1. Field of the Invention
This invention relates to an access control to information resources stored in a computer.
2. Description of the Related Art
Access control lists (ACLs) record permitted users for information resources stored in computers and are referred to restrict accesses by improper users, thereby enhancing securities for the information resources. Recently, a widely distributed environment, in which a plurality of networks are connected through a wide area network, such as the Internet, and enables the information resources including data files to be shared among the networks, is utilized. The ACL is also effective under the environment to enhance the securities. Under the environment, the ACLs, each of them being managed by each access controller connected with each network, are synchronized among all access controllers.
Since access right or permission to information resources are not stable but flexible, some cases require an interception of all accesses by a specific user under the widely distributed environment. JP 1999-282805A discloses a technique that synchronizes update of all ACLs in such a case where the access right of the specific user has to be prohibited, thereby intercepting all accesses by the prohibited user. Another technique periodically transmits a certification issued by a certificate authority for the access right, thereby intercepting accesses by users with invalid certifications.
But these conventional technique are not effective enough for emergency access interception in the following exemplified cases: a prohibition of access right after dismissing a specific user and detection of improper access. That is because the first technique requires long time to update the ACL, and the second technique cannot intercept the access before the new certification is issued and the old one turns to be expired.
The above-mentioned problem is not specific for the widely distributed environment but common to any system in which a plurality of access controllers cooperate together in controlling accesses to information resources.