RU2607990C1 - Method of device and user identification - Google Patents

Abstract

FIELD: information technologies.

SUBSTANCE: invention relates to field of computer security, in particular, to device and user identification methods based on cookies data. Method of device and user identification methods based on cookies data, consisting in fact, that devices registered in information system identifiers database is preliminarily created based on stored on devices cookies data, generating device identifier on client side with device connection to information system, sending generated device identifier from client side to server side, on server side comparing recieved identifier with registered devices identifiers, calculating correlation degree for each pair of comparing devices identifiers, making decision on identified device incidence to one of registered devices, at preliminary stage creating registered users identifiers base, matching each registered device with list of users from registered users permitted for operation on it, after making decision on the of the identified device incidence to one of registered devices generating user ID on client side, sending generated user ID from client side to server side, on server side comparing recieved identifier with registered users identifiers, calculating correlation degree for each pair of comparing users identifiers, making decision on user compliance to one of registered, determining user permission to operation on identified device.

EFFECT: technical result is increase of information protection level.

1 cl, 3 dwg

Description

The invention relates to the field of computer security, in particular to identification methods. The invention can be used in the construction of user authentication systems that provide access to information in distributed information systems.

One of the important tasks in the theory of information security is the problem of user identification. In the framework of building information systems, the relevance of this task is confirmed by the need to distinguish between the subjects of these systems in order to identify violators.

In modern information systems, the task is solved, among other things, by using methods for identifying users, which consist in forming a profile (identifier) of the device (and / or user) based on cookies stored on the user device and then comparing the profile of the unknown device (and / or user) with a database of profiles of known devices (and / or user) in order to decide whether the device (and / or user) is registered in the system.

One of the difficulties encountered in the implementation of this technology is the consideration of the case of using one device by several users. Examples of multi-user operation of one device include the following: using a home computer by all family members, using a dedicated computer in the office to access the Internet by all employees.

One of the well-known ways to identify devices and users based on cookies is presented in (Ting-Fang, Y. Host Fingerprinting and Tracking on the Web: Privacy and Security Implications / Ting-Fang Yen, Yinglian Xie, Fang Yu, Martin Abadi, Roger Peng Yu [Electronic resource]: site. - Access mode: http://research.microsoft.com/pubs/156901/ndss2012.pdf. - Date of access 01.09.2015). In this work, an approach to user identification is proposed, based on the fact that the client device stores one unique cookie value upon first access to the information system and subsequent comparison on the second and next calls of the stored value with the base of reference values on the server side to decide whether the user registered or not.

The disadvantage of this method is the high probability of a user discrimination error in the case of multi-user operation of one device, since the stored cookie value is unique for the device, and not for the user.

There is also a method of user identification using the component profile (Bessonova, Ε.E. Method of user identification on the Internet / E.E. Bessonova, I.A. Zikratov, Yu.L. Kolesnikov, V.Yu. Roskov // Scientific Technical Bulletin of Information Technologies, Mechanics and Optics. - 2012. - No. 3. - P. 133-137), in which, when constructing the user’s profile (identifier), all available cookie data stored on the device is used. Identification is carried out by comparing the profile of an unknown user with a pre-prepared database of profiles of known users, the decision is made to minimize the difference between the profiles, taking into account the threshold value.

The disadvantage of this method is also the high probability of error in distinguishing between users in the case of multi-user operation of one device.

The closest in technical essence to the claimed method and selected as a prototype is a method for identifying hardware based on cookies (patent US 2013167195 A1 06.27.2013, "Hardware identification through cookies"), which consists in preliminarily creating a database of identifiers registered in device information system based on cookies stored on devices. Then, when connecting the device to the information system on the client side, the device identifier is formed on the basis of cookies stored on the device, the generated device identifier is sent from the client side to the server side, the received identifier is compared on the server side with the identifiers of registered devices, calculating the degree of correlation for each pair of identifiers . An identifiable device is considered to be incident with a registered device if the calculated degree of correlation of their identifiers is maximum and exceeds the first threshold value.

The disadvantage of the prototype method is the high probability of error in distinguishing device users in the case of multi-user operation of one device, which reduces the level of protection of information circulating in the information system.

The objective of the invention is to provide a method for identifying a device and a user, which allows to increase the level of protection of information provided by the information system server to registered customers.

