Authentication-authorization system for mobile communication terminal and method therefor
First Claim
1. An authentication-authorization system for a mobile communication terminal, applied in a Mobile Internet architecture, the system comprising:
- a mobile communication terminal, located at a first end and having a first authentication program for executing the authentication-authorization, a plurality of application service programs which can provide an application service, and a mobile terminal identification data;
a card, optionally installed in the mobile communication terminal and having a card identification data and a preset code data;
a data management terminal, located at a second end, for executing a second authentication program which can provide the authentication-authorization, and a preset code data same as the one in the card; and
an encoding terminal, located at a third end, for executing a third authentication program which can provide the authentication-authorization, and being responsible for dynamically generating a code data for the authentication-authorization to the card and the data management terminal continuously and randomly according to a request of the data management terminal;
wherein, after the system activates the mobile communication terminal, and installs the card to make the mobile communication terminal in a first connect state, and completes initialization, when the application service program requests the first authentication program executing authentication-authorization, a data buffer time point is randomly appointed by the first authentication program and the second authentication program, and when reaching the data buffer time point, a first code data of the card and a second code data of the data management terminal are respectively buffered as a first buffer code data and a second buffer code data in sync;
after buffering is complete, the first buffer code data together with the card identification data and the mobile terminal identification data is transferred to the second authentication program by the first authentication program for being compared with the second buffer code data to determine the authentication-authorization result;
if matching, the first authentication program will be authorized by the second authentication program to allow the requesting application service program to proceed,wherein the process of the system activating the mobile communication terminal and installing the card to make the mobile communication terminal in the first connect state and completing initialization further comprises the mobile communication terminal activating the first authentication program to transfer the mobile terminal identification data to the third authentication program of the encoding terminal, to carry out authentication-authorization of the mobile communication terminal;
then the first authentication program reading the card identification data and the preset code data of the card, and transferring them together with the mobile terminal identification data to the second authentication program of the data management terminal to carry out authentication-authorization of the mobile communication terminal;
when the mobile communication terminal passes the authentication-authorization of the encoding terminal and the data management terminal respectively, with the mobile communication terminal staying connected, the second authentication program sending a request to the third authentication program for starting continuously generating and transferring the code data to the first authentication program and then storing the code data in the card for being updated to the first code data, and transferring the code data to the second authentication program for being updated to the second code data, such that the first authentication program can accept a call from the application service program to execute authentication-authorization at any time, andwherein the part of the third authentication program continuously generating the code data randomly updates and generates the new first code data and the new second code data in a single data accumulation mode, a multi-data-block update mode, an all-data-block update mode, a random deletion update mode, or a random field update mode.
0 Assignments
0 Petitions
Accused Products
Abstract
An authentication-authorization system for a mobile communication terminal and a method therefore are provided. When a mobile communication terminal is in a connect state, code data randomly generated by a remote encoding terminal is continuously provided to the terminal and data management terminal. When an application service program on the mobile communication terminal or an application service terminal connected to the mobile communication terminal need to execute an authentication-authorization, identification data of the mobile communication terminal and its card and code data can be offered to the data management terminal to carry out a bidirectional dynamic authentication-authorization, to determine whether allow the application service program or the application service terminal to keep providing an application service or not. In a further aspect of the embodiment, at least two aforementioned authentication-authorization systems are joined, and a layered authentication-authorization mechanism is adopted, so as to provide a secured and completed system.
