Device, system, and method of user authentication based on user-specific characteristics of task performance

What is claimed is: 1 . A method comprising: (a) storing a representation of a secret data-item of a particular user, wherein said secret data-item is one of: a password, a Personal Identification Number (PIN); (b) generating a user authentication session that requires said particular user to enter said secret data-item by performing a task comprised of on-screen operations in which said user drags or moves on-screen objects to input said secret data-item; (c) during said user authentication session, monitoring user gestures of user performance of said task; and extracting from said user gestures a behavioral characteristic that characterizes user performance of said task; (d1) determining whether or not said user gestures correspond to correct entry of said secret data-item; (d2) determining whether or not the behavioral characteristic that was extracted in step (c), matches a previously-stored reference behavioral characteristic that was extracted from past on-screen operations that were previously associated with said particular user during previous log-in sessions; (e) if the determining of step (d1) is negative or the determining of step (d2) is negative, then: generating a notification that user authentication is rejected. 2 . The method of claim 1 , wherein said task excludes and does not require typing of characters via a physical keyboard or via an on-screen keyboard. 3 . The method of claim 1 , wherein said task excludes and does not require typing of characters via a physical keypad or via an on-screen keypad. 4 . The method of claim 1 , wherein said task comprises: requiring the user to rotate on-screen reels, each reel indicating at least letters and digits, each reel corresponding to one character of said secret data-item. 5 . The method of claim 4 , wherein monitoring user gestures of performance of said task, comprises: monitoring a rotation speed in which each of said reels is rotated by the user, and utilizing said rotation speed as a user-specific characteristic for user authentication. 6 . The method of claim 4 , wherein monitoring user gestures of performance of said task, comprises: monitoring a rotation direction in which each of said reels is rotated by the user, and utilizing said rotation direction as a user-specific characteristic for user authentication. 7 . The method of claim 1 , wherein said task comprises: generating an on-screen arrangement of digits and letters; requiring the user to input said secret data-item by drawing on-screen lines among consecutive characters of said secret data-item; determining a curvature level of said lines, and utilizing said curvature level of said lines as a user-specific characteristic for user authentication. 8 . The method of claim 1 , wherein the method comprises authenticating said user, or rejecting authentication of said user, based on a cumulative assessment that takes into account (i) the secret data-item that the user knows, and (ii) the specific behavioral way in which the user interacted with the electronic device to input said secret data-item. 9 . The method of claim 1 , wherein said task is performed via a touch-screen of an electronic device, and requires said user to drag or move on-screen objects in order to convey said secret data-item. 10 . The method of claim 1 , wherein said task is performed via a touch-screen of an electronic device, and requires said user to connect on-screen objects with on-screen lines. 11 . The method of claim 1 , wherein said secret data-item is a password represented by a particular two-dimensional drawing, wherein said task is performed via a touch-screen of an electronic device, and requires said user to draw said particular two-dimensional drawing on said touch-screen. 12 . The method of claim 1 , wherein the method authenticates, or rejects authentication, of a user that attempts to log-in via an electronic device to an online account managed by a remote server. 13 . The method of claim 1 , wherein the task requires said user to convey the secret data-item via a touch-screen of an electronic device, without typing said secret data-item on a physical keyboard or on an on-screen keyboard. 14 . The method of claim 1 , wherein said task comprises: generating an on-screen arrangement of digits and letters; requiring the user to input said secret data-item by drawing on-screen lines among consecutive characters of said secret data-item; determining a speed of task completion of said user drawing lines, and utilizing said speed of task completion as a user-specific characteristic for user authentication. 15 . The method of claim 1 , wherein said task requires said particular user to perform steps by on-screen dragging operations or on-screen moving operations, that are performed via a touch-screen of an electronic device of said particular user; wherein the step of monitoring user gestures comprises monitoring touch-screen gestures via said touch-screen; wherein the step of extracting comprises extracting said behavioral characteristic from said touch-screen gestures. 16 . The method of claim 1 , wherein said task requires said particular user to perform steps by on-screen dragging operations or on-screen moving operations, that are performed via a touchpad of an electronic device of said particular user; wherein the step of monitoring user gestures comprises monitoring touch gestures inputted via said touchpad; wherein the step of extracting comprises extracting said behavioral characteristic from said touchpad gestures. 17 . The method of claim 1 , wherein said task requires said particular user to perform steps by on-screen dragging operations or on-screen moving operations, that are performed via a computer mouse of an electronic device of said particular user; wherein the step of monitoring user gestures comprises monitoring computer mouse gestures; wherein the step of extracting comprises extracting said behavioral characteristic from said computer mouse gestures. 18 . A process comprising: (a) storing a representation of a secret data-item of a particular user, wherein said secret data-item is one of: a password, a Personal Identification Number (PIN); (b) generating a user authentication session that requires said particular user to enter said secret data-item by performing a task comprised of spatially moving an entirety of an electronic device, wherein spatial movements of the entirety of the electronic device cause inputting of consecutive characters of said secret-item; (c) during said user authentication session, monitoring spatial properties of the electronic device; and extracting from said spatial properties a behavioral characteristic that characterizes user performance of said task; (d1) determining whether or not said spatial movements correspond to correct entry of said secret data-item; (d2) determining whether or not the behavioral characteristic that was extracted in step (c), matches a previously-stored reference behavioral characteristic that was extracted from previous log-in sessions in which said user had inputted the secret data-item via a set of spatial movements of the entirety of the electronic device; (e) if the determining of step (d1) is negative or the determining of step (d2) is negative, then: generating a notification that user authentication is rejected. 19 . The process of claim 18 , wherein the task is performed by the user utilizing a portable electronic device; wherein ste