JP2011175649A - Information processing apparatus, method, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To extend a prohibition or limiting item in an existing environment while limiting the operation of resources by a user having no access right, including computer resources other than a file or display screen, without changing an OS or process. <P>SOLUTION: An operation request from a process or OS 201 for computer resource(s) is captured before access to the computer resource. It is determined whether an access right for the computer resource designated by the captured operation request is present (402). If the access right is present as a result of determination, the operation request is transferred to the operating system (403), and a result thereof is returned to the request source process (406). If no access right is present as a result of determination, the operation request is denied. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to an information processing method, apparatus, and program for controlling access to computer resources managed by an operating system on a computer.

  Conventionally, when a user accesses a resource such as a file or a storage device in a computer such as a personal computer through an application program, an operating system (in order to prevent a user without access authority from decrypting or eavesdropping information) Hereinafter, a method of providing an access authority check function in the OS), or a method of checking access authority by adding a dedicated access management tool is known.

  For example, a general-purpose OS represented by Windows (registered trademark of Microsoft Corporation in the United States) has a function that does not permit a user who does not have access authority to read, write, and execute a file. There is also a general-purpose OS that can set authority for file deletion, access authority change, and ownership change.

  As an access management tool, for example, as disclosed in Japanese Patent Application Laid-Open No. H10-260260, a tool that registers whether or not copying is possible with reference to a file and restricts reference and copying depending on whether or not it is possible is known. Specifically, there has been known one that adds a read restriction attribute to a display area to prevent display screen capture.

Japanese Patent Laid-Open No. 7-84852

  In order to completely prohibit users who do not have access authority from taking out information, as shown in FIG. 9, attachment to mail, printing, file movement / file copying, copying to clipboard, floppy (registered trademark) ) It is necessary to restrict functions such as saving to disk, pasting objects, and screen capture. In addition, it is necessary to limit the export of information through the network.

  However, the above-described conventional technique has a problem that it cannot be restricted to operations other than file movement / file copy and screen capture (for example, copy to the clipboard). If it is intended to limit operations such as copying to the clipboard, it is necessary to make changes to the OS or application itself, and there is a problem that general-purpose application cannot be performed.

  An object of the present invention is to provide resources for users who do not have access authority, including computer resources other than files and screens, without changing the OS and processes (programs running under the OS, such as applications and daemons). It is an object of the present invention to provide an information processing apparatus and method capable of controlling computer resources and restricting the operations of the above, and capable of extending the prohibition or restriction in the existing environment.

In order to achieve the above object, an information processing method according to the present invention comprises the following arrangement. That is, an information processing method for controlling access to computer resources managed by an operating system on a computer,
A capture step for capturing a process request for the computer resource or an operation request from an operating system before accessing the computer resource;
A determination step of determining whether or not there is an access right to the computer resource specified by the operation request captured in the capturing step;
As a result of the determination in the determination step, if there is an access right, the processing step is passed to the operating system according to the operation request, and the result is returned to the requesting process;
If the result of determination in the determination step is that there is no access authority, a rejection step of rejecting the operation request is provided.

  Preferably, the capturing step further captures a process request for the computer resource and an operation request from an operating system before accessing the computer resource.

  Preferably, the determination step includes access including resource specification information for specifying a specific computer resource, condition information for enabling access authority, and access authority information for specifying extended access authority not defined in an existing environment. It is determined whether there is an access authority with reference to the authority management table.

  Preferably, the determination step determines whether or not there is an access authority by referring to access authority information that is specified in the computer resource and that specifies an extended access authority that is not defined in the existing environment. .

  Preferably, the determination step determines whether or not there is an access authority based on whether or not the access authority has been acquired.

  Preferably, the access authority information includes at least one of a transfer authority to another medium, a copy authority to another medium, a print authority, a read authority to a shared memory, a screen capture authority, and a use process limiting authority. Contains information to specify.

  Preferably, the rejecting step returns an access violation error notification to the requesting process without accessing the requested computer resource.

  Preferably, the rejecting step returns a notification of successful access to the requesting process without accessing the requested computer resource.

  Preferably, the request is converted into an operation request for a dummy computer resource, transferred to the operating system, and the result is returned to the request source process.

  Protection electronic information to be described later includes a restriction program that controls operations on target electronic information, and a restriction attribute that defines details of operations that restrict printing such as printing prohibition and copy prohibition on electronic information. Added to the executable format.

  The process of converting the original electronic information by adding a restriction program and restriction attributes to the target electronic information is called protection, and the protected electronic information is called protection electronic information. A program that realizes protection is called a protection program.

  The restriction program includes a development routine part for making the protected electronic information available as original electronic information, and a restriction routine part for controlling access to the electronic information.

  Furthermore, the restriction attribute holds one or more combinations of operations and conditions for restricting electronic information, and holds information for specifying a program such as an application for accessing the electronic information as necessary.

  Here, the application refers to a program used to access electronic information, and corresponds to, for example, word processing software for accessing a document file, a program for reproducing or editing an image or a moving image, and the like.

  An application is not necessarily operated by a user, and generally, programs that access electronic information using functions of an OS or a platform are collectively referred to as an application.

  In addition, there are OSs (operating systems) called Windows (registered trademark) of Microsoft Corporation, MacOS (Apple), and generally UNIX (registered trademark), and the OS is also operating in portable terminals and the like. Furthermore, the platform mentioned here may refer to the OS, but it is more widely available, and browser software that browses Web information provides a general-purpose environment for handling electronic information, and can be executed on it. In the meaning of a basic program on a computer that can execute a program of a format, it is included in the platform.

  According to the present invention, basically, a process for a computer resource managed by the OS such as a file, a network, a storage device, a display screen, and an external device or an operation request from the OS is captured before accessing the computer resource. To do. Next, it is determined whether or not there is an access right to the computer resource designated by the captured operation request. As a result of the determination, if there is access authority, it is passed to the OS as per the operation request, and the result is returned to the request source process. If there is no access authority, the operation request is rejected. Therefore, without changing the OS and processes (programs running under the OS, applications, daemons, etc.), resource operations are restricted for unauthorized users, including computer resources other than files and screens. can do.

  Also, by incorporating a resource management program into an existing environment, it is possible to restrict various types of unauthorized access as described above, and to extend the range of existing access authorities.

  Also, by incorporating a resource control program into an existing environment, various types of unauthorized access can be restricted, and the range of conventional access authority can be expanded.

  Furthermore, it is possible to obtain an effect that it is possible to cope with an application that does not have a function for dealing with an access violation.

  Furthermore, if the authority restriction system according to the present invention is applied to e-business that is rapidly progressing, it will be effective in preventing unauthorized access and charging by distributing various paid contents. With the arrival of a rapidly aging society, working at home has become an important issue.

  This H. With the introduction of the H system, corporate documents, data, and information can be safely retrieved at home, and home work and results can be sent to Web sites and businesses.

  Further, it is possible to protect the electronic information by adding a restriction program and a restriction attribute to the electronic information, and it is possible to restrict operations on the electronic information by using the protected electronic information.

  In addition, the restriction program can be executed on the computer that receives the electronic information, so that it is not necessary to incorporate the restriction program or the like in the existing environment on the reception side, and various unauthorized access as described above can be performed. It is possible to limit the range of existing access authority.

  Furthermore, it is possible to obtain an effect that it is possible to cope with an application that does not have a function for dealing with an access violation.

  For example, when providing electronic information whose use range is to be limited, such as when copyright is applied, providing the protected electronic information can provide an effect of limiting the use range on the receiving side.

It is a hardware block diagram which shows 1st Embodiment of the implementation environment of this invention. It is a hardware block diagram which shows 1st Embodiment of the implementation environment of this invention. It is a figure which shows the function structure of the resource management program in 1st Embodiment of this invention, and the relationship between OS and an application. It is a figure which shows the data structural example of the access authority management table in 1st Embodiment of this invention. It is a sequence diagram which shows the 1st basic type of monitoring / control of API in 1st Embodiment of this invention. It is a sequence diagram which shows the 2nd basic type of monitoring / control of API in 1st Embodiment of this invention. It is a block block diagram which shows the function which records the access history in 1st Embodiment of this invention. It is a figure which shows the example of a screen which shows the unauthorized access in 1st Embodiment of this invention. It is a figure which shows the example of a screen which notifies unauthorized access in 1st Embodiment of this invention. It is a figure which shows the example of the display screen of the access monitoring log | history in 1st Embodiment of this invention. It is a figure which shows the example of the actual access method to the resource used as access restriction object. H. of the second embodiment of the present invention. It is a figure which shows the structure of H server. It is a figure which shows the relationship between SCM of 2nd Embodiment of this invention, OS, a file, and an external device. It is a hardware block diagram which shows 3rd Embodiment of this invention. It is a figure which shows the structure of the protection electronic information in 3rd Embodiment of this invention. It is a figure which shows the structure of the restriction | limiting program in 3rd Embodiment of this invention. It is a figure which shows the structure of the restriction | limiting attribute in 3rd Embodiment of this invention. It is a flowchart which shows the provision procedure of the protection electronic information in 3rd Embodiment of this invention. It is a flowchart which shows the utilization procedure of the protection electronic information in 3rd Embodiment of this invention. It is a figure which shows the specific example in the case of providing the electronic information of the file format in 3rd Embodiment of this invention. It is a figure which shows the specific example in the case of providing the multimedia information in 3rd Embodiment of this invention. It is a system configuration figure showing a 4th embodiment of the present invention. It is a system configuration figure showing a 5th embodiment of the present invention. It is a system configuration figure showing a 6th embodiment of the present invention. It is a flowchart which shows the restriction | limiting and charging process to a user and a client.

<First Embodiment>
Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  1A and 1B are hardware configuration diagrams showing an embodiment of an environment for implementing the present invention.

  The configuration shown in FIG. 1A shows a hardware configuration of the computer 101 in a stand-alone configuration, and outputs resource data to a personal computer (PC) 1012, a display 1013, a printer 1014, and a hard disk drive (HDD) 1011. The external device 1015 can be configured.

  The personal computer 1012 incorporates a general-purpose OS and application, and further incorporates a resource management program according to the present invention.

  FIG. 1B shows a configuration when the network 102 is used. Computers 101 a to 101 c having the same configuration as that shown in FIG. 1A are connected to each other via the network 102.

