SECURING SENSITIVE INFORMATION WITH A TRUSTED PROXY FRAME

US 20120089481A1
Filed: 11/24/2010
Published: 04/12/2012
Est. Priority Date: 11/24/2009
Status: Abandoned Application

First Claim

Patent Images

1. A system for providing a trusted computing function of a third party data processor on behalf of a networked publisher in connection with providing a networked computing function for an end user by the publisher, the third party data processor requiring sensitive information of an end user, the publisher operating a distrusted server coupled to a data communication network, the distrusted server including a distrusted end user interface, a processor for executing computer program modules and a memory;

the system comprising;

a secure server coupled to the data communications network, the secure server including a processor for executing computer program modules and a memory;

a data communications interface for trusted communications between the distrusted server of the publisher and an end user, trusted communications between the distrusted server of the publisher and the secure server, and trusted communications between the secure server and the third party data processor; and

a security function computer program module executable on the secure server, the security function program module operative to;

(a) receive an incoming communication (URL submission) from a calling function computer program module of the publisher via the data communications interface;

(b) receive an incoming communication from the publisher via the data communications interface, the incoming communication including contemporary specific attribute parameters of the calling function computer program module of the publisher;

(c) execute a trusted transaction interface function computer program module on the secure server to create a trusted user interface computer program module executable on an end user'"'"'s computer (e.g. JavaScript object);

(d) send an outgoing communication from the security function computer program module to the publisher via the data communications interface, the outgoing communication including the trusted user interface computer program module (e.g. the JavaScript object), the calling function computer program module of the publisher receiving the trusted user interface computer program module and merging the trusted user interface computer program module with its distrusted end user interface;

(e) launch an authentication validation function receiver computer program module on the secure server to ensure secure communications with the trusted user interface computer program module (e.g. JavaScript object) when executing on the end user'"'"'s computer;

(f) launch an authentication validation function sender computer program module on the trusted user interface computer program module at the end user'"'"'s computer to ensure secure communications with the secure server;

(g) at periodic intervals, send an outgoing communication from the authentication validation function sender computer program module on the trusted user interface computer program module to the authentication validation function receiver computer program module on the secure server via the data communications interface, the outgoing communication including a request for contemporary specific attribute parameters of the trusted user interface computer program module;

(h) execute the trusted user interface function computer program module to receive the sensitive information input by the end user;

(i) execute a transaction processing function computer process module of the secure server to receive the sensitive information from the trusted user interface computer program module and provide the sensitive information to the third party data processor;

(j) execute a third party data communication function computer program module on the secure server to receive results data from the third party data processor in response to processing the sensitive data;

(k) execute a signaling function computer program module on the secure server to process the results data;

(l) execute a transaction completion function computer program module on the secure server in response to said results data indicating completion of the third party data processing function; and

(m) send non-sensitive results data from the secure server to the trusted user interface computer program module and then to the distrusted end user interface of the publisher.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for secure transmission of sensitive end user information from an Internet portal operated by a publisher to a third party data processor. The publisher provides a content portal such as an e-commerce or healthcare information site. A third party data processor such as a bank or healthcare organization requires the sensitive information for a data processing function. In response to the requirement for sensitive information, a trusted proxy frame is invoked from a secure server operative to securely communicate the sensitive information. The trusted proxy frame is displayed in a secure context in the end user'"'"'s browser and receives input of the sensitive information. The sensitive information is encrypted and communicated through the secure server to the third party data processor. Results of this processing are transmitted to the publisher through a novel callback process that enables the publisher to execute its data processing functions, as if it was in possession of the sensitive information, but without actual access to the sensitive information. The third party data processor returns an acknowledgement of processing of the sensitive information.

98 Citations

View as Search Results

36 Claims

1. A system for providing a trusted computing function of a third party data processor on behalf of a networked publisher in connection with providing a networked computing function for an end user by the publisher, the third party data processor requiring sensitive information of an end user, the publisher operating a distrusted server coupled to a data communication network, the distrusted server including a distrusted end user interface, a processor for executing computer program modules and a memory;
- the system comprising;
  
  a secure server coupled to the data communications network, the secure server including a processor for executing computer program modules and a memory;
  
  a data communications interface for trusted communications between the distrusted server of the publisher and an end user, trusted communications between the distrusted server of the publisher and the secure server, and trusted communications between the secure server and the third party data processor; and
  
  a security function computer program module executable on the secure server, the security function program module operative to;
  
  (a) receive an incoming communication (URL submission) from a calling function computer program module of the publisher via the data communications interface;
  
  (b) receive an incoming communication from the publisher via the data communications interface, the incoming communication including contemporary specific attribute parameters of the calling function computer program module of the publisher;
  
  (c) execute a trusted transaction interface function computer program module on the secure server to create a trusted user interface computer program module executable on an end user'"'"'s computer (e.g. JavaScript object);
  
  (d) send an outgoing communication from the security function computer program module to the publisher via the data communications interface, the outgoing communication including the trusted user interface computer program module (e.g. the JavaScript object), the calling function computer program module of the publisher receiving the trusted user interface computer program module and merging the trusted user interface computer program module with its distrusted end user interface;
  
  (e) launch an authentication validation function receiver computer program module on the secure server to ensure secure communications with the trusted user interface computer program module (e.g. JavaScript object) when executing on the end user'"'"'s computer;
  
  (f) launch an authentication validation function sender computer program module on the trusted user interface computer program module at the end user'"'"'s computer to ensure secure communications with the secure server;
  
  (g) at periodic intervals, send an outgoing communication from the authentication validation function sender computer program module on the trusted user interface computer program module to the authentication validation function receiver computer program module on the secure server via the data communications interface, the outgoing communication including a request for contemporary specific attribute parameters of the trusted user interface computer program module;
  
  (h) execute the trusted user interface function computer program module to receive the sensitive information input by the end user;
  
  (i) execute a transaction processing function computer process module of the secure server to receive the sensitive information from the trusted user interface computer program module and provide the sensitive information to the third party data processor;
  
  (j) execute a third party data communication function computer program module on the secure server to receive results data from the third party data processor in response to processing the sensitive data;
  
  (k) execute a signaling function computer program module on the secure server to process the results data;
  
  (l) execute a transaction completion function computer program module on the secure server in response to said results data indicating completion of the third party data processing function; and
  
  (m) send non-sensitive results data from the secure server to the trusted user interface computer program module and then to the distrusted end user interface of the publisher.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, wherein the incoming communication (URL submission) from the calling function computer program module of the publisher includes:
    - (i) authentication information identifying the publisher (e.g. name, password);
      
      (ii) a request by a publisher for trusted transaction processing services from the security function computer program module; and
      
