An authentication method of a terminal according to an embodiment includes: receiving a first advertising packet from a control device; requesting an encryption key of the control device from a server based on at least one of control device identification information or region identification information which is included in the first advertising packet; receiving the encryption key of the control device from the server; determining whether the terminal has an authority to access the target region, based on at least one of the control device identification information or the region identification information; encrypting authentication data to be transmitted to the control device based on the encryption key of the control device when it is determined that the terminal has the authority to access the target region; and transmitting the encrypted authentication data to the control device.