Office Action Predictor
Application No. 17/909,746

LEARNING MODEL CREATING SYSTEM, LEARNING MODEL CREATING METHOD, AND PROGRAM

Final Rejection §103
Filed
Sep 06, 2022
Examiner
POUDEL, SAMIKSHYA NMN
Art Unit
2436
Tech Center
2400 — Computer Networks
Assignee
Rakuten Group, INC.
OA Round
4 (Final)
41%
Grant Probability
Moderate
5-6
OA Rounds
2y 10m
To Grant
99%
With Interview

Examiner Intelligence

41%
Career Allow Rate
7 granted / 17 resolved
Without
With
+77.8%
Interview Lift
avg trend
2y 10m
Avg Prosecution
30 pending
47
Total Applications
career history

Statute-Specific Performance

§101
16.0%
-24.0% vs TC avg
§103
54.8%
+14.8% vs TC avg
§102
17.9%
-22.1% vs TC avg
§112
11.2%
-28.8% vs TC avg
Black line = Tech Center average estimate • Based on career data

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments In the remarks filed on 08/25/2025. The applicant amended claims 1,4, 14 and 15 are amended. Claims 17 and 18 have been added. Claims 2 and 16 remain cancelled. With respect to 35 U.S.C. §102 and 103 rejections: Applicant's arguments filed on 08/25/2025 have been received and entered. Applicant's arguments with respect to the newly amended independent claims, see Applicant Arguments 9-15, with respect to the rejection (s) of independent claims 1, 14 and 15 have been fully considered. Regarding claim 1, Applicant argues that Warrick, in combination with song fails to teach the amended limitation of claim 1 reciting “wherein the usage information indicates a type of services used of the service, and an operation of the user” applicant further argues that Warrick’s data does not describe the usage information such as “types of service” and “user operation” and Song’s authentication process is unrelated to the claimed features. Applicant also asserts that combination of Warrick and Song lacks motivation to combine since adding timing of the authenticated information after the predetermined authentication has no impact on fraud detection system in Warrick. These argument are not persuasive because of the following reasons: Warrick explicitly teaches that transaction and behavioral data collected at a point of sale (POS) terminal includes multiple fields describing the nature and characteristics of the transaction. As disclosed in Warrick discloses such data includes Transaction type such as sale, return, exchange, payment etc., Tender type such as cash, credit card, debit card, gift card, and non-merchandise service transactions all indicates the type of service used. Warrick further records line-item details including product identifiers, price, discount, override and tax values, which reflect the content of the use of service. Moreover , Warrick describes explicit user operations such as applying discounts, performing refunds or exchanges, performing voids, and adjusting prices, see par [0108-0123, 0232-0266], which corresponds directly to the claimed operation of user. Thus, Warrick alone discloses that usage information that indicates both the type of service used and the operation of the user as claimed. Thus, Under BRI, Warrick still teaches the added limitation. Applicant’s argument regarding “predetermined authentication” aspect, song clearly teaches a possession-based authentication executed from a user terminal using a physical financial card via NFC communication, [0014-0019, 0046-0048]. Song further teaches that the authenticated user is the individual whose UID and PIN are verified by the authentication server, see par [0071-0076] and Warrick teaches “use AI to detect fraud in sales activity data (i.e., authenticated information action of authenticate user) that can be obtained from one or more POSs 99 (i.e., a user terminal of a predetermined service) (e.g., in a large chain, sales data can be obtained from hundreds or thousands of POSs 99). In general, sales activity data in embodiments includes two types: [0023] Thus, It would have been obvious to PHOSITA to combine Song’s card-based authentication with Warrick fraud detection system so that the “authenticated information” in Warrick is collected after as verified possession-based authentication event. Such combination predictably improves the reliability of Warrick’s machine learning model using the behavioral data for training and fraud detection by reducing false positives and improving accuracy. Both Warrick and Song operate in closely related fields of electronic payment and authentication, Warrick providing anomaly-based fraud detection, while Song improving user verification through possession authentication. Thus, combination of Warrick and song still teaches or render obvious all limitations of claim1, including the amended “usage information” features and the predetermined authentication from the user terminal. The argument presented do not overcome 103 rejection. Regarding claim 3, Applicant’s argue that Warrick does not teach the claimed “first card” and “second card” arguing that the cashier information in Warrick cannot correspond to the second card because it is not “usable in the predetermined service by the authenticated user”, and further asserts that the cashier is not an authenticated user. However, as explained in non-final rejection. Warren discloses a fraud detection system that applies machine learning models to both customer accounts and cashier data to identify fraudulent activity within a common retails transaction environment, See Warrick [0004,[0023,[0027]). Warrick discloses aggregating point of sale (POS) data corresponding to costumer accounts (i.e., first card) and aggregating POS data corresponding to cashier transactions (i.e., second card), and training machine learning models on both datasets. Each dataset is separately processed and analyzed for risk targets with separate features calculated for customer and cashier aggregates. These teachings correspond to the claimed “first card” and “second card”, each of which is predetermined card usable in the same predetermined service (i.e., the POS transaction system). The “authenticated user” recited in the claim is properly interpreted as the system user (i.e., participant) performing an action within the predetermined service such as retail transaction whether in the capacity of a customer or a cashier. Also, Warrick’s POS feature set teaches the same individual appearing as both a cashier (Cashier ID) and Customer/account holder (Customer/Loyalty