Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Status of Claims

The following is a non-final Office Action in response to application number 16804725 filed on February 28, 2020.
Claims 1 – 20 are currently pending, and have been examined.

Claim Objections


Claims 2 and 20 are objected to because of the following informalities:
Line 4, “… configured as multi-page flow, …” should read “… configured as a multi-page flow …”
Claim 17 is objected to because of the following informalities:
Line 3, “… configured as multi-page flow, …” should read “… configured as a multi-page flow …”
Claims 3 and 18 are objected to because of the following informalities:
Line 3 and lines 2-3, respectively, “… in a X direction feature.” should read “… in an X direction feature.”





Drawings
The drawings are objected to because 
In FIG. 3, reference 302, "... MODEL (OAO) MODEL ..." should read "... (OAO) MODEL ..."
Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. 

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. § 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. § 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 1-18 are rejected under 35 U.S.C. § 112(a) or 35 U.S.C. § 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. § 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. 

Lack of Algorithm
Claim 1, lines 4-12 recites “… executing the OAO service, the electronic processor is configured to determine whether …, determine whether …, determine that …, determine a fraud risk score …, and control a client server …,” The specification does not provide details on what the limitations, “executing and configured to”, comprise.  The computer/hardware and algorithms or steps/procedures taken to perform the functions “executing and configured to” must be described with sufficient details so that one of ordinary skill in the art would understand how the inventor intended the function to be performed. (See MPEP § 2161.01 (I) and MPEP § 2163.03 (V)). 
Claim 1, line 16, recites “control a client server …” The specification, [0050], [0123], and [0125], does not provide details on what the limitations, “control”, comprise.  The computer/hardware and algorithms or steps/procedures taken to perform the functions “control” must be described with sufficient details so that one of ordinary skill in the art would understand how the inventor intended the function of “control” to be performed. (See MPEP § 2161.01 (I) and MPEP § 2163.03 (V)).
Claim 2, lines 1-2 recite “… wherein the electronic processor is further configured to” determine whether … an additional specific webpage placement that is configured as multi-page flow …, determine that an additional …” The specification, [0126]-[0127], does not provide details on what the limitations, “configure to”, comprise.  The computer/hardware and algorithms or steps/procedures taken to perform the functions “configure to” must be described with sufficient details so that one of ordinary skill in the art would understand how the inventor intended the function of “configure to” to be performed. (See MPEP § 2161.01 (I) and MPEP § 2163.03 (V)). 
Claim 2, lines 1-2 recite “determine whether … an additional specific webpage placement that is configured as multi-page flow, and determine that … the additional specific webpage placement that is configured as the multi-page flow.” The specification, [0075] and [0078]-[0079] does not provide details on what the limitations, “determine … configured as the multi-page flow”, comprise.  The computer/hardware and algorithms or steps/procedures taken to perform the functions “determine … configured as the multi-page flow” must be described with sufficient details so that one of ordinary skill in the art would understand how the inventor intended the function of “determine … configured as the multi-page flow” to be performed. (See MPEP § 2161.01 (I) and MPEP § 2163.03 (V)). 

Not in the Specification
Claim 16, lines 2, 4, 6, and 10 recite “determining, with an electronic processor …” and page 39, line 1 recites “controlling, with the processor …” Giving the language its broadest reasonable interpretation, the limitations read on a processor working with another processor over a network, to perform the steps of “determining … and controlling …” However, this is not supported by the specification, [0086] and [0103], in regards to “determining, with an electronic processor …; and not supported by the specification, [0049]-[0050], and [0123], in regards to “controlling, with the processor …” (See In re Katz Interactive Call Processing Patent Litigation, 97 USPQ2d 1737 (Fed. Cir. 2011)). 

The following is a quotation of 35 U.S.C. § 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. § 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.



Claims 1-15, 17-18, and 20 are rejected under 35 U.S.C. § 112(b) or 35 U.S.C. § 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Hybrid Claim
Claim 1 is a system claim, yet recites “wherein, when executing the OAO service, the electronic processor is configured to: …” If there were an electronic processor that would satisfy the claimed electronic processor (a fraud prevention server including an electronic processor …), the same processor would not meet the “when” (“… when executing OAO service …”) if the OAO service were not executed. In other words, does infringement occur when the processor is made or when it is used, and therefore, does not apprise a person of ordinary skill in the art of its scope, and thus is invalid under 35 U.S.C. § 112(b).  (See IPXL Holdings, L.L.C. v. Amazon.com, Inc., 430 F.3d 1377, 1384 (Fed. Cir. 2005).

