Abstract: System and methods are provided for mitigating click farm fraud by receiving network data and sensor data from a plurality of computing devices, extracting one or more features from the sensor data and the network data for each of the devices. The features represent one or more of a local physical environment and communication channel environment associated with a device of the plurality of computing devices. The method includes determining one or more subsets of the plurality of computing devices based on environmental and network characteristics of the one or more features, identifying, based on the one or more subsets and detected influencer activities, co-located computing devices, and responsive to determining that a count of the co-located computing devices is greater than a predetermined count, sending a session terminating command to one or more servers in communication with the co-located computing devices to mitigate click farm fraudulent activities.

Abstract: Systems and methods are provided for improving behavioral biometrics scoring accuracy. A method includes receiving streamed behavioral biometrics data and associated contextual data, determining a first trust score by evaluating the streamed behavioral biometric data, and if the first trust score is below a first predetermined value, separating the streamed behavioral biometrics data into contextualized bins corresponding to the contextual data to produce binned data. The contextualized bins can include a target identifier such as a data field; or a data type field, an area of a browser window, a task, and/or a physical activity. Responsive to a first threshold amount of accrued binned data, the method can include evaluating the binned data to determine a second trust score that is context-aware and sending an alert to the enterprise server responsive to the second trust score being below a second predetermined value.

Abstract: Systems and methods are provided for automatically generating unique identifiers for text fields and determining the type of information of a specific text field in an online user journey. The method identifies a data type identifier for each text field by training on historical sessions from many user interactions to group text fields, even with randomly generated IDs, and based on the metadata associated with the text fields. The method can predict the data type for new data and can enable the automatic selection and application of a correct keystroke dynamics algorithm for authentication and fraud detection.

Abstract: Systems and methods are provided for behavioral biometrics retraining on credential input provided by a user for authentication. A method includes receiving a successful login indication that a user has been authenticated for access on the enterprise server based on the credential input. The method includes receiving metadata and user behaviometric data corresponding to the credential input. The method includes computing, with a behavioral scoring module, a metadata similarity score by comparing the received metadata to metadata previously stored in a user profile, resetting at least a portion of previously stored user profile data based on receiving the successful login indication and the metadata similarity score being less than a threshold value, and training user profile data using the received user behaviometric data based on receiving the successful login indication and the metadata similarity score being less than a threshold value.

Abstract: A method for determining whether a secure transaction between a user computing device and a server, connected via a network, is controlled remotely via a remote access tool. The method includes, during the secure transaction, actively perturbing and/or probing the network to change the conditions in the network. During perturbing of the network, data relating to user interactions with a user interface associated with the user computing device is collected and compared to reference data relating to user interactions carried out prior to the secure transaction or prior to perturbing of the network. Based on the comparison, a probability that the secure transaction is carried out via a remote access tool is computed and is compared to a predefined threshold. If the threshold is exceeded, the secure transaction is terminated.

Abstract: a user profile of behavior of a specific user is generated, including obtaining a plurality of dummy user profiles. An initial behavioral dataset relating to the behavior of the specific user during a specific transaction is collected, and compared to each of the plurality of dummy user profiles. When the initial behavioral dataset matches at least one of the plurality of dummy user profiles, the method further includes initiating a new user profile of the specific user to be equivalent to the at least a portion of at least one of the plurality of dummy user profiles, and further training the new user profile based on the initial behavioral dataset, to modify the new user profile to more accurately reflect behavior of the specific user.

Abstract: A computer-implemented method, program-code, web-client device and computer system to realize and guard over a secure input routine based on their behavior.

Abstract: A computer-implemented method, computer device and computer system for detecting multiple users based on a biometric user profile and/or a behavioral user profile.

Abstract: Method for a secure authenticating of a user identity of a device for a service during a session including a transaction between an authentication-client and a connected authentication-server, whereby said authentication-client is running on said device using a user-agent with a specific authentication-interface to communicate encrypted authentication messages using a Transport Layer Security (TLS) protocol between said user-agent of said authentication-client and a web-server of both said authentication-server of a ‘Relying Party’ using a unique and secret authentication-identifier (e.g. a hash-value created from ‘Relying Party’, date and time) between them, and a Behaviometric-server using a unique and secret Behaviometric-identifier (e.g. a hash-value created from a Behaviometric-Server, date and time) between them, whereby said session comprising an earlier authentication stage and at least in authentication case (said user identity is positively authenticated) a later controlling stage.

Abstract: A computer-implemented method, program-code, web-client device and computer system to realize and guard over a secure input routine based on their behavior.

