Authentication-authorization system for mobile communication terminal and method therefor

US 20060242404A1
Filed: 06/07/2006
Published: 10/26/2006
Est. Priority Date: 11/12/2003
Status: Active Grant

First Claim

Patent Images

1. An authentication-authorization system for a mobile communication terminal, applied in a Mobile Internet architecture, the system comprising:

a mobile communication terminal, located at a first end and having a first authentication program for executing the authentication-authorization, a plurality of application service programs which can provide an application service, and a mobile terminal identification data;

a card, optionally installed in the mobile communication terminal and having a card identification data and a preset code data;

a data management terminal, located at a second end, for executing a second authentication program which can provide the authentication-authorization, and a preset code data same as the one in the card; and

an encoding terminal, located at a third end, for executing a third authentication program which can provide the authentication-authorization, and being responsible for dynamically generating a code data for the authentication-authorization to the card and the data management terminal continuously and randomly according to a request of the data management terminal;

wherein, after the system activates the mobile communication terminal, and installs the card to make the mobile communication terminal in a first connect state, and completes initialization, when the application service program requests the first authentication program executing authentication-authorization, a data buffer time point is randomly appointed by the first authentication program and the second authentication program, and when reaching the data buffer time point, a first code data of the card and a second code data of the data management terminal are respectively buffered as a first buffer code data and a second buffer code data in sync;

after buffering is complete, the first buffer code data together with the card identification data and the mobile terminal identification data is transferred to the second authentication program by the first authentication program for being compared with the second buffer code data to determine the authentication-authorization result;

if matching, the first authentication program will be authorized by the second authentication program to allow the requesting application service program to proceed.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication-authorization system for a mobile communication terminal and a method therefor are provided. When a mobile communication terminal is in a connect state, code data randomly generated by a remote encoding terminal is continuously provided to the terminal and data management terminal. When an application service program on the mobile communication terminal or an application service terminal connected to the mobile communication terminal need to execute an authentication-authorization, identification data of the mobile communication terminal and its card and code data can be offered to the data management terminal to carry out a bidirectional dynamic authentication-authorization, to determine whether allow the application service program or the application service terminal to keep providing an application service or not. In a further aspect of the embodiment, at least two aforementioned authentication-authorization systems are joined, and a layered authentication-authorization mechanism is adopted, so as to provide a secured and completed system.

42 Citations

View as Search Results

207 Claims

1. An authentication-authorization system for a mobile communication terminal, applied in a Mobile Internet architecture, the system comprising:
- a mobile communication terminal, located at a first end and having a first authentication program for executing the authentication-authorization, a plurality of application service programs which can provide an application service, and a mobile terminal identification data;
  
  a card, optionally installed in the mobile communication terminal and having a card identification data and a preset code data;
  
  a data management terminal, located at a second end, for executing a second authentication program which can provide the authentication-authorization, and a preset code data same as the one in the card; and
  
  an encoding terminal, located at a third end, for executing a third authentication program which can provide the authentication-authorization, and being responsible for dynamically generating a code data for the authentication-authorization to the card and the data management terminal continuously and randomly according to a request of the data management terminal;
  
  wherein, after the system activates the mobile communication terminal, and installs the card to make the mobile communication terminal in a first connect state, and completes initialization, when the application service program requests the first authentication program executing authentication-authorization, a data buffer time point is randomly appointed by the first authentication program and the second authentication program, and when reaching the data buffer time point, a first code data of the card and a second code data of the data management terminal are respectively buffered as a first buffer code data and a second buffer code data in sync;
  
  after buffering is complete, the first buffer code data together with the card identification data and the mobile terminal identification data is transferred to the second authentication program by the first authentication program for being compared with the second buffer code data to determine the authentication-authorization result;
  
  if matching, the first authentication program will be authorized by the second authentication program to allow the requesting application service program to proceed.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54)
- - 2. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the process of the system activating the mobile communication terminal and installing the card to make the mobile communication terminal in the first connect state and completing initialization further comprises the mobile communication terminal activating the first authentication program to transfer the mobile terminal identification data to the third authentication program of the encoding terminal, to carry out authentication-authorization of the mobile communication terminal;
    - then the first authentication program reading the card identification data and the preset code data of the card, and transferring them together with the mobile terminal identification data to the second authentication program of the data management terminal to carry out authentication-authorization of the mobile communication terminal;
      
      when the mobile communication terminal passes the authentication-authorization of the encoding terminal and the data management terminal respectively, with the mobile communication terminal staying connected, the second authentication program sending a request to the third authentication program for starting continuously generating and transferring the code data to the first authentication program and then storing the code data in the card for being updated to the first code data, and transferring the code data to the second authentication program for being updated to the second code data, such that the first authentication program can accept a call from the application service program to execute authentication-authorization at any time.
  - 3. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the system further comprises that when the mobile communication terminal stops connecting, the third authentication program ceases generating the code data, and at the same time the first code data is buffered by the first authentication program as a buffer code data;
    - when the mobile communication terminal resumes connection, the first authentication program transfers the mobile terminal identification data to the third authentication program of the encoding terminal again, to carry out authentication-authorization of the mobile communication terminal;
      
      then the first authentication program reads the card identification data and the buffer code data of the card, and transfers the card identification data and the buffer code data to the second authentication program of the data management terminal together with the mobile terminal identification data, to carry out authentication-authorization for the mobile communication terminal;
      
      after the mobile communication terminal passes the authentication-authorization of the encoding terminal and the data management terminal respectively, the second authentication program sends a request to the third authentication program for restarting continuously generating and transferring the code data to the first authentication program and then storing the code data in the card as the first code data, and transferring the code data to the second authentication program as the second code data, such that the first authentication program resumes accepting a call from the application service program to execute authentication-authorization at any time.
  - 4. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the system further comprises more than one application service terminal, located at a fourth end, for providing different application services and having a service terminal identification data, and executing a fourth authentication program which can provide the authentication-authorization;
    - when the application service terminal provides an application service, a time verification is executed by the first authentication program and the second authentication program and a data buffer time point is randomly appointed, and when reaching the data buffer time point, the first code data in the card and the second code data of the data management terminal are respectively buffered as the first buffer code data and the second buffer code data in sync;
      
      after buffering is complete, the first buffer code data together with the card identification data and the mobile terminal identification data are transferred to the second authentication program and the fourth authentication program respectively by the first authentication program;
      
      a first comparison with the second buffer code data is carried out by the second authentication program, and then the first buffer code data together with the card identification data and the mobile terminal identification data together with the service terminal identification data are transferred to the second authentication program by the fourth authentication program for a second comparison with the second buffer code data, to determine the authentication-authorization result;
      
