The present disclosure relates to identifying computer devices, and more particularly to controlling access attempts by multiple computer devices to protected content.
Users can desire to access network accessible content from many different computer devices, such as desktop computers, laptop computers, tablet computers, mobile phones, game consoles, media players, etc. At times, a user may attempt to simultaneously access content from more than one computer device. Typically, the user is permitted by a network accessible content server to have unrestricted access to the content from any computer device after successfully completing authentication of user supplied credentials and determining that the user has authorized access.
Some computer systems attempt to restrict access, such as to documents containing confidential information or copyrighted works, to only authorized users while operating authorized computer devices. The authorized computer devices may be allowed access because they are determined to be more secure by design and/or trusted because of a known relationship to authorized users. Such computer systems need a way to restrict access to content by computer devices having a unique identity. However, fraudsters have developed sophisticated techniques to obtain credentials of users who are authorized to access content. Some of these fraudsters have moreover developed sophisticated techniques to cause computer devices to impersonate authorized computer devices.
Using third party cookies as a way to identify computer devices is being phased out due to privacy concerns and the ability of users to prevent or interfere with their use. Cookieless device identification has therefore become an important goal of operation for some computer systems. Not being able to reliably identify a computer device can create a potential system entry point for users with unauthorized or malicious intent to access or modify services. Techniques for authenticating users using, e.g., one time passwords (OTPs) can be viewed as unacceptably inconvenient by the users. Developing a list of blacklisted devices by one computer system may not be useful to other computer systems, particularly when operated in different system domains, e.g., under ownership of different entities. If computer systems could rely on trusted universal identification for computer devices, at least some of these challenges could be reduced or overcome.