According to one embodiment, an authentication method includes generating a second key by a first key, the first key being stored in a memory and being prohibited from being read from outside; generating a session key by the second key; generating first authentication information using the session key and secret identification information, the secret identification information stored in a memory and being prohibited from being read from outside; transmitting encrypted secret identification information to an external device and receiving second authentication information from the external device, the encrypted secret identification information stored in a memory and readable, the second authentication information generated based on the encrypted secret identification information; and determining whether the first authentication information and the second authentication information match.