US20110288940A1 - Method and Apparatus for Correlating Multiple Cookies as Having Originated from the Same Device Using Device Fingerprinting - Google Patents
Method and Apparatus for Correlating Multiple Cookies as Having Originated from the Same Device Using Device Fingerprinting Download PDFInfo
- Publication number
- US20110288940A1 US20110288940A1 US13/114,780 US201113114780A US2011288940A1 US 20110288940 A1 US20110288940 A1 US 20110288940A1 US 201113114780 A US201113114780 A US 201113114780A US 2011288940 A1 US2011288940 A1 US 2011288940A1
- Authority
- US
- United States
- Prior art keywords
- client
- computer
- cookie
- information
- browser
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 235000014510 cooky Nutrition 0.000 title claims abstract description 75
- 238000000034 method Methods 0.000 title claims description 20
- 238000004458 analytical method Methods 0.000 claims description 15
- 230000000694 effects Effects 0.000 claims description 15
- 230000002085 persistent effect Effects 0.000 claims description 9
- 230000004044 response Effects 0.000 claims description 9
- 238000001914 filtration Methods 0.000 claims 1
- 230000003993 interaction Effects 0.000 description 9
- 230000015654 memory Effects 0.000 description 7
- 230000002596 correlated effect Effects 0.000 description 4
- 238000012217 deletion Methods 0.000 description 3
- 230000037430 deletion Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000018109 developmental process Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000009118 appropriate response Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 239000003086 colorant Substances 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000007429 general method Methods 0.000 description 1
- 230000002045 lasting effect Effects 0.000 description 1
- 230000005923 long-lasting effect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
Images
Classifications
-
- F—MECHANICAL ENGINEERING; LIGHTING; HEATING; WEAPONS; BLASTING
- F16—ENGINEERING ELEMENTS AND UNITS; GENERAL MEASURES FOR PRODUCING AND MAINTAINING EFFECTIVE FUNCTIONING OF MACHINES OR INSTALLATIONS; THERMAL INSULATION IN GENERAL
- F16K—VALVES; TAPS; COCKS; ACTUATING-FLOATS; DEVICES FOR VENTING OR AERATING
- F16K31/00—Actuating devices; Operating means; Releasing devices
- F16K31/02—Actuating devices; Operating means; Releasing devices electric; magnetic
- F16K31/06—Actuating devices; Operating means; Releasing devices electric; magnetic using a magnet, e.g. diaphragm valves, cutting off by means of a liquid
-
- F—MECHANICAL ENGINEERING; LIGHTING; HEATING; WEAPONS; BLASTING
- F16—ENGINEERING ELEMENTS AND UNITS; GENERAL MEASURES FOR PRODUCING AND MAINTAINING EFFECTIVE FUNCTIONING OF MACHINES OR INSTALLATIONS; THERMAL INSULATION IN GENERAL
- F16K—VALVES; TAPS; COCKS; ACTUATING-FLOATS; DEVICES FOR VENTING OR AERATING
- F16K27/00—Construction of housing; Use of materials therefor
- F16K27/02—Construction of housing; Use of materials therefor of lift valves
- F16K27/029—Electromagnetically actuated valves
-
- F—MECHANICAL ENGINEERING; LIGHTING; HEATING; WEAPONS; BLASTING
- F16—ENGINEERING ELEMENTS AND UNITS; GENERAL MEASURES FOR PRODUCING AND MAINTAINING EFFECTIVE FUNCTIONING OF MACHINES OR INSTALLATIONS; THERMAL INSULATION IN GENERAL
- F16K—VALVES; TAPS; COCKS; ACTUATING-FLOATS; DEVICES FOR VENTING OR AERATING
- F16K27/00—Construction of housing; Use of materials therefor
- F16K27/02—Construction of housing; Use of materials therefor of lift valves
-
- F—MECHANICAL ENGINEERING; LIGHTING; HEATING; WEAPONS; BLASTING
- F16—ENGINEERING ELEMENTS AND UNITS; GENERAL MEASURES FOR PRODUCING AND MAINTAINING EFFECTIVE FUNCTIONING OF MACHINES OR INSTALLATIONS; THERMAL INSULATION IN GENERAL
- F16K—VALVES; TAPS; COCKS; ACTUATING-FLOATS; DEVICES FOR VENTING OR AERATING
- F16K31/00—Actuating devices; Operating means; Releasing devices
- F16K31/02—Actuating devices; Operating means; Releasing devices electric; magnetic
- F16K31/06—Actuating devices; Operating means; Releasing devices electric; magnetic using a magnet, e.g. diaphragm valves, cutting off by means of a liquid
- F16K31/0603—Multiple-way valves
- F16K31/0624—Lift valves
- F16K31/0634—Lift valves with fixed seats positioned between movable valve members
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/02—Marketing; Price estimation or determination; Fundraising
- G06Q30/0241—Advertisements
- G06Q30/0273—Determination of fees for advertising
Definitions
- the invention relates to user tracking in online services. More specifically, the invention relates to techniques for improving the accuracy of cookie-based tracking schemes.
- Those who deliver products or services (or, more generally, information) over the Internet have a strong interest—financially and otherwise—in tracking and analyzing visitors, visits, page views, browsing histories and other characteristics of their customers.
- a publisher may provide a content site and wish to analyze the reach and frequency of advertising delivered to individual visitors. To do this they must have a reliable and long-lasting way to recognize repeat visitors.
- Providers of digital products or services primarily use HTTP cookies as a tracking mechanism to determine whether the current visitor is the same visitor that was seen before, or is a new visitor.
- HTML cookies are described in detail in Internet Engineering Task Force (“IETF”) Request for Comments (“RFC”) documents RFC2965, published October 2000.
- IETF Internet Engineering Task Force
- RFC2965 Request for Comments
- a publisher's web infrastructure may build up a significant amount of interesting information about a visitor over the course of his many page views. This information is tracked and correlated to that visitor by the means of a cookie issued to the visitor's device.
- a publisher gets great value from the information it is able to collect about visitors—for example, in estimating user counts, or in selling advertisements to a targeted market, and so on—and thus there is considerable value in being able to build a lasting record of a visitor.
- cookies are easily and often deleted. When this happens, all of the collected information about a visitor may be lost. After cookie deletion, a new cookie will be issued to that visitor on his next visit, and the process of collecting information starts again. The system no longer has any way to know that the current visitor is the same as the previous visitor, because the original cookie was deleted. Any analysis system relying on cookies may mistakenly believe that there are two different visitors (one from before the cookie deletion, and a new visitor after the cookie deletion)—when in fact these are the same visitor. This causes errors in analysis—for example in this case an analytics system would report two unique users, when in fact there was only one. Significantly increased accuracy of analysis would be achieved if the system were able to “stitch together” those two cookies and understand that they both represent the same visitor.
- Embodiments of the invention correlate multiple unique cookies as having originated from the same device using device fingerprinting.
- the general method is to collect and record characteristics of a device (the “device fingerprint”) that, taken together, may uniquely identify the device, or at least narrow the set of possible devices from which the fingerprint could have come.
- the fingerprint is used when a cookie is issued or referenced, and then later to compare the device fingerprint when cookies are analyzed to determine if those cookies were originally issued to the same device.
