WO2020086024A2 - A system for enabling device identification - Google Patents

A system for enabling device identification Download PDF

Info

Publication number
WO2020086024A2
WO2020086024A2 PCT/TR2019/050605 TR2019050605W WO2020086024A2 WO 2020086024 A2 WO2020086024 A2 WO 2020086024A2 TR 2019050605 W TR2019050605 W TR 2019050605W WO 2020086024 A2 WO2020086024 A2 WO 2020086024A2
Authority
WO
WIPO (PCT)
Prior art keywords
order
electronic device
signature
generator
identity
Prior art date
Application number
PCT/TR2019/050605
Other languages
French (fr)
Other versions
WO2020086024A3 (en
Inventor
Ugur Abbas AKKURT
Sabri KANTAR
Reha EMEKLI
Ozcan YAHSI
Original Assignee
Turkiye Garanti Bankasi Anonim Sirketi
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Turkiye Garanti Bankasi Anonim Sirketi filed Critical Turkiye Garanti Bankasi Anonim Sirketi
Publication of WO2020086024A2 publication Critical patent/WO2020086024A2/en
Publication of WO2020086024A3 publication Critical patent/WO2020086024A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing

Definitions

  • the present invention relates to a system for enabling to gather the information of the device which is used in transactions being carried out on web pages, to determine an identity number about the device, to detect the cases which are risky about the device and to prevent frauds by means of device matching.
  • a centralized database is configured to create and store data in real-time from user devices and user web pages. Individual users are distinguished from others by hundreds of user-device configuration data. A user is provoked to configure the data automatically when s/he visits a webpage.
  • a collection of comprehensive dossiers of user devices is organized and it is used for calculating a fraud score in real-time.
  • the Chinese patent document no. CN102710770 discloses a system for identification of network access equipment.
  • the user accesses the web service layer by means of his/her device and the software, which runs as embedded into the application program page of a client, gathers the data about the user device. It is determined whether the network access user equipment exists or not by accessing the equipment fingerprint database.
  • an equipment fingerprint management platform carries out transactions of network risk control according to the equipment identification and the equipment. Early warning for risks, equipment tracking, similar actions can be taken by means of the network access equipment query. Summary of the Invention
  • An objective of the present invention is to realize a system for enabling to gather the information of the device which is used in transactions being carried out on web pages, to determine an identity number about the device, to detect the cases which are risky about the device and to prevent frauds by means of device matching.
  • Figure 1 is a schematic view of the inventive system.
  • the inventive system (1) for enabling device identification comprises:
  • At least one electronic device (2) which is requested to be defined; at least one device identification server (3) which configures the user demands in order to take action in accordance with these demands upon receiving them over the electronic device (2); at least one data gathering unit (4) which configures the data about the electronic device (2) in order to gather them upon accessing various resources;
  • At least one device signature generator (5) which is configured in order to generate signatures unique to the electronic device (2);
  • At least one device identity generator (6) which is configured in order to generate identities unique to the electronic device (2) by using the parameter about the electronic device (2) and the similarities among the devices.
  • the electronic device (2) included in the inventive system (1) is a device such as mobile phone, tablet, computer.
  • the device identification server (3) included in the inventive system (1) is configured in order to receive the requests from the electronic device (2) and take actions in accordance with these requests.
  • the device identification server (3) is configured in order to create a unique value such that its use will be valid for a predetermined period of time upon receiving the request transmitted to itself when a web page is opened on the electronic device (2).
  • the device identification server (3) is configured in order to perform pre-controls and risk controls on the electronic device (2) data transmitted to itself by the data gathering unit (4).
  • the device identification server (3) is configured in order to decode on the device data transmitted to itself by the data gathering unit (4) and to validate the hash information obtained by the data gathering unit (4).
  • the device identification server (3) is configured in order to perform controls about whether the electronic device (2) comprises malicious software or not by examining some header fields that are received together with the electronic device (2) information; whether there is TOR (The Onion Routing) wherein anonymous links of the device browser are used in cases when the plugin list is received as null, the values of the screen resolution and the available screen resolution are not received as same or not; the parameters about the electronic device (2) are manually changed or not.
  • TOR The Onion Routing
  • the data gathering unit (4) included in the inventive system (1) is configured in order to gather data about the electronic device (2) by accessing the electronic device (2) wherein the web page is opened and to transmit the gathered data to the device identification server (3).
  • the device identification server (3) is a JavaScript library wherein the parameters to be gathered about the electronic device (2) are predetermined.
  • iframe Inline Frame
  • HTML Hyper Text Mark-Up Language
  • the data gathering unit (4) is configured in order to transmit the information about the electronic device (2) to the device identification server (3) in a HTML form by inserting them into a hidden iframe and embedding this into a form.
  • the data gathering unit (4) is configured in order to receive hash and also to add the hash information to the electronic device (2) information before it transmits the gathered data to the device identification server (3).
