1. Field of Invention
The present invention relates to an authentication-authorization system and a method therefor, and more particularly, to a system and method for carrying out a bidirectional authentication-authorization or multiple authentication-authorizations between a mobile communication terminal and a data management terminal through randomly generating a code data.
2. Related Art
At present, Internet and mobile telecommunication are the two of the technical fields experiencing the fastest development, and application service based on the combination of the two technical fields will become a main trend of future development.
In fact, plenty of application services have already entered the Internet from the mobile telecommunication network. For example, users can browse a website if having a mobile communication terminal connected to an Internet website, or can receive Internet information, such as finance information, weather information, and consumption information, if having a mobile communication terminal through a message transfer system. Nowadays, with wider relevant application services between the mobile telecommunication and the Internet together with the increasing convenience of the mobile communication terminal, it can be predicted that the number of users using Internet application services depended on mobile communication terminals will grow in at a ten-fold speed.
In the past, with the development of Internet-related application service, the quality of the authentication-authorization mechanism was a critical factor for determining whether an application service could be accepted by users. As most authentication-authorization mechanisms adopt a single unidirectional authentication mode, the mechanisms may be cracked easily after a certain time by those who intend to do so, affecting the security of the application service. Many authentication-authorization mechanisms emphasized to be more secure and reliable were proposed later, but they still adopt the single unidirectional authentication-authorization mode. In other words, the mechanisms will eventually be cracked, no matter how long it takes, and the security and reliability of the authentication-authorization cannot be guaranteed either.
As mentioned above, the combination of the Internet and the mobile telecommunication is a trend. Therefore, in the development of relevant application service, it is also very important to provide a complete, intact, and reliable authentication-authorization mechanism. Of course, it is most important to provide a mechanism with the characteristic of a bidirectional dynamic authentication-authorization technology, as the illegal behavior of those who intend to crack the mechanism can be prevented only by carrying out authentication-authorization through randomly generating an authentication data.