These and other features of this invention will be more readily understood from the following detailed description of the various aspects of the invention taken in conjunction with the accompanying drawings that depict various embodiments of the invention, in which:
It is noted that the drawings of the invention are not to scale. The drawings are intended to depict only typical aspects of the invention, and therefore should not be considered as limiting the scope of the invention. In the drawings, like numbering represents like elements between the drawings.
As indicated above, the invention provides a method, system, and program product for conducting a cross-organizational transaction audit.
In order to ensure that the services requested of each organization are performed in a satisfactory manner, each organization requested to provide a service (i.e., perform a task) produces 124, 134 an audit log 126, 136 containing information related to its performance of one or more tasks associated with its provision of the service. Such information may include, for example, a date and/or time that the task was initiated and/or completed, data generated as a consequence of the organization's performance of the task, and data used by the organization in performance of the task. In a preferred embodiment, the organization requesting a service provides to the organization providing the service a unique identifier associated with the service request. This unique identifier is preferably included in the audit log 126, 136 generated by the organization providing the service.
As can be seen in
In addition to the preparation of audit logs, organizations providing requested services may also verify 128, 138 to a requesting organization that it has provided the requested service (i.e., performed one or more tasks associated with the provision of a service). Such verification may include, for example, data contained in audit logs 126, 136 or may simply comprise a communication to the requesting organization that one or more tasks associated with the requested service has been performed. In the latter case, verification 128, 138 may provide the impetus for the requesting organization (e.g., 110) to examine (e.g., 114, 116) the audit logs (e.g., 126, 136) prepared by the organizations providing the service (e.g., 120, 130).
In reality, cross-organizational transactions are likely to be much more complicated than that shown in
For example, third-party organization 260 houses audit logs 226, 236. Such audit logs may either be generated by the third-party organization 260 itself or transmitted to third-party organization 260 from service-providing organizations 220, 230. As can be seen in
As described above, the present invention may be employed to audit any cross-organizational transaction involving any number and type of organizations providing any number and type of services. However, in order to better describe the interactions between organizations and the auditing capabilities afforded by the present invention,
Each of steps A through G may generate data associated with the request and/or performance of an associated task. As in
In addition, as in
Still referring to
The verifications described above greatly reduce the likelihood that transaction 300 may be carried out fraudulently. That is, transaction 300 could not be completed simply through the use of a stolen or fraudulently obtained credit card. Completion of transaction 300 would also require the fraudulent completion of verifications 314 and 318.
In addition, the verifications described above also make much more difficult the fraudulent or unsatisfactory provision of services among the organizations themselves. That is, the improper provision of services or charges based on services not provided would require at least two organizations to conspire to commit such fraud (e.g., shipping service 340 and financial institution 330 would each have to conspire to create and use a fraudulent verification from consumer 310).
Referring now to
First, at step S11, a first entity provides information to a second entity. Such a provision of information may be made, for example, in connection with the first entity's request that the second entity perform a particular task. Next, at step S12, the second entity performs one or more tasks. Such tasks may include tasks requested by the first entity or other tasks.
At optional step S13, the second entity may provide to an outside entity the information it was provided in step S11. Such a provision of information may be legitimate (i.e., made in connection with the second entity's performance of one or more tasks in step S12, as authorized by the first entity) or illegitimate (i.e., made outside the authority granted by the first entity or contrary to the authority granted by the first entity). For example, a legitimate provision of information to an outside entity at step S13 may include the second entity's provision of credit card or bank account information to the credit card company or bank in order to collect payment for the performance of the tasks of step S12, as shown in
At step S14, an audit log is created, as described above. Here, the audit log includes information regarding how the information provided in step S11 was used. Such information may include, for example, provisions of information such as that of optional step S13. As described above, step S14 may optionally be performed by a third entity 460.
At step S15, the log created at step S14 is examined, typically by the first entity. Here, where the method may be used to ensure the security of information provided at step S11, step S15 includes determining how such information was used by the second entity, including any disclosures made at optional step S13. As such, the first entity is able to determine at optional step S16 whether the second entity's use of the information provided at step S11 complied with the authority it granted the second entity.
It should be understood that the methods of
Computer system 14 is shown including a processing unit 20, a memory 22, an input/output (I/O) interface 26, and a bus 24. Further, computer system 14 is shown in communication with external devices 28 and a storage system 30. As is known in the art, in general, processing unit 20 executes computer program code, such as transaction auditing system 40, that is stored in memory 22 and/or storage system 30. While executing computer program code, processing unit 20 can read and/or write data from/to memory 22, storage system 30, and/or I/O interface 26. Bus 24 provides a communication link between each of the components in computer system 14. External devices 28 can comprise any device that enables a user (not shown) to interact with computer system 14 or any device that enables computer system 14 to communicate with one or more other computer systems.
