Abstract: System, device, and method of secure utilization of fingerprints for user authentication. A method includes: capturing a fingerprint that a particular user provides to an electronic device; generating a raw fingerprint signature that corresponds to bodily features of the fingerprint of the particular user; monitoring user interactions of the particular user, during the capturing of the raw fingerprint, via one or more input units of the electronic device; extracting from the monitored user interactions a user-specific characteristic that is user-specific to the interactions of the particular user; generating a user-specific reference fused data-item, by utilizing both: (I) the raw fingerprint signature that was generated, and (II) the user-specific characteristic that was extracted; subsequently, utilizing the reference fused data-item as a reference for user-authentication.

Abstract: Devices, systems, and methods of detecting user identity, authenticating a user to a computerized service or to an electronic device, differentiating between users of a computerized service, and detecting possible attackers or possible fraudulent transactions. A method includes: generating a user authentication session that requires a user to enter a secret by performing a task; monitoring the user interactions during task performance; extracting a user-specific behavioral characteristic, and utilizing it as a factor in user authentication. The task requires the user to perform on-screen operations via a touch-screen or touchpad or mouse or other input unit of the electronic device, or to move in space or tilt in space the entirety of the electronic device in a way that causes inputting of the secret data-item.

Abstract: System and method of collecting and processing data in electronic devices. A sensors data collector collects measurements from at least an accelerometer and a gyroscope of an electronic device. A data-loss prevention module operates to pass these measurements, immediately upon their collection, to a supplemental locally-running processing thread which retains the measurements even after a refresh of a web-page in which the measurements were collected, and which transmits the measurements to a remote server even after refresh of the web-page in which the measurements were collected. Non-global scope of functions is utilized, to reduce security exposure. An asynchronous SharedWorker module is utilized, to alleviate congestion of computing resources of the electronic device. Data obfuscation and encoding is utilized to maintain anonymity of user-entered data while still allowing a remote server to ensure the integrity of data received from the electronic device.

Abstract: Devices, systems, and methods of detecting whether an electronic device or computerized device or computer, is communicating with a computerized service or a trusted server directly and without an intermediary web-proxy, or indirectly by utilizing a proxy server or web-proxy. The system searches for particular characteristics or attributes, that characterize a proxy-based communication session or channel and that do not characterize a direct non-proxy-based communication session or channel; or conversely, the system searches for particular characteristics or attributes, that characterize a direct non-proxy-based communication session or channel and that do not characterize a proxy-based communication session or channel; and based on these characteristics, determines whether or not a proxy server exists and operates.

Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting possible attackers; as well as password-less user authentication, and password-less detection of user identity. A system or a computing device requires a user to perform a particular unique non-user-defined task, the task optionally being an on-screen connect-the-dots task. The system monitors user interactions, extracts user-specific features that characterizes the manner in which the user performs the tasks; and subsequently relies on such user-specific features as a means for user authentication, optionally without utilizing a password or passphrase. Optionally, a user interface anomaly or interference is intentionally introduced in order to elicit the user to perform corrective gestures, which are optionally used for extraction of additional user-specific features.

Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker. The methods include monitoring of user-side input-unit interactions, in general and in response to an interference introduced to user-interface elements. The monitored interactions are used for detecting an attacker that utilizes a remote access channel; for detecting a malicious automatic script, as well as malicious code injection; to identify a particular hardware assembly; to perform user segmentation or user characterization; to enable a visual login process with implicit two-factor authentication; to enable stochastic cryptography; and to detect that multiple users are utilizing the same subscription account.

Abstract: System, method, and device of detecting identity of a user and authenticating a user; as well as detecting a possible attacker or impostor, and differentiating among users of an electronic device or of a computerized service. A mobile or portable electronic device is utilized to capture a self-taken image or video of a user, which is utilized as a user-authentication factor. The accelerometer and gyroscope or device-orientation sensor of the mobile device, sense and measure spatial and physical device properties during, before or after the submission of the self-taken image or video. Based on such spatial and physical device properties, in combination with computer-vision analysis of the content shown in the self-taken image or video, the system determines liveness of the user and freshness of the submitted self-taken image or video, and differentiates between a legitimate user and an attacker.

