Abstract: A user of a device is authenticated after providing a pass code or other data confirming the user can access data on the device. While the user uses the device, behaviometric data is recorded which includes measures of how the user uses the device. Additional data, however, can only be accessed with a biometric and/or second authentication after collecting at least some behaviometric data, in embodiments of the disclosed technology. Depending on how close of a match the behaviometric data received is to previously recorded behaviometric data for the particular user, a threshold minimum is set for the biometric match in order to grant stepped up authentication and authorization to view the additional data. In this manner, a legitimate user often requires less time to authenticate compared to the prior art and a fraudulent user is rejected from access to sensitive data more accurately.

Abstract: A first behaviometric user profile for a first user is generated and stored, by detecting a position and velocity of the first user relative to the mobile device based on a received response from a radar transmission while the first user uses the mobile device, the received response over time indicating a position and velocity of the first user. Based on further received responses of additional radar transmissions an additional behavioral pattern of an unknown user is determined. The additional behavioral pattern is then compared to the first behaviometric user profile, and based on the comparison, a measure of similarity between the first behaviometric user profile and the additional behavioral pattern, measuring if the first user and the unknown user are a same user is heuristically determined. As a result of the comparison, operation or access to at least some data stored on the mobile device is prevented.

Abstract: A method of granting or denying access to data is disclosed herein. A server requests behaviometric data from a device regarding a user thereof. If behaviometric data is provided, the server uses it to authenticate the user. If behaviometric data is not provided, the server requests device-identifying data from the device. If the device-identifying data matches data of a device from which a user previously consented to collection of behaviometric data, behaviometric data is collected. If not, a request for collection is made.

Abstract: a user profile of behavior of a specific user is generated, including obtaining a plurality of dummy user profiles. An initial behavioral dataset relating to the behavior of the specific user during a specific transaction is collected, and compared to each of the plurality of dummy user profiles. When the initial behavioral dataset matches at least one of the plurality of dummy user profiles, the method further includes initiating a new user profile of the specific user to be equivalent to the at least a portion of at least one of the plurality of dummy user profiles, and further training the new user profile based on the initial behavioral dataset, to modify the new user profile to more accurately reflect behavior of the specific user.

Abstract: Disclosed is a method for continuously authenticating a user based on motion input data. The method includes recording motion input data from a keyboard such as starting coordinates, ending coordinates, and timestamps of key-up actions to determine that a key has been pressed, recording a timestamp of motion input at the starting coordinate, mapping the timestamp of said motion input at the starting coordinate to a key-down action for the key press, determining which key of said virtual keyboard said key-down action refers to, and granting or denying access to a device if the timing of the key which was pressed and released in the key-down action and the corresponding key-up action matches the press and flight timing of a key which was pressed and released in a previously-recorded key-down action and a previously-recorded key-up action.

Abstract: A first behaviometric user profile for a first user is generated and stored, by detecting a position and velocity of the first user relative to the mobile device based on a received response from a radar transmission while the first user uses the mobile device, the received response over time indicating a position and velocity of the first user. Based on further received responses of additional radar transmissions an additional behavioral pattern of an unknown user is determined. The additional behavioral pattern is then compared to the first behaviometric user profile, and based on the comparison, a measure of similarity between the first behaviometric user profile and the additional behavioral pattern, measuring if the first user and the unknown user are a same user is heuristically determined. As a result of the comparison, operation or access to at least some data stored on the mobile device is prevented.

Abstract: A method for denying or nullifying a specific online transaction carried out by a specific user using a computing device associated with at least one input interface, while the specific user was coached by a fraudster. The method includes collecting a specific set of behavioral data relating to the behavior of the specific user during a specific online transaction, and using a multi-dimensional classification module to determine a probability that the specific user was coached during collection of the set of behavioral data. In response to the probability being greater than a predefined threshold, the specific transaction is denied or nullified.

Abstract: FIDO authentication is augmented to include a behavioral score indicating that during a secure network session between a host and client device, the client device is being operated by a user with expected behavioral actions. The authenticated network session is maintained, stepped-up, or ended based on either or a combination of a positive response to a FIDO challenge and threshold of match between a current behavioral profile and a stored behavioral profile for the user.

Abstract: Detecting unauthorized access to a device is detected in embodiments of the disclosed technology. After downloading a webpage, code is executed in a browser to scan network ports and determine which ports are open. Further webpage content sent from a web server is determined and/or modified in embodiments of the disclosed technology based on which ports are open. In some embodiments, when a particular port or ports are already in use it is determined that a malfeasant actor has access to the end user device and as such, sensitive data or secure data which is intended for a specific user is no longer sent to the end user device.

Abstract: A user accessing data from a server in an authenticated session is determined to be human, an authorized bot, or a non-authorized bot based on receipt of behaviometric information from the user's interactions and responses to and with the server. The user is then denied or granted continued access to receive data, such as financial data, after it is determined if the user is authorized to do so by way of comparing the behaviometric data to known prior behaviometric data for particular humans and bots in embodiments of the disclosed technology.

Abstract: Detecting unauthorized access to a device is detected in embodiments of the disclosed technology. After downloading a webpage, code is executed in a browser to scan network ports and determine which ports are open. Further webpage content sent from a web server is determined and/or modified in embodiments of the disclosed technology based on which ports are open. In some embodiments, when a particular port or ports are already in use it is determined that a malfeasant actor has access to the end user device and as such, sensitive data or secure data which is intended for a specific user is no longer sent to the end user device.

Abstract: Method for a secure authenticating of a user identity of a device for a service during a session including a transaction between an authentication-client and a connected authentication-server, whereby said authentication-client is running on said device using a user-agent with a specific authentication-interface to communicate encrypted authentication messages using a Transport Layer Security (TLS) protocol between said user-agent of said authentication-client and a web-server of both said authentication-server of a ‘Relying Party’ using a unique and secret authentication-identifier (e.g. a hash-value created from ‘Relying Party’, date and time) between them, and a Behaviometric-server using a unique and secret Behaviometric-identifier (e.g. a hash-value created from a Behaviometric-Server, date and time) between them, whereby said session comprising an earlier authentication stage and at least in authentication case (said user identity is positively authenticated) a later controlling stage.

Abstract: Method for a secure authenticating of a user identity of a device for a service during a session including a transaction between an authentication-client and a connected authentication-server, whereby said authentication-client is running on said device using a user-agent with a specific authentication-interface to communicate encrypted authentication messages using a Transport Layer Security (TLS) protocol between said user-agent of said authentication-client and a web-server of both said authentication-server of a ‘Relying Party’ using a unique and secret authentication-identifier (e.g. a hash-value created from ‘Relying Party’, date and time) between them, and a Behaviometric-server using a unique and secret Behaviometric-identifier (e.g. a hash-value created from a Behaviometric-Server, date and time) between them, whereby said session comprising an earlier authentication stage and at least in authentication case (said user identity is positively authenticated) a later controlling stage.