`Powered by EPO and Google
`
`tlYE7cayy
`
`it
`
`
`
`
`
`
`Notice
`This translation is machine-generated. It cannot be guaranteedthatit is intelligible, accurate,
`complete, reliable or fit for specific purposes. Critical decisions, such as commercially relevant or
`financial decisions, should not be based on machine-translation output.
`
`DESCRIPTION JP20061 55263
`
`Ci=ei]
`
`The present invention utilizes existing authentication server for performing personal
`authentication based on the user ID and password, economical construction having high security
`authentication system using the one-timeID. A useris, in the case of performing the identity
`authentication, enter the user ID of its own to the one-time ID generation device 10. Onetime ID
`generating unit 10 generates the one-time ID and a user ID and the current time that has been
`input. The user then sends an authentication request including the above-described one-time ID
`and password from the terminal device 20 to the authentication server 30. Authentication server
`30 transmits the including the one-time ID in the authentication request conversion requestto
`the conversion server 40. The conversion server 40 calculates a user ID and a one-time ID and
`
`the current time is included in the conversion request, and returns the authentication server 30.
`The authentication server 30, by comparing the passwordregistered in the authentication
`information storage section 35 in association with the user ID, and passwordin the
`authentication request, performs user authentication. FIELD 7
`
`One-time ID authentication system, an authentication server, the conversion server, one-time ID
`authentication method and program
`
`[0001]
`
`24-04-2016
`
`1
`
`
`
`[0001] The present invention relates to a personal authentication technology in a network
`system,in particular, by using each time a different user ID for each logon (onetimeID), relates to
`personal authentication technology increase the security level.
`
`[0002]
`
`[0002] The personal authentication system in a network system, various ones have been known.
`13 is a block diagram showing a conventional most commonly in the personal authentication
`system thatis utilized configured. Referring to the figure, personal authentication system
`includes an authentication server 100, and a terminal device 200 used by a user, they are
`connected to each othervia the Internet, a network 300 such as LAN.
`
`[0003]
`
`[0003] In personal authentication system shownin FIG. 13, the user of the terminal device 200,
`when performing authentication, an authentication request including the own user ID and
`password, and transmitted from the terminal device 200 to the authentication server 100 .
`Authentication means 101 of the authentication server 100, upon via the transmitting and
`receiving unit 102 receives an authentication request from the terminal apparatus 200, referring
`to the authentication information storage unit 103 and the user ID and password for each useris
`registered in association and, perform personal authentication. That is, a password in association
`with the user ID in the authentication request is registered in the authentication information
`storage unit 103, compares the passwordin the authentication request, if they match, the
`authentication succeeds, both the mismatchcase, the authentication failure.
`
`[0004]
`
`[0004] However, personal authentication system shown in FIG. 13, for each use the same user ID
`and password,there is a problem in terms of security. Therefore, I like to use different passwords
`(one-time password) each time the personal authentication system shownin FIG. 1 4 has been
`proposed(e.g., see Patent Document1).
`
`24-04-2016
`
`2
`
`
`
`[0005]
`
`[0005] Referring to FIG. 14, personal authentication system includes an authentication server
`400, the terminal device 500 usedbya user, and a one-time passwordgeneration unit 600, the
`authentication server 400 and the terminal device 500, the Internet, They are connected to each
`other via a network 700 such as a LAN.
`
`[0006]
`
`User [0006] terminal 500, when performing personal authentication, first, the one-time
`password generation unit 600 inputs the userID of its own. Thus, the one-time password
`generation unit 600 generates a one-time password basedon the input user ID and the current
`time, and displays the generated one-time password on the display section (not shown).
`Incidentally, one-time password generation apparatus 600, for example, be realized by a mobile
`phone incorporating a program for the one-time password generation.
`
`[0007]
`
`[0007] The user inputs and one-time passwordis displayed, the same and the ownuserID to the
`terminal device 500. Thus, the terminal device 500 transmits an authentication request including
`the one-time passwordand userID to the authentication server 400.