  • the data gathering unit (4) is configured in order to use base64 encoding standard that is used for converting the binary data into ASCII (American Standart Codes for Information Interchange) text format before it transmits the gathered data about the electronic device (2) to the device identification server (3).
  • ASCII American Standart Codes for Information Interchange
  • the device signature generator (5) included in the inventive system (1) is configured in order to generate high-resolution device signature and low- resolution device signature fields by using the parameters included in the data about the electronic device (2) gathered by the data gathering unit (4).
  • the device signature generator (5) is configured in order to receive hash by combining the fields that are never expected to change in time in the electronic device (2), in order to determine the low-resolution device signature.
  • the low-resolution device signature that is determined by the device signature generator (5), is expected not to change as a result of updates.
  • the device signature generator (5) is configured in order to receive hash by combining the device parameters that are not expected to change in time in the electronic device (2), in order to determine the high-resolution device signature.
  • the device signature which is obtained by combining the low-resolution device signature and the high-resolution device signature, is used for generating the device identity.
  • the device signature generator (5) is configured in order to control cookie, local storage, e-tag (Entity Tag), session information that are left in the electronic device (2) where the transaction request reaches, respectively.
  • the device identity generator (6) included in the inventive system (1) runs on the device identification server (3) and it is configured in order to carry out similarity measurements among devices by considering the varying frequencies and the determined importance coefficients of the parameters that are gathered by the data gathering unit (4) and included in the data about the electronic device (2).
  • the device identity generator (6) is configured in order to carry out similarity measurement among the devices that have made transaction with the electronic device (2) wherefrom the transaction request is received in the past.
  • the device identity generator (6) is configured in order to assign the identity information of the matching device as the identity information of the electronic device (2), when it detects a predetermined level of proximity among the devices.
  • the device identity generator (6) is configured in order to make a list of candidate devices that have the same high-resolution signature, by using the high-resolution signature value calculated, when all of the cookie, local storage, e-tag and session information -which are left in the electronic device (2) wherefrom the new transaction request controlled by the device signature generator (5) is received- don’t match.
  • the device identity generator (6) determines the varying frequency within the signature by using the Hamming Distance algorithm that is determined by the number of displacement required in order that the two strings interconvert in order to compare all fields that are out of the device fields within the high- resolution signature to make comparison of similarity with the electronic device (2) after finding the candidate devices.
  • the device identity generator (6) controls whether the varying frequencies about the candidate device and the electronic device (2) have similarities on a predetermined threshold value or not after determining the varying frequency within the signature.
  • the device identity generator (6) is configured in order to match the candidate device and the electronic device (2) and to assign the device identity information of the matching device as the identity information of the electronic device (2) in the event that the varying frequencies exceed the threshold value.
  • the device identity generator (6) is configured in order to determine a candidate list retrospectively by using the low-resolution signature information instead of the high-resolution signature information in the event that the varying frequencies remain under the threshold value.
  • the device identity generator (6) determines the varying frequency within the signature by using the Hamming Distance algorithm in order to compare all the fields that out of the device fields within the low- resolution signature to make comparison of similarity with the electronic device (2) after finding the candidate devices.
  • the device identity generator (6) is configured in order to control whether the varying frequencies about the candidate device and the electronic device (2) have similarities on a predetermined threshold value or not after determining the varying frequency within the signature.
  • the device identity generator (6) is configured in order to match the candidate device and the electronic device (2) and to assign the device identity information of the matching device as the identity information of the electronic device (2) in the event that the varying frequencies exceed the threshold value.
  • the device identity generator (6) is configured in order to compare internal IP (Internet Protocol) and external IP numbers of devices when there is a plurality of devices having the same similarity ratio.
  • the device identity generator (6) assigns the device identity of this device as the identity of the electronic device (2) when it finds a device having matching internal IP and external IP numbers from the candidate list.
  • the device identity generator (6) accepts the most up-to-date device as the matching device and assigns the device identity of this device as the identity of the electronic device (2) when it cannot find a device passing through the IP filters.
  • the device identity generator (6) determines that the device identity generator (6) is a new device and performs a new device identity assignment in the event that it cannot perform any matching with any device as a result of the comparisons.
