An example authentication system includes a server system provided with a common authentication unit (e.g., first and second authentication units) and a system controller (e.g., an access-permitting unit). The first authentication unit authenticates user-identifying information transmitted from a communication terminal and generates an access key based on the user-identifying information. The access key is transmitted from the server system to the communication terminal. The second authentication unit authenticates the access key transmitted from the communication terminal and generates a session key to access the data. The access key is transmitted from the server system to the communication terminal. The access permitting unit permits the data to be accessed within a predetermined period of time. The access is performed on the session key transmitted from the communication terminal.