METHODS FOR ACQUIRING AN INTERNET USER'S CONSENT TO BE LOCATED AND FOR AUTHENTICATING THE LOCATION INFORMATION

Abstract

A method and system for acquiring an Internet user's consent to be geographically located via at least two independent sources of geographical information. At least one independent source of geographical information is the wireless location of the Internet user's mobile phone.

Claims

1. A method for validating an electronic transaction of an Internet user in possession of a mobile phone, comprising: (a) via software installed on the mobile phone, requesting that the Internet user consent to the release of the mobile phone's geographical location; (b) receiving, from a first source of location information, a first geographical location of the mobile phone; (c) using the receipt of the first geographical location of the mobile phone, or a receipt of the Internet user's consent to the release of the mobile phone's geographical location, as an authorization to initiate a location inquiry of the mobile phone from a second source of location information; (d) receiving, from said second source of location information, a second geographical location of the mobile phone; (e) determining whether the first geographical location of the mobile phone and the second geographical location of the mobile phone are within an allowable degree of separation; and (f) if the first geographical location and the second geographical location are within the allowable degree of separation, then taking at least one of the following actions: (i) allowing the transaction, and (ii) assigning a positive score; wherein the first geographical location and the second geographical location are each identified by one or more of the following: GPS, Wi-Fi, Bluetooth, antenna triangulation and cellular base station.

2. The method of claim 1, further comprising, if the first and the second geographical locations are not within the allowable degree of separation, taking at least one of the following actions: (i) requiring additional authentication information of the Internet user, and (ii) assigning a negative score.

3. The method of claim 1, wherein the second source of location information is the mobile phone's carrier and is independent from the first source of location information.

4. The method of claim 3, further comprising the step of confirming that the Internet user is associated with the mobile phone.

5. The method of claim 4, wherein the step of confirming that the Internet user is associated with the mobile phone comprises at least one of: (iii) determining that the mobile phone is correlated with at least one of: the Internet user's credit card information or the Internet user's bank account information; and (iv) determining that the mobile phone number has been recorded in association with an account of the user in a database for longer than a predetermined time.

6. The method of claim 4, wherein the step of confirming that the Internet user is associated with the mobile phone comprises finding the user's information in a database managed by the mobile phone carrier.

7. The method of claim 1, wherein the first source of location information is the mobile phone, and wherein the second source of location information is the mobile phone's carrier.

8. A method for validating an electronic transaction of an Internet user in possession of a mobile phone, comprising: (a) via software installed on the mobile phone, requesting that the Internet user release the mobile phone's geographical location; (b) receiving a first geographical location of the mobile phone; (c) receiving a second geographical location of the mobile phone; (d) confirming that the first geographical location of the mobile phone and the second geographical location of the mobile phone are within an allowable degree of separation; and (e) if the first and the second geographical locations are within the allowable degree of separation, then taking at least one of the following actions: (i) allowing the transaction, and (ii) assigning a positive score; wherein the first and the second geographical locations are identified by one or more of the following: GPS, Wi-Fi, antenna triangulation and cellular base station, and wherein the first and the second geographical locations are provided by two separate sources of location information.

9. The method of claim 8, wherein the first source of location information is the mobile phone, Wi-Fi or GPS, and wherein the second source of location information is independent from the first source of location information.

10. The method of claim 9, further comprising, if the first and second geographical locations are not within the allowable degree of separation, taking at least one of the following actions: (iii) requiring additional authentication information of the Internet user, and (iv) assigning a negative score.

11. The method of claim 8, wherein the source of the first geographical location is the mobile phone, and the source of the second geographical location is the mobile phone carrier.

12. The method of claim 11, further comprising the step of confirming that the Internet user is associated with the mobile phone.

13. The method of claim 12, wherein the step of confirming that the Internet user is associated with the mobile phone comprises at least one of: (iii) determining that the mobile phone is correlated with at least one of the Internet user's credit card information and the Internet user's bank account information; and (iv) determining that the mobile phone number has been recorded in association with an account of the user in a database for longer than a predetermined time.

14. The method of claim 12, wherein the step of confirming that the Internet user is associated with the mobile phone comprises finding the user's information in a database managed by the mobile phone carrier.

