Title:
METHOD AND SYSTEM FOR AUTHORIZING TRANSACTIONS BASED ON DEVICE LOCATION
Kind Code:
A1


Abstract:
Aspects of a method and system for authorizing network transactions based on device location are provided. In this regard, a request may be received to approve a transaction that was initiated from a first communication device and comprises a need to access an account. In response to the request, a second communication device that is associated with the account may be determined, and it may be determined whether to approve the transaction based on received data relating to the identity and location of the second communication device. The transaction may be associated with the second communication device via a database stored on the location server. The transaction may be approved in instances that the first communication device is in a location associated, via the database, with the second communication device. The transaction may be approved in instances that the first communication device is in substantially the same location as the second communication device.



Inventors:
Buer, Mark (Gilbert, AZ, US)
Abraham, Charles (Los Gatos, CA, US)
Garrett, David (Tustin, CA, US)
Karaoguz, Jeyhan (Irvine, CA, US)
Lundgren, David (Mill Valley, CA, US)
Murray, David (Mission Viejo, CA, US)
Application Number:
12/748106
Publication Date:
08/18/2011
Filing Date:
03/26/2010
Primary Class:
Other Classes:
705/43, 705/44, 726/4
International Classes:
G06F7/04; G06Q40/00; G06Q30/00
View Patent Images:
Related US Applications:



Primary Examiner:
AMSDELL, DANA
Attorney, Agent or Firm:
STERNE, KESSLER, GOLDSTEIN & FOX P.L.L.C. (WASHINGTON, DC, US)
Claims:
What is claimed is:

1. A method for networking, the method comprising: in connection with a location server: receiving a request to approve a transaction, wherein said transaction was initiated from a first communication device and comprises a need to access an account; determining a second communication device associated with said account; receiving data relating to an identity and location of said second communication device; and determining whether to approve said transaction based on said data relating to said identity and location of said second communication device.

2. The method according to claim 1, wherein said transaction is associated with said second communication device via a database stored on said location server.

3. The method according to claim 2, comprising approving said transaction in instances that said first communication device is in a location associated, via said database, with said second communication device.

4. The method according to claim 1 comprising approving said transaction in instances that said first communication device is in substantially the same location as said second communication device.

5. The method according to claim 1, wherein said first communication device is an automated teller machine or point-of-sale terminal.

6. The method according to claim 1, wherein said transaction comprises an electronic payment or funds transfer from a financial account.

7. The method according to claim 6, comprising determining whether to approve said transaction based on rules and/or preferences established by a provider of said financial account.

8. The method according to claim 1, comprising determining whether to approve said transaction based on rules and/or preferences established for a location based services account associated with said second communication device.

9. The method according to claim 1, comprising receiving said request from a server that is processing said transaction.

10. The method according to claim 9, comprising communicating a result of said determination to said server that is processing said transaction.

11. The method according to claim 1, wherein said data relating to an identity and location of said second communication device is received from a trusted subsystem within said second communication device.

12. A system for networking, the system comprising: one or more circuits and/or processors for use in connection with a location server, said one or more circuits and/or processors being operable to: receive a request to approve a transaction, wherein said transaction was initiated from a first communication device and comprises a need to access an account; determine a second communication device associated with said account; receive data relating to an identity and location of said second communication device; and determine whether to approve said transaction based on said data relating to an identity and location of said second communication device.

13. The system according to claim 12, wherein said transaction is associated with said first communication device via a database stored on said location server.

14. The system according to claim 13, wherein said one or more circuits are operable to approve said transaction in instances that said first communication device is in a location associated, via said database, with said second communication device.

15. The system according to claim 12 wherein said one or more circuits are operable to approve said transaction in instances that said first communication device is in substantially the same location as said second communication device.

16. The system according to claim 12, wherein said first communication device is an automated teller machine or point-of-sale terminal.

17. The system according to claim 12, wherein said transaction comprises an electronic payment or funds transfer from a financial account.

18. The system according to claim 17, wherein said one or more circuits are operable to determine whether to approve said transaction based on rules and/or preferences established by a provider of said financial account.

19. The system according to claim 12, wherein said one or more circuits are operable to determine whether to approve said transaction based on rules and/or preferences established for a location based services account associated with said second communication device.

20. The system according to claim 12, wherein said one or more circuits are operable to receive said request from a server that is processing said transaction.

21. The system according to claim 20, wherein said one or more circuits are operable to communicate a result of said determination to said server that is processing said transaction.

22. The system according to claim 12, wherein said data relating to an identity and location of said second communication device is received from a trusted subsystem within said second communication device.

