N/A
1. Background and Relevant Art
As computerized systems have increased in popularity, so also has the popularity of their use in transacting sales. For example, merchants have for some time now used electronic credit/debit card systems that can connect directly to a banking system with a modem. When connected, the banking system can then verify the purchaser's funds, deduct the funds (or available credit), and validate the transaction through the modem with a response message. More recently, however, many merchants are moving away from modem-based transactions, and moving toward Internet Protocol (“IP”) based transaction mechanisms (e.g., internet shopping).
In general, an internet-based validation of a sales transaction can occur a number of different ways. In one conventional mechanism, a cardholder presents a credit/debit card for goods and/or services to a merchant, such as at a store or online website. The merchant or cardholder enters (or swipes) the credit/debit card information into a computerized system, which then sends corresponding payment details in the form of one or more transaction requests to a payment gateway (or the payment processor) over a secure internet connection. The payment gateway (or the payment processor), in turn, can validate the one or more transaction requests.
For example, the payment gateway (or the payment processor) might try to determine if the entity identifying itself as the merchant can be validated, and/or if the requested transaction is within expected bounds. If the requested transaction appears valid, the payment gateway (or the payment processor) can then forward the transaction, to a payment processor (e.g., FDC, VITAL, PAYMENTTECH, etc.), which then gets forwarded to the card association (VISA or MASTERCARD, etc) and finally to the issuing bank over another secure internet connection.
The payment processor can also perform one or more checks by validating the authorization request with a corresponding card issuing bank. For example, the payment processor might examine the authorization request to determine if the request appears valid, and, if appropriate, send the authorization request to the card issuing bank. The card issuing bank can then authorize or decline (e.g., based on available funds/credit) the authorization request, and send a corresponding response back to the payment processor. The payment processor will then note the response from the card issuing bank, and forward the response to the payment gateway. The payment gateway can then generate and send an appropriately formatted response to the merchant. In general, one will appreciate that each of these communication sequences occurs over a secure internet connection.
Despite the case that any one or more of the above-identified entities may perform fraud or validation checks in the communication sequence, and despite the secure connections themselves, such internet-based payment authorization sequences can present a number of different exposures to fraud. For example, compared with direct connection systems (e.g., modem-based connections), internet-based authorization mechanisms can increase the number of independent entities that could be impersonated by a malicious party. Furthermore, since a user can submit payment information behind an IP address, rather than necessarily presenting a card with identification in-person, there is greater potential for end-users to be impersonated.
Detecting user impersonation, or impersonation of a merchant, continues to be a challenge for entities conducting sales over internet-based mechanisms. Beyond the difficulties previously mentioned, even where one of the entities, such as the payment gateway, card association, or issuing bank, detects user or merchant fraud, it can be difficult to trace the fraud back to the specific perpetrator. One reason for this is that fraudulent users are often also using pirated software, which can be difficult or impossible in some cases to trace to a particular end-point.
Implementations of the present invention provide systems, methods, and computer program products configured to authenticate one or more payment transactions at least in part using software product license keys. In at least one implementation, for example, a user submits a payment request that includes various payment information (e.g., personal and/or payment account information), as well as one or more license key identifiers. The corresponding software provider can then separately validate the product license key before or while the other entities in the payment sequence validate the payment request. As a result, fraudulent requests originating from entities with invalid license keys can be denied outright if desired, while fraudulent requests originating from entities with valid product license keys can be traced more easily.
For example, one method in accordance with an implementation of the present invention from a client computer perspective can involve preparing one or more payment requests to be sent to one or more payment validating entities. Generally, the one or more payment requests will include account information. The method can also involve executing one or more instructions to identify one or more software license keys at the client computer system. In addition, the method can involve sending one or more corresponding license key identifiers to the one or more validating entities. Furthermore, the method can involve receiving one or more transaction responses to the one or more payment requests. Generally, the one or more transaction responses are based at least in part on the one or more license key identifiers.
By contrast, another method in accordance with an implementation of the present invention from a server perspective can involve receiving one or more payment requests from one or more client computer systems. The method can also involve identifying one or more license key identifiers corresponding to one or more product license keys at the one or more client computer systems. In addition, the method can involve validating the one or more payment requests. This can be done at least in part by comparing information corresponding to the one or more license key identifiers with software license key information in one or more license key databases. Furthermore, the method can involve sending one or more transaction responses to the one or more client computer systems. In general, the one or more transaction responses can be based at least in part on the comparison of the one or more license key identifiers via the one or more license key databases.
