KR101056423B1 - Program Execution Management Method and Record Media Using Logged-In Account Control - Google Patents

Abstract

The present invention relates to a program execution management method and a recording medium using the logged in account authority control, the program execution management method using the logged in account authority control according to the present invention, a user account is logged in through a login interface output to the terminal If a plurality of programs for managing the logged-in user account is executed, if the user requests the execution of any one of the plurality of programs provided in the terminal, and recognizes the program requesting the execution Requesting the server for permission setting necessary for executing the recognized program, and correspondingly receiving permission setting information from the server, temporarily changing the permission setting for the logged-in user account, and executing the execution. Include the steps to process the requested program to run It is.

Execution management, account authority

Description

Method for Managing Program Excution by Logined Account Permission and Recording Medium}

1 is a user authentication processing program function recorded on a recording medium provided in the user terminal for executing one or more programs for the program execution control through the user's login processing and the logged-in user's authority management according to an embodiment of the present invention It is a figure which shows a structure.

2 is a diagram illustrating an operation process for executing one or more programs for program execution control through a user's login process and a user's authority management of a logged-in user according to an embodiment of the present invention.

3 is a diagram illustrating a function of a program patch management program recorded in a recording medium provided in the user terminal for managing a registry and a system file managed by an operating system installed in the terminal according to an embodiment of the present invention.

4 is a diagram illustrating a process of managing a registry and a system file managed by an operating system installed in a terminal according to an embodiment of the present invention.

FIG. 5 is a diagram illustrating a function of an authority setting management program recorded in a recording medium provided in the user terminal for checking and setting authority required for a program for which a user requests execution according to an embodiment of the present invention.

6 is a diagram illustrating a process for checking and setting the authority required for a program for which a user requests execution according to an embodiment of the present invention.

FIG. 7 is a diagram illustrating a configuration of a setting authority retrieval management program function recorded on a recording medium provided in the customer terminal for releasing authority set through the setting authority retrieval management program according to an embodiment of the present invention.

8 is a diagram illustrating a process for releasing a right set through a setting right collection control program according to an embodiment of the present invention.

<Description of main parts of drawing>

100: main frame unit 105: information output unit

110: information input unit 115: program execution processing unit

120: authentication processing unit 125: password processing unit

130: memory management unit 135: storage means

140: communication means

According to the present invention, when a user account is logged in through a login interface output to the terminal, a process of executing a plurality of programs for managing the logged-in user account is executed; and any one of a plurality of programs provided in the terminal by the user is executed. Recognizing the program requesting the execution, and requesting the server to request the authority setting necessary for the execution of the recognized program, and receives the authority setting information from the server in response to the login, It relates to a program execution management method using the login account authority control comprising the step of temporarily changing the authority setting for the user account, and processing to execute the program requesting the execution.

Due to the rapid development of information and communication technology, the Internet, which has become a necessity of our lives, is a necessity in every situation.

In such a situation, so many different kinds of spyware and malware become a big problem for the operation of computers and the like in the Internet environment which has become a necessity of our lives.

In particular, spyware or malicious code is a situation in which various information can be leaked due to illegal manipulation of programs through the Internet environment that we use widely, thereby causing a problem of frequent failure of the computer.

An object of the present invention for solving the above problems is a function of processing a plurality of programs for managing the logged-in user account to be executed when the user account is logged in through the login interface output to the terminal, and the user terminal When requesting execution of any one of a plurality of programs provided in the function, extracting a validity authentication key for the program requesting the execution, and transmits the extracted validity authentication key to the server to set the necessary permissions for program execution Providing a computer-readable recording medium including a function of requesting a request and a function of processing the program to be executed by temporarily changing the permission setting of the logged-in user account when receiving the permission setting information from the server. have.

The program execution management method using the logged-in account authority control according to the present invention comprises the steps of: when a user account is logged in through a login interface output to a terminal, executing a plurality of programs for managing the logged-in user account; When the user requests execution of any one of a plurality of programs provided in the terminal, recognizing the program requesting the execution, and requesting the server to set the authority required to execute the recognized program, and correspondingly And receiving the authority setting information from the server, temporarily changing the authority setting for the logged-in user account, and processing the program for requesting execution to be executed.

On the other hand, the program execution management method using the logged-in account authority control according to the present invention, if the user account is logged in through the login interface output to the terminal, processing to execute a plurality of programs for managing the logged in user account And, when the user requests execution of any one of a plurality of programs provided in the terminal, extracting a validity authentication key for the program requesting the execution, and transmitting the extracted validity authentication key to a server. Requesting permission settings necessary for program execution; and receiving permission setting information from the server, temporarily changing the permission settings for the logged-in user account to process the program to be executed. It features.

In the program execution management method using the logged-in account authority control according to the present invention, a plurality of programs for managing the logged-in user account includes a program patch management program, an authority setting management program, and a setting authority number management program. The program patch management program includes a function of updating a system file and a registry, and the authority setting management program includes a right required to execute a program by recognizing a program that the user requests to execute. And a function of requesting and setting the server to the server, and the setting authority retrieval management program includes a function of retrieving the authority required for executing the set program by the user requesting execution.

In the program execution management method using the logged-in account authority control according to the present invention, when a program execution request is made through a separate isolated virtual environment provided in the logged-in user account, the program executed through the isolated virtual environment is executed. And setting the processing so that the file stored in the environment other than the isolated virtual environment is not read or written.

The program execution management method using the logged-in account authority control according to the present invention is characterized in that it operates on the basis of Windows OS (Operating System).

On the other hand, the computer-readable recording medium according to the present invention, when the user account is logged in through the login interface output to the terminal, a function of processing to execute a plurality of programs for managing the logged-in user account, and the user When a request for execution of any one of a plurality of programs provided in the terminal is requested, the server requests a function for recognizing the program requesting the execution and a permission setting necessary for executing the recognized program to the server, and correspondingly, the server And receiving the authority setting information from the user, temporarily changing the authority setting for the logged-in user account, and processing to execute the program requesting the execution.

On the other hand, the computer-readable recording medium according to the present invention, when the user account is logged in through the login interface output to the terminal, a function of processing to execute a plurality of programs for managing the logged-in user account, and the user Requests to execute any one of a plurality of programs provided in the terminal, a function of extracting a validity authentication key for the program requesting the execution, and transmitting the extracted validity authentication key to a server for execution of a program And a function for requesting permission setting, and upon receiving the permission setting information from the server, temporarily changing the permission setting for the logged-in user account to process the program to be executed.

Hereinafter, with reference to the accompanying drawings and description will be described in detail the operating principle of the preferred embodiment of the present invention. However, the drawings and the following description shown below are for the preferred method among various methods for effectively explaining the features of the present invention, the present invention is not limited only to the drawings and description below. In addition, in the following description of the present invention, if it is determined that a detailed description of a related known function or configuration may unnecessarily obscure the subject matter of the present invention, the detailed description thereof will be omitted. Terms to be described later are terms defined in consideration of functions in the present invention, which may vary according to intentions or customs of users or operators. Therefore, the definition should be made based on the contents throughout the present invention.

In addition, preferred embodiments of the present invention to be carried out below are provided in each system functional configuration to efficiently describe the technical components constituting the present invention, or system functions that are commonly provided in the technical field to which the present invention belongs. The configuration will be omitted, and described mainly on the functional configuration to be additionally provided for the present invention. If those skilled in the art to which the present invention pertains, it will be able to easily understand the function of the components that are conventionally used among the omitted functional configuration not shown below, and also the configuration omitted as described above The relationship between the elements and the components added for the present invention will also be clearly understood.

In addition, the following examples will be used to appropriately modify the terms so that those skilled in the art to clearly understand the technical features of the present invention to effectively understand, but the present invention It is by no means limited.

As a result, the technical spirit of the present invention is determined by the claims, and the following examples are one means for efficiently explaining the technical spirit of the present invention to those skilled in the art to which the present invention pertains. It is only.

Hereinafter, it is preferable that the terminal having one or more programs shown in the present invention includes all terminals operating based on a Windows OS (Operating System) developed and distributed by Microsoft or an OS compatible with the Windows OS. .

1 is a user authentication processing program function recorded on a recording medium provided in the user terminal for executing one or more programs for the program execution control through the user's login process and the authority management of the logged-in user according to an embodiment of the present invention It is a figure which shows a structure.

In more detail, Figure 1 is a configuration of the preferred function of the user authentication processing program provided in the user terminal for the execution of one or more programs for the program execution control through the login process of a given user and the authority management of the logged-in user For those of ordinary skill in the art to which the present invention pertains, one or more program executions may be performed by referring to and / or modifying FIG. 1 to control program execution through a user's login process and authority management of a logged-in user. Various implementation methods of the user authentication processing program function configuration may be inferred, but the present invention includes all the inferred implementation methods, and is not limited to the implementation method shown in FIG.

