JPH1141229A - Access controller and medium recording access control program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To individually and surely change utilization conditions corresponding to respective users or equipment. SOLUTION: A status information holding means 11 holds status information (SS) 11a, a peculiar information holding means 12 holds peculiar information (du) 12a, and an information holding means 13 for certificate holds information 5 for certificate. Based on status conditions (SA) 1 setting conditions for permitting access to a service and the peculiar information (du) 12a of an access controller 10 owned by the user of the service, prescribed operation 'F(du, SA)' is performed to the information 5 for certificate to generate auxiliary information 4 for certificate, and it can be provided by enciphering a key 3 with the auxiliary information 4 for certificate. Based on the status information 11a and the peculiar information 12a, the similar operation 'F' to the operation in the case of generating the auxiliary information 5 for certificate is performed to generate information 14a for verify by an information generating means 14 for verify. A deciphering means 15 deciphers the information 5 for certificate with the information 14a for verify.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an access control device and a medium storing an access control program, and more particularly to an access control for generating a key indispensable for use of a service to be provided only when the service to be provided is valid. The present invention relates to a control device and a medium recording an access control program for causing a computer to generate such a key.

[0002]

2. Description of the Related Art Conventionally, Japanese Patent Application Laid-Open No.
There is a technique described in Japanese Patent No. 31452, “Digital information protection method and processing device thereof”. In the invention described in this publication, digital information is represented by a set of an information identification number, an information body, use condition information, and an authenticator. When this digital information is taken into the computer, a second identifier relating to the information identification number and the use condition information is generated. When the user uses this digital information, verification is performed using two identifiers, and verification is made as to whether or not the usage conditions described in the usage condition information are satisfied. Then, only when all the verifications are completed normally, the digital information is decrypted and converted into a usable form. As a result, the information body can be used only when the use condition is satisfied.

Also, in order to prevent unauthorized use of application programs, information (Ho) unique to a workstation is used.
U.S.A. is a system that can execute an application program only on a specific workstation by using auxiliary information for certification (license file) including an application ID (feature) and an application ID (feature).
There is GlobeTrotter's Flex License Manager (Flexlm). Thus, the expiration date and the number of applications that can be executed simultaneously can be set in the license file for each workstation.

[0004]

However, there are cases in which services such as software are provided with individual use restrictions for each user, and it is desired to appropriately change them.

However, in the method described in Japanese Patent Laid-Open No. Hei 7-131452, both are encrypted with the same encryption key in order to guarantee a proper combination of the information body and the use condition. Therefore, in order to allow many users to use the information, it is necessary to provide an encryption key for each user and perform encryption using an individual key for each user, which is not convenient. For example, in order to change the use conditions for each user, it is necessary to perform encryption every communication or to prepare an encrypted one for each communication in advance. It was not suitable for broadcasting using satellite broadcasting.

In addition, in Flexlm, a license file needs to be changed in order to change usage conditions. The license file is updated each time the user performs an input operation. However, in the case where the usage conditions are changed to be strict, unless the user changes the license file, the user can use the service under the same conditions as before.

[0007] The present invention has been made in view of such a point, and it is an object of the present invention to provide an access control device capable of individually and reliably changing usage conditions corresponding to each user or device.

Another object of the present invention is to provide a medium in which an access control program that allows a computer to perform access control so that a use condition corresponding to each user or device can be easily changed is provided. It is.

[0009]

According to the present invention, in order to solve the above-mentioned problems, an access control apparatus for generating a key indispensable for use of a service to be provided only when the service to be provided is valid is provided. Status information holding means for holding status information corresponding to the use condition of
A unique information holding unit for holding unique information that is a predetermined unique value, and performing a predetermined calculation based on the status information and the unique information in which a condition for permitting access to the service is set. In the generated certification auxiliary information, a certification information holding unit that retains certification information obtained by encrypting the key, based on the status information and the unique information, Verification information generating means for generating verification information by performing the same operation as the operation at the time of generation using the status information instead of the status condition, and the proof information by the verification information. Decoding means for decoding, there is provided an access control apparatus characterized by having:

[0010] According to this access control apparatus, the same operation as the operation when the auxiliary information for certification is generated is performed by using the status information instead of the status condition based on the status information and the unique information. By doing so, verification information is generated. And, by the decoding means,
The certification information is decrypted with the verification information.