`
`[0008]
`
`[0008] Authentication unit 401 in the authentication server 400 receives the authentication
`request through the transceiver unit 402, passes the user ID contained in the authentication
`request to the one-time password generation unit 403, generating a one-time password to
`instruct. Thus, the one-time password generation unit 403 receives the current time from the
`clock 404, and generates a one-time password based on the current time and the above userID.
`Then, a one-time password generated is compared with the one-time passwordincluded in the
`authentication request, if they match, the authentication succeeds, if they do not match, the
`authentication failure. JP 2002-259344 JP
`
`24-04-2016
`
`3
`
`
`
`[0009]
`
`[0009] Accordingto the authentication system described in Patent Document1 described above,
`since different passwordsare used each time, it is possible to higher security.
`
`[001 O]
`
`[001 O] Incidentally, even in the engine have already introduced the authentication server 100 as
`shownin FIG. 13, increased security is desired. To improve security, may be introduced personal
`authentication system that performs authentication using the one-time password as shownin
`FIG. 1 4, then, the cost becomesvery high.
`
`[0011]
`
`[0011] [purposeof the invention] It is an object of the present invention have the authentication
`information storage unit in which the user ID and passwordare registered in association, by
`utilizing the existing authentication server for performing personal authentication based on the
`user ID and password,It is to such a high security authentication system using the one-time ID
`can be economically constructed.
`
`[O01 2]
`
`[001 2] The first one-time ID authentication system according to the present invention, And the
`terminal device, a one-time ID authentication system comprising an authentication server with
`authentication information storage unit in which the user ID and password ofa user are
`registered in association, and a conversion server, It said terminal device, Has a one-time ID
`generated based on the user ID and the current time, a structure for transmitting an
`authentication request including the passwordto the authentication server, The authentication
`server, When the authentication request from the terminal device is sent, to generate a
`translation request including the one-time ID in the authentication request, and sends the
`converted request the generation to said conversion server, the conversion request from the
`conversion server when a userID is sent as a conversion result for, by comparing the password
`of password andsaid in authentication request registered in the authentication information
`storage unit in association with the userID, if they match, the authentication has a configuration
`
`24-04-2016
`
`4
`
`
`
`that success, The conversion server, When the conversion request from the authentication server
`is sent, calculates a user ID on the basis of the one-time ID and the current time in the conversion
`request, to have a structure to return the user ID the calculated to the authentication server the
`features.
`
`[001 3]
`
`[001 3] The second of the one-time ID authentication system according to the present invention,
`in the first of the one-time ID authentication system, The generates a one-time ID based on the
`user ID and the current time input by the user of the terminal device, the one-time ID generating
`apparatus including a one-time ID generating meansfor displaying on the display unit the one-
`time ID to the said generated characterized by comprising.
`
`[O01 4]
`
`[001 4] Third one-time ID authentication system according to the present invention, in the first
`one-time ID authentication system, A user ID storage unit by the userID of the user of the
`terminal device is registered, The generates a one-time ID based on the user ID and the current
`time registered in the user ID storage unit, the one-time ID generation including the one-time ID
`generating meansfor displaying on the display unit the one-time ID to the said generated
`characterized by comprising a device.
`
`[O01 5]
`
`[001 5] The fourth one-time ID authentication system according to the present invention, in the
`first to the third one-time ID authentication system, The authentication server, When the
`authentication request from the terminal device is sent, and a conversion request meansfor
`generating a conversion request including the one-time ID in the authentication request,
`transmits the converted request the generation to said conversion server, When the user ID as a
`conversion result for the conversion request from the conversion serveris sent, it compares the
`password of passwordandsaid in authentication request registered in the authentication
`information storage unit in association with the userID, If they match, characterized by
`comprising a comparison meansfor the authentication succeeds.