- switching together unique cookies that were issued to the same device, and conflating them to a single virtual cookie, analytics and other systems that make use of cookies to identify users or devices can produce much more accurate results.
- FIG. 1 shows a distributed computing environment where an embodiment of the invention may be deployed.
- FIG. 2 shows how cookies may be used in a traditional sequence of Hypertext Transfer Protocol (“HTTP”) requests.
- HTTP Hypertext Transfer Protocol
- FIG. 3 shows how an embodiment of the invention collects and applies device fingerprint data.
- FIG. 4 shows how an embodiment of the invention operates when a previously-seen client issues a request without an HTTP cookie.
- FIG. 5 shows another distributed computing environment where multiple servers cooperate to preserve information for correlating client identities.
- Embodiments of the present invention are believed to be superior to prior-art cookie-based content-tracking systems for several reasons, including:
- FIG. 1 shows some of the entities and interactions involved in such publication: a user 100 operates a web browser 110 executing on a computer 120 . The user directs the browser to retrieve some desired information from a web server 130 executing at a remote computer 140 . Communication between computers 120 and 140 may occur over a distributed data network 150 such as the Internet. As described below, according to an embodiment of the invention, web server 130 may send an executable program 190 to operate within web browser 110 ; program 190 may send additional information to web server 130 , or otherwise interact with it.
- Web server 130 also interacts with an analysis server 160 which (in the environment depicted here) is executing on another computer 170 .
- a database 180 is provided for storing information used by analysis server 160 to perform its role in the operations detailed below.
- FIG. 2 is a flow chart outlining some important aspects of the communication between browser 110 and web server 130 in an ordinary Hypertext Transfer Protocol (“HTTP”) interaction.
- HTTP Hypertext Transfer Protocol
- the interaction is quite a bit more complicated than this flow chart suggests, but the details are well known in the art, and are clearly explained in various IETF RFCs, including RFC2616 and RFC2965.
- a browser sends a request to a web server to cause the server to provide information. If this is the first request from the browser to the server, the request will not include a cookie.
- the server receives the request and prepares an appropriate response ( 220 ). If the request does not include a cookie ( 230 ), then a “Set-Cookie” header will be added to the response ( 250 ).
- the response is sent back to the browser ( 260 ) and presented to the user ( 270 ).
- the user may cause the browser to make another request for information ( 280 ). This request (and subsequent requests) will include the cookie, so the server will skip step 250 in preparing subsequent responses.
- the browser's cookie may be cleared or deleted ( 290 ), so a subsequent request is again made without a cookie ( 210 ), and the server will prepare a response ( 220 ) including a new Set-Cookie header ( 250 ).
- a web server operating according to known, prior-art HTTP state-maintenance protocols may be unable to distinguish between two series of requests from two different browsers that have never visited the server before, and a single series of requests from one browser, where the single series of requests is interrupted by a cookie-clearing event.
- FIG. 3 shows a similar browser-web server interaction according to an embodiment of the invention.
- the browser's first request lacks a cookie ( 310 ).
- the web server replies with the requested material.
- the response includes a “Set-Cookie” header and code to cause the browser to collect information about its computer, environment and user (“device fingerprint data”) ( 320 ).
- This code may be JavaScript, Flash, Silverlight, or any other appropriate browser-based coding technology.
- the browser displays the response ( 330 ), sets the cookie ( 333 ) and runs the code to collect device fingerprint data ( 336 ).
- the device fingerprint data may include information such as the operating system type and version, screen size, system default colors, available fonts and browser plug-ins, and other similar data.
- the browser transmits the cookie and device information to the web server ( 340 ).
- the web server forwards the fingerprint data, and other information about the HTTP request (such as the HTTP headers and source IP address) to an analysis server ( 350 ).
- the analysis server stores the information for future use ( 360 ) and may reply to the web server that the browser has not been seen previously ( 370 ).
- Subsequent requests from the browser proceed as usual: the browser sends its assigned cookie, and the web server can correlate these requests with previous requests, collecting information of interest to the publisher about the resources the browser references.
- the web server may continue to transmit fingerprint-data collection code, and changes to the device's fingerprint can be detected and monitored. For example, the user may install a new display device, so the device fingerprint might show a different screen resolution or color depth. All this information can be kept exclusively within the web server, or shared with the analysis server.
- FIG. 4 shows what happens according to an embodiment of the invention if the browser loses its cookie: steps 310 through 350 are identical to those shown described in reference to FIG. 3 (only steps 310 and 350 are shown in FIG. 4 ; for 320 , 330 and 340 , refer to the preceding Figure).
- HTTP header and other data are sent to the analysis server, the earlier-saved record is located and the “old” cookie is recovered ( 410 ).
- the analysis server responds to the web server that this is an existing client ( 420 ) (i.e., that it has been seen previously, and has already had a cookie assigned).
- the web server may issue a new response to change the client's cookie to the old value ( 430 ), or may simply note internally that the two different cookies are associated with only one client ( 440 ). In either scenario, the web server and analysis server continue to collect and analyze data, and the analysis can include both the information that the cookie was lost or cleared, and that the two otherwise apparently unrelated request sequences were issued by a single client.
- the information available to the analysis server in the device fingerprint and HTTP headers may include some or all of the following data:
- the dynamic pattern of interaction between a browser and a web server also yields identifying information, and, to the extent that this information is captured and stored, it may be available to the analysis server to assist in identifying a client without a cookie, or with a newly-assigned cookie, as a previously-seen client whose old cookie was associated with an earlier browsing history.
- the determination that a client with a newly-initialized browsing history is actually the same as an earlier client may be emergent, developing over a series of browsing interactions. Roughly speaking, the bare fingerprint data may suggest that a “new” client is the same as an earlier client, but continued browsing activity may provide an increased level of confidence in the identification. Alternatively, continued browsing may show that the browser tentatively identified as the same as an earlier client based on the fingerprint data, is in fact more likely to be a new client after all.
- FIG. 5 shows an environment similar to FIG. 1 , but here, two data publishers cooperate to stitch cookies together into a unified, reliable client identity.
- the web browser on client computer 120 displays information in an on-screen window 110 .
- An enlarged sample window is shown at 530 .
- the window contains a main text document 533 and a graphic image 536 .
- the main document was retrieved from a remote server 140 , while the graphic was retrieved from a different remote server, 550 .
- Servers 140 and 550 exchange information 560 so that, according to an embodiment of the invention, even if client computer 120 loses or deletes a cookie that server 140 had been using to identify the computer, it may not have lost or deleted a cookie that identified computer 120 to server 550 .
- information reported over inter-server channel 560 can be used by server 140 to stitch pre-cookie-loss history for client 120 together with post-cookie-loss history.
- the main text document 533 from server 140 causes client 120 to report information about itself to server 550 when it requests image 536 .
- Server 550 then reports identical or related information to server 140 .
- server 550 may be part of an advertisement delivery network, where ads are delivered for inclusion with web-page resources from a variety of publishers.
- the ad delivery network functions (in part) as a repository of information about clients, and can provide information to the publishers that allows the publishers to identify return visitors who—due to cookie loss or deletion—appear to be unrelated to prior visitors.
