JP2002304318A - Computer system and use control method therefor - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a computer system preventing unauthorized use and efficiently executing a primary process. SOLUTION: In this system, an audit certification-processing software manages all communication between an OS and applications. For example, in execution of the applications, only the application previously registered by a manager is enabled. A drive to which an individual user can access is previously set and managed. When forbidding even display of the drive, the user cannot confirm the presence itself of the drive. Thereby, the normally executed unauthorized use of a personal computer such as a game or transmission/reception of a private mail can be prevented. The manager holds an IC card, is authenticated by the IC card, and executes various kinds of setting.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a computer system which can appropriately use computer resources for a desired purpose such as business in a general-purpose computer system, and a method of controlling the use thereof.

[0002]

2. Description of the Related Art With the advancement of computer technology and the spread of communication networks, computer processing and networking (on-line) of various tasks are progressing. This is not limited to just information-related work,
It covers almost all operations, including operations such as production management, order placement, and material procurement. In order to perform business properly and efficiently using such a computer system, a situation in which a business processing system is misused or diverted to other uses than the original purpose of computer resources does not occur. Thus, it is necessary to properly manage the system. In particular,
In a system that has become mainstream in recent years, and a standard personal computer is used as a terminal device and each terminal device is connected by a general-purpose network such as the Internet, such a situation may occur. Therefore, it is desirable to perform more strict management.

Conventionally, as a method of managing such a computer system, a method of limiting users by an ID and a password and directly controlling access to a terminal device has been mainly used. Further, as necessary, a method of restricting access to a specific file, execution of a specific program, and processing according to the user or the authority of the user is employed. Further, there is a case where a method of collecting the operation history or the execution history of the program as a log file and managing the usage status by checking the log file is adopted.

[0004]

However, the conventional method described above is not sufficient, and there is a demand for more strict control of the use of the computer system. For example, an operator who is originally authorized to use a computer for business purposes may use computer resources for personal use, such as playing a game or sending and receiving private mail using the computer. Although such use seems to be permissible at first glance, it may slow down the execution of the original processing,
The damage actually occurs, such as erasing necessary data or increasing the possibility of being infected with a virus, and is a serious illegal use. However, heretofore, such unauthorized use could not be strictly limited or effectively deterred.

[0005] Since such a user has a proper right to access a computer, it is not possible to restrict the unauthorized use only by controlling access to a personal computer as a terminal device. Also, if a more powerful administrator performs a setting to restrict file download and execution of any file for the user by using a management means provided in a conventional OS or the like, The setting is substantially equal to the setting for prohibiting the user from using the computer, and there is a high possibility that the user will not be able to perform the tasks that he or she should be performing. That is, in the conventional method,
Although it is possible to restrict access to specific processes and files for each user, it is difficult for the user to restrict all processes based on newly read games and software. Furthermore, the log file recording the usage status and the access file can be easily updated, that is, falsified by a user having a certain level of authority, and the effect of suppressing unauthorized use as described above is not sufficient. Was.

Accordingly, it is an object of the present invention to provide a computer system which can prevent unauthorized use by preventing processes other than proper processes from being executed. It is another object of the present invention to provide a method for controlling the use of a computer system that prevents execution of processing other than proper processing.

[0007]

According to one aspect of the present invention, there is provided a computer system according to the present invention, comprising: an execution permission file registration unit for registering a file permitted to be executed from among files based on a request; When execution of a process is requested, it is checked whether a file related to the execution of the process is registered in the execution permission file registration unit, and the process is substantially executed only when the file is registered. Execution control means.

[0008] Preferably, access permission setting means for setting an external storage device and a peripheral device whose use is permitted or prohibited for each user or user group, and use of an arbitrary external storage device and a peripheral device are requested. Access control means for inspecting whether or not the use of the device is permitted by the access permission setting means for the original user of the request, and substantially executing the use only when the use is permitted; The execution control means stops the execution of the processing when the use of the external storage device and the peripheral device accompanying the execution of the processing is not permitted by the access control means.
Preferably, the access control unit sets a state of a device whose use is prohibited by the setting in a state in which the presence of the device itself cannot be searched in response to an operation of the user.

[0009] More preferably, log information acquisition means for storing at least a request for execution of the arbitrary process and a status of execution or non-execution of the process for the request as log information, and a request from a specific authorized person. And log information access processing means for publishing the log information. Preferably, the apparatus further includes an IC card processing means for performing a predetermined process using the attached IC card and authenticating whether or not the owner of the IC card is the specific authority. The processing means publishes the log information only to the authorized person properly authenticated by the IC card processing means.

