Conventionally, to prevent a user who has no access right from decoding or tapping information by making access to a resource such as a file or storage device in a computer such as a personal computer through an application program, a method of providing an access right check function in an operating system (to be referred to as an OS hereinafter) or a method of checking the access right by adding a dedicated access management tool is known.
For example, a general-purpose OS represented by Windows (registered trademark of Microsoft) has a function of inhibiting a user who has no access right from reading, writing, or executing a file. Some general-purpose OSs allow a user to set a right about deleting files, changing the access right, or changing ownership.
As an access management tool, a tool which registers the permission condition of file lookup and copy, then restricts file lookup and copy depending upon that permission condition is known, as disclosed in, e.g., Japanese Patent Laid-Open No. 7-84852. More specifically, a tool which adds a read restricting attribute to a display area to prevent capture of the display screen is known.
To completely inhibit a user from outputting information to some external medium, functions such as attachment to mail, printing, file move/file copy, copy to the clipboard, saving in removable medium such as a floppy disk, object paste, and screen capture must be restricted, as shown in FIG. 9. In addition, information output through a network must also be restricted.
In the prior art, however, operations other than file move/file copy and screen capture (e.g., copy to the clipboard) cannot be restricted. If operations such as copy to the clipboard should be restricted, the OS or application itself must be revised, and this makes versatile applicable use impossible.