A summary of how device location is determined by deviceTRUST
Location Information
deviceTRUST can make available location information about either a physical device or a remote device when connecting to a virtual session. The location information made available depends upon the deviceTRUST Policy but may include:
- Source - the source of the location, such as IP Address, Wi-Fi, Cell Tower or GPS Sensor
- Provider - the provider that produced the location, such as the Operating System
- Position - the coordinates of the device
- Accuracy - the accuracy of the coordinates
- Address - the geocoded address of the coordinates
- Country - the country that the coordinates represent
Operating System Location Provider
Operating system location providers are functions inside the user's device's operating system. deviceTRUST can retrieve the information, the providers offer and use them for context evaluation.
On Microsoft Windows, the operating system location provider is capable, with the consent of the user, of determining the position (coordinates) of a device, in addition to the source and accuracy. deviceTRUST enhances this position with country information.
A third-party location provider can be used with this data to determine more granular information, such as an address.
On Apple macOS and iOS, the operating system location provider is capable, with the consent of the user, of determining the position (coordinates) of a device, in addition to the source, accuracy, and address including country.
Third-Party Location Provider
Third-party location providers offer additional services for geolocation evaluation. In cases where operating system location services are either not available, disabled, or do not provide information on a detailed level, third-party providers can be utilized to evaluate or refine the location information.
When the deviceTRUST policy is configured with a third-party location provider, such as Google Geolocation, the Wi-Fi access points local to the device are sent to configured services and a position is returned. deviceTRUST enhances this position with country information.
A geocoding service can also be defined within the deviceTRUST Policy which is capable of determining an address and country from any location provider's position.
Important: Third-party location providers are not integrated with deviceTRUST. They are additional services that most often require a subscription. deviceTRUST, as with os location services, gathers the information from those third parties and uses the information for context evaluation.
WHOIS Location Provider
WHOIS is the process of determining a location, such as the Country of a device based on its public IP address. deviceTRUST comes with built-in functions to use WHOIS from users' devices.
Determining the location via WHOIS requires the user's device to be connected to the internet. Using a public API, deviceTRUST first evaluates the device's public IP address. This IP address is then looked up in an online database to get the device's country information.
Important: Due to its design, WHOIS can be tricked by using VPN connections. If a user starts a VPN connection from country A to country B, basic WHOIS evaluation will always evaluate the device to be in country B, as the public IP now is where the VPN tunnel ends.
deviceTRUST's VPN recognition and network adapter prioritization features tackle this challenge and make sure that the WHOIS information is correct and give you better insight.
Cellular Location Provider
A Cellular Location Provider refers to a technology or service that determines the geographical location of a mobile device based on its connection to cellular networks. Mobile devices, such as smartphones and tablets, constantly communicate with nearby cell towers as part of their normal operation. The process of determining the location of a device using cellular networks is known as cell site triangulation or cell tower triangulation.
If your user's devices are equipped with cellular cards, deviceTRUST can read the information those cards provide and use it for Context evaluation.
GPS Location Providers
Devices might come with internal GPS location devices. While these provide very exact information outside, they are not optimal for in-building usage. If you need GPS information for your use case, deviceTRUST will be able to retrieve the information from GPS location providers as well.
deviceTRUST Policy
deviceTRUST's policy framework allows for full control of the information you evaluate, how you prioritize it, and how you use it for access control.
This example configuration is designed to
- retrieve information from remote devices
- evaluate country information only
- by ordering them from left to right prioritizes OS location services over cellular information over WHOIS
- Reports back the country code of the user's device
In addition, the option to prioritize WHOIS information from physical adapters is set to get more valid information in case WHOIS is used.
This configuration will allow for reliable evaluation of a remote device's country. By defining the OS location services as the primary source of information and adding cellular as well as VPN-safe WHOIS information, country evaluation will be as exact as the underlying technology allows.