Secure cross-domain web browser communications

US 9,037,963 B1
Filed: 04/22/2011
Issued: 05/19/2015
Est. Priority Date: 04/22/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for conducting cross-domain communications, the computer-implemented method comprising:

generating, via a computing device, a document within a first web browser window that is associated with a first domain, the document associated with a first entity and including functionality for performing a checkout transaction with the first entity, the document including a display element that is selectable by a user to initiate a payment process using an account with a second entity;

generating, via the computing device, an iframe that is a child of the first web browser window, wherein the iframe is associated with a second domain different from the first domain and the iframe is configured to relay a message between the first web browser window and a second web browser window via a function call that transfers the message between the first web browser window and the second web browser window;

generating, via the computing device, the second web browser window in response to user selection of the display element, the second web browser window being associated with the second domain and second entity, the second web browser window providing functionality for the user to use the account with the second entity to make a payment in support of the checkout transaction; and

relaying, via the computing device, the message from the second web browser window to the first web browser window via the iframe.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems and computer program products are provided in which a first “sender” web browser window that is within a first domain can communicate with a second “target” web browser window that is within a second, different domain. Pursuant to these techniques, an iframe may be provided within the target web browser window that has a source address that is within the first domain. The content of the iframe may be a function that forwards a received message to the target web browser window. The target web browser window may receive a message in response to the sender web browser window invoking the function of the iframe.

Citations

27 Claims

1. A computer-implemented method for conducting cross-domain communications, the computer-implemented method comprising:
- generating, via a computing device, a document within a first web browser window that is associated with a first domain, the document associated with a first entity and including functionality for performing a checkout transaction with the first entity, the document including a display element that is selectable by a user to initiate a payment process using an account with a second entity;
  
  generating, via the computing device, an iframe that is a child of the first web browser window, wherein the iframe is associated with a second domain different from the first domain and the iframe is configured to relay a message between the first web browser window and a second web browser window via a function call that transfers the message between the first web browser window and the second web browser window;
  
  generating, via the computing device, the second web browser window in response to user selection of the display element, the second web browser window being associated with the second domain and second entity, the second web browser window providing functionality for the user to use the account with the second entity to make a payment in support of the checkout transaction; and
  
  relaying, via the computing device, the message from the second web browser window to the first web browser window via the iframe.
- View Dependent Claims (2, 3, 16, 17, 18, 19, 20)
- - 2. The computer-implemented method of claim 1, wherein the message includes address information specified by the user via the second web browser window as part of the payment process.
  - 3. The computer-implemented method of claim 1, further comprising generating an event listener in the first web browser window that listens for a postMessage communication from the iframe.
  - 16. The computer-implemented method of claim 1, wherein the iframe specifies a source address within the second domain.
  - 17. The computer-implemented method of claim 1, wherein the first entity comprises an online merchant and the second entity comprises a payment service provider.
  - 18. The computer-implemented method of claim 1, wherein the second web browser window displays a log-in interface that includes functionality for logging into the account with the second entity.
  - 19. The computer-implemented method of claim 1, wherein the second web browser window is a pop-up window.
  - 20. The computer-implemented method of claim 1, wherein the message causes an iframe of the first web browser window to close.

4. A computer-implemented method for a first web browser window that is associated with a first domain to receive a message from a second web browser window that is associated with a second domain different from the first domain, the computer-implemented method comprising:
- displaying a checkout in the first web browser window on a computing device, said checkout page associated with the first domain and providing functionality for making a purchase;
  
  concurrently with the display of the checkout page, providing, in the second web browser window on the computing device, an interface that includes functionality for a user to perform a payment transaction in support of the purchase using an account with a second entity, the interface associated with the second domain;
  
  creating, via the computing device, an iframe that is embedded in the first web browser window that has a source address that is associated with the second domain, wherein the iframe is configured to relay the message from the second web browser window to the first web browser window;
  
  invoking, via the computing device, a function of the iframe in response to a function call from the second web browser window to pass the message via a memory of the computing device from the second web browser window to the first web browser window; and
  
  receiving, via the computing device, the message from the second web browser window at the first web browser window in response to invocation of the function of the iframe, the message associated with the payment transaction.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 21, 22, 23)
- - 5. The computer-implemented method of claim 4, wherein receiving the message from the second web browser window at the first web browser window in response to invocation of the function of the iframe comprises sending the message from the iframe to the first web browser window using a postMessage call.
  - 6. The computer-implemented method of claim 4, wherein receiving the message from the second web browser window at the first web browser window in response to invocation of the function of the iframe comprises:
    - polling a uniform resource locator (“
      
