Prosecution Insights
Last updated: July 17, 2026
Application No. 17/055,996

FRAUD ESTIMATION SYSTEM, FRAUD ESTIMATION METHOD AND PROGRAM

Final Rejection §103
Filed
Nov 17, 2020
Priority
Jun 26, 2019 — nonprovisional of PCTJP2019025366
Examiner
ABOU EL SEOUD, MOHAMED
Art Unit
2148
Tech Center
2100 — Computer Architecture & Software
Assignee
Rakuten Group Inc.
OA Round
6 (Final)
39%
Grant Probability
At Risk
7-8
OA Rounds
0m
Est. Remaining
76%
With Interview

Examiner Intelligence

Grants only 39% of cases
39%
Career Allowance Rate
84 granted / 215 resolved
-15.9% vs TC avg
Strong +37% interview lift
Without
With
+36.8%
Interview Lift
resolved cases with interview
Typical timeline
4y 2m
Avg Prosecution
34 currently pending
Career history
259
Total Applications
across all art units

Statute-Specific Performance

§101
3.3%
-36.7% vs TC avg
§103
85.6%
+45.6% vs TC avg
§102
8.2%
-31.8% vs TC avg
§112
1.1%
-38.9% vs TC avg
Black line = Tech Center average estimate • Based on career data from 215 resolved cases

Office Action

§103
DETAILED ACTION This is in response to Applicant’s Request for Reconsideration-After Non-Final filed on 4/13/2026 for the application 17/055,996. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 4-19, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over PCT WO2019049210A1. For convenience, the examiner will cite to PGP 20200272849 A1, the US counterpart to the PCT app for convenience [hereinafter D1] in view of Larson et al. [US 20200366671 A1, hereinafter Larson]. As to claim 1, D1 teach a fraud estimation system, comprising at least one processor configured to: store a learning model that has learned a relationship between binary comparison results that indicate whether a first user information of a user in a first service which manages a fist blacklist (¶¶45-46, “… machine learning model (learned model), based on which learning using learning data has been executed, is stored in the model storage device 24”, ¶47, “The score value determination device 16 acquires a learned model stored in the model storage device 24, and determines a score value by using the acquired learned model”, ¶64, “supervised learning may be executed in which the feature vector included in the learning data is used as input data and the result data included in the learning data is used as training data”, ¶55, “the order data includes an order ID, a user ID, IP address data, delivery destination data, a credit card number, a product ID, price data, quantity data, and the like”, ¶79, “ first determined whether or not the value (e.g., user ID) of an attribute of the target order data is included in a white list or a blacklist stored in the fraudulent order determination device …”, ¶59, “ feature extraction device 14 generates, based on, for example, the target order data and past order data stored in the feature extraction device 14, a feature vector representing a feature associated with the target order data. Data representing a comparison result …”) is a match to a second user information of a fraudulent user or an authentic user in a second service which manages a second blacklist (¶79, “ first determined whether or not the value (e.g., user ID) of an attribute of the target order data is included in a white list or a blacklist stored in the fraudulent order determination device … When the value of an attribute is determined to be included on the white list, result data, in which 0 is set as a value, associated with the target order data is generated. Moreover, when the value of an attribute is determined to be included on the black list, result data, in which 1 is set as a value”, ¶55, “the order data includes an order ID, a user ID, IP address data, delivery destination data, a credit card number, a product ID, price data, quantity data, and the like”, examiner notes that order data include multiple attributes, and the fraud system checks whether an attribute is included in a white or blacklist. Therefore, under the broadest reasonable interpretation, separate blacklists correspond to different attributes of user information), a utilization situation in the first service (¶54, “ when an order to be transmitted to the electronic commerce system 10 is generated, order data like that shown in FIG. 3 is transmitted”, ¶55, “the order data includes an order ID, a user ID, IP address data, delivery destination data, a credit card number, a product ID, price data, quantity data, and the like”) and determining a presence or absence of fraudulence in the first service (¶63, “The result data included in the learning data is data indicating the determination result as to whether or not the order associated with the order data is a fraudulent order. In this embodiment, for example, 1 is set as the result data value for an order determined to be a fraudulent order, and 0 is set as the result data value for an order determined not to be a fraudulent order”); wherein the binary comparison result indicates whether the first user information matches the second user information on the second blacklist (¶59, “ feature extraction device 14 generates, based on, for example, the target order data and past order data stored in the feature extraction device 14, a feature vector representing a feature associated with the target order data. Data representing a comparison result …”, ¶79, “white list or a blacklist stored in the fraudulent order determination device 12 (list determination) … result data, in which 0 is set as a value, associated with the target order data is generated. Moreover, when the value of an attribute is determined to be included on the black list, result data, in which 1 is set as a value”, ¶61, “learned model may also output the score value”); wherein the learning model is trained to output a fraudulence flag indicating whether the first user is estimated as fraudulent when the binary comparison result and the utilization situation are input (¶59, “ feature extraction device 14 generates, based on, for example, the target order data and past order data stored in the feature extraction device 14, a feature vector representing a feature associated with the target order data. Data representing a comparison result …”, ¶61, “learned model may also output the score value”, ¶¶63-64, “The result data included in the learning data is data indicating the determination result as to whether or not the order associated with the order data is a fraudulent order. In this embodiment, for example, 1 is set as the result data value for an order determined to be a fraudulent order, and 0 is set as the result data value for an order determined not to be a fraudulent order”); obtain a first binary comparison result from the second service that indicates whether user information of a target user in the first service matches user information of a fraudulent user or an authentic user in the second service blacklist (¶59, “Data representing a comparison result between a value of a predetermined attribute extracted from the target order data and the value of that attribute in the past order data stored in the feature extraction device 14 may be generated”, ¶79, “white list or a blacklist stored in the fraudulent order determination device 12 (list determination) … result data, in which 0 is set as a value, associated with the target order data is generated. Moreover, when the value of an attribute is determined to be included on the black list, result data, in which 1 is set as a value”); obtain a first utilization situation of the first service by the target user (¶54, “ an order to be transmitted to the electronic commerce system 10 is generated, order data like that shown in FIG. 3 is transmitted from the electronic commerce system 10 to the fraudulent order determination device”, ¶55, “the order data includes an order ID, a user ID, IP address data, delivery destination data, a credit card number, a product ID, price data, quantity data, and the like”); input the first binary comparison result and the first utilization information into the learning model (¶59, “ feature extraction device 14 generates, based on, for example, the target order data and past order data stored in the feature extraction device 14, a feature vector representing a feature associated with the target order data”, ¶61, “score value determination device 16 determines, based on an output produced when the feature vector received from the feature extraction device 14 is input to the learned model, the score value associated with the feature vector, that is, the score value associated with the target order data”) and obtain a first fraudulence flag as an output from the learning model indicating whether the target user is estimated as fraudulent (¶59, ¶61, “a larger score value may be determined for an order that has a higher possibility of being a fraudulent order. The score value to be determined may also be a real number”, ¶70, “Therefore, in such a case, 85% is set as the value of fraudulent order level data included in the estimation result data in which 0020050 is set as the order ID. In this way, in this embodiment, the degree of the possibility that the order associated with the target order data is a fraudulent order is estimated”, ¶63, for example, 1 is set as the result data value for an order determined to be a fraudulent order, and 0 is set as the result data value for an order determined not to be a fraudulent order”, ¶70, “the degree of the possibility that the order associated with the target order data is a fraudulent order is estimated”); estimate fraudulence of the target user based on the output from the learning model (¶61, “larger score value may be determined for an order that has a higher possibility of being a fraudulent order”); wherein the first binary comparison result is either affirmative or negative (Fig. 4, ¶59, “Data representing a comparison result between a value of a predetermined attribute extracted from the target order data and the value of that attribute in the past order data stored in the feature extraction device 14 may be generated”, ¶79, ¶63, for example, 1 is set as the result data value for an order determined to be a fraudulent order, and 0 is set as the result data value for an order determined not to be a fraudulent order”, comparison result between attributes match/non-match (i.e. affirmative or negative)); wherein the learning model has learned a relationship between a plurality of comparison results respectively corresponding to a plurality of other services and the presence or absence of fraudulence in the