Referring to FIG. 1, the user authentication processing program controls the user authentication processing program to operate based on a recording medium provided in the user terminal in association with an operating system (or platform) provided in the user terminal. Interworking at least one or more function components constituting the user authentication processing program for the execution of one or more programs for program execution control through login processing of the user and authority management of the logged-in user, and / or the function components Through the operating system (or platform) provided in the user terminal in conjunction with at least one or more components provided in the user terminal to execute at least one program for the program execution control through the login processing of the user and the authority management of the logged-in user Function for Mainframe unit 100 (Mainfrmae) to be characterized in that it is made to.

The mainframe unit 100 is characterized in that it comprises a program execution code for executing the user authentication processing program on the operating system (or platform) provided in the user terminal, thereby being provided in the user terminal In response to a predetermined program execution command, the user authentication processing program is executed based on the operating system (or platform) provided in the user terminal.

In addition, the mainframe unit 100 is at least one or more functional components provided in the user authentication processing program for executing one or more programs for the program execution control through the login process of the user and the rights management of the logged-in user And controlling at least one function to configure the user authentication processing program to execute at least one program for controlling the execution of the program through the login processing of the user and the authority management of the logged-in user. The unit allocates an instance to the mainframe unit 100 so that the functional components are cross-referenced and / or interworked.

In addition, the mainframe unit 100 has at least one configuration that the functional components are provided in the user terminal for the execution of one or more programs for the program execution control through the login process of the user and the rights management of the logged-in user Obtaining a handle (and / or interrupt) for accessing an element (e.g., a key input means and / or a screen output means, etc.), whereby each function constituting the user authentication processing program is obtained. The components access the respective components provided in the user terminal and perform a unique function defined in each functional component.

According to the present invention, the user authentication processing program is predetermined for execution of at least one program for controlling program execution through at least one or more key input means provided in the user terminal through login processing of the user and authority management of the logged-in user. Information input unit 110 for receiving input information of the at least one or more screen output means provided in the user terminal to execute at least one program for the program execution control through the login process of the user and the authority management of the logged-in user And an information output unit 105 for outputting predetermined output information, wherein the key input means comprises at least one input device provided in the user terminal. Output means is said Now that comprises the at least one output device provided in the terminal is preferred.

The information input unit 110 is at least one provided in the user terminal for the execution of one or more programs for the program execution control through the login process of the user and the authority management of the logged-in user in cooperation with the main frame unit 100 The user authentication processing program accesses the above key input means, and inputs predetermined input information inputted from the key input means to execute one or more programs for controlling the execution of the program through the login processing of the user and the authority management of the logged-in user. Characterized in that the processing to be input.

According to an embodiment of the present invention, the input information may include at least one member ID information and authentication information of the user.

The information output unit 105 is connected to the mainframe unit 100 at least provided to the user terminal for the execution of one or more programs for the program execution control through the login process of the user and the rights management of the logged-in user Accessing one or more screen output means, and outputting at least one output information requested to be output to the screen output means from at least one or more function configuration units constituting the user authentication processing program through the mainframe unit 100; It is characterized by.

According to an embodiment of the present invention, the information output unit 105 is a screen output means provided in the user terminal to execute at least one program for the program execution control through the login processing of the user and the authority management of the logged-in user. It is preferable to output at least one or more information processing screens, and at least one that is requested to be output to the screen output means provided in the user terminal from at least one or more function configuration units constituting the user authentication processing program through the information processing screen. One or more pieces of output information are output.

In addition, the information output unit 105 accesses at least one screen output means provided in the user terminal in cooperation with the mainframe unit 100, and the key input means provided in the user terminal as the screen output means. And an interface screen including at least one user interface for receiving the input information input through the information input unit 110.

The user interface may include at least one Edit control and / or ComboBox control and / or ListBox control and / or Button control. It is desirable to include at least one other user interface (eg, an Image control and / or a Custom control).

According to an embodiment of the present invention, the output information preferably includes one or more pieces of information to be provided through the user interface.

According to the present invention, the user authentication processing program is linked to the mainframe unit 100 for the execution of one or more programs for the program execution control through the login process of the user and the rights management of the logged-in user, the input member Transmitting ID information and input information including at least one authentication information to a user authentication processing server on a network to which the user terminal is connected through communication means 140 provided in the user terminal, and / or the user terminal It characterized in that it comprises an authentication processing unit 120 for receiving at least one or more received information from the user authentication processing server on the network connected to the user terminal via the communication means 140 provided in the.

The authentication processing unit 120 is linked with the mainframe unit 100 to execute the one or more programs for the program execution control through the login processing of the user and the rights management of the logged-in user, the member ID information and The authentication of the user may be performed based on input information including at least one authentication information.

According to an exemplary embodiment of the present invention, the authentication of the user is performed based on the input member ID information and the input information including at least one authentication information, after the input information is transmitted to a user authentication processing server. Preferably, the reception information corresponding to the transmitted input information is received from the user authentication processing server.

Here, the authentication information preferably further comprises at least one or more of a predetermined password and / or security card information and / or OTP code generated through a predetermined one time password (OTP) generator for the member ID information. .

According to the exemplary embodiment of the present invention, the received information preferably includes authentication process result information corresponding to the transmitted member ID information and input information including at least one authentication information.

In addition, the received information is preferably output to the screen output means provided in the user terminal through the interface screen of the information output unit 105 constituting the user authentication processing program.

According to the present invention, the user authentication processing program is linked to the mainframe unit 100 for at least one program for controlling the execution of the user through the login process of the user and the authority management of the logged-in user targeting the user who has completed the authentication process A program execution processor 115 for processing one or more programs for program execution, and a state (eg, login completion state, login maintenance state, log) for the user in a program executed through the program execution processor 115; And a memory management unit 130 for managing the storage means 135 for sharing the out request status, the program execution request, the program termination request, the authority granted to the logged-in user, and the like.

The program execution processor 115 executes one or more programs for controlling program execution through a login process of a user and authority management of a logged-in user for a user whose authentication process is completed in cooperation with the mainframe unit 100. It is characterized in that for processing one or more programs to be executed.

Here, at least one program executed for the user's login process and the program execution control through the authority management of the logged-in user for the user who has completed the authentication process is a program patch management program, an authority setting management program, and a setting authority collection management. It is preferable to include one or more programs.

Preferably, the program patch management program includes a function of updating a system file and a registry. The authority setting management program recognizes a program requested by the user to execute a program to a server. It is preferable to include a function for requesting and setting, and the setting authority retrieval management program preferably includes a function for requesting execution by the user to retrieve the authority necessary for executing the set program.

According to an embodiment of the present invention, one or more program executions for controlling the execution of a program through the user's login processing and the authority management of the logged-in user for the user who has completed the authentication process may be performed for the authority management of the logged-in user. It is desirable to run the program as each independent program.

According to another exemplary embodiment of the present invention, the execution of one or more programs for the program execution control through the user's login processing and the authority management of the logged-in user for the user who has completed the authentication process may be performed by the authority management of the logged-in user. It is preferable to execute the above program as a program dependent on the user authentication processing program.

Those skilled in the art to which the present invention pertains, one or more methods for executing a program for controlling the execution of the program through the user's login processing and authority management of the logged-in user for the user has completed the authentication process and It will be familiar with the process and the technical features of the method and / or process other than the program execution method presented above, detailed description thereof will be omitted for convenience.

The memory manager 130 may be configured to execute a state (eg, a login completion state, a login maintenance state, a logout request state, a program execution request, a program termination request, or the like) for the user in a program executed by the program execution processor 115. And the storage means 135 for sharing the authority, etc. granted to the logged-in user.

According to an exemplary embodiment of the present invention, a method of sharing status information of a user may include: a shared memory for a target memory to be shared (or managed by the user authentication processing program) that is executed through the user authentication processing program; It's a good idea to share and manage memory.

Here, in the shared memory system, when executing a plurality of programs or executing a plurality of threads, a predetermined area in the memory is overlapped for sharing information between the plurality of programs or the plurality of threads. In this case, it is preferable to further include a control technique for preventing a case of simultaneously accessing a single memory from a plurality of programs (or threads).

According to another exemplary embodiment of the present invention, a method of sharing status information about the user may include: a mutex for a target memory to be shared (or managed by the user authentication program) to be shared; It is desirable to share and manage memory in an Object (Mutex) manner.

