Generally, a server on the Internet has any number of pieces of electronic information requiring the duty to protect the information. Connecting a client to a server on the Internet, an open Web browser (Internet browser) is often used and a third party can easily access the server. Therefore, in such an Internet environment, for ensuring security of electronic information, data encryption and authentication technology for logging in are required.
For example,    {circle around (1)} a user to access the server is given a password and a user ID for identification (hereafter, these are brought together and referred to as a log-in ID),    {circle around (2)} said log-in ID is a combination of characters and numerical characters on a random basis,    {circle around (3)} said log-in ID is encrypted,therefore, the server is prevented from third-party stealing and browsing.
However, in the case of {circle around (2)}, when a combination of characters and numerical characters on a random basis is to be an ideal log-in ID, the log-in ID is difficult remember and easy to forget. Therefore, in actuality, the date of birth, postal address or the like can only used for an log-in ID, which is easily guessed by a third party, or a log-in ID has no choice but to be separately maintained in a form or the like and stored. As mentioned above, the log-in ID is easily stolen, and when the log-in ID is stolen, the worth of the log-in ID is impaired. Therefore, no matter how more advanced cryptographic technology of {circle around (3)} is, it is difficult to prevent a log-in ID from being stolen and the log-in ID is forced to be made complicated changes.
Therefore, technical problems arise that should be resolved in order to make changes automatically on a regular basis to a password for authenticating a server and a client mutually. An object of the present invention is to resolve these problems.