Authentication-authorization system for mobile communication terminal and method therefor

US 7,853,534 B2
Filed: 06/07/2006
Issued: 12/14/2010
Est. Priority Date: 11/12/2003
Status: Active Grant

First Claim

Patent Images

1. An authentication-authorization system for a mobile communication terminal, applied in a Mobile Internet architecture, the system comprising:

a mobile communication terminal, located at a first end and having a first authentication program for executing the authentication-authorization, a plurality of application service programs which can provide an application service, and a mobile terminal identification data;

a card, optionally installed in the mobile communication terminal and having a card identification data and a preset code data;

a data management terminal, located at a second end, for executing a second authentication program which can provide the authentication-authorization, and a preset code data same as the one in the card; and

an encoding terminal, located at a third end, for executing a third authentication program which can provide the authentication-authorization, and being responsible for dynamically generating a code data for the authentication-authorization to the card and the data management terminal continuously and randomly according to a request of the data management terminal;

wherein, after the system activates the mobile communication terminal, and installs the card to make the mobile communication terminal in a first connect state, and completes initialization, when the application service program requests the first authentication program executing authentication-authorization, a data buffer time point is randomly appointed by the first authentication program and the second authentication program, and when reaching the data buffer time point, a first code data of the card and a second code data of the data management terminal are respectively buffered as a first buffer code data and a second buffer code data in sync;

after buffering is complete, the first buffer code data together with the card identification data and the mobile terminal identification data is transferred to the second authentication program by the first authentication program for being compared with the second buffer code data to determine the authentication-authorization result;

if matching, the first authentication program will be authorized by the second authentication program to allow the requesting application service program to proceed,wherein the process of the system activating the mobile communication terminal and installing the card to make the mobile communication terminal in the first connect state and completing initialization further comprises the mobile communication terminal activating the first authentication program to transfer the mobile terminal identification data to the third authentication program of the encoding terminal, to carry out authentication-authorization of the mobile communication terminal;

then the first authentication program reading the card identification data and the preset code data of the card, and transferring them together with the mobile terminal identification data to the second authentication program of the data management terminal to carry out authentication-authorization of the mobile communication terminal;

when the mobile communication terminal passes the authentication-authorization of the encoding terminal and the data management terminal respectively, with the mobile communication terminal staying connected, the second authentication program sending a request to the third authentication program for starting continuously generating and transferring the code data to the first authentication program and then storing the code data in the card for being updated to the first code data, and transferring the code data to the second authentication program for being updated to the second code data, such that the first authentication program can accept a call from the application service program to execute authentication-authorization at any time, andwherein the part of the third authentication program continuously generating the code data randomly updates and generates the new first code data and the new second code data in a single data accumulation mode, a multi-data-block update mode, an all-data-block update mode, a random deletion update mode, or a random field update mode.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication-authorization system for a mobile communication terminal and a method therefore are provided. When a mobile communication terminal is in a connect state, code data randomly generated by a remote encoding terminal is continuously provided to the terminal and data management terminal. When an application service program on the mobile communication terminal or an application service terminal connected to the mobile communication terminal need to execute an authentication-authorization, identification data of the mobile communication terminal and its card and code data can be offered to the data management terminal to carry out a bidirectional dynamic authentication-authorization, to determine whether allow the application service program or the application service terminal to keep providing an application service or not. In a further aspect of the embodiment, at least two aforementioned authentication-authorization systems are joined, and a layered authentication-authorization mechanism is adopted, so as to provide a secured and completed system.

9 Citations

View as Search Results

65 Claims

1. An authentication-authorization system for a mobile communication terminal, applied in a Mobile Internet architecture, the system comprising:
- a mobile communication terminal, located at a first end and having a first authentication program for executing the authentication-authorization, a plurality of application service programs which can provide an application service, and a mobile terminal identification data;
  
  a card, optionally installed in the mobile communication terminal and having a card identification data and a preset code data;
  
  a data management terminal, located at a second end, for executing a second authentication program which can provide the authentication-authorization, and a preset code data same as the one in the card; and
  
  an encoding terminal, located at a third end, for executing a third authentication program which can provide the authentication-authorization, and being responsible for dynamically generating a code data for the authentication-authorization to the card and the data management terminal continuously and randomly according to a request of the data management terminal;
  
  wherein, after the system activates the mobile communication terminal, and installs the card to make the mobile communication terminal in a first connect state, and completes initialization, when the application service program requests the first authentication program executing authentication-authorization, a data buffer time point is randomly appointed by the first authentication program and the second authentication program, and when reaching the data buffer time point, a first code data of the card and a second code data of the data management terminal are respectively buffered as a first buffer code data and a second buffer code data in sync;
  
