FIELD OF THE INVENTION

The present invention, in general, relates to the user verification and identification. Particularly, this invention relates to a method and a system for automatic user recognition, verification and identification based on behavioral data.

DISCUSSION OF BACKGROUND ART

In many cases, such as esports, gaming championships, competitive games, any kind of online exam passing that assumes human-device interactions during passing (for example an exam for certification of the knowledge of networking equipment, such as Cisco, using electronic simulator), driving / piloting exam using electronic simulator or other, the control transfer to a third party is often considered as a misconduct and is prohibited by the user agreement. Even if advanced hard-to-transfer account verification methods are used (e.g. fingerprint, face or retina recognition), the user can pass the authorization procedure by himself and then physically transfer control of input devices (keyboard, mouse, gamepad, touchscreen) to another person. The discovery of the control transfer is not an easy task. Some control transfers could be reported due to treachery or by careful observers who find inconsistencies in user’s behavior using a certain account, but this is a random and unreliable method. Creating multiple accounts by a single user is often prohibited by the user agreement. In gaming industry or esports, experienced players, using several accounts and pretending to be newbies, are called “smurfs”. Another controversial situation is when the professional esports player uses anonymous virtual accounts (so-called “alias”) to prepare himself for the tournament by not revealing his strategies, which is also not always allowed. Still in other cases, it could happen that a malignant computer program or virus could take over a control of a computer system or a mobile device application, which could cause severe consequences.

The most common approach to solve the above-mentioned problems is account verification and identification, which is traditionally performed by entering user's nickname and secret password, the credentials are checked on a server-side and the user gets access to his/ her virtual identity. By entering a nickname or username, the user account is identified. By entering a secret password, the user verifies that he is the owner of an account. The account verification gives the user confidence that no one else can use his/ her virtual account, at least without his/ her direct permission. However, the user could intentionally tell his secret login credentials to another person and thus grant an access to the virtual account to the third party. Another approach is user verification, which is used to prevent control transfer or smurfs. It is a process of verifying that the game, computer system or any other application is currently operated by a specified real user. This is independent to account verification problem as the verified user can use any virtual account (either his personal account, his second virtual account or third party's account). The user verification relies on the user’s behavioral pattern that is hard to transfer or fake. However, the user verification procedure also can't stop user from creating and using more than one virtual accounts. To struggle smurf accounts, the users could be forced to bind their accounts to unique phone numbers, severe restrictions are introduced for recently created accounts for participation in ranked games, but those actions cause inconvenience to honest users and don't solve the problem effectively.

User identification is used to prevent the usage of alias accounts. It is a process of finding accounts used by the same user as in the target computer system records, games, applications or target accounts. The user could be identified based on behavioral data from input devices or from user performance, extracted from all the computer system, game or application sessions (or matches, episodes, game plays- depends on the computer system or game genre and mechanics). During each session, the user leaves behavioral pattern, which could be associated with the concrete user and stored at the database. During a new session, a new behavioral pattern could be compared with the behavioral patterns from the database.

Existing methods don't allow to detect control transfers, smurf and alias accounts automatically and prevent them at scale. Therefore, it is a need for a system and a method which could: automatically detect smurfs, alias accounts and control transfers and take countermeasures to prevent such conduct; do this automatically using user verification/ identification system, could use user verification/ identification system for a wide variety of computer systems, games or applications.

There are several methods for user verification or identification. Patent US8057298B2 (published 2011-11-15) describes a method for virtual player tracking and related services. They claim a method of player verification based on several indicia computed from traced gameplay. They also claim "invoking countermeasures" against players transferred the control of the account to third parties. However, this patent is designed to use with online gambling websites (wagering games), as they use domain-specific data. Game play reaction time is the only criteria for potential fraud detection, which mentioned in the Claims. It is a need of a method which is suitable for a wider range of applications and could rely on common input devices such as mouse, touchscreen, keyboard or other. In order to compare the present and the past playing session, it is a need of a method which collects general behavioral data (mouse movements, keystrokes, touches). Nothing is claimed related to automatic detection of smurfs and the search of the identity in a collection of logged behavioral data. Usage of behavioral data from common input devices for detecting fraud is also not claimed.

