Today's smart mobile devices can, and in some cases do, replace desktop and laptop computers. However, mobile devices have limited storage space for files, photos and videos. As a result, the mobile device hardware limits the user's ability to store files, photos, and videos on the mobile device. In response to this need, some content management services now enable cloud-based cross-platform content synchronization and sharing, which enables users to conveniently upload, store, and view files on any device associated with the account.
There are many competing cloud-based services and mobile users are free to download any available third-party application and service. However, users must typically sift through hundreds of applications in an application store to find one that satisfies their needs. Moreover, application and service providers may struggle to differentiate in this highly competitive market.
However, competition for users' application downloads has created new security risks. Because some mobile device manufactures use open source code for the operating system, hackers can modify applications and hack the mobile device to: (1) change how the mobile device operates; and (2) load applications on a mobile device that were not intended to run on the mobile device. Moreover, hackers may also pirate applications and files to illegitimately receive services and terms of service on a mobile device that are not eligible for such services or terms of service.
The present disclosure recognizes and addresses both the foregoing and other considerations of prior art system and methods in providing a solution to the limitations of the prior art.
A computer-implemented method of confirming validity of a code (e.g., deal code) associated with a set of service terms (e.g, deal) on a mobile device using at least one processor, in various embodiments, may include receiving information from a mobile device, wherein the information may include: (a) user information, (b) mobile device information, (c) a deal code that is associated with a third-party service and that is preloaded in memory within the mobile device. In various embodiments, the deal code may be associated with a set of service terms, and a hash value that is based on the user information, the mobile device information, and the deal code. In response to receiving the information the computer-implemented method may calculate a second hash value that is based on the information and other predetermined information and compare the second hash value to the first hash value. In various embodiments, the computer-implemented method may determine whether the deal code is properly used with the mobile device at least partially based on the comparison of the second hash value to the first hash value and, in response to determining that the deal code is properly used with the mobile device, accounting for the deal.
In various embodiments, the mobile device information may include: (1) a mobile device identification number; (2) an operating system version number; and (3) an application version number associated with an application that is preloaded on the mobile device.
In some embodiments, the first hash value may be further based on the application version number and the operating system version number. In other embodiments, the other predetermined information may include: (1) a predetermined application version number associated with the deal code; and (2) a predetermined operating system version number that is associated with the deal code. In still further embodiments, accounting for the deal may further include adding the user information and the mobile device identification number to a database that is used to prevent the user, and any other user of the mobile device, from obtaining a particular set of service terms, for the third-party service, associated with the deal code.
In various embodiments, determining whether the deal code is properly used with the mobile device may further include granting, to the user, a particular set of terms for the third-party service. In other embodiments, determining whether the deal code is properly used with the mobile device further may include determining whether the mobile device qualifies the user for the deal associated with the deal code, and determining whether the application has been modified. In some of these embodiments, if the application has been modified, the method further may include adding the user information and the mobile device identification number to a database that is used to prevent improper use of the deal code.
A mobile device, in various embodiments, may include: (1) at least one processor; (2) memory operatively coupled to the at least one processor; (3) a deal code stored in the memory, the deal code being associated with a service; (4) an application program stored in the memory that is used to provide the service on the mobile device, wherein the application program has an application version number; and (5) an operating system having an operating system version number. In some embodiments, at least one processor is configured to, upon the setup of the mobile device: (a) receive user information from a user; (b) retrieve the deal code from the memory; (c) retrieve the application version number; (d) retrieve the operating system version number; (e) create a hash value that is based on the user information, the deal code, the application version number and the operating system version number; (f) transmit the user information, the deal code, the application version number, the operating system version number, the mobile device identification number and the hash value to a third-party associated with the service; (g) receive a notification from the third-party regarding the provision of the service that is based on a result of a comparison of the hash value with a second hash value calculated by provider of the service; and (h) in response to receiving the notification from the third-party, enable setup of the service on the mobile device.
