Systems and methods for intelligent phishing threat detection and phishing threat remediation in a cyber security threat detection and mitigation platform
US-2024414198-A1 · Dec 12, 2024 · US
Method, device, and system of differentiating among users based on user classification
US9703953B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9703953-B2 |
| Application number | US-201514675770-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 1, 2015 |
| Priority date | Nov 29, 2010 |
| Publication date | Jul 11, 2017 |
| Grant date | Jul 11, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a cyber-attacker. An end-user device interacts and communicates with a server of a computerized server (a banking website, an electronic commerce website, or the like). The interactions are monitored, tracked and logged. User Interface (UI) interferences or irregularities are introduced; and the server tracks the response or the reaction of the end-user to such interferences. The system determines whether the user is a legitimate user, or a cyber-attacker or automated script posing as the legitimate user. The system utilizes classification of users into classes or groups, to deduce or predict how a group-member would behave when accessing the service through a different type of device. The system identifies user-specific traits that are platform-independent and thus can be further monitored when the user switches from a first platform to a second platform.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: (a) monitoring input-unit interactions of a plurality of users, wherein each user of said plurality of users separately utilizes an electronic device to access a computerized service; (b) clustering a first user, a second user, and a third user of said plurality of users into a particular cluster of users whose input-unit interactions exhibit a particular behavioral trait when they interact with said computerized service through a portable electronic device; (c) subsequently, detecting that the first user and the second user, access said computerized service via a non-portable electronic device, in a manner that exhibits a second, different, behavioral trait; (d) determining that the third user is also expected to exhibit said second behavioral trait when the third user accesses said computerized service via a non-portable electronic device; (e) in a particular usage session, in which said third user firstly-ever accesses the computerized service via a non-portable electronic device: if said particular usage session of said third user, does not exhibit said second behavioral trait that was determined in steps (c) and (d), then, determining that said particular usage session is attributed to a cyber-attacker and not to said third user; wherein the method comprises: based on steps (a) and (b) and (c) and (d), and prior to the third user ever accessing the computerized service via a non-portable electronic device, generating a differentiation rule that predicts that the third user, during his first-ever access to the computerized service via the non-portable electronic device, would perform user interactions that exhibit said second behavioral trait which was never yet observed in any monitored input-units interactions of the third user. 2. The method of claim 1 , wherein the determining of step (d) is performed prior to the third user ever accessing the computerized service via a non-portable electronic device. 3. A method comprising: (a) monitoring input-unit interactions of a plurality of users, wherein each user of said plurality of users separately utilizes an electronic device to access a computerized service; (b) clustering a first user, a second user, and a third user of said plurality of users, into a particular cluster of users whose input-unit interactions exhibit a particular behavioral trait when they interact with said computerized service through a non-portable electronic device; (c) subsequently, detecting that the first user and the second user, access said computerized service via a portable electronic device, in a manner that exhibits a second, different, behavioral trait; (d) determining that the third user is also expected to exhibit said second behavioral trait when the third user accesses said computerized service via a portable electronic device; (e) in a particular usage session, in which said third user firstly-ever accesses the computerized service via a portable electronic device: if said particular usage session of said third user, does not exhibit said second behavioral trait that was determined in steps (c) and (d), then, determining that said particular usage session is attributed to a cyber-attacker and not to said third user; wherein the method comprises: based on steps (a) and (b) and (c) and (d), and prior to the third user ever accessing the computerized service via a non-portable electronic device, generating a differentiation rule that predicts that the third user, during his first-ever access to the computerized service via the non-portable electronic device, would perform user interactions that exhibit said second behavioral trait which was never yet observed in any monitored input-units interactions of the third user. 4. The method of claim 3 , wherein the determining of step (c) is performed prior to the third user ever accessing the computerized service via a non-portable electronic device. 5. A process comprising: (a) monitoring input-unit interactions of a plurality of users, wherein each user of said plurality of users separately utilizes an electronic device to access a computerized service; (b) clustering a first user, a second user, and a third user of said plurality of users, into a particular cluster of users whose input-unit interactions exhibit a particular behavioral trait when they interact with said computerized service through a smartphone; (c) subsequently, detecting that the first user and the second user, access said computerized service via a computer, in a manner that exhibits a second, different, behavioral trait; (d) determining that the third user is also expected to exhibit said second behavioral trait when the third user accesses said computerized service via a computer; (e) in a particular usage session, in which said third user firstly-ever accesses the computerized service via a computer: if said particular usage session of said third user, does not exhibit said second behavioral trait that was determined in steps (c) and (d), then, determining that said particular usage session is attributed to a cyber-attacker and not to said third user; wherein the process comprises: based on steps (a) and (b) and (c) and (d), and prior to the third user ever accessing the computerized service via a computer, generating a differentiation rule that predicts that the third user, during his first-ever access to the computerized service via a computer, would perform user interactions that exhibit said second behavioral trait which was never yet observed in any monitored input-units interactions of the third user. 6. The process of claim 5 , wherein the determining of step (c) is performed prior to the third user ever accessing the computerized service via a computer. 7. A process comprising: (a) monitoring input-unit interactions of a plurality of users, wherein each user of said plurality of users separately utilizes an electronic device to access a computerized service; (b) clustering a first user, a second user, and a third user of said plurality of users, into a particular cluster of users whose input-unit interactions exhibit a particular behavioral trait when they interact with said computerized service through a first-type of end-user-device; (c) subsequently, detecting that the first user and the second user, access said computerized service via a second-type of end-user device, in a manner that exhibits a second, different, behavioral trait; (d) determining that the third user is also expected to exhibit said second behavioral trait when the third user accesses said computerized service via said second-type of end-user-device; (e) in a particular usage session, in which said third user firstly-ever accesses the computerized service via said second-type of end-user-device: if said particular usage session of said third user; does not exhibit said second behavioral trait that was determined in steps (c) and (d), then, determining that said particular usage session is attributed to a cyber-attacker and not to said third user; wherein the process comprises: based on steps (a) and (b) and (c) and (d), and prior to the third user ever accessing he computerized service via said second-type of end-user-device, generating a differentiation rule that predicts that the third user, during his first-ever access to the computerized service via said second-type of end-user-device, would perform user interactions that exhibit said second behavioral trait which was never yet observed in any monitored input-units interactions of the third user. 8. The process of claim 7 , wherein the determining of step (c) is performed prior to the third user ever accessing the computerized service via said second-type of end-user-device.
Assignees
Inventors
Classifications
Test or assess a computer or a system · CPC title
- G06F21/554Primary
involving event detection and direct action · CPC title
User authentication · CPC title
Digitisers, e.g. for touch screens or touch pads, characterised by the transducing means · CPC title
Entity profiles · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9703953B2 cover?
- Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a cyber-attacker. An end-user device interacts and communicates with a server of a computerized server (a banking website, an electronic commerce website, or the like). The interactions are monitored, tracked and logged. User Interface (UI) interferences or irregulari…
- Who is the assignee on this patent?
- Biocatch Ltd
- What technology area does this patent fall under?
- Primary CPC classification G06F21/554. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jul 11 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).