H Device Fingerprinting

Oracle Adaptive Access Manager contains proprietary clientless technologies for fingerprinting and interrogating devices used during access requests and transactions. Device fingerprinting is a mechanism to recognize the devices a customer uses whether it is a desktop computer, laptop computer or other web-enabled device. This appendix contains details about device fingerprinting.

H.1 What is Device Fingerprinting

Oracle Adaptive Access Manager device fingerprinting is a capability used to recognize the devices a user uses to login and conduct transactions. It collects information about the device like browser type, browser headers, operating system type, locale, and so on. Fingerprint data represents the data collected for a device during login process required to identify the device whenever it logs in the next time. The fingerprint details help in identifying whether a device is secure and determine the risk level of the authentication or transaction.

A device is identified using proprietary logic and a set of specialized policies to process available data and arrive at identification. The intelligent identification does not rely on any single attribute type so it can function on user devices not following strict specifications and in both web and non-web channels. The device identification is not merely a static list of attributes but is instead a dynamic capture, evaluation and profiling of the specific combinations of attributes available in each access request or transaction. This is especially important in large consumer facing deployments.

H.2 When is a Device Fingerprinted

The fingerprinting process can be run any number of times during a user session to allow detection of changes mid-session that can indicate session hijacking. OAAM monitors a comprehensive list of device attributes. If any attributes are not available the device can still be fingerprinted. The single-use capabilities combined with server-side logic defends against the fingerprint being stolen and reused on another machine to commit fraud.

H.3 Device Fingerprint Attributes

Device fingerprinting collects information about the device such as browser type, browser headers, operating system type, locale, and so on. The fingerprint details can help in identifying a device, check whether it is secure, and determine the risk level for the authentication or transaction.

H.3.1 Browser Characteristics

Browser fingerprinting gathers information that include the browser type used, plug-ins installed, system fonts, and the configuration and version information from the operating system, and whether or not the computer accepts cookies.

H.3.2 Device Characteristics

Flash fingerprinting is similar to browser fingerprinting but a flash movie is used by the server to set or retrieve a cookie from the user's machine so a specific set of information is collected from the browser and from flash. The flash fingerprint is only information if flash is installed on the client machine.