US 12,086,866 B2
Systems and methods for preventing malicious modifications to order information sent over a network
Robin James Senior, Toronto (CA); and Kristopher Orr, Toronto (CA)
Assigned to SHOPIFY INC., Ottawa (CA)
Filed by SHOPIFY INC., Ottawa (CA)
Filed on Sep. 21, 2022, as Appl. No. 17/949,457.
Prior Publication US 2024/0095810 A1, Mar. 21, 2024
Int. Cl. G06Q 30/0601 (2023.01); G06Q 20/20 (2012.01); G06Q 20/40 (2012.01); G06Q 30/0226 (2023.01)
CPC G06Q 30/0637 (2013.01) [G06Q 20/208 (2013.01); G06Q 20/4014 (2013.01); G06Q 30/0226 (2013.01); G06Q 30/0627 (2013.01)] 25 Claims
OG exemplary drawing
 
1. A computer-implemented method comprising:
receiving, at a server from a point of sale device, an indication of one or more items entered into the point of sale device;
storing, at the server, order information for the one or more items, the order information being associated with a uniform resource locator (URL) having an identifier that permits a user device to access the order information over the internet;
transmitting the URL to the point of sale device and causing encoding of the URL into a machine-readable indicium and causing display of the machine-readable indicium encoding the URL on the point of sale device, wherein the machine-readable indicium is scannable by the user device to obtain the URL, and wherein modification of the URL cannot modify the order information;
receiving, at the server from the user device, a Hypertext Transfer Protocol (HTTP) request for the order information, the HTTP request received over the internet, the HTTP request based on the URL obtained by the user device, and the URL having the identifier identifying the order information;
responsive to receiving, from the user device, the HTTP request for the order information identified by the identifier, sending a web page having the order information relating to the one or more items over the internet to the user device;
receiving over the internet at the server, from the user device, an HTTP request for a modification to the order information identified by the identifier;
responsive to receiving the HTTP request for the modification, determining that the requested modification complies with one or more rules that validate that the modification does not represent malicious activity, including determining that the requested modification is to one or more parts of the order information that is permitted to be modified;
transmitting to the point of sale device an indication of the requested modification and causing display of the requested modification on the point of sale device;
receiving, from the point of sale device, approval of the requested modification;
only responsive to both determining that the requested modification complies with the one or more rules and receiving the approval from the point of sale device, modifying the order information at the server, thereby preventing any malicious attempt to make modifications that do not comply with the one or more rules, including preventing modification of parts of the order information that are not permitted to be modified;
indicating, to the user device over the internet, an update to the order information based on the modified order information; and
responsive to determining that payment for the modified order information has been completed, indicating to the point of sale device that payment for the modified order information has been completed, thereby providing confirmation of the payment separate from any payment confirmation that may be maliciously presented by the user device.