Patents by Inventor Avi Turgeman

Avi Turgeman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20190156034
    Abstract: Devices, systems, and methods of detecting a vishing attack, in which an attacker provides to a victim step-by-step over-the-phone instructions that command the victim to log-in to his bank account and to perform a dictated banking transaction. The system monitors transactions, online operations, user interactions, gestures performed via input units, and user engagement with User Interface elements. The system detects that the operations performed by the victim, follow a pre-defined playbook of a vishing attack. The system detects that the victim operates under duress or under dictated instructions, as exhibited in irregular doodling activity, data entry rhythm, typographical error introduction rhythm, unique posture of the user, alternating pattern of listening to phone instructions and performing online operations via a computer, and device orientation changes or spatial changes that characterize a device being used to perform an online transaction while also talking on the phone.
    Type: Application
    Filed: November 21, 2017
    Publication date: May 23, 2019
    Inventors: Oren Kedem, Avi Turgeman
  • Publication number: 20190158535
    Abstract: Devices, systems, and methods of detecting a vishing attack, in which an attacker provides to a victim step-by-step over-the-phone instructions that command the victim to log-in to his bank account and to perform a dictated banking transaction. The system monitors transactions, online operations, user interactions, gestures performed via input units, speed and timing of data entry, and user engagement with User Interface elements. The system detects that the operations performed by the victim, follow a pre-defined playbook of a vishing attack.
    Type: Application
    Filed: November 13, 2018
    Publication date: May 23, 2019
    Inventors: Oren Kedem, Avi Turgeman, Itai Novick, Alexander Basil Zaloum, Leonid Karabchevsky, Shira Mintz, Ron Uriel Maor
  • Patent number: 10298614
    Abstract: Devices, systems, and methods of generating and managing behavioral biometric cookies. The system monitors user-interactions of a user, that are performed via an input unit of an end-user device; and extracts a set of user-specific characteristics, which are used as a behavioral profile or behavioral signature. The set of user-specific characteristics are further used as a behavioral biometric cookie data-item, allowing the system to distinguish between two human users that utilize the same electronic device; and allowing the system to distinguish between a human user and an automated script. The system further allows creation and utilization of behavioral sub-cookies that distinguish among multiple users of the same device. The system also allows creation of a cross-device behavioral cookie, to track browsing or usage history of a single user across multiple electronic devices.
    Type: Grant
    Filed: September 19, 2017
    Date of Patent: May 21, 2019
    Assignee: BIOCATCH LTD.
    Inventor: Avi Turgeman
  • Publication number: 20190121956
    Abstract: Devices, systems, and methods of password recovery and password reset, as well as resetting or recovering other types of user-authentication factor. A system monitors and tracks user-interactions that are performed by a user of an electronic device or a computerized service. The system defines a user-specific task or challenge, in which the user is requested to enter a phrase or perform a task. A user-specific feature is extracted from the manner in which the user performs the task. Subsequently, that user-specific feature is utilized instead of a security question, in order to verify the identity of the user and to allow the user to perform password reset or to perform a reset of another user-authentication factor; by presenting to the user the same task or a similar task, and monitoring the manner in which the user performs the fresh task.
    Type: Application
    Filed: December 11, 2018
    Publication date: April 25, 2019
    Inventor: Avi Turgeman
  • Patent number: 10262324
    Abstract: Systems, devices, and methods for detecting identity of a user of a computerized service; for determining whether or not an electronic device is being used by a legitimate user; for detecting identity of a user based on navigation sequences; and for differentiating among users. The system monitors user interactions with a financial service or a retailer service, via input units, computer-mouse, keyboard, touch-screen; the system determines a unique sequence in which each users visits multiple pages, or interacts with multiple interface elements; and the system differentiates among users and flags a transaction as possibly-fraudulent.
    Type: Grant
    Filed: April 20, 2017
    Date of Patent: April 16, 2019
    Assignee: BIOCATCH LTD.
    Inventors: Avi Turgeman, Itai Novick
  • Publication number: 20190057200
    Abstract: System and method of collecting and processing data in electronic devices. A sensors data collector collects measurements from at least an accelerometer and a gyroscope of an electronic device. A data-loss prevention module operates to pass these measurements, immediately upon their collection, to a supplemental locally-running processing thread which retains the measurements even after a refresh of a web-page in which the measurements were collected, and which transmits the measurements to a remote server even after refresh of the web-page in which the measurements were collected. Non-global scope of functions is utilized, to reduce security exposure. An asynchronous SharedWorker module is utilized, to alleviate congestion of computing resources of the electronic device. Data obfuscation and encoding is utilized to maintain anonymity of user-entered data while still allowing a remote server to ensure the integrity of data received from the electronic device.
    Type: Application
    Filed: August 31, 2017
    Publication date: February 21, 2019
    Inventors: Yehuda Sabag, Leonid Karabchevsky, Avi Turgeman
  • Patent number: 10198122
    Abstract: Devices, systems, and methods of determining or estimating a level of force or pressure, that is applied by a user to a touch surface of an electronic device or an electronic system. A touch-screen or touch-pad or other touch-sensitive surface, measures or senses a size of a touch-spot that is engaged by a fingertip of the user; and further tracks and records the changes over time in the size of such touch-spot. Based on analysis of the changes of the size of the touch-spot over time, the touch surface or an associated driver or module determines or estimates the level of force or pressure that was applied by the user, or assigns a touch-force value or class.