`
`24-04-2016
`
`5
`
`
`
`[001 6]
`
`[001 6] The fifth one-time ID authentication system according to the present invention, in the
`fourth one-time ID authentication system, The conversion server, When the conversion request
`from the authentication server is sent, it calculates a user ID on the basis of the one-time ID and
`the current time in the conversion request, provided with a conversion meansfor transmitting
`the user ID to the calculated to the authentication server characterized in that was.
`
`[O01 7]
`
`[001 7] Sixth onetime ID authentication system according to the present invention, in the second
`or third one-time ID authentication system, The one-time ID generation device, And functions
`holding unit at the time of dividing the day into multiple time zones, the one-time ID generation
`function for each time zoneis stored, Of the one-time ID generation function stored in the
`function numberstoring unit, generate a one-time ID generation function for time zone including
`the current time, and the current time, the one-time ID based on the user ID and a one-time ID
`generation computing meansfor, The conversion server, And inverse function holding unit at the
`time of dividing the day into a plurality of time zones, the user ID calculating function for each
`time period is stored, When the conversion request from the authentication serveris sent, of the
`user ID calculating function for each time period stored in said inverse function holding unit, a
`userID calculating function for time zone including the current time When, characterized by
`comprising a current time, a user ID calculating arithmetic means for calculating a user ID on the
`basis of the one-time ID in said conversion request.
`
`[001 8]
`
`[001 8] The authentication server according to the present invention, And authentication
`information storage unit in which the user of the user ID and password hasbeenregistered in
`association with, Whenthe authentication request including the user ID and passwordsent from
`the terminal device, generating a conversion request including the one-time ID in the
`authentication request, a conversion request meansfor transmitting a conversion request the
`generation to the conversion server , When the userID as a conversion result for the conversion
`request from the conversion serveris sent, it compares the password of password andsaid in
`authentication request registered in the authentication information storage unit in association
`with the userID, If they match, characterized by comprising a comparison meansfor the
`authentication succeeds.
`
`24-04-2016
`
`6
`
`
`
`[O01 9]
`
`[001 9] conversion server according to the present invention, When the conversion request
`including the one-timeID is sent from the authentication server calculates a user ID on the basis
`of the one-time ID and the current time in the conversion request, and transmits the user ID to
`the calculated to the authentication server characterized by comprising a conversion means.
`
`[0020]
`
`[0020] one-time ID authentication method according to the present invention, Terminal device
`transmits the one-time ID generated based on the user ID andthe current time, the
`authentication request including the passwordto the authentication server, The authentication
`server having an authentication information storage unit in which the user having the user ID
`and passwordareregistered in association with the, when an authentication request from the
`terminal device is sent, including the one-time ID in the authentication request conversion
`generate a request, sends the converted request the generation to the conversion server,
`Returning said conversion server, when a conversion request from the authentication serveris
`sent, calculates a user ID on the basis of the one-time ID and the current time in the conversion
`request, the user ID the calculated to the authentication server and, The authentication server,
`whentheuserID is sent as a conversion result for the conversion request from the conversion
`server, a password of password andsaid in authentication request registered in the
`authentication information storage unit in association with the user ID comparing the door,if
`they match, characterized by a successful authentication.
`
`[0021 |
`
`[0021] The first program according to the present invention, The computer with the
`authentication information storage unit in which the user having the user ID and password are
`registered in association, When the authentication request including the user ID and password
`sent from the terminal device, generating a conversion request including the one-time ID in the
`authentication request, translation request means for transmitting a conversion request the
`generation to the conversion server, When theuser ID as a conversionresult for the conversion
`request from the conversion serveris sent, it compares the password of password andsaid in
`authentication request registered in the authentication information storage unit in association
`
`24-04-2016
`
`7
`
`
`
`with the userID, If they match, to function as a comparison meansfor a successful
`authentication.