Patent document W02013071261A1 (published 2013-05-16) describes an anti-cheating hybrid game. Many techniques of preventing cheating are described (e.g. obscuring some information in user interface modules, delayed disclosure of information, and so on). The problem of detecting a control transfer is being solved by checking the player's performance measure, which is expressed with a single real number. The technique compares identities using only performance measures without considering the input devices behavioral data. Thus, this method works only with a sequence of "performance measures" (single real-valued numbers) and doesn't take into account any low-level behavioral data (mouse movements, keystrokes, etc.) from input devices. It is practically not possible to perform user verification/ identification when there are a significant number of users (for example, more than 100 total), thus the application of the method is limited. In addition, the smurf detection problem is not addressed.

Patent documents US7496553B2 (published 2009-02-24) and US7092926B2 (published 2006-08-15) describe a method and a system for identifying a current user. The current input patterns are combined and then dynamically matched with one of the user input pattern profiles. The current user is associated with at least one of the user input pattern profiles. However, even if the user is identified based on the user input pattern profiles from the input devices, just the very basic user performance, such as web browsing history, is taken into account. This method could not be applied for a complex games, computer systems or applications, such as esports, gaming championships, competitive games, any kind of online exam passing that assumes human-device interactions during passing, driving / piloting exam using electronic simulator or other, where the control transfer should be detected. No optimization is used for the relevant data extraction from the behavioral data. User performance data in complex games, computer systems or applications is not analyzed and compared. In addition, the method could not be applied for when the user performance changes significantly over the time, since no automatic learning of the system is present. Therefore, the system could not be applied for complex games, computer systems or applications, taking into account all input and performance data for every user during a computer game or computer system session.

Therefore, there is a need for a method and a system for user identity verification and identification in computer systems, games or mobile device applications, which: could collect and encode a wide range of user behavioral data from input devices; could collect and encode for further processing much user performance data; could transform raw behavioral data into a compact vector representation (behavioral pattern); could store a large number of user behavioral patterns; would have an efficient encoder for processing big amount of raw behavioral data; would include machine learning and training on a new user's data; could perform user verification and identification, control transfer, smurf and alias detection in a fast and reliable way.

Our invention describes a new method and a system, which satisfies above mentioned requirements.

SUMMARY OF THE INVENTION

The present invention discloses the system and the method for user verification and identification in a computer systems, games, esports or mobile device applications based on behavioral data of input devices and user performance. The proposed method automatically verifies and identifies the user and detects misconduct of users: finds smurfs (users that use more than one account) and detects control transfers.

The invention consists of:

- a method for collecting user’s behavioral data, encoding the data for further processing; storing the data and comparing the user’s current behavioral pattern with his and other users’ historical behavioral patterns;

- a system for transforming the raw behavioral data to a compact vector representation (behavioral pattern), which allows to store a large number of behavioral patterns and make effective queries to the storage; the system uses machine learning and requires training on a subset of collected raw behavioral data with the proposed learning method;

- a system for automatic detection of smurfs, alias and control transfers by querying and processing the user’s current behavioral pattern from the behavioral pattern storage.

The system and the method are automatic, reliable, efficiently use computer resources, adapt for changed user behavior in a real time and could be successfully applied to the wide range of computer-controlled systems, PC, mobile, console etc. applications or games without modifications.

BRIEF DESCRIPTION OF THE DRAWINGS Fig. 1. A block diagram depicting principle components of the present invention. Fig. 2. A block diagram depicting comprising parts of the encoder (4.1).

Fig. 3. An example of the encoder (4.1) performance, using Time Series Matrix. Fig. 4. An example of the encoder (4.1) performance, using Heatmap Tensor.

