BACKGROUND OF THE INVENTION A mainframe computer is one which is capable of supporting multiple users simultaneously. Each of the multiple users typically accesses the mainframe computer via a terminal or a single-user computer, e. g., a personal computer, that is networked to the mainframe computer.

Many of the application programs designed to run on mainframe computers use large, complex databases. Often, changes to such a database must be made via a user interface that is cumbersome to use and very time consuming. The user interface usually requires that a large number of keystrokes be used to make changes to the database.

The large number of keystrokes required to make changes to the database increases the probability of keystroke errors. The probability of keystroke errors increases further if relationships between the data stored in the database are complex.

A security system application program is an example of a mainframe application program that uses large databases. Security system application programs are typically used to control access to sensitive information. Typically, different users will be given different levels of access to the sensitive information. A database for such security system application program may store a profile for each user wherein the profile will indicate such user's authorization level for access to the sensitive information.

A procedure for updating such a user profile usually involves using a large number of keystrokes to enter updated information via a cumbersome and complex user interface. Furthermore, because the security system application program is used to control a user's access to sensitive information, a"practice"database is often used to make significant changes to the database user profiles before making the same changes to the actual"working"database. Thus, the keystrokes used to update the user profiles in

the practice database must be repeated when updating the user profiles in the working database. This process is very time-consuming and prone to errors.

SUMMARY OF THE INVENTION In view of the above problems in the art, the present invention provides a system and method for controlling a mainframe application program from a non-mainframe computer. The system and method of the present invention provides a user interface that is simple to use and substantially eliminates keystroke errors involved in input of changes to a database used by the mainframe application program. The system and method of the present invention can also provide additional functionality that would otherwise not be available from the mainframe application program itself.

Additional objects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objects and advantages of the invention, may be realized and attained by means of the instrumentalities and combinations particularly pointed out in the appended claims.

To achieve the objects and in accordance with the purpose of the invention, as embodied and broadly described herein, the present invention is a method of controlling an application program being executed by a mainframe computer, comprising the steps of: inputting control information related to the application program into a database program that is being executed by a non-mainframe computer; using the database program to convert the inputted control information into commands that are recognizable by the application program; and communicating the recognizable commands to the application program by a host emulator program being executed by the non-mainframe computer.

The present invention can also be achieved in whole or in part by a system comprising: a mainframe computer programmed with an application program; and a non- mainframe computer programmed with a database program, wherein the database program, when executed by the non-mainframe computer, performs the steps of receiving inputted control information related to the application program, converting the inputted, received control information into a plurality of commands that are recognizable by the application program, sending the recognizable commands to a host emulator application

being executed by the non-mainframe computer, and using the host emulator application program to communicate the recognizable commands to the application program.

The present invention can further be achieved in whole or in part by a security management system comprising: a mainframe computer programmed with a security system application program; and a non-mainframe computer programmed with a database program and a host emulator application program wherein the database program, when executed by the non-mainframe computer, performs the steps of receiving inputted control information related to the security system application program, and converting the inputted, received control information into a plurality of commands that are recognizable by the security system application program, wherein the host emulator application program, when executed by the non-mainframe computer, communicates the recognizable commands to the security system application program.

The present invention can also be achieved in whole or in part by a memory for a non-mainframe computer that stores a database program, wherein the database program, when executed by the non-mainframe computer, performs the steps of : receiving inputted control information related to an application program that is being executed by a mainframe computer; converting the inputted, received control information into a plurality of commands that are recognizable by the application program; sending the recognizable commands to a host emulator program being executed by the non- mainframe computer; and using the host emulator program to communicate the recognizable commands to the application program.

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate the embodiments of the invention and, together with the description, serve to explain the principles of the invention.

BRIEF DESCRIPTION OF THE DRAWINGS Fig. 1 is a block diagram of a system for controlling a mainframe application program, in accordance with the present invention; Fig. 2 is a block diagram of the mainframe computer and the non-mainframe computer shown in the system of Fig. 1; Fig. 3 is a block diagram of the contents of the memory in the non-mainframe computer shown in Fig. 2;

Fig. 4 is a block diagram of the contents of the memory in the mainframe computer shown in Fig. 2; Fig. 5 is a block diagram of the security system application program shown in Fig.