Description:

CROSS-REFERENCE TO RELATED APPLICATIONS/INCORPORATION BY REFERENCE

This patent application makes reference to, claims priority to and claims benefit from:

U.S. Provisional Patent Application Ser. No. 61/304,947 (Attorney Docket No. 20997US01) filed on Feb. 16, 2010;

U.S. Provisional Patent Application Ser. No. 61/312979 (Attorney Docket No. 21007US01) filed on Mar. 11, 2010;

U.S. Provisional Patent Application Ser. No. 61/312,994 (Attorney Docket No. 21008US01) filed on Mar. 11, 2010;

U.S. Provisional Patent Application Ser. No. 61/303,794 (Attorney Docket No. 21009US01) filed on Feb. 12, 2010; and

U.S. Provisional Patent Application Ser. No. 61/309260 (Attorney Docket No. 21024US01) filed on Mar. 1, 2010.

This Application also makes reference to:

U.S. patent application Ser. No. ______ (Attorney Docket No. 20997US02) filed on even date herewith;

U.S. patent application Ser. No. ______ (Attorney Docket No. 21008US02) filed on even date herewith;

U.S. patent application Ser. No. ______ (Attorney Docket No. 21009US02) filed on even date herewith; and

U.S. patent application Ser. No. ______ (Attorney Docket No. 21024US02) filed on even date herewith.

Each of the above stated applications is hereby incorporated herein by reference in its entirety.

FIELD OF THE INVENTION

Certain embodiments of the invention relate to networking. More specifically, certain embodiments of the invention relate to a method and system for authorizing transactions based on device location.

BACKGROUND OF THE INVENTION

The security of electronic networks continues to grow in importance as more and more sensitive information is stored electronically communicated via such electronic networks. Businesses seeking to protect trade secrets and individuals seeking to protect their credit and identity are two primary forces driving the need for stronger network security. In this regard, the fact that such problems are prevalent today illustrates may be an indication that traditional security techniques such as username/password requirements and various encryption techniques are insufficient in many instances.

Further limitations and disadvantages of conventional and traditional approaches will become apparent to one of skill in the art, through comparison of such systems with some aspects of the present invention as set forth in the remainder of the present application with reference to the drawings.

BRIEF SUMMARY OF THE INVENTION

A system and/or method is provided for authorizing network transactions based on device location, substantially as illustrated by and/or described in connection with at least one of the figures, as set forth more completely in the claims.

These and other advantages, aspects and novel features of the present invention, as well as details of an illustrated embodiment thereof, will be more fully understood from the following description and drawings.

BRIEF DESCRIPTION OF SEVERAL VIEWS OF THE DRAWINGS

FIG. 1 is a block diagram illustrating an exemplary communication system that enables authorization of transactions based on device location, in accordance with an embodiment of the invention.

FIG. 2 is a block diagram illustrating an exemplary communication device that may enable and/or utilize location based services, in accordance with an embodiment of the invention.

FIG. 3 is a block diagram illustrating an exemplary location server, in accordance with an embodiment of the invention.

FIG. 4 is a flow chart illustrating exemplary steps for authorizing transactions based on device location, in accordance with an embodiment of the invention.

DETAILED DESCRIPTION OF THE INVENTION

Certain embodiments of the invention may be found in a method and system authorizing network transactions based on device location. In various embodiments of the invention, a request may be received to approve a transaction that was initiated from a first communication device and comprises a need to access an account. In response to the request, a second communication device that is associated with the account may be determined, and it may be determined whether to approve the transaction based on received data relating to the identity and location of the second communication device. The transaction may be associated with the second communication device via a database stored on the location server. The transaction may be approved in instances that the first communication device is in a location associated, via the database, with the second communication device. The transaction may be approved in instances that the first communication device is in substantially the same location as the second communication device. The first communication device may be an automated teller machine or point-of-sale terminal. The transaction may comprise an electronic payment or funds transfer from a financial account. Whether to approve the transaction may be determined based on rules and/or preferences established by a provider of the financial account. Whether to approve the transaction may be determined based on rules and/or preferences established for a location based services account associated with the second communication device. The request may be received from a server that is processing the transaction. A result of the determination may be communicated to the server that is processing the transaction.

FIG. 1 is a block diagram illustrating an exemplary communication system that enables authorizing transactions based on device location, in accordance with an embodiment of the invention. Referring to FIG. 1, there is shown a communication system 100 comprising a communication device 104, a point-of-sale (POS) terminal 102, a mobile core network 110, wireless access points (APs) 112a and 112b, a cellular basestation (BS) 114, a Worldwide Interoperability for Microwave Access (WiMAX) BS 116, a broadcast tower 118, a Global Navigation Satellite Systems (GNSS) network 120, a plurality of GNSS satellites 122a-122n, the Internet 130, a location server 140, and a satellite reference network (SRN) 150. The communication device 104 may be at a location 106 and the POS terminal 102 may be at a location 108.

The GNSS network 120 may comprise suitable logic, circuitry, interfaces, and/or code that may provide navigation information to land-based devices via satellite links. The GNSS network 120 may provide positioning information via downlink satellite links transmitted to land-based devices, such as the mobile communication device 104, to enable determining their locations. In this regard, the GNSS network 120 may comprise, for example, the plurality of GNSS satellites 122a-122n, each of which is operable to provide satellite transmissions based on a global navigation satellite system (GNSS). Exemplary GNSS systems may comprise, for example, the Global Positioning System (GPS), GLONASS and/or Galileo based satellite system. The plurality of GNSS satellites 122a-122n may directly provide positioning information and/or a land-based device may utilize satellite transmissions from different satellite to determine its location using, for example, triangulation based techniques.

