Unique device identification
You can use the fingerprintJS2 library, it helps a lot with calculating a browser fingerprint.
By the way, on Panopticlick you can see how unique this usually is.
It looks like the phoneGap plugin will allow you to get the device's uid.
http://docs.phonegap.com/en/3.0.0/cordova_device_device.md.html#device.uuid
Update: This is dependent on running native code. We used this solution writing javascript that was being compiled to native code for a native phone application we were creating.
I have following idea how you can deal with such Access Device ID (ADID):
Gen ADID
- prepare web-page https://mypage.com/manager-login where trusted user e.g. Manager can login from device - that page should show button "Give access to this device"
- when user press button, page send request to server to generate ADID
- server gen ADID, store it on whitelist and return to page
- then page store it in device localstorage
- trusted user now logout.
Use device
- Then other user e.g. Employee using same device go to https://mypage.com/statistics and page send to server request for statistics including parameter ADID (previous stored in localstorage)
- server checks if the ADID is on the whitelist, and if yes then return data
In this approach, as long user use same browser and don't make device reset, the device has access to data. If someone made device-reset then again trusted user need to login and gen ADID.
You can even create some ADID management system for trusted user where on generate ADID he can also input device serial-number and in future in case of device reset he can find this device and regenerate ADID for it (which not increase whitelist size) and he can also drop some ADID from whitelist for devices which he will not longer give access to server data.
In case when sytem use many domains/subdomains te manager after login should see many "Give access from domain xyz.com to this device" buttons - each button will redirect device do proper domain, gent ADID and redirect back.
UPDATE
Simpler approach based on links:
- Manager login to system using any device and generate ONE-TIME USE LINK https://mypage.com/access-link/ZD34jse24Sfses3J (which works e.g. 24h).
- Then manager send this link to employee (or someone else; e.g. by email) which put that link into device and server returns ADID to device which store it in Local Storage. After that link above stops working - so only the system and device know ADID
- Then employee using this device can read data from https://mypage.com/statistics because it has ADID which is on servers whitelist
You can use this javascript plugin
https://github.com/biggora/device-uuid
It can get a large list of information for you about mobiles and desktop machines including the uuid for example
var uuid = new DeviceUUID().get();
e9dc90ac-d03d-4f01-a7bb-873e14556d8e
var dua = [
du.language,
du.platform,
du.os,
du.cpuCores,
du.isAuthoritative,
du.silkAccelerated,
du.isKindleFire,
du.isDesktop,
du.isMobile,
du.isTablet,
du.isWindows,
du.isLinux,
du.isLinux64,
du.isMac,
du.isiPad,
du.isiPhone,
du.isiPod,
du.isSmartTV,
du.pixelDepth,
du.isTouchScreen
];