| CPC H04L 9/0825 (2013.01) [H04L 9/0866 (2013.01); H04L 9/0894 (2013.01)] | 10 Claims |
|
1. An authentication system comprising:
an information processing apparatus including a first processor; and
an authentication server connected to the information processing apparatus through a network and including a second processor, wherein
the information processing apparatus includes a first memory that stores user registration information in which identification information identifying a user is associated with an encryption key set for each user, wherein the stored user registration information includes identification information and a unique associated encryption key for each of a plurality of users, wherein an expiration date is set in the encryption keys,
the first processor is configured to:
acquire the user registration information stored in the first memory based on an instruction operation of one of the plurality of users;
generate an authentication request including a temporary key encrypted based on an encryption key included in the acquired user registration information and the identification information included in the acquired user registration information for the one of the plurality of users, wherein the temporary key was received from the authentication server during registration and is unique for each of the plurality of users; and
transmit the authentication request to the authentication server, the authentication server includes a second memory that stores authentication registration information in which the identification information identifying the user registered in the information processing apparatus is associated with the encryption key and the temporary key set for each of the plurality of users, and
the second processor is configured to:
acquire the encryption key and the temporary key included in the authentication registration information in correspondence with the identification information included in the authentication request received from the information processing apparatus;
decrypt the temporary key included in the authentication request that is encrypted based on the acquired encryption key; and
transmit an authentication result to the information processing apparatus.
|