Device, system, and method of password-less user authentication and password-less detection of user identity
First Claim
1. A method comprising:
- differentiating between a first human user and a second human user of a computerized service via a password-less user-authentication process, by performing;
(a) selecting, from a pool of task attributes, a particular set of task attributes;
wherein the set of task attributes comprises at least;
(i) a particular shape for on-screen tracing, and (ii) at least one other task attribute; and
automatically generating on-the-fly a particular unique and non-user-defined task, that is intended to be repeatedly performed by a specific user via an input unit of an electronic device;
(b) generating the unique and non-user-defined task, in which said specific user is requested to perform gestures that correspond to said task, wherein said generating comprises presenting to said specific user instructions on how to complete said task without requiring said user to remember or memorize any data-item or password or Personal Identification Number (PIN); and
collecting user interactions data via the input unit while the user is performing the task;
(c) repeating step (b) for at least N iterations for said specific user, wherein said same unique and non-user-defined task is repeated in each one of said iterations, wherein N is a positive integer; and
wherein said same unique and non-user-defined task is consistently repeated across multiple log-in sessions of said specific user;
(d) during step (b) and during step (c), determining from said user interactions data a user-specific cognitive behavioral biometric profile that characterizes a cognitive behavioral manner in which said user repeatedly performs said same unique and non-user-defined task across said N iterations;
(e) storing the user-specific cognitive behavioral profile in a repository, indicating that said user-specific cognitive behavioral profile is associated with at least one of;
(i) said specific user, (ii) said electronic device;
(f) subsequently, generating said same unique and non-user-defined task again upon a subsequent request of a user to access said computerized service, and collecting fresh user interactions data from fresh performance of said task;
(g) if the fresh user interactions data that was collected from said fresh performance of said same unique and non-user-defined task, does not match the previously-stored user-specific cognitive behavioral biometric profile, then un-authorizing access of the user to the computerized service.
6 Assignments
0 Petitions
Accused Products
Abstract
Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting possible attackers; as well as password-less user authentication, and password-less detection of user identity. A system or a computing device requires a user to perform a particular unique non-user-defined task, the task optionally being an on-screen connect-the-dots task. The system monitors user interactions, extracts user-specific features that characterizes the manner in which the user performs the tasks; and subsequently relies on such user-specific features as a means for user authentication, optionally without utilizing a password or passphrase. Optionally, a user interface anomaly or interference is intentionally introduced in order to elicit the user to perform corrective gestures, which are optionally used for extraction of additional user-specific features.
173 Citations
28 Claims
-
1. A method comprising:
-
differentiating between a first human user and a second human user of a computerized service via a password-less user-authentication process, by performing; (a) selecting, from a pool of task attributes, a particular set of task attributes;
wherein the set of task attributes comprises at least;
(i) a particular shape for on-screen tracing, and (ii) at least one other task attribute; and
automatically generating on-the-fly a particular unique and non-user-defined task, that is intended to be repeatedly performed by a specific user via an input unit of an electronic device;(b) generating the unique and non-user-defined task, in which said specific user is requested to perform gestures that correspond to said task, wherein said generating comprises presenting to said specific user instructions on how to complete said task without requiring said user to remember or memorize any data-item or password or Personal Identification Number (PIN); and
collecting user interactions data via the input unit while the user is performing the task;(c) repeating step (b) for at least N iterations for said specific user, wherein said same unique and non-user-defined task is repeated in each one of said iterations, wherein N is a positive integer; and
wherein said same unique and non-user-defined task is consistently repeated across multiple log-in sessions of said specific user;(d) during step (b) and during step (c), determining from said user interactions data a user-specific cognitive behavioral biometric profile that characterizes a cognitive behavioral manner in which said user repeatedly performs said same unique and non-user-defined task across said N iterations; (e) storing the user-specific cognitive behavioral profile in a repository, indicating that said user-specific cognitive behavioral profile is associated with at least one of;
(i) said specific user, (ii) said electronic device;(f) subsequently, generating said same unique and non-user-defined task again upon a subsequent request of a user to access said computerized service, and collecting fresh user interactions data from fresh performance of said task; (g) if the fresh user interactions data that was collected from said fresh performance of said same unique and non-user-defined task, does not match the previously-stored user-specific cognitive behavioral biometric profile, then un-authorizing access of the user to the computerized service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
3. The method of claim 1,
wherein the task is unique to said electronic device relative to all other electronic devices that access the computerized service. -
4. The method of claim 1,
wherein the task is both (i) unique to said electronic device relative to all other electronic devices that access the computerized service, and (ii) unique to said user relative to all other users of the computerized service. -
5. The method of claim 1, wherein the task comprises an on-screen dot-connecting task;
- wherein the method comprises;
detecting that a first user connected a first dot with a second dot in said task via a straight line;
detecting that a second user connected the first dot with the second dot in said task via a curved line; and
based on said detecting operations, distinguishing between said first user and said second user.
