Note: Descriptions are shown in the official language in which they were submitted.
CA 02874127 2014-12-10
-1-
PATENT
03752-P00818CA G SW/JAW
TITLE OF INVENTION
REAL-TIME USAGE DETECTION OF SOFTWARE APPLICATIONS
FIELD OF THE INVENTION
[0001] The invention relates to a system and method for
determining usage patterns relating to a data communications network, and
more particularly, to an analysis of data collected in connection with data
communications enabling the data to be correlated to usage transactions with
network accessible software applications in order to determine actual use of
network accessible software applications, further the system relates to
reporting on data usage and cost reporting and allocation based on the data
usage.
BACKGROUND OF THE INVENTION
[0002] Data utilization continues to increase exponentially with the
proliferation of mobile devices including, for example, mobile phones, tablet
devices, laptop computers and wearable technology. Faster and wider
reaching networks allow for increasing use of bandwidth intensive
applications. In addition to the increased use of mobile devices, other
devices
and systems are increasing data usage. For example, smart cars, smart
homes and smart appliances consume data with machine to machine (M2M)
communication systems as the breadth and scope of available applications
increases.
[0003] But the proliferation of smart devices and systems is not the
only reason that data usage has dramatically increased. The manner and the
frequency which smart devices are utilized by individuals have also
dramatically increased. For example, the line between personal and corporate
data use quite often overlaps as individuals demand to enjoy the benefits of
an always connected (anytime, anywhere, and on any device) world. For
CA 02874127 2014-12-10
- 2 -
many, the use of data and connectivity is considered an essential part of
their
lives. It is not uncommon for someone to notice their mobile phone missing
before they would notice a missing wallet or set of keys as individuals are
quite often checking their mobile device every few minutes. In fact, smart
phones and devices are constantly providing new emails, texts, tweets, posts
and notifications on an ongoing basis in addition to providing the traditional
function of routing phone calls. The key factor is that data usage is
increasing
and the cost involved with data usage can be significant. Further, it is
increasingly difficult to determine what the data is being used for.
Historically,
with the first devices came out, email usage was all that determined data use.
Then web browsers allowed users to consume data via web browsing.
Today, there are a variety of available applications which makes for a wide
range of data usage, and it is useful to know how this data is accessed and to
categorize the usage by the types of transactions.
p004] For some corporate activities, the costs associated with
particular activities are tracked so that the cost can be allocated
appropriately.
Consider how the tracking and management of voice calls has evolved to
include a level of granularity that supports charge-backs, allocation and
personal or business cost tracking. Today's voice call tracking systems
employ CDR (Call detail records) to keep track of individual voice calls.
Using today's available methods from a PBX (Private Branch Exchange), call
managers, and call accounting systems; each phone call is captured along
with information pertaining to the call. For example, the caller (perhaps a
physical desk for a land line call, or perhaps a code which is entered before
making calls), the destination number, the length of the call, and the tariffs
associated with the call. This record provides information for cost allocation
based on tariff tables available from the carrier or service provider, or
other
pricing tables.
[0005] The cost for each call can then be allocated to a specific
person or business entity. The call initiator and his/her department may
CA 02874127 2014-12-10
- 3 -
assume the cost, or perhaps the cost is allocated to a customer or project
based on the destination of the call. By knowing the time or length of the
call
and the destination phone number, it may be possible to track and determine
if calls are personal or business related. Further, the destination numbers of
customer contacts or customers corporate offices can help determine to which
customers the cost should be allocated and reclaimed from.
[0006] Calling and usage trends and patterns can also be
developed from this information to determine load or capacity across any
date/time periods. Additionally, this voice call information can be combined
with other business performance statistics to assist in determining positive
and negative performance, causal traits and best practices that can then be
applied to change the behaviour of individuals and/or business entities across
the enterprise. If only a summary bill was provided at the end of the month,
it
would be impossible or at least very difficult and imprecise to attempt to
allocate costs on a per voice call basis without the transaction level
reporting.
[0007] In many office environments, even the process of tracking
copier costs has evolved to include counters for departmental chargeback and
cost allocation. Consider a mail room in a company where shipments are
tracked; costs are allocated to the departments initiating the requests and
perhaps re-claimed from the recipients of the letters and packages. Each
package could be considered a transaction with a size (perhaps weight, and
physical size) which determines the cost associated with the package and the
postage necessary to send. The costs for all of these transactions (sending
the packages) can be allocated appropriately.
[0008] Now imagine if that mail room could only tell when it was out
of stamps, or worse yet, could only tell that there was a larger than expected
bill that came in for last month from the post office. Perhaps the mail room
clerk was mailing all of his personal Christmas cards and those of his friends
using the company's postage meter. This is the current state that many
CA 02874127 2014-12-10
- 4 -
corporations find themselves in with regard to their data usage, for example
mobile communications data usage and associated costs. There is little or no
visibility for what kinds of usage transactions are being made.
[0009] Just like the packages and letters in the above-described
scenario, individual emails, posts, and other events that use data can be
construed as individual transactions with an associated cost when looking at
data usage. Some of these transactions are personal, other transactions are
business related, and perhaps even in each category it is interesting to
allocate some cost to clients, departments, or even campaigns / projects.
However, to achieve a similar level of allocation as discussed in the mail
room
example, data usage information must be obtained on a transactional level.
[0ow] Surprisingly when we consider overall costs, it's likely that
the data usage costs for a company are significantly more expensive than
copier and mail room costs in many office environments. For example, data
usage may cost as much as ten to twenty times the cost of copiers and mail
rooms. But, this data usage cannot be tracked with sufficient detail and
reporting. More controls and the ability to manage, track and/or allocate the
costs for data transactions are very much needed.
poll] Further, when overages occur in the mail room or the copier
or with CDRs, audits can be performed and the root cause of the overage can
be traced to a clear set of transactions. Where appropriate, bills can be
contested or action can be taken to avoid overage charges in the future.
Unfortunately in most of today's overages related to data usage, there is a
lack of tools and audit capabilities. Therefore, the enterprise has little or
no
recourse in challenging or even adjusting practices or usage in order to avoid
data overages, because specific instances of data usage cannot be analyzed
on a granular level. Accordingly, it is difficult if not impossible to
determine
the root cause of overages on a transactional level.
CA 02874127 2014-12-10
- 5 -
0012] Data use and cost models can be analyzed and developed
just like the example discussed above. An office environment can determine
the overall cost of the infrastructure and bandwidth provided. In some cases
data use may be limited to a total usage cost (e.g., 10GB / month costs 'X'
amount with overage charges of 'Y' amount). In other cases it may be cost per
use, where the total usage is itemized at the end of the month and cost
derived from a formula based on usage. In other cases it may simply be a
fixed cost. Other cost models exist and these are provided to just illustrate
how some Internet Service Providers (ISP) formulate their contracts.
[0013] The problem that most companies face is that, unlike the
mail room example where each transaction can be monitored and cost can be
allocated accordingly, data transactions cannot currently be effectively
monitored. Most of the existing reporting systems for data use from service
providers today offer a means of obtaining statistics or metrics to capture
aggregated usage and overall cost. These metrics are typically limited to
simple aggregate amounts of data used over time, employing units of
measure associated with the user's bandwidth allocation and plan costs. The
concept of data usage totals or costs per Megabyte are not particularly
helpful
as this does not provide sufficient detail about the data usage. As such,
there
is no effective means of gathering detailed usage events with data
transactions for the allocation of costs or for the running of reports.
mom Additionally, with the growing trend of Over The Top (OTT)
type applications that offer alternatives to a carrier's traditional SMS and
Voice services, the growing number of OTT transactions also removes the
ability for the carrier's systems to track and report on activity with
traditional
Call Detail Records (CDR), or SMS usage reports. Some examples of OTT
type applications may include Facebook, Skype and other messaging or
communication applications. While OTT may benefit end users by avoiding
the costs of using services such as SMS or traditional Voice services and
CA 02874127 2014-12-10
- 6 -
replacing them with "data based" alternatives, it also reduces visibility to
the
user's activities.
[0015] Adding an additional layer of cost to the enterprise is network
accessible software applications, for example, cloud applications and SaaS
(Software as a Service) systems. In this case, a company will often buy one
or more licenses or seats to allow individuals to access the network
accessible software applications at a considerable expense. In some cases,
individuals that are provided with a license will heavily utilize these
applications, but in other cases, the individuals will use the application
infrequently and/or when the application is used, the usage may be minimal or
may be of a simple, repetitive nature. For example, a sales manager may run
a report on a monthly or weekly basis to understand where the sales team is
in the process of closing a deal(s). On the other hand, a salesperson may
login to the application on a daily basis to manage and track numerous sales
leads. This is but one example, however, because the enterprise cannot
monitor which individuals actually use the application, how often the
application is used and how the application is utilized,it is difficult to
quantify
the value gained by the enterprise for each license paid for in relation to
the
tasks performed by the individual associated with a particular license. This
often results in the enterprise purchasing a license for every employee in a
particular group that would be expected to use the network accessible
application, often resulting in unnecessary expenditures.
[0016] In some cases, detection of the network accessible software
applications can provide greater clarity in vulnerabilities from a security
standpoint. The IT manager/department may need to understand which
network accessible software applications are being used and where data is
being sent.
[0017] Also, when people leave the company or change from one
department to another, the licenses may stay allocated to the individual who
CA 02874127 2014-12-10
- 7 -
has left or no longer needs the license due to their new role within the
company. This makes it difficult to understand which licenses are available
and when new licenses need to be purchased. The root of this problem is
that it is very difficult to keep accurate and up to date lists of assignments
of
licenses to the network accessible software applications and associating the
licenses with costs as invoiced from the SaaS provider.
[0018] What is desired then is a system and method for monitoring,
capturing, and identifying detailed data usage events (or data transactions).
[0019] What is also desired is a system and method for classifying
data usage after the detailed usage events have been identified.
[0020] What is further desired is a system and method for allocating
costs for data usage based on an identification of the detailed usage events.
[0021] What is further desired is a system and method for reporting
and trending on data usage based on an identification of the detailed usage
events. What is further desired is a system and method for determining and
optimizing the effectiveness and efficiency of detailed usage events.
