US2018191735A1PendingUtilityA1

Secure Service for Receiving Sensitive Information through Nested iframes

54
Assignee: EXCALIBUR IP LLCPriority: Mar 20, 2015Filed: Feb 28, 2018Published: Jul 5, 2018
Est. expiryMar 20, 2035(~8.7 yrs left)· nominal 20-yr term from priority
G06F 21/6263G06Q 20/3821G06F 2221/2107H04L 63/126G06F 21/6245H04L 63/102G06Q 30/0613H04L 63/04G06Q 20/382
54
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Methods and systems for receiving sensitive information include receiving a request for entering sensitive information, the request received from a user interface rendered on a client device. The methods and systems rely upon nested iframes, each of which is hosted by a different server. An inner iframe is hosted by a server within a secure zone, such as a digital vault. A middle iframe is hosted within the secure zone and is invoked by an intermediate server. An outer iframe is hosted by a server that provides the user interface. The server that provides the user interface may be hosted by a cloud service provider, for example. Using the nested iframes and the network topology described in the present disclosure, users are able to exchange sensitive information with a server within the secure zone through a user interface provided outside the secure zone.

Claims

exact text as granted — not AI-modified
1 . A method for receiving sensitive information on a webpage, comprising:
 associating an inner iframe to a region of the webpage hosted by a server outside of a secure zone, the inner iframe is integrated into the webpage and includes a data field that is rendered on the webpage, the data field configured to receive the sensitive information,   wherein the inner iframe is part of a nested iframe structure with the inner iframe being embedded in a middle iframe and the middle iframe being embedded in an outer iframe, the inner iframe being hosted by a secure server within the secure zone, the middle iframe being hosted by an intermediate server, and the outer iframe being hosted by the server outside the secure zone;   generating a request that includes one or more access tokens, to verify user access data of a user providing the sensitive information, and server access data of the intermediate server used to interact with the secure server contained in the request;   forwarding the request to the intermediate server and the secure server identified in the request for verification, by invoking the outer iframe and the middle iframe, to control that the request is originating from a valid client device of an authorized user identified in the user access data of the request and is identifying the intermediate server within the server access data of the request as an authorized intermediate server that is allowed to communicate with the secure server; and   forwarding the sensitive information received at the data field of the inner iframe to a financial entity for processing, upon successful verification of the request.   
     
     
         2 . The method of  claim 1 , wherein the one or more access tokens includes a first access token retrieved by the server outside the secure zone, and a second access token retrieved by the intermediate server, the first access token identifying the user access data of the user and the intermediate server, and the second access token identifying the secure server. 
     
     
         3 . The method of  claim 1 , wherein the intermediate server is within the secure zone. 
     
     
         4 . The method of  claim 3 , wherein the intermediate server hosting the middle iframe is different from the secure server hosting the inner iframe. 
     
     
         5 . The method of  claim 3 , wherein the intermediate server hosting the middle iframe is the secure server hosting the inner iframe. 
     
     
         6 . The method of  claim 1 , wherein the intermediate server is outside the secure zone and interacts with the secure server using one or more additional intermediate servers that are within the secure zone. 
     
     
         7 . The method of  claim 1 , wherein verification of the request includes querying a host database maintained in the secure zone to ensure that the intermediate server identified in the request is the intermediate server that is allowed to communicate with the secure server. 
     
     
         8 . The method of  claim 1 , wherein verification of the request includes a two-way verification, with a first verification performed by the intermediate server to ensure that the inner iframe that is being invoked via the middle iframe within the secure zone is being hosted by a correct secure server, and a second verification is performed by the secure server to ensure that data associated with the second access token provided through the second iframe is provided by the authorized intermediate server that is allowed to communicate with the secure server. 
     
     
         9 . The method of  claim 1 , wherein the middle iframe and the outer iframe are hidden from view on the webpage. 
     
     
         10 . The method of  claim 1 , wherein the data field of the inner iframe is visible in the region of the webpage and the inner iframe is hidden from view on the webpage. 
     
     
         11 . The method of  claim 1 , wherein the middle iframe and the inner iframe are hosted within the secure zone. 
     
     
         12 . The method of  claim 1 , wherein the middle iframe and the outer iframe are empty iframes. 
     
     
         13 . The method of  claim 1 , wherein the server outside of the secure zone is a virtual server or a non-virtual server hosted by a cloud service provider. 
     
     
         14 . The method of  claim 1 , wherein the intermediate server includes one or more servers that are non-virtual servers. 
     
     
         15 . The method of  claim 1 , wherein the secure server includes one or more servers that are non-virtual servers. 
     
     
         16 . The method of  claim 1 , further includes providing a notification to the webpage to indicate successful validation of the one or more access tokens contained in the request, the notification being directed from the secure server through a relay module that is outside the secure zone. 
     
     
         17 . The method of  claim 1 , wherein the sensitive information entered through the data field is accessible to the secure server. 
     
     
         18 . A non-transitory computer-readable storage medium having program instructions defined thereon for executing a method for receiving sensitive information on a webpage, the computer-readable medium including:
 program instructions for associating an inner iframe to a region of the webpage hosted by a server outside of a secure zone, the inner iframe is integrated into the webpage and includes a data field that is rendered on the webpage, the data field configured to receive the sensitive information,   wherein the inner iframe is part of a nested iframe structure with the inner iframe being embedded in a middle iframe and the middle iframe being embedded in an outer iframe, the inner iframe being hosted by a secure server within the secure zone, the middle iframe being hosted by an intermediate server, and the outer iframe being hosted by the server outside the secure zone;   program instructions for generating a request that includes one or more access tokens, to verify user access data of a user providing the sensitive information, and server access data of the intermediate server used to interact with the secure server contained in the request,   program instructions for forwarding the request to the intermediate server and the secure server identified in the request for verification, by invoking the outer iframe and the middle iframe, to control that the request is originating from a valid client device of an authorized user identified in the user access data of the request and is identifying the intermediate server within the server access data of the request as an authorized intermediate server that is allowed to communicate with the secure server; and   program instructions for forwarding the sensitive information received at the data field of the inner iframe to a financial entity for processing, upon successful verification of the request.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.