  In such a configuration, generally, an application uses an application program interface (API) provided by the OS to access resources managed by the OS. The API usage method is determined by the OS, and the execution code portion using the API can be determined. In the present invention, a monitoring routine for monitoring all APIs necessary for accessing a resource is provided, and before the application uses the API, the execution code part is changed or the entrance of the API processing is replaced with a monitoring routine. Thus, the monitoring routine is used when the API is used. The monitoring routine processes the API requested by the application or returns the result to the application as an illegal instruction without processing the API. Access authority management extended by the resource management program of the present invention is managed by this program separately from OS management, and a monitoring routine is provided for each type of access authority. This method restricts access from applications that illegally use resources.

FIG. 2 is a diagram showing the configuration of the resource management program 203 and the concept of API monitoring / control according to the present invention. The resource management program 203 includes an API monitoring controller (API monitoring CTRL) 2031, an APL (application) monitoring controller (APL). (Monitoring CTRL) 2032, access control controller (access control CTRL) 2033, and OS monitoring controller (OS monitoring CTRL) 2034.
This resource management program 203 is located between the general-purpose OS 201 and the general-purpose OS 201 and the general-purpose OS 201, which is located between the general-purpose OS 201 and the general-purpose OS 201, which is a general application having an OS function operation 2022 such as an application 2021 that issues a resource access request. Monitors requests for resources provided by.

  The general-purpose OS 201 includes a resource 2011 managed by the OS and an API group 2012 provided by the OS to the application 2021.

  The API monitoring CTRL 2031 in the resource management program 203 according to the present invention is a module that monitors all APIs necessary for performing access control. The APL monitoring CTRL 2032 is a module that stores resources held by the application 2021. The access control CTRL 2033 is a module that determines whether access to the resource 2011 is permitted, and includes an access authority management table 2035. The OS monitoring CTRL 2034 is a module that monitors an operation for accessing a resource by the function of the general-purpose OS 201.

  As shown in FIG. 3, the access authority management table 2035 is configured so that resource designation information 20351, conditions 20352, and n pieces of access authority information 20353 to 2035n can be registered for each resource.

  The resource designation information 20351 is information for designating a specific resource among the resources 2011 managed by the general-purpose OS 201. For example, in the case of a file, information such as a file name and a file ID is registered. In the case of communication data, a host name, a port number, an IP address, and the like are registered. In the case of memory, an object name and an address indicating the object are registered. In the case of an external device, a device name indicating the device driver is registered.

  The condition 20352 indicates a condition for enabling the access authority or a combination thereof. For example, a user name / ID, a group name / ID, a time, an application used, and the like are registered.

  The access authority information 20353 to 2035n indicates the authority added to the specified resource among the extended access authorities not defined in the existing environment. For example, the authority to move to another medium, the authority to copy to another medium, Printing authority, reading authority to the shared memory (such as clipboard in Windows), screen capturing authority, limitation of applications used (prohibition of use other than specific applications and prohibition of mail attachment) are registered.

  In general, access to a resource may be performed by a plurality of APIs. In this case, resource designation information may be converted into an ID (handle or the like) managed by the OS. In that case, in the resource management program 203, the resource designation information and its ID are regarded as the same.

  Processing of the resource management program 203 having such a configuration will be described in accordance with an information transmission procedure indicated by (1) to (9) in FIG. 2 (corresponding to the circled numbers 1 to 9 in the figure).

  (1) If there is an access request to the resource by the API issued by the application 2021, the API monitoring CTRL 2031 captures the request and transmits it to the access control CTRL 2033.

  (2) The access control CTRL 2033 acquires information on resources held by the application 2021 from the APL monitoring CTRL 2032 as necessary when performing an access authority check.

  (3) There are two conditions for denying access. In the first condition A (access denial A), the access request in the above (1) is referred to the access authority management table 2035 to access the resource. Check access authority. If there is no authority as a result of the check, the API 202 issued by the application 2021 is not processed and an access violation error is returned as a result.

  (4) In the second condition B (access denial B), the access authority to the resource is checked with reference to the access authority management table 2035 in response to the access request of (1). As a result of the check, if there is no authority and an error cannot be returned as a result of the API {Processing} issued by the application 2021, the resource management program 203 does not perform the processing for the resource requested by the application 2021 in advance. Instead of the prepared dummy resource access request, API processing is performed.

  As a result, the application 2021 operates as if the request was successful, but cannot actually access the requested resource.

  (5) As a result of performing the access authority check for the access request (1), if there is an authority, the API monitoring CTRL 2031 captures the access request, and directly notifies the general-purpose OS 201 of the API processing issued by the application 2021, The result is returned to the application 2021.

  (6) If the API is successful by the processing of (5) and the application 2021 holds resources by the API, the APL monitoring CTRL 2032 is notified. The APL monitoring CTRL 2032 registers the correspondence between the application 2021 and the held resource.

  When the application 2021 issues a resource release request API and the API succeeds, the application 2021 also notifies the APL monitoring CTRL 2032. The APL monitoring CTRL 2032 deletes the correspondence between the application 2021 and the held resource.

  (7) If there is an access request to the resource by operating the OS standard function, the OS monitoring CTRL 2034 captures the access request and transmits it to the access control CTRL 2033.

  (8) In response to the access request (7), the access authority management table 2035 is referenced to check the access authority to the resource. If there is no authority as a result of the check, the operation (7) is ignored.

  (9) In response to the access request (7), the access authority management table 2035 is referenced to check the access authority to the resource. As a result of the check, if the user has authority, the operation (7) is transmitted to the general-purpose OS 201.

  FIG. 4 shows a first basic type of API monitoring and control indicating the exchange of the application 2021, the resource management program 203, and the general-purpose OS 201 until the resource is released when there is an access right to the target resource ( It is a sequence diagram of 1).

  In the first basic type (1), when there is an access request to the target resource by the API issued by the application 2021 (step 401), the resource management program 203 has the authority for the application 2021 to access the resource. Is checked (step 402). As a result of the check, if there is access authority (step 403), the API issued by the application 2021 is transmitted to the general-purpose OS 201 as it is. The general-purpose OS 201 performs API processing inherent to the OS (step 404).

  If the API process is successful, the resource management program 203 registers information that the application 2021 holds the resource (step 405). Then, the API result from the general-purpose OS 201 is returned to the application 2021 as it is (step 406). This completes access to the resource (step 407).

  Thereafter, when a resource release request held by the application 2021 is issued (step 408), the resource management program 203 transmits the release request to the general-purpose OS 201. The general-purpose OS 201 performs API processing inherent to the OS (step 409). If the API processing is successful, the resource management program 203 releases the information that the application 2021 holds the resource (step 410). Then, the API result from the general-purpose OS 201 is returned to the application 2021 as it is (step 411). As a result, the release of the held resource is completed (step 412).

  FIG. 5 shows the second basics of API monitoring and control showing the exchange of the application 2021, the resource management program 203, and the general-purpose OS 201 until the access is denied when there is no access right to the target resource. It is a sequence diagram of type (2).

  In the second basic type (2), when there is an access request to the target resource by the API issued by the application 2021 (step 501), the resource management program 203 has the authority for the application 2021 to access the resource. Is checked (step 502). If there is no access authority as a result of the check (step 503), an access violation error is returned to the application 2021 (step 504). This completes the resource access process (step 505).

  If there is an access request to the target resource by the API issued by the application 2021 that does not correspond to the access violation error (step 506), the resource management program 203 determines whether the application 2021 has the authority to access the resource. Is checked (step 507). As a result of the check, if there is no access authority and the application 2021 does not support the access violation error (step 508), the resource management program 203 replaces it with a dummy resource access request prepared in advance and passes it to the general-purpose OS 201. (Step 509).

  The general-purpose OS 201 performs API processing inherent to the OS (step 510). The resource management program 203 returns the API processing result from the general-purpose OS 201 to the application 2021 as it is (step 511). As a result, although the access processing to the target resource is completed, nothing is actually performed because of the dummy resource (step 512).

  The present invention limits access to resources without access authority as described above, but will be described by taking APIs for Windows and UNIX, which are general-purpose OSes, as an example.

  First, an example of prohibiting copy processing to a file will be described.

  Regarding the copying process to a file, conventionally, a read-permitted file can be copied, and as a result, a plurality of original copies can exist or can be transferred to another medium and taken out. In the present invention, copying an unauthorized file is prohibited by monitoring / controlling an API that realizes file copying. In that case, there are the following APIs to be monitored / controlled in Windows. Note that the API functions exemplified below are disclosed in various documents, and thus detailed description thereof is omitted.

(1) File open / create API
CreateFileA
CreateFileW
OpenFile
_Lopen
_Lcreat
GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameA
GetSaveFileNameW
(2) File close API
CloseHandle
_Lclose
(3) File copy / move API
CopyFileA
CopyFileW
MoveFileA
MoveFileW
MoveFileExA
MoveFileExW
DeleteFileA
DeleteFileW
DragQueryFileA
DragQueryFileW
In the case of UNIX, the following APIs are monitored / controlled.

(1) File open / create API
open
create
(2) File close API
close
(3) File copy / move API
rename
There are three specific methods for prohibiting copy processing to a file by such API monitoring.

<Method 1> (when it is known that replication processing is performed while the file is open)
While an application is opening and holding a file for which it does not have replication rights (the period until the file is closed), the application refuses to create another file.

<Method 2> (If there is a possibility that replication processing is performed after the file is closed, but it is known that multiple files are not handled)
If an application opens a file for which it does not have duplication authority, it refuses to create another file until the application terminates or opens a file with duplication authority.

<Method 3> (If there is a possibility of copying after closing the file, there is a possibility of handling multiple files)
If an application opens a file for which it does not have duplication rights, it refuses to create another file until the application terminates.

  In any method, when it is determined that a copy is not left by a separately created file (creation of a temporary file or the like), it is not rejected.

  Next, an example of prohibiting printing of a specific file or all files will be described.

  Conventionally, it has been possible to print the contents of a file and take it out to the outside by an application having a printing function. In the present invention, by monitoring / controlling an API that realizes printing, printing of a file without print authority is prohibited. Also, other external devices such as FAX are similarly prohibited by monitoring / controlling APIs for realizing selection and control of the respective external devices. In that case, there are the following APIs to be monitored / controlled in Windows and UNIX.

