We propose an authentication scheme in which users can be authenticated anonymously so long as times that they are authenticated is within an allowable number. The proposed scheme has two features: 1) no one, not even an authority, can identify users who have been authenticated within the allowable number, 2) anyone can trace, without help from the authority, dishonest users who have been authenticated beyond the allowable number by using the records of these authentications. Our scheme can be applied to e-voting, e-cash, electronic coupons, and trial browsing of content. In these applications, our scheme, unlike the previous one, conceals users' participation from protocols and guarantees that they will remain anonymous to everyone.