JP2014032537A - Authentication system for mobile communication device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To eliminate the needs of previously distributing and carrying a token, a random number table, or the like in an authentication system using a one-time PW.SOLUTION: A conversion reference table 20b for converting a user's PW and a one-time PW and a combination non-display button 21b are displayed together with input fields for a user ID and a one-time PW on an authentication screen of a mobile communication device. An inputted user ID and one-time PW are transmitted to the authentication system when a user inputs his/her own user ID, converts his/her PW into a one-time PW to input the PWs in the input fields with reference to the conversion reference table 20b, and clicks a log-in button. The authentication system inversely converts the received one-time PW into the PW to authenticate the user by using the obtained PW and the received user ID. When the combination non-display button 21b is clicked, slant lines of the conversion reference table 20b are made invisible.

Description

  The present invention relates to an authentication system for a mobile communication device, and more particularly to an authentication system for a mobile communication device resistant to peeping.

  In recent years, services and systems using mobile communication devices such as mobile phones and smartphones have been used. However, due to the characteristics of mobile communication devices, mobile communication devices are often used in the public, and passwords are leaked when a third party looks into the password when accessing a system that requires authentication. There is a risk.

In order to prevent password leakage, when a character is entered in the password input field of the mobile communication device, it is generally displayed as a hidden character such as “****” instead of the input character. However, even if the password input is displayed in a hidden form, the password may be leaked if a keyboard tapping operation is seen by a third party when the password is input. In addition, as a method of displaying in hidden characters, there is also a method of displaying an input password for a moment and then displaying it in a hidden character, in which case the risk of password leakage becomes higher.
In order to prevent such password leakage, a method of inputting a one-time password is used.

However, in the method using a one-time password that can prevent password leakage, it is necessary to distribute hardware called a token or a card with a random number table in advance to obtain a one-time password. Yes, the user needs to have this.
The present invention has been made in view of such problems, and its purpose is to pre-distribute tokens, random numbers, etc. in an authentication system that uses a one-time password to reduce the risk of password leakage. It is to provide an authentication system for a mobile communication device that enables one-time password authentication without requiring possession or possession.

In order to achieve the above object, an authentication system using a one-time password according to the present invention includes:
Generate and generate a conversion table indicating the correspondence between all characters that may be included in the password of the user of the mobile communication device and an n-digit character string (n ≧ 2) corresponding to each character Conversion table generating means for assigning a unique generation number to the converted conversion table;
Storage means for temporarily storing the conversion table generated by the conversion table generation means and the generation number assigned thereto;
Password authentication means for performing user authentication based on the supplied user ID and password;
Request means for performing an interface between a mobile communication device and an authentication system when performing user authentication,
Means for requesting the creation of a conversion table;
Upon receipt of the created conversion table and generation number, a conversion reference table is generated based on the conversion table, and is displayed on the mobile communication device by incorporating it into an authentication screen having user ID and one-time password input fields. An authentication screen providing means,
Entered when the user ID entered on the authentication screen displayed on the mobile communication device and the one-time password entered on the screen based on the conversion reference table displayed on the authentication screen are received. Request means comprising means for transmitting a user authentication request including a user ID and a one-time password,
Authentication control means for controlling the operation of the entire authentication system,
Means for instructing conversion table generation means to create a conversion table when receiving a request to create a conversion table from the request means;
Means for storing the conversion table and the generation number generated by the conversion table generating means in the temporary storage means and returning them to the request unit;
When a user authentication request is received from the request unit, the one-time password included in the request is converted back to a password intended for input by the user by reverse conversion based on a conversion table stored in the temporary storage unit. Means,
An authentication control means comprising: a means for transmitting the password and user ID obtained by the reverse conversion to the password authentication means to perform user authentication; and a means for transmitting the authentication result by the password authentication means to the request unit. It is characterized by that.

