SYSTEMS AND METHODS FOR FRAUD DETECTION

§101 §103

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Status of Claims This is the office action on the merits in response to the application filed on 12/30/2025. Claims 1-19 and 21 are currently pending and have been examined. Response to Arguments Applicant's arguments filed 12/30/2025 with respect to the rejection(s) of claim(s) 1-19 and 21 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made. The rejection of pending claims 1-19 and 21 under 35 U.S.C. 101 as directed to an abstract idea without significantly more, is maintained in view of MPEP 2106.04(d). Applicant argument of the claims provide a technical improvement are not persuasive because the claims do not recite any improvements to the functionality of a computer, webpage, network, or the machine learning technology. Instead, the claims are directed to evaluating information to determine a likelihood of fraud based on browsing history data and transaction information, including identifying a searching session and applying a machine learning model to predict fraud, which falls under the abstract idea of mental processes. Such claim limitations as collecting information, analyzing patterns, and making a determination based on the analysis, which are activities that can be performed in the human mind or with pen and paper. The additional limitations directed to identifying URLs typed in a navaigation path of an internet browser is merely additional data gathering and do not integrate the abstract idea into a practical application. The machine learning model that autonomously learns its own operation parameters to achieve higher accuracy and fewer errors merely applies to a generic computer. Therefore, the mere implementation of the steps above does not integrate the abstract idea into a practical application. See remarks on page 10-17. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-19 and 21 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more. Subject Matter Eligibility Criteria – Step 1: Claims 1-19 and 21 are directed to a system. Therefore, these claims fall within the four statutory categories of invention. Subject Matter Eligibility Criteria – Step 2A – Prong One: Regarding Prong One of Step 2A of the Alice/Mayo test, the claim limitations are to be analyzed to determine whether, under their broadest reasonable interpretation, they “recite” a judicial exception or in other words whether a judicial exception is “set forth” or “described” in the claims. MPEP 2106.04(II)(A)(1). An “abstract idea” judicial exception is subject matter that falls within at least one of the following groups: a) certain methods of organizing human activity, b) mental processes, and/or c) mathematical concepts. MPEP 2106.04(a). Representative independents claims 1-3 include limitations that recite at least one abstract idea. Claim 1 is directed to the abstract idea of “identify, using a web browser extension, that a user has navigated to a webpage on a user device; receive, via the webpage, data associated with a transaction; responsive to receiving the data: retrieve search history data corresponding to a searching session associated with the data; and identify a searching session path corresponding to the transaction, the searching session path comprising an order of webpages visited, links clicked to navigate to the webpage, or URLs typed in a navigation path of an internet browser; determine, using a machine learning model (MLM) and based on the search history data and the searching session path, a likelihood of fraud associated with the data by dynamically (i) determining a relevant time period from the search history data, (ii) selecting a relevant portion of the search history data based on the relevant time period, and (iii) predicting the likelihood of the fraud by drawing patterns from the relevant portion of the search history data and the searching session path, wherein the MLM autonomously learns its own operation parameters to achieve higher accuracy and fewer errors in predicting the likelihood of fraud; determine whether the likelihood exceeds a predetermined threshold; and responsive to determining the likelihood exceeds the predetermined threshold, conduct one or more fraud prevention actions.” Under its broadest reasonable interpretation, this claim is evaluating information to make a decision using past browsing history and transaction patterns, hence falls under mental processes (i.e., concepts performed in the human mind). Claims 2 and 3 are directed to the abstract idea of “receive data associated with a transaction being conducted by a user on a webpage via a user device; responsive to receiving the data: retrieve search history data corresponding to a searching session associated with the data, wherein a web browser extension collects the search history data in the background of the searching session up to a point where the user initiates the transaction; and identify a searching session path corresponding to the transaction, the searching session path comprising an order of webpages visited or links clicked to navigate to the webpage; determine, using a machine learning model (MLM) and based on the search history data, transaction data, and the searching session path, a first likelihood of fraud associated with the data by dynamically determining correlations in a selected relevant portion of the search history data based on a determined relevant time period and based on card uses in the transaction data; determine whether the first likelihood exceeds a predetermined threshold; and responsive to determining the first likelihood exceeds the predetermined threshold, conduct one or more fraud prevention actions.” Under its broadest reasonable interpretation, this claim is evaluating information to make a decision using past browsing history and transaction patterns, hence falls under mental processes (i.e., concepts performed in the human mind). Dependent Claims: Claims 4 and 18 recites: wherein the search history data comprises one or more of a name of a webpage, a type of webpage, an order of webpages, a total amount of search time, a time period between webpage searches, metadata associated with the user device, or combinations thereof; further describes the abstract idea of mental processes (i.e., concepts performed in the human mind). Claim 5 and 19 recites: wherein the searching session is based on one or more of browsing time, number of clicks, number of webpages visited, or combinations thereof; further describes the abstract idea of mental processes (i.e., concepts performed in the human mind). Claim 6 recites: wherein the searching session path comprises one or more steps the user has taken to navigate to the webpage; further describes the abstract idea of mental processes (i.e., concepts performed in the human mind). Claim 7 recites: wherein the data comprises a virtual card number (VCN); further describes the abstract idea of mental processes (i.e., concepts performed in the human mind). Claims 8, 12, and 16 recites: wherein the one or more fraud prevention actions comprise one or more of: causing the user device to display, via a graphical user interface (GUI), a first notification, transmitting a first prompt to the user device requesting the user enter a primary card number associated with the VCN, transmitting a second prompt to the user device requesting the user generate a new VCN, transmitting an authentication request to a secondary device associated with the user, modifying a spending limit associated with the VCN, or combinations thereof; further describes the abstract idea of mental processes (i.e., concepts performed in the human mind). Claims 9, 13, and 17 recites: wherein the one or more fraud prevention actions comprise one or more of: redirecting the user to a new tab on the webpage, modifying a GUI of the webpage by changing a placement of one or more user input objects, redirecting one or more second users around the webpage, or combinations thereof; further describes the abstract idea of mental processes (i.e., concepts performed in the human mind). Claim 10 recites: wherein the MLM is trained via federated learning; further describes the abstract idea of mental processes (i.e., concepts performed in the human mind). Claim 11 recites: wherein the instructions are further configured to cause the system to: responsive to determining the likelihood does not exceed the predetermined threshold, authorize the transaction; further describes the abstract idea of mental processes (i.e., concepts performed in the human mind). Claim 14 recites: wherein the MLM is trained to identify one or more correlations between the search history data, the searching session path, and/or the data to determine the likelihood of fraud; further describes the abstract idea of mental processes (i.e., concepts performed in the human mind). Claim 15 recites: identify, using a web browser extension, that the user has navigated to the webpage on the user device, wherein retrieving the search history data and identifying the searching session path are responsive to identifying that the user has navigated to the webpage; further describes the abstract idea of mental processes (i.e., concepts performed in the human mind). Subject Matter Eligibility Criteria – Step 2A – Prong Two: Claims 1-3 recites to one or more processors; and a memory as an additional element to the judicial exception in the preamble. Viewed individually and in combination, this additional element to the identified judicial exception of Step 2A.1, amounts to no more than mere instructions for evaluating information to make a decision using past browsing history and transaction patterns a generic computer. Therefore, at Step 2A.2, these additional elements do not act in combination to integrate the abstract idea into a practical application. The additional elements of claims 1-3 considered both individually and as an ordered combination, do not amount to significantly more than the judicial exception because the additional element of a generic computer does no more than “[s]imply appending well-understood, routine, conventional activities previously known to the industry, specified at a high level of generality, to the judicial exception, e.g., a claim to an abstract idea requiring no more than a generic computer to perform generic computer functions that are well-understood, routine and conventional activities previously known to the industry.” See MPEP 2106.05 (citing to Alice Corp. Pty. Ltd. v. CLS Bank Int'l, 573 U.S. 208, 225 (2014)). Therefore claims 1-3 is found ineligible under 35 U.S.C. 101. Step 2B: Viewed as a whole, instructions/method claims recite the concept of “organizing human activity” (i.e., as fundamental economic practices) in evaluating information to make a decision using past browsing history and transaction patterns is performed by a generic computer. The method claims do not, for example, purport to improve the functioning of the computer itself. Nor do they effect an improvement in any other technology or technical field. Instead, the claims at issue amount to nothing significantly more than an instruction to apply the abstract idea using some unspecified, generic computer. See Alice Corp. Pty. Ltd., 573 U.S. 208. Mere instructions to apply the exception using a generic computer component and limitations to a particular field of use or technological environment cannot integrate a judicial exception into a practical application at Step 2A or provide an inventive concept in Step 2B. The use of a computer or processor to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)). Therefore, the claim is not patent eligible. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1-6, 10-11, 14-15, 19 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Yavilevich et al. (US 10063645), in view of Bercich et. al (US 12045716 B2), and further in view of Adjaoute et al. (US 10019744 B2). Regarding claim 1, Yavilevich discloses a system comprising: one or more processors; and a memory in communication with the one or more processors and storing instructions that, when executed by the one or more processors, are configured to cause the system to: identify, using a web browser extension, that a user has navigated to a webpage on a user device, (Column 4/line 17, The client device 101 may be, but is not limited to, a smart phone, a tablet computer, a personal computer, a laptop computer, a netbook computer, an electronic reader, and the like. The browser 102 may be any web browser, such as Safari®, Firefox®, Internet Explorer®, Chrome®, and the like. The processor of the client device 101 runs an operating system that may include iOS®, Android®, Unix®, Windows®, and the like. The mobile application 103 may be any application that is executable over the client device 101 and/or an extension of the browser 102. The mobile application 103 is typically downloaded from a central repository 140 which may, e.g., AppStore® by Apple Computers®, Google® Play®, and the like.) receive, via the webpage, data associated with a transaction; (Column 4/line 51, A user of the client device 101 can visit a web site that includes one or more web pages. While a web page is displayed in the browser 102, the user can perform various activities that are monitored by the tracking code. The interaction of a user within one web page is referred to as a “pageview session.”.; and Column 12/line 54, Examples of behaviors that may be detected as indicative of money laundering activity include, but are not limited to, frequent changes of financial advisers or institutions; selection of financial advisers or institutions that are geographically distant from the entity or the location of the transaction; requests for increased speed in processing a transaction or making funds available; failure to disclose a real party to a transaction; a prior conviction for an acquisitive crime; a significant amount of private funding from a person who is associated with, or an entity that is, a cash-intensive business; a third party private funder without an apparent connection to the entity's business; a disproportionate amount of private funding or cash which is inconsistent with the socio-economic profile of the persons involved; finance provided by a lender, other than a financial institution, with no logical explanation or economic justification; business transactions in countries where there is a high risk of money laundering and/or terrorism funding; false documentation in support of transactions; an activity level that is inconsistent with the client's business or legitimate income level; and/or an overly complicated ownership structure for the entity.) responsive to receiving the data: retrieve search history data corresponding to a searching session associated with the data, (Column 3/line 55, The tracking server 130 may include an interface (not shown in FIG. 1) to receive user activity information representative of activities performed by the user during a visit to a web page, and to receive web page content information representative of the web page content displayed to the user during the visit. The information received through the interface may be compressed. The tracking server 130 also includes a processor (not shown in FIG. 1) configured to perform at least the tasks of decompressing the received data and generating at least the exposure maps and other analytic reports with regard to users' activity. The processes performed by the tracking server 130 are described in greater detail below.; and Column 5/line 30,The pan/zoom data set includes the size of the web page downloaded to the user device; the size of a visible area on the client device 101 at any given moment (hereinafter “viewport”); the position of each viewport (e.g., position of scroll bars); a time period for which each viewport was active; and a layout in which the browser 102 attempted to render the web page.) a likelihood of fraud associated with the data by dynamically (i) determining a relevant time period from the search history data, (ii) selecting a relevant portion of the search history data based on the relevant time period, (Column 5/line 30, The pan/zoom data set includes the size of the web page downloaded to the user device; the size of a visible area on the client device 101 at any given moment (hereinafter “viewport”); the position of each viewport (e.g., position of scroll bars); a time period for which each viewport was active; and a layout in which the browser 102 attempted to render the web page.; and Column 5/line 50, Each event is associated with multiple properties or attributes. These properties can be recorded together with the event. For example, mouse events are transmitted with x, y coordinates of the cursor and the state of the mouse buttons; keyboard events are transmitted with the key that was pressed; scroll events are transmitted with the position of the scroll bars; resize events are transmitted with the new window size; click events are transmitted with the type and URL of the object or link that was clicked on, the orientation of the client device, and so on. In one embodiment, each event is transmitted with the time that it occurred. The time can be absolute or relative to a known previously transferred time, such as load time. The element data set includes position information about one or more elements in the web page. For example, the tracking code may collect position information about a subset of elements that are in the center of a web page or center of a viewport. The element position information is collected as the user interacts with the web page. An element can be, for example, a paragraph of text, a link, an image, a button, or any document object module (DOM) element of the web page. The position information of an element includes at least one of: identification of the element (DOM) path, identification (ID), and so on, the bounding rectangle of the element, and optional identification information of the children's elements. For example, if the element is a “form” type its children may be “submit button” and “select control.” It should be noted that for each pageview (i.e., a visit of a web page) information related to a plurality of viewports is collected. A viewport changes during the pageview, thus multiple viewports can be rendered for each pageview, typically in response to a pan or zoom operation. Each viewport being rendered in a pageview is referred to as a “viewport instance” and starts a viewport instance. The width/height of the viewport instance determines the “zoom” level of the viewport instance. The zoom level determines at which level a given area was viewed. In one embodiment, the collected and recorded information may be assembled per pageview.) Under broad reasonable interpretation, the examiner interprets “a likelihood of fraud associated with the data by dynamically (i) determining a relevant time period from the search history data, (ii) selecting a relevant portion of the search history data based on the relevant time period” as “The pan/zoom data set includes the size of the web page downloaded to the user device…a time period for which each viewport was active; and a layout in which the browser 102 attempted to render the web page… mouse events are transmitted with x, y coordinates of the cursor and the state of the mouse buttons; keyboard events are transmitted with the key that was pressed… resize events are transmitted with the new window size; click events are transmitted with the type and URL of the object or link that was clicked on… each event is transmitted with the time that it occurred…such as load time. The element data set includes position information about one or more elements in the web page.” in the cited prior art. Yavilevich does not explicitly disclose determine, using a machine learning model (MLM). However, Bercich teaches determine, using a machine learning model (MLM), (Column 9/line 59, The one or more processors 102 mays also be programmed by the computer-executable instructions to prepare an input vector for the entities in the population; process said input vector with the neural network to provide an encoded output vector at the output node for each of the entities; and store the encoded output vectors in the memory 104 for subsequent use in identifying a common characteristic