      if matching, the application service terminal making a request will be authorized to continue providing an application service to the first authentication program.
  - 5. The authentication-authorization system for a mobile communication terminal as claimed in claim 4, wherein the application service terminal is an auto transfer machine (ATM).
  - 6. The authentication-authorization system for a mobile communication terminal as claimed in claim 4, wherein the application service terminal is an auto stored-value/pay machine at point-of-sale.
  - 7. The authentication-authorization system for a mobile communication terminal as claimed in claim 4, wherein the application service terminal is an auto ticketing machine.
  - 8. The authentication-authorization system for a mobile communication terminal as claimed in claim 4, wherein the application service terminal is an electronic lock.
  - 9. The authentication-authorization system for a mobile communication terminal as claimed in claim 4, wherein the application service terminal is a media download terminal capable of providing a multimedia content to the mobile communication terminal for outputting.
  - 10. The authentication-authorization system for a mobile communication terminal as claimed in claim 9, wherein the mobile communication terminal further comprises transferring the multimedia content to a multimedia terminal located at the fifth end for outputting.
  - 11. The authentication-authorization system for a mobile communication terminal as claimed in claim 4, wherein the application service terminal is a document file download terminal capable of providing a document file content to the mobile communication terminal for outputting.
  - 12. The authentication-authorization system for a mobile communication terminal as claimed in claim 11, wherein the mobile communication terminal further comprises transferring the document file content to the multimedia terminal located at the fifth end for outputting.
  - 13. The authentication-authorization system for a mobile communication terminal as claimed in claim 4, wherein the application service terminal is a software file download terminal, which can provide a software file content to the mobile communication terminal for outputting.
  - 14. The authentication-authorization system for a mobile communication terminal as claimed in claim 13, wherein the mobile communication terminal further comprises transferring the software file content to the multimedia terminal located at the fifth end for outputting.
  - 15. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, when the application service program requests the first authentication program executing the authentication-authorization, further comprising the second authentication program requiring the first authentication program and the third authentication program to execute the time synchronization program, to generate a reference time point as a time reference when carrying out authentication-authorization.
  - 16. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the third authentication program further comprises randomly determining a split pattern of the code data for splitting the code data, and transferring the split code data to the first authentication program and the second authentication program through more than one data transmission channel respectively for reverting the split code data to the code data.
  - 17. The authentication-authorization system for a mobile communication terminal as claimed in claim 16, wherein the split pattern is selected from a group consisting of data length, data field, and data bits.
  - 18. The authentication-authorization system for a mobile communication terminal as claimed in claim 16, wherein the data transmission channel is selected from a group consisting of a satellite communication, an Internet communication, and a mobile network communication.
  - 19. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the first code data is directly received from the third authentication program.
  - 20. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the first code data is directly received from the second authentication program.
  - 21. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, when accessing the first code data or the second code data, further comprising carrying out accessing after encrypting/decrypting with an encryption/decryption standard through a random encoding/decoding algorithm.
  - 22. The authentication-authorization system for a mobile communication terminal as claimed in claim 21, wherein the encryption/decryption standard is selected from a group consisting of symmetric encryption/decryption standard and asymmetric encryption/decryption standard.
  - 23. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the application service program is a network transaction application service program connected to an E-business terminal for carrying out an E-business cash flow, an information flow, or a logistics operation.
  - 24. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the application service program is a network financial transaction application service program connected to a network banking terminal for carrying out network financial transactions.
  - 25. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the application service program is a website login application service program connected to a website servo terminal for carrying out website login application service.
  - 26. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the application service program is a network upload application service program connected to a network upload terminal for carrying out network upload application service.
  - 27. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the application service program is a network download application service program connected to a network download terminal for carrying out network download application service.
  - 28. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the application service program is a document upload/download application service program connected to a document file transmission terminal for carrying out document receipt/forwarding application service.
  - 29. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the application service program is an identification application service program connected to an access security terminal for carrying out access control application service.
  - 30. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the mobile terminal identification data is an International Mobile Equipment Identity (IMEI).
  - 31. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the card is a chip card.
  - 32. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the card is a Subscriber Identity Module (SIM).
  - 33. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the card identification data is an International Mobile Station Identity (IMSI).
  - 34. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the card identification data is a Temporary Mobile Subscriber Identity (TMSI) assigned by a Visitor Location Register (VLR) after presenting a connect state.
  - 35. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the second authentication program further comprises requiring the first authentication program and the third authentication program to execute the time synchronization program, and re-generate a new reference time point in an aperiodic and random manner.
  - 36. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the second authentication program further comprises re-generating the new reference time point driven by the third authentication program.
  - 37. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the second authentication program further comprises spot-checking and authenticating the validity of the reference time point of the first authentication program and the third authentication program in an aperiodic and random manner.
  - 38. The authentication-authorization system for a mobile communication terminal as claimed in claim 37, wherein when the result of the second authentication program spot-checking and authenticating the reference time point of the first authentication program and/or the third authentication program is incorrect, the second authentication program sends a signal to a management-and-control terminal located at the sixth end for determining the risk mode through a data comparison.
  - 39. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the first code data is distributively stored in a random selection manner through the first authentication program, such that the first code data is stored in the card and a memory of the mobile communication terminal respectively.
  - 40. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the second code data is distributively stored in a random selection manner through the second authentication program, such that the second code data is stored in the code database and a storage region of the data management terminal respectively.
  - 41. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the first buffer code data is randomly selected from the first code data in the card and the first code data in the memory.
  - 42. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the second buffer code data is randomly selected from the second code data in the code database and the second code data in the storage region.
  - 43. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the process of carrying out a comparison between the first buffer code data and the second buffer code data further comprises randomly extracting a part of code data of the first buffer code data and the second buffer code data by the second authentication program for comparison, to determine the authentication-authorization result.
  - 44. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the system further comprises a buffer data storage terminal, located at the seventh end, for backing up the first buffer code data transferred by the first authentication program and the second buffer code data transferred by the second authentication program in sync when comparing.
  - 45. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the system further comprises sending a signal to the management-and-control terminal through a Globe Positioning System (GPS) communicator of the mobile communication terminal, to confirm the position of the mobile communication terminal and execute a corresponding management-and-control, when the mobile communication terminal cannot pass the authentication-authorization of the encoding terminal and the data management terminal simultaneously.
  - 46. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the system further comprises sending a signal to the management-and-control terminal through an Assisted Global Positioning System (AGPS) communicator of the mobile communication terminal, to confirm the position of the mobile communication terminal and execute a corresponding management-and-control, when the mobile communication terminal cannot pass the authentication-authorization of the encoding terminal and the data management terminal simultaneously.
  - 47. The authentication-authorization system for a mobile communication terminal as claimed in claim 2, wherein the part of the third authentication program continuously generating the code data further comprises allocating the time for transmitting the code data to the first authentication program and the second authentication program according the actual data flow.
  - 48. The authentication-authorization system for a mobile communication terminal as claimed in claim 2, wherein the part of the third authentication program continuously generating the code data randomly determines the time point for generating the code data through the third authentication program.
  - 49. The authentication-authorization system for a mobile communication terminal as claimed in claim 2, wherein the part of the third authentication program continuously generating the code data randomly updates and generates the new first code data and the new second code data in a single data accumulation mode, a multi-data-block update mode, an all-data-block update mode, a random deletion update mode, or a random field update mode.
  - 50. The authentication-authorization system for a mobile communication terminal as claimed in claim 3, wherein when the mobile communication terminal is in a disconnect state, the second authentication program requires the random encoding/decoding algorithm to randomly change the encryption/decryption standard at the same time.
  - 51. The authentication-authorization system for a mobile communication terminal as claimed in claim 3, wherein when the mobile communication terminal is in a disconnect state, the third authentication program requires the random encoding/decoding algorithm to randomly change the encryption/decryption standard at the same time.
  - 52. The authentication-authorization system for a mobile communication terminal as claimed in claim 3, wherein the buffer code data is randomly selected from the first code data in the memory joined with the first code data in the card by the first authentication program, and is reverted when resuming connection.
  - 53. The authentication-authorization system for a mobile communication terminal as claimed in claim 3, wherein the buffer code data is randomly selected from the first code data in the memory joined with a part of the first code data in the card by the third authentication program, and is reverted when resuming connection.
  - 54. The authentication-authorization system for a mobile communication terminal as claimed in claim 3, wherein the third authentication program further comprises transferring a random selection result to the second authentication program for storage, and transferring the random selection result to the first authentication program by the second authentication program to revert the buffer code data when resuming connection.

