Patents Assigned to BioCatch Ltd
  • Patent number: 10298614
    Abstract: Devices, systems, and methods of generating and managing behavioral biometric cookies. The system monitors user-interactions of a user, that are performed via an input unit of an end-user device; and extracts a set of user-specific characteristics, which are used as a behavioral profile or behavioral signature. The set of user-specific characteristics are further used as a behavioral biometric cookie data-item, allowing the system to distinguish between two human users that utilize the same electronic device; and allowing the system to distinguish between a human user and an automated script. The system further allows creation and utilization of behavioral sub-cookies that distinguish among multiple users of the same device. The system also allows creation of a cross-device behavioral cookie, to track browsing or usage history of a single user across multiple electronic devices.
    Type: Grant
    Filed: September 19, 2017
    Date of Patent: May 21, 2019
    Assignee: BIOCATCH LTD.
    Inventor: Avi Turgeman
  • Patent number: 10262324
    Abstract: Systems, devices, and methods for detecting identity of a user of a computerized service; for determining whether or not an electronic device is being used by a legitimate user; for detecting identity of a user based on navigation sequences; and for differentiating among users. The system monitors user interactions with a financial service or a retailer service, via input units, computer-mouse, keyboard, touch-screen; the system determines a unique sequence in which each users visits multiple pages, or interacts with multiple interface elements; and the system differentiates among users and flags a transaction as possibly-fraudulent.
    Type: Grant
    Filed: April 20, 2017
    Date of Patent: April 16, 2019
    Assignee: BIOCATCH LTD.
    Inventors: Avi Turgeman, Itai Novick
  • Patent number: 10198122
    Abstract: Devices, systems, and methods of determining or estimating a level of force or pressure, that is applied by a user to a touch surface of an electronic device or an electronic system. A touch-screen or touch-pad or other touch-sensitive surface, measures or senses a size of a touch-spot that is engaged by a fingertip of the user; and further tracks and records the changes over time in the size of such touch-spot. Based on analysis of the changes of the size of the touch-spot over time, the touch surface or an associated driver or module determines or estimates the level of force or pressure that was applied by the user, or assigns a touch-force value or class.
    Type: Grant
    Filed: September 30, 2016
    Date of Patent: February 5, 2019
    Assignee: BIOCATCH LTD.
    Inventor: Avi Turgeman
  • Patent number: 10164985
    Abstract: Devices, systems, and methods of password recovery and password reset, as well as resetting or recovering other types of user-authentication factor. A system monitors and tracks user-interactions that are performed by a user of an electronic device or a computerized service. The system defines a user-specific task or challenge, in which the user is requested to enter a phrase or perform a task. A user-specific feature is extracted from the manner in which the user performs the task. Subsequently, that user-specific feature is utilized instead of a security question, in order to verify the identity of the user and to allow the user to perform password reset or to perform a reset of another user-authentication factor; by presenting to the user the same task or a similar task, and monitoring the manner in which the user performs the fresh task.
    Type: Grant
    Filed: June 15, 2016
    Date of Patent: December 25, 2018
    Assignee: BIOCATCH LTD.
    Inventor: Avi Turgeman
  • Patent number: 10083439
    Abstract: Devices, systems, and methods of user authentication, as well as automatic differentiation between a legitimate user and a cyber-attacker. A system detects that two different accounts of the same computerized service, were accessed by a single computing device over a short period of time. The system may employ various techniques in order to determine automatically whether a legitimate user accessed the two different account, such as, a husband accessing his own bank account and shortly after that accessing also his wife's bank account, or a payroll company accessing bank accounts of two clients for payroll management purposes. Conversely, the system is able to detect that the same user exhibited the same pattern of interactions when operating the two accounts, a pattern of interactions that does not frequently appear in the general population of legitimate users, thereby indicating that the single user is a cyber-attacker.
    Type: Grant
    Filed: June 26, 2016
    Date of Patent: September 25, 2018
    Assignee: BIOCATCH LTD.
