Abstract: Disclosed herein are methods and systems for transferring trust between authentication devices associated with the same user. The user accessing secure online resource(s) uses a first (authentication) client device which is not yet associated (verified) with the user for accessing the secure online resource(s). In response to receiving an authentication request from the client device, an authentication message is transmitted to the first client device. The authentication message is transferred from the first client device to a second client device already associated (verified) with the user for accessing the secure online resource(s). The second authenticator transmits back the authentication message which may be verified against the authentication message transmitted to the first client device.

Abstract: Disclosed herein are systems and methods for recovering online services user accounts of users based on verification of the users in video conferences, comprising receiving a request for recovering an account of a user of an online service, establishing one or more video conference sessions between a client device used by the user, client devices used by one or more trustees associated with the user and a bot agent initiated for the video conference session(s), operating the bot agent during the one or more video conference sessions to guide the one or more trustees to verify an identity of the user, and initiating an account recovery process for the account of the user in response to receiving a positive verification verdict from the one or more trustees.

Abstract: Disclosed herein are methods, systems and device for estimating an identity confidence level for a user requesting access to a secure resource, comprising: initiating an authentication session to authenticate the user using a client device to access the secure resource, computing a cumulative identity confidence score in a plurality of iterations and successfully authenticating the user in case the cumulative identity confidence score exceeds a threshold predefined for the secure resource.

Abstract: Disclosed herein are methods and systems for transferring trust between authentication devices associated with the same user. The user accessing secure online resource(s) uses a first (authentication) client device which is not yet associated (verified) with the user for accessing the secure online resource(s). In response to receiving an authentication request from the client device, an authentication message is transmitted to the first client device. The authentication message is transferred from the first client device to a second client device already associated (verified) with the user for accessing the secure online resource(s). The second authenticator transmits back the authentication message which may be verified against the authentication message transmitted to the first client device.

Abstract: A computerized method of reducing a probability for falsely classifying a legitimate authentication process conducted by a legitimate user as a password guessing attack, comprising estimating a password guessing attack risk for an authentication process conducted by a user for accessing a secure service by performing the following for each of a plurality of failed access attempts in which the user provides incorrect authentication credentials: (1) calculate a risk score for a respective failed access attempt based on analysis of the incorrect authentication credentials provided during the respective failed access attempt and (2) update an authentication session score of the authentication process according to the calculated risk score and initiate one or more actions in case the updated authentication session value exceeds one or more threshold values extracted from a security policy predefined for the secure service.

Abstract: Disclosed herein are methods, systems and device for estimating an identity confidence level for a user requesting access to a secure resource, comprising: initiating an authentication session to authenticate the user using a client device to access the secure resource, computing a cumulative identity confidence score in a plurality of iterations and successfully authenticating the user in case the cumulative identity confidence score exceeds a threshold predefined for the secure resource.

Abstract: Presented herein are methods, systems and devices for authenticating a user according to a secure One Time Password (OTP), comprising generating a challenge encoding a first public key of a temporary key pair generated for use during a specific authentication process, storing a first private key of the temporary key pair, outputting the challenge to a code generation device associated with a user, receiving an OTP code derived by the code generation device from an outcome of a key agreement algorithm applied to the first public and a second private key of an authentication key pair uniquely associated with the code generation device, deriving a reference OTP code from an outcome of the key agreement algorithm applied to the first private key and a second public key of the authentication key pair, and authenticating the user according to a match between the OTP code and the reference OTP code.

Abstract: A system for enforcing a security policy on an application stored at a mobile device has an application at the device provided with software code for issuing a request for authenticating a user, and a security enforcement unit; an authentication agent at the device, which is separate from the application, and which is configured with an authentication data collecting unit for collecting authentication data upon receipt of the request for user authentication from the application, and for conveying the collected authentication data to an authentication-authorization server; and an authentication-authorization server for receiving the collected authentication data, evaluating the same, and issuing an enforcement level signal which is conveyed to the security enforcement unit. Upon receipt of the enforcement level signal, the security enforcement unit accordingly applies a security level at the application.

Abstract: A computerized method of reducing a probability for falsely classifying a legitimate authentication process conducted by a legitimate user as a password guessing attack, comprising estimating a password guessing attack risk for an authentication process conducted by a user for accessing a secure service by performing the following for each of a plurality of failed access attempts in which the user provides incorrect authentication credentials: (1) calculate a risk score for a respective failed access attempt based on analysis of the incorrect authentication credentials provided during the respective failed access attempt and (2) update an authentication session score of the authentication process according to the calculated risk score and initiate one or more actions in case the updated authentication session value exceeds one or more threshold values extracted from a security policy predefined for the secure service.

Abstract: A computer implemented method of generating a Time based One Time Password (TOTP) comprising a risk assessment index comprising, monitoring an authentication process in which a user provides authentication credentials to enable the code generation device to generate a TOTP for use by a client device associated with the user to access a secure service, calculating a risk index indicating an estimated risk level of the authentication process based on data collected during the authentication process, generating the TOTP based on a unique secret key assigned to the code generation device and a current time, the TOTP is encoded to encode the risk index and outputting the encoded TOTP for transmission to an authentication system adapted to generate an authentication score for the user attempting to access the secure service based on verification of the TOTP and according to the risk index.

Abstract: Managing denial-of-service attacks by intercepting a query by a client software executed by a computer to resolve at a DNS server a network address associated with a target computer system, determining if the DNS server is under denial-of-service attack, and providing to the client software, in response to the query, an alternate network address associated with the target computer system if the DNS server is under denial-of-service attack.