between two or more of the entities. The one or more processors 102 may also be programmed by the computer-executable instructions to compare the encoded output vectors to identify the two or more entities with the common characteristic. FIG. 5 shows a federated learning system 500 for use by, for example, four independent entities A, B, C, and D, which are also indicated, respectively, by reference numbers 502, 504, 506 and 508.; and Column 4/line 17, use autoencoder-based data anonymization systems and methods to encrypt their data at the outset before attempting to detect particular behaviors. FIGS. 1A to 4 disclose such systems and methods. More particularly, ctn autoencoder system can maintain anonymity and preserve the relational content between and among PII data while still encoding it in a safe manner. Therefore, the data can still be used for network analysis, deduplication efforts and can generally serve as an input into machine-learning models to detect complex patterns whose accuracy and veracity is enhanced by the inclusion of this encoded PII data in the analysis. Business and research areas alike should be able to utilize this encoded data for analysis, without having to have access to the original data. This is especially applicable in (but not restricted to) the financial sector for the purposes of fraud detection and anti-money laundering efforts, and in the healthcare sectors, allowing third party providers and researchers to work with a more complete dataset than ever before without revealing any actual PII data). One of ordinary skill in the art would have recognized that applying the known technique of Bercich to the known invention of Yavilevich would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such fraud prevention into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the system to include determine, using a machine learning model (MLM) results in an improved invention because applying said technique ensures that there is automatic detection of patterns using the user’s transaction history to allow the system to recognize and conduct more fraud prevention actions, thus improving the overall security of the invention. Yavilevich does not explicitly disclose determine whether the likelihood exceeds a predetermined threshold; and responsive to determining the likelihood exceeds the predetermined threshold, conduct one or more fraud prevention actions. However, Bercich teaches determine whether the likelihood exceeds a predetermined threshold; and responsive to determining the likelihood exceeds the predetermined threshold, conduct one or more fraud prevention actions, (Column 8/line 6, The one or more processors 102 can also be programmed to set a threshold for a total number of training cycles and to stop the training of the neural network at step 408 in response to the number of training cycles exceeding the threshold. The one or more processors 102 can also be programmed to set a threshold as a function of a loss plane of the output vector reconstruction error and stop the training of the neural network at step 410 in response to the output vector reconstruction error being less than the threshold.; and Column 4/line 17, As a matter of security, some entities might prefer to use autoencoder-based data anonymization systems and methods to encrypt their data at the outset before attempting to detect particular behaviors. FIGS. 1A to 4 disclose such systems and methods…autoencoder system can maintain anonymity and preserve the relational content between and among PII data while still encoding it in a safe manner. Therefore, the data can still be used for network analysis, deduplication efforts and can generally serve as an input into machine-learning models to detect complex patterns whose accuracy and veracity is enhanced by the inclusion of this encoded PII data in the analysis. Business and research areas alike should be able to utilize this encoded data for analysis, without having to have access to the original data. This is especially applicable in (but not restricted to) the financial sector for the purposes of fraud detection and anti-money laundering efforts, and in the healthcare sectors, allowing third party providers and researchers to work with a more complete dataset than ever before without revealing any actual PII data.) One of ordinary skill in the art would have recognized that applying the known technique of Bercich to the known invention of Yavilevich would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such fraud prevention into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the system to include determine whether the likelihood exceeds a predetermined threshold; and responsive to determining the likelihood exceeds the predetermined threshold, conduct one or more fraud prevention actions results in an improved invention because applying said technique allows the system to identify fraud quickly and take action to prevent fraud from actually occurring, thus improving the overall security of the invention. Yavilevich as modified does not explicitly disclose identify a searching session path corresponding to the transaction, the searching session path comprising an order of webpages visited or links clicked to navigate to the webpage, webpage, or URLs typed in a navigation path of an internet browser. However, Adjaoute teaches identify a searching session path corresponding to the transaction, the searching session path comprising an order of webpages visited or links clicked to navigate to the webpage, webpage, or URLs typed in a navigation path of an internet browser, (Claim 1. catalog a sequence of webpage clickstream behaviors of a user computing device then being employed to browse through a webpage and a website maintained by a consumer website server; collect and maintain a database of comprehensive dossiers of user device ID's obtained from many user-device visits to many webpages maintained by many websites over a period of time; match a user device currently visiting a website by identifying characteristics obtainable through a user device browser, and forwarding these over a network to a dossier file already maintained in said database, if possible; and Claim 7, extract a clickstream behavior related to the particular paths and order of webpages an individual user follows with a sequence of user clicks… track session activity and pattern-match said clickstream behavior to normal-suspect-abnormal-malware patterns; and Para. 0047, Each such website 106-108 sends activity reports 114-116 to the centralized server 102 in real-time over the network as many independent and unrelated users visit and click through webpages 110-112.) One of ordinary skill in the art would have recognized that applying the known technique of Adjaoute to the known invention of Yavilevich as modified would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such fraud prevention into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the system to include identify a searching session path corresponding to the transaction, the searching session path comprising an order of webpages visited or links clicked to navigate to the webpage, webpage, or URLs typed in a navigation path of an internet browser results in an improved invention because applying said technique ensures that there is automatic detection of patterns using the user’s transaction history and behaviors to allow the system to improve fraud detection, thus improving the overall security of the invention. Yavilevich as modified does not explicitly disclose and based on the search history data and the searching session path, a likelihood of fraud associated with the data by dynamically (iii) predicting the likelihood of the fraud by drawing patterns from the relevant portion of the search history data and the searching session path, wherein the MLM autonomously learns its own operation parameters to achieve higher accuracy and fewer errors in predicting the likelihood of fraud. However, Adjaoute teaches and based on the search history data and the searching session path, a likelihood of fraud associated with the data by dynamically (iii) predicting the likelihood of the fraud by drawing patterns from the relevant portion of the search history data and the searching session path, wherein the MLM autonomously learns its own operation parameters to achieve higher accuracy and fewer errors in predicting the likelihood of fraud, (Para. 0007, Indirectly, users can be authenticated and the risks of fraud can be reduced by inspecting the personal trusted devices they use and the ways real users behave when navigating webpages. This wasn't possible when phone orders were placed using wireline telephones before Caller ID was mandated. Now, highly distinctive personal trusted user devices, like smartphones and laptops, are being used to place retail orders.; and Para. 0026, The collection of comprehensive dossiers of user devices are organized by their identifying behavior and device-ID information, and both are used to calculate a fraud score in real-time. Each corresponding website is thereby assisted in deciding whether to allow a proposed transaction to be concluded with the particular user and their device.; and Para. 0024, For example, using a set of rules and/or probabilities and or neural networks and or fuzzy logic to provide a score between [0, 1] to identify the device.; and Claim 1. calculate a fraud score in real-time based on results obtained in the steps of analyzing and collecting; and configuring the calculation as a signal output useful to assist each consumer website server in determining whether to allow a proposed transaction to be concluded by a particular user computing device.; and Claim 2. the step to calculate said fraud score is principally determined according to results obtainable from analyzing said sequence of webpage clickstream behaviors.; and Claim 7. record said clickstream behavior and comparing it to previously determined patterns of normal, suspicious, and fraudulent activity; track session activity and pattern-match said clickstream behavior to normal-suspect-abnormal-malware patterns; monitor and analyze online transactions according to pre-determined business rules and statistical models, and to update profiles of users and accounts; correlate alerts and activities; and search for relationships amongst users and channels; wherein, a consumer website can be warned with a signal over the network of high risk users in real-time.) One of ordinary skill in the art would have recognized that applying the known technique of Adjaoute to the known invention of Yavilevich as modified would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such fraud prevention into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the system to include and based on the search history data and the searching session path, a likelihood of fraud associated with the data by dynamically (iii) predicting the likelihood of the fraud by drawing patterns from the relevant portion of the search history data and the searching session path, wherein the MLM autonomously learns its own operation parameters to achieve higher accuracy and fewer errors in predicting the likelihood of fraud results in an improved invention because applying said technique ensures that there is automatic detection of patterns using the user’s transaction history to allow the system to recognize and conduct more fraud prevention actions, thus improving the overall security of the invention. 