METHOD, DEVICE, AND SYSTEM OF DIFFERENTIATING AMONG USERS BASED ON RESPONSES TO INJECTED INTERFERENCES

US 20150205955A1
Filed: 04/01/2015
Published: 07/23/2015
Est. Priority Date: 11/29/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

determining whether a user, who utilizes a computing device to interact with a computerized service, is either an authorized user or an attacker;

wherein the determining comprises;

generating a temporary input/output interference that causes an anomaly between (A) input gestures that the user performs via an input unit of said computing device, and (B) output that is displayed on a display unit of said computing device as a result of the input gestures;

wherein the temporary input/output interference is a binary-type interference defined to trigger one of two possible manual user responses,wherein the two possible manual user responses comprise;

a first possible manual user response that is performed by a majority of a general population of users; and

a second possible manual user response that is performed by a minority of the general population of users;

based on a level of uniqueness in the general population of users, of a particular response-to-interference that is identified in input-unit interactions of said user, determining whether or not to re-use said interference in subsequent usage sessions of said user.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a cyber-attacker. An end-user device (a desktop computer, a laptop computer, a smartphone, a tablet, or the like) interacts and communicates with a server of a computerized server (a banking website, an electronic commerce website, or the like). The interactions are monitored, tracked and logged. User Interface (UI) interferences or irregularities are intentionally introduced to the communication session; and the server tracks the response or the reaction of the end-user to such communication interferences. The system determines whether the user is a legitimate human user, or a cyber-attacker or automated script posing as the legitimate human user. The system further detects click-fraud, and prevents or mitigates Application Distributed Denial-of-Service attacks.

Citations

23 Claims

1. A method comprising:
- determining whether a user, who utilizes a computing device to interact with a computerized service, is either an authorized user or an attacker;
  
  wherein the determining comprises;
  
  generating a temporary input/output interference that causes an anomaly between (A) input gestures that the user performs via an input unit of said computing device, and (B) output that is displayed on a display unit of said computing device as a result of the input gestures;
  
  wherein the temporary input/output interference is a binary-type interference defined to trigger one of two possible manual user responses,wherein the two possible manual user responses comprise;
  
  a first possible manual user response that is performed by a majority of a general population of users; and
  
  a second possible manual user response that is performed by a minority of the general population of users;
  
  based on a level of uniqueness in the general population of users, of a particular response-to-interference that is identified in input-unit interactions of said user, determining whether or not to re-use said interference in subsequent usage sessions of said user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. The method of claim 1, comprising:
    - determining whether a user, who utilizes a computing device to interact with a computerized service, is either an authorized user or an attacker;
      
      wherein the determining comprises;
      
      generating a temporary input/output interference that causes an anomaly between (A) input gestures that the user performs via an input unit of said computing device, and (B) output that is displayed on a display unit of said computing device as a result of the input gestures;
      
      wherein the temporary input/output interference is a binary-type interference defined to trigger one of two possible manual user responses,wherein the two possible manual user responses comprise;
      
      a first possible manual user response that is performed by a majority of a general population of users; and
      
      a second possible manual user response that is performed by a minority of the general population of users;
      
      tracking user interactions via said input unit in response to said temporary input/output interference;
      
      detecting a manual correction operation that the user performs via said input unit in response to said temporary input/output interference;
      
      determining whether said manual correction operation that the user performs via said input unit, matches either the first possible manual user response or the second possible manual user response;
      
      if said manual user correction operation that the user performs, matches the first possible manual user response that is performed by majority of the general population of users, then discarding said temporary input/output interference from being re-used in subsequent usage sessions of said user;
      
      if said manual user correction operation that the user performs, matches the second possible manual user response that is performed by minority of the general population of users, then updating a user profile to indicate that said temporary input/output interference is to be re-used in subsequent usage sessions of said user.
  - 3. The method of claim 1, wherein generating the temporary input/output interference comprises:
    - temporarily hiding an on-screen pointer at the output unit of said computing device;
      
      defining the first possible manual response as linear movement of the input unit by the user;
      
      defining the second possible manual response as non-linear movement of the input unit by the user;
      
      wherein detecting the manual correction operation of said user comprises;
      
      determining whether said user performed a manual correction operation having either linear movement of the input unit or non-linear movement of the input unit.
  - 4. The method of claim 1, wherein generating the temporary input/output interference comprises:
    - temporarily hiding an on-screen pointer at the output unit of said computing device;
      
      defining the first possible manual response as linear movement of the input unit by the user;
      
      defining the second possible manual response as circular movement of the input unit by the user;
      
      wherein detecting the manual correction operation of said user comprises;
      
      determining whether said user performed a manual correction operation having either linear movement of the input unit or circular movement of the input unit.
  - 5. The method of claim 1, wherein generating the temporary input/output interference comprises:
    - temporarily hiding an on-screen pointer at the output unit of said computing device;
      
