Secure Service for Receiving Sensitive Information Through Nested iframes

摘要

Methods and systems for receiving sensitive information include receiving a request for entering sensitive information, the request received from a user interface rendered on a client device. The methods and systems rely upon nested iframes, each of which is hosted by a different server. An inner iframe is hosted by a server within a secure zone, such as a digital vault. A middle iframe is hosted within the secure zone and is invoked by an intermediate server. An outer iframe is hosted by a server that provides the user interface. The server that provides the user interface may be hosted by a cloud service provider, for example. Using the nested iframes and the network topology described in the present disclosure, users are able to exchange sensitive information with a server within the secure zone through a user interface provided outside the secure zone.

主权项

1. A method, comprising:
receiving a request to enter sensitive information, the request received from a webpage rendered on a client device, the request includes a first access token; invoking a user interface host to validate the first access token provided in the request, the user interface host invoked using an iframe; validating the first access token provided in the request using the user interface host, the validating causes retrieval of a second access token by the user interface host for accessing a secure zone; invoking a vault host within the secure zone using the second access token, the vault host in the secure zone used to validate the second access token; receiving a response from the vault host in the secure zone, the response including a command to allow access to one or more fields on the webpage for entering the sensitive information, the response forwarded to the client device for processing to allow access to the one or more fields on the webpage, wherein method operations are performed by one or more processors.