JPH10154131A - File access management system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a file access management system that rejects an operation to a file which is performed by other users while a user is away and controls an access so that file information can not be seen by other users without permission. SOLUTION: This system is provided with an identification body 3 which records identification information and a reader 4 which automatically reads the identification information in a fixed time cycle and inputs it to a computer 2. A user who goes away from the computer 2 is detected by repeatedly confirming whether the same user continuously operates not only at the time of the access to a file but also after the access in a fixed time cycle, display contents can not be seen while the user is away and also an inputted operation is not delivered to the file.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

The present invention relates to a computer in which a plurality of users share a program file or a data file, or a computer in which the computers are connected to each other via a network and the plurality of users share the program file or the data file. The present invention relates to a file access management system for managing access to each file in a system on an individual user basis and / or a user group basis.

[0002]

2. Description of the Related Art In a computer in which a file is shared by a group or in a computer system in which each user of a group can arbitrarily use a file on a network, a file is changed due to a careless or intentional action of the user. Security measures are important to protect files by reducing damage such as erasure, destruction, and theft of information. A user identification technology is a central technology for realizing such security measures.

[0003] In general, user identification is an authentication procedure regarding whether a person who intends to use a file is legitimate, and is performed by a computer when an attempt is made to access a file. Since user identification is performed by a password input method, each user needs to memorize identification information such as a password consisting of a sequence of several characters and symbols given in advance. When using the file, the user enters his / her own password directly from the computer keyboard, and if the password matches the password stored in the computer beforehand and matches the password, the user is identified as a valid user. The user is granted permission to access the target file.

[0004] In addition, several types of passwords for user identification may be prepared, and passwords given according to users may be selectively used. This makes it possible to divide the users into a plurality of groups and manage the access to the files on a group basis. For example, the same data file can be managed by being divided into a user group permitted to write and read, a user group permitted to read only, and a user group not permitted to even read.

[0005] The above-described access control in a group unit is particularly effective when protecting a confidential file of a company by restricting access to a data file containing important information to only a specific person. is important. It is also an effective means for preventing the contents of the file from being rewritten without permission by a person who is not directly related to the file, or from being destroyed.

[0006]

In the conventional access management by a method of directly inputting a password from a keyboard (hereinafter, referred to as a direct input method), the following three methods are used.
One of the reasons was that the protection of the file was not thorough.
First, when the number of characters to be combined as a password is increased to more than ten or when the characters are arranged in a meaningless sequence of alphanumeric characters, the user tends to easily forget the password. . Therefore, if these forgettable characters and numbers are not combined as a password, the type of characters to be used is restricted, and the password is easily found. Second, since the password can be easily known by another person, the result of authentication as the person cannot be said to be reliable. Third, when a user leaves the computer for a temporary task and the file is left running, an unrelated person can perform operations on the file on behalf of a legitimate user. Detection·
It cannot be excluded, and it does not prevent the information of the file from being viewed by others without permission.

[0007] The first and second problems are that the password is intangible information. For that, it is necessary to rely on human memory ability, or it is easy to duplicate and counterfeit by others.
In some cases, plagiarism or professions to others by oneself cannot be prohibited. As a result, in the related art, whether the access management functions effectively depends on the level of the password storage ability and the awareness of the password management of each user, and the effectiveness is low.

In order to solve this problem, a method of inputting a password using a magnetic card (hereinafter referred to as a magnetic card method) has been considered. In the magnetic card system, a magnetic card in which identification information for each user is recorded in advance by magnetism is provided to each user for one time.
Distribute them one by one. When using the file, the user inserts the magnetic card into the gap of the reader, and moves the magnetic card horizontally while keeping the magnetic card in contact with the reading unit, so that the identification information such as the password recorded on the magnetic card can be obtained. Read from the reading part of the magnetic reader. Thus, user identification is performed based on the information input to the computer.

According to the magnetic card method, it is possible to prevent a user from forgetting a password and becoming inaccessible. Therefore, the number of characters of the password to be set can be increased as much as possible within the storage capacity of the card,
In addition to making it difficult to estimate the password, the increased amount of information allows the user group to be further subdivided to perform access management. Furthermore, since passwords are handled as one with a tangible card, easy duplication, that is, forgery / plagiarism by others or professorship by others, is not allowed, and strict access control on a card basis is not possible. Will be possible.