Various embodiments of a computer system for: (1) associating particular contract terms for a third-party service with a mobile device during an out-of-box experience for the mobile device; and (2) detecting abuse with regard to obtaining the particular contract terms are described below. In the course of this description, reference will be made to the accompanying drawings, which are not necessarily drawn to scale, and wherein:
Various embodiments will now be described. It should be understood that the present disclosure may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Like numbers refer to like elements throughout.
The present disclosure, in accordance with various embodiments, provides a content management server that may receive information from a mobile device during the device's initial activation and setup. In several embodiments, during the device initial setup, the content management server verifies that the user and device qualify for a predetermined deal for a third-party service. For example, the content management server may verify that the user and device qualify for a deal by: (1) receiving a deal code and other information and recording it in a log; and (2) processing the log to award the deal by verifying other information provided. In various embodiments, the information received by the content management server may include user information, a deal code preloaded on the mobile device, and a unique mobile device identification number. The content management server may associate the deal with an existing user account for the service or with a new user account for the service that is established during setup of the mobile device. It should be understood that a deal code can take any appropriate form. In various embodiments, the deal code may be represented by a unique series of numbers and letters, a special type of file (e.g., a Java Archive file), or a calculated hash value based on various collected user data. Additionally, the deal code may be unique to a specific device or the same for each device manufactured by a particular company. The content management server may determine whether the deal code is valid for the identified mobile device and user by comparing information about the user, the mobile device, and the service terms with previously stored information. For example, by comparing a hash value based on user, mobile device, and service term information with a list or table of previously compiled hash values. The content management server may then grants a particular deal for the service to the user if the use of the deal code is valid.
In various embodiments, the deal may include granting the user of the mobile device a predetermined service package for cloud-based storage space for the content management system. Cloud-based storage space is advantageous because storage space on mobile devices may be limited. Thus, in some embodiments, from a high level, if the content management server verifies that the device and the user qualify for the predetermined service package for cloud-based storage space, the content management server grants the storage space to the user. More specifically, in various embodiments, an application associated with the content management server is pre-loaded on a mobile device. In several embodiments, when a user is setting up the mobile device, the application may get data from the content management system. The application may get the data in several ways. In some embodiments, the application may “fetch” a file on the content management system. In other embodiments, the application may simply access a file on the content management system. The application may then send user information, device information, and an associated deal code to the content management server. The content management server, based on the received data, either associates the granted cloud-based storage space with an existing user account of the user or with a new user account that is created during the setup of the mobile device.
In other embodiments, the content management server may grant a particular set of service terms after the user satisfies a predetermined criterion. For example, if the user and the device qualify for the deal, then the service terms of the deal are associated with the user account after the user completes a “getting started” tutorial for the content management system. Once the content management server verifies the device and the user information, the content management server sends a notification back to the mobile device to notify the user that they qualify for the particular set of service terms.
In several embodiments, system may maintain a report of all devices and users that have obtained the particular set of contract terms to prevent abuse. For example, mobile device users may attempt to copy the deal code and content management system application to other mobile devices in an attempt to obtain the deal on another mobile device that does not qualify the user for the particular set of contract terms. To minimize abuse, the content management system may track and maintain a record of: each user that obtains the particular set of contract terms; the mobile device identification number associated with the user; and various other information that allows the content management system to determine whether the deal code and an application associated with the service are improperly used on a mobile device that does not qualify for the deal. If fraud is detected, the content management system may remove the particular set of service terms from the user's account and records an entry in the content management database. The entry may contain the user information and device identification number so that the system can track users who improperly use the deal code.
The present system and method is advantageous in that the service provider can detect improper use of deal codes to minimize the likelihood that users fraudulently obtain the particular set of service terms with mobile devices that do not qualify for the deal. Moreover, the third-party service provider can prevent users from obtaining the benefits of a deal more than once by tracking user information (e.g. by user information and mobile device identification number) in a database for users who are granted the deal. Maintaining a listing of the mobile device identification numbers also allows the service provider to remove a device that has already qualified a user for the deal from the database if the device is returned and resold to a new user. This way, the new user can obtain the benefits of the deal using the refurbished mobile device. For purposes of this disclosure, the term out-of-box experience (OOBE) is a marketing term that describes the experience that a consumer (or user) has when first performing the initial setup and configuration of a mobile device. Because the third-party service is integrated into the OOBE, the third-party gains an advantage over other application and service providers by getting the user to sign up for, and use, the third-party application and related service.
