SYSTEMS, METHODS, AND APPARATUSES FOR THREAT INDEXING AND IMPLEMENTING AI TO DETECT MALFEASANT USER ACTIVITY IN AN ELECTRONIC ENVIRONMENT

§101 §103

DETAILED ACTION This action is in response to the Request for Continued Examination (RCE) filed on 11/19/2025. Claim 2,4,12,17 has been cancelled. Claims 1,3,5-11, 13-16, 18-23 are pending. Claims 1,3,5-11, 13-16, 18-23 are directed to SYSTEMS, METHODS, AND APPARATUSES FOR THREAT INDEXING AND IMPLEMENTING AI TO DETECT MALFEASANT USER ACTIVITY IN AN ELECTRONIC ENVIRONMENT Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Response to arguments Claim rejections under 35 U.S.C 112(b): Applicants’ amendments regarding rejection of claims 1, 3, 5-11, 13-16 and 18-23 under 35 U.S.C 112 (b) have been considered and are persuasive. Hence the rejection under 35 U.S.C 112(b) is being withdrawn. Claim rejection under 35 U.S.C. 103: Applicant’s arguments with respect to claim(s) 1, 3, 5, 7-11, 13, 16, 18 and 6, 14-15,19-20 and 21-23 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefore, subject to the conditions and requirements of this title. Claims 11 and 16 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. Independent claim Step 1: Claims 1, 11 and 16 are drawn to a method, therefore falls under one of four categories of statutory subject matter (process/method, machines/products/apparatus manufactures, and compositions of matter). Step 2A, Prong 1: Nonetheless, claims 1, 11 and 16 are directed to a judicially recognized exception of an abstract idea without significantly more. Claim 1,11 and 16 recites a method of "identify a resource transmission request associated with a user account”, “collect resource account data of the user account”, “collect resource transmission request data associated with the resource transmission request”, “identify at least one user account attribute associated with the user account, wherein the user account attribute is a high resource attribute", enumerates a mental concept. This is merely collecting, comparing and analyzing user account data to label a request as “malfeasant”. As such, these steps are nothing more than an abstract mental concept of evaluating information and making a fraud judgement that could be performed by human analysis (MPEP 2106.04(a)(2)(III)). Step 2A, Prong 2: Claims 1, 11 and 16 recites additional step of "generate, by the malfeasant identification Al engine, a malfeasant attribute of the resource transmission request, wherein the malfeasant attribute comprises at least one of a positive malfeasant attribute or a negative malfeasant attribute” that fails to integrate the abstract idea into a practical application. This is simply labelling the request as positive or negative fraud and is just outputting the result of an abstract analysis. This additional step of determination of positive of negative malfeasant attribute, is a form of insignificant extra solution activity where reporting a determination is necessary for all uses of the judicial exception. The additional steps fails to integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea (MPEP 2106.05(g)) (MPEP 2106.05(g)). Step 2B: The additional step that is a form of insignificant extra-solution activity, does not amount to significantly more than an abstract idea because the courts have recognized that this additional step to be well-understood, routine, and conventional when claimed in a merely generic manner for a method for evaluating information (See MPEP 2106.05(d)(II)(i)). As such claims 1, 11 and 16 is not patent eligible. Dependent claims Dependent claims 3,5-10,13-15 and 18-23 are ineligible for the same reasons given with respect to claims 1, 11 and 16. Dependent claims: Step 1: Claims 3,5-10,13-15 and 18-23 are drawn to a method, therefore falls under one of four categories of statutory subject matter (process/method, machines/products/apparatus manufactures, and compositions of matter). Step 2A-2B: Claims 3,5-10,13-15 and 18-23 recites additional step of "collect at least one previous resource transmission request data, wherein the at least one previous resource transmission request data comprises the positive malfeasant attribute”, “apply the malfeasant identification Al engine to the at least one previous resource transmission request data” that fails to integrate the abstract idea into a practical application. This is collecting data and applying data to a model to simply label the data as positive or negative fraud and is just outputting the result of an abstract analysis. This additional step of determination of positive of negative malfeasant attribute, is a form of insignificant extra solution activity where reporting a determination is necessary for all uses of the judicial exception. The additional steps fails to integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea (MPEP 2106.05(g)) (MPEP 2106.05(g)). The additional step that is a form of insignificant extra-solution activity, does not amount to significantly more than an abstract idea because the courts have recognized that this additional step to be well-understood, routine, and conventional when claimed in a merely generic manner for a method for evaluating information (See MPEP 2106.05(d)(II)(i)). As such claims 3,5-10,13-15 and 18-23 are not patent eligible. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 3, 5-11, 13-16 and 18-23 are rejected under 35 U.S.C. 103 as being unpatentable over Danielpour et al. (US 20220358505 A1), hereinafter referred to as Danielpour, in view of Malhotra et al. (US 20170364918 A1), hereinafter referred to as Malhotra. As per claim 1, Danielpour discloses a system for threat indexing and implementing artificial intelligence (AI) to detect malfeasant user activity, the system comprising: [[a]] at least one memory device with computer-readable program code stored thereon; (Memory 850, Danielpour, para [0065]) at least one processing device operatively coupled to the at least one memory device and [[the]] at least one communication device, wherein executing the computer-readable code is configured to cause the at least one processing device to perform the following operations: (Device containing processor, Danielpour, para [0065]) identify a resource transmission request associated with a user account; (A user computer device configured to send a request for a fund transfer, wherein the request comprises an indication of a source account, an indication of a destination account, and an indication of a transfer value, Danielpour, claim 1. Here the request for a fund transfer is analogous to the resource transmission request and the source/destination account is a user account associated with the user using the computer device. The system configured to send a request for a fund transfer implies identifying the transfer request associated with an account). collect resource account data of the user account; (The monitoring platform may use a database of accounts known to be associated with malicious activity in combination with an ML engine for the detection, Danielpour, Abstract. Here, the resource account data is analogous to the account information stored in the database of accounts known to be associated with malicious activity). collect resource transmission request data associated with the resource transmission request; (The ML engine may be trained, using supervised machine learning, to identify fraudulent fund transfers based on various parameters associated with fund transfer requests, Danielpour, Abstract. Here, the resource transmission request data is analogous to the various parameters associated with the fund transfer request (e.g., transfer value, source, destination, timing) identify at least one user account attribute associated with the user account, wherein the user account attribute is a high resource attribute; (A mule account database with a listing of accounts, accounts known to be associated with malicious activity, Danielpour, para [0006]. Whether an account appears in the mule account database and associated metadata (e.g., prior malicious activity) is analogous to the user account attribute. A high resource attribute could be a risk-related or high-risk status such as accounts known to be associated with malicious activity i.e., an attribute indicating significant risk) identify at least one similar user account based on the at least one similar user account comprising the at least one user account attribute; (Based on the response notification indicating that the request is for a fraudulent fund transfer and at least one of the source accounts and the destination account not being listed in the mule account database, add the at least one of the source accounts and the destination account to the mule account database, Danielpour, para [0008]. “Other accounts in the mule account database sharing fraud-related attributes is analogous to the “similar user account. The system adds accounts that meet criteria into the database, effectively identifying accounts that are similar in having a fraud/ule attribute). collect similar user account data associated with the at least one similar user account; (The monitoring platform may use a database of accounts known to be associated with malicious activity in combination with an ML engine for the detection, Danielpour, Abstract. Use of the database by the ML engine implies collection of data about multiple mule accounts). However, Danielpour does not explicitly disclose the limitations: apply a malfeasant identification artificial intelligence (AI) engine to the similar user account data train the malfeasant identification Al engine on the similar user account data; train the malfeasant identification AI engine on the similar user account data; apply [[a]] the malfeasant identification Al engine to the resource account data and the resource transmission request data, generate, by the malfeasant identification Al engine, a malfeasant attribute of the resource transmission request, wherein the malfeasant attribute comprises at least one of a positive malfeasant attribute or a negative malfeasant attribute. Malhotra discloses: apply a malfeasant identification artificial intelligence (AI) engine to the similar user account data train the malfeasant identification Al engine on the similar user account data; (Machine learning algorithm to a corpus of payment card account transactions. The data analysis engine may utilize, for example, historical purchasing data of a consumer, Malhotra, Abstract and para [0070]. Here, malfeasant identification AI engine is analogous to the heuristic data processing module/ data analysis engine which uses machine learning to analyze transaction-realted data and similar user account data is analogous to stored data about other account holders and past transactions including historical purchasing data, fraudulent- transaction data and account holder profile data). train the malfeasant identification AI engine on the similar user account data; (Trained on the legitimate transactions, and, fraud management profile, Malhotra, para [0086] and [0105]. Here, neural networks are trained on legitimate account-holder transaction histories and machine-learning/ training builds a fraud management profile. The similar user account data is interpreted to be the other account holder transaction histories used to create learned profiles). apply [[a]] the malfeasant identification Al engine to the resource account data and the resource transmission request data, (Training to the transaction data and the fraud platform 602 may collect additional data, Malhotra, para [0021] and [0108]. Here, the resource transmission request data is analogous to transaction data and transaction details for the current EFT/ payment transaction. The resource account data is analogous to additional data representing a fraud profile for the customer/originator, plus location, mobile-device identifier and realted account associated information. The AI engine is similar to the fraud platforms generation of a recommended decision score based on both the transaction and the collected additional data). generate, by the malfeasant identification Al engine, a malfeasant attribute of the resource transmission request, wherein the malfeasant attribute comprises at least one of a positive malfeasant attribute or a negative malfeasant attribute (The payment switch/network 206 and provides a recommended decision score (with respect to authorizing the financial transaction), Malhotra, para [0071] and transaction is likely legitimate or fraudulent, Malhotra, para [0068]. The malfeasant attribute is analogous to the recommended decision score/ threat level score generated for the transaction. The positive malfeasant attribute is the output indicating the transaction is fraudulent, high-risk or should be declined and the negative malfeasant attribute is the output indicating the transaction is legitimate, low-risk or should proceed). A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Danielpour with Malhotra by using AI based detection of fraud transactions (Danielpour) and collection and fraud monitoring (Malhotra). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Danielpour with Malhotra to effectively detect suspicious user activity in a network (See Malhotra, Abstract) As per claim 3, Danielpour and Malhotra discloses the system of claim 1, wherein Furthermore, Danielpour discloses: the similar user account data is associated with a negative malfeasant attribute (A machine learning system to filter false positive fund transfers and he response notification indicating that the request for the fund transfer is for a fraudulent fund transfer and at least one of the source account and the destination account not being listed in the mule account database, add the at least one of the source account and the destination account to the mule account database, Danielpour, claim 1 and para [0008]. Accounts/transactions that were classified as non-fraudulent (false-positives filtered out), this associated with negative (non-malfeasant) labels in training data used by the ML engine are interpreted as the negative malfeasant attribute). As per claim 5, Danielpour and Malhotra discloses the system of claim 1, wherein the computer-readable code is configured to cause the at least one processing device to perform the following operations: train, based on the application of the malfeasant identification Al engine to the at least one previous resource transmission request data, the malfeasant identification Al engine (Machine learning (ML) engine trained using supervised machine learning based on transfer information and response notifications, Danielpour, claim 1. The ML engine uses labeled prior transactions (fraud/non-fraud) to adjust its parameters, which is equivalent to applying the engine to previous resource transmission request data and training based on those labeled examples). collect at least one previous resource transmission request data, wherein the at least one previous resource transmission request data comprises the positive malfeasant attribute; (The ML engine may be trained, using supervised machine learning, to identify fraudulent fund transfers based on various parameters associated with fund transfer requests, Danielpour, Abstract. Here, the resource transmission request data is analogous to the various parameters associated with the fund transfer request (e.g., transfer value, source, destination, timing). Furthermore, Malhotra discloses: apply the malfeasant identification Al engine to the at least one previous resource transmission request data; and (Training to the transaction data and the fraud platform 602 may collect additional data, Malhotra, para [0021] and [0108]. Here, the resource transmission request data is analogous to transaction data and transaction details for the current EFT/ payment transaction. The resource account data is analogous to additional data representing a fraud profile for the customer/originator, plus location, mobile-device identifier and realted account associated information. The AI engine is similar to the fraud platforms generation of a recommended decision score based on both the transaction and the collected additional data). A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Danielpour with Malhotra by using AI based detection of fraud transactions (Danielpour) and collection and fraud monitoring (Malhotra). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Danielpour with Malhotra to effectively detect suspicious user activity in a network (See Malhotra, Abstract) As per claim 6, Danielpour and Malhotra discloses the system of claim 5, wherein the computer-readable code is configured to cause the at least one processing device to perform the following operation: Furthermore, Danielpour discloses: generate, based on the collection of the at least one previous resource transmission request data, a threat index, wherein the threat index comprises the at least one previous resource transmission request data, at least one previous user account identifier associated with the at least one previous resource transmission request data, and the positive malfeasant attribute (ML engine 516 may use various parameters associated with fund transfers, in the set of fund transfers, to determine suspicious fund transfers among the set of fund transfers. In an example, the ML engine 516 may use one or more of an event date, an amount, an entry date, a beneficiary name, a memo field, etc., associated with a fund transfer to determine if the fund transfer is suspicious or benign, Danielpour, para [0054]. The stored structure of risk information and its associated parameters (database of accounts known to be associated with malicious activity) is analogous to threat index. These comprises prior transaction data, account identifiers and fraud labels stored in association with those accounts). As per claim 7, Danielpour and Malhotra discloses the system of claim 5, wherein the Furthermore, Danielpour discloses: at least one previous resource transmission request data is associated with a plurality of user accounts (A mule account database 520 comprising a listing of accounts and based on the response notification indicating that the request is for a fraudulent fund transfer, add the at least one of the source accounts and the destination account to the mule account database, Danielpour, para [0052]. Multiple prior fund-transfer transactions involve multiple different source and destination accounts, these are associated