FRAUD DETECTION SYSTEM, FRAUD DETECTION METHOD, AND PROGRAM

§101 §103

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Status of Claims This action is in reply to the response filed on 5/16/2025. Claims 1-7, 10, 12, 14, 15 and 17-19 have been amended. New claims 21-23 have been added. Claims 1-23 are currently pending and have been examined. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-23 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. A Section 101 analysis is below. Step 1 – are the claims directed to a process, machine, manufacture or composition of matter. The system of claim 1, method of claim 14, and CRM of claim 15 are within the statutory categories of invention. Step 2A, prong one – do the claims recite a judicial exception, which is an abstract idea enumerated in MPEP 2106, a law of nature, or a natural phenomenon. Using the text of claim 14 as an example, claims 1, 14 and 15 recite: 14. A fraud detection method, comprising: acquiring user feature information relating to a feature of a user in a first service, where said user has a pending login request to said first service; acquiring user identification information with which the user is identifiable; acquiring, based on the user identification information, result information relating to a result of a second fraud detection operation of the user in a second service which uses a different fraud detection engine for detecting a fraud from a fraud detection engine of the first service; customizing a first set of rules which the first service uses to perform a first fraud detection operation based on a second set of rules which the second service uses to perform the second fraud detection; and perform the first fraud detection operation in the first service based on the user feature information in the first service and the result information in the second service. Referring to the limitations above, independent claims 1, 14 and 15 are each directed to an abstract idea enumerated in MPEP 2106. Specifically, claims 1, 14 and 15 are each directed to the abstract idea of certain methods of organizing human activity. More specifically, as drafted each of claims 1, 14 and 15 only recite the commercial and legal interaction of fraud detection by acquiring user feature information relating to a feature of a user in a first service, where said user has a pending login request to said first service; acquiring user identification information with which the user is identifiable; acquiring, based on the user identification information, result information relating to a result of a second fraud detection operation of the user in a second service which uses a different fraud detection for detecting a fraud from a fraud detection of the first service; customizing a first set of rules which the first service uses to perform a first fraud detection operation based on a second set of rules which the second service uses to perform the second fraud detection; and perform the first fraud detection operation in the first service based on the user feature information in the first service and the result information in the second service. Regarding commercial interaction, detection of fraud is directly tied to a transaction performance guaranty. Please see MPEP 2106.04(a)(2)(II)(B) which lists both of a transaction performance guarantee and mitigating settlement risk as examples of commercial or legal interaction. MPEP 2106.04(a)(2)(II)(B) also lists an agreement in the form of a contract as an example of a commercial or legal interaction. It is respectfully submitted that “acquiring, based on the user identification information, result information relating to a result of a second fraud detection operation of the user in a second service which uses a different fraud detection engine for detecting a fraud from a fraud detection engine of the first service” is an example of an agreement between the second service and the first service to provide a fraud detection operation. Accordingly, each of claims 1, 14 and 15 are directed to the judicial exception of an abstract idea. Although placed in the certain methods of organizing human activity grouping of abstract ideas, it is further respectfully noted that MPEP 2106(a)(2)(III)(C), in relation to the mental processes grouping of abstract ideas, refers to FairWarning IP, LLC v. Iatric Sys., Inc., 839 F.3d 1089, 120 USPQ2d 1293 (Fed. Cir. 2016) and specifically notes “The patentee in FairWarning claimed a system and method of detecting fraud and/or misuse in a computer environment, in which information regarding accesses of a patient’s personal health information was analyzed according to one of several rules (i.e., related to accesses in excess of a specific volume, accesses during a pre-determined time interval, or accesses by a specific user) to determine if the activity indicates improper access. 839 F.3d. at 1092, 120 USPQ2d at 1294. The court determined that these claims were directed to a mental process of detecting misuse, and that the claimed rules here were "the same questions (though perhaps phrased with different words) that humans in analogous situations detecting fraud have asked for decades, if not centuries." 839 F.3d. at 1094-95, 120 USPQ2d at 1296.” In the present case, it is respectfully submitted that the detection of fraud by using multiple criteria and sharing information is something that humans in analogous situations have done since well before the effective filing date. Regarding the feature added in the response filed 5/16/2025 of “customizing a first set of rules which the first service uses to perform a first fraud detection operation based on a second set of rules which the second service uses to perform the second fraud detection”, please see Applicant’s PG Pub, [0092], [0093], noting “For example, the second fraud detection engine may be created by an administrator of the second service manually customizing the first fraud detection engine” which demonstrates the claimed customizing is performing a mental process in a computer environment. Step 2A, prong two – do the claims recite additional elements that integrate the judicial exception into a practical application. Integration of the judicial exception into a practical application requires an additional element or a combination of additional elements in the claim to apply, rely on, or use the judicial exception in a manner that imposes a meaningful limit on the judicial exception, such that the claim is more than a drafting effort designed to monopolize the exception. Regarding claims 1, 14 and 15, these claims only recite the additional element of a processor and engine to perform acquiring user feature information relating to a feature of a user in a first service, where said user has a pending login request to said first service; acquiring user identification