There are provided a log in system and method which can easily be applied to a corporation aggregate member and prevent unauthorized use of authentication information copied. Since log in is performed by using service right data (p11) for each medium identifier (SD-ID01) of a secure storage medium (SD), an unauthorized person who has copied authentication information cannot perform log in unless the unauthorized person uses the secure storage medium (SD). Moreover, when the secure storage medium is distributed to each person belonging to the corporation aggregate, it can be applied to the corporation aggregate user in the same way as to an individual user.