Device Intelligence

Start here

This guide presents a technical overview of Entrust's Device Intelligence report, available for integration through Workflow Studio.

Introduction

The Device Intelligence report assesses non-document and non-biometric signals to capture sophisticated fraud, without adding user friction to an identity verification. The Device Intelligence report works alongside Entrust's other reports capturing digital, passive fraud signals such as device integrity, IP and geolocation data, in addition to the current visual fraud detection.

You can run Device Intelligence as a standalone report, but we recommend that you combine it with a Document report or Facial Similarity report.

The Device Intelligence report is only compatible with other reports that require a media upload (such as a document capture, live photo or live video capture) because the report collects device integrity information during the upload of the media.

Note: The Device Intelligence report will be more effective and provide better data if you're using the Entrust Identity Verification SDKs and not sending the media via the API directly.

Signals captured by the report

The purpose of the Device Intelligence report is to gather a range of intelligence signals to assess the integrity of the device and app used to interact with the Entrust system. This includes device signals (such as operating system, browser, presence of an emulator, etc.), IP address, and geolocation data (such as city, country, etc.).

Result logic

The Device Intelligence report can return a result of clear or consider:

Report result	Logic
clear	The applicant used a valid device and is not associated with suspicious behaviour, indicating they are likely a genuine user.
consider	The applicant was detected to have used a device with an invalid fingerprint or profile, or that is associated with suspicious behaviour, indicating they may be a fraudulent user.

The overall report result will be clear if the device breakdown and its sub-breakdowns are clear. The overall report result will be consider if the device breakdown and any of its sub-breakdowns are consider.

Report breakdowns and properties

The Device Intelligence report breakdowns can have a result of clear or consider:

Breakdown	description
`device`	object Asserts whether the device used to upload the media is trustworthy (e.g. it is a real, physical device).
(sub-breakdown) `application_authenticity`	object Properties include `fake_network_request` (refer to the table below).
(sub-breakdown) `device_integrity`	object Properties include `randomized_device`, `emulator`, `single_device_used`, `document_capture` and `biometric_capture` (refer to the table below).
(sub-breakdown) `device_reputation`	object Properties include `ip_reputation` and `device_fingerprint_reuse` (refer to the table below).

Application authenticity properties

Sub-breakdown	Description
`fake_network_request`	Flags when the device used stolen security tokens to send the network information.

Device integrity properties

Sub-breakdown	Description
`randomized_device`	Flags when the device provided false randomized device and network information.
`emulator`	Flags when evidence is found that an emulator was used.
`single_device_used`	Flags when the associated document and biometric media weren't uploaded from the same device.
`document_capture`	Flags when the associated document media weren't confirmed to be live captured from the device camera.
`biometric_capture`	Flags when the associated biometric media weren't confirmed to be live captured from the device camera.

Device reputation properties

Sub-breakdown	Description
`ip_reputation`	Flags when there is highly suspicious traffic related to the IP address.
`device_fingerprint_reuse`	Flags when the same device fingerprint was reused too many times.

Below is an example Device Intelligence report breakdown, sub-breakdowns and device properties:

json

1{
2    "breakdown": {
3        "device": {
4            "breakdown": {
5                "application_authenticity": {
6                    "properties": {},
7                    "result": "clear"
8                },
9                "device_integrity": {
10                    "properties": {},
11                    "result": "clear"
12                },
13                "device_reputation": {
14                    "properties": {},
15                    "result": "clear"
16                }
17            },
18            "result": "clear"
19        }
20    },
21    "properties": {
22        "device": {
23            "authentication_type": "sdk_token",
24            "sdk_source": "onfido-android-sdk",
25            "sdk_version": "10.3.1",
26            "raw_model": "SM-G900P",
27            "os": "Android",
28            "browser": null,
29            "emulator": false,
30            "randomized_device": false,
31            "fake_network_request": false,
32            "true_os": null,
33            "os_anomaly": null,
34            "rooted": null,
35            "remote_software": null,
36            "device_fingerprint_reuse": 3,
37            "single_device_used": null,
38            "document_capture": "unknown_method",
39            "biometric_capture": "live",
40            "data_available": true
41        },
42        "ip": {
43            "address": "127.0.0.1",
44            "vpn_detection": null,
45            "proxy_detection": null,
46            "type": null,
47        },
48        "geolocation": {
49            "city": "Redmon",
50            "region": "Washington",
51            "country": "USA"
52        }
53    }
54}

Device Intelligence Report task

Similar to other Entrust reports, the Device Intelligence report should be added as a Device Intelligence Report task to a Studio workflow from the Workflow Builder.

Although a Device Intelligence report can be run as a standalone report, it's recommended you combine it with a Document report or Facial Similarity report. As such, your Studio workflow should also include a Document Report task and Facial Similarity report task.

Furthermore, because the report collects device integrity information through a media upload (such as a document, live photo or live video capture), a Device Intelligence Report task must always follow the route of a Document Capture task or a Face Capture task in order to extract the appropriate input data. Because of this, the applicant's first name, last name and a media ID are mandatory task inputs.

Below you will find an illustrated example of a Studio workflow running a Device Intelligence report:

Device intelligence workflow

More information about report tasks can be found in our Studio Product Guide.

Device Intelligence Report task results

If you want to obtain the specific outputs from the Device Intelligence Report task via the API (for example, the overall report result or breakdown results), you can manage this by configuring the Workflow Output in the Studio Workflow Builder. You can also retrieve all associated output data from a Device Intelligence report.

You can refer to our Studio product guide for more information on Workflow Output configuration. Once set up, the output can be consumed by making a Retrieve Workflow Run call to the API. Report results are found in the output property.

Workflow Run results can also be accessed on the results tab of your Studio Dashboard.

Developers