  after buffering is complete, the first buffer code data together with the card identification data and the mobile terminal identification data is transferred to the second authentication program by the first authentication program for being compared with the second buffer code data to determine the authentication-authorization result;
  
  if matching, the first authentication program will be authorized by the second authentication program to allow the requesting application service program to proceed,wherein the process of the system activating the mobile communication terminal and installing the card to make the mobile communication terminal in the first connect state and completing initialization further comprises the mobile communication terminal activating the first authentication program to transfer the mobile terminal identification data to the third authentication program of the encoding terminal, to carry out authentication-authorization of the mobile communication terminal;
  
  then the first authentication program reading the card identification data and the preset code data of the card, and transferring them together with the mobile terminal identification data to the second authentication program of the data management terminal to carry out authentication-authorization of the mobile communication terminal;
  
  when the mobile communication terminal passes the authentication-authorization of the encoding terminal and the data management terminal respectively, with the mobile communication terminal staying connected, the second authentication program sending a request to the third authentication program for starting continuously generating and transferring the code data to the first authentication program and then storing the code data in the card for being updated to the first code data, and transferring the code data to the second authentication program for being updated to the second code data, such that the first authentication program can accept a call from the application service program to execute authentication-authorization at any time, andwherein the part of the third authentication program continuously generating the code data randomly updates and generates the new first code data and the new second code data in a single data accumulation mode, a multi-data-block update mode, an all-data-block update mode, a random deletion update mode, or a random field update mode.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 2. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the system further comprises that when the mobile communication terminal stops connecting, the third authentication program ceases generating the code data, and at the same time the first code data is buffered by the first authentication program as a buffer code data;
    - when the mobile communication terminal resumes connection, the first authentication program transfers the mobile terminal identification data to the third authentication program of the encoding terminal again, to carry out authentication -authorization of the mobile communication terminal;
      
      then the first authentication program reads the card identification data and the buffer code data of the card , and transfers the card identification data and the buffer code data to the second authentication program of the data management terminal together with the mobile terminal identification data, to carry out authentication-authorization for the mobile communication terminal;
      
      after the mobile communication terminal passes the authentication-authorization of the encoding terminal and the data management terminal respectively, the second authentication program sends a request to the third authentication program for restarting continuously generating and transferring the code data to the first authentication program and then storing the code data in the card as the first code data, and transferring the code data to the second authentication program as the second code data, such that the first authentication program resumes accepting a call from the application service program to execute authentication-authorization at any time.
  - 3. The authentication-authorization system for a mobile communication terminal as claimed in claim 2, wherein when the mobile communication terminal is in a disconnect state, the second authentication program requires the random encoding/decoding algorithm to randomly change the encryption/decryption standard at the same time.
  - 4. The authentication-authorization system for a mobile communication terminal as claimed in claim 2, wherein when the mobile communication terminal is in a disconnect state, the third authentication program requires the random encoding/decoding algorithm to randomly change the encryption/decryption standard at the same time.
  - 5. The authentication-authorization system for a mobile communication terminal as claimed in claim 2, wherein the buffer code data is randomly selected from the first code data in the memory joined with the first code data in the card by the first authentication program, and is reverted when resuming connection.
  - 6. The authentication-authorization system for a mobile communication terminal as claimed in claim 2, wherein the buffer code data is randomly selected from the first code data in the memory joined with a part of the first code data in the card by the third authentication program, and is reverted when resuming connection.
  - 7. The authentication-authorization system for a mobile communication terminal as claimed in claim 3, wherein the third authentication program further comprises transferring a random selection result to the second authentication program for storage, and transferring the random selection result to the first authentication program by the second authentication program to revert the buffer code data when resuming connection.
  - 8. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the system further comprises more than one application service terminal, located at a fourth end, for providing different application services and having a service terminal identification data, and executing a fourth authentication program which can provide the authentication-authorization;
    - when the application service terminal provides an application service, a time verification is executed by the first authentication program and the second authentication program and a data buffer time point is randomly appointed, and when reaching the data buffer time point, the first code data in the card and the second code data of the data management terminal are respectively buffered as the first buffer code data and the second buffer code data in sync;
      
      after buffering is complete, the first buffer code data together with the card identification data and the mobile terminal identification data are transferred to the second authentication program and the fourth authentication program respectively by the first authentication program;
      
      a first comparison with the second buffer code data is carried out by the second authentication program, and then the first buffer code data together with the card identification data and the mobile terminal identification data together with the service terminal identification data are transferred to the second authentication program by the fourth authentication program for a second comparison with the second buffer code data, to determine the authentication-authorization result;
      