- wherein the method comprises;
-
6. The method of claim 1, wherein the task comprises an on-screen dot-connecting task in which all dots are visible to the user immediately upon commencement of the task;
- wherein the method comprises;
detecting that a first user completed said task in T1 seconds;
detecting that a second user completed said task in T2 seconds; and
based on said detecting operations, distinguishing between said first user and said second user.
- wherein the method comprises;
-
7. The method of claim 1, wherein the task comprises an on-screen dot-connecting task in which only a single dot is visible to the user immediately upon commencement of the task, and each subsequent dot is exposed to the user gradually as the user connects each dot that was exposed to him.
-
8. The method of claim 1, wherein the task is generated by selecting at least:
- a particular shape from a pool of available shapes, a particular scale from a pool of available scales, a particular number of dots from a number-of-dots pool.
-
9. The method of claim 1, comprising:
-
while the user is performing the task, introducing an input/output interference that triggers the user to perform corrective gestures; extracting one or more user-specific features from said corrective gestures; taking into account said one or more user-specific features, that were extracted from said corrective gestures, during at least one of these steps;
(i) during constructing the reference user-specific behavioral signature;
(ii) during constructing the fresh user-specific behavioral signature.
-
-
10. The method of claim 1, comprising:
-
during a first K usage-sessions of the user with the computerized service, wherein K is a positive integer;
(a) requiring the user to both enter a password and to perform the task;
(b) relying on the password for user authentication towards the computerized service;
(c) not-relying on the task for user authentication towards the computerized service;starting at the K+1 usage-session of the user with the computerized service;
enabling the user to authenticate towards the computerized service without entering any password, if the user performs the task in a manner that matches the reference user-specific behavioral profile.
-
-
11. The method of claim 1, comprising:
-
during a first K usage-sessions of the user with the computerized service, wherein K is a positive integer;
(a) requiring the user to both enter a password and to perform the task;
(b) relying on the password for user authentication towards the computerized service;
(c) not-relying on the task for user authentication towards the computerized service;upon completion of the first K usage-sessions, discarding the password; starting at the K+1 usage-session of the user with the computerized service;
enabling the user to authenticate towards the computerized service without entering any password, if the user performs the task in a manner that matches the reference user-specific behavioral profile.
-
-
12. The method of claim 1, wherein said task is utilized for user authentication in addition to requiring the user to manually enter a password.
-
13. The method of claim 1, wherein said task is utilized for user authentication instead of requiring the user to manually enter a password.
-
14. The method of claim 1, wherein said task is utilized for user authentication as a condition for granting access to the user to a physical location.
-
15. The method of claim 1, wherein said task is utilized for user authentication as a condition for granting access to the user to a vehicle.
-
16. The method of claim 1, wherein said task is utilized for user authentication as part of a multi-factor authentication process.
-
17. The method of claim 1, wherein said task is utilized as a secret question that the user is required to successfully perform in order to reset user credentials.
-
18. The method of claim 1, wherein collecting the user interactions data comprises collecting user interactions data both (i) during performance of the task, and (ii) immediately prior to performance of the task;
wherein generating the user-specific cognitive behavioral biometric profile is performed based on both (I) the user interactions during performance of the task, and (II) the user interactions immediately prior to performance of the task.
-
19. The method of claim 1,
wherein collecting the user interactions data comprises collecting user interactions data both (i) during performance of the task, and (ii) immediately after performance of the task; wherein generating the user-specific cognitive behavioral biometric profile is performed based on both (I) the user interactions during performance of the task, and (II) the user interactions immediately after performance of the task.
-
20. The method of claim 1,
wherein collecting the user interactions data comprises collecting user interactions data (i) during performance of the task, and (ii) immediately prior to performance of the task, and (iii) immediately after performance of the task; wherein generating the user-specific cognitive behavioral biometric profile is performed based on (I) the user interactions during performance of the task, and (II) the user interactions immediately prior to performance of the task, and (III) the user interactions immediately after performance of the task.
