Patent Grant
9571492
1. Field of the Invention
The present invention relates generally to computer network security and, more particularly, to methods of and systems for identifying a computing device by data stored thereon.
2. Description of the Related Art
From the perspective of a server engaged in Internet transactions, it is advantageous to be able to recognize a client computing device that the server has interacted with previously. The importance of this information can be seen in common Internet transactions today. For example, users can log in to a given site and, through information gleaned from a quick retrieval of cookies stored on the user's device, the site's server can tailor its interaction to the user's known expectations and preferences. Similarly, a user's experience with a virtual shopping cart during on-line shopping may be enhanced if the server hosting the shopping cart can recognize whether multiple HTTP requests from multiple-link clicks originate from the same device.
Technically speaking, HTTP (hypertext transport protocol)—the protocol by which web browsers and web servers primarily interact—is stateless. That means that any HTTP request and any HTTP response thereto are fully self-defining and not contingent on (or influenced by) HTTP requests or responses previously exchanged. In other words, the exchange of an HTTP request and an associated HTTP response do not change any “state” in the communication between the client device and the server.
To implement features that require a state, such as a virtual shopping cart, the client device and the server are required to cooperate to effect an ongoing or dynamic state in their interaction. The way in which this is accomplished most often is through the use of cookies, which are omnipresent in online transactions today.
In the context of computer communications, a cookie is a unique item of data that stores state information. Each time the browser of a client computer transacts with a web site, the web site server may transmit a cookie to the browser that provides unique identifying data for storage on the client device. On a subsequent visit to the same web site, the site can request that the client device report the unique, identifying data recorded on the cookie and thereby recover a state of interaction between the client and server from a previous transaction. For example, if a server asks a client device to store a cookie labeled ABC123, the server can then recognize the same client device whenever the client device reports that its cookie for that server is ABC123.
Cookies have been used very effectively to maintain a state during interaction between a server and a client device. There are, however, other situations where recognition of a particular computing device is highly desirable, but for which cookies are simply inadequate. In particular, cookies don't work when the user doesn't want her device to be recognized or when the device needs to be identified across multiple sites. For example, if a user has been banned from a social networking site for malicious activity, the user can avoid detection by way of cookies by simply deleting all of the cookies associated with the social networking site. Similarly, a different social networking site would not be able to identify the user as one who has behaved maliciously if a cookie from the first site was the only indicator of such prior activity.
What is needed is a more persistent and reliable way to identify a particular computing device through exploitation of cookies.
In accordance with the present invention, multiple cookies of a client device are used to form an identifier of the client device such that a change in one or even several browser cookies does not defeat proper device recognition.
The cookies are included in the identifier in such a manner that individual cookies can be parsed for separate comparison with corresponding cookies of known devices, i.e., devices previously interacted with. To protect privacy of all devices, however, individual parameters of the constituent cookies are represented in the device identifier with irreversible hashes of the respective parameters. For example, data representing the host parameter of a cookie is represented in the device identifier as an irreversible hash of the data, allowing direct comparison to determine whether cookies of other devices come from the same host without enabling identification of the host itself. In other words, the use of irreversible hashes allows effective, yet anonymous, comparison. Other parameters of the cookies that are represented by irreversible hashes include attribute names and values. Expiration is left readable to determine whether a given cookie has expired.
Recognition involves quantification of a degree of correlation between cookies represented in the device identifier of the client device and corresponding cookies of each of the known devices. Since cookies change over time, it is quite likely that cookies represented in the device identifier of the client device would not be identical to cookies previously received from the same device. To quantify the degree of correlation, the observed stability and uniqueness of each cookie, and each cookie attribute, is considered.
Once cookie correlation between the client device and each of the known devices has been quantified, the highest of the correlations is compared to a predetermined threshold degree of correlation. The threshold is determined empirically during system configuration and represents an acceptable level of certainty and, conversely, uncertainty. For example, the threshold can be selected at a level at which certainty of accurate recognition is 95%. If the highest of the correlations is at least the predetermined threshold, the client device is determined to be the same device as the known device with the highest cookie correlation. Otherwise, the client device is determined to be unrecognized, i.e., a device that has not been previously interacted with.
