Hosted sensitive data form fields for compliance with security standards

US 10,565,596 B2
Filed: 05/18/2017
Issued: 02/18/2020
Est. Priority Date: 05/22/2015
Status: Active Grant

First Claim

Patent Images

1. A system associated with a payment service provider, the system comprising:

a non-transitory memory storing instructions; and

one or more hardware processors coupled to the non-transitory memory and configured to execute the instructions from the non-transitory memory to cause the system to perform operations comprising;

providing, to a merchant server associated with a merchant, first programming code to be included as part of a merchant webpage hosted by the merchant server, wherein the first programming code is executable by a user device associated with a user after the merchant webpage is accessed by the user device;

receiving one or more application programming interface (API) calls from the user device based upon the user device executing at least a portion of the first programming code, wherein the one or more API calls include a payment processor client token associated with the merchant and a set of parameters representing a style configuration;

customizing second programming code based on the set of parameters;

in response to receiving the one or more API calls, sending the customized second programming code to the user device to be rendered by the user device as part of the merchant webpage, wherein the customized second programming code, when rendered by the user device, (i) generates a set of iframes within the merchant webpage as presented on the user device, wherein the set of iframes comprises a first set of data entry fields configured to receive first input data from the user, and wherein each data entry field in the first set of data entry fields is stylized based on the style configuration represented by the set of parameters included in the one or more API calls, (ii) determines a second set of data entry fields hosted by the merchant server and presented on the merchant webpage, wherein the second set of data entry fields is configured to receive second input data from the user, and (iii) overwrites a submission button of the merchant webpage, wherein the overwriting the submission button causes the user device to transmit the second input data to the merchant server and to transmit the first input data directly to the system without transmitting the first input data to the merchant server when the submission button is selected;

receiving, from the user device in response to the user selecting the submission button on the merchant webpage, the first input data corresponding to the first set of data entry fields;

processing a payment transaction based on the first input data and the payment processor client token included in the one or more API calls; and

in response to processing the payment transaction, transmitting a notification indicating that the payment transaction is processed.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods providing, by a third party, input form fields for sensitive data on a web page provided by an organization. A user may request a web page from an organization, such as a merchant'"'"'s checkout web page, that requires entry of sensitive data. The merchant'"'"'s checkout web page may include reference to a script file that provides hosted sensitive data form fields. In response to rendering the merchant web page in a web browser of the user, a request to provide sensitive data form fields on the merchant web page may be received. The request may include a call to a function in a scripting file provided by the third party, and the provided file may cause one or more inline frames to be rendered in the web browser, each inline frame including a sensitive data form field. Data entered by the user in the sensitive data form fields may be received by a third party payment processor device.

47 Citations

View as Search Results

20 Claims

1. A system associated with a payment service provider, the system comprising:
- a non-transitory memory storing instructions; and
  
  one or more hardware processors coupled to the non-transitory memory and configured to execute the instructions from the non-transitory memory to cause the system to perform operations comprising;
  
  providing, to a merchant server associated with a merchant, first programming code to be included as part of a merchant webpage hosted by the merchant server, wherein the first programming code is executable by a user device associated with a user after the merchant webpage is accessed by the user device;
  
  receiving one or more application programming interface (API) calls from the user device based upon the user device executing at least a portion of the first programming code, wherein the one or more API calls include a payment processor client token associated with the merchant and a set of parameters representing a style configuration;
  
  customizing second programming code based on the set of parameters;
  
  in response to receiving the one or more API calls, sending the customized second programming code to the user device to be rendered by the user device as part of the merchant webpage, wherein the customized second programming code, when rendered by the user device, (i) generates a set of iframes within the merchant webpage as presented on the user device, wherein the set of iframes comprises a first set of data entry fields configured to receive first input data from the user, and wherein each data entry field in the first set of data entry fields is stylized based on the style configuration represented by the set of parameters included in the one or more API calls, (ii) determines a second set of data entry fields hosted by the merchant server and presented on the merchant webpage, wherein the second set of data entry fields is configured to receive second input data from the user, and (iii) overwrites a submission button of the merchant webpage, wherein the overwriting the submission button causes the user device to transmit the second input data to the merchant server and to transmit the first input data directly to the system without transmitting the first input data to the merchant server when the submission button is selected;
  
  receiving, from the user device in response to the user selecting the submission button on the merchant webpage, the first input data corresponding to the first set of data entry fields;
  
  processing a payment transaction based on the first input data and the payment processor client token included in the one or more API calls; and
  
  in response to processing the payment transaction, transmitting a notification indicating that the payment transaction is processed.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein the style configuration indicates a color of the first set of data entry fields.
  - 3. The system of claim 1, wherein the first input data comprises payment card information associated with the user, and wherein the payment transaction is processed based on the payment card information.
  - 4. The system of claim 1, wherein the first input data comprises payment card information associated with the user, and wherein the operations further comprise:
    - generating a payment token based on the payment card information;
      
      transmitting the payment token to the user device; and
      
      subsequent to transmitting the payment token to the user device, receiving a payment request and the payment token from the merchant server, wherein the payment transaction is processed in response to receiving the payment request and based on the payment token.
  - 5. The system of claim 1, wherein the payment processor client token comprises an authorization token.
  - 6. The system of claim 1, wherein the second programming code, when executed by the user device, causes the first input data to be encrypted prior to transmitting the encrypted first input data to the system, and wherein the operations further comprise decrypting the encrypted first input data after receiving the encrypted first input data from the user device.

