search cancel

Symantec VIP Rememembered Device for Device Fingerprint and Trusted Device

book

Article ID: 150518

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

 VIP Intelligent Authentication.

Resolution

VIP Remembered Device in a feature that provides an alternative form of security for users without requiring traditional hardware or mobile credentials. Remembered Devices use unique device identification to determine whether a user is attempting to authenticate from either a device registered to the user or a device that matches identifiable characteristics of a remembered device. 

Remembered Devices provide two methods of device identification:

Device Fingerprint is a JavaScript-based method of accruing and assessing detailed information about a user's device. A Device Fingerprint included several attributes, such as operating system, screen size, browser, language, and time zone to identify that device.  

fptg A masked version of the unique tag identifier used to identify the device.
fpdt Device type. Values may be browser (if the fingerprint was generated by JavaScript in a browser) or mobile client (if the fingerprint was generated by an API to the VIP mobile CDK).
fpcp An encoding of the capabilities of the browser (e.g. Cookies enabled, support for various HTML 5 features, etc).
fpln The primary language encoding requested by the browser.
fptz The timezone currently in use on the client.
fpsw Additional installed software detected on the machine.
fppi Browser extensions and plugins detected.
fpsc Display attributes, e.g. screen resolution and depth.
fpua User agent string used to indentify the client type and version.
fpau Audio capabilities
fpvc Video capabilities
fpfn List of available fonts.
gfxfp:cnvfp A hash of a 2D image rendered on the device.
gfxfp:wglfp A hash of a 3D image rendered on the device.
gfxfp:wglext A hash of the capabilities data for capabilities of the graphics device.
gfxpfp:wglvr WebGL version info (e.g. graphics card provider and driver version).

Trusted Device provides strong authentication using a certificate stored on the user's device to identify it during a normal sign-in. The user can select to trust their device from the VIP Self-Service Portal or when signing in. This "registers" the laptop or PC by downloading a plug-in that installs a security certificate. The certificate binds the user's device to a unique ID. The unique ID becomes an assigned credential for that device and associates that user to that ID and credential.

The VIP Remembered Device policy can be enabled and configured within our VIP Manager, as described in the Remembered Device guide