[0022] What is further desired is a system and method for
determining, tracking, and optimizing the effectiveness and efficiency of the
behaviour of the originating entity or device generating the usage
transaction(s).
[0023] What is further desired is a system and method for
controlling data usage by allowing usage when the cost can be allocated and
thus charged to a particular individual, enterprise or service provider.
[0024] What is further desired is a system and method for
determining, tracking, and optimizing the effectiveness and efficiency of the
behaviour of the originating entity or device generating the usage
transaction(s) with respect to network accessible software applications.
CA 02874127 2014-12-10
- 8 -
[0025] What is further desired is a system that enables the detection
of which network accessible software applications are being used to provide
information to aid in understanding security vulnerabilities.
SUMMARY OF THE INVENTION
[0026] These and other objects are achieved by provision of a
system and method that allows for information relating to data transactions to
be gathered and analyzed, such that particular data transactions can be
classified and associated costs of network accessible software applications
can be monitored, allocated and assigned relative to usage thereof in relation
to particular data transactions.
[0027] As stated earlier, data usage has proliferated on many
different types of devices, including mobile devices, desktop devices, M2M
communications and so on. However, all this data usage leaves data trails
that can be "mined" for information and used to classify the particular usage
into more granular designations. The classifications can be used to correlate
data flows and resource usage into activity-based categories. Through this
analysis and the application of pattern recognition, data-mining and resource
consumption analysis; a level of detail regarding data usage can be obtained
that is not available from the devices themselves or from the systems
providing the services.
[0028] While methods to sift through raw payload data are known
and are possible, encrypted content and privacy concerns create substantial
problems in this regard. Accordingly, the use of simple data "typing"
(classification) into broad categories rather than actual content inspection
is
preferable. The goal would be to match the gathered information relating to
the particular data transaction with application or activity specific units of
measure. In this manner acceptable usage policies can be enforced and/or
costs can be overlaid on the particular data transaction.
CA 02874127 2014-12-10
- 9 -
[0029] From an administration viewpoint, the resultant information
that is generated would be valuable input towards assessing productivity,
determining security vulnerabilities, and controlling or allocating costs
associated with data usage. From the perspective of someone that is tasked
managing a communications or IT budget or preventing data leakage from a
security-conscious enterprise, this information can prove to be invaluable.
[0030] For OTT transactions where users take advantage of data
connections rather than traditional SMS and Voice services, an analysis of the
data usage can provide something similar to a CDR (call detail record). For
example, by capturing and analyzing data streams and extracting transactions
and events, call establishments, call length, and call termination can be
shown, providing a similar CDR-like reporting capability. IP addresses or
Skype user names instead of traditional phone numbers could be reported.
Similarly instant messaging protocol transactions can be captured and
counted like SMS events.
[0031] To accomplish the granular data mining required to analyze
individual data transactions as described above, it is contemplated that
software can be used to collect and analyze how much "data per application"
or "data per destination" or even "data per application transaction type (i.e.
each email size/avg size/destination etc)" is used, as opposed to the simple
total "data used" format. This would include, for example, capturing
application specific units of measure, tweets, posts, likes, and so on. This
would further include correlating data to personal or business use. For
example data used when a VPN (Virtual Private Network) is active, when in a
business environment (on a domain) or in a home, or when in an unsecure
public environment (public Wi-Fi).
[0032] This granular data analysis of data transactions will allow a
system to allocate data usage and cost to personal or business purposes. In
the example of business related data usage, identification of individual data
CA 02874127 2014-12-10
- 10 -
transactions could be used to charge back the associated costs. For example,
software can determine the destination and measure the size of a data
transaction (e.g., sending an email with attachments) to determine that the
email was business related and sent to a client. From that information, costs
can be allocated to the particular data transaction based on the cost system
set up by the company (e.g., fixed cost allocating a percentage of total use,
or
per usage cost that allocates the cost for the amount of data utilized, etc.).
This is just one example of how costs can be associated with particular data
usage.
[0033] The granular analysis of data transactions will also allow the
system to determine Per Application (App) metrics. For example, the system
would be able to determine data metrics relating to data usage on Facebook
or Twitter and so on. Alternatively, or in addition, reporting can be
provided
on broader categories, such as determining data usage for Social Networking
sites generally.
[0034] Detailed data usage transactions can also be captured at the
origination point instead of aggregated from 3rd party service provider. In
some cases, specific usage may go untracked if it is conducted on an
alternative network or data channel (i.e. wifi in a coffee shop or other
public/private venue) either on a regular or ad hoc basis. This common
activity
may further hide data usage transactions since the usage is part of another
communication network or service on which the usage is free and not
applicable or tracked back to the user. Absent granular analysis of data
transactions, this type of usage would be unavailable for trending, costing,
efficiency and effectiveness tracking, or usage plan optimization. In one
example, if an individual habitually uses wi-fi instead of cellular data, it
may be
more appropriate for that individual's plan to have a lower amount of data. In
other examples, if the individual's use of wi-fi is un-predictable or
sporadic, the
cellular data plan would be capable of auditing and adjustment accordingly.
CA 02874127 2014-12-10
-11 -
[0035] The system may be designed to determine and optimize the
effectiveness and efficiency of certain usage events. For example, the
system may optimize data usage in relation to service agreements and rate
plans in order to avoid overage charges. In some cases, the reporting can
notify the user of the effectiveness of their data usage. The reporting may
also suggest different patterns of usage in order to manage usage and costs.
For example, if a device is connected to free or public wi-fi, the device may
be
permitted to send files of large sizes related to personal use such as a full
size
picture. In the case where the device will use a cellular data network to
transfer large size files, the reporting may be used to suggest alternate
behaviour related to data usage prior to sending. For example, if the device
is
prepared to send an e-mail over a cellular data network containing a large
picture that is for personal use, the system could be configured to generate
and transmit a report or alert to the device that suggests sending the picture
in
a smaller size. In other cases, the system could be configured to
automatically send the file in a compressed or smaller size based on pre-
determined or defined settings. In the case where the large file is being sent
for business purposes, a notification could be sent to the device in order to
suggest that the large file is sent when wi-fl is next available. The system
could also be configured to allow the individual using the device to override
the warning or notification, especially in the case of data usage over a
cellular
network for business purposes.
[0036] Being able to allocate data usage to certain services (i.e.,
whether local or in the cloud) provides another distinct advantage, namely,
allowing for a company to make a determination relating to cost justification
for the services, or again allocation of costs to personal or business.
[0037] It is also anticipated that as internet-based content becomes
more widely available, data access and usage charges may be rolled in or
partially covered by the content provider. As the world moves more and more
towards communications usage dominated by data only usage, it will be
CA 02874127 2014-12-10
- 12 -
desirable for service providers to charge not only for data as they do today,
but also for the types of data used by employing systems and methods
contemplated herein. Examples may be to allow free data usage to
consumers shopping on an e-commerce website, but to pay for educational
content, to allow free promotional content but to pay for emails. At a
transactional level even the destinations of email addresses, the size of the
email addresses can be used to affect whether or not they are paid, or the
rates at which they are charged, just as they are in the physical mail room
example. It is also contemplated that the purpose of the data usage may
result in higher costs as higher bandwidths may be required. For example,
video streaming may be more expensive than e-mail. In other cases, uploads
may be more expensive than downloads. Therefore the data transactions can
indicate various purposes, destinations, sources and others in order to
provide sufficient granularity in order to properly allocate costs.
[0038] The above are simply provided as examples of areas that
can be analyzed and the resultant benefits that can be obtained based on the
identification of particular data transactions and are not intended to
comprise
an exhaustive list.
[0039] For this application the following terms and definitions shall
apply:
[0040] The term "data" as used herein means any indicia, signals,
marks, symbols, domains, symbol sets, representations, and any other
physical form or forms representing information, whether permanent or
temporary, whether visible, audible, acoustic, electric, magnetic,
electromagnetic or otherwise manifested. The term "data" as used to
represent predetermined information in one physical form shall be deemed to
encompass any and all representations of the same predetermined
information in a different physical form or forms.
CA 02874127 2014-12-10
- 13 -
[0041] The term "network" as used herein includes both networks
and internetworks of all kinds, including the Internet, and is not limited to
any
particular network or inter-network.
[0042] The terms "first" and "second" are used to distinguish one
element, set, data, object or thing from another, and are not used to
designate
relative position or arrangement in time.
[0043] The terms "coupled", "coupled to", "coupled with",
"connected", "connected to", and "connected with" as used herein each mean
a relationship between or among two or more devices, apparatus, files,
programs, applications, media, components, networks, systems, subsystems,
and/or means, constituting any one or more of (a) a connection, whether
direct or through one or more other devices, apparatus, files, programs,
applications, media, components, networks, systems, subsystems, or means,
(b) a communications relationship, whether direct or through one or more
other devices, apparatus, files, programs, applications, media, components,
networks, systems, subsystems, or means, and/or (c) a functional relationship
in which the operation of any one or more devices, apparatus, files, programs,
applications, media, components, networks, systems, subsystems, or means
depends, in whole or in part, on the operation of any one or more others
thereof.
p0441 The terms "process" and "processing" as used herein each
mean an action or a series of actions including, for example, but not limited
to,
the continuous or non-continuous, synchronous or asynchronous, routing of
data, modification of data, formatting and/or conversion of data, tagging or
annotation of data, measurement, comparison and/or review of data, and may
or may not comprise a program.
[0045] In one aspect, a system is provided for monitoring data
usage of a device and generating a report relating to the data usage of the
device. The system may include a server connected to a network. A storage
CA 02874127 2014-12-10
- 14 -
may be accessible by the server. Software executing on the server may
receive a data stream relating to data usage by the device. The software may
extract a data packet from the data stream. The software may analyze the
data packet to extract a source address or a destination address or a
Universal Resource Locator (URL) to generate formatted usage data. The
software may match the formatted usage data to known data to generate a
data transaction. The software may further allocate a cost for the data
transaction and generate a cost report based on the cost for the data
transaction.
g046] In another aspect a method is provided for monitoring data
usage of a device over a network and generating a report relating to the data
usage of the device. The method may include one or more of the steps of:
Connecting a server having a storage to a network; Receiving a data stream
at the server, the data stream relating to data usage by the device;
Extracting
a data packet from the data stream with software executing on the server;
Analyzing the data packet with software executing on the server to extract
data packet information including a source address or a destination address
or a Universal Resource Locator (URL), and generating formatted usage data
based on the extracted data packet information; Matching the formatted
usage data to known data; Generating a data transaction based on the
matched formatted usage data; Allocating a cost for the data transaction; and
generating a cost report based on the cost for the data transaction.