For Windows (1) Device Open API
CreateDCA
CreateDCW
(2) Device close API
ReleaseDC
ClosePrinter
(3) Printer selection / APL processing API
OpenPrinterA
OpenPrinterW
GetPrinterA
GetPrinterW
SetPrinterA
SetPrinterW
SendMessageA
SendMessageW
PostMessageA
PostMessageW
For UNIX (1) Device Open API
open
(2) Device control API
ioctrl
(3) Device close API
close
There are three specific methods for prohibiting print processing by such API monitoring.

<Method 1> (when it is known that print processing is possible while the file is open)
While an application opens and holds a file for which printing authority is not granted (a period until the file is closed), the application refuses to select the printer and open the printer device.

<Method 2> (When there is a possibility that print processing may be performed after the file is closed, but it is known that multiple files are not handled)
If an application opens a file without printing authority even once, the printer selection of the application and the opening of the printer device are refused until the application ends or a file with printing authority is opened.

<Method 3> (When there is a possibility that print processing may be performed after the file is closed and there is a possibility of handling multiple files)
When an application opens a file for which printing authority is not granted, the printer selection of the application and the opening of the printer device are refused until the application ends.

  Next, an example of prohibiting the use of an external device will be described.

  Conventionally, it has not been generally possible to add authority to the functions provided in the OS or the external device itself. In the present invention, the use is prohibited by specifying a function that can limit the API to be monitored / controlled or by specifying the use of an external device. In that case, there are the following APIs to be monitored / controlled in Windows and UNIX.

For Windows (1) Device Open API
CreateFileA
CreateFileW
OpenFile
_Lopen
_Lcreat
(2) Device close API
CloseHandle
_Lclose
For UNIX (1) Device Open API
open
(2) Device control API
ioctrl
(3) Device close API
close
For example, when printing is prohibited by such API monitoring, there are the following methods as specific methods.

<Method>
When the access authority management table 2035 prohibits the use of a specific external device under specific conditions, the use of the external device is rejected by the following method. When there is a device open API request with the device name of the external device, the request is rejected by returning an access prohibition error or an error indicating that the external device does not exist.

  Next, an example in which a part of data in a file or all copying is prohibited will be described.

  Conventionally, as a result of displaying a file on the screen by an application, it has been possible to copy all or part of the content by the function of the OS or to embed it in another file in units of objects.

  In the present invention, the diversion of data without copy authority is prohibited by monitoring / controlling APIs (clipboard API, OLE API, etc.) that realize transfer and embedding functions.

  In that case, there are the following APIs to be monitored / controlled in Windows.

For Windows (1) Copy / Embed API
OpenClipboard
SetClipboardData
GetClipboardData
GetOpenClipboardWindow
OleCreate
OleCreateEx
OleCreateFromFile
OleCreateFromFileEx
OleCreateFromData
OleCreateFromDataEx
OleCreateLink
OleCreateLinkEx
OleCreateLinkFromData
OleCreateLinkFromDataEx
OleCreateLinkToFile
OleCreateLinkToFileEx
CloseClipboard
When the copying process is prohibited by such API monitoring, there are four specific methods.

<Method 1> (when it is known that copying can be performed while the file is open)
While an application opens and holds a file for which it does not have copy authority (period until the file is closed), when the application registers data in the form of a copy / embedded object, it rejects or registers empty data .

<Method 2> (If there is a possibility of copying after closing the file, but it is known that multiple files will not be handled)
If an application opens a file that does not have copy authority even once, it will be rejected when the application registers data in the form of a copy / embedded object until the application terminates or a file with copy authority is opened. Or register empty data.

<Method 3> (If there is a possibility of copying after closing the file and handling multiple files)
When an application opens a file without copying authority even once, the application registers rejection or empty data when registering data in the form of a copy / embedded object until the application ends.

<Method 4> (When importing a file without copy authority as an embedded object)
When performing processing for importing a file for which copying authority is not granted, the processing request is rejected by returning an access violation error or registering or acquiring empty data in the object registration or object acquisition API.

  Next, an example in which a file is prohibited from flowing out via the network will be described.

  Conventionally, in addition to file copying, it has been possible to transfer a file to the outside via a network like an FTP program. In the present invention, by monitoring / controlling APIs that access network resources, output of file contents to the outside is prohibited from an application that is using a file without external output authority. In that case, there are the following APIs to be monitored / controlled in Windows and UNIX.

For Windows WSAStartup
accept
bind
connect
getbyname
getbydaddr
getprotobyname
getprotobynumber
getservbyname
getservbyport
getpeername
getsockname
getname
getsockopt
setsockopt
recv
recvfrom
socket
select
send
sendto
WSASend
WSASendTo
WSAAsyncSelect
WSAAsyncGetHostByAddr
WSAAsyncGetHostByName
WSAAsyncGetProtoByNumber
WSAAsyncGetProtoByName
WSAAsyncGetServByPort
WSAAsyncGetServByName
WSACancelAsyncRequest
WSASetBlockingHook
WSAUnhookBlockingHook
WSACleanup
closesocket
shoutdown
In case of UNIX, accept
bind
connect
getbyname
getbydaddr
getprotobyname
getprotobynumber
getservbyname
getservbyport
getpeername
getsockname
getname
getsockopt
setsockopt
recv
recvfrom
socket
select
send
sendto
closesocket
shoutdown
There are three specific methods for prohibiting external data output from an application in use by monitoring such an API.

<Method 1> (when it is known that output processing is possible while the file is open)
While an application is opening and holding a file without external output authority (the period until the file is closed), the connection request or transmission request from the application is rejected due to an error such as an access violation or timeout.

<Method 2> (When there is a possibility that output processing will be performed after the file is closed, but it is known that multiple files are not handled)
If an application opens a file that does not have output authority even once, the connection request or transmission request of the application will be displayed with an error such as an access violation or timeout until the application terminates or a file with output authority is opened. I refuse.

<Method 3> (When there is a possibility that output processing will be performed after the file is closed and there is a possibility of handling multiple files)
When an application opens a file without output authority even once, it rejects the connection request or transmission request of the application with an error such as an access violation or a timeout until the application ends.

  However, if it is known that no data is output by the communication, it is not rejected.

  Next, an example of prohibiting acquisition of an image of the contents of a file will be described.

  As an OS function, it is generally possible to acquire the entire screen, a part of the screen, or a window unit screen as image data. Conventionally, the image data can be diverted and taken out. In the present invention, image data acquisition is prohibited by monitoring / controlling the image data acquisition API in the screen.

  In that case, there are the following APIs to be monitored / controlled in Windows.

(1) Device open API
GetWindowDC
WindowFromDC
GetDC
GetDCEX
GetDesktopWindow
GetDeviceCaps
CreateDCA
CreateDCW
(2) Image acquisition API
BitBlt
StretchBlt
(3) Device close API
DeleteDC
ReleaseDC
There are three specific methods for prohibiting the acquisition of a screen image by such API monitoring.

<Method 1> (When refusing to capture the entire screen)
If the application that owns the window currently displayed on the screen holds a file without screen image acquisition authority, it rejects image acquisition for the entire screen. The presence / absence of the image acquisition processing for the entire screen is performed by monitoring the state of a window (desktop window in the case of Windows) that manages the entire screen. If there is an API that acquires an image of the entire screen, such as DirectDraw in Windows, it is similarly rejected.

  Further, it rejects the application that acquires the VRAM image from the display device.

<Method 2> (When refusing to obtain the window screen image)
If the application that owns the window currently displayed on the screen holds a file for which screen image acquisition authority is not granted, the image acquisition for that window is rejected. Whether the window is displayed on the screen is determined by monitoring the state of the window.

  The screen image acquisition is rejected by rejecting image copy from the device context associated with the window.

<Method 3> (When refusing to acquire part of the screen image)
If the area from which the screen image is to be acquired can be determined, the condition in <Method 1> is the time when the acquisition area overlaps the target window, and thereafter, the acquisition of part of the screen image is performed in the same manner as in <Method 1>. I refuse. When the area cannot be determined, the image acquisition for the entire screen is rejected in the same manner as in <Method 1>.

  Next, an example of limiting the application to be used for each file type will be described.

  Conventionally, since there is no restriction on the use of an application, a file can be accessed for purposes other than reference. In the present invention, the use application can be limited for each file. In that case, there are the following APIs to be monitored / controlled in Windows.

(1) File open API
CreateFileA
CreateFileW
OpenFile
_Lopen
_Lcreat
(2) File close API
CloseHandle
_Lclose
(3) Process management API
WinExec
CreateProcessA
CreateProcessW
Exit Process
In the case of UNIX (1) File open API
open
(2) File close API
close
When the application to be used is limited by such API monitoring, there are the following methods as specific methods.
<Method>
When an application opens a file, the permission of the file is checked. If the application is not an authorized application, an access violation error is returned and the open request is rejected.

  Next, an example of prohibiting the use of a specific function installed in the OS will be described.

  Conventionally, it is not generally possible to add authority to functions provided in an OS. In the present invention, the function can be prohibited by specifying a function that limits the API to be monitored / controlled. For example, it is prohibited to change the file time stamp or system date and time. In that case, there are the following APIs to be monitored / controlled in Windows.

(1) API for changing the time stamp of a file
SetFileTime
(2) System date change API
SetSystemTime
SetSystemTimeAdjustment
When the use of a specific function in the OS is prohibited by such API monitoring, there is the following method as a specific method.

<Method>
When an API that is prohibited under specific conditions is issued, an access violation error is returned, or dummy processing is performed without performing actual processing, and a normal return is performed, thereby prohibiting the API (OS function prohibited). ).

  Next, an example of prohibiting the reference or change of the in-process memory will be described.

  Conventionally, it has been impossible to prohibit reference / change of in-process memory unless the application explicitly refuses it. In the present invention, by monitoring / controlling the in-process memory reference / change API, reference / change from other applications can be prohibited.

  In that case, there are the following APIs to be monitored / controlled in Windows.

(1) Process management API
Open Process
Create Process
CloseHandle
(2) Memory operation API
ReadProcessMemory
Write ProcessMemory
ReadProcessMemoryVlm
WriteProcessMemoryVlm
In the case of prohibiting printing that prohibits reference or change of the memory in the process by monitoring the API, there is a specific method as follows.

