ROBUST COMPUTING DEVICE IDENTIFICATION FRAMEWORK

US 20170195460A1
Filed: 01/06/2016
Published: 07/06/2017
Est. Priority Date: 01/06/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for identifying client devices in a client-server computing environment, the method comprising:

receiving, by a server from a client device, a device identifier that has been assigned to the client device;

acquiring, by the server, a first refresh token;

sending, from the server to the client device, the first refresh token;

receiving, by the server from an unidentified device, the device identifier and a second refresh token;

making a determination that the first and second refresh tokens are identical; and

identifying the unknown device as the client device based on the determination.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client device is tracked over a period of time using “refresh tokens” that are exchanged in conjunction with routine client-server communications. Each communication cycle between client and server includes a refresh token that is recorded at the server. The recorded refresh tokens are mapped to both server- and client-generated device identifiers. As communications between client and server occur, a chain of tokens, one for each communication cycle, is progressively recorded at the server. If the server receives a token that is outdated with respect to that which is otherwise expected based on the progression of the recorded chain, this suggests that the received communication was transmitted from a device that is a clone of another client device. A more robust device identification framework is therefore achieved by using a combination of device identifiers and tokens exchanged between client and server.

15 Citations

20 Claims

1. A computer-implemented method for identifying client devices in a client-server computing environment, the method comprising:
- receiving, by a server from a client device, a device identifier that has been assigned to the client device;
  
  acquiring, by the server, a first refresh token;
  
  sending, from the server to the client device, the first refresh token;
  
  receiving, by the server from an unidentified device, the device identifier and a second refresh token;
  
  making a determination that the first and second refresh tokens are identical; and
  
  identifying the unknown device as the client device based on the determination.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising receiving, by the server from the client device in an initial identification tuple that includes the device identifier, a root random globally unique identifier (RRG) that has been generated by the client device.
  - 3. The method of claim 1,further comprising receiving, by the server from the client device in an initial identification tuple that includes the device identifier, a root random globally unique identifier (RRG) that has been generated by the client device;
    - wherein the RRG is sent from the server to the client device in a response tuple that includes the first refresh token.
  - 4. The method of claim 1, wherein the device identifier and the second refresh token are received in a modified response tuple that was generated by the unknown device.
  - 5. The method of claim 1,further comprising receiving, by the server from the client device in an initial identification tuple that includes the device identifier, a root random globally unique identifier (RRG) that has been generated by the client device;
    - wherein the device identifier and the RRG are also received from the unidentified device.
  - 6. The method of claim 1, wherein the server includes a refresh token pool from which the first refresh token is acquired.
  - 7. The method of claim 1, further comprising:
    - generating, by the server, a server issued unique identifier (SIUI) corresponding to the client device; and
      
      forming an association between the SIUI, the received device identifier, and the first refresh token, wherein the association is formed in a database administered by the server.
  - 8. The method of claim 1, further comprising:
    - receiving, by the server from the client device in an initial identification tuple that includes the device identifier, a root random globally unique identifier (RRG) that has been generated by the client device; and
      
      mapping the initial identification tuple to the first refresh token in a database that is administered by the server;
      
      wherein making the determination further comprises using the device identifier to extract the first refresh token from the database.

9. A device identification system that comprises a memory device and a processor that is operatively coupled to the memory device, wherein the processor is configured to execute instructions stored in the memory device that, when executed, cause the processor to carry out a process for identifying client devices in a client-server computing environment, the process comprising:
- receiving, by a server from a client device, a root random globally unique identifier (RRG) that has been generated by the client device and a first refresh token;
  
  using the received RRG to lookup a second refresh token in a database administered by the server;
  
  making a determination that the first refresh token is outdated with respect to the second refresh token;
  
  assigning a new RRG (RRG-new) to the client device;
  
  acquiring a new refresh token;
  
  associating the new RRG with the new refresh token in the database; and
  
  sending a tuple comprising the new RRG and the new refresh token to the client device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein:
    - the RRG and the first refresh token are received in a response tuple that includes a plurality of different device identifiers;
      
      the process further comprises generating a pseudo-server-side device identifier (PDID) by performing a bitwise OR operation on the plurality of different device identifiers; and
      
      associating the new RRG with the new refresh token in the database further comprises mapping a tuple <
      