15. A method for validating an electronic transaction of an Internet user, the user being in possession of a mobile phone and conducting the transaction via a computer, comprising: (a) via software installed on the computer, requesting that the user release the computer's geographical location; (b) receiving the geographical location of the computer; (c) confirming that the Internet user is associated with the mobile phone; (d) if the Internet user is associated with the mobile phone, determining whether or not the geographical location of the computer and the geographical location of the mobile phone are within an allowable degree of separation; and (e) if the geographical locations of the computer and the mobile phone are within the allowable degree of separation, then taking at least one of the following actions: (i) allowing the transaction; and (ii) assigning a positive score; wherein the geographical locations of the computer and the mobile phone are each identified by one or more of the following: GPS, Wi-Fi, Bluetooth, antenna triangulation and cellular base station.

16. The method of claim 15, further comprising, if the geographical locations of the computer and the mobile phone are not within the allowable degree of separation, then requiring additional authentication information of the Internet user.

17. The method of claim 15, wherein the source of the geographical location of the mobile phone is the mobile phone carrier, and wherein the geographical location of the computer is identified by Wi-Fi.

18. The method of claim 15, further comprising at least one of the following steps: (f) if the geographical locations of the computer and the mobile phone are not within the allowable degree of separation, then requiring additional authentication information of the Internet user; and (g) if the mobile phone is not associated with the Internet user, then requiring additional authentication information of the Internet user.

19. The method of claim 15, further comprising using the receipt of the geographical location of the computer, or a receipt of the Internet user's consent to the release of the computer's geographical location, as an authorization to request the location of the mobile phone from the mobile phone carrier.

20. The method of claim 15, further comprising confirming that the Internet user corresponds to the mobile phone, by at least one of: (iii) determining that the mobile phone owner's information matches with at least one of the Internet user's credit card information and the Internet user's bank account information; and (iv) determining that the mobile phone number has been recorded in association with an account of the user in a database for longer than a predetermined time.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0040] FIG. 1 is a flow chart illustrating the exemplary method and system for acquiring an Internet user's consent to be located and authenticating said Internet user identity using the Internet user location information, according to an embodiment of the present invention;

[0041] FIG. 2 is a flow chart illustrating a second exemplary method and system for acquiring an Internet user's consent to be located and authenticating said Internet user identity using the Internet user location information, according to an embodiment of the present invention;

[0042] FIG. 3 is a flow chart illustrating a third exemplary method and system for acquiring an Internet user's consent to be located and authenticating said Internet user identity using the Internet user location information, according to an embodiment of the present invention; and

[0043] FIG. 4 is a flow chart illustrating a fourth exemplary method and system for acquiring an Internet user's consent to be located and authenticating said Internet user identity using the Internet user location information, according to an embodiment of the present invention.

[0044] FIG. 5 is a flow chart illustrating a fifth exemplary method and system for authenticating an Internet user by validating the identity of the user via geolocation of the user's home or mobile communication device and IP address.

DETAILED DESCRIPTION OF THE INVENTION

[0045] The term “session” or “connection”, as used in the context of the present invention, applies to any communication between two computers, such as, without limitation, the connection, communication, or session that is between client and server in an internal network; the connection, session or communication open between an Internet computer and an Internet server; and the session open by Internet computer to a web site using a browser program, where the web site can be an online bank or an ecommerce site. The term “session” in the present invention is equal to “communication”. “Sessions” and “communications” are also the same.

[0046] The term “server”, as used in the context of the present invention, applies to any device that uses this method, such as, without limitation, any device with an operating system having computing and communication capabilities, such as Windows™, Unix™ and Linux™; installed on any firewall; workstation, laptop, PDA or mobile phone. The method can be implemented on the server to monitor the server's internal activity and can also be implemented on an external device to monitor at least one other different device.

[0047] It should be understood that the term “mobile voice phone”, as used in the context of the present invention, applies to any mobile device modified or designed for voice or text communication, such as a mobile phone, capable of communicating with another device via wireless networks and associated telecommunication protocols, such as, but not limited to, cellular systems, radio systems, Wi-Fi™, WiMAX™, RFID, Bluetooth™, MIMO, UWB, satellite systems, or any other such wireless network known now or in the future. Other non-limiting examples include any device that has been modified or designed to communicate with a web-ready PDA, a Blackberry™, or a tablet or laptop computer with cellular connect capabilities.