55. A multi-terminal authentication-authorization system, applied in a Mobile Internet architecture, the system at least comprising a first terminal authentication-authorization system and a second terminal authentication-authorization system, each of the terminal authentication-authorization systems further including a terminal, located at a first end, having a first authentication program which can execute authentication-authorization, a plurality of application service programs which can provide application services, and a terminal identification data;
- a card, optionally installed in the terminal, having a card identification data and a preset code data;
  
  a data management terminal, located at a second end, executing a second authentication program which can provide authentication-authorization and preset code data the same as the one in the card; and
  
  an encoding terminal, located at a third end, executing a third authentication program which can provide authentication-authorization, responsible for dynamically generating a code data for authentication-authorization to the card and the data management terminal continuously and randomly according to the request of the data management terminal;
  
  wherein the first terminal authentication-authorization system and the second terminal authentication-authorization system carry out the respective authentication-authorization independently;
  
  after the first terminal authentication-authorization system and the second terminal authentication-authorization system activate the mobile communication terminal and install the card to make the mobile communication terminal in a first connect state and complete the initialization, when respective application service program requests the authentication-authorization, a data buffer time point is randomly appointed by the first authentication program and the second authentication program, and when reaching the data buffer time point, the first code data in the card and the second code data in the data management terminal are respectively buffered as a first buffer code data and a second buffer code data in sync, and the first authentication program transfers the first code data together with the card identification data and the terminal identification data to the second authentication program for comparison, to determine the authentication-authorization result;
  
  if matching, the first authentication program allows the respective requesting application service program to proceed, which is characterized in that the first terminal authentication-authorization system and the second terminal authentication-authorization system are joined to execute multiple authentication-authorizations, when executing multiple authentication-authorizations;
  
  after the first terminal authentication-authorization system completes the first-stage authentication-authorization, the terminal thereof transfers the first code data in its card and the second code data in the data management terminal to the second terminal authentication-authorization system;
  
  the first code data and the second code data of the terminal of the second terminal authentication-authorization system and the data management terminal are joined with the first code data and the second code data of the first terminal authentication-authorization system as new first code data and second code data by the terminal of the second terminal authentication-authorization system and the data management terminal for carrying out the second-stage authentication-authorization;
  
  after passing, the first authentication program of the first terminal authentication-authorization system is authorized by the terminal of the second terminal authentication-authorization system to allow the requesting application service program to proceed, achieving multi-terminal authentication-authorization.
- View Dependent Claims (56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103)
- - 56. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the process of the system activating the terminal and installing the card to make the terminal in a first connect state and completing initialization further comprises the terminal activating the first authentication program to transfer the terminal identification data to the third authentication program of the encoding terminal, for carrying out the terminal authentication-authorization;
    - then the first authentication program reading the card identification data and the preset code data of the card and transferring them together with the terminal identification data to the second authentication program of the data management terminal for carrying out terminal authentication-authorization;
      
      after the terminal passes the authentication-authorization of the encoding terminal and the data management terminal, with the terminal staying connected, the second authentication program sending a request to the third authentication program for starting continuously generating and transferring the code data respectively to the first authentication program and then storing the code data in the card for being updated to the first code data, and transferring the code data to the second authentication program for being updated to the second code data, such that the first authentication program can accept a call from the application service program to execute authentication-authorization at any time.
  - 57. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the first terminal authentication-authorization system and the second terminal authentication-authorization system further comprise:
    - when the terminal is in a disconnect state, the third authentication program ceases generating the code data, and at the same time, the first code data is buffered by the first authentication program as a buffer code data;
      
      when the terminal resumes connection, the first authentication program transfers the terminal identification data to the third authentication program of the encoding terminal again, to carry out the terminal authentication-authorization, and then the first authentication program reads and transfers the card identification data of the buffer code data of the card and the buffer code data to the second authentication program of the data management terminal together with the terminal identification data, to carry out terminal authentication-authorization;
      
