UNIQUE DEVICE IDENTIFICATION AMONG LARGE POPULATIONS OF HOMOGENOUS DEVICES
A digital fingerprint identifying a device includes characteristics of a user of the device in addition to characteristics of the device itself. The personal characteristics used to form the digital fingerprint of the device are those that are likely to not change over time or to change in predictable ways. The personal characteristics are gathered from sources external to the device, such as profiles of the user stored remotely at a social networking site. Each constituent characteristic of a digital fingerprint is associated with extraction logic and comparison logic.
This application claim priority to U.S. Provisional Application No. 61/734,455, filed Dec. 7, 2012, which is fully incorporated herein by reference.
BACKGROUND OF THE INVENTION1. Field of the Invention
The present invention relates generally to computer systems and, more particularly, to methods of and systems for uniquely identifying computing devices. More specifically, the invention relates to uniquely identifying a computing device by combining device data with personal information of a user of the computing device to form a personalized device fingerprint.
2. Description of the Related Art
Device identification through digital fingerprints has proven to be invaluable in recent years to such technologies as security and digital rights management. In security, authentication of a person can be restricted to a limited number of previously authorized devices that are recognized by their digital fingerprints. In digital rights management, use of copyrighted or otherwise proprietary subject matter can be similarly restricted to a limited number of previously authorized devices that are recognized by their digital fingerprints.
Digital fingerprints are particularly useful in uniquely identifying computing devices that are historically known as “IBM PC compatible”. Such devices have an open architecture in which various computer components are easily interchangeable with compatible but different components. There are two primary effects of such an open architecture that facilitate device identification through digital fingerprints.
The first facilitating effect is diversity of device components. Since numerous components of IBM PC compatible devices are interchangeable with comparable but different components, generation of a digital fingerprint from data associated with the respective components of the device is more likely to result in a unique digital fingerprint.
The second facilitating effect is discoverability of details of the various components of IBM PC compatible devices. Since the particular combination of components that make up a given device can vary widely and can come from different manufacturers, the components and the operating system of the device cooperate to provide access to detailed information about the components. Such information can include serial numbers, firmware version and revision numbers, model numbers, etc. This detailed information can be used to distinguish identical components from the same manufacturer and therefore improves uniqueness of digital fingerprints of such devices.
Laptop computing devices evolved from desktop computing devices such as IBM PC compatible devices and share much of the architecture of desktop computing devices, albeit in shrunken form. Accordingly, while users are much less likely to replace graphics circuitry in a laptop device and components therefore vary less in laptop devices, laptop devices still provide enough detailed and unique information about the components of the laptop device to ensure uniqueness of digital fingerprints.
However, the world of computing devices is rapidly changing. Smart phones that fit in one's pocket now include processing resources that were state of the art just a few years ago. In addition, smart phones are growing wildly in popularity. Unlike tablet computing devices of a decade ago, which were based on laptop device architectures, tablet devices available today are essentially larger versions of smart phones.
Smart phones are much more homogeneous than older devices. To make smart phones so small, the components of smart phones are much more integrated, including more and more functions within each integrated circuit (IC) chip. For example, while a desktop computing device can include graphics cards and networking cards that are separate from the CPU, smart phones typically have integrated graphics and networking circuitry within the CPU. Furthermore, while desktop and laptop devices typically include hard drives, which are devices rich with unique and detailed information about themselves, smart phones often include non-volatile solid-state memory, such as flash memory, integrated within the CPU or on the same circuit board as the CPU. Flash memory rarely includes information about the flash memory, such as the manufacturer, model number, etc.
Since these components of smart phones are generally tightly integrated and not replaceable, the amount and variety of unique data within a smart phone that can be used to generate a unique digital fingerprint is greatly reduced relative to older device architectures. In addition, since it is not expected that smart phone components will ever be replaced, there is less support for access to detailed information about the components of smart phones even if such information exists.
Accordingly, it is much more difficult to assure that digital fingerprints of smart phones and similar portable personal computing devices such as tablet devices are unique. What is needed is a way to uniquely identify individual devices in large populations of homogeneous devices.
SUMMARY OF THE INVENTIONIn accordance with the present invention, a digital fingerprint identifying a device includes characteristics of a user of the device. Accordingly, the device can be distinguished from other computing devices that are not readily distinguished by hardware characteristics alone. In effect, characteristics of respective users of homogeneous devices help distinguish the devices from one another.
Digital fingerprints are best when they are unique, stable, and difficult to spoof. Accordingly, the personal characteristics used to form the digital fingerprint of the device are those that are likely not to change over time or to change in predictable ways. Examples of such personal characteristics are personal characteristics of the user that can be gathered from publicly available information from social networking sites, such as first and last name, city of residence, employer, relationship status, number of friends, age, etc.