10. Regarding claims 2 and 3, Yavilevich discloses one or more processors; and a memory in communication with the one or more processors and storing instructions that, when executed by the one or more processors, are configured to cause the system to: receive data associated with a transaction being conducted by a user on a webpage via a user device; (As seen in FIG. 1B, the plurality of characteristics may comprise data stored in the memory 104 which data is associated with any three or more of the following: a piece of personally identifiable information, a name, an age, a residential address, a business address, an address of a family relative, an address of a business associate, an educational history, an employment history, an address of any associate, a data from a social media site, a bank account number, a plurality of data providing banking information, a banking location, a purchase history, a purchase location, an invoice, a transaction date, a financial history, a credit history, a criminal record, a criminal history, a drug use history, a medical history, a hospital record, a police report, or a tracking history.; and Column 4/line 17, The client device 101 may be, but is not limited to, a smart phone, a tablet computer, a personal computer, a laptop computer, a netbook computer, an electronic reader, and the like. The browser 102 may be any web browser, such as Safari®, Firefox®, Internet Explorer®, Chrome®, and the like. The processor of the client device 101 runs an operating system that may include iOS®, Android®, Unix®, Windows®, and the like. The mobile application 103 may be any application that is executable over the client device 101 and/or an extension of the browser 102. The mobile application 103 is typically downloaded from a central repository 140 which may, e.g., AppStore® by Apple Computers®, Google® Play®, and the like.) responsive to receiving the data: retrieve search history data corresponding to a searching session associated with the data, (Column 4/line 51, A user of the client device 101 can visit a web site that includes one or more web pages. While a web page is displayed in the browser 102, the user can perform various activities that are monitored by the tracking code. The interaction of a user within one web page is referred to as a “pageview session.”.; and Column 12/line 54, Examples of behaviors that may be detected as indicative of money laundering activity include, but are not limited to, frequent changes of financial advisers or institutions; selection of financial advisers or institutions that are geographically distant from the entity or the location of the transaction; requests for increased speed in processing a transaction or making funds available; failure to disclose a real party to a transaction; a prior conviction for an acquisitive crime; a significant amount of private funding from a person who is associated with, or an entity that is, a cash-intensive business; a third party private funder without an apparent connection to the entity's business; a disproportionate amount of private funding or cash which is inconsistent with the socio-economic profile of the persons involved; finance provided by a lender, other than a financial institution, with no logical explanation or economic justification; business transactions in countries where there is a high risk of money laundering and/or terrorism funding; false documentation in support of transactions; an activity level that is inconsistent with the client's business or legitimate income level; and/or an overly complicated ownership structure for the entity.) identify a searching session path corresponding to the transaction, the searching session path comprising an order of webpages visited or links clicked to navigate to the webpage, (Column 1/line 48, Another technique for collecting web site analytics is by means of a client side script being embedded in web pages to monitor traffic. Such a script can collect information and submit it to a central server where the information is analyzed and stored. The script runs on a client device that typically collects URLs that a user visits, mouse movement, scrolling of web pages, resizing of browser windows, click events, keyboard use etc. (“per-action” data), the sequence of the visited URLs, and so on. The collected information is typically assembled and sent, “per-page” together with the identification of the client (e.g., an IP address) to the central server.; and Column 5/line 20, According to one embodiment, during the recording of the pageview session, the tracking code listens to events generated by the browser 102 and determines for each event if the event should be collected or if it should trigger the collection of data.; and Column 5/line 57, click events are transmitted with the type and URL of the object or link that was clicked on, the orientation of the client device, and so on. In one embodiment, each event is transmitted with the time that it occurred. The time can be absolute or relative to a known previously transferred time, such as load time. The element data set includes position information about one or more elements in the web page.) Under broad reasonable interpretation, the examiner interprets “identify a searching session path corresponding to the transaction, the searching session path comprising an order of webpages visited or links clicked to navigate to the webpage” as “collecting web site analytics is by means of a client side script being embedded in web pages …collect information and submit it to a central server where the information is analyzed and stored. The script runs on a client device that typically collects URLs that a user visits, mouse movement, scrolling of web pages, resizing of browser windows, click events, keyboard use etc. (“per-action” data), the sequence of the visited URLs… and during the recording of the pageview session, the tracking code listens to events generated by the browser 102 and determines for each event if the event should be collected or if it should trigger the collection of data” in the cited prior art. a likelihood of fraud associated with the data by dynamically (i) determining a relevant time period from the search history data, (ii) selecting a relevant portion of the search history data based on the relevant time period, (Column 5/line 30, The pan/zoom data set includes the size of the web page downloaded to the user device; the size of a visible area on the client device 101 at any given moment (hereinafter “viewport”); the position of each viewport (e.g., position of scroll bars); a time period for which each viewport was active; and a layout in which the browser 102 attempted to render the web page.; and Column 5/line 50, Each event is associated with multiple properties or attributes. These properties can be recorded together with the event. For example, mouse events are transmitted with x, y coordinates of the cursor and the state of the mouse buttons; keyboard events are transmitted with the key that was pressed; scroll events are transmitted with the position of the scroll bars; resize events are transmitted with the new window size; click events are transmitted with the type and URL of the object or link that was clicked on, the orientation of the client device, and so on. In one embodiment, each event is transmitted with the time that it occurred. The time can be absolute or relative to a known previously transferred time, such as load time. The element data set includes position information about one or more elements in the web page. For example, the tracking code may collect position information about a subset of elements that are in the center of a web page or center of a viewport. The element position information is collected as the user interacts with the web page. An element can be, for example, a paragraph of text, a link, an image, a button, or any document object module (DOM) element of the web page. The position information of an element includes at least one of: identification of the element (DOM) path, identification (ID), and so on, the bounding rectangle of the element, and optional identification information of the children's elements. For example, if the element is a “form” type its children may be “submit button” and “select control.” It should be noted that for each pageview (i.e., a visit of a web page) information related to a plurality of viewports is collected. A viewport changes during the pageview, thus multiple viewports can be rendered for each pageview, typically in response to a pan or zoom operation. Each viewport being rendered in a pageview is referred to as a “viewport instance” and starts a viewport instance. The width/height of the viewport instance determines the “zoom” level of the viewport instance. The zoom level determines at which level a given area was viewed. In one