Device, method, and system of detecting multiple users accessing the same account

US 10,055,560 B2
Filed: 09/27/2016
Issued: 08/21/2018
Est. Priority Date: 11/29/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

determining that a particular subscription account of a computerized service, is accessed by two different human users who utilize a same set of login credentials, by performing;

(a) monitoring input-unit interactions of pairs of usage sessions that originated from two different users;

(b) extracting from the input-unit interactions that were monitored in step (a), a cross-account usage-session pairing pattern;

(c) monitoring input-unit interactions of pairs of usage sessions that originated from a same human user;

(d) extracting from the input-unit interactions that were monitored in step (c), an intra-account usage-session pairing pattern;

(e) determining whether a pair of usage sessions, that originated from a particular subscription account, is either;

(i) relatively more similar to the cross-account usage-session pairing pattern, or (ii) relatively more similar to the intra-account usage-session pairing pattern;

wherein the monitoring of step (a) comprises;

monitoring input-unit interactions of pairs of usage sessions that originated from two different human users and which comprise user reactions to user interface elements that are presented to users;

wherein the monitoring of step (c) comprises;

monitoring input-unit interactions of pairs of usage sessions that originated from said same human user and which comprise user reactions to user interface elements that are presented to users.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker. The methods include monitoring of user-side input-unit interactions, in general and in response to an interference introduced to user-interface elements. The monitored interactions are used for detecting an attacker that utilizes a remote access channel; for detecting a malicious automatic script, as well as malicious code injection; to identify a particular hardware assembly; to perform user segmentation or user characterization; to enable a visual login process with implicit two-factor authentication; to enable stochastic cryptography; and to detect that multiple users are utilizing the same subscription account.

180 Citations

13 Claims

1. A method comprising:
- determining that a particular subscription account of a computerized service, is accessed by two different human users who utilize a same set of login credentials, by performing;
  
  (a) monitoring input-unit interactions of pairs of usage sessions that originated from two different users;
  
  (b) extracting from the input-unit interactions that were monitored in step (a), a cross-account usage-session pairing pattern;
  
  (c) monitoring input-unit interactions of pairs of usage sessions that originated from a same human user;
  
  (d) extracting from the input-unit interactions that were monitored in step (c), an intra-account usage-session pairing pattern;
  
  (e) determining whether a pair of usage sessions, that originated from a particular subscription account, is either;
  
  (i) relatively more similar to the cross-account usage-session pairing pattern, or (ii) relatively more similar to the intra-account usage-session pairing pattern;
  
  wherein the monitoring of step (a) comprises;
  
  monitoring input-unit interactions of pairs of usage sessions that originated from two different human users and which comprise user reactions to user interface elements that are presented to users;
  
  wherein the monitoring of step (c) comprises;
  
  monitoring input-unit interactions of pairs of usage sessions that originated from said same human user and which comprise user reactions to user interface elements that are presented to users.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein, if it is determined in step (e) that the pair of usage session, that originated from said particular subscription account, is relatively more similar to the cross-account usage-session pairing pattern, then generating a notification that said particular subscription account is accessed by two different human users who utilize the same set of login credentials.
  - 3. The method of claim 1, wherein the monitoring of step (a) further comprises:
    - monitoring also input-unit interactions of pairs of usage sessions that originated from pairs of two different subscriptions accounts and which comprise natural interactions that are not induced by any user-interface interference;
      
      wherein the monitoring of step (c) further comprises;
      
      monitoring also input-unit interactions of pairs of usage sessions that originated from a same subscription account and which comprise natural interactions that are not induced by any user-interface interference.
  - 4. The method of claim 1, comprising:
    - checking whether a characteristic of monitored user-interface interactions over a pair of usage-sessions of a same subscription account, is more similar to either;
      
      (i) a first pattern of user-interface interactions that characterize multiple pairs of usage sessions of different human users, or (ii) a second pattern of user-interface interactions that characterizes multiple pairs of usage sessions wherein each pair of usage sessions belongs to the same subscription account.
  - 5. The method of claim 4, comprising:
    - if it is determined that said characteristic of monitored user-interface interactions, over said pair of usage-sessions of the same subscription account, is more similar to said first pattern of user-interface interactions that characterize multiple pairs of usage sessions of different human users, then generating a notification that said particular subscription account is accessed by two different human users who utilize the same set of login credentials.
  - 6. The method of claim 1, comprising:
    - checking whether a characteristic of monitored user-interface interactions over a pair of usage-sessions of a same subscription account, that comprise user reactions to an injected user-interface interference, is more similar to either;
      
