Methods and systems for providing security for page framing

US 9,442,783 B2
Filed: 06/24/2011
Issued: 09/13/2016
Est. Priority Date: 06/25/2010
Status: Active Grant

First Claim

Patent Images

1. A method for analyzing a page to be presented by a browser executed by one or more processors of a computing platform, the method comprising:

blocking loading of the page with the one or more processors;

determining, with the one or more processors, if the page is framed by a second page;

enabling the page with the one or more processors if the testing indicates that the page is not framed by a second page;

inspecting each level of a hierarchy of framing pages with the one or more processors to determine whether each level is authorized by, for each level of the hierarchy, determining whether the page at that level of the hierarchy is authorized to frame bylaunching a frame having a locator address corresponding to a domain of the framing page to be tested,determining whether the domain of the launched frame matches a domain of the framing page to be tested, andproviding an indication to the framed page of whether the domain of the launched frame and the domain of the framing page to be tested match by utilizing a challenge request-response exchange between the domain of the launched frame and the domain of the framed page to secure the verification process; and

enabling the page with the one or more processors if the inspecting indicates that each level of the hierarchy of framing pages is authorized.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for analyzing a page to be presented by a browser running on a computing platform. The page is disabled. The page is tested to determine if the page is framed by a second page. The page is enabled if the testing indicates that the page is not framed by a second page. Each level of a hierarchy of framed pages is inspected to determine whether each level is authorized. The page is enabled if the inspecting indicates that each level of the hierarchy of framed pages is authorized.

Citations

11 Claims

1. A method for analyzing a page to be presented by a browser executed by one or more processors of a computing platform, the method comprising:
- blocking loading of the page with the one or more processors;
  
  determining, with the one or more processors, if the page is framed by a second page;
  
  enabling the page with the one or more processors if the testing indicates that the page is not framed by a second page;
  
  inspecting each level of a hierarchy of framing pages with the one or more processors to determine whether each level is authorized by, for each level of the hierarchy, determining whether the page at that level of the hierarchy is authorized to frame bylaunching a frame having a locator address corresponding to a domain of the framing page to be tested,determining whether the domain of the launched frame matches a domain of the framing page to be tested, andproviding an indication to the framed page of whether the domain of the launched frame and the domain of the framing page to be tested match by utilizing a challenge request-response exchange between the domain of the launched frame and the domain of the framed page to secure the verification process; and
  
  enabling the page with the one or more processors if the inspecting indicates that each level of the hierarchy of framing pages is authorized.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 wherein the browser accesses a policy to determine what hierarchy of framing pages is allowed.
  - 3. The method of claim 1 wherein providing an indication to the framed page of whether the domain of the launched frame and the domain of the framing page to be tested match comprises utilizing a secure message post between the domain of the launched frame and the domain of the framed page to secure the verification process.
  - 4. The method of claim 1 wherein determining whether the domain of the launched frame matches a domain of the framing page to be tested comprises utilizing a Same Origin Policy (SOP) test between the domain of the launched frame and the domain of the framing page to be tested.

5. A non-transitory computer readable medium having stored thereon instructions that, when executed by one or more processors, cause the one or more processors to analyze a page to be presented by a browser running on a computing platform by:
- blocking loading of the page with the one or more processors;
  
  determining, with the one or more processors, if the page is framed by a second page;
  
  enabling the page with the one or more processors if the testing indicates that the page is not framed by a second page;
  
  inspecting each level of a hierarchy of framing pages with the one or more processors to determine whether each level is authorized by, for each level of the hierarchy, determining whether the page at that level of the hierarchy is authorized to frame bylaunching a frame having a locator address corresponding to a domain of the framing page to be tested,determining whether the domain of the launched frame matches a domain of the framing page to be tested, andproviding an indication to the framed page of whether the domain of the launched frame and the domain of the framing page to be tested match by utilizing a challenge request-response exchange between the domain of the launched frame and the domain of the framed page to secure the verification process; and
  
  enabling the page with the one or more processors if the inspecting indicates that each level of the hierarchy of framing pages is authorized.
- View Dependent Claims (6, 7)
- - 6. The medium of claim 5 wherein providing an indication to the framed page of whether the domain of the launched frame and the domain of the framing page to be tested match comprises utilizing a secure message post between the domain of the launched frame and the domain of the framed page to secure the verification process.
  - 7. The medium of claim 5 wherein determining whether the domain of the launched frame matches a domain of the framing page to be tested comprises utilizing a Same Origin Policy (SOP) test between the domain of the launched frame and the domain of the framing page to be tested.

8. A system having one or more hardware processing cores to analyze a page to be presented by a browser executed by the one or more hardware processing cores, wherein the one or more hardware processing cores at least block loading of the page, determine, with the one or more processors, if the page is framed by a second page, inspect each level of a hierarchy of framing pages with the one or more processors to determine whether each level is authorized by, for each level of the hierarchy, determining whether the page at that level of the hierarchy is authorized to frame by launching a frame having a locator address corresponding to a domain of the framing page to be tested, determining whether the domain of the launched frame matches a domain of the framing page to be tested, and providing an indication to the framed page of whether the domain of the launched frame and the domain of the framing page to be tested match by utilizing a challenge request-response exchange between the domain of the launched frame and the domain of the framed page to secure the verification process, and enable the page if the inspecting indicates that each level of the hierarchy of framing pages is authorized.
- View Dependent Claims (9, 10, 11)
- - 9. The system of claim 8 wherein the browser accesses a policy to determine what hierarchy of framing pages is allowed.
  - 10. The system of claim 8 wherein providing an indication to the framed page of whether the domain of the launched frame and the domain of the framing page to be tested match comprises utilizing a secure message post between the domain of the launched frame and the domain of the framed page to secure the verification process.
  - 11. The system of claim 8 wherein determining whether the domain of the launched frame matches a domain of the framing page to be tested comprises utilizing a Same Origin Policy (SOP) test between the domain of the launched frame and the domain of the framing page to be tested.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Gluck, Yoel
Primary Examiner(s)
Zele, Krista
Assistant Examiner(s)
FORMAN, JAMES Q

Application Number

US13/168,444
Publication Number

US 20110321162A1
Time in Patent Office

1,908 Days
Field of Search

726/22
US Class Current

1/1
CPC Class Codes

G06F 11/00   Error detection; Error corr...

G06F 16/9577   Optimising the visualizatio...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/00   Network architectures or ne...

H04L 63/101   Access control lists [ACL]

H04L 63/1425   Traffic logging, e.g. anoma...

Methods and systems for providing security for page framing

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for providing security for page framing

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links