[0047] In another aspect a system is provided for allocating
communication costs. The system may include a computer and a first storage
containing a plurality of data transactions, each data transaction having a
value indicative of a device's data usage of a communication resource. A
second storage may contain at least one cost record indicative an entity's
cost
associated with the communication resource. Software executing on the
computer determines an allocated cost by comparing the cost record to a data
transaction to determine what part of the cost is attributed the device based
CA 02874127 2014-12-10
- 15 -
on the value. Software executing on the computer may generate a cost report
based on the allocated cost associated with the data transaction.
[0048] In another aspect a computer implemented method is
provided for allocating communication costs. The computer may perform the
steps of: Accessing a first storage to retrieve a data transaction associated
with a device, the data transaction having a value indicative of the device's
usage of a communication resource; Accessing a second storage to retrieve a
cost record indicative an entity's cost associated with the communication
resource; Comparing the value of the retrieved data transaction to the
retrieved cost record; and Generating a cost report based on the comparing
step, the cost report indicative of the cost allocated based on the value of
the
retrieved data transaction. It is understood that the first storage and second
storage may be different parts/locations of a larger storage, or part of
different
storages.
[0049] In another aspect a system is provided for allocating
communication costs. The system may includea computer and a first storage
containing a data transaction having a value indicative of a device's data
usage of a communication resource. A second storage may contain a cost
record indicative a cost associated with the communication resource.
Software executing on said computer may generate a cost report by
comparing a cost record to a data transaction to determine a cost attributed
the device based on the value.
[0050] In yet another aspect a system is provided for allocating data
usage by a device accessing data via a network connection. The system may
include a computer coupled to the network. A storage may be accessible by
the computer, the storage containing first data having a value indicative of a
device's data usage. Allocation rules may further be contained in the storage,
the allocation rules indicative of data usage that can be allocated to an
account. Software executing on the computer may compare the allocation
CA 02874127 2014-12-10
- 16 -
rules to data usage associated with the first data to determine if the first
data
can be allocated to the account. Software executing on said computer may
generate a report to allocate at least part of the value to the account based
on
the allocation rules.
[0051] In still another aspect, a system is provided for controlling
access to data usage by a device accessing data via a network connection.
The system may include a computer coupled to the network. A storage may
be accessible by the computer, the storage having cost data indicative of a
cost associated with accessing data, and account data indicative of a total
amount of cost that can be charged to an account for accessing data.
Software executing on the computer may receive a data request indicative of
the device requesting access to data via the network, the request associated
with the account and including at least one value from which a cost
associated with the data request can be determined. Software executing on
the computer may determine a cost associated with the data request.
Software executing on the computer may compare the cost associated with
the data request with account data associated with the account to determine if
the cost associated with the data request can be allocated to the account.
Software executing on the computer may allow the device to receive the data
associated with the data request when the cost associated with the data
request is allocated to the account.
[0052] In some aspects, the account may include at least first and
second accounts, the first account associated with an internet commerce
provider or a media provider, the second account associated with a client
identifier. The system may further include a first partial allocated cost
generated by the software executing on the computer to allocate part of the
allocated cost to the first account based on a comparison of the type of the
data usage and the allocation rules. A second partial allocated cost may be
generated by the software executing on the computer to allocate another part
CA 02874127 2014-12-10
- 17 -
of the allocated cost to the second account based on a comparison on the
type of the data usage and the allocation rules.
[0053] In one aspect a system is provided for monitoring data usage
of a network accessible software application by a device and generating a
report relating to the data usage, the system may include a server connected
to a network, a storage accessible by the server and software executing on
the server for receiving data relating to data usage by at least one device
wherein the data usage is associated with a software application which is
accessible by the at least one device via the network. The software may
extract a portion of data from the data relating to data usage by the at least
one device and analyze the portion of data to extract a source address or a
destination address or a Universal Resource Locator (URL) to generate
formatted usage data. The software may further match the formatted usage
data to known data indicative of a user of the software application to
generate
a data transaction and may generate a report based on the data transaction.
[0054] In some aspects the storage includes data related to a
service contract record and indicative of a cost to access the software
application and the report includes information relating to a cost associated
with the data transaction, wherein the cost is associated with the user. The
software may generate a plurality of data transactions, each indicative of one
of a plurality of users establishing a login to the software application and
the
report may include data indicative of a number of logins for each user during
a
time period. The plurality of data transactions may be indicative of a
duration
of the login and the report may include data indicative of the duration of the
login during the time period. In some aspects a threshold is accessible by the
software and the software compares the threshold to the duration of the login
such that when the duration is below the threshold a request to disable the
user's access to the software application is transmitted to a software
application server coupled to the network where the software application
server has the software application executing thereon. In some aspects, the
CA 02874127 2014-12-10
- 18 -
threshold could be set to zero usage such that an alert is issued when an
unassigned license is accessed as such access may cause a security
concern. In some aspects a confirmation is received by the software prior to
transmission of the request.
[0055] In other aspects a threshold is accessible by the software
and the software compares the threshold to the data transaction to determine
which user's usage falls below the threshold. The software modifying access
to the software application by the users having usage below the threshold
based. The data transaction may be indicative of a user's usage of one or
more features of the software application; and the threshold is related to at
least one of the one or more features such that when the user's usage of the
at least one of the one or more features falls below the threshold the
software
removes the user's access to the at least one of the one or more features.
[0056] In some aspects the storage includes data relating to a
plurality of service contract records each indicative of a software license
identifier and having one or more features of the software application
associated therewith and the user device accesses at least one of the one or
more features of the software application. The data transaction may be
indicative of the at least one of the one or more features and the report may
include data indicative of which of the one or more features are used during a
time period.
[0057] A threshold may be accessible by the software and
associated with the one or more features. The software further compares a
plurality of data transactions associated with the one or more features to the
threshold to determine if usage by the user associated with the plurality of
data transactions during the time period is below the threshold. The report
may include data indicative of which users use of the one or more features
during the time period is below the threshold. The software may generate a
request to remove access to the one or more features when a user's use of
CA 02874127 2014-12-10
- 19 -
the one or more features during the time period is below the threshold. The
report may be an alert indicative of which users use of the software
application is below said threshold during the time period.
[0058] The threshold of the one or more features may be set based
on an average usage of the one or more features by a plurality of users over a
time period. The threshold may be a ratio of cost to usage and the cost is the
cost of access for the one or more features. The software may calculate a
standard deviation of usage of the one or more features among a plurality of
users to set the threshold. The data transaction may be indicative of a user
from an enterprise, wherein the enterprise owns licenses to the software
applications and the storage may include license assignment data associating
a software application license with the user associated with the enterprise.
The software may access the license assignment data to determine which
licenses of one or more of the software applications are assigned to the user.
The report further may be further indicative of the licenses assigned to the
user. The data transaction may be indicative of removal of the user from the
enterprise and the software may generate a request to remove access to the
licenses based on the report.
[00591 In yet other aspects a system is provided for allocating data
usage of a network accessible software application to a user, the system may
include a server in communication with a storage, the storage containing a
plurality of data transactions, each data transaction having a value
indicative
of data usage of a software application by a user device associated with a
user, where the software application executes on an application server and is
accessible by the user device via a network. Software may execute on the
computer for determining which of the plurality of data transactions
correspond to the user. Software may execute on the computer for
generating a report such that the report is indicative of the amount of data
usage of the software application attributed to the user during a time period.
In other cases, the report may indicate the amount of time spent or the
CA 02874127 2014-12-10
- 20 -
number of webpage/document impressions accessed via the software
application. The data transaction may be indicative of a user establishing a
login to the software application during the time period. The software may
generate a plurality of data transactions, each indicative of one of a
plurality of
users establishing a login to the software application. The report may include
data indicative of a number of logins for each user during the time period. In
other aspects, thresholds may be set based on a probability of license abuse
such that the system determines the likelihood that two or more logins are not
associated with the same person and if the probability is above threshold
values, alerts or denial of access may occur.
[0060] The plurality of data transactions may be further indicative of
a duration of the login and the report may further include data indicative of
the
duration of the login during the time period. The storage may include data
relating to a plurality of service contract records each indicative of a
software
license identifier and having one or more features of the software application
associated therewith and the user device may access at least one of the one
or more features of the software application wherein the data transaction is
indicative of the at least one of the one or more features and the report
includes data indicative of which of the one or more features are used during
the time period.
[0061] In still other aspects a threshold may be accessible by the
software and associated the one or more features, the software may compare
a plurality of data transactions associated with the one or more features to
the
threshold to determine if usage by the user associated with the plurality of
data transactions during the time period is below the threshold. The report
may include data indicative of which user's use of one or more of the features
during the time period is below the threshold. The software may generate a
request to remove access to the one or more features when a user's use of
the one or more features during the time period is below the threshold, the
request is transmitted to the application server. The threshold may be set
CA 02874127 2014-12-10
- 21 -
based on an average usage. The threshold may be a ratio of usage to cost
wherein the cost is the cost of access for the at least one of the feature
groups. The data transaction may be indicative of removal of a user from an
enterprise that owns licenses to the software application. The storage may
include license assignment data associating a software application license
with the user associated with the enterprise. The software may access the
license assignment data to determine which licenses of one or more of the
software applications are assigned to the user. The report may further be
indicative of the licenses assigned to the user and the software generating a
request to remove access to the licenses based on the report. In other
aspects a standard deviation of usage of the software application among a
plurality of users may be calculated by the software to set a threshold and
the
report may include data indicative of which of the plurality of user's usage
falls
below the threshold. The threshold may be set based on a size of the
standard deviation in relation to an average usage of the software application
by the plurality of users. The threshold may be set based on a multiple of the
standard deviation.
