摘要 |
In cross-domain transactions, a user communicates with multiple distinct domains. For example, in an authenticated online credit card purchase, the user supplies a credit card number to a merchant's web page, and is thereafter sent (via a pop-up window) to an issuing bank's access control server to provide a password to the issuing bank. The server verifies the password and returns a transaction authorization to the user (via the pop-up), who forwards the authorization to the merchant. If the user's computer includes a pop-up killer, the communication channel between the user's browser and the issuing bank (i.e., the pop-up) is eliminated, preventing authentication and transaction authorization. This patent discloses techniques for creating a simulated pop-up window that resists automatic termination by pop-up killers, so that the crossdomain transaction can proceed in spite of the pop-up killer.
|