Here, in the mutex method, when a target memory area to be shared by a plurality of programs (or threads) is used, another program (or thread) is used when any one of the plurality of programs (or threads) uses the memory area. After the use of the memory area is set to disable after the use of the memory area, it is preferable to mean a way to enable the use in another program (or thread), the mutex method is one program (or thread) In the case where the memory area must be occupied by (), it is preferably used mainly.

According to another exemplary embodiment of the present invention, a method of sharing state information about a user may include: a semaphore for a target memory to be shared which is executed through the user authentication processing program (or managed by the user authentication processing program). It's a good idea to share and manage memory.

Here, in the semaphore method, before using the target memory area to be shared by a plurality of programs (or threads), the use of the target memory area to be shared flag is set (or increased), and the target memory area to be shared. After completing the use, it is preferable to release the target memory region use flag to be shared (or return the value to the original value, etc.) to enable memory sharing through a kind of signal role.

According to the present invention, the user authentication processing program encrypts the input information input through the information input unit 110 in conjunction with the mainframe unit 100 by using at least one encryption method and / or encryption algorithm to predetermined And an encryption processing unit 125 for generating transmission information of the transmission information, wherein the generation information is encrypted using a symmetric key (or secret key) encryption method and / or a public key encryption method, and / or It is preferable to include at least one or more of the electronic envelope encryption method and / or key exchange encryption method.

In addition, the encryption processing unit 125 when the received information constituting the user authentication processing program in cooperation with the mainframe unit 100 is encrypted by at least one encryption method and / or encryption algorithm, the And decrypting the encrypted received information through a decryption method and / or a decryption algorithm corresponding to the encryption method, wherein the decryption method of the received information is a symmetric key (or secret key) decryption method and / or public disclosure. It is preferable to include at least one or more of a key decryption scheme, and / or an electronic envelope decryption scheme, and / or a key exchange decryption scheme.

2 is a diagram illustrating an operation process for executing one or more programs for program execution control through a user's login process and a user's rights management logged in according to an embodiment of the present invention.

In more detail, Figure 2, when the information for user authentication is input through the user interface output through the user terminal, after processing the user authentication in connection with the server for user authentication, if the user authentication is completed user rights management As an operation process for executing one or more programs for controlling program execution through the present invention, those skilled in the art to which the present invention pertains may refer to and / or modify the user's login process with reference to FIG. Various implementation methods for the operation process for the execution of one or more programs for the program execution control through the rights management of the logged-in user may be inferred, but the present invention includes all the inferred implementation methods, FIG. 2 It is not limited to the implementation method shown by.

For example, if a person of ordinary skill in the art to which the present invention pertains, an operation process for executing one or more programs for the program execution control through the login process of the user shown in FIG. It will be possible to infer a method of deleting (or modifying) a part of the order of the present invention, thereby not limiting the present invention.

Hereinafter, in FIG. 2, a user terminal provided with the user authentication processing program shown in FIG. 1 is referred to as a “terminal” for convenience, and a user authentication processing server is referred to as a “server” for convenience.

Referring to FIG. 2, a terminal equipped with a user authentication processing program shown in FIG. 1 executes and uses various programs through the terminal, and a user interface for inputting (or selecting) member ID information and authentication information. In operation 205, the controller 200 determines whether member ID information and authentication information are input (or selected) through the outputted user interface (205).

The user interface may include at least one Edit control and / or ComboBox control and / or ListBox control and / or Button control. It is desirable to include at least one other user interface (eg, an Image control and / or a Custom control).

According to an embodiment of the present invention, the output information preferably includes one or more pieces of information to be provided through the user interface.

If the member ID information and authentication information input (or selection) are confirmed through the output user interface (210), the terminal transmits the input (or selection) member ID information and authentication information to the server. Request authentication (215), and in response to receiving the authentication processing result information corresponding to the transmitted member ID information and authentication information from the server to confirm whether the user authentication success for the transmitted member ID information and authentication information (220).

According to an embodiment of the present invention, the authentication of the user is performed based on the input member ID information and input information including at least one authentication information, and after transmitting the input information to a server, the server It is preferable to receive the reception information corresponding to the transmitted input information from.

Here, the authentication information preferably further comprises at least one or more of a predetermined password and / or security card information and / or OTP code generated through a predetermined one time password (OTP) generator for the member ID information. .

According to the exemplary embodiment of the present invention, the received information preferably includes authentication process result information corresponding to the transmitted member ID information and input information including at least one authentication information.

In addition, the received information is preferably output to the screen output means provided in the user terminal through the interface screen of the information output unit 105 constituting the user authentication processing program.

If user authentication for the transmitted member ID information and authentication information is successful (225), the terminal executes one or more programs for program execution control according to the user authentication success provided in the terminal (230).

Here, at least one program executed for the user's login process and the program execution control through the authority management of the logged-in user for the user who has completed the authentication process is a program patch management program, an authority setting management program, and a setting authority collection management. It is preferable to include one or more programs.

Preferably, the program patch management program includes a function of updating a system file and a registry. The authority setting management program recognizes a program requested by the user to execute a program to a server. It is preferable to include a function for requesting and setting, and the setting authority retrieval management program preferably includes a function for requesting execution by the user to retrieve the authority necessary for executing the set program.

According to an embodiment of the present invention, one or more program executions for controlling the execution of a program through the user's login processing and the authority management of the logged-in user for the user who has completed the authentication process may be performed for the authority management of the logged-in user. It is desirable to run the program as each independent program.

According to another exemplary embodiment of the present invention, the execution of one or more programs for the program execution control through the user's login processing and the authority management of the logged-in user for the user who has completed the authentication process may be performed by the authority management of the logged-in user. It is preferable to execute the program as a program dependent on the user authentication processing program.

Those skilled in the art to which the present invention pertains, one or more methods for executing a program for controlling the execution of the program through the user's login processing and authority management of the logged-in user for the user has completed the authentication process and It will be familiar with the process and the technical features of the method and / or process other than the program execution method presented above, detailed description thereof will be omitted for convenience.

Thereafter, the terminal is a state (eg, a login completion state, a login maintenance state, a logout request state, a program execution request, a program termination request, and the logged in user) in the program executed according to the user's login processing completion. It is preferable to manage the storage means 135 shown in Figure 1 in order to share the rights granted to them).

According to an exemplary embodiment of the present invention, a method of sharing status information of a user may include: a shared memory for a target memory to be shared (or managed by the user authentication processing program) that is executed through the user authentication processing program; It's a good idea to share and manage memory.

Here, in the shared memory system, when executing a plurality of programs or executing a plurality of threads, a predetermined area in the memory is overlapped for sharing information between the plurality of programs or the plurality of threads. In this case, it is preferable to further include a control technique for preventing a case of simultaneously accessing a single memory from a plurality of programs (or threads).

According to another exemplary embodiment of the present invention, a method of sharing status information about the user may include: a mutex for a target memory to be shared (or managed by the user authentication program) to be shared; It is desirable to share and manage memory in an Object (Mutex) manner.

Here, in the mutex method, when a target memory area to be shared by a plurality of programs (or threads) is used, another program (or thread) is used when any one of the plurality of programs (or threads) uses the memory area. After the use of the memory area is set to disable after the use of the memory area, it is preferable to mean a way to enable the use in another program (or thread), the mutex method is one program (or thread) In the case where the memory area must be occupied by (), it is preferably used mainly.

According to another exemplary embodiment of the present invention, a method of sharing state information about a user may include: a semaphore for a target memory to be shared which is executed through the user authentication processing program (or managed by the user authentication processing program). It's a good idea to share and manage memory.

Here, in the semaphore method, before using the target memory area to be shared by a plurality of programs (or threads), the use of the target memory area to be shared flag is set (or increased), and the target memory area to be shared. After completing the use, it is preferable to release the target memory region use flag to be shared (or return the value to the original value, etc.) to enable memory sharing through a kind of signal role.

3 is a diagram illustrating a configuration of a program patch management program function recorded in a recording medium provided in the user terminal for managing a registry and a system file managed by an operating system installed in the terminal according to an embodiment of the present invention.

In more detail, Figure 3 is a configuration of the preferred function of the program patch management program provided in the user terminal for managing the registry and system files managed by the operating system installed in a predetermined terminal, which is common in the art Those skilled in the art will be able to infer various implementation methods of the program patch management program function configuration for managing the registry and system files managed by the operating system installed in the terminal by referring to and / or modifying the present invention. Includes all the inferred implementation methods and is not limited to the implementation method illustrated in FIG.

Referring to FIG. 3, the program patch management program controls the program patch management program to operate based on a recording medium provided in the user terminal in association with an operating system (or platform) provided in the user terminal. Interoperate with at least one functional component constituting the program patch management program for managing the registry and system files installed in the operating system installed in the operating system, and / or the operating system (or platform) provided with the functional components in the user terminal. It is provided with a mainframe unit 300 (Mainfrmae) to perform a function for managing the registry and system files managed by the operating system installed in the terminal in conjunction with at least one component provided in the user terminal through It is done.

