Device, method, and system of detecting multiple users accessing the same account
First Claim
1. A method comprising:
- determining that a particular subscription account of a computerized service, is accessed by two different human users who utilize a same set of login credentials, by performing;
(a) monitoring input-unit interactions of pairs of usage sessions that originated from two different users;
(b) extracting from the input-unit interactions that were monitored in step (a), a cross-account usage-session pairing pattern;
(c) monitoring input-unit interactions of pairs of usage sessions that originated from a same human user;
(d) extracting from the input-unit interactions that were monitored in step (c), an intra-account usage-session pairing pattern;
(e) determining whether a pair of usage sessions, that originated from a particular subscription account, is either;
(i) relatively more similar to the cross-account usage-session pairing pattern, or (ii) relatively more similar to the intra-account usage-session pairing pattern;
wherein the monitoring of step (a) comprises;
monitoring input-unit interactions of pairs of usage sessions that originated from two different human users and which comprise user reactions to user interface elements that are presented to users;
wherein the monitoring of step (c) comprises;
monitoring input-unit interactions of pairs of usage sessions that originated from said same human user and which comprise user reactions to user interface elements that are presented to users.
6 Assignments
0 Petitions
Accused Products
Abstract
Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker. The methods include monitoring of user-side input-unit interactions, in general and in response to an interference introduced to user-interface elements. The monitored interactions are used for detecting an attacker that utilizes a remote access channel; for detecting a malicious automatic script, as well as malicious code injection; to identify a particular hardware assembly; to perform user segmentation or user characterization; to enable a visual login process with implicit two-factor authentication; to enable stochastic cryptography; and to detect that multiple users are utilizing the same subscription account.
180 Citations
13 Claims
-
1. A method comprising:
-
determining that a particular subscription account of a computerized service, is accessed by two different human users who utilize a same set of login credentials, by performing; (a) monitoring input-unit interactions of pairs of usage sessions that originated from two different users; (b) extracting from the input-unit interactions that were monitored in step (a), a cross-account usage-session pairing pattern; (c) monitoring input-unit interactions of pairs of usage sessions that originated from a same human user; (d) extracting from the input-unit interactions that were monitored in step (c), an intra-account usage-session pairing pattern; (e) determining whether a pair of usage sessions, that originated from a particular subscription account, is either;
(i) relatively more similar to the cross-account usage-session pairing pattern, or (ii) relatively more similar to the intra-account usage-session pairing pattern;wherein the monitoring of step (a) comprises;
monitoring input-unit interactions of pairs of usage sessions that originated from two different human users and which comprise user reactions to user interface elements that are presented to users;wherein the monitoring of step (c) comprises;
monitoring input-unit interactions of pairs of usage sessions that originated from said same human user and which comprise user reactions to user interface elements that are presented to users.- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A process comprising:
-
determining that a particular subscription account of a computerized service, is accessed by two different human users who utilize a same set of login credentials, by performing; (a) monitoring input-unit interactions of pairs of usage sessions that originated from two different users; (b) extracting from the input-unit interactions that were monitored in step (a), a cross-account usage-session pairing pattern; (c) monitoring input-unit interactions of pairs of usage sessions that originated from a same human user; (d) extracting from the input-unit interactions that were monitored in step (c), an intra-account usage-session pairing pattern; (e) determining whether a pair of usage sessions, that originated from a particular subscription account, is;
(i) relatively more similar to the cross-account usage-session pairing pattern, or (ii) relatively more similar to the intra-account usage-session pairing pattern;wherein the monitoring of step (a) comprises;
monitoring input-unit interactions of pairs of usage sessions that originated from two different human users;wherein the monitoring of step (c) comprises;
monitoring input-unit interactions of pairs of usage sessions that originated from said same human user.- View Dependent Claims (13)
-
Specification