ID/account card details), see par [0233,0258]. Warrick further defines features for “sales transactions by employees for themselves” and “use of employee discount by the cashier”, [0084] which necessarily require that cashier and customer are the same person in those transactions. Thus, Under BRI, Warrick teaches that two identifiers (i.e., first and second cards) associated with the same authenticated user and used within the same predetermined POS service and the system’s processing of both account types satisfies the claimed limitation that each card is usable in the predetermined service by the authenticated user. Regarding claim 7, Applicant argues that Warrick fails to teach acquiring information “before the predetermined authentication”, asserting that Warrick only processes data after login and therefore does not disclose creating “second training data” based on unauthenticated information. However, as previously explained in the non-final office action, Warrick expressly discloses that point of sale (POS) transaction data- comparing date, time, duration, store or register ID, transaction type, and other details is first received and processed prior to any credential verification or loyalty login, See Warrick [0167-0174, 0232-0243]. In particular, Warrick describes training one class SVMs and random forest models using risk targets identified from the unfiltered POS records, where the system applies the SVM to every POS record prior to verification at the terminal. Warrick therefore teaches acquiring and analyzing transaction information before a user has executed the predetermined authentication, corresponding to the claimed “unauthenticated information relating to an action of an unauthenticated user”. Further, Warrick explicitly identifies that such unauthenticated information includes “Transaction ID: Date, Time, and Duration, “Store and Register (i.e., location information), and Transaction Type: Sale Return”, [0232-0237], which correspond to the claimed “location information, date and time information, and usage information indicating the unauthenticated user’s action on the predetermined service”. Warrick also describes generating risk targets marked as “Fraud” or “Not Fraud”, [0167-0169], and training machine learning models based on those classification, Thus meeting the limitation of “creating second training data….based on the second training data”. Moreover, Song teaches possession authentication thereby reinforcing the obviousness of applying Warrick’s fraud detection techniques within authentication framework in which data collected prior to credential verification constitutes unauthenticated information. Therefore, it would have been obvious to PHOSITA to interpret Warrick’s pre verification transaction processing in view of song satisfies the claimed steps. Regarding claim 4, Applicant argues that Warrick fails to disclose comparing “first name information relating to a name of the first card” with “second name information relating to the second card” and argues that Warrick merely discusses transactional fraud detection rather than comparing names and matching names of the two users but are moot because the claim amendment introduces new claim limitations that have not previously been considered. Therefore, the new 103 ground of rejection relies on new references in combination as presented below. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 3, 5-15 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Warrick (US 20210142126 A1) in view of Song (US 20160155123 A1). Regarding Claim 1, Warrick teaches A learning model creating system, comprising at least one processor (Warrick, FIG. 2, a computer server/system 10 System 10 includes a bus 12 or other communication mechanism for communicating information, and a processor 22 coupled to bus 12 for processing information, [0015-0016]) configured to: acquire authenticated information relating to an action of an authenticated user on a predetermined service that occurs after the authenticated user has executed a predetermined authentication from a user terminal from which the predetermined service is usable (Warrick, use AI to detect fraud in sales activity data (i.e., authenticated information action of authenticate user) that can be obtained from one or more POSs 99 (i.e., a user terminal of a predetermined service) (e.g., in a large chain, sales data can be obtained from hundreds or thousands of POSs 99). In general, sales activity data in embodiments includes two types: [0023] Aggregate customer-account data. It is frequently possible to identify sets of sales transactions as being from the same customer (i.e., the authenticated user), such as through the use of a customer loyalty account (i.e., the predetermined authentication), and aggregating this data per customer provides a summary snapshot of the customer account at given point in time, [0024]) [Examiner interprets that acquiring the sales activity data (i.e., authenticated information) that can be obtained from one or more POSs 99 (i.e., a user terminal of a predetermined service) and identifying that sales transactions as being from the same customer (i.e., the authenticated user), such as through the use of a customer loyalty account (i.e., the predetermined authentication) as acquire authenticated information relating to an action of an authenticated user on a predetermined service that occurs after the authenticated user has executed a predetermined authentication from a user terminal from which the predetermined service is usable]; and wherein the authenticated information comprises a location information, a date and time information, and a usage information indicating the authenticated user's action on the predetermined service (Warrick, a system for detecting fraud using artificial intelligence . input data 102 can include several elements or rows of data, and the data can be processed by processing module 104. For example, processing module 104 can generate metadata profiles based on input data 102, [0013] POS data received from POSs 99 is received as standard POSLog formatted XML data in real time or overnight in batched files, [0232] Transaction Header details: [0233] Transaction ID: Date, Time and Duration (i.e., a date and time information), Store, Register (i.e., a location information), Transaction number. [0234] Cashier ID: Unique identifier for the