SECURING SENSITIVE INFORMATION WITH A TRUSTED PROXY FRAME
First Claim
1. A system for providing a trusted computing function of a third party data processor on behalf of a networked publisher in connection with providing a networked computing function for an end user by the publisher, the third party data processor requiring sensitive information of an end user, the publisher operating a distrusted server coupled to a data communication network, the distrusted server including a distrusted end user interface, a processor for executing computer program modules and a memory;
- the system comprising;
a secure server coupled to the data communications network, the secure server including a processor for executing computer program modules and a memory;
a data communications interface for trusted communications between the distrusted server of the publisher and an end user, trusted communications between the distrusted server of the publisher and the secure server, and trusted communications between the secure server and the third party data processor; and
a security function computer program module executable on the secure server, the security function program module operative to;
(a) receive an incoming communication (URL submission) from a calling function computer program module of the publisher via the data communications interface;
(b) receive an incoming communication from the publisher via the data communications interface, the incoming communication including contemporary specific attribute parameters of the calling function computer program module of the publisher;
(c) execute a trusted transaction interface function computer program module on the secure server to create a trusted user interface computer program module executable on an end user'"'"'s computer (e.g. JavaScript object);
(d) send an outgoing communication from the security function computer program module to the publisher via the data communications interface, the outgoing communication including the trusted user interface computer program module (e.g. the JavaScript object), the calling function computer program module of the publisher receiving the trusted user interface computer program module and merging the trusted user interface computer program module with its distrusted end user interface;
(e) launch an authentication validation function receiver computer program module on the secure server to ensure secure communications with the trusted user interface computer program module (e.g. JavaScript object) when executing on the end user'"'"'s computer;
(f) launch an authentication validation function sender computer program module on the trusted user interface computer program module at the end user'"'"'s computer to ensure secure communications with the secure server;
(g) at periodic intervals, send an outgoing communication from the authentication validation function sender computer program module on the trusted user interface computer program module to the authentication validation function receiver computer program module on the secure server via the data communications interface, the outgoing communication including a request for contemporary specific attribute parameters of the trusted user interface computer program module;
(h) execute the trusted user interface function computer program module to receive the sensitive information input by the end user;
(i) execute a transaction processing function computer process module of the secure server to receive the sensitive information from the trusted user interface computer program module and provide the sensitive information to the third party data processor;
(j) execute a third party data communication function computer program module on the secure server to receive results data from the third party data processor in response to processing the sensitive data;
(k) execute a signaling function computer program module on the secure server to process the results data;
(l) execute a transaction completion function computer program module on the secure server in response to said results data indicating completion of the third party data processing function; and
(m) send non-sensitive results data from the secure server to the trusted user interface computer program module and then to the distrusted end user interface of the publisher.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for secure transmission of sensitive end user information from an Internet portal operated by a publisher to a third party data processor. The publisher provides a content portal such as an e-commerce or healthcare information site. A third party data processor such as a bank or healthcare organization requires the sensitive information for a data processing function. In response to the requirement for sensitive information, a trusted proxy frame is invoked from a secure server operative to securely communicate the sensitive information. The trusted proxy frame is displayed in a secure context in the end user'"'"'s browser and receives input of the sensitive information. The sensitive information is encrypted and communicated through the secure server to the third party data processor. Results of this processing are transmitted to the publisher through a novel callback process that enables the publisher to execute its data processing functions, as if it was in possession of the sensitive information, but without actual access to the sensitive information. The third party data processor returns an acknowledgement of processing of the sensitive information.
