ASSESSING RISK OF FRAUD ASSOCIATED WITH USER UNIQUE IDENTIFIER USING TELECOMMUNICATIONS DATA

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 10/16/2025 has been entered. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-8, 10-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Stubblefield (US 20150106265) in view of Ranft (US 20160232546) further in view of Sharma (US 20230136732). Regarding claim 1 and 17, Stubblefield teaches a computer-implemented method for assessing risk of fraud associated with a unique identifier, the method comprising: receiving a unique identifier (Communication number) for a telecommunication device associated with a user (Fig. 2A Block 205, [0030] “the client request processing module 222 provides the communication number and/or the parameters of the request .. to obtain network characteristics data relating to the communication number); querying a telecommunication network traffic dataset to identify data associated with the unique identifier ([0032] “When the client request processing module 222 uses the SS7 network data query engine 228 to retrieve information related to a communication number” [0034] “the communication number processing system 200 receives a request to verify a communication number. A communication number verification module 226 verifies the communication number by retrieving and evaluating data associated with the communication number using one or more verification”); “wherein the traffic data includes data associated with a plurality of past voice or short message SMS sessions associated with the unique identifier ([0035] Block S120, which recites at a fraud score system receiving usage data of a telephony platform component, functions to collect data used to calculate a fraud score. The usage data is preferably data collected and .. typically reflects operational metrics of a telephony platform. For example, a call history database may store records of when calls were made and what the destination endpoints were for those calls. In this example, the primary purpose of the call history database may be for analytics but the data may additionally be used for calculating a fraud score. More preferably the fraud scoring system is coupled through a network to a plurality of telephony platform components .. coupled to the fraud scoring system may include call history databases, messaging history databases”, [0044] “Similarly, the behavioral risk factor may be evaluated by determining whether the communication number is associated with untimely, irregular or nonpayment of bills, bill payment using risky forms of payment, frequent changes to communication number address and/or location”; Table 1, 3. Communication number status (e.g., disconnected, unreachable, busy) 4 Roaming status (e.g., roaming in another country) 10 History of changes to communication number address and/or location (e.g., frequent change of billing address, geographically scattered location pattern)” ). receiving, in response to the query, the traffic data (Stubblefield, “[0034] “the communication number processing system 200 receives a request to verify a communication number. A communication number verification module 226 verifies the communication number by retrieving and evaluating data associated with the communication number using one or more verification rules ..The communication number reputation database table 285 may include ..a number of correct/incorrect responses during a verification attempt, a number of verification attempts, a length of time between verification attempts, a failed verification count, a successful verification count ..transaction history.. history of changes to communication number type .. fraud level, date, time, reported fraudulent transaction history”); analyzing the received traffic data associated with the unique identifier to identify a plurality of attribute values indicative of potentially fraudulent use by the user of the telecommunication device (Stubblefield, “[0034] “the communication number processing system 200 receives a request to verify a communication number. A communication number verification module 226 verifies the communication number by retrieving and evaluating data associated with the communication number [0051] “some of the modules such as the communication number fraud analysis module 230 and/or the communication number risk scoring engine 232 are based on models (e.g., fraud analysis models, risk models) that are generated and/or refined by one or more machine-learning algorithms or techniques.”) selecting, from a plurality of machine learning (ML) models, a ML model ([0044] “The communication number risk scoring engine 232 evaluates one or more attributes and/or characteristics associated with each risk factor according to one or more risk models in determining a communication number risk score.” This evaluation according to a risk model would necessarily require a selection of a model). generating, based on a selected machine learning model, a risk score based on the plurality of attribute values to indicate a risk of fraud associated with the unique identifier (Stubblefield, [0044] The communication number risk scoring engine 232 evaluates one or more attributes and/or characteristics associated with each risk factor according to one or more risk models in determining a communication number risk score. [0051] “the algorithms implemented by the communication number processing system are based on supervised learning and use data relating to communication numbers that have been confirmed as fraudulent communication numbers (i.e., known data and known responses) to build and/or refine the models for predicting frauds and generating fraud risk scores”). Stubblefield teaches determining, based on the plurality of attribute values associated with the unique identifier (Fig. 4 shows step 420b “determine attributes of each communication number” [0062] “the communication number processing system determines a risk score for each communication number based on corresponding reputational characteristics (from block 420a), attributes (from block 420b)”). However, Stubblefield does not explicitly teach determining, based on the plurality of attribute values, a cluster and that the model associated with the cluster. In an analogous art, Ranft teach determining, based on the plurality of attribute values, a cluster ([0165] “in FIG. 41, the system uses a machine learning clustering process 1224 to cluster populations of users based on their attributes”); and that the model associated with the cluster ([0165] in FIG. 41, the system uses a machine learning clustering process 1224 to cluster populations of users based on their attributes and to form aggregate model profiles for the respective clusters.) Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the invention to modify Stubblefield's teaching of attributes associated with the unique identifier to include Ranft's teaching of determining, based on the plurality of attribute values, a cluster in order to improve uncover hidden patterns, reduce redundance and improve model performance. Ranft's teaching of determining, based on the plurality of attribute values, a cluster combined with Stubblefield’s teaching of the attributes associated with the unique identifier would result in determining, based on the plurality of attribute values, a cluster with the unique identifier. Stubblefield was cited above for the teaching of “wherein the traffic data includes data associated with a plurality of past voice or short message SMS sessions associated with the unique identifier; However, for completeness and compact prosecution purpose, Sharma is additionally cited to show a more explicit teaching of “wherein the traffic data includes data associated with a plurality of past voice” (Abstract, “A method including: receiving one or more datasets indicating call activity corresponding to a phone number; analyzing the one or more datasets to identify unusual call activity; and generating a fraud prediction, based at least in part on the identified unusual call activity, that the phone number will be used for fraud.” “[0411] The abuse database 924 may also collect information about Resp Orgs and other industry details in an offline mode. The abuse information may be captured in the toll-free number abuse database 924. This information may then be processed using a rating engine 928 to compute the toll-free number rating... predictive analytics methods of the TFMP, as described herein, may be used to infer abuse or unusual call activity, the results of which may be used in computing a rating. In an embodiment, the identification of abuse may be an inference of an abuse event produced by a predictive analytics engine that is associated with the TFMP based on at least a call history and metadata relating to calls placed over the toll-free telecommunications number.”) Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the invention to modify Stubblefield’s teaching of fraud detection to be specifically of traffic data associated with past voice call (dataset of call activity) to determine and predict a potential fraud number and thereby enable the user to avoid picking up the phone of a fraudulent number. Regarding claim 13, Stubblefield and Ranft teach the computer-implemented method for analyzing network use behavior associated with a mobile telephone of a user to assess a likelihood of fraudulent activity by that user, the method comprising: receiving a mobile telephone number (communication number) associated with the user ([0030] “the client request processing module 222 provides the communication number and/or the parameters of the request .. to obtain network characteristics data relating to the communication number”); receiving a dataset of a network traffic representing network sessions on a telecommunications network in a defined time period ([0032] “When the client request processing module 222 uses the SS7 network data query engine 228 to retrieve information related to a communication number”, [0034], ''by retrieving and evaluating data associated with the communication number”; [0050] “. By way of example, the pattern detector 236 can detect a pattern where communication numbers associated with a specific mobile carrier that were activated within a certain period of time (e.g., last three months) have a high level of failed verifications.”); identifying, within the dataset, network sessions associated with the mobile telephone number (Stubblefield, [0034], "a number of correct/incorrect responses during a verification attempt, a number of verifications attempts a length of time between verification attempts"); “wherein the network sessions associated with the mobile telephone number, comprises data associated with a plurality of past voice or short message SMS sessions associated with the unique identifier ([0035] Block S120, which recites at a fraud score system receiving usage data of a telephony platform component, functions to collect data used to calculate a fraud score. The usage data is preferably data collected and .. typically reflects operational metrics of a telephony platform. For example, a