CASHIER risk target. [0235] Transaction Type: Sale, Return. [0236] Transaction Status: Complete, Cancelled, Training. [0237] Employee ID: flagged for own employee transactions. [0238] Customer/Loyalty ID: where customer details are recorded. [0239] Transaction value summary: Totals, Discounts, Overrides, Voids, Cash. [0240] Transaction Currency. [0241] Flags: Indicators for various events flagged up in the ETL. [0242] Authorization and Reason Codes entered, [0043] (i.e., a usage information indicating the authenticated user's action on the predetermined service)]) [Examiner interprets that sales transactions using POS terminal including date, time duration, store ID, and other transaction details as wherein the authenticated information comprises a location information, a date and time information, and a usage information indicating the authenticated user's action on the predetermined service]. wherein the usage information indicates a type of service used, a content of the use of the service, and an operation of the user (Warrick, Features related to refunds and exchanges in general (whether cash or otherwise): 1. A=refunds and exchange transactions with money going out, B=all transactions. 2. Amount of exchanges with money in divided by total sales. 3. Amount of exchanges with money in divided by total such transactions. 4. Amount of exchanges with money out divided by total sales. 5. Amount of exchanges with money out divided by total such transactions. Features related to high-risk refunds: These are high risk in that they are frequently tied with fraudulent behavior. 1. Amount of same-day refunds divided by total amount. 2. Amount of same-day refunds divided by total such transactions. 3. Count of same-day refund transactions divided by all transactions with money-out refunds/exchanges. Features related to non-merchandise sales…Features related to cancellation of transactions or lines of a transaction: “Voiding” means cancelling a transaction or particular lines in a transaction, and can be a way to hide suspicious activity. These features track voiding A=lines voided, B=all lines. A=transactions voided, B=all transaction. A=post-voided transactions, B=all transactions, [0108-0123] Post voiding refers to removing transactions that have already occurred POS data received from POSs 99 is received as standard POSLog formatted XML data in real time or overnight in batched files. The ETL procedures analyze the point-of-sale data and store transaction details and other summarized or derived elements, Transaction Header details: Transaction ID: Date, Time and Duration, Store, Register, Transaction number. Cashier ID: Unique identifier for the CASHIER risk target. Transaction Type: Sale, Return. Transaction Status: Complete, Cancelled, Training…Transaction value summary: Totals, Discounts, Overrides, Voids, Cash. Transaction Currency. Items Sold or Returned: Transaction Type: Sale, Return, Exchange, Payment, Post Voided. Transaction Status: Complete, Cancelled, Post Voided, Incomplete, Suspended…Discounts: Transaction Type: Sale, Return, Exchange, Post Voided. Transaction Status: Complete, Cancelled, Post Voided, Incomplete, Suspended. Tenders: Transaction Type: Sale, Return, Exchange, Post Voided, Petty Cash, etc. Tender Type: Cash, Check, Credit/Debit Card, Gift Card, etc. Account Card details: Card Number, Masked PAN, Card Hash value. Transaction Status: Complete, Cancelled, Post Voided, Incomplete, Suspended. …, [0232-0266]) [Examiner interprets that Transaction type such as sale, return, exchange, payment etc., Tender type such as cash, credit card, debit card, gift card, and non-merchandise service transactions (i.e., type of service used), line-item details such as product identifiers, price, discount, override and tax values, (i.e., content of the use of service), applying discounts, performing refunds or exchanges, performing voids, and adjusting prices (i.e., user operations) as the usage information indicates a type of service used, a content of the use of the service, and an operation of the user]; create a learning model for detecting fraud in the predetermined service such that when the authenticated information is input into the learning model, the action of the authenticated user is estimated to be valid, wherein the learning model is a supervised learning model or an unsupervised learning model (Warrick, prediction module 106 can be a machine learning module (e.g., neural network, SVM, random forests, etc.) that is trained by training data 108. For example, training data 108 can include labeled data, such as metadata profiles generated by processing labeled and/or structured data, the output from processing module 104, such as the processed input data (e.g., metadata profiles), can be fed as input to prediction module 106. Prediction model 106 can generate output data 110, such as fraud detection in response to input data 102. In some embodiments, output 110 can be one or more fraud activity categories that can be used to organize and/or store input data 102 in a structured manner[0014] use AI to detect fraud in sales activity data (i.e., authenticated information action of authenticate user) that can be obtained from one or more POSs 99 (i.e., a user terminal of a predetermined service) (e.g., in a large chain, sales data can be obtained from hundreds or thousands of POSs 99). In general, sales activity data in embodiments includes two types: [0023] Aggregate customer-account data. It is frequently possible to identify sets of sales transactions as being from the same customer (i.e., the authenticated user), such as through the use of a customer loyalty account (i.e., the predetermined authentication), and aggregating this data per customer provides a summary snapshot of the customer account at given point in time, [0024] 1-class Support Vector Machine (“SVM”) which is an unsupervised machine learning technique/model. “supervised” learning algorithms, such as random forests, require users to indicate which risk targets were truly fraudulent, from which the learning algorithm can then learn what constitutes a suspicious risk target. Both unsupervised and supervised techniques are commonly used when applying machine learning, [0029]) [ Examiner interprets that machine learning module taking input data (i.e., the sales transactions i.e., the action of the authenticated user is estimated to