[0048] It should be understood that the term “communication voice device”, as used in the context of the present invention, applies to any voice device capable of communicating with another voice device such as, but not limited to, phone, mobile voice device, laptop computer, desktop computer, server, VoIP phone or personal digital assistant (hereinafter PDA). Other non-limiting examples include any device that has been modified or designed for voice or text communication.

[0049] It should be understood that the term “mobile voice device”, as used in the context of the present invention, applies to any mobile device modified or designed for voice or text communication and capable of communicating with another device via wireless network such as but not limited to cellular system, radio system, Wi-Fi™, WiMAX™, RFID, Bluetooth™ MIMO, UWB (Ultra Wide Band), satellite system or any other such wireless networks known now or in the future. Other non-limiting examples include any device that has been modified or designed to communicate with an Internet-ready PDA, a Blackberry, a laptop computer with cellular connect capability, or a notification server, such as email server.

[0050] Wi-Fi™ is a trademark of the non-profit Wi-Fi Alliance. WiMAX™ is a trademark of WiMAX Forum. Bluetooth™ is a trademark of the Bluetooth Special Interest Group.

[0051] It should be understood that IP Address means an Internet protocol address according to the specifications of any Internet communication protocol, including but not limited to IPV4 and IPV6. “Foreign IP address” refers to an IP address that is assigned to a device not on the local or proprietary network.

[0052] It should be understood that where the present description, figures, and claims make reference to the process of “correlating” a location with an IP address, the process comprises comparing the specified location (e.g., the location of a device, home, or office) with a geographical location associated with the specified IP address, and estimating or determining the physical proximity of the two locations.

[0053] This invention relates to a method and system for acquiring an Internet user's consent over the Internet to be geographically located via at least two independent sources of wireless information while at least one independent source of wireless information is the Internet user's communication voice device. The proposed method does not require any user intervention outside the user's interaction at the Internet site or with the Internet user's browser.

[0054] FIG. 1 is a flow chart illustrating a first exemplary method and system 100 for acquiring an Internet user's consent to be located and authenticating said Internet user identity using the Internet user location information, according to an embodiment of the present invention. The method starts at step 101. At step 102, the Internet site receives data indicating access by an Internet user who is accessing the Internet shopping site (such as www.onlineshoppingsite.com). At step 103, the Internet site receives data indicating that the user has selected a product that the user would like to buy and the user chooses to complete the transaction (“checkout”). At step 104, the Internet site prompts the Internet user for their information (such as their credit card, shipping/billing address and mobile phone number, if it's not on file). At step 105, the Internet site receives the required information such as the billing address, shipping address, credit card information shipping method, etc., that the Internet user has entered. At step 106, the Internet site presents an unchecked checkbox with a prompt such as, “free expedited shipping” and offers to use the Internet user's current mobile phone location to assist in cross-referencing the user's credit card information. The Internet shopping site may present “terms and conditions” describing in detail the implications of checking the box as giving fully informed consent to have geo-location run on the user's cell phone. The preferred action will be for the consumer to “accept” those “terms and conditions.” At step 107, the Internet site verifies the consumer's identity via industry external databases (e.g., Experian™, Targus™, etc.) That verification seeks to confirm that the mobile phone owner's information and the credit card/bank account owner's information match such as billing information and name. Alternatively, and a better verification practice than utilizing a third-party database provider, is utilizing mobile phone companies' internal databases of billing information. Mobile phone companies already possess the billing information. Unlike third party database providers, mobile phone companies' internal databases add an additional and essential assurance of identity because the billing information already verified by the mobile phone companies during the mobile phone purchase at the mobile phone carrier store using an ID such as driver license, and the subscriber paying their bill sent to that billing address. At step 108, the site may check if (a) the Internet user's identity at step 107 matches the external or internal database, and (b) if the Internet user marked the unchecked box at step 106. If the Internet user checked the checkbox in step 106, and the Internet user's information in step 107 matches the database information, then the Internet site can request the Internet user's phone location 109 and begin authenticating the transaction using the Internet user's location details (mobile phone number/location, computer location such as Wi-Fi. home address or Geo IP, etc.). If the above conditions are not met, the Internet site will use other authentication methods 110.