      if matching, the application service terminal making a request will be authorized to continue providing an application service to the first authentication program.
  - 9. The authentication-authorization system for a mobile communication terminal as claimed in claim 8, wherein the application service terminal is a media download terminal capable of providing a multimedia content to the mobile communication terminal, and the mobile communication terminal further transferring the multimedia content to a multimedia terminal located at the fifth end.
  - 10. The authentication-authorization system for a mobile communication terminal as claimed in claim 8, wherein the application service terminal is a document file download terminal capable of providing a document file content to the mobile communication terminal, and the mobile communication terminal further transferring the document file content to the multimedia terminal located at the fifth end.
  - 11. The authentication-authorization system for a mobile communication terminal as claimed in claim 8, wherein the application service terminal is a software file download terminal, which can provide a software file content to the mobile communication terminal, and the mobile communication terminal further transferring the software file content to the multimedia terminal located at the fifth end.
  - 12. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, when the application service program requests the first authentication program executing the authentication-authorization, further comprising the second authentication program requiring the first authentication program and the third authentication program to execute the time synchronization program, to generate a reference time point as a time reference when carrying out authentication-authorization.
  - 13. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the third authentication program further comprises randomly determining a split pattern of the code data for splitting the code data, and transferring the split code data to the first authentication program and the second authentication program through more than one data transmission channel respectively for reverting the split code data to the code data.
  - 14. The authentication-authorization system for a mobile communication terminal as claimed in claim 13, wherein the split pattern is selected from a group consisting of data length, data field, and data bits.
  - 15. The authentication-authorization system for a mobile communication terminal as claimed in claim 13, wherein the data transmission channel is selected from a group consisting of a satellite communication, an Internet communication, and a mobile network communication.
  - 16. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the first code data is directly received from the second authentication program or from the third authentication program.
  - 17. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, when accessing the first code data or the second code data, further comprising carrying out accessing after encrypting/decrypting with an encryption/decryption standard through a random encoding/decoding algorithm and the encryption/decryption standard is selected from a group consisting of symmetric encryption/decryption standard and asymmetric encryption/decryption standard.
  - 18. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the application service program is a website login application service program connected to a website servo terminal for carrying out website login application service or an identification application service program connected to an access security terminal for carrying out access control application service.
  - 19. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the application service program is a network upload application service program connected to a network upload terminal for carrying out network upload application service, a network download application service program connected to a network download terminal for carrying out network download application service or a document upload/download application service program connected to a document file transmission terminal for carrying out document receipt/forwarding application service.
  - 20. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the card is a chip card or a Subscriber Identity Module (SIM).
  - 21. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the second authentication program further comprises requiring the first authentication program and the third authentication program to execute the time synchronization program, and re-generate a new reference time point in an aperiodic and random manner.
  - 22. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the second authentication program further comprises regenerating the new reference time point driven by the third authentication program.
  - 23. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the second authentication program further comprises spot-checking and authenticating the validity of the reference time point of the first authentication program and the third authentication program in an aperiodic and random manner.
  - 24. The authentication-authorization system for a mobile communication terminal as claimed in claim 23, wherein when the result of the second authentication program spot-checking and authenticating the reference time point of the first authentication program and/or the third authentication program is incorrect, the second authentication program sends a signal to a management-and-control terminal located at the sixth end for determining the risk mode through a data comparison.
  - 25. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the first code data is distributedly stored in a random selection manner through the first authentication program, such that the first code data is stored in the card and a memory of the mobile communication terminal respectively.
  - 26. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the second code data is distributedly stored in a random selection manner through the second authentication program, such that the second code data is stored in the code database and a storage region of the data management terminal respectively.
  - 27. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the first buffer code data is randomly selected from the first code data in the card and the first code data in the memory.
  - 28. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the second buffer code data is randomly selected from the second code data in the code database and the second code data in the storage region.
  - 29. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the process of carrying out a comparison between the first buffer code data and the second buffer code data further comprises randomly extracting a part of code data of the first buffer code data and the second buffer code data by the second authentication program for comparison, to determine the authentication-authorization result.
  - 30. The authentication-authorization system for a mobile communication terminal as claimed in claim 1, wherein the system further comprises a buffer data storage terminal, located at the seventh end, for backing up the first buffer code data transferred by the first authentication program and the second buffer code data transferred by the second authentication program in sync when comparing.

