1. Technical Field
Exemplary embodiments of the present invention relate to a technique for controlling access to information.
2. Related Art
When users attempt to access information that is stored in a computer, generally, the following procedures are implemented so as to prevent any unintended leakage of the information to any unauthorized third party. First of all, the user inputs an identifier that is dedicatedly assigned to him/her (e.g. a user ID) and information that he or she knows exclusively (e.g. a password) as authentication information to the computer. Then, the computer collates the inputted authentication information with a pre-registered one so as to verify the authenticity of the user. Next, referring to a list called as Access Control List (ACL), the computer judges as to whether an access right on the information that is currently being accessed by the user has been given to the user. If it is judged that the access right has been given to the user, the computer approves access to the information. An information leakage prevention technique as described above has rapidly been advancing. Recently, as an example of such growing art, a technique for verifying user authenticity by means of biological information such as fingerprint data has been proposed as disclosed in JP-A-2006-004007.
In some instances, there are certain needs to provide an unregistered user whose authentication information has not been registered in advance or who has not been given an access right with a temporary authority for accessing information. Among various situations where such a temporary access authority is needed is, for example, sharing of information between participants of a conference, meeting, and so forth, where one user allows another user to have access to information that is useful for discussion on a temporary basis so that the discussion goes smoothly, or mutual understanding between the participants on a topic is deepened. A user who is given a temporary access as described above is referred to, as an example denomination, as “guest user.” In such a related art, a guest user is allowed to have an information access authority by, for example, using a predefined user ID provided for guest users (hereafter referred to as guest ID) or using new authentication information that is temporarily registered by a system administrator.
However, according to the above-described approaches, there are problems as described below.
For example, if a guest ID is adopted, it is not impossible for a certain user who has used a guest ID once to access information thereafter by means of the same guest ID as previously allowed one, which poses a risk of unauthorized leakage of information. On the other hand, if it is chosen to register new authentication information temporarily, a system administrator has to perform burdensome tasks of registering new authentication information and setting an access right thereon. Since persons in charge of system administration jobs are limited to a very small number of users, it is often impossible for a system administrator to deal with such a registration task on a timely basis in cases where immediate registration of guest user authentication information is required. In addition, a deletion task of the temporarily registered authentication information is unavoidable because the same problem as that occurs when using the above guest ID holds true unless it is deleted after use. Not so infrequently, such a deletion is neglected because it is bothersome.