This specification relates to securing user interfaces used with communications over computer networks.
A client-server environment is a network architecture in which clients generally rely on servers for resources, such as files, databases, devices, processing power, etc. The
World Wide Web and its associated web servers and web browsers are a typical example of a client-server environment using an existing underlying computer network (e.g., the Internet) for communications. The World Wide Web currently provides users worldwide with access to many products, services and information. Access to such products, services and information is sometimes restricted, such that a user must pay to gain access (e.g., enter credit card information), login (e.g., enter a user name and password), or both.
In order to secure the communications involved in such payment or login activity, many current web browsers include support for HyperText Transport Protocol Secure (HTTPS). HTTPS is a protocol used to access a secure web page provided by a secure web server. In addition, browsers that support HTTPS typically also show a lock icon within the confines of the browser's own user interface to show that some content rendered within the browser window has been delivered securely. Thus, by looking for the lock icon, any Universal Resource Locator (URL) displayed by the browser, and potentially additional information derived from the secure web server's certificate, a user can determine whether or not to trust the currently displayed page with sensitive information to be entered.
In other cases, web sites have used SWF content to create user interfaces that capture sensitive data from users. Note that SWF is a file format, such as the SWF File Format Specification (Version 10) as published by Adobe Systems Incorporated of San Jose, Calif. The SWF file format delivers vector graphics, text, video, and sound over the Internet and is supported by Adobe® AIR™ software and Adobe® Flash® Player software, at least the latter of which has used modal windows, anti-overlay protection, bitwise comparison, cross-cite scripting and display list protections, in order to secure traditional user interfaces.