- An embodiment of the invention may be a machine-readable medium having stored thereon data and instructions to cause a programmable processor to perform operations as described above.
- the operations might be performed by specific hardware components that contain hardwired logic. Those operations might alternatively be performed by any combination of programmed computer components and custom hardware components.
- Instructions for a programmable processor may be stored in a form that is directly executable by the processor (“object” or “executable” form), or the instructions may be stored in a human-readable text form called “source code” that can be automatically processed by a development tool commonly known as a “compiler” to produce executable code. Instructions may also be specified as a difference or “delta” from a predetermined version of a basic source code. The delta (also called a “patch”) can be used to prepare instructions to implement an embodiment of the invention, starting with a commonly-available source code package that does not contain an embodiment.
- the instructions for a programmable processor may be treated as data and used to modulate a carrier signal, which can subsequently be sent to a remote receiver, where the signal is demodulated to recover the instructions, and the instructions are executed to implement the methods of an embodiment at the remote receiver.
- modulation and transmission are known as “serving” the instructions, while receiving and demodulating are often called “downloading.”
- serving i.e., encodes and sends
- downloading often called “downloading.”
- one embodiment “serves” i.e., encodes and sends) the instructions of an embodiment to a client, often over a distributed data network like the Internet.
- the instructions thus transmitted can be saved on a hard disk or other data storage device at the receiver to create another embodiment of the invention, meeting the description of a machine-readable medium storing data and instructions to perform some of the operations discussed above. Compiling (if necessary) and executing such an embodiment at the receiver may result in the receiver performing operations according to a third embodiment.
- the present invention also relates to apparatus for performing the operations herein.
- This apparatus may be specially constructed for the required purposes, or it may comprise a general purpose computer selectively activated or reconfigured by a computer program stored in the computer.
- a computer program may be stored in a computer readable storage medium, including without limitation any type of disk including floppy disks, optical disks, compact disc read-only memory (“CD-ROM”), and magnetic-optical disks, read-only memories (ROMs), random access memories (RAMs), erasable, programmable read-only memories (“EPROMs”), electrically-erasable read-only memories (“EEPROMs”), magnetic or optical cards, or any type of media suitable for storing computer instructions.
Abstract
Description
- This application claims the benefit of U.S. provisional patent application No. 61/347,734, filed 24 May 2010.
- The invention relates to user tracking in online services. More specifically, the invention relates to techniques for improving the accuracy of cookie-based tracking schemes.
- Those who deliver products or services (or, more generally, information) over the Internet have a strong interest—financially and otherwise—in tracking and analyzing visitors, visits, page views, browsing histories and other characteristics of their customers. For example, a publisher may provide a content site and wish to analyze the reach and frequency of advertising delivered to individual visitors. To do this they must have a reliable and long-lasting way to recognize repeat visitors. Providers of digital products or services primarily use HTTP cookies as a tracking mechanism to determine whether the current visitor is the same visitor that was seen before, or is a new visitor. (HTTP cookies are described in detail in Internet Engineering Task Force (“IETF”) Request for Comments (“RFC”) documents RFC2965, published October 2000.) A publisher's web infrastructure may build up a significant amount of interesting information about a visitor over the course of his many page views. This information is tracked and correlated to that visitor by the means of a cookie issued to the visitor's device. A publisher gets great value from the information it is able to collect about visitors—for example, in estimating user counts, or in selling advertisements to a targeted market, and so on—and thus there is considerable value in being able to build a lasting record of a visitor.
- Unfortunately, cookies are easily and often deleted. When this happens, all of the collected information about a visitor may be lost. After cookie deletion, a new cookie will be issued to that visitor on his next visit, and the process of collecting information starts again. The system no longer has any way to know that the current visitor is the same as the previous visitor, because the original cookie was deleted. Any analysis system relying on cookies may mistakenly believe that there are two different visitors (one from before the cookie deletion, and a new visitor after the cookie deletion)—when in fact these are the same visitor. This causes errors in analysis—for example in this case an analytics system would report two unique users, when in fact there was only one. Significantly increased accuracy of analysis would be achieved if the system were able to “stitch together” those two cookies and understand that they both represent the same visitor.
- Embodiments of the invention correlate multiple unique cookies as having originated from the same device using device fingerprinting. The general method is to collect and record characteristics of a device (the “device fingerprint”) that, taken together, may uniquely identify the device, or at least narrow the set of possible devices from which the fingerprint could have come. The fingerprint is used when a cookie is issued or referenced, and then later to compare the device fingerprint when cookies are analyzed to determine if those cookies were originally issued to the same device. By “stitching together” unique cookies that were issued to the same device, and conflating them to a single virtual cookie, analytics and other systems that make use of cookies to identify users or devices can produce much more accurate results.
- Embodiments of the invention are illustrated by way of example and not by way of limitation in the figures of the accompanying drawings in which like references indicate similar elements. It should be noted that references to “an” or “one” embodiment in this disclosure are not necessarily to the same embodiment, and such references mean “at least one.”
-
FIG. 1 shows a distributed computing environment where an embodiment of the invention may be deployed. -
FIG. 2 shows how cookies may be used in a traditional sequence of Hypertext Transfer Protocol (“HTTP”) requests. -
FIG. 3 shows how an embodiment of the invention collects and applies device fingerprint data. -
FIG. 4 shows how an embodiment of the invention operates when a previously-seen client issues a request without an HTTP cookie. -
FIG. 5 shows another distributed computing environment where multiple servers cooperate to preserve information for correlating client identities. - Embodiments of the present invention are believed to be superior to prior-art cookie-based content-tracking systems for several reasons, including:
-
- Not requiring any specialized software to be deployed to users of the content.
- Not relying on a file that can be deleted by the visitor.
- Not requiring product or service providers to switch to a new form of tracking (providers can use all of their current cookie-based tools with a slight modification to call the cookie stitching algorithm at certain times)
- Not requiring product or service providers to change their data storage schema.
- Capable of detecting when a previous cookie was deleted—which is itself interesting analytical information.
- Capable of correlating the previous cookie(s) to a newly generated cookie.
- One embodiment of our invention involves the analysis of users of Internet-based web publication using HTTP cookies.
FIG. 1 shows some of the entities and interactions involved in such publication: auser 100 operates aweb browser 110 executing on acomputer 120. The user directs the browser to retrieve some desired information from aweb server 130 executing at aremote computer 140. Communication betweencomputers distributed data network 150 such as the Internet. As described below, according to an embodiment of the invention,web server 130 may send anexecutable program 190 to operate withinweb browser 110;program 190 may send additional information toweb server 130, or otherwise interact with it. -
Web server 130 also interacts with ananalysis server 160 which (in the environment depicted here) is executing on anothercomputer 170. Adatabase 180 is provided for storing information used byanalysis server 160 to perform its role in the operations detailed below. -
FIG. 2 is a flow chart outlining some important aspects of the communication betweenbrowser 110 andweb server 130 in an ordinary Hypertext Transfer Protocol (“HTTP”) interaction. The interaction is quite a bit more complicated than this flow chart suggests, but the details are well known in the art, and are clearly explained in various IETF RFCs, including RFC2616 and RFC2965. - At 210, a browser sends a request to a web server to cause the server to provide information. If this is the first request from the browser to the server, the request will not include a cookie. The server receives the request and prepares an appropriate response (220). If the request does not include a cookie (230), then a “Set-Cookie” header will be added to the response (250). The response is sent back to the browser (260) and presented to the user (270). The user may cause the browser to make another request for information (280). This request (and subsequent requests) will include the cookie, so the server will skip
step 250 in preparing subsequent responses. - However, on occasion, the browser's cookie may be cleared or deleted (290), so a subsequent request is again made without a cookie (210), and the server will prepare a response (220) including a new Set-Cookie header (250).
