1. Field of the Invention
The present invention relates to an authentication system, a server apparatus, and an authentication method, particularly to an authentication system, a server apparatus, and an authentication method, in which an authentication device is used to authenticate a terminal device.
2. Description of the Related Art
Heretofore, in a computer system provided over networks, various methods are designed to securely and reliably conduct user authentication. As one of such authentication methods, there is a method in which a device called a personal identification device such as a USB token or an IC card is used for authentication. In this method, a personal identification device on which authentication information is recorded is attached to a user terminal device for authentication between the terminal device and a server with the authentication information stored in the personal identification device.
For example, in Patent Reference 1 (JP-A-2005-50308), such an authentication device is disclosed that in conducting authentication according to a digital certificate, the authentication device can conduct authentication without making a request to an authentication server and the like for network connection. The authentication device stores therein a public key associated with a certificate authority to authenticate a digital certificate, and uses a secret key to create and output a service key matched with an application. As described above, the personal identification device is used for authentication, whereby security level can be improved more than that of authentication according to user entries such as a user ID and a password.