Authentication-authorization system for mobile communication terminal and method therefor

US 8,370,266 B2
Filed: 08/27/2010
Issued: 02/05/2013
Est. Priority Date: 11/12/2003
Status: Active Grant

First Claim

Patent Images

1. A multi-terminal authentication-authorization system, applied in a Mobile Internet architecture, the system at least comprising;

a first terminal authentication-authorization system comprising a first terminal having a first authentication program and a plurality of application service programs, a first card, installed in the first terminal, having a first code data, a first data management terminal having a copy of the first code data and a second authentication program, and a first encoding terminal executing a third authentication program for dynamically generating a new code data and transmitting said new code data to the first card and the first data management terminal continuously and randomly for updating the first code data and the copy of the first code data according to a request from the first data management terminal when the first terminal is in a connect state, wherein when one of the application service programs requests for an authentication-authorization process, the authentication-authorization process is started;

then the first code data is transmitted to the second authentication program for comparison with the copy of the first code data by the first authentication program; and

a second terminal authentication-authorization system comprising a second terminal having a first authentication program and a plurality of application service programs, a second card, installed in the second terminal, having a second code data, a second data management terminal having a copy of the second code data and a second authentication program, and a second encoding terminal executing a third authentication program for dynamically generating a new code data and transmitting said new code data to the second card and the second data management terminal continuously and randomly for updating the second code data and the copy of the second code data according to a request from the second data management terminal when the second terminal is in a connect state, wherein when the first code data is the same with the copy of the first code data, then the authentication-authorization process of the first terminal authentication-authorization system is passed, the first code data and the copy of the first code data are transmitted from the first terminal authentication-authorization system to the second terminal and the second data management terminal respectively, and an authentication-authorization process of the second terminal authentication-authorization system is started;

then the first code data is combined to the second code data and is then transmitted to the second data management for comparison;

the copy of the first code data is also combined to the copy of the second code data by the second data management terminal and is compared with the combined second code data transmitted by the second terminal;

when the combined second code data is the same with the combined copy of the second code data, then the comparison is passed and the first terminal is allowed by the second terminal to permit the requesting application service program of the first terminal for providing respective service;

wherein, the first terminal transmits the first code data at a data buffer time point randomly appointed to the first authentication program of the first terminal and the second authentication program of the first data management terminal;

the second terminal transmits the combined second code data at a data buffer time point randomly appointed to the first authentication program of the second terminal and the second authentication program of the second data management terminal.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication-authorization system for a mobile communication terminal and a method therefor are provided. When a mobile communication terminal is in a connect state, code data randomly generated by a remote encoding terminal is continuously provided to the terminal and data management terminal. When an application service program on the mobile communication terminal or an application service terminal connected to the mobile communication terminal need to execute an authentication-authorization, identification data of the mobile communication terminal and its card and code data can be offered to the data management terminal to carry out a bidirectional dynamic authentication-authorization, to determine whether allow the application service program or the application service terminal to keep providing an application service or not. In a further aspect of the embodiment, at least two aforementioned authentication-authorization systems are joined, and a layered authentication-authorization mechanism is adopted, so as to provide a secured and completed system.

48 Citations

View as Search Results

98 Claims

1. A multi-terminal authentication-authorization system, applied in a Mobile Internet architecture, the system at least comprising;
- a first terminal authentication-authorization system comprising a first terminal having a first authentication program and a plurality of application service programs, a first card, installed in the first terminal, having a first code data, a first data management terminal having a copy of the first code data and a second authentication program, and a first encoding terminal executing a third authentication program for dynamically generating a new code data and transmitting said new code data to the first card and the first data management terminal continuously and randomly for updating the first code data and the copy of the first code data according to a request from the first data management terminal when the first terminal is in a connect state, wherein when one of the application service programs requests for an authentication-authorization process, the authentication-authorization process is started;
  
  then the first code data is transmitted to the second authentication program for comparison with the copy of the first code data by the first authentication program; and
  