  In a preferred embodiment of the authentication system according to the present invention described above, the authentication screen providing means of the requesting means equals the number of all characters that may be included in the password of the user of the mobile communication device in the conversion reference table. A number of frames are provided, all the characters are randomly arranged in these frames, and n-digit character strings corresponding to the characters arranged in the frames are arranged in each frame. In this case, a button is displayed on the authentication screen, and by clicking the button, a character that may be included in the password of the user of the mobile communication device in the conversion reference table and an n-digit character string corresponding to the character are displayed. It is preferable that at least one or the conversion reference table itself is displayed by switching between the invisible state and the visible state. In addition, by clicking the conversion reference table itself on the authentication screen of the mobile communication device, these may be switched between the invisible state and the visible state. Furthermore, after the conversion reference table is displayed on the authentication screen of the mobile communication device, a predetermined value is displayed. These may be automatically switched to the invisible state after a time.

  In another preferred embodiment of the authentication system according to the present invention described above, the authentication screen providing means of the requesting means includes the conversion reference table and the number of all characters that may be included in the password of the user of the mobile communication device. A first line having the same number of frames and a second line having the same number of frames are provided apart from each other, and all the characters are arranged in each frame of the first row in a predetermined order. Columns arranged in each frame of the second row in a predetermined order or randomly, and corresponding characters of the characters in the frame of the first row and the n-digit character string in the frame of the second row Are generated by connecting them with diagonal connection lines. In this case, a button is displayed on the authentication screen, and when the button is clicked, a diagonal connection line in the conversion reference table, a character that may be included in the user password of the mobile communication device, and a corresponding character It is preferable that at least one of the n-digit character strings or the conversion reference table itself is displayed by switching between the invisible state and the visible state. In addition, by clicking the conversion reference table itself on the authentication screen of the mobile communication device, these may be switched between the invisible state and the visible state. Furthermore, after the conversion reference table is displayed on the authentication screen of the mobile communication device, a predetermined value is displayed. These may be automatically switched to the invisible state after a time.

  In yet another embodiment of the authentication system according to the present invention described above, the authentication screen providing means of the requesting means converts the conversion reference table into the number of all characters that may be included in the user password of the mobile communication device. A first line composed of an equal number of frames and a second line composed of the same number of frames are provided separately, all the characters are arranged in the respective frames of the first line in a predetermined order, and an n-digit character string Are arranged in the respective frames of the second row in a predetermined order or at random, and corresponding characters of the characters in the frame of the first row and the n-digit character strings in the frame of the second row It is generated by connecting with Amidakuji type connection lines. In this case, a button is displayed on the authentication screen, and when the button is clicked, characters that may be included in the connection line in the conversion reference table, the password of the user of the mobile communication device, and the characters It is preferable that at least one of the corresponding n-digit character strings or the conversion reference table itself be displayed by switching between the invisible state and the visible state. In addition, by clicking the conversion reference table itself on the authentication screen of the mobile communication device, these may be switched between the invisible state and the visible state. Furthermore, after the conversion reference table is displayed on the authentication screen of the mobile communication device, a predetermined value is displayed. These may be automatically switched to the invisible state after a time.

Effect

  As described above, in the authentication system using the one-time password according to the present invention, the user obtains a one-time one-time password by using his / her password and the conversion table displayed on the screen of the mobile communication device. To be able to. The conversion table displayed on the screen is very difficult for a third party to guess the user's actual password from the character string entered on the keyboard at first glance. Therefore, the conversion method can be easily understood. Accordingly, it is possible to prevent the password from being leaked and to obtain an effect that the password input operation by the user is not so complicated.

