Method, device, and system of differentiating among users based on responses to injected interferences
First Claim
1. A method comprising:
- determining whether a user, who utilizes a computing device to interact with a computerized service, is either an authorized user or an attacker;
wherein the determining comprises;
generating a temporary input/output interference that causes an anomaly between (A) input gestures that the user performs via an input unit of said computing device, and (B) output that is displayed on a display unit of said computing device as a result of the input gestures;
wherein the temporary input/output interference is a binary-type interference defined to trigger one of two possible manual user responses,wherein the two possible manual user responses comprise;
a first possible manual user response that is performed by a majority of a general population of users; and
a second possible manual user response that is performed by a minority of the general population of users;
based on a level of uniqueness in the general population of users, of a particular response-to-interference that is identified in input-unit interactions of said user, determining whether or not to re-use said temporary input/output interference in subsequent usage sessions of said user;
wherein the method further comprises;
presenting to a user of an electronic device a screen comprising content and an advertisement;
injecting a temporary input/output aberration that causes an on-screen pointer, that is on route to click within said advertisement, to deviate from its regular route;
tracking user interactions with an input unit of said electronic device in response to said temporary input/output aberration;
determining whether said user performed manual correction operations that fix said temporary input/output aberration;
in response to determining that said user performed manual correction operations that fixed said temporary input/output aberration, determining that a click of said user within said advertisement was performed by a genuine user and not by a click-fraud mechanism;
in response to determining that said user performed manual correction operations that did not fix said temporary input/output aberration, determining that a click of said user within said advertisement was performed by a click-fraud mechanism.
6 Assignments
0 Petitions
Accused Products
Abstract
Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a cyber-attacker. An end-user device (a desktop computer, a laptop computer, a smartphone, a tablet, or the like) interacts and communicates with a server of a computerized server (a banking website, an electronic commerce website, or the like). The interactions are monitored, tracked and logged. User Interface (UI) interferences or irregularities are intentionally introduced to the communication session; and the server tracks the response or the reaction of the end-user to such communication interferences. The system determines whether the user is a legitimate human user, or a cyber-attacker or automated script posing as the legitimate human user. The system further detects click-fraud, and prevents or mitigates Application Distributed Denial-of-Service attacks.
73 Citations
19 Claims
-
1. A method comprising:
-
determining whether a user, who utilizes a computing device to interact with a computerized service, is either an authorized user or an attacker;
wherein the determining comprises;generating a temporary input/output interference that causes an anomaly between (A) input gestures that the user performs via an input unit of said computing device, and (B) output that is displayed on a display unit of said computing device as a result of the input gestures; wherein the temporary input/output interference is a binary-type interference defined to trigger one of two possible manual user responses, wherein the two possible manual user responses comprise;
a first possible manual user response that is performed by a majority of a general population of users; and
a second possible manual user response that is performed by a minority of the general population of users;based on a level of uniqueness in the general population of users, of a particular response-to-interference that is identified in input-unit interactions of said user, determining whether or not to re-use said temporary input/output interference in subsequent usage sessions of said user; wherein the method further comprises; presenting to a user of an electronic device a screen comprising content and an advertisement; injecting a temporary input/output aberration that causes an on-screen pointer, that is on route to click within said advertisement, to deviate from its regular route; tracking user interactions with an input unit of said electronic device in response to said temporary input/output aberration; determining whether said user performed manual correction operations that fix said temporary input/output aberration; in response to determining that said user performed manual correction operations that fixed said temporary input/output aberration, determining that a click of said user within said advertisement was performed by a genuine user and not by a click-fraud mechanism; in response to determining that said user performed manual correction operations that did not fix said temporary input/output aberration, determining that a click of said user within said advertisement was performed by a click-fraud mechanism. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
Specification