  a second terminal authentication-authorization system comprising a second terminal having a first authentication program and a plurality of application service programs, a second card, installed in the second terminal, having a second code data, a second data management terminal having a copy of the second code data and a second authentication program, and a second encoding terminal executing a third authentication program for dynamically generating a new code data and transmitting said new code data to the second card and the second data management terminal continuously and randomly for updating the second code data and the copy of the second code data according to a request from the second data management terminal when the second terminal is in a connect state, wherein when the first code data is the same with the copy of the first code data, then the authentication-authorization process of the first terminal authentication-authorization system is passed, the first code data and the copy of the first code data are transmitted from the first terminal authentication-authorization system to the second terminal and the second data management terminal respectively, and an authentication-authorization process of the second terminal authentication-authorization system is started;
  
  then the first code data is combined to the second code data and is then transmitted to the second data management for comparison;
  
  the copy of the first code data is also combined to the copy of the second code data by the second data management terminal and is compared with the combined second code data transmitted by the second terminal;
  
  when the combined second code data is the same with the combined copy of the second code data, then the comparison is passed and the first terminal is allowed by the second terminal to permit the requesting application service program of the first terminal for providing respective service;
  
  wherein, the first terminal transmits the first code data at a data buffer time point randomly appointed to the first authentication program of the first terminal and the second authentication program of the first data management terminal;
  
  the second terminal transmits the combined second code data at a data buffer time point randomly appointed to the first authentication program of the second terminal and the second authentication program of the second data management terminal.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
- - 2. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the first terminal/the second terminal further comprises activating the first authentication program to transfer a terminal identification data to the second authentication program of the first data management terminal/the second data management terminal and to the third authentication program of the first encoding terminal/the second encoding terminal respectively for cross identification;
    - when cross identification is passed, then the second authentication program of the first data management terminal/the second data management terminal sends the request to the third authentication program of the first encoding terminal/the second encoding terminal to generate said new code data for updating.
  - 3. The multi-terminal authentication-authorization system as claimed in claim 2, wherein when the first terminal/the second terminal is in a disconnect state, the third authentication program of the first encoding terminal/the second encoding terminal ceases generating said new code data, and at the same time, the first code data/the second code data and the copy of the first code data/the copy of the second code data are buffered by the first authentication program of the first terminal/the second terminal and the second authentication program of the first data management terminal/the second data management terminal respectively;
    - when the first terminal/the second terminal resumes connection again, the first code data/the second code data buffered by the first authentication program of the first terminal/the second terminal is transmitted to the second authentication program of the first data management terminal/the second data management terminal for comparison;
      