first service (¶59, “the feature extraction device 14, order data having the same user ID as that of the target order data may be identified. Then, data representing the comparison result between the value of the predetermined attribute extracted from the target order data and the value of the attribute in the identified order data may be generated. The feature vector associated with the target order data may also be generated based on the value of the target order data and data representing the comparison result”, ¶45, “the model generation device 22 is, for example, a computer configured to execute learning of a machine learning model using learning data”, ¶¶63-64, “The result data included in the learning data is data indicating the determination result as to whether or not the order associated with the order data is a fraudulent order. In this embodiment, for example, 1 is set as the result data value for an order determined to be a fraudulent order, and 0 is set as the result data value for an order determined not to be a fraudulent order”), wherein the at least one processor is configured to obtain a first plurality of binary comparison results respectively corresponding to the plurality of other services, wherein the at least one processor is configured to obtain output from the learning model based on the plurality of binary comparison results and the first utilization situation (Fig. 1, 14a,14b, …, processors, ¶¶41-45,¶59, “feature extraction device 14 generates, based on, for example, the target order data and past order data stored in the feature extraction device 14, a feature vector representing a feature associated with the target order data. Data representing a comparison result between a value of a predetermined attribute extracted from the target order data and the value of that attribute in the past order data stored in the feature extraction device 14 may be generated … ”, ¶61, “score value determination device 16 determines, based on an output produced when the feature vector received from the feature extraction device 14 is input to the learned model”); wherein the learning model has further learned a relationship between a utilization situation (session usage feature) in the first service and the presence or absence of fraudulence in the first service (Fig. 4, ¶¶55-56, “order data includes an order ID, a user ID, IP address data, delivery destination data, a credit card number, a product ID, price data, quantity data, and the like”, ¶59, “feature extraction device 14 generates, based on, for example, the target order data and past order data stored in the feature extraction device 14, a feature vector representing a feature associated with the target order data …”, ¶45, “the model generation device 22 is, for example, a computer configured to execute learning of a machine learning model using learning data”, ¶62-64, ), wherein the at least one processor is configured to obtain a utilization situation of the first service by the target user, and wherein the at least one processor is configured to obtain output from the learning model based on the utilization situation by the target user (¶¶58-59, “feature extraction device 14 generates, based on, for example, the target order data and past order data stored in the feature extraction device 14, a feature vector representing a feature associated with the target order data …”, ¶61, “score value determination device 16 determines, based on an output produced when the feature vector received from the feature extraction device 14 is input to the learned model”); wherein the at least one processor is configured to limit the use of the first service, based on an IP address associated with target user (¶55, “… FIG. 3, the order data includes an order ID, a user ID, IP address data”), by the target user when the target user is estimated as fraudulent; and wherein the at least one processor is configured to permit the use of the first service by the target user when the target user is estimated as not fraudulent (¶63, “1 is set as the result data value for an order determined to be a fraudulent order, and 0 is set as the result data value for an order determined not to be a fraudulent order”, ¶91, “when the value of the result data associated with the target order data is 0, the electronic commerce system 10 may proceed with the order processing for the order associated with the target order data as a valid order. As another example, when the value of the result data associated with the target order data is 1, the electronic commerce system 10 may stop the order associated with the target order data”). Even though D1 disclose checking values of user’s order attributes against a whitelist and blacklist . Because order data include multiple attributes as User ID, IP address, delivery destination, card data, etc., under broadest reasonable interpretation, the different attributes correspond to different logical lists such as User ID blacklist, IP address blacklist, delivery destination blacklist, card data blacklist, etc.. Thus the first and second blacklists maybe read as different logical attributes based blacklists, even if maintained within a single fraud determination system. However in effort to expedite persecution Larson teach a learning model (¶218, “FIG. 66 illustrates an example NN 6600 suitable for use by the IVS and/or related services“, ¶219, “ NN 6600 may represent one or more ML models that are trained using training data”, ¶228, “ML models are then used by the component 113 and/or IVS 140 to detect malicious/fraudulent behaviors, and/or perform various identity verification tasks”), that has learned a relationship between binary comparison results (¶219, “ML algorithms build or estimate mathematical model(s) (referred to as “ML models,” “models,” or the like) based on sample data (referred to as “training data,” “model training information,” or the like) in order to make predictions, inferences, or decisions”, ¶230, ¶243, “DII is trained on the DIN data to detect behaviors that deviate from trusted digital identity behaviors”, ¶246, “Transactions are compared against the trusted digital identity of the real user to identify anomalies that might indicate the use of stolen identity data, for example a mismatch between devices and locations or identity information usually associated with a digital identity”, ¶226, “The output variables (yi) 6604 may include a determined response (e.g., whether an image or audio data is spoofed or spliced, whether fraudulent activity is detected, and so forth)”, ¶238, ¶253, “Information reviewed includes comparisons of data that should be associated with other data elements (good if they are, bad if they are not) …”) that indicate whether a first user information of a user in a first service which manages a first blacklist (¶112, “where a user is attempting to verify their identity for a financial transaction, the IVS 140 may tie a name on the user's credit card to the name/dentity being authenticated”, ¶230, “Users (enrollees or authenticated users) start their Proven Identity journey through a rapid authentication process”, ¶241, “IVS provides improved customer satisfaction—Fast, easy and secure accessing of the user's account information (e.g., financial, telecom accounts, etc.)“, ¶228, “ML models are then used by the component 113 and/or IVS 140 to detect malicious/fraudulent behaviors, and/or perform various identity verification tasks as discussed herein. After the ML models are trained, the ML models may be utilized for the various services”) is a match to a second user information of a fraudulent user or an authentic user in a second service which manages a second blacklist (¶42, “comparing biographic and/or user agent data against a list of known fraudsters listed in one or more blacklists “, ¶242, “IVS cross-references that information with various identity databases and systems”, ¶¶4-5, “Businesses or government agencies may verify the identity of the real person using identity information … or they may verify identity information against authoritative sources (e.g., credit bureaus, government database(s), corporate database(s), etc.)”, ¶16, ¶18, “other information/data is used to detect fraudulent activity or otherwise determine a likelihood of fraudulent activity. For example, the geolocation and other location information may be compared against a list of location data of known fraudsters …”, ¶29, “some or all of the identity verification services may be provided by or accessed from third party systems/services, and in some of these embodiments, the information provided by the third party systems/services may be enhanced or amended using information collected by the IVS …”, ¶42, ¶55, ¶74, “ allow the client system 105B to access captured biometric and/or identity data, revise or comment on individual data items, and/or search various databases within or outside of the IVS 140 for various information/data about applicants/enrollees”, ¶¶92-93, “ identity assessment is performed by pinging one or more third party identity and/or fraud databases”, ¶243, “IVS is also powered by shared intelligence from over 40,000 websites and apps across industries and geographies to recognize the one unique digital identity associated with every Applicant. Using AI and ML, the IVS tracks authenticity metrics and reputational integrity to separate synthetic and fraudulent identities in real time”, ¶262, “compiled directly from thousands of reliable and trusted sources. This includes all national consumer credit reporting agencies, online, utility …”, ¶248), a utilization situation in the first service, and a presence or absence of fraudulence in the first service (¶41, “IVS servers 145 may derive a time zone and/or geolocation in which the client system 105 is located from an obtained IP address. … the login page may include JavaScript or other like code that obtains and sends back information … such as time zone information, global navigation satellite system (GNSS) and/or Global Positioning System (GPS) coordinates, screen or display resolution of the client system 105, and/or other like information “, ¶42, “comparing biographic and/or user agent data against a list of known fraudsters listed in one or more blacklists“, ¶228, “ML models are then used by the component 113 and/or IVS 140 to detect malicious/fraudulent behaviors, and/or perform various identity verification tasks as discussed herein. After the ML models are trained, the ML models may be utilized for the various services”, ¶243, “IVS is also powered