In a first aspect, the present invention accordingly provides a method for recognizing a given remotely-located device as a known device, the method including: receiving, from the given device, data representing at least two browser cookies from at least two hosts; determining an amount of correlation between the browser cookies of the given device and corresponding browser cookies of each of one or more other devices; and determining that the given device is a known device upon a condition in which the amount of correlation is at least predetermined threshold.
In another form, the data representing at least two browser cookies from at least two hosts includes an irreversible hash of host data of each of the browser cookies. In another form, the data representing at least two browser cookies from at least two hosts includes an irreversible hash of attribute value data of each of the browser cookies. In another form, the step determining an amount of correlation between the browser cookies of the given device and corresponding browser cookies of each of one or more devices includes: using a degree of stability of each of the browser cookies.
In another form, the step determining an amount of correlation between the browser cookies of the given device and corresponding browser cookies of each of one or more other devices includes: using a degree of uniqueness of each of the browser cookies.
Other systems, methods, features and advantages of the invention will be or will become apparent to one with skill in the art upon examination of the following figures and detailed description. It is intended that all such additional systems, methods, features and advantages be included within this description, be within the scope of the invention, and be protected by the accompanying claims. Component parts shown in the drawings are not necessarily to scale, and may be exaggerated to better illustrate the important features of the invention. In the drawings, like reference numerals may designate like parts throughout the different views, wherein:
In accordance with the present invention, an identifier of a client device 102 (
As shown in
Transaction flow diagram 200 (
In step 202, client device 102 requests a web page or other data from server computer 106, e.g., from a URL activated by a human user of client device 102 through physical manipulation of one or more user input devices of client device 102 and conventional user interface techniques.
In step 204, server computer 106 sends the web page that is identified by the URL received in step 202. The web page includes some active content or at least some content that causes client device 102 to generate a device identifier for itself from browser cookies 730 (
In step 208, client device 102 sends the device identifier that was generated in step 206 to server computer 106.
In step 210, server computer 106 determines whether the device identifier received in step 208 represents a client device that is previously known to server computer 106. Step 210 is described in greater detail below in conjunction with logic flow diagram 210 (
If server computer 106 determines that the device identifier represents a known device, server computer 106 sends content that is customized for client device 102. In some embodiments, the content is customized to indicate a lack of access to services provided by server computer 106, particularly when server computer 106 determines that the device identifier represents a client device with a history of malicious acts.
As described above, client device 102 generates a device identifier for itself from browser cookies 730 (
In step 302 (
Loop step 304 (
In step 306, web browser plug-in 722C forms an irreversible hash of each data element of the subject cookie. Typically, a cookie includes data elements representing a host to which the cookie belongs or from which the cookie originated, an expiration date, and one or more name/value pairs representing the substantive content of the cookie. It is generally preferred that the actual content of the subject cookie not be communicated to server computer 106. Forming an irreversible hash of each of the data elements individually allows server computer 106 to test for matches without having direct access to original data.
In step 308, web browser plug-in 722C packages all the irreversible hashes of data elements of the subject cookie into a single, reversible hash representing the subject cookie in its entirety. The hash is reversible such that server computer 106 can parse the individual irreversible hashes of cookie data elements for individual element comparison in the manner described below.
In step 310, web browser plug-in 722C adds the hash created in step 308 to an accumulation of single reversible cookie hashes.
Once all of cookies 730 (
Device identifier 800 comprises computer-readable digitized data, such as a bit stream, a bit array, or a concatenation of data bytes, of any length or memory size suitable for the purpose of recording the information contained therein. In more elaborate embodiments of the invention, the device identifier 800 may undergo further data processing prior to completion or prior to transmission from client device 102. For example, the output of step 206 may be further processed using known techniques such as encoding, encryption, compression, hashing, obfuscation, or appending with a nonce value or a checksum value, or modified according to a combination of some or all of the foregoing techniques.