Exemplary Technical Platforms
The present invention may be, for example, embodied as a computer system, a method, or a computer program product. Accordingly, various embodiments may be entirely hardware, entirely software, or a combination of hardware and software. Furthermore, particular embodiments may take the form of a computer program product stored on a computer-readable storage medium having computer-readable instructions (e.g., software) embodied in the storage medium. Various embodiments may also take the form of web-implemented computer software.
Any suitable computer-readable storage medium may be utilized including, for example, hard disks, compact disks, DVDs, optical storage devices, and/or magnetic storage devices.
Various embodiments are described below with reference to block diagrams and flowchart illustrations of methods, apparatus (e.g., systems), and computer program products. It should be understood that each element of the block diagrams and flowchart illustrations, and combinations of elements in the block diagrams and flowchart illustrations, respectively, can be implemented by a computer executing computer program instructions. These computer program instructions may be loaded onto a general purpose computer, a special purpose computer, smart mobile device, or other programmable data processing apparatus to produce a machine. As such, the instructions which execute on the general purpose computer, special purpose computer, smart mobile device, or other programmable data processing apparatus create means for implementing the functions specified in the flowchart block or blocks. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer, or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner such that the instructions stored in the computer-readable memory produce an article of manufacture that is configured for implementing the function specified in the flowchart block or blocks. The computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions that execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart block or blocks.
Accordingly, block diagram elements and flowchart illustrations support combinations of mechanisms for performing the specified functions, combinations of steps for performing the specified functions, and program instructions for performing the specified functions. It should also be understood that each block diagram element and flowchart illustration, and combinations of block diagram elements and flowchart illustrations, can be implemented by special purpose hardware-based computer systems that perform the specified functions or steps, or combinations of special purpose hardware and other hardware executing appropriate computer instructions.
Exemplary System Architecture
Network 110 may include any of a variety of types of wired or wireless communication networks, such as the Internet. The communication link between content management server 112 and content management database 114 may be, for example, implemented via a LAN, WAN, or via the Internet. Mobile device 106 may transmit data wirelessly over cellular network by communicating with a cellular tower 108. For purposes of ease of explanation and clarity, cellular tower 108 is shown coupled to networks 110. However, the cellular tower may be coupled to a cellular network provider, which is operatively coupled to network 110.
In various embodiments, content management server 112 may include one or more servers that are located in close physical proximity, or some servers may be locally together and others remote. In either case, all devices, wherever located, function as a system.
Content management server 112 enables file access and file storage between content management server 112 and client devices remote computing devices 102, 104, and 106. Content management server 112 receives files from and sends files to remote computing devices 102, 104, 106 consistent with the user's preferences for sharing files. Content management server 112 may act as the counterpart to a client-side file storage service client application user interface that allows a user to manipulate files directly stored on content management server 112. In some embodiments, software operating on remote computing devices 102, 204, 106 integrates network-stored files with the client's local file system to enable a user to manipulate network-stored files through the same user interface (UI) used to manipulate files on the local file system, e.g., via a file explorer, file finder or browser application. As an alternative or supplement to the client-side file explorer interface, content management server 112 may provide a web interface for remote computing devices 102, 104106 to access (e.g. via a web browser) and allow a user to manipulate files stored on content management server 112. In this way, the user can directly manipulate files stored on content management server 112.
In various embodiments, content management database 114 stores files such as those uploaded using remote computing devices 102, 104, 106. It should be understood that, in various embodiments, content management database 114 may include of multiple data stores—some local to, and some remote from, content management server 112.