by shared intelligence from over 40,000 websites and apps … Using AI and ML, the IVS tracks authenticity metrics and reputational integrity to separate synthetic and fraudulent identities in real time”, ¶241, “IVS reduces identity theft, fraud, and associated costs”); wherein the binary comparison result indicates whether the first user information matches the second user information on the second blacklist (¶41, “IVS servers 145 may derive a time zone and/or geolocation in which the client system 105 is located from an obtained IP address. … the login page may include JavaScript or other like code that obtains and sends back information … such as time zone information, global navigation satellite system (GNSS) and/or Global Positioning System (GPS) coordinates, screen or display resolution of the client system 105, and/or other like information“, ¶42, “comparing biographic and/or user agent data against a list of known fraudsters listed in one or more blacklists“, ¶226, “The output variables (yi) 6604 may include a determined response (e.g., whether an image or audio data is spoofed or spliced, whether fraudulent activity is detected, and so forth)”); wherein the learning model is trained to output a fraudulence flag indicating whether the first user is estimated as fraudulent when the binary comparison result and the utilization situation are input (¶41, “IVS servers 145 may derive a time zone and/or geolocation in which the client system 105 is located from an obtained IP address. … the login page may include JavaScript or other like code that obtains and sends back information … such as time zone information, global navigation satellite system (GNSS) and/or Global Positioning System (GPS) coordinates, screen or display resolution of the client system 105, and/or other like information “, ¶42, “comparing biographic and/or user agent data against a list of known fraudsters listed in one or more blacklists“, ¶226, “The output variables (yi) 6604 may include a determined response (e.g., whether an image or audio data is spoofed or spliced, whether fraudulent activity is detected, and so forth)”); wherein the first binary comparison result is either affirmative or negative (Fig. 6, 630, Fig. 8, 830, Fig. 28-32, ¶99, “approval decision is generally an automatic answer based on the overall score of the applicant and a configured threshold”, ¶100, ¶226, “The output variables (yi) 6604 may include a determined response (e.g., whether an image or audio data is spoofed or spliced, whether fraudulent activity is detected, and so forth)”; wherein the learning model has learned a relationship between a plurality of comparison results respectively corresponding to a plurality of other services and the presence or absence of fraudulence in the first service (¶42, “comparing biographic and/or user agent data against a list of known fraudsters listed in one or more blacklists; time that the user's identity information has existed, for example, to detect recently established identities that are typically fraudsters; identify known associates of the user and whether or not the known associates are associated with high fraud incidences; a rate of change in address or other biographic information that may indicate a fraudulent identity; run collected biographical data against over 1 to 900 variables and/or attributes to verify biographical information collected during the enrollment is accurate; searching multiple other fraud risk indices to determine if the enrollment is likely for a synthetic identity, an attempt to compromise a real identity, whether the identity is being intentionally manipulated, whether the real person is at risk for being a victim of identity fraud by a third party, and/or whether their identity has previous high risk activity; and/or comparing the collected data from the external sources to verify the information provided by other external sources”), wherein the at least one processor is configured to obtain a first plurality of binary comparison results respectively corresponding to the plurality of other services (¶42, “comparing biographic and/or user agent data against a list of known fraudsters listed in one or more blacklists; time that the user's identity information has existed, for example, to detect recently established identities that are typically fraudsters; identify known associates of the user and whether or not the known associates are associated with high fraud incidences; a rate of change in address or other biographic information that may indicate a fraudulent identity; run collected biographical data against over 1 to 900 variables and/or attributes to verify biographical information collected during the enrollment is accurate; searching multiple other fraud risk indices to determine if the enrollment is likely for a synthetic identity, an attempt to compromise a real identity, whether the identity is being intentionally manipulated, whether the real person is at risk for being a victim of identity fraud by a third party, and/or whether their identity has previous high risk activity; and/or comparing the collected data from the external sources to verify the information provided by other external sources”, ¶92, “identity assessment is performed by pinging one or more third party identity and/or fraud databases”, ¶93, “information from multiple platforms or institutions”), wherein the at least one processor is configured to obtain output from the learning model based on the plurality of binary comparison results and the first utilization situation (¶92, “identity assessment is performed by pinging one or more third party identity and/or fraud databases”, ¶93, “information from multiple platforms or institutions”, “a predictive fraud detection model used“); wherein the at least one processor is configured to limit the use of the first service, based on an IP address associated with target user, , by the target user when the target user is estimated as fraudulent (Fig. 2A, 219, ¶17, “other location information associated with the user's device (e.g., location based on IP addresses even if hidden behind hidden proxies and VPNs) “, ¶40, “ client application 110 may collect various data from the client system 105A without direct user interaction with the client application … an IP address of the client system“, ¶¶41-42, “other location information (e.g., using triangulation, LTE/5G location services, WiFi positioning, IP address location correlations, etc.); comparing biographic and/or user agent data against a list of known fraudsters listed in one or more blacklists; time that the user's identity information has existed, for example, to detect recently established identities that are typically fraudsters; identify known associates of the user and whether or not the known associates are associated with high fraud incidences”, ¶94, ¶242, “VS uses the largest and richest global repository of online digital identity data in the world to filter through over 600,000 known physical addresses, 700,000 unique IP addresses …”); and permit the use of the first service by the target user when the target user is estimated as not fraudulent (Fig. 2A, 217, ¶20, “IVS also prevents identity theft and other fraudulent activities by identifying the tactics used by identity thieves and other malicious actors, and blocks the fraudulent activities and/or notifies potential victims of the fraudulent activities”). D1 and Larson are analogous art to the claimed invention because they are from a similar field of endeavor of fraud prevention process in particular, to identity verification and information security technologies. Thus, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify D1 resulting in resolutions as disclosed by Larson with a reasonable expectation of success. One of ordinary skill in the art would be motivated to modify D1 as described above to allow individual user to update and enhance the completeness of their identity profiles for a more seamless identity verification process when attempting to obtain products or services from third party service providers, and for enhancing user privacy and preventing identity theft or other malicious identity-based abuses (Larson ¶14). As to claim 4, D1-Larson teach the fraud estimation system according to claim 1, wherein, in the first service, fraudulence is estimated based on user information of a predetermined item (D1, ¶¶55-56, “order data includes an order ID, a user ID, IP address data, delivery destination data, a credit card number, a product ID, price data, quantity data, and the like”, Larson, ¶103, “IVS 140 determines, based on the scanned biometric data, that the user is attempting to verify/authenticate their identity for accessing services provided by an SPP 120 (e.g., a financial institution, etc.)”, ¶137, “ verify his/her identity for completing a money transfer using a separate mobile banking application”, ¶112, “ IVS 140 does not authenticate the user just because they have an enrolled identity and are now trying to complete a transaction under a different identity. In these embodiments, the user may register or otherwise store various payment cards (e.g., credit or debit cards) with the IVS 140, and the IVS 140 may match them to the user's identity since accounts at financial institutions or other business may use a variety of names for the same person”, “IVS 140 may tie a name on the user's credit card to the name/dentity being authenticated”), and wherein the utilization situation is a utilization situation about the predetermined item (¶¶55-56, “order data includes an order ID, a user ID, IP address data, delivery destination data, a credit card number, a product ID, price data, quantity data, and the like”, ¶61, utilization situation is the current user session that include product ID, quantity ID, Larson, ¶112, “ IVS 140 does not authenticate the user just because they have an enrolled identity and are now trying to complete a transaction under a different identity. In these embodiments, the user may register or otherwise store various payment cards (e.g., credit or debit cards) with the IVS 140, and the IVS 140 may match them to the user's identity since accounts at financial institutions or other business may use a variety of names for the same person”, “IVS 140 may tie a name on the user's credit card to the name/dentity being authenticated”). The same motivation to combine for claim 1 equally applies for current claim. As to claim 5, D1-Larson teach the fraud estimation system according to claim 1, wherein, in the first service