Limit access to program function

US 6,101,607 A
Filed: 04/24/1998
Issued: 08/08/2000
Est. Priority Date: 04/24/1998
Status: Expired due to Fees

First Claim

Patent Images

1. A method for limiting access to a program function in a computer system and an application program interface with an authorization query function and a registration function, comprising the steps of:

registering said program function in a repository in said computer system by executing an application program interface function call to said registration function;

selecting user authorizations, said step of selecting user authorizations comprising the steps of;

providing a list of registered program functions to an administrator via a user interface; and

for each registered program function in said list, said administrator setting an authorization corresponding to each of a plurality of users via said user interface, said authorization indicating whether said user is authorized to access said registered program function;

executing, under control of a user, an application program having access to said program function and having an embedded application program interface function call to said authorization query function, said application program interface function call situated in application program code in association with said program function protected against unauthorized access, said authorization query function returning a response in response to execution of said function call;

determining whether said response indicates said user is authorized to access said program function; and

executing said program function only if said user is authorized to access said program function.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system and computer program product for selectively restricting access to a program function in a computer system having an operating system security mechanism operates via an application programming interface (API) that includes a program function registration API function, an authorization selection API function, and an authorization query API function. In response to a call to the API registration function, the program function is registered in a repository in the computer system. After the program function has been registered, a system administrator can select user authorizations using a software tool that includes calls to the authorization selection API function. The system administrator may select whether a particular user or group of users is authorized to access each registered program function. A programmer can embed a call to the authorization query API function in an application program, which includes or calls the program function. When the application program reaches the call to the authorization query API function, the function is executed and returns an indicator or value indicating whether or not that user is allowed to access the program function.

Citations

15 Claims

1. A method for limiting access to a program function in a computer system and an application program interface with an authorization query function and a registration function, comprising the steps of:
- registering said program function in a repository in said computer system by executing an application program interface function call to said registration function;
  
  selecting user authorizations, said step of selecting user authorizations comprising the steps of;
  
  providing a list of registered program functions to an administrator via a user interface; and
  
  for each registered program function in said list, said administrator setting an authorization corresponding to each of a plurality of users via said user interface, said authorization indicating whether said user is authorized to access said registered program function;
  
  executing, under control of a user, an application program having access to said program function and having an embedded application program interface function call to said authorization query function, said application program interface function call situated in application program code in association with said program function protected against unauthorized access, said authorization query function returning a response in response to execution of said function call;
  
  determining whether said response indicates said user is authorized to access said program function; and
  
  executing said program function only if said user is authorized to access said program function.
- View Dependent Claims (2, 3, 4)
- - 2. The method recited in claim 1, wherein said step of registering said program function in a repository comprises the step of registering said program function in a registry of an operating system having a security mechanism for granting and denying individual users access to selected files.
  - 3. The method recited in claim 2, wherein:
    - said step of registering a program function in a repository further comprises the step of creating a proxy file corresponding to said program function;
      
      said step of setting an authorization corresponding to each user of a plurality of users via said user interface comprises the step of calling said security mechanism to set an operating system user authorization for access to said proxy file; and
      
      said authorization query function generates said response in response to said operating system user authorization for access to said proxy file.
  - 4. The method recited in claim 1, wherein said step of registering said program function in a repository is performed by execution of an installation program for installing said application in said computer system.

5. A computer program product for use in a computer system for limiting access to an application program function, said computer program product comprising at least one signal-bearing medium carrying thereon:
- an application program interface comprising a registration function and an authorization query function, said registration function registering said program function in a repository in said computer system in response to execution of a function call to said registration function in said application program, said authorization query function returning a response in response to execution of a function call to said authorization query function, said response indicating whether a user under whose control said application program executes is authorized to access said program function; and
  
  an authorization selector tool comprising means for providing a list of registered program functions to an administrator via a user interface, means operable in response to input provided by said administrator via said user interface for setting an authorization corresponding to each user of a predetermined plurality of users for each registered program function in said list, said authorization indicating whether said user is authorized to access said registered program function.
- View Dependent Claims (6, 7)
- - 6. The computer program product recited in claim 5, wherein:
    - said registration function registers said program function in a registry of an operating system having a security mechanism for granting and denying individual users access to selected files.
  - 7. The computer program product recited in claim 6, wherein:
    - said registration function creates a proxy file corresponding to said program function;
      
      said means operable in response to input provided by said administrator via said user interface for setting an authorization calls said security mechanism to set an operating system user authorization for access to said proxy file; and
      
      said authorization query function generates said response in response to said operating system user authorization for access to said proxy file.

