Feature Sugg.: Device Fingerprinting, addit. att's to enable

pureist

This topic an extension upon the following recent topic:
How can we know what device client is running on?>
"How can we know what device client is running on?"

'Device Fingerprinting' (does NOT use Cookies or save any files/data on user's device) is very useful and I think will be used more and more in the future.
According to what I've read, the combination of 'User Agent', Screen Size, and IP Address identify a device to the extent of 1 in 32 million.
Following is an example of a User Agent string passed from the browser to the server:
"Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; rv:11.0) like Gecko"

Perhaps Screen Resolution and other Hardware specifications data is also available to an application which could also be incorporated in a concatenated Device Fingerprint type evaluation?
If a user can log in by only having to enter their Password because their Device Fingerprint has been recognised, then it's gotta be a good thing in terms of UX.

To this end it would make sense to extend the Attributes of LoginNotification and LoginAttemptNotification, which already include:

ReferringURL
RemoteAddress
..to also include:
User Agent
Screen Width
Screen Height
Screen Resolution
..
..plus any other Hardware specifications data accessible

OR, create functions to be able to ascertain them at runtime.

BenHayat

pureist wrote
To this end it would make sense to extend the Attributes of LoginNotification and LoginAttemptNotification, which already include:

ReferringURL

RemoteAddress
..to also include:

User Agent

Screen Width

Screen Height

Screen Resolution
..
..plus any other Hardware specifications data accessible

OR, create functions to be able to ascertain them at runtime.

Great additions, proposed! We can always use more info about the agent, like screen data.

bkonia

I'd like to have access to all the Tomcat server variables. For example, being able to retrieve the current host name, etc...

Rem

No more progress about this topic?

We are working on a trusted device approach and would like to read some parameters from the local device. If the parameters are not matched we will send a mail to the client which can verify the device.

To be able to do this we have to figure out a way to read something, serial number or some other unique values or place a cookie.

So, any input is a appreciated if somebody have solved this or have any other ideas!

Jhstephenson

I was actually talking to someone in the office about this 5 minutes ago.

We could really use something that would allow us to know what the screen resolution is for the user.

Our reason for this is that we have a client who is switching from Ipad Pros to Microsoft Surface Pros. It was easy to know what perspective to show with the Ipads because they come across as Tablets. But the Surface Pros just get identified as a Desktop, even though their screen resolution is different.

Basing the perspective we show on the screen resolution would make it a whole easier.

Jaymer

I’ve written a plug-in before, but on a different machine & I don’t have any of that development environment installed now. But there are readers who can easily knock out a plug-in. A simple function call can give you a screen size.
https://alvinalexander.com/index.php/blog/post/jfc-swing/java-swing-faq-how-determine-screen-size-resolution

This should take someone all of five minutes, but 10 to be safe.