The use of the Internet as a sales medium is greatly increasing. If a product is in an electronic format, such as a software program, or digitized music, the entire transaction from payment to shipment of the product can be handled without human interaction through software running on the vendor's World Wide Web (Web) site. Where the product cannot be electronically downloaded, the Internet can be used as a mechanism for selection of and payment for the product. The product can then be shipped to the consumer through conventional channels.
From a consumer standpoint, purchasing a product over the Internet reduces costs associated with traveling to a merchant, and substantially reduces the amount of time it would otherwise take to purchase the product. From a vendor's standpoint, use of the Internet as a sales medium greatly reduces overhead. Leases, buildings, and furnishings necessary for a physical presence are eliminated. The fabulous success of some of the first Internet-based "virtual" stores lends credibility to the estimates of the magnitude of future Internet-based sales.
Mechanisms for purchasing goods over the Internet are well known. A vendor implements a Web site which allows a consumer, through the use of a browser, to select the desired goods. After the goods are selected, the consumer typically enters a credit card number to complete the sale. The credit card number is typically encrypted at the browser and decrypted at the vendor's Web site, to reduce or eliminate the possibility of a third party intercepting the credit card number.
Many vendors use the Internet for post-sale support as well. It is not uncommon for a purchaser of software to be directed to the vendor's Web site to download recent patches, upgrades, or to seek support. Even where the initial purchase was not consummated over the Internet, consumers are often directed to a vendor's Web site for such post-sale support. Such support can include the ability to search databases of known problems and suggested resolutions, the ability to access in-depth technical information about a product, or the ability to communicate via e-mail with a support representative, for example. Post-sale support interaction with the consumer will become an increasingly important distinguishing feature of Internet-based vendors, since such vendors frequently offer goods at nearly identical prices.
Currently, providing post-sale support can be very expensive for a vendor. Before support is provided, it is typically desirable to authenticate that the individual seeking support is a customer of the vendor. Where support requests are initiated by telephone, a customer representative typically requires the caller to provide a unique identifier, such as a serial number which accompanied the product, before support will be provided. A product serial number is also frequently required when the consumer seeks support over the Internet. One problem with using a serial number for authentication purposes is that a valid customer can share the serial number with other individuals who can then use the serial number to access the vendor's support services, even though those individuals never purchased a product. For example, after copying a bona fide purchaser's licensed software, and serial number, such individuals can use the serial number to obtain free upgrades to products which they illegally copied in the first place.
Providing support services to unauthorized users results in loss of revenue and requires larger support resources than would otherwise be required. Because vendors are not compensated for such unauthorized use of post-sale services, it will become increasingly important for Internet-based businesses to ensure that the entity seeking support is a valid customer. Ideally, the complete process from purchase of a product over the Internet to subsequent post-sale access of a vendor's Web site could be handled automatically, without human intervention, and yet in an extremely secure fashion such that unauthorized individuals cannot utilize the vendor's post-sale resources. Moreover, the ability to detect a request from an unauthorized, or unlicensed user allows the vendor to offer the user the opportunity to purchase a licensed product.
U.S. Pat. No. 5,715,314 to Payne et al. discloses a network-based sales system relating to an initial purchase of a product over a network. The system includes a buyer computer, a merchant computer and a payment computer. The buyer computer sends an access message that includes a product identifier and an access message authenticator based on a cryptographic key to the merchant computer. The merchant computer verifies that the access message authenticator was created using the cryptographic key, and then causes the product to be sent to the user.
U.S. Pat. Nos. 5,138,712; 5,553,143; 5,553,139; and 4,924,378 relate to distribution or management of software licenses during installation or execution of software on a computer. None of the references appear to disclose electronic mechanisms for authenticating customers for post-sale support.
It is apparent that a method and system that electronically and automatically validates that a requestor of a resource, such as a post-sale service, is a valid purchaser of the vendor's product would be highly beneficial, and would reduce costs associated with providing post-sale support services.