[0055] FIG. 2 is a flow chart illustrating a second exemplary method and system 200 for acquiring an Internet user's consent to be located and authenticating said Internet user identity using the Internet user location information, according to an embodiment of the present invention. The method starts at step 101 and steps 101 through 105 are the same as for embodiment 100 in FIG. 1. At step 206, the Internet site may present a checked checkbox with a prompt such as, “free expedited shipping—onlineshoppingsite.com will use your current mobile telephone location to protect your credit card information”, and will use the Internet user's current mobile phone location to assist in cross-referencing their credit card information. At step 107, the site verifies the Internet user's identity via industry databases (Experian, Targus, 192, etc.) just as in step 107 of embodiment 100 of FIG. 1. That verification seeks to confirm that the mobile phone owner's information and the credit card/bank account owner's information match. At step 208, the site may check if (a) the Internet user's identity at step 107 matches with the external or internal database and (b) if the Internet user did not uncheck the box at step 206. If the Internet user did not uncheck the checked checkbox in step 206, and the Internet user's information in step 107 matches, then the Internet site can request the Internet user's phone location 109 and begin authenticating the transaction using the Internet user's location details (mobile phone number/location, computer location such as Wi-Fi, home address or Geo IP, etc.). This might entail accessing a database that matches a Wi-Fi's unique ID (i.e., identity such as, but not limited to, an Internet media-access-control (MAC) address) with known positions corresponding to each Wi-Fi unique ID. If the above conditions are not met, the site will use other authentication methods 110.

[0056] FIG. 3 is a flow chart illustrating the exemplary method and system 300 for acquiring an Internet user's consent to be located and authenticating said Internet user identity using the Internet user location information, according to an embodiment of the present invention. The method starts at step 101 and steps 101 through 105 and 107 are the same as for embodiment 100 in FIG. 1 and embodiment 200 in FIG. 2. At step 306, the Internet site will ask the Internet user to release their location or share their location via their Internet browser. Because standards such as HTML5 are implemented as part of modern Internet browsers like Firefox™ and Internet Explorer™, it is possible to share the Internet user's wireless location with the Internet sites. For privacy reasons, the Internet user is required to select a “share location” option. Once the Internet user clicks “share location”, the Internet site can get the Internet user's wireless location. It is at this moment that the Internet user has provided their consent to release their geographical location, and the site can acquire the Internet user's geographical location and/or the location of said user's computer.

[0057] However, that Internet site is not enabled to know if the Internet user is authorized to consent to the release of the location of the communication voice device. For example, a minor may be the Internet user and have the communication voice device. At step 308, the Internet site may check if the Internet user's identity at step 107 matches with the external or internal database. If the information matches such as user/password, billing information, credit card, token number or other secret or private information that the Internet user knows, like private information of the communication voice device owner. Therefore, when the Internet user has provided his/her consent to be located via the browser in step 306, that consent can also be utilized when locating 109 that Internet user via their communication voice device. Should (a) the information not match external or internal databases at Step 107 or (b) when the Internet user did not release his consent at step 306, step 110 is executed and authentication of the transaction can be processed using a different authentication method.

[0058] FIG. 4 is a flow chart illustrating the exemplary method and system for acquiring an Internet user's consent to be located and authenticating said Internet user identity using the Internet user location information, according to an embodiment of the present invention. The method starts at step 101 and steps 101 through 105 are the same as for embodiment 100, 200, and 300 in FIG. 1, FIG. 2, and FIG. 3, respectively. At step 306, the Internet site will ask the Internet user to release his/her location or share his/her location via the Internet user's Internet browser. At step 408, the site may determine if the Internet user has released his/her computer location. If the Internet user has released his/her location information, the Internet site will locate the Internet user's communication voice device as well 109. If the Internet user has not released their information, the Internet site will authenticate the transaction using a different method 110.

[0059] Another example employs two separate devices with two separate sources of wireless locations, such as a laptop computer and a communication voice device such as a mobile phone. One source of information is the wireless location of the laptop's Wi-Fi, provided by the browser, and the second source of wireless location is the mobile phone's location according to GPS, Cell site or antenna triangulation. Additionally, there could be one device with two separate sources of wireless location, such as a smart phone such as a PDA or iPhone™. Here, it is a single device with the source of information being the Wi-Fi location provided by the browser and the second and separate source of wireless location being the cellular carrier tower triangulation or GPS location provided by the mobile phone carrier.