4; Fig. 6 is a flowchart of a method for controlling a mainframe application program from a non-mainframe computer, in accordance with the present invention; Fig. 7 is a preferred control routine for a database program configured to control a mainframe security system application program; Fig. 8 is a preferred control routine for the control information conversion step of Fig. 7; and Fig. 9 shows an example of a graphical user interface used to enter control information into the database program in the non-mainframe computer, in accordance with the present invention.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS Reference will now be made in detail to the present preferred embodiments of the invention, examples of which are illustrated in the accompanying drawings in which like reference characters refer to corresponding elements.

Fig. 1 illustrates a system for controlling a mainframe computer application program with a non-mainframe computer, in accordance with the present invention. The system comprises a mainframe computer 100 programmed with an application program, and a non-mainframe computer 200 programmed with a database program. The mainframe computer 100 and the non-mainframe computer 200 are networked together via a network connection 300. Other computers 400 may be optionally networked to the non-mainframe computer 200 via a network connection 500. Examples of suitable network connections include intranet connections, internet connections, satellite connections, other types of wireless connections, dial-up access lines and the like. The phrase"mainframe computer"refers to a computer configured to support multiple users simultaneously. The term"non-mainframe computer"refers to a computer configured for an individual user, e. g., a personal computer.

Fig. 2 is a block diagram of the mainframe computer 100 and the non-mainframe computer 200 shown in Fig. 1. The mainframe computer 100 includes a processor 110

and a memory 120. The processor 110 sends and receives data from the memory 120 via a signal line 130. The non-mainframe computer 200 includes a processor 210, a memory 220 and a monitor 230. The processor 210 sends data to, and receives data from, the memory 220 via a signal line 240. The processor 210 sends data to the monitor 230 via a signal line 250. The memory 220 in the non-mainframe computer 200 and the memory 120 in the mainframe computer 100 can be implemented using a static or a dynamic RAM, a floppy disk and a disk drive, a writable optical disk and a disk drive, a hard drive, a flash memory or the like.

As shown in Fig. 3, the memory 220 of the non-mainframe computer 200 contains a database program 222 and a host emulator program 224. As shown in Fig. 4, the memory 120 of the mainframe computer 100 contains an application program, suitably a security system application program 122.

In operation, the processor 210 in the non-mainframe computer 200 executes the database program 222 and the host emulator program 224 stored in the memory 220. The processor 110 in the mainframe computer 100 executes the security system application program 122 stored in the memory 120.

The database program 222 receives inputted control information related to the security system application program 122 via an input device, e. g., a keyboard (not shown). The database program 222 is configured to convert the received, inputted control information into a plurality of commands that are recognizable by the security system application program 122. The recognizable commands are sent to the security system application program 122 via the network connection 300 using the host emulator program 224. The received, inputted control information related to the security system application program 122 is preferably entered into the database program 222 using a graphical user interface displayed on the monitor 230 of the non-mainframe computer 200.

In a preferred embodiment, the security system application program 122 uses at least two databases, as shown Fig. 5. The two databases shown in Fig. 5 comprise a working database 124 and a practice database 126 that is a duplicate of the working database 124. The databases 124 and 126 preferably store one or more security profiles for each of a plurality of users. The control information entered into the database program 222 will generally be either control information for updating the databases 124 and 126, or control information for creating or deleting a database record.

In the embodiment in which a working database 124 and a practice database 126 are used, the database program 222 is preferably configured so that the control information need only be entered once and is used by the database program 222 to change the practice database 126 first. Once it has been determined that the practice database 126 has been successfully changed (e. g., no errors are present), the database program 222 will preferably make the same changes to the working database 124 without having to receive additional control information (i. e., without having to re-enter the changes made to the practice database 126 in order to make the changes to the working database 124).

The host emulator program 224 is preferably a standard terminal emulator program that emulates the input interface of the mainframe computer 100. The database program 222 sends the recognizable commands to the host emulator program 224, and the host emulator program 224 communicates the recognizable commands to the mainframe computer 100 via network connection 300.

The database program 222 is preferably a relational database program that uses relational theory to calculate a plurality of complex relationships needed by a data entry operator to add, update or delete a security profile record within the security system application program. An example of this type of database program is Microsoft Access. The host emulator program 224 is preferably Attachmate Extra ! However, any terminal emulator program that is capable of communicating the recognizable commands to the mainframe computer 100 can be used for the host emulator program 224.