information with which the user is identifiable; acquiring, based on the user identification information, result information relating to a result of a second fraud detection operation of the user in a second service which uses a different fraud detection for detecting a fraud from a fraud detection of the first service; customizing a first set of rules which the first service uses to perform a first fraud detection operation based on a second set of rules which the second service uses to perform the second fraud detection; and perform the first fraud detection operation in the first service based on the user feature information in the first service and the result information in the second service. The computer components are recited at a high-level of generality (e.g., to receive, store, or transmit data) such that it amounts no more than mere instructions to apply the exception using generic computer components. Accordingly, the additional elements do not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. Please see MPEP 2106.05(f)(1) discussing when the claim recites only the idea of a solution or outcome i.e., the claim fails to recite details of how a solution to a problem is accomplished this does not show integration into a practical application. Please see MPEP 2106.05(f)(2) discussing when the claim invokes computers or other machinery merely as a tool to perform an existing process including use of a computer or other machinery for economic tasks this does not show integration into a practical application. Please see Applicant’s PG Pub, [0092]-[0094]. Please also see MPEP 2106.05(g) regarding insignificant extra-solution activity including data gathering and outputting. It is further noted that the claimed invention as recited in claims 1, 14 and 15 do not pertain to an improvement in the functioning of the computer components themselves or a technological solution to a technological problem. Step 2B – do the claims recited additional elements that amount to significantly more than the judicial exception. Regarding claims 1, 14 and 15, as discussed above with respect to integration of the abstract idea into a practical application, the additional elements of a processor and engine to perform acquiring user feature information relating to a feature of a user in a first service, where said user has a pending login request to said first service; acquiring user identification information with which the user is identifiable; acquiring, based on the user identification information, result information relating to a result of a second fraud detection operation of the user in a second service which uses a different fraud detection for detecting a fraud from a fraud detection of the first service; customizing a first set of rules which the first service uses to perform a first fraud detection operation based on a second set of rules which the second service uses to perform the second fraud detection; and perform the first fraud detection operation in the first service based on the user feature information in the first service and the result information in the second service amounts to no more than mere instructions to apply the exception using generic computer components. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The computer components implementing the abstract idea appear to be generic in view of at least Applicant’s PG Pub, [0030]. Moreover, Applicant’s PG Pub, [0043], [0044], notes that for the first and second fraud detection engines, rules and machine learning, various “publicly known” engines, methods and rules can be used. As noted in the Applicant’s PG Pub, [0092], an administrator may manually customize the first fraud detection engine. Accordingly, claims 1, 14 and 15 do not recite additional elements that amount to significantly more than the judicial exception. In view of the above analysis, independent claims 1, 14 and 15 are not patent eligible. Dependent claims 2-13 and 16-23 do not cure the deficiencies in their respective base claims, and are also not patent eligible. Specifically, claims 2-13 and 16-23 merely refine the abstract idea (2A1) by invoking a computer as a tool to perform an existing process (2A2, 2B). Regarding the further additional elements in the dependent claims including second learning model (claim 4); plurality of second learning models (claim 5); engine (claim 8, 9, 11); data format relating to a predetermined domain-specific language (claim 12); first electronic payment service, second electronic payment service (claim 13); user id, ip address, time, device id (claim 21); device (claim 23), please see MPEP 2106.05(f)(2) discussing when the claim invokes computers or other machinery merely as a tool to perform an existing process including use of a computer or other machinery for economic tasks this does not show integration into a practical application or provide significantly more. In specific regards to claims 21 and 23, please also see MPEP 2106.05(g) regarding insignificant extra-solution activity including data gathering and outputting. Response to Arguments Applicant's arguments filed 5/16/2025 have been fully considered and are addressed below. Regarding the rejection under 35 U.S.C. 101, Applicant’s arguments have been fully considered but they are not persuasive. Regarding the arguments concerning Step 2A, prong one, the certain methods of organizing human activity grouping of abstract ideas includes commercial interactions. As recited in the claims, the invention is directed to detecting a fraud based on information. Regarding commercial interaction, detection of fraud is directly tied to a transaction performance guaranty. Please see claim 13, reciting a payment service. Further, MPEP 2106(a)(2)(III)(C), in relation to the mental processes grouping of abstract ideas, specifically lists detecting fraud as an abstract idea. It is respectfully noted that the claims only recite “fraud detection” without reciting how fraud is actually detected, beyond that it is accomplished by separate “services”. Regarding Applicant’s arguments regarding Step 2A, prong two, integration into a practical application requires an additional element or a combination of additional elements in the claim to apply, rely on, or use the judicial exception in a manner that imposes a meaningful limit on the judicial exception, such that the claim is more than a drafting effort designed to monopolize the exception. Limitations that are indicative of integration into a practical application include improvements to the functioning of a computer, applying the judicial exception with a particular machine, effecting transformation of a particular article to a different state or thing or applying the judicial exception in some other meaningful was beyond generally linking the use of the judicial exception to a particular