[0010] On the other hand, the third problem is that the password input and the user identification are performed only once when accessing the file. This can be solved by increasing the number of times of user identification, repeating password verification even after accessing the file, and constantly monitoring whether the user who is currently operating the file is legitimate.

However, if the number of times of user identification is increased by the direct input method or the magnetic card method, the password input operation by the user becomes too complicated, and the intended operation cannot be performed efficiently. For this reason, it was very difficult to solve the third problem by the direct input method or the magnetic card method. Therefore, there is no need for the user to memorize the password, which can prevent easy duplication and teaching of the identification information, and automatically and continuously read the identification information without the need for the user's input operation. It was necessary to newly consider access management using user identification technology, which can be input to the Internet.

The present invention has been made in view of the above circumstances, and an object of the present invention is not only to authenticate a user at the time of accessing a file, but also to continuously operate the same user after the access. By repeating the automatic confirmation of whether the user is away from the computer at regular intervals, the system detects the user who is leaving the computer and excludes other users from operating the file while the user is away. ,
Another object of the present invention is to provide a file access management system for controlling access so that file information is not seen by other users without permission.

[0013]

SUMMARY OF THE INVENTION According to the present invention, a computer collates identification information input by a user with authentication information registered in advance and stored in the computer for each user or user group. The present invention relates to a file access management system that identifies whether or not a user is legitimate and permits or denies access to a computer program file or data file according to the identification result. An identification body that records the identification information; and a reading device that automatically reads the recorded identification information from the identification body and inputs the information to a computer at a fixed time period. By repeatedly inputting the identification information without any In the case of use who are, and not be able to see the display contents, and is achieved by not passed an input operation to the file.

Further, the identification information may be composed of a plurality of characters, symbols, and graphics, or a specific combination of any one or two of them. In this case, the object of the present invention is to record the identification information by bar code printing on the surface of the identification body, and to provide the reading device with a bar code reading means, and to read the identification information by the reading device. The bar code printing on the surface of the identification body is performed in a non-contact manner, the identification information is recorded on the surface of the identification body by printing, and the reading device is provided with an image input unit and an image recognition unit. The reading of the identification information by the device can be effectively achieved by performing the non-contact from the image recognition of the printing on the surface of the identification body.

Further, at this time, the identification information is stored in a storage unit built in the identification body, and the reading device is provided with a signal processing means, so that the reading device reads the identification information from the identification body. The processing may be performed based on processing of the response signal to be sent. In this case, the object of the present invention is to provide the identification body with a connection terminal and the reading device with a connection terminal to be connected to the connection terminal, and the response signal is transmitted through the connection terminal. This is effectively achieved by being received via the coupling terminal.

In this case, the interrogator receives the interrogation signal, reads the identification information stored in the storage unit in response to the received interrogation signal, and generates the response signal including the identification information. A transmitting and receiving unit for transmitting and, and comprising a power generation unit for supplying the electrical energy generated by converting the received interrogation signal to a DC voltage to the transmitting and receiving unit, and wherein the reading device, A transmission / reception antenna arranged to be electromagnetically coupled to the transmission / reception unit of the identification object, wherein the response signal is generated in response to the interrogation signal generated by the signal processing unit and transmitted from the transmission / reception antenna. The identification information stored in the storage unit is read without contact by being transmitted from the transmission / reception unit of the identification object and received by the transmission / reception antenna of the signal processing unit. The object by the so that is more effectively achieved.

In addition, the identification information may be a fingerprint or a palm shape of each user. In this case, an image input unit and an image recognition unit are provided to recognize the fingerprint or the palm shape of the user as an image. A reading device that automatically reads the information and inputs it to the computer at a fixed time period, and repeats the input of the identification information without the user's own input operation, and determines whether the user is a valid user. The above object can be achieved even if the user is another user, the display contents cannot be seen, and the input operation is not transferred to the file.

[0018]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Preferred embodiments of the present invention will be described with reference to the accompanying drawings. FIG. 1 is a schematic diagram showing the configuration of the file access management system of the present invention.
The file access management system 1 includes a computer 2, an identification body 3, and a reader (reading device) 4.
The reader 4 is connected to the computer 2 by a connection cable 5. In the computer 2, as shown in FIG. 2, the processing program Pprg and the registration program Rpr
g operates and registration data Rdat indicating the correspondence between the identification information and the management target file name is stored. The processing program Pprg reads the identification information read by the reader 4 and refers to the registration data Rdat to identify the user and exclude access by others. In the registration program Rprg, the monitoring target file, the identification object, and the access permission / non-permission are set for each identification object, and registered in the registration data Rdat. The processing program Pprg can issue a command to the reader 4 and receive information sent from the reader 4 via the I / O interface IF.