The database program 222 is preferably one that can be configured to add functionality that is otherwise unavailable from the security system application program 122. For example, the database program 222 is preferably one that can be configured to create a plurality of database record templates that can be used by a data entry operator for creating or editing a database in the security system application program 122. In addition, the database program 222 is preferably one that can be configured to obtain information from the security system application program 122 by generating and sending a plurality of queries to the security system application program 122 via the host emulator program 224. The database program 222 is preferably also configurable so that a report based on the commands sent to, or information obtained from, the security system application program 122 can be generated by the database program 222.

If another computer 400 is networked to the non-mainframe computer 200, as shown in Fig. 1, the database program 222 could be configured to receive inputted control information from the other computer 400 via the network connection 500. Any reports generated by the database program 222 could also be sent to the other computer 400 via the network connection 500.

Fig. 6 is a flowchart illustrating a plurality of steps of a method for controlling a mainframe application program from a non-mainframe computer, in accordance with the present invention. The method starts at step S600 and proceeds to step S620, where it is determined if inputted control information related to the mainframe application program has been received. If inputted control information has been received, the method continues to step S640. Otherwise, the method returns to step S620.

At step S640, the received, inputted control information related to the mainframe application program is entered into a database program that is being executed by a non- mainframe computer. The method then continues to step S660, where the database program is used to convert the control information into a plurality of commands that are recognizable by the mainframe application program. The method then continues to step S680. At step S680, the recognizable commands are communicated to the mainframe application program via the host emulator program. The method then returns to step S620.

Fig. 7 shows a plurality of steps performed in a preferred control routine for a database program, such as the database program 222 shown in Fig. 3, that is being executed by a non-mainframe computer. The control routine starts at step S700 and proceeds to step S720, where the database program 222 determines if inputted control information related to the mainframe application program, such as the security system application program 122 of Fig. 3, has been received. If inputted control information has been received, the control routine continues to step S740. Otherwise, the control routine jumps to step S780.

At step S740, the database program 222 converts the inputted control information into a plurality of commands that are recognizable by the security system application program 122. The control routine then continues to step S760, where the database program 222 communicates the recognizable commands to the security system

application program 122 via the host emulator program 224. The control routine then returns to step S720.

At step S780, the database program 222 determines if a report request has been received. If a report request has been received, the control routine continues to step S800.

Otherwise, the control routine returns to step S720.

At step S800, the database program generates a report based on the recognizable commands already communicated to, and/or information that has been received from, the security system application program 122. The control routine then returns to step S720.

Fig. 8 shows a preferred control routine for the control information conversion step (step S740) of Fig. 7. At step S742, the database program 222 determines if the received, inputted control information is an update for the database in the security system application program 122. If the received, inputted control information is a database update, the control routine continues to step S744. Otherwise, the control routine jumps to step S748.

At step S744, the database program 222 generates a plurality of security system application program commands for updating the database or databases that are part of the security system application program 122. The control routine then returns to step S760 in Fig. 7.

At step S748, the database program 222 determines if the received, inputted control information is a request for information from the security system application program 122. If the received, inputted control information is a request for information, the control routine continues to step S750. Otherwise, the control routine jumps to step S752. At step S750, the database program 222 generates a plurality of queries for obtaining information from the security system application program 122. The control routine then returns to step S760 (Fig. 7).

At step S752, the database program 222 generates a plurality of security system application program commands based on the received, inputted control information. The control routine then returns to step S760 (Fig. 7).

The present invention is particularly suitable for controlling a CheckFreeTM Information Reporting System (IRS) application program running on a mainframe computer. The CheckFree IRS application program is a widely used system for complying with a plurality of reporting requirements and regulations of the Internal

Revenue Service, and is typically bundled with a security system application program for controlling access to a plurality of CheckFree IRS databases. One such security system application program is the Security Bridge for IRS, which is distributed by Security Integration, Inc. Both the CheckFree IRS application programs and the Security Bridge for IRS are designed to run on a mainframe computer.