      after the terminal passes the authentication-authorization of the encoding terminal and the data management terminal respectively, a request is sent to the third authentication program by the second authentication program for starting continuously generating the code data to the first authentication program and storing the code data in the card as the first code data and to the second authentication program as the second code data, such that the first authentication program resumes accepting a call from the application service program to execute authentication-authorization at any time.
  - 58. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the card of the first terminal authentication-authorization system is a Veri Chip system implanted in a human body, capable of carrying out bidirectional communication with the terminal.
  - 59. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the card of the first terminal authentication-authorization system is a mobile telecommunication fitting, capable of carrying out bidirectional communication with the terminal.
  - 60. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the card of the second terminal authentication-authorization system is a chip installed in a mobile communication terminal, capable of carrying out bidirectional communication with the terminal.
  - 61. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the way to join the first code data and the second code data of the first terminal authentication-authorization system with the first code data and the second code data of the second terminal authentication-authorization system is randomly selected by the second terminal authentication-authorization system.
  - 62. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the data transmitting and receiving between the first code data and the second code data between the first terminal authentication-authorization system and the second terminal authentication-authorization system is processed with a security encryption/decryption.
  - 63. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the first terminal authentication-authorization system and the second terminal authentication-authorization system are further connected to more than one application service terminal for receiving an authentication-authorization request from each of the application service terminals.
  - 64. The multi-terminal authentication-authorization system as claimed in claim 55, when the application service program request the first authentication program executing the authentication-authorization, further comprising the second authentication program requiring the first authentication program and the third authentication program to execute a time synchronization program, to generate a reference time point as a time reference of the authentication-authorization.
  - 65. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the third authentication program further comprises randomly determining a split pattern of the code data to split the code data, and transferring the split code data to the first authentication program and the second authentication program through more than one data transmission channel respectively for reverting the split code data as the code data.
  - 66. The multi-terminal authentication-authorization system as claimed in claim 65, wherein the split pattern is selected from a group consisting of data length, data field, and data bits.
  - 67. The multi-terminal authentication-authorization system as claimed in claim 65, wherein the data transmission channel is selected from a group consisting of a satellite communication, an Internet communication, and a mobile network communication.
  - 68. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the first code data is directly received from the third authentication program.
  - 69. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the first code data is received from the second authentication program.
  - 70. The multi-terminal authentication-authorization system as claimed in claim 55, when accessing the first code data or the second code data, further comprising accessing after carrying out an encryption/decryption in an encryption/decryption standard with a random encoding/decoding algorithm.
  - 71. The multi-terminal authentication-authorization system as claimed in claim 70, wherein the encryption/decryption standard is selected from a group consisting of symmetric encryption/decryption standard and asymmetric encryption/decryption standard.
  - 72. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the application service program is a network financial transaction application service program connected to a network banking terminal for carrying out network financial transactions.
  - 73. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the application service program is a network transaction application service program connected to an E-business terminal for carrying out E-business cash flows, information flows, or logistics operations.
  - 74. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the application service program is a website login application service program connected to a website servo terminal for carrying out website login application service.
  - 75. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the application service program is a network upload application service program connected to a network upload network upload terminal for carrying out network upload application service.
  - 76. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the application service program is a network download application service program connected to a network download terminal for carrying out network download application service.
  - 77. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the application service program is a document upload/download application service program connected to a document file transmission terminal for carrying out document receipt/forwarding application service.
  - 78. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the application service program is an identification application service program connected to an access security terminal for carrying out an access control application service.
  - 79. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the terminal identification data is an IMEI.
  - 80. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the card is a chip card.
  - 81. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the card is a SIM.
  - 82. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the card identification data is an IMSI.
  - 83. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the card identification data is a TMSI assigned by a VLR after presenting a connect state.
  - 84. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the second authentication program further comprises requiring the first authentication program and the third authentication program in an aperiodic and random manner to execute the time synchronization program to re-generate the new reference time point.
  - 85. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the second authentication program further comprises re-generating the new reference time point driven by the third authentication program.
  - 86. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the second authentication program further comprises spot-checking and authenticating the validity of the reference time point of the first authentication program and the third authentication program in an aperiodic and random manner.
  - 87. The multi-terminal authentication-authorization system as claimed in claim 86, wherein when the result of the second authentication program spot-checking and authenticating the reference time point of the first authentication program and/or the third authentication program is incorrect, the second authentication program sends a signal to a management-and-control terminal located at a fourth end, for determining the risk mode through a data comparison.
  - 88. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the first code data distributively stored in a random selection manner through the first authentication program, such that the first code data is stored in a memory of the card and the terminal respectively.
  - 89. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the second code data is distributively stored in a random selection manner through the second authentication program, such that the second code data is stored in a storage region of the code database and the data management terminal respectively.
  - 90. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the first buffer code data is randomly selected from the first code data in the card and the first code data in the memory.
  - 91. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the second buffer code data is randomly selected from the second code data in the code database and the second code data in the storage region.
  - 92. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the process of carrying out a comparison between the first buffer code data and the second buffer code data further comprises randomly extracting a part of the code data of the first buffer code data and the second buffer code data for comparison by the second authentication program, to determine the authentication-authorization result.
  - 93. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the system further comprises a buffer data storage terminal, located at a fifth end, for backing up the first buffer code data transferred by the first authentication program and the second buffer code data transferred by the second authentication program in sync at each comparison.
  - 94. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the system further comprises sending a signal to the management-and-control terminal through a GPS communicator of the terminal, to confirm the position of the terminal and execute a corresponding management-and-control, when the terminal cannot pass the authentication-authorization of the encoding terminal and the data management terminal simultaneously.
  - 95. The multi-terminal authentication-authorization system as claimed in claim 55, wherein the system further comprises sending a signal to the management-and-control terminal through an AGPS communicator of the terminal, to confirm the position of the terminal and execute a corresponding management-and-control, when the terminal cannot pass the authentication-authorization of the encoding terminal and the data management terminal simultaneously.
  - 96. The multi-terminal authentication-authorization system as claimed in claim 56, wherein the part of the third authentication program continuously generating the code data further comprises allocating the time for transmitting the code data to the first authentication program and the second authentication program according to the actual data flow.
  - 97. The multi-terminal authentication-authorization system as claimed in claim 56, wherein the part of the third authentication program continuously generating the code data randomly determines the time point of generating the code data through the third authentication program.
  - 98. The multi-terminal authentication-authorization system as claimed in claim 56, wherein the part of the third authentication program continuously generating the code data updates and generates the new first code data and the new second code data randomly in a single data accumulation mode, a multi-data-block update mode, an all-data-block update mode, a random deletion update mode or a random field update mode.
  - 99. The multi-terminal authentication-authorization system as claimed in claim 57, wherein when the terminal is in a disconnect state, the third authentication program requires the random encoding/decoding algorithm to randomly change the encryption/decryption standard at the same time.
  - 100. The multi-terminal authentication-authorization system as claimed in claim 57, wherein when the terminal is in a disconnect state, the second authentication program requires the random encoding/decoding algorithm to randomly change the encryption/decryption standard at the same time.
  - 101. The multi-terminal authentication-authorization system as claimed in claim 57, wherein the buffer code data is randomly selected from the first code data in the memory joined with the first code data in the card by the first authentication program, and is reverted when resuming connection.
  - 102. The multi-terminal authentication-authorization system as claimed in claim 57, wherein the buffer code data is randomly selected from the first code data in the memory joined with a part of the first code data in the card by the third authentication program, and is reverted when resuming connection.
  - 103. The multi-terminal authentication-authorization system as claimed in claim 57, wherein the third authentication program further comprises transferring a random selection result to the second authentication program for storage, and transferring the random selection result to the first authentication program to revert the buffer code data by the second authentication program when resuming connection.