[0062] Other objects of the invention and its particular features and
advantages will become more apparent from consideration of the following
drawings and accompanying detailed description.
BRIEF DESCRIPTION OF THE DRAWINGS
[0063] FIG. 1 is a block diagram of one embodiment of the
invention.
[0064] FIG. 2 is a functional flow diagram according to the block
diagram of FIG. 1.
[0065] FIG. 3 is a functional flow diagram according to FIG. 2.
[0066] FIG. 4 is an illustration of transmission of packets of data
according to FIG. 2.
CA 02874127 2014-12-10
- 22 -
[0067] FIG. 5 is an illustration of a packet of data according to FIG.
4.
[0068] FIG. 6 is a block diagram showing an aspect of how cost
reports shown in FIG. 2 are generated.
[0069] FIG. 7 is a functional flow diagram showing additional
aspects of how cost allocation reports of FIG. 2 are generated.
[0070] FIG. 8 is a functional flow diagram showing additional
aspects of how costs tables of FIG. 2 and allocation rules can be used
restrict
data use.
[0071] FIG. 9 is a functional flow diagram showing additional
aspects of how the cost allocation reports of FIGS. 2 and 8 are generated
based on data type.
[0072] FIG. 10 is a block diagram according to FIG. 1.
[0073] FIG. 11 is a functional flow diagram according to FIGS. 1 and
10.
[0074] FIG. 12 is a functional flow diagram according to FIGS. 1 and
10.
[0075] FIG. 13 is a functional flow diagram according to FIG. 12.
DETAILED DESCRIPTION OF THE INVENTION
[0076] Referring now to the drawings, wherein like reference
numerals designate corresponding structure throughout the views.
[0077] FIG. 1 generally shows a system 100 for monitoring data
usage of a device and generating a report relating to the data usage of the
device. In this instance, a plurality of mobile devices (102, 102' ... 102)
are
wirelessly connectable to a network 104. In addition, cloud computing
resources such as servers and/or storage can be connected to the system,
CA 02874127 2014-12-10
- 23 -
and the system can likewise monitor data usage for these cloud computing
resources.
[0078] It should be understood that the mobile devices may take the
form of any type of wireless communication device that transmits or uses
data. For example, the mobile devices may comprise a smart phone, a tablet,
a lap top computer, a notebook computer, a Bluetooth device, a tablet device,
or a M2M (machine 2 machine) device whether in, for example, a smart
automobile or even wearable technology. In the example of M2M
communications, this may include computing resources that have data usage
without direct human interaction. For example, if a local file storage system
is
regularly backed up to one or more off-site locations.
[0079] Also depicted in FIG. 1 is a plurality of hard-wired devices
(106, 106' ... 106) connected to network 104. It should be understood that
the hard-wired devices may comprise, for example, a desk top computer, a
server or other type of hard-wired computer equipment, a device that utilizes
M2M communication in, for example, a smart home and so on.
pow] The network 104 may comprise any number of data
communications equipment including, for example but not limited to, proxy
servers, routers, switches and so on to enable the plurality of mobile devices
(102, 102' ... 102) and the plurality of hard-wired devices (106, 106' ...
106)
to access, send or receive data.
[0081] Also shown in FIG. 1 is a server 108 connected to the
network 104, the server 108 being coupled to a storage 110. Cloud
computing resources 101 are also in communication with the server 108 over
the network 104. These cloud computing resources may be cloud servers
running internet hosted applications or SaaS applications. For example,
Customer Relationship Management (CRM) and other hosted software
applications. Cloud computing resources can also include cloud storage, for
example data backups. The system can monitor usage associated with data
CA 02874127 2014-12-10
- 24 -
exchange between various local computing resources and the cloud
computing resources. Finally, a computer 112 is illustrated as being coupled
to the network 104 and/or the server 108.
[0082] Turning now to FIG. 2, a functional flow diagram is illustrated
showing a device (102, 102' ... 102, 106, 106' ... 106) including a Central
Processing Unit and a Memory, transmitting a data stream 113 to data filter
software 114. It is contemplated that the data filter software could comprise
software that runs on, for example, server 108. The data filter software
extracts data packets from the data stream for identification of the
individual
data packets. In one embodiment, the data filter software is capable of
capturing and extracting information from data packet types and headers. For
example, the data filter software may look for Transmission Control
Protocol/Internet Protocol (TCP/IP) trace data to another system, or may look
for User Datagram Protocol (UDP) trace data.
[0083] Once individual data packets have been extracted from the
data stream, the data packets are transmitted as formatted data 116 to
pattern matching software 118 that may, for example, run on server 108.
[0084] The pattern matching software 118 receives the formatted
data 116 in the form of individual data packets to compare the individual data
packets to known data patterns 120 to generate specific data transactions
122. The known data patterns 120 may be saved on storage 110 and include
a wide range of information including, for example but not limited to,
Universal
Resource Locator (URL) data associated with known domains (e.g., a specific
URL associated with Facebooke), or IP addresses that can be correlated with
onboard apps that may be active, or TCP/IP data, or UDP data, or known data
patterns that a protocol analyzer or packet sniffer could utilize to associate
the
data packet with particular information, or domain controller data to detect
when the device is connected to an office environment as opposed to public
Wi-Fi SSID to detect when the device is connected to a public environment.
CA 02874127 2014-12-10
- 25 -
These are just examples of the very diverse data that can make up the known
data that the data packet may be matched against and is not intended to
comprise an exhaustive list or be limiting.
[0085] Once a data packet is associated with known data to form a
data transaction 122, the data transaction is saved in a database of data
transactions 124 that may reside on, for instance, storage 110.
poss] The database of data transactions 124 may then be used to
generate a number of different types of reports. For example, the individual
data transactions may be used to generate a cost allocation report. 128. In
order to generate table for the data transactions 126. From the cost
allocation
report, the system could then generate a cost allocation report 128 for the
individual data transactions with cost tables 126. These cost tables may
include cost records and other information pertaining to the service or
provider
agreement and/or bills 125 that are between the entity and the
telecommunication or communication resource provider.
[0087] There are many different types of cost methods that can be
utilized and will typically be determined by the billing arrangement with the
service provider. The following examples of billing arrangements are provided
as examples of how costs could be distributed in a cost table for allocation.
The following examples are presented to further illustrate and explain the
present invention and should not be taken as limiting in any regard.
[0088] For fixed cost systems, the total cost could be detailed and
distributed across all data transactions. In this arrangement, low data usage
months would result in larger per data transactions costs than in large
transaction months. However, the information provided is helpful as it
provides insight as to the ongoing data requirements and provides, for
example, justification to having the bandwidth and infrastructure of a
specific
size and amount.
CA 02874127 2014-12-10
- 26 -
[0089] For usage based models, actual costs can be allocated to
data transactions based on the transaction size. For example, an email of size
'X' was transmitted from Company `A' to Company S'. In the example,
Company `A' can charge Company `B' the cost incurred to send the email,
which will be directly related to amount of data used to send the email.
[0090] For contract and overage based models costs per
transaction can be allocated using a combination of models where while
under the contract maximum, transactions are allocated similarly to the fixed
cost model. Any overage charges could be evenly distributed across all data
transactions or, alternatively, could be applied to the largest transaction
alone
that perhaps generated the overage.
[0091] In order to have an accurate system of charge-backs and
cost allocations, a framework of data transaction capture and processing
needs to be put in place so that the raw data can be captured, analyzed,
identified and associated with known data so that costs can be allocated on a
per data transaction basis.
[0092] It will also be understood that not all licensing models or cost
models are strictly based on usage. In these cases, the cost calculation may
include other determining factors in addition to the size and amount of data
used. Some examples include variable costs depending on the time of day /
night / weekday / weekend, and a cost model based on concurrent usage or
perhaps bursts of data. In addition to cost, the Service Level Agreement (SLA)
provided by the ISP can also be tested through the data transaction capture
and measurement process, and perhaps times where SLAs are not met can
lead to discounts in the overall cost of data use through penalty clauses and
service credits.
[0093] The database of data transactions may also be used to
generate a security report 130 or a usage metrics report 132. A security
report
130 could include a wide variety of information including bringing to light
CA 02874127 2014-12-10
- 27 -
potential security breaches or areas of weakness. Logging the usage of
devices can provide valuable insight for a security conscious organization in
determining how and where the organization may be vulnerable. A usage
metrics report 132 may include much of the same information as is provided
in a security report 130, but with a focus on the data usage of the devices
(for
the organization) to better see how the data communications system can be
adapted to actual data usage. For example, the particular billing arrangement
may not be a good fit with the actual data usage of the organization; or the
data plan(s) may not be a good fit with actual data usage.
[0094] These systems can also be used to automatically detect the
usage of applications and systems (local or cloud based) that access or
transfer data over the internet and over the data pipe in order to allow for
enhanced reporting of data used by these local or cloud based applications or
systems. Further, the system can allow for chargebacks and allocation of
costs associated with the data usage for the local or cloud based
applications.
[0095] Referring now to FIG. 3, a device (102, 102' ... 102; 106,
106' ... 106) as per FIG. 2 is illustrated in greater detail connected to the
data
filter software 114. As can be seen, the device typically includes a number of
APPs (136, 136' ... 136), which may include Native APPs (e.g. Facetime,
iMessage, etc.) and Wrapper APPs (e.g. Facebook, Twitter, Youtube, etc.).
For each APP there are a number of requests the APP can make including,
for example, APP -10 Requests 138, APP - System Requests 140 and APP -
Network Requests 142. Also illustrated in FIG. 3 are System -10 Requests
144, System - System Requests 146 and System - Network Requests 148.
[0096] All of the above types of Requests can be captured and the
data reported or provided to a Monitoring APP 152 that may be resident on
the device. The various types of requests can provide valuable information
relating to the APPs that are currently active on the device. In this manner,
the
system can monitor, for example, usage characteristics of a Central
CA 02874127 2014-12-10
- 28 -
Processing Unit (CPU) 154 or a Memory 156 and then correlate the monitored
CPU or memory usage with the active APPs running on the device.