  • the device identity generator (6) performs validation control on parameters such as the operating systems and the browsers of the device whereby matching is provided and the electronic device (2) to determine whether these two matching devices are the same devices or not, when any of the cookie, local storage, e-tag and session information that are left in the electronic device (2) wherefrom the new transaction request controlled by the device signature generator (5) is received matches.
  • the device identity generator (6) is configured in order to perform controls by means of lists of candidate devices by using the high-resolution signature field and the low-resolution signature field in cases when the validation control fails.
  • triggering can be realized for a transaction over the input button located on a homepage by the web page owner institution.
  • the threshold value about the similarity included in the Hamming Distance algorithm that is used for measuring the similarity between the two devices is configurable.
  • the quality of detection of matching device may reduce as this value increases.
  • each device parameter included in the Hamming Distance algorithm that is used for measuring the similarity between the two devices has a weight of importance and these weights of importance may vary according to the varying frequency in time of the related device parameter.
  • a request is sent to the device identification server (3) asynchronously with the JavaScript when a web page is opened in the inventive system (1).
  • a special unique value (unique ID) is generated by the device identification server (3) such that its use will be valid for 1 minute. This structure does not affect the opening speed of the web page because the request sent is initiated asynchronously.
  • the unique value generated by the server is used in the front side and it returns to the device identification server (3) after the electronic device (2) gathers the information.
  • the data gathering unit (4) is a JavaScript library running in the front side.
  • the data gathering unit (4) sends the information about the electronic device (2) (including the unique ID value as well) to the device identification server (3). Because the web page belongs to another server, the data gathering unit (4) uses iframe technology in order that the electronic device (2) data are sent to the device identification server (3) safely.
  • the information about the electronic device (2) are inserted into a hidden iframe and this iframe thread is transmitted to the device identification server (3) in a HTML form format upon being embed into the form. Due to the fact that using iframe technology enables information transfer to a different server, it prevents providing warning to the user on the screen and experience of navigating in a bad page.
  • the data gathering unit (4) receives hash by typifying of the information about the device and adds the hash information into the electronic device (2) information as well before the transmission. If a network attack has occurred and a change has happened within the data, these attacks can be prevented by means of the hash control made by the device identification server (3).
  • Another security measure is to encode the data which are sent in order to avoid that the data of the data gathering unit (4) are made readable, by means of base64. The data transmitted to the device identification server (3) by the data gathering unit (4) are controlled by the device identification server (3).
  • the data encoded by the base64 standard are decoded through the device identification server (3) and validation control of the hash information within thereof is made. Then, it is controlled by the device identification server (3) whether the account number and the password of the client -who is the owner of the page wherefrom the transaction is received- are entered correctly or not, the unique ID value received is valid or not, the user agents match or not, respectively.
  • the device identification server (3) performs controls about whether the electronic device (2) comprises malicious software or not by examining some header fields that are received together with the electronic device (2) information; whether there is TOR (The Onion Routing) wherein anonymous links of the device browser are used in cases when the plugin list is received as null, the values of the screen resolution and the available screen resolution are not received as same or not; the parameters about the electronic device (2) are manually changed or not. Then, the device signature generator (5) generates high-resolution device signature field and low- resolution device signature field by using the parameters included in the data about the electronic device (2). The low-resolution device signature is expected not to change when the electronic device (2) go through updates.
  • TOR The Onion Routing
  • the parameters used in the low- resolution device signature are information which are not expected to vary in time such as type of device, operating system, browser language, number of device core.
  • the parameters used in the high-resolution device signature are information whether some header fields, some javascript libraries are supported or not; information such as sound system parameters, camera, speaker, microphone usage information.
  • Both signature fields are sued by the device identification server (3) in order to find the matching device in a new transaction to be received related to the device.
  • the device identification server (3) examines cookie, local storage, e-tag and session information left in the electronic device (2) where the transaction is carried out.
  • the device identification server (3) performs a device validation when a matching device is found. Validation control of high-resolution field signature is made when no matching device can be found and validation control of low-resolution field signature is made when no matching can be found again, respectively. If number of matching devices is more than one, internal IP and external IP values of the candidate devices are examined. If the number of matching devices is one, it is ensured that the identity of the electronic device (2) is same with the identity of the device wherein matching is provided among the candidate devices.