In addition, the personal characteristics are gathered from sources external to the device, such as profiles of the user stored remotely at a social networking site. As a result, it is difficult for one person to spoof characteristics of another person without also having the ability to modify the profile of the other person that is maintained externally to the device.
Each constituent characteristic of a digital fingerprint is associated with extraction logic and comparison logic. The extraction logic of a given characteristic specifies the manner in which the substantive data of the characteristic is retrieved for incorporation into a digital fingerprint. To retrieve a characteristic, such as the number of friends of the user at a social networking site, the extraction logic can specify (i) the manner in which a user identifier for the social networking site is extracted from browser personal information such as browsing history, bookmarks, form filling data, and user identifiers; (ii) the manner in which a publicly available profile associated with the extracted user identifier is retrieved; and (iii) the manner in which the characteristic is parsed from the retrieved profile.
While it is preferred that characteristics used to form digital fingerprints are stable and do not change over time, characteristics of a human user can and do change over time. The personal characteristics that are selected for use in forming digital fingerprints are those that are relatively stable and change primarily in predictable, expected ways. For example, a person's first name generally does not change, a person's last name changes rarely, a person's age increases by one each year, and a person's number of friends tends to only increase, and to increase at a modest rate. The comparison logic for each of these characteristics considers the way in which such characteristics can be expected to change over time and estimates a likelihood that two digital fingerprints identify one and the same device according to how well changes in each characteristic over time follows the expected pattern.
Other systems, methods, features and advantages of the invention will be or will become apparent to one with skill in the art upon examination of the following figures and detailed description. It is intended that all such additional systems, methods, features and advantages be included within this description, be within the scope of the invention, and be protected by the accompanying claims. Component parts shown in the drawings are not necessarily to scale, and may be exaggerated to better illustrate the important features of the invention. In the drawings, like reference numerals may designate like parts throughout the different views, wherein:
In accordance with the present invention, a computing device 102 (
Digital fingerprints are best when they are unique, stable, and difficult to spoof. Accordingly, the personal characteristics used to form the digital fingerprint of device 102 are those that are likely to not change over time or to change in predictable ways. In addition, the personal characteristics are gathered from sources external to device 102. Examples of such personal characteristics are personal characteristics of the user that can be gathered from publicly available information from social networking sites, such as first and last name, city of residence, employer, relationship status, number of friends, age, etc.
Device 102 can be any of a number of types of networked computing devices, including smart phones, tablets, netbook computers, laptop computers, and desktop computers. Device 102 communicates with a server 106 through a computer network 104, which is the Internet in this illustrative embodiment. Server 106 is configured to recognize devices with which server 106 has previously interacted. Such recognition can be part of an authentication process or to provide customized content based on previous interaction with recognized devices, as illustrative examples.
Transaction flow diagram 200 (
In step 202, device 102 sends a request for a web page to server computer 106. The request can be in the form of a URL specified by the user of device 102 using a web browser 1120 (
In step 204 (
In step 208 (
In step 210, server 106 compares the digital fingerprint of device 102 received in step 208 to digital fingerprints of known devices. Step 210 is described in greater detail below in conjunction with logic flow diagram 210 (
In step 212, server 106 continues the interaction with device 102 if device 102 is recognized by its digital fingerprint. Alternatively, server 106 can continue interaction with device 102 regardless of whether device 102 is recognized by its digital fingerprint but modifies the interaction with device 102 according to whether device 102 is recognized.
As described above, device 102 generates a digital fingerprint to identify itself in step 206 (
The generation and comparison of digital fingerprints are defined by a digital fingerprint specification 300 (
Each digital fingerprint element 302 (
Identifier 304 identifies the subject element to enable direct comparison of corresponding elements of digital fingerprints. In an alternative embodiment, elements of a digital fingerprint are arranged in a predetermined sequence and specific elements of the digital fingerprint are identified by their position within the sequence, obviating identifier 304.
Extraction logic 306 specifies the manner in which the subject element is extracted by device 102 in generating the digital fingerprint. Logic flow diagrams 306A (
Comparison logic 308 specifies the manner in which the subject element is compared to a corresponding element of another digital fingerprint to determine whether digital fingerprints match one another. Logic flow diagrams 308A (
Loop step 602 (
In step 604, web browser plug-in 1122C executes extraction logic 306 of the subject element to extract data representing the subject element. The particular manner in which web browser plug-in 1122C extracts the data depends on the particular details of extraction logic 306. Logic flow diagram 306A (
In step 402, web browser plug-in 1122C retrieves detailed information about a hard disk drive of device 102. For example, in an embodiment in which device 102 includes the known Linux operating system, web browser plug-in 1122C can retrieve detailed information about a hard disk drive by executing the command, “hdparm -I /dev/sda”. To enhance efficiency, web browser plug-in 1122C can cache the results of that command to extract data for other elements related to detailed information about the hard disk drive.
