US2017257394A1PendingUtilityA1

Clickjacking protection

54
Assignee: HANSEN ROBERTPriority: Jun 4, 2012Filed: May 19, 2017Published: Sep 7, 2017
Est. expiryJun 4, 2032(~5.9 yrs left)· nominal 20-yr term from priority
Inventors:Robert Hansen
H04L 63/1441G06F 21/64H04L 63/1466G06F 21/50G06F 21/554G06F 2221/2119
54
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A clickjacking protector in an electronic system helps prevent unwanted clickjacking. The elements clicked on by the click position are evaluated to determine whether any of the elements clicked on by the click position is obscured (including being transparent or partially transparent). A protective action is generated in response to a determination that an element clicked on by the click position is obscured.

Claims

exact text as granted — not AI-modified
1 . A method of protecting against clickjacking in an electronic system, comprising:
 determining whether a click position clicks on an obscured element; and   taking a protective action in response to the determination that the click position clicks on the obscured element.   
     
     
         2 . The method of  claim 1 , comprising selectively blocking clicks to cross-domain sites that are linked-to by the clicked on obscured element. 
     
     
         3 . The method of  claim 2 , wherein the determining whether the click position clicks on the obscured element is made by evaluating an order of a layering of elements that are rendered to overlap the click position. 
     
     
         4 . The method of  claim 3 , wherein the determining whether the click position clicks on the obscured element is made in response to the click command. 
     
     
         5 . The method of  claim 3 , wherein the determining whether the click position clicks on the obscured element is made in response to a timing event or user-initiated actions. 
     
     
         6 . The method of  claim 5 , wherein the obscured element clicked on by the click position includes a cross-site element. 
     
     
         7 . The method of  claim 6 , wherein the obscured element clicked on by the click position is obscured by the cursor image. 
     
     
         8 . The method of  claim 6 , wherein determining whether a click position clicks on an obscured element is made by determining whether the transparency of the obscured element clicked on by the click position ranges from an invisible value to an opaque value. 
     
     
         9 . The method of  claim 8 , wherein the any obscured element clicked on by the click position includes malicious code. 
     
     
         10 . The method of  claim 9 , comprising comparing a link associated with an obscured element clicked on by the click position with a list of sites known to contain malicious code. 
     
     
         11 . A tangible medium including instructions that, when executed on a processor of an electronic system, protect against clickjacking in an electronic system, comprising:
 determining whether any element clicked on by the click position is obscured; and   taking a protective action in response to the determination that the click position clicks on the obscured element.   
     
     
         12 . The medium of  claim 11 , comprising selectively blocking clicks to cross-domain sites that are linked-to by any obscured element clicked on by the click position. 
     
     
         13 . The medium of  claim 12 , wherein the determining whether any element clicked on by the click position is obscured is made by evaluating an order of a layering of elements that are rendered to overlap the click position. 
     
     
         14 . The medium of  claim 11 , wherein the determining whether any element clicked by the click position is obscured is made in response to the click command. 
     
     
         15 . The medium of  claim 11 , comprising receiving a document for display by a network-enabled application of the electronic system that includes a command that prohibits a cross-domain request from being included by any cross-domain site unless a cross-domain response includes a command that indicates a cross-domain name is allowed to be included in a cross-domain request, wherein the cross-domain name is the name of the domain or subdomain from which the cross-domain request originates. 
     
     
         16 . A web browsing system, comprising:
 a network-enabled application of a consumer machine that is arranged to receive a communication from a networked service provider that describes the structure and functionality of content of the communication that is received by the content user;   a layer manager that is arranged to determine whether any element of the received communication that is clicked on by a click position is obscured; and   a clickjack protector that is arranged to generate a protective response to a determination that an element clicked on by the click position is obscured.   
     
     
         17 . The system of  claim 16 , wherein the protective action is a generating of a warning signal that is internal to the consumer machine. 
     
     
         18 . The system of  claim 16 , wherein the protective action is a generating of warning signal that is conveyed to networked services provider that provided the received communication. 
     
     
         19 . The system of  claim 16 , wherein the protective action selectively blocks clicks that attempt to access cross-domain sites that are linked-to by any obscured element clicked on by the click position. 
     
     
         20 . The system of  claim 19 , wherein the determining whether any element clicked on by the click position is obscured is made by evaluating an order of a layering of elements that are rendered to overlap the click position.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.