Content management database 114 maintains, for each user in a file journal, information identifying the user, information describing the user's file directory, etc. In some embodiments, the file journal is maintained on content management server 112. This file journal may be updated periodically using information obtained directly from content management server 112 and/or from information obtained from one or more client devices 102, 104, and 106 linked to the user's account. In this way, the server-stored file journal (hereinafter the “server-side file journal”) is updated when a file is changed either on the server or on one of the client devices associated with the user's account. When a file is changed, content management server 112 propagates the change to each client device associated with the user's account. For example, if a user makes a change to a particular file on a first client device, the change may be reflected in the server-side file journal. The system then uses the server-side file journal to propagate the change to all client devices associated with the user's account. Such techniques may be implemented, for example, within the context of a synchronized file system such as the Dropbox™ Service of Dropbox, Inc. of San Francisco, Calif.
In particular embodiments, computer 200 may be connected (e.g., networked) to other computers by a LAN, WAN, an intranet, an extranet, and/or the Internet. Computer 200 may operate in the capacity of a server or a client computer in a client-server network environment, or as a peer computer in a peer-to-peer (or distributed) network environment. Computer 200 may be a personal computer (PC), a tablet PC, a mobile device, a web appliance, a server, a network router, a switch or bridge, or any computer capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that computer. Further, while only a single computer is illustrated, the term “computer” may also include any collection of computers that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein.
Exemplary computer 200 may include processor 202, main memory 204 (e.g., read-only memory (ROM), flash memory, dynamic random access memory (DRAM) such as synchronous DRAM (SDRAM) or Rambus DRAM (RDRAM), etc.), static memory 206 (e.g., flash memory, static random access memory (SRAM), etc.), and data storage device 218, which communicate with each other via bus 232.
Processor 202 may represent one or more general-purpose processing devices such as a microprocessor, a central processing unit, or the like. More particularly, the processing device may be a complex instruction set computing (CISC) microprocessor, reduced instruction set computing (RISC) microprocessor, very long instruction word (VLIW) microprocessor, or processor implementing other instruction sets, or processors implementing a combination of instruction sets. Processor 202 may also be one or more special-purpose processing devices such as an application specific integrated circuit (ASIC), a field programmable gate array (FPGA), a digital signal processor (DSP), a network processor, or the like. Processor 202 may be configured to execute processing logic 226 for performing various operations and steps discussed herein.
Computer 200 may further include a network interface device 208. Computer 200 also may include video display 210 (e.g., a liquid crystal display (LCD) or a cathode ray tube (CRT)), alphanumeric input device 212 (e.g., a keyboard), cursor control device 214 (e.g., a mouse), and signal generation device 216 (e.g., a speaker).
Data storage device 218 may include machine accessible storage medium 230 (also known as a non-transitory computer-accessible storage medium, a non-transitory computer-readable storage medium, or a non-transitory computer-readable medium) on which is stored one or more sets of instructions (e.g., a deal code abuse detection module and a software initiation module, which is configured to carry out the steps illustrated in
While machine-accessible storage medium 230 is shown in an exemplary embodiment to be a single medium, the term “machine-accessible storage medium” should be understood to include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) that store the one or more sets of instructions. The term “machine-accessible storage medium” shall also be understood to include any medium that is capable of storing, encoding, or carrying a set of instructions for execution by the computer and that cause the computer to perform any one or more of the methodologies of the present invention. The term “computer-accessible storage medium” shall accordingly be understood to include, but not be limited to, solid-state memories, optical, and magnetic media.
Exemplary System Operation
Devices 102, 104, 106 and content management server 112 may alone, or in combination, perform the method steps of
In various embodiments, the mobile device information may include a mobile device identification number and a version number of the operating system that is running on the mobile device. The device information may also include the version number of an application that is associated with the service that has been preloaded on the mobile device before it is received by the user. In some embodiments, the user information may include a username and password. The username may be, for example, an e-mail address or any suitable username accepted by the third-party service provider (e.g., the content management server of a content management system). In various embodiments, the unique mobile device identification number may be the electronic serial number for the mobile device. In other embodiments, the mobile identification number may be any other suitable identifier that allows the content management system to track an individual mobile device.