Abstract: System, device, and method for behaviorally validated link analysis, session linking, transaction linking, transaction back-coloring, transaction forward-coloring, fraud detection, and fraud mitigation. A method includes: receiving an indicator of a seed transaction known to be fraudulent; selecting, from a database of transactions, multiple transactions that share at least one common property with the seed transaction; generating a list of candidate fraudulent transactions; filtering the candidate fraudulent transactions, by applying a transaction filtering rule that is based on one or more behavioral characteristics; and generating a filtered list of candidate fraudulent transactions.

Abstract: A method for confirming identity of a user of a mobile electronic device, the method including: receiving touch data from a touch-screen of the mobile electronic device; receiving acceleration data from an accelerometer of the mobile electronic device; correlating between the touch data and the acceleration data; based on the correlating, generating a user-specific trait indicative of said user. The method further includes storing a reference value of the user-specific trait, indicative of said user; in a subsequent usage session of the mobile electronic device, generating a current value of the user-specific trait correlating between touch data and acceleration data; and based on a comparison between the current value of the user-specific trait and the reference value of the user-specific trait, determining whether or not a current user of the mobile electronic device is an authorized user of the mobile electronic device.

Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a cyber-attacker. An end-user device (a desktop computer, a laptop computer, a smartphone, a tablet, or the like) interacts and communicates with a server of a computerized server (a banking website, an electronic commerce website, or the like). The interactions are monitored, tracked and logged. User Interface (UI) interferences are intentionally introduced to the communication session; and the server tracks the response or the reaction of the end-user to such communication interferences. The system determines whether the user is a legitimate human user; or a cyber-attacker posing as the legitimate human user. The system displays gauges indicating cyber fraud scores or cyber-attack threat-levels.

Abstract: Devices, systems, and methods to detect malware, particularly an overlay malware that generates a fake, always-on-top, masking layer or an overlay component that attempts to steal passwords or other user credentials. A defensive module protects a victim application, particularly of an electronic device having a touch-screen. The defensive module generates a transparent or invisible always-on-top layer of its own; and periodically injects automatically-generated non-human tap events or touch-gesture events, and checks whether the injected events are indeed received, in order to determine whether an overlay malware is active.

Abstract: System, method, and device of detecting identity of a user and authenticating a user; as well as detecting a possible attacker or impostor, and differentiating among users of an electronic device or of a computerized service. A mobile or portable electronic device is utilized to capture a self-taken image of a user, which is utilized as a user-authentication factor. The accelerometer and gyroscope of the mobile device, sense and measure spatial device properties during, before or after the submission of the self-image authentication factor; and based on such spatial device properties, the system determines liveness of the user, freshness of the submitted self-image, and possibly differentiates between a legitimate user and an attacker.

Abstract: Method, device, and system of detecting a mule bank account, or a bank account used for terror funding or money laundering. A method includes: monitoring interactions of a user with a computing device during online access with a banking account; and based on the monitoring, determining that the online banking account is utilized as a mule bank account to illegally receive and transfer money. The method takes into account one or more indicators, such as, utilization of a remote access channel, utilization of a virtual machine or a proxy server, unique behavior across multiple different account, temporal correlation among operations, detection of a set of operations that follow a pre-defined mule account playbook, detection of multiple incoming fund transfers from multiple countries that are followed by a single outgoing fund transfer to a different country, and other suitable indicators.