[0060] Many online users with online accounts, such as bank accounts, online gaming and gambling accounts, and e-commerce accounts, and other online users who have Internet accounts protected by a username and password, have provided the institutions and corporations who manage those accounts with contact information that includes a mobile phone number. For these individuals, it is possible to get their consent to be located via their mobile phone by verifying how long their mobile phone has been on record as being associated with that account. If for example, if the mobile phone number has been recorded on a bank's databases and online records for longer than a predetermined time, it is virtually certain that the number does in fact correspond to the user's cell phone, making it unnecessary to verify the association. It is then possible to request the user's consent to be located, without any interaction with the mobile phone during the request and consent processes. Requesting the user's authorization can be done during a user's Internet session, via e-mail, or by otherwise contacting the user and receiving consent. If the mobile phone has been recorded in the bank's databases for less than the predetermined time, then the online bank can verify the mobile phone ownership by using the user's mailing address and mobile phone ownership information, as already mentioned.

[0061] Adding geographical locations to the Internet user's information, such as the Internet user's mobile voice device number, mobile voice device location, home address, client locations, etc., will allow verification that the session or connection of the Internet user is authorized. The session or connection IP address origin is matched with the geographical location of the mobile voice device or other geographical location of the user such as the user's home address.

[0062] FIG. 5 is a flow chart illustrating one example of a method and system for authenticating an Internet user by validating the identity of the user via geolocation of the user's mobile voice device, IP address or Wi-Fi location. In order to check the communications the server currently has, at step 501 the system will monitor the open connections to the server by using a command like “netstat-aon”. The command will retrieve information like “Local address” “Foreign address”, port, state PID (Process ID) file name etc. Using this information at step 502 the system will be able to determine the open ports and IP address of each open session. Using information from the open session such as IP address, file name etc. it is possible to determine at step 503 who the user is, by matching the IP address against the server's logon logs. The server writes to a log each time a user logs on to the server and the user's IP address, so that it is possible from each log entry to know the username, the time of the user's logon, and whether connection was allowed or denied. It is also possible to build an internal database which will correlate information from the internal server to user information like file name, IP address, username etc.

[0063] At step 504 the system will correlate between the username and the user's mobile phone number and check if the user gave his consent or not, if the phone number requires user consent, or if it's a company phone number that does not require user consent. If the phone number is not a company phone number and requires consent then the system will start initiating a consent using one of the methods mentioned above or a different method acceptable by the company employing this method. At step 505 the system locates the user's mobile voice device. It is also possible to install software at the user's mobile voice device, such as a mobile laptop, and that software can transfer using an agent or the computer's browser the laptop location. In addition, the system may locate a second independent source of information, such as another independent mobile voice device, to provide additional location information from the independent source. The system can correlate two sources of location information such as Geo IP and mobile voice device, or two independent sources of mobile voice device from two sources. For example, one source can be the Wi-Fi location and the other source can be the carrier information.

[0064] At step 506 the system will check if the locations of two sources of information are proximate, within a predetermined degree of separation. (In the example shown in FIG. 5, they are the mobile phone location and the geographic location of the foreign IP address.) If they are, at step 507 the system will authorize the connection. If it's not, at step 508 the system will raise a red flag or alternatively disconnect the session.

[0065] One way of doing this is by programming a computer to implement the following steps (see FIG. 5):

[0066] 1. Use a command such as netstat to identify one or more open sessions into the server, and the foreign IP address of each identified open session.

[0067] 2. Match the foreign IP address to the server domain or the server security log in order to identify which user name is using this foreign IP address.

[0068] 3. Once the user name is known, locate the mobile phone number or the address that allows access into the server.

[0069] 4. Determine the user's mobile phone location or the user's home location.

[0070] 5. Match the mobile phone location or home location of that user with the open session foreign IP address, then [0071] (a) If the match is positive, identify the user as an authorized user, or [0072] (b) If the match is negative, identify the user as an unauthorized user.