[0011] Accordingly, only when the status condition used in generating the certification auxiliary information matches the status information held in the access control device,
A key for using the service corresponding to the certification information is obtained.

Further, in order to solve the above-mentioned problems, a medium in which an access control program for causing a computer to generate a key indispensable for use of a service to be provided only when the service to be provided is legitimate, Status information holding means for holding status information corresponding to a user usage condition, unique information holding means for holding unique information which is a predetermined unique value, status in which conditions for permitting access to the service are set Certification information holding means for holding certification information obtained by encrypting the key with certification auxiliary information created by performing a predetermined operation based on a condition and the unique information; Based on the information and the unique information, the same operation as the operation when the auxiliary information for certification is generated,
Access for causing a computer to function as verification information generation means for generating verification information by using the status information instead of the status condition, and decoding means for decoding the proof information with the verification information; A medium recording a control program is provided.

[0013] When the computer executes the access control program recorded on the medium, status information holding means for holding status information corresponding to the usage conditions of the user, and unique information which is a predetermined unique value are stored. The unique information holding means to be held, and the certification auxiliary information created by performing a predetermined operation based on the status information and the unique information, in which a condition for permitting access to the service is set. A certification information holding unit that holds certification information obtained by encrypting, and, based on the status information and the unique information, an operation similar to the operation performed when the certification auxiliary information is generated, Verification information generating means for generating verification information by using the status information instead of status conditions, and the certification information Decoding means for decoding by the verification information, the processing functions are implemented on the computer.

[0014]

Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is a diagram showing the principle configuration of the present invention. In the access control device 10 according to the present invention, the status information holding means 11 stores the status information (SS).
11a. Here, the status information 11a is information for limiting services that can be used by the user who uses this apparatus, and for example, a value corresponding to the position of the user is set.

The unique information holding means 12 stores the unique information (d
u) Hold 12a. Here, the unique information 12a is identification information given to each user, identification information given in advance to a device necessary for using a service, and the like.

The certification information holding means 13 stores the certification information 5
Hold. The certification information 5 is created by a server or the like that provides the service. In order to create the certification information 5, first, a status condition (SA) 1 in which a condition for permitting access to a service is set, and unique information (du) 12 a of the access control device 10 owned by a user of the service And a predetermined calculation “F (du, S
A)). Thereby, the certification auxiliary information 4 is created. Then, by encrypting the key 3 indispensable for using the provided service with the proof auxiliary information 4, the proof information 5 is obtained.

The verification information generating means 14 generates the verification information 14a by performing the same operation "F" as the operation performed when the auxiliary information for certification 4 is generated, based on the status information 11a and the unique information 12a. I do. At this time, the status information 11a is used instead of the status condition 1. That is, the operation “F (du, SS)” is performed.

The decryption means 15 decrypts the certification information 5 with the verification information 14a. As a result, if the value of the verification information 14a is the same as the proof auxiliary information 4, the key 3 for using the service is generated. Here, the verification information 14
In order for a to be the same as the certification auxiliary information 4, the status information 11a and the status condition 1 must be the same. Therefore, the user using the access control device 10 can use only the service of the status condition 1 that is the same as the status information 11a.
Then, when changing the usage conditions of the user, it is only necessary to change the value of the status information 11a. When the value of the status information 11a changes, only the service with the same status condition 1 as that of the new status information 11a can be used.

An example in which the access control device of the present invention is constructed in an IC card will be described below as a first embodiment. FIG. 2 is a diagram illustrating a configuration example of a system to which the first embodiment of the present invention is applied. In this example, a case is considered where the document management department of a company provides confidential data to employees.

The server 100 of the document management section and the PC 320 used by employees are connected via a network 310. The network 310 is, for example, a wide area information network such as the Internet. PC320
Is provided with a card reader 330 for connecting the IC card 200. The card reader 330 enables information communication between the PC 320 and the IC card 200. The IC card 200 has an information processing function of a processor.

