Abstract: An authentication server enrolls a user’s mobile device as a trusted device with a vendor software after verifying the network ID of the user’s mobile device. The authentication server associates the network ID in an authentication entry with authentication information such as a push notification token and cryptographic key. Later, when the user attempts to log in to the vendor software, the authentication server may attempt to cryptographically authenticate the user. Otherwise, the authentication server may use the push notification token to transmit an OTP to the user’s mobile device as a push notification.

Abstract: An authentication server enrolls a user's mobile device as a trusted device with a vendor software after verifying the network ID of the user's mobile device. The authentication server associates the network ID in an authentication entry with authentication information such as a push notification token and cryptographic key. Later, when the user attempts to log in to the vendor software, the authentication server may attempt to cryptographically authenticate the user. Otherwise, the authentication server may use the push notification token to transmit an OTP to the user's mobile device as a push notification.

Abstract: A one-time password (OTP) is transmitted to an authorized wireless device for use an authentication factor, even though the OTP may be intercepted or otherwise viewed with an unauthorized device. When a secure request is initiated that requires entry of an OTP as an authentication factor, a hyperlink is transmitted to a wireless device from which the secure request is initiated. When the hyperlink is selected, a connection is established with an entity that determines mobile number information associated with the SSL connection. Comparison of the determined mobile number information and the mobile number of the wireless device to which the hyperlink was intended to be sent indicates whether the wireless device that has established the SSL connection is the authorized wireless device. The OTP is displayed on the wireless device after that device has been verified as the authorized wireless device.

Abstract: A mobile network based authentication system for authenticating a user's access to a restricted-access account includes an application server and an identification server. The application server is configured to authenticate the user's access to the restricted-access account by transmitting a one-time password to a mobile computing device of the user and confirming that the one-time password has been entered by the user. The identification server communicates with the application server after the application server receives a request from the user to access the restricted-access account and before the application transmits the one-time password to the mobile device, to verify that an attribute of the restricted-access account is linked to a network identification of the mobile computing device.

Abstract: An authorization process employs a network ID as a possession factor for a secure account, such as a bank account or e-mail account, and determines one or more risk indicators associated with the possession factor. The authorization process is successfully completed when a risk score that is based on the risk indicators is less than a certain risk threshold. The risk indicators include a device history of the network ID and/or at least one attribute of a cellular account associated with the network ID. The device history identifies other mobile devices and/or SIM cards, if any, that have been previously activated with the network ID, while the one or more attributes can further indicate potentially fraudulent activity associated with the cellular account through which wireless services for the network ID are currently provided.

Abstract: An authentication server enrolls a user's mobile device as a trusted device with a vendor software after verifying the network ID of the user's mobile device. The authentication server associates the network ID in an authentication entry with authentication information such as a push notification token and cryptographic key. Later, when the user attempts to log in to the vendor software, the authentication server may attempt to cryptographically authenticate the user. Otherwise, the authentication server may use the push notification token to transmit an OTP to the user's mobile device as a push notification.

Abstract: A computer-implemented method of authenticating a user logged into a restricted-access account over a computer network, includes the steps of: receiving a request to authenticate the user over the computer network; verifying that authentication data of the user matches verification data that is acquired over the computer network and associated with a network identification of a mobile device that is linked to the restricted-access account of the user; verifying that a location of an IP address from which the user is accessing the restricted-access account matches a current location of the mobile device; and authenticating the user upon determining that the authentication data of the user matches the verification data and the location of the IP address matches the current location.

Abstract: A mobile number of a mobile device can be employed as an authorization factor when the mobile device is connected to a WLAN. When a user attempts to interact with a restricted access server via the mobile device, verification functions loaded on the mobile device determine whether the mobile device is connected to a WLAN. If so, the verification functions cause the mobile device to open a port on the cellular network interface of the mobile device and transmit data packets to a mobile device identification server via a cellular network. The mobile device identification server can then determine the mobile number of the mobile device based on the cellular network IP address of the mobile device, and transmit the mobile number to the restricted access server as an authentication factor.

Abstract: An authorization process employs a network ID as a possession factor for a secure account, such as a bank account or e-mail account, and determines one or more risk indicators associated with the possession factor. The authorization process is successfully completed when a risk score that is based on the risk indicators is less than a certain risk threshold. The risk indicators include a device history of the network ID and/or at least one attribute of a cellular account associated with the network ID. The device history identifies other mobile devices and/or SIM cards, if any, that have been previously activated with the network ID, while the one or more attributes can further indicate potentially fraudulent activity associated with the cellular account through which wireless services for the network ID are currently provided.

Abstract: The device history of a mobile telephone number, or “mobile number,” is tracked to facilitate detection of risk indicators associated with the mobile number by an application server or other authentication entity. When access to a secure account is requested from a mobile device that is activated with the mobile number, certain risk indicators can be determined based on the tracked device history of the mobile number. A history is tracked of cellular devices that have been previously activated with a particular mobile number and when each such cellular device was activated with the mobile number. When a user performs an activity with a mobile device that requires authentication based on a mobile number of the mobile device, such as an online access, risk indicators associated with the mobile number can be detected and acted on accordingly.