embodiment, the collected and recorded information may be assembled per pageview.) Under broad reasonable interpretation, the examiner interprets “a likelihood of fraud associated with the data by dynamically (i) determining a relevant time period from the search history data, (ii) selecting a relevant portion of the search history data based on the relevant time period” as “The pan/zoom data set includes the size of the web page downloaded to the user device…a time period for which each viewport was active; and a layout in which the browser 102 attempted to render the web page… mouse events are transmitted with x, y coordinates of the cursor and the state of the mouse buttons; keyboard events are transmitted with the key that was pressed… resize events are transmitted with the new window size; click events are transmitted with the type and URL of the object or link that was clicked on… each event is transmitted with the time that it occurred…such as load time. The element data set includes position information about one or more elements in the web page.” in the cited prior art. Yavilevich does not explicitly disclose determine, using a machine learning model (MLM) and based on the search history data and the searching session path. However, Bercich teaches determine, using a machine learning model (MLM) and based on the search history data and the searching session path, (Column 9/line 59, The one or more processors 102 mays also be programmed by the computer-executable instructions to prepare an input vector for the entities in the population; process said input vector with the neural network to provide an encoded output vector at the output node for each of the entities; and store the encoded output vectors in the memory 104 for subsequent use in identifying a common characteristic between two or more of the entities. The one or more processors 102 may also be programmed by the computer-executable instructions to compare the encoded output vectors to identify the two or more entities with the common characteristic. FIG. 5 shows a federated learning system 500 for use by, for example, four independent entities A, B, C, and D, which are also indicated, respectively, by reference numbers 502, 504, 506 and 508.; and Column 4/line 17, use autoencoder-based data anonymization systems and methods to encrypt their data at the outset before attempting to detect particular behaviors. FIGS. 1A to 4 disclose such systems and methods. More particularly, ctn autoencoder system can maintain anonymity and preserve the relational content between and among PII data while still encoding it in a safe manner. Therefore, the data can still be used for network analysis, deduplication efforts and can generally serve as an input into machine-learning models to detect complex patterns whose accuracy and veracity is enhanced by the inclusion of this encoded PII data in the analysis. Business and research areas alike should be able to utilize this encoded data for analysis, without having to have access to the original data. This is especially applicable in (but not restricted to) the financial sector for the purposes of fraud detection and anti-money laundering efforts, and in the healthcare sectors, allowing third party providers and researchers to work with a more complete dataset than ever before without revealing any actual PII data). One of ordinary skill in the art would have recognized that applying the known technique of Bercich to the known invention of Yavilevich would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such fraud prevention into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the system to include determine, using a machine learning model (MLM) and based on the search history data and the searching session path results in an improved invention because applying said technique ensures that there is automatic detection of patterns using the user’s transaction history to allow the system to recognize and conduct more fraud prevention actions, thus improving the overall security of the invention. Yavilevich does not explicitly disclose a likelihood of fraud associated with the data by dynamically (iii) predicting the likelihood of the fraud by drawing patterns from the relevant portion of the search history data and the searching session path. However, Bercich teaches a likelihood of fraud associated with the data by dynamically (iii) predicting the likelihood of the fraud by drawing patterns from the relevant portion of the search history data and the searching session path, (Column 3/line 5, deep learning detection models are first developed and trained for each individual entity. Every single entity possesses properties that make it unique such as the composition of their customers, the entity location, and usage and frequency of specific financial products, which entails that each entity has a certain kind of specificity that sets it apart from others. Each entity is assigned a model for individual behaviors (e.g. for money laundering) so that complex nuances and differences across entities can be learned by the model, thus optimizing the model's suitability for detection in that entity. This also ensures that model accuracy is not eroded by cross training which would result in the generalization of inference such that the important structural differences between entities would be disregarded. Models for a specific behavior have the same architectural properties across all entities and are re-trained using the specific entity's data and feedback.; and Column 1/line 34, The invention relates to the field of “federated learning” and its use in conjunction with machine learning models to detect illicit financial crime behaviors including but not limited to money laundering. In particular, the invention relates to the use of “federated learning” in the process of model training and inference and the use of machine learning more generally.; and Column 2/line 66, The present system provides a cloud-based solution that uses federated learning to achieve the goat of a unified, holistic and accurate detection and analysis of money laundering (or other type of financial crime) behavior for financial entities devoid of the need to cross share client data between entities themselves.) Under broad reasonable interpretation, the examiner interprets “a likelihood of fraud associated with the data by dynamically (iii) predicting the likelihood of the fraud by drawing patterns from the relevant portion of the search history data and the searching session path” as “deep learning detection models are first developed and trained for each individual entity… Models for a specific behavior have the same architectural properties across all entities and are re-trained using the specific entity's data and feedback … The invention relates to the field of “federated learning” and its use in conjunction with machine learning models to detect illicit financial crime behaviors including but not limited to money laundering. In particular, the invention relates to the use of “federated learning” in the process of model training and inference and the use of machine learning more generally” in the cited prior art. One of ordinary skill in the art would have recognized that applying the known technique of Bercich to the known invention of Yavilevich would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such fraud prevention into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the system to include a likelihood of fraud associated with the data by dynamically (iii) predicting the likelihood of the fraud by drawing patterns from the relevant portion of the search history data and the searching session path results in an improved invention because applying said technique ensures that there is automatic detection of patterns using the user’s transaction history to allow the system to recognize and conduct more fraud prevention actions, thus improving the overall security of the invention. Yavilevich does not explicitly disclose determine whether the likelihood exceeds a predetermined threshold; and responsive to determining the likelihood exceeds the predetermined threshold, conduct one or more fraud prevention actions. However, Bercich teaches determine whether the likelihood exceeds a predetermined threshold; and responsive to determining the likelihood exceeds the predetermined threshold, conduct one or more fraud prevention actions, (Column 8/line 6, The one or more processors 102 can also be programmed to set a threshold for a total number of training cycles and to stop the training of the neural network at step 408 in response to the number of training cycles exceeding the threshold. The one or more processors 102 can also be programmed to set a threshold as a function of a loss plane of the output vector reconstruction error and stop the training of the neural network at step 410 in response to the output vector reconstruction error being less than the threshold.; and Column 4/line 17, As a matter of security, some entities might prefer to use autoencoder-based data anonymization systems and methods to encrypt their data at the outset before attempting to detect particular behaviors. FIGS. 1A to 4 disclose such systems and methods…autoencoder system can maintain anonymity and preserve the relational content between and among PII data while still encoding it in a safe manner. Therefore, the data can still be used for network analysis, deduplication efforts and can generally serve as an input into machine-learning models to detect complex patterns whose accuracy and veracity is enhanced by the inclusion of this encoded PII data in the analysis. Business and research areas alike should be able to utilize this encoded data for analysis, without having to have access to the original data. This is especially applicable in (but not restricted to) the financial sector for the purposes of fraud detection and anti-money laundering efforts, and in the healthcare sectors, allowing third party providers and researchers to work with a more complete dataset than ever before without revealing any actual PII data.) One of ordinary skill in the art would have recognized that applying the known technique of Bercich to the known invention of Yavilevich would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such fraud prevention into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the system to include determine whether the likelihood exceeds a predetermined threshold; and responsive to determining the likelihood exceeds the predetermined threshold, conduct one or more fraud prevention actions results in an improved invention because applying said technique allows the system to identify fraud quickly and take action to prevent fraud from actually occurring, thus improving the overall security of the invention. 