<Method>
An access violation error is returned when a memory operation API is requested in the in-process memory of an application for which access is prohibited.

  Next, an example in which printing and saving of a Web page displayed on the browser and output to an external device are prohibited will be described.

  Conventionally, even Web pages that are only permitted to be browsed and played can actually be printed or saved by browser software. By monitoring an API that accesses a network resource for loading a Web page and monitoring / controlling printing and saving performed by the browser, printing and saving and output operations to an external device can be prohibited. In that case, there are the following APIs to be monitored / controlled.

In the case of Windows (1) Communication API
WSASStartup
accept
bind
connect
getbyname
getbydaddr
getprotobyname
getprotobynumber
getservbyname
getservbyport
getpeername
getsockname
getname
getsockopt
setsockopt
recv
recvfrom
socket
select
send
sendto
WSASend
WSASendTo
WSAAsyncSelect
WSAAsyncGetHostByAddr
WSAAsyncGetHostByName
WSAAsyncGetProtoByNumber
WSAAsyncGetProtoByName
WSAAsyncGetServByPort
WSAAsyncGetServByName
WSACancelAsyncRequest
WSASetBlockingHook
WSAUnhookBlockingHook
WSACleanup
closesocket
shoutdown
(2) Other APIs for prohibiting operations on the aforementioned file, printing, and external device
In case of UNIX (1)
accept
bind
connect
getbyname
getbydaddr
getprotobyname
getprotobynumber
getservbyname
getservbyport
getpeername
getsockname
getname
getsockopt
setsockopt
recv
recvfrom
socket
select
send
sendto
closesocket
shoutdown
(2) Other APIs for prohibiting operations on the aforementioned file, printing, and external device
As a method for monitoring such a communication API and prohibiting printing, storage, and output to an external device, there are the following methods.

  First, the prohibition designation described in the web page is read. Specifically, if data of an http protocol or an equivalent protocol is monitored and a web page data portion includes a prohibition tag for printing or saving, printing or saving of the web page is prohibited. Judge that Alternatively, the user is requested to acquire authority, and if the acquisition is not possible, it is determined that printing or storage is prohibited. However, if it can be obtained, it is determined that printing or storage is not prohibited. That is, whether or not there is an access authority is determined based on whether or not the access authority has been acquired.

  A method of prohibiting the printing, saving of files, and output to an external device described above when a browser displaying a page that is prohibited from printing, saving, or outputting to an external device tries to print or save. And prohibit it.

  The example of the Web page described here can be easily used in the contents of digital television because of the similarity of the mechanism.

  Next, an example in which the resource management program is applied will be described.

  6 transfers the access status of the resource managed by the resource management program 203 to the history management program 601 and stores it in the history management database (DB) 602, as shown in FIG. It shows a configuration for screen display as an access monitoring history. The report program 603 transmits and displays an unauthorized access notification screen having the contents shown in FIG. 7B to the system administrator's terminal when unauthorized access is made.

  When a general user performs unauthorized access, a screen display as shown in FIG. 7A is performed.

  In the above description, the access authority management table 2035 is referred to determine whether or not the access authority exists. However, the extended access authority that is described in the computer resource and is not defined in the existing environment is used. It is also possible to determine whether or not there is an access authority by referring to the specified access authority information.

  The network resources used in the above description relate to the network among resources managed by the OS, such as communication media, devices, access points, digital television channels, communication data, or contents.

  As described above, in the first embodiment, the resource management program 203 basically starts from a process or OS for a computer resource managed by an OS such as a file, network, storage device, display screen, or external device. The operation request is captured before accessing the computer resource, and it is determined whether or not there is an access right to the computer resource specified by the captured operation request. As a result of the determination, if there is access authority, it is passed to the OS as requested by the operation, and the result is returned to the request source process. On the other hand, if there is no access authority, the operation request is rejected. This makes it possible to operate resources for users who do not have access authority, including computer resources other than files and screens, without changing the OS or processes (programs running under the OS, such as applications and daemons). Can be limited.

  Further, by incorporating the resource management program 203 into an existing environment, various types of unauthorized access as described above can be restricted, and the range of existing access authority can be expanded.

  Furthermore, even if the requesting application does not have a function corresponding to an access violation, it is converted into an operation request for a dummy computer resource and passed to the OS, so that a function corresponding to the access violation is provided. It is possible to deal with applications that do not have.

  The resource management program 203 can be installed or loaded on a computer through various media such as a disk storage such as a CD-ROM, a semiconductor memory, and a communication network. Moreover, it can provide to a computer user as a program product single-piece | unit.

  Further, the API illustrated in the first embodiment is only an example, and it is needless to say that it can be easily handled even when it is added by upgrading the OS.

Second Embodiment
FIG. 10 is a diagram showing a system configuration of the second embodiment according to the present invention.

  In FIG. 10, reference numeral 11 denotes a server having the structure of the computer architecture of the present invention in the security environment described above. This configuration shows the overall configuration of the Hamming Heads security management system (H.H system) realized by the resource management program 203 of the first embodiment, and shows the hierarchy of the computer architecture according to the present invention.

  Reference numeral 201 denotes an OS, which may be any of Windows, MAC, or OS as described above. The feature of this HH system is that it does not depend on the OS. 18 API 1 (Application Program Interface 1) is located in the OS 201 and serves as an interface with the OS 201. This corresponds to the API group 2012 provided to the application by the OS 201 in FIG. Also, an instruction is given to the OS 201 in response to a request from the SCM 19 corresponding to the resource management program 203.

  The instruction in this case relates to a method of providing information to the client, and refuses information at all, allows only browsing, and permits copying, mailing, forwarding, and the like.

  19 SCM (Security Control Management) corresponds to the resource management program 203 of FIG. 3 shows an H (Humming Heads) security module. This monitors the processing of the OS 201 and APL 21 (application software), and determines permission or non-permission of access to resources by the APL 21 under some condition. Reference numeral 12 denotes an access authority management table, which is an extension of the access authority management table 2035 of FIG. In particular, the access authority management table 12 determines how the client can access the system. Further, when a client accesses, a person's name, telephone number, or ID number is held in the access authority management table 12, and the position and weight of the accessed client are determined.

  Note that the client described here indicates one terminal for the server 11, each of a plurality of users who use the terminal, or a part or all of them.

  In particular, whether the client request is accepted as it is or whether it is permitted with a condition is determined based on the client personal data stored in the access authority management table 12. Information cannot be provided to the client as requested, but may be provided by charging. In this case, the client's personal data is set to accept the client's request as it is depending on whether or not there is a charge, or to allow it with a condition.

  An API 2 (Application Program Interface 2) 20 functions as an API between the APL 21 and the SCM 19 and monitors the access of the client. If there is an access, it passes to the OS 201. It also monitors external devices under the control of the OS 201. All resources requested by the OS 201 are targeted. The API 2 (20) has the function of the history management program shown in FIG. 6, and stores the history of accesses and requests from clients in the history file 14 as necessary.

  The APL 21 is a variety of application programs, such as Office 2000, Word, Excel, Power Point of Microsoft Corporation. The client uses / reproduces text, diagrams, or information such as still images, moving images, sounds, music, etc. under the control of the OS. Reference numeral 13 denotes a file created by the APL 21, for example, a file group created by various application software and clients.

  Reference numeral 22 denotes, for example, an interface (I / F) for connecting the server 11 having the SCM 19 and an external device. In this example, the external device (client 28, user's user) is connected via the communication network 15 and the driver software 16. Screen 23, printer 24, fax / copier 25).

  Other clients can receive information via the communication network 15 using external devices such as 23, 24, 25, and 28.

  Reference numeral 26 denotes a public network communication interface. Reference numeral 27 denotes a communication line connected to a serial or parallel connector such as USB, RS232C, IEEE1394, etc. for connecting an external device. Reference numeral 29 denotes a connection line to an external device, and the driver software 16 is generally built in the external device 23, 24, 25, 28 or the server 11.

FIG. 11 is a schematic diagram showing the relationship between the OS 201, the external devices 23, 24, 25, and 28, the file 13, and the SCM 19 in the configuration shown in FIG.
The file 13 includes a creation created by the client, an H.264 provided by the server 11. Various information provided from the H site (Humming Heads site) and the server 11 is stored. This information includes sentences, diagrams, pictures, sounds, still images, moving images, and the like.

  The SCM 19 is located between the OS 201 and the APL 21 and monitors the movement of the client regarding the extraction and use of information. Under the control of the OS 201, the authority of the client is checked for the output of information to the external devices 23, 24, 25, and 28, and restrictions are added. As described above, the restriction gives permission to copy information and transfer by electronic mail.

  The access authority management table 12 stores the authority information of the client, and can check the output to the external device by checking each time according to the request. The client needs to register personal information in advance. If it is a company, corporation, government agency, local government, etc., authority may be restricted or given by position, such as general manager, section manager, or general manager.

  In addition, an external general person may request access as a client. At that time, as long as the information can be output to the outside, the SCM 19 may manage the free information and the paid information in layers.

<Third Embodiment>
In the first and second embodiments, the security environment of the present invention is provided in an environment in which the resource management program 203 is installed in advance in a server or a client. However, a server or client on which this resource management program 203 is not installed in advance cannot realize the security environment of the present invention. Therefore, in the third embodiment, a configuration for realizing the security environment of the present invention for a server or client on which the resource management program 203 is not installed in advance will be described.

  FIG. 12 is a system configuration diagram showing the third embodiment.

  The configuration shown in FIG. 12 includes an information processing device 310 that provides protected electronic information, an information processing device 311 that receives and uses electronic information, and a communication line 312 that can transmit the protected electronic information to the receiving side. It shows a system configuration.

  The information processing apparatus 310 on the providing side includes a computer (PC) 3100 having a hard disk drive (HDD) 3103, and an external apparatus (for example, a floppy (registered trademark) disk drive (for example) that can output protected electronic information to the outside. FDD)) 3102 and holds electronic information 3101 to be provided. In addition, an external interface (I / F) 3104 connected to the communication line 312 is included.

  The PC 3100 is a general-purpose computer such as a personal computer or a workstation, and includes a keyboard, a mouse, a display, and the like (not shown) that are normally provided in the general-purpose computer.