be valid) to detect fraud in sales activity data (i.e., authenticated information action of authenticate user) as creating a learning model for detecting fraud in the predetermined service such that when the authenticated information is input into the learning model, the action of the authenticated user is estimated to be valid, wherein the learning model is a supervised learning model or an unsupervised learning model]. Although Warrick teaches predetermined authentication, [0024], Warrick does not explicitly teach: the authentication is possession authentication for confirming whether a user physically possesses a predetermined card through use of the user terminal using near field communication, and wherein the authenticated user is the user who has executed the possession authentication from the user terminal However, Song teaches: the authentication is possession authentication for confirming whether a user physically possesses a predetermined card through use of the user terminal using near field communication, and wherein the authenticated user is the user who has executed the possession authentication from the user terminal (Song, The first card information acquiring unit 120 may acquire a unique identifier (UID) and first card information from the financial card 200 through contact with or proximity to the financial card 200 or wireless communication with the financial card 200. The UID is identification information for distinguishing the financial card 200 from other financial cards and the first card information may include a card number and a valid period of the financial card 200, [0046] the user terminal 100 and the financial card 200 may support a near field communication (NFC) function and the user terminal 100 may acquire the card information from the financial card 200 when the financial card 200 is in contact with the user terminal 100, [0047] The second card information may include a password or CVC of the financial card 200, [0079] The second personal information may indicate personal information about a user possessing a card identified by the first card information, the second card information, and the UID (i.e., the authenticated user), [0082]) [Examiner interprets that acquiring the first card information which can be UID such as card number valid period from user terminal that supports a near field communication (NFC) function and acquiring second card information which includes CVC or password to verify user possessing a card identified by the first card information as the authentication is possession authentication for confirming whether a user physically possesses a predetermined card through use of the user terminal using near field communication, and wherein the authenticated user is the user who has executed the possession authentication from the user terminal]. Therefore, it would have been obvious to PHOSITA before the effective filing date to modify the teaching of Warrick to include a concept of the authentication is possession authentication for confirming whether a user physically possesses a predetermined card through use of the user terminal using near field communication, and wherein the authenticated user is the user who has executed the possession authentication from the user terminal as taught by Song for the purpose of acquiring the card information from the financial card 200 when the financial card 200 is in contact with the user terminal 100 that supports a near field communication (NFC) function [Song:0047] and indicating personal information about a user possessing a card identified by the first card information, the second card information, and the UID [Song:0082]. Regarding claim 3, Warrick and Song teaches the learning model creating system according to 1, wherein each of a first card and a second card, each of which is the predetermined card, is usable in the predetermined service by the authenticated user, wherein the at least one processor is configured to: acquire the authenticated information corresponding to the first card, and create the learning model based on the authenticated information corresponding to the first card (Warrick, detect fraud of risk targets that include both customers (i.e., the first card) and cashiers (i.e., the second card), create a first aggregation of the POS data corresponding to the customer accounts (i.e., the authenticated information corresponding to the first card) and a second aggregation of the POS data corresponding to the cashiers, then calculate first features corresponding to the customer accounts and second features corresponding to the cashiers, filter the risk targets based on rules and separate the filtered risk targets into a plurality of data ranges. For each combination of store groupings and data ranges, train an unsupervised machine learning model, [0004] apply suspicious-activity detection separately to the customer-account aggregates and to the cashier aggregates. Therefore, embodiments include two parallel machine-learning systems, one for handling customer accounts and another for handling cashiers. In the present disclosure, the term “risk target” applies to either or both of the customer accounts and the cashiers, [0027] Features to detect employee self-dealing and collusion: 1. Use of employee discount by the cashier. a. A=units sold with employee discount, B=all units sold. 2. Sales transactions by employees for themselves (own transactions). a. A=sales transactions by the cashier for himself, B=all sales transactions of the cashier. 