Abstract: Provided is a system whereby information on activities obtained by way of monitoring system access to input and output devices and storage devices in a terminal as well as information on activities executed by way of a terminal and obtained by way of monitoring communications through a network are associated with processes in the terminal that generated the activities, and if the activities are predetermined activities executed by the same or related processes, the system detects that unauthorized processes are running on the terminal.

Abstract: An authentication system having a user apparatus that performs authentication using first authentication data and a second authentication server that performs authentication using second authentication data is provided. The user apparatus acquires the second authentication data from a user and requests authentication of the user by sending the acquired second authentication data to the second authentication server. The second authentication server performs authentication of the user on a basis of the second authentication data received from the user apparatus and sends the user apparatus a result of the authentication and when the authentication is successful, first authentication data stored being associated with the user. The user apparatus acquires a result of authentication based on the first authentication data received from the second authentication server and performs login processing when the acquired result of the authentication based on the first authentication data indicates success.