In the following, the configuration and operation of the identification body 3 and the reader 4 will be described for an embodiment of a system for reading identification information by transmitting and receiving signals. FIG. 3 shows an embodiment of the discriminator 3, which has a card shape here. The card 30 is made of plastic or the like, and includes an antenna 31 for transmitting and receiving signals to and from the reader 4 and a transmitting / receiving circuit 32 including a voltage generator for obtaining electric energy from a received signal. The appearance of the identification body 3 is not limited to the card shape, but may be, for example, a badge shape.

FIG. 4 shows an example of the internal configuration of the reader 4. Power is supplied from an external power supply to the power supply unit 41, and the signal processing unit including the transmission / reception unit 42, the control unit 43, and the CPU 44 is driven. The transmitting and receiving unit 42 has an antenna 45,
An I / O control unit 46 is connected to the CPU 44, and the transmission / reception unit 42, the control unit 43, and the CPU 44 are mutually connected by a bus 47. The reader 4 continuously generates a query signal at a constant time cycle of, for example, about 100 milliseconds / cycle in the transmission / reception section 42 and the control section 43 and radiates the signal from the antenna 45. These operations are centrally controlled by the CPU 44. I have. If this processing is performed by the processing program Pprg or the like in the computer 2, the CPU 44 can be omitted.

FIG. 5 is a block diagram showing a configuration example of a circuit built in the identification body 3. In the memory 33, identification information for specifying the user is stored in advance. When the interrogation signal radiated from the antenna 45 of the reader 4 is received by the antenna 31, a drive voltage is generated by electromagnetic induction and stored in the battery 35 while being controlled by the power supply control unit 34. The control unit 36 is driven by the stored power, reads the identification information in the memory 33, generates a transmission signal including the identification information, and transmits the transmission signal from the antenna 31. The circuit configuration of the identification body 3 is not limited to the example shown here.

A signal including identification information transmitted from the antenna 31 of the identification body 3 is received by the antenna 45 of the reader 4 and input to the control unit 43. Control unit 4 of reader 4
In step 3, the identification information included in the input signal is continuously read, and the read identification information is sent to the I / O control unit 46 in accordance with a read command sent from the processing program Pprg at a constant time period. To the computer 2 via

It should be noted that, instead of the above-described signal transmission / reception reading, information is input without user's own input operation such as bar code reading, image recognition, electrical contact, fingerprint collation, and palm shape collation. Other techniques that can read the data can be used. For example, when barcode reading is used, the barcode-coded identification information is recorded on the surface of the identification body 3 by an appropriate method such as printing, and the reader 4 is used.
In place of the antenna 41, a bar code reading unit including a laser transmitter and a light receiver may be provided. When using image recognition, identification information combining characters, figures, and symbols is recorded on the surface of the identification body 3 by general printing, hologram processing, or printing using special ink, and the antenna 41 of the reader 4 Instead, an image capturing camera may be provided. When electrical contact is used, identification information obtained by combining characters, figures, and symbols is stored in a memory 33 built in the identification body 3, and
The identification body 3 may be provided with a connection terminal, and the reader 4 may be provided with a connection terminal to be connected to the connection terminal.
Also in these reading techniques, the identification body 3 is not limited to a card shape. On the other hand, when fingerprint collation or palm shape collation is used, it is not necessary to separately prepare the identification body 3, and an optical scanner or an image capturing camera may be provided instead of the antenna 41 of the reader 4. When combining the various reading techniques described above, the control performed by the CPU 44 of the reader 4 may be appropriately changed in accordance with each technique.

Next, the processing by the registration program Rprg and the processing program Pprg that operate on the computer shown in FIG. 2 will be described. The registration program Rprg and the processing program Pprg can be used in common regardless of the identification information reading method. 6 to 8 show examples of screens displayed according to the processing of the registration program Rprg. FIG. 6 shows an example of a monitoring target program registration screen for setting and registering a program to be monitored. This screen has a column for displaying a program list and a column for displaying a registered program list. At the bottom of the screen, operation buttons for "add", "monitor", and "not monitor" are arranged.