As described above, server computer 106 (
In step 402 (
In step 404, device recognition logic 624 compares the parsed hashes to stored hashes of cookies of client devices from which cookie-based device identifiers have been previously received. In the context of logic flow diagram 210, client devices from which cookie-based device identifiers have been previously received by server computer 106 are sometimes referred to as “known devices”.
In test step 406, device recognition logic 624 determines whether at least one cookie of the device identifier of client device 102 matches at least one cookie of any known device. If not, device recognition logic 624 determines that client device 102 is not recognized by server computer 106 as one with which server computer 106 has previously interacted and processing according to logic flow diagram 210, and therefore step 210 (
If at least one cookie of the device identifier of client device 102 matches at least one cookie of any known device and no known device is a perfect match for the device identifier, processing by device recognition logic 624 transfers to loop step 408.
Loop step 408 and next step 412 define a loop in which device recognition logic 624 processes each known device for which at least one cookie matched the device identifier of client device 102. For each such known device, processing transfers from loop step 408 to step 410. The particular known device processed in a given iteration of the loop of steps 408-412 is sometimes referred to herein as the subject known device.
In step 410, device recognition logic 624 quantifies a degree of match between the subject known device and the device identifier of client device 102. Step 410 is shown in greater detail as logic flow diagram 410 (
With reference now to
In test step 504, device recognition logic 624 determines whether the subject cookie is present in the device identifier data record 800 (
Device identifier data record 800 is substantially analogous to the device identifier of client device 102 and includes one or more cookie records 802, each of which represents a cookie of the subject known device at the time the most recent device identifier was received from the subject known device.
Each of cookie records 802 includes a host hash 804, an expiration field 806, and one or more attributes 808. Host hash 804 is an irreversible hash of the host field of the original cookie of the subject known host. Accordingly, device recognition logic 624 cannot readily identify the host to which the original cookie belonged but can distinguish the original cookie from cookies of different hosts. Expiration field 806 represents the expiration of the original cookie and is decipherable by device recognition logic 624 such that device recognition logic 624 can determine whether the subject cookie has expired.
Each of attributes 808 represents a name/value pair of the original cookie of the subject known device. Name hash 810 and value hash 812 are irreversible hashes of the name and value, respectively, of a name/value pair of the original cookie of the subject known device. Since name hash 810 and value hash 812 are separate irreversible hashes, device recognition logic 624 can correlate attributes with matching names and compare the values thereof without having access to the original name and value data of the original cookie.
In one embodiment, device recognition logic 624 determines whether the subject cookie is present in device identifier data record 800 (
If the subject cookie is not present for the subject known device, processing by device recognition logic 624 transfers through next step 506 to loop step 502 and processes the next cookie of the device identifier of client device 102 according to steps 502-514. In transferring through next step 506, device recognition logic 624 does not adjust the matching score for the subject known device.
If the subject cookie is present for the subject known device, processing by device recognition logic 624 transfers to test step 508 in which device recognition logic 624 determines whether the content of the subject cookie matches the content of the corresponding cookie record 802 of the subject known device. If the content of the respective cookies match, processing transfers to step 510 in which device recognition logic 624 adjusts the matching score of the subject known device upward or in some manner to indicate that the subject known device is more likely the same device as client device 102. Conversely, if the content of the respective cookies do not match, processing transfers to step 512 in which device recognition logic 624 adjusts the matching score of the subject known device downward or in some manner to indicate that the subject known device is less likely the same device as client device 102.
The manner in which device recognition logic 624 determines whether the content of corresponding cookies match and adjusts the matching score of the subject known device varies from cookie to cookie. Each cookie that has been evaluated by device recognition logic 624 is represented by a cookie information record 900 (
Cookie information record 900 (
For each of attributed 904, cookie information record 900 includes a name hash 906, a stability field 908, and a uniqueness field 910. Name hash 906 corresponds to name hash 810 (
Some cookies are more stable than others. Some hosts set a cookie to a given value and the value remains unchanged for extended periods of time. Sometimes, the value is maintained even when an expired cookie is renewed. Other hosts use cookies for very brief transactions and reset the cookie to a new value each time a new transaction is initiated. Device recognition logic 624 observes cookies over time to assess the stability of a given attribute of a cookie from a specific host, though identified anonymously through an irreversible hash.
