What technology area does this patent fall under?

Primary CPC classification H04L63/1483. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Sep 24 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Device, system, and method of detecting vishing attacks

US12101354B2 · US · B2

Patent metadata
Field	Value
Publication number	US-12101354-B2
Application number	US-202318384966-A
Country	US
Kind code	B2
Filing date	Oct 30, 2023
Priority date	Nov 29, 2010
Publication date	Sep 24, 2024
Grant date	Sep 24, 2024

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Devices, systems, and methods of detecting a vishing attack, in which an attacker provides to a victim step-by-step over-the-phone instructions that command the victim to log-in to his bank account and to perform a dictated banking transaction. The system monitors transactions, online operations, user interactions, gestures performed via input units, speed and timing of data entry, and user engagement with User Interface elements. The system detects that the operations performed by the victim, follow a pre-defined playbook of a vishing attack. The system detects that the victim operates under duress or under dictated instructions, as exhibited in irregular doodling activity, data entry rhythm, typographical error introduction rhythm, unique posture of the user, alternating pattern of listening to phone instructions and performing online operations via a computer, and device orientation changes or spatial changes that characterize a device being used to perform an online transaction while also talking on the phone.

First claim

Opening claim text (preview).

What is claimed is: 1. A method comprising: (a) monitoring user interactions of a user that utilizes an electronic device to interact with a particular user-account of a computerized service; (b) detecting that said particular user-account is being accessed concurrently via two or more different log-in sessions from two or more different devices; (c) based on analysis of user interactions and further based on the detecting of step (b), determining that a set of operations were performed by said user in said particular user-account under orders from an attacker who dictated to said user which operations to perform in said particular user-account of said computerized service; (d) wherein the method comprises at least one of: (d1) defining a Navigation Fluency Parameter, that indicates fluency of navigation of the user through multiple pages and multiple Graphic User Interface (GUI) elements of an online interface; tracking fluency of navigation of said user across multiple usage sessions, and updating said Navigation Fluency parameter; and based on said Navigation Fluency parameter, determining that said set of operations were performed as part of a vishing attack; (d2) defining a Letter-Chunks Characteristic Parameter, that indicates one or more characteristics of letter-chunks that the user enters consecutively; tracking data-entry by the user across multiple usage-sessions, and updating said Letter-Chunks Characteristic Parameter; and based on said Letter-Chunks Characteristic Parameter, determining that said set of operations were performed as part of a vishing attack. 2. The method of claim 1 , wherein monitoring user interactions comprises monitoring an average typing speed of said user; and based on monitored average typing speed of said user, determining that said set of operations were performed as part of a vishing attack. 3. The method of claim 1 , wherein monitoring user interactions comprises monitoring an average mouse-click speed of said user; and based on monitored average mouse-clock speed of said user, determining that said set of operations were performed as part of a vishing attack. 4. The method of claim 1 , wherein monitoring user interactions comprises monitoring a usage-session time-length of multiple usage-sessions of said user; and based on monitored usage-session time-length, determining that said set of operations were performed as part of a vishing attack. 5. The method of claim 1 , wherein monitoring user interactions comprises monitoring periods of inactivity of said user during usage sessions; and based on monitored inactivity periods, determining that said set of operations were performed as part of a vishing attack. 6. The method of claim 1 , wherein monitoring user interactions comprises monitoring frequency of on-screen-pointer turns of said user; and based on monitored frequency of on-screen-pointer turns, determining that said set of operations were performed as part of a vishing attack. 7. The method of claim 1 , wherein monitoring user interactions comprises monitoring an average on-screen distance traveled between clicks of said user; and based on monitored on-screen distance traveled between clicks, determining that said set of operations were performed as part of a vishing attack. 8. The method of claim 1 , wherein monitoring user interactions comprises monitoring an average speed of movement of on-screen-pointer; and based on monitored average speed of movement of on-screen-pointer, determining that said set of operations were performed as part of a vishing attack. 