[0073] There are alternative ways of implementing this method. Suitable embodiments include, without limitation:

[0074] Employing a programmed external device which will have access to local or remote username and password databases like the domain server. In addition to the username and password database, the programmed external device will have access to local or remote database of mobile phone numbers associated with the username and password database. Additional databases having geographical locations like clients' locations, home etc. can be associated in the user level or the group level. For example, one may allow user access from the user's home address and/or zip code area (e.g., 375 South End Ave., New York N.Y. 10280) and have a mobile phone associated with that user. When that user tries to access the system, the programmed external device will determine if the request arrives from the correct corresponding home address location (or zip code) and, if not, the system will determine if the request arrived from an IP address and then determine if the user's mobile phone is proximate to (i.e., near or at) the location of that IP address.

[0075] The allowable degree of separation between the two locations, beyond which a connection is denied or a session is terminated, is at the discretion of the practitioner, and may be specified any manner that can be implemented on the system (e.g., “no more than x miles”, “same or adjacent zip code”, “same city”, etc.) Group access can be implemented via a client address and/or zip code, i.e., any request from a given address and/or zip code can be allowed. This may be advantageous where authorized users are located within a proprietary building or secure premises.

[0076] Additional functions of the programmed external device can be checking that the mobile phone is near or at the allowed address, and/or determining that the mobile phone is near or at the allowed address while the IP address is allowed. The functionality of the programmed external device may be implemented on the server being protected.

[0077] There may be various methods for determining distances between the home address, mobile phone location, and IP location. Examples include, without limitation, the following:

[0078] 1. In case the distance between the home address and the user's (foreign) IP address is more than a predetermined value, and the distance between the user's IP address and the mobile phone location is less than a predetermined value, then allow the connection. Optionally, one may add the foreign IP address to a “white list” of preauthorized users.

[0079] 2. In case the distance between the home address and the user's (foreign) IP address is less than a predetermined value, and the distance between the user's IP address and the mobile phone location is less than a predetermined value, then allow the connection.

[0080] 3. In case the distance between the home address and the user's (foreign) IP address is more than a predetermined value, and the distance between the user's IP address and the mobile phone location is more than a predetermined value, then do not allow the connection, stop the connection, or report the breach. Optionally, one may add the foreign IP address to a “black list” of blocked prospective users.

[0081] 4. In case the distance between the user's (foreign) IP address and the mobile phone location is more than a predetermined value, then do not allow the connection, stop the connection, and/or report the breach. Optionally, one may add the foreign IP address to a “black list” of blocked prospective users.

[0082] Preferably, both a white list and a black list of foreign IP addresses is generated automatically by the system, enabling a determination that the user's mobile phone is near a white list IP address at the time of the transaction. In an alternate embodiment, the white list and black list may be created and entered by a system administrator. In another alternate embodiment, the automatically generated black list or white list may be edited by the system administrator to add or delete foreign IP addresses.

[0083] Using the “Process ID” it is possible to know which file opens a session or a connection to a remote computer. Since the foreign IP Address is known, the system can determine if the connection is authorized or not authorized. For example, if the foreign IP address is located in Texas while no authorized user is there, access is unauthorized. The present method will be able to flag the connection, inform the system administrator, and allow him to block the connection or allow the connection. In addition, since it's possible to know which file opened the new session or connection, the method of the present invention can remove the breach-initiating file if it is found to be security hole, Trojan, or Virus. Other options are also possible, such as blocking the outside connection to that IP address, and automatically “black listing” the foreign IP address since that foreign IP address is not near an authorized user's mobile phone device.

[0084] Since the system of the present invention can to get the complete communication between the server and the client using tools like sniffers, logs, DLL, etc., and since the system can determine if the connection between the client and the server is authorized based on the foreign IP address and the mobile voice device location, the system can determine which commands the hacker or fraudster sent to the server that gave him unauthorized access into the server. Once the system has determined what commands gave the hacker or fraudster access into the server, the system can block these commands the next time any fraudster or hacker tries to use them. The system blocks these commands by providing a filter on the open service like IIS or in the firewall to automatically block these commands and possibly add the IP address that sent the commands to a “black list”.

[0085] Each request to connect to the server will pass via the programmed external device or the programmed external device will have the option to monitor existing connections and sessions to the server. In an alternate embodiment, the programmed external device may perform both functions.

