Information processing method, apparatus, and system for controlling computer resources, control method therefor, storage medium, and program
First Claim
1. An information processing method of controlling access to computer storage, display, recording and other resources managed by an operating system in a computer, the method being implemented by a specific resource management program located between the operating system and an application, the method comprising:
- a storing step of storing a management table in a storage medium, wherein the management table provides, for each computer resource managed by the operating system, access right information comprising access rights, each represented by a series of basic operations for accessing computer resources, and conditions under which the access rights are validated;
an interception step of intercepting an access request for a first computer resource from a process, before the access request is transferred to the operating system;
a monitoring step of monitoring all the basic operations for accessing computer resources;
a registration step of, when the process secures access to the first computer resource, registering a correspondence between the process and the first computer resource in a storage medium;
a cancellation step of, when the process releases the first computer resource, cancelling the correspondence between the process and the first computer resource;
a determination step of;
retrieving access right information of the first computer resource from the management table;
examining the monitoring result to see whether there is a series of basic operations associated with the process and the first computer resource which, when considered together, is consistent with one of the access rights, anddetermining whether the process is allowed to access the first computer resource based on the examination result;
a processing step of, if it is determined in the determination step that the process is allowed to access the first computer resource, transferring the access request to the operating system and returning a result from the operating system to the process; and
a denial step of denying the access request, if it is determined in the determination step that the process is not allowed to access the first computer resource.
1 Assignment
0 Petitions
Accused Products
Abstract
An operation request from a process or OS for computer resource(s) managed by the OS, such as a file, network, storage device, display screen, or external device, is trapped before access to the computer resource. It is determined whether an access right for the computer resource designated by the trapped operation request is present. If the access right is present, the operation request is transferred to the operating system, and a result from the OS is returned to the request source process. If no access right is present, the operation request is denied, or the request is granted by charging in accordance with the contents of the computer resource.
-
Citations
32 Claims
-
1. An information processing method of controlling access to computer storage, display, recording and other resources managed by an operating system in a computer, the method being implemented by a specific resource management program located between the operating system and an application, the method comprising:
-
a storing step of storing a management table in a storage medium, wherein the management table provides, for each computer resource managed by the operating system, access right information comprising access rights, each represented by a series of basic operations for accessing computer resources, and conditions under which the access rights are validated; an interception step of intercepting an access request for a first computer resource from a process, before the access request is transferred to the operating system; a monitoring step of monitoring all the basic operations for accessing computer resources; a registration step of, when the process secures access to the first computer resource, registering a correspondence between the process and the first computer resource in a storage medium; a cancellation step of, when the process releases the first computer resource, cancelling the correspondence between the process and the first computer resource; a determination step of; retrieving access right information of the first computer resource from the management table; examining the monitoring result to see whether there is a series of basic operations associated with the process and the first computer resource which, when considered together, is consistent with one of the access rights, and determining whether the process is allowed to access the first computer resource based on the examination result; a processing step of, if it is determined in the determination step that the process is allowed to access the first computer resource, transferring the access request to the operating system and returning a result from the operating system to the process; and a denial step of denying the access request, if it is determined in the determination step that the process is not allowed to access the first computer resource. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An information processing apparatus for controlling access to computer storage, display, recording and other resources managed by an operating system in a computer, the information processing apparatus comprising hardware controlled by a specific resource management program located between the operating system and an application, the apparatus comprising:
-
a management table stored in a storage medium, wherein the management table provides, for each computer resource managed by the operating system, access right information comprising access rights, each represented by a series of basic operations for accessing computer resources, and conditions under which the access rights are validated; interception means for intercepting an access request for a first computer resource from a process before the access request is transferred to the operating system; monitoring means for monitoring all the basic operations for accessing computer resources; registration means for, when the process secures access to the first computer resource, registering a correspondence between the process and the first computer resource in a storage medium; cancellation means for, when the process releases the first computer resource, cancelling the correspondence between the process and the first computer resource; determination means for; retrieving access right information of the first computer resource from the management table; examining the monitoring result to see whether there is a series of basic operations associated with the process and the first computer resource which, when considered together, is consistent with one of the access rights, and determining whether process is allowed to access the first computer resource based on the examination result; processing means for, if it is determined by the determination means that the process is allowed to access the first computer resource, transferring the access request to the operating system and returning a result from the operating system to the process; and denial means for denying the access request if it is determined by the determination means that the process is not allowed to access the first computer resource. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A storage medium which stores a program for causing a computer to control access to computer storage, display, recording and other resources managed by an operating system in a computer, wherein said program implements a specific resource management method and is located between the operating system and an application, said method comprising:
-
a storing step of storing a management table in a storage medium, wherein the management table provides, for each computer resource managed by the operating system, access right information comprising access rights, each represented by a series of basic operations for accessing computer resources, and conditions under which the access rights are validated; an interception step of intercepting an access request for a first computer resource from a process, before the access request is transferred to the operating system; a monitoring step of monitoring all the basic operations for accessing computer resources; a registration step of, when the process secures access to the first computer resource, registering a correspondence between the process and the first computer resource in a storage medium; a cancellation step of, when the process releases the first computer resource, cancelling the correspondence between the process and the first computer resource; a determination step of; retrieving access right information of the first computer resource from the management table; examining the monitoring result to see whether there is a series of basic operations associated with the process and the first computer resource which, when considered together, is consistent with one of the access rights, and determining whether the process is allowed to access the first computer resource based on the examination result; a processing step of, if it is determined in the determination step that the process is allowed to access the first computer resource, transferring the access request to the operating system and returning a result from the operating system to the process; and a denial step of denying the access request, if it is determined in the determination step that the process is not allowed to access the first computer resource. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. An information processing system comprising first and second terminals connected through a communication network, the first and the second terminals being controlled by a specific resource management program located between an operating system, which manages computer storage, display, recording and other resources, and an application for each terminal, wherein
the first terminal comprises: -
interception means for intercepting an access request for a first computer resource of the second terminal from a process in the first terminal, before the computer resource of the second terminal is accessed via an operating system of the first terminal monitoring means for monitoring all the basic operations for accessing computer resources; registration means for, when the process secures access to the first computer resource, registering a correspondence between the process and the first computer resource in a storage medium cancellation means for, when the process releases the first computer resource, cancelling the correspondence between the process and the first computer resource; and transmitting means for transmitting the access request intercepted by the interception means to the second terminal; and the second terminal comprises; storing means for storing a management table in a storage medium, wherein the management table provides, for each computer resource managed by the operating system of the second terminal, access right information comprising access rights, each represented by a series of basic operations for accessing computer resources, and conditions under which the access rights are validated; receiving means for receiving the access request intercepted by the interception means of the first terminal; determination means for; retrieving access right information of the first computer resource from the management table; examining the monitoring result to see whether there is a series of basic operations associated with the process and the first-computer resource which, when considered together, is consistent with one of the access rights, and determining whether the process is allowed to access the first computer resource based on the examination result; processing means for, if it is determined by the determination means that the process is allowed to access the first computer resource, transferring the access request to the operating system in the first terminal and returning a result from the operating system to the process in the first terminal; and denial means for denying the access request if it is determined by the determination means that the process is not allowed to access the first computer resource.
-
-
25. A control method for an information processing system constituted by connecting first and second terminals through a communication network, the first and the second terminals being controlled by a specific resource management program located between an operating system, which manages computer storage, display, recording and other resources, and an application for each terminal, the method comprising:
-
a storing step of storing a management table in a storage medium, wherein the management table provides, for each computer resource managed by an operating system of the second terminal, access right information comprising access rights, each represented by a series of basic operations for accessing computer resources, and conditions under which the access rights are validated; an interception step of intercepting an access request for a first computer resource of the second terminal from a process in the first terminal, before the computer resource of the second terminal is accessed via an operating system of the first terminal a monitoring step of monitoring all the basic operations for accessing computer resources; a registration step of, when the process secures access to the first computer resource, registering a correspondence between the process and the first computer resource in a storage medium; a cancellation step of, when the process releases the first computer resource, cancelling the correspondence between the process and the first computer resource; a determination step of; retrieving access right information of the first computer resource from the management table; examining the monitoring result to see whether there is a series of basic operations associated with the process and the first computer resource which, when considered together is consistent with one of the access rights, and determining whether the process is allowed to access the first computer resource based on the examination result; a processing step of, if it is determined in the determination step that the process is allowed to access the first computer resource, transferring the access request to the operating system in the first terminal and returning a result from the operating system to the process in the first terminal; and a denial step of denying the access request if it is determined in the determination step that the process is not allowed access to the first computer resource.
