Mobile authentication with URL-redirect

What is claimed is: 1. A method of mobile authentication, the method comprising the steps of: receiving an alleged mobile station international subscriber directory number (MSISDN) value from a mobile device connected to a remote server application over a hypertext transfer protocol (HTTP) request within a general packet radio service tunneling protocol (GTP) uplink tunnel; retrieving GTP session data for the alleged MSISDN received from the remote server application for the mobile device connection; verifying the alleged MSISDN value exists in the retrieved GTP session data; generating a cryptographic token value accessible by the remote server application; saving the token value, the alleged MSISDN value and the GTP session data in a data store; and injecting an HTTP redirect response within a GTP downlink tunnel associated with the alleged MSISDN, the response including the token value as a uniform resource locator (URL) parameter wherein the redirect causes the mobile device to initiate another connection to the remote server application which is communicatively coupled to the data store, wherein the token value is retrieved from the new redirected connection URL parameter and evaluated against the token value in the data store whereby the alleged MSISDN value is authenticated as valid should the token value in the data store and URL parameter match. 2. The method of claim 1 wherein the redirected connection URL is over hypertext transfer protocol secure (HTTPS). 3. The method of claim 1 wherein the cryptographic token is a one-time password. 4. The method of claim 1 wherein the HTTP request from the mobile device and the HTTP redirect response each have a transmission control protocol (TCP) sequence, the method further comprising the step of constructing the redirect response so that its TCP sequence matches that of the TCP sequence of the connection from the mobile device to the remote server. 5. The method of claim 1 wherein a transaction identification value is assigned to HTTP request over the GTP tunnel with the alleged MSISDN received by the remote server, the transaction identification value is passed back as the URL parameter in the redirect response. 6. The method of claim 1 wherein the GTP session data is obtained from CreatePDPSession and CreatePDPResponse messages for GTP version 1 (GTPv1) protocols. 7. The method of claim 1 wherein the GTP session data is obtained from CreateSessionRequest and CreateSessionResponse messages for GTP version 2 (GTPv2) protocols. 8. The method of claim 1 further comprising the step of capturing and decoding GTP-C and GTP-U packets in passive mode with a GTP packet analyzer. 9. The method of claim 1 further comprising the step of capturing GTP-C messages by port-mirroring network switches. 10. The method of claim 1 further comprising the step of capturing GTP-U messages by port-mirroring network switches. 11. The method of claim 1 further comprising the step of deploying a GTP proxy server for obtaining GTP session data including GTP-C and GTP-U packets. 12. A method of mobile authentication, the method comprising the steps of: receiving an alleged mobile station international subscriber directory number (MSISDN) value from a mobile device connected to a remote server application over a hypertext transfer protocol (HTTP) request within a general packet radio service tunneling protocol (GTP) uplink tunnel, the mobile device communicatively coupled to an enterprise application; sending an authentication request from the enterprise application to an authentication platform, the authentication request including a transaction reference value and the alleged MSISDN value; the authentication platform retrieving GTP session data for the alleged MSISDN received from the remote server application for the mobile device connection and verifying the alleged MSISDN value exists in the retrieved GTP session data, wherein, upon verification, a cryptographic token value is generated; saving the token value, alleged MSISDN value and GTP session data in a data store communicatively coupled to the authentication platform and passing an authentication response from the authentication platform to the enterprise application, the authentication response including the transaction reference value and the token value; the mobile authentication platform injecting an HTTP redirect response within a GTP downlink tunnel associated with the alleged MSISDN, the response including the transaction reference value, token value and alleged MSISDN value as uniform resource locator (URL) parameters to the mobile device wherein the redirect causes the mobile device to initiate another connection to the remote server application, wherein the token value is retrieved from the new redirected connection URL parameter and evaluated against the token value in the data store whereby the alleged MSISDN value is authenticated as valid should the token value in the data store and URL parameter match. 13. The method of claim 12 wherein the redirected connection URL is over hypertext transfer protocol secure (HTTPS). 14. The method of claim 12 wherein the cryptographic token is a one-time password. 15. The method of claim 12 wherein the HTTP request from the mobile device and the HTTP redirect response each have a transmission control protocol (TCP) sequence, the method further comprising the step of constructing the redirect response so that its TCP sequence matches that of the TCP sequence of the connection from the mobile device to the remote server. 16. The method of claim 12 further comprising the step of capturing and decoding GTP-C and GTP-U packets in passive mode with a GTP packet analyzer. 17. The method of claim 12 further comprising the step of capturing GTP-C messages by port-mirroring network switches. 18. The method of claim 12 further comprising the step of capturing GTP-U messages by port-mirroring network switches. 19. The method of claim 12 further comprising the step of deploying a GTP proxy server for obtaining GTP session data including GTP-C and GTP-U packets. 20. A method of mobile authentication, the method comprising the steps of: receiving an alleged mobile station international subscriber directory number (MSISDN) value from a mobile device connected to a remote server application over a hypertext transfer protocol (HTTP) request within a general packet radio service tunneling protocol (GTP) uplink tunnel, the mobile device communicatively coupled to an enterprise application; sending an authentication request from the enterprise application to an authentication platform, the authentication request including a transaction reference value and the alleged MSISDN value; the authentication platform retrieving GTP session data for the alleged MSISDN received from the remote application server for the mobile device connection using packet mirroring in network switches conveying GTP-C and GTP-U messages between serving general packet radio service support node (SGSN) and gateway general packet radio service support node (GGSN), the messages including international mobile subscriber identity (IMSI), MSISDN, uplink tunnel ID and downlink tunnel ID for both GTP-C and GTP-U planes; extracting from the GTP-U messages, a TCP sequence number for the HTTP connection between the mobile device and the enterprise application; the authentication platform further verifying the alleged MSISDN value exists in the retrieved GTP session data, and mapping the MSISDN value to a tunnel endpoint iden