and the second service each, a plurality of items of user information are registered (D1, ¶¶55-56, “order data includes an order ID, a user ID, IP address data, delivery destination data, a credit card number, a product ID, price data, quantity data, and the like”, ¶¶58-59, “feature extraction device 14 generates, based on, for example, the target order data and past order data stored in the feature extraction device 14, a feature vector representing a feature associated with the target order data …”, Larson, ¶112, “ IVS 140 does not authenticate the user just because they have an enrolled identity and are now trying to complete a transaction under a different identity. In these embodiments, the user may register or otherwise store various payment cards (e.g., credit or debit cards) with the IVS 140, and the IVS 140 may match them to the user's identity since accounts at financial institutions or other business may use a variety of names for the same person”, ¶¶134-135), wherein the learning model has learned relationships between a plurality of comparison results respectively corresponding to the plurality of items and the presence or absence of fraudulence in the first service (D1, ¶59, “the feature extraction device 14, order data having the same user ID as that of the target order data may be identified. Then, data representing the comparison result between the value of the predetermined attribute extracted from the target order data and the value of the attribute in the identified order data may be generated. The feature vector associated with the target order data may also be generated based on the value of the target order data and data representing the comparison result”, ¶45, “the model generation device 22 is, for example, a computer configured to execute learning of a machine learning model using learning data”, Larson, ¶243, “IVS is also powered by shared intelligence from over 40,000 websites and apps … Using AI and ML, the IVS tracks authenticity metrics and reputational integrity to separate synthetic and fraudulent identities in real time”, ¶241, Larson, ¶226, “The output variables (yi) 6604 may include a determined response (e.g., whether an image or audio data is spoofed or spliced, whether fraudulent activity is detected, and so forth)”, ¶253, “comparisons of data that should be associated with other data elements (good if they are, bad if they are not)”, ¶246, “Transactions are compared against the trusted digital identity of the real user to identify anomalies that might indicate the use of stolen identity data”, ¶237), wherein the at least one processor is configured to obtain a second plurality of comparison results respectively corresponding to the plurality of items (¶59, “the feature extraction device 14, order data having the same user ID as that of the target order data may be identified. Then, data representing the comparison result between the value of the predetermined attribute extracted from the target order data and the value of the attribute in the identified order data may be generated. The feature vector associated with the target order data may also be generated based on the value of the target order data and data representing the comparison result”, multiple orders and attributes, Larson, ¶238, “IVS compares the image of the user to the facial biometrics captured in the first step”, ¶242, “IVS cross-references that information with various identity databases and systems”, ¶243, “shared intelligence from over 40,000 websites and apps across industries and geographies”, ¶248, “ IVS incorporates multiple identity and fraud database searches and assessments”, ¶253, “comparisons of data that should be associated with other data elements (good if they are, bad if they are not)”, ¶237, ¶246, “Transactions are compared against the trusted digital identity of the real user to identify anomalies that might indicate the use of stolen identity data”, ¶254, “Thousands of attributes are reviewed and aggregated”), and wherein the at least one processor is configured to obtain output from the learning model based on the second plurality of comparison results (D1, ¶61, “score value determination device 16 determines, based on an output produced when the feature vector received from the feature extraction device 14 is input to the learned model”, Larson, ¶218, “NN 6600 suitable for use by the IVS and/or related services”, ¶219, “NN 6600 may represent one or more ML models that are trained using training data. The term “machine learning” or “ML” refers to the use of computer systems implementing algorithms and/or statistical models … to make predictions, inferences, or decisions”, ¶221, “ output layer 6616 outputs the determinations or assessments (yi)”, ¶226, “output variables (yi) 6604 may include a determined response (e.g., whether an image or audio data is spoofed or spliced, whether fraudulent activity is detected, and so forth)”). The same motivation to combine for claim 1 equally applies for current claim. As to claim 6, D1-Larson teach the fraud estimation system according to claim 1, wherein, in the second service, fraudulence is estimated based on user information of a predetermined item (D1, ¶¶55-56, “order data includes an order ID, a user ID, IP address data, delivery destination data, a credit card number, a product ID, price data, quantity data, and the like”, ¶61, “score value determination device 16 determines, based on an output produced when the feature vector received from the feature extraction device 14 is input to the learned model”, Larson, ¶241, “subscribing enterprises and their customers”, ¶243, “IVS is also powered by shared intelligence from over 40,000 websites and apps across industries“, “to separate synthetic and fraudulent identities in real time”, ¶226, “ whether fraudulent activity is detected”, ¶233, “facial biometrics … biometric signature”, ¶234, “hand (palm) biometrics”, ¶236, “voice biometrics”, ¶238, “identity document and biographical data authentication”), wherein the learning model has learned a relationship between a comparison result of user information of the predetermined item and the presence or absence of fraudulence in the first service (D1, ¶59, “the feature extraction device 14, order data having the same user ID as that of the target order data may be identified. Then, data representing the comparison result between the value of the predetermined attribute extracted from the target order data and the value of the attribute in the identified order data may be generated. The feature vector associated with the target order data may also be generated based on the value of the target order data and data representing the comparison result”, ¶45, “the model generation device 22 is, for example, a computer configured to execute learning of a machine learning model using learning data”, Larson, ¶71, ¶219, “ ML models that are trained using training data”, ¶220, “ML algorithms build or develop ML models“), and wherein the at least one processor is configured to obtain a comparison result of the predetermined item (D1, ¶59, “data representing the comparison result between the value of the predetermined attribute extracted from the target order data and the value of the attribute in the identified order data may be generated”, Larson, ¶108, “SBIDS 2B93 generates and sends a confidence score to the SBSP 2B92”, ¶109, “after a confidence score is calculated for each collected secondary biometric data/model. At operation 2B17, the SBSP 2B92 provides matched member and enrollment IDs back to the web service 2B92, and at operation 2B18, the web service determines a highest matching member/enrollment ID that meets a threshold”). The same motivation to combine for claim 1 equally applies for current claim. As to claim 7, D1-Larson teach the fraud estimation system according to claim 1, wherein, in the second service, fraudulence is estimated based on user information of a first item (D1, ¶¶55-56, “order data includes an order ID, a user ID, IP address data, delivery destination data, a credit card number, a product ID, price data, quantity data, and the like”, ¶61, “score value determination device 16 determines, based on an output produced when the feature vector received from the feature extraction device 14 is input to the learned model”, Larson, ¶246, “Transactions are compared against the trusted digital identity of the real user to identify anomalies“, ¶243, “Using AI and ML, the IVS tracks authenticity metrics and reputational integrity to separate synthetic and fraudulent identities in real time “,), wherein the learning model has learned a relationship between a comparison result of user information of a second item and the presence or absence of fraudulence in the first service (¶59, “the feature extraction device 14, order data having the same user ID as that of the target order data may be identified. Then, data representing the comparison result between the value of the predetermined attribute extracted from the target order data and the value of the attribute in the identified order data may be generated. The feature vector associated with the target order data may also be generated based on the value of the target order data and data representing the comparison result”, ¶45, “the model generation device 22 is, for example, a computer configured to execute learning of a machine learning model using learning data”, Larson, ¶226, “The output variables (yi) 6604 may include a determined response (e.g., whether an image or audio data is spoofed or spliced, whether fraudulent activity is detected”, ¶228, “ ML models are then used by the component 113 and/or IVS 140 to detect malicious/fraudulent behaviors, and/or perform various identity verification tasks“, ¶246, “Transactions are compared against the trusted digital identity of the real user to identify anomalies“), and wherein the at least one processor is configured to obtain a comparison result of the second item (D1, ¶59, “the feature extraction device 14, order data having the same user ID as that of the target order data may be identified. Then, data representing the comparison result between the value of the predetermined attribute extracted from the target order data and the value of the attribute in the identified order data may be generated”, Larson, ¶108, “SBIDS 2B93 generates and sends a confidence score to the SBSP 2B92”, ¶109, “the web service determines a highest matching member/enrollment ID that meets a threshold”). The same motivation to combine for claim 1 equally applies for