31. An authentication-authorization system for a mobile communication terminal, applied in a Mobile Internet architecture, the system comprising:
- a mobile communication terminal, located at a first end and having a first authentication program for executing the authentication-authorization, a plurality of application service programs which can provide an application service, and a mobile terminal identification data;
  
  a card, optionally installed in the mobile communication terminal and having a card identification data and a preset code data;
  
  a data management terminal, located at a second end, for executing a second authentication program which can provide the authentication-authorization, and a preset code data same as the one in the card; and
  
  an encoding terminal, located at a third end, for executing a third authentication program which can provide the authentication-authorization, and being responsible for dynamically generating a code data for the authentication-authorization to the card and the data management terminal continuously and randomly according to a request of the data management terminal;
  
  wherein, after the system activates the mobile communication terminal, and installs the card to make the mobile communication terminal in a first connect state, and completes initialization, when the application service program requests the first authentication program executing authentication-authorization, a data buffer time point is randomly appointed by the first authentication program and the second authentication program, and when reaching the data buffer time point, a first code data of the card and a second code data of the data management terminal are respectively buffered as a first buffer code data and a second buffer code data in sync;
  
  after buffering is complete, the first buffer code data together with the card identification data and the mobile terminal identification data is transferred to the second authentication program by the first authentication program for being compared with the second buffer code data to determine the authentication-authorization result;
  
  if matching, the first authentication program will be authorized by the second authentication program to allow the requesting application service program to proceed,wherein the process of the system activating the mobile communication terminal and installing the card to make the mobile communication terminal in the first connect state and completing initialization further comprises the mobile communication terminal activating the first authentication program to transfer the mobile terminal identification data to the third authentication program of the encoding terminal, to carry out authentication-authorization of the mobile communication terminal;
  
  then the first authentication program reading the card identification data and the preset code data of the card, and transferring them together with the mobile terminal identification data to the second authentication program of the data management terminal to carry out authentication-authorization of the mobile communication terminal;
  
  when the mobile communication terminal passes the authentication-authorization of the encoding terminal and the data management terminal respectively, with the mobile communication terminal staying connected, the second authentication program sending a request to the third authentication program for starting continuously generating and transferring the code data to the first authentication program and then storing the code data in the card for being updated to the first code data, and transferring the code data to the second authentication program for being updated to the second code data, such that the first authentication program can accept a call from the application service program to execute authentication-authorization at any time, andwherein the part of the third authentication program continuously generating the code data further comprises allocating the time for transmitting the code data to the first authentication program and the second authentication program according the actual data flow.

32. An authentication-authorization system for a mobile communication terminal, applied in a Mobile Internet architecture, the system comprising:
- a mobile communication terminal, located at a first end and having a first authentication program for executing the authentication-authorization, a plurality of application service programs which can provide an application service, and a mobile terminal identification data;
  
  a card, optionally installed in the mobile communication terminal and having a card identification data and a preset code data;
  
  a data management terminal, located at a second end, for executing a second authentication program which can provide the authentication-authorization, and a preset code data same as the one in the card; and
  
  an encoding terminal, located at a third end, for executing a third authentication program which can provide the authentication-authorization, and being responsible for dynamically generating a code data for the authentication-authorization to the card and the data management terminal continuously and randomly according to a request of the data management terminal;
  
  wherein, after the system activates the mobile communication terminal, and installs the card to make the mobile communication terminal in a first connect state, and completes initialization, when the application service program requests the first authentication program executing authentication-authorization, a data buffer time point is randomly appointed by the first authentication program and the second authentication program, and when reaching the data buffer time point, a first code data of the card and a second code data of the data management terminal are respectively buffered as a first buffer code data and a second buffer code data in sync;
  
  after buffering is complete, the first buffer code data together with the card identification data and the mobile terminal identification data is transferred to the second authentication program by the first authentication program for being compared with the second buffer code data to determine the authentication-authorization result;
  
  if matching, the first authentication program will be authorized by the second authentication program to allow the requesting application service program to proceed,wherein the process of the system activating the mobile communication terminal and installing the card to make the mobile communication terminal in the first connect state and completing initialization further comprises the mobile communication terminal activating the first authentication program to transfer the mobile terminal identification data to the third authentication program of the encoding terminal, to carry out authentication-authorization of the mobile communication terminal;
  
  then the first authentication program reading the card identification data and the preset code data of the card, and transferring them together with the mobile terminal identification data to the second authentication program of the data management terminal to carry out authentication-authorization of the mobile communication terminal;
  
  when the mobile communication terminal passes the authentication-authorization of the encoding terminal and the data management terminal respectively, with the mobile communication terminal staying connected, the second authentication program sending a request to the third authentication program for starting continuously generating and transferring the code data to the first authentication program and then storing the code data in the card for being updated to the first code data, and transferring the code data to the second authentication program for being updated to the second code data, such that the first authentication program can accept a call from the application service program to execute authentication-authorization at any time, andwherein the part of the third authentication program continuously generating the code data randomly determines the time point for generating the code data through the third authentication program.