Abstract

The present invention relates to a system (1) for enabling to gather the information of the device which is used in transactions being carried out on web pages, to determine an identity number about the device, to detect the cases which are risky about the device and to prevent frauds by means of device matching.

Description

A SYSTEM FOR ENABLING DEVICE IDENTIFICATION
Technical Field
The present invention relates to a system for enabling to gather the information of the device which is used in transactions being carried out on web pages, to determine an identity number about the device, to detect the cases which are risky about the device and to prevent frauds by means of device matching.
Background of the Invention
Today, device identification technologies are developed in many fields such as online shopping, internet banking, e-mail services. Given the rapidly increasing number of device and subscription, this technology which is developed for preventing fraud among devices and subscriptions is of great importance for institutions.
In existing device identification works in the market, controls cannot be performed adequately on the subject of detecting device information manipulations which have been made in order to misdirect the system about device identification. For example, a user can change the user agent value of the browser manually in order to look like carrying out transaction from the Mozilla Firefox browser although s/he carries out transaction from Google Chrome browser. A different device identity can be created for a new transaction incorrectly when the user agent value is changed manually in the same device after finding the device identity by carrying out transaction from a device in device identification works. In existing device identification works, cookie and session information are used. Local storage information is not used in the market too much for security reasons. However, it is also not problem to use local storage information when necessary precautions are taken and as long as detection controls of cases such as hacking performed on local storage are made. Users sometimes focus on cookies part when they clear their browser history and they skip clearing the local storage information.
Considering the studies and the deficiencies in the existing technology, it is understood that there is need for a system whereby reliability is enhanced by using local storage and e-tag information as well as cookie and session information.
The United States patent document no. US20150039513, an application in the state of the art, discloses a real-time fraud prevention system which enables to protect organizations from users who pose risk. A centralized database is configured to create and store data in real-time from user devices and user web pages. Individual users are distinguished from others by hundreds of user-device configuration data. A user is provoked to configure the data automatically when s/he visits a webpage. A collection of comprehensive dossiers of user devices is organized and it is used for calculating a fraud score in real-time.
The Chinese patent document no. CN102710770, another application in the state of the art, discloses a system for identification of network access equipment. The user accesses the web service layer by means of his/her device and the software, which runs as embedded into the application program page of a client, gathers the data about the user device. It is determined whether the network access user equipment exists or not by accessing the equipment fingerprint database. When a user enters an application layer for carrying out transaction, an equipment fingerprint management platform carries out transactions of network risk control according to the equipment identification and the equipment. Early warning for risks, equipment tracking, similar actions can be taken by means of the network access equipment query. Summary of the Invention
An objective of the present invention is to realize a system for enabling to gather the information of the device which is used in transactions being carried out on web pages, to determine an identity number about the device, to detect the cases which are risky about the device and to prevent frauds by means of device matching.
Detailed Description of the Invention
“A System for Enabling Device Identification” realized to fulfil the objective of the present invention is shown in the figure attached, in which:
Figure 1 is a schematic view of the inventive system.
The components illustrated in the figure are individually numbered, where the numbers refer to the following:
1. System
2. Electronic device
3. Device identification server
4. Data gathering unit
5. Device signature generator
6. Device identity generator
The inventive system (1) for enabling device identification comprises:
at least one electronic device (2) which is requested to be defined; at least one device identification server (3) which configures the user demands in order to take action in accordance with these demands upon receiving them over the electronic device (2); at least one data gathering unit (4) which configures the data about the electronic device (2) in order to gather them upon accessing various resources;
at least one device signature generator (5) which is configured in order to generate signatures unique to the electronic device (2);
at least one device identity generator (6) which is configured in order to generate identities unique to the electronic device (2) by using the parameter about the electronic device (2) and the similarities among the devices.
The electronic device (2) included in the inventive system (1) is a device such as mobile phone, tablet, computer.
The device identification server (3) included in the inventive system (1) is configured in order to receive the requests from the electronic device (2) and take actions in accordance with these requests. The device identification server (3) is configured in order to create a unique value such that its use will be valid for a predetermined period of time upon receiving the request transmitted to itself when a web page is opened on the electronic device (2). The device identification server (3) is configured in order to perform pre-controls and risk controls on the electronic device (2) data transmitted to itself by the data gathering unit (4).
In a preferred embodiment of the invention, the device identification server (3) is configured in order to decode on the device data transmitted to itself by the data gathering unit (4) and to validate the hash information obtained by the data gathering unit (4). The device identification server (3) is configured in order to perform controls about whether the electronic device (2) comprises malicious software or not by examining some header fields that are received together with the electronic device (2) information; whether there is TOR (The Onion Routing) wherein anonymous links of the device browser are used in cases when the plugin list is received as null, the values of the screen resolution and the available screen resolution are not received as same or not; the parameters about the electronic device (2) are manually changed or not.