Abstract: Devices, systems, and methods of detecting a vishing attack, in which an attacker provides to a victim step-by-step over-the-phone instructions that command the victim to log-in to his bank account and to perform a dictated banking transaction. The system monitors transactions, online operations, user interactions, gestures performed via input units, and user engagement with User Interface elements. The system detects that the operations performed by the victim, follow a pre-defined playbook of a vishing attack. The system detects that the victim operates under duress or under dictated instructions, as exhibited in irregular doodling activity, data entry rhythm, typographical error introduction rhythm, unique posture of the user, alternating pattern of listening to phone instructions and performing online operations via a computer, and device orientation changes or spatial changes that characterize a device being used to perform an online transaction while also talking on the phone.

Abstract: Devices, systems, and methods of detecting a vishing attack, in which an attacker provides to a victim step-by-step over-the-phone instructions that command the victim to log-in to his bank account and to perform a dictated banking transaction. The system monitors transactions, online operations, user interactions, gestures performed via input units, speed and timing of data entry, and user engagement with User Interface elements. The system detects that the operations performed by the victim, follow a pre-defined playbook of a vishing attack.

Abstract: Devices, systems, and methods of generating and managing behavioral biometric cookies. The system monitors user-interactions of a user, that are performed via an input unit of an end-user device; and extracts a set of user-specific characteristics, which are used as a behavioral profile or behavioral signature. The set of user-specific characteristics are further used as a behavioral biometric cookie data-item, allowing the system to distinguish between two human users that utilize the same electronic device; and allowing the system to distinguish between a human user and an automated script. The system further allows creation and utilization of behavioral sub-cookies that distinguish among multiple users of the same device. The system also allows creation of a cross-device behavioral cookie, to track browsing or usage history of a single user across multiple electronic devices.

Abstract: Devices, systems, and methods of password recovery and password reset, as well as resetting or recovering other types of user-authentication factor. A system monitors and tracks user-interactions that are performed by a user of an electronic device or a computerized service. The system defines a user-specific task or challenge, in which the user is requested to enter a phrase or perform a task. A user-specific feature is extracted from the manner in which the user performs the task. Subsequently, that user-specific feature is utilized instead of a security question, in order to verify the identity of the user and to allow the user to perform password reset or to perform a reset of another user-authentication factor; by presenting to the user the same task or a similar task, and monitoring the manner in which the user performs the fresh task.

Abstract: Systems, devices, and methods for detecting identity of a user of a computerized service; for determining whether or not an electronic device is being used by a legitimate user; for detecting identity of a user based on navigation sequences; and for differentiating among users. The system monitors user interactions with a financial service or a retailer service, via input units, computer-mouse, keyboard, touch-screen; the system determines a unique sequence in which each users visits multiple pages, or interacts with multiple interface elements; and the system differentiates among users and flags a transaction as possibly-fraudulent.

Abstract: System and method of collecting and processing data in electronic devices. A sensors data collector collects measurements from at least an accelerometer and a gyroscope of an electronic device. A data-loss prevention module operates to pass these measurements, immediately upon their collection, to a supplemental locally-running processing thread which retains the measurements even after a refresh of a web-page in which the measurements were collected, and which transmits the measurements to a remote server even after refresh of the web-page in which the measurements were collected. Non-global scope of functions is utilized, to reduce security exposure. An asynchronous SharedWorker module is utilized, to alleviate congestion of computing resources of the electronic device. Data obfuscation and encoding is utilized to maintain anonymity of user-entered data while still allowing a remote server to ensure the integrity of data received from the electronic device.

Abstract: Devices, systems, and methods of determining or estimating a level of force or pressure, that is applied by a user to a touch surface of an electronic device or an electronic system. A touch-screen or touch-pad or other touch-sensitive surface, measures or senses a size of a touch-spot that is engaged by a fingertip of the user; and further tracks and records the changes over time in the size of such touch-spot. Based on analysis of the changes of the size of the touch-spot over time, the touch surface or an associated driver or module determines or estimates the level of force or pressure that was applied by the user, or assigns a touch-force value or class.