Robust computing device identification framework
First Claim
1. A device identification system that comprises a memory device and a processor that is operatively coupled to the memory device, wherein the processor is configured to execute instructions stored in the memory device that, when executed, cause the processor to carry out a process for identifying multiple client devices in a client-server computing environment, the process comprising:
- receiving, by a server from a first client device, an initial identification tuple that includes (a) a device identifier that has been assigned to the first client device and (b) a root random globally unique identifier (RRG) that has been generated by the first client device;
in response to the server receiving the initial identification tuple, acquiring, by the server, a first refresh token;
mapping the initial identification tuple to the first refresh token in a database that is administered by the server;
sending, from the server to the first client device, a response tuple that includes the RRG and the first refresh token;
receiving, by the server from a second client device, the RRG and a second refresh token;
in response to receiving the RRG and the second refresh token from the second client device, using the received RRG to lookup the initial identification tuple in the database;
making a determination, by the server, that the first refresh token included in the response tuple sent to the first client device is outdated with respect to the second refresh token received from the second client device;
in response to making the determination, assigning, by the server, a new RRG (RRG-new) to the second client device;
in response to making the determination, acquiring, by the server, a new refresh token;
mapping a clone identification tuple to the new refresh token in the database, wherein the clone identification tuple includes the device identifier and RRG-new; and
sending the clone identification tuple from the server to the second client device.
2 Assignments
0 Petitions
Accused Products
Abstract
A client device is tracked over a period of time using “refresh tokens” that are exchanged in conjunction with routine client-server communications. Each communication cycle between client and server includes a refresh token that is recorded at the server. The recorded refresh tokens are mapped to both server- and client-generated device identifiers. As communications between client and server occur, a chain of tokens, one for each communication cycle, is progressively recorded at the server. If the server receives a token that is outdated with respect to that which is otherwise expected based on the progression of the recorded chain, this suggests that the received communication was transmitted from a device that is a clone of another client device. A more robust device identification framework is therefore achieved by using a combination of device identifiers and tokens exchanged between client and server.
-
Citations
8 Claims
-
1. A device identification system that comprises a memory device and a processor that is operatively coupled to the memory device, wherein the processor is configured to execute instructions stored in the memory device that, when executed, cause the processor to carry out a process for identifying multiple client devices in a client-server computing environment, the process comprising:
-
receiving, by a server from a first client device, an initial identification tuple that includes (a) a device identifier that has been assigned to the first client device and (b) a root random globally unique identifier (RRG) that has been generated by the first client device; in response to the server receiving the initial identification tuple, acquiring, by the server, a first refresh token; mapping the initial identification tuple to the first refresh token in a database that is administered by the server; sending, from the server to the first client device, a response tuple that includes the RRG and the first refresh token; receiving, by the server from a second client device, the RRG and a second refresh token; in response to receiving the RRG and the second refresh token from the second client device, using the received RRG to lookup the initial identification tuple in the database; making a determination, by the server, that the first refresh token included in the response tuple sent to the first client device is outdated with respect to the second refresh token received from the second client device; in response to making the determination, assigning, by the server, a new RRG (RRG-new) to the second client device; in response to making the determination, acquiring, by the server, a new refresh token; mapping a clone identification tuple to the new refresh token in the database, wherein the clone identification tuple includes the device identifier and RRG-new; and sending the clone identification tuple from the server to the second client device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
Specification