- A web server operating according to known, prior-art HTTP state-maintenance protocols (e.g., cookies) may be unable to distinguish between two series of requests from two different browsers that have never visited the server before, and a single series of requests from one browser, where the single series of requests is interrupted by a cookie-clearing event.
-
FIG. 3 shows a similar browser-web server interaction according to an embodiment of the invention. As inFIG. 2 , the browser's first request lacks a cookie (310). The web server replies with the requested material. The response includes a “Set-Cookie” header and code to cause the browser to collect information about its computer, environment and user (“device fingerprint data”) (320). This code may be JavaScript, Flash, Silverlight, or any other appropriate browser-based coding technology. The browser displays the response (330), sets the cookie (333) and runs the code to collect device fingerprint data (336). The device fingerprint data may include information such as the operating system type and version, screen size, system default colors, available fonts and browser plug-ins, and other similar data. - Next, the browser transmits the cookie and device information to the web server (340). The web server forwards the fingerprint data, and other information about the HTTP request (such as the HTTP headers and source IP address) to an analysis server (350). The analysis server stores the information for future use (360) and may reply to the web server that the browser has not been seen previously (370).
- Subsequent requests from the browser proceed as usual: the browser sends its assigned cookie, and the web server can correlate these requests with previous requests, collecting information of interest to the publisher about the resources the browser references. The web server may continue to transmit fingerprint-data collection code, and changes to the device's fingerprint can be detected and monitored. For example, the user may install a new display device, so the device fingerprint might show a different screen resolution or color depth. All this information can be kept exclusively within the web server, or shared with the analysis server.
-
FIG. 4 shows what happens according to an embodiment of the invention if the browser loses its cookie:steps 310 through 350 are identical to those shown described in reference toFIG. 3 (only steps 310 and 350 are shown inFIG. 4 ; for 320, 330 and 340, refer to the preceding Figure). However, after the fingerprint, HTTP header and other data are sent to the analysis server, the earlier-saved record is located and the “old” cookie is recovered (410). The analysis server responds to the web server that this is an existing client (420) (i.e., that it has been seen previously, and has already had a cookie assigned). The web server may issue a new response to change the client's cookie to the old value (430), or may simply note internally that the two different cookies are associated with only one client (440). In either scenario, the web server and analysis server continue to collect and analyze data, and the analysis can include both the information that the cookie was lost or cleared, and that the two otherwise apparently unrelated request sequences were issued by a single client. - The information available to the analysis server in the device fingerprint and HTTP headers may include some or all of the following data:
-
- Client IP address
- Network connection details (e.g., proxy server)
- Browser software type and version
- Browser plug-in software modules & versions
- Computer operating system type and version
- Time zone
- Display pixel dimensions and color depth
- Fonts available
Future developments in browser-side code execution environments may make additional information available to the web server, and this additional information may be useful to an embodiment of the invention. For example, the JavaScript language might be extended so that JavaScript programs can access a list of Universal Serial Bus (“USB”) peripherals that are presently attached to the client computer, or even a list of all USB peripherals that have ever been attached to the client computer. This list may provide an additional basis for distinguishing between two different computers, so it may be useful information for an embodiment of the invention to collect and incorporate into a device fingerprint. Generally speaking, any information that can be collected under the direction and/or control of the web server, and that is useful in distinguishing between two or more different computers, can be employed by an embodiment of the invention as part of the device fingerprint.
- It is appreciated that the dynamic pattern of interaction between a browser and a web server also yields identifying information, and, to the extent that this information is captured and stored, it may be available to the analysis server to assist in identifying a client without a cookie, or with a newly-assigned cookie, as a previously-seen client whose old cookie was associated with an earlier browsing history. Thus, in some embodiments, the determination that a client with a newly-initialized browsing history is actually the same as an earlier client may be emergent, developing over a series of browsing interactions. Roughly speaking, the bare fingerprint data may suggest that a “new” client is the same as an earlier client, but continued browsing activity may provide an increased level of confidence in the identification. Alternatively, continued browsing may show that the browser tentatively identified as the same as an earlier client based on the fingerprint data, is in fact more likely to be a new client after all.
- Embodiments of the invention may incorporate a number of variants to accomplish the goal of correlating multiple series of web interactions:
-
- The cookie is not an HTTP cookie, but is a Flash Local Shared Object, or an HTML 5 locally stored object, or any other technology for storing data in a browser.
- The cookie is not issued by the web server, but is instead issued by an outside analytics system. The cookie that is put back in place is the cookie originally issued by the outside analytics system.
- Flexible, selectable and/or plug-in module-based methods for doing device fingerprint comparison.
- The client device described in the foregoing as a “web browser” is not a traditional web browser, and the interaction does not happen over the Internet, but instead it is a series of loosely-correlated interactions between a client and a server on any distributed system that attempts to track users.
- Other alternate embodiments include:
-
- A system to correlate cookies in an advertising-delivery network.
- A system where cookies can be correlated among different providers (publishers) (see discussion of
FIG. 5 below). - A system where cookies can be correlated across data sets.
- A system to correlate cookies for a Software As A Service (“SaaS”) provider.
- system where cookies can be correlated across digital products and services.
- A system where the original cookie is provided in real-time rather than issuing a new cookie, followed by a cookie replacement.
- A system to create an alternate persistent ID based on a collection of cookies.
-
FIG. 5 shows an environment similar toFIG. 1 , but here, two data publishers cooperate to stitch cookies together into a unified, reliable client identity. The web browser onclient computer 120 displays information in an on-screen window 110. An enlarged sample window is shown at 530. The window contains amain text document 533 and agraphic image 536. The main document was retrieved from aremote server 140, while the graphic was retrieved from a different remote server, 550.Servers exchange information 560 so that, according to an embodiment of the invention, even ifclient computer 120 loses or deletes a cookie thatserver 140 had been using to identify the computer, it may not have lost or deleted a cookie that identifiedcomputer 120 toserver 550. Thus, information reported overinter-server channel 560 can be used byserver 140 to stitch pre-cookie-loss history forclient 120 together with post-cookie-loss history. In this case, themain text document 533 fromserver 140 causesclient 120 to report information about itself toserver 550 when it requestsimage 536.Server 550 then reports identical or related information toserver 140. In some embodiments,server 550 may be part of an advertisement delivery network, where ads are delivered for inclusion with web-page resources from a variety of publishers. The ad delivery network functions (in part) as a repository of information about clients, and can provide information to the publishers that allows the publishers to identify return visitors who—due to cookie loss or deletion—appear to be unrelated to prior visitors. - An embodiment of the invention may be a machine-readable medium having stored thereon data and instructions to cause a programmable processor to perform operations as described above. In other embodiments, the operations might be performed by specific hardware components that contain hardwired logic. Those operations might alternatively be performed by any combination of programmed computer components and custom hardware components.
