Tuning product policy using observed evidence of customer behavior

US 8,336,085 B2
Filed: 09/12/2005
Issued: 12/18/2012
Est. Priority Date: 11/15/2004
Status: Active Grant

First Claim

Patent Images

1. A method of determining and enforcing a risk policy on a pay-per-use device, the method comprising:

collecting and storing operational data at the pay-per-use device, wherein the operational data indicates a metered measurement of usage by a user of the pay-per-use device based on user input by the user to the pay-per-use device, wherein the pay-per-use device includes a processor, memory, and an input and/or output device, and the processor of the pay-per-use device is configured to collect and store the operational data and to perform a local analysis of the operational data;

collecting and storing user financial data reflecting at least one of payment history or credit data associated with the user;

determining a risk factor based on the operational data and the user financial data, the risk factor being associated with the user;

setting the risk policy based on the determined risk factor, the risk policy being determined from a plurality of available risk policies, the risk policy including measurement criteria for collecting measurement data by the pay-per-use device to assess compliance with the risk policy when monitoring subsequent activity at the pay-per-use device, wherein the risk policy includes sanctions for non-compliance with the risk policy; and

collecting the measurement data during the subsequent activity at the pay-per-use device to determine compliance with the risk policy, wherein the collecting of the measurement data is performed according to the measurement criteria, and the collecting of the measurement data is accomplished at a tamper resistant secure component using the processor of the pay-per-use device to determine compliance with the risk policy,wherein the measurement criteria for collecting the measurement data at the pay-per-use device are based on both the operational data collected at the pay-per-use device and the user financial data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer adapted for pay-as-you go or other metered use has a policy for determined what measurements to take to detect fraud as well as steps to take when fraud is found. To optimize between good performance and sufficient tests to reduce the risk of fraud, a policy is developed based on observation of the users behavior, using data taken at the computer, data from a payment processor or both. After analysis, an updated policy is securely loaded at the computer to determine what, and how often to measure for suspected fraud.

Citations

20 Claims

1. A method of determining and enforcing a risk policy on a pay-per-use device, the method comprising:
- collecting and storing operational data at the pay-per-use device, wherein the operational data indicates a metered measurement of usage by a user of the pay-per-use device based on user input by the user to the pay-per-use device, wherein the pay-per-use device includes a processor, memory, and an input and/or output device, and the processor of the pay-per-use device is configured to collect and store the operational data and to perform a local analysis of the operational data;
  
  collecting and storing user financial data reflecting at least one of payment history or credit data associated with the user;
  
  determining a risk factor based on the operational data and the user financial data, the risk factor being associated with the user;
  
  setting the risk policy based on the determined risk factor, the risk policy being determined from a plurality of available risk policies, the risk policy including measurement criteria for collecting measurement data by the pay-per-use device to assess compliance with the risk policy when monitoring subsequent activity at the pay-per-use device, wherein the risk policy includes sanctions for non-compliance with the risk policy; and
  
  collecting the measurement data during the subsequent activity at the pay-per-use device to determine compliance with the risk policy, wherein the collecting of the measurement data is performed according to the measurement criteria, and the collecting of the measurement data is accomplished at a tamper resistant secure component using the processor of the pay-per-use device to determine compliance with the risk policy,wherein the measurement criteria for collecting the measurement data at the pay-per-use device are based on both the operational data collected at the pay-per-use device and the user financial data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, further comprising:
    - analyzing the measurement data at the tamper resistant secure component to determine compliance with the risk policy; and
      
      imposing one or more of the sanctions on the pay-per-use device when the tamper resistant secure component determines non-compliance with the risk policy.
  - 3. The method of claim 1, wherein the user financial data is collected at a server separate from the pay-per-use device.
  - 4. The method of claim 1, wherein collecting the data comprises collecting the operational data at the pay-per-use device and reporting the operational data to a server separate from the pay-per-use device.
  - 5. The method of claim 1, wherein the financial data reflects the payment history including at least a frequency of payments by the user.
  - 6. The method of claim 1, wherein the operational data reflects at least one of a component verification, a clock verification, a previous enforcement action, a provisioning packet activity, and an application usage.
  - 7. The method of claim 6, further comprising programmatically exposing the risk factor for use by an external entity.
  - 8. The method of claim 1, wherein the measurement criteria specify that the measurement data includes at least one of an operating system heartbeat, a verification of designated files, a verification of a system clock, an operating mode, a frequency of memory access, or a time between provisioning cycles.
  - 9. The method of claim 1, wherein the measurement criteria specify that the measurement data includes:
    - an operating system heartbeat,a verification of designated files,a verification of a system clock,an operating mode,a frequency of memory access, anda time between provisioning cycles.
  - 10. The method of claim 1, wherein the measurement criteria specify how often the measurement data are collected at the pay-per-use device.
  - 11. The method according to claim 1, wherein the measurement criteria specify particular measurements that are taken at the pay-per-use device to collect the measurement data.
  - 12. The method according to claim 1, wherein the plurality of available risk policies include different measurement criteria that are associated with different payment histories than the payment history associated with the user.
  - 13. The method according to claim 1, wherein the plurality of available risk policies include different measurement criteria that are associated with different credit data than the credit data associated with the user.
  - 14. The method according to claim 1, the risk factor being further based on customer service data reflecting previous contact by the user with a support center.
  - 15. The method according to claim 1, wherein the measurement criteria specify an operating system heartbeat comprising a signed signal indicating that an approved, valid version of an operating system is executing on the pay-per-use device.
  - 16. The method according to claim 1, wherein setting the risk policy comprises replacing another risk policy that is installed on the pay-per-use device prior to delivery of the pay-per-use device to the user.
  - 17. The method according to claim 1 wherein the measurement data identify whether a peripheral unit of the pay-per-use device is present and operating properly.
  - 18. The method according to claim 1, wherein the tamper resistant secure component comprises a secure memory.
  - 19. The method according to claim 1, wherein collecting the measurement data further comprises analyzing whether the measurement data fall within normal or historical usage patterns.
  - 20. The method according to claim 19, further comprising sending the measurement data to a server that analyzes whether the measurement data fall within normal or historical usage patterns.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Thirumalai, Gokul P., Ahdout, Isaac
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
LEWIS, LISA C

Application Number

US11/224,635
Publication Number

US 20060107306A1
Time in Patent Office

2,654 Days
Field of Search

705/17, 726/5, 726/26, 726/27
US Class Current

726/5
CPC Class Codes

G06Q 20/26   Debit schemes, e.g. "pay now"

G06Q 20/4016   involving fraud or risk lev...

G06Q 30/04   Billing or invoicing

G06Q 30/06   Buying, selling or leasing ...

G06Q 40/00   Finance; Insurance; Tax str...

G06Q 40/02   Banking, e.g. interest calc...

Tuning product policy using observed evidence of customer behavior

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Tuning product policy using observed evidence of customer behavior

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links