11. Regarding claim 4, Yavilevich discloses wherein the search history data comprises one or more of a name of a webpage, a type of webpage, an order of webpages, a total amount of search time, a time period between webpage searches, metadata associated with the user device, or combinations thereof, (and Column 5/line 30, The pan/zoom data set includes the size of the web page downloaded to the user device; the size of a visible area on the client device 101 at any given moment (hereinafter “viewport”); the position of each viewport (e.g., position of scroll bars); a time period for which each viewport was active; and a layout in which the browser 102 attempted to render the web page. Using the pan/zoom data set, a rectangular area that was visible on the client device 101 at every given moment can be determined. The position data can be represented using x, y coordinates of the viewport. To gather the pan/zoom data set, events including, for example, load, unload, scroll, resize, mousemove, mousedown, mouseup, click, keydown, keypress, keyup, paste, mouseleave, mouseenter, activate, deactivate, focus, blur, select, selectstart, submit, error, abort, and so on are monitored and recorded by the tracking code. In a preferred embodiment, when the tracking code is executed by a handled device having a touch screen display, events, such as orientationchange, touchstart, touchmove, and touchend are recorded and monitored.) 12. Regarding claims 5 and 19, Yavilevich discloses wherein the searching session is based on one or more of browsing time, number of clicks, number of webpages visited, or combinations thereof, (Column 2/line 41, a method for monitoring and tracking browsing activity of a user on a client device. The method comprises receiving, from the client device, browsing activity information of a user interacting with at least a page displayed over the client device, wherein the client device is at least a handheld device having a touch screen display; receiving, from the client device, page information identifying in part the page displayed over the client device; and generating based on the browsing activity information and the page information an exposure map at a page view level, wherein the exposure map indicates a salience of each area of a page-view respective of the page displayed over the client device and visited by the user.; and Column 1/line 40, Data is compiled, and reports are generated on demand or are delivered from time to time via email to display information about web server activity, such as the most popular page by number of visits, peak hours of website activity, most popular entry page, and so on. Alternatively data is logged on the web server that is being monitored and the logs are transferred to another computer, where they are compiled and analyzed.; and Column 5/line 30, The pan/zoom data set includes the size of the web page downloaded to the user device; the size of a visible area on the client device 101 at any given moment (hereinafter “viewport”); the position of each viewport (e.g., position of scroll bars); a time period for which each viewport was active; and a layout in which the browser 102 attempted to render the web page. Using the pan/zoom data set, a rectangular area that was visible on the client device 101 at every given moment can be determined. The position data can be represented using x, y coordinates of the viewport. To gather the pan/zoom data set, events including, for example, load, unload, scroll, resize, mousemove, mousedown, mouseup, click, keydown, keypress, keyup, paste, mouseleave, mouseenter, activate, deactivate, focus, blur, select, selectstart, submit, error, abort, and so on are monitored and recorded by the tracking code. In a preferred embodiment, when the tracking code is executed by a handled device having a touch screen display, events, such as orientationchange, touchstart, touchmove, and touchend are recorded and monitored.) 13. Regarding claim 6, Yavilevich discloses wherein the searching session path comprises one or more steps the user has taken to navigate to the webpage, (Column 5/line 1, the tracking code waits for user activities and in response to these activities compresses and buffers the collected user activity information, and selectively transmits the compressed user activity information. The compression and buffering reduces the bandwidth and overhead associated with the transmission of the user activity information over the network 110.…during the recording of the pageview session, the tracking code listens to events generated by the browser 102 and determines for each event if the event should be collected or if it should trigger the collection of data. Specifically, two sets of data are collected during a pageview session, (i.e., an interaction of a user within the web page): the pan/zoom data set and the element data set. The pan/zoom data set relates to pan/zoom operations and the element data set relates to elements of the web page. The pan/zoom data set includes the size of the web page downloaded to the user device; the size of a visible area on the client device 101 at any given moment (hereinafter “viewport”); the position of each viewport (e.g., position of scroll bars); a time period for which each viewport was active; and a layout in which the browser 102 attempted to render the web page. Using the pan/zoom data set, a rectangular area that was visible on the client device 101 at every given moment can be determined. The position data can be represented using x, y coordinates of the viewport. To gather the pan/zoom data set, events including, for example, load, unload, scroll, resize, mousemove, mousedown, mouseup, click, keydown, keypress, keyup, paste, mouseleave, mouseenter, activate, deactivate, focus, blur, select, selectstart, submit, error, abort, and so on are monitored and recorded by the tracking code. In a preferred embodiment, when the tracking code is executed by a handled device having a touch screen display, events, such as orientationchange, touchstart, touchmove, and touchend are recorded and monitored.) 14. Regarding claim 10, Yavilevich does not explicitly disclose wherein the MLM is trained via federated learning. However, Bercich teaches wherein the MLM is trained via federated learning, (Column 1/line 34, The invention relates to the field of “federated learning” and its use in conjunction with machine learning models to detect illicit financial crime behaviors including but not limited to money laundering. In particular, the invention relates to the use of “federated learning” in the process of model training and inference and the use of machine learning more generally.) One of ordinary skill in the art would have recognized that applying the known technique of Bercich to the known invention of Yavilevich would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such fraud prevention into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the system to include wherein the MLM is trained via federated learning results in an improved invention because applying said technique ensures that there is automatic detection of patterns using the user’s transaction history and behaviors to allow the system to improve fraud detection, thus improving the overall security of the invention 15. Regarding claim 11, Yavilevich does not explicitly disclose wherein the instructions are further configured to cause the system to: responsive to determining the likelihood does not exceed the predetermined threshold, authorize the transaction. However, Bercich teaches wherein the instructions are further configured to cause the system to: responsive to determining the likelihood does not exceed the predetermined threshold, authorize the transaction, (Column 8/line 6, The one or more processors 102 can also be programmed to set a threshold for a total number of training cycles and to stop the training of the neural network at step 408 in response to the number of training cycles exceeding the threshold. The one or more processors 102 can also be programmed to set a threshold as a function of a loss plane of the output vector reconstruction error and stop the training of the neural network at step 410 in response to the output vector reconstruction error being less than the threshold.). One of ordinary skill in the art would have recognized that applying the known technique of Bercich to the known invention of Yavilevich would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such fraud prevention into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the system to include wherein the instructions are further configured to cause the system to: responsive to determining the likelihood does not exceed the predetermined threshold, authorize the transaction results in an improved invention because applying said technique allows the system to identify fraud quickly and take action to prevent fraud from actually occurring, thus improving the overall security of the invention. 