with the dataset used to train the ML engine. Thus, the previous transmission request data is associated with a plurality of user accounts) As per claim 8, Danielpour and Malhotra discloses the system of claim 1, wherein the computer-readable code is configured to cause the at least one processing device to perform the following operations: Furthermore, Malhotra discloses: generate a malfeasant alert based on the malfeasant attribute, wherein, in an instance where the malfeasant attribute comprises a positive malfeasant attribute, generate a positive malfeasant alert, or wherein, in an instance where the malfeasant attribute comprises a negative malfeasant attribute, generate a negative malfeasant alert (Applying at least one fraud management machine learning algorithm to a corpus of payment card account transactions to build a fraud management profile of a payment account holder and transmit an alert to the user device concerning at least one financial account of the user, automatically block a transaction concerning, Malhotra, claims 1 and 6. Here, the malfeasant attribute is similar to the fraud-management outcome of applying the machine learning algorithm (e.g., whether a transaction is considered fraudulent). The positive malfeasant attribute is analogous to alert to a user device regarding the suspicious activity or automatically blocked transactions. The negative malfeasant attribute is analogous to absence of such an alert to an informational notification when transaction is treated legitimate). A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Danielpour with Malhotra by using AI based detection of fraud transactions (Danielpour) and collection and fraud monitoring (Malhotra). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Danielpour with Malhotra to effectively detect suspicious user activity in a network (See Malhotra, Abstract) As per claim 9, Danielpour and Malhotra discloses the system of claim 8, wherein the computer-readable code is configured to cause the at least one processing device to perform the following operations: Furthermore, Malhotra discloses: generate a positive malfeasant attribute interface component based on the positive malfeasant attribute, wherein the positive malfeasant attribute interface component comprises the resource transmission request data and positive malfeasant attribute; (To the user device, access to a user dashboard configured to accept registered user input including instructions for the central switch computer to at least one of monitor at least one financial account of the user, Malhotra, claim 6). transmit the positive malfeasant attribute interface component to a user device, wherein the user device is associated with an entity of the user account; and (Transmit an alert to the user device concerning at least one financial account of the user, automatically block a transaction concerning at least one financial account of the user, Malhotra, claim 6). dynamically configure [[the]] a graphical user interface of the user device associated with the entity with the positive malfeasant attribute interface component (A user dashboard module 412 for providing a registered user with a central dashboard showing all of the user's financial account, Malhotra, para [0057]. Providing access to a user dashboard and transmitting alters that alter what is shown or what actions are offered (e.g., remedial controls) on the GUI is interpreted as dynamically configuring a graphical user interface). A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Danielpour with Malhotra by using AI based detection of fraud transactions (Danielpour) and collection and fraud monitoring (Malhotra). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Danielpour with Malhotra to effectively detect suspicious user activity in a network (See Malhotra, Abstract) As per claim 10, Danielpour and Malhotra disclose the system of claim 9, wherein the computer-readable code is configured to cause the at least one processing device to perform the following operations: Furthermore, Malhotra discloses: receive, from the user device associated with the entity of the user account, a malfeasant attribute indicator, wherein the malfeasant attribute indicator comprises a positive malfeasant indicator or a negative malfeasant indicator; (User dashboard configured to accept registered user input, Malhotra, claim 6. Here, malfeasant attribute indicator is mapped to the registered user input in response to the alert which may confirm (positive) or dispute (negative) that a transaction is fraudulent) apply the malfeasant identification AI engine to the malfeasant attribute indicator; and (As a consequence of the resulting machine learning/training, the algorithm(s) may generate data and/or rules or may acquire or develop attributes so as to define/build a fraud management profile for the customer/account holder, Malhotra, para [0105]) train, based on the application of the malfeasant identification AI engine to the malfeasant attribute indicator, the malfeasant identification AI engine (The processing at the fraud platform 602 may include analysis of the data for the transaction and/or application of one or more fraud monitoring rules and/or application of results of machine learning/training to the transaction data, Malhotra, para [0096]. Here, the user feedback can be used as labels or training signals to further refine or retrain the machine learning algorithm, corresponding to applying and training the malfeasant identification AI engine based on those indicators) A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Danielpour with Malhotra by using AI based detection of fraud transactions (Danielpour) and collection and fraud monitoring (Malhotra). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Danielpour with Malhotra to effectively detect suspicious user activity in a network (See Malhotra, Abstract) As per claim 11, Danielpour discloses a computer program product for threat indexing and implementing artificial intelligence (AI) to detect malfeasant user activity, wherein the computer program product comprises at least one non-transitory computer-readable medium having computer-readable program code portions embodied therein, the computer-readable program code portions which when executed by a processing device are configured to cause the processor to perform the following operations: identify a resource transmission request associated with a user account; (A user computer device configured to send a request for a fund transfer, wherein the request comprises an indication of a source account, an indication of a destination account, and an indication of a transfer value, Danielpour, claim 1. Here the request for a fund transfer is analogous to the resource transmission request and the source/destination account is a user account associated with the user using the computer device. The system configured to send a request for a fund transfer implies identifying the transfer request associated with an account). collect resource account data of the user account; (The monitoring platform may use a database of accounts known to be associated with malicious activity in combination with an ML engine for the detection, Danielpour, Abstract. Here, the resource account data is analogous to the account information stored in the database of accounts known to be associated with malicious activity). collect resource transmission request data associated with the resource transmission request; (The ML engine may be trained, using supervised machine learning, to identify fraudulent fund transfers based on various parameters associated with fund transfer requests, Danielpour, Abstract. Here, the resource transmission request data is analogous to the various parameters associated with the fund transfer request (e.g., transfer value, source, destination, timing) identify at least one user account attribute associated with the user account, wherein the user account attribute is a high resource attribute; (A mule account database with a listing of accounts, accounts known to be associated with malicious activity, Danielpour, para [0006]. Whether an account appears in the mule account database and associated metadata (e.g., prior malicious activity) is analogous to the user account attribute. A high resource attribute could be a risk-related or high-risk status such as accounts known to be associated with malicious activity i.e., an attribute indicating significant risk) identify at least one similar user account based on the at least one similar user account comprising the at least one user account attribute; (Based on the response notification indicating that the request is for a fraudulent fund transfer and at least one of the source accounts and the destination account not being listed in the mule account database, add the at least one of the source accounts and the destination account to the mule account database, Danielpour, para [0008]. “Other accounts in the mule account database sharing fraud-related attributes is analogous to the “similar user account. The system adds accounts that meet criteria into the database, effectively identifying accounts that are similar in having a fraud/mule attribute). collect similar user account data associated with the at least one similar user account; (The monitoring platform may use a database of accounts known to be associated with malicious activity in combination with an ML engine for the detection, Danielpour, Abstract. Use of the database by the ML engine implies collection of data about multiple mule accounts). However, Danielpour does not explicitly disclose the limitations: apply a malfeasant identification artificial intelligence (AI) engine to the similar user account data; train the malfeasant identification AI engine on the similar user account data; apply [[a]] the malfeasant identification AI engine to the resource account data and the resource transmission request data, generate, by the malfeasant identification AI engine, a malfeasant attribute of the resource transmission request, wherein the malfeasant attribute comprises at least one of a positive malfeasant attribute or a negative malfeasant attribute. Malhotra discloses: apply a malfeasant identification artificial intelligence (AI) engine to the similar user account data; (Machine learning algorithm to a corpus of payment card account transactions. The data analysis engine may utilize, for example, historical purchasing data of a consumer, Malhotra, Abstract and para [0070]. Here, malfeasant identification AI engine is analogous to the heuristic data processing module/ data analysis engine which uses machine learning to analyze transaction-realted data and similar user account data is analogous to stored data about other account holders and past transactions including historical purchasing data, fraudulent- transaction data and account holder profile data). train the malfeasant identification AI engine on the similar user account data; (Trained on the legitimate transactions, and, fraud management profile, Malhotra, para [0086] and [0105]. Here, neural networks are trained on legitimate account-holder transaction histories and machine-learning/ training builds a fraud management profile. The similar user account data is interpreted to be the other account holder transaction histories used to create learned profiles). apply [[a]] the malfeasant identification AI engine to the resource account data and the resource transmission request data, (Training to the transaction data and the fraud platform 602 may collect additional data, Malhotra, para [0021] and [0108]. Here, the resource transmission request data is analogous to transaction data and transaction details for the current EFT/ payment transaction. The resource account data is analogous to additional data representing a fraud profile for the customer/originator, plus location, mobile-device identifier and realted account associated information. The AI engine is similar to the fraud platforms generation of a recommended decision score based on both the transaction and the collected additional data). generate, by the malfeasant identification AI engine, a malfeasant attribute of the resource transmission request, wherein the malfeasant attribute comprises at least one of a positive malfeasant attribute or a negative malfeasant attribute (The payment switch/network 206 and provides a recommended decision score (with respect to authorizing the financial transaction), Malhotra, para [0071] and transaction is likely legitimate or fraudulent, Malhotra, para [0068]. The malfeasant attribute is analogous to the recommended decision score/ threat level score generated for the transaction. The positive malfeasant attribute is the output indicating the transaction is fraudulent, high-risk or should be declined and the negative malfeasant attribute is the output indicating the transaction is legitimate, low-risk or should proceed). A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Danielpour with Malhotra by using AI based detection of fraud transactions (Danielpour) and collection and fraud monitoring (Malhotra). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Danielpour with Malhotra to effectively detect suspicious user activity in a network (See Malhotra, Abstract) As per claim 13, Danielpour and Malhotra disclose the computer program product of claim 11, wherein the processing device is configured to cause the processor to perform the following operations: collect at least one previous resource transmission request data, wherein the at least one previous resource transmission request data comprises the positive malfeasant attribute; (The ML engine may be trained, using supervised machine learning, to identify fraudulent fund transfers based on various parameters associated with fund transfer requests, Danielpour, Abstract. Here, the resource transmission request data is analogous to the various parameters associated with the fund transfer request (e.g., transfer value, source, destination, timing). train, based on the application of the malfeasant identification AI engine to the at least one previous resource transmission request data, the malfeasant identification AI engine (Machine learning (ML) engine trained using supervised machine learning based on transfer information and response notifications, Danielpour, claim 1. The ML engine uses labeled prior transactions (fraud/non-fraud) to adjust its parameters, which is equivalent to applying the engine to previous resource transmission request data and training based on those labeled examples). Furthermore, Malhotra discloses: apply the malfeasant identification AI engine to the at least one previous resource transmission request data; and (Training to the transaction data and the fraud platform 602 may collect additional data, Malhotra, para [0021] and [0108]. Here, the resource transmission request data is analogous to transaction data and transaction details for the current EFT/ payment transaction. The resource account data is analogous to additional data representing a fraud profile for the customer/originator, plus location, mobile-device identifier and realted account associated information. The AI engine is similar to the fraud platforms generation of a recommended decision score based on both the transaction and the collected additional data). A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Danielpour with Malhotra by using AI based detection of fraud transactions (Danielpour) and collection and fraud monitoring (Malhotra). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Danielpour with Malhotra to effectively detect suspicious user activity in a network (See Malhotra, Abstract) As per claim 14, Danielpour and Malhotra discloses the computer program product of claim 13, wherein the processing device is configured to cause the processor to perform the following operation: Furthermore, Danielpour discloses: generate, based on the collection of the at least one previous resource transmission request data, a threat index, wherein the threat index comprises the at least one previous resource transmission request data, at least one previous user account identifier associated with the at least one previous resource transmission request data, and the positive malfeasant attribute (ML engine 516 may use various parameters associated with fund transfers, in the set of fund transfers, to determine suspicious fund transfers among the set of fund transfers. In an example, the ML engine 516 may use one or more of an event date, an amount, an entry date, a beneficiary name, a memo field, etc., associated with a fund transfer to determine if the fund transfer is suspicious or benign, Danielpour, para [0054]. The stored structure of risk information and its associated parameters (database of accounts known to be associated with malicious activity) is analogous to threat index. These comprises prior transaction data, account identifiers and fraud labels stored in association with those accounts). As per claim 15, The computer program product of claim 14, wherein Furthermore, Danielpour discloses: the at least one previous resource transmission request data is associated with a plurality of user accounts (A mule account database 520 comprising a listing of accounts and based on the response notification indicating that the request is for a fraudulent fund transfer, add the at least one of the source accounts and the destination account to the mule account database, Danielpour, para [0052]. Multiple prior fund-transfer transactions involve multiple different source and destination accounts, these are associated with the dataset used to train the ML engine. Thus, the previous transmission request data is associated with a plurality of user accounts). As per claim 16, Danielpour discloses a computer implemented method for threat indexing and implementing artificial intelligence (AI) to detect malfeasant user activity, the computer implemented method comprising: identifying a resource transmission request associated with a user account; (A user computer device configured to send a request for a fund transfer, wherein the request comprises an indication of a source account, an indication of a destination account, and an indication of a transfer value, Danielpour, claim 1. Here the request for a fund transfer is analogous to the resource transmission request and the source/destination account is a user account associated with the user using the computer