7. A computer implemented method, comprising:
- providing, by a computer system associated with a payment service provider to a merchant server associated with a merchant, first programming code to be included as part of a merchant webpage hosted by the merchant server, wherein the first programming code is executable by a user device associated with a user after the merchant webpage is accessed by the user device;
  
  receiving, by the computer system, one or more application programming interface (API) calls from the user device based upon the user device executing at least a portion of the first programming code, wherein the one or more API calls include an identification token associated with the merchant and a set of parameters representing a style configuration;
  
  in response to receiving the one or more API calls, sending, by the computer system, second programming code customized based on the set of parameters to the user device to be rendered by the user device as part of the merchant webpage, wherein the customized second programming code, when rendered by the user device, (i) generates a set of iframes within the merchant webpage as presented on the user device, wherein the set of iframes comprises a first set of data entry fields configured to receive first input data from the user, and wherein each data entry field in the first set of data entry fields is stylized based on the style configuration represented by the set of parameters included in the one or more API calls, (ii) determines a second set of data entry fields hosted by the merchant server and presented on the merchant webpage, wherein the second set of data entry fields is configured to receive second input data from the user, and (iii) overwrites a submission button of the merchant webpage, wherein the overwriting the submission button causes the user device to transmit the second input data to the merchant server and to transmit the first input data directly to the computer system without transmitting the first input data to the merchant server when the submission button is selected; and
  
  receiving, by the computer system from the user device, the first input data corresponding to the first set of data entry fields.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The method of claim 7, wherein the style configuration indicates a color of the first set of data entry fields.
  - 9. The method of claim 7, wherein the style configuration indicates a font attribute.
  - 10. The method of claim 7, further comprising prepopulating at least one of the first set of data entry fields rendered on the merchant webpage based on the set of parameters.
  - 11. The method of claim 7, further comprisingdetecting, using the second programming code, data entered into a first data entry field of the first set of data entry fields is invalid;
    - andcausing the user device to display an indication of error on the merchant webpage in response to the detecting.
  - 12. The method of claim 11, wherein the indication of error comprises a change of a color of the first data entry field.
  - 13. The method of claim 7, wherein the style configuration indicates a maximum width of a data entry field.
  - 14. The method of claim 7, wherein the second programming code, when executed by the user device, causes the first input data to be encrypted prior to transmitting the encrypted first input data to the computer system, and wherein the method further comprises decrypting the encrypted first input data after receiving the encrypted first input data from the user device.

15. A non-transitory machine-readable medium having stored thereon machine-readable instructions executable to cause a machine associated with a payment service provider to perform operations comprising:
- providing, to a merchant server associated with a merchant, first programming code to be included as part of a merchant webpage hosted by the merchant server, the first programming code is executable by a user device after the merchant webpage is accessed by the user device;
  
  receiving one or more application programming interface (API) calls from the user device based upon the user device executing at least a portion of the first programming code, wherein the one or more API calls include an identification token associated with the merchant and a set of parameters representing a style configuration;
  
  customizing second programming code based on the set of parameters;
  
  in response to receiving the one or more API calls, sending the customized second programming code to the user device to be rendered by the user device as part of the merchant webpage, wherein the customized second programming code, when rendered by the user device, (i) generates a set of iframes within the merchant webpage as presented on the user device, wherein the set of iframes comprises a first set of data entry fields configured to receive first input data from the user, and wherein each data entry field in the first set of data entry fields is stylized based on the style configuration represented by the set of parameters included in the one or more API calls, (ii) determines a second set of data entry fields hosted by the merchant server and presented on the merchant webpage, wherein the second set of data entry fields is configured to receive second input data from the user, and (iii) overwrites a submission button of the merchant webpage, wherein the overwriting the submission button causes the user device to transmit the second input data to the merchant server and to transmit the first input data directly to the machine without transmitting the first input data to the merchant server when the submission button is selected; and
  
  receiving, from the user device in response to the user selecting the submission button on the merchant webpage, the first input data corresponding to the first set of data entry fields.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory machine-readable medium of claim 15, wherein the second programming code causes at least one of the first set of data entry fields to provide an indication when data entered into the at least one of the first set of data entry fields is determined to be valid.
  - 17. The non-transitory machine-readable medium of claim 16, wherein the indication is a change of a color of the at least one of the first set of data entry fields.
  - 18. The non-transitory machine-readable medium of claim 15, wherein the first input data comprises payment card information, and wherein the operations further comprise processing a payment transaction based on the payment card information without transmitting, to the merchant server, the payment card information.
  - 19. The non-transitory machine-readable medium of claim 15, wherein the second programming code, when executed by the user device, causes the first input data to be encrypted prior to the receiving transmitting the encrypted first input data to the machine, and wherein the operations further comprise decrypting the encrypted first input data after receiving the encrypted first input data from the user device.
  - 20. The non-transitory machine-readable medium of claim 15, wherein the style configuration indicates at least one of a language, a font color, a font type, a font size, a text opacity, a text shadow, or a font smoothing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Inventors
DeTella, Kyle, Hahn, Evan, Mrak, Eric, Carpenter, V, George, Klun, Thomas, Downey, John, Turumella, Rohit, Reiss, Mickey, Mills, Benjamin
Primary Examiner(s)
Choo, Johann Y

Application Number

US15/599,085
Publication Number

US 20170255943A1
Time in Patent Office

1,006 Days
Field of Search
US Class Current
CPC Class Codes

G06F 40/174   Form filling; Merging

G06F 8/38   for implementing user inter...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/34   using cards, e.g. integrate...

G06Q 20/382   insuring higher security of...

G06Q 20/4018   using the card verification...

G06Q 20/40975   using encryption therefor

H04L 67/02   based on web technology, e....

Hosted sensitive data form fields for compliance with security standards

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

47 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Hosted sensitive data form fields for compliance with security standards

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links