| 摘要 |
<p>A method comprises receiving a session login request by a user from a computer/client/workstation/terminal 110; determining the access rights 321-1 of the user; determining the access rights 331-1 of the computer, determining session access rights as an intersection or overlap of the common or mutual user and computer access rights; and authorising access to files based on applying dependent on whether the session access rights satisfy file permissions of the files. The file permissions may be stored in metadata of the corresponding files. The computer might be identified based on a unique address or PKI signature. The user might be identified based on a user session or PKI signature. Also claimed is a system where access to data files is authorised by applying session rights to file permissions of the files and confirming that the unique address of the workstation used is held in a clearance database.</p> |