- Instructions for a programmable processor may be stored in a form that is directly executable by the processor (“object” or “executable” form), or the instructions may be stored in a human-readable text form called “source code” that can be automatically processed by a development tool commonly known as a “compiler” to produce executable code. Instructions may also be specified as a difference or “delta” from a predetermined version of a basic source code. The delta (also called a “patch”) can be used to prepare instructions to implement an embodiment of the invention, starting with a commonly-available source code package that does not contain an embodiment.
- In some embodiments, the instructions for a programmable processor may be treated as data and used to modulate a carrier signal, which can subsequently be sent to a remote receiver, where the signal is demodulated to recover the instructions, and the instructions are executed to implement the methods of an embodiment at the remote receiver. In the vernacular, such modulation and transmission are known as “serving” the instructions, while receiving and demodulating are often called “downloading.” In other words, one embodiment “serves” (i.e., encodes and sends) the instructions of an embodiment to a client, often over a distributed data network like the Internet. The instructions thus transmitted can be saved on a hard disk or other data storage device at the receiver to create another embodiment of the invention, meeting the description of a machine-readable medium storing data and instructions to perform some of the operations discussed above. Compiling (if necessary) and executing such an embodiment at the receiver may result in the receiver performing operations according to a third embodiment.
- In the preceding description, numerous details were set forth. It will be apparent, however, to one skilled in the art, that the present invention may be practiced without some of these specific details. In some instances, well-known structures and devices are shown in block diagram form, rather than in detail, in order to avoid obscuring the present invention.
- Some portions of the detailed descriptions may have been presented in terms of algorithms and symbolic representations of operations on data bits within a computer memory. These algorithmic descriptions and representations are the means used by those skilled in the data processing arts to most effectively convey the substance of their work to others skilled in the art. An algorithm is here, and generally, conceived to be a self-consistent sequence of steps leading to a desired result. The steps are those requiring physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated. It has proven convenient at times, principally for reasons of common usage, to refer to these signals as bits, values, elements, symbols, characters, terms, numbers, or the like.
- It should be borne in mind, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities. Unless specifically stated otherwise as apparent from the preceding discussion, it is appreciated that throughout the description, discussions utilizing terms such as “processing” or “computing” or “calculating” or “determining” or “displaying” or the like, refer to the action and processes of a computer system or similar electronic computing device, that manipulates and transforms data represented as physical (electronic) quantities within the computer system's registers and memories into other data similarly represented as physical quantities within the computer system memories or registers or other such information storage, transmission or display devices.
- The present invention also relates to apparatus for performing the operations herein. This apparatus may be specially constructed for the required purposes, or it may comprise a general purpose computer selectively activated or reconfigured by a computer program stored in the computer. Such a computer program may be stored in a computer readable storage medium, including without limitation any type of disk including floppy disks, optical disks, compact disc read-only memory (“CD-ROM”), and magnetic-optical disks, read-only memories (ROMs), random access memories (RAMs), erasable, programmable read-only memories (“EPROMs”), electrically-erasable read-only memories (“EEPROMs”), magnetic or optical cards, or any type of media suitable for storing computer instructions.
- The algorithms and displays presented herein are not inherently related to any particular computer or other apparatus. Various general purpose systems may be used with programs in accordance with the teachings herein, or it may prove convenient to construct more specialized apparatus to perform the required method steps. The required structure for a variety of these systems will be recited in the claims below. In addition, the present invention is not described with reference to any particular programming language. It will be appreciated that a variety of programming languages may be used to implement the teachings of the invention as described herein.
- The applications of the present invention have been described largely by reference to specific examples and in terms of particular allocations of functionality to certain hardware and/or software components. However, those of skill in the art will recognize that client correlation based on device fingerprints can also be produced by software and hardware that distribute the functions of embodiments of this invention differently than herein described. Such variations and implementations are understood to be captured according to the following claims.
Claims (23)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/114,780 US20110288940A1 (en) | 2010-05-24 | 2011-05-24 | Method and Apparatus for Correlating Multiple Cookies as Having Originated from the Same Device Using Device Fingerprinting |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US34773410P | 2010-05-24 | 2010-05-24 | |
US13/114,780 US20110288940A1 (en) | 2010-05-24 | 2011-05-24 | Method and Apparatus for Correlating Multiple Cookies as Having Originated from the Same Device Using Device Fingerprinting |
Publications (1)
Publication Number | Publication Date |
---|---|
US20110288940A1 true US20110288940A1 (en) | 2011-11-24 |
Family
ID=44971731
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/110,460 Active 2032-03-07 US8733732B2 (en) | 2010-05-24 | 2011-05-18 | Pressurized o-ring pole piece seal for a manifold |
US13/114,780 Abandoned US20110288940A1 (en) | 2010-05-24 | 2011-05-24 | Method and Apparatus for Correlating Multiple Cookies as Having Originated from the Same Device Using Device Fingerprinting |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/110,460 Active 2032-03-07 US8733732B2 (en) | 2010-05-24 | 2011-05-18 | Pressurized o-ring pole piece seal for a manifold |
Country Status (7)