`
`[0022]
`
`[0022] The second program accordingto the present invention, The computer, When the
`conversion request including the one-time ID is sent from the authentication server calculates a
`user ID on the basis of the one-time ID and the current time in the conversion request, and
`transmits the user ID to the calculated to the authentication server to function as a conversion
`
`means.
`
`[0023]
`
`[0023] [action] When the user performs the authentication, send the authentication request from
`its own terminal device to the authentication server. The authentication request, and the one-time
`ID generated based on the user ID and the current time of the user, contains the password for the
`user. One-time ID, for each its generation time, since the valueis different, it is possible to higher
`security. The authentication server receives the authentication request, generates including the
`one-time ID in the authentication request conversion request, and sends the conversion server.
`Conversion server, based on the one-time ID and the current time in the conversion request,
`calculates a userID of the user, and returns the user ID calculated in the authentication server.
`The authentication server performs the user ID is returned, and passwordin the authentication
`request, the utilizing the authentication information storage unit personal authentication.
`
`[0024]
`
`According to [0024] the present invention, it becomes possible to economically configure
`security high personal authentication system using the one-time ID. The reasonis that the
`conversion server to return the one-time ID contained in the authentication request sent from the
`terminal device to the user ID is provided, the one-time ID to the existing authentication server
`for performing personal authentication by user ID and passwordThis is becausethe available in
`personal authentication using.
`
`[0025]
`
`24-04-2016
`
`8
`
`
`
`[0025] With reference to drawings, embodiments of the present invention will be described in
`detail.
`
`[0026]
`
`[0026] [Description of Configuration of First Embodiment 1 is a block diagram showing an
`overall configuration of a first embodimentof the one-time ID authentication system according to
`the present invention. Referring to the figure, the one-time ID authentication system ofthis
`embodiment, the one-time ID generation unit 10 used by a user, the terminal device 20 in which
`the user uses, the authentication server 30, a conversion server 40 wherein, the terminal
`apparatus10, the authentication server 30 and the conversion server 40 are connected to each
`othervia the Internet, a network 50 such as a LAN.
`
`[0027]
`
`[0027] onetime ID generating unit 10 generates a one-time ID based on the user ID and the
`current time input by the user, a function to be presented to the user.
`
`[0028]
`
`[0028] FIG. 2 is a block diagram showing a configuration example of a one-time ID generating
`apparatus 10 having the function described above, an input section 11 of the numeric keys or
`the like, a one-time ID generating unit 12, a clock that displays the current time 16, and a display
`portion 17 such as LCD.
`
`[0029]
`
`[0029] onetime ID generating unit 12 includes a function storage unit 13, a calculating unit 14,
`and a current time input means1 5.
`
`24-04-2016
`
`9
`
`
`
`[0030]
`
`[0030] time input unit 15 has a function of inputting the current time from the clock 16. In this
`embodiment, the time input unit 15, when the timepiece 1 6 is displaying: minutes: Of the second,
`time: shall enter a fraction only. In other words, time input means1 5, to enter the time in
`minutes.
`
`[0031]
`
`[0031] in the function storage unit 13, the function to use in generating the one-time ID (one-
`time ID generation function) is stored.
`
`[0032]
`
`[0032] calculating means1 4, the user ID input from the input unit 11, for the current time the
`time input unit 15 is input, according to the one-time ID generation function stored in the
`function storage section 1 3 It was calculated onetime ID by performing a calculation, a function
`of displaying the one-time ID calculated in the display unit 1 7.
`
`[0033]
`
`[0033] In addition, the one-time ID generation means1 2 of the one-time ID generating device 10,
`are those that can be realized by a CPU (computer), if implemented by a computer, for example,
`in the following manner. Disc for recording a program for causing a computerto function as a
`one-time ID generating unit 1 2, a semiconductor memory, prepared other recording medium, to
`read the program in the computer. The computer, by controlling its operation according to the
`read program, on the self computer, to implement the one-time ID generating unit 1 2. Further,
`the one-time ID generation apparatus 10 mayalso berealized by utilizing a portable telephone
`with a built-in CPU. That is, providing a recording medium suchasa recording disk a program for
`operating the CPU as a onetime ID generating unit 12, to read the program to the CPU. The CPU,
`by controlling its operation according to the read program to realize the one-time ID generating
`unit on the own CPU.