The mainframe unit 300 is characterized in that the program patch management program comprises a program execution code for executing on the operating system (or platform) provided in the user terminal, thereby being provided in the user terminal In response to a predetermined program execution command, the program patch manager is executed to operate based on the operating system (or platform) provided in the user terminal.

In addition, the mainframe unit 300 is characterized in that the control to interoperate at least one or more functional components provided in the program patch management program for managing the registry and system files managed by the operating system installed in the terminal, At least one functional component constituting the program patch management program for managing the registry and system files managed by the operating system installed in the terminal by assigning an instance to the mainframe unit 300, the functional components are cross-referenced And / or interlocked.

In addition, the mainframe unit 300 includes at least one or more components (eg, key input means and / or provided in the user terminal for managing the registry and system files managed by the operating system installed in the terminal). And a handle (and / or interrupt) for accessing the screen output means, etc., whereby each of the functional components constituting the program patch management program is provided in the user terminal. It is characterized by performing the unique function defined in each functional component by accessing the components of the.

According to the present invention, the program patch management program is at least one or more from the update information providing server on the network connected to the user terminal via the communication means 330 provided in the user terminal in conjunction with the mainframe unit 300 An update processing unit 305 which receives the received information and / or transmits the transmission information for receiving the received information from the updater information providing server, or processes an update on the registry or the system file based on the received received information. It is characterized by comprising a).

According to an exemplary embodiment of the present invention, the reception information preferably includes update information provided by the update information providing server in order to periodically update a system file managed by an operating system installed in a user terminal of the logged-in user. Do.

According to an embodiment of the present invention, the transmission information is one or more update information required for the user terminal to the update information providing server to periodically update the system file managed by the operating system installed in the user terminal of the logged-in user It is preferable to include the update request information for requesting.

According to the present invention, the program patch management program is provided with a permission setting request unit (310) for requesting the authority to manage the registry and system files managed by the operating system installed in the terminal in conjunction with the mainframe unit 300. Characterized in that made.

According to an embodiment of the present invention, the authority setting request unit 310 requests to acquire read / write authority to the system file, and / or to manage the system file and the registry in the program patch management program. It is preferable to request the authority setting management program executed through the user authentication processing program shown in FIG. 1 to obtain read / write authority to the registry.

According to another exemplary embodiment of the present invention, the authority setting request unit 310 requests to acquire read / write authority to the system file in order to manage a system file and a registry in the program patch management program, and / Alternatively, it is preferable to request a rights management server to obtain read / write rights to the registry, and further comprising a function configuration unit for processing rights setting information received from the rights management server.

According to the present invention, the program patch management program is a system file managed by an operating system installed in a user's computer in conjunction with the mainframe unit 300 and / or system files for managing one or more files and directories provided in the computer A management unit 315 and a registry management unit 320 for managing the registry file is characterized in that it is made.

The system file manager 315 and the registry manager 320 manage system files managed by an operating system installed in a user's computer, one or more files, directories, and registries provided in the computer in cooperation with the mainframe unit 300. Characterized in that.

According to an embodiment of the present invention, the process of starting the execution of one or more programs provided in the user terminal or updating a registry or system file generated in a program use process occurs when executing one or more programs provided in the user terminal. It is preferable to check the registry modification request (or addition request) that is being made, or to check the system file that is newly installed (or the deletion of the previously installed system file or the change of the previously installed system file) in the directory where the system file is installed. .

Those skilled in the art to which the present invention pertains, methods and / or processes for managing (eg, backup, update, etc.) for the system files and one or more files, directories, and registry files included in the computer. Since it will be familiar with the technical features of, a detailed description thereof will be omitted for convenience.

According to the present invention, the program patch management program requests the change of the authority granted to the program in association with the mainframe unit 300 (that is, the read / write authority for the system file and the read for the registry file). Memory management unit 325 for managing storage means 335 (i.e., shared memory).

The memory manager 325 requests the change of the authority granted to the program in association with the mainframe unit 300 (that is, the read / write authority for the system file and the read / write authority for the registry file). Characterized in that for managing the storage means 335 (that is, shared memory).

According to an exemplary embodiment of the present invention, a method for requesting a change of a right granted to the program includes changing a right in a shared memory manner in a predetermined area of the storage means 335 managed by the program patch management program. It is desirable to request.

Here, in the shared memory system, when executing a plurality of programs or executing a plurality of threads, a predetermined area in the memory is overlapped for sharing information between the plurality of programs or the plurality of threads. In this case, it is preferable to further include a control technique for preventing a case of simultaneously accessing a single memory from a plurality of programs (or threads).

According to another exemplary embodiment of the present invention, a method for requesting a change to the authority granted to the program may be performed by using a mutual exclusion object (Mutex) method in a predetermined area of the storage means 335 managed by the program patch management program. It is desirable to request a change of authority.

Here, in the mutex method, when a target memory area to be shared by a plurality of programs (or threads) is used, another program (or thread) is used when any one of the plurality of programs (or threads) uses the memory area. After the use of the memory area is set to disable after the use of the memory area, it is preferable to mean a way to enable the use in another program (or thread), the mutex method is one program (or thread) In the case where the memory area must be occupied by (), it is preferably used mainly.

According to another exemplary embodiment of the present invention, a method for requesting a change of a right granted to the program includes changing a right in a semaphore manner in a predetermined area of the storage means 335 managed by the program patch management program. It is desirable to request.

Here, in the semaphore method, before using the target memory area to be shared by a plurality of programs (or threads), the use of the target memory area to be shared flag is set (or increased), and the target memory area to be shared. After completing the use, it is preferable to release the target memory region use flag to be shared (or return the value to the original value, etc.) to enable memory sharing through a kind of signal role.

4 is a diagram illustrating a process of managing a registry and a system file managed by an operating system installed in a terminal according to an embodiment of the present invention.

In more detail, FIG. 4 illustrates one or more registry and system files managed by an operating system provided in a user terminal through a program patch management program provided in the user terminal for managing a registry and a system file managed by an operating system installed in a predetermined terminal. FIG. 4 illustrates a process of processing a registry change request and / or a system file change request generated during an update process and / or a program operation process, and a person skilled in the art to which the present invention pertains may refer to FIG. Although various implementation methods for the process of managing the registry and system files managed by the operating system installed in the terminal by reference and / or modification may be inferred, the present invention includes all the inferred implementation methods, as shown in FIG. Not limited to the method of implementation .

For example, a person having ordinary technical knowledge in the art to which the present invention pertains may delete (or modify) a part of a procedure of managing a registry and a system file managed by an operating system installed in a terminal illustrated in FIG. The method may be inferred, and the present invention is not limited thereto.

Hereinafter, in FIG. 4, a user terminal provided with the program patch management program shown in FIG. 3 is referred to as a “terminal” for convenience, and an update information providing server is referred to as a “server” for convenience.

Referring to FIG. 4, when the terminal equipped with the program patch management program shown in FIG. 3 executes the program patch management program in the user authentication processing program shown in FIG. 1 according to the user authentication success (400), the terminal The request for permission setting for the operation of the program patch management program (405).

According to an embodiment of the present invention, the terminal requests to acquire read / write permission for the system file and / or read / write for the registry to manage system files and the registry in the program patch manager. It is preferable to request the authority acquisition to the authority setting management program executed through the user authentication processing program shown in FIG.

According to another embodiment of the present invention, the terminal requests to obtain read / write permission for the system file and / or for the registry to manage the system file and the registry in the program patch manager. It is preferable to request a read / write permission to the rights management server, and further comprising a function configuration unit for processing the rights setting information received from the rights management server.

If the authority setting for the operation of the program patch management program is completed (410), the terminal requests (415) whether the server needs to update the registry and / or system files on the terminal, and correspondingly The server receives update information on the registry and / or system file that needs to be updated from the server, and checks whether the update is necessary through the received update information (420).

According to an exemplary embodiment of the present invention, the reception information preferably includes update information provided by the update information providing server in order to periodically update a system file managed by an operating system installed in a user terminal of the logged-in user. Do.

According to an embodiment of the present invention, the transmission information is one or more update information required for the user terminal to the update information providing server to periodically update the system file managed by the operating system installed in the user terminal of the logged-in user It is preferable to include update request information for requesting.

If, after receiving the update information on the registry and / or system files that need to be updated, and confirmed as a result of the received update information (425), the terminal needs to update the registry and / or based on the received update information Process updates for system files (430).