98 Citations
36 Claims
-
1. A system for providing a trusted computing function of a third party data processor on behalf of a networked publisher in connection with providing a networked computing function for an end user by the publisher, the third party data processor requiring sensitive information of an end user, the publisher operating a distrusted server coupled to a data communication network, the distrusted server including a distrusted end user interface, a processor for executing computer program modules and a memory;
- the system comprising;
a secure server coupled to the data communications network, the secure server including a processor for executing computer program modules and a memory; a data communications interface for trusted communications between the distrusted server of the publisher and an end user, trusted communications between the distrusted server of the publisher and the secure server, and trusted communications between the secure server and the third party data processor; and a security function computer program module executable on the secure server, the security function program module operative to; (a) receive an incoming communication (URL submission) from a calling function computer program module of the publisher via the data communications interface; (b) receive an incoming communication from the publisher via the data communications interface, the incoming communication including contemporary specific attribute parameters of the calling function computer program module of the publisher; (c) execute a trusted transaction interface function computer program module on the secure server to create a trusted user interface computer program module executable on an end user'"'"'s computer (e.g. JavaScript object); (d) send an outgoing communication from the security function computer program module to the publisher via the data communications interface, the outgoing communication including the trusted user interface computer program module (e.g. the JavaScript object), the calling function computer program module of the publisher receiving the trusted user interface computer program module and merging the trusted user interface computer program module with its distrusted end user interface; (e) launch an authentication validation function receiver computer program module on the secure server to ensure secure communications with the trusted user interface computer program module (e.g. JavaScript object) when executing on the end user'"'"'s computer; (f) launch an authentication validation function sender computer program module on the trusted user interface computer program module at the end user'"'"'s computer to ensure secure communications with the secure server; (g) at periodic intervals, send an outgoing communication from the authentication validation function sender computer program module on the trusted user interface computer program module to the authentication validation function receiver computer program module on the secure server via the data communications interface, the outgoing communication including a request for contemporary specific attribute parameters of the trusted user interface computer program module; (h) execute the trusted user interface function computer program module to receive the sensitive information input by the end user; (i) execute a transaction processing function computer process module of the secure server to receive the sensitive information from the trusted user interface computer program module and provide the sensitive information to the third party data processor; (j) execute a third party data communication function computer program module on the secure server to receive results data from the third party data processor in response to processing the sensitive data; (k) execute a signaling function computer program module on the secure server to process the results data; (l) execute a transaction completion function computer program module on the secure server in response to said results data indicating completion of the third party data processing function; and (m) send non-sensitive results data from the secure server to the trusted user interface computer program module and then to the distrusted end user interface of the publisher. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- the system comprising;
-
13. A computer-implemented method for providing a trusted computing function of a third party data processor on behalf of a networked publisher in connection with providing a networked computing function for an end user by the publisher, the third party data processor requiring sensitive information of an end user, the publisher operating a distrusted server coupled to a data communication network, the distrusted server including a distrusted end user interface, a processor for executing computer program modules and a memory;
- comprising the computer-implemented steps of;
providing a secure server coupled to the data communications network, the secure server including a processor for executing computer program modules and a memory; providing a data communications interface for trusted communications between the distrusted server of the publisher and an end user, trusted communications between the distrusted server of the publisher and the secure server, and trusted communications between the secure server and the third party data processor; and providing a security function computer program module executable on the secure server, the security function program module operative to; (a) receive an incoming communication (URL submission) from a calling function computer program module of the publisher via the data communications interface; (b) receive an incoming communication from the publisher via the data communications interface, the incoming communication including contemporary specific attribute parameters of the calling function computer program module of the publisher; (c) execute a trusted transaction interface function computer program module on the secure server to create a trusted user interface computer program module executable on an end user'"'"'s computer (e.g. JavaScript object); (d) send an outgoing communication from the security function computer program module to the publisher via the data communications interface, the outgoing communication