Fig. 5. A block diagram of the encoder (4.1), which has several different feature extractors (4.1.1) and several different feature tensors (4.1.2).

Fig. 6. A block diagram depicting a deep neural network (4.1.3) training process.

Fig. 7. A block diagram depicting principle components in one of the embodiments of the present invention, when the encoder (4.1) is present in the control devices (2).

DETAILED DESCRIPTION OF THE INVENTION

The present invention solves the task of user recognition (verification and identification) based on user behavioral data and performance. This solution allows to struggle with control transfers, using multiple virtual accounts by single users and protects against account frauds.

The system for user recognition comprises the following components (Fig. 1): user (l) input control devices (2); network (3); server (4).

A user (1) is a person who uses input control devices (2) and leaves raw behavioral data while using computer systems, games, programs or other applications. Each user (1) has a distinct behavioral pattern of using input control devices (2), which could be tracked and used for user (1) verification and identification. The user (1) verification and identification could be performed at several levels. Before the user (1) starts using a computer system, he is authorized by account verification. This is done by one of the standard ways (entering username and password, signing via social network, etc.), the credentials are checked on a server-side and the user (1) gets access to his virtual identity so the user’s (1) behavior could be associated with the unique account identifier. Account verification gives the user (1) confidence that no one else can use his virtual account, at least without his direct permission. However, the account verification can't stop user (1) from voluntarily transferring control of the computer system to other users. Even if advanced hard-to- transfer account verification methods are used (e.g. fingerprint, face or retina recognition), the user (1) can pass the authorization procedure by himself and then physically transfer control of input control devices (2) to another person.

The input control devices (2) are devices, which allow to enter the data and / or control the computer or computer systems, games or mobile device applications. In the present invention, the input control devices (2) comprise at least:

- input devices (2.1) and

- processor (2.2). The input control devices (2) often have output devices (2.3), such as display, speaker, indicator lights, vibration motor or others, but the output devices (2.3) are not necessary in the context of the present invention.

The input devices (2.1) could be keyboard, buttons, computer mouse, motion sensor, trackpad, touch sensor, touchscreen or other. The user (1) carry out the gameplay, test passing or other kind of tasks on the computer system by interacting with those input devices (2.1). The processor (2.2) is an electronic circuit which performs operations for running a computer system: receives and processes data from input devices (2.1), displays data to the output devices (2.3), exchanges the data over the network (3) with a server (4) or with other input control devices (2).

It could be mentioned specific examples of the input control devices (2):

- personal computer, laptop;

- gaming console (Sony PlayStation, Xbox One, Nintendo Wii, Nintendo Switch);

- mobile phone or tablet (iPhone, iPad, Android-based phone, tablet or other).

Additionally, the input control devices (2) can be equipped with devices that allow to verify user's (1) identity by biometric identification:

- photo camera with face recognition facility (such as Face ID in iPhone);

- fingerprint scanner with user verification facility (such as on Android Pixel);

- microphone with user voice recognition facility;

- retina scanner or other.

A network (3) is the internet or the local intranet, allowing the user (1) to connect to the computer system server or with the other users (1).