Means-Plus-Function
Claims 1, 16, and 20 recite “determine … an online application origination (OAO) model that differentiates between …”
Claims 2, 17, and 20 recite "determine … an additional specific webpage placement that is configured as multi-page flow …” 
The claim limitations above do not use the word "means" but are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitations use generic placeholders that are coupled with functional language, "acts", without reciting sufficient structures to perform the recited functions and the generic placeholders are not preceded by structural modifiers.
These claim limitations invoke 35 U.S.C. § 112(f) or pre-AIA  35 U.S.C. § 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function (See specification [0006]-[0008], [0122], and [0124]; and  [0075], [0076], and [0079]). Therefore, the claims are indefinite and are rejected under 35 U.S.C. § 112(b) or pre-AIA  35 U.S.C. § 112, second paragraph.
Applicant may:
Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. § 112(f) or pre-AIA  35 U.S.C. § 112, sixth paragraph; 
Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. § 132(a)); or 
Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. § 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either:
Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. § 132(a)); or 
Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP § 608.01 (o) and § 2181.

Antecedent Basis
















Claim 5 recites “… a form of the online application feature.” and claim 7 recites “… the form feature”. There is insufficient antecedent basis for the limitations “a form of the online application feature” and “the form feature” in the claims.
An essential purpose of patent examination is to fashion claims that are precise, clear, correct, and unambiguous. Only in this way can uncertainties of claim scope be removed. See MPEP § 2173.05(e).
Claim Rejections - 35 USC § 103









In the event the determination of the status of the application as subject to AIA  35 U.S.C. § 102 and § 103 (or as subject to pre-AIA  35 U.S.C. § 102 and § 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. § 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U. S. 1. 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. § 103 are summarized as follows:
Determining the scope and contents of the prior art.
Ascertaining the differences between the prior art and the claims at issue.
Resolving the level of ordinary skill in the pertinent art.
Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-20 are rejected under 35 U.S.C. § 103 as being unpatentable over Starikova et al (U. S. Patent Application Publication No. 20150324908 A1), herein referred to as Starikova, in view of Kedem et al (U. S. Patent Application Publication No. 20190158535 A1), herein referred to as Kedem, and in further view of Hufsmith et al (U. S. Patent Application Publication No. 20200097662 A1), herein referred to as Hufsmith.

Claims 1, 16, and 19
Starikova teaches a fraud prevention system comprising: the memory including an online application origination (OAO) service, (FIG. 1 and 8B (Open an Account) and FIG. 10A (Financial Documents)-D, and [0031], [0181]-[0182], [0200], and [0216])

wherein, when executing the OAO service, the electronic processor is configured to determine whether the OAO service is enabled, ([0231])

determine that input data needs to be stored in the memory and combined into multi-page input data in response to determining that the OAO service is enabled and that the website configuration includes the list of multi-page placements for the online application, (Fig. 8B (Open an Account, Cash Back Deals, etc.) and Fig. 10A (Financial Documents)-10D)

control a client server to approve, hold, or deny the online application based on the fraud risk score that is determined. (FIG. 7, and [0166])

Starikova does not teach, however, Kedem teaches determine a fraud risk score of the online application based on the multi-page input data and an online application origination (OAO) model that differentiates between a behavior of a normal user and a behavior of a nefarious actor during a submission of the online application on a device, and ([0017] and [0023])

Kedem teaches detecting vishing attacks. It would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to include detecting vishing attacks, as in Kedem, to improve and/or enhance the technology for dynamically modifying an application questionnaire, as in Starikova, because it would amount to combining elements that in the combination would perform the same function as they functioned separately. One of ordinary skill in the art at the effective filing date of the invention would have been motivated to combine the references to provide devices, systems, and methods to monitor transactions, online operations, user interactions, gestures performed via input units, speed and timing of data entry, and user engagement with user interface elements to detect operations performed by a victim that follows a pre-defined playbook of a vishing attack. The user interactions being performed within a certain user transaction or usage session may thus be analyzed and/or compared to such criteria to generate a risk score or a probability score that indicates how close the logged interactions are to a behavioral profile of a victim that operates under duress or to a victim that operates in a vishing attack unknown to himself.

