A webform provides a means for a hypermedia Client application to populate an arrangement of data fields and submit (“post”) them to a web server for processing. Each datum associated with a webform corresponds to one named instance of one webform control in the webform. For example, a datum named “Bank Branch” might contain the value “1910 Otlet Ave” to reflect the user's selection from a pull-down menu.
To aid the understanding of the disclosed technology, it is helpful to immediately acknowledge three relevant characteristics of webforms.
First, a webform can contain its own text, images and background as well as manipulating controls (sometimes called widgets) like textboxes, pull-down menus and buttons.
Second, a webform's posting destination is expressed as a Universal Resource Locator (URL) in the markup. This specification therefore refers to a webform's destination URL as its “posting URL.”
Third, application developers are historically inclined to cloak a webform's posting URL from the user. Indeed, some hypermedia Client applications, including certain versions of the most popular browsers, will only reveal a posting URL to the most advanced users capable of de-obfuscating markup languages and programming code.
For simplicity of understanding the disclosed technology, this specification uses the following abbreviated terms. Unless otherwise indicated, the abbreviated terms are used in a manner as would be understood by those of ordinary skill in the art but are described here to aid the reader.                1. The term “document” means any hypermedia object addressable by a URL. Documents might be of fixed size and static as with a web page or audio file served out of a folder, continuous as with a streamed live videocast, or dynamic as with a page programmatically constructed in real time using data from a database. They may also take other embodiments. In this specification a document is assumed to contain at least one webform except where otherwise indicated.        2. The term “user” means a human interactively operating a computer.        3. The term “computer” means a wired or wirelessly networked device having a CPU, memory, internal and/or external persistent storage, running an operating system and software applications, and possibly having a screen, keyboard, mouse, or their functional equivalents. Applicable computer types include laptops and their desktop equivalents, racked servers, smart phones, PDAs, set-top boxes, game players, music players.        4. The term “click,” aside from its expected meaning, includes any stimulatory action taken by a user in the course of manipulating a control in a graphical user interface. This includes pressing a keyboard key, or with the proper interfaces, touching a screen, voicing a command, nodding a head, blowing into a tube, and so on.        The term “Declarant” means an entity which has been vetted for legitimacy that wishes to declares facts about webforms.        5. The term “certified webform” means a webform determined to by a Certifier to have facts associated with it, whereby the facts are declared by a Declarant, and in which the Certifier is prepared to state his confidence. The reader will appreciate that this definition soon becomes clearer.        
The term “decertified webform” means a webform that was formerly certified but no longer is, and for which the Certifier has dissociated its respective formerly associated facts. Reasons that a Certifier might decertify a webform might include that the Declarant has withdrawn the facts, or that the Certifier has withdrawn them due to losing trust in the Declarant, or for any other reason of its choosing.
Examining the half-century history of hypertext, and the current nature of hypermedia, it is clear that they were designed to operate under two assumptions that are pertinent to the disclosed technology. There is the assumption that entities authoring hypermedia create webforms that accurately and adequately represent their purposes and authors. There is also the assumption that entities authoring hypermedia create webforms that pose no threat to users. These were originally reasonable assumptions, but no longer, and far from it.
The disclosed technology addresses the threat of fraud presented to users as a direct result of manipulating a webform. Simply put, a user manipulates webform, naively expecting a benign result, and unsuspectingly experiences a malevolent one.
It is significant that the disclosed technology pertains not to just submitting the webform, but to manipulating it in general. To give merely one example, a threat scenario exists whereby an unwitting user types his login credentials into a webform, then at the last moment decides to cancel rather than submit. A clever fraudster might have placed a double-wide submit button in the webform that gives the appearance of neighboring cancel and submit buttons. Regardless of which “button” he presses, the form is posted and the user receives little if any cues of having his credentials compromised.
The massive adoption of online commerce and social media has motivated fraudsters to leverage them in order to promulgate webform manipulation attacks at global scale. They are discussed at length in literature elsewhere, so only two distilled examples are provided here.                1. With phishing, a user manipulates a fraudulent webform. He is visually or auditorially duped into submitting information of personal value, for example, the login credentials used to access his bank account online.        2. With drive-by malware, a user manipulates a fraudulent webform. This causes a hypermedia script to execute that silently hijacks their computer, and is then HTTP redirected to land on the expected legitimate page.        
The rising magnitude of risk would be diminished by system that complements pre-existing existing technologies through providing them with an interoperable contrast. The sum of pre-existing solutions suffer from at least three material shortcomings:
First, known techniques build upon an insufficient basis in fact. The prevailing technique is accurately characterized by “this webform has not been reported as fraudulent, therefore it must be legitimate.” The reader is asked to consider that before sharing sensitive information with a mortgage broker or investment banker over the telephone, it may be wise to know more about the party on the other end than whether or not they have been arrested for an unnamed crime in their past. Such information is helpful, but insufficient, to establish the safekeeping of sensitive personal information. More helpful would be knowing a number independently verifiable facts: many customers he has, how long he has been in business, how a statistically valid sampling of his customers rate their satisfaction with his service, and so on.
Second, known techniques establish fraudulence after the webform has already been publicly availed, often for many hours or days after victims began falling. However, webform fraud is often heavily “front-loaded,” that is, use of a fraudulent webform generally peaks rapidly and quickly reaches the point of diminishing returns. The effectiveness of those technologies lose bite at a rate measured in hours if not minutes.
Third, known techniques judge a webform fraudulent as much by the document that contains it as by the webform itself. This “all or nothing” method makes it undesirable for a webform owner to permit other document authors to publish his webform in their documents; if one author's document that contains the webform is deemed fraudulent—even incorrectly—all documents containing the webform run the risk of being deemed fraudulent.
It is the intent of the disclosed technology to provide thought-provoking windfall benefits for webform usage that may only in retrospect be seen as having pent-up demand. One such example provided elsewhere in this specification describes an embodiment whereby a webform owner can make his webform portable to other document owners while preserving all assurance about the webform offered by the disclosed technology.