-
21. The method of claim 1,
wherein collecting the user interactions data comprises both (i) collecting user interactions data via the input unit, and (ii) collecting one or more sensed parameters that are sensed via a sensor of the electronic device during task performance; wherein generating the user-specific cognitive behavioral biometric profile is performed based on both (I) the user interactions via the input unit during performance of the task, and (II) the one or more sensed parameters that are sensed via said sensor of the electronic device during task performance.
-
22. The method of claim 1, wherein collecting the user interactions data comprises both (i) collecting user interactions via the input unit, and (ii) collecting one or more sensed device-acceleration parameters that are sensed via an accelerometer of the electronic device during task performance;
wherein generating the user-specific cognitive behavioral biometric profile is performed based on both (I) the user interactions via the input unit during performance of the task, and (II) the one or more sensed device-acceleration parameters that are sensed via said accelerometer of the electronic device during task performance.
-
23. The method of claim 1, wherein collecting the user interactions data comprises both (i) collecting user interactions via the input unit, and (ii) collecting one or more sensed device parameters that are sensed via a gyroscope of the electronic device during task performance;
wherein generating the user-specific cognitive behavioral biometric profile is performed based on both (I) the user interactions via the input unit during performance of the task, and (II) the one or more device parameters that are sensed via said gyroscope of the electronic device during task performance.
-
24. The method of claim 1, wherein collecting the user interactions data comprises both (i) collecting user interactions data via the input unit, and (ii) collecting one or more sensed device-orientation parameters that are sensed via an orientation-sensing unit of the electronic device during task performance;
wherein generating the user-specific cognitive behavioral biometric profile is performed based on both (I) the user interactions via the input unit during performance of the task, and (II) the one or more device-orientation parameters that are sensed via said orientation-sensing unit of the electronic device during task performance.
-
25. The method of claim 1, wherein collecting the user interactions data comprises both (i) collecting user interactions data via the input unit, and (ii) collecting one or more images of the user that are captured via an imager during task performance;
wherein generating the user-specific cognitive behavioral biometric profile is performed based on both (I) the user interactions via the input unit during performance of the task, and (II) the one or more images that are captured visa said imager during task performance.
-
26. The method of claim 1, comprising:
-
if said user-specific cognitive behavioral biometric profile is compromised, then; (A) autonomously selecting a replacement unique and non-user-defined task, that is intended to be performed by the specific user via the input unit of the electronic device; (B) generating the replacement task, and collecting user interactions data via the input unit while the user is performing the replacement task; (C) repeating step (B) for at least N iterations for said specific user; (D) during step (B) and during step (C), determining from said user interactions a replacement user-specific cognitive behavioral biometric profile; (E) in a subsequent user-authentication session;
generating the replacement task;
based on monitored user interactions, generating a fresh ad-hoc cognitive behavioral biometric profile; and
authenticating the user based on a comparison between the fresh ad-hoc cognitive behavioral biometric profile and the replacement user-specific cognitive behavioral biometric profile.
-
-
27. The method of claim 1, comprising:
-
if said user-specific cognitive behavioral biometric profile becomes non-usable, then; (A) autonomously selecting a replacement unique and non-user-defined task, that is intended to be performed by the specific user via the input unit of the electronic device; (B) generating the replacement task, and collecting user interactions data via the input unit while the user is performing the replacement task; (C) repeating step (B) for at least N iterations for said specific user; (D) during step (B) and during step (C), determining from said user interactions a replacement user-specific cognitive behavioral biometric profile; (E) in a subsequent user-authentication session;
(i) generating the replacement task;
(ii) based on collected user interactions data during performance of the replacement task, generating a fresh ad-hoc cognitive behavioral biometric profile;
(iii) authenticating the user based on a comparison between the fresh ad-hoc cognitive behavioral biometric profile and the replacement user-specific cognitive behavioral biometric profile.
-
-
28. The method of claim 1, comprising:
-
upon loss or theft of said electronic device is lost or stolen, performing; (A) autonomously selecting a replacement unique and non-user-defined task, that is intended to be performed by the specific user via the input unit of the electronic device; (B) generating the replacement task, and collecting user interactions data via the input unit while the user is performing the replacement task; (C) repeating step (B) for at least N iterations for said specific user; (D) during step (B) and during step (C), determining from said user interactions a replacement user-specific cognitive behavioral biometric profile; (E) in a subsequent user-authentication session;
(i) generating the replacement task;
(ii) based on collected user interactions data during performance of the replacement task, generating a fresh ad-hoc cognitive behavioral biometric profile;
(iii) authenticating the user based on a comparison between the fresh ad-hoc cognitive behavioral biometric profile and the replacement user-specific cognitive behavioral biometric profile.
-
Specification