Starikova and Kedem do not teach, however, Hufsmith teaches a fraud prevention server including an electronic processor and a memory, (FIG. 7, and [0010], [0151], and [0199])
determine whether a website configuration includes a list of multi-page placements for an online application, ([0003], [0031], and [0040])

a non-transitory computer-readable medium comprising instructions that, when 
executed by a fraud prevention server, causes the fraud prevention server to perform a set of operations comprising: ([0151] and [0199])

Hufsmith teaches determining threat score for container images or distributed applications. It would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to include determining a threat score for container images or distributed applications, as in Hufsmith; and to include detecting vishing attacks, as in Kedem, to improve and/or enhance the technology for dynamically modifying an application questionnaire, as in Starikova, because it would amount to combining elements that in the combination would perform the same function as they functioned separately. One of ordinary skill in the art at the effective filing date of the invention would have been motivated to combine the references to provide a process for determining threat scores for distributed applications that consider factors such as context information which may include information about a given execution environment for the distributed application. The functionality for obtaining a distributed application and determining the threat scores for the distribute application is implemented with machine-readable instructions stored on a tangible, non-transitory, machine-readable medium, such that when the instructions are executed, the described functionality may be implemented. These instructions may be stored on a plurality of different memory devices (which may include dynamic and persistent storage), and different processors may execute different subsets of the instructions, an arrangement consistent with use of the singular term "medium." This overcomes the inability of the various scanning engines available today to quantify a degree to which the disparate vulnerabilities they detect pose a threat to a given, and often highly complex, execution environment of distributed applications.

Claims 2, 17, and 20
Starikova, Kedem, and Hufsmith disclose the limitations of Claim 1. 
Kedem and Hufsmith do not teach, however, Starikova teaches the fraud prevention system of claim 1, wherein the electronic processor is further configured to determine whether the website configuration includes an additional specific webpage placement that is configured as multi-page flow, and ([0179]

determine that an additional set of input data needs to be stored in the memory and combined into the multipage input data in response to determining that the website configuration includes the additional specific webpage placement that is configured as the multi-page flow. (FIG. 9, and [0183])

Claims 3 and 18
Starikova, Kedem, and Hufsmith disclose the limitations of Claim 1. 
Starikova and Hufsmith do not teach, however, Kedem teaches the fraud prevention system of claim 1, wherein the OAO model includes a feature set with mouse movement behavioral features, and wherein the mouse movement behavioral features include a standard deviation of a mouse click in a X direction feature. ([0119]) 

Kedem teaches detecting vishing attacks. It would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to include detecting vishing attacks, as in Kedem; and to include determining a threat score for container images or distributed applications, as in Hufsmith, to improve and/or enhance the technology for dynamically modifying an application questionnaire, as in Starikova, because it would amount to combining elements that in the combination would perform the same function as they functioned separately. One of ordinary skill in the art at the effective filing date of the invention would have been motivated to combine the references to provide a computerized system to differentiate or distinguish between: (i) a legitimate user that voluntarily and freely operates under his own free will and without duress, and (ii) the legitimate user that operates under duress and/or that performs computerized operations under the dictated instructions or the dictated guidelines that are conveyed to him by a third party. The user interactions, being performed within a certain user transaction or usage session (e.g., a wire transfer session), may be analyzed and/or compared to criteria, in order to generate a risk score or a probability score that indicates how close the logged interactions are to a behavioral profile of a victim that operates under duress or to a victim that operates in a vishing attack unknown to himself.

