公开(公告)号：US20160277421A1

公开(公告)日：2016-09-22

申请号：US14969847

申请日：2015-12-15

Applicant: Yahoo! Inc.

Inventor： Maria Eugenia Tornos Lahoz ,  Anna Chu-Sumida ,  Nikunj Koolar ,  Peter Chan ,  Aditi Sinha Gundlapalli ,  Surajit Dutta ,  Binu Ramakrishnan ,  Venkatesh Dharmar

IPC: H04L29/06 ,  G06F21/62

CPC classification number: H04L63/126 ,  G06F21/6245 ,  G06F21/6263 ,  G06Q20/382 ,  G06Q20/3821 ,  G06Q30/0613 ,  H04L63/04 ,  H04L63/102

Abstract: Methods and systems for receiving sensitive information include receiving a request for entering sensitive information, the request received from a user interface rendered on a client device. The methods and systems rely upon nested iframes, each of which is hosted by a different server. An inner iframe is hosted by a server within a secure zone, such as a digital vault. A middle iframe is hosted within the secure zone and is invoked by an intermediate server. An outer iframe is hosted by a server that provides the user interface. The server that provides the user interface may be hosted by a cloud service provider, for example. Using the nested iframes and the network topology described in the present disclosure, users are able to exchange sensitive information with a server within the secure zone through a user interface provided outside the secure zone.

Abstract translation: 用于接收敏感信息的方法和系统包括接收从客户端设备上呈现的用户界面接收的请求，用于输入敏感信息。 方法和系统依赖于嵌套iframe，每个iframe都由不同的服务器托管。 内部iframe由安全区域内的服务器（如数字保险库）托管。 中间iframe驻留在安全区域内，由中间服务器调用。 外部iframe由提供用户界面的服务器托管。 提供用户界面的服务器可以由例如云服务提供商托管。 使用本公开中描述的嵌套式iframe和网络拓扑，用户能够通过设置在安全区域之外的用户界面与安全区域内的服务器交换敏感信息。

公开(公告)号：US09251372B1

公开(公告)日：2016-02-02

申请号：US14794733

申请日：2015-07-08

Applicant: Yahoo! Inc.

Inventor： Maria Eugenia Tornos Lahoz ,  Anna Chu-Sumida ,  Nikunj Koolar ,  Peter Chan ,  Aditi Sinha Gundlapalli ,  Surajit Dutta ,  Binu Ramakrishnan ,  Venkatesh Dharmar

IPC: G06F7/04 ,  G06F17/30 ,  H04N7/16 ,  H04L29/06 ,  H04L9/32 ,  G06F21/62 ,  G06Q20/38

CPC classification number: H04L63/126 ,  G06F21/6245 ,  G06F21/6263 ,  G06Q20/382 ,  G06Q20/3821 ,  G06Q30/0613 ,  H04L63/04 ,  H04L63/102

Abstract: Methods and systems for receiving sensitive information include receiving a request for entering sensitive information, the request received from a user interface rendered on a client device. The methods and systems rely upon nested iframes, each of which is hosted by a different server. An inner iframe is hosted by a server within a secure zone, such as a digital vault. A middle iframe is hosted within the secure zone and is invoked by an intermediate server. An outer iframe is hosted by a server that provides the user interface. The server that provides the user interface may be hosted by a cloud service provider, for example. Using the nested iframes and the network topology described in the present disclosure, users are able to exchange sensitive information with a server within the secure zone through a user interface provided outside the secure zone.

Abstract translation: 用于接收敏感信息的方法和系统包括接收从客户端设备上呈现的用户界面接收的请求，用于输入敏感信息。 方法和系统依赖于嵌套iframe，每个iframe都由不同的服务器托管。 内部iframe由安全区域内的服务器（如数字保险库）托管。 中间iframe驻留在安全区域内，由中间服务器调用。 外部iframe由提供用户界面的服务器托管。 提供用户界面的服务器可以由例如云服务提供商托管。 使用本公开中描述的嵌套式iframe和网络拓扑，用户能够通过设置在安全区域之外的用户界面与安全区域内的服务器交换敏感信息。