including the trusted user interface computer program module (e.g. the JavaScript object), the calling function computer program module of the publisher receiving the trusted user interface computer program module and merging the trusted user interface computer program module with its distrusted end user interface; (e) launch an authentication validation function receiver computer program module on the secure server to ensure secure communications with the trusted user interface computer program module (e.g. JavaScript object) when executing on the end user'"'"'s computer; (f) launch an authentication validation function sender computer program module on the trusted user interface computer program module at the end user'"'"'s computer to ensure secure communications with the secure server; (g) at periodic intervals, send an outgoing communication from the authentication validation function sender computer program module on the trusted user interface computer program module to the authentication validation function receiver computer program module on the secure server via the data communications interface, the outgoing communication including a request for contemporary specific attribute parameters of the trusted user interface computer program module; (h) execute the trusted user interface function computer program module to receive the sensitive information input by the end user; (i) execute a transaction processing function computer process module of the secure server to receive the sensitive information from the trusted user interface computer program module and provide the sensitive information to the third party data processor; (j) execute a third party data communication function computer program module on the secure server to receive results data from the third party data processor in response to processing the sensitive data; (k) execute a signaling function computer program module on the secure server to process the results data; (l) execute a transaction completion function computer program module on the secure server in response to said results data indicating completion of the third party data processing function; and (m) send non-sensitive results data from the secure server to the trusted user interface computer program module and then to the distrusted end user interface of the publisher. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- comprising the computer-implemented steps of;
-
25. A system for providing a trusted computing function of a third party data processor on behalf of a networked publisher in connection with providing a networked computing function for an end user by the publisher, the publisher operating a distrusted server coupled to a data communication network, the distrusted server including a user interface, a processor for executing computer program modules and a memory;
- the system comprising;
a secure server coupled to the data communications network, the secure server including a processor for executing computer program modules and a memory; a data communications interface for trusted communications between the distrusted server of the publisher and an end user, the end user being associated with the publisher, trusted communications between the distrusted server of the publisher and the secure server, and trusted communications between the secure server and the third party data processor; and a security function computer program module executable on the secure server, the security function program module operative to; (a) receive an incoming communication (URL submission) from a calling function computer program module of the publisher via the data communications interface, the incoming communication including; (i) authentication information identifying the publisher (e.g. name, password); (ii) a request by a publisher for trusted transaction processing services from the security function computer program module; and (iii) specific parameters provided by the publisher for use in connection with a trusted transaction processing request (e.g. transaction type, service requirements, etc.); (b) launch a trusted transaction interface function computer program module executable on the secure server, the trusted transaction interface function computer program module operative to; (i) create a trusted user interface function computer program module (e.g. a JavaScript object); (ii) configure the trusted user interface function computer program module to contain unpopulated data fields pertinent to the transaction request (e.g. user first name, user last name, credit card number, expiration date, etc.); (iii) configure the trusted user interface function computer program module to include an unpopulated endpoint authentication key data field (e.g. a data field used to store authentication key data values associated with an authentication key exchange protocol); (iv) transform the untrusted computing environment containing the designated host container (iFrame) to display the secure, generated payment form; (c) send an outgoing communication (any outgoing interface, e.g. form data post, e-mail, server side HTTP response, URL GET, etc.) from the security function computer program module to the publisher via the data communications interface, the outgoing communication including the trusted user interface computing object; (d) launch a trusted transaction function computer program module of the publisher, on a secure server, the trusted transaction function computer program module operative to; (i) receive an incoming communication (URL GET) from the secure server via the data communications interface, the incoming communication including the trusted user interface computing object; (ii) encapsulate the trusted user interface function computer program module within the user interface of the distrusted server of the publisher, in a manner that transforms the distrusted server. (e.g. merge the trusted user interface function computer program module into the distrusted server user interface via an HTML I-frame construct, a programmatic interface, etc.); (iii) apply a logical computing segmentation of the web browser between the trusted user interface function computer program module and designated elements of the distrusted server of the publisher (e.g. for example, but not by way of limitation, apply logical