      (iii) specific parameters provided by the publisher for use in connection with a trusted transaction processing request (e.g. transaction type, service requirements, etc.).
  - 3. The system of claim 1, wherein the trusted transaction interface function computer program module is further operative to:
    - (i) create a trusted user interface function computer program module (e.g. a JavaScript object);
      
      (ii) configure the trusted user interface function computer program module to contain unpopulated data fields pertinent to the transaction request (e.g. user first name, user last name, credit card number, expiration date, etc.);
      
      (iii) configure the trusted user interface function computer program module to include an unpopulated endpoint authentication key data field (e.g. a data field used to store authentication key data values associated with an authentication key exchange protocol); and
      
      (iv) transform the untrusted computing environment containing the designated host container (iFrame) to display the secure, generated payment form.
  - 4. The system of claim 1, wherein the distrusted server of the publisher includes a distrusted transaction function computer program module operative to:
    - (i) receive the incoming communication (URL GET) from the secure server via the data communications interface, the incoming communication including the trusted user interface computing object;
      
      (ii) encapsulate the trusted user interface function computer program module within the user interface of the distrusted server of the publisher, in a manner that transforms the distrusted server. (e.g. merge the trusted user interface function computer program module into the distrusted server user interface via an HTML I-frame construct, a programmatic interface, etc.); and
      
      (iii) apply a logical computing segmentation of the web browser between the trusted user interface function computer program module and designated elements of the distrusted server of the publisher (e.g. for example, but not by way of limitation, apply logical domain segmentation controls of a web browser that prevent cross site scripting functions that could maliciously intercept, observe and/or access credit card data fields within the web application interface.
  - 5. The system of claim 1, wherein the authentication validation function receiver computer program module on the secure server is operative to:
    - (i) calculate an authentication key data value object and store this value in memory;
      
      (ii) send, via the data communications interface, an identical copy of the authentication key data value object to the trusted user interface function computer program module and store this value within the authentication key data field of the trusted user interface computing object;
      
      (iii) at periodic intervals, calculate a new authentication key data value object that supersedes the preceding authentication key data value object;
      
      (iv) replace the obsolete authentication key data value object stored in memory with the superseding value object;
      
      (v) send, via the data communications interface, an identical copy of the superseding authentication key data value object to the trusted user interface function computer program module and replace the obsolete stored authentication key data value object of the trusted user interface function computer program module with the superseding value;
      
      (vi) at periodic intervals, execute a query function computer process module of the secure server to retrieve, via the data communications interface, the current stored authentication key data value object of the trusted user interface function computer program module;
      
      (vii) subsequent to the completion of the computing query function, execute a computing identity validation process to compare the retrieved authentication key data value object of the trusted user interface function computer program module to the current stored authentication key data value object of the secure server;
      
      (viii) generate an identity validation result signal that contains the results of the identity validation process;
      
      (ix) present the identity validation result signal to designated recipients of the secure server; and
      
      (x) a gatekeeping process of the secure server configured to receive the identity validation result signal and execute a predefined algorithm designated to correspond with the received identity validation result signal. (e.g. allow data communications to and from the trusted user interface function computer program module in the event of successful in point validation, block data communications to and from the trusted user interface function computer program module and issue an alert signal in the event of an identity validation failure, etc.).
  - 6. The system of claim 1, wherein the authentication validation function sender computer program module on the trusted user interface computer program module at the end user'"'"'s computer is operative to:
    - (i) receive from the secure server, via the data communications interface, an authentication key data value object and store this value in memory;
      
      (ii) at periodic intervals, receive from the secure server, via the data communications interface, a superseding authentication key data value object which replaces the obsolete preceding authentication key data value object stored in memory;
      
      (iii) at periodic intervals, execute a query function computer process module of the trusted user interface function computer program module to retrieve, via the data communications interface, the current stored authentication key data value object of the secure server;
      
      (iv) subsequent to the completion of the query function, execute an identity validation function computer process module to compare the retrieved authentication key data value object of the secure server to the current stored authentication key data value object of the trusted user interface function computer program module;
      
      (v) generate identity validation result signal (e.g. signal that both endpoints are authenticated, one failed to authenticate, both failed to authenticate, etc.); and
      
      (vi) a gatekeeping process of the trusted user interface function computer program module configured to receive the identity validation result signal and execute a predefined algorithm designated to correspond with the received identity validation result signal. (e.g. allow data communications to and from the secure server in the event of successful in point validation, block data communications.
  - 7. The system of claim 1, wherein the authentication validation function receiver computer program module executable on the secure server is operative to:
    - (i) receive, via the data communications interface, the contemporary specific attribute parameters of the publisher calling function computer program module;
      
      (ii) calculate a hash value derived from the contemporary specific attribute parameters of the publisher calling function computer program module; and
      
      (iii) compare the contemporary calculated hash value with the original calculated hash value stored in memory.
  - 8. The system of claim 1, wherein the trusted user interface function computer program module on the end user'"'"'s computer is further operative to:
    - (i) request exclusive data entry and process control from the distrusted server of the publisher;
      
      (ii) acquire and retain exclusive data entry and process control from the distrusted server of the publisher (e.g. such that the distrusted server is unable to receive or process and user data and instructions until control has been released by the trusted user interface, etc.);
      
      (iii) receive data values entered by the end-user via the trusted data communications conduit; and
      
      (iv) send an outgoing communication (asynchronous JavaScript request) from the trusted user interface function computer program module to the secure server via the data communications interface, the outgoing communication including data values and parameters associated with the transaction (e.g. user names, credit card number, health records, etc.).
  - 9. The system of claim 1, wherein the transaction processing computer program module of the secure server is further operative to:
    - (i) receive an incoming communication (asynchronous JavaScript response) from the trusted user interface function computer program module via the data communications interface, the incoming communications including the data values and parameters associated with the transaction; and
      
      (ii) assemble and store in the memory third party data processing information required by the third party data processor for use in providing the trusted computing function, the third party data processing information comprising the specific data provided by the publisher and any specific additional data input by the end user.
  - 10. The system of claim 1, wherein the third party data communication function computer program module executable on the secure server is further operative to:
    - (i) send an outgoing communication (server side HTTP request) to the third-party data processor, via the data communications interface, the outgoing communication including the third party data processing information; and
      
      (ii) receive an incoming communication (server side HTTP response) via the data communications interface, the incoming communication including results data from the third party data processor.
  - 11. The system of claim 1, wherein the signaling computer program module is further operative to:
    - (i) parse the third party data processor results and extract a transaction error signal (e.g. requests for data correction, incremental information, etc.);
      
      (ii) generate a third-party data processor transaction error signal; and
      
      (iii) present the third-party data processor transaction error signal to designated computer program modules of the secure server.
  - 12. The system of claim 1, wherein the transaction completion function computer program module on the secure server is further operative to:
    - (i) receive third-party data processor results from the third-party data communication function computer program module;
      
