The present invention relates to an access control system, device, and program which are based on the ownership of authority and applicable to various services.
In the field of service provision over electronic networks, an access control system is known in which a service provider determines whether or not unspecified people who request access have authority to receive services and grants access to only the people who have authority.
Access control systems of this type include (a) systems which use IDs and passwords and (b) systems which use public key certificates.                (a) In the system in which IDs and passwords are used, a service provider issues an ID and a password to a user at the time of registration of that user and, when a request is made for a service, verifies the ID and the password of the service requesting person.        (b) In the system in which public key certificates are used, a public key certificate that assures the validity of a public key and the public key are handled as unique information to identify a user. This system has an advantage of being easily associated with other transactions (transactions, processes) because no user ID is used.        
The access control system is used in others than such electronic networks as described above.                (c) For example, some automatic vending machines that vend alcoholic drinks and cigarettes are equipped with an access control system which, in order to prevent vending to minors, reads the dates of birth described on licenses to verify the age.        
However, the access control systems as described above have the following disadvantages (a′)-(c′):                (a′) With the system (a), it is required that the service provider strictly manage information about individual persons and a list of IDs and passwords; thus, a high cost will be incurred.        (b′) With the system (b), unique information to the user, such as a public key and a public key certificate, is given to the service provider. The unique information cannot be concealed even through an anonymous network.        
The system (b) is equivalent to the case where the user ID is replaced with pseudonym information. For this reason, the possibility of outflow of personal information will increase at a stage in which the personal information and the pseudonym information are disclosed together. In addition, the service provider will have to bear a high cost in strictly managing information in which the public keys of users are associated with their respective service usage information.
Here, the costs in (a′) and (b′) are expected to increase with increasing tendency to legal protection of personal information of users, such as the legislation of a personal information protection law, the establishment of privacy marks, etc.
In addition to this, with the systems (a) and (b), personal information employment systems and their actual results can cause a risk of affecting the relationships with users and other business partners.
For example, if personal information were not managed strictly, there would arise the possibility of leakage of information like a case of leakage of accounting information such as credit card numbers. This type of information leakage would cause damage to users, cause the service provider to suffer a loss in credit of its brand, and lose the credit with other business partners.
However, with a service provider which provides electronic contents in particular, since it consists usually of a small number of employees, trying to establish an employment system which strictly manages personal information to achieve satisfactory results would make the workload on the employees and the cost burden too heavy.                (c′) The system (c) adapted to read licenses would cause the users to be afraid that personal information other than age might be read from the licenses and bring to the vendors the cost of guaranteeing not to read personal information other than ages.        