FIG. 3 is a diagram showing a hardware configuration of the IC card. In the IC card 200, one computer system is built around the CPU 201. Various other elements are connected to the CPU 201 via an internal system bus. RAM (Random Access M)
emory) 202 temporarily stores data to be processed by the CPU 201. ROM (Read Only Memory) 203
A program (such as an access control program) for causing the CPU 201 to execute functions necessary for the IC card 200
Is stored. The input / output device (I / O) 204 performs data communication with the card reader 330 according to a predetermined procedure. PROM (Programmable Read Only Memor)
y) 205 is used for storing user-specific information and the like. Note that the PROM 205 may be a storage device such as a flash memory as long as it is a storage device (non-volatile memory) that can rewrite data and can hold data without power supply. .

FIG. 4 is a block diagram showing the processing functions of the server 100. The server 100 has the following functions. The status condition holding unit 110 holds a status condition (SA) 111. The status condition 111 is information indicating a user condition required for accessing the service. For example, it is information indicating contents such as "permission is granted to persons in positions higher than the section manager, but not permitted to persons in positions lower than that."

The service ID holding unit 120 stores the service I
D121. The service ID 121 is identification information for specifying a provided service (in this case, permission to access the secret data 141).

The unique information holding unit 130 stores the unique information (d
u) 131 is held. Specific information (du) 131
Is information unique to the IC card 200. As the unique information 131, identification information of a user who has the IC card 200, identification information unique to a device such as the IC card 200 or the PC 320 is used.

The secret data holding unit 140 holds secret data 141 to be provided to the user. The key holding unit 150 includes a key 15 for encrypting the secret data 141.
Holds 1.

The certification auxiliary information generation unit 160 includes a status condition 111, a service ID 121, and unique information 131.
Proof auxiliary information (F
p) 161 is generated. Auxiliary information for certification (Fp) 161
Is

[0027]

(Equation 1) Can be represented by Here, as the function F, for example, a one-way function is used.

The secret data encryption section 170 encrypts the secret data 141 with the key 151 to generate the encrypted data 171. The certification information generation unit 180 encrypts the key 151 with the certification auxiliary information 161 to generate certification information.

The service information generation unit 190 includes a service I
D121, encrypted data 171 and certification information 181 are generated as a set of service information. Here, the encrypted data 17
1 does not depend on the unique information du131, so that once generated, all users can use the same data. Therefore, the service ID 121 and the encrypted data 1
71 and a set of the service ID 121 and the certification information 181 may be managed separately.

FIG. 5 is a block diagram showing the processing functions of the IC card 200. The IC card 200 has the following functions. Status information holding unit 21
0 holds status information (SS) 211. The status information 211 is information indicating a status of a user who uses the PC 200 and an application to be used. The status information 211 is set each time the authentication unit 250 authenticates each user and each time the application program is authenticated.

The service ID holding unit 220
The service ID 121 sent from the PC 320 is received from the PC 320 and held. The unique information holding unit 230 holds its own unique information 231.

The certification information holding unit 240
Is temporarily stored. The authentication unit 250 authenticates a user with a user ID, a password, or the like. If the user is successfully authenticated, status information 211 corresponding to the user is generated and stored in the status information holding unit 210.

The verification information generation section 260 generates verification information Fv based on the function F using the status information 211, the service ID 121, and the unique information 231 as variables. Here, the function F is the same as the function executed by the proof auxiliary information generation unit 160 in the server 100, and the verification information (Fv) 261 is

[0034]

(Equation 2) It can be expressed as.

The key decryption unit 270 decrypts the certification information 181 with the verification information 261 to generate a key 151. The generated key 151 is transferred to the PC 320. Here, the proof auxiliary information 161 and the verification information 261 have the same value when the user status condition 111 and the user status information 211 necessary for accessing the service match. The key 151 is encrypted with the proof auxiliary information 161 to form the proof information 181, so that the proof information 181 includes the status condition 111 and the status information 2.
If the number matches, the decryption becomes possible, and the key 151 can be obtained. If the key 151 can be obtained, access to the secret data 141, which is a service, becomes possible.