Alternatively, the system could monitor any active APPs on the device and
correlate Transmission Control Protocol/Internet Protocol (TCP/IP) data or
User Datagram Protocol (UDP) data with particular APPs. In addition, proxy
servers or routers / switches could be used to capture data traffic from IP
addresses and then the system could correlate that data with any active APPs
on the device. Still further, the monitoring APP can serve as an
authentication
tool to capture a session establishment or a login to a system so as to
associate particular data usage with the established session or the system
that was logged into. All these are provided as just examples of how the
system can mine for data by looking at a plurality of data sources provided to
the data filter software 114.
[0097] In addition to CPU usage and memory usage, the system
could look at the volume of data and correlate this with active APPs. Still
further, the system could use URLs in data packets or could correlate IP
addresses with known domains.
[0098] Additionally, the system could watch data traffic over port
designations or utilize existing APIs to these APPs to extract data usage
statistics. The use of packet sniffers and/or protocol analyzers could also be
used to capture data traffic and, by comparing the captured data to known
data patterns, to classify and categorize them.
poss] Turning now to FIGS. 4 and 5 a data stream 158 is
illustrated. The data stream 158 consists of data packets 160 of varying sizes
and types that are flowing by in both directions.
[00100] The data stream 158 is provided to the data filter software
114, which may include the monitoring APP 152 that is loaded onto the device
(102, 102' ... 102; 106, 106' ... 106) and may receive data captured from the
CA 02874127 2014-12-10
- 29 -
APPs (136, 136' ... 136) running on the device (102, 102' ... 102; 106, 106'
... 106"), as previously discussed.
[0oico] Each packet 160 includes a header portion 162 that
describes the packet 160 and a payload 164 that contains the information
being transported. For example, the packet 160 may comprise an email
message where the header contains the To / From addresses and subject
line, whereas the payload would contain the data in the message body along
with any attachments or images contained therein.
[00102] In the header portion 162, the packet filter selects the
information required to properly classify the packet 160 based on a defined
rule set. For example, for email messages, the rule set could be defined to
capture the Source Address (sender) the Destination Addresses (To and CC
lists), the Length (size) of the message as well as some other elements, such
as, the date the message was sent.
[00103] The known data patterns 120 may comprise a file saved on
storage 110. The file would include information that enables the pattern
matching software 118 to determine how to detect packet types and what
fields to capture from each of the event types. Table 1 provides an example of
packet types and fields that could be captured:
Table 1
Description Protocol Identifier Fields to Capture
Email Message SMTP Packet ID From, To, Size, Date/Time
Social Media
Tweet HTTP HTTP (tag) Destination, From, Date, Size
Social Media Post HTTP HTTP (tag) Destination, From, Date,
Size
Social Media Login HTTP HTTP (tag) Platform, Date, Size
CRM Login Proprietary TCP Pack ID Platform, Date, Size
CA 02874127 2014-12-10
- 30 -
CRM Lead Entry Proprietary TCP Pack ID Date, Time, Deal Size
CRM PO Date, Time, PO Number, Customer,
generation Proprietary TCP Pack ID Amount
... ... ... ...
poloa] The pattern matching software 118 could then use the rules
set and known data pattern 120 to figure out what data packets should be
extracted and routed. Depending on the technology used to extract data
packets from the packet stream, the data packets are either put back in the
stream, or if a copy was made to feed the pattern matching software 118 then
unwanted packets could be discarded. Still other packets may be passed
through without any processing or extraction.
[00105] The extracted and recognized packets are reformulated
according to the rule set and known data patterns in the rule set and then
delivered as relevant data (data transactions) to storage 110, including
normalized data where reports can be run and further downstream analysis
can be performed.
(00106] In FIG. 6, the storage 110 is accessed to retrieve data
transactions 204 and to retrieve cost records 202. The data transactions can
indicate the purpose of the data usage, for example, personal or business. It
is also contemplated that business usage may be attributed to internal or
external purposes. For example, sending an e-mail to a client could be usage
attributed directly to that client. Therefore, a client that receives large
files
and thus uses a large amount of data can be charged based on this usage.
Cost records may be associated with the cost of an entity in relation to a
particular communication medium. In some cases, the cost for one
communication medium may be in a bill for multiple other services. For
example, some telecommunication carriers provide W, phone and internet
CA 02874127 2014-12-10
- 31 -
service. Therefore, the cost record can be associated with one or multiple
services. In some cases, the cost record will be associated with only one
service. The cost record includes data about the total cost of the service(s)
and the total usage of the service(s). The retrieved data 204, 202 is compared
206 to determine cost allocation 208. This comparison may, for example, use
the cost record associated with internet service to determine what percentage
of internet usage is attributed to the particular data transaction. Using the
percentage allocated to a particular data transaction, part of the cost for
internet service can be allocated to the usage associated with the data
transaction. Based on the comparison and the cost allocation, the system
generates a cost report 210.
[00107] In FIG. 7, the data transactions 204 are retrieved. The
system determines 212 if the purpose of the data transaction is business or
personal. If personal, the cost record 202 associated with the communication
resource of the data transaction 204 is retrieved. The data transaction and
cost record are compared 214 to determine what percentage of the usage of a
particular communication resource or service is attributable to the data
transaction. An account identifier is associated with the data transaction
216.
In the example where the data transaction is personal usage, the account
identifier can be associated with the individual using the particular device
that
used the data of the data transaction. A cost report 218 is generated for
personal usage. Although data transactions 204 are shown as being
retrieved, it is understood that data records can also be retrieved. These
data
records may be indicative of usage of types of communications resources
other than data. For example, telephone, mobile phone and other
communication resources.
[00108] If the usage purpose is business, the cost report associated
with the communication resource used is retrieved 202. The system
determines if the data transaction is associated with internal or external
usage
220. In the case of external usage, the data transaction and cost record are
CA 02874127 2014-12-10
- 32 -
compared 222. An account identifier is associated with the data transaction
224 and a report 226 is generated. External usage may be, for example if an
e-mail is sent to a client, the data transaction would be indicative of this
purpose, thus the internet usage associated with sending the e-mail is
attributable directly to the client. A similar process is followed for
internal
usage. Where data transactions and cost records are compared 228 and
associated with an account identifier 230. A report 232 is generated. The
personal 218, external 226 and internal 232 reports may be combined to
create a master report 234. External costs will typically be charged to the
external sources in most cases; however, it is contemplated that the external
costs may be used for internal accounting associated with particular projects.
In some cases, internal costs may be charged in various ways. In some
cases, internal costs will not be allocated to external accounts. In other
cases
part of the internal usage may be distributed based on rules 250. These rules
may be a number of things. For example, there may be maximum values to
allocate, there may be minimum values required for allocation, in some cases
percentages may be set in order to allocate part of the costs. In some cases
all internal costs are charged externally. In this case, the amount of
external
usage is determined on an account by account basis 244. The external
accounts having a higher amount of usage are then allocated a higher amount
of the internal cost, thus distributing internal cost based on external usage
246. In some cases, none, all or part of personally allocated costs may be
paid by the entity. Similar to the charging of internal usage, personal usage
may be distributed based on rules 248 such as, a percentage of the total, a
threshold, a maximum or combinations. It is contemplated that other rules
and customized rules may be set. In some cases, personal usage may be
paid by the entity. In this case, the total personal usage is determined on an
account by account basis 238. These personal costs are distributed based on
what division or group the individual or the device is associated with 240.
CA 02874127 2014-12-10
- 33 -
[00109] It is understood that where partial usage is distributed to
external or entity accounts, the remainder may be distributed as shown and
described as if the remainder followed the corresponding "yes" arrows of
Figure 7.
[00110] In FIG. 8, a data request 300 is made, for example, by a
device. This data request may be a request to access data. Although a
request is shown, it is understood that data (including internet-based
content)
may be pushed to the device. The storage is accessed 302 to retrieve a cost
data 306, account data 305 and allocation rules 304. The cost data allows the
system to compare the data usage, for example by size, source, destination,
type or other characteristic associated with the data usage in order to
determine the cost associated with the data usage. The allocation rules
designate how different data costs can be allocated based on various
agreements and data types. For example the data service provider may have
an agreement with an internet-based content provider that all or part of data
usage for the types of accessing content of the internet-based content
provider is charged to an account that is associated with the internet-based
content provider. It is further contemplated that the allocation rules can
designate what data costs can be charged to the internet-based content
provider account, depending on the type of the data use.
[0om] In order to determine which data transactions are associated
together with a result such as a purchase, the system compares identifiers
associated with the data transactions to determine which data transactions
are commonly associated with the result. The identifier can be information
such as source address, destination address or URL. Thus, a user can use
their device to access an online store such as an internet-based content
provider, for example, iTunes by Apple, Inc. This user can browse media
content and then select the appropriate media content to browse or download.
CA 02874127 2014-12-10
- 34 -
[00112] The browsing can be associated with a number of data
transactions that are associated with the exchange of data. For example, the
user could view a number of movie previews before ultimately deciding to
purchase or rent a particular movie. There would be data usage associated
with viewing previews and browsing, and there would be data usage
associated with the download/stream of the media content. If the user
purchases or has an account that allows certain content streaming under a
subscription agreement, the data associated with the purchase may be
associated with the account of the internet-based content.
[00113] Each different type of data usage le browsing, previewing,
purchasing, downloading may be associated with its own data transaction.
The downloading and/or purchasing data transaction types indicate a result,
which allows the associated data transaction(s) to be considered result
transaction(s). Allocation rules can further allow all or part of
browsing/previewing data transactions to be associated with the purchase. In
order to determine what transactions may be eligible for allocation, the
system
compares the identifiers such as source, destination and URL to the result
transaction(s) (ie purchase/download of content) with other data transactions
to determine which data transaction include a common identifier with the
result transaction(s). Allocation rules are then compared across multiple data
transactions having a common identifier and some or all of the data and/or
cost may be allocated to the account associated with the media content
provider. It is contemplated that larger purchase values would typically allow
for larger amounts of data to be allocated to the media content provider
(iTunes), although one of skill in the art would understand that the specific
amount of data and/or cost that can be allocated would depend on the data
service provider agreement, and the associated allocation rules. It is further
understood that allocation rules can be modified within the system, for
example through remote or local login to the computer. Modification to the
CA 02874127 2014-12-10
- 35 -
allocation rules may reflect changes in the service agreement between a data
service provider and one or more users.