call history database may store records of when calls were made and what the destination endpoints were for those calls. In this example, the primary purpose of the call history database may be for analytics but the data may additionally be used for calculating a fraud score. More preferably the fraud scoring system is coupled through a network to a plurality of telephony platform components .. coupled to the fraud scoring system may include call history databases, messaging history databases”, [0044] “Similarly, the behavioral risk factor may be evaluated by determining whether the communication number is associated with untimely, irregular or nonpayment of bills, bill payment using risky forms of payment, frequent changes to communication number address and/or location”; Table 1, 3. Communication number status (e.g., disconnected, unreachable, busy) 4 Roaming status (e.g., roaming in another country) 10 History of changes to communication number address and/or location (e.g., frequent change of billing address, geographically scattered location pattern)” ). analyzing the network sessions associated with the mobile telephone number to identify dynamic attribute values associated with likely fraudulent activities (Stubblefield, [0051], "use data relating to communication numbers that have been confirmed as fraudulent communication numbers" and "For example, based on an analysis of data relating to a set of communication numbers, a "length of service" attribute may be identified as a pattern"); and selecting, from a plurality of machine learning (ML) models, a ML model ([0044] “The communication number risk scoring engine 232 evaluates one or more attributes and/or characteristics associated with each risk factor according to one or more risk models in determining a communication number risk score.” This evaluation according to a risk model would necessarily require a selection of a model). assigning, via a selected machine learning model, a risk score to the mobile telephone number based on the identified dynamic attribute values ([0044] The communication number risk scoring engine 232 evaluates one or more attributes and/or characteristics associated with each risk factor according to one or more risk models in determining a communication number risk score. [0051] “the algorithms implemented by the communication number processing system are based on supervised learning and use data relating to communication numbers that have been confirmed as fraudulent communication numbers (i.e., known data and known responses) to build and/or refine the models for predicting frauds and generating fraud risk scores”). Stubblefield teaches determining, based on the plurality of attribute values associated with the unique identifier (Fig. 4 shows step 420b “determine attributes of each communication number” [0062] “the communication number processing system determines a risk score for each communication number based on corresponding reputational characteristics (from block 420a), attributes (from block 420b)”). However, Stubblefield does not explicitly teach determining, based on the plurality of attribute values, a cluster and that the model associated with the cluster. In an analogous art, Ranft teach determining, based on the plurality of attribute values, a cluster ([0165] “in FIG. 41, the system uses a machine learning clustering process 1224 to cluster populations of users based on their attributes”); and that the model associated with the cluster ([0165] in FIG. 41, the system uses a machine learning clustering process 1224 to cluster populations of users based on their attributes and to form aggregate model profiles for the respective clusters.) Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the invention to modify Stubblefield's teaching of attributes associated with the unique identifier to include Ranft's teaching of determining, based on the plurality of attribute values, a cluster in order to improve uncover hidden patterns, reduce redundance and improve model performance. Ranft's teaching of determining, based on the plurality of attribute values, a cluster combined with Stubblefield’s teaching of the attributes associated with the unique identifier would result in determining, based on the plurality of attribute values, a cluster with the unique identifier. Stubblefield was cited above for the teaching of “wherein the traffic data includes data associated with a plurality of past voice or short message SMS sessions associated with the unique identifier; However, for completeness and compact prosecution purpose, Sharma is additionally cited to show the teaching of “wherein the traffic data includes data associated with a plurality of past voice” (Abstract, “A method including: receiving one or more datasets indicating call activity corresponding to a phone number; analyzing the one or more datasets to identify unusual call activity; and generating a fraud prediction, based at least in part on the identified unusual call activity, that the phone number will be used for fraud.” “[0411] The abuse database 924 may also collect information about Resp Orgs and other industry details in an offline mode. The abuse information may be captured in the toll-free number abuse database 924. This information may then be processed using a rating engine 928 to compute the toll-free number rating... predictive analytics methods of the TFMP, as described herein, may be used to infer abuse or unusual call activity, the results of which may be used in computing a rating. In an embodiment, the identification of abuse may be an inference of an abuse event produced by a predictive analytics engine that is associated with the TFMP based on at least a call history and metadata relating to calls placed over the toll-free telecommunications number.”) Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the invention to modify Stubblefield’s teaching of fraud detection to be specifically of traffic data associated with past voice call (dataset of call activity) to determine and predict a potential fraud number and thereby enable the user to avoid picking up the phone of a fraudulent number. Regarding claim 2, Stubblefield, Ranft and Sharma teach the method of claim 1, wherein the unique identifier is a telephone number (Stubblefield, [0016] A communication number includes any identifier that can be used to place a voice call (e.g., a fixed telephone number), place a video call (e.g., a mobile phone number), send a short message service (SMS), send a multimedia message service (MMS), and/or initiate other types of communication”). Regarding claim 3, Stubblefield, Ranft and Sharma teach the method of claim 1, wherein the telecommunication device is a smartphone (Stubblefield, [0016] A communication number includes any identifier that can be used to place a voice call (e.g., a fixed telephone number), place a video call (e.g., a mobile phone number), send a short message service (SMS), send a multimedia message service (MMS), and/or initiate other types of communication”). Regarding claim 4 and 19, Stubblefield, Ranft and Sharma teach the method of claim 1, wherein the received telecommunication network use data is analyzed based on a risk scoring model generated by analysis of historical telecommunication network use (Stubblefield, [0042] The communication number risk scoring engine 232 determines a risk score or a fraud score for the communication number 205. In an embodiment, a calculation of a risk score for a communication number is based on a risk model that takes into consideration various factors indicative of fraud.. such as location, behavior, historical.. and network derived characteristics. Communication number related data associated with these factors may be obtained by initiating one or more queries to the SS7 network) Regarding claim 5 and 20, Stubblefield, Ranft and Sharma teach the method of claim 4, wherein the risk scoring model is generated using machine learning (Stubblefield, [0051] “the communication number risk scoring engine 232 are based on models (e.g., fraud analysis models, risk models) that are generated and/or refined by one or more machine-learning algorithms or techniques”). Regarding claim 6, Stubblefield, Ranft and Sharma teach the method of claim 1, wherein the data characterizing telecommunication network use includes data associated with a plurality of voice or short message service (SMS) sessions (Stubblefield, “[0035] “the communication number verification module 226 initiates an SMS, a phone call, an instant message, or the like to the communication number to initiate verification of the communication number” [0016] A communication number includes any identifier that can be used to place a voice call (e.g., a fixed telephone number), place a video call (e.g., a mobile phone number), send a short message service (SMS) [0030] “the client request processing module 222 provides the communication number to a SS7 (Signaling System No. 7) network data query engine 228 to obtain network characteristics data relating to the communication number... Mobile .. use the SS7 for call and short message service (SMS) delivery, roaming, mobility management, prepaid, subscriber authentication, and various other services”). Regarding claim 7, Stubblefield, Ranft and Sharma teach the method of claim 1, wherein the plurality of attribute values includes static and dynamic attributes of network use associated with the unique identifier (Stubblefield, [0043] a communication number risk score is calculated as a weighted sum or average of individual risk scores. The score generated may also be normalized to get a risk score within a certain range. By way of an example, a risk model for determining a risk score for a communication number may include: (1) static or standard; (2) location; (3) behavioral; (4) reputational; and/or (5) network-derived risk factors). Regarding claim 8, Stubblefield, Ranft and Sharma teach the method of claim 7, wherein one of the dynamic attributes is a velocity attribute calculated based on a quantity of telecommunication network sessions associated with the unique identifier during a specified time period (Stubblefield [0044] “Similarly, the behavioral risk factor may be evaluated by determining whether the communication number is associated with untimely, irregular or nonpayment of bills, bill payment using risky forms of payment, frequent changes to communication number address and/or location”; Table 1, 3. Communication number status (e.g., disconnected, unreachable, busy) 4 Roaming status (e.g., roaming in another country) 10 History of changes to communication number address and/or location (e.g., frequent change of billing address, geographically scattered location pattern)”). Regarding claim 10, Stubblefield, Ranft and Sharma teach the method of claim 1, further comprising: transmitting the risk score to a service to assist the service in deciding to grant or deny an access request, or require additional verification (Stubblefield [0059] “for a Phone ID score between 0 to 400, the client system may determine that the level of risk is acceptable and decide to grant the transaction