`
`24-04-2016
`
`10
`
`
`
`[0034]
`
`[0034] The terminal device 20 has function for sending an authentication request including the
`one-time ID and the password to the authentication server 30, a function for presenting the
`authentication result sent from the authentication server 30 to the user.
`
`[0035]
`
`[0035] FIG. 3 is a block diagram showing a configuration example of a terminal device 20 having
`the function described above, a transmitting and receiving unit 21, a control unit 22, an input
`unit 23 such as a keyboard, a display unit 24 such as an LCDIt is equipped with a.
`
`[0036]
`
`[0036] transmitting and receiving means 21 has a function of exchanging data via a network 50.
`
`[0037]
`
`[0037] The control unit 22 has a function of transmitting the input unit 23 function for
`generating an authentication request including the one-time ID and passwordinput, the
`generated authentication request via the communication means 21 to the authentication server
`30, having like function of displaying an authentication result sent from the authentication server
`30 on the display unit 24.
`
`[0038]
`
`[0038] In addition, the terminal device 20 is as it can be implemented by a computersuch as a
`personal computer, if implemented by a computer, for example, in the following manner.Disc for
`recording a program for causing a computerto function as a terminal device, a semiconductor
`memory, prepared other recording medium, to read the program in the computer. The computer,
`by controlling its operation according to the read program,on the self computer,realizes
`transmission and reception unit 21, the control unit 22.
`
`24-04-2016
`
`11
`
`
`
`[0039]
`
`[0039] The authentication server 30, when the authentication request including the one-time ID
`and passwordsent from the terminal device 20 acquires the user ID corresponding to the one-
`time ID by using the conversion server 40, the userIt has a function of performing
`authentication based on the ID and the passwordin the authentication request.
`
`[0040]
`
`[0040] FIG. 4 is a block diagram showing a configuration example of the authentication server
`30 having the functions described above, a transmitting and receiving unit 31, an authentication
`unit 32, and an authentication information storage unit 35.
`
`[0041 |
`
`[0041] in the authentication information storage unit 35, as shownin FIG.5, the userID of the
`user, password, access rights, name, ... it is registered in association.
`
`[0042]
`
`[0042] transmitting and receiving means 31 has a function of exchanging data via a network 50.
`
`[0043]
`
`[0043] authentication means 32 includesa translation request unit 33, the comparing means 34.
`
`[0044]
`
`24-04-2016
`
`12
`
`
`
`[0044] conversion request means 33, when receiving an authentication request from the
`terminal device 20 via the transmitting and receiving unit 31 transmits a containing the one-time
`ID in the authentication request conversion request to the conversion server 40, the conversion
`request having the ability to pass the user ID is returned from the conversion server 40 in
`response to the comparison means 34. Translation request unit 33 has a configuration that is not
`provided in the authentication server 100 shownin FIG. 13, in the case of realizing the
`authentication server 30 by using the existing authentication server 100 needsto incorporate
`this configuration.
`
`[0045]
`
`[0045] comparing means 34 compares the passwordin association with the userID is registered
`in the authentication information storage section 35 passed from the translation request unit 33,
`and a passwordin the authentication request from the terminal device 20, If they match, the
`authentication succeeds, if they do not match, has the function of the authentication failure.
`Comparing means 34 hasa configuration that is provided to the authentication server 100
`shownin FIG. 13.
`
`[0046]
`
`[0046] In addition, the authentication server 30, are those that can be implemented by a
`computer, if implemented by a computer, for example, in the following manner. Disc for
`recording a program for causing a computerto function as the authentication server, a
`semiconductor memory, prepared other recording medium, to read the program in the computer.