current claim. As to claim 8, D1-Larson teach the fraud estimation system according to claim 1, wherein, in the second service, user information of the target user in the first service and user information of a fraudulent user or an authentic user in the second service are compared (D1, ¶59, “Data representing a comparison result between a value of a predetermined attribute extracted from the target order data and the value of that attribute in the past order data stored in the feature extraction device 14 may be generated. In this case, from among the past order data stored in the feature extraction device 14, order data having the same user ID as that of the target order data may be identified. Then, data representing the comparison result between the value of the predetermined attribute extracted from the target order data and the value of the attribute in the identified order data may be generated”, ¶61, “score value determination device 16 determines, based on an output produced when the feature vector received from the feature extraction device 14 is input to the learned model, the score value associated with the feature vector, that is, the score value associated with the target order data. For example, a larger score value may be determined for an order that has a higher possibility of being a fraudulent order”, Larson, ¶103, “An authentication occurs when the IVS 140 determines, based on the scanned biometric data, that the user is attempting to verify/authenticate their identity for accessing services provided by an SPP 120 (e.g., a financial institution, etc.)”, ¶112, “if a user (as an enrollee or active user) attempts the authentication/verification process and presents a fake identity and the IVS 140 our system confirms their true identity as being different than the fake identity … return the name of the authenticated identity”), and wherein the at least one processor is configured to obtain a result of the comparison from the second service (D1, ¶59, “Data representing a comparison result between a value of a predetermined attribute extracted from the target order data and the value of that attribute in the past order data stored in the feature extraction device 14 may be generated. In this case, from among the past order data stored in the feature extraction device 14, order data having the same user ID as that of the target order data may be identified. Then, data representing the comparison result between the value of the predetermined attribute extracted from the target order data and the value of the attribute in the identified order data may be generated”, Larson, ¶103, “An authentication occurs when the IVS 140 determines, based on the scanned biometric data, that the user is attempting to verify/authenticate their identity for accessing services provided by an SPP 120 (e.g., a financial institution, etc.)”, ¶112, “if a user (as an enrollee or active user) attempts the authentication/verification process and presents a fake identity and the IVS 140 our system confirms their true identity as being different than the fake identity … return the name of the authenticated identity”). The same motivation to combine for claim 1 equally applies for current claim. As to claim 9, D1-Larson teach the fraud estimation system according to claim 1, wherein the at least one processor is configured to receive a utilization request that is a request for use of the first service by the target user (D1, ¶¶55-56, “order data includes an order ID, a user ID, IP address data, delivery destination data, a credit card number, a product ID, price data, quantity data, and the like”, ¶61, “score value determination device 16 determines, based on an output produced when the feature vector received from the feature extraction device 14 is input to the learned model”, order request is utilization request and the order data is request to use the service, Larson, ¶103, “An authentication occurs when the IVS 140 determines, based on the scanned biometric data, that the user is attempting to verify/authenticate their identity for accessing services provided by an SPP 120 (e.g., a financial institution, etc.)”, ¶¶137-138, “a third party platform employee may request to verify a user's identity for completing a money transfer”), and wherein the at least one processor is configured to estimate fraudulence of the target user when the first service is used by the target user (D1, ¶59, “Data representing a comparison result between a value of a predetermined attribute extracted from the target order data and the value of that attribute in the past order data stored in the feature extraction device 14 may be generated. In this case, from among the past order data stored in the feature extraction device 14, order data having the same user ID as that of the target order data may be identified. Then, data representing the comparison result between the value of the predetermined attribute extracted from the target order data and the value of the attribute in the identified order data may be generated”, ¶61, “score value determination device 16 determines, based on an output produced when the feature vector received from the feature extraction device 14 is input to the learned model, the score value associated with the feature vector, that is, the score value associated with the target order data. For example, a larger score value may be determined for an order that has a higher possibility of being a fraudulent order”, Larson, ¶112, “if a user (as an enrollee or active user) attempts the authentication/verification process and presents a fake identity and the IVS 140 our system confirms their true identity as being different than the fake identity … return the name of the authenticated identity”, ¶246, “Transactions are compared against the trusted digital identity of the real user to identify anomalies that might indicate the use of stolen identity data). The same motivation to combine for claim 1 equally applies for current claim. As to claims 10 and 11; Claims 10 and 11 are similar in scope to claim 1; therefore they are rejected under similar rationale. As to claim 12, D1-Larson teach the fraud estimation system according to claim 1, wherein the processor is not configured to receive user information from the first service (Fig. 10A, ¶¶128-129, the processor is processor 12A (fraud determiner) and data are received by receiver 40 not the processor, Larson, ¶103, “text message may include a link 27B13, which when selected by the user by performing a tap gesture 27B20 on the link 27B13, may cause the application 110 to be executed to authenticate the user's identity”). The same motivation to combine for claim 1 equally applies for current claim. As to claim 13, D1-Larson teach the fraud estimation system according to claim 1, wherein the processor is not configured to receive user information from the second service (¶59, “feature extraction device 14 generates, based on, for example, the target order data and past order data stored in the feature extraction device”, Larson, ¶201, “communication circuitry 6409 also includes TRx 6412 to enable communication with wireless networks”, ¶202, “Network interface circuitry/controller (NIC) 6416 may be included to provide wired communication to the network …”, ¶203, “ external interface 6418 (also referred to as “I/O interface circuitry” or the like) is configured to connect or coupled the system 6400 with external devices or subsystems”, ¶242, “the biographical information is collected from the Applicant, the IVS cross-references that information with various identity databases and systems”, ¶219, “After training, an ML model may be used to make predictions on new datasets”, ¶226, “The output variables (yi) 6604 may include a determined response (e.g., whether an image or audio data is spoofed or spliced, whether fraudulent activity is detected”, ¶228, “ML models are then used by the component 113 and/or IVS 140 to detect malicious/fraudulent behaviors”, processor operates on outputs not raw user information). The same motivation to combine for claim 1 equally applies for current claim. As to claim 14, D1-Larson teach the fraud estimation system according to claim 1, wherein the comparison result indicates whether a match of information has occurred or a match of information has not occurred, when comparing user information of the target user and user information of the fraudulent user or authentic user (D1, Fig. 4, ¶59, “Data representing a comparison result between a value of a predetermined attribute extracted from the target order data and the value of that attribute in the past order data stored in the feature extraction device 14 may be generated”, comparison result between attributes match/non-match (i.e. affirmative or negative), Larson, ¶¶235-236, ¶226, “The output variables (yi) 6604 may include a determined response (e.g., whether an image or audio data is spoofed or spliced, whether fraudulent activity is detected,”, ¶228, “The ML models are then used by the component 113 and/or IVS 140 to detect malicious/fraudulent behaviors”, ¶238, “IVS compares the image of the user to the facial biometrics captured in the first step”, ¶242, “IVS cross-references that information with various identity databases and systems”, ¶253, “comparisons of data that should be associated with other data elements (good if they are, bad if they are not)”, ¶237, ¶246, “Transactions are compared against the trusted digital identity of the real user to identify anomalies that might indicate the use of stolen identity data”). The same motivation to combine for claim 1 equally applies for current claim. As to claim 15, D1-Larson teach the fraud estimation system according to claim 1, wherein the learning model is trained with teacher data comprising: utilization situation data including a transaction value and a transaction frequency value (D1, Fig. 4, ¶55, “order data includes an order ID, a user ID, IP address data, delivery destination data, a credit card number, a product ID, price data, quantity data, and the like”, ¶80, “when it is identified that orders from 100 or more different IP addresses have been generated from the same user within one hour, result data, in which 1 is set as a value, associated with the target order data may be generated”, Larson, ¶256, “Evaluating user and device interactions against historical interactions and known bad behaviors creates another valuable identity metric. Variables include frequency and timing of transactions; average time between events, velocity and