The Internet 130 may comprise a system of interconnected networks and/or devices that enable exchange of information and/or data among a plurality of nodes, based on one or more networking standards, including, for example, Internet Protocols (IP). The Internet 130 may enable, for example, connectivity among a plurality of private and public, academic, business, and/or government nodes and/or networks, wherein the physical connectivity may be provided via the Public Switched Telephone Network (PSTN), utilizing copper wires, fiber-optic cables, wireless interfaces, and/or other standards-based interfaces.

The mobile core network 110 may comprise suitable logic, circuitry, interfaces, and/or code that are operable to provide interfacing and/or connectivity servicing among one or more access networks, which may be provide network accessibility to mobile communication devices, and external data networks such as packet data networks (PDNs) and/or the Internet 130. The mobile communication device 104 may access the mobile core network 110, for example, via the wireless AP 112a, the cellular BS 114, and/or the WiMAX BS 116. The mobile core network 110 may be configured to communicate various data services, which are provided by external data networks, to associated users.

The wireless APs 112a and 112b may each comprise suitable logic, circuitry, interfaces, and/or code that are operable to provide data services to communication devices, such the mobile communication device 104, in adherence with one or more wireless LAN (WLAN) standards such as, for example, IEEE 802.11, 802.11a, 802.11b, 802.11d, 802.11e, 802.11n, 802.11v, and/or 802.11u. The wireless AP 112a may communicate with the mobile core network 110, via one or more links and/or associated devices, for example. The wireless AP 112b may communicate with the Internet 110, via one or more links and/or associated devices, for example. In this manner, the wireless APs 112a and 112b may provide network access to the mobile communication device 104.

The cellular BS 114 may comprise suitable logic, circuitry, interfaces, and/or code that are operable to provide voice and/or data services to communication devices, such as the mobile communication device 104, in adherence with one or more cellular communication standards. Exemplary cellular communication standards may comprise Global System for Mobile communications (GSM), General Packet Radio Services (GPRS), Universal Mobile Telecommunications System (UMTS), Enhanced Data rates for GSM Evolution (EDGE), Enhanced GPRS (EGPRS), and/or 3GPP Long Term Evolution (LTE). The cellular BS 114 may communicate with the mobile core network 110 and/or the Internet 130, via one or more backhaul links and/or associated devices for example. In this manner, the cellular BS 114 may provide network access to the mobile communication device 104.

The WiMAX BS 116 may comprise suitable logic, circuitry, interfaces, and/or code that are operable to provide WiMAX based data services to communication devices, such as the mobile communication devices 104. The WiMAX BS 116 may communicate with the mobile core network 110 and/or the Internet 130, via one or more backhaul links and/or associated devices for example. In this manner, the WiMAX BS 116 may provide network access to the mobile communication device 104.

The broadcast tower 118 may comprise, for example, a terrestrial radio and/or terrestrial television transmitter. In this regard, the broadcast tower 118 may transmit television and/or radio in accordance with one or more broadcast standards such as, for example, AM radio, FM radio, Radio Data Services (RDS or RBDS), the Digital Video Broadcasting (DVB) family of standards, the Advanced Television Systems Committee (ATSC) family of standards, the Integrated Services Digital Broadcasting (ISDB) family of standards, the Digital Terrestrial Multimedia Broadcast (DTMB) family of standards, and the Digital Multimedia Broadcasting (DMB) family of standards.

The server 132 may store private and/or secure information, such as financial information, which may be accessed during a transaction such as an electronic funds transfer or online log-in. For example, the server 132 may store information for credit card holders and may process debits and/or credits to card-holders' accounts. Accordingly, for purposes of this application, the server 132 may be referred to as a “transaction hosting server.”

The location server 140 may comprise suitable logic, circuitry, interfaces, and/or code that are operable to provide and/or support location based services (LBS). In this regard, the location server 140 may store and/or process location related data associated with communication devices and/or users thereof. In this regard, users may register or otherwise establish a location bases services (LBS) account (also referred to as a profile) with the owner and/or operator of the location server 140 and the location server 140 may store information associated with the LBS accounts. LBS accounts or profiles may, for example, be associated with one or more users, one or more communications devices, or a combination thereof. The location related data may be stored in a reference database 142 in the location server 140. The location server 140 may be operable to collect and/or retrieve location related data for the LBS accounts. The location related data may be retrieved from and/or relate to communication devices and/or owners thereof and/or users thereof. The location related data may be updated in a variety of ways. For example, users may be enabled to log in and manually update preferences, rules, and/or other location related data. As another example, the location related data may be updated automatically based on attempted transactions, completed transactions, and/or the age of the data.