`Computercontrols its own operation in accordancewith the read program, on its own computer,
`sending and receiving means 31, to achieve the authentication means 32.
`
`[0047]
`
`[0047] conversion server 40, when the conversion request from the authentication server 30
`including the one-timeID is sent, it calculates a user ID on the basis of the above one-time ID and
`the current time, and returns the userID calculated It has a function.
`
`24-04-2016
`
`13
`
`
`
`[0048]
`
`[0048] FIG. 6 is a block diagram illustrating an exemplary configuration of a conversion server
`40 having the function described above, comprises a transceiver unit 41, a conversion unit 42,
`and a clock 46 that displays the current time.
`
`[0049]
`
`[0049] transmitting and receiving means 41 has a function of transmitting and receiving data via
`the network 50.
`
`[0050]
`
`[0050] conversion unit 42 includes an operation unit 43, an inverse function storage unit 44,
`and a time input section 45.
`
`[0051]
`
`[0051] time input unit 45 has a function of inputting the current time in minutes from the clock
`46.
`
`[0052]
`
`[0052] Conversely function storage unit 44, the one-time ID and the function for obtaining the
`user ID from the current time (user ID calculating functions) is stored.
`
`[0053]
`
`[0053] calculating means 43, upon receiving a conversion request sent from the authentication
`server 30 via the transmitting and receiving unit 41, the one-time ID containedin it, in minutes
`
`24-04-2016
`
`14
`
`
`
`time input unit 45 is input current has a time, a function of calculating a user ID on the basis of
`the functions for the user ID calculating held in the inverse function holding unit 44, and
`transmits the user ID, which is calculated to the authentication server 30.
`
`[0054]
`
`[0054] In addition, the conversion server 40, are those that can be implemented by a computer,
`if implemented by a computer, for example, in the following manner. Disc for recording a
`program for causing a computerto function as a conversion server, a semiconductor memory,
`prepared other recording medium,to read the program in the computer. The computer, by
`controlling its operation according to the read program,on the self computer, transceiver means
`41, realizing the conversion means 42.
`
`[0055]
`
`[0055] [Description of Operation of First Embodiment Next, with reference to the drawings, the
`operation of this embodimentwill be describedin detail.
`
`[0056]
`
`[0056] The user of the terminal device 20, when performing personal authentication, and starts
`the one-time ID generation unit 10, inputs the userID ofitself from the input unit. 11 (a in Fig.
`7).
`
`[0057]
`
`[0057] One-time ID generating device 10 onetime ID generating means 1 2, whenactivated,
`becomesan input waiting state of the user ID, the user ID is input from the input unit 11 by the
`user, time input means 15 enter the current time in minutes from the clock 16 using the (step
`S81, S82 in FIG. 8). Thereafter, generation operation means 1 4, the one-time ID generation
`function stored in the function storage unit 13, a user ID input by the user, time input means 15
`the one-time ID on the basis of the current time entered (step S83). Here, the function for one-
`time ID generation, for example, may be employed functions such as (onetime ID) = (User ID) <
`
`24-04-2016
`
`15
`
`
`
`(current time). Thereafter, computing unit 14 displays the one-time ID calculated in the display
`section 17 (step S 84).
`
`[0058]
`
`[0058] Whenthe user hasthe one-time ID is displayed on the display unit 17, and inputs the
`one-time ID and passworddisplayed on the terminal device 20 (b in FIG. 7, c). Control means 22
`in the terminal device 20, when the one-time ID and a password are inputted from the input unit
`23, and transmits the containing them authentication request to the authentication server 30 (d-
`in FIG.7).
`
`[0059]
`
`[0059] conversion request means 33 of the authentication server 30 receives the authentication
`request sent from the terminal device 20 via the transmitting and receiving unit 31, generates a
`conversion request including the one-time ID in the authentication request and it sendsit to the
`conversion server 40 (e in step S 91, S 92 and 7 in FIG. 9). Thereafter, conversion request means
`33, areturn waiting state of the conversion result (user IDs) (step S 93).