9. The method of claim 1 , wherein monitoring user interactions comprises monitoring a ratio of displacement to distance of on-screen-pointer; and based on monitored ratio of displacement to distance, determining that said set of operations were performed as part of a vishing attack. 10. The method of claim 1 , comprising: determining whether an initial estimation of a vishing attack is correct or incorrect, by taking into account a time-of-day in which said set of operations were performed. 11. The method of claim 1 , wherein monitoring user interactions comprises: monitoring characteristics of typing rhythm exhibited by said user; and based on monitored characteristics of typing rhythm, determining that said set of operations were performed as part of a vishing attack. 12. The method of claim 1 , wherein monitoring user interactions comprises: (A) monitoring characteristics of typing rhythm exhibited by said user; (B) determining that typing rhythm in a particular usage-session of said user, is sufficiently different from previous typing rethemes exhibited in multiple previous usage-sessions of said user; and determining that said particular usage-session was part of a vishing attack. 13. The method of claim 1 , wherein monitoring user interactions comprises: monitoring an average time-gap between on-screen taps that said user performs directly via a touch-screen; and based on monitored average time-gap between on-screen taps that said user performs directly via said touch-screen, determining that said set of operations were performed as part of a vishing attack. 14. The method of claim 1 , wherein monitoring user interactions comprises: monitoring a maximum value of typing speed of said user; and based on monitored maximum value of typing speed of said user, determining that said set of operations were performed as part of a vishing attack. 15. The method of claim 1 , wherein monitoring user interactions comprises: monitoring a minimum value of typing speed of said user; and based on monitored minimum value of typing speed of said user, determining that said set of operations were performed as part of a vishing attack. 16. The method of claim 1 , wherein monitoring user interactions comprises: monitoring a maximum value of mouse-click speed of said user; and based on monitored maximum value of mouse-click speed of said user, determining that said set of operations were performed as part of a vishing attack. 17. The method of claim 1 , wherein monitoring user interactions comprises: monitoring a minimum value of mouse-click speed of said user; and based on monitored minimum value of mouse-click speed of said user, determining that said set of operations were performed as part of a vishing attack. 18. A non-transitory storage medium having stored thereon instructions that, when executed by one or more processors, cause the one or more processors to perform a method comprising: (a) monitoring user interactions of a user that utilizes an electronic device to interact with a particular user-account of a computerized service; (b) detecting that said particular user-account is being accessed concurrently via two or more different log-in sessions from two or more different devices; (c) based on analysis of user interactions and further based on the detecting of step (b), determining that a set of operations were performed by said user in said particular user-account under orders from an attacker who dictated to said user which operations to perform in said particular user-account of said computerized service; (d) wherein the method comprises at least one of: (d1) defining a Navigation Fluency Parameter, that indicates fluency of navigation of the user through multiple pages and multiple Graphic User Interface (GUI) elements of an online interface; tracking fluency of navigation of said user across multiple usage sessions, and updating said Navigation Fluency parameter; and based on said Navig

Assignees

Biocatch Ltd

Inventors

Classifications

H04W12/128
Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware · CPC title
H04W12/68
Gesture-dependent or behaviour-dependent · CPC title
G06F16/00
Information retrieval; Database structures therefor; File system structures therefor · CPC title
H04W12/12
Detection or prevention of fraud · CPC title
H04L63/1425
Traffic logging, e.g. anomaly detection · CPC title

Patent family

Related publications grouped by family.

View patent family 90060190

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US12101354B2 cover?: Devices, systems, and methods of detecting a vishing attack, in which an attacker provides to a victim step-by-step over-the-phone instructions that command the victim to log-in to his bank account and to perform a dictated banking transaction. The system monitors transactions, online operations, user interactions, gestures performed via input units, speed and timing of data entry, and user eng…
Who is the assignee on this patent?: Biocatch Ltd
What technology area does this patent fall under?: Primary CPC classification H04L63/1483. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Sep 24 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).