

9. A computer system with file security function, comprising:
- input means for inputting user recognizing ID information;
  
  first storage means for storing operator profile information which includes the user recognizing ID information and an environment profile information name corresponding to the user recognizing ID Information;
  
  second storage means for storing environment profile information which includes at least information on an activable user program, and a file name to be accessed from the user program, said environment profile information being stored in correspondence to each environment profile information name;
  
  third storage means for storing information representing at least an access type which is permitted for each file to be executed from the user program;
  
  means for checking whether or not the operator profile information which corresponds to the user recognizing ID information input from the input means is stored in the first storage means;
  
  means for accessing the environment profile information stored in the second storage means on the basis of the environment profile information name stored in the checked operator profile information, and for activating an activable user program corresponding to the accessed second storage means; and
  
  means for determining whether or not an access type to be executed from the user program is permitted, on the basis of the information stored in the third storage means.
- View Dependent Claims (10, 11, 12, 13)
- - 10. A system according to claim 9, wherein said first storage means further stores information on a first authority level corresponding to the user recognizing ID information, and said second storage means further stores information on a second authority level corresponding to the environment profile information, said system further comprising:
    - means for comparing the first authority level and the second authority level with each other, and for prohibiting access to the environment profile information stored in the second storage means if the first authority level is lower than the second authority level.
  - 11. A system according to claim 10, wherein said first storage means further stores information on a third authority level which is obtained by updating the first authority level corresponding to the user recognizing ID information, said system further comprising:
    - means for comparing the third authority level and the second authority level with each other, and for allowing access to the environment profile information stored in the second storage means if the third authority level is higher than the second authority level.
  - 12. A system according to claim 9, wherein said second storage means further stores information on a password corresponding to the environment profile information, and said input means inputs the environment profile information name and a password corresponding to the environment profile information, said system further comprising:
    - means for comparing the password input from the input means with the password stored in the second storage means, and for prohibiting access to the environment profile information stored in the second storage means if the two passwords are different.
  - 13. A system according to claim 9, wherein said second storage means further stores information on a file password corresponding to a file name to be accessed from the user program, and said third storage means further stores information on a file password corresponding to each file to be accessed from the user user program, said system further comprising:
    - means for accessing a file designated by the user program on the basis of the file password stored in the second storage means.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Original Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Inventors
Orita, Yukio
Primary Examiner(s)
Heckler, Thomas M.

Application Number

US07/575,439
Time in Patent Office

803 Days
Field of Search

364/200 MS File, 364/900 MS File, 395/425, 395/600, 395/725
US Class Current

1/1
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

Y10S 707/99939   Privileged access

Computer system with file security function

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Computer system with file security function

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links