    Type: Grant
    Filed: September 30, 2016
    Date of Patent: February 5, 2019
    Assignee: BIOCATCH LTD.
    Inventor: Avi Turgeman
  • Publication number: 20190028497
    Abstract: Devices, systems, and methods to detect malware, particularly an overlay malware that generates a fake, always-on-top, masking layer or an overlay component that attempts to steal passwords or other user credentials. A defensive module protects a victim application, particularly of an electronic device having a touch-screen. The defensive module generates a transparent or invisible always-on-top layer of its own; and periodically injects automatically-generated non-human tap events or touch-gesture events, and checks whether the injected events are indeed received, in order to determine whether an overlay malware is active.
    Type: Application
    Filed: July 20, 2017
    Publication date: January 24, 2019
    Inventors: Leonid Karabchevsky, Avi Turgeman
  • Patent number: 10164985
    Abstract: Devices, systems, and methods of password recovery and password reset, as well as resetting or recovering other types of user-authentication factor. A system monitors and tracks user-interactions that are performed by a user of an electronic device or a computerized service. The system defines a user-specific task or challenge, in which the user is requested to enter a phrase or perform a task. A user-specific feature is extracted from the manner in which the user performs the task. Subsequently, that user-specific feature is utilized instead of a security question, in order to verify the identity of the user and to allow the user to perform password reset or to perform a reset of another user-authentication factor; by presenting to the user the same task or a similar task, and monitoring the manner in which the user performs the fresh task.
    Type: Grant
    Filed: June 15, 2016
    Date of Patent: December 25, 2018
    Assignee: BIOCATCH LTD.
    Inventor: Avi Turgeman
  • Publication number: 20180351959
    Abstract: Devices, systems, and methods of detecting whether an electronic device or computerized device or computer, is communicating with a computerized service or a trusted server directly and without an intermediary web-proxy, or indirectly by utilizing a proxy server or web-proxy. The system searches for particular characteristics or attributes, that characterize a proxy-based communication session or channel and that do not characterize a direct non-proxy-based communication session or channel; or conversely, the system searches for particular characteristics or attributes, that characterize a direct non-proxy-based communication session or channel and that do not characterize a proxy-based communication session or channel; and based on these characteristics, determines whether or not a proxy server exists and operates.
    Type: Application
    Filed: August 8, 2018
    Publication date: December 6, 2018
    Inventors: Avi Turgeman, Yaron Lehmann, Yaron Azizi, Itai Novick
  • Publication number: 20180349583
    Abstract: Devices, systems, and methods of determining or estimating personal characteristics of a user as well as for detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker. A method includes monitoring interactions monitoring interactions of a particular user with an input-unit of an electronic device and with an entirety of the electronic device; analyzing the interactions; and based on analysis of the monitored interactions, determining a gender or an age-range of the particular user. Optionally, advertisements are tailored or selected based on the estimated gender or age-range of the particular user. Optionally, an online transaction is flagged or blocked, or is authorized, based on the estimated gender or age-range of the particular user.
    Type: Application
    Filed: August 9, 2018
    Publication date: December 6, 2018
    Inventors: Avi Turgeman, Alexander Basil Zaloum
  • Publication number: 20180314816
    Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker. A log-in process or a user-authentication process, is augmented or enriched by one or more incidental tasks, which force the user to perform additional on-screen interactions or input-unit interactions, which in turn enrich and augment the pool of user interactions from which the system extracts one or more user-specific features. The extracted user-specific features are used as part of the user authentication process, and are further used to differentiate among users.
    Type: Application
    Filed: July 3, 2018
    Publication date: November 1, 2018
    Inventors: Avi Turgeman, Uri Rivner
  • Patent number: 10083439
    Abstract: Devices, systems, and methods of user authentication, as well as automatic differentiation between a legitimate user and a cyber-attacker. A system detects that two different accounts of the same computerized service, were accessed by a single computing device over a short period of time. The system may employ various techniques in order to determine automatically whether a legitimate user accessed the two different account, such as, a husband accessing his own bank account and shortly after that accessing also his wife's bank account, or a payroll company accessing bank accounts of two clients for payroll management purposes. Conversely, the system is able to detect that the same user exhibited the same pattern of interactions when operating the two accounts, a pattern of interactions that does not frequently appear in the general population of legitimate users, thereby indicating that the single user is a cyber-attacker.
    Type: Grant
    Filed: June 26, 2016
    Date of Patent: September 25, 2018
    Assignee: BIOCATCH LTD.
