Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION

Status of Claims
Claims 1-22 are subject to examination.  

Specification
The title is objected to because the title of the invention is not descriptive.  A new title is required that is clearly indicative of the invention to which the claims are directed. The present title is well known in the art (please see cited arts), too broad and not sufficient for proper classification of the claimed subject matter. The title should also reflect claimed invention,
FRAUD DETECTION USING FRAUD SCORE FOR REQUEST COMPUTED WITH MACHINE LEARNING BASED PREDICTION MODEL, please refer to MPEP 606 for title contents.
Appropriate correction is required.

Drawings
The figures submitted on 2/6/19 are noted. Figure 5 should be designated by a legend such as --Prior Art-- because only that which is old is illustrated.  See MPEP § 608.02(g).   

    PNG
    media_image1.png
    656
    929
    media_image1.png
    Greyscale

Addition of novel elements to claim 5 is suggested to overcome the rejections. 
A proposed drawing correction or corrected drawings are required in reply to the Office action to avoid abandonment of the application.  The amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended.  The replacement sheet(s) should be labeled --Replacement Sheet-- in the page header (as per 37 CFR 1.84(c)) so as not to obstruct any portion of the drawing figures.  If the examiner does not accept the changes, the applicant will be notified and informed of any required corrective action in the next Office action.  The objection to the drawings will not be held in abeyance.


Claim Objections
Claim 13 is objected to because of the following informalities:  
Claim 13 contains, “by a training dataset comprising a plurality of training instances, wherein each training The system of Claim 12,”, which should be -- The system of Claim 12,--
Appropriate correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claim(s) 1, 3, 5, 6, 10-12, 14, 16, 17, 21, 22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bailor et al., 2015/0310195 in view of Allen, 10,320,841.
Referring to claim(s) 1, 12, Bailor substantially discloses a system/method comprising: a local feature generator generating, based on message originated from a client device that represent an input request for service subscription (request for subscription, para 36, 38), local feature of the input request (feature for the single request, para 10, 4, 50); a global feature generator determining, based on a population of input requests (several requests from plurality of users, para 73) originated from a population of client devices (para 73), global feature of the input requests (para 73, 14); wherein the global feature generator generating, from the global feature via mapping function, mapped global feature of the input request (mapping of the feature, para 111, 106); model predictor applying machine learning (ML) based prediction model to the local feature and the mapped global feature of the input request to compute data for the input request (para 54, 117), fraud detector using the fraud data for the input request to determine whether the input request for service subscription is to be accepted (para 23). Bailor does not specifically mention about, which is well-known in the art, which Allen discloses, a fraud score,
FIG. 13 is a block diagram illustrating an example method of a service denying or approving a user request based on whether the user request exceeds a fraud score threshold or not;  FIG. 13 is a block diagram illustrating an example method 1300 of a service denying or approving a user request based on whether the user request exceeds a fraud score threshold or not. The method 1300 begins where a user request is received 1302 and a fraud score is calculated 1304 using a fraud score heuristic. In one example, a fraud score can be calculated based on how close the characteristics of the request, or a set of requests, matches a pattern for fraudulent requests or sets of requests. Referring to the example above, closeness to a pattern can include a calculation of the distance of subject request or request set characteristics from one or more cluster centroids that define a pattern for malicious requests.
(119) At 1306 a determination is made whether the fraud score exceeds a fraud threshold, and if so, the user request is denied 1308 based on the fraud score exceeding the fraud threshold. On the other hand, if the fraud score does not exceed the fraud threshold, then the user request is approved 1320 based on the fraud score not exceeding the fraud threshold, col., 20, line 60 - col., 21, line 12.
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Bailor to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known fraud score. The fraud score would be based on aggregated information associated with the potential fraud. Whether to take an action and whether the fraud has occurred would be based on the value of the fraud score as compared to a fraud threshold. For example, a request would be denied if the fraud score is more than the threshold, col., 20, line 60 - col., 21, line 12.