3. Transactions involving refunds or exchanges with money-out by employees for themselves. a. A=all such transactions, B=all transactions, [0084-0090] POS data received from POSs 99 is received as standard POSLog formatted XML data in real time or overnight in batched files….Employee ID: flagged for own employee transactions. Customer/Loyalty ID: where customer details are recorded. Transaction value summary: Totals, Discounts, Overrides, Voids, Cash. Transaction Currency. [0232-0242]) [Examiner interprets that aggregating point of sale (POS) data corresponding to costumer accounts (i.e., first card) and aggregating POS data corresponding to cashier transactions (i.e., second card), and training machine learning models on both datasets and POS feature set containing the same individual appearing as both a cashier (Cashier ID) and Customer/account holder (Customer/Loyalty ID/account card details), defining features for “sales transactions by employees for themselves” and “use of employee discount by the cashier”, which necessarily require that cashier and customer are the same person in those transactions for training as limitation above]. Regarding claim 5, Warrick and Song further teaches the learning model creating system according to 3 wherein the second card is a card other than a card which supports the possession authentication, and wherein the authenticated information corresponding to the second card is information relating to the action of the authenticated user who has used the second card on which the possession authentication has not been executed (Warrick, Features related to payments by cards: “Cards” here typically includes credit cards, debit cards, and “house cards,” that is, charge cards issued by the retailer itself. Generate features according to the template above: [0075] 1. A=card transactions, B=any transactions. [0076] 2. A=manually-keyed card transactions, B=card transactions. [0077] 3. A=manual authorization card transactions, B=card transactions, [0078] Tender Type: Cash, Check, Credit/Debit Card, Gift Card, etc. [0262] Account Card details: Card Number, Masked PAN, Card Hash value. [0263]. Point of sale account card tenders are analyzed over the last 90 days and values are aggregated to provide the metrics required by the 1-class SVM model. A single record for each unique account card is then prepared for the model data feed. In addition to aggregated values, the data source also contains details of patterns of card usage by store and by date, [0268]) [ Examiner interprets that POS logging “Debit/Credit card” transactions even when no card reader error occurs (i.e., manually keyed PAN) and using those usage records as model feed to create the AI model as the second card is a card other than a card which supports the possession authentication, and wherein the authenticated information corresponding to the second card is information relating to the action of the authenticated user who has used the second card on which the possession authentication has not been executed]. Regarding claim 6, Warrick and Song further teaches the learning model creating system according to wherein the learning model is the supervised learning model, and wherein the at least one processor is configured to create the learning model by creating first training data indicating that the action of the authenticated user is valid based on the authenticated information, and training the learning model based on the first training data (Warrick, embodiments are directed to employing a supervised approach like random forests when an extensive labeled training set might not be available, [0159] An unbalanced training set can affect the training of the random forest (or any other supervised machine learning technique), and so to counter the effects of that, especially of the case where the training set contains only fraudulent risk targets, risk targets that are considered non-anomalous by the SVM are added to the training set. Therefore, the training set includes of the following: [0167] 1. Risk targets marked as Fraud. [0168] 2. Risk targets marked as Not Fraud (i.e., first training data indicating that the action of the authenticated user is valid based on the authenticated information) . [0169] 3. Non-anomalous risk targets, defined as ones with an SVM anomaly score of 50 or below (recall the anomaly score from the SVM goes from 0 to 100). For these risk targets, set the Fraud/Not Fraud feature to Not Fraud, [0166]) [Examiner interprets that building random forest data set by labeling “Not fraud” for risk targets deemed normal and training the random forest model (i.e., the supervised learning model) based on Not fraud training data (i.e., first training data) as the learning model is the supervised learning model, and wherein the at least one processor is configured to create the learning model by creating first training data indicating that the action of the authenticated user is valid based on the authenticated information, and training the learning model based on the first training data]. Regarding claim 7, Warrick and Song further teaches the learning model creating system according to claim 6, wherein the at least one processor is configured to: acquire unauthenticated information relating to an action of an unauthenticated user on a predetermined service that occurs before the unauthenticated user executes who is yet to execute the predetermined authentication, and wherein the unauthenticated information comprises a location information, a date and time information, and a usage information indicating the unauthenticated user's action on the predetermined service; create second training data indicating that the action of the unauthenticated user is fraudulent based on the unauthenticated information, and to train the learning model based on the second training data (Warrick, embodiments are directed to employing a supervised approach like random forests when an extensive labeled training set might not be available, [0159] An unbalanced training set can affect the training of the random forest (or any other supervised machine learning technique), and so to counter the effects of that, especially of the case where the training set contains only fraudulent risk targets, risk targets that are considered non-anomalous by the SVM are added to the training set. Therefore, the training set includes of the following: [0167] 1. Risk targets marked as Fraud (i.e., second training data indicating that the action of the unauthenticated user is fraudulent based on the unauthenticated information). [0168] 2. Risk targets marked as Not Fraud . [0169] 3. Non-anomalous risk targets, defined as ones with an SVM anomaly score of 50 or below (recall the anomaly score from the SVM goes from 0 to 100). For these risk targets, set the Fraud/Not Fraud feature to Not Fraud, [0166] At 302, point-of-sale data from multiple POSs 99 for a retailer is received, [0174] At 306, the 1-class SVMs are trained. The training includes filtering the risk targets using the filtering rules disclosed below. The training further includes separating the risk targets by data range, as disclosed above. For each combination of data range/store grouping, a 1-class SVM is trained at 306. Other types of