33. An authentication-authorization method for a mobile communication terminal, applied in an authentication-authorization system for a mobile communication terminal of a Mobile Internet architecture, the authentication-authorization system for a mobile communication terminal including a mobile communication terminal, located at a first end and having a first authentication program for executing the authentication-authorization, a plurality of application service programs for providing application services, and a mobile terminal identification data;
- a card, optionally installed in the mobile communication terminal and having a card identification data and a preset code data;
  
  a data management terminal, located at a second end, executing a second authentication program which can provide authentication-authorization and preset code data the same as the one in the card; and
  
  an encoding terminal, located at a third end and executing a third authentication program which can provide authentication-authorization and is responsible for dynamically generating a code data for the authentication-authorization to the card and the data management terminal continuously and randomly according to the request of the data management terminal, the authentication-authorization method for a mobile communication terminal comprises;
  
  activating the mobile communication terminal and installing the card to make the mobile communication terminal in a first connect state and completing initialization;
  
  randomly appointing a data buffer time point by the first authentication program and the second authentication program when the application service program requests executing the authentication-authorization from the first authentication program, and buffering the first code data in the card and a second code data of the data management terminal respectively as a first buffer code data and a second buffer code data in sync when reaching the data buffer time point;
  
  transferring the first buffer code data together with the card identification data and the mobile terminal identification data to the second authentication program by the first authentication program after completing buffering, and carrying out a comparison with the second buffer code data to determine the authentication-authorization result; and
  
  authorizing the first authentication program to allow the requesting application service program to proceed by the second authentication program if matching,in the process of activating the mobile communication terminal and installing the card to make the mobile communication terminal in a first connect state and completing initialization, the method further comprising;
  
  activating the first authentication program by the mobile communication terminal to transfer the mobile terminal identification data to the third authentication program of the encoding terminal, to carry out authentication-authorization for the mobile communication terminal;
  
  reading the card identification data and the preset code data of the card by the first authentication program, transferring them together with the mobile terminal identification data to the second authentication program of the data management terminal to carry out authentication-authorization for the mobile communication terminal;
  
  with the mobile communication terminal staying connected, sending a request by the second authentication program to the third authentication program for starting continuously generating and transferring the code data to the first authentication program, after the mobile communication terminal passes the authentication-authorization of the encoding terminal and the data management terminal, and then storing the code data in the card for being updated to the first code data, and transferring the code data to the second authentication program for being updated to the second code data; and
  
  allowing the first authentication program to accept a call from the application service program to execute authentication-authorization at any time,wherein the part of the third authentication program continuously generating the code data randomly updates and generates the new first code data and the new second code data in a single data accumulation mode, a multi-data-block update mode, an all-data-block update mode, a random deletion update mode, or a random field update mode.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63)
- - 34. The authentication-authorization method and system for a mobile communication terminal as claimed in claim 33, when the mobile communication terminal is in a disconnect state, the method further comprising:
    - ceasing generating the code data by the third authentication program, and at the same time the first authentication program buffering the first code data as a buffer code data;
      
      transferring the mobile terminal identification data by the first authentication program to the third authentication program of the encoding terminal again when the mobile communication terminal resumes connection, to carry out authentication-authorization for the mobile communication terminal;
      
      reading the card identification data and the buffer code data of the card by the first authentication program, then transferring the card identification data and the buffer code data of the card together with the mobile terminal identification data to the second authentication program of the data management terminal to carry out authentication-authorization for the mobile communication terminal;
      
      sending a request by the second authentication program to the third authentication program for continuously re-generating the code data to the first authentication program after the mobile communication terminal passes the authentication-authorization of the encoding terminal and the data management terminal, and storing the code data in the card as the first code data and to the second authentication program as the second code data; and
      