104. An authentication-authorization method for a mobile communication terminal, applied in an authentication-authorization system for a mobile communication terminal of a Mobile Internet architecture, the authentication-authorization system for a mobile communication terminal including a mobile communication terminal, located at a first end and having a first authentication program for executing the authentication-authorization, a plurality of application service programs for providing application services, and a mobile terminal identification data;
- a card, optionally installed in the mobile communication terminal and having a card identification data and a preset code data;
  
  a data management terminal, located at a second end, executing a second authentication program which can provide authentication-authorization and preset code data the same as the one in the card; and
  
  an encoding terminal, located at a third end and executing a third authentication program which can provide authentication-authorization and is responsible for dynamically generating a code data for the authentication-authorization to the card and the data management terminal continuously and randomly according to the request of the data management terminal, the authentication-authorization method for a mobile communication terminal comprises;
  
  activating the mobile communication terminal and installing the card to make the mobile communication terminal in a first connect state and completing initialization;
  
  randomly appointing a data buffer time point by the first authentication program and the second authentication program when the application service program requests executing the authentication-authorization form the first authentication program, and buffering the first code data in the card and a second code data of the data management terminal respectively as a first buffer code data and a second buffer code data in sync when reaching the data buffer time point;
  
  transferring the first buffer code data together with the card identification data and the mobile terminal identification data to the second authentication program by the first authentication program after completing buffering, and carrying out a comparison with the second buffer code data to determine the authentication-authorization result; and
  
  authorizing the first authentication program to allow the requesting application service program to proceed by the second authentication program if matching.
- View Dependent Claims (105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158)
- - 105. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, in the process of activating the mobile communication terminal and installing the card to make the mobile communication terminal in a first connect state and completing initialization, the method further comprising:
    - activating the first authentication program by the mobile communication terminal to transfer the mobile terminal identification data to the third authentication program of the encoding terminal, to carry out authentication-authorization for the mobile communication terminal;
      
      reading the card identification data and the preset code data of the card by the first authentication program, transferring them together with the mobile terminal identification data to the second authentication program of the data management terminal to carry out authentication-authorization for the mobile communication terminal;
      
      with the mobile communication terminal staying connected, sending a request by the second authentication program to the third authentication program for starting continuously generating and transferring the code data to the first authentication program, after the mobile communication terminal passes the authentication-authorization of the encoding terminal and the data management terminal, and then storing the code data in the card for being updated to the first code data, and transferring the code data to the second authentication program for being updated to the second code data; and
      
      allowing the first authentication program to accept a call from the application service program to execute authentication-authorization at any time.
  - 106. The authentication-authorization method and system for a mobile communication terminal as claimed in claim 104, when the mobile communication terminal is in a disconnect state, the method further comprising:
    - ceasing generating the code data by the third authentication program, and at the same time the first authentication program buffering the first code data as a buffer code data;
      
      transferring the mobile terminal identification data by the first authentication program to the third authentication program of the encoding terminal again when the mobile communication terminal resumes connection, to carry out authentication-authorization for the mobile communication terminal;
      
      reading the card identification data and the buffer code data of the card by the first authentication program, then transferring them together with the mobile terminal identification data to the second authentication program of the data management terminal to carry out authentication-authorization for the mobile communication terminal;
      
      sending a request by the second authentication program to the third authentication program for continuously re-generating the code data to the first authentication program after the mobile communication terminal passes the authentication-authorization of the encoding terminal and the data management terminal, and storing the code data in the card as the first code data and to the second authentication program as the second code data; and
      
      resuming accepting a call from the application service program for the first authentication program to execute authentication-authorization at any time.
  - 107. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the method further comprises the step of connecting to more than one application service terminals located at a fourth end, the terminals providing different application services, having a service terminal identification data respectively, and executing a fourth authentication program which can provide authentication-authorization, further including:
    - requiring the mobile communication terminal to request an authentication-authorization when the application service terminal provides an application service, and executing a time verification and randomly appointing a data buffer time point by the first authentication program and the second authentication program, and when reaching the data buffer time point, buffering a first code data in the card and a second code data of the data management terminal respectively as a first buffer code data and a second buffer code data in sync;
      
      after completing buffering, transferring the first buffer code data together with the card identification data and the mobile terminal identification data by the first authentication program to the second authentication program and the fourth authentication program respectively for carrying out a first comparison with the second buffer code data by the second authentication program, and then the fourth authentication program transferring the first buffer code data together with the card identification data and the mobile terminal identification data together with the service terminal identification data to the second authentication program for carrying out a second comparison with the second buffer code data, to determine the authentication-authorization result; and
      