-
-
26. A storage medium which stores a program for causing a computer to control an information processing system constituted by connecting first and second terminals through a communication network, wherein said program implements a resource management method and is located between an operating system, which manages computer storage, display, recording and other resources, and an application for each terminal, said method comprising:
-
a storing step of storing a management table in a storage medium, wherein the management table provides, for each computer resource managed by an operating system of the second terminal, access right information comprising access rights, each represented by a series of basic operations for accessing computer resources, and conditions under which the access rights are validated; an interception step of intercepting an access request for a first computer resource of the second terminal from a process in the first terminal, before the computer resource of the second terminal is accessed via an operating system of the first terminal; a monitoring step of monitoring all the basic operations for accessing computer resources; a registration step of, when the process secures access to the first computer resource, registering a correspondence between the process and the first computer resource in a storage medium; a cancellation step of, when the process releases the first computer resource, cancelling the correspondence between the process and the first computer resource; a determination step of; retrieving access right information of the first computer resource from the management table; examining the monitoring result to see whether there is a series of operations associated with the process and the first computer resource which, when considered together, is consistent with one of the access rights, and determining whether the process is allowed to access the first computer resource based on the examination result; a processing step of, if it is determined in the determination step that the process is allowed to access the first computer resource, transferring the access request to the operating system in the first terminal and returning a result from the operating system to the process in the first terminal; and a denial step of denying the operation request if it is determined in the determination step that the process is not allowed to access the first computer resource.
-
-
27. An information processing apparatus connected to a terminal through a communication network, the information processing apparatus and the terminal being controlled by a specific resource management program located between an operating system, which manages computer storage, display, recording and other resources, and an application for each of the information processing apparatus and the terminal, the apparatus comprising:
-
a memory; a management table stored in the memory, providing, for each computer resource managed by the operating system of the terminal, access right information comprising access rights, each represented by a series of basic operations for accessing computer resources, and conditions under which the access rights are validated; interception means for intercepting an access request for a first computer resource of the terminal from a process, before the computer resource of the terminal is accessed via an operating system of the information processing apparatus; monitoring means for monitoring all the basic operations for accessing computer resources; registration means for, when the process secures access to the first computer resource, for registering a correspondence between the process and the first computer resource in the memory; cancellation means for, when the process releases the first computer resource, cancelling the correspondence between the process and the first computer resource; transmitting means for transmitting the access request intercepted by the interception means to the terminal; and receiving means for receiving a reply to the access request from the terminal, wherein the terminal; retrieves access right information of the computer resource from the first management table; examines the monitoring result to see whether there is a series of basic operations associated with the process and the first-computer resource which, when considered together, is consistent with one of the access rights, and determines whether the process is allowed to access the first computer resource based on the examination result, wherein the receiving means receives a determination result determined by the terminal as the reply.
-
-
28. An information processing apparatus connected to a terminal through a communication network, the information processing apparatus comprising hardware, and the information processing apparatus and the terminal being controlled by a specific resource management program located between an operating system, which manages computer storage, display, recording and other resources, and an application for each of the information processing apparatus and the terminal, the apparatus comprising:
-
storing means for storing a management table in a storage medium, wherein the management table provides, for each computer resource managed by an operating system of the information processing apparatus, access right information comprising access rights, each represented by a series of basic operations for accessing computer resources, and conditions under which the access rights are validated; receiving means for receiving an access request for a first computer resource of the information processing apparatus from a process of the terminal, intercepted by the terminal, before the first computer resource of the information processing apparatus is accessed via an operating system of the information processing apparatus; monitoring means for monitoring all the basic operations for accessing computer resources; registration means for, when the process secures access to the first computer resource, registering a correspondence between the process and the first computer resource in a storage medium; cancellation means for, when the process releases the first computer resource, cancelling the correspondence between the process and the first computer resource; determination means for; retrieving access right information of the first computer resource from the management table, examining the monitoring result to see whether there is a series of basic operations associated with the process and the first-computer resource which, when considered together, is consistent with one of the access rights, and determining whether the process is allowed to access the first computer resource based on the examination result; processing means for, if it is determined by the determination means that the process has is allowed to access the first computer resource, transferring the access request to the operating system in the terminal and returning a result to a process in the terminal; and denial means for denying the access request if it is determined by the determination means that the process is not allowed to access the first computer resource.
-
-
29. An information processing method for an information processing apparatus connected to a terminal through a communication network, the information processing apparatus and the terminal being controlled by a specific resource management program located between an operating system, which manages computer storage, display, recording and other resources, and an application for each of the information processing apparatus and the terminal, the method comprising:
-
a storing step of storing a management table in a storage medium, wherein the management table provides, for each computer resource managed by the operating system of the terminal, access right information comprising access rights, each represented by a series of basic operations for accessing computer resources, and conditions under which the access rights are validated; an interception step of intercepting an operation request for a first computer resource of the terminal from a process, before the computer resource of the terminal is accessed via an operating system of the information processing apparatus; a monitoring step of monitoring all the basic operations for accessing computer resources; a registration step of, when the process secures access to the first computer resource, registering a correspondence between the process and the first computer resource in a storage medium a cancellation step of, when the process releases the first computer resource, cancelling the correspondence between the process and the first computer resource; a transmitting step of transmitting the access request intercepted in the interception step to the terminal; a receiving step of receiving a reply to the access request from the terminal, wherein the terminal; retrieves access right information of the first computer resource from the management table, examines the monitoring result to see whether there is a series of basic operations associated with the process and the first computer resource which, when considered together, is consistent with one of the access rights, and determines whether the process is allowed to access the first computer resource based on the examination result, wherein in the receiving step, a determination result determined by the terminal is received as the reply.