request. Alternately, for a Phone ID score between 601 to 1000, the client system 310 may determine that the transaction is risky, and deny the transaction request.”). Regarding claim 11, Stubblefield, Ranft and Sharma teach the method of claim 1, further comprising: generating a combined score, wherein the combined score is generated based on the risk score and a previously-generated risk score, and wherein the previously-generated risk score is adjusted based on any difference in time between when the risk score was generated and when the previously- generated risk score was generated (Stubblefield [0039] “Similarly, a communication number that was recently activated may pose more risk than a communication number that has been activated for a longer time”). Regarding claim 12, Stubblefield, Ranft and Sharma teach the method of claim 1, further comprising: applying a scaling factor to the risk score based on an age of the received telecommunication network use data (Stubblefield [0039] “Similarly, a communication number that was recently activated may pose more risk than a communication number that has been activated for a longer time”). Regarding claim 14, Stubblefield, Ranft and Sharma teach the method of claim 13, wherein the network traffic associated with the mobile telephone number comprises a plurality of voice calls and short message service (SMS) messages transacted through the telecommunications network. (Stubblefield, “[0035] Block S120, which recites at a fraud score system receiving usage data of a telephony platform component, functions to collect data used to calculate a fraud score. The usage data is preferably data collected and .. typically reflects operational metrics of a telephony platform. For example, a call history database may store records of when calls were made and what the destination endpoints were for those calls. In this example, the primary purpose of the call history database may be for analytics but the data may additionally be used for calculating a fraud score. More preferably the fraud scoring system is coupled through a network to a plurality of telephony platform components .. coupled to the fraud scoring system may include call history databases, messaging history databases”). Regarding claim 15, Stubblefield, Ranft and Sharma teach the method of claim 13, wherein the risk score is assigned using a risk scoring model generated by analysis of network traffic using machine learning (Stubblefield, [0051] “the communication number risk scoring engine 232 are based on models (e.g., fraud analysis models, risk models) that are generated and/or refined by one or more machine-learning algorithms or techniques”). . Regarding claim 16, Stubblefield, Ranft and Sharma teach the method of claim 13, wherein the risk score is a numerical score (Stubblefield [0046] “in addition to or in lieu of a risk score for a communication number, a rating is generated by the communication number risk scoring engine 232 to indicate a level of risk associated with a risk score or a range of risk scores. Table 4 below provides an example list of risk ratings and corresponding risk score range”). Regarding claim 18, Stubblefield, Ranft and Sharma teach the non-transitory computer-readable medium of claim 17, wherein the unique identifier is a telephone number and the telecommunication device is a mobile phone (Stubblefield, [0016] A communication number includes any identifier that can be used to place a voice call (e.g., a fixed telephone number), place a video call (e.g., a mobile phone number), send a short message service (SMS), send a multimedia message service (MMS), and/or initiate other types of communication”). Claim(s) 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Stubblefield, Ranft and Sharma in view of Cook (US 20060149674). Regarding claim 9, Stubblefield, Ranft and Sharma teach the method of claim 1, except for generating a reason code wherein the reason code corresponds to the risk score and a likely user classification associated with the unique identifier. In an analogous art, Cook teaches generating a reason code wherein the reason code corresponds to the risk score and a likely user classification associated with the unique identifier ([0026] In response to each input identity record, the inventive system generates a return identity record containing a numerical "fraud score" indicative of the likelihood that the input identity record is fraudulent together with a set of "reason codes" related to the score. Specifically, the reason codes comprise discrete indicators of the factors likely contributing to the fraud score, and may be used to guide a fraud investigator in determining whether an identity record is actually fraudulent.) Therefore, it would have been obvious for one of ordinary skill in the art before the effectively filing date of the invention to modify Stubblefield’s teaching of detecting fraud to also include Cook’s teaching of reason codes to provide a more informative guide in determining an identity is fraud. Response to Arguments Applicant’s arguments with respect to claim(s) 1-5, 7-20 have been considered but are moot because the new ground of rejection. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to DUNG L LAM whose telephone number is (571)272-6497. The examiner can normally be reached Monday -Thursday 9-5pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Matthew Anderson can be reached at 571-272-4177. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /DUNG L LAM/Examiner, Art Unit 2646 /MATTHEW D. ANDERSON/Supervisory Patent Examiner, Art Unit 2646