System, device, and method of recovery and resetting of user authentication factor
First Claim
1. A method comprising:
- (AA) monitoring mouse interactions of a particular user, that utilizes an electronic device having a mouse to access a computerized service;
(BB) analyzing said mouse interactions, and identifying a particular mouse-movement that said particular user performed multiple times in a repeated user-specific manner;
subsequently,(CC) in response to an indication that a current user is required to perform a reset or a recovery of a user-authentication factor of said computerized service;
(a) constructing a series of multiple mouse-movements, which comprises said particular mouse-movement identified in step (BB) and also comprises other mouse-movements that are non-unique to said particular user; and
presenting to the current user a fresh task that requires the current user to perform said series of multiple mouse-movements;
(b) monitoring a fresh manner in which the current user performs mouse-movements while he performs said fresh task;
(c) determining whether or not a fresh series of mouse-movements as monitored in step (b), includes a performance of said particular mouse-movement which exhibits said repeated user-specific manner that was identified in step (BB) during repeated previous performance of said particular mouse-movement by said particular user;
(d) if the determining of step (c) is positive, then determining that the current user is the particular user that is authorized to reset or recover said user-authentication factor of said computerized service.
4 Assignments
0 Petitions
Accused Products
Abstract
Devices, systems, and methods of password recovery and password reset, as well as resetting or recovering other types of user-authentication factor. A system monitors and tracks user-interactions that are performed by a user of an electronic device or a computerized service. The system defines a user-specific task or challenge, in which the user is requested to enter a phrase or perform a task. A user-specific feature is extracted from the manner in which the user performs the task. Subsequently, that user-specific feature is utilized instead of a security question, in order to verify the identity of the user and to allow the user to perform password reset or to perform a reset of another user-authentication factor; by presenting to the user the same task or a similar task, and monitoring the manner in which the user performs the fresh task.
-
Citations
19 Claims
-
1. A method comprising:
-
(AA) monitoring mouse interactions of a particular user, that utilizes an electronic device having a mouse to access a computerized service; (BB) analyzing said mouse interactions, and identifying a particular mouse-movement that said particular user performed multiple times in a repeated user-specific manner; subsequently, (CC) in response to an indication that a current user is required to perform a reset or a recovery of a user-authentication factor of said computerized service; (a) constructing a series of multiple mouse-movements, which comprises said particular mouse-movement identified in step (BB) and also comprises other mouse-movements that are non-unique to said particular user; and
presenting to the current user a fresh task that requires the current user to perform said series of multiple mouse-movements;(b) monitoring a fresh manner in which the current user performs mouse-movements while he performs said fresh task; (c) determining whether or not a fresh series of mouse-movements as monitored in step (b), includes a performance of said particular mouse-movement which exhibits said repeated user-specific manner that was identified in step (BB) during repeated previous performance of said particular mouse-movement by said particular user; (d) if the determining of step (c) is positive, then determining that the current user is the particular user that is authorized to reset or recover said user-authentication factor of said computerized service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A process comprising:
-
(I) detecting that a particular user moves an on-screen pointer, from on-screen location B to on-screen location C, in a unique user-specific manner that is consistently repeated by said particular user across multiple interactions with a computerized service via an input-unit; (II) constructing a task that requires a current user to move the on-screen pointer, via said input unit, from on-screen location A to on-screen location B, and then from on-screen location B to on-screen location C, and then from on-screen location C to on-screen location D; (III) checking whether the current user has moved the on-screen pointer from on-screen location B to on-screen location C in accordance with the unique user-specific manner that was consistently repeated by said particular user; (IV) if the checking result of step (III) is positive, then;
determining that the current user is said particular user, and authorizing the current user to perform recovery or reset of the user-authentication factor. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A method comprising:
-
(AA) monitoring touch-pad interactions of a particular user, that utilizes an electronic device having a touch-pad to access a computerized service; (BB) analyzing said touch-pad interactions, and identifying a particular touch-pad-gesture that said particular user performed multiple times in a repeated user-specific manner; subsequently, (CC) in response to an indication that a current user is required to perform a reset or a recovery of a user-authentication factor of said computerized service; (a) constructing a series of multiple movements, which comprises said particular touch-pad gesture identified in step (BB) and also comprises other touch-pad gestures that are non-unique to said particular user; and
presenting to the current user a fresh task that requires the current user to perform said series of multiple touch-pad gestures;(b) monitoring a fresh manner in which the current user performs touch-pad gestures while he performs said fresh task; (c) determining whether or not a fresh series of touch-pad gestured monitored in step (b), includes a performance of said particular touch-pad gesture which exhibits said repeated user-specific manner that was identified in step (BB) during repeated previous performance of said particular touch-pad gesture by said particular user; (d) if the determining of step (c) is positive, then determining that the current user is the particular user that is authorized to reset or recover said user-authentication factor of said computerized service. - View Dependent Claims (17)
-
-
18. A method comprising:
-
(AA) monitoring touch-screen interactions of a particular user, that utilizes an electronic device having a touch-screen to access a computerized service; (BB) analyzing said touch-screen interactions, and identifying a particular touch-screen gesture that said particular user performed multiple times in a repeated user-specific manner; subsequently, (CC) in response to an indication that a current user is required to perform a reset or a recovery of a user-authentication factor of said computerized service; (a) constructing a series of multiple gestures, which comprises said particular touch-screen gesture identified in step (BB) and also comprises other touch-screen gestures that are non-unique to said particular user; and
presenting to the current user a fresh task that requires the current user to perform said series of multiple gestures;(b) monitoring a fresh manner in which the current user performs touch-screen gestures while he performs said fresh task; (c) determining whether or not a fresh series of touch-screen gestures monitored in step (b), includes a performance of said particular touch-screen gesture which exhibits said repeated user-specific manner that was identified in step (BB) during repeated previous performance of said particular touch-screen gesture by said particular user; (d) if the determining of step (c) is positive, then determining that the current user is the particular user that is authorized to reset or recover said user-authentication factor of said computerized service. - View Dependent Claims (19)
-
Specification