      resuming accepting a call from the application service program for the first authentication program to execute authentication-authorization at any time.
  - 35. The authentication-authorization method for a mobile communication terminal as claimed in claim 34, wherein when the mobile communication terminal is in a disconnect state, the second authentication program requires a random encoding/decoding algorithm randomly changing the encryption/decryption standard.
  - 36. The authentication-authorization method for a mobile communication terminal as claimed in claim 34, wherein when the mobile communication terminal is in a disconnect state, further comprising the step of requiring a random encoding/decoding algorithm randomly changing the encryption/decryption standard at the same time by the third authentication program.
  - 37. The authentication-authorization method for a mobile communication terminal as claimed in claim 34, wherein the buffer code data is randomly selected from the first code data in the memory joined with the first code data in the card by the first authentication program, and is reverted when resuming connection.
  - 38. The authentication-authorization method for a mobile communication terminal as claimed in claim 34, wherein the buffer code data is randomly selected from the first code data in the memory joined with part of the first code data in the card by the third authentication program, and is reverted when resuming connection.
  - 39. The authentication-authorization method for a mobile communication terminal as claimed in claim 34, wherein the third authentication program further comprises transferring a random selection result to the second authentication program for storage, and transferring the random selection result to the first authentication program by the second authentication program to revert the buffer code data when resuming connection.
  - 40. The authentication-authorization method for a mobile communication terminal as claimed in claim 33, wherein the method further comprises the step ofconnecting to more than one application service terminals located at a fourth end, the terminals providing different application services, having a service terminal identification data respectively, and executing a fourth authentication program which can provide authentication -authorization, further including:
    - requiring the mobile communication terminal to request an authentication-authorization when the application service terminal provides an application service, and executing a time verification and randomly appointing a data buffer time point by the first authentication program and the second authentication program, and when reaching the data buffer time point, buffering a first code data in the card and a second code data of the data management terminal respectively as a first buffer code data and a second buffer code data in sync;
      
      after completing buffering, transferring the first buffer code data together with the card identification data and the mobile terminal identification data by the first authentication program to the second authentication program and the fourth authentication program respectively for carrying out a first comparison with the second buffer code data by the second authentication program, and then the fourth authentication program transferring the first buffer code data together with the card identification data and the mobile terminal identification data together with the service terminal identification data to the second authentication program for carrying out a second comparison with the second buffer code data, to determine the authentication-authorization result; and
      