Further, according to the method of controlling use of a computer system according to the present invention, a file permitted to be executed is registered from files to be processed based on a request, and when execution of an arbitrary process is requested, the file is registered. It is checked whether or not a file related to the execution of the process is registered. If the result of the check indicates that the file related to the execution of the process is registered, the process is substantially executed.

[0011]

DESCRIPTION OF THE PREFERRED EMBODIMENTS One embodiment of the present invention will be described.
This will be described with reference to FIGS. In the present embodiment, the present invention will be described by exemplifying a personal computer system that constitutes one node device in a computer system in which a plurality of computers are connected via a network.

First, the hardware configuration of the personal computer system will be described with reference to FIG. FIG. 1 is a block diagram illustrating a hardware configuration of a personal computer system 1 according to the present embodiment.
The personal computer system 1 includes a personal computer body 10, a keyboard 15, a display 16
And an IC card reader / writer 17.

The personal computer main body 10 performs desired processing based on the installed software. As shown in FIG.
It has a U section 11, a hard disk drive (HDD) 12, a floppy disk drive (FDD) 13, and a compact disk drive (CDD) 14. The CPU unit 11
The CPU, RAM, ROM, various interface units, and the like are connected via a bus, and are processing units that actually perform desired processing. Desired software is mounted on the CPU unit 11 and various processes are performed so that the entire personal computer system 1 performs desired processes.
The HDD 12, FDD 13 and CDD 14 are respectively a hard magnetic disk, a floppy (registered trademark) disk,
This is an external recording device using a compact disk as a recording medium, and desired data is recorded under the control of the CPU unit 11.

The keyboard 15 is an input means for a user of the personal computer system 1 to perform desired processing, operation, data input, and the like. The display 16 is a monitor for displaying desired information to a user of the personal computer system 1.
The IC card reader / writer 17 is a device for transmitting and receiving data to and from the IC card 18 for authenticating a user of the personal computer system 1 using the IC card 18. As described above, the personal computer main body 10 is constituted by a general personal computer in terms of hardware.

Next, the configuration of software installed in the personal computer system 1 having such a hardware configuration will be described with reference to FIG. FIG. 2 is a diagram for explaining the structure of software installed in the personal computer system 1. As shown in FIG. 2, in the personal computer system 1, an OS 21 is mounted as software for directly controlling hardware, and application software (AP) for actually executing desired processing such as processing related to business.
23 is installed as the top software as usual. An audit trail processing unit 22 according to the present invention is provided between the OS 21 and the application software 23.
Is mounted.

As a result, the audit trail processing unit 22
In addition to the first function, the application software 23 is further managed in a desired form. That is, the execution of the application software 23 is controlled by filtering the requests from all the application software 23 and transmitting them to the OS 21. In addition, by managing the state of each application software 23 to a desired state, the use state of the computer resources and the like are managed to an appropriate state.

Hereinafter, a function for managing the execution of the application software 23 on the personal computer system 1 realized by the audit trail processing unit 22 on the personal computer system 1 will be described with reference to FIGS. Will be explained. FIG. 3 is a diagram for explaining functions realized by the audit trail processing unit 22. In other words, the personal computer system 1
2 is a block diagram showing a configuration of a mechanism for managing application software 23 of FIG. Hereinafter, description will be made from such a viewpoint.

As shown in FIG. 3, the personal computer system 1 includes an IC card processing section 31, a log information acquisition section 32, a log information access processing section 33, an execution permission file registration section 34, an execution control section 35, and a drive access permission section. It has a setting unit 36 and a drive access control unit 37.

The IC card processing section 31 performs desired communication with the IC card 18 of the user mounted on the IC card reader / writer 17 and authenticates the user who is the owner of the IC card 18. In particular, as a process according to the present invention, the IC card processing unit 31 authenticates whether the user is an administrator who manages the personal computer system 1 or not. If the user is an administrator, the log information access processing unit 33, the executable file registration unit 34, and the drive access permission setting unit 36, which will be described later, indicate that fact.
And the like, and various privileged settings for the personal computer system 1 by the user are enabled. The authentication method in the IC card processing unit 31 may be any standard method. For example, the password entered by the user is checked against the password recorded on the IC card 18 to determine whether the user is the proper owner of the IC card 18. By comparing the ID of the administrator with the ID of the administrator set in the personal computer system 1, for example.