The data gathering unit (4) included in the inventive system (1) is configured in order to gather data about the electronic device (2) by accessing the electronic device (2) wherein the web page is opened and to transmit the gathered data to the device identification server (3). In a preferred embodiment of the invention, the device identification server (3) is a JavaScript library wherein the parameters to be gathered about the electronic device (2) are predetermined.
In a preferred embodiment of the invention, iframe (Inline Frame) component which enables to embed a web page into a HTML (Hyper Text Mark-Up Language) file in order that the data gathering unit (4) can gather the device information safely due to the fact that the web page operates with another server, is used. The data gathering unit (4) is configured in order to transmit the information about the electronic device (2) to the device identification server (3) in a HTML form by inserting them into a hidden iframe and embedding this into a form. The data gathering unit (4) is configured in order to receive hash and also to add the hash information to the electronic device (2) information before it transmits the gathered data to the device identification server (3).
In a preferred embodiment of the invention, the data gathering unit (4) is configured in order to use base64 encoding standard that is used for converting the binary data into ASCII (American Standart Codes for Information Interchange) text format before it transmits the gathered data about the electronic device (2) to the device identification server (3).
The device signature generator (5) included in the inventive system (1) is configured in order to generate high-resolution device signature and low- resolution device signature fields by using the parameters included in the data about the electronic device (2) gathered by the data gathering unit (4). The device signature generator (5) is configured in order to receive hash by combining the fields that are never expected to change in time in the electronic device (2), in order to determine the low-resolution device signature. The low-resolution device signature, that is determined by the device signature generator (5), is expected not to change as a result of updates.
The device signature generator (5) is configured in order to receive hash by combining the device parameters that are not expected to change in time in the electronic device (2), in order to determine the high-resolution device signature.
The device signature, which is obtained by combining the low-resolution device signature and the high-resolution device signature, is used for generating the device identity. The device signature generator (5) is configured in order to control cookie, local storage, e-tag (Entity Tag), session information that are left in the electronic device (2) where the transaction request reaches, respectively.
The device identity generator (6) included in the inventive system (1) runs on the device identification server (3) and it is configured in order to carry out similarity measurements among devices by considering the varying frequencies and the determined importance coefficients of the parameters that are gathered by the data gathering unit (4) and included in the data about the electronic device (2). The device identity generator (6) is configured in order to carry out similarity measurement among the devices that have made transaction with the electronic device (2) wherefrom the transaction request is received in the past. The device identity generator (6) is configured in order to assign the identity information of the matching device as the identity information of the electronic device (2), when it detects a predetermined level of proximity among the devices.
The device identity generator (6) is configured in order to make a list of candidate devices that have the same high-resolution signature, by using the high-resolution signature value calculated, when all of the cookie, local storage, e-tag and session information -which are left in the electronic device (2) wherefrom the new transaction request controlled by the device signature generator (5) is received- don’t match. The device identity generator (6) determines the varying frequency within the signature by using the Hamming Distance algorithm that is determined by the number of displacement required in order that the two strings interconvert in order to compare all fields that are out of the device fields within the high- resolution signature to make comparison of similarity with the electronic device (2) after finding the candidate devices. The device identity generator (6) controls whether the varying frequencies about the candidate device and the electronic device (2) have similarities on a predetermined threshold value or not after determining the varying frequency within the signature. The device identity generator (6) is configured in order to match the candidate device and the electronic device (2) and to assign the device identity information of the matching device as the identity information of the electronic device (2) in the event that the varying frequencies exceed the threshold value.
The device identity generator (6) is configured in order to determine a candidate list retrospectively by using the low-resolution signature information instead of the high-resolution signature information in the event that the varying frequencies remain under the threshold value. The device identity generator (6) determines the varying frequency within the signature by using the Hamming Distance algorithm in order to compare all the fields that out of the device fields within the low- resolution signature to make comparison of similarity with the electronic device (2) after finding the candidate devices. The device identity generator (6) is configured in order to control whether the varying frequencies about the candidate device and the electronic device (2) have similarities on a predetermined threshold value or not after determining the varying frequency within the signature. The device identity generator (6) is configured in order to match the candidate device and the electronic device (2) and to assign the device identity information of the matching device as the identity information of the electronic device (2) in the event that the varying frequencies exceed the threshold value. The device identity generator (6) is configured in order to compare internal IP (Internet Protocol) and external IP numbers of devices when there is a plurality of devices having the same similarity ratio. The device identity generator (6) assigns the device identity of this device as the identity of the electronic device (2) when it finds a device having matching internal IP and external IP numbers from the candidate list. The device identity generator (6) accepts the most up-to-date device as the matching device and assigns the device identity of this device as the identity of the electronic device (2) when it cannot find a device passing through the IP filters. The device identity generator (6) determines that the device identity generator (6) is a new device and performs a new device identity assignment in the event that it cannot perform any matching with any device as a result of the comparisons.