      (i) a first pattern of user-interface interactions that characterize multiple pairs of usage sessions of different human users, or (ii) a second pattern of user-interface interactions that characterizes multiple pairs of usage sessions wherein each pair of usage session belong to the same subscription account.
  - 7. The method of claim 6, comprising:
    - if it is determined that said characteristic of monitored user-interface interactions, over said pair of usage-sessions of the same subscription account, that comprise user reactions to said injected user-interface interference, is more similar to said first pattern of user-interface interactions that characterize multiple pairs of usage sessions of different human users, then generating a notification that said particular subscription account is accessed by two different human users who utilize the same set of login credentials.
  - 8. The method of claim 1, wherein said computerized service comprises a service selected from the group consisting of:
    - a digital streaming video service;
      
      a digital streaming audio service;
      
      an online gaming service.
  - 9. The method of claim 1, wherein said computerized service comprises a service selected from the group consisting of:
    - an online premium-content service available only to paying subscribers;
      
      an online legal information service available only to paying subscribers;
      
      an online financial information service available only to paying subscribers;
      
      an online business information service available only to paying subscribers;
      
      an online news information service available only to paying subscribers.
  - 10. The method of claim 1, comprising:
    - generating an attributes vector for each usage session;
      
      utilizing a clustering algorithm to determine the number of most-probable sources for the usage sessions;
      
      based on the clustering result, determining whether the usage sessions correspond to one use or to multiple users.
  - 11. The method of claim 1, comprising:
    - generating an ad-hoc model reflecting user-side interactions that were performed in all usage sessions that originated from a particular computing device;
      
      based on said ad-hoc model, for all other usage sessions accesses using a different device, comparing said usage sessions to said model;
      
      if a particular usage session is determined to be significantly different than said ad-hoc model, then determining the said particular usage session originated from a different user.

12. A process comprising:
- determining that a particular subscription account of a computerized service, is accessed by two different human users who utilize a same set of login credentials, by performing;
  
  (a) monitoring input-unit interactions of pairs of usage sessions that originated from two different users;
  
  (b) extracting from the input-unit interactions that were monitored in step (a), a cross-account usage-session pairing pattern;
  
  (c) monitoring input-unit interactions of pairs of usage sessions that originated from a same human user;
  
  (d) extracting from the input-unit interactions that were monitored in step (c), an intra-account usage-session pairing pattern;
  
  (e) determining whether a pair of usage sessions, that originated from a particular subscription account, is;
  
  (i) relatively more similar to the cross-account usage-session pairing pattern, or (ii) relatively more similar to the intra-account usage-session pairing pattern;
  
  wherein the monitoring of step (a) comprises;
  
  monitoring input-unit interactions of pairs of usage sessions that originated from two different human users;
  
  wherein the monitoring of step (c) comprises;
  
  monitoring input-unit interactions of pairs of usage sessions that originated from said same human user.
- View Dependent Claims (13)
- - 13. The process of claim 12, wherein said computerized service comprises a service selected from the group consisting of:
    - a digital streaming video service;
      
      a digital streaming audio service;
      
      an online gaming service;
      
      an online premium-content service available only to paying subscribers;
      
      an online legal information service available only to paying subscribers;
      
      an online financial information service available only to paying subscribers;
      
      an online business information service available only to paying subscribers;
      
      an online news information service available only to paying subscribers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Biocatch Ltd.
Original Assignee
Biocatch Ltd.
Inventors
Turgeman, Avi
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Tran, Tongoc

Application Number

US15/276,803
Publication Number

US 20170017781A1
Time in Patent Office

693 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/552   involving long-term monitor...

G06F 2221/2133   Verifying human interaction...

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04W 12/06   Authentication

Device, method, and system of detecting multiple users accessing the same account

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

180 Citations

13 Claims

Specification

Use Cases

Quick Links

Others

Device, method, and system of detecting multiple users accessing the same account

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

180 Citations

13 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others