An application server of an authentication system includes a requesting part that makes a request for possession authentication which is authentication using an authenticator, when the requesting part receives a request for authentication of a user from a terminal, a verifying part that receives an authentication result of the possession authentication and information for verification from the authentication server, and verifies the validity of the authentication server on the basis of the received information for verification, and a providing part that provides a function related to the application to the terminal if the verifying part verifies that the authentication server is valid. The authentication server of the authentication system includes a possession authentication part and a result transmission part that transmits the authentication result of the possession authentication and the information for verification to the application server.