    Inventors: Avi Turgeman, Oren Kedem
  • Patent number: 10079853
    Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, detecting a cyber-attacker, and detecting click-fraud. An end-user device (a desktop computer, a laptop computer, a smartphone, a tablet, or the like) interacts and communicates with a server of a computerized server (a banking website, an electronic commerce website, or the like). The interactions are monitored, tracked and logged. User Interface (UI) interferences or irregularities are intentionally introduced to the communication session; and the server tracks the response or the reaction of the end-user to such communication interferences. The system determines whether the user is a legitimate human user, or a cyber-attacker or automated script posing as the legitimate human user. The system further detects click-fraud, and prevents or mitigates Application Distributed Denial-of-Service attacks.
    Type: Grant
    Filed: July 17, 2016
    Date of Patent: September 18, 2018
    Assignee: BIOCATCH LTD.
    Inventor: Avi Turgeman
  • Patent number: 10069852
    Abstract: Devices, systems, and methods of detecting whether an electronic device or computerized device or computer, is being controlled by a legitimate human user, or by an automated cyber-attack unit or malware or automatic script. The system monitors interactions performed via one or more input units of the electronic device. The system searches for abnormal input-user interactions; or for an abnormal discrepancy between: the input-unit gestures that were actually registered by the input unit, and the content that the electronic device reports as allegedly entered via such input units. A discrepancy or abnormality indicates that more-possibly, or necessarily or certainly, a malware or automated script is controlling the electronic device, rather than a legitimate human user. Optionally, an input-output aberration or interference is injected, in order to check for manual corrective actions that only a human user, and not an automated script, is able to perform.
    Type: Grant
    Filed: December 13, 2017
    Date of Patent: September 4, 2018
    Assignee: BIOCATCH LTD.
    Inventors: Avi Turgeman, Itai Novick
  • Patent number: 10069837
    Abstract: Devices, systems, and methods of detecting whether an electronic device or computerized device or computer, is communicating with a computerized service or a trusted server directly and without an intermediary web-proxy, or indirectly by utilizing a proxy server or web-proxy. The system searches for particular characteristics or attributes, that characterize a proxy-based communication session or channel and that do not characterize a direct non-proxy-based communication session or channel; or conversely, the system searches for particular characteristics or attributes, that characterize a direct non-proxy-based communication session or channel and that do not characterize a proxy-based communication session or channel; and based on these characteristics, determines whether or not a proxy server exists and operates.
    Type: Grant
    Filed: July 7, 2016
    Date of Patent: September 4, 2018
    Assignee: BIOCATCH LTD.
    Inventors: Avi Turgeman, Yaron Lehmann, Yaron Azizi, Itai Novick
  • Patent number: 10055560
    Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker. The methods include monitoring of user-side input-unit interactions, in general and in response to an interference introduced to user-interface elements. The monitored interactions are used for detecting an attacker that utilizes a remote access channel; for detecting a malicious automatic script, as well as malicious code injection; to identify a particular hardware assembly; to perform user segmentation or user characterization; to enable a visual login process with implicit two-factor authentication; to enable stochastic cryptography; and to detect that multiple users are utilizing the same subscription account.
    Type: Grant
    Filed: September 27, 2016
    Date of Patent: August 21, 2018
    Assignee: BIOCATCH LTD.
    Inventor: Avi Turgeman
  • Patent number: 10049209
    Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a cyber-attacker. An end-user device (a desktop computer, a laptop computer, a smartphone, a tablet, or the like) interacts and communicates with a server of a computerized server (a banking website, an electronic commerce website, or the like). The interactions are monitored, tracked and logged. Communication interferences are intentionally introduced to the communication session; and the server tracks the response or the reaction of the end-user device to such communication interferences. The system determines whether the user is a legitimate human user; or a cyber-attacker posing as a legitimate human user but actually utilizing a Virtual Machine.
    Type: Grant
    Filed: September 26, 2016
    Date of Patent: August 14, 2018
    Assignee: BIOCATCH LTD.