The device identity generator (6) performs validation control on parameters such as the operating systems and the browsers of the device whereby matching is provided and the electronic device (2) to determine whether these two matching devices are the same devices or not, when any of the cookie, local storage, e-tag and session information that are left in the electronic device (2) wherefrom the new transaction request controlled by the device signature generator (5) is received matches.
The device identity generator (6) is configured in order to perform controls by means of lists of candidate devices by using the high-resolution signature field and the low-resolution signature field in cases when the validation control fails.
In one embodiment of the invention, triggering can be realized for a transaction over the input button located on a homepage by the web page owner institution.
In one embodiment of the invention, the threshold value about the similarity included in the Hamming Distance algorithm that is used for measuring the similarity between the two devices, is configurable. The quality of detection of matching device may reduce as this value increases.
In another embodiment of the invention, each device parameter included in the Hamming Distance algorithm that is used for measuring the similarity between the two devices, has a weight of importance and these weights of importance may vary according to the varying frequency in time of the related device parameter.
A request is sent to the device identification server (3) asynchronously with the JavaScript when a web page is opened in the inventive system (1). Upon the received request, a special unique value (unique ID) is generated by the device identification server (3) such that its use will be valid for 1 minute. This structure does not affect the opening speed of the web page because the request sent is initiated asynchronously. The unique value generated by the server is used in the front side and it returns to the device identification server (3) after the electronic device (2) gathers the information.
In a preferred embodiment of the invention, the data gathering unit (4) is a JavaScript library running in the front side. The data gathering unit (4) sends the information about the electronic device (2) (including the unique ID value as well) to the device identification server (3). Because the web page belongs to another server, the data gathering unit (4) uses iframe technology in order that the electronic device (2) data are sent to the device identification server (3) safely. The information about the electronic device (2) are inserted into a hidden iframe and this iframe thread is transmitted to the device identification server (3) in a HTML form format upon being embed into the form. Due to the fact that using iframe technology enables information transfer to a different server, it prevents providing warning to the user on the screen and experience of navigating in a bad page. For the purpose of being safe from man-in-the-middle (MITM) type of attacks during the transmission stage, the data gathering unit (4) receives hash by typifying of the information about the device and adds the hash information into the electronic device (2) information as well before the transmission. If a network attack has occurred and a change has happened within the data, these attacks can be prevented by means of the hash control made by the device identification server (3). Another security measure is to encode the data which are sent in order to avoid that the data of the data gathering unit (4) are made readable, by means of base64. The data transmitted to the device identification server (3) by the data gathering unit (4) are controlled by the device identification server (3). The data encoded by the base64 standard are decoded through the device identification server (3) and validation control of the hash information within thereof is made. Then, it is controlled by the device identification server (3) whether the account number and the password of the client -who is the owner of the page wherefrom the transaction is received- are entered correctly or not, the unique ID value received is valid or not, the user agents match or not, respectively. The device identification server (3) performs controls about whether the electronic device (2) comprises malicious software or not by examining some header fields that are received together with the electronic device (2) information; whether there is TOR (The Onion Routing) wherein anonymous links of the device browser are used in cases when the plugin list is received as null, the values of the screen resolution and the available screen resolution are not received as same or not; the parameters about the electronic device (2) are manually changed or not. Then, the device signature generator (5) generates high-resolution device signature field and low- resolution device signature field by using the parameters included in the data about the electronic device (2). The low-resolution device signature is expected not to change when the electronic device (2) go through updates. However, it is a high probability for it to have the same low-resolution device signature value among different devices because the number of device parameter used in its generation is low. Number of the parameters used in the high-resolution device signature is higher than the number of the parameters used in the low-resolution device signature and it is a lower probability for two different devices to have the same high-resolution device signature value. The parameters used in the low- resolution device signature are information which are not expected to vary in time such as type of device, operating system, browser language, number of device core. Whereas the parameters used in the high-resolution device signature are information whether some header fields, some javascript libraries are supported or not; information such as sound system parameters, camera, speaker, microphone usage information. Both signature fields are sued by the device identification server (3) in order to find the matching device in a new transaction to be received related to the device. The device identification server (3) examines cookie, local storage, e-tag and session information left in the electronic device (2) where the transaction is carried out. The device identification server (3) performs a device validation when a matching device is found. Validation control of high-resolution field signature is made when no matching device can be found and validation control of low-resolution field signature is made when no matching can be found again, respectively. If number of matching devices is more than one, internal IP and external IP values of the candidate devices are examined. If the number of matching devices is one, it is ensured that the identity of the electronic device (2) is same with the identity of the device wherein matching is provided among the candidate devices.
Within these basic concepts; it is possible to develop various embodiments of inventive system (1); the invention cannot be limited to examples disclosed herein and it is essentially according to claims.