The location server 140 may also be operable to access and/or communicate with the SRN 150, for example, to collect and/or update location related data independently and/or autonomously. The SRN 150 may comprise suitable logic, circuitry, interfaces, and/or code that are operable to collect and/or distribute data from GNSS satellites, on a continuous basis. In this regard, the SRN 150 may comprise a plurality of GNSS reference tracking stations located around the world to provide A-GNSS coverage all the time in both a home network and/or any visited network. The SRN 150 may utilize satellite signal received from various GNSS constellations, such as, for example, the plurality of GNSS satellites 122a-122n of the GNSS network 120. The location server 140 may provide location related data when requested to do so.

The location server 140 may be operable to provide location based services (LBS) in the system 100. The location server 140 may be operable to maintain, for example, the reference database 142, which may comprise profile elements corresponding to the mobile communication device 104, and/or users thereof, for example. The location server 140 may be operable to access the SRN 150 to collect GNSS satellite data, and may utilize the collected GNSS satellite data to generate GNSS assistance data (A-GNSS data) pertaining to, and/or associated with the mobile communication device 104. The location server 140 may also be operable to collect and/or retrieve location related data directly from the mobile communication device 104, and/or from other entities that interact with the mobile communication device 104 in the system 100, such as, for example, the wireless AP 112a and/or 112b, the cellular BS 114, and/or the WiMAX 116. The location related data may be stored in the reference database 142. The location server 140 may be operable to communicate the stored location related data when requested to do so. In addition, the reference database 142 maintained in the location server 140 may be modified, refined, and/or updated. The modification may be performed, for example, based on location related data received from the SNR 150, location related data received from the mobile communication device 104 and/or other communication devices in the system 100, and/or based on uses of and/or actions performed in the communication devices. The location related data maintained by the location server 140 may be utilized to augment and/or substitute for location related data received and/or generated based on communication with the GNSS network 120, for example, when communication with the GNSS network 120 is disturbed.

Furthermore, various security protocols and/or procedures may be used and/or implemented within the system 100 to ensure secure exchange of location related data among, for example, devices, such as the communication device 104, associated with LBS accounts and/or devices, such as the transaction processing server 132, seeking to authenticate devices and/or users associated with an LBS account.

The communication device 104 may comprise suitable logic, circuitry, interfaces and/or code to communicate via one or more wired and/or wireless connections. In this regard, the communication device 104 may be operable to transmit and/or receive signals to and/or from one or more of the APs 112a and 112b, the cellular BS 114, the WiMAX BS 116, the GNSS network 120, and the broadcast tower 118. The communication device 104 may comprise, for example, a phone, a laptop, or a personal media player.

The POS terminal 102 may be a means to enable a seller to accept credit card payments, for example. In this regard, the POS terminal 102 may accept financial information, communicate the financial information to the server 132, and provide an indication of whether the transaction is approved or denied based on feedback from the server 132.

In operation, there may be location related data associated with the communication device 104 stored in the database 142 of the location server 140. In this regard, the communication device 104 and/or an owner thereof may have an LBS account (or “profile”) with the owner and/or operator of the location server 140, and the location server 140 may thus provide location based services (LBS) for the communication device 104 and/or user thereof and/or owner thereof.

In an exemplary embodiment of the invention, a credit card associated with an LBS account may be swiped or entered on the POS terminal 102. The POS terminal 102 may send the credit card information to the transaction hosting server 132. In this regard, the server 132 may then attempt to process the payment by checking the card's balance, etc. Upon accessing the credit card account, the server 132 may determine that the credit card account is associated with an LBS account. For example, the credit card holder has enrolled in location based authentication in exchange for a better interest rate or other incentive from the credit card company. Accordingly, the server 132 may send a request to the location server 140 to have the location server 140 authenticate the transaction. The request may include information identifying the location 108 as being the place where the credit card was swiped.

The location server 140 may access an LBS account associated with the credit card account and determine that the communication device 104 is associated with the LBS account. The LBS server 140 may then determine the location of the communication device 104. The location of the communication device 104 may be determined in a variety of ways. In an exemplary embodiment of the invention, the location of the communication device 104 may be determined based on GPS coordinates of the communication device 104 which may be received via the cellular BS 114 and the mobile core network 110. In another exemplary embodiment of the invention, the location of the communication device 104 may be determined based on whether the communication device 104 is in range of one or more transceivers such as the APs 112a and/or 112b, the cellular BS 114, and the WiMax BS 116. Also, the location of the communication device 104 may be determined based on a most recent location determination and/or based on a location determination performed upon receiving the request from the server 132. In the latter situation, the location server 140 may send, via any available means such as the APs 112a and/or 112b, cellular BS, WiMAX BS 116, or the Internet 130, a request to the communication device 104 for the communication device 104 to provide location related data. In response, the communication device 104 may send, via any available means such as the APs 112a and/or 112b, cellular BS 114, WiMAX BS 116, or the Internet 130, its location to the location server 140. The request and/or response may be communicated securely utilizing authentication and/or encryption mechanisms that may prevent spoofing or otherwise tampering with the request and/or response. In this regard, the communication device 104 may comprise a security subsystem that may be operable to communicate reliable and secure location information to the location server 140. The security subsystem may comprise, for example, dedicated hardware and/or one or more secure applications running on the communication device 104.

