Authentication-authorization system for mobile communication terminal and method therefor
First Claim
1. An authentication-authorization system for a mobile communication terminal, applied in a Mobile Internet architecture, the system comprising:
- a mobile communication terminal, located at a first end and having a first authentication program for executing the authentication-authorization, a plurality of application service programs which can provide an application service, and a mobile terminal identification data;
a card, optionally installed in the mobile communication terminal and having a card identification data and a preset code data;
a data management terminal, located at a second end, for executing a second authentication program which can provide the authentication-authorization, and a preset code data same as the one in the card; and
an encoding terminal, located at a third end, for executing a third authentication program which can provide the authentication-authorization, and being responsible for dynamically generating a code data for the authentication-authorization to the card and the data management terminal continuously and randomly according to a request of the data management terminal;
wherein, after the system activates the mobile communication terminal, and installs the card to make the mobile communication terminal in a first connect state, and completes initialization, when the application service program requests the first authentication program executing authentication-authorization, a data buffer time point is randomly appointed by the first authentication program and the second authentication program, and when reaching the data buffer time point, a first code data of the card and a second code data of the data management terminal are respectively buffered as a first buffer code data and a second buffer code data in sync;
after buffering is complete, the first buffer code data together with the card identification data and the mobile terminal identification data is transferred to the second authentication program by the first authentication program for being compared with the second buffer code data to determine the authentication-authorization result;
if matching, the first authentication program will be authorized by the second authentication program to allow the requesting application service program to proceed.
0 Assignments
0 Petitions
Accused Products
Abstract
An authentication-authorization system for a mobile communication terminal and a method therefor are provided. When a mobile communication terminal is in a connect state, code data randomly generated by a remote encoding terminal is continuously provided to the terminal and data management terminal. When an application service program on the mobile communication terminal or an application service terminal connected to the mobile communication terminal need to execute an authentication-authorization, identification data of the mobile communication terminal and its card and code data can be offered to the data management terminal to carry out a bidirectional dynamic authentication-authorization, to determine whether allow the application service program or the application service terminal to keep providing an application service or not. In a further aspect of the embodiment, at least two aforementioned authentication-authorization systems are joined, and a layered authentication-authorization mechanism is adopted, so as to provide a secured and completed system.
42 Citations
207 Claims
-
1. An authentication-authorization system for a mobile communication terminal, applied in a Mobile Internet architecture, the system comprising:
-
a mobile communication terminal, located at a first end and having a first authentication program for executing the authentication-authorization, a plurality of application service programs which can provide an application service, and a mobile terminal identification data;
a card, optionally installed in the mobile communication terminal and having a card identification data and a preset code data;
a data management terminal, located at a second end, for executing a second authentication program which can provide the authentication-authorization, and a preset code data same as the one in the card; and
an encoding terminal, located at a third end, for executing a third authentication program which can provide the authentication-authorization, and being responsible for dynamically generating a code data for the authentication-authorization to the card and the data management terminal continuously and randomly according to a request of the data management terminal;
wherein, after the system activates the mobile communication terminal, and installs the card to make the mobile communication terminal in a first connect state, and completes initialization, when the application service program requests the first authentication program executing authentication-authorization, a data buffer time point is randomly appointed by the first authentication program and the second authentication program, and when reaching the data buffer time point, a first code data of the card and a second code data of the data management terminal are respectively buffered as a first buffer code data and a second buffer code data in sync;
after buffering is complete, the first buffer code data together with the card identification data and the mobile terminal identification data is transferred to the second authentication program by the first authentication program for being compared with the second buffer code data to determine the authentication-authorization result;
if matching, the first authentication program will be authorized by the second authentication program to allow the requesting application service program to proceed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54)
-
-
55. A multi-terminal authentication-authorization system, applied in a Mobile Internet architecture, the system at least comprising a first terminal authentication-authorization system and a second terminal authentication-authorization system, each of the terminal authentication-authorization systems further including a terminal, located at a first end, having a first authentication program which can execute authentication-authorization, a plurality of application service programs which can provide application services, and a terminal identification data;
- a card, optionally installed in the terminal, having a card identification data and a preset code data;
a data management terminal, located at a second end, executing a second authentication program which can provide authentication-authorization and preset code data the same as the one in the card; and
an encoding terminal, located at a third end, executing a third authentication program which can provide authentication-authorization, responsible for dynamically generating a code data for authentication-authorization to the card and the data management terminal continuously and randomly according to the request of the data management terminal;
wherein the first terminal authentication-authorization system and the second terminal authentication-authorization system carry out the respective authentication-authorization independently;
after the first terminal authentication-authorization system and the second terminal authentication-authorization system activate the mobile communication terminal and install the card to make the mobile communication terminal in a first connect state and complete the initialization, when respective application service program requests the authentication-authorization, a data buffer time point is randomly appointed by the first authentication program and the second authentication program, and when reaching the data buffer time point, the first code data in the card and the second code data in the data management terminal are respectively buffered as a first buffer code data and a second buffer code data in sync, and the first authentication program transfers the first code data together with the card identification data and the terminal identification data to the second authentication program for comparison, to determine the authentication-authorization result;
if matching, the first authentication program allows the respective requesting application service program to proceed, which is characterized in that the first terminal authentication-authorization system and the second terminal authentication-authorization system are joined to execute multiple authentication-authorizations, when executing multiple authentication-authorizations;