`
`[OO60]
`
`[0060] On the other hand, converter 42 in the conversion server 40 receives the conversion
`request from the authentication server 30 via the transmitting and receiving unit 41, as shown in
`the flowchart of FIG. 10, by using thefirst time input means 45 enter the current time in minutes
`from the clock 46 (step S101). Thereafter, computing unit 43, and functions for the user ID
`calculating held in the inverse function holding unit 44, and the current time in minutes time
`input unit 45 is input, the user ID based on the one-time ID in the conversion request calculates
`and returns the user ID whichis calculated to the authentication server 30 (f in step S102,5 103
`and FIG. 7). Here, the user ID calculating functions stored in the inverse function holding unit 44
`is an inverse function of the one-time ID generation function stored in the function storage unit
`13 of the one-time ID generating device 10, for example, , one-time ID generation functionis, if
`the (one-time ID) = (user ID) X (the current time), the function for the user ID calculation, (user
`ID) = (one-time ID) + (the current time) to become. However, the function holding unit 13, the
`one-time ID generation function held by the inverse function holding unit 44, the function for the
`userID calculating, not limited to the example described above.
`
`24-04-2016
`
`16
`
`
`
`[0061]
`
`[0061] conversion request means 33 of the authentication server 30 in the return waiting state
`of the conversion result, and a result conversion sent from the conversion server 40 (user ID) is
`received via the transmitting and receiving means 31, comparison meansit pass to the 34. Thus,
`comparing unit 34, the authentication information storage section 35, it retrieves the password
`registered in association with the user ID, and compared with the password in the authentication
`request sent from the terminal device 20 (in FIG. 9 step S94). Then,if they match notifies the
`authentication success to the authentication requesting terminal device 20 (step S95 is YES, S
`96), in the case of disagreement, and notifies the authentication failure to the terminal device 20
`(step S95 is NO, g of S97 and 9). Even if the user ID correspondingto the authentication
`information storage unit 35 is not registered, the authentication failure.
`
`[0062]
`
`[0062] Control unit 22 in the terminal device 20 receives via the communication means 21 an
`authentication result (authentication success or authentication failure), and displays it on the
`display unit 24. If the authentication success is displayed, the user of the terminal device 20, it
`meansthat acquired the access right to the system,it is possible to access the system. In
`contrast, if the authentication failure is displayed, the user performs the operation described
`aboveagain.
`
`[0063]
`
`[0063] In the embodimentdescribed above, converter 42 in the conversion server 40, upon
`receiving a conversion request from the authentication server 30, based on a one-timeID in the
`conversion request, to the present time user although the ID to calculate only one, and the user
`ID corresponding to the current time, asked twoof the user ID of the user ID corresponding to
`one minute before the time than the current time, those two user ID it may be returned to the
`authentication server 30. Then, the comparison unit 34 within the authentication server 30 in
`which twouserID is returned, either one of the two password registered in the authentication
`information storage section 35 in association with the two userID, if they match the password in
`the authentication request, it is determined that the authentication is successful. By doing so, the
`user of the operating time (time from the generation of the one-time ID, until the user inputs the
`
`24-04-2016
`
`17
`
`
`
`one-time ID and password to the terminal device 20), a generation time of the one-timeID, the
`conversion server even if the difference between the reception time of the conversion request
`occurs at 40, the difference is within the 1 minute, it can be a successful authentication.
`
`[0064]
`
`[0064] Further, in the embodiment described above, the function holding unit 13, inverse
`function holding unit 44 respectively onetime ID generation function have been adapted to store
`one by one function for the user ID calculating a plurality of one time ID generation function may
`be stored functions for the user ID calculating, it may be changed using function depending on
`the time zone. Whendoingso,