In the above system, first, the document management section uses the server 100 to generate service (secret document) information to be provided to employees. FIG. 6 is a diagram illustrating a service information generation procedure. At this time, the document management department designates what kind of secret document is to be provided by the service ID 121. [S1] The secret data encryption unit 170
1 is encrypted with the key 151. As a result, the encrypted data 17
1 is generated. [S2] The certification auxiliary information generation unit 160 generates the certification auxiliary information 161 for each user. [S3] The certification information generation unit 180 encrypts the key 151 with the certification auxiliary information 161. Note that the encryption here does not need to use a complicated encryption algorithm. For example, when the value of the key is "D", the value of "D-Fp" can be used as the certification information. [S4] The service information generation unit 190 determines that the service ID 1
21, generating service information in which the encrypted data 171 and the certification information 181 are grouped. Then, the generated service information is distributed to each user via the network 300 or the like.

A user who wants to access the secret data 141 must first connect his IC card 200 to the card reader 330 and store his / her status information in the status information holding unit 210. As a specific example, the security status of an IC card can be used.

The security status is "ISO / IEC 7816
: Identification cards-Integrated circuit (s) card
s with contacts-Part 4 ”, user authentication using the Verify command and password, and Get Challenge
Acquired by External Authenticate command following the command and authentication by key or secure messaging.

For example, when the status of the user is the position in the company and the application software used by the user, the status condition 111 of the user necessary for accessing the service can be expressed as follows. .

FIG. 7 is a diagram showing an example of the status condition 111. The status condition 111 is composed of 8-bit data. Each bit is associated with a position or application software.

The position of the "President" corresponds to the first bit 111a. "Director" is set in the second bit 111b.
Of positions correspond. The position of the “manager” corresponds to the third bit 111c. The position of "section manager" corresponds to the fourth bit 111d. Fifth bit 111e
Corresponds to the post of "chief." 6th bit 11
1f corresponds to the position of “general employee”. The “bit editor” software corresponds to the seventh bit 111g. The software of the “document viewer” corresponds to the eighth bit 111h.

In the example of this figure, when the position is “manager”, the secret data 141 can be accessed on condition that the “document viewer” is used. In contrast, I
The status information 211 of the C card 200 indicates that the user
When the password is input by the rify command and the document viewer is authenticated by the External Authenticate command, the setting is made to be the same as the status condition 111.

Then, the user acquires status information as follows. FIG. 8 is a flowchart showing a procedure for acquiring status information. [S11] The user operates the IC card 200 with the Verify command.
When the password is input to the authentication unit 250, the authentication unit 250 compares the password set in advance with the input password. If the password is correct, the IC card 20
The value of the status information 211 in “0” is “0010000
Change to "0". [S12] The user activates the document viewer in the PC 320. [S13] The document viewer is authenticated by the authentication unit 250 of the IC card 200 using the External Authenticate command (certifying that the same key is shared). If the External Authenticate command succeeds,
The authentication unit 250 changes the value of the status information 211 in the IC card 200 to “00100001”.

Thus, the values of the status condition 111 and the status information 211 can be matched. Next, the user performs the following processing in order to access the secret data 141.

FIG. 9 is a flowchart showing a secret data access procedure. [S21] The user enters the service ID in the IC card 200.
121 and certification information 181 are input. Service ID
121 is held in the service ID holding unit 220, and the certification information 181 is held in the certification information holding unit 240. Note that the service ID 121 is used when the document viewer tries to access the secret data on the PC 320.
20 to the IC card 200 automatically. [S22] The verification information generation unit 260 determines that the service ID 1
21, the verification information 261 is created using the status information 211 and the unique information 231. [S23] The key decryption unit 270 decrypts the certification information 181 with the verification information 261 and outputs the key 151. For example,
In the certification information generation unit 180 in the server 100, "DF
When the proof information 181 is generated by the calculation of “p”, the key decryption unit 270 adds the verification information (Fv) 261 to the proof information 181. [S24] The PC 320 decrypts the encrypted data 171 using the key 151 and obtains the secret data 141.