-
Citations
65 Claims
-
1. An authentication-authorization system for a mobile communication terminal, applied in a Mobile Internet architecture, the system comprising:
-
a mobile communication terminal, located at a first end and having a first authentication program for executing the authentication-authorization, a plurality of application service programs which can provide an application service, and a mobile terminal identification data; a card, optionally installed in the mobile communication terminal and having a card identification data and a preset code data; a data management terminal, located at a second end, for executing a second authentication program which can provide the authentication-authorization, and a preset code data same as the one in the card; and an encoding terminal, located at a third end, for executing a third authentication program which can provide the authentication-authorization, and being responsible for dynamically generating a code data for the authentication-authorization to the card and the data management terminal continuously and randomly according to a request of the data management terminal; wherein, after the system activates the mobile communication terminal, and installs the card to make the mobile communication terminal in a first connect state, and completes initialization, when the application service program requests the first authentication program executing authentication-authorization, a data buffer time point is randomly appointed by the first authentication program and the second authentication program, and when reaching the data buffer time point, a first code data of the card and a second code data of the data management terminal are respectively buffered as a first buffer code data and a second buffer code data in sync;
after buffering is complete, the first buffer code data together with the card identification data and the mobile terminal identification data is transferred to the second authentication program by the first authentication program for being compared with the second buffer code data to determine the authentication-authorization result;
if matching, the first authentication program will be authorized by the second authentication program to allow the requesting application service program to proceed,wherein the process of the system activating the mobile communication terminal and installing the card to make the mobile communication terminal in the first connect state and completing initialization further comprises the mobile communication terminal activating the first authentication program to transfer the mobile terminal identification data to the third authentication program of the encoding terminal, to carry out authentication-authorization of the mobile communication terminal;
then the first authentication program reading the card identification data and the preset code data of the card, and transferring them together with the mobile terminal identification data to the second authentication program of the data management terminal to carry out authentication-authorization of the mobile communication terminal;
when the mobile communication terminal passes the authentication-authorization of the encoding terminal and the data management terminal respectively, with the mobile communication terminal staying connected, the second authentication program sending a request to the third authentication program for starting continuously generating and transferring the code data to the first authentication program and then storing the code data in the card for being updated to the first code data, and transferring the code data to the second authentication program for being updated to the second code data, such that the first authentication program can accept a call from the application service program to execute authentication-authorization at any time, andwherein the part of the third authentication program continuously generating the code data randomly updates and generates the new first code data and the new second code data in a single data accumulation mode, a multi-data-block update mode, an all-data-block update mode, a random deletion update mode, or a random field update mode. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. An authentication-authorization system for a mobile communication terminal, applied in a Mobile Internet architecture, the system comprising:
-
a mobile communication terminal, located at a first end and having a first authentication program for executing the authentication-authorization, a plurality of application service programs which can provide an application service, and a mobile terminal identification data; a card, optionally installed in the mobile communication terminal and having a card identification data and a preset code data; a data management terminal, located at a second end, for executing a second authentication program which can provide the authentication-authorization, and a preset code data same as the one in the card; and an encoding terminal, located at a third end, for executing a third authentication program which can provide the authentication-authorization, and being responsible for dynamically generating a code data for the authentication-authorization to the card and the data management terminal continuously and randomly according to a request of the data management terminal; wherein, after the system activates the mobile communication terminal, and installs the card to make the mobile communication terminal in a first connect state, and completes initialization, when the application service program requests the first authentication program executing authentication-authorization, a data buffer time point is randomly appointed by the first authentication program and the second authentication program, and when reaching the data buffer time point, a first code data of the card and a second code data of the data management terminal are respectively buffered as a first buffer code data and a second buffer code data in sync;
after buffering is complete, the first buffer code data together with the card identification data and the mobile terminal identification data is transferred to the second authentication program by the first authentication program for being compared with the second buffer code data to determine the authentication-authorization result;
if matching, the first authentication program will be authorized by the second authentication program to allow the requesting application service program to proceed,wherein the process of the system activating the mobile communication terminal and installing the card to make the mobile communication terminal in the first connect state and completing initialization further comprises the mobile communication terminal activating the first authentication program to transfer the mobile terminal identification data to the third authentication program of the encoding terminal, to carry out authentication-authorization of the mobile communication terminal;
then the first authentication program reading the card identification data and the preset code data of the card, and transferring them together with the mobile terminal identification data to the second authentication program of the data management terminal to carry out authentication-authorization of the mobile communication terminal;
when the mobile communication terminal passes the authentication-authorization of the encoding terminal and the data management terminal respectively, with the mobile communication terminal staying connected, the second authentication program sending a request to the third authentication program for starting continuously generating and transferring the code data to the first authentication program and then storing the code data in the card for being updated to the first code data, and transferring the code data to the second authentication program for being updated to the second code data, such that the first authentication program can accept a call from the application service program to execute authentication-authorization at any time, andwherein the part of the third authentication program continuously generating the code data further comprises allocating the time for transmitting the code data to the first authentication program and the second authentication program according the actual data flow.
