1. Field of the Invention
The present invention is directed to methods and apparatus for uniquely identifying remote computing devices. More specifically, the invention is directed to fingerprinting a remote computing device in stages using information retrievable from a web browser.
2. Description of the Related Art
Device identification is used in network communications, for example, to allow a server to uniquely identify remote computing devices that request access to information or services available through the server. There are many applications for device identification, including security, remote licensing of software, and targeted advertising of web-deliverable content, to name a few.
Device identification may involve collecting information from a remote computing device to generate a “fingerprint” for the device. A device fingerprint, as the name implies, consists of computer-readable code that uniquely identifies a computing device. Any computing device capable of communicating with other computing devices, for example, a laptop computer or mobile phone equipped for Internet communications, may be uniquely fingerprinted using methods known to the assignee of the present application and disclosed in U.S. Pat. No. 5,490,216, U.S. patent application Ser. Nos. 11/531,235 and 11/531,257 filed Sep. 12, 2005, and U.S. patent application Ser. Nos. 12/903,948 and 12/903,980 filed Oct. 13, 2010, all of which are fully incorporated herein by reference.
Device-based fingerprinting works by collecting device identification metrics (also known as indicators or computer-readable parameters) from a target device, for example, data stored on the device that represents an manufacturer-provided identification number, manufacturer name, serial number, version number, or performance specification, for hardware devices installed on or peripheral to the device, or other user-configurable or non-user-configurable parameters. Another type of device fingerprinting, web-based or browser-based fingerprinting, works by collecting indicators from data accessible from a web browser running on the target device. In either case, a special program may be executed to collect the data, and may be resident in device-based storage, i.e., memory stored locally on the device, or the program may be run at a server remote from the target device that queries the target device for parameters accessible to the server, for example, via a web browser running on the target device. When the fingerprint is taken, a unique identification code based on the fingerprint may be stored locally on the target device, for example, as a flash cookie. In subsequent transactions committed by the same target device, a server may quickly and easily identify the device by reading the unique identification code, without having tore-fingerprint the device.
The fingerprinting program may often be attached to a web page, and run in the background while a target or client device visits the website to browse or to effect some transaction. A problem that often arises when a browser-based fingerprinting program runs from a web page is that it takes some amount of time to collect all of the indicators that are needed to establish a unique identity for the target device. This may cause undesirable loading delays when displaying the web page, which can be too slow for many market applications, or can otherwise detract from a visitor's experience or even drive the visitor away. When visitors navigate away from a web page before the fingerprinting indicators have been collected, it may not be possible to establish a unique identifier for the target device.
Browser-based fingerprinting can be further complicated by target devices equipped with multiple browsers. Such a device, initially fingerprinted when running a first browser, may appear to the fingerprinting program to be a different device when running a second browser. The process of web-based device fingerprinting, therefore, must collect sufficient indicators to uniquely identify a device, must run fast enough to meet a host's timing expectations, and must be able to verify the identity of a device previously fingerprinted, regardless of which browser is running. The timing difficulties and the problems presented by multiple browsers need to be overcome before device fingerprinting can be made attractive for wide scale use.