What technology area does this patent fall under?

Primary CPC classification H04L63/1416. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Sep 04 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 9 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Detection of computerized bots and automated cyber-attack modules

US10069852B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10069852-B2
Application number	US-201715840035-A
Country	US
Kind code	B2
Filing date	Dec 13, 2017
Priority date	Nov 29, 2010
Publication date	Sep 4, 2018
Grant date	Sep 4, 2018

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Devices, systems, and methods of detecting whether an electronic device or computerized device or computer, is being controlled by a legitimate human user, or by an automated cyber-attack unit or malware or automatic script. The system monitors interactions performed via one or more input units of the electronic device. The system searches for abnormal input-user interactions; or for an abnormal discrepancy between: the input-unit gestures that were actually registered by the input unit, and the content that the electronic device reports as allegedly entered via such input units. A discrepancy or abnormality indicates that more-possibly, or necessarily or certainly, a malware or automated script is controlling the electronic device, rather than a legitimate human user. Optionally, an input-output aberration or interference is injected, in order to check for manual corrective actions that only a human user, and not an automated script, is able to perform.

First claim

Opening claim text (preview).

What is claimed is: 1. A method comprising: (A) detecting an automated malware that emulates human interactions with a computerized service; wherein the detecting of step (A) comprises: (a) monitoring input-unit interactions of an electronic device that is utilized by a user to interact with said computerized service; (b) injecting an input-output aberration into a web-page, and monitoring whether manual corrective actions were manually performed in response to the input-output aberration; (c) analyzing said input-unit interactions; (d) determining that it is humanly-impossible for a human to perform said input-user interactions; (e) based on the determining of step (d), determining that said input-unit interactions were necessarily performed by said automated script that emulates human interactions, and not by a human user; wherein the determining of step (e), that said input-unit interactions were necessarily performed by said automated script, is further based on: detecting that corrective actions that were performed in response to said input-output aberration were insufficient to adequately cure the input-output aberration. 2. A method comprising: (A) detecting an automated malware that emulates human interactions with a computerized service; wherein the detecting of step (A) comprises: (a) monitoring input-unit interactions of an electronic device that is utilized by a user to interact with said computerized service; (b) injecting an input-output aberration into a web-page, and monitoring whether manual corrective actions were manually performed in response to the input-output aberration; (c) analyzing said input-unit interactions; (d) determining that it is humanly-impossible for a human to perform said input-user interactions; (e) based on the determining of step (d), determining that said input-unit interactions were necessarily performed by said automated script that emulates human interactions, and not by a human user; wherein the method comprises: (i) monitoring key-down events, and key-up events, during a usage session in which said electronic device exhibits reception of keyboard input; (ii) determining that the number of key-down events does not match the number of key-up events, during said usage session; (iii) based on step (ii), determining that said input-unit interactions were necessarily performed by said automated script that emulates human interactions, and not by a human user. 3. A method comprising: (A) detecting an automated malware that emulates human interactions with a computerized service; wherein the detecting of step (A) comprises: (a) monitoring input-unit interactions of an electronic device that is utilized by a user to interact with said computerized service; (b) injecting an input-output aberration into a web-page, and monitoring whether manual corrective actions were manually performed in response to the input-output aberration; (c) analyzing said input-unit interactions; (d) determining that it is humanly-impossible for a human to perform said input-user interactions; (e) based on the determining of step (d), determining that said input-unit interactions were necessarily performed by said automated script that emulates human interactions, and not by a human user; wherein the method comprises: (i) monitoring key-down events, and monitoring key-up events, during a usage session in which said electronic device exhibits reception of keyboard input; (ii) determining that the order of the key-down events and the key-up events, during said usage session, does not match an expected order of key-down events and key-up events that is expected to be observed if an input unit of said electronic device is utilized for typing by a