A server (4) is a computer or a network of computers that communicate with the input control devices (2) through the network (3) in order to synchronize or control computer systems, games or applications between different users (1). A server could be implemented on a single computer, on a several computers connected in a network, or with many virtual machines / microservices hosted on a computing cluster or in a cloud infrastructure. A server (4) receives, stores, analysis, compares data in the form of behavior patterns (4.2) and produces alerts (4.6), if it is a need. A server (4) has the following components (Fig. 1): encoder (4.1); behavioral pattern (4.2); behavioral patterns storage (4.3); comparator (4.4); alert (4.5). An encoder (4.1) is a part of the system that is aimed to convert the raw behavior data to a compact behavior pattern (4.2) vector. Encoder (4.1) is a critical part of the invention, since without the encoder (4.1) the invention becomes unfeasible. During the functional steps of the encoder (4.1), the raw behavioral data is converted to the compact representation. Raw behavioral data usually takes up a lot of disk space and processing time, which makes the whole verification/identification system unreasonably expensive and time consuming. The second goal of the encoder (4.1) is to extract from the raw behavioral data only the data that is relevant for verification and identification task and filter out everything else. The encoder (4.1) is functioning by using deep neural network (4.1.3) trained on a dataset of historical examples of the raw behavioral data. The output of the encoder (4.1) is a compact form of a numerical vector of relevant data. The encoder (4.1) comprises the following parts (Fig. 2): feature extractor (4.1.1); feature tensor (4.1.2); deep neural network (4.1.3).

A feature extractor (4.1.1) is a part of the encoder (4.1), which preprocesses the raw behavioral data in order to convert the raw behavioral data to the feature tensor (4.1.2).

A feature tensor (4.1.2) is a multidimensional matrix of floating-point numbers. The feature tensor (4.1.2) generates an intermediate representation of the raw behavioral data suitable for feeding to the deep neural network (4.1.3).

A deep neural network (4.1.3) is a neural network, or a computing system, which does not contain any prior knowledge of the user (1) behavioral pattern (4.2) and which “trains” to perform tasks by considering examples. A deep neural network (4.1.3) is trained on a historical behavioral data from the computer system, game or application session. In our case, the deep neural network (4.1.3) generates numerical vectors from the raw behavioral data, received from the feature tensor (4.1.2) (Fig. 2).

A behavioral pattern (4.2) is the raw behavioral data of the user (1), received from the input control devices (2) and the user (1) performance data from the computer systems, games or applications events during a certain period of time (Fig. 1). Each user (1) has a unique behavioral pattern (4.2), therefore, the behavioral pattern (4.2) characterizes the user (1). The behavioral pattern (4.2) is represented as digital data structures. Depending on the computer systems, games or applications, the “certain period of time” could correspond to one match in Dota 2 computer game, one "map” in Counter Strike: Global Offensive computer game (by Valve), one battle in World of Tanks (by Wargaming), one game in chess, one playing session (a period from launching the game to pausing) in continuous games like World of Warcraft (by Blizzard), one episode (e.g. one "level") in a match-three game, and others. Specific examples of behavioral patterns (4.2), not limited to them, could be these raw behavioral data received from the input devices (2):

- for computer mouse or trackpad- cursor movements: sequence of updates (timestamp, cursor position <x,y>));

- for keyboard and gamepad- keystrokes: key events (timestamp, type of event: up/down, key identifier);

- for mobile telephone and gamepad- the motion data from accelerometer and gyroscope: changes of attitude (roll, pitch, yaw) or changes of acceleration: gravity (gx, gy, gz), user acceleration (ax, ay, az);

- for mobile telephone- screen touch events (timestamp, type: start/move/end, point on a touchscreen, radius of a touch, force of a touch);

- for gaming console- human motion capture (e.g. from Microsoft Kinect).

In the present invention, the sequence, speed, user (1) preferences and other information of the raw behavioral data input is analyzed. The user (1) performance data is the user’s (1) performance, sequence and speed of actions, preferred mode of performing a particular task and other choices made by the user (1) in a particular computer systems, games or applications event. In games, the user (1) performance data could be the user’s (1) preference for a specific game character, vehicle or gun; the preferred place, movement or way of performing actions; the choices which tasks should be performed and which should be ignored, and the ability to perform tasks; and other. In computer systems or applications, the user (1) performance data could be the user’s (1) choices of the actions which should be performed, the sequence and the speed the performed actions, and other.

A behavioral patterns storage (4.3) is a database that stores all used behavioral patterns (4.2) of computer systems, games or applications from all corresponding users (1) (Fig. 1). The behavioral patterns storage (4.3) contains records, which consists of:

- link to the “account” used in the computer system;

- link to the computer system, such as particular game or application;

- behavioral pattern (4.2) vector.