      defining the first possible manual response as clockwise rotation movement of the input unit by the user;
      
      defining the second possible manual response as counter-clockwise rotation movement of the input unit by the user;
      
      wherein detecting the manual correction operation of said user comprises;
      
      determining whether said user performed a manual correction operation having either clockwise rotation movement of the input unit or counter-clockwise rotation movement of the input unit.
  - 6. The method of claim 1, wherein generating the temporary input/output interference comprises:
    - temporarily hiding an on-screen pointer at the output unit of said computing device;
      
      defining the first possible manual response as movement of the input unit by the user;
      
      defining the second possible manual response as clicking a button of the input unit by the user;
      
      wherein detecting the manual correction operation of said user comprises;
      
      determining whether said user performed a manual correction operation having either movement of the input unit or clicking the button of the input unit.
  - 7. The method of claim 1, comprising:
    - storing a lookup table representing a pool of possible on-screen binary-type interferences;
      
      for each one of the possible on-screen interferences, determining the level of uniqueness in the population of users of each one of two possible manual responses to interference;
      
      updating said lookup table to indicate the level of uniqueness of each possible manual response to each one of the possible on-screen interferences.
  - 8. The method of claim 7, comprising, with regard to a particular user:
    - injecting into a communication session of said particular user, a batch of interferences selected from said pool of possible on-screen binary-type interferences,wherein the injecting comprises injecting one interference at a time;
      
      for each injected interference, detecting the manual correction operation performed by said user, and determining whether said manual correction operation performed by said user is either unique or non-unique relative to the general population of users;
      
      updating a user profile to indicate which one or more interferences, out of said pool of possible on-screen binary-type interferences, trigger unique responses from said user and are to be used for user-differentiation purposes in subsequent usage sessions of said user.
  - 9. The method of claim 7, comprising, with regard to a particular user:
    - injecting into a communication session of said particular user, a batch of interferences selected from said pool of possible on-screen binary-type interferences,wherein the injecting comprises injecting one interference at a time;
      
      for each injected interference, detecting the manual correction operation performed by said user, and determining whether said manual correction operation performed by said user is either unique or non-unique relative to the general population of users;
      
      updating a user profile to indicate that with regard to said particular user, one or more interferences out of said pool of possible on-screen binary-type interferences, trigger non-unique responses from said user and are to be discarded and not to be used for user-differentiation purposes in subsequent usage sessions of said user.
  - 10. The method of claim 7, comprising, with regard to a particular user:
    - dynamically creating a user profile for user differentiation,by discarding from said pool a first binary-type interference to which the manual correction operation of said particular user is frequent with at least 70 percent of the population of users;
      
      and by maintaining in said pool a second binary-type interference to which the manual correction operation of said particular user is frequent with at most 30 percent of the population of users.
  - 11. The method of claim 7, comprising, with regard to a particular user:
    - dynamically creating a user profile for user differentiation,by discarding from said pool a first binary-type interference to which the manual correction operation of said particular user is frequent with at least 90 percent of the population of users;
      
      and by maintaining in said pool a second binary-type interference to which the manual correction operation of said particular user is frequent with at most 10 percent of the population of users.
  - 12. The method of claim 2, wherein the discarding comprises:
    - if said manual user correction operation that the user performs, matches the first possible manual user response that is performed by at least 90 percent of the general population of users, then discarding said temporary input/output interference from being re-used in subsequent usage sessions of said user.
  - 13. The method of claim 2, wherein the discarding comprises:
    - if said manual user correction operation that the user performs, matches the first possible manual user response that is performed by at least 75 percent of the general population of users, then discarding said temporary input/output interference from being re-used in subsequent usage sessions of said user.
  - 14. The method of claim 2, wherein the updating comprises:
    - if said manual user correction operation that the user performs, matches the second possible manual user response that is performed by at most 15 percent of the general population of users, then updating the user profile to indicate that said temporary input/output interference is to be re-used in subsequent usage sessions of said user.
  - 15. The method of claim 1, wherein the updating comprises:
    - if said manual user correction operation that the user performs, matches the second possible manual user response that is performed by at most 30 percent of the general population of users, then updating the user profile to indicate that said temporary input/output interference is to be re-used in subsequent usage sessions of said user.
  - 16. The method of claim 1, comprising:
    - presenting to said user a screen comprising content and an advertisement;
      
      injecting a temporary input/output interference that causes an on-screen pointer, that is on route to click within said advertisement, to deviate from its regular route;
      
      tracking user interactions with said input unit in response to said temporary input/output interference;
      
      determining that said user performed manual correction operations that adequately fix said temporary input/output interference;
      
      determining that a click of said user within said advertisement was performed by a genuine user and not by a click-fraud mechanism.
  - 17. The method of claim 1, comprising:
    - presenting to said user a screen comprising content and an advertisement;
      