Claim 4
Starikova, Kedem, and Hufsmith disclose the limitations of Claim 1. 
Starikova and Hufsmith do not teach, however, Kedem teaches the fraud prevention system of claim 1, wherein the OAO model includes a feature set with navigation behavioral features, and wherein the navigation behavioral features further include a time from last key to submission feature. ([0114]-[0115])

Kedem teaches detecting vishing attacks. It would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to include detecting vishing attacks, as in Kedem; and to include determining a threat score for container images or distributed applications, as in Hufsmith, to improve and/or enhance the technology for dynamically modifying an application questionnaire, as in Starikova, because it would amount to combining elements that in the combination would perform the same function as they functioned separately. One of ordinary skill in the art at the effective filing date of the invention would have been motivated to combine the references to provide a computerized system to differentiate or distinguish between: (i) a legitimate user that voluntarily and freely operates under his own free will and without duress, and (ii) the legitimate user that operates under duress and/or that performs computerized operations under the dictated instructions or the dictated guidelines that are conveyed to him by a third party. The user interactions, being performed within a certain user transaction or usage session (e.g., a wire transfer session), may be analyzed and/or compared to criteria, in order to generate a risk score or a probability score that indicates how close the logged interactions are to a behavioral profile of a victim that operates under duress or to a victim that operates in a vishing attack unknown to himself.

Claim 5
Starikova, Kedem, and Hufsmith disclose the limitations of Claim 1. 
Starikova and Hufsmith do not teach, however, Kedem teaches the fraud prevention system of claim 1, wherein the OAO model includes a feature set with navigation behavioral features, and wherein the navigation behavioral features further include a coefficient of variation of keystroke rate across all fields in a form of the online application feature. ([0025] and [0057]) 

Kedem teaches detecting vishing attacks. It would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to include detecting vishing attacks, as in Kedem; and to include determining a threat score for container images or distributed applications, as in Hufsmith, to improve and/or enhance the technology for dynamically modifying an application questionnaire, as in Starikova, because it would amount to combining elements that in the combination would perform the same function as they functioned separately. One of ordinary skill in the art at the effective filing date of the invention would have been motivated to combine the references to provide a computerized system to differentiate or distinguish between: (i) a legitimate user that voluntarily and freely operates under his own free will and without duress, and (ii) the legitimate user that operates under duress and/or that performs computerized operations under the dictated instructions or the dictated guidelines that are conveyed to him by a third party. The user interactions, being performed within a certain user transaction or usage session (e.g., a wire transfer session), may be analyzed and/or compared to criteria, in order to generate a risk score or a probability score that indicates how close the logged interactions are to a behavioral profile of a victim that operates under duress or to a victim that operates in a vishing attack unknown to himself.

Claim 6
Starikova, Kedem, and Hufsmith disclose the limitations of Claim 1. 
Starikova and Hufsmith do not teach, however, Kedem teaches the fraud prevention system of claim 1, wherein the OAO model includes a feature set with mouse movement behavioral features, and wherein the mouse movement behavioral features further include a standard deviation of a mouse click in a Y direction feature. ([0119]) 

Kedem teaches detecting vishing attacks. It would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to include detecting vishing attacks, as in Kedem; and to include determining a threat score for container images or distributed applications, as in Hufsmith, to improve and/or enhance the technology for dynamically modifying an application questionnaire, as in Starikova, because it would amount to combining elements that in the combination would perform the same function as they functioned separately. One of ordinary skill in the art at the effective filing date of the invention would have been motivated to combine the references to provide a computerized system to differentiate or distinguish between: (i) a legitimate user that voluntarily and freely operates under his own free will and without duress, and (ii) the legitimate user that operates under duress and/or that performs computerized operations under the dictated instructions or the dictated guidelines that are conveyed to him by a third party. The user interactions, being performed within a certain user transaction or usage session (e.g., a wire transfer session), may be analyzed and/or compared to criteria, in order to generate a risk score or a probability score that indicates how close the logged interactions are to a behavioral profile of a victim that operates under duress or to a victim that operates in a vishing attack unknown to himself.