Similarly, some cookies are more unique than others. Some hosts reuse cookie values when the use of those values for another device has concluded. Device recognition logic 624 observes cookies over time and across devices to assess the uniqueness of a given attribute of a cookie from a specific host.
Cookies that are more stable and more unique are more indicative of a device's identity. Thus, device recognition logic 624 weighs more stable, unique attributes of cookies more heavily than less stable, less unique attributes in determining whether cookies match. For example, if cookies match in a highly stable, highly unique attribute but do not match in a relatively unstable and relatively non-unique attribute, device recognition logic 624 can determine that the cookies match despite a mis-matched attribute. In addition, the determination of a match despite the mismatched attribute is used by device recognition logic 624 to assess the stability of the attribute.
The stability and uniqueness of attributes of a cookie also influence the manner in which device recognition logic 624 adjusts the matching score of the subject known device in steps 510 and 512. Adjustments to the matching score are larger for attributes that are stable and unique and are smaller for attributes that are instable or not unique. The degree of adjustment may be quantified according to the empirical data accessible by the device recognition logic.
Once all cookies of the device identifier of client device 102 have been processed according to the loop of steps 502-514, processing by device recognition logic 624 according to logic flow diagram 410, and therefore step 410 (
In the loop of steps 408-412, device recognition logic 624 quantifies a degree of match between client device 102 and each known device for which at least one cookie matched the device identifier of client device 102. Once each such known device has been processed by device recognition server 624 in the loop of steps 408-412, processing transfers to test step 414.
In test step 414, device recognition logic 624 compares the best match, i.e., the quantified match that indicates the greatest likelihood of a match to client device 102, to a predetermined threshold. The threshold can be determined empirically to represent a desired likelihood of an accurate match, e.g., 95%.
If the best match is not at least the predetermined threshold, device recognition logic 624 determines that client device 102 is not a device with which server computer 106 has previously interacted. If the best match is at least the predetermined threshold, device recognition logic 624 determines that client device 102 is the known device associated with the best match. In either case, processing according to logic flow diagram 210, and therefore step 210 (
In this manner, server computer 106 can accurately recognize known devices and can interact with known devices in a manner influenced by previous interactions.
In addition, upon determining that client device 102 is the known device associated with the best match in test step 414 (
Server computer 106 is shown in greater detail in
CPU 602 and memory 604 are connected to one another through a conventional interconnect 606, which is a bus in this illustrative embodiment and which connects CPU 602 and memory 604 to network access circuitry 612. Network access circuitry 612 sends and receives data through computer networks such as wide area network 104 (
A number of components of server computer 106 are stored in memory 604. In particular, web server logic 620 and web application logic 622, including device recognition logic 624, are all or part of one or more computer processes executing within CPU 602 from memory 604 in this illustrative embodiment but can also be implemented using digital logic circuitry. Device identification data 630 and cookie information 632 are data stored persistently in memory 404. In this illustrative embodiment, device identification data 630 and cookie information 632 are each organized as all or part of one or more databases.
Web server logic 620 is a conventional web server. Web application logic 622 is content that defines one or more pages of a web site and is served by web server logic 620 to client devices such as client device 102. Device recognition logic 624 is a part of web application logic 622 that determines whether a given client device is recognized as a client device with which server computer 106 has previously interacted in the manner described above.
Client device 102 may be a personal computing device and is shown in greater detail in
CPU 702 and memory 704 are connected to one another through a conventional interconnect 706, which is a bus in this illustrative embodiment and which connects CPU 702 and memory 704 to one or more input devices 708, output devices 710, and network access circuitry 712. Input devices 708 can include, for example, a keyboard, a keypad, a touch-sensitive screen, a mouse, a microphone, and one or more cameras. Output devices 710 can include, for example, a display—such as a liquid crystal display (LCD)—and one or more loudspeakers. Network access circuitry 712 sends and receives data through computer networks such as wide area network 104 (
A number of components of client device 102 are stored in memory 704. In particular, web browser 720 is all or part of one or more computer processes executing within CPU 702 from memory 704 in this illustrative embodiment but can also be implemented using digital logic circuitry. As used herein, “logic” refers to (i) logic implemented as computer instructions and/or data within one or more computer processes and/or (ii) logic implemented in electronic circuitry. Web browser plug-ins 722A-C are each all or part of one or more computer processes that cooperate with web browser 720 to augment the behavior of web browser 720. The manner in which behavior of a web browser is augmented by web browser plug-ins is conventional and known and is not described herein.