This problem is solved in that in a method for identifying hardware based on cookie data, which consists in preliminarily creating a database of identifiers of devices registered in the information system based on cookies stored on devices, forming a device identifier on the client side when the device is connected to the information system , send the generated device identifier from the client side to the server side, compare the received identifier with the identifier on the server side by fixtures of registered devices, the correlation degree is calculated for each pair of compared device identifiers, a decision is made on the incidence of the identifiable device to one of the registered devices, an additional database of registered user identifiers is created at the preliminary stage, and each registered device is compared with the list of authorized users from among registered users , after deciding on the incident, I will identify of a device, one of the registered devices generates a user identifier on the client side, sends the generated user identifier on the client side to the server side, compares the received identifier with the identifiers of registered users on the server side, calculates the degree of correlation for each pair of compared user identifiers, decides on the user's compliance one of the registered, determine the user access to work on identifiers Rui device.

The listed new set of essential features allows you to achieve the specified technical result by distinguishing between several users of the same device based on unique cookie data corresponding to the names of the accounts of the most common Internet services (mail services, online stores, social networks, cloud services) and increasing the likelihood of detection access to the information system of the intruder (unregistered user) from the device registered in the system.

The analysis of the prior art made it possible to establish that analogues that are characterized by a combination of features that are identical to all the features of the claimed method are absent, which indicates compliance of the invention with the condition of patentability “novelty”.

Search results for known solutions in this and related fields of technology in order to identify features that match the distinctive features of the claimed object from the prototype showed that they do not follow explicitly from the prior art. The prior art also did not reveal the popularity of the impact provided by the essential features of the claimed invention, the transformations on the achievement of the specified technical result. Therefore, the claimed invention meets the condition of patentability "inventive step".

The claimed invention is illustrated by the following figures:

FIG. 1 - a sequence of actions carried out when implementing the claimed method at the stage of forming the base of device identifiers;

FIG. 2 - a sequence of actions carried out when implementing the claimed method at the stage of forming the database of user identifiers;

FIG. 3 - sequence of actions carried out when implementing the claimed method at the stage of identification of the device and user.

The proposed method consists of three stages:

1. The stage of forming the base of identifiers of devices registered in the information system (Fig. 1).

2. The stage of forming the base of identifiers of registered users (Fig. 2).

3. The stage of identification of the device and the user (Fig. 3).

To implement the first stage (Fig. 1), the following actions are performed:

101. Enter the name of the device for which the training system. Thus, it is understood that the device will then be registered in the system under the specified name.

102. They collect all available cookie data stored on the device in the databases of installed browsers according to well-known methods described, for example, in the article (David MacDermot. Cookie Quest: A Quest to Read Cookies from Four Popular Browsers [Electronic resource]: website . - Access mode: http://www.codeproject.com/Articles/330142/Cookie-Quest-A-Quest-to-Read-Cookies-from-Four-Pop. - Date of access 01.09.2015.).

103. A device identifier is generated by combining the collected cookie data into one object, for example, an XML data file (extensible Markup Language). In this case, the device identifier is supplemented with the previously entered device name.

104. Write the device identifier in the database of registered devices, for example, by saving a data file in XML format (corresponding to the device identifier) in the file directory of registered devices.

At the second stage (Fig. 2), the following actions are performed:

201. Enter the username. Further, it is assumed that the user will be registered in the system under the specified name.

202. Collect all available cookie data stored on the device in the databases of installed browsers, similarly to (102).

203. A user identifier is formed by extracting from the total set of cookies collected those that correspond to the account names of the most common Internet services. A list of such names is prepared in advance, depending on the settings of the information system, for example:

- cookie value with the name yandex_login of yandex.ru domain;

- cookie value with the name Mror domain mail.ru ;

- cookie value with the name xman_us_f of the domain aliexpress.com ;

- cookie value with the name rlogin domain rambler.ru .

The indicated values contain in clear text the attributes of the user session (user login name), which makes it possible to identify the cookie data set with a specific user.

The device identifier combines the selected cookie data in one object, for example, in an XML data file (extensible Markup Language). In this case, the user identifier is supplemented with the previously entered user name.

204. The user ID is recorded in the registered user database, for example, by storing a data file in XML format (corresponding to the user ID) in the file directory of registered users.

205. Determine for the registered user to which registered devices he is allowed. The user identifier is compared with the identifiers of the devices to which it is authorized, for example, by storing a text file for each registered device with a list of names of authorized users.

After completing the first two stages, essentially training the system, it becomes possible to identify devices and users accessing the resources of the information system. The identification procedure is considered (but not limited in application) by the example of client-server interaction on the Internet.

At the third stage (Fig. 3), the following actions are performed:

301. They collect all available cookie data stored on the device in the databases of installed browsers, similar to (102).