device. The system configured to send a request for a fund transfer implies identifying the transfer request associated with an account). collecting resource account data of the user account; (The monitoring platform may use a database of accounts known to be associated with malicious activity in combination with an ML engine for the detection, Danielpour, Abstract. Here, the resource account data is analogous to the account information stored in the database of accounts known to be associated with malicious activity). collecting resource transmission request data associated with the resource transmission request; (The ML engine may be trained, using supervised machine learning, to identify fraudulent fund transfers based on various parameters associated with fund transfer requests, Danielpour, Abstract. Here, the resource transmission request data is analogous to the various parameters associated with the fund transfer request (e.g., transfer value, source, destination, timing). identifying at least one user account attribute associated with the user account, wherein the user account attribute is a high resource attribute; (A mule account database with a listing of accounts, accounts known to be associated with malicious activity, Danielpour, para [0006]. Whether an account appears in the mule account database and associated metadata (e.g., prior malicious activity) is analogous to the user account attribute. A high resource attribute could be a risk-related or high-risk status such as accounts known to be associated with malicious activity i.e., an attribute indicating significant risk). identifying at least one similar user account based on the at least one similar user account comprising the at least one user account attribute; (Based on the response notification indicating that the request is for a fraudulent fund transfer and at least one of the source accounts and the destination account not being listed in the mule account database, add the at least one of the source accounts and the destination account to the mule account database, Danielpour, para [0008]. “Other accounts in the mule account database sharing fraud-related attributes is analogous to the “similar user account. The system adds accounts that meet criteria into the database, effectively identifying accounts that are similar in having a fraud/ule attribute). collecting similar user account data associated with the at least one similar user account; (The monitoring platform may use a database of accounts known to be associated with malicious activity in combination with an ML engine for the detection, Danielpour, Abstract. Use of the database by the ML engine implies collection of data about multiple mule accounts) However, Danielpour does not explicitly disclose the limitations: applying a malfeasant identification artificial intelligence (AI) engine to the similar user account data; training the malfeasant identification AI engine on the similar user account data; applying [[a]] the malfeasant identification generating, by the malfeasant identification AI engine, a malfeasant attribute of the resource transmission request, wherein the malfeasant attribute comprises at least one of a positive malfeasant attribute or a negative malfeasant attribute. Malhotra discloses: applying a malfeasant identification artificial intelligence (AI) engine to the similar user account data; (Machine learning algorithm to a corpus of payment card account transactions. The data analysis engine may utilize, for example, historical purchasing data of a consumer, Malhotra, Abstract and para [0070]. Here, malfeasant identification AI engine is analogous to the heuristic data processing module/ data analysis engine which uses machine learning to analyze transaction-realted data and similar user account data is analogous to stored data about other account holders and past transactions including historical purchasing data, fraudulent- transaction data and account holder profile data). training the malfeasant identification AI engine on the similar user account data; (Trained on the legitimate transactions, and, fraud management profile, Malhotra, para [0086] and [0105]. Here, neural networks are trained on legitimate account-holder transaction histories and machine-learning/ training builds a fraud management profile. The similar user account data is interpreted to be the other account holder transaction histories used to create learned profiles). applying [[a]] the malfeasant identification (Training to the transaction data and the fraud platform 602 may collect additional data, Malhotra, para [0021] and [0108]. Here, the resource transmission request data is analogous to transaction data and transaction details for the current EFT/ payment transaction. The resource account data is analogous to additional data representing a fraud profile for the customer/originator, plus location, mobile-device identifier and realted account associated information. The AI engine is similar to the fraud platforms generation of a recommended decision score based on both the transaction and the collected additional data). generating, by the malfeasant identification AI engine, a malfeasant attribute of the resource transmission request, wherein the malfeasant attribute comprises at least one of a positive malfeasant attribute or a negative malfeasant attribute (The payment switch/network 206 and provides a recommended decision score (with respect to authorizing the financial transaction), Malhotra, para [0071] and transaction is likely legitimate or fraudulent, Malhotra, para [0068]. The malfeasant attribute is analogous to the recommended decision score/ threat level score generated for the transaction. The positive malfeasant attribute is the output indicating the transaction is fraudulent, high-risk or should be declined and the negative malfeasant attribute is the output indicating the transaction is legitimate, low-risk or should proceed). A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Danielpour with Malhotra by using AI based detection of fraud transactions (Danielpour) and collection and fraud monitoring (Malhotra). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Danielpour with Malhotra to effectively detect suspicious user activity in a network (See Malhotra, Abstract) As per claim 18, Danielpour and Malhotra discloses the computer implemented method of claim 16, further comprising: collecting at least one previous resource transmission request data, wherein the at least one previous resource transmission request data comprises the positive malfeasant attribute; (The ML engine may be trained, using supervised machine learning, to identify fraudulent fund transfers based on various parameters associated with fund transfer requests, Danielpour, Abstract. Here, the resource transmission request data is analogous to the various parameters associated with the fund transfer request (e.g., transfer value, source, destination, timing). training, based on the application of the malfeasant identification AI engine to the at least one previous resource transmission request data, the malfeasant identification AI engine (Machine learning (ML) engine trained using supervised machine learning based on transfer information and response notifications, Danielpour, claim 1. The ML engine uses labeled prior transactions (fraud/non-fraud) to adjust its parameters, which is equivalent to applying the engine to previous resource transmission request data and training based on those labeled examples) Furthermore, Malhotra discloses: applying the malfeasant identification AI engine to the at least one previous resource transmission request data; and (Training to the transaction data and the fraud platform 602 may collect additional data, Malhotra, para [0021] and [0108]. Here, the resource transmission request data is analogous to transaction data and transaction details for the current EFT/ payment transaction. The resource account data is analogous to additional data representing a fraud profile for the customer/originator, plus location, mobile-device identifier and realted account associated information. The AI engine is similar to the fraud platforms generation of a recommended decision score based on both the transaction and the collected additional data). A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Danielpour with Malhotra by using AI based detection of fraud transactions (Danielpour) and collection and fraud monitoring (Malhotra). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Danielpour with Malhotra to effectively detect suspicious user activity in a network (See Malhotra, Abstract) As per claim 19, Danielpour and Malhotra disclose the computer implemented method of claim 18, further comprising: Furthermore, Danielpour discloses: generating based on the collection of the at least one previous resource transmission request data, a threat index, wherein the threat index comprises the at least one previous resource transmission request data, at least one previous user account identifier associated with the at least one previous resource transmission request data, and the positive malfeasant attribute (ML engine 516 may use various parameters associated with fund transfers, in the set of fund transfers, to determine suspicious fund transfers among the set of fund transfers. In an example, the ML engine 516 may use one or more of an event date, an amount, an entry date, a beneficiary name, a memo field, etc., associated with a fund transfer to determine if the fund transfer is suspicious or benign, Danielpour, para [0054]. The stored structure of risk information and its associated parameters (database of accounts known to be associated with malicious activity) is analogous to threat index. These comprises prior transaction data, account identifiers and fraud labels stored in association with those accounts). As per claim 20, Danielpour and Malhotra disclose the computer implemented method of claim 19, wherein Furthermore, Danielpour discloses: the at least one previous resource transmission request data is associated with a plurality of user accounts (A mule account database 520 comprising a listing of accounts and based on the response notification indicating that the request is for a fraudulent fund transfer, add the at least one of the source accounts and the destination account to the mule account database, Danielpour, para [0052]. Multiple prior fund-transfer transactions involve multiple different source and destination accounts, these are associated with the dataset used to train the ML engine. Thus, the previous transmission request data is associated with a plurality of user accounts). As per claim 21, Danielpour and Malhotra disclose the system of claim 1, wherein the Furthermore, Danielpour discloses: resource transmission request comprises a request for a financial transaction (The enterprise application host platform 810 may be configured to host, execute, and/or otherwise provide one or more transaction processing programs, such as an online banking application, fund transfer applications, Danielpour, para [0065]). As per claim 22, Danielpour and Malhotra disclose the system of claim 6, wherein Furthermore, Danielpour discloses: the threat index is applied to the malfeasant identification AI engine to train the malfeasant identification AI engine (ML engine 516 uses parameters to detect if a transaction is suspicious at step 636. Danielpour, Fig 6) As per claim 23, Danielpour and Malhotra disclose the system of claim 1, wherein Furthermore, Danielpour discloses: the user account is a new user account (The destination account (or the source account) may be a new account or a relatively new account, Danielpour, para [0042]) Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to RAGHAVENDER CHOLLETI whose telephone number is (703) 756-1065. The examiner can normally be reached M-Th 7:30AM -4:30PM EST and variable Fridays. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, RUPAL DHARIA can be reached on (571) 272-3880. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patentcenter for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866- 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. Respectfully Submitted, /RAGHAVENDER NMN CHOLLETI/ Examiner, Art Unit 2492 /RUPAL DHARIA/Supervisory Patent Examiner, Art Unit 2492