8. A system for limiting access to an application program function in a computer system, comprising:
- application program registration means including a function call to a registration function and including a registration function for registering said program function in a repository in said computer system in response to execution of said function call to said registration function in an application program;
  
  application program query means including a function call to an authorization query function and including an authorization query function returning a response in response to execution of said function call to said authorization query function, said response indicating whether a user under whose control said application program executes is authorized to access said program function; and
  
  an authorization selector tool comprising means for providing a list of registered program functions to an administrator via a user interface, means operable in response to input provided by said administrator via said user interface for setting an authorization corresponding to each user of a predetermined plurality of users for each registered program function in said list, said authorization indicating whether said user is authorized to access said registered program function.
- View Dependent Claims (9, 10, 11)
- - 9. The system recited in claim 8, wherein:
    - said function call to said registration is embedded in said application program;
      
      said registration function exists in said computer system outside said application program;
      
      said function call to said authorization query function is embedded in said application program; and
      
      said authorization query function exists in said computer system outside said application program.
  - 10. The system recited in claim 8, wherein said registration function registers said program function in a registry of an operating system having a security mechanism for granting and denying individual users access to selected files.
  - 11. The computer program product recited in claim 10, wherein:
    - said registration function creates a proxy file corresponding to said program function;
      
      said means operable in response to input provided by said administrator via said user interface for setting an authorization calls said security mechanism to set an operating system user authorization for access to said proxy file; and
      
      said authorization query function generates said response in response to said operating system user authorization for access to said proxy file.

12. A method for limiting access to an application program function in a computer system having a repository representing an authorization corresponding to each user of a predetermined plurality of users for each said application program function, said authorization indicating whether said user is authorized to access said program function, said computer system further having an authorization selector tool for updating said repository in response to input from an administrator setting each said authorization, the method comprising the steps of:
- embedding in an application program pre-run-time portion a function call to a registration function existing in said computer system outside said application program, said registration function registering said program function in a repository in said computer system in response to execution of said function call to said registration function; and
  
  embedding in an application program run-time portion a function call to an authorization query function existing in said computer system outside said application program, said authorization query function returning a response in response to execution of a function call to said authorization query function, said response indicating whether a user under whose control said application program executes is authorized to access said program function.
- View Dependent Claims (13, 14, 15)
- - 13. The method recited in claim 12, wherein said registration function registers said program function in a registry of an operating system having a security mechanism for granting and denying individual users access to selected files.
  - 14. The method recited in claim 13, wherein:
    - said registration function creates a proxy file corresponding to said program function;
      
      said authorization selector tool, in response to said input from said administrator, calls said security mechanism to set an operating system user authorization for access to said proxy file; and
      
      said authorization query function generates said response in response to said operating system user authorization for access to said proxy file.
  - 15. The method recited in claim 13, wherein said application program pre-run-time portion comprises an installation program for installing said application program in said computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Bachand, Anthony Paul, Botz, Patrick Samuel, Smith, Barbara Ann, Woodbury, Carol Jean
Primary Examiner(s)
Palys, Joseph E.
Assistant Examiner(s)
Hartman, Jr., Ronald D

Application Number

US09/065,888
Time in Patent Office

837 Days
Field of Search

709/302, 380/4, 713/200, 713/201, 395/712, 395/682
US Class Current

726/17
CPC Class Codes

G06F 21/629 to features or functions of...

G06F 9/468 Specific access rights for ...

Limit access to program function

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Limit access to program function

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links