Both the CheckFree IRS and the Security Bridge for IRS application programs are typically accessed with a non-mainframe computer that uses a host emulator program to emulate a user interface of both application programs. Adding, modifying or deleting a plurality of user security profiles stored in the CheckFree IRS databases using just a non- mainframe computer and a host emulator program is cumbersome and requires a large number of keystrokes. For example, to add a new user/operator security profile for the Security Bridge for IRS application program, the following steps must be taken: 1. Access the Security Bridge for IRS application program; 2. Choose an"add"Security Function when the system displays a Security Information Panel; 2.1. Enter"A"at an"ACTION"prompt; 2.2. Enter an Operator ID for the user/operator at an ID prompt; 2.3. Press"ENTER" ; 3. The system will display an"IRSI"panel; 4. The system will display a message reading,"ENTER DATA FOR NEW OPERATOR AND PRESS ENTER"if the user security profile does not already exist, or if there are any errors present in the inputted data; 5. Enter the appropriate information in a plurality of data fields in the IRS panel; 6. Press"ENTER" ; 7. The system will display a message reading,"PRESS ENTER TO ADD OPERATOR" ; 8. Press"ENTER" ; 9. The system will display a message reading"OPERATOR ADDED"if there are no errors in the information input in the data fields; 10. Go to an appropriate screen to enter one or more applicable restrictions on use for the user/operator using an appropriate function key. For example, to

restrict the user/operator from accessing information relating to a particular company press"PF9" ; 10.1 Find the company for the restriction, and place either an"I"for an inquiry access, a"U"for an update access, or an"R"to completely restrict the user/operator's access to the information for this company.

Use an"R"to remove an"I"or"U"previously entered into the field.

Press"ENTER"as each item is entered; 11. The system displays a message reading,"PRESS ENTER TO UPDATE SECURITY FILE" ; 12. Press"ENTER"to update a record for the user/operator security profile; 13. The system displays a message reading,"SECURITY UPDATED SUCESSFULLY" ; 14. Press"PF3"to exit; and 15. Press"F5"to clear.

In order to create a new user/operator security profile based on another profile, the following steps must be taken: 1. Access the Security Bridge for the IRS program; 2. Choose the"model"Security Function when the system displays the Security Information Panel; 2.1 Enter"M"at the"ACTION"prompt ; 2.2 Enter a new Operator ID for the user/operator at the"ID"prompt ; 2.3 Press"ENTER" ; 3. The system will display the"IRSI"panel; 4. Change the Operator ID to the new Operator ID ; 5. Press"ENTER" ; 6. The system will display a message reading,"OPERATOR MODELED" ; 7. Enter"C"at the"ACTION"prompt; 8. Press"ENTER" ; 9. Make any necessary changes; 10. Press"ENTER"to confirm the necessary changes; and 11. The system will display a message reading,"OPERATOR UPDATED".

To delete an Operator Profile, the following steps must be taken:

1. Access the Security Bridge for the IRS program; 2. Choose a"DELETE"security function when the system displays the Security Information Panel; 2.1. Enter"D"at the"ACTION"prompt; 2.2. Enter the operator ID you wish to delete at the"ID"prompt; 2.3. Press"ENTER" ; 3. The system will display the"IRSI"panel ; 4. The system will display a message reading,"PRESS ENTER TO DELETE OPERATOR" ; 5. Press"ENTER" ; 6. The system will display a message reading,"OPERATOR DELETED" ; and 7. Press"F5"to clear the screen.

As can be seen by the steps listed above for modifying, creating, or deleting a user/operator security profile, the prior process is time-consuming and prone to keystroke errors. With the system and method of the present invention, a database program is used on the non-mainframe computer to present a more intuitive graphical user interface for creating, deleting or modifying a user/operator security profile.

For controlling the Security Bridge for IRS application program discussed above, Microsoft Access is preferably used as the database program, and Attachmate Extra! TM is preferably used as the host emulator program. A Microsoft Access database is configured to receive the inputted control information necessary to modify, create or delete the user/operator security profile, and convert that received, inputted control information into a plurality of Security Bridge for IRS commands that are required to carry out a requested action. The Microsoft Access database communicates those commands to the Security Bridge for IRS application program via the Attachmate Extra ! host emulator.

Fig. 9 shows a main form 900 in a graphical user interface for a Microsoft Access database that has been configured to control the Security Bridge for 1RS application program. The main form 900 is used for creating, modifying or deleting a user security profile.

The main form 900 includes a User ID field 910, an Old ID field 920, a Full Name field 930, a Site field 940, a User Class field 950, an Action field 960, a View field 970, an Organization field 980, and a Site field 990. These fields are used for entering the control information required to create or modify a user security profile in the Security Bridge for IRS application program.