human user; (iii) based on step (ii), determining that said input-unit interactions were necessarily performed by said automated script that emulates human interactions, and not by a human user. 4. A method comprising: (A) detecting an automated malware that emulates human interactions with a computerized service; wherein the detecting of step (A) comprises: (a) monitoring input-unit interactions of an electronic device that is utilized by a user to interact with said computerized service; (b) injecting an input-output aberration into a web-page, and monitoring whether manual corrective actions were manually performed in response to the input-output aberration; (c) analyzing said input-unit interactions; (d) determining that it is humanly-impossible for a human to perform said input-user interactions; (e) based on the determining of step (d), determining that said input-unit interactions were necessarily performed by said automated script that emulates human interactions, and not by a human user; wherein the method comprises: (i) continuously monitoring mouse events, during a usage session in which said electronic device exhibits reception of mouse-based input; (ii) determining that during a first period of time within said usage session, the monitored mouse events exhibit a first sampling rate; (iii) determining that during a second period of time within said usage session, the monitored mouse events exhibit a second, different, sampling rate; (iv) based on steps (ii) and (iii), determining that said electronic device is necessarily controlled by an automated module, and not by a legitimate human user. 5. A method comprising: (A) detecting an automated malware that emulates human interactions with a computerized service; wherein the detecting of step (A) comprises: (a) monitoring input-unit interactions of an electronic device that is utilized by a user to interact with said computerized service; (b) injecting an input-output aberration into a web-page, and monitoring whether manual corrective actions were manually performed in response to the input-output aberration; (c) analyzing said input-unit interactions; (d) determining that it is humanly-impossible for a human to perform said input-user interactions; (e) based on the determining of step (d), determining that said input-unit interactions were necessarily performed by said automated script that emulates human interactions, and not by a human user; wherein the method comprises: (i) continuously monitoring keyboard events, during a usage session in which said electronic device exhibits reception of keyboard-based input; (ii) determining that during a first period of time within said usage session, the monitored keyboard events exhibit a first sampling rate; (iii) determining that during a second period of time within said usage session, the monitored keyboard events exhibit a second, different, sampling rate; (iv) based on steps (ii) and (iii), determining that said electronic device is necessarily controlled by an automated attacking module, and not by a legitimate human user. 6. A method comprising: (A) detecting an automated malware that emulates human interactions with a computerized service; wherein the detecting of step (A) comprises: (a) monitoring input-unit interactions of an electronic device that is utilized by a user to interact with said computerized service; (b) injecting an input-output aberration into a web-page, and monitoring whether manual corrective actions were manually performed in response to the input-output aberration; (c) analyzing said input-unit interactions; (d) determining that it is humanly-impossible for a human to perform said input-user interactions; (e) based on the determining of step (d), determining that said input-unit interactions were necessarily performed by said automated script that emulates human interactions, and not by a human user; wherein the method comprises: (i) detecting that an input-unit level of the electronic device reports that a messag

Assignees

Biocatch Ltd

Inventors

Classifications

G06F21/121
Restricting unauthorised execution of programs · CPC title
G06Q20/4014
Identity check for transactions · CPC title
G06F2221/2133
Verifying human interaction, e.g., Captcha · CPC title
H04L63/1416Primary
Event detection, e.g. attack signature detection · CPC title
G06F21/316
by observing the pattern of computer usage, e.g. typical user behaviour · CPC title

Patent family

Related publications grouped by family.

View patent family 61829255

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10069852B2 cover?: Devices, systems, and methods of detecting whether an electronic device or computerized device or computer, is being controlled by a legitimate human user, or by an automated cyber-attack unit or malware or automatic script. The system monitors interactions performed via one or more input units of the electronic device. The system searches for abnormal input-user interactions; or for an abnorma…
Who is the assignee on this patent?: Biocatch Ltd
What technology area does this patent fall under?: Primary CPC classification H04L63/1416. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Sep 04 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 9 related publications on this page (citations in our corpus or others sharing the same primary CPC).