The behavioral patterns storage (4.3) supports the following query types:

- “add” new record: it is used to store new computer system sessions;

- “remove” account information: it is used for resolving removal requests according to the data protection policy;

- “retrieve” all or N of the latest behavioral patterns (4.2) used from a specific account: it is used by the comparator (4.4) to analyze previous behavioral patterns (4.2) of the specific account; - “find” maximum N records, most similar in Euclidean distance (or other distance metric): it is used by the comparator (4.4) to find the possible matches of the behavioral pattern (4.2) in other accounts' histories.

The data structure proposed in the present invention allows to make the behavioral patterns storage (4.3) very efficient in terms of query performance and scalability. In order to scale the behavioral patterns storage (4.3) to a large number of accounts and computer system session records and ensure reliability and fault tolerance, the behavioral patterns storage (4.3) can be implemented in a distributed manner: the data is stored on multiple computers clustered by the hash value of account identifier with replication. When executing “add”, “remove” and “retrieve” requests, only the computers containing that record are used. When executing “find” request, the search on all the computers is performed in parallel. In order to speed up “find” requests, sort of approximate nearest neighbors’ functional steps can be used (such as locality-sensitive hashing and random projection methods).

A comparator (4.4) is a part of the server (4) that analyzes the behavioral patterns (4.2) from the behavioral patterns storage (4.3) and detects potential acts of control transfer or usage of multiple accounts (Fig. 1). The comparator (4.4) receives the behavioral patterns (4.2) of a new computer system, game or application session, requests the necessary data from the behavioral patterns storage (4.3) and issues alerts (4.5). The comparator’s (4.4) functional steps are implemented with a deep neural network (4.1.3), that estimates the likelihood that two or more behavioral patterns (4.2) belong to the same user (1).

An alert (4.5) is an event that is invoked by the system in case of suspicion that the current user (1) uses someone else's account or has multiple accounts (Fig. 1). An alert (4.5) is a likelihood, generated using the outputs from the comparator (4.4), which triggers counteractions and is aimed for preventing a misconduct. There are several examples of the counteractions, triggered by an alert (4.5): the user (1) is warned followed by account restriction or ban; the user’s (1) identity is displayed to other users (1) in order to encourage good behavior through reputational mechanisms in the user’s (1) community; the user’s (1) actions are blocked immediately and the alert (4.5) is send to the responsible persons.

The method, described in the proposed invention, employs the above-mentioned system for user (1) verification and identification. When the user (1) interacts with the input control devices (2), much raw behavioral data is generated, which takes a lot of space on the disk and is time consuming to analyze it. The raw input data through the network (3) is send to the server (4), where the encoder (4.1) converts the raw behavioral data into the compact behavioral pattern (4.2) vector (Fig. 2). The present invention proposes two particular approaches for the feature extraction (4.1.1) of the encoder (4.1): Time Series Matrix and Heatmap Tensor.

Using Time Series Matrix, the period of time during which the computer system, game or application session took place is quantized into short intervals of a fixed size (Fig. 3). Raw behavioral input data is converted into time series. Changes of the real-valued parameters (e.g. cursor coordinates, health points) are converted into series of average values within the time intervals. Discrete actions (e.g. shoot, key press) are converted into time series with values meaning the number of times the event occurred in the interval, or total duration of the event within the time interval. The output of the feature extractor (4.1.1) is presented as a numerical matrix where rows correspond to the series and columns correspond to the time intervals (Fig. 3).