technological environment. It is respectfully submitted that the feature cited by the Applicants, “acquire, based on the user identification information, result information relating to a result of a second fraud detection operation of the user in a second service which uses a different fraud detection engine for detecting a fraud from a fraud detection engine of the first service; [[and]] customize a first set of rules which the first service uses to perform a first fraud detection operation based on a second set of rules which the second service uses to perform the second fraud detection; and perform [[a]] the first fraud detection operation in the first service based on the user feature information in the first service and the result information in the second service” is mere instructions to apply an exception. Please see MPEP 2106.05(f)(1) discussing when the claim recites only the idea of a solution or outcome i.e., the claim fails to recite details of how a solution to a problem is accomplished this does not show integration into a practical application. Please see MPEP 2106.05(f)(2) discussing when the claim invokes computers or other machinery merely as a tool to perform an existing process including use of a computer or other machinery for economic tasks this does not show integration into a practical application. The claims do not recite details how the customization is accomplished and instead use a computer for an economic task. Applicant’s PG Pub, [0093], only notes “instead of the administrator of the second service manually customizing the first fraud detection engine, the engine acquisition module 201 acquires the second fraud detection engine by automatically customizing the first fraud detection engine”. Regarding Example 42, it is respectfully submitted that the MPEP is controlling. Moreover, it is respectfully submitted that the reasoning of claim 2 of Example 42, which was cited as ineligible, applies to claims 1, 14 and 15 of the present application in that the claim as a whole merely describes how to generally “apply” the concept of customizing rules which a fraud detection engine uses in a computer environment. The claimed computer components are recited at a high level of generality and are merely invoked as tools to perform an existing fraud detection process. Regarding Step 2B, no arguments appear to have presented regarding Step 2B. Step 2B is directed to whether the claim recites additional elements that amount to an inventive concept (AKA “significantly more”) than the judicial exception. MPEP 2106.05(d) gives examples recognized by the courts of known computer functions including “receiving or transmitting data over a network”, “performing repetitive calculations”, “electronic recordkeeping”, “storing and retrieving information in memory”, and “recording a customer’s order”, all of which directly correspond to the generically claimed operations of the present claims, which claim detecting fraud based on information. It is further respectfully noted that in accordance with Applicant’s PG Pub, [0043], [0044], [0050], [0069], [0070], the Applicant admits the use of publicly known engines, machine learning methods, rules, data formats, aggregation processing and rule generation. Regarding the arguments directed to new claim 21, claim 21 recites “the user feature information is selected from the group consisting of: user id, ip address, time, device id, name, posts, followers, following, gender, email, and age.” Applicant argues “Applicant submits that clarifying the user feature information further defines how the fraud rules are used and how fraud is detected, and therefore applicant submits that the claimed invention recites an improved method for fraud detection as explained in the response filed November 26, 2024.” The Examiner respectfully disagrees. Please see MPEP 2106.05(g) discussing insignificant extra-solution activity including mere data gathering is not sufficient to show integration into a practical application in Step 2A2 or significantly more in Step 2B. Regarding the arguments directed to new claim 22, claim 22 recites “wherein the at least one processor is configured to automatically customize the first set of rules based on a stored relationship between the first service and the second service.” Applicant argues “Applicant submits that this claim furthers the argument as set forth with claim 1 and further clarifies that the customization is performed automatically and therefore cannot be performed mentally as well as how the customization is based on the stored relationships between the services.” The Examiner respectfully disagrees. Please see MPEP 2106.05(f)(2) discussing when the claim invokes computers or other machinery merely as a tool to perform an existing process including use of a computer or other machinery for economic tasks this does not show integration into a practical application or provide significantly more. Regarding the arguments directed to new claim 23, claim 23 recites “wherein the first set of rules comprises a rule for a distance from a central place of use, a difference from a normal usage time, or a difference from a normally used device.” Applicant argues “Applicant submits that these features clarify that the system is addressing computer- specific fraud problems with a computer-specific technical solution. That is, the first set of rules are based on rules addressing user activity to determine fraud on the service.” The Examiner respectfully disagrees. Please see MPEP 2106.05(g) discussing insignificant extra-solution activity including mere data gathering is not sufficient to show integration into a practical application in Step 2A2 or significantly more in Step 2B. MPEP 2106.05(g) specifically notes “An example of pre-solution activity is a step of gathering data for use in a claimed process, e.g., a step of obtaining information about credit card transactions, which is recited as part of a claimed process of analyzing and manipulating the gathered information by a series of steps in order to detect whether the transactions were fraudulent.” Regarding the rejections under 35 U.S.C. 103, Applicant’s arguments have been fully considered and are persuasive. The rejection under 35 U.S.C. 103 has been withdrawn. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure includes: US 20210357940; US 10902327; US 20190261222; US 20180103038; US 20170308822; US 20160034897; US 20140250011; US 20130054438; US 20120278246; and US 20080109874. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Gregory Harper whose telephone number is (571)272-5481. The examiner can normally be reached M-Th 7am-5pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Calvin Hewitt II can be reached on (571) 272-6709. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /GREGORY HARPER/Examiner, Art Unit 3692