      (ii) receive third-party data processor transaction error signal from the transaction result signaling function computer program module;
      
      (iii) assemble and store in memory the third-party data processor results, transaction error signals and parameter values associated with the trusted computing process (e.g. transaction result codes, error codes, etc.);
      
      (iv) execute a response function computer program module designated to correspond with the received third-party data processor results and third-party data processor transaction error signals (e.g. complete the transaction, request error corrections, etc.);
      
      (v) send an outgoing signal communication (server side HTTP request) to the publisher, via the data communications interface, the outgoing signal including the third-party data processor results, transaction error signals and parameter values associated with the trusted computing;
      
      (vi) send an outgoing signal communication (embedded URL GET) to the end-user, via the data communications interface, the outgoing signal including the third-party data processor results, transaction error signals and parameter values associated with the trusted computing process;
      
      (vii) upon demand from the trusted user interface function computer program module, execute an error response loop function computer process module of the secure server, the error response loop computer process module operative to;
      
      (1) receive an incoming communication (asynchronous JavaScript request) from the trusted user interface function computer program module via the data communications interface, the incoming communications including incremental data values and parameters requested by the response function computer program module (e.g. the supplemental data values and parameters including items such as error corrections);
      
      (2) launch the third party data communication function computer program module of the secure server;
      
      (3) send an outgoing communication (asynchronous JavaScript response) to the third-party data processor, via the data communications interface, the outgoing communication including the incremental data values and parameters associated with the trusted computing process;
      
      (4) restart the process flow of the transaction completion computer process module;
      
      (viii) generate a transaction complete signal, the signal including markers to indicate termination of the trusted computing process;
      
      (ix) present the transaction completion signal to the trusted user interface function computer module of the publisher, via the data communications interface;
      
      (x) generate an interface release control signal, the signal instructing the trusted user interface function computer program module to release data input and process control rights to the publisher;
      
      (xi) present the interface release control signal to the trusted user interface function computer program module, via the data communications interface.

13. A computer-implemented method for providing a trusted computing function of a third party data processor on behalf of a networked publisher in connection with providing a networked computing function for an end user by the publisher, the third party data processor requiring sensitive information of an end user, the publisher operating a distrusted server coupled to a data communication network, the distrusted server including a distrusted end user interface, a processor for executing computer program modules and a memory;
- comprising the computer-implemented steps of;
  
  providing a secure server coupled to the data communications network, the secure server including a processor for executing computer program modules and a memory;
  
  providing a data communications interface for trusted communications between the distrusted server of the publisher and an end user, trusted communications between the distrusted server of the publisher and the secure server, and trusted communications between the secure server and the third party data processor; and
  
  providing a security function computer program module executable on the secure server, the security function program module operative to;
  
  (a) receive an incoming communication (URL submission) from a calling function computer program module of the publisher via the data communications interface;
  
  (b) receive an incoming communication from the publisher via the data communications interface, the incoming communication including contemporary specific attribute parameters of the calling function computer program module of the publisher;
  
  (c) execute a trusted transaction interface function computer program module on the secure server to create a trusted user interface computer program module executable on an end user'"'"'s computer (e.g. JavaScript object);
  
  (d) send an outgoing communication from the security function computer program module to the publisher via the data communications interface, the outgoing communication including the trusted user interface computer program module (e.g. the JavaScript object), the calling function computer program module of the publisher receiving the trusted user interface computer program module and merging the trusted user interface computer program module with its distrusted end user interface;
  
  (e) launch an authentication validation function receiver computer program module on the secure server to ensure secure communications with the trusted user interface computer program module (e.g. JavaScript object) when executing on the end user'"'"'s computer;
  
  (f) launch an authentication validation function sender computer program module on the trusted user interface computer program module at the end user'"'"'s computer to ensure secure communications with the secure server;
  
  (g) at periodic intervals, send an outgoing communication from the authentication validation function sender computer program module on the trusted user interface computer program module to the authentication validation function receiver computer program module on the secure server via the data communications interface, the outgoing communication including a request for contemporary specific attribute parameters of the trusted user interface computer program module;
  
  (h) execute the trusted user interface function computer program module to receive the sensitive information input by the end user;
  
  (i) execute a transaction processing function computer process module of the secure server to receive the sensitive information from the trusted user interface computer program module and provide the sensitive information to the third party data processor;
  
  (j) execute a third party data communication function computer program module on the secure server to receive results data from the third party data processor in response to processing the sensitive data;
  
  (k) execute a signaling function computer program module on the secure server to process the results data;
  
  (l) execute a transaction completion function computer program module on the secure server in response to said results data indicating completion of the third party data processing function; and
  
  (m) send non-sensitive results data from the secure server to the trusted user interface computer program module and then to the distrusted end user interface of the publisher.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The method of claim 13, wherein the incoming communication (URL submission) from the calling function computer program module of the publisher includes:
    - (i) authentication information identifying the publisher (e.g. name, password);
      
      (ii) a request by a publisher for trusted transaction processing services from the security function computer program module; and
      
      (iii) specific parameters provided by the publisher for use in connection with a trusted transaction processing request (e.g. transaction type, service requirements, etc.).
  - 15. The method of claim 13, wherein the trusted transaction interface function computer program module is further operative to:
    - (i) create a trusted user interface function computer program module (e.g. a JavaScript object);
      
      (ii) configure the trusted user interface function computer program module to contain unpopulated data fields pertinent to the transaction request (e.g. user first name, user last name, credit card number, expiration date, etc.);
      
      (iii) configure the trusted user interface function computer program module to include an unpopulated endpoint authentication key data field (e.g. a data field used to store authentication key data values associated with an authentication key exchange protocol); and
      
      (iv) transform the untrusted computing environment containing the designated host container (iFrame) to display the secure, generated payment form.
  - 16. The method of claim 13, wherein the distrusted server of the publisher includes a distrusted transaction function computer program module operative to:
    - (i) receive the incoming communication (URL GET) from the secure server via the data communications interface, the incoming communication including the trusted user interface computing object;
      
      (ii) encapsulate the trusted user interface function computer program module within the user interface of the distrusted server of the publisher, in a manner that transforms the distrusted server. (e.g. merge the trusted user interface function computer program module into the distrusted server user interface via an HTML I-frame construct, a programmatic interface, etc.); and
      
      (iii) apply a logical computing segmentation of the web browser between the trusted user interface function computer program module and designated elements of the distrusted server of the publisher (e.g. for example, but not by way of limitation, apply logical domain segmentation controls of a web browser that prevent cross site scripting functions that could maliciously intercept, observe and/or access credit card data fields within the web application interface.
  - 17. The method of claim 13, wherein the authentication validation function receiver computer program module on the secure server is operative to:
    - (i) calculate an authentication key data value object and store this value in memory;
      