Abstract: Identity matching via a mobile device is facilitated when a user attempts to access a restricted-access account with the mobile device. The identity of the user is verified based on the mobile number of the mobile device, personal identifying information provided by the user, user information for the mobile account associated with the mobile number, and user information from a credit bureau. The user information for the mobile account can be retrieved from the mobile carrier that provides the mobile account, and the user information from the credit bureau can be determined based on the user information for the mobile account. Thus, an authorization entity can verify that the identity of the user attempting to access the restricted-access account matches the identity of the holder of the account, even when the holder of the account is not the primary name associated with the mobile account for the mobile device.

Abstract: The network ID of a mobile device can be securely employed as a possession factor. When an access to a restricted access application server or a restricted access account on the application server is attempted via a computing device, and possession of a mobile device programmed with a network ID is employed as a verification factor, the application server or a network ID monitoring server can determine whether certain information associated with the network ID has been changed within a predetermined time interval, indicating potentially fraudulent activity. Based on the presence or absence of recent changes in the information associated with the network ID, the user activity is either authorized or denied.

Abstract: A one-time password (OTP) is transmitted to an authorized wireless device for use an authentication factor, even though the OTP may be intercepted or otherwise viewed with an unauthorized device. When a secure request is initiated that requires entry of an OTP as an authentication factor, a hyperlink is transmitted to a wireless device from which the secure request is initiated. When the hyperlink is selected, a connection is established with an entity that determines mobile number information associated with the SSL connection. Comparison of the determined mobile number information and the mobile number of the wireless device to which the hyperlink was intended to be sent indicates whether the wireless device that has established the SSL connection is the authorized wireless device. The OTP is displayed on the wireless device after that device has been verified as the authorized wireless device.

Abstract: A location alert management server includes a storage device in which user data is stored, the user data including tokens, each of which is stored in association with a mobile device and an application of a service provider that is installed in the mobile device, and a processor that determines, in response to a first location alert and based on a first token included in the first location alert, that the first location alert is issued by a first mobile device that has installed therein a first application of a first service provider, and issues a second location alert for transmission to a server of the first service provider. The first mobile device issues the first location alert according to location monitoring rules of the first service provider which are stored in the first mobile device, and the second location alert includes identifying information of the first mobile device.

Abstract: The network ID of a mobile device can be securely employed as a possession factor or as an identifier of a mobile device that is authorized to receive a funds transfer. When an access to a restricted access application server or a restricted access account on the application server is attempted via a computing device, and possession of a mobile device programmed with a network ID is employed as a verification factor, the application server or a risk indicator server can determine whether certain changes in information associated with the network ID and one or more attributes of a cellular account associated with the network ID are risk indicators. Based on the presence or absence of such risk indicators associated with the network ID, the user activity is either authorized or denied.

Abstract: A method of locating a user of a wireless communication device who has roamed out of network, includes the steps of receiving an identifier of a mobile switching center (MSC ID) that is serving the user out of network, transmitting a request for user location data to the mobile switching center, the request including an identifier of the wireless communication device, and determining a location of the user based on the user location data received from the mobile switching center. The user location data includes an identifier of a cell (cell ID) within the mobile switching center, and the location of the user is determined based on the cell ID.

Abstract: A location alert management server includes a storage device in which user data is stored, the user data including tokens, each of which is stored in association with a mobile device and an application of a service provider that is installed in the mobile device, and a processor that determines, in response to a first location alert and based on a first token included in the first location alert, that the first location alert is issued by a first mobile device that has installed therein a first application of a first service provider, and issues a second location alert for transmission to a server of the first service provider. The first mobile device issues the first location alert according to location monitoring rules of the first service provider which are stored in the first mobile device, and the second location alert includes identifying information of the first mobile device.

Abstract: A user activity, which may be a debit or credit card transaction or an online access, is approved, or proximity between two users is confirmed, based on a response or other acknowledgement from a mobile subscriber terminal. The mobile subscriber terminal acknowledgement is generated in response to a query from an authorizing entity associated with the debit or credit card, or another mobile subscriber terminal, and indicates whether or not the mobile subscriber terminal is within a maximum allowable radius from a specific location included in the query. It is noted that no specific location information is included in the mobile subscriber terminal acknowledgement. An application downloaded to the mobile subscriber terminal may generate the above-described acknowledgement.

Abstract: A mobile device includes a storage device in which an application software of a third party service provider and rules associated with the application software are stored, a network interface, a sensor configured to detect a location of the mobile device, and a processor configured to generate a location alert to be transmitted through the network interface according to the rules. The mobile device implements the rules for location-based alerts therein such that the frequency of the alerts is carefully controlled and the power supply of the mobile device is efficiently utilized.

Abstract: A fraudulent online payment transaction involving a stolen account number is prevented via a multiple factor authentication of the transaction. When an online payment transaction is initiated from a computing device, a mobile device that is associated with the account is employed as a physical token, and the online payment transaction is authorized based on possession of the mobile device. Real-time information associated with the user initiating the online payment transaction and real-time information associated with the mobile device are employed to verify user identity and user location. User identity is verified by comparing the name associated with the online payment transaction with the name that is currently registered as the user name for a mobile device. User location is verified by comparing the location at which the online payment transaction is initiated with the current location detected for the mobile device.