      when the first code data/the second code data is the same with the copy of the first code data/the copy of the second code data, then the second authentication program of the first data management terminal/the second data management terminal sends the request again to the third authentication program of the first encoding terminal/the second encoding terminal to start to generate said new code data for updating.
  - 4. The multi-terminal authentication-authorization system as claimed in claim 3, further comprising carrying out an encryption/decryption in an encryption/decryption standard with a random encoding/decoding algorithm before data transmission.
  - 5. The multi-terminal authentication-authorization system as claimed in claim 4, wherein the encryption/decryption standard is selected from a group consisting of symmetric encryption/decryption standard and asymmetric encryption/decryption standard.
  - 6. The multi-terminal authentication-authorization system as claimed in claim 3, wherein the buffered first code data/the buffered second code data is randomly selected from the first code data/the second code data stored in a memory of the first/second card and stored in a memory of the first terminal/the second terminal.
  - 7. The multi-terminal authentication-authorization system as claimed in claim 6, wherein the buffered first code data/the buffered second code data is randomly selected from the first code data/the second code data in the memory joined with the first code data/the second code data in the first card/the second card by the first authentication program, and is reverted when the first terminal/the second terminal resuming connection.
  - 8. The multi-terminal authentication-authorization system as claimed in claim 6, wherein the buffered first code data/the buffered second code data is randomly selected from the first code data/the second code data in the memory joined with a part of the first code data/the second code data in the first card/the second card by the third authentication program, and is reverted when the first terminal/the second terminal resuming connection.
  - 9. The multi-terminal authentication-authorization system as claimed in claim 6, wherein the third authentication program further comprises transferring a random selection result from the buffered first code data/the buffered second code data to the second authentication program for storage, and transferring the random selection result to the first authentication program for reverting the buffered first code data/the buffered second code data by the second authentication program when the first terminal/the second terminal resuming connection.
  - 10. The multi-terminal authentication-authorization system as claimed in claim 3, wherein the buffered copy of the first code data/the buffered copy of the second code data is randomly selected from the copy of the first code data/the copy of the second code data stored in the storage region of the code database and stored in the first data management terminal/the second data management terminal.
  - 11. The multi-terminal authentication-authorization system as claimed in claim 4, wherein when the first terminal/the second terminal is in a disconnect state, the third authentication program changes the encryption/decryption standard at the same time.
  - 12. The multi-terminal authentication-authorization system as claimed in claim 4, wherein when the first terminal/the second terminal is in a disconnect state, the second authentication program changes the encryption/decryption standard at the same time.
  - 13. The multi-terminal authentication-authorization system as claimed in claim 2, wherein the terminal identification data is an IMEI.
  - 14. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the first card of the first terminal authentication-authorization system is a VeriChip system implanted in a human body, capable of carrying out bidirectional communication with the first terminal.
  - 15. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the first card of the first terminal authentication-authorization system is a mobile telecommunication accessories, capable of carrying out bidirectional communication with the first terminal.
  - 16. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the second card of the second terminal authentication-authorization system is a chip installed in a mobile communication terminal, capable of carrying out bidirectional communication with the second terminal.
  - 17. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the way to combine the first code data and the second code data and the way to combine the copy of the first code data and the copy of the second code data are randomly selected by the second terminal authentication-authorization system.
  - 18. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the data transmission between the first terminal authentication-authorization system and the second terminal authentication-authorization system is processed with a security encryption/decryption.
  - 19. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the first terminal authentication-authorization system and the second terminal authentication-authorization system are further connected to more than one application service terminal for receiving an authentication-authorization request from each of the application service terminals.
  - 20. The multi-terminal authentication-authorization system as claimed in claim 1, when the application service program request the first authentication program executing the authentication-authorization process, further comprising the second authentication program requiring the first authentication program and the third authentication program to execute a time synchronization program, to generate a reference time point as a time reference for the authentication-authorization process.
  - 21. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the third authentication program further comprises randomly determining a split pattern to split the new code data, and transmitting the split code data to the first authentication program and the second authentication program through more than one data transmission channel separately and then reverting the split code data as the new code data.
  - 22. The multi-terminal authentication-authorization system as claimed in claim 21, wherein the split pattern is selected from a group consisting of data length, data field, and data bits.
  - 23. The multi-terminal authentication-authorization system as claimed in claim 21, wherein the data transmission channel is selected from a group consisting of a satellite communication, an Internet communication, and a mobile network communication.
  - 24. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the new code data is directly received by the first authentication program from the third authentication program.
  - 25. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the new code data is received by the first authentication program from the second authentication program.
  - 26. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the application service program is a network financial transaction application service program connected to a network banking terminal for carrying out network financial transactions.
  - 27. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the application service program is a network transaction application service program connected to an E-business terminal for carrying out one of the group consisting of E-business cash flows, information flows, and logistics operations.
  - 28. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the application service program is a website login application service program connected to a website servo terminal for carrying out website login application service.
  - 29. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the application service program is a network upload application service program connected to a network upload terminal for carrying out network upload application service.
  - 30. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the application service program is a network download application service program connected to a network download terminal for carrying out network download application service.
  - 31. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the application service program is a document upload/download application service program connected to a document file transmission terminal for carrying out document receipt/forwarding application service.
  - 32. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the application service program is an identification application service program connected to an access security terminal for carrying out an access control application service.
  - 33. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the first card/the second card is a chip card.
  - 34. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the first card/the second card is a SIM.
  - 35. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the first card/the second card further comprising a card identification data which is an IMSI.
  - 36. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the first card/the second card further comprises a card identification data which is a TMSI assigned by a VLR after the first terminal/the second terminal presenting a connect state.
  - 37. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the third authentication program of the first encoding terminal/the second encoding terminal further comprises re-generating/generating the data buffer time point and transmitting the data buffer time point to the first authentication program of the first terminal/the second terminal and the second authentication program of the first data management terminal/the second data management terminal respectively in an aperiodic and random manner.
  - 38. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the second authentication program of the first data management terminal/the second data management terminal further comprises re-generating/generating the data buffer time point and transmitting the data buffer time point to the first authentication program of the first terminal/the second terminal automatically or driven by-the third authentication program.
  - 39. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the second authentication program/the third authentication program further comprises spot-checking and authenticating the validity of the data buffer time point of the first authentication program in an aperiodic and random manner.
  - 40. The multi-terminal authentication-authorization system as claimed in claim 39, wherein when the result of the second authentication program/the third authentication program spot-checking and authenticating the data buffer time point of the first authentication program is incorrect, the second authentication program/the third authentication program sends a signal to a management-and-control terminal for determining the risk mode through a data comparison.
  - 41. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the first code data/the second code data is distributively stored in a random selection manner through the first authentication program, such that the first code data/the second code data is partly stored in a memory of the first card/the second card and partly stored in a memory of the first terminal/the second terminal respectively.
  - 42. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the copy of the first code data/the copy of the second code data is distributively stored in a random selection manner through the second authentication program, such that the copy of the first code data/the copy of the second code data is partly stored in a storage region of a code database and partly stored in the first data management terminal/the second data management terminal respectively.
  - 43. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the process of carrying out a comparison by the second authentication program further comprises randomly extracting a part of the buffered first code data/the buffered second code data and a part of the buffered copy of the first code data/the buffered copy of the second code data for comparison.
  - 44. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the system further comprises a buffer data storage terminal for backing up the buffered first code data/the buffered second code data transferred by the first authentication program and the buffered copy of the first code data/the buffered copy of the second code data transferred by the second authentication program in sync at each comparison.
  - 45. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the system further comprises sending a signal to a management-and-control terminal through a GPS communicator of the first terminal/the second terminal, to confirm the position of the first terminal/the second terminal and execute a corresponding management-and-control, when the first terminal/the second terminal cannot pass the authentication-authorization process.
  - 46. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the system further comprises sending a signal to a management-and-control terminal through an AGPS communicator of the first terminal/the second terminal, to confirm the position of the first terminal/the second terminal and execute a corresponding management-and-control, when the first terminal/the second terminal cannot pass the authentication-authorization process.
  - 47. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the third authentication program continuously generating the new code data further comprises allocating a time for transmitting the new code data to the first authentication program and the second authentication program according to an actual data flow.
  - 48. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the third authentication program randomly determines a time point for generating the new code data.
  - 49. The multi-terminal authentication-authorization system as claimed in claim 1, wherein the third authentication program continuously generating the new code data updates the first code data and the copy of the first code data/the second code data and the copy of the second code data randomly in a mode that is one of the group consisting of a single data mode, a single data accumulation mode, a multi-data-block update mode, an all-data-block update mode, a random addition update mode, a random deletion update mode, a random field update mode, a random field addition update mode and a random field deletion update mode.

