1. Field of the Invention
The invention relates generally to computer applications, systems and methods, and more particularly to computer systems and methods for controlling access to transactions associated with an internal transaction area of a host computer.
2. Description of the Related Art
Conventional host computer systems provide services for typically large numbers of end-users using end-user computers such as terminals, personal computers, workstations, and computer servers. The services are furnished through internal applications running in internal transaction areas of the host computer systems, which allow for series of transactions to occur between the host computer systems and the end-user computers. Each transaction is typically a bounded unit of work or finite task associated with an internal transaction area. Any particular internal transaction area has numerous associated transactions, so the examples given herein are merely representative and exemplary in nature and not to be construed to be all-inclusive. For instance, a transaction could return data, or could put data, or could add data.
Access to the internal applications and their associated transactions is typically authorized based upon the sensitivity of the internal applications and their associated transactions compared with the degree of physical security precautions implemented in the particular locale in which the end-user computers are located. For instance, regarding internal application sensitivity, if the internal applications and their related transactions are associated with such data as financial data, inventory data, trade secret data, or management planning data, the applications and transactions would most likely be viewed as having a relatively high level of sensitivity. On the other hand, if the internal applications and their associated transactions are related to information readily obtained by the general public such as retail prices of particular items, general news, or other types of general interest data, the internal applications and their associated transactions would most likely be viewed as having a lesser level of sensitivity.
Regarding physical security, a relatively high degree of physical security, for instance, could involve end-user computers being located in buildings having physically controlled access, such as through manned checkpoints, barriers operated by badge reading devices, and locked doors. A relatively high degree of physical security could also involve end-user computers having communication nodes that were directly tied into the host computer system and were difficult to remove from their locale. A relatively low degree of physical security, for instance, could involve the end-user computers being located in areas accessible to the general public or using communication nodes that were shared with the general public.
If an internal application and its associated transactions are deemed to have a relatively high degree of sensitivity, oftentimes, if at least one or a few number of end-user computers have a relatively low degree of associated physical security, then correct input of usernames (user-identification) and passwords is required of all of the associated end-users using any end-user computer, regardless of the physical security of the end-user computer involved, in order to be given proper authorization to access the internal application and associated transactions. Other times, a particular internal application and its associated transactions could be deemed as having a relatively high enough degree of sensitivity that input of usernames and passwords would be required not only to access the particular internal application and its associated transactions, but also to access other internal applications running on the host computer system regardless of the physical security of any associated end-user computer.
It is unfortunate in these conventional approaches that if usernames and passwords are required by a host computer system of end-users of particular end-user computers to access an internal application of the host computer system, the requirement is generally imposed upon all end-users of any end-user computers, regardless of the physical security of the end-user computers. The inflexibility of these conventional approaches, at times, introduces unnecessary inconvenience to some, if not many of the end-users of a particular internal application. The end-user computer with the relatively lowest level of physical security is a decisive reason regarding the requirement for entry of usernames and passwords for an entire group of end-user computers accessing the particular internal application and its associated transactions.
To compound the inconvenience, oftentimes a particular internal application and its associated transactions with the relatively highest level of sensitivity is also another decisive reason for the requirement for entry of usernames and passwords. Consequently, even though some or most of a group of internal applications and their associated transactions running on a host computer system have a relatively low level of sensitivity that requires no entry of usernames and passwords regardless of the physical security of the end-user computer, entry of usernames and passwords is still required because of a relatively highly sensitive internal application and its associated transactions running on the host computer system.
Herein are described computer based systems and methods directed toward these and other issues. Other features and advantages will become apparent from the following detailed description, taken in conjunction with the accompanying drawings.