      PDID, RRG-new>
      
      to a refresh token set that includes the new refresh token.
  - 11. The system of claim 9, wherein acquiring the new refresh token comprises acquiring the new refresh token from a refresh token pool hosted by the server.
  - 12. The system of claim 9, wherein:
    - the RRG and the first refresh token are received in a response tuple that includes a device identifier (DID);
      
      the database includes a mapping of the response tuple to a first server issued unique identifier (SIUI-1) that is associated with the client device;
      
      the process further comprises acquiring a new SIUI-2 and associating the new SIUI-2 with the client device; and
      
      the process further comprises creating a new entry {SIUI-1→
      
      SIUI-2} in a Clash Detected data structure.
  - 13. The system of claim 9, wherein:
    - the RRG and the first refresh token are received in a response tuple that includes a device identifier (DID);
      
      the database includes a mapping of the response tuple to a server issued unique identifier (SIUI) associated with the client device;
      
      the process further comprises defining a clone identification tuple <
      
      DID, RRG-new>
      
      ;
      
      the process further comprises acquiring a new SIUI; and
      
      the process further comprises creating a chain entry in the database that comprises an updated mapping of the clone identification tuple to the new SIUI, which is in turn mapped to a refresh token set that includes the new refresh token.
  - 14. The system of claim 9, wherein:
    - the RRG and the first refresh token are received in a response tuple that includes a device identifier; and
      
      the process further comprises defining a clone identification tuple that includes the device identifier and the new RRG.
  - 15. The system of claim 9, wherein:
    - the RRG and the first refresh token are received in a response tuple that includes a device identifier; and
      
      both the RRG and the device identifier are used to lookup the second refresh token.
  - 16. The system of claim 9, wherein:
    - the RRG and the first refresh token are received in a response tuple that includes a device identifier;
      
      the RRG is generated by the client device; and
      
      the device identifier is assigned by a manufacturer of the client device.

17. A non-transitory computer readable medium having instructions encoded thereon that, when executed by one or more processors, cause a process for identifying client devices in a client-server computing environment to be carried out, the process comprising:
- receiving, by a server from a client device, a device identifier (DID) that has been assigned to the client device and a root random globally unique identifier (RRG) that has been generated by the client device;
  
  acquiring, by the server, a server issued unique identifier (SIUI) corresponding to the client device;
  
  acquiring, by the server, a first refresh token (RT-1);
  
  creating a chain entry in a database administered by the server, wherein the chain entry comprises <
  
  DID, RRG>
  
  →
  
  <
  
  SIUI>
  
  →
  
  {RT-1}, wherein {RT-1} is a set comprising the first refresh token;
  
  sending a response tuple <
  
  RRG, RT-1>
  
  to the client device;
  
  receiving a modified response tuple <
  
  DID, RRG, RT-1>
  
  from the client device;
  
  in response to receiving the modified response tuple, acquiring a second refresh token RT-2;
  
  adding the second refresh token RT-2 to the set comprising the first refresh token; and
  
  sending an updated response tuple <
  
  RRG, RT-2>
  
  to the client device.
- View Dependent Claims (18, 19, 20)
- - 18. The non-transitory computer readable medium of claim 17, wherein the SIUI is acquired from a SIUI pool hosted by the server.
  - 19. The non-transitory computer readable medium of claim 17, wherein a quantity of refresh tokens in the set corresponds to a quantity of communication cycles that have occurred between the server and the client device.
  - 20. The non-transitory computer readable medium of claim 17, wherein:
    - the first and second refresh tokens are acquired from a refresh token pool; and
      
      the process further comprises, in response to determining that the refresh token pool is exhausted, emptying the set and resetting the refresh token pool.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Biswas, Sanjeev Kumar, Goyal, Mayank, Srivastava, Sharad

Granted Patent

US 10,652,365 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/305   by remotely controlling dev...

G06F 21/335   for accessing specific reso...

G06F 21/41   where a single sign-on prov...

G06F 21/44   Program or device authentic...

G06F 21/45   Structures or tools for the...

G06F 21/577   Assessing vulnerabilities a...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

H04L 67/01   Protocols

H04L 9/3213   using tickets or tokens, e....

H04L 9/3236   using cryptographic hash fu...

ROBUST COMPUTING DEVICE IDENTIFICATION FRAMEWORK

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ROBUST COMPUTING DEVICE IDENTIFICATION FRAMEWORK

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links