frequency”, ¶219, “ ML models that are trained using training data”); comparison results data including information indicating whether an Internet protocol address and device identification are blacklisted in each of a plurality of services (D1, ¶¶79-80, “it is first determined whether or not the value (e.g., user ID) of an attribute of the target order data is included in a white list or a blacklist stored in the fraudulent order determination device 12 (list determination)”, Larson, ¶42, “comparing biographic and/or user agent data against a list of known fraudsters listed in one or more blacklists”, ¶101, “when the applicant is declined, the applicant's biographic data may be added to a black list maintained by the SPP 120, which may be used to immediately deny content/services”, ¶248, “an Applicant's computing device 105 is assessed to verify it is associated with the Applicant and not a device known to be associated with fraudulent activities”, ¶245, “IVS detects the use of VPNs and captures WiFi, cellular, and/or GPS details which are compared to IP address information”, ¶247, “global threat information such as known fraudsters and botnet participation”); and a fraudulence flag value which indicates whether the user is fraudulent (D1, Fig. 4, ¶63, “1 is set as the result data value for an order determined to be a fraudulent order, and 0 is set as the result data value for an order determined not to be a fraudulent order”, Larson, ¶226, “The output variables (yi) 6604 may include a determined response (e.g., whether an image or audio data is spoofed or spliced, whether fraudulent activity is detected,”, ¶228, “The ML models are then used by the component 113 and/or IVS 140 to detect malicious/fraudulent behaviors”). The same motivation to combine for claim 1 equally applies for current claim. As to claim 16, D1-Larson teach the fraud estimation system according to claim 1, wherein the processor is configured to store the learning model (D1, ¶47, “model storage device 24 is, for example, a computer configured to store a learned model generated by the model generation device 22”, ¶104, “When the score value determination device 16 detects that a new learned model is stored in the model storage device 24, the score value determination device 16 acquires the new learned model from the model storage device 24”, ¶150, Larson, ¶213, ¶219) that has learned the relationship between comparison results that are the result of comparing the first user information of the user in the first service, which provides a first service to the user, to second user information of the fraudulent user or the authentic user in the second service (D1, ¶59, “Data representing a comparison result between a value of a predetermined attribute extracted from the target order data and the value of that attribute in the past order data stored in the feature extraction device 14 may be generated. In this case, from among the past order data stored in the feature extraction device 14, order data having the same user ID as that of the target order data may be identified. Then, data representing the comparison result between the value of the predetermined attribute extracted from the target order data and the value of the attribute in the identified order data may be generated”, Larson, ¶242, “IVS cross-references that information with various identity databases and systems”, ¶243, ¶246, “Transactions are compared against the trusted digital identity of the real user to identify anomalies that might indicate the use of stolen identity data”), which provides a second service to the user, and determining the presence or absence of fraudulence in the first service (D1, ¶¶62-64, “learned model to which the feature vector associated with target order data is input has learned the learning data shown in FIG. 4. As shown in FIG. 4, the learning data includes, for example, an order ID, a feature vector, and result data”, ¶61, “score value determination device 16 determines, based on an output produced when the feature vector received from the feature extraction device 14 is input to the learned model, the score value associated with the feature vector, that is, the score value associated with the target order data. For example, a larger score value may be determined for an order that has a higher possibility of being a fraudulent order”, ¶67, “fraudulent order determination device 12 generates the estimation result data associated with the target order data shown in FIG. 6 based on the received score value and the evaluation data generated by the evaluation data generation device”, ¶61, ¶¶78-81, fraud/not fraud decision by the system (result data), Larson, ¶226, “The output variables (yi) 6604 may include a determined response (e.g., whether an image or audio data is spoofed or spliced, whether fraudulent activity is detected”, ¶228, “ ML models are then used by the component 113 and/or IVS 140 to detect malicious/fraudulent behaviors, and/or perform various identity verification tasks“). The same motivation to combine for claim 1 equally applies for current claim. As to claim 17, D1-Larson teach the fraud estimation system according to claim 1, wherein the first service is a first electronic settlement service (Fig. 2, 10, ¶39, “computer system configured to process requests for ordering, shipping, payment, and the like of products and services from users”, ¶59, “Data representing a comparison result between a value of a predetermined attribute extracted from the target order data and the value of that attribute in the past order data stored in the feature extraction device 14 may be generated. In this case, from among the past order data stored in the feature extraction device 14, order data having the same user ID as that of the target order data may be identified. Then, data representing the comparison result between the value of the predetermined attribute extracted from the target order data and the value of the attribute in the identified order data may be generated”, Larson, ¶112, “where a user is attempting to verify their identity for a financial transaction, the IVS 140 may tie a name on the user's credit card to the name/dentity being authenticated”, ¶241, “IVS provides improved customer satisfaction—Fast, easy and secure accessing of the user's account information (e.g., financial, telecom accounts, etc.)”, ¶228, “ML models are then used by the component 113 and/or IVS 140 to detect malicious/fraudulent behaviors”, ¶270, “IVS supports transaction confirmation, where data, such as the payee and amount of a payment are signed”); wherein the second service is either a second financial service, a second electronic transaction service, a second insurance service, a second communication service, a second home delivery service, or a second video streaming service (Fig. 2, 10, ¶39, “computer system configured to process requests for ordering, shipping, payment, and the like of products and services from users”, ¶59, “Data representing a comparison result between a value of a predetermined attribute extracted from the target order data and the value of that attribute in the past order data stored in the feature extraction device 14 may be generated. In this case, from among the past order data stored in the feature extraction device 14, order data having the same user ID as that of the target order data may be identified. Then, data representing the comparison result between the value of the predetermined attribute extracted from the target order data and the value of the attribute in the identified order data may be generated”, Larson, ¶241, “IVS provides improved customer satisfaction—Fast, easy and secure accessing of the user's account information (e.g., financial, telecom accounts, etc.)”, ¶243, “IVS is also powered by shared intelligence from over 40,000 websites and apps across industries”, “DIN collects and processes global shared intelligence from millions of daily consumer interactions including logins, payments, and new account applications”, ¶112, “where a user is attempting to verify their identity for a financial transaction, the IVS 140 may tie a name on the user's credit card to the name/dentity being authenticated”); and wherein the comparison result includes information indicating whether the target user is on a blacklist of the first service (¶¶79-80, “it is first determined whether or not the value (e.g., user ID) of an attribute of the target order data is included in a white list or a blacklist stored in the fraudulent order determination device 12 (list determination)”, Larson, ¶42, “comparing biographic and/or user agent data against a list of known fraudsters listed in one or more blacklists”, ¶101, “when the applicant is declined, the applicant's biographic data may be added to a black list maintained by the SPP 120, which may be used to immediately deny content/services”, ¶112, “where a user is attempting to verify their identity for a financial transaction, the IVS 140 may tie a name on the user's credit card to the name/dentity being authenticated”). The same motivation to combine for claim 1 equally applies for current claim. As to claim 18, D1-Larson teach the fraud estimation system according to claim 1, wherein the processor is configured to: request a comparison processing from the first service and the second service (D1, ¶79, “ first determined whether or not the value (e.g., user ID) of an attribute of the target order data is included in a white list or a blacklist stored in the fraudulent order determination device … When the value of an attribute is determined to be included on the white list, result data, in which 0 is set as a value, associated with the target order data is generated. Moreover, when the value of an attribute is determined to be included on the black list, result data, in which 1 is set as a value”, ¶55, “the order data includes an order ID, a user ID, IP address data, delivery destination data, a credit card number, a product ID, price data, quantity data, and the like”, ¶59, “Data representing a comparison result between a value of a predetermined attribute extracted from the target order data and the value of that attribute in the past order data stored in the feature extraction device 14 may be generated. In this case, from among the past order data stored in the feature extraction device 14, order data having the same user ID as that of the target order data may be identified. Then, data representing the comparison result between the value of the predetermined attribute extracted from the target