Skip Headers
Oracle® Fusion Middleware Administrator's Guide for Oracle Adaptive Access Manager
Release 11g (11.1.1)

Part Number E14568-06
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

H Device Fingerprinting

Oracle Adaptive Access Manager contains proprietary clientless technologies for fingerprinting and interrogating devices used during access requests and transactions. Device fingerprinting is a mechanism to recognize the devices a customer uses whether it is a desktop computer, laptop computer or other web-enabled device. This appendix contains details about device fingerprinting.

H.1 What is Device Fingerprinting

Each time the user accesses the system, information about the device is collected. OAAM generates a unique single-use fingerprint and marks a device for each user session. It is replaced upon each subsequent fingerprinting process with another unique fingerprint.

H.2 When is a Device Fingerprinted

The fingerprinting process can be run any number of times during a user session to allow detection of changes mid-session that can indicate session hijacking. OAAM monitors a comprehensive list of device attributes. If any attributes are not available the device can still be fingerprinted. The single-use capabilities combined with server-side logic defends against the fingerprint being stolen and reused on another machine to commit fraud.

H.3 Device Fingerprint Attributes

Device fingerprinting collects information about the device such as browser type, browser headers, operating system type, locale, and so on. The fingerprint details can help in identifying a device, check whether it is secure, and determine the risk level for the authentication or transaction.

H.3.1 IP Intelligence

IP Information is one of the attributes of device fingerprinting and collected to generate the location fingerprint.

If IP address is changed, Oracle Adaptive Access Manager still has other information to use in identifying the machine.

Each feature standing on its own is not sufficient to secure the session; it is the combination of device fingerprint, IP, location, time, behavioral analysis, behavioral analysis as it relates to past behavior, and so on.

Some of the attributes collected to generate the location fingerprint are listed below:

Table H-1 IP Details

IP Details Description

IP Address

Address mapped to location

City Name

Geographic name of the city.

State Name

Geographic name of the state.

Country Name

Geographic name of the country.

Connection Speed

Internet connection speeds or bandwidths (high, medium, low).

Connection Type

Describes the data connection between the device or LAN and the internet. See the Connection Type mapping.

Routing Type

Tells how the user is routed to the internet.

Carrier

The name of the entity that manages the ASN entry.

ASN

Globally unique number assigned to a network or group of networks that is managed by a single entity.

Top-level Domain

The top-level domain of the URL. For example, .com in www.oracle.com. This is mapped through the Quova reference file.

Second-level Domain

The second-level domain of the URL. For example, Name in www.oracle.com. This is mapped through the Quova reference file.

City Confidence Factor

The confidence factor (1-99) that the correct city has been identified.

State Confidence Factor

The confidence factor (1-99) that the correct state has been identified.

Country Confidence Factor

The confidence factor (1-99) that the correct country has been identified.


H.3.2 Browser Characteristics

Browser fingerprinting gathers information that include the browser type used, plug-ins installed, system fonts, and the configuration and version information from the operating system, and whether or not the computer accepts cookies.

H.3.3 Device Characteristics

Flash fingerprinting is similar to browser fingerprinting but a flash movie is used by the server to set or retrieve a cookie from the user's machine so a specific set of information is collected from the browser and from flash. The flash fingerprint is only information if flash is installed on the client machine.