[00114] The allocation rules may provide for different cost/data
allocation results depending on the overall purchase value associated with a
particular identifier. For example, if a particular device or user login is
associated with a certain dollar value of monthly or annual purchases through
a particular content provider (media content, online retail, etc.) the content
provider may reward higher dollar values with higher amounts of data that are
allocated to the content provider.
[00115] It is also contemplated that data types such as cellular data
vs. land line data could be considered different types of data usage
associated with different costs and limits. It is further contemplated that
combinations of types can result in higher costs. For example, streaming
video over cellular data could be more expensive than e-mail usage over
cellular data, which could likewise be more expensive than streaming video
over WiFi. These are exemplary only and are not intended to be limiting.
[00116] Some internet-based content providers may require higher
bandwidth or transfer for delivery of the content. For example, data usage
associated with video streaming typically requires higher bandwidth than e-
mail data usage. Although the value of the data usage, for example in
Megabytes, will depend on the data downloaded or uploaded, the system
could provide for different performance levels depending on the service
agreement and thus allocation rules. For example, a particular individual may
wish to purchase higher bandwidths for online gaming and save money by
using lower bandwidths for tasks such as browsing or online shopping. The
allocation rules can be used to modify the delivered performance depending
on the type of data used and if the costs associated with higher bandwidth
(performance) can be allocated to an account such as a user account or the
content provider account (ie. Nefflix in a video streaming example).
CA 02874127 2014-12-10
- 36 -
[00117] Higher bandwidth data usage could be prioritized based on
different data costs and per data usage rates and allocation rules. Therefore,
the type of the data usage may be determined by the system such that data
transactions can indicate the type of the data use in order to allow for
modification of performance levels such as bandwidth based on allocation
rules and the underlying data service agreement. Some exemplary data
types could include data use for accessing internet-based content such as,
online retail shopping or browsing, payment processing, product research
(including product reviews), media streaming such as music, video and other
content streaming, VOIP (voice over internet protocol) data usage, video
conferencing, social media, click through advertising, and instant messaging
to name a few data use types. Because the data transactions or data
requests can specifically be designated with a type, multiple data
transactions
can be associated with an event that can be allocated to a particular account.
[00118] The allocation rules allow the system to determine which
data transactions or data requests can be charged to which account. It is
contemplated that these allocation rules can be rather simple or more
complex. An example of a simple allocation rule may be associated with an
internet-based content provider such as a video streaming service. For
example, Nefflix and Amazon Prime. When a user uses a device such as an
internet connected television, typically, the streaming service application is
opened, allowing the user to browse for a video they would like to watch. The
browsing is associated with data usage, and likewise the streaming is
associated with data usage. The data request associated with browsing and
streaming video can be allowed based on the allocation rules. Thus, a simple
example of an allocation rule would be to allow all data through a particular
application and to charge a particular account for such data usage. For
example, if the cost of streaming/browsing can be charged to a particular
account, the system would allow the device to use data. Based on this usage,
data transaction(s) can be generated to account for the different types and
CA 02874127 2014-12-10
- 37 -
types of data use and likewise a cost of the data use can be determined
based on the type and amount of data used.
[00119] It is contemplated that the allocation rule may provide that
the streaming service application that is associated with a paid user account
would be allowed to use data through the data service provider and that the
allocation rules could associate all or part of the cost of the data use with
a
particular account. The account the cost is allocated to may be associated
with the streaming service provider, the user, the data service provider or
combinations thereof. In an example where data usage or cost cannot be
allocated to an external account such as the streaming service provider
account, the data usage or cost could be allocated to a user account that is
associated with the individual whose device(s) are using the account. The
account can be a mechanism the system can use to allocate cost and/or data
usage, and the account may be associated with, for examples, individuals,
groups, companies, enterprises, data service providers, content providers and
the like. It is also understood that where the system limits access to data
usage, the account could be associated with the individual who is actually
accessing or using the data, for example, an individual who accesses data in
order to stream video content. It is also understood that portions of the data
usage/costs can be allocated to different accounts, depending on allocation
rules, cost tables etc., thus one instance of data usage may have different
portions allocated to different accounts.
[00120] In one example, the user subscription could include unlimited
data usage through the streaming service websites, applications and the like.
Thus, the cost associated with data usage for the streaming service may be
charged directly to an account associated with the streaming service provider.
This would allow data service providers (for example AT&T) to provide pay for
use or a combination of subscription/pay for use model that would provide a
free or discounted data connection to a user and then the internet service
CA 02874127 2014-12-10
- 38 -
provider would be able to charge data use costs directly to the internet-based
content provider.
[00121] In some cases,
the device using the data will be associated
with a login with the internet-based content provider. This login may be paid
for in order to allow the device to access and thereby stream video content.
In some cases, the internet-based content providers may wish to include the
cost of data usage within the paid login rates, but only for the types of
streaming video from the particular content provider.
[00122] As another example, e-commerce websites such as
Amazon.com may wish to allow free or discounted data usage for customers
or potential customers to browse products offered on the e-commerce
website. Therefore, the system would allow a data service provider to
allocate the costs of data usage on e-commerce websites to the company
operating the e-commerce website. In one example, all data usage in
browsing may be allocated to the e-commerce company when a purchase is
made. In other cases, an amount up to a percentage of the value of the
purchase may be allocated to the e-commerce company. An example of a
more complex allocation rule would allow data transactions to associate a
type of browsing product reviews with a purchase of one of the products or
brands discussed in the reviews. For example, if an individual browses lawn-
mower reviews for a number of products and ultimately settles on purchasing
a lawn-mower online from HomeDepot.com, it is contemplated that the data
transactions can indicate the type of the data usage and the system can
associate all or part of the relevant data usage based on the allocation rules
in
order for the cost of the data usage associated with browsing and then
purchase of a product to be charged to the company or individual selling the
product. It is further contemplated that part of the cost may be allocated
based on the value of the purchase.
CA 02874127 2014-12-10
- 39 -
[00123] When only part of a cost associated with data usage is
allocated to the internet-based content provider, it is contemplated that the
remainder of the usage may be allocated to the user (or user account). In
some cases, the data service provider may have a maximum data usage for
particular accounts and data usage that is not allocated to an account other
than the user account would be charged to the user account.
[00124] Based on one or more of the cost data 306, account data
305 allocation rule 304 and data request 300, the system can
determine/project the data cost 312 and the system determines if the cost of
the data use can be allocated to an account 314. If yes, the costs associated
with the data request 300 can be charged to one or more accounts 316, thus
allowing the device to access 320 the data requested. If the cost cannot be
allocated, the system would request payment 318 for the data cost. The
payment request could also be an authorization to charge up to a pre-
determined amount. Assuming payment is made, the system may then
recognize that the cost can be allocated to an account and the device may be
allowed to access the requested data. As previously discussed, the data
usage resulting from the allowed data request may result in one or more data
transactions being generated. Such data transactions can likewise allow
audits to be performed to determine what data was requested and allowed
and what the resulting charges were. In addition, the data transactions track
the data request so that if cost cannot be determined in a monetary value
upon the request, cost can be determined and allocated later, depending on
the billing arrangement and billing cycle.
[00125] The cost data may be associated with different data service
agreements, for example unlimited data usage plans, per usage plans,
threshold usage with overage charges. Further, the cost can include different
costs associated with different types of data usage as applied to the
different
service agreement arrangements.
CA 02874127 2014-12-10
- 40 -
[00126] Although the "cost" of the data request in monetary value
may not be known immediately after data is accessed, as the service
agreement for the data service provider may be a monthly charge with various
thresholds of data use, for example, there may be unlimited or a pre-defined
maximum data use and there could also be discounts and overages
associated with the data service provider agreement. Thus, the cost could
initially indicate a size of the data use (for example in Megabytes) and once
a
overall bill is generated, the cost in data size can be converted into a
monetary cost thus allowing the cost of the data transaction to be allocated
to
appropriate accounts, departments, companies, individuals and the like.
[00127] In FIG. 9, another aspect is shown where data transaction(s)
122 include a data type. This data type can be, for example, online retail
shopping or browsing, payment processing, product research (including
product reviews), media streaming such as music, video and other content
streaming, VOIP (voice over internet protocol) data usage, video
conferencing, and instant messaging to name a few data types. Data type
can also be designated based on how the data is accessed, for example over
a cellular network or through land lines. The data type may also indicate if
the
media streaming was business related or personal so that costs may be
allocated appropriately as previously discussed herein.
[00128] The data transaction may also associate the type with the
source, destination and other information concerning the data usage as has
been previously discussed. For example, the identifiers of the data
transactions may be compared to determine which data transactions include
common identifiers so that allocation rules 304 can be compared to multiple
data transactions having common identifiers in order to determine which of
the data transactions can be allocated to the account. Allocation rules 304
can also be associated with types. Thus the system can compare the data
type, type and cost data(s) 306 to determine a cost to allocate 324. Thus if
the data type matches a type associated with a allocation rule, the cost to
CA 02874127 2014-12-10
- 41 -
allocate may be determined from the cost report and the particular
requirements of the relevant allocation rule(s). It is understood that more
than
one allocation rule may apply to one data request or data transaction.
Likewise, multiple data requests or data transactions may apply to a single
allocation rule, for example due to common identifiers. Other combinations
and permutations are contemplated. As shown in Figure 9, a cost allocation
report 128 is generated based on the cost to allocate 324 and the allocation
rules 304. Although cost is shown, the system could also generate a report
that allocates the value of data usage to an account without determining a
monetary cost associated with the data usage.
[00129] In FIG. 10, additional detail concerning the system shown in
FIG. 1 is depicted. A network accessible software program or SaaS program
1400 is shown that may execute on a remote server, for example, cloud 101.