  On the other hand, the information processing apparatus 311 on the receiving side includes a computer (PC) 3110 provided with a hard disk drive (HDD) 3112 and an external apparatus (for example, a floppy (registered trademark) disk drive) that can read protected electronic information from the outside. (FDD)) 3113, display 3116, output unit 3115 such as printer, FAX, copier, etc., input unit 3114 such as keyboard and mouse, etc., and protected electronic information received via external interface (I / F) 3117 3111 is held. In addition, an external interface (I / F) 3117 connected to the communication line 312 is provided.

  In this way, the information processing apparatus 310 on the providing side and the information processing apparatus 311 on the receiving side can exchange various types of electronic information including protected electronic information using the communication line 312.

  The PC 3100 incorporates a general-purpose OS or platform, and further incorporates a protection program according to the third embodiment.

  The PC 3110 incorporates a general-purpose OS and an application for accessing the received electronic information.

  On the providing side, the electronic information 3101 to be provided is protected by a protection program to create the protection electronic information. The created protected electronic information is transferred to the receiving side via the external device 3102 or the communication network 312, and the information processing device 311 on the receiving side receives the protected electronic information via the external device 3113 or the communication line 312. Then, by executing the received protected electronic information, the target electronic information can be used, but the range of use is limited by the protection of the electronic information. For example, the printing operation is prohibited and the user is limited. This restriction is realized by the resource management program 203 of the first embodiment.

  As described above, in the third embodiment, by providing protected electronic information defining a restriction operation to the receiving side, the providing side can provide the electronic information in a form in which the usage range of the receiving side is limited. .

  FIG. 13A is a diagram showing a configuration of the protection electronic information. The protection electronic information 320 includes a restriction program 321, a restriction attribute 322, and original electronic information 323 to be restricted. Further, as shown in FIG. 13B, the restriction program 321 includes an expansion routine unit 3210 and a restriction routine unit 3211. The restriction routine unit 3211 corresponds to the resource management program 203 of the first embodiment.

  Furthermore, as illustrated in FIG. 13C, the restriction attribute 322 includes target application information 3220, restriction operation information 32111-2221N, and restriction condition information 32221-3222N corresponding thereto. Note that a plurality of sets of restricted operation information and restricted condition information may be held as necessary, and the figure shows a state in which N sets of restricted operation information and restricted condition information are held.

  As the restricted operation information, a function to be restricted is designated from among the functions installed in the application, OS, or platform. For example, printing, editing, display, screen image acquisition, saving to an external device, and the like.

  As the restriction condition, a condition for restricting the operation is designated. For example, specification of available time, specification of available computer, specification of available user or group, billing conditions, and the like.

  When restricting a specific operation unconditionally, the restriction condition is omitted.

  If the target application is obvious, the target application information 3220 may be omitted. For example, in Windows, an application may be specified by the extension of a target file, which is a case where the target application is obvious.

  Conversely, by specifying the target application, it is possible to limit the applications that access the electronic information.

  The restriction routine unit 3211 is implemented with a program code (resource management program 203 of the first embodiment) for monitoring and controlling an operation on the target electronic information, and the contents and implementation method thereof will be described in the first embodiment. That's right.

  FIG. 14 is a flowchart showing a procedure for providing protected electronic information according to the third embodiment.

  In step S30, the target electronic information 323 is read and stored in a storage medium such as a memory or a hard disk.

  At this time, the electronic information 323 may be stored in an encrypted state. In this case, it becomes difficult to read the original electronic information in the protected state, and the security is further improved.

  In step S31, the restriction attribute 322 in which the operation and the conditions for restricting the electronic information 323 are defined is added to the electronic information 323 stored in step S30. If necessary, application information for using the electronic information 323 may be included in the restriction attribute 322. When the application information is included, the electronic information can be accessed only by using the application.

  In step S32, a restriction program 321 for executing access control to the electronic information 323 is added to the electronic information 323 stored in S30. As a result, the protected electronic information 320 is generated. The content of the restriction program 321 is sufficient if a program code that can control the restriction content specified for the target electronic information 323 is sufficient, and therefore the content of the restriction program 321 varies depending on the target electronic information 323 and the restriction attribute 322. It may be.

  Further, since the restriction program 321 needs to be executable on the OS or platform on the receiving side of the protected electronic information 320, the restriction program 321 is made into a program code in an executable format according to the usage environment on the receiving side.

  In step S33, the protection electronic information 320 is output. Here, the protected electronic information 320 is obtained by adding the restriction attribute 322 and the restriction program 321 to the electronic information 323 stored in step S30 in steps S31 and S32, and in an environment in which the protection electronic information 320 is used. Make it executable.

  FIG. 15 is a flowchart showing a procedure for using the protected electronic information according to the third embodiment.

  The protected electronic information 320 has a format that can be executed in the usage environment, but the processing when the protected electronic information 320 is executed is performed by the program code in the expansion routine unit 3210 in the restriction program 321. This flow chart explains the flow of the development routine section.

  The restriction program 321 includes a restriction routine part 3211 in addition to the expansion routine part 3210. The restriction routine part 3211 is a program code for controlling access from an application (the resource management program 203 of the first embodiment). The details are as described in the first embodiment.

  In step S401, the protection electronic information 320 is activated. Although the activation method varies depending on the use environment, for example, the OS may be activated as an executable file, or the Web browser may be activated as a plug-in or JAVA applet.

  In step S402, the restriction routine unit 3211 included in the restriction program 321 is loaded into the RAM in the computer and activated.

  In step S403, the restriction attribute 322 included in the protection electronic information 320 is acquired. When the application information 3220 to be started is included in the restriction attribute 322, the application information 3220 is acquired and the application to be started is specified. If the restriction attribute 322 does not include application information to be activated, the application to be activated is specified by automatic determination.

  The automatic determination method includes, for example, a method of acquiring an application defined by the OS from the type and extension of the electronic information 323, and a method of specifying the application according to the usage environment.

  Further, the restriction operation and the restriction condition included in the restriction attribute 322 are acquired and passed to the restriction routine unit 3211 activated in step S402.

  In step S404, the application specified in step S403 is activated.

  In step S405, it is determined whether the application activation in step S403 has succeeded or failed. If the application has been successfully activated (Yes in step S403), the process proceeds to step S407. In step S407 and subsequent steps, the restriction routine unit 3211 activated in step S402 starts monitoring the access of the application by the mechanism, and the subsequent operation of the application can be controlled.

  If the activation of the application in step S403 has failed (No in step S404), the execution of the protected electronic information 320 is terminated.

  When the execution of the protection electronic information 320 is terminated, the restriction routine unit 3211 activated in step S402 may be terminated in step S413.

  When the restriction routine unit 3211 is not terminated, there is an advantage that when the same restriction routine unit 3211 is activated at the subsequent activation of the protected electronic information 320, the activation becomes faster. Whether or not to execute step S413 when the application activation in step S403 fails may be selected according to the usage environment.

  On the other hand, if the activation of the application is successful, in step S407, the original electronic information 323 included in the protected electronic information 320 is extracted and restored to a state accessible by the application. For example, if the application accesses in the file format, it outputs to the file format. By restoring the information in the same format as the original electronic information, access from the application becomes possible.

  If the electronic information 323 is encrypted in step S30 of FIG. 14, the electronic information 323 is also decrypted in step S407.

  In step S408, the electronic information restored in step S407 is passed to the application started in step S404.

  In step S409, the application is in a normal access to the electronic information 323. However, since access is controlled by the restriction routine unit 3211, the electronic information 323 can be used only within the restriction range defined by the restriction attribute 322. That is, when an operation prohibited by protection is attempted, the restriction routine unit 3211 rejects the operation. In some cases, the operation is permitted by charging.

  In step S410, the application releases the electronic information 320. Generally, when the use of the electronic information 320 ends, the application releases the electronic information that is no longer used. In the case of electronic information in a file format, releasing is also called closing.

  In step S411, triggered by the application releasing the electronic information 320 in step S410, the electronic information 320 restored in step S407 is deleted.

  In step S412, the application is terminated.

  In step S413, using the application termination in step S412 as a trigger, the restriction routine unit 3211 activated in step S402 is terminated and released from the computer.

  Steps S411 and S413 are processes for activating the protected electronic information 320 and releasing and deleting the original electronic information while the application is using it, but these processes can be omitted. Even if omitted, it is possible to restrict the operation of the target electronic information, but performing these processes has an advantage of leaving no trace of the original electronic information. It also has the advantage of saving resources on the computer.

  Next, a specific example of the third embodiment will be described.

  FIG. 16 is a diagram showing a specific example in the case of providing electronic information in a file format. Here, as electronic information, a document file used by word processing software is taken as an example.

  The document file providing side (350) performs protection on the document file (3501) to be provided with restrictions (3502), creates a protection document file (3503), and creates this protection document file (3503). 3503) is provided to the user side, thereby restricting the operation on the user side for the document file.

  As a providing means, a method (351) for providing using a file transfer software such as e-mail software or FTP software, a floppy (registered trademark) disk or a CD-R / RW recordable and removable. There are a method (352) of copying and providing to a medium, and a method (353) of providing using a remote file system using a network such as a LAN or a public line.

  In either method, the protected document file 3503 is provided to the user side in the file format. The provided protected document file 3503 has a format that can be executed by the user's computer, and by executing it, word processing software for accessing electronic information is executed. The target electronic information can be used. In addition, during use, access to the word processor software is controlled by the restriction routine unit, and prohibited operations are rejected.

  For example, if printing, editing, or document transfer is prohibited in order to allow only browsing, if the word processor software has a function that the word processor software wants to prohibit, include these control program codes in the restriction routine section, This can be realized by specifying the print, edit, and transfer functions.

  Further, when the usage time, the user, and the usage location are limited, the limitation can be made by specifying those conditions as the limiting conditions.

  Furthermore, by specifying the billing information as the restriction condition, it is possible to charge when the user browses the document file.

  This example is an example that is effective when a document file to be copyrighted or provided only to a specific person.

  FIG. 17 is a diagram showing a specific example when electronic information other than the file format is provided. Here, multimedia information such as images, music, and moving images is taken as an example of electronic information.

  On the multimedia information providing side (360), the multimedia information (3601) to be provided with restrictions is protected ((3602) to create protected multimedia information (3603), and this protection is performed. By providing the converted multimedia information (3603) to the user side, the operation on the user side with respect to the multimedia information is limited.