Thus, the user can obtain the status information 2
Only when 11 matches the status condition 111, the secret data 141 can be accessed. And
If there is a change in the status of the owner of the IC card 200 and the status information needs to be changed, the status information 2 generated by the authentication unit 250 in the IC card 200 is required.
It is very easy to change the value of 11.

Conventionally, the auxiliary information for certification has been created from the unique information of the user or the device and the expiration date. For example, when a user is demoted from a manager to a section manager, an old certificate is kept until the expiration date elapses. It is possible to continue using the supplementary information. In order to prevent this, it was necessary to re-encrypt all secret data with a new key which is not perfect, or to re-create all proof auxiliary information with new unique information. In the case of the present invention, the setting of the IC card is changed.
10000 ”), and there is no need to re-create the auxiliary information for certification or the encrypted data. And
Since the auxiliary information for certification using the status irrelevant to the position (in this case, only the application) can be used as before, it is possible to easily change the usage conditions for each user.

Next, a second embodiment will be described. In this embodiment, a key is generated only when status information and status conditions in an IC card satisfy certain conditions.

This embodiment is almost the same as the first embodiment except for the processing function of the IC card. Therefore, the components other than the IC card are added to the components of the first embodiment. Explanation will be made using reference numerals. However, the function of the service information generation unit 190 in the server 100 is slightly different from that of the first embodiment. That is, the service information generation unit 190 according to the present embodiment uses the status condition 1 stored in the status condition storage unit 110.
11 as service information, and the service information is distributed to users.

FIG. 10 shows an IC according to the second embodiment.
FIG. 3 is a schematic configuration diagram illustrating a processing function of a card. In the present embodiment, as in the first embodiment of the IC card, the service is access to the secret data 141, and the secret data 141 is assumed to be encrypted by conventional encryption.

In the IC card 400 of this embodiment, the status information holding unit 410, the service ID holding unit 420, the unique information holding unit 430, and the certification information holding unit 44
0, and the function of the authentication unit 450 are the same as those of the components of the same name in the first embodiment, and thus the description is omitted.

The status condition holding section 480 holds the user's status condition 111 necessary for accessing the secret data 141. The operation unit 490 includes: status information 411 held in the status information holding unit 410;
A comparison operation with the status condition 111 held in the status condition holding unit 480 is performed, and the output of the key is permitted only when a certain condition is satisfied. For example, a complete match or a partial match is checked, and the verification information generation unit 4
60 or the key decryption unit 470 is controlled to permit or disallow decryption.

The verification information generation unit 460 includes an operation unit 490
Only when the output of the key is permitted, the verification information 461 is generated using the status condition 111, the service ID 121, and the unique information 431. At this time, the verification information (Fv) 461 is

[0054]

(Equation 3) As long as the status condition (SA) 111 is not falsified, it takes the same value as the certification auxiliary information 161.

The key decryption unit 470 decrypts the proof information 181 using the verification information 461 and outputs it to the PC 320 only when the output of the key is permitted by the arithmetic unit 490. Hereinafter, the processing procedure will be described according to this configuration.

FIG. 11 is a flowchart showing a process from generation of service information to decryption of encrypted data in the second embodiment. [S31] The secret data encryption unit 170 sets the secret data 1
41 is encrypted with the key 151. As a result, the encrypted data 1
71 is generated. [S32] The certification auxiliary information generation unit 160 creates the certification auxiliary information 161 for each user. [S33] The certification information generation unit 180 encrypts the key 151 with the certification auxiliary information 161 to create certification information 181. [S34] The service information generation unit 190 sends the service ID
The service information generating unit 121 generates service information in which the data 121, the encrypted data 171, the certification information 181, and the status condition 111 are combined, and distributes the generated service information to the user. [S35] The user stores the service I in the IC card 400.
D121, certification information 181, and status condition 11
Enter 1. The service ID 121 is stored in the service ID storage unit 220, the proof information 181 is stored in the proof information storage unit 240, and the status condition 111 is
It is held in the status condition holding unit 480. It is assumed that the authentication by the authentication unit 450 has already been performed. [S36] The calculation unit 490 performs a comparison calculation between the status condition 111 and the status information 411. [S37] The arithmetic unit 490 continues the process if there is at least one “1” in the same place, and stops the process if there is no at least one “1”. [S38] The verification information generation unit 460 checks the service ID 1
21, the verification information 461 is created using the status condition 111 and the unique information 431. [S39] The key decryption unit 470 decrypts the certification information 181 with the verification information 461 and outputs the key 151. [S40] The PC 320 uses the key 151 to encrypt data 1
71 is obtained, and secret data 141 is obtained.