Country | Link |
---|---|
US (2) | US8733732B2 (en) |
EP (1) | EP2577127B1 (en) |
JP (1) | JP5984798B2 (en) |
KR (1) | KR101474629B1 (en) |
CN (1) | CN102906476B (en) |
PL (1) | PL2577127T3 (en) |
WO (1) | WO2011149935A1 (en) |
Cited By (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100174900A1 (en) * | 2008-12-19 | 2010-07-08 | Lin Paul Y | Method and apparatus for authenticating online transactions using a browser |
US8875244B1 (en) * | 2011-03-31 | 2014-10-28 | Emc Corporation | Method and apparatus for authenticating a user using dynamic client-side storage values |
US20150127825A1 (en) * | 2010-11-05 | 2015-05-07 | Bluecava, Inc. | Incremental browser-based device fingerprinting |
US9032217B1 (en) * | 2012-03-28 | 2015-05-12 | Amazon Technologies, Inc. | Device-specific tokens for authentication |
US9124583B1 (en) | 2014-05-09 | 2015-09-01 | Bank Of America Corporation | Device registration using device fingerprint |
CN104933058A (en) * | 2014-03-18 | 2015-09-23 | 北京学之途网络科技有限公司 | Network access activity monitoring method and system |
US9378345B2 (en) | 2014-04-29 | 2016-06-28 | Bank Of America Corporation | Authentication using device ID |
US20170214771A1 (en) * | 2012-02-01 | 2017-07-27 | Aol Advertising Inc. | Systems and methods for identifying a returning web client |
US9832193B2 (en) | 2014-05-09 | 2017-11-28 | Bank Of America Corporation | Device validation using device fingerprint |
CN107818472A (en) * | 2016-09-13 | 2018-03-20 | 腾讯科技(北京)有限公司 | A kind of information processing method and server |
US9948744B1 (en) | 2016-10-14 | 2018-04-17 | International Business Machines Corporation | Mobile device identification |
US10248730B2 (en) * | 2013-11-19 | 2019-04-02 | Beijing Gridsum Technology Co., Ltd. | Statistical method and apparatus for webpage access data |
CN109995576A (en) * | 2019-02-13 | 2019-07-09 | 平安科技(深圳)有限公司 | Recognition methods, device and the storage medium of equipment for surfing the net, computer equipment |
CN110866286A (en) * | 2019-10-29 | 2020-03-06 | 武汉极意网络科技有限公司 | Equipment fingerprint generation method and device |
US10607261B2 (en) * | 2013-02-11 | 2020-03-31 | Viant Technology Llc | Upfront advertisement purchasing exchange |
US10931665B1 (en) * | 2017-07-18 | 2021-02-23 | Walgreen Co. | Cross-device user identification and content access control using cookie stitchers |
WO2021258898A1 (en) * | 2020-06-22 | 2021-12-30 | 腾讯科技(深圳)有限公司 | Device fingerprint generation method, apparatus and device, and storage medium |
WO2022132257A1 (en) * | 2020-12-16 | 2022-06-23 | Sentinel Labs Israel Ltd. | Systems, methods and devices for device fingerprinting and automatic deployment of software in a computing network using a peer-to-peer approach |
US11507663B2 (en) | 2014-08-11 | 2022-11-22 | Sentinel Labs Israel Ltd. | Method of remediating operations performed by a program and system thereof |
US11522894B2 (en) | 2017-08-08 | 2022-12-06 | Sentinel Labs Israel Ltd. | Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking |
US11580218B2 (en) | 2019-05-20 | 2023-02-14 | Sentinel Labs Israel Ltd. | Systems and methods for executable code detection, automatic feature extraction and position independent code detection |
US11616812B2 (en) | 2016-12-19 | 2023-03-28 | Attivo Networks Inc. | Deceiving attackers accessing active directory data |
US11625485B2 (en) | 2014-08-11 | 2023-04-11 | Sentinel Labs Israel Ltd. | Method of malware detection and system thereof |
US11694093B2 (en) * | 2018-03-14 | 2023-07-04 | Adobe Inc. | Generation of training data to train a classifier to identify distinct physical user devices in a cross-device context |
US11695800B2 (en) | 2016-12-19 | 2023-07-04 | SentinelOne, Inc. | Deceiving attackers accessing network data |
US11888897B2 (en) | 2018-02-09 | 2024-01-30 | SentinelOne, Inc. | Implementing decoys in a network environment |
US11899782B1 (en) | 2021-07-13 | 2024-02-13 | SentinelOne, Inc. | Preserving DLL hooks |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8459218B2 (en) | 2011-05-19 | 2013-06-11 | Eaton Corporation | Adjustable-stroke solenoid valve |
US10508964B2 (en) * | 2013-03-14 | 2019-12-17 | Eaton Intelligent Power Limited | Solenoid valve assembly with pilot pressure control |
US10539250B2 (en) | 2018-04-24 | 2020-01-21 | Honeywell International Inc. | High vibration, high cycle, pulse width modulated solenoid |
CN111459577B (en) * | 2020-04-08 | 2023-06-09 | 深圳游禧科技有限公司 | Application installation source tracking method, device, equipment and storage medium |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6484182B1 (en) * | 1998-06-12 | 2002-11-19 | International Business Machines Corporation | Method and apparatus for publishing part datasheets |
US20030131045A1 (en) * | 2002-01-09 | 2003-07-10 | Mcgee Jason Robert | Method and apparatus for synchronizing cookies across multiple client machines |
US20040054784A1 (en) * | 2002-09-16 | 2004-03-18 | International Business Machines Corporation | Method, system and program product for tracking web user sessions |
US6961858B2 (en) * | 2000-06-16 | 2005-11-01 | Entriq, Inc. | Method and system to secure content for distribution via a network |
US7020635B2 (en) * | 2001-11-21 | 2006-03-28 | Line 6, Inc | System and method of secure electronic commerce transactions including tracking and recording the distribution and usage of assets |
US7080049B2 (en) * | 2001-09-21 | 2006-07-18 | Paymentone Corporation | Method and system for processing a transaction |
US7090128B2 (en) * | 2003-09-08 | 2006-08-15 | Systems And Software Enterprises, Inc. | Mobile electronic newsstand |
US7107462B2 (en) * | 2000-06-16 | 2006-09-12 | Irdeto Access B.V. | Method and system to store and distribute encryption keys |
US7150045B2 (en) * | 2000-12-14 | 2006-12-12 | Widevine Technologies, Inc. | Method and apparatus for protection of electronic media |
US7587502B2 (en) * | 2005-05-13 | 2009-09-08 | Yahoo! Inc. | Enabling rent/buy redirection in invitation to an online service |
US7711586B2 (en) * | 2005-02-24 | 2010-05-04 | Rearden Corporation | Method and system for unused ticket management |
US20100293094A1 (en) * | 2009-05-15 | 2010-11-18 | Dan Kolkowitz | Transaction assessment and/or authentication |
US20100306831A1 (en) * | 2009-05-27 | 2010-12-02 | Ruicao Mu | Method for fingerprinting and identifying internet users |
Family Cites Families (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US3082359A (en) * | 1960-01-26 | 1963-03-19 | Peter Paul Electronics Company | Solenoid and valve assembly |
US3263959A (en) * | 1964-12-23 | 1966-08-02 | American Radiator & Standard | Solenoid valve |
CA1021225A (en) * | 1974-06-28 | 1977-11-22 | General Signal Corporation | Quick-acting valve assembly |
US4238110A (en) | 1979-07-23 | 1980-12-09 | Colt Industries Operating Corp. | Electromagnetic fuel metering valve assembly |
US4582294A (en) * | 1985-04-01 | 1986-04-15 | Honeywell Inc. | Three-way solenoid valve |
