Some existing authentication schemes for web pages rely on Certificate Authority (CA) digital certificates. In these schemes, a CA digital certificate is installed on a server that stores content for a transaction page, such as a home page for a domain. When a client such as a browser attempts to access the transaction page, the CA digital certificate is accessed by the client. The CA digital certificate represents a vouching by the CA (a trusted third party to the transaction between the client and the server) that the content being provided to the client is originating from a server that matches ownership records for the accessed URL.
Some web pages draw content from multiple different servers through a technology such as framing or native browser functionality (native browser functionality is enabled by browser cross domain request objects). In a multi-frame web page, content is pulled together from a plurality of sources with a different network call being used for each source (multi-origin call). For example, a controlling frame of the transaction page discussed above can draw content from one particular server operated by an owner of the domain while another frame of the same transaction page can draw content from another particular server operated by the owner of the domain or a server operated by a separate owner. When such a web page loads correctly, the image appears as a single web page even though the content is assembled from the plurality of servers.
When a client attempts to access a web page linked to a plurality of content servers using the scheme described in the first paragraph, only a portion of the web page will be loaded, or all of the web page will be loaded with only some of the content sources being authenticated, either of which represents a problem with the authentication process. In one case, the resulting image is incomplete, while in the other case a portion of the servers providing the data to the client are unauthenticated, presenting a security hole. The disclosure that follows solves this and other problems.