JPH03176753A - Password control processing system - Google Patents

Abstract

PURPOSE:To easily control system resources by allowing a slave password to register only necessary resources out of system resources previously registered in a pass word control list by a master password. CONSTITUTION:At the time of receiving password, a master password, a user identification(ID) name, and a resource registering request, a registering processing part 3 forms a registered information area in the password control table 1 and registers the password, master password, the user's ID name, etc., in the area. Then the master password reads out the registered contents of usable resources registered in the list 1. One resource requested by a resource registering request is extracted and whether the resource of the request is included in the registered contents of the master password or not is discriminated by collating the contents of the resource with the read registered contents, and when the requested resource coincides with the registered contents of the master password, the requested resource is registered. Consequently, the resources can be hierarchically controlled by the passwords.

Description

[Detailed Description of the Invention] (II Essential) Regarding the management of passwords for controlling the use of system resources in computers, it is possible to hierarchically manage the registration of system resources that are permitted to be used by passwords using passwords. Aiming at a password management processing method that allows for It is set to indicate the system resource that should be allowed to be used only when presented, and when registering the password,
A parent password is specified, and only the resources within the range of the system resources registered in the password management book corresponding to the same password as the parent password are registered in correspondence with the registered password.

[Industrial application field]

The present invention relates to password management for controlling the use of system resources in a computer, and particularly to a password management processing method for processing the registration of system resources whose use is permitted by a password. .

[Problems to be solved by conventional technology and inventions] In computer systems, the use of so-called system resources such as tasks, files, commands, databases, etc. is limited to the necessary qualified personnel, and security protection and data protection are implemented. Password protection systems are often used to prevent vandalism and the like.

For example, a password is set for each individual or group of users (hereinafter simply referred to as users), and is used to identify the user who is accessing the computer as a user registered in the system. It is used to verify and authenticate the input user identification name and password.

In addition, for each necessary system resource, the correspondence between the user identification name of the user who is allowed to use that system resource and the system resource name is registered, and the user who is authenticated with a password as described above can use the system resource. control so that only system resources registered corresponding to user identification names can be used.

In this case, each password is first issued by, for example, a system administrator and registered in a password management book. In addition, regarding the correspondence between system resources and user identification names that are permitted to use them, for example, initially, the founder of each system resource becomes the registration right holder and establishes a correspondence between the resource name of that system resource and the necessary user identification name. It shall be registered in the resource management book, etc.

Therefore, in the protection system described above, the use of system resources is managed for each individual resource and each user. On the other hand, when computers are generally used in an organization, the system resources that should be allowed to be used become part of the higher-level system resources as you go from higher to lower in the organizational structure, such as departments, divisions, and groups within a division. In the case of the above-mentioned protection system, the use of system resources is separately managed in accordance with the organization, and the results are recorded in the password management book and resource management book. It is necessary to ensure that the protection is implemented by reflecting the information.

An object of the present invention is to provide a password management processing method that can hierarchically manage the registration of system resources whose use is restricted by passwords.

[Means to solve the problem]

FIG. 1 is a block diagram showing the configuration of the present invention.

The figure shows the configuration of a password management processing method, in which a password management book 1 is configured to hold registration information 2,
Registration information 2 is set so that the system resource corresponding to the registered password indicates the system resource that should be allowed to be used only when the password is presented in a predetermined manner, and the password is not used. When registering, the parent password is specified, and the registration processing unit 3 stores the password management list 1.
Only the resources within the range of the system resources registered in correspondence with the same password as the parent password are registered in correspondence with the password to be registered.

[For production]

With the above processing method, it is possible to control so that only the necessary system resources registered in advance in the password management book 1 by the parent password are registered by the child password. By providing passwords that correspond to each other as passwords for parent-child relationships, it is possible to easily manage system resources used by children so that they become part of the parent's system resources in sequence, through password registration.

〔Example〕

FIG. 2 is a diagram illustrating an example of the configuration of each piece of registered information 2 registered in the password management book l of the present invention.
It consists of user identification name, parent password, resource name of system resource, etc.

Here, ■ There are generally multiple users and system resources that correspond to passwords. Further, necessary control information may be added to each resource name, and in the control information, for example, restrictions on how each system resource is used (for example, only reading of files is allowed), etc. are set.

FIG. 3 shows an example of the flow of a new password registration process by the registration processing unit 3 in FIG. When a resource registration request such as the resource name and usage mode of a resource is received, in processing step 11, an area for registration information is provided in the password management book l, and the password, parent password, user identification name, etc. are registered.

In the processing step 12, the registered contents of the usable resources registered in the password register 1 using the parent password are read out.

Next, one resource requested in the resource registration request is picked up, and in process step 13, whether the requested resource (and usage mode) is included in the registered content of the parent password is identified by comparing it with the read registered content. , if the parent password is registered, the requested resource is registered in processing step 14. Also, if the requested resource is not included in the registration contents of the parent password, it will not be registered.

Once identified in processing step 15, the above processing is sequentially executed for the requested resources, and all requested resources are processed.
In processing step 16, the registration result status, such as a list of resource names of system resources that have not been registered, is output, and the processing ends.

As a result of the above processing, system resources that can be made available through new registration of a password cannot go beyond the range of system resources that can be used using the parent password.

As an example of operation of the protection system according to the present invention, as shown in FIG.
), all system resources necessary for protection are registered to be used, and passwords for lower layers are sequentially set to form a tree structure with this password as the root.

In that case, for example, the system administrator must register the password for the layer immediately below the root using his own password (P!Jo
t) is executed as the parent password, and each registered password (PSWO2, PSWO3) is notified to the user who uses that password.

For passwords at lower levels, the password at the level immediately above it shall be registered as the parent password, and in the same way as above, each user who has a parent password may register a child password, but if the parent and child Alternatively, the user may be given the parent password, the resource name of the available system resource, etc., and have the user register by himself/herself.

In such a case, the registered content will be updated so that it cannot be executed unless the password to be updated and its parent password are presented together. Therefore, each user will be able to update the registered information by presenting both the password to be updated and its parent password. You shall keep your Parent Password confidential if you are made aware of it.

By performing registration in this manner, the authority of the child password is registered only so as to be included within the authority of the parent password, as shown in FIG. 4(b). Note that the figure explanatoryly represents the authority range of each password, that is, the usable system resources (and each usage mode) by the area surrounded by each elliptical curve.

〔Effect of the invention〕

As is clear from the above description, according to the present invention, in password management for controlling the use of system resources in a computer, the registration of system resources whose use is restricted by passwords is managed hierarchically by passwords. This has the effect of facilitating the management of system resources corresponding to the hierarchy of an organization or the like.

[Brief explanation of drawings]

Figure 1 is a block diagram showing the configuration of the present invention, Figure 2 is an explanatory diagram of the password management list of the present invention, Figure 3 is a flowchart of the processing of the present invention, and Figure 4 explains the password hierarchy of the present invention. This is E. In the figure, 1 is a password management book, 2 is registration information, 3 is a registration processing unit, and 10 to 16 are processing steps.

Claims (1)

[Claims] The password management book (1) is configured to hold registration information (2), and the registration information (2) includes information about registered passwords and corresponding system resources. It is set to indicate the system resource that should be allowed to be used only when the password is presented in a predetermined manner, and when registering the password, specify the parent password and enter the corresponding password in the password management list (1). (3) A password management processing method characterized in that only resources within a range of system resources registered in correspondence with the same password as a parent password are registered in correspondence with the registered password.