Device validation using device fingerprint
First Claim
Patent Images
1. An apparatus for validating a device, the apparatus comprising:
- a memory;
a processor; and
a module stored in the memory, executable by the processor, and configured to;
receive an access request from a first device associated with a first-level employee to access an application,create a device fingerprint associated with the first device based on a screen resolution of the first device, an operating system of the first device, and a browser on the first device;
determine first device access, wherein determining the first device access further comprises;
receiving authentication credentials associated with the first-level employee associated with the first device; and
validating the authentication credentials associated with the first-level employee to determine whether the first device is a trusted device based on at least the device fingerprint associated with the first device;
transmit the access request to a second device associated with a second-level employee to request approval for the first-level employee to access the application using the first device, wherein the second-level employee is associated with a higher level than the first-level employee associated with the first device;
receive, via the second device, authentication credentials associated with the second-level employee;
validate the authentication credentials associated with the second-level employee received from the second device;
receive the approval from the second device, where the approval involves validating the authentication credentials associated with the second-level employee, input by the second-level employee onto the second device as part of the approval;
determine that the first device is a trusted device based on at least receiving the approval and an indication from the second-level employee that the first device is a trusted device;
in response to determining that the first device is a trusted device, register the first device based on the device fingerprint associated with the first device;
in response to registering the first device, create an authenticated session;
wherein the authenticated session expires after a predetermined period or after a predetermined period of inactivity associated with the first device;
monitor one or more interactions between the first device and the application using cookies stored in the first device, wherein monitoring further comprises intercepting the one or more interactions to determine that there is a change in the device fingerprint associated with the first device, wherein the change in the device fingerprint comprises creating or deleting at least one of the cookies;
determine that the change is within a predetermined threshold level of change while monitoring the one or more interactions, wherein the predetermined threshold level of change is based on creating or deleting the at least one of the cookies; and
enable continued authentication of the one or more interactions based on at least determining that the change is within the predetermined threshold level of change.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the invention are directed to apparatuses, methods and computer program products for validating a device. An exemplary apparatus is configured to: determine a device accesses an application; determine whether the device is a trusted device based on a device fingerprint associated with the device; in response to determining the device is a trusted device, create an authenticated session; and enable performance of a transaction using the device during the authenticated session.
12 Citations
17 Claims
-
1. An apparatus for validating a device, the apparatus comprising:
-
a memory; a processor; and a module stored in the memory, executable by the processor, and configured to; receive an access request from a first device associated with a first-level employee to access an application, create a device fingerprint associated with the first device based on a screen resolution of the first device, an operating system of the first device, and a browser on the first device; determine first device access, wherein determining the first device access further comprises; receiving authentication credentials associated with the first-level employee associated with the first device; and validating the authentication credentials associated with the first-level employee to determine whether the first device is a trusted device based on at least the device fingerprint associated with the first device; transmit the access request to a second device associated with a second-level employee to request approval for the first-level employee to access the application using the first device, wherein the second-level employee is associated with a higher level than the first-level employee associated with the first device; receive, via the second device, authentication credentials associated with the second-level employee; validate the authentication credentials associated with the second-level employee received from the second device; receive the approval from the second device, where the approval involves validating the authentication credentials associated with the second-level employee, input by the second-level employee onto the second device as part of the approval; determine that the first device is a trusted device based on at least receiving the approval and an indication from the second-level employee that the first device is a trusted device; in response to determining that the first device is a trusted device, register the first device based on the device fingerprint associated with the first device; in response to registering the first device, create an authenticated session; wherein the authenticated session expires after a predetermined period or after a predetermined period of inactivity associated with the first device; monitor one or more interactions between the first device and the application using cookies stored in the first device, wherein monitoring further comprises intercepting the one or more interactions to determine that there is a change in the device fingerprint associated with the first device, wherein the change in the device fingerprint comprises creating or deleting at least one of the cookies; determine that the change is within a predetermined threshold level of change while monitoring the one or more interactions, wherein the predetermined threshold level of change is based on creating or deleting the at least one of the cookies; and enable continued authentication of the one or more interactions based on at least determining that the change is within the predetermined threshold level of change. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for validating a device, the method comprising:
-
receiving, using a computing device processor, an access request from a first device associated with a first-level employee to access an application; creating a device fingerprint associated with the first device based on a screen resolution of the first device, an operating system of the first device, and a browser on the first device; determining, using a computing device, first device access, wherein determining the first device access further comprises; receiving authentication credentials associated with the first-level employee associated with the first device; and validating the authentication credentials associated with the first-level employee to determine whether the first device is a trusted device based on at least the device fingerprint associated with the first device; transmitting, using a computing device processor, the access request to a second device associated with a second-level employee to request approval for the first-level employee to access the application using the first device, wherein the second-level employee is associated with a higher level than the first-level employee associated with the first device; receiving via the second device, using a computing device processor, authentication credentials associated with the second-level employee; validating, using a computing device processor, the authentication credentials associated with the second-level employee received from the second device; receiving, using a computing device processor, the approval from the second device, where the approval involves validating the authentication credentials associated with the second-level employee, input by the second-level employee onto the second device as part of the approval; determining, using a computing device processor, that the first device is a trusted device based on at least receiving the approval and an indication from the second-level employee that the device is a trusted device; in response to determining that the device is a trusted device, registering, using a computing device processor, the device based on the device fingerprint associated with the device; in response to registering the first device, creating, using a computing device processor, an authenticated session; wherein the authenticated session expires after a predetermined period or after a predetermined period of inactivity associated with the first device; monitoring, using a computing device processor, one or more interactions between the device and the application using cookies stored in the first device, wherein monitoring further comprises intercepting the one or more interactions to determine that there is a change in the device fingerprint associated with the first device, wherein the change in the device fingerprint comprises creating or deleting at least one of the cookies; determining, using a computing device processor, that the change is within a predetermined threshold level of change while monitoring the one or more interactions, wherein the predetermined threshold level of change is based on creating or deleting the at least one of the cookies; and enabling, using a computing device processor, continued authentication of the one or more interactions based on at least determining that the change is within the predetermined threshold level of change. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A computer program product for validating a device, the computer program product comprising:
-
a non-transitory computer-readable medium comprising a set of codes for causing a computer to; receive an access request from a first device associated with a first-level employee to access an application; create a device fingerprint associated with the first device on a screen resolution of the first device, an operating system of the first device, and a browser on the first device, determine first device access, wherein determining the first device access further comprises; receiving authentication credentials associated with the first-level employee associated with the first device; and validating the authentication credentials associated with the first-level employee to determine whether the first device is a trusted device based on at least the device fingerprint associated with the first device; transmit the access request to a second device associated with a second-level employee to request approval for the first-level employee to access the application using the first device, wherein the second-level employee is associated with a higher level than the first-level employee associated with the first device; receive, via the second device, authentication credentials associated with the second-level employee; validate the authentication credentials associated with the second-level employee received from the second device; receive the approval from the second device, where the approval involves validating the authentication credentials associated with the second-level employee, input by the second-level employee onto the second device as part of the approval; determine that the first device is a trusted device based on at least receiving the approval and an indication from the second-level employee that the first device is a trusted device; in response to determining that the first device is a trusted device, register the first device based on the device fingerprint associated with the first device; in response to registering the first device, create an authenticated session; wherein the authenticated session expires after a predetermined period or after a predetermined period of inactivity associated with the first device; monitor one or more interactions between the first device and the application using cookies stored in the first device, wherein monitoring further comprises intercepting the one or more interactions to determine that there is a change in the device fingerprint associated with the first device, wherein the change in the device fingerprint comprises creating or deleting at least one of the cookies; determine that the change is within a predetermined threshold level of change while monitoring the one or more interactions, wherein the predetermined threshold level of change is based on creating or deleting the at least one of the cookies; and enable continued authentication of the one or more interactions based on at least determining that the change is within the predetermined threshold level of change. - View Dependent Claims (14, 15, 16, 17)
-
Specification