In the program list column, all program files that can be set as monitoring targets at present are displayed.
When the user selects a file to be monitored from here and instructs “add”, the selected file is displayed in the registered program list field. Further, by instructing one of “monitor” and “not monitor” for the file displayed in the registered program list column, execution / non-execution of monitoring in file units is designated. Repeat these steps to set whether to monitor the required number of program files. The correspondence information between the selected program name and the execution / non-execution of the specified monitoring is
It is registered and stored in the registration data Rdat.

FIG. 7 shows an example of a card registration screen for reading information of the card 30 (identifier 3) from the reader 4 and registering the information together with the name of the user. This screen includes a column for displaying a card number and a column for displaying a name, and operation buttons for “read card” and “register” are arranged at the bottom of the screen.

When the card 30 is set at the reading position of the reader 4 and "card reading" is instructed and the card information read by the reader 4 is read, the card number (identification information) stored in the memory 33 of the card 30 is read. Is displayed in the card number field. When the user name or group name of the read card is entered in the name field and "registration" is instructed, the correspondence information between the displayed card number and the inputted card name is registered and stored in the registration data Rdat. You.

FIG. 8 shows an example of an execution permission / non-permission registration screen for setting execution permission / non-permission of the monitoring target program file for each registered card. This screen has a column for displaying a card name and a column for displaying a monitoring target program list, and operation buttons for “permit” and “not permit” are arranged at the bottom of the screen.

In the card name column, the currently registered data Rda
All the names of the cards registered in t are displayed, and all the program names currently registered in the registered data are displayed in the monitoring target program list field.
When setting or registering execution permission / non-permission, select a card name from the card name column, select a program file to be registered from the monitoring target program list column, and select "permit" or "disable". To specify whether the owner of the card displayed in the card name column is permitted to execute the file. The execution permission / non-permission information of each file set for each card name set here is registered and stored in registration data Rdat, and is referred to at the time of user identification processing.

A part or all of the information of the above-mentioned registration data Rdat may be stored in the memory 33 of the identification body 3 in advance. For example, by storing a registration program in advance, an identification body dedicated to the program can be used, or by storing a card name in advance, an identification body dedicated to the user can be used.

Next, the processing in the processing program Pprg will be described with reference to FIGS. FIG. 9 is a flowchart showing a processing example of the processing program Pprg, and FIG. 10 is an example of a prohibition screen displayed by the processing.

When the processing is started, the processing program Pp
rg checks the program currently running on the computer 2 and obtains the operating file name (step S
1). Subsequently, it is determined whether or not the file having the acquired operating file name is registered in the registration data Rdat with reference to the registration data Rdat (step S2). If at least one active file is registered in the registration data Rdat, a read command is issued to the reader 4 and the reader 4
Reads the read identification information (step S3). At this time, it is determined whether or not the reading has been normally performed (step S4).
0 is displayed (step S7). On the other hand, if the identification information can be read, the registration data Rdat is referred to again, and it is checked whether or not the read identification information is permitted to execute all the currently operating files (step S5). Here, if at least one file whose execution is not permitted is running, the prohibition screen of FIG. 10 is also displayed (step S7). If the execution of all running files is permitted, the display is canceled if the prohibition screen of FIG. 10 is displayed (step S6). Also, if no active file is registered in the registration data in the previous step S2, the display is canceled if the prohibition screen of FIG. 10 is displayed (step S2).
6). Then, after waiting for a preset time (step S7), the process returns to step S1, and the above series of processing is repeated.

The prohibition screen shown in FIG. 10 has a size that covers the entire display screen, so that the contents of the active file cannot be seen at the time of display. In the displayed state, the processing program Pprg receives all inputs from input devices such as a keyboard and a mouse, and does not transfer the input to an active file. As a result, while the prohibition screen is displayed, no operation on the active file is accepted, and access to the file is restricted. The waiting time in step S7 may be short enough to prevent other users from operating the file during that time, but may be set to, for example, about ten and several seconds.

Although the description here relates to the management of access to the program file, the access to the data file can be managed similarly. Further, the registration program Rprg and the processing program Pprg may be operated as independent program files, or may be functioned by being incorporated in another program file. Further, in a computer network such as a client / server system, registration data Rdat is collectively stored and managed by one computer such as a file server, and the registration program Rprg and the processing program Pprg in each computer are registered in the same manner. Data Rdat can be used.