Claim 7
Starikova, Kedem, and Hufsmith disclose the limitations of Claim 1. 
Starikova and Hufsmith do not teach, however, Kedem teaches the fraud prevention system of claim 1, wherein the OAO model includes a feature set with navigation behavioral features, and wherein the navigation behavioral features further include an average number of mouse clicks per field of the form feature. ([0048]) 

Kedem teaches detecting vishing attacks. It would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to include detecting vishing attacks, as in Kedem; and to include determining a threat score for container images or distributed applications, as in Hufsmith, to improve and/or enhance the technology for dynamically modifying an application questionnaire, as in Starikova, because it would amount to combining elements that in the combination would perform the same function as they functioned separately. One of ordinary skill in the art at the effective filing date of the invention would have been motivated to combine the references to provide a computerized system to differentiate or distinguish between: (i) a legitimate user that voluntarily and freely operates under his own free will and without duress, and (ii) the legitimate user that operates under duress and/or that performs computerized operations under the dictated instructions or the dictated guidelines that are conveyed to him by a third party. The user interactions, being performed within a certain user transaction or usage session (e.g., a wire transfer session), may be analyzed and/or compared to criteria, in order to generate a risk score or a probability score that indicates how close the logged interactions are to a behavioral profile of a victim that operates under duress or to a victim that operates in a vishing attack unknown to himself.

Claim 8
Starikova, Kedem, and Hufsmith disclose the limitations of Claim 1. 
Starikova and Hufsmith do not teach, however, Kedem teaches the fraud prevention system of claim 1, wherein the OAO model includes a feature set with navigation behavioral features, and wherein the navigation behavioral features further include an amount of time on page feature. (Kedem, [0048]) 

Kedem teaches detecting vishing attacks. It would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to include detecting vishing attacks, as in Kedem; and to include determining a threat score for container images or distributed applications, as in Hufsmith, to improve and/or enhance the technology for dynamically modifying an application questionnaire, as in Starikova, because it would amount to combining elements that in the combination would perform the same function as they functioned separately. One of ordinary skill in the art at the effective filing date of the invention would have been motivated to combine the references to provide a computerized system to differentiate or distinguish between: (i) a legitimate user that voluntarily and freely operates under his own free will and without duress, and (ii) the legitimate user that operates under duress and/or that performs computerized operations under the dictated instructions or the dictated guidelines that are conveyed to him by a third party. The user interactions, being performed within a certain user transaction or usage session (e.g., a wire transfer session), may be analyzed and/or compared to criteria, in order to generate a risk score or a probability score that indicates how close the logged interactions are to a behavioral profile of a victim that operates under duress or to a victim that operates in a vishing attack unknown to himself.

Claim 9
Starikova, Kedem, and Hufsmith disclose the limitations of Claim 1. 
Starikova and Hufsmith do not teach, however, Kedem teaches the fraud prevention system of claim 1, wherein the OAO model includes a feature set with mouse movement behavioral features, and wherein the mouse movement behavioral features further include a total mouse distance feature. ([0054])

Kedem teaches detecting vishing attacks. It would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to include detecting vishing attacks, as in Kedem; and to include determining a threat score for container images or distributed applications, as in Hufsmith, to improve and/or enhance the technology for dynamically modifying an application questionnaire, as in Starikova, because it would amount to combining elements that in the combination would perform the same function as they functioned separately. One of ordinary skill in the art at the effective filing date of the invention would have been motivated to combine the references to provide a computerized system to differentiate or distinguish between: (i) a legitimate user that voluntarily and freely operates under his own free will and without duress, and (ii) the legitimate user that operates under duress and/or that performs computerized operations under the dictated instructions or the dictated guidelines that are conveyed to him by a third party. The user interactions, being performed within a certain user transaction or usage session (e.g., a wire transfer session), may be analyzed and/or compared to criteria, in order to generate a risk score or a probability score that indicates how close the logged interactions are to a behavioral profile of a victim that operates under duress or to a victim that operates in a vishing attack unknown to himself.

Claim 10
Starikova, Kedem, and Hufsmith disclose the limitations of Claim 1. 
Starikova and Hufsmith do not teach, however, Kedem teaches the fraud prevention system of claim 1, wherein the OAO model includes a feature set with navigation behavioral features, and wherein the navigation behavioral features further include a ratio of time spent in fields of the form to the overall time on page feature. ([0052]) 