domain segmentation controls of a web browser that prevent cross site scripting functions that could maliciously intercept, observe and/or access credit card data fields within the web application interface; (e) launch an identity validation function computer program module executable on the secure server, the identity validation computer program module operative to; (i) calculate an authentication key data value object and store this value in memory; (ii) send, via the data communications interface, an identical copy of the authentication key data value object to the trusted user interface function computer program module and store this value within the authentication key data field of the trusted user interface computing object; (iii) at periodic intervals, calculate a new authentication key data value object that supersedes the preceding authentication key data value object; (iv) replace the obsolete authentication key data value object stored in memory with the superseding value object; (v) send, via the data communications interface, an identical copy of the superseding authentication key data value object to the trusted user interface function computer program module and replace the obsolete stored authentication key data value object of the trusted user interface function computer program module with the superseding value; (vi) at periodic intervals, execute a query function computer process module of the secure server to retrieve, via the data communications interface, the current stored authentication key data value object of the trusted user interface function computer program module; (vii) subsequent to the completion of the computing query function, execute a computing identity validation process to compare the retrieved authentication key data value object of the trusted user interface function computer program module to the current stored authentication key data value object of the secure server; (viii) generate an identity validation result signal that contains the results of the identity validation process; (ix) present the identity validation result signal to designated recipients of the secure server; (x) a gatekeeping process of the secure server configured to receive the identity validation result signal and execute a predefined algorithm designated to correspond with the received identity validation result signal. (e.g. allow data communications to and from the trusted user interface function computer program module in the event of successful in point validation, block data communications to and from the trusted user interface function computer program module and issue an alert signal in the event of an identity validation failure, etc.); (f) launch an identity validation function computer program module executable on trusted user interface computing object, the identity validation module operative to; (i) receive from the secure server, via the data communications interface, an authentication key data value object and store this value in memory; (ii) at periodic intervals, receive from the secure server, via the data communications interface, a superseding authentication key data value object which replaces the obsolete preceding authentication key data value object stored in memory; (iii) at periodic intervals, execute a query function computer process module of the trusted user interface function computer program module to retrieve, via the data communications interface, the current stored authentication key data value object of the secure server; (iv) subsequent to the completion of the query function, execute an identity validation function computer process module to compare the retrieved authentication key data value object of the secure server to the current stored authentication key data value object of the trusted user interface function computer program module; (v) generate identity validation result signal (e.g. signal that both endpoints are authenticated, one failed to authenticate, both failed to authenticate, etc.); (vi) a gatekeeping process of the trusted user interface function computer program module configured to receive the identity validation result signal and execute a predefined algorithm designated to correspond with the received identity validation result signal. (e.g. allow data communications to and from the secure server in the event of successful in point validation, block data communications; (g) at periodic intervals, send an outgoing communication (asynchronous JavaScript response) from the security function computer program module to the publisher via the data communications interface, the outgoing communication including a request for the contemporary specific attribute parameters of the publisher calling function computer program module (e.g. the byte count and current file date of the object as they exist at the time of the request, etc.); (h) receive an incoming communication (asynchronous JavaScript request) from the publisher via the data communications interface, the incoming communication including the contemporary specific attribute parameters of the publisher calling function computer program module (e.g. byte count and file date of the object, etc.); (i) launch an authentication function computer program module executable on the secure server, the authentication module operative to; (i) receive, via the data communications interface, the contemporary specific attribute parameters of the publisher calling function computer program module; (ii) calculate a hash value derived from the contemporary specific attribute parameters of the publisher calling function computer program module; (iii) compare the contemporary calculated hash value with the original calculated hash value stored in memory; (j) execute the trusted user interface function computer program module, the trusted user interface function computer program module operative to; (i) request exclusive data entry and process control from the distrusted server of the publisher; (ii) acquire and retain exclusive data entry and process control from the distrusted server of the publisher (e.g. such that the distrusted server is unable to receive or process and user data and instructions until control has been released by the trusted user interface, etc.); (iii) receive data values entered by the end-user via the trusted data