      (ii) send, via the data communications interface, an identical copy of the authentication key data value object to the trusted user interface function computer program module and store this value within the authentication key data field of the trusted user interface computing object;
      
      (iii) at periodic intervals, calculate a new authentication key data value object that supersedes the preceding authentication key data value object;
      
      (iv) replace the obsolete authentication key data value object stored in memory with the superseding value object;
      
      (v) send, via the data communications interface, an identical copy of the superseding authentication key data value object to the trusted user interface function computer program module and replace the obsolete stored authentication key data value object of the trusted user interface function computer program module with the superseding value;
      
      (vi) at periodic intervals, execute a query function computer process module of the secure server to retrieve, via the data communications interface, the current stored authentication key data value object of the trusted user interface function computer program module;
      
      (vii) subsequent to the completion of the computing query function, execute a computing identity validation process to compare the retrieved authentication key data value object of the trusted user interface function computer program module to the current stored authentication key data value object of the secure server;
      
      (viii) generate an identity validation result signal that contains the results of the identity validation process;
      
      (ix) present the identity validation result signal to designated recipients of the secure server; and
      
      (x) a gatekeeping process of the secure server configured to receive the identity validation result signal and execute a predefined algorithm designated to correspond with the received identity validation result signal. (e.g. allow data communications to and from the trusted user interface function computer program module in the event of successful in point validation, block data communications to and from the trusted user interface function computer program module and issue an alert signal in the event of an identity validation failure, etc.).
  - 18. The method of claim 13, wherein the authentication validation function sender computer program module on the trusted user interface computer program module at the end user'"'"'s computer is operative to:
    - (i) receive from the secure server, via the data communications interface, an authentication key data value object and store this value in memory;
      
      (ii) at periodic intervals, receive from the secure server, via the data communications interface, a superseding authentication key data value object which replaces the obsolete preceding authentication key data value object stored in memory;
      
      (iii) at periodic intervals, execute a query function computer process module of the trusted user interface function computer program module to retrieve, via the data communications interface, the current stored authentication key data value object of the secure server;
      
      (iv) subsequent to the completion of the query function, execute an identity validation function computer process module to compare the retrieved authentication key data value object of the secure server to the current stored authentication key data value object of the trusted user interface function computer program module;
      
      (v) generate identity validation result signal (e.g. signal that both endpoints are authenticated, one failed to authenticate, both failed to authenticate, etc.); and
      
      (vi) a gatekeeping process of the trusted user interface function computer program module configured to receive the identity validation result signal and execute a predefined algorithm designated to correspond with the received identity validation result signal. (e.g. allow data communications to and from the secure server in the event of successful in point validation, block data communications.
  - 19. The method of claim 13, wherein the authentication validation function receiver computer program module executable on the secure server is operative to:
    - (i) receive, via the data communications interface, the contemporary specific attribute parameters of the publisher calling function computer program module;
      
      (ii) calculate a hash value derived from the contemporary specific attribute parameters of the publisher calling function computer program module; and
      
      (iii) compare the contemporary calculated hash value with the original calculated hash value stored in memory.
  - 20. The method of claim 13, wherein the trusted user interface function computer program module on the end user'"'"'s computer is further operative to:
    - (i) request exclusive data entry and process control from the distrusted server of the publisher;
      
      (ii) acquire and retain exclusive data entry and process control from the distrusted server of the publisher (e.g. such that the distrusted server is unable to receive or process and user data and instructions until control has been released by the trusted user interface, etc.);
      
      (iii) receive data values entered by the end-user via the trusted data communications conduit; and
      
      (iv) send an outgoing communication (asynchronous JavaScript request) from the trusted user interface function computer program module to the secure server via the data communications interface, the outgoing communication including data values and parameters associated with the transaction (e.g. user names, credit card number, health records, etc.).
  - 21. The method of claim 13, wherein the transaction processing computer program module of the secure server is further operative to:
    - (i) receive an incoming communication (asynchronous JavaScript response) from the trusted user interface function computer program module via the data communications interface, the incoming communications including the data values and parameters associated with the transaction; and
      
      (ii) assemble and store in the memory third party data processing information required by the third party data processor for use in providing the trusted computing function, the third party data processing information comprising the specific data provided by the publisher and any specific additional data input by the end user.
  - 22. The method of claim 13, wherein the third party data communication function computer program module executable on the secure server is further operative to:
    - (i) send an outgoing communication (server side HTTP request) to the third-party data processor, via the data communications interface, the outgoing communication including the third party data processing information; and
      
      (ii) receive an incoming communication (server side HTTP response) via the data communications interface, the incoming communication including results data from the third party data processor.
  - 23. The method of claim 13, wherein the signaling computer program module is further operative to:
    - (i) parse the third party data processor results and extract a transaction error signal (e.g. requests for data correction, incremental information, etc.);
      
      (ii) generate a third-party data processor transaction error signal; and
      
      (iii) present the third-party data processor transaction error signal to designated computer program modules of the secure server.
  - 24. The method of claim 13, wherein the transaction completion function computer program module on the secure server is further operative to:
    - (i) receive third-party data processor results from the third-party data communication function computer program module;
      
      (ii) receive third-party data processor transaction error signal from the transaction result signaling function computer program module;
      
      (iii) assemble and store in memory the third-party data processor results, transaction error signals and parameter values associated with the trusted computing process (e.g. transaction result codes, error codes, etc.);
      
      (iv) execute a response function computer program module designated to correspond with the received third-party data processor results and third-party data processor transaction error signals (e.g. complete the transaction, request error corrections, etc.);
      
      (v) send an outgoing signal communication (server side HTTP request) to the publisher, via the data communications interface, the outgoing signal including the third-party data processor results, transaction error signals and parameter values associated with the trusted computing;
      
      (vi) send an outgoing signal communication (embedded URL GET) to the end-user, via the data communications interface, the outgoing signal including the third-party data processor results, transaction error signals and parameter values associated with the trusted computing process;
      
      (vii) upon demand from the trusted user interface function computer program module, execute an error response loop function computer process module of the secure server, the error response loop computer process module operative to;
      
      (1) receive an incoming communication (asynchronous JavaScript request) from the trusted user interface function computer program module via the data communications interface, the incoming communications including incremental data values and parameters requested by the response function computer program module (e.g. the supplemental data values and parameters including items such as error corrections);
      
      (2) launch the third party data communication function computer program module of the secure server;
      
      (3) send an outgoing communication (asynchronous JavaScript response) to the third-party data processor, via the data communications interface, the outgoing communication including the incremental data values and parameters associated with the trusted computing process;
      
      (4) restart the process flow of the transaction completion computer process module;
      
      (viii) generate a transaction complete signal, the signal including markers to indicate termination of the trusted computing process;
      
      (ix) present the transaction completion signal to the trusted user interface function computer module of the publisher, via the data communications interface;
      
      (x) generate an interface release control signal, the signal instructing the trusted user interface function computer program module to release data input and process control rights to the publisher;
      
      (xi) present the interface release control signal to the trusted user interface function computer program module, via the data communications interface.