In various embodiments, the deal code may be a unique code associated with the manufacturer and model of the mobile device. That is, the same deal code may be used on all like models of the mobile device. In other embodiments, the deal code may be associated with the wireless carrier that provides cellular service to the mobile device. As discussed above the deal code may be preloaded onto the mobile device prior to the mobile device being shipped to the retail seller (e.g., by the manufacturer or other intermediary). The deal code may be stored in the mobile device memory in a file such as a Java Archive file. In various embodiments, the deal code may be encrypted to help prevent unauthorized use of the code. It should be understood that a deal code can take any appropriate form. In various embodiments, the deal code may be represented by a unique series of numbers and letters, a special type of file (e.g., a Java Archive file), or a calculated hash value based on various collected user data. Additionally, the deal code may be unique to a specific device or the same for each device manufactured by a particular company.
At step 304, to receiving the information, the content management server may calculate a second hash value. The second hash value may be calculated based on the information received from the mobile device and based on other predetermined information stored in the content management database. In various embodiments, the other predetermined information may include a known application version number and a known operating system version number that are associated with the deal code. That is, when a deal is negotiated with a mobile device manufacturer or wireless carrier, the third-party service provider may know in advance the version number of the application that is preloaded on the mobile device and the version number of the operating system that will ship on the mobile devices associated with the deal code. As a result, the content management server can calculate the second hash value using the expected known information in combination with the user information, the deal code, and the mobile device identification number. The second hash value may be used to determine if the information sent from the mobile device qualifies the user for the deal associated with the deal code.
At step 306, content management server 112 may compare the second hash value to the first hash value. Because the hash values are calculated using the same hash function and the second hash value is calculated using predetermined information about the mobile device, if the content management server detects differences between the first hash value and the second hash value, the content management server, at step 308, may make a determination that the user is improperly using the deal code on a mobile device that does not qualify for the deal. If the hash codes are not equal, at step 310 the content management server may add the user information and device identification number to a database that is used to prevent improper use of the deal code. In various embodiments, even if the content management system detects that the user is improperly using a deal code, the server may, at step 314, associate the mobile device with a new or existing user account for the service under standard service terms. This way, the user may receive the standard set of service terms, but gains the benefit of using the content management services on the mobile device.
If, in the alternative, the system determines that the hash values are equal, the content management server, in various embodiments, may confirm that: (1) the mobile device qualifies the user for a particular set of service terms; (2) that the particular set of service terms was not already granted to another user of the mobile device; (3) and in some embodiments, that the user has satisfied at least one criterion. The criterion may be, for example, the completion of a tutorial on the third-party service.
In various embodiments, content management server 112 determines whether the mobile device qualifies for the deal based on the deal code and the mobile device identifier. In various embodiments, a device may qualify for the deal if the device manufacturer pre-negotiates a deal with the third-party vendor for provision of the content management system services under particular service terms. If the mobile device qualifies for the deal, then at step 312, the content management server may determine whether the user associated with the mobile device qualifies for the deal. If the user does not qualify for the deal, the content management server moves to step 314, and may notify the user that they do not qualify for the deal. In various embodiments, the content management server may associate the mobile device with a new or existing user account under the standard service terms. For example, a user may not qualify for a particular set of service terms, even though the mobile device qualifies for the particular set of service terms, if the user was previously granted the particular set of service terms using another qualifying mobile device.
If, on the other hand, the user qualifies for the deal, then at step 316, the content management server may determine if the user is new to the content management system. In various embodiments, the user can indicate if they are an existing or new user when setting up the mobile device. For example, the third-party service screen in the OOBE may allow the user to select an “I already have an account” menu item 1104 (
In various embodiments, the user information, deal code, and mobile device identification number are stored in the content management database 114. Additionally, the contract terms (e.g., the particular set of service terms associated with the deal or the standard service terms) associated with the user's account may also be stored in content management database 114. This way, content management server 112 can manage the user's account with respect to the particular contract terms granted to the user. For example, in some embodiments, the particular contract terms may grant the user a predetermined amount of free storage space on the synched content management system for a fixed length of service. Content management server 112 may use the stored information to manage the user's account and provide a renewal notice when the fixed length of service expires. The user and device information stored in content management database 114 may allow content management server 112 to sync file data among multiple client devices (e.g., tablet 102, computer 104 and mobile device 106) associated with the user's account.