Abstract: Method for a secure authenticating of a user identity of a device for a service during a session including a transaction between an authentication-client and a connected authentication-server, whereby said authentication-client is running on said device using a user-agent with a specific authentication-interface to communicate encrypted authentication messages using a Transport Layer Security (TLS) protocol between said user-agent of said authentication-client and a web-server of both said authentication-server of a ‘Relying Party’ using a unique and secret authentication-identifier (e.g. a hash-value created from ‘Relying Party’, date and time) between them, and a Behaviometric-server using a unique and secret Behaviometric-identifier (e.g. a hash-value created from a Behaviometric-Server, date and time) between them, whereby said session comprising an earlier authentication stage and at least in authentication case (said user identity is positively authenticated) a later controlling stage.

Abstract: A computer-implemented method for secure authentication of a user to a service for executing a transaction, the method being implemented in a system including a user device including a FIDO-client, a FIDO-server of a relying party providing the service, a behaviometric server and a web server associated with the relying party, the method including a preparation stage and an authentication stage. In the preparation stage a TLS-connection is established between the user device and the web-server, behavioral input data is collected from user device, and a transaction initiation message is transmitted to the behaviometric server. In the authentication stage, behaviometric data received in the transaction initiation message is compared to a second set of behaviometric data to determine whether the data matches, and if the data matches, the transaction is authenticated by the FIDO server.

Abstract: A method and a corresponding device for authenticating a user for access to protected information, the method comprising generating a behavioral user profile associated with a first user known to be a legitimate user of the protected information, obtaining from a second user, using a behavioral input device associated with a second computing device, a behavioral user sample, storing the behavioral user sample, associated with the second user, in a temporary user profile, comparing the behavioral user sample of the second user to the behavioral user profile, and if the behavioral user sample does not match the behavioral user profile contacting the legitimate first user and receiving from the legitimate first user information regarding the legitimacy of the second user and based on the information received from the first user, providing a response to the second user and updating the user profile.

Abstract: A computer-implemented method, computer program product, and system for determining whether a user exhibits machine behavior, or does not exhibit human-like behavior, thereby to authenticate the user for access to a software service.

Abstract: Securely authenticating a user of a device for a service during a session including a transaction between a client and a connected server connected to a Behaviometric-server.

Abstract: A computer-implemented method, computer device and computer system for detecting multiple users based on a biometric user profile and/or a behavioral user profile.

Abstract: Recording, analyzing and categorizing of user interface input via touchpad, touch screens or any device that can synthesize gestures from touch and pressure into input events. Such as, but not limited to, smart phones, touch pads and tablets. Humans may generate the input. The analysis of data may include statistical profiling of individual users as well as groups of users, the profiles can be stored in, but not limited to data containers such as files, secure storage, smart cards, databases, off device, in the cloud etc. A profile may be built from user/users behavior categorized into quantified types of behavior and/or gestures. The profile might be stored anonymized. The analysis may take place in real time or as post processing. Profiles can be compared against each other by all the types of quantified behaviors or by a select few.

Abstract: A method and a corresponding device for authenticating a user for access to protected information, the method comprising generating a behavioral user profile associated with a first user known to be a legitimate user of the protected information, obtaining from a second user, using a behavioral input device associated with a second computing device, a behavioral user sample, storing the behavioral user sample, associated with the second user, in a temporary user profile, comparing the behavioral user sample of the second user to the behavioral user profile, and if the behavioral user sample does not match the behavioral user profile contacting the legitimate first user and receiving from the legitimate first user information regarding the legitimacy of the second user and based on the information received from the first user, providing a response to the second user and updating the user profile.

Abstract: A method and a corresponding device for authenticating a user for access to protected information, including at a registration stage, generating a biometric user profile and a behavioral user profile associated with a user to be authenticated, and an authenticating stage, obtaining from the user a biometric user sample and a behavioral user sample, comparing the biometric user sample and the behavioral user sample to the biometric user profile and to the biometric behavioral profile associated with the user, and if the biometric user sample and the behavioral user sample match the biometric user profile and the biometric behavioral profile, respectively, enabling the user to access the protected information.

Abstract: Recording, analyzing and categorizing of user interface input via touchpad, touch screens or any device that can synthesize gestures from touch and pressure into input events. Such as, but not limited to, smart phones, touch pads and tablets. Humans may generate the input. The analysis of data may include statistical profiling of individual users as well as groups of users, the profiles can be stored in, but not limited to data containers such as files, secure storage, smart cards, databases, off device, in the cloud etc. A profile may be built from user/users behavior categorized into quantified types of behavior and/or gestures. The profile might be stored anonymized. The analysis may take place in real time or as post processing. Profiles can be compared against each other by all the types of quantified behaviors or by a select few.