Thereafter, the terminal checks whether the registry and / or system files need to be updated through a program running (or running) through the terminal (435).

According to an embodiment of the present invention, the process of starting the execution of one or more programs provided in the user terminal or updating a registry or system file generated in a program use process occurs when executing one or more programs provided in the user terminal. It is preferable to check the registry modification request (or addition request) that is being made, or to check the system file that is newly installed (or the deletion of the previously installed system file or the change of the previously installed system file) in the directory where the system file is installed. .

Those skilled in the art to which the present invention pertains, methods and / or processes for managing (eg, backup, update, etc.) for the system files and one or more files, directories, and registry files included in the computer. Since it will be familiar with the technical features of, a detailed description thereof will be omitted for convenience.

If whether it is necessary to update the registry and / or system files through a program running through (or running) the terminal (440), the terminal processes the update to the registry and / or system files. In operation 445, the management state for the registry and / or system file is stored in the storage means 335 (450).

According to an exemplary embodiment of the present invention, a method for requesting a change of a right granted to the program includes changing a right in a shared memory manner in a predetermined area of the storage means 335 managed by the program patch management program. It is desirable to request.

Here, in the shared memory system, when executing a plurality of programs or executing a plurality of threads, a predetermined area in the memory is overlapped for sharing information between the plurality of programs or the plurality of threads. In this case, it is preferable to further include a control technique for preventing a case of simultaneously accessing a single memory from a plurality of programs (or threads).

According to another exemplary embodiment of the present invention, a method for requesting a change to the authority granted to the program may be performed by using a mutual exclusion object (Mutex) method in a predetermined area of the storage means 335 managed by the program patch management program. It is desirable to request a change of authority.

Here, in the mutex method, when a target memory area to be shared by a plurality of programs (or threads) is used, another program (or thread) is used when any one of the plurality of programs (or threads) uses the memory area. After the use of the memory area is set to disable after the use of the memory area, it is preferable to mean a way to enable the use in another program (or thread), the mutex method is one program (or thread) In the case where the memory area must be occupied by (), it is preferably used mainly.

According to another exemplary embodiment of the present invention, a method for requesting a change of a right granted to the program includes changing a right in a semaphore manner in a predetermined area of the storage means 335 managed by the program patch management program. It is desirable to request.

Here, in the semaphore method, before using the target memory area to be shared by a plurality of programs (or threads), the use of the target memory area to be shared flag is set (or increased), and the target memory area to be shared. After completing the use, it is preferable to release the target memory region use flag to be shared (or return the value to the original value, etc.) to enable memory sharing through a kind of signal role.

5 is a diagram showing the configuration of the authority setting management program function recorded on the recording medium provided in the user terminal for checking and setting the authority required for the program for which the user requests execution according to the method of the present invention.

In more detail, Figure 5 is a configuration of the preferred function of the authority setting management program provided in the user terminal for checking and setting the authority required for a program that a given user requests execution, it is common in the art Those skilled in the art can refer to and / or modify this drawing 5 to infer various implementation methods of the authority setting management program function configuration for checking and setting the authority required for a program that a user requests execution. The present invention includes all the inferred implementation methods, and is not limited to the implementation method shown in FIG.

Referring to FIG. 5, the authority setting management program controls the authority setting management program to operate based on a recording medium provided in the user terminal in association with an operating system (or a platform) provided in the user terminal. Interoperate with at least one or more functional components constituting the privilege setting management program for checking and setting the authority required for a program requesting execution, and / or an operating system (or platform) provided with the functional components in the user terminal. It is provided with a mainframe unit 500 (Mainfrmae) to perform a function for checking and setting the authority required for the program that the user requests to run in conjunction with at least one component provided in the user terminal through It is characterized by.

The mainframe unit 500 is characterized in that it comprises a program execution code for executing the authority setting management program on the operating system (or platform) provided in the user terminal, thereby being provided in the user terminal In response to a predetermined program execution command, the authority setting management program is executed to operate based on the operating system (or platform) provided in the user terminal.

In addition, the mainframe unit 500 is characterized in that the control to interoperate at least one or more functional components provided in the authority setting management program for checking and setting the authority required for the program requesting the user to run, As a result, the at least one function configuration unit constituting the permission setting management program for checking and setting the authority required for the program that the user requests to execute is assigned an instance to the mainframe unit 500, whereby the function configuration units Cross-reference and / or interworking.

In addition, the mainframe unit 500 may include at least one or more components (eg, key input means and / or other components provided in the user terminal for the function checking unit and the setting required for the program for which the user requests execution). Or a handle (and / or interrupt) for accessing a screen output means, etc., whereby each of the functional components constituting the authority setting management program is provided in the user terminal. Each component is accessed to perform a unique function defined in each functional component.

According to the present invention, the authority setting management program is linked to the mainframe unit 500 program execution request for the program requested through the user terminal for checking and setting the authority required for the program that the user requests execution Program execution request confirmation unit 505 for confirming, and the authority request processing unit 515 for requesting the necessary authority by transmitting to the rights management server to execute the program that the user has requested to run in conjunction with the mainframe unit 500 And, in connection with the mainframe unit 500, receives the authority setting information from the authority management server, and sets the authority for the program that the user requests to execute based on the received authority setting information (that is, And a permission setting processor 520 for setting and processing the rights for the user account. It shall be.

The program execution request confirmation unit 505 interoperates with the mainframe unit 500 to request a program execution request for a program requested through the user terminal for checking and setting rights required for a program that the user requests execution. It is characterized by checking.

According to the exemplary embodiment of the present invention, the program execution request confirmation requested through the user terminal confirms an event generated by monitoring an operating system provided in the user terminal, and confirms a program execution request through the checked event. It is desirable to.

According to another exemplary embodiment of the present invention, after the program execution request confirmation requested through the user terminal is logged in the user terminal, the authority setting management program is executed, and all the executed programs are executed by the authority setting management program. It is desirable to confirm the program execution request by processing to run as a sub program.

 Those skilled in the art to which the present invention pertains, because they will be familiar with the technical features of the method and / or process for confirming the program execution request requested through the user terminal, detailed description thereof It is omitted for convenience.

The permission request processing unit 515 interlocks with the mainframe unit 500 and requests a permission required for executing a program that the user requests to execute.

According to an embodiment of the present invention, the necessary authority request for the program that the user has requested to execute is performed by transmitting a program name (or management name, program management code, etc.) for the program that the user has requested to execute to the rights management server. In this case, it is preferable that the user requests the authority required to execute the program requested to be executed.

The permission setting processing unit 520 receives the permission setting information from the rights management server in association with the mainframe unit 500 and based on the received permission setting information, the authority for the program requested by the user to execute. Setting processing (that is, setting processing for a user account).

According to an embodiment of the present invention, the authority setting process for a program requested by the user based on the authority setting information may include setting a program-specific authority (or authority corresponding to a program execution situation) for one or more programs. It is preferable.

According to an embodiment of the present invention, the program-specific authority (or authority corresponding to the program execution status) is preferably divided into five levels of level 0, level 1, level 2, level 3, and level 4, Depending on the intention and purpose of those skilled in the art may be further subdivided, or partly integrated.

In this case, the level 0 mode is preferably an A / S mode for recovering from a serious error (or a serious failure of an operating system provided in the user terminal) generated in the user terminal. It is a good idea to stop and have full control of all program execution.

In addition, the level 1 mode, it is preferable to provide a read / write permission for all cases of the registry and the file system (all files and directories) for running the business program, in this case, the authority setting management program It is preferable that the mode is set when executing a program developed by a company that has developed and / or a company using the authority setting management program.

In addition, the level 2 mode is a program that is developed externally except for a program developed by a company that has developed the authority setting management program and / or a company using the authority setting management program among business programs (or verified external programs) ( For example, when executing MS Word, Korean, Photoshop, etc., it is desirable to provide read / write permission in all cases for the registry and file system (both files and directories).

In addition, the Level 3 mode is a write permission for a part of the registry when running a built-in program (for example, Notepad, Wordpad, Internet Explorer, Outlook Express, etc. provided by the Windows-based operating system developed by Microsoft) It is desirable to provide read access to the entire registry and read / write access to parts of the filesystem.

In addition, the level 4 mode, when executing the personal programs of the user using the user terminal, read-only permission to the registry, read permission to the file system, and on the file system to execute the personal programs It is desirable to provide write access to the temporary area, and, depending on the intention and purpose of those skilled in the art, individual programs may only provide read access to some areas of the filesystem.

According to the present invention, the authority setting management program manages the storage means 525 (that is, shared memory) for checking and setting the authority required for the program that the user requests to execute in association with the mainframe unit 500. And a memory management unit 510.