      if matching, authorizing the application service terminal making a request to resume providing an application service to the first authentication program.
  - 41. The authentication-authorization method for a mobile communication terminal as claimed in claim 40, wherein the application service terminal is a media download terminal capable of providing a multimedia content to the mobile communication terminal, and the mobile communication terminal further transferring the multimedia content to a multimedia terminal located at a fifth end.
  - 42. The authentication-authorization method for a mobile communication terminal as claimed in claim 40, wherein the application service terminal is a document file download terminal capable of providing a document file content to the mobile communication terminal, and the mobile communication terminal further transferring the document file content to the multimedia terminal located at the fifth end.
  - 43. The authentication-authorization method for a mobile communication terminal as claimed in claim 40, wherein the application service terminal is a software file download terminal for providing a software file content to the mobile communication terminal, and the mobile communication terminal further transferring the software file content to the multimedia terminal located at the fifth end.
  - 44. The authentication-authorization method for a mobile communication terminal as claimed in claim 33, when the application service program requests the first authentication program executing authentication-authorization, further comprising requiring the first authentication program and the third authentication program to execute the time synchronization program by the second authentication program, to generate a reference time point as a time reference of the authentication-authorization.
  - 45. The authentication-authorization method for a mobile communication terminal as claimed in claim 33, wherein the third authentication program further comprises randomly determining a split pattern of the code data for splitting the code data, and transferring the split code data to the first authentication program and the second authentication program through more than one data transmission channel respectively for reverting the split code data as the code data.
  - 46. The authentication-authorization method for a mobile communication terminal as claimed in claim 45, wherein the split pattern is selected from a group consisting of data length, data field, and data bits.
  - 47. The authentication-authorization method for a mobile communication terminal as claimed in claim 45, wherein the data transmission channel is selected from a group consisting of satellite communication, Internet communication, and mobile network communication.
  - 48. The authentication-authorization method for a mobile communication terminal as claimed in claim 33, wherein the first code data is directly received from the second authentication program or from the third authentication program.
  - 49. The authentication-authorization method for a mobile communication terminal as claimed in claim 33, when accessing the first code data or the second code data, further comprising accessing after carrying out the encryption/decryption in an encryption/decryption standard through a random encoding/decoding algorithm and the encryption/decryption standard is selected from the group consisting of a symmetric encryption/decryption standard and an asymmetric encryption/decryption standard.
  - 50. The authentication-authorization method for a mobile communication terminal as claimed in claim 33, wherein the application service program is a website login application service program connected to a website servo terminal for carrying out website login application service or an identification application service program connected to an access security terminal for carrying out access control application service.
  - 51. The authentication-authorization method for a mobile communication terminal as claimed in claim 33, wherein the application service program is a network upload application service program connected to a network upload terminal for carrying out network upload application service, a network download application service program connected to a network download terminal for carrying out network download application service or a document upload/download application service program connected to a document file transmission terminal for carrying out document receipt/forwarding application service.
  - 52. The authentication-authorization method for a mobile communication terminal as claimed in claim 33, wherein the card is a chip card or a SIM.
  - 53. The authentication-authorization method for a mobile communication terminal as claimed in claim 33, wherein the second authentication program further comprises requesting the first authentication program and the third authentication program to execute the time synchronization program and re-generate the new reference time point in an aperiodic and random manner.
  - 54. The authentication-authorization method for a mobile communication terminal as claimed in claim 33, wherein the second authentication program further comprises re-generating the new reference time point driven by the third authentication program.
  - 55. The authentication-authorization method for a mobile communication terminal as claimed in claim 33, wherein the second authentication program further comprises spot-checking and authenticating the validity of the reference time point of the first authentication program and the third authentication program in an aperiodic and random manner.
  - 56. The authentication-authorization method for a mobile communication terminal as claimed in claim 55, wherein when the result of the second authentication program spot-checking and authenticating the reference time point of the first authentication program and/or the third authentication program is incorrect, the second authentication program sends a signal to a management-and-control terminal located at a sixth end for determining the risk mode through a data comparison.
  - 57. The authentication-authorization method for a mobile communication terminal as claimed in claim 33, wherein the first code data is distributedly stored in a random selection manner through the first authentication program, such that the first code data is stored in the card and a memory of the mobile communication terminal respectively.
  - 58. The authentication-authorization method for a mobile communication terminal as claimed in claim 33, wherein the second code data is distributedly stored in a random selection manner through the second authentication program, such that the second code data is stored in the code database and a storage region of the data management terminal respectively.
  - 59. The authentication-authorization method for a mobile communication terminal as claimed in claim 33, wherein the first buffer code data is randomly selected from the first code data in the card and the first code data in the memory.
  - 60. The authentication-authorization method for a mobile communication terminal as claimed in claim 33, wherein the second buffer code data is randomly selected from the second code data in the code database and the second code data in the storage region.
  - 61. The authentication-authorization method for a mobile communication terminal as claimed in claim 33, wherein the process of carrying out the comparison between the first buffer code data and the second buffer code data further comprises randomly extracting a part of code data of the first buffer code data and the second buffer code data for carrying out the comparison by the second authentication program, to determine the authentication-authorization result.
  - 62. The authentication-authorization method first buffer code data and the second buffer code data for carrying out the comparison by for a mobile communication terminal as claimed in claim 33, wherein the method further comprises a buffer data storage terminal, located at the seventh end, for backing up the first buffer code data transferred by the first authentication program and the second buffer code data transferred by the second authentication program in sync at each comparison.
  - 63. The authentication-authorization method for a mobile communication terminal as claimed in claim 33, wherein when the mobile communication terminal is in a disconnect state, the third authentication program requires a random encoding/decoding algorithm randomly changing the encryption/decryption standard.

64. An authentication-authorization method for a mobile communication terminal, applied in an authentication-authorization system for a mobile communication terminal of a Mobile Internet architecture, the authentication-authorization system for a mobile communication terminal including a mobile communication terminal, located at a first end and having a first authentication program for executing the authentication-authorization, a plurality of application service programs for providing application services, and a mobile terminal identification data a card, optionally installed in the mobile communication terminal and having a card identification data and a preset code data a data management terminal, located at a second end, executing a second authentication program which can provide authentication-authorization and preset code data the same as the one in the card;
- and an encoding terminal, located at a third end and executing a third authentication program which can provide authentication-authorization and is responsible for dynamically generating a code data for the authentication-authorization to the card and the data management terminal continuously and randomly according to the request of the data management terminal, the authentication -authorization method for a mobile communication terminal comprises;
  
  activating the mobile communication terminal and installing the card to make the mobile communication terminal in a first connect state and completing initialization;
  
  randomly appointing a data buffer time point by the first authentication program and the second authentication program when the application service program requests executing the authentication-authorization from the first authentication program, and buffering the first code data in the card and a second code data of the data management terminal respectively as a first buffer code data and a second buffer code data in sync when reaching the data buffer time point;
  
  transferring the first buffer code data together with the card identification data and the mobile terminal identification data to the second authentication program by the first authentication program after completing buffering, and carrying out a comparison with the second buffer code data to determine the authentication-authorization result; and
  
  authorizing the first authentication program to allow the requesting application service program to proceed by the second authentication program if matching,in the process of activating the mobile communication terminal and installing the card to make the mobile communication terminal in a first connect state and completing initialization, the method further comprising;
  