Cookies 730 are data stored persistently in memory 704 and are conventional and are used by web browser 720 in a conventional manner except as otherwise described herein.
The above description is illustrative only and is not limiting. The present invention is defined solely by the claims which follow and their full range of equivalents. It is intended that the following appended claims be interpreted as including all such alterations, modifications, permutations, and substitute equivalents as fall within the true spirit and scope of the present invention.
The reference to any prior art in this specification is not, and should not be taken as, an acknowledgement of any form of suggestion that such prior art forms part of the common general knowledge.
It will be understood that the term “comprise” and any of its derivatives (eg. comprise, comprising) as used in this specification is to be taken to be inclusive of features to which it refers, and is not meant to exclude the presence of any additional features unless otherwise stated or implied.
| Number | Date | Country | Kind |
|---|---|---|---|
| 2011101296 | Oct 2011 | AU | national |
This application claims priority to U.S. Provisional Application 61/535,347, which was filed on Sep. 15, 2011, and which is fully incorporated herein by reference.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4118789 | Casto et al. | Oct 1978 | A |
| 4319085 | Welch et al. | Mar 1982 | A |
| 4658093 | Hellman | Apr 1987 | A |
| 4885778 | Weiss | Dec 1989 | A |
| 5291598 | Grundy | Mar 1994 | A |
| 5490216 | Richardson, III | Feb 1996 | A |
| 6158005 | Bharathan et al. | Dec 2000 | A |
| 6233567 | Cohen | May 2001 | B1 |
| 6243468 | Pearce et al. | Jun 2001 | B1 |
| 6536005 | Augarten | Mar 2003 | B1 |
| 6985953 | Sandhu et al. | Jan 2006 | B1 |
| 7017044 | Carpenter et al. | Mar 2006 | B1 |
| 7111167 | Yeung et al. | Sep 2006 | B1 |
| 7181195 | Booth et al. | Feb 2007 | B2 |
| 7188241 | Cronce et al. | Mar 2007 | B2 |
| 7272728 | Pierson et al. | Sep 2007 | B2 |
| 7302590 | Dublish et al. | Nov 2007 | B2 |
| 7319987 | Hoffman et al. | Jan 2008 | B1 |
| 7420474 | Elks et al. | Sep 2008 | B1 |
| 7428587 | Rowland et al. | Sep 2008 | B2 |
| 7463945 | Kiesel et al. | Dec 2008 | B2 |
| 7617231 | Moon et al. | Nov 2009 | B2 |
| 7779274 | Dublish et al. | Aug 2010 | B2 |
| 7908645 | Varghese | Mar 2011 | B2 |
| 7934250 | Richardson, III | Apr 2011 | B2 |
| 7970946 | Djabarov et al. | Jun 2011 | B1 |
| 8196176 | Berteau et al. | Jun 2012 | B2 |
| 8396822 | Dasgupta | Mar 2013 | B2 |
| 8584114 | Rabinovich et al. | Nov 2013 | B2 |
| 8874695 | Zhang | Oct 2014 | B2 |
| 20030008668 | Perez-Breva et al. | Jan 2003 | A1 |
| 20030074660 | McCormack | Apr 2003 | A1 |
| 20030097562 | Wheeler et al. | May 2003 | A1 |
| 20040030901 | Wheeler et al. | Feb 2004 | A1 |
| 20040030912 | Merkle et al. | Feb 2004 | A1 |
| 20040062084 | Layman et al. | Apr 2004 | A1 |
| 20040122931 | Rowland et al. | Jun 2004 | A1 |
| 20040143746 | Ligeti et al. | Jul 2004 | A1 |
| 20040187018 | Owen et al. | Sep 2004 | A1 |
| 20040254890 | Sancho et al. | Dec 2004 | A1 |