Upon determining that the communication device 104 is at location 106, the location server 140 may determine whether the communication device 104 being at location 106 is sufficient to authenticate the credit card transaction occurring at location 108. Such a determination may be based on a variety of factors including, for example, preferences and/or rules associated with the account. Such preferences and/or rules may be established, for example, by the LBS account holder (that is, the owner and/or user of the communication device 104) and/or the credit card company.

The preferences and/or rules may, for example, be based on the type of transaction. For example, the transaction may be, as in this case, an electronic funds transfer. Another exemplary transaction is attempting to access Internet-accessible secure and/or private information, such as a financial account, an email account, a social networking account.

The preferences and/or rules may, for example, be based on the location and/or device from which the transaction is being attempted. For example, a rule or preference may be established that all transactions being attempted from the account holder's home and/or home personal computer (PC) may be approved regardless of the location of the communication device 104. Conversely, a rule or preference may be established that, for all transactions initiated from a POS terminal, such as the POS terminal 102, the communication device 104 must be in substantially the same location as the POS terminal. In this regard, substantially the same location may be determined in a variety of ways. For example, location 106 may be substantially the same as location 108 if the GNSS coordinates are sufficiently similar. As another example, the location 106 may be substantially similar to the location 108 if they are within the same building, on the same campus, or within a certain distance or proximity such as X feet of each other.

The preferences and/or rules may, for example, be based on the particular location from which the transaction is being attempted. For example, a rule or preference may be established that particular transaction may only be approved when the device from which the transaction is initiated and the communication device 104 are in a particular location, such as the LBS account holder's home.

The preferences and/or rules may, for example, be based on an amount of money involved in the transaction. For example, all online purchases that are initiated from the account holder's home PC and involve amounts less than $X.XX may be approved regardless of the location of the communication device 104. Conversely, a rule or preference may be established that, for all transactions involving more than $X.XX, the communication device 104 must in substantially the same location as the device initiating the transaction.

The preferences and/or rules may, for example, be based on the time at which the transaction is being attempted. For example, a rule or preference may be established that all transactions being attempted between the hours of X:XX and Y:YY, and/or on certain days, may be automatically denied or may automatically trigger additional authentication measures such as a notification call or message to the communication device 104,

The above rules, preferences, and transactions are just for illustration and the invention is not so limited.

Upon determining whether the transaction should be approved or denied, the location server 140 may communicate the result of the determination to the server 132, which may proceed accordingly.

FIG. 2 is a block diagram illustrating an exemplary multi-radio device that may enable and/or utilize location based services, in accordance with an embodiment of the invention. Referring to FIG. 2 there is shown a communication device 104, a processor 202, a system memory 204, a system bus 206, a communication subsystem 210, a plurality of interface processing blocks 212a-212n, a security subsystem 220, and a transaction management processing block 230.

The communication device 104 may comprise the host processer 202, the system memory 204, the system bus 206, the communication subsystem 210, the security subsystem 220, and the transaction management processing block 230. The device 104 may be as described in FIG. 1. In this regard, the communication device 104 may enable reception and/or transmission of signals during communication via one or more wired and/or wireless connections. The communication device 104 may also be operable to support and/or utilize location based services.

The processor 202 may comprise suitable logic, circuitry, interfaces, and/or code that may be operable to process data and/or control operations of the communication device 104. In this regard, the host processor 202 may be operable to configure and/or control operations of various components and/or systems of the communication device 104, by for example, providing control signals, controlling data transfers within the communication device 104, and enabling execution of applications, programs and/or code, which may be stored in the system memory 204. Such operations of the communication device 104 may comprise detection and/or identification of the location of the communication device 104. In this manner, the processor 202 may enable the communication device 104 to support and/or utilize location based services.

The memory 206 may comprise suitable logic, circuitry, and/or code that may be operable to store information such as executable instructions and data that may be utilized for operations of the communication device 104, including utilizing and/or supporting location based services. The memory 206 may comprise RAM, ROM, low latency nonvolatile memory such as flash memory and/or other suitable electronic data storage. One or more portions of the memory 206 may be secured, e.g., via the security subsystem 220, and the security may be implanted and/or enforced in hardware. At least a portion of the memory may be a one-time-programmable and may comprise information that may be utilized in authenticating the device 104, its user, and/or its location. The system memory 204 may store, for example, information comprising configuration data used during LBS operations in the device 104. The configuration data may comprise parameters and/or code, which may comprise software and/or firmware, but the configuration data need not be limited in this regard.