Using Heatmap Tensor, two or more anchor variables, that are the most actively changing throughout the computer system, game or application, are selected (Fig. 4). Values of the anchor variables are quantized into set of discrete values, so that it can be mapped any tuple of the values of anchor variables to a tuple of the integer coordinates of an element in a tensor of fixed size. Then a set of discrete actions (e.g. shoots, key presses) is selected. For each selected action a heatmap is computed — a tensor with values corresponding to average time or number of times an event occurred while the anchor variables took the appropriate values. All calculated heatmap tensors are concatenated along the new dimension "event type", and this is considered as an output of the feature extractor (4.1.1) (Fig. 4). One particular example for the feature extraction using Heatmap Tensor is a current cursor position coordinates — vertical and horizontal distance in pixels to the top left corner of the screen or the game interface window. In this case, the screen is divided on a fixed-size grid, say HxW (number of intervals along height and width). A particular example of event types are mouse clicks causing T different types of action in a game (say, an order to move a game character, an order to kill an enemy character and an order to use an item). After the feature extraction we have a tensor of size HxWxT with a values corresponding to a frequencies of an action of certain type occurred when cursor was in certain position on the screen.

Alternatively, other type of feature representations may be used, taking into account the specifics of the particular computer system, game or application.

Two or more different feature extractors (4.1.1) may be used in a combination to improve a quality of verification and identification model at a cost of more complex processing. In this case the encoder (4.1) comprised one deep neural network (4.1.3), several feature extractors (4.1.1) and several feature tensors (4.1.2) (Fig. 5). The deep neural network (4.1.3) receives inputs from several feature tensors (4.1.2). Parallel layer architectures are used to transform each input to a vector, all the vectors corresponding to all the inputs are combined in one by concatenation, after this concatenation more layers could be added before the output behavioral pattern layer.

The deep neural network (4.1.3) is used to map the feature tensors (4.1.2) to the behavioral pattern vector (Fig. 2, Fig. 5). Here the deep neural network (4.1.3) is a complex parametrized function of a form: where W = (W_l, W_2, W_L) is a set of parameters, X — input feature tensor, f_i — a parametrized transformation called in the neural network theory “a layer”, y is a D-dimensional behavioral vector obtained as a result of applying F to a particular input feature X. A form and a sequence of the layers used in the complex function is called “architecture” of a deep neural network (4.1.3). By “training” (or learning) the deep neural network (4.1.3) we mean the process of choosing the best instance of parameters W in a context of verification and identification problem. These are the layer types often used in image and signal processing: dense layer, convolution layer, pooling layer. In particular instance of the system for verification and identification by the behavioral data, we use a sequence of convolutional, pooling and dense layers as an architecture of the deep neural network (4.1.3).

Training of the deep neural network is performed by an optimization based on stochastic gradient descend (SGD) principle, triplet-based loss is used as an optimization goal. To train the neural network (4.1.3) a training set of historical data was prepared: for a subset of accounts it was picked a subset of user’s (1) computer system, game or application sessions, so that for each selected account a set of raw behavior data was obtained. Then there were formed triplets in a form of this: anchor computer system sessions, positive — another computer system sessions used by the same account, negative — a computer system sessions used by another account, while positive and negative examples are picked at random. Here it was applied an important assumption that there are relatively small number of users who uses multiple accounts, and there are relatively small number of accounts with transferred control. This assumption is true for almost any computer system session or computer game. Triplet-based loss for training facial image recognition optimized function has the following form: where W — optimized set of parameters, F — the deep neural network (4.1.3), T — aforementioned prepared training set, (X_a, X_p, X_n) — a triplet consisting of anchor and positive and negative behavioral data, converted to numerical feature tensors (4.1.2) using the feature extractor (4.1.1), alpha — a margin constant that has a small influence to learning process and often has a value of 1.

