Robust computing device identification framework
First Claim
1. A device identification system that comprises a memory device and a processor that is operatively coupled to the memory device, wherein the processor is configured to execute instructions stored in the memory device that, when executed, cause the processor to carry out a process for identifying multiple client devices in a client-server computing environment, the process comprising:
- receiving, by a server from a first client device, an initial identification tuple that includes (a) a device identifier that has been assigned to the first client device and (b) a root random globally unique identifier (RRG) that has been generated by the first client device;
in response to the server receiving the initial identification tuple, acquiring, by the server, a first refresh token;
mapping the initial identification tuple to the first refresh token in a database that is administered by the server;
sending, from the server to the first client device, a response tuple that includes the RRG and the first refresh token;
receiving, by the server from a second client device, the RRG and a second refresh token;
in response to receiving the RRG and the second refresh token from the second client device, using the received RRG to lookup the initial identification tuple in the database;
making a determination, by the server, that the first refresh token included in the response tuple sent to the first client device is outdated with respect to the second refresh token received from the second client device;
in response to making the determination, assigning, by the server, a new RRG (RRG-new) to the second client device;
in response to making the determination, acquiring, by the server, a new refresh token;
mapping a clone identification tuple to the new refresh token in the database, wherein the clone identification tuple includes the device identifier and RRG-new; and
sending the clone identification tuple from the server to the second client device.
2 Assignments
0 Petitions
Accused Products
Abstract
A client device is tracked over a period of time using “refresh tokens” that are exchanged in conjunction with routine client-server communications. Each communication cycle between client and server includes a refresh token that is recorded at the server. The recorded refresh tokens are mapped to both server- and client-generated device identifiers. As communications between client and server occur, a chain of tokens, one for each communication cycle, is progressively recorded at the server. If the server receives a token that is outdated with respect to that which is otherwise expected based on the progression of the recorded chain, this suggests that the received communication was transmitted from a device that is a clone of another client device. A more robust device identification framework is therefore achieved by using a combination of device identifiers and tokens exchanged between client and server.
-
Citations
8 Claims
-
1. A device identification system that comprises a memory device and a processor that is operatively coupled to the memory device, wherein the processor is configured to execute instructions stored in the memory device that, when executed, cause the processor to carry out a process for identifying multiple client devices in a client-server computing environment, the process comprising:
-
receiving, by a server from a first client device, an initial identification tuple that includes (a) a device identifier that has been assigned to the first client device and (b) a root random globally unique identifier (RRG) that has been generated by the first client device; in response to the server receiving the initial identification tuple, acquiring, by the server, a first refresh token; mapping the initial identification tuple to the first refresh token in a database that is administered by the server; sending, from the server to the first client device, a response tuple that includes the RRG and the first refresh token; receiving, by the server from a second client device, the RRG and a second refresh token; in response to receiving the RRG and the second refresh token from the second client device, using the received RRG to lookup the initial identification tuple in the database; making a determination, by the server, that the first refresh token included in the response tuple sent to the first client device is outdated with respect to the second refresh token received from the second client device; in response to making the determination, assigning, by the server, a new RRG (RRG-new) to the second client device; in response to making the determination, acquiring, by the server, a new refresh token; mapping a clone identification tuple to the new refresh token in the database, wherein the clone identification tuple includes the device identifier and RRG-new; and sending the clone identification tuple from the server to the second client device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
Specification
-
- Resources
-
Current AssigneeAdobe Inc.
-
Original AssigneeAdobe Inc.
-
InventorsBiswas, Sanjeev Kumar, Goyal, Mayank, Srivastava, Sharad
-
Primary Examiner(s)Anyan, Barbara B
-
Application NumberUS14/988,954Publication NumberTime in Patent Office1,588 DaysField of SearchUS Class CurrentCPC Class CodesG06F 21/305 by remotely controlling dev...G06F 21/335 for accessing specific reso...G06F 21/41 where a single sign-on prov...G06F 21/44 Program or device authentic...G06F 21/45 Structures or tools for the...G06F 21/577 Assessing vulnerabilities a...G06Q 20/20 Point-of-sale [POS] network...G06Q 20/382 insuring higher security of...G06Q 20/3821 Electronic credentialsH04L 63/0807 using tickets, e.g. Kerbero...H04L 63/0815 providing single-sign-on or...H04L 63/0853 using an additional device,...H04L 63/0861 using biometrical features,...H04L 67/01 ProtocolsH04L 9/3213 using tickets or tokens, e....H04L 9/3236 using cryptographic hash fu...
