Authentication-authorization system for mobile communication terminal and method therefor
First Claim
1. A multi-terminal authentication-authorization system, applied in a Mobile Internet architecture, the system at least comprising;
- a first terminal authentication-authorization system comprising a first terminal having a first authentication program and a plurality of application service programs, a first card, installed in the first terminal, having a first code data, a first data management terminal having a copy of the first code data and a second authentication program, and a first encoding terminal executing a third authentication program for dynamically generating a new code data and transmitting said new code data to the first card and the first data management terminal continuously and randomly for updating the first code data and the copy of the first code data according to a request from the first data management terminal when the first terminal is in a connect state, wherein when one of the application service programs requests for an authentication-authorization process, the authentication-authorization process is started;
then the first code data is transmitted to the second authentication program for comparison with the copy of the first code data by the first authentication program; and
a second terminal authentication-authorization system comprising a second terminal having a first authentication program and a plurality of application service programs, a second card, installed in the second terminal, having a second code data, a second data management terminal having a copy of the second code data and a second authentication program, and a second encoding terminal executing a third authentication program for dynamically generating a new code data and transmitting said new code data to the second card and the second data management terminal continuously and randomly for updating the second code data and the copy of the second code data according to a request from the second data management terminal when the second terminal is in a connect state, wherein when the first code data is the same with the copy of the first code data, then the authentication-authorization process of the first terminal authentication-authorization system is passed, the first code data and the copy of the first code data are transmitted from the first terminal authentication-authorization system to the second terminal and the second data management terminal respectively, and an authentication-authorization process of the second terminal authentication-authorization system is started;
then the first code data is combined to the second code data and is then transmitted to the second data management for comparison;
the copy of the first code data is also combined to the copy of the second code data by the second data management terminal and is compared with the combined second code data transmitted by the second terminal;
when the combined second code data is the same with the combined copy of the second code data, then the comparison is passed and the first terminal is allowed by the second terminal to permit the requesting application service program of the first terminal for providing respective service;
wherein, the first terminal transmits the first code data at a data buffer time point randomly appointed to the first authentication program of the first terminal and the second authentication program of the first data management terminal;
the second terminal transmits the combined second code data at a data buffer time point randomly appointed to the first authentication program of the second terminal and the second authentication program of the second data management terminal.
0 Assignments
0 Petitions
Accused Products
Abstract
An authentication-authorization system for a mobile communication terminal and a method therefor are provided. When a mobile communication terminal is in a connect state, code data randomly generated by a remote encoding terminal is continuously provided to the terminal and data management terminal. When an application service program on the mobile communication terminal or an application service terminal connected to the mobile communication terminal need to execute an authentication-authorization, identification data of the mobile communication terminal and its card and code data can be offered to the data management terminal to carry out a bidirectional dynamic authentication-authorization, to determine whether allow the application service program or the application service terminal to keep providing an application service or not. In a further aspect of the embodiment, at least two aforementioned authentication-authorization systems are joined, and a layered authentication-authorization mechanism is adopted, so as to provide a secured and completed system.
48 Citations
98 Claims
-
1. A multi-terminal authentication-authorization system, applied in a Mobile Internet architecture, the system at least comprising;
-
a first terminal authentication-authorization system comprising a first terminal having a first authentication program and a plurality of application service programs, a first card, installed in the first terminal, having a first code data, a first data management terminal having a copy of the first code data and a second authentication program, and a first encoding terminal executing a third authentication program for dynamically generating a new code data and transmitting said new code data to the first card and the first data management terminal continuously and randomly for updating the first code data and the copy of the first code data according to a request from the first data management terminal when the first terminal is in a connect state, wherein when one of the application service programs requests for an authentication-authorization process, the authentication-authorization process is started;
then the first code data is transmitted to the second authentication program for comparison with the copy of the first code data by the first authentication program; anda second terminal authentication-authorization system comprising a second terminal having a first authentication program and a plurality of application service programs, a second card, installed in the second terminal, having a second code data, a second data management terminal having a copy of the second code data and a second authentication program, and a second encoding terminal executing a third authentication program for dynamically generating a new code data and transmitting said new code data to the second card and the second data management terminal continuously and randomly for updating the second code data and the copy of the second code data according to a request from the second data management terminal when the second terminal is in a connect state, wherein when the first code data is the same with the copy of the first code data, then the authentication-authorization process of the first terminal authentication-authorization system is passed, the first code data and the copy of the first code data are transmitted from the first terminal authentication-authorization system to the second terminal and the second data management terminal respectively, and an authentication-authorization process of the second terminal authentication-authorization system is started;
then the first code data is combined to the second code data and is then transmitted to the second data management for comparison;
the copy of the first code data is also combined to the copy of the second code data by the second data management terminal and is compared with the combined second code data transmitted by the second terminal;
when the combined second code data is the same with the combined copy of the second code data, then the comparison is passed and the first terminal is allowed by the second terminal to permit the requesting application service program of the first terminal for providing respective service;wherein, the first terminal transmits the first code data at a data buffer time point randomly appointed to the first authentication program of the first terminal and the second authentication program of the first data management terminal;
the second terminal transmits the combined second code data at a data buffer time point randomly appointed to the first authentication program of the second terminal and the second authentication program of the second data management terminal. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
-
-
50. A multi-terminal authentication-authorization method, applied in a Mobile Internet architecture which including a first terminal authentication-authorization system and a second terminal authentication-authorization system, the first terminal authentication authorization system, to allow the requesting application service program to proceed, and achieving multi terminal authentication authorization, the first terminal authentication-authorization system, further comprising a first terminal having a first authentication program and a plurality of application service programs, a first card, installed in the first terminal, having a first code data, a first data management terminal having a copy of the first code data and a second authentication program, and a first encoding terminal executing a third authentication program for dynamically generating a new code data and transmitting said new code data to the first card and the first data management terminal continuously and randomly for updating the first code data and the copy of the first code data according to a request from the first data management terminal when the first terminal is in a connect state, the second terminal authentication-authorization system further comprising a second terminal having a first authentication program and a plurality of application service programs, a second card, installed in the second terminal, having a second code data, a second data management terminal having a copy of the second code data and a second authentication program, and a second encoding terminal executing a third authentication program for dynamically generating a new code data and transmitting said new code data to the second card and the second data management terminal continuously and randomly for updating the second code data and the copy of the second code data according to a request from the second data management terminal when the second terminal is in a connect state, the method at least comprising the following steps:
-
performing an authentication-authorization process of the first terminal authentication-authorization system when one of the application service programs requests for the authentication-authorization process; transmitting the first code data to the second authentication program for comparison with the copy of the first code data by the first authentication program, when the first code data is the same with the copy of the first code data, then the authentication-authorization process of the first terminal authentication-authorization system is passed; transmitting the first code data and the copy of the first code data from the first terminal authentication-authorization system to the second terminal and the second data management terminal respectively, and starting an authentication-authorization process of the second terminal authentication-authorization system; combining the first code data to the second code data and transmitting to the second data management terminal for comparison; combining the copy of the first code data to the copy of the second code data by the second data management terminal; comparing the combined copy of the second code data with the combined second code data transmitted by the second terminal; and permitting the requesting application service program of the first terminal for providing respective service by the second terminal when the combined second code data is the same with the combined copy of the second code data; wherein, the first terminal transmits the first code data at a data buffer time point randomly appointed to the first authentication program of the first terminal and the second authentication program of the first data management terminal;
the second terminal transmits the combined second code data at a data buffer time point randomly appointed to the first authentication program of the second terminal and the second authentication program of the second data management terminal. - View Dependent Claims (51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98)
-
Specification