| 20050033833 | Baldiga et al. | Feb 2005 | A1 |
| 20050050531 | Lee | Mar 2005 | A1 |
| 20060161914 | Morrison et al. | Jul 2006 | A1 |
| 20060181394 | Clarke | Aug 2006 | A1 |
| 20060200672 | Calhoon et al. | Sep 2006 | A1 |
| 20060230317 | Anderson | Oct 2006 | A1 |
| 20060274753 | Park et al. | Dec 2006 | A1 |
| 20060282660 | Varghese et al. | Dec 2006 | A1 |
| 20070113090 | Villela | May 2007 | A1 |
| 20070136726 | Freeland et al. | Jun 2007 | A1 |
| 20070143073 | Richardson et al. | Jun 2007 | A1 |
| 20070219917 | Liu et al. | Sep 2007 | A1 |
| 20070234427 | Gardner et al. | Oct 2007 | A1 |
| 20080052775 | Sandhu et al. | Feb 2008 | A1 |
| 20080140765 | Kelaita et al. | Jun 2008 | A1 |
| 20090006861 | von Bemmel | Jan 2009 | A1 |
| 20090083184 | Eisen | Mar 2009 | A1 |
| 20090319799 | Carpenter et al. | Dec 2009 | A1 |
| 20100235241 | Wang et al. | Sep 2010 | A1 |
| 20100332320 | Mordetsky et al. | Dec 2010 | A1 |
| 20120023114 | Guo | Jan 2012 | A1 |
| 20120030771 | Pierson et al. | Feb 2012 | A1 |
| 20120215896 | Johannsen | Aug 2012 | A1 |
| 20120324581 | Economos, Jr. et al. | Dec 2012 | A1 |
| Number | Date | Country |
|---|---|---|
| 1 455 258 | Sep 2004 | EP |
| 1 637 958 | Mar 2006 | EP |
| 2323062 | May 2011 | EP |
| 2434724 | Aug 2007 | GB |
| WO 2006089352 | Aug 2006 | WO |
| WO 2008127431 | Oct 2008 | WO |
| WO 2009024913 | Feb 2009 | WO |
| WO 2011147845 | Jan 2011 | WO |
| Entry |
|---|
| HTTP Cookie. Wikipedia. Wikimedia Foundation, Apr. 8, 2010. Web. Jan. 28, 2014. http://en.wikipedia.org/w/index.php?title=HTTP—cookie&oldid=377061704. |
| Beverly, Robert, “A Robust Classifier for Passive TCP/IP Fingerprinting,” Proceedings of the 5th Passive and Active Measurement Workshop, Apr. 2004, Juan-les-Pins, France, pp. 158-167. |
| Eckersley, Peter, “How Unique is Your Web Browser?” Lecture Notes in Computer Science, Jul. 21 2010, DOI: 10.1007/978-3-542-14527-8—1, pp. 1-18. |
| Fink, Russ, “A Statistical Approach to Remote Physical Device Fingerprinting,” Military Communications Conference, Oct. 29, 2007. (Abstract only). |
| Heydt-Benjamin, T. S., “Ultra-low-cost True Randomness and Physical Fingerprinting,” Cryptocracy, Sep. 10, 2007. |
| Johnson et al. “Dimensions of Online Behavior: Toward a User Typology,” Cyberpsycology and Behavior, vol. 10, No. 6, pp. 773-779, Dec. 2007. XP002617349. |
| Khanna et al. “A Survey of Forensic Characterization Methods for Physical Devices,” Science Direct, Jun. 14, 2006, p. 17-28. |
| Kohno et al., “Remote Physical Device Fingerprinting,” IEEE Transactions on Dependable and Secure Computing, vol. 2, No. 2, Apr.-Jun. 2005, pp. 93-108. |
| Lallous, “Changing Volume's Serial Number,” Code Project Feb. 17, 2008, retreived from the internet on Dec. 14, 2010. XP002614149. |
| Lee P, “Oracle Adaptive Access Manager Reference Guide, Release 10g (10.1.4.5),” May 2009, Internet Article retrieved on Sep. 27, 2010. XP002603489. |
| Martone et al., “Characterization of RF Devices Using Two-tone Probe Signals,” School of Electrical and Computer Engineering, Purdue University, West Lafayette, Indiana, Aug. 26, 2007. |
