Abstract: A computer program, method, and system for access control, which are capable of keeping and guaranteeing consistency of access control settings. A collector collects access control information and resource information which are set for each unit of processing such as an application and a file system and are transmitted from a transmitter, and stores them in an access control information memory. A combiner combines the collected access control information to create and store combined access control information in a combined access control information memory. A consistency adjuster analyzes the policies defined in the combined access control information stored in the combined access control information memory to detect inconsistency, and if inconsistency is detected, resolves the inconsistency according to an inconsistency measure policy. Thus, consistent filtering master information for the entire system is created and stored in a filtering master information memory.

Abstract: A storage medium on which is recorded a program for causing an information processing device. The program executes, an access right management information obtainment process for obtaining access right management information, a violation detection process for obtaining a policy from a policy storing unit for storing the policy set for the resource or the access to the resource, for checking whether or not the access right management information complies with the policy, and for detecting access right management information, a policy compliance level calculation process for calculating a risk score in accordance with a degree of risk of the violation, and for calculating a level of compliance with the policy.

Abstract: A storage medium on which is recorded a program for causing an information processing device. The program executes, an access right management information obtainment process for obtaining access right management information, a violation detection process for obtaining a policy from a policy storing unit for storing the policy set for the resource or the access to the resource, for checking whether or not the access right management information complies with the policy, and for detecting access right management information, a policy compliance level calculation process for calculating a risk score in accordance with a degree of risk of the violation, and for calculating a level of compliance with the policy.

Abstract: Data processing apparatus distributes a public key certificate and information about a private key to a user terminal as activation information separately from a terminal module. In the case where the public key certification is vulnerable, it transmits only the activation information again.

Abstract: A computer program, method, and system for access control, which are capable of keeping and guaranteeing consistency of access control settings. A collector collects access control information and resource information which are set for each unit of processing such as an application and a file system and are transmitted from a transmitter, and stores them in an access control information memory. A combiner combines the collected access control information to create and store combined access control information in a combined access control information memory. A consistency adjuster analyzes the policies defined in the combined access control information stored in the combined access control information memory to detect inconsistency, and if inconsistency is detected, resolves the inconsistency according to an inconsistency measure policy. Thus, consistent filtering master information for the entire system is created and stored in a filtering master information memory.

Abstract: Data processing apparatus distributes a public key certificate and information about a private key to a user terminal as activation information separately from a terminal module. In the case where the public key certification is vulnerable, it transmits only the activation information again.

Abstract: An access control for confidential contents is enabled with DRM technology based on a group to which a user belongs. With a method issuing a license by a computer in response to a request to access predetermined contents with a client computer, which is made by a user who belongs to at least one of a plurality of groups, the group to which the user belongs is determined based on a user ID of a user who makes a license request via the client computer, and on a group list which is stored in a storage device and associates a user ID with a group, a license is generated by referencing a permission condition of an access control list stored in a storage device storing permission conditions based on the determined groups, and the generated license is output to the client computer.

Abstract: An information entity transmits encrypted private data to a computer of a service provider, which makes a request to use private data, by using a client tool. Additionally, the information entity creates by using the client tool a decryption key for decrypting the private data, and a private data use license which includes information stipulating a use condition of the private data, such as a use purpose, the number of use times, an expiry date, the number of times that a move can be made, and the like, and transmits the decryption key and the license to the computer of the service provider by using a DRM authentication technology. The service provider can use the private data only if its use purpose matches the use condition described in the private data use license created by the information entity.