Abstract: The invention relates to a system for enforcing a security policy on an application stored at a mobile device, which comprises: (a) an application at said device which comprises: (a.1) software code within the application for issuing a request for authenticating a user; and (a.2) a security enforcement unit; (b) an authentication agent at said device, which is separate from the application, and which comprises: (b.1) an authentication data collecting unit for collecting authentication data upon receipt of said request for a user authentication from the application, and for conveying said collected authentication data to an authentication-authorization server; and (c) an authentication-authorization server for receiving said collected authentication data, evaluating the same, and issuing an enforcement level signal which is conveyed to said security enforcement unit; wherein, upon receipt of said enforcement level signal, said security enforcement unit accordingly applies a security level at said application.

Abstract: A system for automatic stability determination and deployment of discrete parts of a profile representing normal behavior to provide fast protection of web applications is disclosed. The system, in response to a sensor collecting from HTTP requests sent by the clients to the web application installed on the protected device, automatically creates for a web application a profile with discrete parts that will represent normal behavior so that deviations from the profile can be considered anomalous. The system automatically determines that a first of the discrete parts of the profile has become stable. The system then automatically deploys the first discrete part of the profile to the sensor that now will compare with the first discrete part of the profile subsequent HTTP requests sent by the clients to the web application to detect deviations from the normal behavior represented by the first discrete part.

Abstract: A system for automatic stability determination and deployment of discrete parts of a profile representing normal behavior to provide fast protection of web applications is disclosed. The system, in response to a sensor collecting from HTTP requests sent by the clients to the web application installed on the protected device, automatically creates for a web application a profile with discrete parts that will represent normal behavior so that deviations from the profile can be considered anomalous. The system automatically determines that a first of the discrete parts of the profile has become stable. The system then automatically deploys the first discrete part of the profile to the sensor that now will compare with the first discrete part of the profile subsequent HTTP requests sent by the clients to the web application to detect deviations from the normal behavior represented by the first discrete part.

Abstract: A system for automatic stability determination and deployment of discrete parts of a profile representing normal behavior to provide fast protection of web applications is disclosed. The system, in response to a sensor collecting from HTTP requests sent by the clients to the web application installed on the protected device, automatically creates for a web application a profile with discrete parts that will represent normal behavior so that deviations from the profile can be considered anomalous. The system automatically determines that a first of the discrete parts of the profile has become stable. The system then automatically deploys the first discrete part of the profile to the sensor that now will compare with the first discrete part of the profile subsequent HTTP requests sent by the clients to the web application to detect deviations from the normal behavior represented by the first discrete part.

Abstract: A computer implemented user authentication method, according to which a mobile application is installed on the mobile terminal device of the user and when the user inputs his username and password, the mobile application creates a private and public encryption keys and encrypts the password with the public key. Data including the encrypted password, the username and the public key is sent to a dedicated server and stored therein as an encrypted file under the username, along with information required for contacting the user's mobile terminal device. The user to selects, and enrolls to, an advanced authentication mechanism, which creates an authentication key for validating the identity of the user and encrypting the private key. The encrypted private key is stored on the user's terminal device. Upon launching the mobile application, the user selects a preferred advanced authentication mechanism which returns an authentication key upon successful authentication of the user.

Abstract: The invention relates to system for validating a transaction in an institution and ensuring that said transaction has not been exploited by use of social-engineering, which comprises: (A). in an institution server: (a) a validation engine which is configured to: (a.1)receiving a request message for the performance of a transaction validation against a possibility of social-engineering type manipulation, said request comprises parameters of said transaction; (a.2) based on a set of predefined rules and on a storage of predefined template messages, selecting a message template from said storage, filling fields of the message with specific data, and sending an inquiry message to an application of said institution within a customer device; and (a.3) receiving a response message from said application, and either repeating formulation and sending of an additional message to said application, or concluding the request; (B.) in a customer device: (b) an application and a user interface for: (b.

Abstract: The invention relates to a system for validating a pair of phone number and person's name, which comprises: (a) a logical unit at a provider's server which is configured to receive said pair, and to determine based on a number of full matches or partial matches of said pair within as many as possible individual contact lists of respective mobile devices whether the pair is valid or not; and (b) a module within each provider's application which are in turn installed within each of said mobile devices, said module is configured to communicate with the respective contact list stored in the mobile, and to (a) either communicate said full contact list to said provider's server, or (b) to determine whether a full or partial match exists with said pair, and to communicate the determined result to said provider's server.

Abstract: A computer implemented user authentication method, according to which a mobile application is installed on the mobile terminal device of the user and when the user inputs his username and password, the mobile application creates a private and public encryption keys and encrypts the password with the public key. Data including the encrypted password, the username and the public key is sent to a dedicated server and stored therein as an encrypted file under the username, along with information required for contacting the user's mobile terminal device. The user to selects, and enrolls to, an advanced authentication mechanism, which creates an authentication key for validating the identity of the user and encrypting the private key. The encrypted private key is stored on the user's terminal device. Upon launching the mobile application, the user selects a preferred advanced authentication mechanism which returns an authentication key upon successful authentication of the user.

Abstract: A method for detecting HTML-modifying malware present in a computer includes providing a server which serves a web page (HTML) to a browser. A determination is made whether a modified string exists in the page received by the browser and if a modifying element is found, determining the malware is present in the computer.