| 摘要 |
PROBLEM TO BE SOLVED: To avoid spoofing authentication by a malicious third person using a password list and the like even when a user sets the same password for a plurality of Web servers.SOLUTION: An authentication method in an authentication system comprising a first user terminal and a Web server communicating with the first user terminal through a network includes: a step in which the first user terminal transmits an ID, a password, and a session key for authentication to the Web server; a step in which the Web server collates the ID, password, and session key received from the first user terminal, the ID and password registered in advance about the first user terminal, and the first session key issued in the previous authentication by the user of the first user terminal; and a step in which when the authentication is successful as a result of the collation, the Web server issues a second session key used in the next authentication to the first user terminal. |
