HOSTED SENSITIVE DATA FORM FIELDS FOR COMPLIANCE WITH SECURITY STANDARDS

US 20170255943A1
Filed: 05/18/2017
Published: 09/07/2017
Est. Priority Date: 05/22/2015
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

non-transitory memory storing instructions; and

one or more hardware processors coupled to the non-transitory memory and operable to execute instructions from the non-transitory memory to cause the system to perform operations comprising;

providing first programming code that can be used as part of a webpage, the code being executable by a user device when accessing the webpage;

receiving an identification token from a user device executing at least a portion of the code in response to accessing the webpage;

responding to the user device in response to receiving the identification token;

receiving one or more API calls from the user device; and

in response to receiving the one or more API calls and the identification token, sending second programming code to the user device that will generate a plurality of iframes when executed by the user device, the plurality of iframes being hosted by the system, each of the plurality of iframes providing a data entry field that gathers input and is configured to communicate the input directly with the system, each data entry field stylized based on a configuration specified in the one or more API calls.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods providing, by a third party, input form fields for sensitive data on a web page provided by an organization. A user may request a web page from an organization, such as a merchant'"'"'s checkout web page, that requires entry of sensitive data. The merchant'"'"'s checkout web page may include reference to a script file that provides hosted sensitive data form fields. In response to rendering the merchant web page in a web browser of the user, a request to provide sensitive data form fields on the merchant web page may be received. The request may include a call to a function in a scripting file provided by the third party, and the provided file may cause one or more inline frames to be rendered in the web browser, each inline frame including a sensitive data form field. Data entered by the user in the sensitive data form fields may be received by a third party payment processor device.

28 Citations

20 Claims

1. A system, comprising:
- non-transitory memory storing instructions; and
  
  one or more hardware processors coupled to the non-transitory memory and operable to execute instructions from the non-transitory memory to cause the system to perform operations comprising;
  
  providing first programming code that can be used as part of a webpage, the code being executable by a user device when accessing the webpage;
  
  receiving an identification token from a user device executing at least a portion of the code in response to accessing the webpage;
  
  responding to the user device in response to receiving the identification token;
  
  receiving one or more API calls from the user device; and
  
  in response to receiving the one or more API calls and the identification token, sending second programming code to the user device that will generate a plurality of iframes when executed by the user device, the plurality of iframes being hosted by the system, each of the plurality of iframes providing a data entry field that gathers input and is configured to communicate the input directly with the system, each data entry field stylized based on a configuration specified in the one or more API calls.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein each data entry field is hosted by the system.
  - 3. The system of claim 1, wherein the configuration comprises a color of the data entry.
  - 4. The system of claim 1, wherein responding to the user device in response to receiving the identification token comprises responding to the user device with a client instance for interactions with an API.
  - 5. The system of claim 1, wherein the operations further comprise:
    - receiving payment card information from the user device through the data entry field;
      
      receiving a payment token from the user device;
      
      receiving a payment request and the payment token from an operator of the webpage;
      
      facilitating a payment for the payment request using the payment card information in response to the payment token received from the operator matching the payment token from the user device.
  - 6. The system of claim 1, wherein the operations further comprise:
    - receiving payment card information from the user device through the data entry field;
      
      providing a payment token to the user device;
      
      receiving a payment request and the payment token from an operator of the webpage; and
      
      facilitating a payment for the payment request using the payment card information in response to the payment token received from the operator matching the payment token from the user device.
  - 7. The system of claim 1, wherein the identification token is also an authorization token.

8. A computer implemented method, comprising:
- providing first programming code that can be used as part of a webpage, the code being executable by a user device when accessing the webpage;
  
  receiving an identification token from a user device executing at least a portion of the code in response to accessing the webpage;
  
  responding to the user device in response to receiving the identification token;
  
  receiving one or more API calls from the user device; and
  
  in response to receiving the one or more API calls and the identification token, sending second programming code to the user device that will generate a plurality of iframes when executed by the user device, the plurality of iframes being hosted by the system, each of the plurality of iframes providing a data entry field that gathers input and is configured to communicate the input directly with the system, each data entry field stylized based on a configuration specified in the one or more API calls.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method of claim 8, wherein the configuration comprises a color of the data entry field.
  - 10. The method of claim 8, wherein the configuration comprises a color.
  - 11. The method of claim 8, wherein the configuration comprises a color of the data entry field.
  - 12. The method of claim 8, wherein at least one of the data entry fields is prepopulated
  - 13. The method of claim 8, further comprising causing the user device to display an indication of error through at least one of the plurality of iframes in response to receiving invalid information.
  - 14. The method of claim 13, wherein the indication is changing a color of the data entry field.
  - 15. The method of claim 8, wherein the configuration comprises a maximum width of each iframe.

16. A non-transitory machine-readable medium comprising a plurality of machine-readable instructions which, when executed by one or more processors, are adapted to cause the one or more processors to perform a method comprising:
- providing first programming code that can be used as part of a webpage, the code being executable by a user device when accessing the webpage;
  
  receiving an identification token from a user device executing at least a portion of the code in response to accessing the webpage;
  
  responding to the user device in response to receiving the identification token;
  
  receiving one or more API calls from the user device; and
  
  in response to receiving the one or more API calls and the identification token, sending second programming code to the user device that will generate a plurality of iframes when executed by the user device, the plurality of iframes being hosted by the system, each of the plurality of iframes providing a data entry field that gathers input and is configured to communicate the input directly with the system, each data entry field stylized based on a configuration specified in the one or more API calls.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory machine-readable medium of claim 16, wherein at least one of the data entry fields indicates that data entered in the at least one data entry field is valid.
  - 18. The non-transitory machine-readable medium of claim 17, wherein the indication is a change of a color of the at least one data entry field.
  - 19. The non-transitory machine-readable medium of claim 16, wherein each data entry field is hosted by the system.
  - 20. The non-transitory machine-readable medium of claim 16, wherein the operations further comprise receiving payment information from the user device through the plurality of iframes displayed as part of the webpage and conducts a purchase with a merchant hosting the webpage without the merchant receiving the payment information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Inventors
DeTella, Kyle, Hahn, Evan, Mrak, Eric, Carpenter, V, George, Klun, Thomas, Downey, John, Turumella, Rohit, Reiss, Mickey, Mills, Benjamin

Granted Patent

US 10,565,596 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 40/174   Form filling; Merging

G06F 8/38   for implementing user inter...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/34   using cards, e.g. integrate...

G06Q 20/382   insuring higher security of...

G06Q 20/4018   using the card verification...

G06Q 20/40975   using encryption therefor

H04L 67/02   based on web technology, e....

HOSTED SENSITIVE DATA FORM FIELDS FOR COMPLIANCE WITH SECURITY STANDARDS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

28 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

HOSTED SENSITIVE DATA FORM FIELDS FOR COMPLIANCE WITH SECURITY STANDARDS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others