ROBUST COMPUTING DEVICE IDENTIFICATION FRAMEWORK
First Claim
1. A computer-implemented method for identifying client devices in a client-server computing environment, the method comprising:
- receiving, by a server from a client device, a device identifier that has been assigned to the client device;
acquiring, by the server, a first refresh token;
sending, from the server to the client device, the first refresh token;
receiving, by the server from an unidentified device, the device identifier and a second refresh token;
making a determination that the first and second refresh tokens are identical; and
identifying the unknown device as the client device based on the determination.
2 Assignments
0 Petitions
Accused Products
Abstract
A client device is tracked over a period of time using “refresh tokens” that are exchanged in conjunction with routine client-server communications. Each communication cycle between client and server includes a refresh token that is recorded at the server. The recorded refresh tokens are mapped to both server- and client-generated device identifiers. As communications between client and server occur, a chain of tokens, one for each communication cycle, is progressively recorded at the server. If the server receives a token that is outdated with respect to that which is otherwise expected based on the progression of the recorded chain, this suggests that the received communication was transmitted from a device that is a clone of another client device. A more robust device identification framework is therefore achieved by using a combination of device identifiers and tokens exchanged between client and server.
15 Citations
20 Claims
-
1. A computer-implemented method for identifying client devices in a client-server computing environment, the method comprising:
-
receiving, by a server from a client device, a device identifier that has been assigned to the client device; acquiring, by the server, a first refresh token; sending, from the server to the client device, the first refresh token; receiving, by the server from an unidentified device, the device identifier and a second refresh token; making a determination that the first and second refresh tokens are identical; and identifying the unknown device as the client device based on the determination. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A device identification system that comprises a memory device and a processor that is operatively coupled to the memory device, wherein the processor is configured to execute instructions stored in the memory device that, when executed, cause the processor to carry out a process for identifying client devices in a client-server computing environment, the process comprising:
-
receiving, by a server from a client device, a root random globally unique identifier (RRG) that has been generated by the client device and a first refresh token; using the received RRG to lookup a second refresh token in a database administered by the server; making a determination that the first refresh token is outdated with respect to the second refresh token; assigning a new RRG (RRG-new) to the client device; acquiring a new refresh token; associating the new RRG with the new refresh token in the database; and sending a tuple comprising the new RRG and the new refresh token to the client device. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer readable medium having instructions encoded thereon that, when executed by one or more processors, cause a process for identifying client devices in a client-server computing environment to be carried out, the process comprising:
-
receiving, by a server from a client device, a device identifier (DID) that has been assigned to the client device and a root random globally unique identifier (RRG) that has been generated by the client device; acquiring, by the server, a server issued unique identifier (SIUI) corresponding to the client device; acquiring, by the server, a first refresh token (RT-1); creating a chain entry in a database administered by the server, wherein the chain entry comprises <
DID, RRG>
→
<
SIUI>
→
{RT-1}, wherein {RT-1} is a set comprising the first refresh token;sending a response tuple <
RRG, RT-1>
to the client device;receiving a modified response tuple <
DID, RRG, RT-1>
from the client device;in response to receiving the modified response tuple, acquiring a second refresh token RT-2; adding the second refresh token RT-2 to the set comprising the first refresh token; and sending an updated response tuple <
RRG, RT-2>
to the client device. - View Dependent Claims (18, 19, 20)
-
Specification