Referring to claim(s) 3, 14, Bailor discloses wherein the ML based prediction model include one of: artificial neural networks, multi-layer perceptron, convolutional neural networks, deep neural networks, feedforward neural networks, recurrent neural networks, models based on boosting frameworks, models based on AdaBoost, models based on gradient boosting, regression analysis models, linear regression models, non-linear regression models, support vector machines, decision trees, or Gaussian process regression models, para 111.

Referring to claim(s) 5, 16, Allen discloses determining whether the fraud score for the input request is below a minimum fraudulent score threshold; in response to determining that the fraud score for the input request is below the minimum fraudulent score threshold, determining that the input request is not fraudulent, col., 21, lines 5-21.

Referring to claim(s) 6, 17, Allen discloses wherein the client-device-originated message representing the input request confirms a subscription of a user operating the client device to cloud-based media content service, para 114, 53.

Referring to claim(s) 10, 21, Allen discloses wherein the message includes one of: HTML messages, XML messages, SOAP messages, JSON messages, AJAX messages, or RESTful messages (para 107).

Referring to claim(s) 11, 22, Allen discloses wherein the message is originated from the client device by way of one of: web views or applications running on the client device (para 73, 141).

Claim(s) 2, 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bailor in view of Allen and Cao et al., 10460320.
Referring to claim(s) 2, 13, Bailor discloses wherein the ML based prediction model is trained by a training dataset comprising a plurality of training instances (para 136), wherein each training instance in the plurality of training instances comprises training local feature and mapped training global feature of a training input request (para 111, 106) and wherein the training local feature of the training input request are of same feature types as the local feature of the input request (para 54, 117), wherein the mapped training global feature is mapped from training global feature of a population of training input requests via the mapping function (para 111, 106), and wherein the training global feature is of same feature types as the global feature (para 54, 117). 
Bailor and Allen do not specifically mention about, which is well-known in the art, which Cao discloses, a training label, At block 725, the model generation system can receive training labels for the training transactions. The training labels identify a risk that particular training transactions are fraudulent. In some embodiments, the training labels can be provided as a vector y comprising a value, such as a value between 0 and 1, where 1 indicates that a transaction is fraudulent. In some embodiments, the training labels are manually determined based on a manual review of the training data, col., 16, lines 44-50.
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Bailor to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known training label.  The training label would provide identifying a risk/fraud that particular the entity / training transaction is fraudulent. The identification would enable taking an action for the security of system, col., 16, lines 44-50.

Claim(s) 4, 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bailor in view of Allen and Cogan et al., 20200005080.
Referring to claim(s) 4, 15, Bailor and Allen do not disclose, which is well-known in the art, which Cogan discloses wherein the ML based prediction model include a ML based prediction model to be re-trained based on one of: a model re-training time schedule, a drop in prediction accuracy, inclusions of input-request originating application in fraudulent application list, inclusions of input-request originating application in app store, or changes in distributions of the global feature, para 86. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Bailor to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing re-training of the machine learning based prediction model. The retraining would enable updating the model with updated features for accounting new fraud related information, para 86.

Claim(s) 7, 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bailor in view of Allen and Yang et al., CN 106357628.
Referring to claim(s) 7, 18, Bailor and Allen do not disclose, which is well-known in the art, which Yang discloses filtering out suspicious input requests, among all received input requests, based on a rule- based system; performing request aggregation with respect to the input request based on a unique identifier that uniquely identifies a user operating the client device, wherein the unique identifier represents one of: client device properties, browser properties, web view properties, or a mobile station international subscriber directory number 
(a first filtering module for filtering the attack IP address from the suspicious user IP address of the first residual amount threshold value according to preset request URL, and the filtered first remaining suspicious user IP address as first suspicious user IP address, paragraph fourteen, page 4; Specifically, step 103 filtering the attack IP address from the first remaining suspicious user IP address by the service request information in the session information, and obtaining a second residual of the suspicious user IP address comprises: filtering the attack IP address from the first residual of suspicious user IP address, and the first remaining after filtering for suspicious user IP address as first suspicious user IP address; the filtering suspicious request URL does not correct the first suspicious user IP address in the IP address of the user according to the preset URL path according to the preset request URL number threshold value. and the first suspicious user IP address after filtering as the second suspicious user IP address; the skipping relationship the suspect user IP address IP address in said second suspect user request URL to jump relation is not correct filtering according to a preset URL. and the filtered second suspicious user IP address as third suspicious user IP address, host field the filtering request field is not correct in the third suspect user IP address of the suspicious user IP address according to preset server. third suspicious user IP address and the filter as a fourth suspect user IP address, IP address request the suspicious user URL length is not correct in the fourth suspect user IP address filtering according to the preset URL length, second paragraph, page 8, the first filtering module 231 for filtering the attack IP address from the suspicious user IP address of the first residual amount threshold value according to preset request URL, and the filtered first remaining suspicious user IP address as first suspicious user IP address, para 3, page 11).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Bailor to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known filtering out suspicious requests. This would enable preventing potential attack on the system. The fraudulent information would be skipped and the requests would be handled for associated actions to be carried out, para 3, page 11.