order data and the value of the attribute in the identified order data may be generated”, Larson, ¶104, “the client application 110 sends primary biometric data and secondary biometric data to a web service 2B91”, “web service 2B91 sends the primary biometric data (e.g., face image collected by the client application 110) to a primary biometric service provider 2B94 (e.g., a FaceProvider) with a command/instruction to identify potential matches”, ¶¶105-108, “SBSP 2B92 calls a secondary biometric identity detection service (SBIDS) 2B93 to compare the collected secondary biometric data/model “); receive the first binary comparison result from the first service and the second service (D1, Fig. 4, ¶63, “1 is set as the result data value for an order determined to be a fraudulent order, and 0 is set as the result data value for an order determined not to be a fraudulent order”, ¶79, “result data, in which 0 is set as a value, associated with the target order data is generated”, ¶80, “result data, in which 1 is set as a value, associated with the target order data may be generated”, Larson, ¶¶92-93, “IVS server(s) 145 use the biographic data to perform several real- time checks 211, 212, and 213 using the biographic data”, “SBIDS 2B93 generates and sends a confidence score to the SBSP 2B92”, ¶104, “the client application 110 sends primary biometric data and secondary biometric data to a web service 2B91”, “web service 2B91 sends the primary biometric data (e.g., face image collected by the client application 110) to a primary biometric service provider 2B94 (e.g., a FaceProvider) with a command/instruction to identify potential matches”, ¶108, “SBSP 2B92 calls a secondary biometric identity detection service (SBIDS) 2B93 to compare the collected secondary biometric data/model “, ¶109, “web service determines a highest matching member/enrollment ID that meets a threshold”, ¶112); and wherein the comparison processing determines whether the first user information matches the second user information on the second blacklist (D1, ¶79, “ first determined whether or not the value (e.g., user ID) of an attribute of the target order data is included in a white list or a blacklist stored in the fraudulent order determination device … When the value of an attribute is determined to be included on the white list, result data, in which 0 is set as a value, associated with the target order data is generated. Moreover, when the value of an attribute is determined to be included on the black list, result data, in which 1 is set as a value”, ¶55, “the order data includes an order ID, a user ID, IP address data, delivery destination data, a credit card number, a product ID, price data, quantity data, and the like”, ¶59, “Data representing a comparison result between a value of a predetermined attribute extracted from the target order data and the value of that attribute in the past order data stored in the feature extraction device 14 may be generated”, Larson, Fig. 2B, ¶42, “comparing biographic and/or user agent data against a list of known fraudsters listed in one or more blacklists“,¶92, “The identity assessment is performed by pinging one or more third party identity and/or fraud databases”, ¶93, “IVS server(s) 145 use the biographic data to perform several real- time checks 211, 212, and 213 using the biographic data”, ¶¶103-104, ¶108). The same motivation to combine for claim 1 equally applies for current claim. As to claim 19, D1-Larson teach the fraud estimation system according to claim 15, wherein the processor is configured to: obtain the utilization situation data of the target user by referring to a utilization situation database (D1, ¶54, “order data like that shown in FIG. 3 is transmitted from the electronic commerce system 10 to the fraudulent order determination device 12”, ¶¶55-56, “order data includes an order ID, a user ID, IP address data, delivery destination data, a credit card number, a product ID, price data, quantity data, and the like”, ¶58, “order determination device 12 transmits the target order data to the feature extraction device 14”, data related to current transaction, Larson, ¶54, identity verification service provided by the IVS 140 may include lie (or truthfulness) detection services, which are used to evaluate the truthfulness of the person … changes in behavior”); and train the leaning model (D1, ¶¶62-64, ¶¶98-100, “earning data associated with the target order data is generated based on the feature vector associated with the target order data and the result management data associated with the target order data. For example, learning data including the order ID, the feature vector associated with the order ID, and result management data associated with the order ID may be generated”, Larson, ¶54, “Analysis of the image/video data and the voice data discussed previously for micro-expressions may be accomplished using any suitable AI, machine-learning, and/or deep learning techniques, such as any of those discussed herein and/or variants or combinations thereof”) with the utilization situation data (Fig. 3, comparison results data (D1, ¶59, “Data representing a comparison result between a value of a predetermined attribute extracted from the target order data and the value of that attribute in the past order data stored in the feature extraction device 14 may be generated. In this case, from among the past order data stored in the feature extraction device 14, order data having the same user ID as that of the target order data may be identified. Then, data representing the comparison result between the value of the predetermined attribute extracted from the target order data and the value of the attribute in the identified order data may be generated”, and the fraudulence flag (¶63, “1 is set as the result data value for an order determined to be a fraudulent order, and 0 is set as the result data value for an order determined not to be a fraudulent order”, Larson, ¶54, “IVS 140 may include lie (or truthfulness) detection services, which are used to evaluate the truthfulness of the person during the live interview. Data of existing and/or publicly available videos and audio samples that depict or are otherwise representative of untruthfulness or deception are cross-referenced with collated video data of both failed and successful enrollment attempts on the secure enrollment platform (e.g., IVS 140) to build algorithms on key attributes of deceptiveness, for example, body movements, eye misdirection, voice alterations, and changes in behavior”). The same motivation to combine for claim 15 equally applies for current claim. As to claim 21, D1-Larson teach the fraud estimation system according to: The fraud estimation system according to request comparison result processing from each of the plurality of other services comprising requesting a comparison of the first user information to user information on a blacklist for each of the plurality of other services (D1, ¶59, “data representing the comparison result between the value of the predetermined attribute extracted from the target order data and the value of the attribute in the identified order data may be generated”, ¶79, “it is first determined whether or not the value (e.g., user ID) of an attribute of the target order data is included in a white list or a blacklist”, Larson, ¶92, “The identity assessment is performed by pinging one or more third party identity and/or fraud databases”, ¶93, “IVS server(s) 145 use the biographic data to perform several real- time checks 211, 212, and 213 using the biographic data”, ¶18, “geolocation and other location information may be compared against a list of location data of known fraudsters”, “collected information data may be compared with one or more credit bureaus and other publicly available databases”, ¶86, “primary biometric match may be a one-to-many (1:N) comparison with other identity DBOs”); wherein the request comprises a first user IP address and a first user device identification as the first user information (¶55, “ order data includes an order ID, a user ID, IP address data, delivery destination data, a credit card number, a product ID, price data, quantity data, and the like”, Larson, ¶40, “client application 110 may cause the client system 105 to generate and transmit one or more HTTP messages with a header portion including, inter alia, an IP address of the client system … a user agent string contained in a User Agent field. The user agent string may indicate an operating system (OS) type/version being operated by the client system 105, system information of the client system 105, an application version/type or browser version/type of the client application 110, a rendering engine version/type implemented by the client application 110, a device and/or platform type of the client system“, ¶94); obtain the first plurality of binary comparison results indicating whether the first user information is present or not present on the blacklist for each of the plurality of other services by receiving an other service binary comparison result from each of the plurality of other services (D1, ¶59, “data representing the comparison result between the value of the predetermined attribute extracted from the target order data and the value of the attribute in the identified order data may be generated”, ¶79, “it is first determined whether or not the value (e.g., user ID) of an attribute of the target order data is included in a white list or a blacklist”, Larson, Fig. 2B, ¶92, “The identity assessment is performed by pinging one or more third party identity and/or fraud databases”, ¶93, “IVS server(s) 145 use the biographic data to perform several real- time checks 211, 212, and 213 using the biographic data”, ¶18, “geolocation and other location information may be compared against a list of location data of known fraudsters”, “collected information data may be compared with one or more credit bureaus and other publicly available databases”). Response to Arguments Applicant argue that Tomoda does not disclose obtaining information from other services that each maintain a blacklist, considering blacklist information (let alone user information matches), or training the model based on the various relationships (Remarks P. 13). Examiner respectfully disagrees, as the claim does not require different service providers, so the first service and the second service could be owned by single provider that match different attributes (e.g. user-ID, IP-address, or credit card) for blacklist to detect fraud. Under