communications conduit; (iv) send an outgoing communication (asynchronous JavaScript request) from the trusted user interface function computer program module to the secure server via the data communications interface, the outgoing communication including data values and parameters associated with the transaction (e.g. user names, credit card number, health records, etc.); (k) launch a transaction processing function computer program module of the secure server, the transaction hosting computer process module operative to; (i) receive an incoming communication (asynchronous JavaScript response) from the trusted user interface function computer program module via the data communications interface, the incoming communications including the data values and parameters associated with the transaction; (ii) assemble and store in the memory third party data processing information required by the third party data processor for use in providing the trusted computing function, the third party data processing information comprising the specific data provided by the publisher and any specific additional data input by the end user; (l) launch a third party data communication function computer program module executable on the secure server, the third party data communication computer program module operative to; (i) send an outgoing communication (server side HTTP request) to the third-party data processor, via the data communications interface, the outgoing communication including the third party data processing information; (ii) receive an incoming communication (server side HTTP response) via the data communications interface, the incoming communication including results data from the third party data processor; (m) launch an error signaling function computer program module of the secure server, the error signaling computer program module operative to; (i) parse the third party data processor results and extract transaction error signals (e.g. requests for data correction, incremental information, etc.); (ii) generate a third-party data processor transaction error signal; (iii) present the third-party data processor transaction error signal to designated computer program modules of the secure server; (n) launch a transaction completion function computer program module executable on the secure server, the transaction completion computer program module operative to; (i) receive third-party data processor results from the third-party data communication function computer program module; (ii) receive third-party data processor transaction error signal from the transaction result signaling function computer program module; (iii) assemble and store in memory the third-party data processor results, transaction error signals and parameter values associated with the trusted computing process (e.g. transaction result codes, error codes, etc.); (iv) execute a response function computer program module designated to correspond with the received third-party data processor results and third-party data processor transaction error signals (e.g. complete the transaction, request error corrections, etc.); (v) send an outgoing signal communication (server side HTTP request) to the publisher, via the data communications interface, the outgoing signal including the third-party data processor results, transaction error signals and parameter values associated with the trusted computing; (vi) send an outgoing signal communication (embedded URL GET) to the end-user, via the data communications interface, the outgoing signal including the third-party data processor results, transaction error signals and parameter values associated with the trusted computing process; (vii) upon demand from the trusted user interface function computer program module, execute an error response loop function computer process module of the secure server, the error response loop computer process module operative to; (1) receive an incoming communication (asynchronous JavaScript request) from the trusted user interface function computer program module via the data communications interface, the incoming communications including incremental data values and parameters requested by the response function computer program module (e.g. the supplemental data values and parameters including items such as error corrections); (2) launch the third party data communication function computer program module of the secure server; (3) send an outgoing communication (asynchronous JavaScript response) to the third-party data processor, via the data communications interface, the outgoing communication including the incremental data values and parameters associated with the trusted computing process; (4) restart the process flow of the transaction completion computer process module; (viii) generate a transaction complete signal, the signal including markers to indicate termination of the trusted computing process; (ix) present the transaction completion signal to the trusted user interface function computer module of the publisher, via the data communications interface; (x) generate an interface release control signal, the signal instructing the trusted user interface function computer program module to release data input and process control rights to the publisher; (xi) present the interface release control signal to the trusted user interface function computer program module, via the data communications interface. - View Dependent Claims (26, 27, 28, 29, 30)
- the system comprising;
-
31. A computer-implemented method for providing a trusted computing function of a third party data processor on behalf of a networked publisher in connection with providing a networked computing function for an end user by the publisher, the publisher operating a distrusted server coupled to a data communication network, the distrusted server including a user interface, a processor for executing computer program modules, and a memory;
- the method comprising the steps of;