This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the invention. The features and advantages of the invention may be realized and obtained by means of the instruments and combinations particularly pointed out in the appended claims. These and other features of the present invention will become more fully apparent from the following description and appended claims, or may be learned by the practice of the invention as set forth hereinafter.
In order to describe the manner in which the above-recited and other advantages and features of the invention can be obtained, a more particular description of the invention briefly described above will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings. Understanding that these drawings depict only typical embodiments of the invention and are not therefore to be considered to be limiting of its scope, the invention will be described and explained with additional specificity and detail through the use of the accompanying drawings in which:
Implementations of the present invention extend to systems, methods, and computer program products configured to authenticate one or more payment transactions at least in part using software product license keys. In at least one implementation, for example, a user submits a payment request that includes various payment information (e.g., personal and/or payment account information), as well as one or more license key identifiers. The corresponding software provider can then separately validate the product license key before or while the other entities in the payment sequence validate the payment request. As a result, fraudulent requests originating from entities with invalid license keys can be denied outright if desired, while fraudulent requests originating from entities with valid product license keys can be traced more easily.
In general, one will appreciate that the mechanisms described herein are enabled at least partly since many software providers take great pains to restrict distribution of software. For example, many software providers today will block usage of a particular software program until a user provides a valid license key to the software through a user interface. If the license key matches one or more codes maintained by the software, the software may then be configured to unlock its operations. The key for users, therefore, is to obtain a valid software license key.
Traditionally, users can purchase and obtain the software license key along with the software of interest, while in other cases, the software provider may provide the license key through a separate transaction (e.g., mail, email, secure login, etc.) In any event, a software provider can often trace use of a particular license key to a user when the user purchases the software using a credit/debit card or check (or other traceable payment means). In other cases, the software provider may be able to trace use of a particular license key by requiring a given user to register the software with the software provider upon successful installation. The software provider might then deactivate properly registered software license keys for use by other users, or until the first user removes the software from the user's computer system. For example, the user might sell (or give) the software and corresponding software license key to another person, who might only be able to use the software and software license key after the initial user deactivates his account.
One will appreciate that software providers may use many different mechanisms for distributing and maintaining software license keys, and the strictness of these mechanisms can range greatly. For example, some software providers may provide software that can be installed multiple times using the same license key without triggering a warning. In other cases, the software providers may provide software that can be disabled instantly, out of caution, if the user changes one or more hardware components in the computer system. However done, software license keys can generally be used in most cases to identify a particular purchaser, or at least identify one or more users that are not too far removed from the original purchaser.
Accordingly, implementations of the present invention add one or more additional layers of authenticity, at least in part by correlating purchase requests with users of authentic software (who may be less likely to initiate a fraudulent transaction compared with users of pirated software). Furthermore, implementations of the present invention add layers of authenticity by making it easier to trace particular transactions back to specific software end-users. For example, and as will be understood more fully herein, a user posing as another to commit credit card fraud through an electronic purchase can be found more easily if the user is using valid (appropriately-licensed) software. Alternatively, a software provider can aid an account holder in tracing fraudulent purchases to a particular merchant where one user might have posed as another.
Accordingly,
In either case,
In other cases, a personal computer system at a point of sale (e.g., at merchant 113) may not necessarily need to receive and process such scripts from a remote server 110. For example, a merchant 113 computer system at a point-of-sale terminal can be configured with resident software that automatically reviews the appropriate software license keys during each transaction. Thus, when an end-user presents credit or debit card information, and the cashier submits that information for payment, the resident software can review the software license keys.
However done,
In any event,
In general, software provider 145 will be the provider for the software that is on a particular client system making the electronic payment request. For example, payment gateway 130 may have sent a script that identifies a product license key for one type of software provider, and thus sends a corresponding license key identifier received from the client computer system to that particular software provider. Alternatively, the client scripts sent by payment engine 130 might be configured to identify a license key provider for a number of applications handled by any number of software providers. Payment gateway 130 could then make determinations (e.g., via determination module 135) about the types of license key identifiers received, and to which software provider the license keys should be directed.
In most cases, however, and for purposes of simplicity, the license key identifier 125 will typically correspond to a ubiquitous operating system platform. One such operating system platform includes the MICROSOFT WINDOWS operating system. According to at least one implementation, therefore, software provider 145 and license key validation engine 150 represent entities associated with the MICROSOFT operating environment. Furthermore, the license key identifiers 125 represent encoded, encrypted, or hashed values of the client 105 MICROSOFT WINDOWS software license key. In such a case, payment engine 130 simply passes the license key identifier 125 to a MICROSOFT license validation engine.