50. A multi-terminal authentication-authorization method, applied in a Mobile Internet architecture which including a first terminal authentication-authorization system and a second terminal authentication-authorization system, the first terminal authentication authorization system, to allow the requesting application service program to proceed, and achieving multi terminal authentication authorization, the first terminal authentication-authorization system, further comprising a first terminal having a first authentication program and a plurality of application service programs, a first card, installed in the first terminal, having a first code data, a first data management terminal having a copy of the first code data and a second authentication program, and a first encoding terminal executing a third authentication program for dynamically generating a new code data and transmitting said new code data to the first card and the first data management terminal continuously and randomly for updating the first code data and the copy of the first code data according to a request from the first data management terminal when the first terminal is in a connect state, the second terminal authentication-authorization system further comprising a second terminal having a first authentication program and a plurality of application service programs, a second card, installed in the second terminal, having a second code data, a second data management terminal having a copy of the second code data and a second authentication program, and a second encoding terminal executing a third authentication program for dynamically generating a new code data and transmitting said new code data to the second card and the second data management terminal continuously and randomly for updating the second code data and the copy of the second code data according to a request from the second data management terminal when the second terminal is in a connect state, the method at least comprising the following steps:
- performing an authentication-authorization process of the first terminal authentication-authorization system when one of the application service programs requests for the authentication-authorization process;
  