providing a secure server coupled to a data communications network, the secure server including a processor for executing computer program modules and a memory; providing a data communications interface for trusted communications between the distrusted server of the publisher and an end user, the end user being associated with the publisher, trusted communications between the distrusted server of the publisher and the secure server, and trusted communications between the secure server and the third party data processor; and providing a security function computer program module executable on the secure server, the security function program module operative to; (a) receive an incoming communication (URL submission) from a calling function computer program module of the publisher via the data communications interface, the incoming communication including; (i) authentication information identifying the publisher (e.g. name, password); (ii) a request by a publisher for trusted transaction processing services from the security function computer program module; (iii) specific parameters provided by the publisher for use in connection with a trusted transaction processing request (e.g. transaction type, service requirements, etc.); (b) launch an authentication function computer program module executable on the secure server, the authentication function program module operative to; (i) send an outgoing communication (server side HTTP request) from the security function computer program module to the publisher via the data communications interface, the outgoing communication including a request for specific attribute parameters of the publisher calling object computer module initiating the trusted transaction processing request (e.g. byte count and file date of the calling object as they exist at the time of the request, etc.); (ii) receive an incoming communication (server side HTTP response) from the publisher via the data communications interface, the incoming communication including the requested specific attribute parameters of the publisher calling function computer program module (e.g. the then-current byte count and file date of the publisher object initiating the trusted transaction processing request, etc.); (iii) calculate a hash value derived from the request specific attribute parameters of the publisher calling function computer program module; (iv) store the calculated hash value in memory; (v) periodically send an outgoing communication (server side HTTP request) from the security function computer program module to the publisher via the data communications interface, the outgoing communication including a request for the contemporary specific attribute parameters of the publisher calling function computer program module (e.g. the current point-in-time byte count and current file date of the object as they exist at the time of the request, etc.); (vi) receive an incoming communication (server side HTTP response) from the publisher via the data communications interface, the incoming communication including the contemporary specific attribute parameters of the publisher calling function computer program module (e.g. byte count and file date of the object, etc.); (vii) calculate a hash value derived from the contemporary specific attribute parameters of the publisher calling function computer program module; (viii) compare the calculated hash value of the contemporary publisher calling object with the hash value of the original calculated publisher calling object stored in memory; (ix) determine if the contemporary calculated hash value is identical to the original calculated hash value; (c) launch a signaling function computer program module executable on the secure server, the signaling function computer program module operative to; (i) receive the results of the publisher calling object hash value comparison; (ii) generate a publisher calling object authentication result signal (e.g. signal that contemporary calling object hash value failed authentication, passed authentication, etc.); (iii) present the publisher calling object authentication result signal to designated computing process modules of the secure server; (iv) send an outgoing communication to the publisher, via the data communications interface, the outgoing communication including publisher calling object authentication result signal; (d) launch a gatekeeper function computer program module executable on the secure server, the gatekeeper computer program module operative to; (i) receive the authentication result signal of the authentication function computer program module; (ii) execute a response function computer program module designated to correspond with the received authentication result signal value (e.g. deny traffic via the data communications interface in the event the contemporary publisher computer calling object fails to authenticate); (e) launch a trusted transaction interface function computer program module executable on the secure server, the trusted transaction interface function computer program module operative to; (i) create a trusted user interface function computer program module (e.g. a JavaScript object); (ii) configure the trusted user interface function computer program module to contain unpopulated data fields pertinent to the transaction request (e.g. user first name, user last name, credit card number, expiration date, etc.); (iii) configure the trusted user interface function computer program module to include an unpopulated endpoint authentication key data field (e.g. a data field used to store authentication key data values associated with an authentication key exchange protocol); (f) send an outgoing communication (any outgoing interface, e.g. form data post, e-mail, server side HTTP response, URL GET, etc.) from the security function computer program module to the publisher via the data communications interface, the outgoing communication including the trusted user interface computing object; (g) launch a trusted transaction function computer program module of the publisher, the trusted transaction function computer program module operative to; (i) receive an incoming communication (URL GET) from the secure server via the data communications interface, the incoming communication including the trusted user interface computing object; (ii) encapsulate the trusted user interface function computer program module within the user interface of the distrusted server of the publisher (e.g. merge the trusted user interface function computer program module into the distrusted server user interface via an HTML I-frame construct, a programmatic interface, etc.); (iii) create logical computing segmentation between