Abstract: Devices, systems, and methods of determining or estimating a level of force or pressure, that is applied by a user to a touch surface of an electronic device or an electronic system. A touch-screen or touch-pad or other touch-sensitive surface, measures or senses a size of a touch-spot that is engaged by a fingertip of the user; and further tracks and records the changes over time in the size of such touch-spot. Based on analysis of the changes of the size of the touch-spot over time, the touch surface or an associated driver or module determines or estimates the level of force or pressure that was applied by the user, or assigns a touch-force value or class.

Abstract: Devices, systems, and methods to detect malware, particularly an overlay malware that generates a fake, always-on-top, masking layer or an overlay component that attempts to steal passwords or other user credentials. A defensive module protects a victim application, particularly of an electronic device having a touch-screen. The defensive module generates a transparent or invisible always-on-top layer of its own; and periodically injects automatically-generated non-human tap events or touch-gesture events, and checks whether the injected events are indeed received, in order to determine whether an overlay malware is active.

Abstract: Devices, systems, and methods of password recovery and password reset, as well as resetting or recovering other types of user-authentication factor. A system monitors and tracks user-interactions that are performed by a user of an electronic device or a computerized service. The system defines a user-specific task or challenge, in which the user is requested to enter a phrase or perform a task. A user-specific feature is extracted from the manner in which the user performs the task. Subsequently, that user-specific feature is utilized instead of a security question, in order to verify the identity of the user and to allow the user to perform password reset or to perform a reset of another user-authentication factor; by presenting to the user the same task or a similar task, and monitoring the manner in which the user performs the fresh task.

Abstract: Devices, systems, and methods of determining or estimating personal characteristics of a user as well as for detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker. A method includes monitoring interactions monitoring interactions of a particular user with an input-unit of an electronic device and with an entirety of the electronic device; analyzing the interactions; and based on analysis of the monitored interactions, determining a gender or an age-range of the particular user. Optionally, advertisements are tailored or selected based on the estimated gender or age-range of the particular user. Optionally, an online transaction is flagged or blocked, or is authorized, based on the estimated gender or age-range of the particular user.

Abstract: Devices, systems, and methods of detecting whether an electronic device or computerized device or computer, is communicating with a computerized service or a trusted server directly and without an intermediary web-proxy, or indirectly by utilizing a proxy server or web-proxy. The system searches for particular characteristics or attributes, that characterize a proxy-based communication session or channel and that do not characterize a direct non-proxy-based communication session or channel; or conversely, the system searches for particular characteristics or attributes, that characterize a direct non-proxy-based communication session or channel and that do not characterize a proxy-based communication session or channel; and based on these characteristics, determines whether or not a proxy server exists and operates.

Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker. A log-in process or a user-authentication process, is augmented or enriched by one or more incidental tasks, which force the user to perform additional on-screen interactions or input-unit interactions, which in turn enrich and augment the pool of user interactions from which the system extracts one or more user-specific features. The extracted user-specific features are used as part of the user authentication process, and are further used to differentiate among users.

Abstract: Devices, systems, and methods of user authentication, as well as automatic differentiation between a legitimate user and a cyber-attacker. A system detects that two different accounts of the same computerized service, were accessed by a single computing device over a short period of time. The system may employ various techniques in order to determine automatically whether a legitimate user accessed the two different account, such as, a husband accessing his own bank account and shortly after that accessing also his wife's bank account, or a payroll company accessing bank accounts of two clients for payroll management purposes. Conversely, the system is able to detect that the same user exhibited the same pattern of interactions when operating the two accounts, a pattern of interactions that does not frequently appear in the general population of legitimate users, thereby indicating that the single user is a cyber-attacker.

Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, detecting a cyber-attacker, and detecting click-fraud. An end-user device (a desktop computer, a laptop computer, a smartphone, a tablet, or the like) interacts and communicates with a server of a computerized server (a banking website, an electronic commerce website, or the like). The interactions are monitored, tracked and logged. User Interface (UI) interferences or irregularities are intentionally introduced to the communication session; and the server tracks the response or the reaction of the end-user to such communication interferences. The system determines whether the user is a legitimate human user, or a cyber-attacker or automated script posing as the legitimate human user. The system further detects click-fraud, and prevents or mitigates Application Distributed Denial-of-Service attacks.

Abstract: Devices, systems, and methods of detecting whether an electronic device or computerized device or computer, is being controlled by a legitimate human user, or by an automated cyber-attack unit or malware or automatic script. The system monitors interactions performed via one or more input units of the electronic device. The system searches for abnormal input-user interactions; or for an abnormal discrepancy between: the input-unit gestures that were actually registered by the input unit, and the content that the electronic device reports as allegedly entered via such input units. A discrepancy or abnormality indicates that more-possibly, or necessarily or certainly, a malware or automated script is controlling the electronic device, rather than a legitimate human user. Optionally, an input-output aberration or interference is injected, in order to check for manual corrective actions that only a human user, and not an automated script, is able to perform.

Abstract: Devices, systems, and methods of detecting whether an electronic device or computerized device or computer, is communicating with a computerized service or a trusted server directly and without an intermediary web-proxy, or indirectly by utilizing a proxy server or web-proxy. The system searches for particular characteristics or attributes, that characterize a proxy-based communication session or channel and that do not characterize a direct non-proxy-based communication session or channel; or conversely, the system searches for particular characteristics or attributes, that characterize a direct non-proxy-based communication session or channel and that do not characterize a proxy-based communication session or channel; and based on these characteristics, determines whether or not a proxy server exists and operates.

Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker. The methods include monitoring of user-side input-unit interactions, in general and in response to an interference introduced to user-interface elements. The monitored interactions are used for detecting an attacker that utilizes a remote access channel; for detecting a malicious automatic script, as well as malicious code injection; to identify a particular hardware assembly; to perform user segmentation or user characterization; to enable a visual login process with implicit two-factor authentication; to enable stochastic cryptography; and to detect that multiple users are utilizing the same subscription account.

Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a cyber-attacker. An end-user device (a desktop computer, a laptop computer, a smartphone, a tablet, or the like) interacts and communicates with a server of a computerized server (a banking website, an electronic commerce website, or the like). The interactions are monitored, tracked and logged. Communication interferences are intentionally introduced to the communication session; and the server tracks the response or the reaction of the end-user device to such communication interferences. The system determines whether the user is a legitimate human user; or a cyber-attacker posing as a legitimate human user but actually utilizing a Virtual Machine.

Abstract: Devices, systems, and methods of user authentication. A system includes a spatial challenge unit to distinguish between a human user and a non-human user. The spatial challenge unit requires the user to perform one or more spatial operations that modify the spatial properties of an electronic device operated by the user. Correct performance of the required spatial operations, indicates that the user is human. The system also includes a spatial password unit, which tracks a manner in which a human user handles the electronic device while the user enters a password; and then utilizes this user-specific manner for user authentication, by checking whether a manner in which the user enters his password matches a reference manner of password entry or a historical manner of password entry. The system also utilizes sequence of spatial operations or spatial gestures, as a pure spatial password or purely-spatial user-authentication factor.

Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker. A log-in process or a user-authentication process, is augmented or enriched by one or more incidental tasks, which force the user to perform additional on-screen interactions or input-unit interactions, which in turn enrich and augment the pool of user interactions from which the system extracts one or more user-specific features. The extracted user-specific features are used as part of the user authentication process, and are further used to differentiate among users.

Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a cyber-attacker. A user utilizes a desktop computer, a laptop computer, a smartphone, a tablet, or other electronic device, to interact with a banking website or application, a retailer website or application, or other computerized service. Input-unit interactions are monitored, logged, and analyzed. Based on several types of analysis of the input-unit interactions, a score is generated to reflect fraud-relatedness or attack-relatedness of the input-unit interactions. Based on the score, the system estimates or determines whether the user is an attacker, and initiates attach-mitigation operations or fraud-mitigation operations.

Abstract: System, device, and method of secure utilization of fingerprints for user authentication. A method includes: capturing a fingerprint that a particular user provides to an electronic device; generating a raw fingerprint signature that corresponds to bodily features of the fingerprint of the particular user; monitoring user interactions of the particular user, during the capturing of the raw fingerprint, via one or more input units of the electronic device; extracting from the monitored user interactions a user-specific characteristic that is user-specific to the interactions of the particular user; generating a user-specific reference fused data-item, by utilizing both: (I) the raw fingerprint signature that was generated, and (II) the user-specific characteristic that was extracted; subsequently, utilizing the reference fused data-item as a reference for user-authentication.

Abstract: Method, device, and system of detecting a lie of a user who inputs data. A method includes monitoring input-unit gestures and interactions of a user that inputs data through an electronic device; and based on analysis of the input-unit gestures and interactions, determining that the user has inputted false data through the electronic device. A particular fillable field, or a particular question, are identified as having untrue input from the user. Optionally, spatial orientation data of the electronic device is taken into account in the determination process. Optionally, contextual analysis is utilized, to determine that the input-unit gestures and interactions reflect an attempt of the user to perform a beautifying modification of a data-item to his benefit.

Abstract: Devices, systems, and methods of detecting whether an electronic device or computerized device or computer, is being controlled by a legitimate human user, or by an automated cyber-attack unit or malware or automatic script. The system monitors interactions performed via one or more input units of the electronic device. The system searches for abnormal input-user interactions; or for an abnormal discrepancy between: the input-unit gestures that were actually registered by the input unit, and the content that the electronic device reports as allegedly entered via such input units. A discrepancy or abnormality indicates that more-possibly, or necessarily or certainly, a malware or automated script is controlling the electronic device, rather than a legitimate human user. Optionally, an input-output aberration or interference is injected, in order to check for manual corrective actions that only a human user, and not an automated script, is able to perform.

Abstract: Devices, systems, and methods of determining or estimating a level of force or pressure, that is applied by a user to a touch surface of an electronic device or an electronic system. A touch-screen or touch-pad or other touch-sensitive surface, measures or senses a size of a touch-spot that is engaged by a fingertip of the user; and further tracks and records the changes over time in the size of such touch-spot. Based on analysis of the changes of the size of the touch-spot over time, the touch surface or an associated driver or module determines or estimates the level of force or pressure that was applied by the user, or assigns a touch-force value or class.

Abstract: Devices, systems, and methods of generating and managing behavioral biometric cookies. The system monitors user-interactions of a user, that are performed via an input unit of an end-user device; and extracts a set of user-specific characteristics, which are used as a behavioral profile or behavioral signature. The set of user-specific characteristics are further used as a behavioral biometric cookie data-item, allowing the system to distinguish between two human users that utilize the same electronic device; and allowing the system to distinguish between a human user and an automated script. The system further allows creation and utilization of behavioral sub-cookies that distinguish among multiple users of the same device. The system also allows creation of a cross-device behavioral cookie, to track browsing or usage history of a single user across multiple electronic devices.