-
Notifications
You must be signed in to change notification settings - Fork 19
What is Device Fingerprint?
Combined with our nearly tens of billions of data samples, the comprehensive attribution success rate is above 99.5%.
The device fingerprint is the device's identity certificate. In the Internet society, all devices that are connected to the network have unique IDs. Whether mobile phones, tablets, desktop computers, smart speakers, smart door locks, or even connected car systems. Device fingerprint also has other names, such as device identifiers, device serial numbers, device advertising identifiers, and so on. All of this is to give the device a unique ID number or ID card. In broader terms, a device fingerprint marks the device in the system using a method that ensures a low duplication rate and high accuracy. The generation of device fingerprints is a process that comprehensively calculates multi-state, multi-temporal device information and attribution using characteristics. The purpose is the same as that of a person's ID card, which is to mark a real individual accurately and uniquely.
We can divide manufacturers into three categories according to their device fingerprinting capability. The three parties are hardware manufacturers, system providers, and application developers.
The hardware manufacturer is closest to the bottom layer of the device and can create a unique device identifier on the device hardware, which can be provided to system and application manufacturers through the interaction of hardware and software. Because hardware is the basic component of the device, the cost and difficulty of disassembly and replacement are very high and require technical skills. Hence, its stability is the highest.
The system is fundamentally the largest application running on hardware devices, which makes it the basic platform for running applications. The cost and difficulty of its disassembly and replacement are also relatively high, requiring certain technical skills. Many system manufacturers will preset certain unique device identifiers to monitor the operation of the system. Some of these identifiers are shown on the application layer where some are embedded into the system. These identifiers are the most common device identifiers used.
Application developers are also the largest group and the most difficult category for manufacturing device identifiers. Application developers cannot directly access the device hardware and access it indirectly through the system provider. As their accesses are indirect, this process has a high-risk exposure which makes it vulnerable to attacks. System providers try their best to restrain their abilities and not expose more information to the application layer. These are the difficulties that application developers need to face in the process of manufacturing device fingerprints. If there is a difficulty, there will be demand. Because of this, there is a huge market demand for application developers to manufacture device fingerprints. The device fingerprints we usually discuss mainly refer to device fingerprints made by application developers.
Under different circumstances and different systems, the device fingerprint of the application layer has many indicators. As far as the current mainstream systems are concerned, some specific device fingerprint indicators exist. In the IOS system, there are UUID, IDFA, and IDFV. In the androidId system, there are IMEI, androidId. In the browser system, there are canvas, userAgent, etc. These indicators have been the key indicators that application developers have relied on for a long time. However, with the tightening of the authority on these indicators and user privacy protection, along with the strengthening of compliance regulations, relying on these key indicators is no longer sufficient. Application developers have conducted various experiments to define new device fingerprints. Below are several different ways of defining new device fingerprints:
Network verification - It can be divided into offline fingerprints and network fingerprints.
Offline fingerprint refers to the fingerprint calculated or generated by the application layer on the device side through some indicators of the device. This type of fingerprint has a mediocre effect on uniqueness and is easy to be tampered with. Network fingerprint refers to the application layer's fingerprint collected from the device features. The features will be uploaded to the computing center, where a fingerprint will be generated via a specific algorithm. This type of fingerprint has a better effect as compared to offline fingerprints and cannot be easily altered. Cross-application and cross--time and space - It can be divided into application fingerprint and identity fingerprint.
Application fingerprint is more concerned with the unique identifier in the application. It needs to ensure that the same application is on the same device, no matter what state the device is in, at any time, and how many times the application is installed and uninstalled. Identity fingerprint focuses on system roles and is an enhancement of system role identification. It emphasizes the role identity of the current system. All applications working in a specified system should share an identity fingerprint. And it will not change with the cancellation or temporary change of identity. It has cross-application characteristics.
A device fingerprint is the unique identification of a physical device. It should be as close to the hardware as possible, to ensure the stability of the fingerprint in different times and spaces and different states, and have cross-application, cross-identities, and even properties across systems.
The development of device fingerprints is closely related to the development history of the Internet. It is applicable for increasing client outreach, user portraits, marketing, spam registration, account protection, and transaction protection. Many criminals specialize in tampering with the device fingerprint ecosystem with the main purpose of destroying the device fingerprint and disrupting business processes. Below are the main challenges faced with device fingerprint: System providers reducing their openness, resulting in application developers obtaining less valuable information Increase scrutiny from law enforcers where there are many limitations in obtaining data The variety of application platforms leading to application developers being further away from the device itself. Reduction in direct interaction weakens the ability to obtain information from the device hardware Increase in data privacy protection making it more challenging to obtain data Increase in the size and capability of criminals.
TrustDecision device fingerprint aims to identify the key indicators of the device. It should be verifiable on the Internet, with the characteristics of cross-time, cross-region, and cross-application, and is also safe and resistant to attacks. To achieve this goal, we collect and process data from multiple dimensions of physical equipment, provide a variety of compatibility solutions for different application platforms, provide compliant advice and guidance in all aspects of data processing, and add the corresponding protection mechanism. We conduct a comprehensive analysis of the readable hardware information, system information, application information, and environmental information of the device, and perform multi-level attribution of strong and weak features through the correlation, aggregation, and discreteness of the data. Combined with algorithms and resource libraries, calculate the globally unique ID of the device. TrustDevice collects multi-dimensional data, such as embedded SDK, network interaction information, etc., and sends the data of associated devices to the global data service center through a trusted channel. Through our computing engine, combined with a large number of data samples, Calculate the unique ID of the device. In this way, we can always attribute the same physical device in different states and different times and spaces to a unique ID that is unique in the world. Combined with our nearly tens of billions of data samples, the comprehensive attribution success rate is above 99.5%.
Official website:https://www.trustdecision.com/blog/what-is-device-fingerprint
LinkedIn:https://www.linkedin.com/pulse/what-device-fingerprint-trustdecision