  activating the first authentication program by the mobile communication terminal to transfer the mobile terminal identification data to the third authentication program of the encoding terminal, to carry out authentication-authorization for the mobile communication terminal;
  
  reading the card identification data and the preset code data of the card by the first authentication program, transferring them together with the mobile terminal identification data to the second authentication program of the data management terminal to carry out authentication-authorization for the mobile communication terminal;
  
  with the mobile communication terminal staying connected, sending a request by the second authentication program to the third authentication program for starting continuously generating and transferring the code data to the first authentication program, after the mobile communication terminal passes the authentication-authorization of the encoding terminal and the data management terminal, and then storing the code data in the card for being updated to the first code data, and transferring the code data to the second authentication program for being updated to the second code data; and
  
  allowing the first authentication program to accept a call from the application service program to execute authentication-authorization at any time,wherein the part of the third authentication program continuously generating the code data further comprises allocating the time for transmitting the code data to the first authentication program and the second authentication program according the actual data flow.

65. An authentication-authorization method for a mobile communication terminal, applied in an authentication-authorization system for a mobile communication terminal of a Mobile Internet architecture, the authentication-authorization system for a mobile communication terminal including a mobile communication terminal, located at a first end and having a first authentication program for executing the authentication-authorization, a plurality of application service programs for providing application services, and a mobile terminal identification data a card, optionally installed in the mobile communication terminal and having a card identification data and a preset code data a data management terminal, located at a second end, executing a second authentication program which can provide authentication-authorization and preset code data the same as the one in the card;
- and an encoding terminal, located at a third end and executing a third authentication program which can provide authentication-authorization and is responsible for dynamically generating a code data for the authentication-authorization to the card and the data management terminal continuously and randomly according to the request of the data management terminal, the authentication-authorization method for a mobile communication terminal comprises;
  
  activating the mobile communication terminal and installing the card to make the mobile communication terminal in a first connect state and completing initialization;
  
  randomly appointing a data buffer time point by the first authentication program and the second authentication program when the application service program requests executing the authentication-authorization from the first authentication program, and buffering the first code data in the card and a second code data of the data management terminal respectively as a first buffer code data and a second buffer code data in sync when reaching the data buffer time point;
  
  transferring the first buffer code data together with the card identification data and the mobile terminal identification data to the second authentication program by the first authentication program after completing buffering, and carrying out a comparison with the second buffer code data to determine the authentication-authorization result; and
  
  authorizing the first authentication program to allow the requesting application service program to proceed by the second authentication program if matching, in the process of activating the mobile communication terminal and installing the card to make the mobile communication terminal in a first connect state and completing initialization, the method further comprising;
  
  activating the first authentication program by the mobile communication terminal to transfer the mobile terminal identification data to the third authentication program of the encoding terminal, to carry out authentication-authorization for the mobile communication terminal;
  
  reading the card identification data and the preset code data of the card by the first authentication program, transferring them together with the mobile terminal identification data to the second authentication program of the data management terminal to carry out authentication -authorization for the mobile communication terminal;
  
  with the mobile communication terminal staying connected, sending a request by the second authentication program to the third authentication program for starting continuously generating and transferring the code data to the first authentication program, after the mobile communication terminal passes the authentication-authorization of the encoding terminal and the data management terminal, and then storing the code data in the card for being updated to the first code data, and transferring the code data to the second authentication program for being updated to the second code data; and
  
  allowing the first authentication program to accept a call from the application service program to execute authentication-authorization at any time,wherein the part of the third authentication program continuously generating the code data randomly determines the time point of generating the code data through the third authentication program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Min-Chieh Su
Original Assignee
Min-Chieh Su
Inventors
Su, Min-Chieh
Primary Examiner(s)
Reagan; James A

Application Number

US11/448,389
Publication Number

US 20060242404A1
Time in Patent Office

1,651 Days
Field of Search

705/64, 705/65, 705/67, 705/75, 705/76, 705/78, 705/79, 713/155, 713/156, 713/157, 713/158, 713/159, 726/1, 726/5, 726/17, 726/21
US Class Current

705/67
CPC Class Codes

G06Q 20/027   involving a payment switch ...

G06Q 20/0855   involving a third party

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/401   Transaction verification

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 63/0853   using an additional device,...

H04L 9/12   Transmitting and receiving ...

H04L 9/321   involving a third party or ...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/71   Hardware identity

H04W 12/72   Subscriber identity

Authentication-authorization system for mobile communication terminal and method therefor

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

9 Citations

65 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication-authorization system for mobile communication terminal and method therefor

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

65 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links