Abstract: An authentication server enrolls a user's mobile device as a trusted device with a vendor software after verifying the network ID of the user's mobile device. The authentication server associates the network ID in an authentication entry with authentication information such as a push notification token and cryptographic key. Later, when the user attempts to log in to the vendor software, the authentication server may attempt to cryptographically authenticate the user. Otherwise, the authentication server may use the push notification token to transmit an OTP to the user's mobile device as a push notification.

Abstract: A one-time password (OTP) is transmitted to an authorized wireless device for use an authentication factor, even though the OTP may be intercepted or otherwise viewed with an unauthorized device. When a secure request is initiated that requires entry of an OTP as an authentication factor, a hyperlink is transmitted to a wireless device from which the secure request is initiated. When the hyperlink is selected, a connection is established with an entity that determines mobile number information associated with the SSL connection. Comparison of the determined mobile number information and the mobile number of the wireless device to which the hyperlink was intended to be sent indicates whether the wireless device that has established the SSL connection is the authorized wireless device. The OTP is displayed on the wireless device after that device has been verified as the authorized wireless device.

Abstract: An authorization process employs a network ID as a possession factor for a secure account, such as a bank account or e-mail account, and determines one or more risk indicators associated with the possession factor. The authorization process is successfully completed when a risk score that is based on the risk indicators is less than a certain risk threshold. The risk indicators include a device history of the network ID and/or at least one attribute of a cellular account associated with the network ID. The device history identifies other mobile devices and/or SIM cards, if any, that have been previously activated with the network ID, while the one or more attributes can further indicate potentially fraudulent activity associated with the cellular account through which wireless services for the network ID are currently provided.

Abstract: A mobile number of a mobile device can be employed as an authorization factor when the mobile device is connected to a WLAN. When a user attempts to interact with a restricted access server via the mobile device, verification functions loaded on the mobile device determine whether the mobile device is connected to a WLAN. If so, the verification functions cause the mobile device to open a port on the cellular network interface of the mobile device and transmit data packets to a mobile device identification server via a cellular network. The mobile device identification server can then determine the mobile number of the mobile device based on the cellular network IP address of the mobile device, and transmit the mobile number to the restricted access server as an authentication factor.

Abstract: The network ID of a mobile device can be securely employed as a possession factor. When an access to a restricted access application server or a restricted access account on the application server is attempted via a computing device, and possession of a mobile device programmed with a network ID is employed as a verification factor, the application server or a network ID monitoring server can determine whether certain information associated with the network ID has been changed within a predetermined time interval, indicating potentially fraudulent activity. Based on the presence or absence of recent changes in the information associated with the network ID, the user activity is either authorized or denied.

Abstract: A location alert management server includes a storage device in which user data is stored, the user data including tokens, each of which is stored in association with a mobile device and an application of a service provider that is installed in the mobile device, and a processor that determines, in response to a first location alert and based on a first token included in the first location alert, that the first location alert is issued by a first mobile device that has installed therein a first application of a first service provider, and issues a second location alert for transmission to a server of the first service provider. The first mobile device issues the first location alert according to location monitoring rules of the first service provider which are stored in the first mobile device, and the second location alert includes identifying information of the first mobile device.

Abstract: The network ID of a mobile device can be securely employed as a possession factor or as an identifier of a mobile device that is authorized to receive a funds transfer. When an access to a restricted access application server or a restricted access account on the application server is attempted via a computing device, and possession of a mobile device programmed with a network ID is employed as a verification factor, the application server or a risk indicator server can determine whether certain changes in information associated with the network ID and one or more attributes of a cellular account associated with the network ID are risk indicators. Based on the presence or absence of such risk indicators associated with the network ID, the user activity is either authorized or denied.

Abstract: A user activity, which may be a debit or credit card transaction or an online access, is approved, or proximity between two users is confirmed, based on a response or other acknowledgement from a mobile subscriber terminal. The mobile subscriber terminal acknowledgement is generated in response to a query from an authorizing entity associated with the debit or credit card, or another mobile subscriber terminal, and indicates whether or not the mobile subscriber terminal is within a maximum allowable radius from a specific location included in the query. It is noted that no specific location information is included in the mobile subscriber terminal acknowledgement. An application downloaded to the mobile subscriber terminal may generate the above-described acknowledgement.

Abstract: A mobile device includes a storage device in which an application software of a third party service provider and rules associated with the application software are stored, a network interface, a sensor configured to detect a location of the mobile device, and a processor configured to generate a location alert to be transmitted through the network interface according to the rules. The mobile device implements the rules for location-based alerts therein such that the frequency of the alerts is carefully controlled and the power supply of the mobile device is efficiently utilized.

Abstract: A user activity, which may be a credit card transaction or an on-line access, is approved based on the user's location at the time of the transaction or access. If the transaction or access is denied, the user may call or send a text message to the authorizing entity to permit the authorizing entity to determine the user's location. Then, the authorizing entity transmits a request to locate the user and receives location data indicating the location of the user in response thereto. If the user location is within a predetermined proximity to the location of the user activity, the user activity is authorized.