after the first terminal authentication-authorization system completes the first-stage authentication-authorization, the terminal thereof transfers the first code data in its card and the second code data in the data management terminal to the second terminal authentication-authorization system;
the first code data and the second code data of the terminal of the second terminal authentication-authorization system and the data management terminal are joined with the first code data and the second code data of the first terminal authentication-authorization system as new first code data and second code data by the terminal of the second terminal authentication-authorization system and the data management terminal for carrying out the second-stage authentication-authorization;
after passing, the first authentication program of the first terminal authentication-authorization system is authorized by the terminal of the second terminal authentication-authorization system to allow the requesting application service program to proceed, achieving multi-terminal authentication-authorization. - View Dependent Claims (56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103)
- a card, optionally installed in the terminal, having a card identification data and a preset code data;
-
104. An authentication-authorization method for a mobile communication terminal, applied in an authentication-authorization system for a mobile communication terminal of a Mobile Internet architecture, the authentication-authorization system for a mobile communication terminal including a mobile communication terminal, located at a first end and having a first authentication program for executing the authentication-authorization, a plurality of application service programs for providing application services, and a mobile terminal identification data;
- a card, optionally installed in the mobile communication terminal and having a card identification data and a preset code data;
a data management terminal, located at a second end, executing a second authentication program which can provide authentication-authorization and preset code data the same as the one in the card; and
an encoding terminal, located at a third end and executing a third authentication program which can provide authentication-authorization and is responsible for dynamically generating a code data for the authentication-authorization to the card and the data management terminal continuously and randomly according to the request of the data management terminal, the authentication-authorization method for a mobile communication terminal comprises;
activating the mobile communication terminal and installing the card to make the mobile communication terminal in a first connect state and completing initialization;
randomly appointing a data buffer time point by the first authentication program and the second authentication program when the application service program requests executing the authentication-authorization form the first authentication program, and buffering the first code data in the card and a second code data of the data management terminal respectively as a first buffer code data and a second buffer code data in sync when reaching the data buffer time point;
transferring the first buffer code data together with the card identification data and the mobile terminal identification data to the second authentication program by the first authentication program after completing buffering, and carrying out a comparison with the second buffer code data to determine the authentication-authorization result; and
authorizing the first authentication program to allow the requesting application service program to proceed by the second authentication program if matching. - View Dependent Claims (105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158)
- a card, optionally installed in the mobile communication terminal and having a card identification data and a preset code data;
-
159. An multi-terminal authentication-authorization method, applied in a multi-terminal authentication-authorization system of a Mobile Internet architecture, wherein the multi-terminal authentication-authorization system at least comprises a first terminal authentication-authorization system and a second terminal authentication-authorization system;
- each of the terminal authentication-authorization systems further comprises a terminal, located at a first end and having a first authentication program for executing the authentication-authorization, a plurality of application service programs for providing application services, and a terminal identification data;
a card, optionally installed in the terminal and having a card identification data and a preset code data;
a data management terminal, located at a second end and executing a second authentication program which can provide the authentication-authorization and the preset code data same as the one in the card; and
an encoding terminal, located at a third end, executing a third authentication program which can provide the authentication-authorization and responsible for dynamically generating a code data for the authentication-authorization to the card and the data management terminal continuously and randomly according to the request of the data management terminal;
wherein the first terminal authentication-authorization system and the second terminal authentication-authorization system carry out the respective authentication-authorization independently;
after the first terminal authentication-authorization system and the second terminal authentication-authorization system activate the mobile communication terminal and install the card making the mobile communication terminal in a first connect state and complete initialization, when the respective application service program requests the authentication-authorization, a data buffer time point is randomly appointed by the first authentication program and the second authentication program, and when reaching the data buffer time point, buffering the first code data in the card and the second code data of the data management terminal respectively in sync;
the first authentication program transfers the first code data together with the card identification data and the terminal identification data to the second authentication program for comparison to determine the authentication-authorization result, if matching, the first authentication program is authorized to allow the respective requesting application service program to proceed, which is characterized in that the first terminal authentication-authorization system and the second terminal authentication-authorization system execute multiple authentication-authorizations, when executing multiple authentication-authorizations, it comprises the following steps;
completing the first-stage authentication-authorization by the first terminal authentication-authorization system;
after passing, transferring the first code data in its card and the second code data in the data management terminal to the second terminal authentication-authorization system through the terminal, joining the first code data and the second code data thereof with the first code data and the second code data of the first terminal authentication-authorization system as the new first code data and the new second code data by the terminal of the second terminal authentication-authorization system and the data management terminal to carry out second-stage authentication-authorization; and
only after passing, the terminal of the second terminal authentication-authorization system authorizing the first authentication program of the first terminal authentication-authorization system, to allow the requesting application service program to proceed, and achieving multi-terminal authentication-authorization. - View Dependent Claims (160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207)
- each of the terminal authentication-authorization systems further comprises a terminal, located at a first end and having a first authentication program for executing the authentication-authorization, a plurality of application service programs for providing application services, and a terminal identification data;
Specification