  As a providing means, there are a method of providing using a Web system (361), a method of using a service using a mobile terminal such as a mobile phone (362), and the like.

  In either method, the protected multimedia information 3603 is provided to the user side as communication data via a communication network. The provided protected multimedia information 3603 has a format that can be executed on the Web browser software running on the user's computer or the OS of the mobile terminal, and executes the protected multimedia information 3603. Thus, the multimedia software for accessing the multimedia information is executed, and the target electronic information can be used by the method described above. In addition, during use, access to the multimedia software is controlled by the restriction routine unit, and prohibited operations are rejected.

  Here, examples of a format that can be executed on a Web browser or a mobile terminal include a JAVA applet format and a format that is executed by a specific plug-in. That is, the format of the protected electronic information 3603 may be a format that can be executed on the platform on the user side and can start the target application.

  If the executable format is a file format, it is realized by the same method as that described for the protected document file 3503.

  For example, when printing, editing, or multimedia transfer is prohibited to allow only browsing, if the multimedia software has a function that it wants to prohibit, include these control program codes in the restriction routine part and restrict it. This can be realized by specifying printing, editing, and transfer functions as operations.

  Further, when the usage time, the user, and the usage location are limited, the limitation can be made by specifying those conditions as the limiting conditions.

  Furthermore, by specifying the billing information as the restriction condition, it is possible to charge when the user uses the multimedia information.

  This example is effective when multimedia information that is difficult to provide in a file format, such as when live information is provided in real time, or when billing is provided for an unspecified number of people using a Web system. is there.

  As described above, according to the third embodiment, by creating protected electronic information, even in an environment in which security is not secured in advance, an environment in which desired security is secured is provided as necessary. can do.

  The protected electronic information exemplified in the above third embodiment is merely an example, and any form that can be executed according to the use environment of the electronic information may be used. Needless to say, even if it is changed, it is possible to easily cope with it, and further, it is possible to extend the operation to be restricted within the scope of the function of the restriction program.

  In addition, there are many applicable electronic information items other than those shown in the examples, and it goes without saying that electronic information that can be protected can be similarly limited.

  The protection program according to the present invention can be installed or loaded on a computer through various media such as a disk storage such as a CD-ROM, a semiconductor memory, and a communication network. Moreover, it can provide to a computer user as a program product single-piece | unit.

<Fourth embodiment>
In the fourth embodiment, application examples of the first to third embodiments will be described. In particular, the fourth embodiment is an example in which the first to third embodiments are applied to a wide-area communication environment such as Internet. FIG. 18 is a system configuration diagram showing the fourth embodiment.
The communication network 15 is a public network, and uses the Internet IP, telephone network PSTN, XDSL network, digital network ISDN, B-ISDN, ATM, mobile network, satellite network, and the like.
Reference numeral 31 denotes an official website, for example, an NTT DoCoMo i-mode site. Reference numeral 32 denotes a mobile radio network antenna, which is connected to an i-mode site in the fourth embodiment. Of course, PHS and other PDCs (Personal Digital Cellar) can also be used. In particular, since IMT2000 is high-speed, it is excellent in moving image transmission.

  33 is an H.33 having the server (hereinafter, H.H server) described in the second embodiment. It is an H site and provides various information. This H. As described above, the H site 33 is a system with a complete security, and is restricted by the authority of the client. H. The H site uses a server equipped with software that implements the SCM 19 described in the second embodiment.

  34 is a database site that stores information necessary for various businesses and research. It can be used via the H site 33. 35 is a web cast, and digital broadcasting is performed by H.264. Available through H site. 36 is a website of a financial institution such as a bank or a credit company. When the H site 33 is charged, a usage fee is collected.

  37 is a mall provided on the Web. You can shop through H site 33. Payment of purchase is made from the financial institution's site 36.

  When you are charged for purchasing a product on the Web or watching or listening to a digital broadcast, Since it is via the H site 33, the client who is the user and the provider of the service can use it with peace of mind because the security is perfect.

  38 is H.38. This is an example in which terminal devices for users of the H site 33 are installed at convenience stores, street corners, and plazas. Although not shown, a printer, a copier, and the like are also connected. 39 indicates a school and research institution, 40 indicates a factory and an office. A terminal device for the user of the H site 33 is set.

  41 is H. This is an installation example of terminal equipment for users of the H site 33, and 45 indicates a home server. In recent years, people working from home have increased. This is due to the development of communication lines, and when data and information in a company are utilized, the security effect of the present invention is exhibited. 46 is a home router.

  Reference numeral 42 denotes a portable information terminal device, which is also called a mobile device. The spread of the portable information terminal device 42 is remarkable, and the development of the i-mode has rapidly increased. It is possible to send an e-mail to a CHTML browser. Convenience is good because the H site 33 can also be accessed. Furthermore, as seen in PalmOS, the usability of a PDA (personal digital assistant device) is also good. A printer, Internet camera, or digital camera can be installed or connected.

  Reference numeral 43 denotes a client (user). In FIG. 18, the client 43 can work anywhere as a mobile, regardless of location. Of course H. By using the H site 33, an authority restriction function that is the security of the H site 33 is exhibited. Therefore, a corporate intranet (not shown) can be easily used.

  44 is a vehicle-mounted mobile body, which is similarly operated by the mobile Internet. The service from the H site 33 can be received.

  In the fourth embodiment, H.264 is used. H. Although an example of configuring the H server has been described, this server may be configured on the Web site 31. Further, when applying the protection program for creating the protection electronic information according to the third embodiment, for example, H.264. It is configured on the H site 33 or the Web site 31, and is used by the user as necessary.

<Fifth Embodiment>
In the fifth embodiment, another application example of the first to third embodiments will be described. In particular, the fifth embodiment is an example in which the first to third embodiments are applied to an intranet in a company.

  FIG. 19 is a system configuration diagram showing the fifth embodiment.

  In FIG. 19, the same components as those in the fourth embodiment are denoted by the same reference numerals, and details thereof are omitted.

  The communication network 15 is connected to the router 51 via the line 26. 52 is a WWW server, and 53 is a firewall. The firewall (F / W) 53 includes H.264. The H server 55 is connected. 67 is a connection line for connecting the WWW server and the F / W 53, and 66 is a connection line between the F / W 53 and the H.W. This is a connection line for connecting the H server 55.

  56 is H.56. This is a database of a company connected to the H server 55 via the LAN 54. This database 56 stores various data and information necessary for corporate activities such as customer lists, sales information, production information for manufacturing, manufacturing and technical information, and design and development information for factories. Employees can use it with restrictions according to their authority as explained above. These types of information include information that can be used and information that cannot be used according to job class. In some cases, there is information that can be disclosed only to officers with representative rights. The H server 55 can be managed under appropriate restrictions.

  57, 58, and 58mn connected via the in-house LAN 54 are client PCs and servers in the company. 59 is a multi-function telephone, 60 is a printer, FAX / copier. 61 is a portable information terminal device (for example, PDA), 62 is a mobile phone, and 63 is a mobile notebook PC. These devices are used as in-house and campus mobile devices. Reference numeral 65 denotes a local mobile in-vehicle terminal. Reference numeral 64 denotes an antenna for in-house or on-premises mobile terminal equipment.

  This intranet can be used not only by companies but also by corporations, research institutions and educational institutions, and can also be accessed from outside the company. In the case of use from the outside, it is possible to provide internal information while ensuring security. Therefore, the system according to the present invention is very effective.

  In the fifth embodiment, H.264 is included in the intranet. The example in which the H server 55 is configured has been described. The security function realized by the H server 55 may be configured in a client on the corporate LAN 54. Further, when applying the protection program for creating the protection electronic information according to the third embodiment, for example, H.264. It is configured on the H server 55 and used by the user as necessary.

<Sixth Embodiment>
In the sixth embodiment, still another application example of the first to third embodiments will be described. In particular, the sixth embodiment is an example in which the first to third embodiments are applied to an end user environment such as SOHO.

  FIG. 20 is a system configuration diagram showing the sixth embodiment.

  In FIG. 20, the same components as those in the fourth embodiment are denoted by the same reference numerals, and the details thereof are omitted.

  As explained earlier, the spread of IT has increased the number of people working at home. In Japan, it is said that it has already exceeded 6 million people. It can be said that this trend is increasing with the declining birthrate and aging.

  In FIG. 20, the home 41 where the end user is located is connected to the public line 26 via the home router 72. The home router 72 is connected to the home LAN 73. The home LAN 73 may be not only a wired LAN but also a wireless LAN using Bluetooth and IrDA. 74 is a PC or home server, 75 is a multi-function telephone with a large screen, 76 is a TV, 77 is an audio / video device, and 78 is a portable information terminal device. Reference numeral 71 denotes an antenna for connection to a public wireless network. Reference numeral 41 denotes a home.

  Since working at home handles various types of corporate information and confidential information, ensuring security is the most important issue. In the sixth embodiment, the H.264 official website 31 It is safe because information is exchanged through the H site 33. In addition, it has become an environment where contents for entertainment as well as work are received from the network. By receiving TV and music distribution from the Webcast 35, the TV terminal 76, the AV device 77, and the portable information terminal device 78 can be browsed and watched to enrich the life.

  When paid entertainment content is provided from a site on the network, a fee is charged. In this case, H.C. By using the H site 33, for example, a credit card number can be input, and the usage fee can be automatically withdrawn from the site 36 of the financial institution. In this case, personal authentication is required to prevent spoofing. Various methods of personal authentication have been proposed, but in addition to ID numbers and telephone numbers, public keys may be used when the sensitivity is high. Note that the home server 74 is H.264. An H server may be installed to ensure safety. When working at home belonging to an organization, the home server 74 is also a homeworking method in which a condition is set that the home server 74 uses a thing provided by a company to work at home.

  Further, when applying the protection program for creating the protection electronic information according to the third embodiment, for example, H.264. It is configured on the H site 33 or the Web site 31, and is used by the user as necessary.

  Next, a flow for ensuring security in the sixth embodiment and a flow for imposing restrictions and charges on users and clients will be described.

  FIG. 21 is a flowchart for realizing the sixth embodiment.

