PCI DSS compliant proxy service

摘要

The innovation includes systems and methods of facilitating electronic commerce (e-commerce) via a proxy service. Such a method can include the acts of receiving a hypertext transfer protocol with secure socket layer (HTTPS) request from a client application and translating the HTTPS request to a format appropriate for an e-commerce web application. Additionally, such a method can include the steps of sending the translated request to the e-commerce web application via HTTPS and receiving a response based at least in part on the translated HTTPS request. The method can also include the acts of translating the HTTPS response to a format appropriate for the client application and sending the translated response to the client application via HTTPS. Secure information can be encrypted and stored at the client application separately from the encryption key, which can be stored by the proxy service.

主权项

1. A method of facilitating electronic commerce (e-commerce), comprising:
receiving at a proxy service a hypertext transfer protocol with secure socket layer (HTTPS) request from a client application; translating the HTTPS request to a format appropriate for an e-commerce web application; sending the translated request to the e-commerce web application via HTTPS; receiving a response at the proxy service based at least in part on the translated HTTPS request, wherein the response includes sensitive data; encrypting the sensitive data with a salt key, wherein the salt key is utilized to decrypt the sensitive data at a different time; translating the response to a format appropriate for the client application; and sending the translated response including the encrypted sensitive data from the proxy service to the client application via HTTPS without storing the sensitive data at the proxy service; and storing the salt key at the proxy service without sending the salt key to the client application, wherein the client application neither encrypts nor decrypts the sensitive data.