[0086] In certain embodiments of the invention, additional functionality may be incorporated into the system, including but not limited to the following:

[0087] 1. Optionally, one may recognize a local subnet and allow connections into the server without checking the mobile phone location at all or during specific hours. For example, if the connection to the server is initiated from a foreign IP address that is located in a safe area then do not check where the mobile location of that user is, or only check the mobile phone location if the connection is during specific hours. Also, one may check the connection into a specific server only if the connection is open and active for more than a predetermined amount of time. For example, when a connection is open from another station for more than 2 hours, then determine if the connection is authorized. One may also determine if the mobile phone is near the foreign IP address only if the connection is made after a specific time of day (e.g., after normal business hours).

[0088] 2. Optionally, one may check the mobile phone location whenever the user is accessing or requesting specific data that is sensitive, for example if a user is requesting the server to present credit card information, or the credit card information of more than a predetermined number of users.

[0089] 3. Optionally, if there is a match between the “foreign IP address” and the user IP address as it appears on the security log or domain server, one may elect not to request the mobile phone location of that user.

[0090] 4. Optionally, one may automatically white list the IP addresses or computer signatures of users who have previously accessed the server and have already had the system check their mobile phone location on previous occasions. The 2nd or 3rd time that the user accesses the server, it will not be necessary to check his mobile phone location.

[0091] 5. Optionally, since the system will determine which connections are authorized and which are not authorized, the system can also: [0092] a. Mark unauthorized connections; [0093] b. Inform the administrator of unauthorized connections; [0094] c. Show the commands that gave the unauthorized user access into the server; [0095] d. Block future access into the server using the command patterns that gave the unauthorized user access into the server, so that future access will be blocked automatically when the hacker tries to use the same or similar command pattern; [0096] e. Automatically block the IP addresses of users who try to gain unauthorized access into the server; [0097] f Automatically block the computer signatures of users who try to gain unauthorized access into the server; [0098] g. Automatically remove files uploaded to the server by unauthorized users; and/or [0099] h. Automatically disconnect unauthorized connections.

[0100] 6. Since the system can determine which port an unauthorized user tried to access, the system can allow the system administrator to check only accessed connections and sessions to specific ports.

[0101] 7. The system will enable the system administrator to build sets of rules to automatically verify if a particular Internet connection is authorized or not authorized.

[0102] Systems implementing the methods of the invention can be installed on a server, workstation, laptop, mobile phone, or function as an additional programmed external device between the clients and the server.

[0103] In the case that Client A is connected to Client B via messenger, has sent emails, is transferring a file between two computers etc., the system can verify that communication into the server is coming from a computer that is physically near the owner or the user of that computer, or that the user is at the location that the communication is coming from.

[0104] By using the methods of the invention, a server can be open to the Internet, and allow authorized users use the server, while providing the server administrator with additional layers of supervision that enable him to stop attacks, from the Internet or locally, as the attack starts or in near time.

[0105] A system employing the methods of the invention can work in two main modes, and combinations of the two are possible:

[0106] 1. Monitoring—the system scans the open sessions and connections and ensures that the connections and sessions open to the server arrive from locations that are near the Internet users' mobile phones.

[0107] 2. Authentication—in authentication mode, the system ensures that requests to open a session or connection to the server arrive to the server from locations that are near the Internet users' mobile phones.

[0108] The difference between monitoring and authentication is that in authentication mode, a system implementing the present invention will not allow access to the server if the request originated from a location where the user's mobile phone is not nearby. Monitoring scans existing connections and sessions to the server after the authentication processes have been passed. In addition, in the monitoring mode, a system implementing the present invention can raise a red flag and/or disconnect an existing connection and the unauthorized connection/session will not be allowed to enter.

[0109] In conclusion, herein is presented a method for acquiring an Internet user's consent over the Internet to be geographically located via at least two separate and independent sources of information, wherein at least one independent source of information is the location of said Internet user's wireless communication voice device. The invention is illustrated by examples in the illustrative drawings and in the written description. It should be understood that while adhering to the spirit of the inventive concept, numerous variations exist for the practice of the invention described herein, and that such variations are contemplated as being a part of the present invention.