It is a block diagram of the authentication system which concerns on the Example of this invention. It is a functional block diagram of the request | requirement part with which the authentication system shown to FIG. 1 (A) is equipped. It is a functional block diagram of the authentication control part with which the authentication system shown to FIG. 1 (A) is equipped. It is explanatory drawing which shows an example of the conversion table produced | generated in the authentication system of this invention. It is a schematic diagram which shows an example of the authentication screen displayed on a mobile communication device in the authentication system of this invention. It is a schematic diagram which shows another example of the authentication screen displayed on a mobile communication device in the authentication system of this invention. It is a schematic diagram which shows another example of the authentication screen displayed on a mobile communication device in the authentication system of this invention. It is a flowchart which shows operation | movement of the authentication control part with which the authentication system of this invention is equipped. It is a flowchart which shows the detailed operation | movement of the authentication determination step in the flowchart shown in FIG.

  FIG. 1A is a block diagram showing an authentication system 1 constituted by a computer according to the present invention. As shown in FIG. 1A, the authentication system 1 transmits a request related to authentication to the mobile communication device 2 as a functional block, and receives a password input in the mobile communication device 2. Request unit 11, conversion table generation unit 12, temporary storage unit 13, password authentication unit 14, and authentication control unit 15.

The request unit 11 has a function of interfacing between the mobile communication device 2 and the authentication system 1. When user authentication is required at the time of login or the like, a user ID and a one-time password are stored on the mobile communication device 2. An authentication screen for displaying the input unit for inputting the password and the conversion table is displayed, and the user ID and the one-time password input on the authentication screen are received, and authentication control is performed based on these It has a function of transmitting an authentication request to the unit 15.
In order to execute such a function, the request unit 11 includes a conversion table creation request unit 111, an authentication screen providing unit 112, and an authentication request unit 113, as shown in FIG.

When it is necessary to perform user authentication, the conversion table creation request unit 111 transmits a “conversion table request” to the authentication control unit 15 and sends a “conversion table response” in response to the request to the authentication control unit 15. Receive from. The “conversion table request” is sent to the authentication control unit 15 when it becomes necessary to request the mobile communication device 2 to input a one-time password. The data is transmitted from the unit 15 to the request unit 11.
The authentication screen providing unit 112 generates a conversion reference table based on the conversion table response received from the authentication control unit 15, and provides the mobile communication device 2 with an authentication screen having input fields for a user ID and a one-time password. Is done.
When the user ID and the one-time password are input and transmitted on the mobile communication device 2, the authentication request unit 113 sends an “authentication request” to the authentication control unit 15 and authenticates the “authentication response” in response thereto. When received from the control unit 15, the mobile communication device 2 is notified of authentication success or authentication failure.

The conversion table generation unit 12 receives an instruction from the authentication control unit 15, generates a conversion table used for converting a password and a one-time password, and the conversion table has a one-to-one correspondence with the conversion table. A unique generation number associated with the conversion table is generated. Then, the generated conversion table and generation number are transmitted to the authentication control unit 15.
The conversion table generated by the conversion table generation unit 12 generates a random character string of n digits per character for all character types included in the password. FIG. 2 schematically shows an example of the generated conversion table. For convenience of explanation, FIG. 2 shows a case where the password character type is only numbers and two digits are assigned per character. Passwords are not limited to numbers, but may contain both letters and numbers. All character types permitted by the password authentication unit 14 are stored and set in advance in a system setting file (not shown), and an n-digit random character string is generated per character for all the set character types. .

  As shown in FIG. 2, the conversion table generated by the conversion table generation unit 12 includes all characters included in the password in the conversion line A, and an n-digit character string of the one-time password corresponding to each of the characters. It is included as a conversion line B. If a duplicate character string is included in the conversion row B of the conversion table, the conversion table generation unit 12 detects it, generates the conversion table again, and regenerates the conversion table until there are no duplicate character strings. repeat.

  The conversion table and the generation number corresponding to the conversion table sent to the authentication control unit 15 are stored and read in the temporary storage unit 13 under the control of the authentication control unit 15. When storing the conversion table and the generation number, the authentication control unit 15 sets and stores the expiration date in the conversion table. When the set expiration date has passed, the corresponding conversion table and generation number are deleted by the authentication control unit 15. The expiration date is stored in a system setting file (not shown), and is set to, for example, about 3 minutes as the time required for the user to complete authentication.