    Inventors: Avi Turgeman, Yaron Lehmann
  • Patent number: 10037421
    Abstract: Devices, systems, and methods of user authentication. A system includes a spatial challenge unit to distinguish between a human user and a non-human user. The spatial challenge unit requires the user to perform one or more spatial operations that modify the spatial properties of an electronic device operated by the user. Correct performance of the required spatial operations, indicates that the user is human. The system also includes a spatial password unit, which tracks a manner in which a human user handles the electronic device while the user enters a password; and then utilizes this user-specific manner for user authentication, by checking whether a manner in which the user enters his password matches a reference manner of password entry or a historical manner of password entry. The system also utilizes sequence of spatial operations or spatial gestures, as a pure spatial password or purely-spatial user-authentication factor.
    Type: Grant
    Filed: June 20, 2016
    Date of Patent: July 31, 2018
    Assignee: BIOCATCH LTD.
    Inventors: Avi Turgeman, Ziv Levin
  • Patent number: 10032010
    Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker. A log-in process or a user-authentication process, is augmented or enriched by one or more incidental tasks, which force the user to perform additional on-screen interactions or input-unit interactions, which in turn enrich and augment the pool of user interactions from which the system extracts one or more user-specific features. The extracted user-specific features are used as part of the user authentication process, and are further used to differentiate among users.
    Type: Grant
    Filed: September 6, 2016
    Date of Patent: July 24, 2018
    Assignee: BIOCATCH LTD.
    Inventors: Avi Turgeman, Uri Rivner
  • Patent number: 9848009
    Abstract: Devices, systems, and methods of detecting whether an electronic device or computerized device or computer, is being controlled by a legitimate human user, or by an automated cyber-attack unit or malware or automatic script. The system monitors interactions performed via one or more input units of the electronic device. The system searches for abnormal input-user interactions; or for an abnormal discrepancy between: the input-unit gestures that were actually registered by the input unit, and the content that the electronic device reports as allegedly entered via such input units. A discrepancy or abnormality indicates that more-possibly, or necessarily or certainly, a malware or automated script is controlling the electronic device, rather than a legitimate human user. Optionally, an input-output aberration or interference is injected, in order to check for manual corrective actions that only a human user, and not an automated script, is able to perform.
    Type: Grant
    Filed: March 22, 2017
    Date of Patent: December 19, 2017
    Assignee: BioCatch Ltd.
    Inventors: Avi Turgeman, Itai Novick
  • Patent number: 9838373
    Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker. The methods include monitoring of user-side input-unit interactions, in general and in response to an interference introduced to user-interface elements. The monitored interactions are used for detecting an attacker that utilizes a remote access channel; for detecting a malicious automatic script, as well as malicious code injection; to identify a particular hardware assembly; to perform user segmentation or user characterization; to enable a visual login process with implicit two-factor authentication; to enable stochastic cryptography; and to detect that multiple users are utilizing the same subscription account.
    Type: Grant
    Filed: November 9, 2016
    Date of Patent: December 5, 2017
    Assignee: BioCatch Ltd.
    Inventor: Avi Turgeman
  • Patent number: 9779423
    Abstract: Devices, systems, and methods of generating and managing behavioral biometric cookies. The system monitors user-interactions of a user, that are performed via an input unit of an end-user device; and extracts a set of user-specific characteristics, which are used as a behavioral profile or behavioral signature. The set of user-specific characteristics are further used as a behavioral biometric cookie data-item, allowing the system to distinguish between two human users that utilize the same electronic device; and allowing the system to distinguish between a human user and an automated script. The system further allows creation and utilization of behavioral sub-cookies that distinguish among multiple users of the same device. The system also allows creation of a cross-device behavioral cookie, to track browsing history of a single user across multiple electronic devices.
    Type: Grant
    Filed: February 2, 2017
    Date of Patent: October 3, 2017
    Assignee: BioCatch Ltd.