The process of training the deep neural network (4.1.3) is depicted in the Fig. 6. The training process starts at least once before the deep neural network (4.1.3) can be used. To improve the quality of verification and identification tasks, it is reasonable to run training process on a regular manner, e.g. once a week on a new data. The training process requires high-performance computer equipped with graphics processing unit, so that the learning process takes a reasonable time. After the deep neural network (4.1.3) is trained, one can compare the Euclidian distance between two output behavioral pattern (4.2) vectors to estimate the similarity between two users (1): dist(X,,¾) = jiF(Xi) F(X ₂ )\

This Euclidian distance may be used as an evidence of the fact that two computer system sessions were used by the same user (1) (if the distance is quite small) or by the different users (1) (if the distance is big enough). Such a property of the trained deep neural network (4.1.3) naturally follows from the optimization objective and the assumption that training set contains relatively small number of control transfers and small number of users with multiple accounts.

After the raw input data are encoded by the encoder (4.1), behavioral pattern (4.2) of each computer system, game or application session is generated as a numerical vector (Fig. 1). Behavioral patterns (4.2) of different users (1) and different computer system, game or application sessions of the same user (1) are stored at the behavioral patterns storage (4.3).

The comparator (4.4) compares the current behavioral pattern (4.2) with the similar behavioral patterns (4.2) from the behavioral patterns storage (4.3). In the simplest implementation, the comparator (4.4) can implement the following functional steps:

- input a new behavioral pattern (4.2) vector of the last computer system sessions and an account identifier of the user;

- retrieve previous behavioral patterns (4.2), related to the account, from the behavioral patterns storage (4.3); - compare the current behavioral pattern (4.2) with previous behavioral patterns (4.2) vectors by Euclidean distance and get the numerical distances d_l, d2, ..., d_k. The following threshold rule is applied (here theta is a threshold parameter of the functional steps): min d{ > Q -1 Issue an alert on potential control transfer i find in the behavioral patterns storage (4.3) N number most similar behavioral pattern (4.2) vectors with corresponding account identifiers (y_i, a_i). Filter out all the records corresponding to the same account as the current. The following threshold rule is applied: here (a, y) — the current behavioral pattern (4.2) and the user (1) account identifier, dist — Euclidean or other distance between two behavioral pattern (4.2) vectors, theta is a threshold parameter of the functional steps Data clustering functional steps like K-Means can be used to improve the quality of transfer control detection.

Machine learning model could be used to improve the quality of control transfer and usage of multiple accounts detection. The model is trained on a historical behavioral pattern (4.2) data labeled by specialists as containing control transfer / using multiple accounts or not. The model has a set of behavioral pattern (4.2) vectors as an input and probability of control transfer / using multiple accounts as an output. If the probability of control transfer / using multiple accounts is high enough, an alert (4.5) is automatically generated. An alert (4.5) event could be implemented immediately or sent preliminary for manual verification by human to decrease a number of false alarms. An alert (4.5) event could trigger further identity verification check based on another mode (second factor verification), for example: run face recognition check, fingerprint recognition, voice check etc.

The method, described in the proposed invention, has the following steps: the user (1) interacts with the input control devices (2); the input control devices (2) or the user (1) performance generate the raw behavioral data; the server (4) receives the raw behavioral data through the network (3); the encoder (4.1) processes the raw behavioral data and generates the behavioral pattern (4.2) as a compact vector; the behavioral pattern storage (4.3) stores the behavioral patterns (4.2); the comparator (4.4) compares the current behavioral pattern (4.2) with the behavioral patterns (4.2) from the behavioral pattern storage (4.3); if the current behavioral pattern (4.2) matches historical behavioral patterns (4.2) of the current user (1)- the current user (1) is identified; if the current behavioral pattern (4.2) does not match the historical behavioral patterns (4.2) of the current user (1) or matches the historical behavioral patterns (4.2) of other users (1)- the alert (4.5) is generated.

In one of the embodiments of the present invention, the encoder (4.1) could be implemented in the input control devices (2) (Fig. 7). In this case, when the input control devices (2) generate the raw behavioral data, the encoder (4.1) processes the raw behavioral data and generates the behavioral pattern (4.2) as a compact vector. Then the input control devices (2) send the behavioral pattern (4.2) vector to the server (4), where the comparator (4.4) compares the current behavioral pattern (4.2) with the behavioral patterns (4.2) from the behavioral pattern storage (4.3). The current user (1) is identified or the alert (4.5) is generated.