-
-
32. An authentication-authorization system for a mobile communication terminal, applied in a Mobile Internet architecture, the system comprising:
-
a mobile communication terminal, located at a first end and having a first authentication program for executing the authentication-authorization, a plurality of application service programs which can provide an application service, and a mobile terminal identification data; a card, optionally installed in the mobile communication terminal and having a card identification data and a preset code data; a data management terminal, located at a second end, for executing a second authentication program which can provide the authentication-authorization, and a preset code data same as the one in the card; and an encoding terminal, located at a third end, for executing a third authentication program which can provide the authentication-authorization, and being responsible for dynamically generating a code data for the authentication-authorization to the card and the data management terminal continuously and randomly according to a request of the data management terminal; wherein, after the system activates the mobile communication terminal, and installs the card to make the mobile communication terminal in a first connect state, and completes initialization, when the application service program requests the first authentication program executing authentication-authorization, a data buffer time point is randomly appointed by the first authentication program and the second authentication program, and when reaching the data buffer time point, a first code data of the card and a second code data of the data management terminal are respectively buffered as a first buffer code data and a second buffer code data in sync;
after buffering is complete, the first buffer code data together with the card identification data and the mobile terminal identification data is transferred to the second authentication program by the first authentication program for being compared with the second buffer code data to determine the authentication-authorization result;
if matching, the first authentication program will be authorized by the second authentication program to allow the requesting application service program to proceed,wherein the process of the system activating the mobile communication terminal and installing the card to make the mobile communication terminal in the first connect state and completing initialization further comprises the mobile communication terminal activating the first authentication program to transfer the mobile terminal identification data to the third authentication program of the encoding terminal, to carry out authentication-authorization of the mobile communication terminal;
then the first authentication program reading the card identification data and the preset code data of the card, and transferring them together with the mobile terminal identification data to the second authentication program of the data management terminal to carry out authentication-authorization of the mobile communication terminal;
when the mobile communication terminal passes the authentication-authorization of the encoding terminal and the data management terminal respectively, with the mobile communication terminal staying connected, the second authentication program sending a request to the third authentication program for starting continuously generating and transferring the code data to the first authentication program and then storing the code data in the card for being updated to the first code data, and transferring the code data to the second authentication program for being updated to the second code data, such that the first authentication program can accept a call from the application service program to execute authentication-authorization at any time, andwherein the part of the third authentication program continuously generating the code data randomly determines the time point for generating the code data through the third authentication program.
-
-
33. An authentication-authorization method for a mobile communication terminal, applied in an authentication-authorization system for a mobile communication terminal of a Mobile Internet architecture, the authentication-authorization system for a mobile communication terminal including a mobile communication terminal, located at a first end and having a first authentication program for executing the authentication-authorization, a plurality of application service programs for providing application services, and a mobile terminal identification data;
- a card, optionally installed in the mobile communication terminal and having a card identification data and a preset code data;
a data management terminal, located at a second end, executing a second authentication program which can provide authentication-authorization and preset code data the same as the one in the card; and
an encoding terminal, located at a third end and executing a third authentication program which can provide authentication-authorization and is responsible for dynamically generating a code data for the authentication-authorization to the card and the data management terminal continuously and randomly according to the request of the data management terminal, the authentication-authorization method for a mobile communication terminal comprises;activating the mobile communication terminal and installing the card to make the mobile communication terminal in a first connect state and completing initialization; randomly appointing a data buffer time point by the first authentication program and the second authentication program when the application service program requests executing the authentication-authorization from the first authentication program, and buffering the first code data in the card and a second code data of the data management terminal respectively as a first buffer code data and a second buffer code data in sync when reaching the data buffer time point; transferring the first buffer code data together with the card identification data and the mobile terminal identification data to the second authentication program by the first authentication program after completing buffering, and carrying out a comparison with the second buffer code data to determine the authentication-authorization result; and authorizing the first authentication program to allow the requesting application service program to proceed by the second authentication program if matching, in the process of activating the mobile communication terminal and installing the card to make the mobile communication terminal in a first connect state and completing initialization, the method further comprising; activating the first authentication program by the mobile communication terminal to transfer the mobile terminal identification data to the third authentication program of the encoding terminal, to carry out authentication-authorization for the mobile communication terminal; reading the card identification data and the preset code data of the card by the first authentication program, transferring them together with the mobile terminal identification data to the second authentication program of the data management terminal to carry out authentication-authorization for the mobile communication terminal; with the mobile communication terminal staying connected, sending a request by the second authentication program to the third authentication program for starting continuously generating and transferring the code data to the first authentication program, after the mobile communication terminal passes the authentication-authorization of the encoding terminal and the data management terminal, and then storing the code data in the card for being updated to the first code data, and transferring the code data to the second authentication program for being updated to the second code data; and allowing the first authentication program to accept a call from the application service program to execute authentication-authorization at any time, wherein the part of the third authentication program continuously generating the code data randomly updates and generates the new first code data and the new second code data in a single data accumulation mode, a multi-data-block update mode, an all-data-block update mode, a random deletion update mode, or a random field update mode. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63)
- a card, optionally installed in the mobile communication terminal and having a card identification data and a preset code data;
-