This SaaS program 1400 is accessed with user devices 105 via an application
1800 accessible by the user devices 105. These user devices 105 may
include one or multiple of the mobile and/or hardwired devices 102/106. The
application 1800 may be a web browser or a natively installed application that
accesses the SaaS application 1400 via the network 104. The SaaS
application 1400 may execute on an application server, which may be the
cloud 101. As the user devices 105 accesses the SaaS application 1400,
data is transferred between the user devices 105 as has been discussed
previously. Data transactions are generated so that identification of usage
may be determined, and the monitoring software 6000 monitors the network
104 and the exchange of data between the cloud 101 and the user devices
105 or the enterprise computer 200. It is understood that the cloud 101 may
refer to a single computer/server or multiple servers/computers which
distribute processing of the SaaS program between them. It is also
understood that the cloud 101 may simply be a server that is remote from the
user computer and further, in some cases the SaaS application 1400 may
execute on the server computer which also performs the monitoring functions
CA 02874127 2014-12-10
- 42 -
via the monitoring software 6000, depending on the desired system
architecture and processing power needed. The enterprise computer 200 is
also connected via the network 104 and although shown separate from the
cloud computer, the HRIS (Human Resources Information System) 1200 may
execute on a cloud computer/server. There may also be multiple cloud
computers 101 and multiple SaaS applications may be monitored
simultaneously.
[00130] The HRIS system allows an enterprise or employer to keep
track of various human resources related tasks and associated data. One
challenge the enterprise may face is poor communication between the IT
department/manager, the HR department/manager and the SaaS provider.
Since SaaS licenses are purchased under recurring contracts, when a new
individual is hired by the enterprise or an employee leaves, the IT
department/manager does not have a reliable way to determine and track the
inventory of available licenses. As such, the list that the IT
department/manager uses to keep track of the licenses purchased may not be
correct and may show that a license is assigned to a former employee. Thus,
the new hire would receive a new license which the IT department/manager
would unnecessarily purchase to allow the new hire to access the SaaS
system. Additional examples and details with regards to the HRIS system
and license assignments and the associated features are shown and
described with respect to FIGS. 12 and 13.
[00131] FIG. 11 shows additional detail concerning how, in one
example, data transactions may be used in relation to network accessible
software applications such as SaaS 1400. As discussed previously, it is
desirable to avoid purchasing licenses to SaaS systems that are not needed.
A similar issue exists when purchased licenses are simply not used, or are
used so minimally, the cost of purchasing the license for the particular
individual outweighs the benefit to the enterprise. In some cases, the
monitoring can determine how often and when the application associated with
CA 02874127 2014-12-10
- 43 -
a license is used. In some cases, the license may be used only a few times
per month. In other cases, the license may be used several times per day.
[00132] Additional layers of information can be obtained from data
transactions that identify not only when and how often the license is used,
but
how the SaaS system is used, what tasks are accomplished or performed
andand what features of the SaaS system are used. In some cases, the
billing system for the SaaS system may be time dependent, and the data
transactions can further identify when the SaaS system is accessed.
[00133] As shown in FIG. 11, the server 108, user devices 105 and
could 101 are all connected to a network 104. The monitoring software tracks
usage data to generate data transactions as shown and described in
connection with FIGS. 2-5. The server 108 accesses a database 800 which
contains data, such as contract records 802, which indicate, for example,
services/software access purchased that are associated with a license. The
contract records 802 can also designate which service level(s) are included in
the license and which features correspond to the service level(s). Some
SaaS providers offer different service levels. For example, Salesforce is a
provider of CRM (Customer Relationship Management) SaaS systems and
provides different levels of service available for purchase. These different
levels of service include, for example, Group, Professional, Enterprise and
Unlimited levels of service. Each successive level of increased service comes
with an increased price and includes different features added to, for example,
previous levels of service. The features identified in the "Group" edition can
be accounted for in the "Group" pricing structure. Usage of features
identified
in the "Professional" pricing would be attributed to the incremental cost of
"Professional" level. For example, the "Group" cost may have features A-C
and "Professional" may include features D-E in addition to features A-C. In
this example, "Group" may cost $100/month and "Professional" may cost
$250/month. A "Professional" level would therefore include features A-E in
this example, but the cost of "Professional" would be attributed to features D-
CA 02874127 2014-12-10
- 44 -
E, meaning, features D-E account for $150/month of the overall cost of the
"Professional" level.
[00134] When feature D is used, this usage would be associated with
the incremental "Professional" level cost ($150/mo). When feature A is used,
this would be associated with the Group cost ($100/mo). This is but one
example of billing structure as related to features that may apply. In some
cases SaaS providers may allow for selection of particular features without
payment for lower features. For example, it may be possible to purchase
"Professional" level access to features D-E for $150/mo without purchasing
access to features A-C of "Group". The "Group," "Professional," "Enterprise,"
and "Unlimited" terminology is simply used to differentiate feature levels for
purposes of example only.
[00135] The monitoring software 6000 captures this usage and
generates data transactions 122 based on the usage data 1406 which may be
associated with the feature usage 1404 or may simply be associated with a
login to the SaaS program. Since the SaaS program 1400 provides a number
of features 1402 which are accessed and used by the user devices 105 over
the network, data transactions can be generated to identify the usage. The
service contract records 802 are compared with the data transactions 122
derived from the usage data 1406 to determine if the usage of the SaaS
program justifies the cost of the license for the particular individual.
[00136] In one example, a SaaS login may be used by a manager on
a regular basis to run specific types of reports used to oversee the processes
managed with the SaaS program. Since the features and modules within the
particular SaaS program used are predictable, the enterprise may be better
served in assigning another person with the task of running the reports on a
regular basis and sending the reports to the manager rather than paying for a
license for the manager to perform this one limited process. It would be a
better use of company resources to assign the task to an individual who
CA 02874127 2014-12-10
- 45 -
regularly utilizes the SaaS program. As an example, some SaaS programs
may charge $125/month/user or more. This cost can be avoided in cases
where there is no usage of the particular license or where such usage is
essentially negligible or minimal.
[00137] The system generates a report, which may be similar to the
cost allocation report 128 described previously. The report can detail the
usage on a number of levels, depending on the granularity desired. For
example, the report may allow an IT manager to see metrics that indicate the
relative cost of the usage for each person having a license. Then, reports can
be generated to show outliers, averages, means and other statistical data that
can help IT departments/managers or the person responsible for purchasing
the SaaS license to make educated decisions on which users should have
licenses. As one example, if there is an average usage or cost to usage ratio
of a particular SaaS program for a given team or group in an enterprise and
the standard deviation of these metrics is relatively low, the manager may
wish to look at the usage of individuals falling outside particular standard
deviations (or portion thereof). This standard deviation may be considered a
threshold. It is also understood that other thresholds can be set or used with
the system to issue notifications and alerts or usage or cost ratios falling
outside the thresholds may be reported in different groups or using visual
cues, for example red font, in the report generated by the system.
[00138] In the standard deviation example, the size of the standard
deviation may be important relative to the average usage. For example, if the
standard deviation is a large percentage of the average usage, the usage
across the enterprise varies drastically, with some users accessing the SaaS
program regularly and using many or all feature levels paid for. In contrast,
other users may rarely user or access the SaaS program. Therefore, in the
case where the standard deviation is high relative to the average usage, this
would tend to indicate a lack in efficiency of the process. In contrast, if
the
CA 02874127 2014-12-10
-46 -
standard deviation is a low percentage of the average usage, this would tend
to indicate that the SaaS assignments are relatively efficient.
[00139] Although 97% of users will fall within six standard deviations
from average, this may not necessarily denote anything efficient about the
process. Rather, if thresholds are set on the basis of the standard deviation
being relatively small or relatively small in comparison to the average
(mean),
flagging users on the low end of usage and also falling outside a threshold
value of standard deviations may be likely to reduce costs without sacrificing
necessary access to SaaS programs that provides benefit to the enterprise.
When the standard deviation of usage is a relatively high percentage of the
mean, this would indicate a wide variety of usage within the enterprise or
group thereof. However, if the standard deviation is a small percentage of the
mean, this may indicate higher efficiency. The standard deviation is
calculated as the square root of the variance where the variance is the
average of the squared differences from the mean.
[00140] Although the above example describes a specific
embodiment related to statistical calculations for a normal distribution,
other
statistical functions and distributions may be used for calculating
thresholds.
For example, weibull, gamma, hypergeometric, exponential, cumulative
binomial, beta cumulative, chi-squared, F probability and frequency
distributions. Other statistical functions and distributions may be used as
would be apparent to one of skill in the art. By setting thresholds based on
statistical distributions, the threshold can be adjusted dynamically based on
how the usage changes as determined by the data transactions. In the
example of a threshold set based on the standard deviation being a small
percentage of the mean, this allows the enterprise to have the threshold set
to
optimize efficiency such that as long as the usage results in a relatively
narrow band of usage values, no changes are made to the SaaS licenses. It
is also understood that thresholds can be set for the overall SaaS licenses
(ie
if it is used or not) and the thresholds can be set for the features or
feature
CA 02874127 2014-12-10
- 47 -
groupings within the SaaS licenses so that enterprises can determine if the
correct level of access is purchased based on actual usage of the functions
associated with the levels of access.
[00141] In some cases, the notification generated can request
confirmation to deactivate the login altogether or simply deactivate (or roll
back) certain feature groups. For example, one user may have an "Unlimited"
plan, but upon comparison of the data transactions to the license and feature
groups, it may be determined that the user does not use all the "Unlimited"
features and only uses those found in the "Enterprise" level. Since there is
an
added cost to "Unlimited" in relation to "Enterprise" service levels in this
example, the company would be better served in reducing a particular user's
access to a lower level that matches their usage. The statistical analysis and
threshold determination can be done at many different levels within the
system. The threshold may be simply related to whether or not a user
actually uses the SaaS program. In other cases, the specific features used
may be detailed in relation to other users in the enterprise. It is also
contemplated that a comparison can be made outside the enterprise to other
companies using the monitoring software to provide a larger sample size.
