Peer-to-peer telecommunications systems allow the user of a device, such as a personal computer, to make telephone calls across a computer network such as the Internet. These systems are beneficial to the user as they are often of significantly lower cost than traditional telephony networks, such as fixed line or mobile networks. This may particularly be the case for long distance calls. These systems may utilise voice over internet protocol (“VoIP”) over an existing network (e.g. the Internet) to provide these services, although alternative protocols can also be used. To use a peer-to-peer telephony service, the user must install and execute client software on their device. The client software provides the VoIP connections as well as other functions such as registration and authentication.
Some calls in a peer-to-peer telephony network may be free to the user, such as calls to other user of the same peer-to-peer system. However, other calls, such as to fixed line telephones or mobiles, may require the user to pay for the service. This therefore requires the user to provide sensitive information to the system, and hence requires a high level of security for transmissions of such data. Many peer-to-peer telephone systems operate a pre-paid account system. In these systems, the user must securely transfer sensitive information to a payment service provider in order to credit their account, and this credit is then used during the calls made. Once the credit runs out, the user must again securely transfer sensitive information to the payment service provider to credit more money into their account in order to continue using the service. In alternative systems, the user may be invoiced for the amount of calls they have made over a period of time, or may be required to make a fixed payment regardless of the number of calls made.
In existing peer-to-peer telephony systems, the user can securely transfer sensitive data to a payment service provider by opening a web browser program and navigating to the site of the telephony system operator. From this web page the user can select links to make a payment to their account. The user can then enter credit card or other payment information into the web page. The web browser can use known secure protocols for sending the sensitive information to a payment service provider. The disadvantage of this method is that it requires the user to open a separate program on their terminal (i.e. a web browser) in order to make a payment. The user may also be required to proceed through several clicks of the webpages before reaching the correct page. Furthermore, the user must have access to the World Wide Web in order to make such a payment. However, in some circumstances the user may be blocked from accessing the web for security reasons, but would otherwise still be able to use the peer-to-peer telephony service.
From a usability perspective, it would be desirable for the user of the telephony system to be able to make secure payments for services directly from the client software running on the user's terminal. This is because the user directly associates the client program with the telephony service. Furthermore, by allowing secure payment from within the client program, this avoids the need for the user to open other programs in order to securely transmit sensitive information for the service. For example, as discussed hereinbefore, if the user needs to transmit the sensitive information over the Internet, the user may be required to open a browser on his or her terminal and then enter the correct address of the web site through which they should pay before they can enter any payment details. This process can be prone to user error, and hence frustration on the part of the user. In addition, some users may also be suspicious of entering sensitive information on web site pages, and may have a greater level of trust in the client software provided by the operator of the telephony service. The client, however, already knows the identity of user, and this information can therefore be passed to the payment provider without having to prompt the user for an additional username and password, thereby making the payment process more straightforward for the user.
However, any information transmitted over the network related to sensitive information must be secure. In particular, sensitive information should not be sent unencrypted. A conventional way of sending sensitive information is using a hypertext transfer protocol (“HTTP”) message format, such as HTTP secure (“HTTPS”), which encrypts data using a version of the secure socket layer (“SSL”) or transport layer security (“TLS”) protocols. However, any HTTP messages sent from the client software are easy to detect and block resulting in a failure to deliver the HTTP message and thus the encrypted data. The detection and blocking of HTTP messages may be done by third parties or firewalls. For example, some companies see the ability to access arbitrary webpages as a security risk and may therefore block HTTP. However, the telephony service provider does not pose a security risk as its content would be obtained from trusted sources. Furthermore, some companies or third parties may wish to block the peer-to-peer telephony service itself. Whilst the actual telephony traffic may be difficult to detect, the client may make specific HTTP requests to perform its tasks. These requests can therefore be detected and allow the terminal running the client to be determined, and the requests blocked.