The log information acquisition unit 32 acquires the history of all processes performed on the personal computer system 1 and stores it as log information. The log information acquisition unit 32 is a CPU of the personal computer system 1.
Information relating to all processes that occur in the CPU of the unit 11 (hereinafter simply referred to as a personal computer); information indicating the operation history of the user via the keyboard 15 and the like; and external storage devices such as the HDD 12, FDD 13 and CDD And log indicating the history of all processes and operations, such as the information indicating the access history of the IC card and the history of the operation in the IC card reader / writer 17 and the authentication process for the IC card 18 attached to the IC card reader / writer 17. Record. For example,
Assuming that the user has input characters to word processor software running on the personal computer system 1 as shown in FIG. 4, all of these operations are stored as log information.

The log information access processing section 33 displays the log information stored by the log information acquisition section 32. The log information stored by the log information acquisition unit 32 can be viewed only by the administrator of the personal computer system 1 having a specific right. Therefore, when there is a log information browsing request, the log information access processing unit 33 determines whether or not the current user of the personal computer system 1 is authenticated as an administrator in the IC card processing unit 31. To check. If the user is not an administrator, the user does not respond to any browsing request, and rejects file operations on the recorded log information.

If the administrator who requests the browsing of the log information is an administrator, the log information acquiring section 32 reads out the requested log information and displays it in a predetermined format. For example, the operation of the user while using the word processor is stored as an operation log for the executable file of the word processor, and when this browsing is requested,
The log information access processing unit 33 displays all operations on all the keyboards 15 of the user, for example, in a form as shown in FIG. That is, when the user performs a word processor input as shown in FIG. 4, a log for each input operation is recorded as shown in FIG.

The log information access processing section 33 performs a display as shown in FIG. 6 when the administrator requests browsing of logs of the execution status of each terminal or process. That is, the execution time is displayed for each process, the login date and time, the PC name (terminal name), the Mac address, and the like are displayed for each entry. Also,
When the administrator requests browsing of the log of the access state of each drive, peripheral device, and the like, the log information access processing unit 33 performs a display as shown in FIG. 7, for example. That is, time, access type, drive name, and the like are displayed.

The execution permission file registration unit 34 registers the application software 23 permitted to execute on the personal computer system 1. When requested by the administrator, the execution permission file registration unit 34
All files managed in S21 are accessed, and an executable file is searched. Then, for example, a window as shown in FIG. 8 is displayed on the display 16, and the administrator is requested to select a file permitted to be executed from the searched execution files. Through this window, the administrator selects a desired executable file and makes settings to permit execution. Information indicating permission or prohibition of execution of each set execution file is recorded on a desired recording medium. The execution permission file registration unit 34
Manages each searched file as a basically unexecutable file. Then, the file is made executable only when the execution permission is set by the administrator.

When the user of the personal computer system 1 requests execution of the desired application software 23, the execution control unit 35 refers to the execution control information set and recorded by the execution permission file registration unit 34. Control its execution. That is, when the execution of the application software 23 is permitted, the execution control unit 35 immediately executes the application software 23. If the execution is prohibited, a message as shown in FIG. 9 is displayed to restrict the execution. If a process that rejects the execution of the requested software is performed, a log that records the status of the process includes, as shown in FIG. Is recorded.

The drive access permission setting section 36 sets available external storage devices and I / O devices (hereinafter simply referred to as drives) for each user of the personal computer system 1. When requested by the administrator, the drive access permission setting unit 36
Check the hardware configuration managed by
Search for the drive to be controlled. And, for example, FIG.
A window as shown in FIG. 1 is displayed on the display 16 and the administrator is requested to select a drive to which access is permitted. At this time, the drive access permission setting unit 36
When the access is prohibited, not only the access is prohibited but also the setting of prohibiting the display so as not to notify the user of the existence of the drive itself. The administrator sets the status of each drive to a desired status via this window. As a result, drive access permission information indicating permission or prohibition of execution of each set drive is recorded on a desired recording medium.

The drive access control section 37 is set and recorded by the drive access permission setting section 36 when a user of the personal computer system 1 or a request for access to a specific drive is made by the application software 23 being executed. The execution of access is controlled with reference to the drive access permission information. That is, when access to the drive is permitted, the drive access control unit 37 immediately permits the access. If access is prohibited, a message to that effect is displayed to prohibit access. In addition,
The operation of each application software 23 when the access is prohibited follows the description of each application software 23.