unsupervised machine learning models besides 1-class SVMs may be used in other embodiments, such as clustering (i.e., the non-fraudulent behavior would form large clusters, and the fraudulent behavior could be detected because it would be in small clusters that were distant from the large clusters)., [0175] At 308, the trained 1-class SVMs are applied after the training at 306. The applying includes separating all the risk targets by data range. The risk targets are not filtered with the rules. The applying further includes collecting together the anomaly scores and feature weights for display in a UI, [0176] At 310, the random forests are trained. The training includes collect together the data disclosed above to produce the training data for the random forests, [0177] POS data received from POSs 99 is received as standard POSLog formatted XML data in real time or overnight in batched files, [0232] Transaction Header details: [0233] Transaction ID: Date, Time and Duration (i.e., a date and time information), Store, Register (i.e., a location information), Transaction number. [0234] Cashier ID: Unique identifier for the CASHIER risk target. [0235] Transaction Type: Sale, Return. [0236] Transaction Status: Complete, Cancelled, Training. [0237] Employee ID: flagged for own employee transactions. [0238] Customer/Loyalty ID: where customer details are recorded. [0239] Transaction value summary: Totals, Discounts, Overrides, Voids, Cash. [0240] Transaction Currency. [0241] Flags: Indicators for various events flagged up in the ETL. [0242] Authorization and Reason Codes entered, (i.e., a usage information indicating the authenticated user's action on the predetermined service [0243]) [Examiner interprets that system applying SVM to every POS record including date, time duration, store ID, and other transaction details (i.e., the risk target) prior to having verified their credential at the terminal such as the initial rule of filtering (i.e., unauthenticated information) and creating the set the Fraud risk target (i.e., the second training data) to train the random forest (i.e., the machine learning model) based on Fraud risk target as acquire unauthenticated information relating to an action of an unauthenticated user on a predetermined service that occurs before the unauthenticated user executes who is yet to execute the predetermined authentication, and wherein the unauthenticated information comprises a location information, a date and time information, and a usage information indicating the unauthenticated user's action on the predetermined service; create second training data indicating that the action of the unauthenticated user is fraudulent based on the unauthenticated information, and to train the learning model based on the second training data]. Regarding claim 8, Warrick and Song further teaches the learning model creating system according to claim 7, wherein the at least one processor is configured to acquire an output from the trained learning model based on the unauthenticated information, and to create the second training data based on the output (Warrick, embodiments are directed to employing a supervised approach like random forests when an extensive labeled training set might not be available, [0159] An unbalanced training set can affect the training of the random forest (or any other supervised machine learning technique), and so to counter the effects of that, especially of the case where the training set contains only fraudulent risk targets, risk targets that are considered non-anomalous by the SVM are added to the training set. Therefore, the training set includes of the following: [0167] 1. Risk targets marked as Fraud (i.e., second training data indicating that the action of the unauthenticated user is fraudulent based on the unauthenticated information). [0168] 2. Risk targets marked as Not Fraud . [0169] 3. Non-anomalous risk targets, defined as ones with an SVM anomaly score of 50 or below (recall the anomaly score from the SVM goes from 0 to 100). For these risk targets, set the Fraud/Not Fraud feature to Not Fraud, [0166] At 302, point-of-sale data from multiple POSs 99 for a retailer is received, [0174] At 306, the 1-class SVMs are trained. The training includes filtering the risk targets using the filtering rules disclosed below. The training further includes separating the risk targets by data range, as disclosed above. For each combination of data range/store grouping, a 1-class SVM is trained at 306. Other types of unsupervised machine learning models besides 1-class SVMs may be used in other embodiments, such as clustering (i.e., the non-fraudulent behavior would form large clusters, and the fraudulent behavior could be detected because it would be in small clusters that were distant from the large clusters)., [0175] At 308, the trained 1-class SVMs are applied after the training at 306. The applying includes separating all the risk targets by data range. The risk targets are not filtered with the rules. The applying further includes collecting together the anomaly scores and feature weights for display in a UI, [0176] At 310, the random forests are trained. The training includes collect together the data disclosed above to produce the training data for the random forests, [0177] 1-class SVMs return a score between 0 and 1 to indicate the degree of anomaly of the risk target, with scores closer to 1 indicating higher anomaly. For example, in the Oracle Advanced Analytics software that is part of the Oracle database, the 1-class SVM produces a “prediction_probability” score, [0149] Flag the “most anomalous” accounts, where “most anomalous” means the anomaly score described above is at least 80. The 80 should be a configuration point, with 80 as the default, [0152]) [ Examiner interprets that system applying SVM to every POS record including date, time duration, store ID, and other transaction details (i.e., the risk target) prior to having verified their credential at the terminal such as the initial rule of filtering (i.e., unauthenticated information) and outputting the risk target that has anomaly scores above or at least 80 as fraud risk target and creating the set the Fraud risk target (i.e., the second training data) to train the random forest (i.e., the machine learning model) based on Fraud risk target as acquire an output from the trained learning model based on the