  transmitting the first code data to the second authentication program for comparison with the copy of the first code data by the first authentication program, when the first code data is the same with the copy of the first code data, then the authentication-authorization process of the first terminal authentication-authorization system is passed;
  
  transmitting the first code data and the copy of the first code data from the first terminal authentication-authorization system to the second terminal and the second data management terminal respectively, and starting an authentication-authorization process of the second terminal authentication-authorization system;
  
  combining the first code data to the second code data and transmitting to the second data management terminal for comparison;
  
  combining the copy of the first code data to the copy of the second code data by the second data management terminal;
  
  comparing the combined copy of the second code data with the combined second code data transmitted by the second terminal; and
  
  permitting the requesting application service program of the first terminal for providing respective service by the second terminal when the combined second code data is the same with the combined copy of the second code data;
  
  wherein, the first terminal transmits the first code data at a data buffer time point randomly appointed to the first authentication program of the first terminal and the second authentication program of the first data management terminal;
  
  the second terminal transmits the combined second code data at a data buffer time point randomly appointed to the first authentication program of the second terminal and the second authentication program of the second data management terminal.
- View Dependent Claims (51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98)
- - 51. The multi-terminal authentication-authorization method as claimed in claim 50, further comprising the following steps:
    - activating the first authentication program by the first terminal/the second terminal to transfer a terminal identification data to the second authentication program of the first data management terminal/the second data management terminal and to the third authentication program of the first encoding terminal/the second encoding terminal respectively for cross identification; and
      
      sending the request to the third authentication program of the first encoding terminal/the second encoding terminal by the second authentication program of the first data management terminal/the second data management terminal to generate said new code data for updating when cross identification is passed.
  - 52. The multi-terminal authentication-authorization method as claimed in claim 51, further comprising the following steps:
    - ceasing generating said new code data by the third authentication program of the first encoding terminal/the second encoding terminal when the first terminal/the second terminal is in a disconnect state, and at the same time, buffering the first code data/the second code data and the copy of the first code data/the copy of the second code data by the first authentication program of the first terminal/the second terminal and the second authentication program of the first data management terminal/the second data management terminal respectively;
      
      transmitting the first code data/the second code data buffered by the first authentication program of the first terminal/the second terminal to the second authentication program of the first data management terminal/the second data management terminal for comparison when the first terminal/the second terminal resumes connection again; and
      