25. A system for providing a trusted computing function of a third party data processor on behalf of a networked publisher in connection with providing a networked computing function for an end user by the publisher, the publisher operating a distrusted server coupled to a data communication network, the distrusted server including a user interface, a processor for executing computer program modules and a memory;
- the system comprising;
  
  a secure server coupled to the data communications network, the secure server including a processor for executing computer program modules and a memory;
  
  a data communications interface for trusted communications between the distrusted server of the publisher and an end user, the end user being associated with the publisher, trusted communications between the distrusted server of the publisher and the secure server, and trusted communications between the secure server and the third party data processor; and
  
  a security function computer program module executable on the secure server, the security function program module operative to;
  
  (a) receive an incoming communication (URL submission) from a calling function computer program module of the publisher via the data communications interface, the incoming communication including;
  
  (i) authentication information identifying the publisher (e.g. name, password);
  
  (ii) a request by a publisher for trusted transaction processing services from the security function computer program module; and
  
  (iii) specific parameters provided by the publisher for use in connection with a trusted transaction processing request (e.g. transaction type, service requirements, etc.);
  
  (b) launch a trusted transaction interface function computer program module executable on the secure server, the trusted transaction interface function computer program module operative to;
  
  (i) create a trusted user interface function computer program module (e.g. a JavaScript object);
  
  (ii) configure the trusted user interface function computer program module to contain unpopulated data fields pertinent to the transaction request (e.g. user first name, user last name, credit card number, expiration date, etc.);
  
  (iii) configure the trusted user interface function computer program module to include an unpopulated endpoint authentication key data field (e.g. a data field used to store authentication key data values associated with an authentication key exchange protocol);
  
  (iv) transform the untrusted computing environment containing the designated host container (iFrame) to display the secure, generated payment form;
  
  (c) send an outgoing communication (any outgoing interface, e.g. form data post, e-mail, server side HTTP response, URL GET, etc.) from the security function computer program module to the publisher via the data communications interface, the outgoing communication including the trusted user interface computing object;
  
  (d) launch a trusted transaction function computer program module of the publisher, on a secure server, the trusted transaction function computer program module operative to;
  
  (i) receive an incoming communication (URL GET) from the secure server via the data communications interface, the incoming communication including the trusted user interface computing object;
  
  (ii) encapsulate the trusted user interface function computer program module within the user interface of the distrusted server of the publisher, in a manner that transforms the distrusted server. (e.g. merge the trusted user interface function computer program module into the distrusted server user interface via an HTML I-frame construct, a programmatic interface, etc.);
  
  (iii) apply a logical computing segmentation of the web browser between the trusted user interface function computer program module and designated elements of the distrusted server of the publisher (e.g. for example, but not by way of limitation, apply logical domain segmentation controls of a web browser that prevent cross site scripting functions that could maliciously intercept, observe and/or access credit card data fields within the web application interface;
  
  (e) launch an identity validation function computer program module executable on the secure server, the identity validation computer program module operative to;
  
  (i) calculate an authentication key data value object and store this value in memory;
  
  (ii) send, via the data communications interface, an identical copy of the authentication key data value object to the trusted user interface function computer program module and store this value within the authentication key data field of the trusted user interface computing object;
  
  (iii) at periodic intervals, calculate a new authentication key data value object that supersedes the preceding authentication key data value object;
  
  (iv) replace the obsolete authentication key data value object stored in memory with the superseding value object;
  
  (v) send, via the data communications interface, an identical copy of the superseding authentication key data value object to the trusted user interface function computer program module and replace the obsolete stored authentication key data value object of the trusted user interface function computer program module with the superseding value;
  
  (vi) at periodic intervals, execute a query function computer process module of the secure server to retrieve, via the data communications interface, the current stored authentication key data value object of the trusted user interface function computer program module;
  
  (vii) subsequent to the completion of the computing query function, execute a computing identity validation process to compare the retrieved authentication key data value object of the trusted user interface function computer program module to the current stored authentication key data value object of the secure server;
  
  (viii) generate an identity validation result signal that contains the results of the identity validation process;
  
  (ix) present the identity validation result signal to designated recipients of the secure server;
  
  (x) a gatekeeping process of the secure server configured to receive the identity validation result signal and execute a predefined algorithm designated to correspond with the received identity validation result signal. (e.g. allow data communications to and from the trusted user interface function computer program module in the event of successful in point validation, block data communications to and from the trusted user interface function computer program module and issue an alert signal in the event of an identity validation failure, etc.);
  
  (f) launch an identity validation function computer program module executable on trusted user interface computing object, the identity validation module operative to;
  
  (i) receive from the secure server, via the data communications interface, an authentication key data value object and store this value in memory;
  
  (ii) at periodic intervals, receive from the secure server, via the data communications interface, a superseding authentication key data value object which replaces the obsolete preceding authentication key data value object stored in memory;
  
  (iii) at periodic intervals, execute a query function computer process module of the trusted user interface function computer program module to retrieve, via the data communications interface, the current stored authentication key data value object of the secure server;
  
  (iv) subsequent to the completion of the query function, execute an identity validation function computer process module to compare the retrieved authentication key data value object of the secure server to the current stored authentication key data value object of the trusted user interface function computer program module;
  
  (v) generate identity validation result signal (e.g. signal that both endpoints are authenticated, one failed to authenticate, both failed to authenticate, etc.);
  
  (vi) a gatekeeping process of the trusted user interface function computer program module configured to receive the identity validation result signal and execute a predefined algorithm designated to correspond with the received identity validation result signal. (e.g. allow data communications to and from the secure server in the event of successful in point validation, block data communications;
  
  (g) at periodic intervals, send an outgoing communication (asynchronous JavaScript response) from the security function computer program module to the publisher via the data communications interface, the outgoing communication including a request for the contemporary specific attribute parameters of the publisher calling function computer program module (e.g. the byte count and current file date of the object as they exist at the time of the request, etc.);
  
  (h) receive an incoming communication (asynchronous JavaScript request) from the publisher via the data communications interface, the incoming communication including the contemporary specific attribute parameters of the publisher calling function computer program module (e.g. byte count and file date of the object, etc.);
  
  (i) launch an authentication function computer program module executable on the secure server, the authentication module operative to;
  
  (i) receive, via the data communications interface, the contemporary specific attribute parameters of the publisher calling function computer program module;
  
  (ii) calculate a hash value derived from the contemporary specific attribute parameters of the publisher calling function computer program module;
  
  (iii) compare the contemporary calculated hash value with the original calculated hash value stored in memory;
  