      injecting a temporary input/output interference that causes an on-screen pointer, that is on route to click within said advertisement, to temporarily disappear;
      
      tracking user interactions with said input unit in response to said temporary input/output interference;
      
      determining that said user performed manual correction operations that adequately fix said temporary input/output interference;
      
      determining that a click of said user within said advertisement was performed by a genuine user and not by a click-fraud mechanism.
  - 18. The method of claim 1, comprising:
    - presenting to said user a screen comprising content and an advertisement;
      
      injecting a temporary input/output interference that causes an on-screen pointer, that is on route to click within said advertisement, to appear at a pseudo-random offset relative to a regular non-interfered location of said on-screen pointer;
      
      tracking user interactions with said input unit in response to said temporary input/output interference;
      
      determining that said user performed manual correction operations that adequately fix said temporary input/output interference;
      
      determining that a click of said user within said advertisement was performed by a genuine user and not by a click-fraud mechanism.
  - 19. The method of claim 1, comprising:
    - presenting to said user a screen comprising content and an advertisement;
      
      injecting a temporary input/output interference that causes an on-screen pointer, that is on route to click within said advertisement, to deviate from its regular route;
      
      tracking user interactions with said input unit in response to said temporary input/output interference;
      
      determining that said user did not perform manual correction operations that adequately fix said temporary input/output interference;
      
      determining that a click of said user within said advertisement was performed by a click-fraud mechanism.
  - 20. The method of claim 1, comprising:
    - presenting to said user a screen comprising content and an advertisement;
      
      injecting a temporary input/output interference that causes an on-screen pointer, that is on route to click within said advertisement, to temporarily disappear;
      
      tracking user interactions with said input unit in response to said temporary input/output interference;
      
      determining that said user did not perform manual correction operations that adequately fix said temporary input/output interference;
      
      determining that a click of said user within said advertisement was performed by a click-fraud mechanism.
  - 21. The method of claim 1, comprising:
    - presenting to said user a screen comprising content and an advertisement;
      
      injecting a temporary input/output interference that causes an on-screen pointer, that is on route to click within said advertisement, to appear at a pseudo-random offset relative to a regular non-interfered location of said on-screen pointer;
      
      tracking user interactions with said input unit in response to said temporary input/output interference;
      
      determining that said user did not perform manual correction operations that adequately fix said temporary input/output interference;
      
      determining that a click of said user within said advertisement was performed by a click-fraud mechanism.
  - 22. The method of claim 1, comprising:
    - presenting to said user a screen comprising content and an advertisement;
      
      injecting a temporary input/output interference that causes an on-screen pointer to operate irregularly relative to pointer-controlling gestures that are inputted by said user while said user is attempting to move said on-screen pointer towards said advertisement;
      
      wherein said temporary input/output interference is exhibited as anomaly between (A) user gestures via the input unit, and (B) on-screen behavior of the on-screen pointer;
      
      if it is detected that no correction operations were performed by said user in response to said anomaly, then determining that said user is an attacker.
  - 23. The method of claim 1, comprising:
    - presenting to said user a screen comprising content and an advertisement;
      
      injecting a temporary input/output interference that causes an on-screen pointer to operate irregularly relative to pointer-controlling gestures that are inputted by said user while said user is attempting to move said on-screen pointer towards said advertisement;
      
      wherein said temporary input/output interference is exhibited as anomaly between (A) user gestures via the input unit, and (B) on-screen behavior of the on-screen pointer;
      
      wherein the temporary input/output interference causes the on-screen pointer to reach an on-screen location that is external to said advertisement unless manual correction operations are performed via the input unit in response to said temporary input/output interference.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Biocatch Ltd.
Original Assignee
Biocatch Ltd.
Inventors
Turgeman, Avi

Granted Patent

US 9,418,221 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/316   by observing the pattern of...

G06F 21/32   using biometric data, e.g. ...

G06F 21/552   involving long-term monitor...

G06F 21/554   involving event detection a...

G06F 2221/2133   Verifying human interaction...

G06F 3/041   Digitisers, e.g. for touch ...

G06F 3/0488   using a touch-screen or dig...

G06Q 30/0248   Avoiding fraud

G06Q 30/0277   Online advertisement

H04L 2463/102   applying security measure f...

H04L 2463/144   Detection or countermeasure...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/1408   by monitoring network traff...

H04L 63/1458   Denial of Service

H04L 67/306   User profiles

H04L 67/535   Tracking the activity of th...

H04W 12/125   Protection against power ex...

METHOD, DEVICE, AND SYSTEM OF DIFFERENTIATING AMONG USERS BASED ON RESPONSES TO INJECTED INTERFERENCES

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD, DEVICE, AND SYSTEM OF DIFFERENTIATING AMONG USERS BASED ON RESPONSES TO INJECTED INTERFERENCES

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links