  The password authentication unit 14 has a general-purpose authentication function for authenticating a user using a user ID and a password. That is, the password authentication unit 14 stores a combination of a user ID and a password in advance, determines whether the combination of the user ID and the password received from the authentication control unit 15 is a combination stored in advance, An existing authentication system can be employed as long as it has a function of returning the determination result to the authentication control unit 15.

As shown in FIG. 1C, the authentication control unit 15 includes a conversion table creation command unit 151, a conversion table storage / return unit 152, and a one-time password / password conversion unit (one-time PW / PW conversion unit) 153. And an authentication command means 154 and an authentication result transmission means 155.
The conversion table creation command unit 151 instructs the conversion table generation unit 12 to create a conversion table in response to the “conversion table request” from the conversion table creation request unit 111 of the request unit 11, and the conversion table storage / return unit 152. Stores the conversion table with the generation number created in the conversion table generation unit 12 in the temporary storage unit 13 and returns it to the request unit 11 as a “conversion table response”. As a result, the authentication screen providing unit 112 creates a conversion reference table based on the conversion table and transmits it to the mobile communication device 2, and the user ID and the one-time password input fields are displayed on the authentication screen on the mobile communication device 2. The conversion reference table is displayed.

  On the displayed authentication screen, when the user inputs a user ID and converts and inputs his or her password into a one-time password with reference to the conversion reference table, the authentication request means 113 of the request unit 11 receives the request. Then, the authentication request means 113 receives the “authentication request” including the generation number corresponding to the conversion table used to create the conversion reference table transmitted to the mobile communication device 2 and the received user ID and one-time password. Is sent to the authentication control unit 15. When the authentication control unit 15 receives the “authentication request”, the one-time password / password conversion unit 153 determines whether the generation number included in the request has expired, and if it is within the expiration date. For example, the conversion table corresponding to the generation number is read from the temporary storage unit 13. Then, the one-time password included in the “authentication request” is cut out every n digits, and the character string every n-digits cut out is sequentially reverse-converted with reference to the conversion table, thereby corresponding to the one-time password. Convert to password.

  Thereafter, the authentication command means 154 of the authentication control unit 15 sends the password obtained by the reverse conversion and the user ID sent from the mobile communication device 2 via the request unit 11 to the password authentication unit 14, and the password authentication The unit 14 is requested to authenticate the user. As a result, when a password success / failure response is sent from the password authentication unit 14 to the authentication control unit 15, the authentication result transmission unit 155 transmits the authentication result to the request unit 11. Thereby, the request unit 11 can transmit authentication success / failure to the mobile communication device 2.

  Next, an embodiment of an authentication screen generated by the authentication screen providing unit 112 of the request unit 11 and displayed on the mobile communication device 2 will be described with reference to FIGS. 3 (A) to 3 (C). . For ease of explanation, FIGS. 3A to 3C show an authentication screen including a conversion reference table using the conversion table shown in FIG. 2 as an example. Show.

  The authentication screen shown in FIG. 3A is referred to when the user inputs a one-time password in addition to the “user ID input field”, “one-time password input field”, and “login” button. "Conversion reference table" 20a and "combination non-display button" 21a. The conversion reference table 20a has a number of frames corresponding to the number of characters of the conversion line A in FIG. 2, the characters of the conversion line A are randomly arranged in the frames, and the conversion line A of the conversion line A is included in the same frame. A character string of conversion line B corresponding to the character, that is, a two-digit character string is arranged. The plurality of frames are not limited to a rectangle, and may have an arbitrary shape, or may be an arbitrary arrangement such as a one-row arrangement. In short, the characters in the conversion line A may be arranged randomly. A “combination non-display” button 21a is used to hide an n-digit character string (character string included in the conversion line B) in each frame of the conversion reference table 20a when selected or clicked. When clicked again, the visible / invisible state of the conversion reference table 20a is toggled.