The memory management unit 510 stores the permission setting state for each program for the authority granted to the program that the user requests to execute in association with the mainframe unit 500 (ie, shared memory). It is characterized by managing the).

According to the method of the present invention, the method for storing the authority setting state for each program for the authority granted to the program which the user requests to execute, comprises the authority setting of the program name and the authority level (or authority state) granted to the program. It is preferable to record in a predetermined area of the storage means 525 managed by the management program in a shared memory manner.

Here, in the shared memory system, when executing a plurality of programs or executing a plurality of threads, a predetermined area in the memory is overlapped for sharing information between the plurality of programs or the plurality of threads. In this case, it is preferable to further include a control technique for preventing a case of simultaneously accessing a single memory from a plurality of programs (or threads).

According to another embodiment of the present invention, the method for storing the authority setting state for each program for the authority granted to the program that the user requests to execute, includes a program name and an authority level (or authority state) granted to the program. It is preferable to record in a predetermined area of the storage means 525 managed by the setting management program in a mutex method.

Here, in the mutex method, when a target memory area to be shared by a plurality of programs (or threads) is used, another program (or thread) is used when any one of the plurality of programs (or threads) uses the memory area. After the use of the memory area is set to disable after the use of the memory area, it is preferable to mean a way to enable the use in another program (or thread), the mutex method is one program (or thread) In the case where the memory area must be occupied by (), it is preferably used mainly.

According to another embodiment of the present invention, a method for storing a program-specific permission setting state for a privilege granted to a program that the user requests to execute, includes a program name and a privilege level (or privilege state) granted to the program. It is preferable to record in a semaphore manner in a predetermined area of the storage means 525 managed by the authority setting management program.

Here, in the semaphore method, before using the target memory area to be shared by a plurality of programs (or threads), the use of the target memory area to be shared flag is set (or increased), and the target memory area to be shared. After completing the use, it is preferable to release the target memory region use flag to be shared (or return the value to the original value, etc.) to enable memory sharing through a kind of signal role.

6 is a diagram illustrating a process for checking and setting the authority required for a program for which a user requests execution according to an embodiment of the present invention.

In more detail, FIG. 6 illustrates a process for checking and setting the authority required for a program requesting execution when a user requests execution of at least one of one or more programs provided in the terminal while using a terminal. As shown in the drawings, those of ordinary skill in the art to which the present invention pertains, various implementations of the process for checking and setting the authority required for the program that the user requests execution by referring to and / or modifying the present Figure 6 The method may be inferred, but the present invention includes all the inferred implementation methods, and is not limited to the implementation method shown in FIG.

For example, if one of ordinary skill in the art to which the present invention pertains, the user shown in FIG. 6 deletes (or modifies) part of the procedure for checking and setting the authority required for the program requesting execution. It will be possible to infer an implementation method, which is not intended to limit the present invention.

Hereinafter, in FIG. 6, a user terminal provided with the authority setting management program illustrated in FIG. 5 is referred to as a “terminal” for convenience, and a rights management server is referred to as a “server” for convenience.

Referring to FIG. 6, if the terminal equipped with the authority setting management program shown in FIG. 5 executes the authority setting management program in the user authentication processing program shown in FIG. 1 according to the user authentication success (600), the terminal The user checks whether the user requests to execute the program (605).

According to the exemplary embodiment of the present invention, the program execution request confirmation requested through the user terminal confirms an event generated by monitoring an operating system provided in the user terminal, and confirms a program execution request through the checked event. It is desirable to.

According to another exemplary embodiment of the present invention, after the program execution request confirmation requested through the user terminal is logged in the user terminal, the authority setting management program is executed, and all the executed programs are executed by the authority setting management program. It is desirable to confirm the program execution request by processing to run as a subprogram.

 Those skilled in the art to which the present invention pertains, because they will be familiar with the technical features of the method and / or process for confirming the program execution request requested through the user terminal, detailed description thereof Omit for convenience.

If it is determined whether the user requests to execute the program (610), the terminal requests the server for permission setting necessary for executing the program requested by the user (615).

According to an embodiment of the present invention, the necessary authority request for the program that the user has requested to execute is performed by transmitting a program name (or management name, program management code, etc.) for the program that the user has requested to execute to the rights management server. In this case, it is preferable that the user requests the authority required to execute the program requested to be executed.

Thereafter, the terminal receives permission setting information corresponding to the execution of the program requested by the user from the server (620), and processes the permission setting based on the received permission setting information (625).

According to an embodiment of the present invention, the authority setting process for a program requested by the user based on the authority setting information may include setting a program-specific authority (or authority corresponding to a program execution situation) for one or more programs. It is preferable.

According to an embodiment of the present invention, the program-specific authority (or authority corresponding to the program execution status) is preferably divided into five levels of level 0, level 1, level 2, level 3, and level 4, Depending on the intention and purpose of those skilled in the art may be further subdivided, or partly integrated.

In this case, the level 0 mode is preferably an A / S mode for recovering from a serious error (or a serious failure of an operating system provided in the user terminal) generated in the user terminal. It is a good idea to stop and have full control of all program execution.

In addition, the level 1 mode, it is preferable to provide a read / write permission for all cases of the registry and the file system (all files and directories) for running the business program, in this case, the authority setting management program It is preferred that the mode is set when executing the program developed by the company and / or the company using the authority setting management program.

In addition, the level 2 mode is a program that is developed externally except for a program developed by a company that has developed the authority setting management program and / or a company using the authority setting management program among business programs (or verified external programs) ( For example, when executing MS Word, Korean, Photoshop, etc., it is desirable to provide read / write permission in all cases for the registry and file system (both files and directories).

In addition, the Level 3 mode is a write permission for a part of the registry when running a built-in program (for example, Notepad, Wordpad, Internet Explorer, Outlook Express, etc. provided by the Windows-based operating system developed by Microsoft) It is desirable to provide read access to the entire registry and read / write access to parts of the filesystem.

In addition, the level 4 mode, when executing the personal programs of the user using the user terminal, read-only permission to the registry, read permission to the file system, and on the file system to execute the personal programs It is desirable to provide write access to the temporary area, and, depending on the intention and purpose of those skilled in the art, individual programs may only provide read access to some areas of the filesystem.

Thereafter, the terminal requests execution of the user, and stores information on the authority setting of the program to be executed correspondingly in the storage means 525 (630).

According to the method of the present invention, the method for storing the authority setting state for each program for the authority granted to the program which the user requests to execute, comprises the authority setting of the program name and the authority level (or authority state) granted to the program. It is preferable to record in a predetermined area of the storage means 525 managed by the management program in a shared memory manner.

Here, in the shared memory system, when executing a plurality of programs or executing a plurality of threads, a predetermined area in the memory is overlapped for sharing information between the plurality of programs or the plurality of threads. In this case, it is preferable to further include a control technique for preventing a case of simultaneously accessing a single memory from a plurality of programs (or threads).

According to another exemplary embodiment of the present invention, a method for storing a program-specific permission setting state for a privilege granted to a program for which the user requests execution may include a program name and a privilege level (or privilege state) granted to the program. It is preferable to record in a certain area of the storage means 525 managed by the authority setting management program in a mutex (Mutex) method.

Here, in the mutex method, when a target memory area to be shared by a plurality of programs (or threads) is used, another program (or thread) is used when any one of the plurality of programs (or threads) uses the memory area. After the use of the memory area is set to disable after the use of the memory area, it is preferable to mean a way to enable the use in another program (or thread), the mutex method is one program (or thread) In the case where the memory area must be occupied by (), it is preferably used mainly.

According to another embodiment of the present invention, a method for storing a program-specific permission setting state for a privilege granted to a program that the user requests to execute, includes a program name and a privilege level (or privilege state) granted to the program. It is preferable to record in a semaphore manner in a predetermined area of the storage means 525 managed by the authority setting management program.

Here, in the semaphore method, before using the target memory area to be shared by a plurality of programs (or threads), the use of the target memory area to be shared flag is set (or increased), and the target memory area to be shared. After completing the use, it is preferable to release the target memory region use flag to be shared (or return the value to the original value, etc.) to enable memory sharing through a kind of signal role.

7 is a diagram showing the configuration of the setting authority recovery management program function recorded on the recording medium provided in the customer terminal for the release of the authority set through the setting authority collection management program according to the embodiment of the present invention.

In more detail, Figure 7 is for the configuration of the preferred function of the setting authority recovery management program provided to the customer terminal for the release of the authority set through a predetermined setting authority recovery management program, which is common in the art. Those skilled in the art may refer to and / or modify this drawing 7 to infer various implementation methods for the configuration of the setting authority recovery management program function for releasing the authority set through the setting authority collection management program. Includes all of the inferred implementation methods and is not limited to the implementation method illustrated in FIG.