16. Regarding claim 14, Yavilevich does not explicitly disclose wherein the MLM is trained to identify one or more correlations between the search history data, the searching session path, and/or the data to determine the likelihood of fraud. However, Bercich teaches wherein the MLM is trained to identify one or more correlations between the search history data, the searching session path, and/or the data to determine the likelihood of fraud, (Column 4/line 21, autoencoder system can maintain anonymity and preserve the relational content between and among PII data while still encoding it in a safe manner. Therefore, the data can still be used for network analysis, deduplication efforts and can generally serve as an input into machine-learning models to detect complex patterns whose accuracy and veracity is enhanced by the inclusion of this encoded PII data in the analysis. Business and research areas alike should be able to utilize this encoded data for analysis, without having to have access to the original data. This is especially applicable in (but not restricted to) the financial sector for the purposes of fraud detection and anti-money laundering efforts, and in the healthcare sectors, allowing third party providers and researchers to work with a more complete dataset than ever before without revealing any actual PII data.; and Column 15/line 42, The data utilized in the methods of the invention include, but are not limited to, data regarding identity… credit data (e.g., household income, credit history and/or credit score); financial data (e.g., income sources, income amounts, assets, tax records, loan information, loan history, loan repayments, banking history, banking transactions, financial institutions involved in such transactions, transaction locations, mortgage information, mortgage history, account balances, number of accounts, counterparty information, fraud activity, and/or fraud alerts); and insurance information (e.g. insurance claims, insurance policies, and/or insurance payments received)…analyzing data of entities in various sectors including, but not limited to, compliance for banks or other financial institutions, securities investigations, investigations of counterfeiting, illicit trade, or contraband, compliance regarding technology payments, regulatory investigations, healthcare, life sciences, pharmaceuticals, social networking, online or social media marketing, marketing analytics and agencies, urban planning, political campaigns, insurance analytics, real estate analytics, education, tax compliance and government analytics. One of ordinary skill in the art would have recognized that applying the known technique of Bercich to the known invention of Yavilevich would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such fraud prevention into a similar invention. Further, it would have wherein the MLM is trained to identify one or more correlations between the search history data, the searching session path, and/or the data to determine the likelihood of fraud results in an improved invention because applying said technique allows the system to identify fraud quickly and take action to prevent fraud from actually occurring, thus improving the overall security of the invention. 17. Regarding claim 15, Yavilevich discloses wherein the instructions are further configured to: identify, using a web browser extension, that the user has navigated to the webpage on the user device, wherein retrieving the search history data and identifying the searching session path are responsive to identifying that the user has navigated to the webpage, (Column 4/line 17, The client device 101 may be, but is not limited to, a smart phone, a tablet computer, a personal computer, a laptop computer, a netbook computer, an electronic reader, and the like. The browser 102 may be any web browser, such as Safari®, Firefox®, Internet Explorer®, Chrome®, and the like. The processor of the client device 101 runs an operating system that may include iOS®, Android®, Unix®, Windows®, and the like. The mobile application 103 may be any application that is executable over the client device 101 and/or an extension of the browser 102. The mobile application 103 is typically downloaded from a central repository 140 which may, e.g., AppStore® by Apple Computers®, Google® Play®, and the like…accordance with one embodiment, the user activity information is collected through a recording process performed by using a tracking code. The tracking code may be realized as a script, e.g., a Javascript embedded in a web page downloaded to the client device 101. The tracking code may also be embedded in a mobile application downloaded and installed in the client the device 101. It should be noted that the tracking code is seamlessly incorporated and executed in the client device 101. In one embodiment, the tracking code may start its execution automatically. Alternatively, the code may wait for an instruction from some other piece of script in the web page or the mobile application 103. The tracking code can decide whether to track activities of a user or not. Such a decision can be responsive to one or more predefined parameters, a result of a random process, or a combination thereof. The predefined parameters may include, for example, a page URL, a referring page URL, an IP address, a time zone, a browser type, whether the user is a returning user (to the web page and/or to the web site), a specific user action, and the like. A user of the client device 101 can visit a web site that includes one or more web pages. While a web page is displayed in the browser 102, the user can perform various activities that are monitored by the tracking code. The interaction of a user within one web page is referred to as a “pageview session.”) 18. Regarding claim 21, Yavilevich does not explicitly disclose wherein the MLM is a federated model configured to dynamically receive searching data of the user via the user device for retraining. However, Bercich teaches wherein the MLM is a federated model configured to dynamically receive searching data of the user via the user device for retraining, (Column 1/line 34, The invention relates to the field of “federated learning” and its use in conjunction with machine learning models to detect illicit financial crime behaviors including but not limited to money laundering. In particular, the invention relates to the use of “federated learning” in the process of model training and inference and the use of machine learning more generally.; and Column 3/line 11, Each entity is assigned a model for individual behaviors (e.g. for money laundering) so that complex nuances and differences across entities can be learned by the model, thus optimizing the model's suitability for detection in that entity. This also ensures that model accuracy is not eroded by cross training which would result in the generalization of inference such that the important structural differences between entities would be disregarded. Models for a specific behavior have the same architectural properties across all entities and are re-trained using the specific entity's data and feedback…The information that is extracted through this mathematically explains how the models' weights have changed alter being re-trained using their own feedback data. These scores, technically referred to as feature importance differential values, are then inputted into a supra deep learning neural network, which sits on top of all models concerning this behavior. The scores extracted from each entity are aggregated, as all entities will update their models based on insight learnt from the behavior of their clients. This aggregation of their differential scores is then combined with the weights of a single entity's neural network model, and then inputted into a supra neural network. This supra neural network is specifically trained offline to extract information from these differential scores which is then used to update the entity's neural weights, essentially shifting the entity's weights in a way that integrates both feedback learnt from their individual clients and information from the other entities' partial derivative scores, which implicitly impound information about those entities' feedback and contextual situation, whilst still preserving each entity's model specificity and without sharing any raw client data.) One of ordinary skill in the art would have recognized that applying the known technique of Bercich to the known invention of Yavilevich would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such fraud prevention into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the system to include wherein the MLM is a federated model configured to dynamically receive searching data of the user via the user device for retraining results in an improved invention because applying said technique ensures that there is the model is continuously retrained on the user’s device, thus improving the overall performance of the invention. Claims 7, 8, 12, and 16, are rejected under 35 U.S.C. 103 as being unpatentable over Yavilevich et al. (US 10063645), in view of Bercich et. al (US 12045716 B2), in view of Adjaoute et al. (US 10019744 B2), and further in view of Moreton et al.( US 20240070646 A1). 20. Regarding claim 7, Yavilevich does not explicitly disclose wherein the data comprises a virtual card number (VCN). However, Moreton teaches wherein the data comprises a virtual card number (VCN), (Para. 0026, As discussed above, a need exists to generate a VCN with the last 4 digits (or other suitable trailing quantity of digits, in other embodiments) matching the last 4 digits of the PAN. This solves the problem of customers' confusion at checkout because the last 4 digits that display in the checkout form match the customers' expectations (by matching the last 4 digits of the PAN). The customer gets the best of both worlds—the security of using VCNs to prevent theft and the simultaneous, easy identification of their account. With this enhancement in place, a provider may design and deploy a browser extension or other programmatic construct that allow customers to use VCNs automatically, effortlessly, and seamlessly. This approach offers all the security of VCNs, but to the customer appears only to use the familiar PAN. While the foregoing describes a last 4 digits, other implementations expose less or more digits. The below disclosure may reference to the last X digits of a PAN or VCN as a trailing identifier having a trailing quantity of digits.) One of ordinary skill in the art would have recognized that applying the known technique of Moreton to the known invention of Yavilevich would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such fraud prevention into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the system to include determine, using a machine learning model (MLM) and based on the search history data and the searching session path, a likelihood of fraud associated with the data results in an improved invention because applying said technique ensures that there is automatic detection of patterns using the user’s transaction history to allow the system to recognize and conduct more fraud prevention actions, thus improving the overall security of the invention. 