A network includes digital computers, resources such as disk drives, printers and modems or disk files, file records or tasks, and a communications channel permitting data transfer between each digital computer and the resources. The function of mediating conflicting demands for network resources is distributed among the digital computers. A file server or other storage device connected to the communications channel contains an access log. Each digital computer accesses a required resource by first recording an entry in the access log identifying the required resource and then scanning the access log to locate any conflicting entry identifying the same resource. The access procedure is terminated if the conflicting entry is located and the recorded entry is then deleted. The digital computer otherwise accesses the required resource and deletes the recorded entry once use of the resource has terminated. Access to resources is restricted according to priority levels assigned to the various computers and by a virtual use log within the access log. A system operator can create records in the virtual use log indicating a non-existent use of network resources. Depending upon its assigned priority, each computer may scan portions of the virtual use log and locate conflicting entries which effectively prohibit the computer from accessing the identified resource.
The present invention provides a file management device for managing a file accessed by a plurality of users which comprises setting means for setting a plurality of attribute values related to a particular attribute of the file, and for setting access rights in accordance with the plurality of attribute values related to the attribute, storing means for storing a result set by the setting means, and changing means for changing the access rights for the file corresponding to attribute values specified in the group of the plurality of attribute values based on the contents stored in the storing means.
A network resource security services control system comprises an integrated arrangement of security services, that are operative to control the ability of an information storage and retrieval network user to have access to and communicate with one or more information resources within the network. The security access control mechanism monitors activity associated with a user's attempt to and actual conducting of data communications with respect to a system resource, and controllably modifies one or more security relationships of a security association that has been established among the users and resources of the system, in dependence upon one or more characteristics of the monitored activity, in such a manner that affects the ability of the system user to conduct data communications with respect to a system resource.
A system and method for selectively controlling database access by providing a system and method that allows a network administrator or manager to restrict specific system users from accessing information from certain public or otherwise uncontrolled databases (i.e., the WWW and the Internet). The invention employs a relational database to determine access rights, and this database may be readily updated and modified by an administrator. Within this relational database specific resource identifiers (i.e., URLs) are classified as being in a particular access group. The relational database is arranged so that for each user of the system a request for a particular resource will only be passed on from the local network to a server providing a link to the public/uncontrolled database if the resource identifier is in an access group for which the user has been assigned specific permissions by an administrator. In one preferred embodiment, the invention is implemented as part of a proxy server within the user's local network.
A system and method for preventing a copy of a document to the output from a printing node until the printing node authenticates the intended recipient. The system includes a sending node, a printing node and a communication link coupling these nodes together in a network fashion. The sending node has access to a public key of the printing node and uses this public key to encrypt a header and document before transmission to the printing node over the communication link. The priority node has access to its private key to decrypt the header to ascertain whether the document requires authentication by the intended recipient before being output.
A network resource security services control system comprises an integrated arrangement of security services, that are operative to control the ability of an information storage and retrieval network user to have access to and communicate with one or more information resources within the network. The security access control mechanism monitors activity associated with a user's attempt to and actual conducting of data communications with respect to a system resource, and controllably modifies one or more security relationships of a security association that has been established among the users and resources of the system, in dependence upon one or more characteristics of the monitored activity, in such a manner that affects the ability of the system user to conduct data communications with respect to a system resource.
