System for face authentication and method for face authentication
US-12182243-B2 · Dec 31, 2024 · US
Method, device, and system of generating fraud-alerts for cyber-attacks
US9552470B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9552470-B2 |
| Application number | US-201514675765-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 1, 2015 |
| Priority date | Nov 29, 2010 |
| Publication date | Jan 24, 2017 |
| Grant date | Jan 24, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a cyber-attacker. An end-user device (a desktop computer, a laptop computer, a smartphone, a tablet, or the like) interacts and communicates with a server of a computerized server (a banking website, an electronic commerce website, or the like). The interactions are monitored, tracked and logged. User Interface (UI) interferences are intentionally introduced to the communication session; and the server tracks the response or the reaction of the end-user to such communication interferences. The system determines whether the user is a legitimate human user; or a cyber-attacker posing as the legitimate human user. The system displays gauges indicating cyber fraud scores or cyber-attack threat-levels. The system extrapolates from observed fraud incidents and utilizes a rules engine to automatically search for similar fraud events and to automatically detect fraud events or cyber-attackers.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: monitoring user interactions of a user, who utilizes a computing device to interact with a computerized service during a usage session; for each particular type of data entry method that the user utilizes during said usage session: calculating a current number of occurrences of utilization of said particular type of data entry method during said usage session, and generating output corresponding to said current number of occurrences during said usage session; calculating a ratio between (A) said current number of occurrences of utilization of said particular type of data entry method during said usage session, and (B) an average number of occurrences of utilization of said particular type of data entry method during previous usage sessions of said user; and generating output corresponding to said ratio; based on (i) said current number of occurrences, and (ii) said average number of occurrences during previous usage sessions of said user, determining whether said user is an authorized user or a cyber-attacker; wherein the method comprises: (a) for a particular type of user interaction with a user-interface element of said computerized service, defining at least: (a1) a first data-entry method that users can utilize to engage with said user-interface element, and (a2) a second data-entry method that users can utilize to engage with said user-interface element; (b) for a particular usage session of said user, which is being reviewed for possible fraud, calculating: (b1) a first-method current-session occurrence value, indicating the number of times that said user utilized the first data-entry method to engage with said user-interface element during said particular usage session being reviewed; and (b2) a second-method current-session occurrence value, indicating the number of times that said user utilized the second data-entry method to engage with said user-interface element during said particular usage session being reviewed; (c) for all previous usage sessions of said user, that occurred within a pre-defined time period prior to the particular usage session being reviewed, calculating: (c1) a first-method aggregated occurrence value, indicating the number of times that said user utilized the first data-entry method to engage with said user-interface element during said previous usage sessions; and (c2) a second-method aggregated occurrence value, indicating the number of times that said user utilized the second data-entry method to engage with said user-interface element during said previous sage sessions; (d) generating a table comprising: (d1) the first data-entry method, the first-method current-session occurrence value, and the first-method aggregated occurrence value; and (d2) the second data-entry method, the second-method current-session occurrence value, and the second-method aggregated occurrence value. 2. The method of claim 1 , comprising: based on (i) said current number of occurrences, and (ii) said average number of occurrences during previous usage sessions of said user, generating a fraud-score value indicating a likelihood that said user is a cyber-attacker and is not an authorized user. 3. The method of claim 1 , comprising: calculating a ratio between (a) said current number of occurrences of utilization of said particular type of data entry method during said usage session, and (b) an average number of occurrences of utilization of said particular type of data entry method during previous usage sessions of a general population of users; and generating output corresponding to said ratio; based on (i) said current number of occurrences, and (ii) said average number of occurrences during previous usage sessions of said general population of users, determining whether said user is an authorized user or a cyber-attacker. 4. The method of claim 3 , comprising: based on (i) said current number of occurrences, and (ii) said average number of occurrences during previous usage sessions of said general population of users, generating a fraud-score value indicating a likelihood that said user is a cyber-attacker and is not an authorized user. 5. The method of claim 1 , comprising: calculating a ratio between (a) said current number of occurrences of utilization of said particular type of data entry method during said usage session, and (b) an average number of occurrences of utilization of said particular type of data entry method during previous usage sessions of a group of users that excludes said user; and generating output corresponding to said ratio; based on (i) said current number of occurrences, and (ii) said average number of occurrences during previous usage sessions of said group of users that excludes said user, determining whether said user is an authorized user or a cyber-attacker. 6. The method of claim 5 , comprising: based on (i) said current number of occurrences, and (ii) said average number of occurrences during previous usage sessions of said group of users that excludes said user, generating a fraud-score value indicating a likelihood that said user is a cyber-attacker and is not an authorized user. 7. The method of claim 1 , wherein said determining comprises: checking whether (A) said current number of occurrences of utilization of said particular type of data entry method during said usage session of said user, is different by at least a pre-defined number of percent points, from (B) a threshold value of occurrences that characterizes on average a batch of previous usage sessions of said user. 8. The method of claim 1 , wherein said determining comprises: checking whether (A) said current number of occurrences of utilization of said particular type of data entry method during said usage session of said user, is different by at least a pre-defined number of percent points, from (B) a threshold value of occurrences that characterizes on average a general population of other users of said computerized service. 9. The method of claim 1 , wherein said determining comprises: checking whether (A) said current number of occurrences of utilization of said particular type of data entry method during said usage session of said user, is different by at least a pre-defined number of percent points, from (B) a threshold value of occurrences that characterizes on average a group of users of said computerized service that excludes said user. 10. The method of claim 1 , further comprising: generating an automated machine-readable fraud-detection rule that detects a fraudulent transaction in an account of another user, wherein the automated machine-readable fraud-detection rule indicates that: if said other user exhibits (A) a current number of occurrences of utilization of said particular type of data entry method during a usage session of said other user, which is different by at least a pre-defined number of percent points, from (B) a threshold value of occurrences that characterizes on average a batch of previous usage sessions of said other user, then generate a possible-fraud alert with regard to the account of said other user. 11. The method of claim 1 , further comprising: generating an automated machine-readable fraud-detection rule that detects a fraudulent transaction in an account of another user, wherein the automated machine-readable fraud-detection rule indicates that: if said other user exhibits (A) a current number of occurrences of utilization of said particular type of data entry method during a usage session of said other user, which is different by at least a pre-defined number of percent points, from (B) a threshold value of occurrences that characterizes on average a general
Assignees
Inventors
Classifications
User authentication · CPC title
Verifying human interaction, e.g., Captcha · CPC title
by observing the pattern of computer usage, e.g. typical user behaviour · CPC title
- G06F21/32Primary
using biometric data, e.g. fingerprints, iris scans or voiceprints · CPC title
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9552470B2 cover?
- Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a cyber-attacker. An end-user device (a desktop computer, a laptop computer, a smartphone, a tablet, or the like) interacts and communicates with a server of a computerized server (a banking website, an electronic commerce website, or the like). The interactions are m…
- Who is the assignee on this patent?
- Biocatch Ltd
- What technology area does this patent fall under?
- Primary CPC classification G06F21/32. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jan 24 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).