Referring to FIG. 7, the setting authority retrieval management program controls the setting authority retrieval management program to operate on the basis of a recording medium provided in the customer terminal in association with an operating system (or platform) provided in the customer terminal. Interoperate with at least one or more function components constituting the set authority recovery management program to release the authority set through the set authority recovery management program, and / or an operating system (or And a mainframe unit 700 (Mainfrmae) to perform a function for releasing the authority set through the setting authority retrieval management program in connection with at least one component provided in the customer terminal through a platform). It features.

The main frame unit 700 is characterized in that it comprises a program execution code for the setting authority recovery management program to be executed on the operating system (or platform) provided in the customer terminal, thereby provided in the customer terminal Thereafter, in response to a predetermined program execution command, the setting authority recovery management program is executed and operated based on the operating system (or platform) provided in the customer terminal.

In addition, the main frame unit 700 is characterized in that the control to interoperate at least one or more functional components provided in the set authority recovery management program to release the authority set through the set authority recovery management program, By at least one or more functional components constituting the set authority recovery management program to release the authority set through the set authority recovery management program by assigning an instance to the mainframe unit 700, the functional components are cross-referenced And / or interlocked.

The main frame unit 700 may include at least one or more components (eg, key input means and / or screens) provided in the customer terminal to release the authority set through the set authority recovery management program. And a handle (and / or interrupt) for accessing the output means, etc., whereby each of the functional components constituting the setting authority retrieval management program is provided in the customer terminal. It is characterized by performing the unique function defined in each functional component by accessing the components of the.

According to the present invention, the setting authority retrieval management program is running through the user terminal to release the authority set for the program execution of one or more programs running through the user terminal in conjunction with the mainframe unit 700 A program end request check unit 705 for checking a program end request for at least one of the one or more programs, an authority setting check unit 710 for checking a right set to execute the terminated requested program, and the checked By releasing the authority setting, the authority setting collection processing unit 715 is provided to recover the authority set in the end-requested program.

The program termination request checker 705 is one or more programs running through the user terminal to release the authority set for the program execution among the one or more programs running through the user terminal in conjunction with the mainframe unit 700. The program end request for at least one of the programs is characterized in that the check.

According to an embodiment of the present invention, the program termination request confirmation requested through the user terminal may include checking an event generated by monitoring an operating system provided in the user terminal, and confirming a program termination request through the confirmed event. It is desirable to.

According to another exemplary embodiment of the present invention, the program end request confirmation requested through the user terminal is logged in to the user terminal, while the setting authority retrieval management program is executed, all the executed programs execute the setting authority retrieval management. In the case where the program is processed to be executed as a sub program of the program, it is preferable to confirm the program execution termination request by confirming whether or not the execution of the sub program is terminated in the setting authority recovery management program.

Those skilled in the art to which the present invention pertains will be familiar with the technical features of the method and / or process for confirming the program termination request requested through the user terminal, so that the detailed description thereof Omit for convenience.

The authority setting checking unit 710 checks the authority set in the checked end request program when the termination request for one or more programs being executed through the user terminal is interlocked with the mainframe unit 700. It is characterized by.

According to the implementation method of the present invention, the authority check set in the requested program is terminated, by confirming the information on the authority for each program set through the set authority recovery management program shown in Figure 3 through the storage means 725, It is preferable to check the authority set in the end-requested program.

That is, when the authority for each program is set in the setting authority collection management program shown in FIG. It is advisable to check the permission settings for.

According to another embodiment of the present invention, it is preferable to check the authority set in the requested program to be terminated by requesting the authority set in the requested program to be terminated by the set authority recovery management program shown in FIG. .

In this case, the request is made through the storage means 725 to confirm the authority setting of the requested program, or an internal network between the setting authority retrieval management program and the setting authority retrieval management program shown in FIG. A communication method may be used by using a local network (IP) having an IP address of 0.1.

The permission setting collection processing unit 715 confirms an end request for one or more programs running through the user terminal in association with the mainframe unit 700, and confirms the authority set for execution of the end-requested program. If so, it is characterized in that the recovery process of the identified authority.

According to the exemplary embodiment of the present invention, the authority recovery process set in the termination requested program may be performed in a read-only (or inaccessible) state by first canceling the authority setting for the registry and file system. After setting, by processing the program to be terminated, it is preferable to recover the authority for the program set for the execution of the program, the end of the requested request, and to confirm the end of the program requested to terminate the storage means (725) It is preferable to delete the program management information (that is, the authority information set for each running program) stored in the program.

According to another exemplary embodiment of the present invention, the authority recovery process set in the termination requested program includes, after confirming the termination of the termination requested program, the program management information stored in the storage unit 725 (that is, the program being executed). It is preferable to delete the set authority information).

According to the present invention, the setting authority retrieval management program manages the storage means 725 (that is, shared memory) for checking and setting the authority required for the program requesting execution by the user in association with the mainframe unit 700. And a memory management unit 720.

The memory manager 720 stores the storage means 725 (that is, shared memory) for storing the permission setting state for each program for the program that the user requests to terminate in cooperation with the mainframe unit 700. It is characterized by managing.

According to the method of the present invention, the method for checking the authority setting state for each program for the authority granted to the program requesting the end of the user includes setting a program name and an authority level (or authority state) granted to the program. It is preferable to check the information recorded in the shared memory method in a predetermined area of the storage means 725 managed by the recovery management program.

In addition, the method for deleting the authority setting state for each program for the authority granted to the program requesting the end of the user, the program name and the authority level (or authority state) granted to the program is managed by the authority control number management program. By removing the area recorded in the shared memory method in the predetermined area of the storage means 725, it is preferable to delete the program-specific permission setting state for the permission granted to the program for which the user requests termination.

Here, in the shared memory system, when executing a plurality of programs or executing a plurality of threads, a predetermined area in the memory is overlapped for sharing information between the plurality of programs or the plurality of threads. In this case, it is preferable to further include a control technique for preventing a case of simultaneously accessing a single memory from a plurality of programs (or threads).

According to another exemplary embodiment of the present invention, a method for confirming a program-specific permission setting state for a privilege granted to a program for which the user requests termination, includes setting a program name and a privilege level (or privilege state) granted to the program. It is preferable to check the information recorded in a certain area of the storage means 725 managed by the authority recovery management program in a Mutex (Mutual Exclusion Object) method.

In addition, the method for deleting the authority setting state for each program for the authority granted to the program requesting the end of the user, the program name and the authority level (or authority state) granted to the program is managed by the authority control number management program. By removing an area recorded in a mutex (mutual exclusion object (Mutex)) method in a certain area of the storage means 725, it is preferable to delete a program-specific permission setting state for a permission granted to a program for which the user requests termination. .

Here, in the mutex method, when a target memory area to be shared by a plurality of programs (or threads) is used, another program (or thread) is used when any one of the plurality of programs (or threads) uses the memory area. After the use of the memory area is set to disable after the use of the memory area, it is preferable to mean a way to enable the use in another program (or thread), the mutex method is one program (or thread) In the case where the memory area must be occupied by (), it is preferably used mainly.

According to another embodiment of the present invention, a method for checking the authority setting state for each program regarding the authority granted to the program for which the user requests termination, includes a program name and an authority level (or authority state) granted to the program. It is preferable to check the information recorded in the semaphore method in a predetermined area of the storage means 725 managed by the setting authority recovery management program.

In addition, the method for deleting the authority setting state for each program for the authority granted to the program requesting the user to terminate, the program name and the authority level (or authority state) granted to the program are managed by the setting authority collection management program. By removing a region recorded in a semaphore manner in a predetermined region of the storage means 725, it is preferable to delete the authority setting state for each program for the authority granted to the program requesting termination by the user.

Here, in the semaphore method, before using the target memory area to be shared by a plurality of programs (or threads), the use of the target memory area to be shared flag is set (or increased), and the target memory area to be shared. After completing the use, it is preferable to release the target memory region use flag to be shared (or return the value to the original value, etc.) to enable memory sharing through a kind of signal role.

8 is a diagram illustrating a process for releasing a right set through a set right collection control program according to an embodiment of the present invention.

In more detail, FIG. 8 illustrates that when a predetermined user executes one or more of one or more programs included in the terminal in a process of using the terminal, and requests termination of one or more of the executed programs, the termination is performed. A process for retrieving the authority granted to the requesting program is illustrated, and a person having ordinary skill in the art to which the present invention pertains may refer to and / or modify this drawing 8 to perform the program required by the user to request execution. Various implementation methods may be inferred for the process for checking and setting the authority, but the present invention includes all the implementation methods inferred above and is not limited to the implementation method shown in FIG.