unauthenticated information, and to create the second training data based on the output]. Regarding claim 9, Warrick and Song further teaches the learning model creating system according to claim 8, wherein the at least one processor is configured to change a content of the output based on the unauthenticated information obtained after the output corresponding to the unauthenticated information is acquired, and to create the second training data based on the changed content of the output (Warrick, embodiments are directed to employing a supervised approach like random forests when an extensive labeled training set might not be available, [0159] An unbalanced training set can affect the training of the random forest (or any other supervised machine learning technique), and so to counter the effects of that, especially of the case where the training set contains only fraudulent risk targets, risk targets that are considered non-anomalous by the SVM are added to the training set. Therefore, the training set includes of the following: [0167] 1. Risk targets marked as Fraud (i.e., second training data indicating that the action of the unauthenticated user is fraudulent based on the unauthenticated information). [0168] 2. Risk targets marked as Not Fraud . [0169] 3. Non-anomalous risk targets, defined as ones with an SVM anomaly score of 50 or below (recall the anomaly score from the SVM goes from 0 to 100). For these risk targets, set the Fraud/Not Fraud feature to Not Fraud, [0166] At 302, point-of-sale data from multiple POSs 99 for a retailer is received, [0174] At 306, the 1-class SVMs are trained. The training includes filtering the risk targets using the filtering rules disclosed below. The training further includes separating the risk targets by data range, as disclosed above. For each combination of data range/store grouping, a 1-class SVM is trained at 306. Other types of unsupervised machine learning models besides 1-class SVMs may be used in other embodiments, such as clustering (i.e., the non-fraudulent behavior would form large clusters, and the fraudulent behavior could be detected because it would be in small clusters that were distant from the large clusters)., [0175] At 308, the trained 1-class SVMs are applied after the training at 306. The applying includes separating all the risk targets by data range. The risk targets are not filtered with the rules. The applying further includes collecting together the anomaly scores and feature weights for display in a UI, [0176] At 310, the random forests are trained. The training includes collect together the data disclosed above to produce the training data for the random forests, [0177] 1-class SVMs return a score between 0 and 1 to indicate the degree of anomaly of the risk target, with scores closer to 1 indicating higher anomaly. For example, in the Oracle Advanced Analytics software that is part of the Oracle database, the 1-class SVM produces a “prediction_probability” score, [0149] Flag the “most anomalous” accounts, where “most anomalous” means the anomaly score described above is at least 80. The 80 should be a configuration point, with 80 as the default, [0152]) [ Examiner interprets that system applying SVM to every POS record including date, time duration, store ID, and other transaction details (i.e., the risk target) prior to having verified their credential at the terminal such as the initial rule of filtering (i.e., unauthenticated information) and outputting the risk target that has anomaly scores above or at least 80 converting them as fraud risk target label and creating the set the Fraud risk target (i.e., the second training data) to train the random forest (i.e., the machine learning model) based on Fraud risk target label as change a content of the output based on the unauthenticated information obtained after the output corresponding to the unauthenticated information is acquired, and to create the second training data based on the changed content of the output]. Regarding claim 10, Warrick and Song further teaches the learning model creating system according to claim 9, wherein the learning model is configured to output a score relating to fraud in the predetermined service, wherein an upper limit value is set to the score corresponding to the unauthenticated information such that the score corresponding to the unauthenticated information indicates fraud if more than the score corresponding to the authenticated information, and wherein the learning model is configured to output the score corresponding to the unauthenticated information based on the upper limit value (Warrick, 1-class SVMs return a score between 0 and 1 to indicate the degree of anomaly of the risk target, with scores closer to 1 indicating higher anomaly. For example, in the Oracle Advanced Analytics software that is part of the Oracle database, the 1-class SVM produces a “prediction_probability” score, [0149] Flag the “most anomalous” accounts, where “most anomalous” means the anomaly score described above is at least 80. The 80 should be a configuration point, with 80 as the default, [0152] embodiments are directed to employing a supervised approach like random forests when an extensive labeled training set might not be available, [0159] An unbalanced training set can affect the training of the random forest (or any other supervised machine learning technique), and so to counter the effects of that, especially of the case where the training set contains only fraudulent risk targets, risk targets that are considered non-anomalous by the SVM are added to the training set. Therefore, the training set includes of the following: [0167] 1. Risk targets marked as Fraud (i.e., second training data indicating that the action of the unauthenticated user is fraudulent based on the unauthenticated information). [0168] 2. Risk targets marked as Not Fraud . [0169] 3. Non-anomalous risk targets, defined as ones with an SVM anomaly score of 50 or below (recall the anomaly score from the SVM goes from 0 to 100). For these risk targets, set the Fraud/Not Fraud feature to Not Fraud, [0166] At 302, point-of-sale data from multiple POSs 99 for a retailer is received, [0174] At 306, the 1-class SVMs are trained. The training includes filtering the risk targets using the filtering rules disclosed below. The training further includes separating the risk targets by data range, as