JPH0450102Y2 (en) | 1986-02-25 | 1992-11-26 | ||
GB2189010B (en) * | 1986-03-07 | 1990-03-21 | Alexander Controls Ltd | Apparatus for controlling the flow of gas |
US5531422A (en) | 1994-04-12 | 1996-07-02 | Applied Power Inc. | Double latching valve |
ATE164425T1 (en) * | 1994-09-09 | 1998-04-15 | Gen Motors Corp | ACTUATOR FOR AN EXHAUST GAS RECIRCULATION VALVE |
US5579741A (en) * | 1995-11-30 | 1996-12-03 | Siemens Electric Limited | Vapor purge valve having tapered bead armature seal |
US5875922A (en) * | 1997-10-10 | 1999-03-02 | Nordson Corporation | Apparatus for dispensing an adhesive |
US6092784A (en) * | 1997-12-30 | 2000-07-25 | Dana Corporation | Coil assembly useful in solenoid valves |
US6644265B2 (en) | 2002-04-09 | 2003-11-11 | Eaton Corporation | Electro-hydraulic manifold assembly and method of making same for controlling de-activation of combustion chamber valves in a multicylinder engine |
US7240894B2 (en) | 2003-05-30 | 2007-07-10 | Borgwarner Inc. | Pulse width modulated solenoid |
JP4303637B2 (en) * | 2004-03-12 | 2009-07-29 | 株式会社テージーケー | Control valve for variable capacity compressor |
US7007925B2 (en) | 2004-08-05 | 2006-03-07 | Husco International, Inc. | Electrohydraulic valve having an armature with a rolling bearing |
GB0521063D0 (en) * | 2005-10-18 | 2005-11-23 | Reckitt Benckiser Uk Ltd | Spraying device |
US7673597B2 (en) | 2005-12-09 | 2010-03-09 | Saturn Electronics & Engineering, Inc. | Hydraulic fluid passage with particle gettering magnet |
ITTO20060563A1 (en) | 2006-07-28 | 2008-01-29 | Eaton Srl | COMMAND DEVICE RAISED FOR A INTERNAL COMBUSTION ENGINE-BASED VALVE OR OPERATING MACHINE |
US7992839B2 (en) | 2008-04-15 | 2011-08-09 | Husco Automotive Holdings Llc | Electrohydraulic valve having a solenoid actuator plunger with an armature and a bushing |
US20100019186A1 (en) | 2008-07-25 | 2010-01-28 | Eaton Corporation | Engine valve assembly with valve can mountable to an engine cover |
US9022067B2 (en) | 2008-10-09 | 2015-05-05 | Eaton Corporation | Dual variable valve solenoid module |
-
2011
- 2011-05-18 US US13/110,460 patent/US8733732B2/en active Active
- 2011-05-24 WO PCT/US2011/037739 patent/WO2011149935A1/en active Application Filing
- 2011-05-24 CN CN201180025633.2A patent/CN102906476B/en not_active Expired - Fee Related
- 2011-05-24 US US13/114,780 patent/US20110288940A1/en not_active Abandoned
- 2011-05-24 PL PL11725563T patent/PL2577127T3/en unknown
- 2011-05-24 KR KR1020127030609A patent/KR101474629B1/en active IP Right Grant
- 2011-05-24 JP JP2013512157A patent/JP5984798B2/en not_active Expired - Fee Related
- 2011-05-24 EP EP11725563.8A patent/EP2577127B1/en not_active Not-in-force
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6484182B1 (en) * | 1998-06-12 | 2002-11-19 | International Business Machines Corporation | Method and apparatus for publishing part datasheets |
US6961858B2 (en) * | 2000-06-16 | 2005-11-01 | Entriq, Inc. | Method and system to secure content for distribution via a network |
US7107462B2 (en) * | 2000-06-16 | 2006-09-12 | Irdeto Access B.V. | Method and system to store and distribute encryption keys |
US7150045B2 (en) * | 2000-12-14 | 2006-12-12 | Widevine Technologies, Inc. | Method and apparatus for protection of electronic media |
US7080049B2 (en) * | 2001-09-21 | 2006-07-18 | Paymentone Corporation | Method and system for processing a transaction |
US7020635B2 (en) * | 2001-11-21 | 2006-03-28 | Line 6, Inc | System and method of secure electronic commerce transactions including tracking and recording the distribution and usage of assets |
US20030131045A1 (en) * | 2002-01-09 | 2003-07-10 | Mcgee Jason Robert | Method and apparatus for synchronizing cookies across multiple client machines |
US20040054784A1 (en) * | 2002-09-16 | 2004-03-18 | International Business Machines Corporation | Method, system and program product for tracking web user sessions |
US7090128B2 (en) * | 2003-09-08 | 2006-08-15 | Systems And Software Enterprises, Inc. | Mobile electronic newsstand |
US7711586B2 (en) * | 2005-02-24 | 2010-05-04 | Rearden Corporation | Method and system for unused ticket management |
US7587502B2 (en) * | 2005-05-13 | 2009-09-08 | Yahoo! Inc. | Enabling rent/buy redirection in invitation to an online service |
US20100293094A1 (en) * | 2009-05-15 | 2010-11-18 | Dan Kolkowitz | Transaction assessment and/or authentication |
US20100306831A1 (en) * | 2009-05-27 | 2010-12-02 | Ruicao Mu | Method for fingerprinting and identifying internet users |
Cited By (46)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100174900A1 (en) * | 2008-12-19 | 2010-07-08 | Lin Paul Y | Method and apparatus for authenticating online transactions using a browser |
US8245030B2 (en) * | 2008-12-19 | 2012-08-14 | Nai-Yu Pai | Method for authenticating online transactions using a browser |
US20150127825A1 (en) * | 2010-11-05 | 2015-05-07 | Bluecava, Inc. | Incremental browser-based device fingerprinting |
US9942349B2 (en) * | 2010-11-05 | 2018-04-10 | Bluecava, Inc. | Incremental browser-based device fingerprinting |
US8875244B1 (en) * | 2011-03-31 | 2014-10-28 | Emc Corporation | Method and apparatus for authenticating a user using dynamic client-side storage values |
US10469625B2 (en) * | 2012-02-01 | 2019-11-05 | Oath (Americas) Inc. | Systems and methods for identifying a returning web client |
US10848598B2 (en) | 2012-02-01 | 2020-11-24 | Verizon Media Inc. | Systems and methods for identifying a returning web client |
US20200028941A1 (en) * | 2012-02-01 | 2020-01-23 | Oath (Americas) Inc. | Systems and methods for identifying a returning web client |
US11431825B2 (en) | 2012-02-01 | 2022-08-30 | Yahoo Assets Llc | Systems and methods for identifying a returning web client |
US20170214771A1 (en) * | 2012-02-01 | 2017-07-27 | Aol Advertising Inc. | Systems and methods for identifying a returning web client |
US9032217B1 (en) * | 2012-03-28 | 2015-05-12 | Amazon Technologies, Inc. | Device-specific tokens for authentication |
US9525684B1 (en) | 2012-03-28 | 2016-12-20 | Amazon Technologies, Inc. | Device-specific tokens for authentication |
US10607261B2 (en) * | 2013-02-11 | 2020-03-31 | Viant Technology Llc | Upfront advertisement purchasing exchange |
US10248730B2 (en) * | 2013-11-19 | 2019-04-02 | Beijing Gridsum Technology Co., Ltd. | Statistical method and apparatus for webpage access data |
CN104933058A (en) * | 2014-03-18 | 2015-09-23 | 北京学之途网络科技有限公司 | Network access activity monitoring method and system |
US9378345B2 (en) | 2014-04-29 | 2016-06-28 | Bank Of America Corporation | Authentication using device ID |
US9124583B1 (en) | 2014-05-09 | 2015-09-01 | Bank Of America Corporation | Device registration using device fingerprint |
US9832193B2 (en) | 2014-05-09 | 2017-11-28 | Bank Of America Corporation | Device validation using device fingerprint |