Hereinafter, an example of execution of access management by the system of the present invention will be described. The administrator is required to
The identification information of the identification object 3 is registered and stored in the registration data Rdat by using each of the registration screens of the registration programs Rprg shown in (1) to (8), and one identification object 3 is assigned to each user. However, when fingerprint or palm shape recognition is used, only registration is required since the identification body 3 does not exist.
At the time of setting, hierarchical access management is possible by making the files permitted to be executed different for each user (identification information).

When the user actually uses the file, the process is as follows. First, in the initial state, no user is present, and the identification body 3 is not set at the reading position of the reader 4. As a result, the identification information is not read, but none of the files are running.
The prohibition screen of 0 is not displayed, and the user can access the file. Here, the user enters the registration data Rdat
If you want to access a file that is not registered in
Can be used without any problems as before. On the other hand, when accessing the file registered in the registration data Rdat, the user sets his / her own identification body 3 at the reading position of the reader 4 and reads the identification information.
Must be checked against As a result of the collation, if it is authenticated that the use of the file to be accessed is permitted, the file can be used freely. If the identification object 3 is not set correctly at the reading position of the reader 4 or if the use of the file to be accessed is determined to be not permitted as a result of comparison with the registration data Rdat, the file cannot be accessed. Can not. The above part corresponds to the conventional access management.

When the user leaves the computer 2 while using the file, the user carries the identification body 3. By doing so, the identification object 3 is deviated from the reading position of the reader 4 and the identification information is not read, so that it is detected that the user has left the computer 2. While the user is away from the computer 2, the prohibition screen shown in FIG. 10 is displayed, the contents of the active file are hidden and cannot be seen, and the input operation is transferred to the active file. Access to files will be eliminated. The display of the prohibition screen in FIG. 10 is automatically released when the user sets his / her identification body 3 again at the reading position of the reader 4, and the input operation to the file is accepted at the same time. When the user finishes the file after completing the target operation and leaves the computer 2 together with the identification body 3, the identification body 3 is removed from the reading position of the reader 4, but is registered in the registration data Rdat. Unless another file is running at the same time, the prohibition screen of FIG. 10 is no longer displayed. This allows another user to access it.

The example of access management by the system of the present invention described above does not depend on the difference in the method of reading the identification information.

[0038]

As described above, according to the file access management system of the present invention, it is automatically repeated whether or not the same user is working after accessing a file. In addition, the display contents of the active file cannot be seen, and at the same time, the input operation is not transferred to the active file. With these features, you can eliminate file operations and file information eavesdropping performed by others while the user is away from the computer while the file is running.
Effective file protection can be provided. In addition, the identification information is recorded on a tangible object, or the fingerprint or palm shape is used as the identification information, so that the user does not need to memorize the identification information by himself, and the identification information becomes more complicated. can do. Further, forgery or plagiarism of the identification information by another person or teaching by another person to another person becomes difficult, and strict access control for each identification body becomes possible.

Further, if the file access management system of the present invention is used when a plurality of the same program files are introduced into a computer network based on a license agreement, the identification object in which the program files are stored in a memory in advance as a registration program can be used. The number of program files that can be operated simultaneously on the network can be reduced to the number of identifiers or less.
Therefore, if the number of identifiers is limited to the number of licenses of the program file or less at this time, the number of programs that can be used at the same time even if the number of programs exceeding the number of regular licenses is introduced by illegal copying Can not exceed the number of licenses, which can contribute to compliance with the software license agreement.

[Brief description of the drawings]

FIG. 1 is a schematic configuration diagram of an embodiment of a file access management system of the present invention.

FIG. 2 is a diagram showing a configuration example of a computer part in the system of the present invention.

FIG. 3 is a diagram showing an embodiment of an identification body in the system of the present invention.

FIG. 4 is a diagram showing an embodiment of a reader in the system of the present invention.

FIG. 5 is a diagram showing a configuration example of a circuit built in an identification body of the system of the present invention.

FIG. 6 is a diagram showing a display example of a monitoring target program registration screen in a registration program of the system of the present invention.

FIG. 7 is a diagram showing a display example of a card registration screen in a registration program of the system of the present invention.

FIG. 8 is a diagram showing a display example of an execution permission / non-permission registration screen in the registration program of the system of the present invention.

FIG. 9 is a flowchart illustrating an example of a processing procedure according to a processing program of the system of the present invention.