      sending the request again to the third authentication program of the first encoding terminal/the second encoding terminal by the second authentication program of the first data management terminal/the second data management terminal to start to generate said new code data for updating when the first code data/the second code data is the same with the copy of the first code data/the copy of the second code data.
  - 53. The multi-terminal authentication-authorization method as claimed in claim 52, the method further comprising after carrying out an encryption/decryption in an encryption/decryption standard through a random encoding/decoding algorithm before data transmission.
  - 54. The multi-terminal authentication-authorization method as claimed in claim 53, wherein the encryption/decryption standard is selected from a group consisting of a symmetric encryption/decryption standard and an asymmetric encryption/decryption standard.
  - 55. The multi-terminal authentication-authorization method as claimed in claim 53, wherein when the first terminal the second terminal is in a disconnect state, the third authentication program changes the encryption/decryption standard at the same time.
  - 56. The multi-terminal authentication-authorization method as claimed in claim 53, wherein when the first terminal/the second terminal is in a disconnect state, the second authentication program changes the encryption/decryption standard at the same time.
  - 57. The multi-terminal authentication-authorization method as claimed in claim 52, wherein the buffered first code data/the buffered second code data is randomly selected from the first code data/the second code data stored in a memory of the first/second card and stored in a memory of the first terminal/the second terminal.
  - 58. The multi-terminal authentication-authorization method as claimed in claim 57, wherein the buffered first code data/the buffered second code data is randomly selected from the first code data/the second code data in the memory joined with the first code data the second code data in the first card/the second card by the first authentication program, and is reverted when the first terminal/the second terminal resuming connection.
  - 59. The multi-terminal authentication-authorization method as claimed in claim 57, wherein the buffered first code data/the buffered second code data is randomly selected from the first code data/the second code data in the memory joined with a part of the first code data/the second code data in the first card/the second card by the third authentication program, and is reverted when the first terminal/the second terminal resuming connection.
  - 60. The multi-terminal authentication-authorization method as claimed in claim 57, wherein the third authentication program further comprises transferring a random selection result from the buffered first code data/the buffered second code data to the second authentication program for storage, and transferring the random selection result to the first authentication program for reverting the buffered first code data/the buffered second code data by the second authentication program when the first terminal/the second terminal resuming connection.
  - 61. The multi-terminal authentication-authorization method as claimed in claim 52, wherein the buffered copy of the first code data/the buffered copy of the second code data is randomly selected from the copy of the first code data/the copy of the second code data stored in the storage region of the code database and stored in the first data management terminal/the second data management terminal.
  - 62. The multi-terminal authentication-authorization method as claimed in claim 51, wherein the terminal identification data is an IMEI.
  - 63. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the first card of the first terminal authentication-authorization system is a VeriChip system implanted in a human body, capable of carrying out bidirectional communication with the first terminal.
  - 64. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the first card of the first terminal authentication-authorization system is a mobile telecommunication accessories, capable of carrying out bidirectional communication with the first terminal.
  - 65. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the second card of the second terminal authentication-authorization system is a chip installed in a mobile communication terminal, capable of carrying out bidirectional communication with the second terminal.
  - 66. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the way to combine the first code data and the second code data and the way to combine the copy of the first code data and the copy of the second code data are randomly selected by the second terminal authentication-authorization system.
  - 67. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the data transmission between the first code data and the second code data between the first terminal authentication-authorization system and the second terminal authentication-authorization system is processed with a secure encryption/decryption.
  - 68. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the first terminal authentication-authorization system and the second terminal authentication-authorization system are further connected to more than one application service terminal to receive the request for the authentication-authorization from the respective application service terminal.
  - 69. The multi-terminal authentication-authorization method as claimed in claim 50, when the application service program requests the first authentication program to execute the authentication-authorization process, further comprising the step of the second authentication program requesting the first authentication program and the third authentication program executing the time synchronization program, to generate a reference time point as a time reference for the authentication-authorization process.
  - 70. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the third authentication program further comprises randomly determining a split pattern to split the new code data, and transmitting the split code data to the first authentication program and the second authentication program through more than one data transmission channel separately and then reverting the split code data as the new code data.
  - 71. The multi-terminal authentication-authorization method as claimed in claim 70, wherein the split pattern is selected from a group consisting of data length, data field, and data bits.
  - 72. The multi-terminal authentication-authorization method as claimed in claim 70, wherein the data transmission channel is selected from a group consisting of satellite communication, Internet communication, and mobile network communication.
  - 73. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the new code data is directly received by the first authentication program from the third authentication program.
  - 74. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the new code data is directly received by the first authentication program from the second authentication program.
  - 75. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the application service program is a network financial transaction application service program connected to a network banking terminal for carrying out network financial transactions.
  - 76. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the application service program is a network transaction application service program connected to an E-business terminal for carrying out E-business cash flows, information flows, or logistics operations.
  - 77. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the application service program is a website login application service program connected to a website servo terminal for carrying out website login application service.