Since the key 151 is encrypted by the auxiliary information for certification 161 and becomes the certification information 181, the certification information 181 can be decrypted unless the status condition 111 is falsified, and the key 151 is obtained. it can. Key 15
1 can be accessed to access the secret data 141 as a service.

As a result, the condition of a person who can use the service is determined within a certain range in the status condition, and when the status information of the user is included in the condition, the service can be used. That is, it is not necessary that the status condition when generating the auxiliary information for authentication completely match the status information set for each user.

For example, in the case where the status of the user is a position in the company and the application software used by the user, only the manager or higher can access the confidential data. "1" for the bit corresponding to the position of the general manager or higher
Is set.

FIG. 12 is a diagram showing an example of a status condition. In this example, the first bit 111 corresponding to the president
a, “1” is set in the second bit 111 b corresponding to the director, and the third bit 111 c corresponding to the director, and the values of the other bits are “0”.

On the other hand, the authentication unit 4 of the IC card 400
At 50, when the user inputs a password with the Verify command, "1" is set in the bit position of the position corresponding to the user in the status information 411. For example, if the position of the user is “manager”, “1” is set to the third bit 111c. As a result, the decryption of the key is permitted in the operation unit 490.

As the operation method of the operation unit 490, perfect match, partial match, magnitude comparison, and the like can be considered. The information for selecting these various methods can be safely sent to the IC card 400 when, for example, Fp = F (Sid, du, SA, method selection information) when the auxiliary information for certification 181 is created. At this time, Fv =
F (Sid, du, SA, method selection information) or Fv =
F (Sid, du, SS, method selection information).

In each of the above embodiments, the function of the access control device of the present invention is described as being provided in the IC card. However, this function is provided in a terminal device such as a PC. Is also good.

The processing contents of the functions of the above-described access control device are realized by executing a program stored in the ROM in the IC card by the CPU of the IC card. It can also be stored in a recording medium readable by. Examples of the computer-readable recording medium include a magnetic recording device and a semiconductor memory. When distributing in the market, the program is stored and distributed on a portable recording medium such as a CD-ROM or a floppy diskette, or stored in a storage device of a computer connected via a network. Can also be transferred to a computer. When the program is executed by the computer, the program is stored in a hard disk device or the like in the computer, and is loaded into the main memory and executed.

[0065]

As described above, in the access control device of the present invention, verification information is generated based on status information and unique information, and certification information generated by encrypting a key is used for verification. Because it was decrypted with information,
Access control based on status information becomes possible. As a result, it is possible to change the usage conditions of the user only by changing the content of the status information.

In the medium recording the access control program of the present invention, if the recorded program is executed by a computer, verification information is generated based on the status information and the unique information, and the key is encrypted. A function that decrypts the proof information generated by the verification with the verification information can be realized on the computer. Can be done.

[Brief description of the drawings]

FIG. 1 is a diagram showing a principle configuration of the present invention.

FIG. 2 is a diagram illustrating a configuration example of a system to which the first embodiment of the present invention is applied;

FIG. 3 is a diagram showing a hardware configuration of an IC card.

FIG. 4 is a block diagram illustrating processing functions of a server.

FIG. 5 is a block diagram showing a processing function of the IC card.

FIG. 6 is a diagram showing a service information generation procedure.

FIG. 7 is a diagram illustrating an example of a status condition.

FIG. 8 is a flowchart showing a procedure for acquiring status information.