The system bus 206 may comprise suitable logic, circuitry, interfaces, and/or code that may enable exchange of data and/or information between various components and/or systems in the communication device 104. In this regard, the system bus may comprise parallel or serial, and/or internal or external based bus technologies, and/or any combinations thereof. Exemplary system bus interfaces may comprise Inter-Integrated Circuit (I2C), Universal Serial Bus (USB), Advanced Technology Attachment (ATA), Small Computer System Interface (SCSI), Peripheral Component Interconnect (PCI), and/or Peripheral Component Interconnect Express (PCI-e) based interfaces.

The communication subsystem 210 may comprise suitable logic, circuitry, code, and/or interfaces that may enable communication of data, content, and/or messaging from and/or to the communication device 104, based on one or more wired and/or wireless protocols. The communication subsystem 210 may comprise, for example, the plurality of processing blocks 212a-212n that may be operable to perform communication based on wired or wireless standards supported in the communication device 104. In this regard, each of the plurality of processing blocks 212a-212n may comprise suitable logic, circuitry, interfaces, and/or code that are operable to detect, receive, and/or transmit signals based on specific frequency bands and/or modulation schemes. The processing blocks 212a-212n may also be operable to perform necessary processing operations, which may comprise, for example, buffering, filtering, modulation/demodulation, up-conversion/down-conversion, and/or digital-to-analog/analog-to-digital conversion. The plurality of processing blocks 212a-212n may be configured to support, for example, transmission and/or reception of RF signals during communication based on Ethernet, Bluetooth, WLAN, cellular, WiMAX, GNSS, FM interfaces and/or protocols.

The security subsystem 220 may comprise suitable logic, circuitry, interfaces, and/or code that may operable to perform security related operations in the communication device 104. In this regard, the security subsystem 220 may perform device and/or user authentication, certificate usage, and/or cryptographic operations in the communication device 104. Various security functions may be implemented in hardware to prevent security from being circumvented via software and/or firmware modifications. In various embodiments of the invention, the security subsystem 220 may comprise dedicated hardware and/or one or more applications.

In operation, the communication device 104 may be utilized to perform network access and/or communication via one or more wired or wireless interfaces. In this regard, the communication device 104 may, via the communication subsystem 210, receive signals from and/or transmit signals to the wireless AP 112a, wireless AP 112b, the cellular BS 114, the WiMAX BS 116, the broadcast tower 118, and/or the Internet 130 (e.g., via Ethernet, DSL, and/or cable infrastructure). During operations in the communication device 104, the host processor 202 may manage and/or control operations of, for example, communication subsystem 210 and/or security subsystem 220. In an exemplary aspect of the invention, the communication device 104 may be operable to support LBS application. In this regard, the communication device 104 may be associated with an LBS account managed via the location server 140. Accordingly, the communication device 104 may communicate, via the communication subsystem 210, with the location server 140. Information, such as identifying information and/or information relating to a location of the communication device 104 communicated between the location server 140 and the communication device 104 may be stored in the database 142 indexed by, or otherwise associated with, the LBS account that is associated with the communication device 104 and/or an owner or user thereof. The communication device 104 may interact with the location server 140 via one or more of the wireless AP 112a, wireless AP 112b, the cellular BS 114, the WiMAX BS 116, and/or the Internet 130. During LBS related operations, the communication device 104 may provide, and/or enable the location server 140 to determine, the location of the communication device 104. During LBS related operations, the security subsystem 220 may support various authentication and/or confidentiality related operations performed via the communication device 104. For example, the security subsystem 220 may prevent a user, via software or firmware, from spoofing the location of the communication device 104. In this manner, the security subsystem 220 may be trusted by the location server 140 such that location information received from the communication device 104 may be trusted and/or relied upon by the location server 140.

In various embodiments of the invention, the communication device 104 may determine its current location, which may be done using, for example, GNSS signals received via one or more of the plurality of processing blocks 212a-212n, and/or based on LBS data and/or applications provided by, for example, the location server 140. The security subsystem 220 may then perform, in conjunction with a location server such as the location server 140, user authentication based on, for example, LBS based data and/or applications. Once the location of the device 104 is determined, and/or device and/or user authentication is performed, transactions, such as described with respect to FIG. 1, may be initiated and/or completed.

FIG. 3 is a block diagram illustrating an exemplary location server, in accordance with an embodiment of the invention. Referring to FIG. 3 there is shown a server 140, a processor 302, a memory 304, a reference database 142, and an interfacing subsystem 310.

The server 140 may comprise the processor 302, the memory 304, the reference database 142, and the interfacing subsystem 310. In this regard, the server 140 may be operable to provide and/or support location based services (LBS). In an exemplary aspect of the invention, the server 140 may maintain location related data, via the reference database 142, for example. The location related data may be associated with communication devices that have an account with, or are otherwise associated with, the location based services provider that owns and/or operates the location server 140. Location related data may, for example, comprise information associated with a location that the communication device 104 is at and/or locations to which the communication device 104 has been.