-
-
30. An information processing method for an information processing apparatus connected to a terminal through a communication network, the information processing apparatus and the terminal being controlled by a specific resource management program located between an operating system, which manages computer storage, display, recording and other resources, and an application for each of the information processing apparatus and the terminal, the method comprising:
-
a storing step of storing a management table in a storage medium, wherein the management table provides, for each computer resource managed by an operating system of the information processing apparatus, access right information comprising access rights, each represented by a series of basic operations for accessing computer resources, and conditions under which the access rights are validated; a receiving step of receiving an access request for a first computer resource of the information processing apparatus from a process of the terminal, intercepted by the terminal, before the computer resource of the information processing apparatus is accessed via an operating system of the information processing apparatus; a monitoring step of monitoring all the basic operations for access computer resources; a registration step of, when the process secures access to the first computer resource, registering a correspondence between the process and the first computer resource in a storage medium; a cancellation step of, when the process releases the first computer resource, cancelling the correspondence between the process and the first computer resource; a determination step of; retrieving access right information of the first computer resource from the management table; examining the monitoring result to see whether there is a series of basic operations associated with the process and the first-computer resource which, when considered together, is consistent with one of the access rights, and determining whether the process is allowed to access the first computer resource based on the examination result; a processing step of, if it is determined in the determination step that the process is allowed to access the first computer resource, transferring the access request to the operating system in the terminal and returning a result to a process in the terminal; and a denial step of denying the operation request if it is determined in the determination step that the process is not allowed to access the first computer resource.
-
-
31. A storage medium which stores a program for controlling an information processing apparatus connected to a terminal through a communication network, said program implements a resource management method and is located between an operating system, which manages computer storage, display, recording and other resources, and an application for each the information processing apparatus and the terminal, said method comprising:
-
a storing step of storing a management table in a storage medium, wherein the management table provides, for each computer resource managed by the operating system of the terminal, access right information comprising access rights, each represented by a series of basic operations for accessing computer resources, and conditions under which the access rights are validated; an interception step of intercepting an access request for a first computer resource of the terminal from a process, before the computer resource of the terminal is accessed via an operating system of the information processing apparatus; a monitoring step of monitoring all the basic operations for accessing computer resources; a registration step of, when the process secures access to the first computer resource, registering a correspondence between the process and the first computer resource in a storage medium; a cancellation step of, when the process releases the first computer resource, cancelling the correspondence between the process and the first computer resource; a transmitting step of transmitting the access request intercepted in the interception step to the terminal; a receiving step of receiving a reply to the access request from the terminal, wherein the terminal; retrieves access right information of the first computer resource from the management table; examines the monitoring result to see whether there is a series of basic operations associated with the process and the first-computer resource which, when considered together, is consistent with one of the access rights, and determines whether the process is allowed to access the first computer resource based on the examination result, wherein in the receiving step, a determination result determined by the terminal is received as the reply.
-
-
32. A storage medium which stores a program for controlling an information processing apparatus connected to a terminal through a communication network, said program implements a resource management method and is located between an operating system, which manages computer storage, display, recording and other resources, and an application for each of the information processing apparatus and the terminal, said method comprising:
-
a storing step of storing a management table in a storage medium, wherein the management table provides, for each computer resource managed by an operating system of the information processing apparatus, access right information comprising access rights, each represented by a series of basic operations for accessing computer resources, and conditions under which the access rights are validated; a receiving step of receiving an access request for a first computer resource of the information processing apparatus from a process of the terminal, intercepted by the terminal, before the computer resource of the information processing apparatus is accessed via an operating system of the information processing apparatus; a monitoring step of monitoring all the basic operations for accessing computer resources; a registration step of, when the process secures access to the first computer resource, registering a correspondence between the process and the first computer resource in a storage medium; a cancellation step of, when the process releases the first computer resources, cancelling the correspondence between the process and the first computer resources; a determination step of; retrieving access right information of the first computer resource from the management table; examining the monitoring result to see whether there is a series of basic operations associated with the process and the first-computer resource which, when considered together, is consistent with one of the access rights, and determining whether the process is allowed to access the first computer resource based on the examination result; a processing step of, if it is determined in the determination step that the process is allowed to access the first computer resource, transferring the access request to the operating system in the terminal and returning a result to a process in the terminal; and a denial step of denying the operation request if it is determined in the determination step that the process is not allowed to access the first computer resource.
-
Specification