broadest reasonable interpretation attribute checking functions can be considered as a logical service, and each attribute type is associated with a corresponding logical blacklist. The system obtain comparison results and use it as feature data for the learned fraud. If the services term is interpreted more narrowly to require external or third party services, Larson further support that interpretation by teaching third party identity fraud databases and blacklists of know fraudsters. Applicant argue that Larson does not disclose the amended features. The blacklists mentioned in paragraph [0042] are discussed in the context of the identity verification for the Identify Verification Service ("IVS") servers while the machine learning discussed in paragraph [0243], is directed to "detect[ing] behaviors that deviate from trusted digital identity behaviors during each Applicants' enrollment into the IVS." Accordingly, Larson does not disclose training based on the comparison result and the utilization situation. Otherwise stated, while Larson discloses cross referencing blacklist information ([0042]) and training a machine learning model based on user activity ([0243]), it does not disclose training based on a relationship between these. Examiner respectfully disagrees, applicant arguments read Larson in isolation of the whole reference disclosure. Larson does not merely disclose an unrelated backlist check as in ¶42 and unrelated machine learning process. Larson describes an integrated IVS fraud verification in which user information is collected and evaluated against fraud related information. Larson ¶42 teaches comparing biographic and user agent data against known fraudsters listed in one or more blacklists, and ¶92-93 further disclose performing identity assessment by pinging one or more third party identity and/or fraud databases, performing real-time identity check, fraud scoring, and identity assessment checks, and using a predictive fraud detection model to determine whether the provided biographic data is authentic or includes fraudulent identity information. Larson also teaches that the results of these checks are associated with the applicant’s identity session. Larson blacklist database comparison results are part of the same fraud scoring and identity assessment flow, not separated unrelated teachings. In addition, ¶¶71-72 disclose models trained with training datasets, prediction based on collected IVS information, and learning from the collected data to produce updated models . Therefore, Larson teach fraud identity comparison results, including blacklist comparison results, as information used by trained fraud detection models See at least Fig. 2A. In addition D1 expressly teach generating comparison result data as part of feature inputted to a fraud model and training the model using fraud/non fraud results data. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). Applicant argue that cross-referencing a publicly available blacklist is not the same as obtaining the binary comparison result for training. For example, being able to generally cross reference a blacklist cannot be used to obtain training data for multiple different users. Examiner respectfully disagrees, Both D1 and Larson teach binary comparison results for training or use by a fraud detection model. The binary result is the output for every user, whether the user information is present or not present in the blacklist. The blacklist itself is not the training data, the yes or no result generated from the comparison is what is used as feature data. Therefore Larson teaches comparing user information against known fraudster blacklists and fraud databases, and D1 teaching of comparison results data as features input to a learned fraud model trained with fraud and non-fraud result data, both teach binary comparison results for training. In additions as D1 and Larson use machine learning models to detect fraud and fraudulent identity, the models are trained to learn relationships between input information and fraud related outcomes. As the system use the blacklist database match information as part of the fraud assessments, those binary comparisons (match or no match) must be type of feature information used in the trained model. Applicant argue that that the cited references do not disclose "obtain a first binary comparison result from the second service that indicates whether user information of a target user in the first service matches user information of a fraudulent user or an authentic user in the second blacklist. Examiner respectfully disagrees, D1 teach the blacklist comparison where the system determine whether a value of an attribute of the order data attributes (¶55) is included in a whitelist or a blacklist and generates 0/1 result See at least ¶79, “ first determined whether or not the value (e.g., user ID) of an attribute of the target order data is included in a white list or a blacklist stored in the fraudulent order determination device … When the value of an attribute is determined to be included on the white list, result data, in which 0 is set as a value, associated with the target order data is generated. Moreover, when the value of an attribute is determined to be included on the black list, result data, in which 1 is set as a value”. Larson further disclose comparing biographic and user data against known fraudsters listed in multiple blacklists by pinging one or more databases (¶92-93). Applicant argue that nowhere in the cited sections, however, is there any disclosure of a second service comparing user data from the first service to its own blacklist data or sending that comparison result back to the first service. Rather the comparison in Tomoda is not from a second service and the blacklist analysis in Larson is a cross-reference as discussed above. Examiner respectfully disagrees, the claim does not require different service providers, so the first service and the second service could be owned by single provider that match different attributes (e.g. user-ID, IP-address, or credit card) for blacklist to detect fraud. Under broadest reasonable interpretation attribute checking functions can be considered as a logical service, and each attribute type is associated with a corresponding logical blacklist. Therefore checking a user order attributes against whitelist or blacklist and generating 0/1 output result is binary comparison result for the claimed services and blacklists. Further Larson ¶42 teaches comparing biographic and user agent data against known fraudsters listed in one or more blacklists, and ¶92-93 further disclose performing identity assessment by pinging one or more third party identity and fraud databases, performing real-time identity correlation, fraud scoring, and identity assessment checks, and using a predictive fraud detection model to determine whether the provided biographic data is synthetic or includes fraudulent identity information. Larson also teaches that the results of these checks are associated with the applicant’s identity session. Therefore, Larson teaches obtaining a per applicant comparison result from fraud check, whether the comparison indicates whether the user information matches fraud related information. As to the remaining dependent claims, applicant argue that they are allowable due to their respective direct and indirect dependencies upon one of the aforementioned Independent claims. The examiner respectfully disagrees, Independent claims were not allowable as stated in the paragraph above in this “Response to Arguments” section in this office action. Conclusion The prior art made of record and not relied upon is considered pertinent to the applicant' s disclosure. US Patent Application Publication No. 20190020759 filed by Kuang that disclose the ability to detect fraud based on different user characteristics as checking if the user is in a black list owned by third party as FBI frauds and scams database See at least ¶¶49 Examiner has pointed out particular references contained in the prior arts of record in the body of this action for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and Figures may apply as well. It is respectfully requested from the applicant, in preparing the response, to consider fully the entire references as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior arts or disclosed by the examiner. It is noted that any citation to specific pages, columns, figures, or lines in the prior art references any interpretation of the references should not be considered to be limiting in any way. A reference is relevant for all it contains and may be relied upon for all that it would have reasonably suggested to one having ordinary skill in the art. In re Heck, 699 F.2d 1331-33, 216 USPQ 1038-39 (Fed. Cir. 1983) (quoting In re Lemelson, 397 F.2d 1006, 1009, 158 USPQ 275, 277 (CCPA 1968)). THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMED ABOU EL SEOUD whose telephone number is (303)297-4285. The examiner can normally be reached Monday-Thursday 9:00am-6:00pm MT. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Michelle Bechtold can be reached at (571) 431-0762. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /MOHAMED ABOU EL SEOUD/Primary Examiner, Art Unit 2148
Read full office action

Prosecution Timeline

Show 21 earlier events
Dec 17, 2025
Request for Continued Examination
Jan 02, 2026
Response after Non-Final Action
Jan 14, 2026
Non-Final Rejection mailed — §103
Mar 13, 2026
Interview Requested
Mar 24, 2026
Examiner Interview Summary
Mar 24, 2026
Applicant Interview (Telephonic)
Apr 13, 2026
Response Filed
Jun 24, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12657476
WEAK SUPERVISION FRAMEWORK FOR LEARNING TO LABEL CONCEPT EXPLANATIONS ON TABULAR DATA
3y 7m to grant Granted Jun 16, 2026
Patent 12639116
ADJUSTING MENTAL STATE TO IMPROVE TASK PERFORMANCE
3y 1m to grant Granted May 26, 2026
Patent 12632118
MOTION GESTURE SENSING DEVICE AND VEHICLE-MOUNTED UNIT MANIPULATION SYSTEM HAVING SAME
3y 12m to grant Granted May 19, 2026
Patent 12602602
SYSTEMS AND METHODS FOR VALIDATING FORECASTING MACHINE LEARNING MODELS
4y 9m to grant Granted Apr 14, 2026
Patent 12578719
PREDICTION OF REMAINING USEFUL LIFE OF AN ASSET USING CONFORMAL MATHEMATICAL FILTERING
3y 1m to grant Granted Mar 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

7-8
Expected OA Rounds
39%
Grant Probability
76%
With Interview (+36.8%)
4y 2m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 215 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month