In any case,
For example, license key database 155 can also include the storage of all valid and previously valid software license keys, as well as software license keys that have been known to have been pirated or stolen. License key database 155 can further include information regarding a portion of the expected locations (e.g., IP addresses, domain names, etc.) at which particular license keys can be expected to be found. This can help license key validation engine 150 also detect license keys originating from software that may have been installed on a particular domain outside of authorized bounds.
Upon making the appropriate comparisons between the information of message 140 and license key database 155, validation engine 150 can send a license key response 160 to payment gateway 130. In general, license key response 160 can include any number or type of information, such as that the software license key associated with license key identifier 125 is valid, that the software license key is invalid (or missing), or that there is some question about the authenticity of the software license key. For example, license key validation engine 150 may determine that the software license key associated with license key identifier 125 is valid, but associated with an unexpected domain or IP address.
Upon receipt of license key response 160, payment gateway 130 can then make a determination (e.g., via determination module 135) about whether to process the one or more payment requests. For example, if identifying from response 160 that the software at payment requestor 107 is invalid, pirated, or otherwise questionable, payment gateway 130 may raise an alert. In particular, payment gateway 130 can send a response (e.g., 185) to payment requestor 107 denying the one or more payment requests. Similarly, payment gateway 130 may simply just log evidence that the software at client 105 is or may be invalid, or that there has been some question about the authenticity of the software, and store this information for subsequent reporting purposes.
In cases where the originating software is valid, however, payment gateway 130 will generally communicate the one or more payment requests and account information to one or more account entities 170, as previously done. For example, payment gateway 130 can send payment information 120 along to acquiring bank 165 and card association 175, which can perform their own validation checks on the one or more payment requests. If appropriate, card association 175 can also pass payment information 120 to issuing bank 180. Alternatively, such as in the case of sending checking account information, payment gateway 130 may send corresponding payment information 120 directly to issuing bank 180, which then finalizes the one or more payment requests.
One will appreciate, therefore, that the account entities 170 can thus be the final arbiter as to whether the one or more payment requests are validated, despite any initial filtering for valid software license keys. For example, account entities 170 can continue to perform any account validation functions, or determinations regarding sufficiency of funds, etc., and then respond through the usual channels. In particular,
Accordingly,
In such cases, one or more servers at payment gateway 130 can also perform license key validation functions in addition to any other fraud or transaction validation checks. Similarly, any of the one or more account entities 170 could be licensed to store and/or execute license key validation engine 150 and/or license key database 155 onsite. For example, account entities 170 can have license key validation engine 150 installed or otherwise located locally. The local license key validation engine 150, could nevertheless be configured to access license key database 155 offsite through software provider 145. In any case, account entities 170 could perform license key validation checks along with any number of other account validation checks, fund sufficiency checks, and/or transaction validation checks.
Implementations of the present invention can also be described in terms of flowcharts of one or more acts in methods from client and server perspectives for accomplishing a particular result. For example,
For example,
Accordingly,
In addition,
By contrast,
In addition,
Furthermore,
Accordingly,
The embodiments of the present invention may comprise a special purpose or general-purpose computer including various computer hardware, as discussed in greater detail below. Embodiments within the scope of the present invention also include computer-readable media for carrying or having computer-executable instructions or data structures stored thereon. Such computer-readable media can be any available media that can be accessed by a general purpose or special purpose computer.
By way of example, and not limitation, such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to carry or store desired program code means in the form of computer-executable instructions or data structures and which can be accessed by a general purpose or special purpose computer. When information is transferred or provided over a network or another communications connection (either hardwired, wireless, or a combination of hardwired or wireless) to a computer, the computer properly views the connection as a computer-readable medium. Thus, any such connection is properly termed a computer-readable medium. Combinations of the above should also be included within the scope of computer-readable media.
Computer-executable instructions comprise, for example, instructions and data which cause a general purpose computer, special purpose computer, or special purpose processing device to perform a certain function or group of functions. Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.
The present invention may be embodied in other specific forms without departing from its spirit or essential characteristics. The described embodiments are to be considered in all respects only as illustrative and not restrictive. The scope of the invention is, therefore, indicated by the appended claims rather than by the foregoing description. All changes which come within the meaning and range of equivalency of the claims are to be embraced within their scope.