A web browser operates to enable display of, and user interaction with, information provided by a web server. Typically the web browser and web server are connected via the Internet and/or other networks such as a local area network. Typically the web browser is an application operating as part of user equipment such as a personal computer, and the web server is located remotely under the control of a separate party and provides a website. One example of a web browser is “Internet Explorer” (trademark) provided by, Microsoft (trademark).
Web browsers may be implemented as software. So-called web browser plug-ins may be added to, or operated by, an existing web browser to provide additional functionality to the web browser.
A web browser may run script obtained from a web server. Cross-site scripting occurs for example when the script from a first website (i.e. from a first web server) operates to download content from a second website (i.e. from a second web server) to the web browser. The content may for example include images from the second web site and/or source <script> tags from the second web site.
Web servers are also implemented in some mobile devices, e.g. smartphones.
Security processes for access between plural entities are known, for example as disclosed in EP 1 903 741 (A1), WO 03098563 (A2) and IE 20020438 (A2).
Known security processes do not however alleviate risks presented to a device (e.g. a mobile device) with a web server when accessed by a web browser that is involved in cross-site scripting from web servers other than the device's web server or other operations involving plural web servers other than the device's web server.
In a first aspect, there is provided a method of service provision, comprising: a web browser, running in a first communications device, running a script that is from a source that is trusted by a user of the first communications device; sending, from the first communications device to a second communications device, a user-verified indication of the trusted source; sending, from the first communications device to the second communications device: a service request, for a service required by script currently running on the web browser, and an indication of the source of the current script; 35 the second communications device comparing the indicated source of the current script to the indicated trusted source; and the second communications device providing the requested service only if the indicated source of the current script corresponds to the indicated trusted source.
In a further aspect, there is provided a method for a first communications device to request a service from a second communications device, comprising: a web browser, running in the first communications device, running a script that is from a source that is trusted by a user of the first communications device; the first communications device sending a user-verified indication of the trusted source to the second communications device; and the first communications device sending, to the second communications device, the following: a service request, for a service required by script currently running on the web browser, and an indication of the source of the current script.
In a further aspect, there is provided a method for a second communications device to respond to a service request from a first communications device, comprising: the second communications device receiving a user-verified indication of a trusted source sent from the first communications device; the second communications device receiving, from the first communications device: a service request, for a service required by script currently running on a web browser, and an indication of the source of the current script; the second communications device comparing the indicated source of the current script to the indicated trusted source; and the second communications device providing the requested service only if the indicated source of the current script corresponds to the indicated trusted source.
The user-verified indication of the trusted source may comprise an indication of the trusted source encrypted with a password known to the first communications device and the second communications device.
The trusted source may be a remote web server.
A web server running in the second communications device may receive the user-verified indication of the trusted source, the service request, and the indication of the source of the current script.
If the second communications device performs the requested service, a service product may be produced which is forwarded to the first communications device.
The method may further comprise sending, from the second communications device to the first communications device, an indication of refusal of the requested service when the requested service is not provided by the second communications device due to the indicated source of the current script not corresponding to the indicated trusted source.
The method may further comprise: sending a user authorisation request from the second communications device to the first communications device; the first communications device obtaining authorisation from the user; sending a user authorisation from the first communications device to the second communications device; and the second communications device providing the requested service only if the indicated source of the current script corresponds to the indicated trusted source and the user authorisation is received.
The user authorisation may comprise an approval of the service request encrypted with a password known to the first communications device and the second communications device.
The second communications device may be a smartphone.
In a further aspect, there is provided a storage medium (e.g.. a non-transitory computer readable storage medium) storing processor-implementable instructions for controlling one or more processors to carry out any of the above aspects.
In a further aspect, there is provided a service provision system, comprising a first communications device and a second communications device; the first communications device being adapted to run, on a web browser running in the first communications device, a script that is from a source that is trusted by a user of the first communications device; the first communications device further being adapted to send a user-verified indication of the trusted source to the second communications device; the first communications further being adapted to send, to the second communications device, the following: a service request, for a service required by script currently running on the web browser, and an indication of the source of the current script; the second communications device being adapted to compare the indicated source of the current script to the indicated trusted source; and the second communications device further being adapted to provide the requested service only if the indicated source of the current script corresponds to the indicated trusted source.
In a further aspect, there is provided a first communications device for requesting a service from a second communications device, the first communications device comprising: a web browser adapted to run a script that is from a source that is trusted by a user of the first communications device; wherein: the first communications device is adapted to send a user-verified indication of the trusted source to the second communications device; and the first communications is further adapted to send, to the second communications device, the following: a service request, for a service required by script currently running on the web browser, and an indication of the source of the current script.
In a further aspect, there is provided a second communications device for responding to a service request from a first communications device; the second communications device being adapted to receive a user-verified indication of a trusted source sent from the first communications device; the second communications device further being adapted to receive, from the first communications device: a service request, for a service required by script currently running on a web browser, and an indication of the source of the current script; the second communications device further being adapted to compare the indicated source of the current script to the indicated trusted source; and the second communications device further being adapted to provide the requested service only if the indicated source of the current script corresponds to the indicated trusted source.
The user-verified indication of the trusted source may comprise an indication of the trusted source encrypted with a password known to the first communications device and the second communications device.
The trusted source may be a remote web server.
A web server running in the second communications device may be adapted to receive the user-verified indication of the trusted source, the service request, and the indication of the source of the current script.
The second communications device may be further adapted to produce a service product, which is forwarded to the first communications device, if the second communications device performs the requested service.
The second communications device may be further adapted to send, to the first communications device, an indication of refusal of the requested service when the requested service is not provided by the second communications device due to the indicated source of the current script not corresponding to the indicated trusted source.
The second communications device may be further adapted to send a user authorisation request to the first communications device; the first communications device may be further adapted to obtain authorisation from the user; the first communications device may be further adapted to send a user authorisation to the second communications device; and the second communications device may be further adapted to provide the requested service only if the indicated source of the current script corresponds to the indicated trusted source and the user authorisation is received.
The user authorisation may comprise an approval of the service request encrypted with a password known to the first communications device and the second communications device.
The second communications device may be a smartphone.