More specifically, for example, if a certain application software 23 tries to access moving image data recorded on the CDD 14 but access to the CDD 14 is not permitted to the user, the drive The access control unit 37 displays a message as shown in FIG. Note that in such a case, the drive access control unit 37 may also
2, completely meaningless image data may be returned to the application software 23 as dummy data. Also, depending on the setting, FDD13 or CDD1
If the display itself is prohibited for 4,
For example, even when a drive or folder (directory) is displayed by the function of the OS 21, the FDD 13 and the CDD 14 are not displayed as shown in FIG. That is, it is possible to prevent the user from knowing the existence itself.

Finally, the operation of the personal computer system 1 having such a configuration will be described.
First, various types of application software 23 are installed in the personal computer system 1 in the same manner as a normal personal computer, but these are basically installed in an execution-prohibited state by the function of the execution control unit 35. In such a state, the administrator of the personal computer system 1 sequentially sets only the application software 23 whose execution is permitted through the screen as shown in FIG.
In addition, the administrator sets a drive to which access is permitted or a drive to be prohibited for each user via a screen as shown in FIG. 11 by the drive access permission setting unit 36.

In such a state, for example, when a certain user tries to execute the unauthorized application software 23, a message as shown in FIG. 9 is displayed and the execution is blocked. If the user tries to use a drive to which access is not permitted during execution of the application software 23, for example, the window is in a state as shown in FIG. 12, and the execution is blocked. Further, the drive for which the display is prohibited is not displayed even if the user tries to check the folder, as shown in FIG.

Then, various operations of the user,
The processes are all recorded by the log information acquisition unit 32 and are viewed by the administrator. This allows administrators to, for example,
The log-in state, the operation state of each process and each terminal, and the like are as shown in FIG. 6, the state of executing the prohibited application software 23 is as shown in FIG. 7, and the state of FIG. The history of key operations by a word processor or the like as shown can be checked in the state as shown in FIG. Therefore, for example, when a problem such as unauthorized use of the personal computer system 1 or unauthorized access to data occurs, the administrator checks the log information by using the function of the log information access processing unit 33 to prevent the unauthorized use. The user who performed the application and the application software 23 can be specified.

Note that these privileged operations, that is, browsing of log information through the log information access processing unit 33, execution of the application software 23 through the execution permission file registration unit 34, setting of prohibition, and The setting of permission and prohibition of access and display of each drive via the drive access permission setting unit 36 can be performed only by the administrator who has been authenticated using the IC card 18 via the IC card processing unit 31. . That is, ordinary users cannot execute these functions. As a result, the above-described processes are properly operated.

As described above, in the personal computer system 1 of the present embodiment, the execution of the application software 23 and the use of computer resources such as a drive are strictly managed on a general-purpose personal computer. As a result, it is possible to prevent unauthorized use of the computer resource, for example, for use in a game or private processing, and to appropriately operate the computer resource for an original purpose such as business. When the personal computer system 1 has such a function, it is possible to basically prevent the user from trying to use the device illegally, and the effect is further improved.

Also, since the right holder who manages such a personal computer system 1 performs the authentication process using the IC card 18, it is possible to prevent the user from improperly impersonating the administrator, and to make it more appropriate. The system is operated.

The present invention is not limited to the present embodiment, and various modifications are possible. For example, in the present embodiment, the configuration of the audit trail processing unit 22 as software is located between the OS 21 and the application software 23 as shown in FIG. However, for example, as shown in FIG.
You may make it comprise as a function in S. By doing so, the software configuration becomes simple, and the compatibility with the OS 21 becomes more preferable. However, when the present invention is applied to the existing OS 21, it is preferable to install software having a configuration as shown in FIG.

[0036]

As described above, according to the present invention, it is possible to provide a computer system capable of preventing unauthorized use by preventing processes other than proper processes from being executed. Further, it is possible to provide a method of controlling the use of a computer system in which processing other than proper processing cannot be executed.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a configuration of a personal computer system according to an embodiment of the present invention.

FIG. 2 is a diagram for explaining a configuration of software installed in the personal computer system shown in FIG. 1;

FIG. 3 is a block diagram showing a configuration of an audit trail processing unit according to the present invention of the software shown in FIG. 2;

FIG. 4 is a diagram showing a state where an input is being performed by a word processor in the personal computer system shown in FIG. 1;

FIG. 5 is a diagram for explaining log information for an input by the word processor shown in FIG. 4;

FIG. 6 is a diagram for explaining log information indicating an operation state of a process in the personal computer system shown in FIG. 1;

FIG. 7 is a diagram for explaining log information indicating a status of an access file in the personal computer system shown in FIG. 1;

FIG. 8 is a diagram for explaining a process of setting execution permission or prohibition of application software by the execution permission file registration unit illustrated in FIG. 3;

FIG. 9 is a diagram illustrating a message displayed when execution of application software is prohibited by the execution control unit illustrated in FIG. 3;

FIG. 10 is a diagram illustrating an example in which the execution control unit illustrated in FIG.
FIG. 9 is a diagram for explaining log information when execution of application software is prohibited.