Claim(s) 8, 9, 19, 20, is/are rejected under 35 U.S.C. 103 as being unpatentable over Bailor in view of Allen and Kolotinsky, JP 2017146951 A.  
Referring to claim(s) 8, 19, Bailor and Allen do not disclose, which is well-known in the art, which Kolotinsky discloses wherein the input request is determined to be non-fraudulent by a rule based system applying a set of fraud detection rules to the input request (para 6, 7, page 9). Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Bailor to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known fraud detection rules for the request. Upon applying the rules to the request the request would be determined to be without fraud or not. When the request is fraudulent necessary actions would be implemented to prevent the system from attack, para 6, 7, page 9.

Referring claims 9, 20, wherein the set of fraud detection rules are generated based on one of: heuristics, expert knowledges, user input, UI interactive states, or Wireless Application Service Providers’ Association (WASPA) blocking lists, para 6, 7, page 9.
.  




Conclusion
Bailor substantially discloses Applicant’s invention:
a system/method comprising: a local feature generator generating, based on message originated from a client device that represent an input request for service subscription (request for subscription, para 36, 38), local feature of the input request (feature for the single request, para 10, 4, 50); a global feature generator determining, based on a population of input requests (several requests from plurality of users, para 73) originated from a population of client devices (para 73), global feature of the input requests (para 73, 14); wherein the global feature generator generating, from the global feature via mapping function, mapped global feature of the input request (mapping of the feature, para 111, 106); model predictor applying machine learning (ML) based prediction model to the local feature and the mapped global feature of the input request to compute data for the input request (para 54, 117), fraud detector using the fraud data for the input request to determine whether the input request for service subscription is to be accepted (para 23). Bailor does not specifically mention about, which is well-known in the art, which Allen discloses, a fraud score,
FIG. 13 is a block diagram illustrating an example method of a service denying or approving a user request based on whether the user request exceeds a fraud score threshold or not;  FIG. 13 is a block diagram illustrating an example method 1300 of a service denying or approving a user request based on whether the user request exceeds a fraud score threshold or not. The method 1300 begins where a user request is received 1302 and a fraud score is calculated 1304 using a fraud score heuristic. In one example, a fraud score can be calculated based on how close the characteristics of the request, or a set of requests, matches a pattern for fraudulent requests or sets of requests. Referring to the example above, closeness to a pattern can include a calculation of the distance of subject request or request set characteristics from one or more cluster centroids that define a pattern for malicious requests.
At 1306 a determination is made whether the fraud score exceeds a fraud threshold, and if so, the user request is denied 1308 based on the fraud score exceeding the fraud threshold. On the other hand, if the fraud score does not exceed the fraud threshold, then the user request is approved 1320 based on the fraud score not exceeding the fraud threshold, col., 20, line 60 - col., 21, line 12.
In order to not delay prosecution of this application, Applicant is reminded to not merely add well-known limitations.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARESH PATEL whose telephone number is (571)272-3973.  The examiner can normally be reached on M-F 9-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado, can be reached at (571) 272-7624. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HARESH N PATEL/Primary Examiner, Art Unit 2496