1. Field of the Invention
The present invention relates to a method and system for computer workstation security, and more particularly, to a graphical identification and authentication system for multiple user access to a computer workstation or computer network access point. The present invention has particular application to computers which are shared by multiple users or to computers and computer network access points which are in an unsecured or public location, and for single users having multiple logon accounts or other secured access requirements for multiple computer applications, databases, networks, and the like.
2. Description of the Prior Art
Currently, it is possible for multiple users to logon to the same system simultaneously but this is presently limited to what is currently the most recent version of the Microsoft Windows® Desktop Operating System (Windows XP) and it is disabled if the system is joined to a network domain. Most businesses utilize their computers as part of a network domain, and many businesses are not running Microsoft Windows XP on all their workstations. In either of these situations, there is only one way to address the problem of maintaining secure, audited secure resource access on a shared workstation; that is to require each user to perform a logon to the system, access the secure resources and then logoff. This process can be cumbersome and time consuming as it requires that a user always remember to close out their applications and logoff when they are finished with the system. Even worse, if a user forgets to logoff, the system and the secure resources can be compromised by anyone who may have physical access to the terminal or system. Even if proper security is put in place, such as a short timeout before a screen lock, problems may still occur. For instance, if the system goes into the locked state either by user intervention or by inactivity and another user with insufficient privilege to unlock the system needs access, there is no way that user can unlock the system. Another significant issue is the time it takes to logon to system and then logon to the applications required to access the secure resources. Since a user must logoff the system whenever they are finished using it, they must also go through the logon process each time the want to access it, resulting in severely diminished productivity of the shared resources. This is problematical and inefficient for the user, system, network and any application servers. This is especially inefficient in cases where repeated intermittent use of secure resources is needed by a single or by a mix of multiple users.
An alternative approach sometimes used is to create a single “generic” account for all users to log in with. However, due to new regulations and increased security concerns, it is no longer practical, and in some cases no longer legal, to allow multiple users to log on to a system using the same generic account. Using a generic account makes it almost impossible to know by whom, when and where sensitive data is accessed. Furthermore, generic account methods lack audit trail capability.