FIG. 10 is a display example of a prohibition screen in a processing program of the system of the present invention.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 File access management system 2 Computer 3 Identification body 4 Reader (reading device) 5 Connection cable 30 Card 31 Antenna 32 Transmission / reception circuit 33 Memory 34 Power supply control unit 35 Electric storage 36 Control unit 41 Power supply unit 42 Transmission / reception unit 43 Control unit 44 CPU 45 Antenna 46 I / O control unit 47 Bus Pprg processing program Rprg registration program Rdat registration data IF I / O interface

Continued on the front page (72) Inventor Junichiro Hashimoto 2-8-1, Kanda Sakumacho, Chiyoda-ku, Tokyo 4th floor of Kanda Champia Building Micro Talk Systems Co., Ltd. (72) Inventor Shigeo Kitamura Sakuma Kanda, Chiyoda-ku, Tokyo 2-7-1, Kanda-cho, Kanda Champia Bldg. 4th Floor, Micro Talk Systems Co., Ltd. (72) Inventor Tatsuhiko Tatsuya 1-49-1, Hatsudai, Shibuya-ku, Tokyo No. 30 7th Floor, 7th Floor, Naka System Building Nippon System Project Co., Ltd. Inside the project (72) Inventor Ryuichiro Eda 2-173-15 Sanno, Ota-ku, Tokyo Room 103, Green Tag Co., Ltd.

Claims (7)

[Claims] A computer verifies identification information input by a user with authentication information registered in advance and stored in a computer for each user or for each user group, so that the user is valid. In a file access management system for identifying whether or not to allow or disallow access to a computer program file or data file according to the identification result, an identification body that records the identification information, and the recorded identification information, Equipped with a reading device that automatically reads from the identification body and inputs it to the computer at a fixed time period, repeatedly inputting the identification information without the user's own input operation,
By identifying whether the user is a legitimate user in a fixed time period, if another user is a user, the display contents cannot be viewed and the input operation is not transferred to the file. And file access management system. 2. The method according to claim 1, wherein the identification information includes a plurality of characters and symbols,
Or a specific combination of any of these, is recorded by bar code printing on the surface of the identification body, and the reading device has bar code reading means, and the identification information of the reading device is 2. The file access management system according to claim 1, wherein the reading is performed in a non-contact manner from a barcode printing on the surface of the identification body. 3. The identification information is composed of a plurality of characters, symbols, and graphics, or a specific combination of any one or two of them, and is recorded on the surface of the identification body by printing. 2. The file access according to claim 1, wherein the reading device has an image input unit and an image recognizing unit, and the reading of the identification information by the reading device is performed in a non-contact manner from the image recognition of the printing on the surface of the identification body. Management system. 4. The identification information is composed of a plurality of characters, symbols, and graphics, or a specific combination of any one or two of them, and is stored in a storage unit built in the identification object. 2. The file access management system according to claim 1, wherein the reading device has signal processing means, and reading of the identification information by the reading device is performed based on processing of a response signal sent from the identification object. . 5. The identification body has a connection terminal, and the reader has a connection terminal to be connected to the connection terminal, and the response signal is sent through the connection terminal. The file access management system according to claim 4, wherein the file access management system is received via the coupling terminal. 6. The identification object receives an interrogation signal, reads identification information stored in the storage unit in response to the received interrogation signal, and generates and transmits the response signal including the identification information. A transmitting / receiving unit for converting the received interrogation signal into a DC voltage, and a power generation unit for supplying electric energy generated by the transmitting / receiving unit to the transmitting / receiving unit. A transmission / reception antenna disposed so as to be electromagnetically coupled to the transmission / reception unit, wherein the response signal is generated by the signal processing unit and the identification object is transmitted in response to the interrogation signal transmitted from the transmission / reception antenna. The non-contact reading of the identification information stored in the storage unit by being transmitted from the transmitting and receiving unit and receiving by the transmitting and receiving antenna of the signal processing unit. File access management system. 7. The computer verifies the identification information input by the user with authentication information registered in advance and stored in the computer for each user or each user group, so that the user is valid. In a file access management system for identifying whether or not to access a program file or data file of a computer according to the identification result, the identification information is a fingerprint or palm shape of each user, and image input is performed. Means and image recognition means for automatically reading by recognizing a user's fingerprint or palm shape as an image and inputting it to a computer at a fixed time period. By repeatedly inputting identification information without being accompanied, it is possible to identify a valid user at a fixed time period A file access management system characterized in that if another user is used, the display contents cannot be viewed and the input operation is not transferred to the file.