The processor 302 may comprise suitable logic, circuitry, interfaces, and/or code that may be operable to manage and/or control operations of the location server 140. In this regard, the processor 302 may be operable to configure and/or control operations of various components and/or systems of the location server 140, by providing, for example, control signals. The processor 302 may also control data transfers within the location server 140, including data storage and/or retrieval from memory 304 and/or generating, storing, and/or updating elements in the reference database 142. The processor 302 may enable execution of applications, programs and/or code, which may be stored in the memory 304 for example, to enable performing various services and/or application requested from the location server 140, including location based services (LBS) applications for example.

The memory 304 may comprise suitable logic, circuitry, interfaces, and/or code that enable permanent and/or non-permanent storage and/or fetch of data, code and/or other information used in the location server 140. In this regard, the memory 304 may comprise different memory technologies, including, for example, read-only memory (ROM), random access memory (RAM), and/or Flash memory. The memory 304 may be operable to store, for example, data and/or code used during LBS operations in the location server 140. The data and/or code may comprise configuration data or parameters, and the code may comprise operational code such as software and/or firmware, but the information need not be limited in this regard.

The reference database 142 may comprise suitable logic, circuitry, interfaces, and/or code that may be operable to store location related data for one or more LBS accounts, wherein each LBS account may be associated with one or more communication devices and/or owners thereof and/or users thereof. The reference database 142 may be internally or externally coupled to the location server 140. The stored location related data may be collected from and/or provided to associated devices and/or users to support LBS applications. The reference database 142 may be operable to manage and update the stored location related data when requested, dynamically whenever any change is detected, and/or periodically. In an exemplary aspect of the invention, the reference database 142 may comprise data which may be utilized to approve or deny transactions. Furthermore, the reference database 142 may be updated and/or modified based on data communicated to the server 140 by the communication device 104 and/or other devices associated with an LBS account.

The interfacing subsystem 310 may comprise suitable logic, circuitry, interfaces, and/or code that may enable communication of data, content, and/or messaging from and/or to the location server 140. The interfacing system 310 may support, for example, a plurality of physical and/or logical connections, based on one or more wired and/or wireless interfaces in the location server 140. In this regard, the interfacing system 330 may comprise, for example, one or more network interface cards (NIC) and/or wireless network interface cards (WNIC).

In operation, the server 140 may be utilized to provide location based services (LBS). To facilitate LBS operations and/or servicing via the server 140, the processor 302 may be operable to communicate, via the interfacing subsystem 310, with the SRN 150, the mobile core network 110, and/or the Internet 130 to collect location related data. The processor 302 may utilize the collected location related data to build and/or update the reference database 142, which may be coupled internally or externally to the server 140. The processor 302 may retrieve or collect location related data from associated users, such as the communication device 104. The server 140 may provide location related data by retrieving it from the reference database 142. In this regard, the server 140 may store the location related data in the reference database 142 as elements that may be indexed using identifiers that are specific to serviced devices and/or users and/or owners thereof. Exemplary identifiers comprise LBS account numbers, LBS account usernames, phone number of a communication devices associated with LBS accounts, and MAC addresses of a communication devices associated with LBS accounts.

In an exemplary aspect of the invention, the reference database 142 may store and/or maintain, via the reference database 142 for example, data and/or information which may be utilized to approve or deny transactions, substantially as described with regard to FIG. 1. The transaction related data may be stored into, for example, LBS accounts (also referred to as profiles) maintained via the reference database 142. In this regard, when determining whether to approve a transaction, the server 140 may perform device and/or user authentication procedures with the serviced devices, such as the device 104, and/or with devices requesting the approval, such as the server 132.

The location server 140 may enable, via the interfacing subsystem 310, access to LBS accounts such that information associated with an account, such as account rules and/or preferences, may be modified. In this regard, persons and/or entities which may access an LBS account may comprise an owner and/or user of a communication device associated with the LBS account, a credit card company, bank, or other financial institution associated with the LBS account, a wireless provider associated the LBS account, an Internet service provider associated with the LBS account, and/or any other person and/or entity which has been associated with the LBS account through secure and authenticated mechanisms,

FIG. 4 is a flow chart illustrating exemplary steps for authorizing transactions based on device location, in accordance with an embodiment of the invention. Referring to FIG. 4, the exemplary steps may begin with step 404 when a transaction, such as a credit card purchase, is initiated from the location 108, where the credit card is associated with an LBS account that is also associated with the communication device 104. The attempted purchase may be submitted to the server 132. Subsequent to step 404, the exemplary steps may advance to step 406.

In step 406, the server 132 may send a request to the location server 140 for the location server 140 to determine whether to approve the transaction. Subsequent to step 406, the exemplary steps may advance to step 408.