the trusted user interface function computer program module and designated elements of the distrusted server of the publisher (e.g. create a logical computer boundary around the trusted user interface function computer program module that prevents unauthorized elements of the distrusted server from intercepting, observing and/or accessing data fields within the trusted user interface computing object, etc.) (iv) create a trusted data communications conduit between the end user and the trusted user interface function computer program module with logical computing segmentation between the trusted data communications conduit and designated elements of the distrusted server of the publisher. (e.g. create a logical computer boundary around the trusted data communications link between the end-user and the trusted user interface computing object, so that that elements of the distrusted server are prevented from intercepting, observing and/or accessing attributes and contents of the trusted data communications flow, etc.); (h) launch an identity validation function computer program module executable on the secure server, the identity validation computer program module operative to; (i) calculate an authentication key data value object and store this value in memory; (ii) send, via the data communications interface, an identical copy of the authentication key data value object to the trusted user interface function computer program module and store this value within the authentication key data field of the trusted user interface computing object; (iii) at periodic intervals, calculate a new authentication key data value object that supersedes the preceding authentication key data value object; (iv) replace the obsolete authentication key data value object stored in memory with the superseding value object; (v) send, via the data communications interface, an identical copy of the superseding authentication key data value object to the trusted user interface function computer program module and replace the obsolete stored authentication key data value object of the trusted user interface function computer program module with the superseding value; (vi) at periodic intervals, execute a query function computer process module of the secure server to retrieve, via the data communications interface, the current stored authentication key data value object of the trusted user interface function computer process module; (vii) subsequent to the completion of the computing query function, execute a computing identity validation process to compare the retrieved authentication key data value object of the trusted user interface function computer program module to the current stored authentication key data value object of the secure server; (viii) generate an identity validation result signal that contains the results of the identity validation process; (ix) present the identity validation result signal to designated recipients of the secure server; (x) a gatekeeping process of the secure server configured to receive the identity validation result signal and execute a predefined algorithm designated to correspond with the received identity validation result signal. (e.g. allow data communications to and from the trusted user interface function computer program module in the event of successful in point validation, block data communications to and from the trusted user interface function computer program module and issue an alert signal in the event of an identity validation failure, etc.); (i) launch an identity validation function computer program module executable on trusted user interface computing object, the identity validation module operative to; (i) receive from the secure server, via the data communications interface, an authentication key data value object and store this value in memory; (ii) at periodic intervals, receive from the secure server, via the data communications interface, a superseding authentication key data value object which replaces the obsolete preceding authentication key data value object stored in memory; (iii) at periodic intervals, execute a query function computer process module of the trusted user interface function computer program module to retrieve, via the data communications interface, the current stored authentication key data value object of the secure server; (iv) subsequent to the completion of the query function, execute an identity validation function computer process module to compare the retrieved authentication key data value object of the secure server to the current stored authentication key data value object of the trusted user interface function computer program module; (v) generate identity validation result signal (e.g. signal that both endpoints are authenticated, one failed to authenticate, both failed to authenticate, etc.); (vi) a gatekeeping process of the trusted user interface function computer program module configured to receive the identity validation result signal and execute a predefined algorithm designated to correspond with the received identity validation result signal. (e.g. allow data communications to and from the secure server in the event of successful in point validation, block data communications; (j) at periodic intervals, send an outgoing communication (asynchronous JavaScript response) from the security function computer program module to the publisher via the data communications interface, the outgoing communication including a request for the contemporary specific attribute parameters of the publisher calling function computer program module (e.g. the byte count and current file date of the object as they exist at the time of the request, etc.); (k) receive an incoming communication (asynchronous JavaScript request) from the publisher via the data communications interface, the incoming communication including the contemporary specific attribute parameters of the publisher calling function computer program module (e.g. byte count and file date of the object, etc.); (l) launch an authentication function computer program module executable on the secure server, the authentication module operative to; (i) receive, via the data communications interface, the contemporary specific attribute parameters of the publisher calling function computer program module; (ii) calculate a hash value