US Patent 8397291 Access control system, device, and program

A device that relieves a service provider of the burden of managing personal information. A group administration organization device admits a user device to an authorized group by request and sends authority permission information to the user device. The user device holds the authority permission information received from the group administration organization device and, on access, sends authority proof information created from the authority permission information using a group signature scheme to a service provider device as requested by it. The service provider device, upon being accessed, requests the authority proof information and verifies the authority proof information received from the user device in accordance with the request on the basis of the group signature scheme. When the verification result indicates validity, the service provider device provides a service. Thus, there is no need for the service provider to manage personal information of the user because the user device proves to the service provider device using the group signature scheme that it belongs to the authorized group.