disclosed above. For each combination of data range/store grouping, a 1-class SVM is trained at 306. Other types of unsupervised machine learning models besides 1-class SVMs may be used in other embodiments, such as clustering (i.e., the non-fraudulent behavior would form large clusters, and the fraudulent behavior could be detected because it would be in small clusters that were distant from the large clusters)., [0175] At 308, the trained 1-class SVMs are applied after the training at 306. The applying includes separating all the risk targets by data range. The risk targets are not filtered with the rules. The applying further includes collecting together the anomaly scores and feature weights for display in a UI, [0176] At 310, the random forests are trained. The training includes collect together the data disclosed above to produce the training data for the random forests, [0177]) [ Examiner interprets that system applying SVM to every POS record (i.e., the risk target) prior to having verified their credential at the terminal such as the initial rule of filtering (i.e., unauthenticated information) and outputting the risk target that has anomaly scores above or at least 80 indicating them as fraud risk target label and creating the set the Fraud risk target (i.e., the second training data) to train the random forest (i.e., the machine learning model) based on Fraud risk target label as output a score relating to fraud in the predetermined service, wherein an upper limit value is set to the score corresponding to the unauthenticated information such that the score corresponding to the unauthenticated information indicates fraud if more than the score corresponding to the authenticated information, and wherein the learning model is configured to output the score corresponding to the unauthenticated information based on the upper limit value]. Regarding claim 11, Warrick and Song further teaches the learning model creating system according to claim 6, wherein the at least one processor is configured to: acquire confirmed information relating to an action of a confirmed user for which the action has been confirmed as being fraudulent or not fraudulent, and create the learning model based on the authenticated information and the confirmed information (Warrick, POS data received from POSs 99 is received as standard POSLog formatted XML data in real time or overnight in batched files, [0232] Transaction Header details: [0233] Transaction ID: Date, Time and Duration (i.e., a date and time information), Store, Register (i.e., a location information), Transaction number. [0234] Cashier ID: Unique identifier for the CASHIER risk target. [0235] Transaction Type: Sale, Return. [0236] Transaction Status: Complete, Cancelled, Training. [0237] Employee ID: flagged for own employee transactions. [0238] Customer/Loyalty ID: where customer details are recorded. [0239] Transaction value summary: Totals, Discounts, Overrides, Voids, Cash. [0240] Transaction Currency. [0241] Flags: Indicators for various events flagged up in the ETL. [0242] Authorization and Reason Codes entered, (i.e., a usage information indicating the authenticated user's action on the predetermined service [0243] (i.e., authenticated information). Each risk target includes a number of features. For random forest embodiments, these same features are used, but three additional features are added to each target: [0160] . The fraud/not fraud feature, [0161] An unbalanced training set can affect the training of the random forest (or any other supervised machine learning technique), and so to counter the effects of that, especially of the case where the training set contains only fraudulent risk targets, risk targets that are considered non-anomalous by the SVM are added to the training set. Therefore, the training set includes of the following: [0167] 1. Risk targets marked as Fraud. [0168] 2. Risk targets marked as Not Fraud. [0169] 3. Non-anomalous risk targets, defined as ones with an SVM anomaly score of 50 or below (recall the anomaly score from the SVM goes from 0 to 100). For these risk targets, set the Fraud/Not Fraud feature to Not Fraud, [0166] ] At 306, the 1-class SVMs are trained. The training includes filtering the risk targets using the filtering rules disclosed below. The training further includes separating the risk targets by data range, as disclosed above. For each combination of data range/store grouping, a 1-class SVM is trained at 306. Other types of unsupervised machine learning models besides
Read full office action

Prosecution Timeline

Sep 06, 2022
Application Filed
Jul 26, 2024
Non-Final Rejection — §103
Oct 07, 2024
Interview Requested
Oct 16, 2024
Applicant Interview (Telephonic)
Oct 16, 2024
Examiner Interview Summary
Oct 29, 2024
Response Filed
Dec 18, 2024
Final Rejection — §103
Feb 21, 2025
Interview Requested
Mar 04, 2025
Applicant Interview (Telephonic)
Mar 07, 2025
Examiner Interview Summary
Mar 18, 2025
Request for Continued Examination
Mar 25, 2025
Response after Non-Final Action
Apr 17, 2025
Non-Final Rejection — §103
Jul 28, 2025
Interview Requested
Aug 06, 2025
Applicant Interview (Telephonic)
Aug 06, 2025
Examiner Interview Summary
Aug 25, 2025
Response Filed
Nov 14, 2025
Final Rejection — §103
Jan 26, 2026
Interview Requested
Feb 17, 2026
Applicant Interview (Telephonic)
Feb 17, 2026
Examiner Interview Summary
Mar 16, 2026
Request for Continued Examination
Apr 02, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology. Study what changed to get past this examiner.

Patent 12591663
INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND INFORMATION PROCESSING COMPUTER PROGRAM PRODUCT
2y 5m to grant Granted Mar 31, 2026
Patent 12470379
LINK ENCRYPTION AND KEY DIVERSIFICATION ON A HARDWARE SECURITY MODULE
2y 5m to grant Granted Nov 11, 2025
Patent 12452254
SECURE SIGNED FILE UPLOAD
2y 5m to grant Granted Oct 21, 2025
Patent 12341788
NETWORK SECURITY SYSTEMS FOR IDENTIFYING ATTEMPTS TO SUBVERT SECURITY WALLS
2y 5m to grant Granted Jun 24, 2025
Patent 12292969
Provenance Inference for Advanced CMS-Targeting Attacks
2y 5m to grant Granted May 06, 2025

AI Strategy Recommendation

Click below to generate an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

5-6
Expected OA Rounds
41%
Grant Probability
99%
With Interview (+77.8%)
2y 10m
Median Time to Grant
High
PTA Risk
Based on 17 resolved cases by this examiner