  (j) execute the trusted user interface function computer program module, the trusted user interface function computer program module operative to;
  
  (i) request exclusive data entry and process control from the distrusted server of the publisher;
  
  (ii) acquire and retain exclusive data entry and process control from the distrusted server of the publisher (e.g. such that the distrusted server is unable to receive or process and user data and instructions until control has been released by the trusted user interface, etc.);
  
  (iii) receive data values entered by the end-user via the trusted data communications conduit;
  
  (iv) send an outgoing communication (asynchronous JavaScript request) from the trusted user interface function computer program module to the secure server via the data communications interface, the outgoing communication including data values and parameters associated with the transaction (e.g. user names, credit card number, health records, etc.);
  
  (k) launch a transaction processing function computer program module of the secure server, the transaction hosting computer process module operative to;
  
  (i) receive an incoming communication (asynchronous JavaScript response) from the trusted user interface function computer program module via the data communications interface, the incoming communications including the data values and parameters associated with the transaction;
  
  (ii) assemble and store in the memory third party data processing information required by the third party data processor for use in providing the trusted computing function, the third party data processing information comprising the specific data provided by the publisher and any specific additional data input by the end user;
  
  (l) launch a third party data communication function computer program module executable on the secure server, the third party data communication computer program module operative to;
  
  (i) send an outgoing communication (server side HTTP request) to the third-party data processor, via the data communications interface, the outgoing communication including the third party data processing information;
  
  (ii) receive an incoming communication (server side HTTP response) via the data communications interface, the incoming communication including results data from the third party data processor;
  
  (m) launch an error signaling function computer program module of the secure server, the error signaling computer program module operative to;
  
  (i) parse the third party data processor results and extract transaction error signals (e.g. requests for data correction, incremental information, etc.);
  
  (ii) generate a third-party data processor transaction error signal;
  
  (iii) present the third-party data processor transaction error signal to designated computer program modules of the secure server;
  
  (n) launch a transaction completion function computer program module executable on the secure server, the transaction completion computer program module operative to;
  
  (i) receive third-party data processor results from the third-party data communication function computer program module;
  
  (ii) receive third-party data processor transaction error signal from the transaction result signaling function computer program module;
  
  (iii) assemble and store in memory the third-party data processor results, transaction error signals and parameter values associated with the trusted computing process (e.g. transaction result codes, error codes, etc.);
  
  (iv) execute a response function computer program module designated to correspond with the received third-party data processor results and third-party data processor transaction error signals (e.g. complete the transaction, request error corrections, etc.);
  
  (v) send an outgoing signal communication (server side HTTP request) to the publisher, via the data communications interface, the outgoing signal including the third-party data processor results, transaction error signals and parameter values associated with the trusted computing;
  
  (vi) send an outgoing signal communication (embedded URL GET) to the end-user, via the data communications interface, the outgoing signal including the third-party data processor results, transaction error signals and parameter values associated with the trusted computing process;
  
  (vii) upon demand from the trusted user interface function computer program module, execute an error response loop function computer process module of the secure server, the error response loop computer process module operative to;
  
  (1) receive an incoming communication (asynchronous JavaScript request) from the trusted user interface function computer program module via the data communications interface, the incoming communications including incremental data values and parameters requested by the response function computer program module (e.g. the supplemental data values and parameters including items such as error corrections);
  
  (2) launch the third party data communication function computer program module of the secure server;
  
  (3) send an outgoing communication (asynchronous JavaScript response) to the third-party data processor, via the data communications interface, the outgoing communication including the incremental data values and parameters associated with the trusted computing process;
  
  (4) restart the process flow of the transaction completion computer process module;
  
  (viii) generate a transaction complete signal, the signal including markers to indicate termination of the trusted computing process;
  
  (ix) present the transaction completion signal to the trusted user interface function computer module of the publisher, via the data communications interface;
  
  (x) generate an interface release control signal, the signal instructing the trusted user interface function computer program module to release data input and process control rights to the publisher;
  
  (xi) present the interface release control signal to the trusted user interface function computer program module, via the data communications interface.
- View Dependent Claims (26, 27, 28, 29, 30)
- - 26. The system of claim 25, wherein the publisher is a merchant with an online shopping cart as the publisher'"'"'s business process, and wherein the third party data processor is a financial institution that provides a trusted payment function such credit card processing of the end user'"'"'s credit card information.
  - 27. The system of claim 25, wherein the publisher is a health care services provider with an online health care information web site, and wherein the third party data processor is a health insurance provider that provides a trusted (HIPAA compliant) health care information gathering function from the end user.
  - 28. The system of claim 25, wherein the publisher is a data warehousing services provider, and wherein the third party data processor is a provider of trusted data management services.
  - 29. The system of claim 25, wherein the trusted user interface function computer program module is an I-frame construct defined in hypertext markup language (HTML).
  - 30. The system of claim 25, wherein the trusted user interface function computer program module is a programmatic construct (e.g. a JavaScript object, ActiveX control, PHP script, compiled executable file, etc.)

31. A computer-implemented method for providing a trusted computing function of a third party data processor on behalf of a networked publisher in connection with providing a networked computing function for an end user by the publisher, the publisher operating a distrusted server coupled to a data communication network, the distrusted server including a user interface, a processor for executing computer program modules, and a memory;
- the method comprising the steps of;
  
  providing a secure server coupled to a data communications network, the secure server including a processor for executing computer program modules and a memory;
  
  providing a data communications interface for trusted communications between the distrusted server of the publisher and an end user, the end user being associated with the publisher, trusted communications between the distrusted server of the publisher and the secure server, and trusted communications between the secure server and the third party data processor; and
  
  providing a security function computer program module executable on the secure server, the security function program module operative to;
  
  (a) receive an incoming communication (URL submission) from a calling function computer program module of the publisher via the data communications interface, the incoming communication including;
  
  (i) authentication information identifying the publisher (e.g. name, password);
  
  (ii) a request by a publisher for trusted transaction processing services from the security function computer program module;
  
  (iii) specific parameters provided by the publisher for use in connection with a trusted transaction processing request (e.g. transaction type, service requirements, etc.);
  
  (b) launch an authentication function computer program module executable on the secure server, the authentication function program module operative to;
  
  (i) send an outgoing communication (server side HTTP request) from the security function computer program module to the publisher via the data communications interface, the outgoing communication including a request for specific attribute parameters of the publisher calling object computer module initiating the trusted transaction processing request (e.g. byte count and file date of the calling object as they exist at the time of the request, etc.);
  
  (ii) receive an incoming communication (server side HTTP response) from the publisher via the data communications interface, the incoming communication including the requested specific attribute parameters of the publisher calling function computer program module (e.g. the then-current byte count and file date of the publisher object initiating the trusted transaction processing request, etc.);
  
  (iii) calculate a hash value derived from the request specific attribute parameters of the publisher calling function computer program module;
  