  In such an authentication screen, the user inputs his / her user ID into the input field, converts his / her password into a one-time password with reference to the conversion reference table 20a, and converts it into the one-time password input field. To enter. Since the one-time password can be input while checking the conversion reference table 20a, the user can input the one-time password accurately and easily. In addition, since the characters in the conversion row A are randomly arranged in the conversion reference table 20a, even if a third party looks into the user's key operation, the user's password is instantly determined from the inputted one-time password. Although the risk of knowing can be reduced, the correspondence between the conversion line A and the conversion line B can be made invisible by the operation of the “non-display combination” button. The risk of leakage can be further reduced.

  In the above-described embodiment, a character string included in the conversion row B within the frame of the conversion reference table 20a is provided only when the “combination display” button is provided instead of the “combination non-display” button and the button is clicked. May be displayed together with the characters included in the conversion line A. Further, it may be configured to switch the character (conversion line A) in the frame in the conversion reference table 20a between the invisible state and the visible state by clicking the “combination non-display” button. You may comprise so that both A) and a character string (conversion line B) may be switched to an invisible state / visible state.

  Further, by clicking the conversion reference table 20a itself displayed on the authentication screen, the conversion reference table 20a itself or at least one of the characters and character strings in the frame can be switched between the invisible state and the visible state. May be. Furthermore, after a predetermined time (for example, 10 to 30 seconds) after displaying the conversion reference table 2a, the conversion reference table 20a itself or at least one of the characters and character strings in the frame is automatically invisible. You may comprise so that it can switch to. The predetermined time is preferably set variably by the user. In this case, it is necessary to store the predetermined time in the request unit 11 in advance corresponding to the user.

  The authentication screen of FIG. 3B has a “conversion reference table” 20b and a “non-display combination” button 21b, and the authentication screen shown in FIG. 3A is a specific configuration of the conversion reference table. Is different. In the conversion reference table 20b, a frame displaying the characters of the conversion line A in FIG. 2 in that order is arranged at the top, and a frame displaying each n-digit character string of the conversion line B is provided below the frame. , Corresponding character and character string pairs are connected with diagonal lines. The arrangement of the character strings of the conversion line B is randomly arranged regardless of the arrangement of the conversion line A, and as a result, the character string of the corresponding conversion line B is not arranged immediately below the characters of the conversion line A. Some of the corresponding combinations of characters and character strings may be arranged in the vertical direction instead of the diagonal direction.

When the “combination non-display” button 21b on the authentication screen is clicked, as shown in the lower part of FIG. 3B, the diagonal lines indicating the correspondence in the conversion reference table 20b become invisible and clicked again. Then, the oblique line becomes visible. Similar to the authentication screen of FIG. 3A, a “combination display” button may be provided so that a diagonal line is displayed only when the button is selected.
In addition, when the “combination non-display” button 21b is clicked, the diagonal lines are not made invisible, but the characters in the conversion line A and the conversion line B are not displayed as in the case of the authentication screen shown in FIG. One or both of the character strings may be invisible, or the entire conversion reference table 20b may be invisible. Further, by clicking the conversion reference table 20b itself, the diagonal line may be switched between the invisible state and the visible state, or the character of the conversion row A, the character string of the conversion row B, or the conversion reference table You may comprise so that 20b itself may be switched to an invisible state / visible state. Further, a predetermined time after displaying the conversion reference table 20b, a hatched line, a character in the conversion row A, a character string in the conversion row B, or the conversion reference table 20b itself is automatically switched to an invisible state. May be.