      if matching, authorizing the application service terminal making a request to resume providing an application service to the first authentication program.
  - 108. The authentication-authorization method for a mobile communication terminal as claimed in claim 107, wherein the application service terminal is an ATM.
  - 109. The authentication-authorization method for a mobile communication terminal as claimed in claim 107, wherein the application service terminal is an auto stored value/pay machine at point-of-sale.
  - 110. The authentication-authorization method for a mobile communication terminal as claimed in claim 107, wherein the application service terminal is an auto ticketing machine.
  - 111. The authentication-authorization method for a mobile communication terminal as claimed in claim 107, wherein the application service terminal is an electronic lock.
  - 112. The authentication-authorization method for a mobile communication terminal as claimed in claim 107, wherein the application service terminal is a media download terminal capable of providing a multimedia content to the mobile communication terminal for outputting.
  - 113. The authentication-authorization method for a mobile communication terminal as claimed in claim 112, wherein the mobile communication terminal further comprises transferring the multimedia content to a multimedia terminal located at a fifth end for outputting.
  - 114. The authentication-authorization method for a mobile communication terminal as claimed in claim 107, wherein the application service terminal is a document file download terminal capable of providing a document file content to the mobile communication terminal for outputting.
  - 115. The authentication-authorization method for a mobile communication terminal as claimed in claim 114, wherein the mobile communication terminal further comprises transferring the document file content to the multimedia terminal located at the fifth end for outputting.
  - 116. The authentication-authorization method for a mobile communication terminal as claimed in claim 107, wherein the application service terminal is a software file download terminal for providing a software file content to the mobile communication terminal for outputting.
  - 117. The authentication-authorization method for a mobile communication terminal as claimed in claim 116, wherein the mobile communication terminal further comprises transferring the software file content to the multimedia terminal located at the fifth end for outputting.
  - 118. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, when the application service program requests the first authentication program executing authentication-authorization, further comprising requiring the first authentication program and the third authentication program to execute the time synchronization program by the second authentication program, to generate a reference time point as a time reference of the authentication-authorization.
  - 119. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the third authentication program further comprises randomly determining a split pattern of the code data for splitting the code data, and transferring the split code data to the first authentication program and the second authentication program through more than one data transmission channel respectively for reverting the split code data as the code data.
  - 120. The authentication-authorization method for a mobile communication terminal as claimed in claim 119, wherein the split pattern is selected from a group consisting of data length, data field, and data bits.
  - 121. The authentication-authorization method for a mobile communication terminal as claimed in claim 119, wherein the data transmission channel is selected from a group consisting of satellite communication, Internet communication, and mobile network communication.
  - 122. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the first code data is directly received from the third authentication program.
  - 123. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the first code data is directly received from the second authentication program.
  - 124. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, when accessing the first code data or the second code data, further comprising accessing after carrying out the encryption/decryption in an encryption/decryption standard through a random encoding/decoding algorithm.
  - 125. The authentication-authorization method for a mobile communication terminal as claimed in claim 124, wherein the encryption/decryption standard is selected from the group consisting of a symmetric encryption/decryption standard and an asymmetric encryption/decryption standard.
  - 126. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the application service program is a network financial transaction application service program connected to a network banking terminal for carrying out network financial transactions.
  - 127. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the application service program refers to a network transaction application service program connected to an E-business terminal for carrying out E-business cash flows, information flows, or logistics operations.
  - 128. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the application service program is a website login application service program connected to a website servo terminal for carrying out website login application service.
  - 129. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the application service program is a network upload application service program connected to a network upload terminal for carrying out network upload application service.
  - 130. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the application service program is a network download application service program connected to a network download terminal for carrying out network download application service.
  - 131. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the application service program is a document upload/download application service program connected to a document file transmission terminal for carrying out document receipt/forwarding application service.
  - 132. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the application service program is an identification application service program connected to an access security terminal for carrying out access control application service.
  - 133. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the mobile terminal identification data is an IMEI.
  - 134. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the card is a chip card.
  - 135. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the card is a SIM.
  - 136. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the card identification data is an IMSI.
  - 137. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the card identification data is a TMSI assigned by a VLR after presenting a connect state.
  - 138. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the second authentication program further comprises requesting the first authentication program and the third authentication program to execute the time synchronization program and re-generate the new reference time point in an aperiodic and random manner.
  - 139. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the second authentication program further comprises re-generating the new reference time point driven by the third authentication program.
  - 140. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the second authentication program further comprises spot-checking and authenticating the validity of the reference time point of the first authentication program and the third authentication program in an aperiodic and random manner.
  - 141. The authentication-authorization method for a mobile communication terminal as claimed in claim 140, wherein when the result of the second authentication program spot-checking and authenticating the reference time point of the first authentication program and/or the third authentication program is incorrect, the second authentication program sends a signal to a management-and-control terminal located at a sixth end for determining the risk mode through a data comparison.
  - 142. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the first code data is distributively stored in a random selection manner through the first authentication program, such that the first code data is stored in the card and a memory of the mobile communication terminal respectively.
  - 143. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the second code data is distributively stored in a random selection manner through the second authentication program, such that the second code data is stored in the code database and a storage region of the data management terminal respectively.
  - 144. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the first buffer code data is randomly selected from the first code data in the card and the first code data in the memory.
  - 145. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the second buffer code data is randomly selected from the second code data in the code database and the second code data in the storage region.
  - 146. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the process of carrying out the comparison between the first buffer code data and the second buffer code data further comprises randomly extracting a part of code data of the first buffer code data and the second buffer code data for carrying out the comparison by the second authentication program, to determine the authentication-authorization result.
  - 147. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the method further comprises a buffer data storage terminal, located at the seventh end, for backing up the first buffer code data transferred by the first authentication program and the second buffer code data transferred by the second authentication program in sync at each comparison.
  - 148. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the method further comprises sending a signal to the management-and-control terminal through a GPS communicator of the mobile communication terminal, to confirm the position of the mobile communication terminal and execute a corresponding management-and-control, when the mobile communication terminal cannot pass the authentication-authorization of the encoding terminal and the data management terminal simultaneously.
  - 149. The authentication-authorization method for a mobile communication terminal as claimed in claim 104, wherein the method further comprises sending a signal to the management-and-control terminal through an AGPS communicator of the mobile communication terminal, to confirm the position of the mobile communication terminal and execute a corresponding management-and-control, when the mobile communication terminal cannot pass the authentication-authorization of the encoding terminal and the data management terminal simultaneously.
  - 150. The authentication-authorization method for a mobile communication terminal as claimed in claim 105, wherein the part of the third authentication program continuously generating the code data further comprises the step of allocating the time for transmitting the code data to the first authentication program and the second authentication program according to the actual data flow.
  - 151. The authentication-authorization method for a mobile communication terminal as claimed in claim 105, wherein the part of the third authentication program continuously generating the code data randomly determines the time point of generating the code data through the third authentication program.
  - 152. The authentication-authorization method for a mobile communication terminal as claimed in claim 105, wherein the part of the third authentication program continuously generating the code data randomly updates and generates the new first code data and the second code data in a single data accumulation mode, a multi-data-block update mode, an all-data-block update mode, a random deletion update mode, or a random field update mode.
  - 153. The authentication-authorization method for a mobile communication terminal as claimed in claim 105, wherein when the mobile communication terminal is in a disconnect state, the third authentication program requires a random encoding/decoding algorithm randomly changing the encryption/decryption standard.
  - 154. The authentication-authorization method for a mobile communication terminal as claimed in claim 106, wherein when the mobile communication terminal is in a disconnect state, the second authentication program requires a random encoding/decoding algorithm randomly changing the encryption/decryption standard.
  - 155. The authentication-authorization method for a mobile communication terminal as claimed in claim 106, wherein when the mobile communication terminal is in a disconnect state, further comprising the step of requiring a random encoding/decoding algorithm randomly changing the encryption/decryption standard at the same time by the third authentication program.
  - 156. The authentication-authorization method for a mobile communication terminal as claimed in claim 106, wherein the buffer code data is randomly selected from the first code data in the memory joined with the first code data in the card by the first authentication program, and is reverted when resuming connection.
  - 157. The authentication-authorization method for a mobile communication terminal as claimed in claim 106, wherein the buffer code data is randomly selected from the first code data in the memory joined with part of the first code data in the card by the third authentication program, and is reverted when resuming connection.
  - 158. The authentication-authorization method for a mobile communication terminal as claimed in claim 106, wherein the third authentication program further comprises transferring a random selection result to the second authentication program for storage, and transferring the random selection result to the first authentication program by the second authentication program to revert the buffer code data when resuming connection.