Claims

1. A system (1) for enabling device identification comprising at least one electronic device (2) which is requested to be defined; at least one device identification server (3) which configures the user demands in order to take action in accordance with these demands upon receiving them over the electronic device (2);
at least one data gathering unit (4) which configures the data about the electronic device (2) in order to gather them upon accessing various resources;
and characterized by
at least one device signature generator (5) which is configured in order to generate signatures unique to the electronic device (2);
at least one device identity generator (6) which is configured in order to generate identities unique to the electronic device (2) by using the parameter about the electronic device (2) and the similarities among the devices.
2. A system (1) according to Claim 1; characterized by the mobile device (2) which is a device such as mobile phone, tablet, computer.
3. A system (1) according to any of the preceding claims; characterized by the device identification server (3) which is configured in order to create a unique value such that its use will be valid for a predetermined period of time upon receiving the request transmitted to itself when a web page is opened.
4. A system (1) according to any of the preceding claims; characterized by the device identification server (3) which is configured in order to decode on the mobile device (2) data transmitted to itself by the data gathering unit (4) and to perform validation control of the hash information obtained by the data gathering unit (4).
5. A system (1) according to any of the preceding claims; characterized by the device identification server (3) which is configured in order to perform controls about whether the electronic device (2) comprises malicious software or not by examining some header fields that are received together with the electronic device (2) information; whether there is TOR (The Onion Routing) wherein anonymous links of the device browser are used in cases when the plugin list is received as null, the values of the screen resolution and the available screen resolution are not received as same or not; the parameters about the electronic device (2) are manually changed or not.
6. A system (1) according to any of the preceding claims; characterized by the data gathering unit (4) which is configured in order to gather data about the electronic device (2) by accessing the electronic device (2) wherein the web page is opened and to transmit the gathered data to the device identification server (3).
7. A system (1) according to any of the preceding claims; characterized by the data gathering unit (4) which is configured in order to use iframe (Inline Frame) component which enables to embed a web page into a HTML (Hyper Text Mark-Up Language) file in order that the data gathering unit (4) can gather the device information safely due to the fact that the web page operates with another server.
8. A system (1) according to any of the preceding claims; characterized by the data gathering unit (4) which is configured in order to transmit the information about the electronic device (2) to the device identification server (3) in a HTML form by inserting them into a hidden iframe and embedding this into a form.
9. A system (1) according to any of the preceding claims; characterized by the data gathering unit (4) which is configured in order to receive hash and also to add the hash information to the electronic device (2) information before it transmits the gathered data to the device identification server (3).
10. A system (1) according to any of the preceding claims; characterized by the data gathering unit (4) which is configured in order to use base64 encoding standard that is used for converting the binary data into ASCII (American Standart Codes for Information Interchange) text format before it transmits the electronic device (2) data gathered to the device identification server (3).
11. A system (1) according to any of the preceding claims; characterized by the device signature generator (5) which is configured in order to generate high- resolution device signature and low-resolution device signature fields by using the parameters included in the data about the electronic device (2) gathered by the data gathering unit (4).
12. A system (1) according to any of the preceding claims; characterized by the device signature generator (5) which is configured in order to receive hash by combining the fields that are never expected to change in time in the electronic device (2), in order to determine the low-resolution device signature.
13. A system (1) according to any of the preceding claims; characterized by the device signature generator (5) which is configured in order to receive hash by combining the device parameters that are not expected to change in time in the electronic device (2), in order to determine the high-resolution device signature.
14. A system (1) according to any of the preceding claims; characterized by the device signature generator (5) which is configured in order to control cookie, local storage, e-tag (Entity Tag), session information that are left in the electronic device (2) where the transaction request reaches, respectively.
15. A system (1) according to any of the preceding claims; characterized by the device identity generator (6) which is configured in order to run on the device identification server (3), to carry out similarity measurements among devices by considering the varying frequencies and the determined importance coefficients of the parameters that are gathered by the data gathering unit (4) and included in the data about the electronic device (2).
16. A system (1) according to any of the preceding claims; characterized by the device identity generator (6) which is configured in order to carry out similarity measurement among the devices that have made transaction with the electronic device (2) wherefrom the transaction request is received in the past.
17. A system (1) according to any of the preceding claims; characterized by the device identity generator (6) which is configured in order to assign the identity information of the matching device as the identity information of the electronic device (2), when it detects a predetermined level of proximity among the devices.
18. A system (1) according to any of the preceding claims; characterized by the device identity generator (6) which is configured in order to make a list of candidate devices that have the same high-resolution signature, by using the high-resolution signature value calculated, when all of the cookie, local storage, e-tag and session information -which are left in the electronic device (2) wherefrom the new transaction request controlled by the device signature generator (5) is received- don’t match.
19. A system (1) according to Claim 18; characterized by the device identity generator (6) which is configured in order to determine the varying frequency within the signature by using the Hamming Distance algorithm that is determined by the number of displacement required in order that the two strings interconvert in order to compare all fields that are out of the device fields within the high-resolution signature to make comparison of similarity with the electronic device (2) after finding the candidate devices.
20. A system (1) according to Claim 19; characterized by the device identity generator (6) which is configured in order to control whether the varying frequencies about the candidate device and the electronic device (2) have similarities on a predetermined threshold value or not after determining the varying frequency within the signature.
21. A system (1) according to Claim 20; characterized by the device identity generator (6) which is configured in order to match the candidate device and the electronic device (2) and to assign the device identity information of the matching device as the identity information of the electronic device (2) in the event that the varying frequencies exceed the threshold value.
22. A system (1) according to Claim 20; characterized by the device identity generator (6) which is configured in order to determine a candidate list retrospectively by using the low-resolution signature information instead of the high-resolution signature information in the event that the varying frequencies remain under the threshold value.
23. A system (1) according to Claim 22; characterized by the device identity generator (6) which is configured in order to determine the varying frequency within the signature by using the Hamming Distance algorithm in order to compare all the fields that out of the device fields within the low-resolution signature to make comparison of similarity with the electronic device (2) after finding out the candidate devices.
24. A system (1) according to Claim 23; characterized by the device identity generator (6) which is configured in order to control whether the varying frequencies about the candidate device and the electronic device (2) have similarities on a predetermined threshold value or not after determining the varying frequency within the signature.
25. A system (1) according to Claim 24; characterized by the device identity generator (6) which is configured in order to match the candidate device and the electronic device (2) and to assign the device identity information of the matching device as the identity information of the electronic device (2) in the event that the varying frequencies exceed the threshold value.
26. A system (1) according to any of the preceding claims; characterized by the device identity generator (6) which is configured in order to compare internal IP (Internet Protocol) and external IP numbers of devices when there is a plurality of devices having the same similarity ratio.
27. A system (1) according to Claim 26; characterized by the device identity generator (6) which is configured in order to assign the device identity of this device as the identity of the electronic device (2) when it finds a device having matching internal IP and external IP numbers from the candidate list.
28. A system (1) according to Claim 26; characterized by the device identity generator (6) which is configured in order to accept the most up-to-date device as the matching device and assign the device identity of this device as the identity of the electronic device (2) when it cannot find a device passing through the IP filters.
29. A system (1) according to any of the preceding claims; characterized by the device identity generator (6) which is configured in order to determine that the device identity generator (6) is a new device and perform a new device identity assignment in the event that it cannot perform any matching with any device as a result of the comparisons.
30. A system (1) according to any of the preceding claims; characterized by the device identity generator (6) which is configured in order to perform validation control on parameters such as the operating systems and the browsers of the device whereby matching is provided and the electronic device (2) to determine whether these two matching devices are the same devices or not, when any of the cookie, local storage, e-tag and session information that are left in the electronic device (2) wherefrom the new transaction request controlled by the device signature generator (5) is received matches.
31. A system (1) according to Claim 30; characterized by the device identity generator (6) which is configured in order to perform controls by means of lists of candidate devices by using the high-resolution signature field and the low-resolution signature field in cases when the validation control fails.
PCT/TR2019/050605 2018-09-17 2019-07-23 A system for enabling device identification WO2020086024A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
TR2018/13299 2018-09-17
TR2018/13299A TR201813299A2 (en) 2018-09-17 2018-09-17 A SYSTEM ENSURING DEVICE RECOGNITION