  The authentication screen of FIG. 3C includes a “conversion reference table” 20c and a “combination non-display” button 21c. In the conversion reference table 20c, instead of the diagonal lines in FIG. The difference is that connection lines which are vertical and horizontal straight lines are displayed. Also in this authentication screen, a “combination display” button may be provided so that a vertical and horizontal connection line is displayed only when the button is clicked, or when the “combination non-display” button 21c is clicked. In addition, one or both of the characters in the conversion line A and the n-digit character string in the conversion line B may be invisible, instead of the Amidakuji connection line, and the entire conversion reference table 20c may be invisible. You may make it be in a display state. It may be configured to switch between the invisible state / visible state by clicking the conversion reference table 20c itself, or configured to automatically switch to the invisible state after a predetermined time from displaying the conversion reference table 20c. May be.

The authentication operation in the authentication system of the present invention will be described in more detail with reference to the flowchart of FIG.
When the user performs an operation for displaying the login screen, a “conversion table request” is sent from the conversion table creation request unit 111 of the request unit 11 to the authentication control unit 15 in step S1. In response, the conversion table creation instructing means 151 of the authentication control unit 15 transmits a “generation command” of the conversion table and the generation number to the conversion table generation unit 12 in step S2. Thereby, the conversion table production | generation part 12 produces | generates a conversion table in step S3, and the combination of this conversion table and the generation number matched with it is transmitted to the authentication control part 15, In step S4, conversion table memory | storage / Return means 152 stores the conversion table and the generation number in the temporary storage unit 13. Next, the conversion table storage / return means 152 returns a “conversion table response” including the conversion table and the generation number to the request unit 11 in step S5. Then, the authentication screen providing unit 112 of the request unit 11 generates a conversion reference table based on the received conversion table, and any of the authentication screens (FIGS. 3A to 3C) including the conversion reference table. Is transmitted to the mobile communication device 2 for display.

  On the authentication screen displayed in this way, in step S7, the user inputs the user ID and refers to the conversion reference table displayed to convert his / her password into a one-time password. When the password is entered and the login button is selected, the request unit 11 receives the password, and the authentication request unit 113 transmits an “authentication request” to the authentication control unit 15 in step S8. The “authentication request” includes the user ID and the one-time password input by the user, and the generation number of the conversion table related to the conversion reference table referred to when generating the one-time password. Upon receiving the “authentication request”, the authentication control unit 15 performs authentication in step S9. If the authentication is successful, the authentication control unit 15 transmits an “authentication success response” in step S10. In the case of failure, an “authentication failure response” is transmitted in step S11. As a result, the authentication operation ends.

  FIG. 5 is a flowchart showing the authentication determination operation in step S9 of FIG. As shown in FIG. 5, when the “authentication request” is received from the request unit 11, the one-time password / password conversion unit 153 of the authentication control unit 15 receives the generation number included in the authentication request in step S 9.1. It is confirmed whether it is stored in the temporary storage unit 13, and in step S9.2, it is confirmed whether the generation number is within the expiration date. If the confirmation is obtained, the one-time password / password conversion means 153 reversely converts the one-time password into a password in steps S9.3 to S9.6.

  In the reverse conversion to the password, in step S9.3, the character string of n digits (2 digits in the example of FIG. 3) from the left of the one-time password in the authentication request is separated, and then in step S9.5. In the case where it is confirmed whether or not the separated n-digit character string exists in the conversion line B with reference to the conversion table stored in the temporary storage unit 13 corresponding to the generation number. Then, the character of the conversion line A corresponding to the character string is acquired. Next, in step S9.6, it is determined whether or not an n-digit character string remains in the one-time password. If it remains, the process returns to step S9.3, and the next n-digit character string is replaced with one. Separate from the time password, execute steps S9.4, S9.5, and S9.6, and repeatedly execute until all the n-digit character strings in the one-time password are converted to the characters in the conversion line A. When the conversion of all the character strings of the one-time password into the characters in the conversion line A, that is, the reverse conversion is completed, the password intended by the user is obtained.