159. An multi-terminal authentication-authorization method, applied in a multi-terminal authentication-authorization system of a Mobile Internet architecture, wherein the multi-terminal authentication-authorization system at least comprises a first terminal authentication-authorization system and a second terminal authentication-authorization system;
- each of the terminal authentication-authorization systems further comprises a terminal, located at a first end and having a first authentication program for executing the authentication-authorization, a plurality of application service programs for providing application services, and a terminal identification data;
  
  a card, optionally installed in the terminal and having a card identification data and a preset code data;
  
  a data management terminal, located at a second end and executing a second authentication program which can provide the authentication-authorization and the preset code data same as the one in the card; and
  
  an encoding terminal, located at a third end, executing a third authentication program which can provide the authentication-authorization and responsible for dynamically generating a code data for the authentication-authorization to the card and the data management terminal continuously and randomly according to the request of the data management terminal;
  
  wherein the first terminal authentication-authorization system and the second terminal authentication-authorization system carry out the respective authentication-authorization independently;
  
  after the first terminal authentication-authorization system and the second terminal authentication-authorization system activate the mobile communication terminal and install the card making the mobile communication terminal in a first connect state and complete initialization, when the respective application service program requests the authentication-authorization, a data buffer time point is randomly appointed by the first authentication program and the second authentication program, and when reaching the data buffer time point, buffering the first code data in the card and the second code data of the data management terminal respectively in sync;
  
  the first authentication program transfers the first code data together with the card identification data and the terminal identification data to the second authentication program for comparison to determine the authentication-authorization result, if matching, the first authentication program is authorized to allow the respective requesting application service program to proceed, which is characterized in that the first terminal authentication-authorization system and the second terminal authentication-authorization system execute multiple authentication-authorizations, when executing multiple authentication-authorizations, it comprises the following steps;
  
  completing the first-stage authentication-authorization by the first terminal authentication-authorization system;
  
  after passing, transferring the first code data in its card and the second code data in the data management terminal to the second terminal authentication-authorization system through the terminal, joining the first code data and the second code data thereof with the first code data and the second code data of the first terminal authentication-authorization system as the new first code data and the new second code data by the terminal of the second terminal authentication-authorization system and the data management terminal to carry out second-stage authentication-authorization; and
  
  only after passing, the terminal of the second terminal authentication-authorization system authorizing the first authentication program of the first terminal authentication-authorization system, to allow the requesting application service program to proceed, and achieving multi-terminal authentication-authorization.
- View Dependent Claims (160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207)
- - 160. The authentication-authorization method for a mobile communication terminal as claimed in claim 159, when activating the terminal and installing the card to make the terminal in the first connect state and completing initialization, further comprising carrying out the following steps:
    - activating the first authentication program by the terminal to transfer the terminal identification data to the third authentication program of the encoding terminal, for carrying out the terminal authentication-authorization;
      
      reading the card identification data and the preset code data of the card by the first authentication program, and then transferring them together with the terminal identification data to the second authentication program of the data management terminal for carrying out the terminal authentication-authorization;
      
      with the terminal staying connected, sending a request by the second authentication program to the third authentication program for starting continuously generating and transferring the code data to the first authentication program after the terminal passes the authentication-authorization of the encoding terminal and the data management terminal respectively, and then storing the code data in the card for being updated to the first code data, and transferring the code data to the second authentication program for being updated to the second code data; and
      
      allowing the first authentication program to accept a call from the application service program to execute the authentication-authorization.
  - 161. The authentication-authorization method and system for a mobile communication terminal as claimed in claim 159, when the terminal is in a disconnect state, the method further comprising executing the following steps:
    - ceasing generating the code data by the third authentication program, and the first authentication program buffering the first code data as a buffer code data at the same time;
      
      re-transferring the terminal identification data by the first authentication program to the third authentication program of the encoding terminal when the terminal resumes connection, for carrying out terminal authentication-authorization;
      
      reading the card identification data and the buffer code data of the card by the first authentication program, and then transferring them together with the terminal identification data to the second authentication program of the data management terminal for carrying out terminal authentication-authorization;
      
      sending a request by the second authentication program to the third authentication program to resume continuously generating the code data to the first authentication program after the terminal passes the authentication-authorization of the encoding terminal and the data management terminal respectively, and storing the code data in the card as the first code data and to the second authentication program as the second code data; and
      