21. Regarding claims 8, 12, and 16, Yavilevich does not explicitly disclose wherein the one or more fraud prevention actions comprise one or more of: causing the user device to display, via a graphical user interface (GUI), a first notification, transmitting a first prompt to the user device requesting the user enter a primary card number associated with the VCN, transmitting a second prompt to the user device requesting the user generate a new VCN, transmitting an authentication request to a secondary device associated with the user, modifying a spending limit associated with the VCN, or combinations thereof. However, Moreton teaches wherein the one or more fraud prevention actions comprise one or more of: causing the user device to display, via a graphical user interface (GUI), a first notification, transmitting a first prompt to the user device requesting the user enter a primary card number associated with the VCN, transmitting a second prompt to the user device requesting the user generate a new VCN, transmitting an authentication request to a secondary device associated with the user, modifying a spending limit associated with the VCN, or combinations thereof, (Para. 0060-0061, Generating agent 300A includes VCN 302, virtual card CVV 304, virtual card expiration date 306, linked PAN 308, and issuer 310. Generating agent 300A may be operate as part of browser extension 107,…VCN 302, generated by creation module 142 and displayed in generating agent 300A, takes the same form as PAN 202. In one embodiment, VCN 302 is a 16-digit number. In other embodiments, VCN 302 otherwise matches the length and format of PAN 202. Subsequently, a customer may provide VCN 302 to a merchant and incur an expense against credit card 104. In this fashion, VCN 302 provides a secure mechanism of transaction against an account without exposing PAN 202. VCN 302 may be created by user 102 using financial service provider system 110 or VCN 302 may be created by browser extension 107, which automatically recognizes that user 102 is on a webpage of merchant 108 having a credit card field. In some embodiments, user 102 may provide VCN 302 to merchant 108 in person, over the phone, or using any other suitable approach. FIG. 3A illustrates that the last 4 digits of VCN 302 match the last 4 digits of PAN 202; and Para. 0130-0132, In 802, VCN component 130 may allow user 102 to specify a merchant-specific control to with a VCN. The merchant-specific control may identify a limitation that restricts the use of the VCN. For example, a merchant-specific control may be a spending limit, and any transactions that exceed the spending limit may be rejected by financial service provider system without attempting to process the transaction. Other examples of merchant may be a limit on the number of charges, date/time limitations, and other suitable controls. In 804, VCN component 130 may associate the merchant-specific control with an existing VCN. VCN component 130 may store appropriate information in storage 138 for use in the later processing of transactions that use the VCN and the merchant-specific control entered in 802. In 806, VCN component 130 may apply merchant binding in response to a transaction using the VCN. Merchant-binding may verify that the transaction is being applied to the appropriate merchant. If a VCN is associated with “merchant A” and the transaction involves “merchant B,” the transaction may be denied. VCN component may also verify that the transaction is valid by examining the merchant-specific controls provided by user 102 in 802. For example, if a spending limit has been applied and the transaction has a price in excess of the spending limit, then the charge may be denied.) One of ordinary skill in the art would have recognized that applying the known technique of Moreton to the known invention of Yavilevich as modified would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such fraud prevention into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the system to include determine, using a machine learning model (MLM) and based on the search history data and the searching session path, a likelihood of fraud associated with the data results in an improved invention because applying said technique ensures that there is automatic detection of patterns using the user’s transaction history to allow the system to recognize and conduct more fraud prevention actions, thus improving the overall security of the invention. Claims 9, 13, and 17, are rejected under 35 U.S.C. 103 as being unpatentable over Yavilevich et al. (US 10063645), in view of Bercich et. al (US 12045716 B2), in view of Adjaoute et al. (US 10019744 B2), and further in view of Banerjee et al.( US 20100186088 A1). Regarding claims 9, 13, and 17, Yavilevich does not explicitly disclose wherein the one or more fraud prevention actions comprise one or more of: redirecting the user to a new tab on the webpage, modifying a GUI of the webpage by changing a placement of one or more user input objects, redirecting one or more second users around the webpage, or combinations thereof. However, Banerjee teaches wherein the one or more fraud prevention actions comprise one or more of: redirecting the user to a new tab on the webpage, modifying a GUI of the webpage by changing a placement of one or more user input objects, redirecting one or more second users around the webpage, or combinations thereof, (Para. 0004, A method and system for automated identification of phishing, phony, and malicious web sites are disclosed. According to one embodiment, a computer implemented method, comprises receiving a first input, the first input including a universal resource locator (URL) for a webpage. A second input is received, the second input including feedback information related to the webpage, the feedback information including an indication designating the webpage as safe or unsafe. A third input is received from a database, the third input including reputation information related to the webpage. Data is extracted from the webpage. A safety status is determined for the webpage, including whether the webpage is hazardous by using a threat score for the webpage and the second input, wherein calculating the threat score includes analyzing the extracted data from the webpage. The safety status for the webpage is reported.; and Para. 0025, The present system includes multiple software modules that work in parallel and cooperatively to classify websites according to their characteristics. The characteristics include those of undesirability, vulnerability to being hacked, and threat level. Based on the information, the web-surfer can make an informed decision so as to avoid potentially harmful websites, while a web-site owner can take action to sanitize the web-site. Each module of the present system analyzes features of a website and generates a threat report or score. The threat reports are collected and a weighted score is computed from the individual scores. The feedback is returned to the user of the proposed system at the appropriate level in a customizable way. For example, the threat level can be an easy to understand visual cue, such as a colored button, for a web-surfer, or it can be a detailed report identifying the specifics of the threat for a web-site owner, or identifying an unsafe web advertisement.) One of ordinary skill in the art would have recognized that applying the known technique of Banerjee to the known invention of Yavilevich as modified would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such fraud prevention into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the system to include wherein the one or more fraud prevention actions comprise one or more of: redirecting the user to a new tab on the webpage, modifying a GUI of the webpage by changing a placement of one or more user input objects, redirecting one or more second users around the webpage, or combinations thereof results in an improved invention because applying said technique ensures that the system detects fraudulent activity, thus improving the overall security of the invention. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Systems and Methods for Using Browser History in Online Fraud Detection (US 20170169431 A1) teaches fraud detection computing device for using browser history to detect fraudulent online cardholder activity is provided. The fraud detection computing device includes one or more processors in communication with one or more memory devices. The fraud detection computing device is configured to receive, from an interchange network, an authorization request message, identify a device identifier associated with the cardholder computing device, authenticate that the device identifier is associated with the first cardholder account, retrieve a plurality of user browser history based on the device identifier, analyze the plurality of user browser history to determine a plurality of expected pending transactions, determine whether the payment card transaction is included within the plurality of expected pending transactions, and respond to the authorization request message based at least in part on whether the payment card transaction is included within the plurality of expected pending transactions. In addition to the foregoing, other aspects are described in the claims, drawings, and text. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Davida L. King whose telephone number is (571) 272-4724. The examiner can normally be reached M-F 8am-5pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on (571) 270-1492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /D.L.K./Examiner, Art Unit 3699