    Inventor: Avi Turgeman
  • Patent number: 9747436
    Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a cyber-attacker. An end-user device interacts and communicates with a server of a computerized service, or with a local application or Web-browser running on the end-user device. A usage interference is injected or introduced, or an input/output mismatch or abnormality is created, causing an output displayed on the screen of the end-user device, to be non-matching to the expected or intended output that is typically displayed in response to regular non-interfered user gestures or regular non-interfered user input. The reaction or corrective manual actions of the user are tracked and analyzed, to differentiate among users, or to differentiate between an authorized human user and a human cyber-attacker, or to differentiate between an authorized human user and a computer bot or an automated computerized script.
    Type: Grant
    Filed: November 23, 2016
    Date of Patent: August 29, 2017
    Assignee: BioCatch Ltd.
    Inventor: Avi Turgeman
  • Patent number: 9712558
    Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a cyber-attacker. An end-user device (a desktop computer, a laptop computer, a smartphone, a tablet, or the like) interacts and communicates with a server of a computerized server (a banking website, an electronic commerce website, or the like). The interactions are monitored, tracked and logged. User Interface (UI) interferences or irregularities are intentionally introduced to the communication session; and the system tracks the response or the reaction of the end-user to such communication interferences. The system determines whether the user is a legitimate human user, or a cyber-attacker or automated script posing as the legitimate human user. The system further detects click-fraud, and prevents or mitigates Application Distributed Denial-of-Service attacks.
    Type: Grant
    Filed: November 22, 2016
    Date of Patent: July 18, 2017
    Assignee: BioCatch Ltd.
    Inventor: Avi Turgeman
  • Patent number: 9703953
    Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a cyber-attacker. An end-user device interacts and communicates with a server of a computerized server (a banking website, an electronic commerce website, or the like). The interactions are monitored, tracked and logged. User Interface (UI) interferences or irregularities are introduced; and the server tracks the response or the reaction of the end-user to such interferences. The system determines whether the user is a legitimate user, or a cyber-attacker or automated script posing as the legitimate user. The system utilizes classification of users into classes or groups, to deduce or predict how a group-member would behave when accessing the service through a different type of device. The system identifies user-specific traits that are platform-independent and thus can be further monitored when the user switches from a first platform to a second platform.
    Type: Grant
    Filed: April 1, 2015
    Date of Patent: July 11, 2017
    Assignee: BioCatch Ltd.
    Inventors: Avi Turgeman, Uri Rivner
  • Patent number: 9690915
    Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, detecting a possible cyber-attacker, detecting a remote access user, and detecting an automated script or malware. The methods include monitoring of user-side input-unit interactions, in general and in response to an interference introduced to user-interface elements. The monitored interactions are used for detecting an attacker that utilizes a remote access channel; for detecting a malicious automatic script, as well as malicious code injection; to identify a particular hardware assembly; to perform user segmentation or user characterization; to enable a visual login process with implicit two-factor authentication; to enable stochastic cryptography; and to detect that multiple users are utilizing the same subscription account.
    Type: Grant
    Filed: June 11, 2015
    Date of Patent: June 27, 2017
    Assignee: BioCatch Ltd.
    Inventors: Avi Turgeman, Itai Novick
  • Patent number: 9674218
    Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, detecting a cyber-attacker, and detecting click-fraud. An end-user device (a desktop computer, a laptop computer, a smartphone, a tablet, or the like) interacts and communicates with a server of a computerized server (a banking website, an electronic commerce website, or the like). The interactions are monitored, tracked and logged. User Interface (UI) interferences or irregularities are intentionally introduced to the communication session; and the server tracks the response or the reaction of the end-user to such communication interferences. The system determines whether the user is a legitimate human user, or a cyber-attacker or automated script posing as the legitimate human user. The system further detects click-fraud, and prevents or mitigates Application Distributed Denial-of-Service attacks.
    Type: Grant
    Filed: July 14, 2016
    Date of Patent: June 6, 2017
    Assignee: BioCatch Ltd.
    Inventor: Avi Turgeman