In step 407, the location server 140 may access the LBS account associated with the credit card. Based on rules, preference, and/or other information in the LBS account or profile, the location server 140 may determine whether the transaction should be automatically approved. That is, determine whether the transaction should be approved or denied regardless of the location of the communication device 104. In instances that the transaction cannot be automatically approved or denied, the exemplary steps may advance to step 408. In instances that the transaction is to be automatically approved or denied, the exemplary steps may advance to step 412.

In step 408, the location server 140 may determine the current location of the communication device 104. In this regard, the location server 140 may send a request to the communication device 104 via one or more of the wireless AP 112a, wireless AP 112b, the cellular BS 114, and the WiMAX BS 116, and the communication device 104 may respond with its current location. In this regard, the communication device 104 may respond with, for example, the GNSS coordinates of its current location, an RF characterization of its current location, information about distance to the other one of communication devices 102 and104, and/or information about a distance to or communications with such as one or more of the wireless APs 112, the cellular BS 114, the WiMAX BS 116, and/or the broadcast tower 118. The response may be generated by and/or communicated via a trusted subsystem, such as the security subsystem 220, in the communication device 104. Subsequent to step 408, the exemplary steps may advance to step 410.

In step 410, the location server 140 may determine whether to approve the transaction based on the location of the communication device 104. How the location of the communication device 104 factors into the determination may depend on the rules and/or preferences of the LBS account. For example, the transaction may be approved in instances that the communication device 104 is in substantially the same location as the device from which the transaction was initiated. In instances that the transaction is approved based on the location of the communication device 104, the exemplary steps may advance to step 412. In step 412, the location server 140 may notify the server 132 that the transaction is approved. In step 414, the transaction may be completed.

Returning to step 410, in instances that the transaction is denied, the location server 140 may attempt to authenticate the communication device 104, its user, and/or its location via an out-of-band channel. For example, the location server 140 may call or send a message to the communication device 104 requesting manual approval from the user of the communication device 104. The user may reply to the message and send his or her approval or denial. For example, to approve the transaction, the user may have to provide a password. In instances that the user denies the transaction, the exemplary steps may advance to step 422. In step 422, the location server 140 may notify the server 132 of the denial and the server 132 may, in turn, deny the transaction.

Returning to step 418, in instances that the user allows the transaction, the exemplary steps may advance to step 414 and the transaction may be completed.

Although various steps and/or functions described with respect to FIG. 4 are described as being performed in the location server 140, the invention need not be so limited. For example, the location server 140 may provide location related data to another server or device and such steps and/or functions may be performed in that server or device.

Various aspects of a method and system for authorizing network transactions based on device location are provided. In an exemplary embodiment of the invention, the location server 140 may receive a request may to approve a transaction that was initiated from a first communication device 102 and comprises a need to access an account, such as a financial account or an Internet-accessible account. In response to the request, a second communication device 104 that is associated with the account may be determined, and it may be determined whether to approve the transaction based on received data relating to the identity and location of the second communication device 104. The transaction may be associated with the second communication device 104 via a database 142 stored on the location server 140. The transaction may be approved in instances that the first communication device 102 is in a location associated, via the database, with the second communication device 104. The transaction may be approved in instances that the first communication device 102 is in substantially the same location as the second communication device 104. The first communication device 102 may be an automated teller machine or point-of-sale terminal. The transaction may comprise an electronic payment or funds transfer from a financial account. Whether to approve the transaction may be determined based on rules and/or preferences established by a provider of the financial account. Whether to approve the transaction may be determined based on rules and/or preferences established for a location based services account associated with the second communication device 104. The request may be received from a server 132 that is processing the transaction. A result of the determination may be communicated to the server 132 that is processing the transaction.

Other embodiments of the invention may provide a non-transitory computer readable medium and/or storage medium, and/or a non-transitory machine readable medium and/or storage medium, having stored thereon, a machine code and/or a computer program having at least one code section executable by a machine and/or a computer, thereby causing the machine and/or computer to perform the steps as described herein for authorizing network transactions based on device location.

Accordingly, the present invention may be realized in hardware, software, or a combination of hardware and software. The present invention may be realized in a centralized fashion in at least one computer system, or in a distributed fashion where different elements are spread across several interconnected computer systems. Any kind of computer system or other apparatus adapted for carrying out the methods described herein is suited. A typical combination of hardware and software may be a general-purpose computer system with a computer program that, when being loaded and executed, controls the computer system such that it carries out the methods described herein.

The present invention may also be embedded in a computer program product, which comprises all the features enabling the implementation of the methods described herein, and which when loaded in a computer system is able to carry out these methods. Computer program in the present context means any expression, in any language, code or notation, of a set of instructions intended to cause a system having an information processing capability to perform a particular function either directly or after either or both of the following: a) conversion to another language, code or notation; b) reproduction in a different material form.

While the present invention has been described with reference to certain embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted without departing from the scope of the present invention. In addition, many modifications may be made to adapt a particular situation or material to the teachings of the present invention without departing from its scope. Therefore, it is intended that the present invention not be limited to the particular embodiment disclosed, but that the present invention will include all embodiments falling within the scope of the appended claims.