| Microsoft, “Using Intelligence and Forensics to Protect Against Counterfeit Intelligence,” Research and Development Industry Report, Apr. 20, 2010, 1 page. |
| Muncaster et al., “Continous Multimodal Authentication Using Dynamic Baysian Networks,” Second Workshop on Multimodal User Authentication, Toulouse, France, May 11, 2006. XP55003041. |
| Salo, Timothy J., “Multi-Factor Fingerprints for Personal Computer Hardware,” Military Communications Conference, Piscataway, New Jersey, Oct. 29, 2007, 7 pages. XP031232751. |
| SecuTech Solution, Inc., “Machine Fingerprint SDK”, Aug. 2006, 4 pages. |
| Smolens et al., “Detecting Emerging Wearout Faults,” In Proceedings of the IEEE Workshop on Silicon Errors in Logic—System Effects, Apr. 2007, Internet Article retrieved on Sep. 30, 2010. XP002603491. |
| Wikipedia: “Device Fingerprint,” May 5, 2009, modified Jan. 20, 2011, Internet Article retrieved on Apr. 19, 2011. XP-002603492. |
| H. Williams, et al., “Web Database Applications with PHP & MySQL”, Chapter 1, “Database Applications and the Web”, ISBN 0-596-00041-3, O'Reilly & Associates, Inc., Mar. 2002, avail. at: http://docstore.mik.ua/orelly/webprog/webdb/ch01—01.htm. XP002603488. |
| Williams, R., “A Painless Guide to CRC Error Detection Algorithms,” Aug. 13, 1993, 33 pages, www.ross.net/crc/download/crc—v3.txt. |
| Williath, “Future Grid Portal,” VampirTrace, Dec. 23, 2010. |
| Kobsa et al., “Personalised Hypermedia Presentation Techniques for Improving Online Customer Relationships,” The Knowledge Engineering Review, © Cambridge University Press, United Kingdom, vol. 16, No. 2, 2001, pp. 111-155. |
| Transcript from CBS Corp New, UBS Global Media Conference on Dec. 3, 2007 with Dave Poltrack by Matt Coppett, 9 pages. |
| Gassend et al., “Silicon Physical Random Functions” ACM Conference on Computer and Communications, Washington, D.C., Nov. 18-22, 2002, pp. 148-160. |
| Franklin, Jason et al. “Passive data link layer 802.11 wireless device driver fingerprinting.” Proc. 15th USENIX Security Symposium, pp. 167-178, Jul.-Aug. 2006. |
| “Uniloc Addresses $40 Billion Piracy Challenge with First Global Piracy Auditing Solution as Part of New Software Copy Control Product Suite,” Product News Network, © Thomas Publishing Company, Jul. 10, 2007, 2 pages. |
| Vamosi. “Device Fingerprinting Aims to Stop Online Fraud,” Mar. 10, 2009. |
| “Computer User” defined and retrieved from Dictionary.com on Jun. 17, 2014, 3 pgs. |
| Berners-Lee, et al., “Hypertext Transfer Protocol—HTTP/1.0,” May 1996, 60 pgs. |
| “Understanding User-Agent Strings,” Microsoft.com, updated Jul. 2013, retrieved on Jun. 16, 2014, 9 pgs. |
| “User” defined and retrieved from Webopedia.com on Jun. 16, 2014, 2 pgs. |
| Wikipedia: “Software Extension,” May 28, 2009, Internet Article retrieved on Oct. 11, 2010. XP002604710. |
| G. Wiesen, “What is a Device Fingerprint?” WiseGeek, 2003, Internet article retrieved Dec. 17, 2011. |
| Number | Date | Country | |
|---|---|---|---|
| 20130167195 A1 | Jun 2013 | US |
| Number | Date | Country | |
|---|---|---|---|
| 61535347 | Sep 2011 | US |