US11507663B2 (en) | 2014-08-11 | 2022-11-22 | Sentinel Labs Israel Ltd. | Method of remediating operations performed by a program and system thereof |
US11625485B2 (en) | 2014-08-11 | 2023-04-11 | Sentinel Labs Israel Ltd. | Method of malware detection and system thereof |
US11886591B2 (en) | 2014-08-11 | 2024-01-30 | Sentinel Labs Israel Ltd. | Method of remediating operations performed by a program and system thereof |
CN107818472A (en) * | 2016-09-13 | 2018-03-20 | 腾讯科技(北京)有限公司 | A kind of information processing method and server |
US10778802B2 (en) | 2016-10-14 | 2020-09-15 | Hcl Technologies Limited | Mobile device identification |
US9948744B1 (en) | 2016-10-14 | 2018-04-17 | International Business Machines Corporation | Mobile device identification |
US10230814B2 (en) | 2016-10-14 | 2019-03-12 | International Business Machines Corporation | Mobile device identification |
US11695800B2 (en) | 2016-12-19 | 2023-07-04 | SentinelOne, Inc. | Deceiving attackers accessing network data |
US11616812B2 (en) | 2016-12-19 | 2023-03-28 | Attivo Networks Inc. | Deceiving attackers accessing active directory data |
US10931665B1 (en) * | 2017-07-18 | 2021-02-23 | Walgreen Co. | Cross-device user identification and content access control using cookie stitchers |
US11522894B2 (en) | 2017-08-08 | 2022-12-06 | Sentinel Labs Israel Ltd. | Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking |
US11838306B2 (en) | 2017-08-08 | 2023-12-05 | Sentinel Labs Israel Ltd. | Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking |
US11876819B2 (en) | 2017-08-08 | 2024-01-16 | Sentinel Labs Israel Ltd. | Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking |
US11838305B2 (en) | 2017-08-08 | 2023-12-05 | Sentinel Labs Israel Ltd. | Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking |
US11722506B2 (en) | 2017-08-08 | 2023-08-08 | Sentinel Labs Israel Ltd. | Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking |
US11716341B2 (en) | 2017-08-08 | 2023-08-01 | Sentinel Labs Israel Ltd. | Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking |
US11716342B2 (en) | 2017-08-08 | 2023-08-01 | Sentinel Labs Israel Ltd. | Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking |
US11888897B2 (en) | 2018-02-09 | 2024-01-30 | SentinelOne, Inc. | Implementing decoys in a network environment |
US11694093B2 (en) * | 2018-03-14 | 2023-07-04 | Adobe Inc. | Generation of training data to train a classifier to identify distinct physical user devices in a cross-device context |
CN109995576A (en) * | 2019-02-13 | 2019-07-09 | 平安科技(深圳)有限公司 | Recognition methods, device and the storage medium of equipment for surfing the net, computer equipment |
US11790079B2 (en) | 2019-05-20 | 2023-10-17 | Sentinel Labs Israel Ltd. | Systems and methods for executable code detection, automatic feature extraction and position independent code detection |
US11580218B2 (en) | 2019-05-20 | 2023-02-14 | Sentinel Labs Israel Ltd. | Systems and methods for executable code detection, automatic feature extraction and position independent code detection |
CN110866286A (en) * | 2019-10-29 | 2020-03-06 | 武汉极意网络科技有限公司 | Equipment fingerprint generation method and device |
WO2021258898A1 (en) * | 2020-06-22 | 2021-12-30 | 腾讯科技(深圳)有限公司 | Device fingerprint generation method, apparatus and device, and storage medium |
WO2022132257A1 (en) * | 2020-12-16 | 2022-06-23 | Sentinel Labs Israel Ltd. | Systems, methods and devices for device fingerprinting and automatic deployment of software in a computing network using a peer-to-peer approach |
US11748083B2 (en) | 2020-12-16 | 2023-09-05 | Sentinel Labs Israel Ltd. | Systems, methods and devices for device fingerprinting and automatic deployment of software in a computing network using a peer-to-peer approach |
US11579857B2 (en) | 2020-12-16 | 2023-02-14 | Sentinel Labs Israel Ltd. | Systems, methods and devices for device fingerprinting and automatic deployment of software in a computing network using a peer-to-peer approach |
US11899782B1 (en) | 2021-07-13 | 2024-02-13 | SentinelOne, Inc. | Preserving DLL hooks |
Also Published As
Publication number | Publication date |
---|---|
JP2013534595A (en) | 2013-09-05 |
CN102906476A (en) | 2013-01-30 |
US20110284782A1 (en) | 2011-11-24 |
EP2577127A1 (en) | 2013-04-10 |
KR20130111924A (en) | 2013-10-11 |
WO2011149935A1 (en) | 2011-12-01 |
JP5984798B2 (en) | 2016-09-06 |
CN102906476B (en) | 2014-10-08 |
US8733732B2 (en) | 2014-05-27 |
EP2577127B1 (en) | 2014-11-12 |
KR101474629B1 (en) | 2014-12-18 |
PL2577127T3 (en) | 2015-04-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20110288940A1 (en) | Method and Apparatus for Correlating Multiple Cookies as Having Originated from the Same Device Using Device Fingerprinting | |
US11870912B2 (en) | Methods and apparatus to collect distributed user information for media impressions and search terms | |
US20200236569A1 (en) | Cross-channel user tracking systems, methods, and devices | |
US9936032B2 (en) | Method and system for identifying website visitors | |
US9430778B2 (en) | Authenticating users for accurate online audience measurement | |
US20150189500A1 (en) | Methods and apparatus to collect distributed user information for media impressions and search terms | |
US20040128534A1 (en) | Method and product for identifying a website visitor session by visitor e-mail address | |
WO2015102795A1 (en) | Methods and apparatus to correct audience measurement data | |
US20190289085A1 (en) | System and method for tracking online user behavior across browsers or devices | |
US20140019575A1 (en) | Maintaining Client-Side Persistent Data using Caching | |
US20170345056A1 (en) | Advertisement data metric determination within mobile applications | |
CN104579754A (en) | User access time characteristic statistic method for Web application | |
WO2014203015A1 (en) | Cross-channel user tracking systems, methods and devices | |
KR101785169B1 (en) | Beacon data aggregation and management platform | |
CN114372828A (en) | Advertisement putting method, device, equipment and medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: SCOUT ANALYTICS, INC., WASHINGTON Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:HORADAN, PETER H., MR.;SHANAHAN, MATTHEW R., MR.;UPSON, MARK B., MR.;REEL/FRAME:026335/0244 Effective date: 20110524 |
|
AS | Assignment |
Owner name: BENAROYA CAPITAL COMPANY, L.L.C., WASHINGTON Free format text: SECURITY AGREEMENT;ASSIGNOR:SCOUT ANALYTICS, INC.;REEL/FRAME:029709/0695 Effective date: 20130118 |
|
AS | Assignment |
Owner name: JPMORGAN CHASE BANK, NATIONAL ASSOCIATION, CALIFOR Free format text: SECURITY AGREEMENT;ASSIGNOR:SCOUT ANALYTICS, INC.;REEL/FRAME:032323/0468 Effective date: 20140220 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |
|
AS | Assignment |
Owner name: SERVICESOURCE INTERNATIONAL, INC., CALIFORNIA Free format text: MERGER;ASSIGNOR:SCOUT ANALYTICS, INC.;REEL/FRAME:061306/0137 Effective date: 20141224 |