According to the preferred embodiment of the present invention, the user (1) verification and identification system and the method could be applied for the computer games sessions, tournaments and esports. During the game, the user (1) (the player) interacts with the input control devices (2) and leaves his behavioral pattern (4.2): a specific pattern of mouse movements, frequent keystrokes, a pattern of device motions when some game events happen. The player receives feedback from the game through the output devices, this information is represented with the changes in the game world engine associated with the game. Specific examples of behavioral patterns (4.2), not limited to them, could be these data received from the game world events:

- player's in-game characteristics such as health points (RPG), experience points earned (RPG) or currently selected gun (FPS);

- position/motion of a character in a virtual world:

- hero position/movements on a map (real-time strategy such as Dota 2),

- character's position/movements on a map, sight direction (FPS such as CS:GO);

- game world character's actions: shoots, casting a spell or other.

As the player behavior significantly depends on the events occurring in the game world, in a context of the invention it is considered that the game events occurred during the game as a part of behavioral data. The present invention proposes to capture aforementioned behavioral data with a processor (2.2) and use it for the tasks of player verification and identification.

During the gameplay, the raw behavioral data is received from input control devices (2) and from the events of the game world during a certain period of a playing time, represented as digital data structures. Depending on the genre of a game, the “certain period of time” could correspond to a match (single game played, match in Dota 2, a "map" in CS:GO, one battle in World of Tanks, one game in chess), playing session (a period from launching the game to pausing, in continuous games like World of Warcraft), episode (e.g. one "level" in a match-three game). The encoder (4.1) processes the raw behavioral data and generates the behavioral pattern (4.2) of a player as a compact vector. The behavioral patterns (4.2) are stored at the behavioral pattern storage (4.3). When the server (4) received new behavioral patterns (4.2), the comparator (4.4) compares the current behavioral pattern (4.2) with the behavioral patterns (4.2) from the behavioral pattern storage (4.3). The player could be verified based on the comparison between the current behavioral pattern (4.2) and the historical behavioral patterns (4.2) of the same player. If the behavioral patterns match, the concrete player is verified. If the behavioral patterns (4.2) are distinct- an alert (4.5) is generated. The alert (4.5) is a probability, which numeric expression could be set according to the specific need of the game. Here it was applied an important assumption that there are relatively small number of players who use multiple accounts, and there are relatively small number of accounts with transferred control, which is true for almost any computer game.

In another embodiment of the present invention, the user verification system and the method could be applied for the computer-controlled systems, which are sensitive to the malignant management due to the stolen or cracked user account. Such computer-controlled system could be any production facility, a factory, a plant or any other type of automatic management of resources. When the user (1) is logged in to the computer-controlled system with the help of the account verification, the user (1) leaves his behavioral pattern (4.2) while doing his tasks for regulating the computer-controlled system, such as sequence of the tasks, the time spent to make an action, the preferences of using a computer mouse, keyboard and other. If the user account is stolen or cracked by another person, he will leave a different behavioral pattern (4.2). Therefore, with the help of the proposed system and the method, the user (1) identity could be verified based on the current behavioral pattern (4.2) and the historical behavioral patterns (4.2) of the user (1).

In yet another embodiment of the present invention, the proposed system and the method could be applied for any application of the mobile device for the user verification. If the mobile device or an application are not protected by a password or the user account is stolen or cracked, there could be severe consequences related to personal information, financial data or other personal data. Similarly as described in the previous embodiments, the user (1) could be verified comparing the current behavioral pattern (4.2) and the historical behavioral patterns (4.2) of the user (1). In yet another embodiment of the present invention, the proposed system and the method could be applied for any application of the mobile device or to any computer-controlled system to prevent from a virus or a computer hot takeover of the user (1) actions.