64. An authentication-authorization method for a mobile communication terminal, applied in an authentication-authorization system for a mobile communication terminal of a Mobile Internet architecture, the authentication-authorization system for a mobile communication terminal including a mobile communication terminal, located at a first end and having a first authentication program for executing the authentication-authorization, a plurality of application service programs for providing application services, and a mobile terminal identification data a card, optionally installed in the mobile communication terminal and having a card identification data and a preset code data a data management terminal, located at a second end, executing a second authentication program which can provide authentication-authorization and preset code data the same as the one in the card;
- and an encoding terminal, located at a third end and executing a third authentication program which can provide authentication-authorization and is responsible for dynamically generating a code data for the authentication-authorization to the card and the data management terminal continuously and randomly according to the request of the data management terminal, the authentication -authorization method for a mobile communication terminal comprises;
activating the mobile communication terminal and installing the card to make the mobile communication terminal in a first connect state and completing initialization; randomly appointing a data buffer time point by the first authentication program and the second authentication program when the application service program requests executing the authentication-authorization from the first authentication program, and buffering the first code data in the card and a second code data of the data management terminal respectively as a first buffer code data and a second buffer code data in sync when reaching the data buffer time point; transferring the first buffer code data together with the card identification data and the mobile terminal identification data to the second authentication program by the first authentication program after completing buffering, and carrying out a comparison with the second buffer code data to determine the authentication-authorization result; and authorizing the first authentication program to allow the requesting application service program to proceed by the second authentication program if matching, in the process of activating the mobile communication terminal and installing the card to make the mobile communication terminal in a first connect state and completing initialization, the method further comprising; activating the first authentication program by the mobile communication terminal to transfer the mobile terminal identification data to the third authentication program of the encoding terminal, to carry out authentication-authorization for the mobile communication terminal; reading the card identification data and the preset code data of the card by the first authentication program, transferring them together with the mobile terminal identification data to the second authentication program of the data management terminal to carry out authentication-authorization for the mobile communication terminal; with the mobile communication terminal staying connected, sending a request by the second authentication program to the third authentication program for starting continuously generating and transferring the code data to the first authentication program, after the mobile communication terminal passes the authentication-authorization of the encoding terminal and the data management terminal, and then storing the code data in the card for being updated to the first code data, and transferring the code data to the second authentication program for being updated to the second code data; and allowing the first authentication program to accept a call from the application service program to execute authentication-authorization at any time, wherein the part of the third authentication program continuously generating the code data further comprises allocating the time for transmitting the code data to the first authentication program and the second authentication program according the actual data flow.
- and an encoding terminal, located at a third end and executing a third authentication program which can provide authentication-authorization and is responsible for dynamically generating a code data for the authentication-authorization to the card and the data management terminal continuously and randomly according to the request of the data management terminal, the authentication -authorization method for a mobile communication terminal comprises;
-
65. An authentication-authorization method for a mobile communication terminal, applied in an authentication-authorization system for a mobile communication terminal of a Mobile Internet architecture, the authentication-authorization system for a mobile communication terminal including a mobile communication terminal, located at a first end and having a first authentication program for executing the authentication-authorization, a plurality of application service programs for providing application services, and a mobile terminal identification data a card, optionally installed in the mobile communication terminal and having a card identification data and a preset code data a data management terminal, located at a second end, executing a second authentication program which can provide authentication-authorization and preset code data the same as the one in the card;
- and an encoding terminal, located at a third end and executing a third authentication program which can provide authentication-authorization and is responsible for dynamically generating a code data for the authentication-authorization to the card and the data management terminal continuously and randomly according to the request of the data management terminal, the authentication-authorization method for a mobile communication terminal comprises;
activating the mobile communication terminal and installing the card to make the mobile communication terminal in a first connect state and completing initialization; randomly appointing a data buffer time point by the first authentication program and the second authentication program when the application service program requests executing the authentication-authorization from the first authentication program, and buffering the first code data in the card and a second code data of the data management terminal respectively as a first buffer code data and a second buffer code data in sync when reaching the data buffer time point; transferring the first buffer code data together with the card identification data and the mobile terminal identification data to the second authentication program by the first authentication program after completing buffering, and carrying out a comparison with the second buffer code data to determine the authentication-authorization result; and authorizing the first authentication program to allow the requesting application service program to proceed by the second authentication program if matching, in the process of activating the mobile communication terminal and installing the card to make the mobile communication terminal in a first connect state and completing initialization, the method further comprising; activating the first authentication program by the mobile communication terminal to transfer the mobile terminal identification data to the third authentication program of the encoding terminal, to carry out authentication-authorization for the mobile communication terminal; reading the card identification data and the preset code data of the card by the first authentication program, transferring them together with the mobile terminal identification data to the second authentication program of the data management terminal to carry out authentication -authorization for the mobile communication terminal; with the mobile communication terminal staying connected, sending a request by the second authentication program to the third authentication program for starting continuously generating and transferring the code data to the first authentication program, after the mobile communication terminal passes the authentication-authorization of the encoding terminal and the data management terminal, and then storing the code data in the card for being updated to the first code data, and transferring the code data to the second authentication program for being updated to the second code data; and allowing the first authentication program to accept a call from the application service program to execute authentication-authorization at any time, wherein the part of the third authentication program continuously generating the code data randomly determines the time point of generating the code data through the third authentication program.
- and an encoding terminal, located at a third end and executing a third authentication program which can provide authentication-authorization and is responsible for dynamically generating a code data for the authentication-authorization to the card and the data management terminal continuously and randomly according to the request of the data management terminal, the authentication-authorization method for a mobile communication terminal comprises;
Specification