FIG. 11 is a diagram for explaining a process of setting permission or prohibition of drive access by a drive access permission setting unit illustrated in FIG. 3;

FIG. 12 is a diagram illustrating a message displayed when access to a drive is prohibited by the drive access control unit illustrated in FIG. 3;

FIG. 13 is a diagram illustrating folder information displayed when display of a drive is prohibited by the drive access control unit illustrated in FIG. 3;

FIG. 14 is a diagram for explaining another configuration of software installed in the personal computer system shown in FIG. 1;

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 ... Personal computer system 10 ... Personal computer main body 11 ... CPU part 12 ... HDD 13 ... FDD 14 ... CDD 15 ... Keyboard 16 ... Display 17 ... IC card reader / writer 21 ... OS 22 ... Audit trail processing part 31 ... IC card processing Unit 32: Log information acquisition unit 33: Log information access processing unit 34: Execution permission file registration unit 35 ... Execution control unit 36 ... Drive access permission setting unit 37 ... Drive access control unit 23 ... Application software 18 ... IC card

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) G06K 17/00 G06F 9/06 660E 5B085 660H F-term (Reference) 5B017 AA07 BA06 BB10 CA15 5B042 GA12 MC40 5B058 CA27 KA02 KA04 KA33 YA13 5B076 FB05 FB10 FD08 5B082 EA11 GA13 5B085 AC14 AE12

Claims (10)

[Claims] An execution-permitted file registering means for registering a file permitted to be executed from a file based on a request; and when execution of an arbitrary process is requested, a file related to the execution of the process is stored in the file. A computer system comprising: an execution control unit that checks whether or not the process is registered in an execution permission file registration unit, and substantially executes the processing only when the registration is performed. 2. An access permission setting means for setting an external storage device and a peripheral device whose use is permitted or prohibited for each user or user group, and a request for use of an arbitrary external storage device and a peripheral device. Access control means for inspecting whether or not the use of the device is permitted to the original user of the request in the access permission setting means, and substantially executing the use only when the use is permitted; 2. The execution control unit according to claim 1, wherein the execution control unit suspends the execution of the process when the use of the external storage device and the peripheral device accompanying the execution of the process is not permitted by the access control unit. Computer system as described. 3. The apparatus according to claim 2, wherein the access control unit is configured to control the device whose use is prohibited by the setting in response to an operation of the user.
3. A state in which the existence of the device itself cannot be searched.
A computer system according to claim 1. 4. A log information acquisition means for storing at least a request for execution of the arbitrary process and a status of execution or non-execution of the process for the request as log information, and only for a request from a specific authority, 4. The computer system according to claim 1, further comprising: a log information access processing unit that publishes the log information. 5. The system according to claim 1, further comprising an IC card processing means for performing a predetermined process using the attached IC card and authenticating whether or not the owner of the IC card is the specific authority. 5. The computer system according to claim 4, wherein the processing unit publishes the log information only to the authorized person properly authenticated by the IC card processing unit. 6. A file to be executed is registered from among files to be processed based on a request, and when execution of an arbitrary process is requested, whether a file related to the execution of the process is registered is determined. A use control method for a computer system that substantially executes the processing when a file related to the execution of the processing is registered as a result of the inspection. 7. An external storage device and a peripheral device whose use is permitted or prohibited are set for each user or each group, and when the user requests execution of the arbitrary process, the external storage device and the peripheral device are involved in the execution of the process. Checking whether the use of the device is permitted for the user; if the result of the check indicates that use of the device related to execution of the process is permitted for the user, 7. The method for controlling use of a computer system according to claim 6, wherein the method substantially executes the following. 8. The device whose use is prohibited by the setting,
8. The method according to claim 7, wherein the presence of the device cannot be searched in response to the operation of the user. 9. A log for storing a request for execution of the arbitrary process and a status of execution or non-execution of the process for the request as a log, and publishing the log in response to a request from a specific authorized person. 9. A method for controlling use of a computer system according to any one of items 1 to 8. 10. A predetermined process is performed using an attached IC card, and it is authenticated whether or not the owner of the IC card is the specific authorized person, and the owner of the IC card is the specified authorized person. 10. The method according to claim 9, wherein the log is disclosed in response to a request from the authorized person.