At step 404, in response to receiving the information from the user, the mobile device may retrieve a deal code from memory in the mobile device. The deal code may be included in a file stored on the mobile device. For example, in various embodiments, the deal code may be stored within a Java Archive file. The deal code may be a unique code that associates particular service terms with a particular mobile device model or wireless carrier. As such, in various embodiments, the third-party service provider may pre-determine the particular service terms with a mobile device manufacturer and/or wireless carrier. In exchange for providing advantageous service terms to the mobile device user, in various embodiments, the manufacturer may integrate the third-party service provider application and service setup screens into the mobile device OOBE.
At step 406, the mobile device may retrieve a version number of an application that is preloaded on the mobile device. In various embodiments, the application may be a client application that integrates the third-party service on the mobile device. Thus, the third-party service provider may provide the manufacturer a particular version of the application in conjunction with the deal code. The deal code and the particular version of the application may be preloaded on the mobile device prior to the mobile device being delivered to the user, which may then be integrated into the setup screens for the mobile device OOBE. At step 408, the mobile device may retrieve a version number of an operating system running on the mobile device. In some embodiments, the third-party service provider may use the application version number and the operating system version number in determining whether use of the deal code is a valid use. For example, at step 410, the mobile device may use a hash function provided by the third-party service provider to create a hash value that is at least partially based on the user information, the deal code, and the information about the mobile device. In some embodiments, the information about the device may include the device identification number, the application version number, and the operating system version number. In various embodiments, the hash value may also be based on at least a portion of the binary code of the application.
At step 412, the mobile device may transmit the hash code and at least one or more of the user information, and the information about the mobile device to the third-party service provider associated with the deal code. The information about the mobile device may include at least one or more of the mobile device identification number, the operating system version number, the application version number, and any other suitable piece of information related to the mobile device or the application. The third-party provider may use the transmitted hash code, the user information, and the mobile device information to confirm that the calculated hash code is valid by calculating an expected hash code based on the user information and known information about the mobile device.
At step 414, if the calculated hash value matches the hash value received by the third-party service provider, the mobile device may receive a notification that is sent from the third-party service provider regarding the provision of the services. In various embodiments, the notification may include at least one of: a welcome notice; a terms of service notice; a deal qualification notice; and a notification of at least one criterion that must be completed before the deal is granted to the user. At step 416, to receive the notification from the third-party, the mobile device may enable setup of the service (for example, synching data on a content management system or auto-populating photo gallery views) on the mobile device.
In various embodiments, the content management system is a synched content management system. In other embodiments, the service on the mobile device automatically populates a photo gallery on the mobile device or automatically uploads files from the mobile device to the content management system.
Example User Experience
When a user purchases a mobile device, in most cases, the user must setup the mobile device prior to using the device, which is performed by the user through the mobile device's OOBE. Setup is performed by navigating through one or more setup screens that allows a user to select options to customize the mobile device to their liking. The following discussion is directed to various embodiments of an OOBE that the user may experience when setting up their mobile device.
Referring to
Referring to
In various embodiments, the OOBE may be configured to present the user with the ability to associate the mobile device with a third-party service provider. In particular, and referring to
Once the user is finished creating a new content management service account or logging in to their existing account, referring to
One of skill in the art, with reference to this disclosure, should understand that various other OOBE screens may be included in the setup and initialization of the mobile device.
Having the benefit of the teachings presented in the foregoing descriptions and associated drawings, one of skill in the art will recognize many modifications and other embodiments of the invention.
In light of the above, it is to be understood that the invention is not to be limited to the specific embodiments disclosed and that modifications and other embodiments are intended to be included within the scope of the appended claims. Although specific terms are employed herein, they are used in a generic and descriptive sense only and not for the purposes of limitation.
This claims the benefit of priority under 35 U.S.C. §119(e) to U.S. Provisional Patent Application No. 61/706,111, filed Sep. 26, 2012, entitled, “System and Method of Detecting Fraud in the Provision of a Deal for a Service on a Handheld Device,” which is incorporated herein by reference in its entirety.
Number | Date | Country | |
---|---|---|---|
61706111 | Sep 2012 | US |