Next, in step S9.7, the authentication command unit 154 of the authentication control unit 15 transmits the obtained password and the user ID included in the authentication request from the request unit 11 to the password authentication unit 14, and makes an authentication inquiry. I do. As described above, the password authentication unit 14 performs user authentication with the user ID and the password. The authentication result by the password authenticating unit 14 is received by the authentication result transmitting unit 155. If the authentication result is successful, the authentication result transmitting unit 155 sends an authentication success to the request unit 11 in step S10 of FIG. In the case of failure, an authentication failure is sent to the request unit 11 in step S11 of FIG. Even when the determinations in steps S9.1, S9.2, and S9.4 are negative, the authentication result transmission unit 155 transmits an authentication failure to the request unit 11.
As a result, the request unit 11 can execute an appropriate process according to whether authentication is successful or authentication failure.

  Since the present invention is configured as described above, the user can set his / her password one-time based on the conversion reference table displayed on the authentication screen without requiring prior distribution or possession of a token or random number table. It can be easily converted into a password and entered. In addition, since a part or the whole of the conversion reference table can be switched between the invisible state and the visible state, even if a third party looks into the inputted one-time password, it is extremely difficult to grasp and estimate the user password. Thus, leakage of the user's password can be prevented.

Claims (13)

In an authentication system using a one-time password,
Generate and generate a conversion table indicating the correspondence between all characters that may be included in the password of the user of the mobile communication device and an n-digit character string (n ≧ 2) corresponding to each character Conversion table generating means for assigning a unique generation number to the converted conversion table;
Storage means for temporarily storing the conversion table generated by the conversion table generation means and the generation number assigned thereto;
Password authentication means for performing user authentication based on the supplied user ID and password;
Request means for performing an interface between a mobile communication device and an authentication system when performing user authentication,
Means for requesting the creation of a conversion table;
Upon receipt of the created conversion table and generation number, a conversion reference table is generated based on the conversion table, and is displayed on the mobile communication device by incorporating it into an authentication screen having user ID and one-time password input fields. An authentication screen providing means,
Entered when the user ID entered on the authentication screen displayed on the mobile communication device and the one-time password entered on the screen based on the conversion reference table displayed on the authentication screen are received. Request means comprising means for transmitting a user authentication request including a user ID and a one-time password,
Authentication control means for controlling the operation of the entire authentication system,
Means for instructing conversion table generation means to create a conversion table when receiving a request to create a conversion table from the request means;
Means for storing the conversion table and the generation number generated by the conversion table generating means in the temporary storage means and returning them to the request unit;
When a user authentication request is received from the request unit, the one-time password included in the request is converted back to a password intended for input by the user by reverse conversion based on a conversion table stored in the temporary storage unit. Means,
An authentication control means comprising: a means for transmitting the password and user ID obtained by the reverse conversion to the password authentication means to perform user authentication; and a means for transmitting the authentication result by the password authentication means to the request unit. An authentication system characterized by that.   The authentication system according to claim 1, wherein the authentication screen providing means of the request means provides the conversion reference table with a number of frames equal to the number of all characters that may be included in the user password of the mobile communication device, An authentication system, wherein all the characters are randomly arranged in these frames, and an n-digit character string corresponding to the character arranged in the frame is arranged in each frame.   3. The authentication system according to claim 2, wherein the authentication screen providing unit of the request unit further displays a button on the authentication screen, and can be included in the password of the user of the mobile communication device in the conversion reference table by clicking the button. An authentication system configured to switch and display at least one of a unique character and an n-digit character string corresponding to the character or the conversion reference table itself between an invisible state and a visible state.   3. The authentication system according to claim 1, wherein the authentication screen providing unit of the request unit further includes a password of the user of the mobile communication device in the conversion reference table by clicking on the conversion reference table itself on the authentication screen of the mobile communication device. And / or an n-digit character string corresponding to the character or the conversion reference table itself is displayed by switching between the invisible state and the visible state. Authentication system.   