  (iv) store the calculated hash value in memory;
  
  (v) periodically send an outgoing communication (server side HTTP request) from the security function computer program module to the publisher via the data communications interface, the outgoing communication including a request for the contemporary specific attribute parameters of the publisher calling function computer program module (e.g. the current point-in-time byte count and current file date of the object as they exist at the time of the request, etc.);
  
  (vi) receive an incoming communication (server side HTTP response) from the publisher via the data communications interface, the incoming communication including the contemporary specific attribute parameters of the publisher calling function computer program module (e.g. byte count and file date of the object, etc.);
  
  (vii) calculate a hash value derived from the contemporary specific attribute parameters of the publisher calling function computer program module;
  
  (viii) compare the calculated hash value of the contemporary publisher calling object with the hash value of the original calculated publisher calling object stored in memory;
  
  (ix) determine if the contemporary calculated hash value is identical to the original calculated hash value;
  
  (c) launch a signaling function computer program module executable on the secure server, the signaling function computer program module operative to;
  
  (i) receive the results of the publisher calling object hash value comparison;
  
  (ii) generate a publisher calling object authentication result signal (e.g. signal that contemporary calling object hash value failed authentication, passed authentication, etc.);
  
  (iii) present the publisher calling object authentication result signal to designated computing process modules of the secure server;
  
  (iv) send an outgoing communication to the publisher, via the data communications interface, the outgoing communication including publisher calling object authentication result signal;
  
  (d) launch a gatekeeper function computer program module executable on the secure server, the gatekeeper computer program module operative to;
  
  (i) receive the authentication result signal of the authentication function computer program module;
  
  (ii) execute a response function computer program module designated to correspond with the received authentication result signal value (e.g. deny traffic via the data communications interface in the event the contemporary publisher computer calling object fails to authenticate);
  
  (e) launch a trusted transaction interface function computer program module executable on the secure server, the trusted transaction interface function computer program module operative to;
  
  (i) create a trusted user interface function computer program module (e.g. a JavaScript object);
  
  (ii) configure the trusted user interface function computer program module to contain unpopulated data fields pertinent to the transaction request (e.g. user first name, user last name, credit card number, expiration date, etc.);
  
  (iii) configure the trusted user interface function computer program module to include an unpopulated endpoint authentication key data field (e.g. a data field used to store authentication key data values associated with an authentication key exchange protocol);
  
  (f) send an outgoing communication (any outgoing interface, e.g. form data post, e-mail, server side HTTP response, URL GET, etc.) from the security function computer program module to the publisher via the data communications interface, the outgoing communication including the trusted user interface computing object;
  
  (g) launch a trusted transaction function computer program module of the publisher, the trusted transaction function computer program module operative to;
  
  (i) receive an incoming communication (URL GET) from the secure server via the data communications interface, the incoming communication including the trusted user interface computing object;
  
  (ii) encapsulate the trusted user interface function computer program module within the user interface of the distrusted server of the publisher (e.g. merge the trusted user interface function computer program module into the distrusted server user interface via an HTML I-frame construct, a programmatic interface, etc.);
  
  (iii) create logical computing segmentation between the trusted user interface function computer program module and designated elements of the distrusted server of the publisher (e.g. create a logical computer boundary around the trusted user interface function computer program module that prevents unauthorized elements of the distrusted server from intercepting, observing and/or accessing data fields within the trusted user interface computing object, etc.)(iv) create a trusted data communications conduit between the end user and the trusted user interface function computer program module with logical computing segmentation between the trusted data communications conduit and designated elements of the distrusted server of the publisher. (e.g. create a logical computer boundary around the trusted data communications link between the end-user and the trusted user interface computing object, so that that elements of the distrusted server are prevented from intercepting, observing and/or accessing attributes and contents of the trusted data communications flow, etc.);
  
  (h) launch an identity validation function computer program module executable on the secure server, the identity validation computer program module operative to;
  
  (i) calculate an authentication key data value object and store this value in memory;
  
  (ii) send, via the data communications interface, an identical copy of the authentication key data value object to the trusted user interface function computer program module and store this value within the authentication key data field of the trusted user interface computing object;
  
  (iii) at periodic intervals, calculate a new authentication key data value object that supersedes the preceding authentication key data value object;
  
  (iv) replace the obsolete authentication key data value object stored in memory with the superseding value object;
  
  (v) send, via the data communications interface, an identical copy of the superseding authentication key data value object to the trusted user interface function computer program module and replace the obsolete stored authentication key data value object of the trusted user interface function computer program module with the superseding value;
  
  (vi) at periodic intervals, execute a query function computer process module of the secure server to retrieve, via the data communications interface, the current stored authentication key data value object of the trusted user interface function computer process module;
  
  (vii) subsequent to the completion of the computing query function, execute a computing identity validation process to compare the retrieved authentication key data value object of the trusted user interface function computer program module to the current stored authentication key data value object of the secure server;
  
  (viii) generate an identity validation result signal that contains the results of the identity validation process;
  
  (ix) present the identity validation result signal to designated recipients of the secure server;
  
  (x) a gatekeeping process of the secure server configured to receive the identity validation result signal and execute a predefined algorithm designated to correspond with the received identity validation result signal. (e.g. allow data communications to and from the trusted user interface function computer program module in the event of successful in point validation, block data communications to and from the trusted user interface function computer program module and issue an alert signal in the event of an identity validation failure, etc.);
  
  (i) launch an identity validation function computer program module executable on trusted user interface computing object, the identity validation module operative to;
  
  (i) receive from the secure server, via the data communications interface, an authentication key data value object and store this value in memory;
  
  (ii) at periodic intervals, receive from the secure server, via the data communications interface, a superseding authentication key data value object which replaces the obsolete preceding authentication key data value object stored in memory;
  
  (iii) at periodic intervals, execute a query function computer process module of the trusted user interface function computer program module to retrieve, via the data communications interface, the current stored authentication key data value object of the secure server;
  
  (iv) subsequent to the completion of the query function, execute an identity validation function computer process module to compare the retrieved authentication key data value object of the secure server to the current stored authentication key data value object of the trusted user interface function computer program module;
  
  (v) generate identity validation result signal (e.g. signal that both endpoints are authenticated, one failed to authenticate, both failed to authenticate, etc.);
  
  (vi) a gatekeeping process of the trusted user interface function computer program module configured to receive the identity validation result signal and execute a predefined algorithm designated to correspond with the received identity validation result signal. (e.g. allow data communications to and from the secure server in the event of successful in point validation, block data communications;
  
  (j) at periodic intervals, send an outgoing communication (asynchronous JavaScript response) from the security function computer program module to the publisher via the data communications interface, the outgoing communication including a request for the contemporary specific attribute parameters of the publisher calling function computer program module (e.g. the byte count and current file date of the object as they exist at the time of the request, etc.);
  
