An information processing apparatus, such as a personal computer, is often shared by a plurality of users. An operating system (referred to hereinafter simply as “OS”) for a personal computer or other information processing apparatus is thus equipped with functions premised on shared use by a plurality of users. For example, in a basic form of use of a representative recent OS, such as UNIX, Windows XP (registered trademark), or Mac OSX (registered trademark), each individual user performs a logon procedure (referred to as a “login procedure” depending on the OS) in starting the use of a system and performs a logoff procedure (referred to as a “logout procedure” depending on the OS) in ending the use of the system.
Under such an environment where a plurality of users share the same information processing apparatus, it is important that considerations be made to ensure adequate security in regard to data prepared by each individual user. For example, if a data file prepared by a first user can be subject to reading and writing without restriction by a second user, files that a user does not wish others to view or modify cannot be handled with an information processing device under a shared environment.
Thus in order to ensure security for each individual user even in an information processing apparatus under a shared environment, an arrangement that prevents simultaneous multiple logon by a plurality of users is employed and operations are carried out with each individual user being provided with unique access rights. For example, Japanese Unexamined Patent Publication No. 2003-280781 discloses a method in which different access rights are set according to each individual user and when a user who is logged in changes, the access rights are switched as well.
As mentioned above, in cases where the same information processing device is shared by a plurality of users, a method, in which unique access rights are set according to each individual user and, for a user who has logged on using a predetermined account and password, access to data files is permitted within the range of the access rights set for the user, is employed in many OSs. However, with such a method, an adequate security cannot be ensured necessarily. For example, with many OSs, the existence of a special user (such as a super user in UNIX) having management rights is allowed, and when a user logs in as such a special user, all data files can be accessed without being restricted whatsoever. Also, as long as data files are stored in the information processing apparatus, any of the data can be accessed using an illicit method.
Thus an object of the present invention is to provide a method that enables a more adequate security to be ensured for data prepared by each individual user in cases where the same information processing apparatus is shared by a plurality of users.