What technology area does this patent fall under?

Primary CPC classification H04W12/06. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Jan 16 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Method, device, and system of differentiating between a cyber-attacker and a legitimate user

US11877152B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11877152-B2
Application number	US-202217814962-A
Country	US
Kind code	B2
Filing date	Jul 26, 2022
Priority date	Nov 29, 2010
Publication date	Jan 16, 2024
Grant date	Jan 16, 2024

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a cyber-attacker. A user utilizes a desktop computer, a laptop computer, a smartphone, a tablet, or other electronic device, to interact with a banking website or application, a retailer website or application, or other computerized service. Input-unit interactions are monitored, logged, and analyzed. Based on several types of analysis of the input-unit interactions, a score is generated to reflect fraud-relatedness or attack-relatedness of the input-unit interactions. Based on the score, the system estimates or determines whether the user is an attacker, and initiates attack-mitigation operations or fraud-mitigation operations.

First claim

Opening claim text (preview).

What is claimed is: 1. A system comprising: one or more processors, that are configured to execute code; wherein the one or more processors are operably associated with one or more memory units that are configured to store code; wherein the one or more processors are configured to perform a process comprising: (a) monitoring input-unit interactions of a user, who utilizes during a usage session one or more input units of an electronic device to fill-out data in a fillable form of a computerized service; (b1) if said input-unit interactions indicate that said user utilized keyboard shortcuts for data entry or for navigation, then increasing an attack-relatedness score of said usage session; (b2) detecting a particular average typing speed of said user in said usage session; and if said particular average typing speed matches one or more average typing speeds that are pre-defined as average typing speeds of attackers, then increasing said attack-relatedness score of said usage session; (c) if said attack-relatedness score of said usage session is greater than a particular threshold value, then: determining that said input-unit interactions are part of an attack, and initiating one or more mitigation operations; wherein the process further comprises: defining a first field in said fillable form, as a field that users are familiar with and type data therein at a typing speed that is greater than a pre-defined value; defining a second field in said fillable form, as a field that users are unfamiliar with and type data therein at a typing speed that is smaller than or equal to said pre-defined value; detecting that a rate of manual data entry by said user into the first field, is generally similar to a rate of manual data entry by said user into the second field; based on said detecting of the rate of manual data entry, determining that said user is an attacker posing as an authorized user and gaining unauthorized access to the computerized service. 2. A system comprising: one or more processors, that are configured to execute code; wherein the one or more processors are operably associated with one or more memory units that are configured to store code; wherein the one or more processors are configured to perform a process comprising: (a) monitoring input-unit interactions of a user, who utilizes during a usage session one or more input units of an electronic device to fill-out data in a fillable form of a computerized service; (b1) if said input-unit interactions indicate that said user utilized keyboard shortcuts for data entry or for navigation, then increasing an attack-relatedness score of said usage session; (b2) detecting a particular average typing speed of said user in said usage session; and if said particular average typing speed matches one or more average typing speeds that are pre-defined as average typing speeds of attackers, then increasing said attack-relatedness score of said usage session; (c) if said attack-relatedness score of said usage session is greater than a particular threshold value, then: determining that said input-unit interactions are part of an attack, and initiating one or more mitigation operations; wherein the process further comprises: defining a first field in said fillable form, as a field that users are familiar with and type data therein at a typing speed that is greater than a pre-defined value; defining a second field in said fillable form, as a field that users are unfamiliar with and type data therein at a typing speed that is smaller than or equal to said pre-defined value; detecting that said user enters data into said first field, that was defined as a field that users are familiar with, at a typing rate that is smaller than or equal to said pre-defined value; based on said detecting that said user enters data into said first field at said typing rate, determining that said user is an attacker posing as an authorized user and gaining unauthorized access to the computerized service. 3. A system comprising: one or more processors, that are configured to execute code; wherein the one or more processors are operably associated with one or more memory units that are configured to store code; wherein the one or more processors are configured to perform a process comprising: (a) monitoring input-unit interactions of a user, who utilizes during a usage session one or more input units of an electronic device to fill-out data in a fillable form of a computerized service; (b1) if said input-unit interactions indicate that said user utilized keyboard shortcuts for data entry or for navigation, then increasing an attack-relatedness score of said usage session; (b2) detecting a particular average typing speed of said user in said usage session; and if said particular average typing speed matches one or more average typing speeds that are pre-defined as average typing speeds of attackers, then increasing said attack-relatedness score of said usage session; (c) if said attack-relatedness score of said usage session is greater than a particular threshold value, then: determining that said input-unit interactions are part of an attack, and initiating one or more mitigation operations; wherein the process further comprises: defining a first field in said fillable form, as a field that users are familiar with and type data therein at a typing speed that is greater than a pre-defined value; defining a second field in said fillable form, as a field that users are unfamiliar with and type data therein at a typing speed that is smaller than or equal to said pre-defined value; detecting that said user enters data into said second field, that was defined as a field that users are unfamiliar with, at a typing rate that is greater than said pre-defined value; based on said detecting that said user enters data into said second field at said typing rate, determining that said user is an attacker posing as an authorized user and gaining unauthorized access to the computerized service. 4. A system comprising: one or more processors, that are configured to execute code; wherein the one or more processors are operably associated with one or more memory units that are configured to store code; wherein the one or more processors are configured to perform a process comprising: (a) monitoring input-unit interactions of a user, who utilizes during a usage session one or more input units of an electronic device to fill-out data in a fillable form of a computerized service; (b1) if said input-unit interactions indicate that said user utilized keyboard shortcuts for data entry or for navigation, then increasing an attack-relatedness score of said usage session; (b2) detecting a particular average typing speed of said user in said usage session; and if said particular average typing speed matches one or more average typing speeds that are pre-defined as average typing speeds of attackers, then increasing said attack-relatedness score of said usage session; (c) if said attack-relatedness score of said usage session is greater than a particular threshold value, then: determining that said input-unit interactions are part of an attack, and initiating one or more mitigation operations; wherein the process further comprises: analyzing typing activity of said user as he enters data into fields of said fillable form, and identifying a particular typing rhythm in which typing speed of said user changes within a single field; based on said particular typing rhythm, distinguishing between a legitimate user and attackers. 5. The system of claim 4 , wherein steps (b1) and (b2) of said process analyze a batch of input-unit interactions which includes interactions that were performed by said user within a single fillable form. 6. A system comprising:

Assignees

Biocatch Ltd

Inventors

Classifications

H04W12/06Primary
Authentication · CPC title
G06F3/041
Digitisers, e.g. for touch screens or touch pads, characterised by the transducing means · CPC title
G06F21/31
User authentication · CPC title
G06F21/316
by observing the pattern of computer usage, e.g. typical user behaviour · CPC title
G06F21/554Primary
involving event detection and direct action · CPC title

Patent family

Related publications grouped by family.

View patent family 62243623

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11877152B2 cover?: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a cyber-attacker. A user utilizes a desktop computer, a laptop computer, a smartphone, a tablet, or other electronic device, to interact with a banking website or application, a retailer website or application, or other computerized service. Input-unit interactions ar…
Who is the assignee on this patent?: Biocatch Ltd
What technology area does this patent fall under?: Primary CPC classification H04W12/06. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Jan 16 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).