      resuming accepting a call from the application service program for the first authentication program, to execute authentication-authorization at any time.
  - 162. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the card of the first terminal authentication-authorization system is a Veri Chip system implanted in a human body, capable of carrying out bidirectional communication with the terminal.
  - 163. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the card of the first terminal authentication-authorization system is a mobile telecommunication fitting, capable of carrying out bidirectional communication with the terminal.
  - 164. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the card of the second terminal authentication-authorization system is a chip installed in a mobile communication terminal, capable of carrying out bidirectional communication with the terminal.
  - 165. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the way to join the first code data and the second code data of the first terminal authentication-authorization system with the first code data and the second code data of the second terminal authentication-authorization system is randomly selected by the second terminal authentication-authorization system.
  - 166. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the data transmitting and receiving between the first code data and the second code data between the first terminal authentication-authorization system and the second terminal authentication-authorization system is processed with a secure encryption/decryption.
  - 167. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the first terminal authentication-authorization system and the second terminal authentication-authorization system are further connected to more than one application service terminal to receive the request for the authentication-authorization from the respective application service terminal.
  - 168. The multi-terminal authentication-authorization method as claimed in claim 159, when the application service program requests the first authentication program to execute the authentication-authorization, further comprising the step of the second authentication program requesting the first authentication program and the third authentication program executing the time synchronization program, to generate a reference time point as a time reference for the authentication-authorization.
  - 169. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the third authentication program further comprises randomly determining a split pattern of the code data for splitting the code data, and transferring the split code data through more than one data transmission channel respectively to the first authentication program and the second authentication program for being reverted as the code data.
  - 170. The multi-terminal authentication-authorization method as claimed in claim 169, wherein the split pattern is selected from a group consisting of data length, data field, and data bits.
  - 171. The multi-terminal authentication-authorization method as claimed in claim 169, wherein the data transmission channel is selected from a group consisting of satellite communication, Internet communication, and mobile network communication.
  - 172. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the first code data is directly received from the third authentication program.
  - 173. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the first code data is directly received from the second authentication program.
  - 174. The multi-terminal authentication-authorization method as claimed in claim 159, wherein when accessing the first code data or the second code data, further comprising carrying out the access after carrying out an encryption/decryption in an encryption/decryption standard through a random encoding/decoding algorithm.
  - 175. The multi-terminal authentication-authorization method as claimed in claim 174, wherein the encryption/decryption standard is selected from a group consisting of a symmetric encryption/decryption standard and an asymmetric encryption/decryption standard.
  - 176. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the application service program is a network financial transaction application service program connected to a network banking terminal for carrying out network financial transactions.
  - 177. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the application service program is a network transaction application service program connected to an E-business terminal for carrying out E-business cash flows, information flows, or logistics operations.
  - 178. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the application service program is a website login application service program connected to a website servo terminal for carrying out website login application service.
  - 179. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the application service program is a network upload application service program connected to a network upload network upload terminal for carrying out network upload application service.
  - 180. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the application service program is a network download application service program connected to a network download terminal for carrying out network download application service.
  - 181. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the application service program is a document upload/download application service program connected to a document file transmission terminal for carrying out document receipt/forwarding application service.
  - 182. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the application service program is an identification application service program connected to an access security terminal for carrying out access control application service.
  - 183. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the terminal identification data is an IMEI.
  - 184. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the card is a chip card.
  - 185. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the card is a SIM.
  - 186. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the card identification data is an IMSI.
  - 187. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the card identification data is a TMSI assigned by a VLR after presenting a connect state.
  - 188. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the second authentication program further comprises requiring the first authentication program and the third authentication program executing the time synchronization program and re-generating the new reference time point in an aperiodic and random manner.
  - 189. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the second authentication program further comprises re-generating the new reference time point driven by the third authentication program.
  - 190. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the second authentication program further comprises spot-checking and authenticating the validity of the reference time point of the first authentication program and the third authentication program in an aperiodic and random manner.
  - 191. The multi-terminal authentication-authorization method as claimed in claim 190, wherein when the result of the second authentication program spot-checking and authenticating the reference time point of the first authentication program and/or the third authentication program is incorrect, the second authentication program sends a signal to a management-and-control terminal located at a fourth end for determining the risk mode through a data comparison.
  - 192. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the first code data is distributively stored in a random selection manner through the first authentication program, such that the first code data is respectively stored in the card and a memory of the terminal.
  - 193. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the second code data is distributively stored in a random selection manner through the second authentication program, such that the second code data is stored in the code database and a storage region of the data management terminal.
  - 194. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the first buffer code data is randomly selected from the first code data in the card and the first code data in the memory.
  - 195. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the second buffer code data is randomly selected from the second code data in the code database and the second code data in the storage region.
  - 196. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the process of carrying out the comparison between the first buffer code data and the second buffer code data further comprises extracting a part of the code data of the first buffer code data and the second buffer code data by the second authentication program random for carrying out a comparison, to determine the authentication-authorization result.
  - 197. The multi-terminal authentication-authorization method as claimed in claim 159, wherein the method further comprise a buffer data storage terminal, located at a fifth end for backing up the first buffer code data transferred by the first authentication program and the second buffer code data transferred by the second authentication program in sync at each comparison.
  - 198. The multi-terminal authentication-authorization method as claimed in claim 159, further comprising sending a signal to the management-and-control terminal through a GPS communicator of the terminal, to confirm the position of the terminal and execute a corresponding management-and-control, when the terminal cannot pass the authentication-authorization of the encoding terminal and the data management terminal simultaneously.
  - 199. The multi-terminal authentication-authorization method as claimed in claim 159, further comprising sending a signal to the management-and-control terminal through an AGPS communicator of the terminal, to confirm the position of the terminal and execute a corresponding management-and-control, when the terminal cannot pass the authentication-authorization of the encoding terminal and the data management terminal simultaneously.
  - 200. The multi-terminal authentication-authorization method as claimed in claim 160, wherein the part of the third authentication program continuously generating the code data further comprises the step of allocating the time for transmitting the code data to the first authentication program and the second authentication program, according to the actual data flow.
  - 201. The multi-terminal authentication-authorization method as claimed in claim 160, wherein the part of the third authentication program continuously generating the code data randomly determines the time point for generating the code data through the third authentication program.
  - 202. The multi-terminal authentication-authorization method as claimed in claim 160, wherein the part of the third authentication program continuously generating the code data randomly updates and generates the new first code data and the new second code data in a single data accumulation mode, a multi-data-block update mode, an all-data-block update mode, a random deletion update mode, or a random field update mode.
  - 203. The multi-terminal authentication-authorization method as claimed in claim 161, wherein when the terminal is in a disconnect state, the third authentication program requires the random encoding/decoding algorithm randomly changing the encryption/decryption standard at the same time.
  - 204. The multi-terminal authentication-authorization method as claimed in claim 161, wherein when the terminal is in a disconnect state, the second authentication program requires the random encoding/decoding algorithm randomly changing the encryption/decryption standard.
  - 205. The multi-terminal authentication-authorization method as claimed in claim 161, wherein the buffer code data is randomly selected from the first code data in the memory joined with the first code data in the card by the first authentication program, and is reverted when resuming connection.
  - 206. The multi-terminal authentication-authorization method as claimed in claim 161, wherein the buffer code data is randomly selected from the first code data in the memory joined with a part of the first code data in the card by the third authentication program, and is reverted when resuming connection.
  - 207. The multi-terminal authentication-authorization method as claimed in claim 161, wherein the third authentication program further comprises transferring a random selection result to the second authentication program for storage, and transferring the random selection result to the first authentication program to revert the buffer code data by the second authentication program when resuming connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Min-Chieh Su
Original Assignee
Min-Chieh Su
Inventors
Su, Min-Chieh

Granted Patent

US 7,853,534 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/150
CPC Class Codes

G06Q 20/027   involving a payment switch ...

G06Q 20/0855   involving a third party

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/401   Transaction verification

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 63/0853   using an additional device,...

H04L 9/12   Transmitting and receiving ...

H04L 9/321   involving a third party or ...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/71   Hardware identity

H04W 12/72   Subscriber identity

Authentication-authorization system for mobile communication terminal and method therefor

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

42 Citations

207 Claims

Specification

Use Cases

Quick Links

Others

Authentication-authorization system for mobile communication terminal and method therefor

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

207 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others