Identification system
US-2015067890-A1 · Mar 5, 2015 · US
Device, method, and system of detecting remote access users and differentiating among users
US9690915B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9690915-B2 |
| Application number | US-201514736287-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 11, 2015 |
| Priority date | Nov 29, 2010 |
| Publication date | Jun 27, 2017 |
| Grant date | Jun 27, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, detecting a possible cyber-attacker, detecting a remote access user, and detecting an automated script or malware. The methods include monitoring of user-side input-unit interactions, in general and in response to an interference introduced to user-interface elements. The monitored interactions are used for detecting an attacker that utilizes a remote access channel; for detecting a malicious automatic script, as well as malicious code injection; to identify a particular hardware assembly; to perform user segmentation or user characterization; to enable a visual login process with implicit two-factor authentication; to enable stochastic cryptography; and to detect that multiple users are utilizing the same subscription account.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: determining whether a user, who utilizes a computing device to interact with a computerized service, (i) is a human user that is co-located physically near said computing device, or (ii) is a human user that is located remotely from said computing device and controlling remotely said computer device via a remote access channel; wherein the determining comprises: (a) monitoring interactions of the user with an input unit; (b) based on said monitoring, determining whether said user (i) is a human user that is co-located physically at said computing device, or (ii) is a human user that is located remotely from said computing device and controlling remotely said computing device via said remote access channel. 2. The method of claim 1 , comprising: sampling multiple interactions of said user with said input unit; based on a frequency of said sampling, determining whether said user is (i) co-located physically at said computing device, or (ii) is located remotely from said computing device and controlling remotely said computing device via said remote access channel. 3. The method of claim 1 , comprising: sampling multiple interactions of said user with said input unit; based on a level-of-noise in said sampling, determining whether said user is (i) co-located physically at said computing device, or (ii) is located remotely from said computing device and controlling remotely said computing device via said remote access channel. 4. The method of claim 1 , comprising: sampling multiple interactions of said user with said input unit; based on a Signal to Noise Ratio (SNR) value that characterizes the sample interactions with said input unit, determining whether said user is (i) co-located physically at said computing device, or (ii) is located remotely from said computing device and controlling remotely said computing device via said remote access channel. 5. The method of claim 1 , comprising: sampling multiple interactions of said user with a computer mouse; if said sampling indicates generally-rough movement of the computer mouse, then, determining that said user is located remotely from said computing device and controlling remotely said computing device via said remote access channel. 6. The method of claim 1 , comprising: sampling multiple interactions of said user with a computer mouse; if said sampling indicates generally-linear movement of the computer mouse, then, determining that said user is located remotely from said computing device and controlling remotely said computing device via said remote access channel. 7. The method of claim 1 , comprising: sampling multiple interactions of said user with a computer mouse; if said sampling indicates disturbed interaction between mouse movement and mouse click events, then, determining that said user is located remotely from said computing device and controlling remotely said computing device via said remote access channel. 8. The method of claim 1 , comprising: sampling multiple interactions of said user with a computer keyboard; if said sampling indicates disturbed typing fluency, then, determining that said user is located remotely from said computing device and controlling remotely said computing device via said remote access channel. 9. The method of claim 1 , comprising: sampling multiple interactions of said user with said input unit; determining a temporal pattern of said multiple interactions of said user with said input unit; if the temporal pattern of said multiple interactions matches a particular pre-defined temporal pattern, then, determining that said user is located remotely from said computing device and controlling remotely said computing device via said remote access channel; if the temporal pattern of said multiple interactions does not match said particular pre-defined temporal pattern, then, determining that said user is co-located physically near said computing device. 10. The method of claim 1 , comprising: sampling multiple interactions of said user with said input unit; determining a temporal pattern of said multiple interactions of said user with said input unit; if a temporal pattern of said multiple interactions matches a first pre-defined temporal pattern that characterizes remote access, then, determining that said user is located remotely from said computing device and controlling remotely said computing device via said remote access channel; if the temporal pattern of said multiple interactions matches a second pre-defined temporal pattern that characterizes non-remote access, then, determining that said user is co-located physically near said computing device; if the temporal pattern of said multiple interactions is does not match the first pre-defined temporal pattern and does not match the second pre-defined temporal pattern, then, determining that said sampling is inconclusive with regard to detecting whether the user is a remote user or a non-remote user. 11. The method of claim 1 , comprising: sampling multiple interactions of said user with said input unit; if a frequency of said multiple interactions is smaller than a particular pre-defined threshold, then, determining that said user is located remotely from said computing device and controlling remotely said computing device via said remote access channel; if the frequency of said multiple interactions is equal to or greater than said particular pre-defined threshold, then, determining that said user is co-located physically near said computing device. 12. The method of claim 1 , comprising: sampling multiple interactions of said user with said input unit; if a frequency of said multiple interactions is smaller than a first pre-defined threshold, then, determining that said user is located remotely from said computing device and controlling remotely said computing device via said remote access channel; if the frequency of said multiple interactions is equal to or greater than a second pre-defined threshold, which is greater than the first pre-defined threshold, then, determining that said user is co-located physically near said computing device; if the frequency of said multiple interactions is equal to or greater than the first pre-defined threshold, and if the frequency of said multiple interactions is equal to or smaller than the second pre-defined threshold, then, determining that said sampling is inconclusive with regard to detecting whether the user is a remote user or a non-remote user. 13. The method of claim 1 , comprising: sampling user interactions with an input unit of said computing device; based on said sampling, determining that said user is utilizing a first set of hardware components which is capable of sampling the input unit at a first frequency; subsequently, (A) sampling additional, subsequent user interactions; (B) determining that a second, different, frequency characterizes said subsequent sampling; (C) determining that a second, different, set of hardware components is being used; (D) determining that a non-authorized person is accessing said computerized service. 14. The method of claim 1 , wherein said computing device comprises at least a touch-screen and a motion sensor; wherein the method comprises: sampling user interactions with said input unit of said computing device; analyzing temporal relationship between touch events and motion sensor events, of sampled user interactions via said input unit of said computing device; based on analysis of temporal relationship between touch events and motion sensor events, of sampled user interactions via said input unit of said
Assignees
Inventors
Classifications
the source of the received data · CPC title
Verifying human interaction, e.g., Captcha · CPC title
Measuring noise figure; Measuring signal-to-noise ratio · CPC title
- G06F21/316Primary
by observing the pattern of computer usage, e.g. typical user behaviour · CPC title
applying multi-factor authentication · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9690915B2 cover?
- Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, detecting a possible cyber-attacker, detecting a remote access user, and detecting an automated script or malware. The methods include monitoring of user-side input-unit interactions, in general and in response to an interference introduced to user-interface elements. The monitored…
- Who is the assignee on this patent?
- Biocatch Ltd
- What technology area does this patent fall under?
- Primary CPC classification G06F21/316. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jun 27 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).