  Note that in FIG. H site 33 and its H.33. H. under the control of the H server. Although described as processing between clients accessing the H site 33, H. The processing in FIG. 21 may be realized by processing between the H server and the client. In step S81, H. H site 33 is accessed. In step S82, H.C. At the H site 33, the personal information of the accessing client is searched and verified.

  In step S83, information from the client is specified. The specification here is characterized in that the authority is restricted by the level of confidentiality and the rank of the client's job that has been accessed. As long as the client and user belong to the organization, the hierarchy of positions can be automatically identified. The information that can be provided is distinguished from the information that cannot be provided because access from the general public is possible. In addition to company catalogs and advertisements that can be provided free of charge, there is also information that can be distributed for a fee. If it is characterized by distributing high-value items even if there is a charge, this H.264. The H site 33 is established as a business.

  In step S84, H.I. It is determined whether or not a request from a client accessing the H site 33 can be answered.

  If it is determined in step 84 that information may be provided to the client, an OK response and display are issued in step S85. Next, in step S86, for example, the client requests a copy of the request information and transfer to another person by e-mail. In step S87, the responsibilities and authority of the client are changed to H.264. The determination is made by the H site 33. As described above, in the present invention, the use of information is restricted by the authority of an individual.

  If the client request is accepted as a result of the determination, in step S88, a message indicating that both copying and mail transfer are OK is displayed on the client screen. Note that the case where the request is approved is determined, for example, that the client has high authority or the request information has low confidentiality.

  In step S89, a history of what information and documents were copied by the client and when the mail was transferred is H.264. Recorded in the H server 33.

  In step S90, H.C. Since the history management in the H server 33 is completed and the conditions provided by the request information are satisfied, the request information is provided to the client.

  On the other hand, if it is determined in step S84 that information cannot be provided to the client, the client is notified that the request is rejected in step S91. In step S92, the client inputs a telephone number, insurance card number, driver's license, pension number, etc. as the ID number. A client that needs to input such an ID number is H.264. Clients that have accessed the H site 33 for the first time, A general client who does not use the H site 33 is assumed.

  Then, in step S93, the H.264. The H site 33 determines whether or not the subsequent processing can be executed based on the input ID number. If the execution is rejected, the process is terminated. On the other hand, when the execution is permitted, the process proceeds to step S85.

  If it is information that permits provision if payment is made, the client is informed of the amount of billing. The amount of money varies depending on the information, sensitivity of the document, and importance, and the amount varies.

  In other words, step S93 assumes information that does not use charging as a condition for information disclosure, information that is not required by the client if there is a charge, or information that is required by the client depending on the amount charged. Configured. In this way, if the acquisition can be permitted, the process proceeds to step S85, and if it cannot be permitted, the process ends.

  On the other hand, if the result of determination in step 87 is that the client's request cannot be accepted, the process proceeds to step S94. In step S94, the desired information, document copy, and e-mail transfer are determined to be impossible by the determination in S87, but browsing on the client screen is permitted, and such display is output to the client screen. For this reason, browsing information is sent to the client. Since the information is controlled by the H site 33, even if the information is displayed on the screen of the client, the information cannot be copied and transferred by e-mail.

  In step S95, the H.C. The history as described above is managed in the H site 33. In step S96, the requested information is displayed on the client screen. Here, some clients inevitably have information that they want to copy or transfer by e-mail. Therefore, the client can make a request for permission to the site and the server again here. That is, in step S97, an application for information provision by accounting is applied. In this step, the responsibilities and hierarchy of the client are H.264. Since it is recognized by the H site 33, it may be permitted depending on the amount of money.

  H. can be provided if charged. When the H site 33 determines, the amount is presented. H. can not be provided even if charged. If the H site 33 determines, in step S98, the process is terminated only by displaying a notification screen for rejecting the operation to the client. Further, the display time may be limited according to the degree of information and documents. If you want to display within a predetermined time and want to watch for a longer time, it is also possible to introduce a billing system.

  In this case, in step S99 and step S100, H. H site 33 is inquired of the client and the user about whether or not there is a longer display and billing. H. If the H server 33 and the client agree, the screen display is performed for a long time in step S101.

  H. If the H server 33 is not charged and the client does not agree, the process ends with display for a predetermined time only.

  As described above, in the first embodiment, an example has been described in which the access authority is restricted to the client without changing the OS or its process to prevent fraud. In the second embodiment, H.264 The system configuration of the H server has been described. In the third embodiment, a configuration has been described in which the security environment realized in the first embodiment is provided to an arbitrary user.

  In the fourth embodiment, an H.264 network that is used in a social environment centering on a communication network, particularly the Internet. The system configuration of the H site has been described.

  In the fifth embodiment, the H.264 standard is used on intranets of companies, factories, schools, research institutions, organizations, and the like. The application of the H server has been described. Further, in the sixth embodiment, this H.264 for home office and home work is used. The application of H site was explained.

  Note that the flowchart of FIG. Information, document browsing, copying, and e-mail transfer via the H server and site have been described. However, in the billing system based on the distribution of digital broadcasting from the Webcast and distribution from various free paid contents described in FIG. Can also be applied.

  An object of the present invention is to distribute a storage medium recording software program codes for realizing the functions of the above-described embodiments to a system or apparatus, and a computer (or CPU or MPU) of the system or apparatus stores the storage medium. Needless to say, this can also be achieved by reading and executing the program code stored in.

  In this case, the program code itself read from the storage medium realizes the functions of the above-described embodiments, and the storage medium storing the program code constitutes the present invention.

  As a medium for supplying the program code, for example, floppy (registered trademark) disk, hard disk, optical disk, magneto-optical disk, CD-ROM, CD-R / RW, DVD-ROM / RAM, magnetic tape, nonvolatile tape A memory card, ROM, or the like can be used.

  Further, by executing the program code read out by the computer, not only the functions of the above-described embodiments are realized, but also the OS or platform running on the computer based on the instruction of the program code is actual. It goes without saying that some or all of the processing is performed and the functions of the above-described embodiments are realized by the processing.

  Further, after the program code read from the storage medium is written to a memory provided in a function expansion board inserted into the computer or a function expansion unit connected to the computer, the function expansion is performed based on the instruction of the program code. It goes without saying that the CPU or the like provided in the board or the function expansion unit performs part or all of the actual processing and the functions of the above-described embodiments are realized by the processing.

  When the present invention is applied to the above medium, the storage medium stores program codes corresponding to the flowcharts described above.

101 Computer 102 Network 201 General-purpose OS
203 Resource management program 601 History management program 602 History DB
603 Reporting program 2031 API monitoring controller 2032 APL monitoring controller 2033 Access control controller 2034 OS monitoring controller 2035 Access authority management table 11 H server 12 Access authority management table 13 File 14 History file 15 Communication network 16 External device driver software 17 General-purpose OS
18 API1 (Application Program Interface 1)
19 SCM (Security Control Management)
20 API2 (Application Program Interface 2)
21 APL (Application Program Logic)
22 External Device Interface 23 Screen Terminal Device, TV, PDA, Multi-Function Telephone with Large Screen 24 Printer 25 Fax / Copier 26 Public Network Communication Interface 27 Communication Line 28 Client 31 Official Web Site 32 Wireless Base Station 33 H Site 34 Database Site 35 Web Cast 36 Financial Institution 37 Web Mall 38 Convenience Store, Street Corner Terminal 39 School, Research Institution 40 Company, Factory, Office 41 Home, Work at Home 42, 78 Mobile Information Terminal Equipment, Mobile Phone, PDA
43 users, clients 44 in-vehicle mobile terminal devices 45, 74 home servers 46, 72 home routers 51 routers 52 web servers 53 firewalls 54 LANs (Local Area Network)
55H. H server 56 Database 57, 58, 58 mn PC, server 59, 75 Multi-function telephone 60 Fax, printer, copier 61 Personal digital assistant device 62 Mobile telephone 63 Notebook PC
64 On-site wireless antenna 65 On-site mobile in-vehicle terminal device 66, 67 Connection line 71 Home wireless antenna 76 TV
77 Audio equipment 310 Information processing apparatus 311 that provides electronic information 311 Information processing apparatus that receives electronic information 312 Communication network 3100, 3110 Computer 3101 Electronic information 3102, 3113 Removable disk drive 3103, 3112 Hard disk drive 3104, 3117 External Interface 3111 Protected electronic information 3114 Input unit 3115 Output unit 3116 Display 320 Protected electronic information 321 Restricted program 322 Restricted attribute information 323 Original electronic information 3210 Expansion routine unit 3211 Restricted routine unit 3220 Target application information 32211 Restricted operation information 1
3221N Restricted operation information N
32221 Restriction condition information 1
3222N Restriction condition information N
350, 360 Electronic information providing side 3501 General document file 3502, 3602 Protection processing 3503 Protection document file 351 Information providing method using mail or FTP 352 Information providing method using storage medium such as FD 353 On network Sharing 354, 363 Electronic information user side 3601 Multimedia information file such as image, music, video, etc. 3603 Protection multimedia information 361 Released on web page 362 Service to portable terminal

Claims (43)

