Abstract: System and methods are provided for mitigating click farm fraud by receiving network data and sensor data from a plurality of computing devices, extracting one or more features from the sensor data and the network data for each of the devices. The features represent one or more of a local physical environment and communication channel environment associated with a device of the plurality of computing devices. The method includes determining one or more subsets of the plurality of computing devices based on environmental and network characteristics of the one or more features, identifying, based on the one or more subsets and detected influencer activities, co-located computing devices, and responsive to determining that a count of the co-located computing devices is greater than a predetermined count, sending a session terminating command to one or more servers in communication with the co-located computing devices to mitigate click farm fraudulent activities.

Abstract: Systems and methods are provided for detecting when a user uses one or both hands to interact with a device having a physical or virtual keyboard. In one implementation, one-handed typing is determined by analyzing intragroup and intergroup keyflight timing distributions between different groups of clustered keys, each cluster having distinctly different proximal properties. A statistical measure made between the intragroup and intergroup keyflight timing distributions may be performed to determine one-handed or two-handed typing input, which may be used to enhance a user experience by adapting a viewing or input element to an appropriate hand setting. In another implementation, the detection may be used as input to determine a likelihood of suspected coaching fraud for online banking applications. In yet another implementation, the detection of one-handed typing is used as an input to bot detection algorithms to reduce false positives from other modalities.

Abstract: Systems and methods are provided for improving behavioral biometrics scoring accuracy. A method includes receiving streamed behavioral biometrics data and associated contextual data, determining a first trust score by evaluating the streamed behavioral biometric data, and if the first trust score is below a first predetermined value, separating the streamed behavioral biometrics data into contextualized bins corresponding to the contextual data to produce binned data. The contextualized bins can include a target identifier such as a data field; or a data type field, an area of a browser window, a task, and/or a physical activity. Responsive to a first threshold amount of accrued binned data, the method can include evaluating the binned data to determine a second trust score that is context-aware and sending an alert to the enterprise server responsive to the second trust score being below a second predetermined value.

Abstract: Systems and methods are provided for automatically generating unique identifiers for text fields and determining the type of information of a specific text field in an online user journey. The method identifies a data type identifier for each text field by training on historical sessions from many user interactions to group text fields, even with randomly generated IDs, and based on the metadata associated with the text fields. The method can predict the data type for new data and can enable the automatic selection and application of a correct keystroke dynamics algorithm for authentication and fraud detection.

Abstract: Systems and methods are provided for behavioral biometrics retraining on credential input provided by a user for authentication. A method includes receiving a successful login indication that a user has been authenticated for access on the enterprise server based on the credential input. The method includes receiving metadata and user behaviometric data corresponding to the credential input. The method includes computing, with a behavioral scoring module, a metadata similarity score by comparing the received metadata to metadata previously stored in a user profile, resetting at least a portion of previously stored user profile data based on receiving the successful login indication and the metadata similarity score being less than a threshold value, and training user profile data using the received user behaviometric data based on receiving the successful login indication and the metadata similarity score being less than a threshold value.

Abstract: Systems and methods are provided for detecting when a user uses one or both hands to interact with a device having a physical or virtual keyboard. In one implementation, one-handed typing is determined by analyzing intragroup and intergroup keyflight timing distributions between different groups of clustered keys, each cluster having distinctly different proximal properties. A statistical measure made between the intragroup and intergroup keyflight timing distributions may be performed to determine one-handed or two-handed typing input, which may be used to enhance a user experience by adapting a viewing or input element to an appropriate hand setting. In another implementation, the detection may be used as input to determine a likelihood of suspected coaching fraud for online banking applications. In yet another implementation, the detection of one-handed typing is used as an input to bot detection algorithms to reduce false positives from other modalities.

Abstract: The systems and methods are provided that can enable the detection of certain modes of online interactions carried out by a user's computing device, for example, when an online app or webpage of an enterprise is accessed by the user's computing device. Certain exemplary implementations may utilize collector code that resides in the app or webpage opened by users accessing the enterprise service to measure and collect timing data to detect whether the user's computing device or associated browsing session is subjected to modes of manipulation such as the user browser's privacy mode being engaged, malware interacting with the browsing session, and/or some type of aggregator interacting with the browsing session. Such modes of manipulation can impact the utility and accuracy of certain forms of behavioral biometric algorithms, particularly those that utilize users' typing, timing, keystroke dwell, etc.

Abstract: Detecting unauthorized access to a device is detected in embodiments of the disclosed technology. After downloading a webpage, code is executed in a browser to scan network ports and determine which ports are open. Further webpage content sent from a web server is determined and/or modified in embodiments of the disclosed technology based on which ports are open. In some embodiments, when a particular port or ports are already in use it is determined that a malfeasant actor has access to the end user device and as such, sensitive data or secure data which is intended for a specific user is no longer sent to the end user device.

Abstract: Detecting unauthorized access to a device is detected in embodiments of the disclosed technology. After downloading a webpage, code is executed in a browser to scan network ports and determine which ports are open. Further webpage content sent from a web server is determined and/or modified in embodiments of the disclosed technology based on which ports are open. In some embodiments, when a particular port or ports are already in use it is determined that a malfeasant actor has access to the end user device and as such, sensitive data or secure data which is intended for a specific user is no longer sent to the end user device.

Abstract: A computer-implemented method, program-code, web-client device and computer system to realize and guard over a secure input routine based on their behavior.

Abstract: Detecting unauthorized access to a device is detected in embodiments of the disclosed technology. After downloading a webpage, code is executed in a browser to scan network ports and determine which ports are open. Further webpage content sent from a web server is determined and/or modified in embodiments of the disclosed technology based on which ports are open. In some embodiments, when a particular port or ports are already in use it is determined that a malfeasant actor has access to the end user device and as such, sensitive data or secure data which is intended for a specific user is no longer sent to the end user device.

Abstract: Two user-authenticated sessions are compared between two different servers or users of two different financial institutions. Based on comparisons of sanitized key press timings, position or motion-related inputs, and other inputs it is determined that the sessions were/are with a same user. When this user is identified as a fraudulent actor or malfeasant with one server or banking institution, this data is shared, without sharing confidential information, with the other server or financial institution so that despite a lack of identifying the user himself/herself, the second server or financial institution can modify data sent to this user to prevent fraud and unauthorized access to data of another.

Abstract: Detecting unauthorized access to a device is detected in embodiments of the disclosed technology. After downloading a webpage, code is executed in a browser to scan network ports and determine which ports are open. Further webpage content sent from a web server is determined and/or modified in embodiments of the disclosed technology based on which ports are open. In some embodiments, when a particular port or ports are already in use it is determined that a malfeasant actor has access to the end user device and as such, sensitive data or secure data which is intended for a specific user is no longer sent to the end user device.

Abstract: A computer-implemented method, program-code, web-client device and computer system to realize and guard over a secure input routine based on their behavior.

Abstract: Estimation of gyroscopic data on a mobile device is determined based on receiving a plurality of magnetometer-angle vectors from a magnetometer and receiving a plurality of accelerometer-angle vectors from an accelerometer. A plurality of matrices transform a coordinate system of the mobile device to an Earth coordinate system based on the magnetometer-angle vectors and the accelerometer-angle vectors. A plurality of estimated gyroscope vectors are then determined based on the plurality of matrices. A computer-implemented method), a program-code, and program-product, and devices for producing same are further disclosed herein.