15 Flash Fingerprinting 15-1 15 Flash Fingerprinting This chapter focuses on the specifics of Flash Fingerprinting within an Oracle Adaptive Access Manager native integration. All code examples included in the chapter are outlines of calls needed to perform the tasks. They should not be considered complete implementations.

15.1 Device Fingerprinting

Oracle Adaptive Access Manager captures information about the devices that a user utilizes when accessing protected applications. This information consists of many different datapoints gathered through a variety of means. The data collected is encoded into a unique fingerprint for the device. When a device is used for an access request, Oracle Adaptive Access Manager interrogates the device for the fingerprint and uses it along with many other types of data to determine the risk associated with the specific access request. Some of the technology used to gather fingerprint data include HTTP header, secure cookie, shared flash object and behavior profiling.

15.2 Definitions of Variables and Parameters

Table 15–1 lists the parameter and response variable in the interaction between the flash movie and the application. Note: This chapter assumes that the reader is familiar with Oracle Adaptive Access Manager native integrations and APIs. Table 15–1 Flash movie Parameters and Response Variables ParameterResponse Variable Usage v Used as an HTTP request parameter sent from the flash movie to the application. It contains the generated cookie string that is used a single time by the user. This value is also returned in the HTTP response to the flash movie as v=new value. client Used as an HTTP request parameter sent from the flash movie to the application. This indicates the type of client performing the fingerprinting in this case, flash. The expected value from the flash movie is vfc. fp Used as an HTTP request parameter sent from the flash movie to the application. It contains information about the client computer accessible to the flash player.