302. A device identifier is generated similarly to (103). Actions (301-302) are performed on the client side (user device).

303. The generated device identifier is transmitted from the client side to the server side.

304. On the server side, the obtained identifier is compared with each identifier of the registered devices, determining the degree of their correlation (measure of proximity) by known methods described, for example, in the book (A. Gorelik, Recognition Methods: Textbook / A.L. Gorelik, V.A. Skripkin. - M.: Higher school., 1984. - 208 p.) On pages 15-16.

305. Among all calculated values of the degree of correlation, determine the maximum and compare it with the first threshold value. If the maximum value of the degree of correlation does not exceed the first threshold value, a decision is made that the device being identified is unknown and the user identification procedure has not been completed, after which the identification process is completed.

The first threshold value is selected depending on the requirements for the identification system according to well-known approaches described, for example, in the book (A. Gorelik Recognition Methods: Textbook / A. L. Gorelik, V. A. Skripkin. - M. : High school, 1984. - 208 p.) On pages 26-30.

If the maximum value of the degree of correlation exceeds the first threshold value, the following actions are performed.

306. An identifiable device is identified and one of the registered devices for which the calculated degree of correlation is maximum.

307. A user identifier is generated on the client side similarly to (203).

308. The generated user identifier is transmitted from the client side to the server side.

309. On the server side, the obtained identifier is compared with each of the identifiers of registered users, determining the degree of their correlation (measure of proximity) similarly (304).

310. Among all calculated values of the degree of correlation, the maximum is determined and compared with the second threshold value. If the maximum value of the degree of correlation does not exceed the second threshold value, a decision is made that the device being identified is registered and the user identification procedure has not been completed, after which the identification process is completed.

The second threshold value is chosen in the same way as in (305).

If the maximum value of the degree of correlation exceeds the second threshold value, perform the following actions:

311. Identify the identified user and one of the registered users for which the calculated degree of correlation is the maximum.

312. It is determined whether the identified user is allowed to work on the identified device, for example, by searching for the user name in a text file with a list of names of authorized users to the corresponding device.

If not, decide that the device to be identified is registered, the user is registered, but the user does not have permission to work on the device, and then the identification process is completed.

If yes, they decide that the device being identified is registered, the user is registered, the user has permission to work on the device, and then the identification process is completed.

The main advantage of the proposed method in comparison with the known methods of identifying the device and the user based on these cookies is that users are distinguished in the case of multi-user operation of one device, and this ensures the identification of a user who is not allowed to work on a registered device. In turn, identifying the intruder and preventing unauthorized access increases the level of protection of information provided by the information system server to registered customers.

The process of identifying an intruder who gained access to a registered device can be implemented in the following example. If the intruder logs into the personal mailbox on the email service, one of the cookie values with the name from the list generated in (203) will change on the registered device, which, in turn, will lead to a change in the identifier. The identifier of the violating user will be different from the identifier of the registered user, which, when accessing the information system and performing the identification procedure, will lead to one of the following solutions:

1. If the user-intruder is not registered in the system, then in (310) it will be decided that the identified device is registered, and the user identification procedure has not been performed.

2. If the intruder user is registered in the system, then in (312) it will be decided that the identified device is registered, the user is registered, but the user does not have permission to work on the device.

Based on any of these decisions received from the identification system, the information system identifies the intruder and prevents unauthorized access.

Moreover, the known methods of identifying the device and the user (considered as analogues and prototype) in this situation will not allow to identify the intruder if the threshold value of the decision exceeds the difference in at least one cookie value. In this case, the user-violator will be identified with the registered user within the margin of error.

Claims (1)

A method for identifying a device and a user by cookie data, which consists in preliminarily creating a database of identifiers of devices registered in the information system based on cookies stored on the devices, generating a device identifier on the client side when the device is connected to the information system, sending the generated device identifier on the side client on the server side, compare on the server side the received identifier with the identifiers of registered devices TV, calculate for each pair of compared device identifiers the degree of correlation, make a decision about the incidence of the identified device to one of the registered devices, characterized in that at the preliminary stage they create a database of registered user identifiers, compare each registered device with a list of registered users from the number of registered users, after deciding on the incidence of an identifiable device to one of the registrations striated devices form a user identifier on the client side, send the generated user identifier on the client side to the server side, compare the received identifier on the server side with the identifiers of registered users, calculate the degree of correlation for each pair of compared user identifiers, decide on whether the user matches one of the registered ones, determine the user access to work on the identified device.

Images