Abstract: In one approach, a method includes: receiving a reference login event input from a user, the reference login event input being associated with a first session of the user logging into an account; receiving a new login event input from the user, the new login event input being associated with a second session of the user logging into the account; accessing a machine learning model, wherein the machine learning model is trained using data selected based on a similarity of behavior between different users; and authenticating, with the machine learning model, the user for the account, based at least in part on the reference login event input and the new login event input. In examples, the reference and new login event inputs comprise one or more items of biometric data generated by interaction of the user in a web environment and/or a mobile environment for logging into the account.

Abstract: Anti-impersonation techniques using device-context information and user behavior information from a session. The session can include a time period where a user of the client computer is performing an activity on the client computer (e.g., the session includes the user logging into an account online). The behavior information can include information on ways the user uses user input devices during the session. The device-context information can include HTTP session information. The techniques can include generating feature vector(s) for the received information, and comparing the feature vector(s) against model(s) of related historical information. The comparisons can provide level(s) of deviation of the feature vector(s) from the model(s). Also, the techniques can include determining whether the session is anomalous or normal according to the level(s) of deviation, and performing a security action in response to determining the session is anomalous.

Abstract: The disclosed techniques utilize round-trip times (RTTs) from back-and-forth communications with distant servers to detect impersonations in a computer network, such as impersonations using IP spoofing. Also, the techniques can use machine learning to enhance analysis in spoofing detection. The techniques can include sending a computer program to a client device. The client device can have an IP address, and the computer program can be executed by the client device after it is received by the client device. The computer program can measure RTTs for messages the computer program sends to multiple pre-selected location servers at different remote or distant locations and for corresponding reply messages that are returned to the computer program. The IP address of the client device and the measured RTTs can then be received and used to determine whether the measured RTTs are anomalous or not; and thus, determine a possible impersonator or a legitimate user.

Abstract: A method for verifying authenticity of a physical document includes receiving an image of a physical document to be authenticated including the physical document and a background. A pre-processed image is produced that includes the physical document separated from the background. The producing includes separating the physical document from the background by semantic segmentation utilizing an artificial neural network trained using an augmented dataset generated by applying geometric transformations over different backgrounds. Features of the pre-processed image are extracted to determine a document type. In response to determining the document type of the physical document, the method includes verifying, utilizing a machine learning classifier, whether the physical document is authentic based on the extracted features relative to expected features for the corresponding document type. An indication of whether the physical document is authentic based on the verifying is generated.

Abstract: The disclosed techniques include systems and methods for implementing liveliness detection in an authentication process using pupil or iris tracking. The disclosed techniques can utilize a combination of facial recognition and pupil or iris tracking for liveliness detection in an authentication process to provide an extra layer of security against impersonation attacks.

Abstract: The disclosed techniques include systems and methods for implementing liveliness detection in an authentication process using pupil or iris tracking. The disclosed techniques can utilize a combination of facial recognition and pupil or iris tracking for liveliness detection in an authentication process to provide an extra layer of security against impersonation attacks.

Abstract: The disclosed techniques utilize round-trip times (RTTs) from back-and-forth communications with distant servers to detect impersonations in a computer network, such as impersonations using IP spoofing. Also, the techniques can use machine learning to enhance analysis in spoofing detection. The techniques can include sending a computer program to a client device. The client device can have an IP address, and the computer program can be executed by the client device after it is received by the client device. The computer program can measure RTTs for messages the computer program sends to multiple pre-selected location servers at different remote or distant locations and for corresponding reply messages that are returned to the computer program. The IP address of the client device and the measured RTTs can then be received and used to determine whether the measured RTTs are anomalous or not; and thus, determine a possible impersonator or a legitimate user.

Abstract: Anti-impersonation techniques using device-context information and user behavior information from a session. The session can include a time period where a user of the client computer is performing an activity on the client computer (e.g., the session includes the user logging into an account online). The behavior information can include information on ways the user uses user input devices during the session. The device-context information can include HTTP session information. The techniques can include generating feature vector(s) for the received information, and comparing the feature vector(s) against model(s) of related historical information. The comparisons can provide level(s) of deviation of the feature vector(s) from the model(s). Also, the techniques can include determining whether the session is anomalous or normal according to the level(s) of deviation, and performing a security action in response to determining the session is anomalous.