Publications (2)

Publication Number Publication Date
WO2020086024A2 true WO2020086024A2 (en) 2020-04-30
WO2020086024A3 WO2020086024A3 (en) 2020-07-23

Family

ID=67952609

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/TR2019/050605 WO2020086024A2 (en) 2018-09-17 2019-07-23 A system for enabling device identification

Country Status (3)

Country Link
AR (1) AR116414A1 (en)
TR (1) TR201813299A2 (en)
WO (1) WO2020086024A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112650174A (en) * 2020-12-21 2021-04-13 佳都新太科技股份有限公司 Identity identification method and system of environment control equipment and computer storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8307099B1 (en) * 2006-11-13 2012-11-06 Amazon Technologies, Inc. Identifying use of software applications
US9471920B2 (en) * 2009-05-15 2016-10-18 Idm Global, Inc. Transaction assessment and/or authentication
WO2014078569A1 (en) * 2012-11-14 2014-05-22 The 41St Parameter, Inc. Systems and methods of global identification

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112650174A (en) * 2020-12-21 2021-04-13 佳都新太科技股份有限公司 Identity identification method and system of environment control equipment and computer storage medium
CN113641162A (en) * 2020-12-21 2021-11-12 佳都科技集团股份有限公司 Identity identification method and system of environment control equipment and computer storage medium

Also Published As

Publication number Publication date
TR201813299A2 (en) 2019-06-21
WO2020086024A3 (en) 2020-07-23
AR116414A1 (en) 2021-05-05

Similar Documents

Publication Publication Date Title
JP6530786B2 (en) System and method for detecting malicious elements of web pages
EP4319054A2 (en) Identifying legitimate websites to remove false positives from domain discovery analysis
Lakshmi et al. Smart phishing detection in web pages using supervised deep learning classification and optimization technique ADAM
Patil et al. A methodical overview on phishing detection along with an organized way to construct an anti-phishing framework
US10375026B2 (en) Web transaction status tracking
JP4954979B2 (en) Systems and methods for fraud monitoring, detection, and hierarchical user authentication
US8850567B1 (en) Unauthorized URL requests detection
US20170118241A1 (en) Multi-Layer Computer Security Countermeasures
CA3100468A1 (en) System and method for detecting phishing events
US20100269168A1 (en) System And Method For Developing A Risk Profile For An Internet Service
US11811822B2 (en) Systems and methods for detecting and automatically blocking malicious traffic
US11582251B2 (en) Identifying patterns in computing attacks through an automated traffic variance finder
Das Guptta et al. Modeling hybrid feature-based phishing websites detection using machine learning techniques
Dadkhah et al. An introduction to journal phishings and their detection approach
US11836647B2 (en) Systems, methods and apparatus for evaluating status of computing device user
US11575670B2 (en) Adaptive user authentication
Gowtham et al. PhishTackle—a web services architecture for anti-phishing
Deshpande et al. Detection of phishing websites using Machine Learning
Jain et al. Detection of phishing attacks in financial and e-banking websites using link and visual similarity relation
AU2020318446A1 (en) Safe logon
Kakavand et al. O-ADPI: online adaptive deep-packet inspector using Mahalanobis distance map for web service attacks classification
WO2020086024A2 (en) A system for enabling device identification
EP4195077A1 (en) Identifying a phishing attempt
Kaur et al. Five-tier barrier anti-phishing scheme using hybrid approach
KR20140017319A (en) System and method for preventing phishing

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19877516

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19877516

Country of ref document: EP

Kind code of ref document: A2