摘要 |
Access control with easy change/extension is implemented. There is provided a system for controlling access to data, the system having: a first storage unit for storing a plurality of attribute values respectively selected from a plurality of integers which are relatively prime and identifying a plurality of attributes of users, in association with respective users; a second storage unit for storing a product of at least two attribute values which are common to users belonging to a set of users, in association with respective data to be accessed, to show the set of users which are targets of controlling access to the data; a calculation unit for reading out, from the first storage unit, a plurality of attribute values corresponding to a user who requests access, and calculating a product of at least two of the plurality of read attribute values; and a control unit for performing a process for accepting the user as a target of controlling access to the data, on condition that the calculated product of attribute values matches a product of attribute values stored in the second storage unit in association with the data to be accessed.
|