An information processing method for controlling access to computer resources managed by an operating system on a computer,
A capture step for capturing a process request for the computer resource or an operation request from an operating system before accessing the computer resource;
A determination step of determining whether or not there is an access right to the computer resource specified by the operation request captured in the capturing step;
As a result of the determination in the determination step, if there is an access right, the processing step is passed to the operating system according to the operation request, and the result is returned to the requesting process;
And a rejection step of rejecting the operation request if there is no access right as a result of the determination in the determination step. 2. The information processing method according to claim 1, wherein the capturing step further captures a process for the computer resource and an operation request from an operating system before accessing the computer resource. The determination step refers to an access authority management table including resource specification information for specifying a specific computer resource, condition information for enabling access authority, and access authority information for specifying extended access authority that is not defined in the existing environment. Then, it is determined whether or not there is an access authority. The determining step refers to access authority information that specifies an extended access authority that is not defined in the existing environment and is described in the computer resource, and determines whether or not there is an access authority. The information processing method according to claim 1. The information processing method according to claim 1, wherein the determining step determines whether or not there is an access authority based on whether or not the access authority is acquired. The access authority information includes information specifying at least one of a right to move to another medium, a right to copy to another medium, a print right, a right to read to a shared memory, a screen capture right, and a limited right to use a process. The information processing method according to claim 3 or 4, characterized by the above. The information processing method according to claim 1, wherein the refusal step returns an access violation error notification to the requesting process without accessing the requested computer resource. The information processing method according to claim 1, wherein the refusal step returns a notification of successful access to the requesting process without accessing the requested computer resource. The information processing method according to claim 1, wherein the refusal step converts the operation request to a dummy computer resource, passes the operation request to the operating system, and returns the result to the request source process. An information processing apparatus that controls access to computer resources managed by an operating system on a computer,
Capturing means for capturing an operation request from a process or operating system for the computer resource before accessing the computer resource;
Determining means for determining whether or not there is an access right to the computer resource designated by the operation request captured by the capturing means;
As a result of the determination by the determination means, if there is access authority, the processing means is passed to the operating system according to the operation request, and the result is returned to the request source process; and
An information processing apparatus, comprising: a rejecting unit that rejects the operation request if there is no access right as a result of the determination by the determining unit. The information processing apparatus according to claim 10, wherein the capturing unit further captures a process request for the computer resource and an operation request from an operating system before accessing the computer resource. The determination means refers to an access authority management table including resource specification information for specifying a specific computer resource, condition information for enabling access authority, and access authority information for specifying extended access authority that is not defined in the existing environment. The information processing apparatus according to claim 10, wherein it is determined whether or not there is an access authority. The determination means refers to access authority information that specifies an extended access authority that is not defined in an existing environment and that is described in a computer resource, and determines whether or not there is an access authority. The information processing apparatus according to claim 10. The information processing apparatus according to claim 10, wherein the determination unit determines whether there is an access authority based on whether the access authority is acquired. The access authority information includes information specifying at least one of a right to move to another medium, a right to copy to another medium, a print right, a right to read to a shared memory, a screen capture right, and a limited right to use a process. The information processing apparatus according to claim 12 or 13, characterized by the above. The information processing apparatus according to claim 10, wherein the rejection unit returns an error notification of an access violation to the request source process without accessing the requested computer resource. The information processing apparatus according to claim 10, wherein the rejection unit returns a notification of successful access to the requesting process without accessing the requested computer resource. The information processing apparatus according to claim 10, wherein the refusal unit converts the operation request to a dummy computer resource, passes the operation request to the operating system, and returns the result to the request source process. A storage medium storing a program for causing a computer to execute information processing for controlling access to computer resources on the computer,
A capture step for capturing a process request for the computer resource or an operation request from an operating system before accessing the computer resource;
A determination step of determining whether or not there is an access right to the computer resource specified by the operation request captured in the capturing step;
As a result of the determination in the determination step, if there is an access right, the processing step is passed to the operating system according to the operation request, and the result is returned to the requesting process;
A storage medium storing a program for causing a computer to execute a refusal step of refusing the operation request if there is no access right as a result of the determination in the determination step. The storage medium according to claim 19, wherein the capturing step further captures a process request for the computer resource and an operation request from an operating system before accessing the computer resource. The determination step refers to an access authority management table including resource specification information for specifying a specific computer resource, condition information for enabling access authority, and access authority information for specifying extended access authority that is not defined in the existing environment. Then, it is determined whether or not there is an access authority. The determining step refers to access authority information that specifies an extended access authority that is not defined in the existing environment and is described in the computer resource, and determines whether or not there is an access authority. The storage medium according to claim 19. 20. The storage medium according to claim 19, wherein the determination step determines whether or not there is an access authority based on whether or not the access authority is acquired. The access authority information includes information specifying at least one of a right to move to another medium, a right to copy to another medium, a print right, a right to read to a shared memory, a screen capture right, and a limited right to use a process. The storage medium according to claim 21 or 22, wherein the storage medium is a storage medium. The storage medium according to claim 19, wherein the refusal step returns an access violation error notification to the requesting process without accessing the requested computer resource. The storage medium according to claim 19, wherein the rejecting step returns a notification of successful access to the requesting process without accessing the requested computer resource. The storage medium according to claim 19, wherein the refusal step converts the operation request to a dummy computer resource, passes it to the operating system, and returns the result to the requesting process. A program for causing a computer to execute information processing for controlling access to computer resources managed by an operating system on the computer,
A capture step for capturing a process request for the computer resource or an operation request from an operating system before accessing the computer resource;
A determination step of determining whether or not there is an access right to the computer resource specified by the operation request captured in the capturing step;
As a result of the determination in the determination step, if there is an access right, the processing step is passed to the operating system according to the operation request, and the result is returned to the requesting process;
If the result of determination in the determination step is that there is no access authority, the program causes the computer to execute a rejection step of rejecting the operation request. The program according to claim 28, wherein the capturing step further captures a process request for the computer resource and an operation request from an operating system before accessing the computer resource. 29. The program according to claim 28, wherein, when it is determined that there is no access right as a result of the determination in the determination step and access is denied by the rejection step, the access right is permitted by charging. 29. The program according to claim 28, wherein the computer resource includes contents of webcast, digital broadcast, and music distribution. An information processing system configured by connecting a first terminal and a second terminal to each other via a communication network,
The first terminal is
Capturing means for capturing an operation request from a process or operating system for the computer resource of the second terminal before accessing the computer resource;
The second terminal is
Determining means for determining whether or not there is an access right to the computer resource designated by the operation request captured by the capturing means;
As a result of the determination by the determination means, if there is an access right, a processing means for passing to the operating system of the first terminal according to the operation request and returning the result to the request source process;
An information processing system comprising: a rejection unit that rejects the operation request if there is no access right as a result of the determination by the determination unit. A control method for an information processing system configured by connecting a first terminal and a second terminal to each other via a communication network,
In the first terminal, a capturing step of capturing an operation request from the process or operating system for the computer resource of the second terminal before accessing the computer resource;
In the second terminal, a determination step of determining whether or not there is an access right to the computer resource designated by the operation request captured in the capture step;
As a result of the determination in the determination step, if there is access authority, a processing step of passing the result to the operating system of the first terminal according to the operation request and returning the result to the request source process;
And a rejection step of rejecting the operation request if there is no access right as a result of the determination in the determination step. A storage medium storing a program for causing a computer to execute control of an information processing system configured by connecting a first terminal and a second terminal to each other via a communication network,
In the first terminal, a capturing step of capturing an operation request from the process or operating system for the computer resource of the second terminal before accessing the computer resource;
In the second terminal, a determination step of determining whether or not there is an access right to the computer resource designated by the operation request captured in the capture step;
As a result of the determination in the determination step, if there is access authority, a processing step of passing the result to the operating system of the first terminal according to the operation request and returning the result to the request source process;
A storage medium storing a program for causing a computer to execute a refusal step of refusing the operation request if there is no access right as a result of the determination in the determination step. A program for causing a computer to execute control of an information processing system configured by connecting a first terminal and a second terminal to each other via a communication network,
In the first terminal, a capturing step of capturing an operation request from the process or operating system for the computer resource of the second terminal before accessing the computer resource;
In the second terminal, a determination step of determining whether or not there is an access right to the computer resource designated by the operation request captured in the capture step;
As a result of the determination in the determination step, if there is access authority, a processing step of passing the result to the operating system of the first terminal according to the operation request and returning the result to the request source process;
If the result of determination in the determination step is that there is no access authority, the program causes the computer to execute a rejection step of rejecting the operation request. An information processing apparatus connected to another terminal via a communication network,
Capturing means for capturing an operation request from a process or operating system for a computer resource of the other terminal before accessing the computer resource;
An information processing apparatus comprising: receiving means for receiving an answer to the operation request. An information processing apparatus connected to another terminal via a communication network,
Determining means for determining whether or not there is an access right to the computer resource designated by an operation request for the computer resource captured by the other terminal before accessing the computer resource of the information processing apparatus;
As a result of the determination by the determination means, if there is an access right, the processing means is passed to the operating system of the other terminal according to the operation request, and the result is returned to the request source process;
An information processing apparatus, comprising: a rejecting unit that rejects the operation request if there is no access right as a result of the determination by the determining unit. An information processing method of an information processing apparatus connected to another terminal via a communication network,
Capturing a process for the computer resource of the other terminal or an operation request from an operating system before accessing the computer resource;
A receiving step of receiving an answer to the operation request. An information processing method of an information processing apparatus connected to another terminal via a communication network,
A determination step of determining whether or not there is an access right to the computer resource specified by an operation request for the computer resource captured by the other terminal before accessing the computer resource of the information processing apparatus;
As a result of the determination in the determination step, if there is an access right, the operation step is passed to the operating system of the other terminal according to the operation request, and the result is returned to the requesting process,
And a rejection step of rejecting the operation request if there is no access right as a result of the determination in the determination step. A storage medium storing a program for causing a computer to execute information processing in an information processing apparatus connected to another terminal via a communication network,
Capturing a process for the computer resource of the other terminal or an operation request from an operating system before accessing the computer resource;
A storage medium storing a program for causing a computer to execute a reception step of receiving an answer to the operation request. A storage medium storing a program for causing a computer to execute information processing in an information processing apparatus connected to another terminal via a communication network,
A determination process professional for determining whether or not there is an access right to the computer resource specified by an operation request for the computer resource captured by the other terminal before accessing the computer resource of the information processing apparatus; ,
As a result of the determination in the determination step, if there is an access right, the operation step is passed to the operating system of the other terminal according to the operation request, and the result is returned to the requesting process,
A storage medium storing a program for causing a computer to execute a refusal step of refusing the operation request if there is no access right as a result of the determination in the determination step. A program for causing a computer to execute information processing in an information processing apparatus connected to another terminal via a communication network,
Capturing a process for the computer resource of the other terminal or an operation request from an operating system before accessing the computer resource;
A program for causing a computer to execute a receiving step of receiving an answer to the operation request. A program for causing a computer to execute information processing in an information processing apparatus connected to another terminal via a communication network,
A determination step of determining whether or not there is an access right to the computer resource specified by an operation request for the computer resource captured by the other terminal before accessing the computer resource of the information processing apparatus;
As a result of the determination in the determination step, if there is an access right, the operation step is passed to the operating system of the other terminal according to the operation request, and the result is returned to the requesting process,
If the result of determination in the determination step is that there is no access authority, the program causes the computer to execute a rejection step of rejecting the operation request.

Images