In step 404, web browser plug-in 1122C parses the serial number of the hard disk drive from the detailed information retrieved in step 402. Parsing of the serial number is a straight forward process of pattern recognition, using regular expressions for example.
Logic flow diagram 306B (
In step 504, web browser plug-in 1122C retrieves public information about the user from the social networking user identifier retrieved in step 502. Many social networking sites support URLs that are derived from user identifiers in a deterministic manner. For example, if the user has an account for the social networking site at http://twitter.com and the user identifier is “xyz”, a URL to a public page regarding the user can be retrieved at http://twitter.com/#!/xyz. To enhance efficiency, web browser plug-in 1122C can cache the retrieved web page to extract data for other elements related to same social networking profile.
In step 506, web browser plug-in 1122C parses a particular item of information from the web page retrieved in step 504. In this illustrative example, the particular item of information is a number of friends the user has at the social networking site. Parsing of the number of friends is a straight forward process of pattern recognition, using regular expressions for example.
In step 606, web browser plug-in 1122C forms a reversible hash of the subject element, including identifier 304 (
In step 608, web browser plug-in 1122C adds the hash created in step 606 to an accumulation of element hashes. The accumulation of element hashes is the digital fingerprint sent to server 106 in step 208.
Once all of digital fingerprint elements 302 (
As described above, server 106 (
In step 702, digital fingerprint management logic 1024 parses individual reversible hashes representing individual elements of the digital fingerprint of device 102.
In step 704, digital fingerprint management logic 1024 initializes a match score that represents a degree of similarity between the digital fingerprint of device 102 and the reference digital fingerprint. In this illustrative embodiment, digital fingerprint management logic 1024 initializes the match score to a value of 1.0, indicating a perfect match.
Loop step 706 and next step 710 define a loop in which digital fingerprint management logic 1024 processes each digital fingerprint element 302 (
In step 708, digital fingerprint management logic 1024 executes comparison logic 308 (
Logic flow diagram 308A (
Thus, according to logic flow diagram 308A (
Logic flow diagram 308B (
If digital fingerprint 1140 does not include a number of friends, e.g., because the user of device 102 does not have a profile at the social networking site, and the reference digital fingerprint does include a number of friends, processing by digital fingerprint management logic 1024 transfers through test step 904 to step 906 in which digital fingerprint management logic 1024 reduces the match score by 30%, by multiplication of the match score by 0.7. It is rare that people remove profiles from social network sites. Accordingly, the absence of a profile for the user of device 102 when the profile exists for the reference digital fingerprint is relatively strongly indicative of a mismatch between digital fingerprint 1140 and the reference digital fingerprint.
If digital fingerprint 1140 and the reference digital fingerprint show a reduction in the number of friends over time, processing by digital fingerprint management logic 1024 transfers through test step 908 to step 910 in which digital fingerprint management logic 1024 reduces the match score by 30%, by multiplication of the match score by 0.7. It is rare that people remove friends in social network sites. Accordingly, the reduction in the number of friends is relatively strongly indicative of a mismatch between digital fingerprint 1140 and the reference digital fingerprint.
If digital fingerprint 1140 and the reference digital fingerprint show no change in the number of friends over time, processing by digital fingerprint management logic 1024 transfers through test step 912 to step 914 in which digital fingerprint management logic 1024 does not reduce the match score at all. The number of friends of a given user at a social networking site tends to be stable and, to the extent the number changes, the number tends only to increase. Accordingly, equivalence in the number of friends is relatively strongly indicative of a match between digital fingerprint 1140 and the reference digital fingerprint.
If digital fingerprint 1140 and the reference digital fingerprint show an increase in the number of friends over time of no more than three (3) friends per month, processing by digital fingerprint management logic 1024 transfers through test step 916 to step 918 in which digital fingerprint management logic 1024 reduces the match score by 5%, by multiplication of the match score by 0.95. To the extent the number of friends of a user of a social networking site increases, the number tends to increase relatively slowly over time once the profile is established. Accordingly, the relatively slow increase in the number of friends is relatively weakly indicative of a mismatch between digital fingerprint 1140 and the reference digital fingerprint.
If digital fingerprint 1140 and the reference digital fingerprint show an increase in the number of friends over time of more than three (3) friends per month, processing by digital fingerprint management logic 1024 transfers through test step 916 to step 920 in which digital fingerprint management logic 1024 reduces the match score by 20%, by multiplication of the match score by 0.8. To the extent the number of friends of a user of a social networking site increases, the number tends to increase relatively slowly over time once the profile is established. Accordingly, the relatively rapid increase in the number of friends is moderately indicative of a mismatch between digital fingerprint 1140 and the reference digital fingerprint.