FIG. 9 is a flowchart showing a secret data access procedure.

FIG. 10 is a schematic configuration diagram illustrating processing functions of an IC card according to a second embodiment.

FIG. 11 is a flowchart illustrating a process from generation of service information to decryption of encrypted data according to the second embodiment.

FIG. 12 is a diagram illustrating an example of a status condition.

[Explanation of symbols]

 REFERENCE SIGNS LIST 1 status condition 2 unique information 3 key 4 certification auxiliary information 5 certification information 10 access control device 11 status information holding unit 11 a status information 12 unique information holding unit 12 a unique information 13 certification information holding unit 14 verification information generation unit 14 a Verification information 15 Decryption means

Claims (6)

[Claims] An access control device for generating a key indispensable for use of a service to be provided only when the service to be provided is valid, a status information holding means for holding status information corresponding to a use condition of a user. A unique information holding unit that holds unique information that is a predetermined unique value; and performs a predetermined calculation based on the status information in which a condition for permitting access to the service is set and the unique information. A certification information holding means for holding the certification information obtained by encrypting the key with the certification auxiliary information created by the above-mentioned method; and the certification assistance information based on the status information and the unique information. Information for verification is generated by performing the same operation as the operation when the information was generated, using the status information instead of the status condition. Access control device for a verification information generating means for, decoding means for decoding the certification information with the verification information, characterized in that it has a. 2. Performing an authentication process using the authentication data,
2. The access control device according to claim 1, further comprising an authentication unit that stores a value corresponding to an authentication result in the status information holding unit as the status information. 3. An access control device for generating a key indispensable for use of a service to be provided only when the service to be provided is valid, a status information holding means for holding status information corresponding to a use condition of a user. A status condition holding unit that holds a status condition in which a condition for permitting access to the service is set; a unique information holding unit that holds unique information that is a predetermined unique value; A certification information holding unit that holds certification information obtained by encrypting the key with certification auxiliary information created by performing a predetermined operation based on the unique information; and the status information. Computing means for performing a comparison operation with the status condition and outputting a decryption permission command only when a predetermined condition is satisfied. When a decryption permission command is output by the arithmetic unit, verification for generating verification information is performed by performing the same operation as that performed when the proof auxiliary information is generated, based on the status condition and the unique information. An access control device, comprising: a use information generation unit; and a decryption unit that decrypts the certification information with the verification information. 4. Performing an authentication process using the authentication data,
4. The access control device according to claim 3, further comprising an authentication unit that stores a value corresponding to an authentication result as the status information in the status information holding unit. 5. A medium for storing an access control program for causing a computer to generate a key indispensable for use of a service only in the case of legitimate use of a service to be provided. Status information holding means for holding information; unique information holding means for holding unique information that is a predetermined unique value; and a status condition in which a condition for permitting access to the service is set and the unique information based on the unique information. Proof information holding means for holding proof information obtained by encrypting the key, with proof auxiliary information created by performing a predetermined operation, based on the status information and the unique information. The same operation as the operation when the auxiliary information for certification is generated is performed by replacing the status condition with the status information. Using the verification information generating means for generating verification information by performing the decoding means the certification information decoded by the verification information, a medium recording an access control program for causing a computer to function as a. 6. A medium for storing an access control program for causing a computer to generate a key indispensable for use of a service only when the service to be provided is legitimate use, the status corresponding to a use condition of a user. Status information holding means for holding information; status condition holding means for holding status conditions in which conditions permitting access to the service are set; unique information holding means for holding unique information that is a predetermined unique value A certification information holding unit that holds certification information obtained by encrypting the key, with certification auxiliary information created by performing a predetermined operation based on the status condition and the unique information. Performing a comparison operation between the status information and the status condition, and determining whether a predetermined condition is satisfied. An operation unit that outputs a decryption permission instruction; when the operation unit outputs the decryption permission instruction, the same operation as that performed when the certification auxiliary information is generated is performed based on the status condition and the unique information. A medium storing an access control program for causing a computer to function as verification information generation means for generating verification information, and decryption means for decrypting the proof information with the verification information.