  (k) receive an incoming communication (asynchronous JavaScript request) from the publisher via the data communications interface, the incoming communication including the contemporary specific attribute parameters of the publisher calling function computer program module (e.g. byte count and file date of the object, etc.);
  
  (l) launch an authentication function computer program module executable on the secure server, the authentication module operative to;
  
  (i) receive, via the data communications interface, the contemporary specific attribute parameters of the publisher calling function computer program module;
  
  (ii) calculate a hash value derived from the contemporary specific attribute parameters of the publisher calling function computer program module;
  
  (iii) compare the contemporary calculated hash value with the original calculated hash value stored in memory;
  
  (m) execute the trusted user interface function computer program module, the trusted user interface function computer program module operative to;
  
  (i) request exclusive data entry and process control from the distrusted server of the publisher;
  
  (ii) acquire and retain exclusive data entry and process control from the distrusted server of the publisher (e.g. such that the distrusted server is unable to receive or process and user data and instructions until control has been released by the trusted user interface, etc.);
  
  (iii) receive data values entered by the end-user via the trusted data communications conduit;
  
  (iv) send an outgoing communication (asynchronous JavaScript request) from the trusted user interface function computer program module to the secure server via the data communications interface, the outgoing communication including data values and parameters associated with the transaction (e.g. user names, credit card number, health records, etc.);
  
  (n) Launch a transaction processing function computer process module of the secure server, the transaction hosting computer process module operative to;
  
  (i) receive an incoming communication (asynchronous JavaScript response) from the trusted user interface function computer program module via the data communications interface, the incoming communications including the data values and parameters associated with the transaction;
  
  (ii) assemble and store in the memory third party data processing information required by the third party data processor for use in providing the trusted computing function, the third party data processing information comprising the specific data provided by the publisher and any specific additional data input by the end user;
  
  (o) launch a third party data communication function computer program module executable on the secure server, the third party data communication computer program module operative to;
  
  (i) send an outgoing communication (server side HTTP request) to the third-party data processor, via the data communications interface, the outgoing communication including the third party data processing information;
  
  (ii) receive an incoming communication (server side HTTP response) via the data communications interface, the incoming communication including results data from the third party data processor.(p) launch an error signaling function computer program module of the secure server, the error signaling computer program module operative to;
  
  (i) parse the third party data processor results and extract transaction error signals (e.g. requests for data correction, incremental information, etc.);
  
  (ii) Generate a third-party data processor transaction error signal;
  
  (iii) Present the third-party data processor transaction error signal to designated computer program modules of the secure server;
  
  (q) launch a transaction completion function computer program module executable on the secure server, the transaction completion computer program module operative to;
  
  (i) receive third-party data processor results from the third-party data communication function computer program module;
  
  (ii) receive third-party data processor transaction error signal from the transaction result signaling function computer program module;
  
  (iii) assemble and store in memory the third-party data processor results, transaction error signals and parameter values associated with the trusted computing process. (e.g. transaction result codes, error codes, etc.);
  
  (iv) execute a response function computer program module designated to correspond with the received third-party data processor results and third-party data processor transaction error signals (e.g. complete the transaction, request error corrections, etc.);
  
  (v) send an outgoing signal communication (server side HTTP request) to the publisher, via the data communications interface, the outgoing signal including the third-party data processor results, transaction error signals and parameter values associated with the trusted computing;
  
  (vi) send an outgoing signal communication (embedded URL GET) to the end-user, via the data communications interface, the outgoing signal including the third-party data processor results, transaction error signals and parameter values associated with the trusted computing process;
  
  (vii) upon demand from the trusted user interface function computer program module, execute an error response loop function computer process module of the secure server, the error response loop computer process module operative to;
  
  (1) receive an incoming communication (asynchronous JavaScript request) from the trusted user interface function computer program module via the data communications interface, the incoming communications including incremental data values and parameters requested by the response function computer program module (e.g. the supplemental data values and parameters including items such as error corrections);
  
  (2) launch the third party data communication function computer program module of the secure server;
  
  (3) send an outgoing communication (asynchronous JavaScript response) to the third-party data processor, via the data communications interface, the outgoing communication including the incremental data values and parameters associated with the trusted computing process;
  
  (4) restart the process flow of the transaction completion computer process module;
  
  (viii) generate a transaction complete signal, the signal including markers to indicate termination of the trusted computing process;
  
  (ix) present the transaction completion signal to the trusted user interface function computer module of the publisher, via the data communications interface;
  
  (x) generate an interface release control signal, the signal instructing the trusted user interface function computer program module to release data input and process control rights to the publisher; and
  
  (xi) present the interface release control signal to the trusted user interface function computer program module, via the data communications interface.
- View Dependent Claims (32, 33, 34, 35, 36)
- - 32. The method of claim 31, wherein the publisher is a merchant with an online shopping cart as the publisher'"'"'s business process, and wherein the third party data processor is a financial institution that provides a trusted payment function such credit card processing of the end user'"'"'s credit card information.
  - 33. The method of claim 31, wherein the publisher is a health care services provider with an online health care information web site, and wherein the third party data processor is a health insurance provider that provides a trusted (HIPAA compliant) health care information gathering function from the end user.
  - 34. The method of claim 31, wherein the publisher is a data warehousing services provider, and wherein the third party data processor is a provider of trusted data management services.
  - 35. The method of claim 31, wherein the trusted user interface function computer program module is an I-frame construct defined in hypertext markup language (HTML).
  - 36. The method of claim 31, wherein the trusted user interface function computer program module is a programmatic construct (e.g. a JavaScript object, ActiveX control, PHP script, compiled executable file, etc.)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Chain Reaction Ecommerce, Inc.
Original Assignee
Chain Reaction Ecommerce, Inc.
Inventors
Ruff, Evan M., Iozzia, Salvatore F., McGraw, Gregory P., Fuller, Michael G.

Application Number

US12/954,342
Publication Number

US 20120089481A1
Time in Patent Office

Days
Field of Search
US Class Current

705/26.41
CPC Class Codes

G06F 21/31   User authentication

G06F 21/606   by securing the transmissio...

G06F 2221/2139   Recurrent verification

G06Q 20/38215   Use of certificates or encr...

G06Q 30/0613   Third-party assisted

G07F 7/10   together with a coded signa...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/126   the source of the received ...

H04L 63/168   above the transport layer

H04L 9/321   involving a third party or ...

H04N 7/16   Analogue secrecy systems; A...

SECURING SENSITIVE INFORMATION WITH A TRUSTED PROXY FRAME

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

98 Citations

36 Claims

Specification

Use Cases

Quick Links

Others

SECURING SENSITIVE INFORMATION WITH A TRUSTED PROXY FRAME

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

98 Citations

36 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others