Electrical computers and digital processing systems: multicomput – Computer-to-computer session/connection establishing – Network resources access controlling
Reexamination Certificate
1999-08-12
2003-06-10
Coulter, Kenneth R. (Department: 2141)
Electrical computers and digital processing systems: multicomput
Computer-to-computer session/connection establishing
Network resources access controlling
C709S225000, C713S152000, C707S793000
Reexamination Certificate
active
06578081
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a system for sharing electronic information through a programmed computer, and particularly, to a security system for electronic information shared among employees of different companies.
Improvements in computer networks are expanding the sharing of electronic information from among sections of the same company to among different companies. It is required to ensure the security of information shared among users and of the data about the users themselves.
2. Description of the Related Art
In this specification, a “requester” is a user who makes a request for sharing electronic information such as files. Through the accompanying drawings, like parts are represented with like reference marks.
FIG. 1
shows a security system for shared electronic information according to a prior art. An input unit
21
and an output unit
22
are connected to a user interface
23
directly or through a LAN. A message entered by a requester into the input unit
21
is transferred to an objective unit through the user interface
23
. The objective unit returns a reply, which is edited by the user interface
23
and the edited reply is transferred to the output unit
22
. A user managing unit
24
manages data related to users, a user data manager
25
controls the data related to users, and a user level manager
26
determines the managing level of each user. Namely, the user level manager
26
determines whether or not a requester is a system managing user or a general user. User data
27
is in the form of a table. A sharing manager
28
manages users and electronic information shared by the users. Sharing data
29
is a list of electronic information and users that share the electronic information. An information manager
2
A manages electronic information
2
B. The electronic information
2
B may be files, directories, or databases to be shared by users through networks.
The user data
27
is a database in the form of a table containing the names and managing levels of users.
FIG. 2
shows an example of the sharing data
29
containing the names of files and the names of users who share the files. In the example, there are three files a, b, and c. The file a is shared by users A
2
and B
1
, the file b by users A
3
and C
1
, and the file c by users A
1
, A
2
, A
3
, B
1
, and C
1
. When a requester enters a request for acquiring a list of users into the input unit
21
, the user interface
23
transfers the request to the user level manager
26
, which transfers the request to the user data manager
25
. The user data manager
25
fetches a list of all users from the user data
27
, and the user interface
23
transfers the list to the output unit
22
. In this way, any requester can obtain a list of all users from the user data
27
. When a requester, who is a user registered in the user data
27
, enters a request for sharing the information
2
B into the input unit
21
, the user interface
23
analyzes the request and asks the sharing manager
28
to provide a list of users who share the information
2
B. The sharing manager
28
returns the list, and the user interface
23
transfers the list to the output unit
22
. Thereafter, the requester may select a user from the list on the output unit
22
and deletes, changes, or adds the selected user with respect to the information
2
B. The information manager
2
A and sharing manager
28
cooperate with each other to secure that only authorized users listed in the sharing data
29
access the information
2
B.
If the user A
1
of
FIG. 2
makes a request for sharing the files a and b that are presently isolated from the user A
1
, the user A
1
can get the names of the users A
2
and B
1
that are sharing the file a and the users A
3
and C
1
that are sharing the file b. This is because the prior art is based on a client-server system formed on an intranet whose extent is limited within an office in which there will be no problem even if every user looks in files and data about users. This, however, raises a security problem when information is shared by users belonging to different offices or companies through networks. It is necessary to limit the extent of information and user data to be retrieved by a user depending on a managing level given to the user.
According to the prior art, any registered user can retrieve a list of all users who share electronic information. Namely, the prior art allows each registered user to see a list of registered users, a list of electronic information, and a list of users who share the electronic information. This causes a problem when the electronic information is shared among companies that issue orders and companies that receive the orders.
SUMMARY OF THE INVENTION
An object of the present invention is to provide a system for ensuring the security of electronic information shared among companies and limiting the extent of electronic information and user data to be retrieved by a user depending on a managing level given to the user.
In order to accomplish the object, the present invention newly employs tenant data and a tenant data manager to provide a function of ensuring the security of user data. If a requester is a general user, the requester is allowed to refer to only data about users that are under a tenant to which the requester belongs and is prohibited from accessing data about users who are under tenants to which the requester does not belong. More precisely, the present invention provides a security system for electronic information sharing, having an input terminal with which a requester enters a request for sharing electronic information and an output terminal with which the requester receives a list of users who may share the electronic information. The security system is characterized by tenant data containing tenants and users belonging to the tenants and by a user-tenant managing unit for retrieving at least a tenant to which a requester belongs from the tenant data, preparing a list of users who belong to the retrieved tenant, and providing the requester with the prepared list through the output terminal.
The system also employs user data that contains users and managing levels related to the users. If the user data indicates that the requester is a system managing user, the user-tenant managing unit prepares a list of all users from the user data and provides the requester with the prepared list.
The system allows the system managing user to make deletion, updating, and addition with respect to the user data.
If the requester is a tenant managing user, the user-tenant managing unit retrieves at least a tenant to which the requester belongs from the tenant data, acquires a list of users who belong to the retrieved tenant from the tenant data, and provides the requester with the acquired list.
The system allows the tenant managing user to delete, update, and add data about the users who belong to the tenant to which the tenant managing user belongs.
The system also employs sharing data that specifies electronic information and users who share the electronic information. If the requester is a general user, the user-tenant managing unit retrieves at least a tenant to which the requester belongs from the tenant data and acquires a list of users who belong to the retrieved tenant from the tenant data. The system also employs a sharing manager that compares the acquired list with a list of users who share electronic information for which the requester issues the sharing request, and prepares a list of users who are present in both the acquired list and the list of users who share the electronic information. The lastly provided list is given to the requester.
REFERENCES:
patent: 5220604 (1993-06-01), Gasser et al.
patent: 5627967 (1997-05-01), Dauerer et al.
patent: 5737523 (1998-04-01), Callaghan et al.
patent: 5838911 (1998-11-01), Rosenhauer et al.
patent: 6092201 (2000-07-01), Turnbull et al.
patent: 6105027 (2000-08-01), Schneider et al.
patent: 6182227 (2001-01-01), Blair et al.
patent: 6219786 (2
Sato Yoshiharu
Tominaga Hiroyuki
Coulter Kenneth R.
Fujitsu Limited
Katten Muchin Zavis & Rosenman
LandOfFree
Security system for electronic information sharing does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Security system for electronic information sharing, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Security system for electronic information sharing will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3142943