      URL”
      
      ) of the first web browser window; and
      
      extracting the message, wherein the message is appended to the URL of the first web browser window.
  - 7. The computer-implemented method of claim 4, wherein the function comprises computer code that receives the message from the second web browser window and in response to receiving the message forwards the message to the first web browser window.
  - 8. The computer-implemented method of claim 4, wherein the second web browser window comprises a pop-up window.
  - 9. The computer-implemented method of claim 8, wherein the pop-up window is a child web browser window of the first web browser window.
  - 10. The computer-implemented method of claim 9, wherein creating the iframe that is embedded in the first web browser window comprises executing computer code that creates the iframe as a child iframe of the first web browser window.
  - 11. The computer-implemented method of claim 4, further comprising generating an event listener in the first web browser window that listens for a postMessage communication from the iframe.
  - 21. The computer-implemented method of claim 4, wherein the message conveys to the first web browser window address information specified by the user via the second web browser window.
  - 22. The computer-implemented method of claim 4, wherein the message causes the first web browser window, or an iframe thereof, to become closed.
  - 23. The computer-implemented method of claim 4, wherein the second web browser window displays a log-in interface that includes functionality for logging into the account with the second entity.

12. A computer program product for presenting via a presentation device a first web browser window that is associated with a first domain and presenting via the presentation device a second web browser window that is associated with a second domain that is different from the first domain such that the second web browser window can engage in cross-domain communications with the first web browser window, the computer program product comprising:
- a non-transitory computer-readable medium having executable computer-readable program code therein, the computer-readable program code including;
  
  computer program code that, when executed by a computing device, is configured to generate the first web browser window, the first web browser window having an embedded iframe that is associated with the second domain, wherein content of the embedded iframe includes computer program code that, when executed by the computing device, is configured to forward a message to the first web browser window from the second web browser window, wherein the first web browser window displays a checkout page of a first entity and provides functionality for performing a checkout transaction, the checkout page associated with the first domain;
  
  computer program code that, when executed by the computing device, is configured to generate the second web browser window, wherein the second web browser window is a child window of the first web browser window, wherein the second web browser window displays an interface that includes functionality for a user to use an account with a second entity to make a payment in support of the checkout transaction, the interface associated with the second domain; and
  
  computer program code that, when executed by the computing device, is configured to invoke a function of the embedded iframe in order to forward the message from the second web browser window to the first web browser window via the embedded iframe.
- View Dependent Claims (13, 14, 15, 24, 25, 26, 27)
- - 13. The computer program product of claim 12, wherein the message comprises information associated with the checkout transaction, said information provided by the second web browser window.
  - 14. The computer program product of claim 12, wherein the computer program code that is configured to forward the message to the first web browser window comprises computer program code that is configured to call a postMessage event on the first web browser window from the embedded iframe.
  - 15. The computer program product of claim 12, wherein the computer program code that is configured to forward the message to the first web browser window comprises computer program code that is configured to:
    - poll a URL of the first web browser window; and
      
      extract the message from the URL of the first web browser window in response to determining that the URL of the first web browser window was modified.
  - 24. The computer program product of claim 12, wherein the interface includes functionality for logging into the account with the second entity.
  - 25. The computer program product of claim 12, wherein the message conveys to the first web browser window address information specified by the user via the second web browser window.
  - 26. The computer program product of claim 12, wherein the message causes the first web browser window, or an iframe thereof, to become closed.
  - 27. The computer program product of claim 12, wherein the checkout page includes an element that is selectable by the user to cause the second web browser window to be opened.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Agrawal, Ashish, Chandi, Hendi, Kapila, Dhanvi H., Sinha, Vineesh
Primary Examiner(s)
Hong, Stephen
Assistant Examiner(s)
Robinson, Marshon

Application Number

US13/092,695
Time in Patent Office

1,488 Days
Field of Search

715/234, 715/240
US Class Current

715/234
CPC Class Codes

G06F 16/95   Retrieval from the web

G06F 16/951   Indexing; Web crawling tech...

G06F 17/00   Digital computing or data p...

G06F 21/00   Security arrangements for p...

G06Q 20/12   specially adapted for elect...

G06Q 30/0253   During e-commerce, i.e. onl...

G06Q 30/0641   Shopping interfaces

H04L 63/00   Network architectures or ne...

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

H04L 67/131   Protocols for games, networ...

Secure cross-domain web browser communications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Secure cross-domain web browser communications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links