The invention relates to providing secure access to multiple processes running on a computer system, where each process has a separate directory.
As more important and confidential data is created, processed, and stored electronically, the security needs for the processes and information have increased. Additionally, in the present computing environment, a single user needs access to numerous processes. For example, in a client/server system, a user may need access to processes (also known as resources) such as electronic mail, word processing, database applications, and graphics applications. Typically, a user will have different access levels (also known as permissions) for the different processes.
A current technique for operating in this environment is to have a separate directory of authorized users and security system associated with each process, as shown in the block diagram of FIG. 1. A user, e.g., user1, obtains access to a first process 1, e.g., an operating system, by entering a first identifier 2, e.g., SYSID1. The first identifier is checked against a directory 3 of valid users for the operating system. If the use-entered identifier is valid, user1 must also pass a security system 4 check.
In order for user1 to access another process 5, e.g., process P1, user1 must enter a process-specific identifier 6a, e.g., P1ID1, which is checked against a process-specific directory 7a. Also, user1 must pass a process-specific security system 8a check. These steps are repeated by the user in order to obtain access to each of the processes available on the computer system.
This process-specific access technique presents several problems. First, the processes have separate directories containing the valid identifiers for the respective processes. Typically, the directories do not use the same identifier for a single user. In the example above, user1 must use SYSID1 to gain access to the system, and then use a process-specific identifier, e.g., P1ID1, obtain access to each process. The directories are independent and must be managed separately.
Typically, a user is required to pass a different security test (e.g., know a different password) for each process. A user may forget one or more of the needed process passwords, wasting valuable time. This may induce the user to write down the list of passwords. This list may be susceptible to theft or copying.