4. The authentication system according to claim 1, wherein the authentication screen providing unit of the request unit further includes a mobile in the conversion reference table a predetermined time after the conversion reference table is displayed on the authentication screen of the mobile communication device. That at least one of the characters that may be included in the password of the user of the communication device and the n-digit character string corresponding to the characters, or the conversion reference table itself is automatically made invisible. A featured authentication system.   2. The authentication system according to claim 1, wherein the authentication screen providing means of the request means includes a conversion reference table having a number of frames equal to the number of all characters that may be included in the password of the user of the mobile communication device. A second line consisting of one line and the same number of frames is provided apart from each other, all the characters are arranged in each frame of the first line in a predetermined order, and an n-digit character string is in a predetermined order or randomly Are arranged in each frame of the second row, and the corresponding characters of the character in the first row frame and the n-digit character string in the second row frame are connected by a hatched connecting line. An authentication system characterized by being generated by:   7. The authentication system according to claim 6, wherein the authentication screen providing means of the requesting means further displays a button on the authentication screen, and when the button is clicked, an oblique connection line in the conversion reference table, a password of the user of the mobile communication device And at least one of the n-digit character string corresponding to the character or the conversion reference table itself is displayed by switching between the invisible state and the visible state. An authentication system characterized by that.   8. The authentication system according to claim 6 or 7, wherein the authentication screen providing means of the request means further includes an oblique connection line in the conversion reference table, a mobile communication device by clicking on the conversion reference table itself on the authentication screen of the mobile communication device. The characters that may be included in the user password and at least one of the n-digit character strings corresponding to the characters, or the conversion reference table itself are switched between the invisible state and the visible state for display. An authentication system characterized by being configured.   9. The authentication system according to claim 6, wherein the authentication screen providing unit of the request unit further includes a diagonal line in the conversion reference table a predetermined time after the conversion reference table is displayed on the authentication screen of the mobile communication device. The connection line, at least one of the characters that may be included in the password of the user of the mobile communication device and the n-digit character string corresponding to the character, or the conversion reference table itself is made invisible. An authentication system characterized by being configured.   2. The authentication system according to claim 1, wherein the authentication screen providing means of the request means includes a conversion reference table having a number of frames equal to the number of all characters that may be included in the password of the user of the mobile communication device. A second line consisting of one line and the same number of frames is provided apart from each other, all the characters are arranged in each frame of the first line in a predetermined order, and an n-digit character string is in a predetermined order or randomly Are placed in each frame of the second row, and the corresponding characters of the characters in the first row frame and the n-digit character string in the second row frame are connected by a connection line in the form of a lottery. An authentication system characterized by being generated by doing.   11. The authentication system according to claim 10, wherein the authentication screen providing unit of the requesting unit further displays a button on the authentication screen, and when the button is clicked, the connection line in the Amidaji format in the conversion reference table, the user of the mobile communication device It is configured to display at least one of the characters that may be included in the password and the n-digit character string corresponding to the characters, or the conversion reference table itself by switching between the invisible state and the visible state. An authentication system characterized by   12. The authentication system according to claim 10 or 11, wherein the authentication screen providing means of the requesting means further includes a connection line in the Amida lottery format in the conversion reference table, the mobile by clicking on the conversion reference table itself on the authentication screen of the mobile communication device. Display at least one of the characters that may be included in the password of the user of the communication device and the n-digit character string corresponding to the characters, or the conversion reference table itself in an invisible state / visible state. An authentication system characterized by being configured to do.   13. The authentication system according to claim 10, wherein the authentication screen providing unit of the request unit further includes an amidaji in the conversion reference table a predetermined time after the conversion reference table is displayed on the authentication screen of the mobile communication device. A connection line in the form, a character that may be included in the password of the user of the mobile communication device, and an n-digit character string corresponding to the character, or the conversion reference table itself is in an invisible state. An authentication system characterized by being configured to do.