Kedem teaches detecting vishing attacks. It would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to include detecting vishing attacks, as in Kedem; and to include determining a threat score for container images or distributed applications, as in Hufsmith, to improve and/or enhance the technology for dynamically modifying an application questionnaire, as in Starikova, because it would amount to combining elements that in the combination would perform the same function as they functioned separately. One of ordinary skill in the art at the effective filing date of the invention would have been motivated to combine the references to provide a computerized system to differentiate or distinguish between: (i) a legitimate user that voluntarily and freely operates under his own free will and without duress, and (ii) the legitimate user that operates under duress and/or that performs computerized operations under the dictated instructions or the dictated guidelines that are conveyed to him by a third party. The user interactions, being performed within a certain user transaction or usage session (e.g., a wire transfer session), may be analyzed and/or compared to criteria, in order to generate a risk score or a probability score that indicates how close the logged interactions are to a behavioral profile of a victim that operates under duress or to a victim that operates in a vishing attack unknown to himself.

Claim 11
Starikova, Kedem, and Hufsmith disclose the limitations of Claim 1. 
Starikova and Hufsmith do not teach, however, Kedem teaches the fraud prevention system of claim 1, wherein the OAO model includes a feature set with navigation behavioral features, and wherein the navigation behavioral features further include an average keystroke rate standard deviation feature. ([0047])

Kedem teaches detecting vishing attacks. It would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to include detecting vishing attacks, as in Kedem; and to include determining threat score for container images or distributed applications, as in Hufsmith, to improve and/or enhance the technology for dynamically modifying an application questionnaire, as in Starikova, because it would amount to combining elements that in the combination would perform the same function as they functioned separately. One of ordinary skill in the art at the effective filing date of the invention would have been motivated to combine the references to provide a computerized system to differentiate or distinguish between: (i) a legitimate user that voluntarily and freely operates under his own free will and without duress, and (ii) the legitimate user that operates under duress and/or that performs computerized operations under the dictated instructions or the dictated guidelines that are conveyed to him by a third party. The user interactions, being performed within a certain user transaction or usage session (e.g., a wire transfer session), may be analyzed and/or compared to criteria, in order to generate a risk score or a probability score that indicates how close the logged interactions are to a behavioral profile of a victim that operates under duress or to a victim that operates in a vishing attack unknown to himself.

Claim 12
Starikova, Kedem, and Hufsmith disclose the limitations of Claim 1. 
Starikova and Hufsmith do not teach, however, Kedem teaches the fraud prevention system of claim 1, wherein the OAO model includes a feature set with navigation behavioral features, and wherein the navigation behavioral features further include an average of time between focus and first keystroke feature. ([0054] and [0121]) 

Kedem teaches detecting vishing attacks. It would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to include detecting vishing attacks, as in Kedem; and to include determining a threat score for container images or distributed applications, as in Hufsmith, to improve and/or enhance the technology for dynamically modifying an application questionnaire, as in Starikova, because it would amount to combining elements that in the combination would perform the same function as they functioned separately. One of ordinary skill in the art at the effective filing date of the invention would have been motivated to combine the references to provide a computerized system to differentiate or distinguish between: (i) a legitimate user that voluntarily and freely operates under his own free will and without duress, and (ii) the legitimate user that operates under duress and/or that performs computerized operations under the dictated instructions or the dictated guidelines that are conveyed to him by a third party. The user interactions, being performed within a certain user transaction or usage session (e.g., a wire transfer session), may be analyzed and/or compared to criteria, in order to generate a risk score or a probability score that indicates how close the logged interactions are to a behavioral profile of a victim that operates under duress or to a victim that operates in a vishing attack unknown to himself.

Claim 13
Starikova, Kedem, and Hufsmith disclose the limitations of Claim 1. 
Starikova and Hufsmith do not teach, however, Kedem teaches the fraud prevention system of claim 1, wherein the OAO model includes a feature set with navigation behavioral features, and wherein the navigation behavioral features further include a total mouse click count feature. ([0048])

Kedem teaches detecting vishing attacks. It would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to include detecting vishing attacks, as in Kedem; and to include determining a threat score for container images or distributed applications, as in Hufsmith, to improve and/or enhance the technology for dynamically modifying an application questionnaire, as in Starikova, because it would amount to combining elements that in the combination would perform the same function as they functioned separately. One of ordinary skill in the art at the effective filing date of the invention would have been motivated to combine the references to provide a computerized system to differentiate or distinguish between: (i) a legitimate user that voluntarily and freely operates under his own free will and without duress, and (ii) the legitimate user that operates under duress and/or that performs computerized operations under the dictated instructions or the dictated guidelines that are conveyed to him by a third party. The user interactions, being performed within a certain user transaction or usage session (e.g., a wire transfer session), may be analyzed and/or compared to criteria, in order to generate a risk score or a probability score that indicates how close the logged interactions are to a behavioral profile of a victim that operates under duress or to a victim that operates in a vishing attack unknown to himself.