For example, if a person having ordinary technical knowledge in the technical field to which the present invention belongs, the practice of deleting (or modifying) part of the procedure for releasing the authority set through the authority setting management program shown in FIG. The method may be inferred, and the present invention is not limited thereto.

Hereinafter, in FIG. 8, a user terminal provided with a setting authority retrieval management program shown in FIG. 7 is referred to as a “terminal” for convenience.

Referring to FIG. 8, if the terminal equipped with the setting authority retrieval management program shown in FIG. 7 executes the setting authority retrieval management program in the user authentication processing program shown in FIG. The terminal checks whether the user terminates the program request (805).

According to an embodiment of the present invention, the program termination request confirmation requested through the user terminal may include checking an event generated by monitoring an operating system provided in the user terminal, and confirming a program termination request through the confirmed event. It is desirable to.

According to another exemplary embodiment of the present invention, the program end request confirmation requested through the user terminal is logged in to the user terminal, while the setting authority retrieval management program is executed, all the executed programs execute the setting authority retrieval management. In the case where the program is processed to be executed as a sub program of the program, it is preferable to confirm the program execution termination request by confirming whether or not the execution of the sub program is terminated in the setting authority recovery management program.

Those skilled in the art to which the present invention pertains will be familiar with the technical features of the method and / or process for confirming the program termination request requested through the user terminal, so that the detailed description thereof Omit for convenience.

If it is determined whether the user terminates the program request (810), the terminal checks the authority granted to the target program to be terminated for the program termination requested by the user (815).

Thereafter, the terminal recovers the authority granted to the target program to be terminated (820).

According to the exemplary embodiment of the present invention, the authority recovery process set in the termination requested program may be performed in a read-only (or inaccessible) state by first canceling the authority setting for the registry and file system. After setting, by processing the program to be terminated, it is preferable to recover the authority for the program set for the execution of the program, the end of the requested request, and to confirm the end of the program requested to terminate the storage means (725) It is preferable to delete the program management information (that is, the authority information set for each running program) stored in the program.

According to another exemplary embodiment of the present invention, the authority recovery process set for the termination requested program includes, after confirming the termination of the requested termination program, stored in the storage means 725 (ie, for each program being executed). Set authority information) is preferably deleted.

Thereafter, the terminal requests the end of the user, and stores the information on the authority setting of the program to be terminated in the storage means 725 (825).

According to the method of the present invention, the method for checking the authority setting state for each program for the authority granted to the program requesting the end of the user includes setting a program name and an authority level (or authority state) granted to the program. It is preferable to check the information recorded in the shared memory (Shared Memory) method in a predetermined area of the storage means 725 managed by the recovery management program.

In addition, the method for deleting the authority setting state for each program for the authority granted to the program requesting the end of the user, the program name and the authority level (or authority state) granted to the program is managed by the authority control number management program. By removing the area recorded in the shared memory method in the predetermined area of the storage means 725, it is preferable to delete the program-specific permission setting state for the permission granted to the program for which the user requests termination.

Here, in the shared memory system, when executing a plurality of programs or executing a plurality of threads, a predetermined area in the memory is overlapped for sharing information between the plurality of programs or the plurality of threads. In this case, it is preferable to further include a control technique for preventing a case of simultaneously accessing a single memory from a plurality of programs (or threads).

According to another exemplary embodiment of the present invention, a method for confirming a program-specific permission setting state for a privilege granted to a program for which the user requests termination, includes setting a program name and a privilege level (or privilege state) granted to the program. It is preferable to check the information recorded in the mutex (Mutex) method in a predetermined area of the storage means 725 managed by the authority recovery management program.

In addition, the method for deleting the authority setting state for each program for the authority granted to the program requesting the end of the user, the program name and the authority level (or authority state) granted to the program is managed by the authority control number management program. By removing an area recorded in a mutex (mutual exclusion object (Mutex)) method in a certain area of the storage means 725, it is preferable to delete a program-specific permission setting state for a permission granted to a program for which the user requests termination. .

Here, in the mutex method, when a target memory area to be shared by a plurality of programs (or threads) is used, another program (or thread) is used when any one of the plurality of programs (or threads) uses the memory area. After the use of the memory area is set to disable after the use of the memory area, it is preferable to mean a way to enable the use in another program (or thread), the mutex method is one program (or thread) In the case where the memory area must be occupied by (), it is preferably used mainly.

According to another exemplary embodiment of the present invention, a method for checking the authority setting state for each program regarding the authority granted to the program for which the user requests termination, includes a program name and an authority level (or authority state) granted to the program. It is preferable to check the information recorded in the semaphore method in a predetermined area of the storage means 725 managed by the setting authority recovery management program.

In addition, the method for deleting the authority setting state for each program for the authority granted to the program requesting the end of the user, the program name and the authority level (or authority state) granted to the program is managed by the authority control number management program. By removing an area recorded in a certain area of the storage means 725 in a semaphore manner, it is preferable to delete a program-specific permission setting state for a permission granted to a program for which the user requests termination.

Here, in the semaphore method, before using the target memory area to be shared by a plurality of programs (or threads), the use of the target memory area to be shared flag is set (or increased), and the target memory area to be shared. After completing the use, it is preferable to release the target memory region use flag to be shared (or return the value to the original value, etc.) to enable memory sharing through a kind of signal role.

According to the present invention, by setting a right at the time of program execution and providing a right according to the execution of the program based on the set right, there is an advantage of providing a function to prevent a system file or registry change from illegal programs. .

Claims (7)

If a user account is logged in through a login interface output to the terminal, processing a plurality of programs for managing the logged-in user account to be executed; Recognizing a program for which execution is requested when execution of any one of a plurality of programs included in the terminal is requested; Requesting a permission setting necessary for executing the recognized program to a server, and receiving permission setting information from the server correspondingly; Setting a program-specific authority for the program requested to be executed based on the received authority setting information; And And temporarily changing the permission setting for the logged-in user account and processing the program requested to be executed to be executed in response to a set program-specific permission. The authority for each program is divided into level 0, level 1, level 2, level 3 and level 4, the level 0 is set to recover from a serious error occurring in the terminal, the level 1 is to run a business program Is set to provide read / write access to the registry and filesystem for the case, and level 2 is set to provide read / write access to the registry and filesystem for the case of running an externally developed program. The level 3 is set to provide write permission to a part of the registry, read permission to the entire registry, and read / write permission to a part of the file system for the case of executing the default mounted program. Read-only privileges and pars to the registry for the execution of personal programs of the user of the terminal. Run by the login account permissions control which comprises is set to provide read access and write access to a temporary area on the file system on the system program management. delete The method of claim 1, Multiple programs for managing logged-in user accounts include: And a program patch management program, an authority setting management program, and a setting authority retrieval management program. The program patch management program includes a function of updating a system file and the registry, The authority setting management program includes a function of requesting and setting the authority required for program execution to a server through recognition of a program requested to be executed, The setting authority retrieval management program, the program execution management method using the logged-in account authority control, characterized in that it includes a function for retrieving the authority necessary for the execution of the program for which the program-specific authority is set. The method of claim 1, When requesting program execution through a separate isolated virtual environment of a logged in user account, a program executed through the isolated virtual environment cannot read or write files stored in an environment other than the isolated virtual environment. Program processing management method using the control of the logged in account, characterized in that further comprises the step; The method of claim 1, wherein the terminal operates on a Windows OS (Operating System) basis. A function of processing a plurality of programs for managing the logged-in user account to be executed when the user account is logged in through a login interface output to the terminal; A function of recognizing a program requested to be executed when an execution of any one of a plurality of programs provided in the terminal is requested; Requesting a server for permission setting necessary to execute the recognized program, and receiving permission setting information from the server correspondingly; Setting a program-specific authority for the program requested to be executed based on the received authority setting information; And And a function of temporarily changing the authority setting for the logged-in user account and processing the program requested to be executed to be executed in response to a set program-specific authority. The authority for each program is divided into level 0, level 1, level 2, level 3 and level 4, the level 0 is set to recover from a serious error occurring in the terminal, the level 1 is to run a business program Is set to provide read / write access to the registry and filesystem for the case, and level 2 is set to provide read / write access to the registry and filesystem for the case of running an externally developed program. The level 3 is set to provide write permission to a part of the registry, read permission to the entire registry, and read / write permission to a part of the file system for the case of executing the default mounted program. Read-only privileges and pars to the registry for the execution of personal programs of the user of the terminal. A computer for storing a program, characterized in that which is set to provide a read access and write access to the staging area in the file system for a system-readable recording medium. delete

Images