    Inventors: Avi Turgeman, Oren Kedem
  • Patent number: 10079853
    Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, detecting a cyber-attacker, and detecting click-fraud. An end-user device (a desktop computer, a laptop computer, a smartphone, a tablet, or the like) interacts and communicates with a server of a computerized server (a banking website, an electronic commerce website, or the like). The interactions are monitored, tracked and logged. User Interface (UI) interferences or irregularities are intentionally introduced to the communication session; and the server tracks the response or the reaction of the end-user to such communication interferences. The system determines whether the user is a legitimate human user, or a cyber-attacker or automated script posing as the legitimate human user. The system further detects click-fraud, and prevents or mitigates Application Distributed Denial-of-Service attacks.
    Type: Grant
    Filed: July 17, 2016
    Date of Patent: September 18, 2018
    Assignee: BIOCATCH LTD.
    Inventor: Avi Turgeman
  • Patent number: 10069852
    Abstract: Devices, systems, and methods of detecting whether an electronic device or computerized device or computer, is being controlled by a legitimate human user, or by an automated cyber-attack unit or malware or automatic script. The system monitors interactions performed via one or more input units of the electronic device. The system searches for abnormal input-user interactions; or for an abnormal discrepancy between: the input-unit gestures that were actually registered by the input unit, and the content that the electronic device reports as allegedly entered via such input units. A discrepancy or abnormality indicates that more-possibly, or necessarily or certainly, a malware or automated script is controlling the electronic device, rather than a legitimate human user. Optionally, an input-output aberration or interference is injected, in order to check for manual corrective actions that only a human user, and not an automated script, is able to perform.
    Type: Grant
    Filed: December 13, 2017
    Date of Patent: September 4, 2018
    Assignee: BIOCATCH LTD.
    Inventors: Avi Turgeman, Itai Novick
  • Patent number: 10069837
    Abstract: Devices, systems, and methods of detecting whether an electronic device or computerized device or computer, is communicating with a computerized service or a trusted server directly and without an intermediary web-proxy, or indirectly by utilizing a proxy server or web-proxy. The system searches for particular characteristics or attributes, that characterize a proxy-based communication session or channel and that do not characterize a direct non-proxy-based communication session or channel; or conversely, the system searches for particular characteristics or attributes, that characterize a direct non-proxy-based communication session or channel and that do not characterize a proxy-based communication session or channel; and based on these characteristics, determines whether or not a proxy server exists and operates.
    Type: Grant
    Filed: July 7, 2016
    Date of Patent: September 4, 2018
    Assignee: BIOCATCH LTD.
    Inventors: Avi Turgeman, Yaron Lehmann, Yaron Azizi, Itai Novick
  • Patent number: 10055560
    Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker. The methods include monitoring of user-side input-unit interactions, in general and in response to an interference introduced to user-interface elements. The monitored interactions are used for detecting an attacker that utilizes a remote access channel; for detecting a malicious automatic script, as well as malicious code injection; to identify a particular hardware assembly; to perform user segmentation or user characterization; to enable a visual login process with implicit two-factor authentication; to enable stochastic cryptography; and to detect that multiple users are utilizing the same subscription account.
    Type: Grant
    Filed: September 27, 2016
    Date of Patent: August 21, 2018
    Assignee: BIOCATCH LTD.
    Inventor: Avi Turgeman
  • Patent number: 10049209
    Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a cyber-attacker. An end-user device (a desktop computer, a laptop computer, a smartphone, a tablet, or the like) interacts and communicates with a server of a computerized server (a banking website, an electronic commerce website, or the like). The interactions are monitored, tracked and logged. Communication interferences are intentionally introduced to the communication session; and the server tracks the response or the reaction of the end-user device to such communication interferences. The system determines whether the user is a legitimate human user; or a cyber-attacker posing as a legitimate human user but actually utilizing a Virtual Machine.
    Type: Grant
    Filed: September 26, 2016
    Date of Patent: August 14, 2018
    Assignee: BIOCATCH LTD.
    Inventors: Avi Turgeman, Yaron Lehmann
  • Patent number: 10037421
    Abstract: Devices, systems, and methods of user authentication. A system includes a spatial challenge unit to distinguish between a human user and a non-human user. The spatial challenge unit requires the user to perform one or more spatial operations that modify the spatial properties of an electronic device operated by the user. Correct performance of the required spatial operations, indicates that the user is human. The system also includes a spatial password unit, which tracks a manner in which a human user handles the electronic device while the user enters a password; and then utilizes this user-specific manner for user authentication, by checking whether a manner in which the user enters his password matches a reference manner of password entry or a historical manner of password entry. The system also utilizes sequence of spatial operations or spatial gestures, as a pure spatial password or purely-spatial user-authentication factor.
    Type: Grant
    Filed: June 20, 2016
    Date of Patent: July 31, 2018
    Assignee: BIOCATCH LTD.
    Inventors: Avi Turgeman, Ziv Levin
  • Patent number: 10032010
    Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker. A log-in process or a user-authentication process, is augmented or enriched by one or more incidental tasks, which force the user to perform additional on-screen interactions or input-unit interactions, which in turn enrich and augment the pool of user interactions from which the system extracts one or more user-specific features. The extracted user-specific features are used as part of the user authentication process, and are further used to differentiate among users.
    Type: Grant
    Filed: September 6, 2016
    Date of Patent: July 24, 2018
    Assignee: BIOCATCH LTD.
    Inventors: Avi Turgeman, Uri Rivner