Claim 14
Starikova, Kedem, and Hufsmith disclose the limitations of Claim 1. 
Starikova and Hufsmith do not teach, however, Kedem teaches the fraud prevention system of claim 1, wherein the OAO model includes a feature set with non-behavioral features. ([0056] and [0077])
Kedem teaches detecting vishing attacks. It would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to include detecting vishing attacks, as in Kedem; and to include determining a threat score for container images or distributed applications, as in Hufsmith, to improve and/or enhance the technology for dynamically modifying an application questionnaire, as in Starikova, because it would amount to combining elements that in the combination would perform the same function as they functioned separately. One of ordinary skill in the art at the effective filing date of the invention would have been motivated to combine the references to provide a computerized system to differentiate or distinguish between: (i) a legitimate user that voluntarily and freely operates under his own free will and without duress, and (ii) the legitimate user that operates under duress and/or that performs computerized operations under the dictated instructions or the dictated guidelines that are conveyed to him by a third party. The user interactions, being performed within a certain user transaction or usage session (e.g., a wire transfer session), may be analyzed and/or compared to criteria, in order to generate a risk score or a probability score that indicates how close the logged interactions are to a behavioral profile of a victim that operates under duress or to a victim that operates in a vishing attack unknown to himself.

Claim 15
Starikova, Kedem, and Hufsmith disclose the limitations of Claims 1 and 14. 
Starikova and Hufsmith do not teach, however, Kedem teaches the fraud prevention system of claim 14, wherein the non-behavioral features further include a proxy concealed detection feature. ([0077])
Kedem teaches detecting vishing attacks. It would have been obvious to one of ordinary skill in the art at the effective filing date of the invention to include detecting vishing attacks, as in Kedem; and to include determining a threat score for container images or distributed applications, as in Hufsmith, to improve and/or enhance the technology for dynamically modifying an application questionnaire, as in Starikova, because it would amount to combining elements that in the combination would perform the same function as they functioned separately. One of ordinary skill in the art at the effective filing date of the invention would have been motivated to combine the references to provide a computerized system to differentiate or distinguish between: (i) a legitimate user that voluntarily and freely operates under his own free will and without duress, and (ii) the legitimate user that operates under duress and/or that performs computerized operations under the dictated instructions or the dictated guidelines that are conveyed to him by a third party. The user interactions, being performed within a certain user transaction or usage session (e.g., a wire transfer session), may be analyzed and/or compared to criteria, in order to generate a risk score or a probability score that indicates how close the logged interactions are to a behavioral profile of a victim that operates under duress or to a victim that operates in a vishing attack unknown to himself.









Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:


Turgeman et al (U. S. Patent Application Publication No. 20170221064 A1) – System, Device, and Method of Differentiating Among Users Based on User-Specific Page Navigation Sequence



Turgeman recites systems, devices, and methods for detecting the identity of a user of a computerized service; for determining whether or not an electronic device is being used by a legitimate user; for detecting identity of a user based on navigation sequences; and for differentiating among users. The system monitors user interactions with a financial service or a retailer service, via input units, computer mouse, keyboard, touch screen; the system determines a unique sequence in which each users visits multiple pages, or interacts with multiple interface elements; and the system differentiates among users and flags a transaction as possibly fraudulent.  Turgeman not used as cited references better teach the claimed subject matter.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEVEN R CHISM whose telephone number is (571)272-5915.
The examiner can normally be reached on Monday-Friday 8:00 AM – 4:30 PM EST. 
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Calvin Hewitt II can be reached at (571) 272-6709. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/STEVEN R CHISM/Examiner, Art Unit 3692   
/BRUCE I EBERSMAN/Primary Examiner, Art Unit 3698