  - 78. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the application service program is a network upload application service program connected to a network upload terminal for carrying out network upload application service.
  - 79. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the application service program is a network download application service program connected to a network download terminal for carrying out network download application service.
  - 80. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the application service program is a document upload/download application service program connected to a document file transmission terminal for carrying out document receipt/forwarding application service.
  - 81. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the application service program is an identification application service program connected to an access security terminal for carrying out access control application service.
  - 82. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the first card/the second card is a chip card.
  - 83. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the first card/the second card is a SIM.
  - 84. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the first card/the second card further comprises a card identification data which is an IMSI.
  - 85. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the first card/the second card further comprises a card identification data which is a TMSI assigned by a VLR after the first terminal/the second terminal presenting a connect state.
  - 86. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the third authentication program of the first encoding terminal/the second encoding terminal further comprises re-generating/generating the data buffer time point and transmitting the data buffer time point to the first authentication program of the first terminal/the second terminal and the second authentication program of the first data management terminal/the second data management terminal respectively in an aperiodic and random manner.
  - 87. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the second authentication program of the first data management terminal/the second data management terminal further comprises re-generating/generating the data buffer time point and transmitting the data buffer time point to the first authentication program of the first terminal/the second terminal automatically or driven by the third authentication program.
  - 88. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the second authentication program/the third authentication program further comprises spot-checking and authenticating the validity of the data buffer time point of the first authentication program in an aperiodic and random manner.
  - 89. The multi-terminal authentication-authorization method as claimed in claim 88, wherein when the result of the second authentication program/the third authentication program spot-checking and authenticating the data buffer time point of the first authentication program is incorrect, the second authentication program/the third authentication program sends a signal to a management-and-control terminal for determining the risk mode through a data comparison.
  - 90. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the first code data/the second code data is distributively stored in a random selection manner through the first authentication program, such that the first code data/the second code data is partly stored in a memory of the first card/the second card and partly stored in a memory of the first terminal/the second terminal respectively.
  - 91. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the copy of the first code data/the copy of the second code data is distributively stored in a random selection manner through the second authentication program, such that the copy of the first code data/the copy of the second code data is partly stored in a storage region of a code database and partly stored in the first data management terminal/the second data management terminal respectively.
  - 92. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the process of carrying out the comparison by the second authentication program further comprises extracting a part of the buffered first code data/the buffered second code data and a part of the buffered copy of the first code data/the buffered copy of the second code data for comparison.
  - 93. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the method further comprise a buffer data storage terminal for backing up the buffered first code data/the buffered second code data transferred by the first authentication program and the buffered copy of the first code data/the buffered copy of the second code data transferred by the second authentication program in sync at each comparison.
  - 94. The multi-terminal authentication-authorization method as claimed in claim 50, further comprising sending a signal to a management-and-control terminal through a GPS communicator of the first terminal/the second terminal, to confirm the position of the first terminal/the second terminal and execute a corresponding management-and-control, when the first terminal/the second terminal cannot pass the authentication-authorization process.
  - 95. The multi-terminal authentication-authorization method as claimed in claim 50, further comprising sending a signal to a management-and-control terminal through an AGPS communicator of the first terminal/the second terminal, to confirm the position of the first terminal/the second terminal and execute a corresponding management-and-control, when the first terminal/the second terminal cannot pass the authentication-authorization process.
  - 96. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the third authentication program continuously generating the new code data further comprises the step of allocating a time for transmitting the new code data to the first authentication program and the second authentication program according to an actual data flow.
  - 97. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the third authentication program randomly determines a time point for generating the new code data.
  - 98. The multi-terminal authentication-authorization method as claimed in claim 50, wherein the third authentication program continuously generating the new code data updates the first code data and the copy of the first code data/the second code data and the copy of the second code data randomly in a mode that is one of the group consisting of a single data mode, a single data accumulation mode, a multi-data-block update mode, an all-data-block update mode, a random addition update mode, a random deletion update mode, a random field update mode, a random field addition update mode and a random field deletion update mode.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Min-Chieh Su
Original Assignee
Min-Chieh Su
Inventors
Su, Min-Chieh
Primary Examiner(s)
Reagan, James A

Application Number

US12/870,120
Publication Number

US 20100325702A1
Time in Patent Office

893 Days
Field of Search

705/64, 705/65, 705/67, 705/75, 705/76, 705/78, 705/79, 713/155, 713/156, 713/157, 713/158, 713/159, 726/1, 726/5, 726/17, 726/21
US Class Current

705/67
CPC Class Codes

G06Q 20/027   involving a payment switch ...

G06Q 20/0855   involving a third party

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/401   Transaction verification

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 63/0853   using an additional device,...

H04L 9/12   Transmitting and receiving ...

H04L 9/321   involving a third party or ...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/71   Hardware identity

H04W 12/72   Subscriber identity

Authentication-authorization system for mobile communication terminal and method therefor

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

98 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication-authorization system for mobile communication terminal and method therefor

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

98 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links