Authentication and authorization are two of the most important security features for mobile transaction systems. Most commonly, these schemes depend on three factors: what you know (secret), what you have (token), and what you are (biometrics). In this paper, we propose a location-based authentication and authorization scheme for mobile transactions using smart phones. The paper first describes the distinguished features and the architecture of our proposed solution. Second, the core of our design, including three parts: location registration, authentication and authorization as well as location verification, are described.