[00142] There can also be the option to provide further detail on the
tasks associated with the usage for those individuals falling close to the
thresholds. In the previously discussed example, where a team manager logs
into the SaaS program on a monthly or weekly basis to run specific reports.
The access to the reports may be on the "Unlimited" level, but this user may
only run the reports on a regular basis and have limited or no use of other
features. While this usage may be important to the team manager, savings
can be obtained by assigning the tasks performed by the team manager to
another team member with "Unlimited" level. In some cases, the user
assigned may be within the thresholds but still on the lower end of usage in
relation to peers. Such a re-assignment would likely make the standard
deviation a smaller percentage of the mean usage, which may indicate
CA 02874127 2014-12-10
- 48 -
increased efficiency from a cost perspective while still allowing the team
manager to receive the reports from the other team member instead of
needing to pay for the expensive "Unlimited" level just to run reports.
[00143] In the case where a user's access is disabled, this user may
still require limited access to reports from the SaaS program. In this case
when the user's access is disabled, the system may assign the user's regular
tasks to another user having usage close to the threshold so that greater
efficiency is obtained. Where the data transactions indicate limited usage by
a number of users across the enterprise and that efficiency can be obtained
by re-assignment of certain tasks to machine to machine (M2M) licenses.
M2M can be used within the SaaS program to generate reports and then e-
mail or otherwise transmit the reports to the user. In this example, the data
transactions may indicate that are multiple managers/users within the
enterprise that run the semi-regular reports without using or with limited
usage
of the other features of the SaaS system. Here, the limited tasks of multiple
users may be re-assigned to the M2M license so that all of the corresponding
users can be deactivated and the usage can be rolled into a single license
that operates on a M2M basis to generate reports or perform tasks that do not
require regular access to all of the SaaS system features and data. Of
course, this determination of usage may depend on the transactional level
identification of data usage discussed herein. This may give the enterprise
the opportunity to deactivate many licenses at once for a substantial cost
savings without interrupting the workflows of the associated managers.
[00 144] The service contract records 802 can provide detail
concerning the service contract between the SaaS provider and the enterprise
or users. The service contract may specify information such as: cost
information, which service level is offered, when the contract began, when it
is
due for renewal, early termination charges, ability and cost to modify feature
levels, what features are provided in each feature level, license identifiers,
login information, user information including division/group/department/job
title
CA 02874127 2014-12-10
- 49 -
and other information, all of which may be included in the service contract
records 802.
[00145] As shown in FIG. 11, the report may be used to deactivate
feature levels or logins 1408 such that the server 108 upon generating the
report can determine which users correspond to usage or cost metrics outside
thresholds and then request that the login be disabled or suspended on the
cloud 101. In some cases, the service contract is paid on a monthly basis and
in some cases longer or shorter billing periods may apply. For example,
yearly renewals may apply for some SaaS programs. The service contract
records 802 can further indicate the options available to the licensee to
modify
the features or number of licenses purchased during the contract term. It is
also expected that the renewal of contracts within a large enterprise may
occur at different time periods. For example, employees are hired at different
times and thus the enterprise may purchase new licenses at different times.
In the case where a particular user is identified as having usage falling
below
thresholds such that features or services should be deactivated, the system
can determine which service contracts are due for renewal at the earliest date
in order to avoid early termination fees.
pus] Since the licenses are owned by the enterprise, it would then
be possible to re-assign licenses to avoid early termination or to select the
license that is closest to the expiration date to re-assign to the individual
who
may be terminated or no longer needs access to the SaaS system. For
example. User A may regularly use the SaaS program whereas user B may
not. If User A's contract (contract A) has one month remaining and User B's
contract (contract 6) has six months remaining, it would be desired to re-
assign the licenses such that User B would be assigned contract A and vise
versa. When contract A comes due for renewal, the contract would be
cancelled, which would result in only one month of unnecessary fees paid
rather than six months. In this case, the re-assignment would also require
that the settings and data of User A would transfer to the settings shown in
CA 02874127 2014-12-10
- 50 -
the login associated with contract B. Therefore, the system is configured to
automatically replicate the settings and data within the SaaS program as
associated with contract B to contract A prior to re-assigning the users. The
system can also re-configure the login credentials such that upon login to the
SaaS system, User B would be directed into the part of the SaaS system that
corresponds to contract B. This would allow the enterprise to re-assign
licenses as necessary with minimal excess payments due to service contract
requirements without disrupting the functionality for the users that actually
make use of the SaaS system on a regular basis.
[00147] Other aspects of the system concern synchronization of
license assignments relative to HRIS systems. Often, enterprises or
employers will use a computer system to manage various human resources
tasks including payroll, insurance, benefits and various other HR functions.
These systems typically have up to date information concerning employees
and their departments and other related data. The HRIS system may execute
on a separate computer 200 or may execute on the server 108 or alternately
may execute on the cloud 101. As shown in FIG. 12, the HRIS system
executes on a separate computer 200, called "enterprise computer" simply to
differentiate from other computers described herein, but such terminology
does not designate specific functions of the computer in relation to an
"enterprise".
[00148] In addition to the synchronization features, invoice entry
allows the system to recognize and allocate costs to particular licenses and
individuals such that the corresponding usage can be compared to the cost to
determine if the license cost of the SaaS program is justified by the usage.
Often an invoice from a SaaS provider will detail charges under different
orders, service dates, license terms or specific license identifiers. The
difficulty with these invoices is that it is nearly impossible to glean any
useful
information from the invoices without knowing which user is assigned to which
license. Alternatively, the present system allows for the license assignments
CA 02874127 2014-12-10
- 51 -
802' (see FIG. 12) to be compared with the invoice 1410 to determine the cost
for each user. These costs can then be allocated to the particular
department, division or group within the organization such that the actual
usage of the SaaS platform can be compared to its cost.
[00149] Many SaaS platforms also include a support plan which may
be billed separately from the provision of access to the features. In some
cases, the support is based on online chat rooms and in other cases, the
support is accessed through phone calls. The system also allows for an
understanding of how often support calls are placed either through phone
records or data transactions or both such that the organization can determine
if the support plan cost is justified by the usage. In some cases, it would be
less expensive for a pay based on a usage model for support rather than an
unlimited plan, and the system can provide the IT manager/department with
specific information and reports concerning support costs and usage. In
some cases, the system may automatically cancel support contracts where
there is little to no usage.
[00150] As shown in FIG. 12, the synchronization software receives a
data file from the HR system. This data file may contain up to date lists of
employees, their divisions, position and groups or project teams they are
assigned to. In other cases, the data file may be one or more data
transactions that indicate a change to the HR system (i.e., removal or
addition
of an employee). Based on this information, there may be pre-set
assignments for cloud based licenses that are desired. For example, the
salesperson would have access to the CRM SaaS program. An engineer may
have access to certain SaaS based CAD (computer aided design) software
and tools. The server 108 has a database 800 associated therewith that
stores current license assignments 802'. These license assignments
associate a particular individual with license identifiers, for example,
license
keys or login information/user names. These license identifiers can further be
associated with the service contract records 802. When updates are made to
CA 02874127 2014-12-10
- 52 -
the HRIS system, such as termination of an employee, new employees or
movement of employees between divisions, job functions, or work groups,
license assignments may change in accordance with standard rules 1606. It
is understood that the standard rules may encompass specific SaaS program
assignments based on job tasks, position or other assignments or information
relating to the employee. It is also understood that prior to modifying
license
assignments automatically, the system may issue a notification to the IT
manager and/or the user where appropriate to alert and/or request
confirmation of a change in the license assignment. If the license is to be re-
assigned based on a change in the HR records (as identified in the Data File
2202) the license assignments 802' are changed accordingly. This allows for
accurate capture of data transactions such that usage of particular
licenses/seats corresponds to the correct individual.
[00151] It is also contemplated that if there is usage of an un-
assigned license that a security alert is issued and in some embodiments,
when the license is not assigned, the system may prevent access to the un-
assigned license due to security concerns. In some cases, this alert may be
associated with a usage threshold for an unassigned license being set to zero
(or relatively low) such that alerts are issued when the unassigned license is
used or the usage is above the threshold.
[00152] FIG. 13 shows additional features of FIG. 12 in relation to the
interaction between the server 108 and the cloud 101. In this case, the login
credentials 1504 are updated based on re-assignment of the license. The
login credentials may also be updated when the license is re-assigned to
nobody such that the old login cannot cause the security concerns referenced
above. As shown, the server computer issues a request to update the login
credentials 1500 to the cloud 101, which confirms 1502 the change. The new
login information is updated in the license assignments database so that
if/when the license is assigned to a new employee, that employee can be
given the new login credentials so that they may then access the SaaS
CA 02874127 2014-12-10
- 53 -
program to create personal login credentials and to access the SaaS program
for work functions.
[00153] The data transactions may also allow the network accessible
software application provider to have greater clarity as to how their
application
is being used. In some cases, this may allow the provider to detect license
abuse. That is, when usage is obtained through the same license/login at
multiple sites either simultaneously or within time frames that show possible
abuse, the provider would want to be aware of these issues. For example, if
the location of two successive logins are 3000 miles apart within one hour, it
is very unlikely if not impossible that the same person used the login. This
may indicate that the license is being shared, and if the license is dedicated
to
one individual, sharing of the license may not be allowed under the license
contract. There may be some tolerance expected for the sharing of licenses,
but where one license repeatedly has two successive logins very far apart
such that it would be unlikely for one individual to travel from one location
to
the other within the time between logins, the system would be able to alert
the
provider of this potential abuse. Therefore, thresholds can be set to compare
to a probability value. For example the system may determine the probability
that the separation of two logins geographically within a particular timeframe
account for usage by one user. If the probability is below a threshold value,
alerts may be issued or access may be denied. There may be multiple levels
of thresholds. For example, if the probability of misuse is over 75%, alerts
may be issued, over 90%, access may be denied either entirely or
temporarily.
[00154] Although the invention has been described with reference to
a particular arrangement of parts, features and the like, these are not
intended
to exhaust all possible arrangements or features, and indeed many other
modifications and variations will be ascertainable to those of skill in the
art.