In any event, computer system 14 can comprise any general purpose computing article of manufacture capable of executing computer program code installed by a user (e.g., a personal computer, server, handheld device, etc.). However, it is understood that computer system 14 and transaction auditing system 40 are only representative of various possible computer systems that may perform the various process steps of the invention. To this extent, in other embodiments, computer system 14 can comprise any specific purpose computing article of manufacture comprising hardware and/or computer program code for performing specific functions, any computing article of manufacture that comprises a combination of specific purpose and general purpose hardware/software, or the like. In each case, the program code and hardware can be created using standard programming and engineering techniques, respectively.
Similarly, computer infrastructure 12 is only illustrative of various types of computer infrastructures for implementing the invention. For example, in one embodiment, computer infrastructure 12 comprises two or more computer systems (e.g., a server cluster) that communicate over any type of wired and/or wireless communications link, such as a network, a shared memory, or the like, to perform the various process steps of the invention. When the communications link comprises a network, the network can comprise any combination of one or more types of networks (e.g., the Internet, a wide area network, a local area network, a virtual private network, etc.). Regardless, communications between the computer systems may utilize any combination of various types of transmission techniques.
As previously mentioned, transaction auditing system 40 enables computer system 14 to conduct a cross-organizational transaction audit. To this extent, transaction auditing system 40 is shown including a service request system 42, a log creation system 44, a verification system 46, and a log examining system 48. Operation of each of these systems is discussed above. Transaction auditing system 40 may further include other system components 50 to provide additional or improved functionality to transaction auditing system 40. It is understood that some of the various systems shown in
While shown and described herein as a method and system for conducting a cross-organizational transaction audit, it is understood that the invention further provides various alternative embodiments. For example, in one embodiment, the invention provides a computer-readable medium that includes computer program code to enable a computer infrastructure to conduct a cross-organizational transaction audit. To this extent, the computer-readable medium includes program code, such as transaction auditing system 40, which implements each of the various process steps of the invention. It is understood that the term “computer-readable medium” comprises one or more of any type of physical embodiment of the program code. In particular, the computer-readable medium can comprise program code embodied on one or more portable storage articles of manufacture (e.g., a compact disc, a magnetic disk, a tape, etc.), on one or more data storage portions of a computer system, such as memory 22 and/or storage system 30 (e.g., a fixed disk, a read-only memory, a random access memory, a cache memory, etc.), and/or as a data signal traveling over a network (e.g., during a wired/wireless electronic distribution of the program code).
In another embodiment, the invention provides a business method that performs the process steps of the invention on a subscription, advertising, and/or fee basis. That is, a service provider could offer to conduct a cross-organizational transaction audit as described above. In this case, the service provider can create, maintain, support, etc., a computer infrastructure, such as computer infrastructure 12, that performs the process steps of the invention for one or more customers. In return, the service provider can receive payment from the customer(s) under a subscription and/or fee agreement and/or the service provider can receive payment from the sale of advertising space to one or more third parties.
In still another embodiment, the invention provides a method of generating a system for conducting a cross-organizational transaction audit. In this case, a computer infrastructure, such as computer infrastructure 12, can be obtained (e.g., created, maintained, having made available to, etc.) and one or more systems for performing the process steps of the invention can be obtained (e.g., created, purchased, used, modified, etc.) and deployed to the computer infrastructure. To this extent, the deployment of each system can comprise one or more of (1) installing program code on a computer system, such as computer system 14, from a computer-readable medium; (2) adding one or more computer systems to the computer infrastructure; and (3) incorporating and/or modifying one or more existing systems of the computer infrastructure, to enable the computer infrastructure to perform the process steps of the invention.
As used herein, it is understood that the terms “program code” and “computer program code” are synonymous and mean any expression, in any language, code or notation, of a set of instructions intended to cause a computer system having an information processing capability to perform a particular function either directly or after either or both of the following: (a) conversion to another language, code or notation; and (b) reproduction in a different material form. To this extent, program code can be embodied as one or more types of program products, such as an application/software program, component software/a library of functions, an operating system, a basic I/O system/driver for a particular computing and/or I/O device, and the like.
The foregoing description of various aspects of the invention has been presented for purposes of illustration and description. It is not intended to be exhaustive or to limit the invention to the precise form disclosed, and obviously, many modifications and variations are possible. Such modifications and variations that may be apparent to a person skilled in the art are intended to be included within the scope of the invention as defined by the accompanying claims.