derived from the contemporary specific attribute parameters of the publisher calling function computer program module; (iii) compare the contemporary calculated hash value with the original calculated hash value stored in memory; (m) execute the trusted user interface function computer program module, the trusted user interface function computer program module operative to; (i) request exclusive data entry and process control from the distrusted server of the publisher; (ii) acquire and retain exclusive data entry and process control from the distrusted server of the publisher (e.g. such that the distrusted server is unable to receive or process and user data and instructions until control has been released by the trusted user interface, etc.); (iii) receive data values entered by the end-user via the trusted data communications conduit; (iv) send an outgoing communication (asynchronous JavaScript request) from the trusted user interface function computer program module to the secure server via the data communications interface, the outgoing communication including data values and parameters associated with the transaction (e.g. user names, credit card number, health records, etc.); (n) Launch a transaction processing function computer process module of the secure server, the transaction hosting computer process module operative to; (i) receive an incoming communication (asynchronous JavaScript response) from the trusted user interface function computer program module via the data communications interface, the incoming communications including the data values and parameters associated with the transaction; (ii) assemble and store in the memory third party data processing information required by the third party data processor for use in providing the trusted computing function, the third party data processing information comprising the specific data provided by the publisher and any specific additional data input by the end user; (o) launch a third party data communication function computer program module executable on the secure server, the third party data communication computer program module operative to; (i) send an outgoing communication (server side HTTP request) to the third-party data processor, via the data communications interface, the outgoing communication including the third party data processing information; (ii) receive an incoming communication (server side HTTP response) via the data communications interface, the incoming communication including results data from the third party data processor. (p) launch an error signaling function computer program module of the secure server, the error signaling computer program module operative to; (i) parse the third party data processor results and extract transaction error signals (e.g. requests for data correction, incremental information, etc.); (ii) Generate a third-party data processor transaction error signal; (iii) Present the third-party data processor transaction error signal to designated computer program modules of the secure server; (q) launch a transaction completion function computer program module executable on the secure server, the transaction completion computer program module operative to; (i) receive third-party data processor results from the third-party data communication function computer program module; (ii) receive third-party data processor transaction error signal from the transaction result signaling function computer program module; (iii) assemble and store in memory the third-party data processor results, transaction error signals and parameter values associated with the trusted computing process. (e.g. transaction result codes, error codes, etc.); (iv) execute a response function computer program module designated to correspond with the received third-party data processor results and third-party data processor transaction error signals (e.g. complete the transaction, request error corrections, etc.); (v) send an outgoing signal communication (server side HTTP request) to the publisher, via the data communications interface, the outgoing signal including the third-party data processor results, transaction error signals and parameter values associated with the trusted computing; (vi) send an outgoing signal communication (embedded URL GET) to the end-user, via the data communications interface, the outgoing signal including the third-party data processor results, transaction error signals and parameter values associated with the trusted computing process; (vii) upon demand from the trusted user interface function computer program module, execute an error response loop function computer process module of the secure server, the error response loop computer process module operative to; (1) receive an incoming communication (asynchronous JavaScript request) from the trusted user interface function computer program module via the data communications interface, the incoming communications including incremental data values and parameters requested by the response function computer program module (e.g. the supplemental data values and parameters including items such as error corrections); (2) launch the third party data communication function computer program module of the secure server; (3) send an outgoing communication (asynchronous JavaScript response) to the third-party data processor, via the data communications interface, the outgoing communication including the incremental data values and parameters associated with the trusted computing process; (4) restart the process flow of the transaction completion computer process module; (viii) generate a transaction complete signal, the signal including markers to indicate termination of the trusted computing process; (ix) present the transaction completion signal to the trusted user interface function computer module of the publisher, via the data communications interface; (x) generate an interface release control signal, the signal instructing the trusted user interface function computer program module to release data input and process control rights to the publisher; and (xi) present the interface release control signal to the trusted user interface function computer program module, via the data communications interface. - View Dependent Claims (32, 33, 34, 35, 36)
- the method comprising the steps of;
Specification