Thus, according to logic flow diagram 308B (
After all digital fingerprint elements 302 (
Server computer 106 is shown in greater detail in
CPU 1002 and memory 1004 are connected to one another through a conventional interconnect 1006, which is a bus in this illustrative embodiment and which connects CPU 1002 and memory 1004 to network access circuitry 1012. Network access circuitry 1012 sends and receives data through computer networks such as wide area network 104 (
A number of components of server 106 are stored in memory 1004. In particular, web server logic 1020 and web application logic 1022, including digital fingerprint management logic 1024, are all or part of one or more computer processes executing within CPU 1002 from memory 1004 in this illustrative embodiment but can also be implemented using digital logic circuitry.
Web server logic 1020 is a conventional web server. Web application logic 1022 is content that defines one or more pages of a web site and is served by web server logic 1020 to client devices such as device 102. Digital fingerprint management logic 1024 is a part of web application logic 1022 that causes client devices to generate digital fingerprints and to compare digital fingerprints in the manner described above.
Device 102 is a personal computing device and is shown in greater detail in
CPU 1102 and memory 1104 are connected to one another through a conventional interconnect 1106, which is a bus in this illustrative embodiment and which connects CPU 1102 and memory 1104 to one or more input devices 1108, output devices 1110, and network access circuitry 1112. Input devices 1108 can include, for example, a keyboard, a keypad, a touch-sensitive screen, a mouse, a microphone, and one or more cameras. Output devices 1110 can include, for example, a display —such as a liquid crystal display (LCD) —and one or more loudspeakers. Network access circuitry 1112 sends and receives data through computer networks such as wide area network 104 (
A number of components of client device 102 are stored in memory 1104. In particular, web browser 1120 is all or part of one or more computer processes executing within CPU 1102 from memory 1104 in this illustrative embodiment but can also be implemented using digital logic circuitry. As used herein, “logic” refers to (i) logic implemented as computer instructions and/or data within one or more computer processes and/or (ii) logic implemented in electronic circuitry. Web browser plug-ins 1122A-C are each all or part of one or more computer processes that cooperate with web browser 1120 to augment the behavior of web browser 1120. The manner in which behavior of a web browser is augmented by web browser plug-ins is conventional and known and is not described herein.
Browser personal information 1130 and digital fingerprint 1140 are data stored persistently in memory 1104. Browser personal information 1130 can be organized as all or part of one or more databases.
As described above, web browser plug-in 1122C generates digital fingerprint 1140 according to extraction logic 306 (
The above description is illustrative only and is not limiting. The present invention is defined solely by the claims which follow and their full range of equivalents. It is intended that the following appended claims be interpreted as including all such alterations, modifications, permutations, and substitute equivalents as fall within the true spirit and scope of the present invention.
Claims
1. A method for identifying a remotely located device, the method comprising:
- sending characteristic extraction logic to the remotely located device, wherein the characteristic extraction logic causes the remotely located device to retrieve characteristics of the device and at least one characteristic of a user of the device from a publicly available profile of the user of the device;
- receiving a digital fingerprint of the device from the device, wherein the digital fingerprint includes data representing the characteristics of the device and at least the characteristic of the user of the device; and
- comparing the digital fingerprint of the device to a reference digital fingerprint to determine whether the digital fingerprint of the device and the reference digital fingerprint identify one and the same device.
2. The method of claim 1 wherein the characteristic extraction logic causes the remotely located device to retrieve the characteristic of the user of the device by at least:
- identifying the publicly available profile of the user of the device from browser personal information stored in the device.
3-15. (canceled)
16. The method of any one of claim 1 or 2, wherein the characteristic extraction logic causes the remotely located device to retrieve the characteristic of the user of the device by at least also:
- retrieving the publicly available profile through a computer network.
17. The method of any one of claim 1 or 3, wherein comparing comprises:
- retrieving comparison logic associated with each of the characteristics of the device and the characteristic of the user of the device; and
- executing the comparison logic to determine a degree of similarity between the digital fingerprint of the device to a reference digital fingerprint.
18. The method of claim 4 wherein the comparison logic associated with the characteristic of the user of the device considers changes in the characteristic of the user of the device over time relative to expected changes in the characteristic of the user of the device over time.
19-24. (canceled)
Type: Application
Filed: Dec 2, 2013
Publication Date: Jun 12, 2014
Inventor: Craig S. Etchegoyen (Plano, TX)
Application Number: 14/094,637
International Classification: G06F 17/30 (20060101);