The User ID field 910 is used to enter a record identifier used by the Security Bridge for IRS application program. If a user identification is being replaced, an old user identification is placed in the Old ID field 920. The Full Name field 930 is used to enter a full name of a user. The Site field 940 is used to enter the site where the user is located.

The User Class field 950 defines a plurality of information access rights that the user will have. For example, the"development and support"user class shown in the User Class field 950 has certain information access rights associated with it.

The Action field 960 defines an action that will be performed on the user security profile. For example, a"Delete User"action as shown will cause the information for the current user to be deleted when a"Process Users"button 1000 is selected. The View field 970 defines a plurality of types of user security profiles that will be displayed on the main form 900. For example, certain user security profiles may no longer be active. An "Active"indicator 1010 indicates whether a user profile is active. If the user wants to view only active files, the View field 970 would be set to"Active". The Organization field 980 and the Site field 990 are used to select the individual organizations and sites for which the user will have access rights.

The main form 900 also includes a plurality of buttons 1020 for performing various navigational and editing functions, such as scrolling to a next record, scrolling back to a previous record, printing a record, etc.

A"Link Sites & Orgs"button 1030 allows the user to match an organization to a site. A"View Log File"button 1040 allows the user to view a log file that is updated each time an operation is conducted. A"Reports"button 1050 is used to generate various reports.

A"Process Users"button 1000 triggers processing of the main form 900. When the"Process Users"button 1000 is selected, all of the user security profiles that have been created, modified and/or deleted will be listed, and the program will give the user an opportunity to accept or reject all of the user security profile changes.

To add a user security profile, the user should first verify that the user security profile does not already exist. This is accomplished by using a"find"feature in the Microsoft Access program to search for the user's name. If the user is not located, then an"Add New User"button 1060 is selected. Selection of the"Add New User"button 1060 brings up a blank main form 900. All information fields in the blank main form 900 should then be filled out. When all of the information fields in the blank main form 900 have been filled out, the"Process Users"button 1000 is selected. In response to the selection of the"Process Users"button 1000, a list of all users to be processed will be shown, along with a choice to either accept or reject the previously input changes. If the user accepts the previously input changes, the database program will process the changes by passing control information to the Security Bridge for IRS application program on the mainframe computer via the host emulator program.

To update an existing user security profile, the user must use the"find"feature to locate the main form 900 for the user security profile to be updated, make the necessary changes to the information fields in the main form 900, and select the"Process Users" button 1000. Again, the user will be given a choice to either accept or reject the changes.

To delete a current user security profile, the user must use the find feature to locate the main form 900 for the user security profile to be deleted, select the"Delete User"button in the action field 960, and select the"Process Users"button 1000. Again, the database program will give the user the opportunity to accept or reject the changes.

Additionally, the user may add multiple user security profiles, update multiple user security profiles and delete multiple user security profiles at one time. For example, to add 300 new user security profiles at one time (such as, for example, if an organization acquires another company and must add each of the company's 300 employees as new users), the user may add the 300 user security profiles by selecting an"Add New Business"button (not shown) and then select the"Process Users"button 1000. The company's 300 employees will then be processed in one batch. This feature greatly decreases processing time for processing information relating to the 300 employees.

The use of a database program, such as the Microsoft Access database program, greatly simplifies the process of adding, modifying or deleting user security profiles for the Security Bridge for IRS application program. The main form 900 used by the

database program is more intuitive to use, and automates many of the steps required to modify, delete or create the user security profiles.

The example discussed above, in which a Microsoft Access database program is used to control the Security Bridge for IRS application program via the Attachmate Extra! host emulator program, is only one representative example of the types of program for which the present invention can be applied. It should be appreciated that any database program and host emulator program running on a non-mainframe computer can be used, while still falling within the scope of the present invention. Further, the main form 900 shown in Fig. 9 is shown for illustration purposes only. It should be appreciated that the layout and types of information fields and buttons in the main form 900 can vary depending upon the mainframe application program being controlled and the functionality desired. Other configurations can be used while still falling within the scope of the present invention.

While this invention has been described in conjunction with the specific embodiments outlined above, it is evident that many alternatives, modifications and variations will be apparent to those skilled in the art. As discussed above, although the present invention has been described in the context of controlling a security system application program running on a mainframe computer, it is applicable to any mainframe application program. Accordingly, the preferred embodiments of the invention as set forth above are intended to be illustrative, not limiting. Various changes may be made without departing from the spirit and scope of the invention as defined in the following claims.