GENERATING CUSTOMIZED AUTHENTICATION QUESTIONS FOR AUTOMATED VISHING DETECTION

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendment 1. This in response to amendment filed 11/25/2025. Claim 21 has been added. Claim 6 has been canceled. Claims 1, 2, 5, 8, 10, 11, 13, 14 and 20 have been amended. Claims 1-5 and 7-21 are now pending in this application. Claim Rejections - 35 USC § 103 2. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claims 1-5 and 7-21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nygate et al. (Pub.No.: 2020/0074054 A1) in view of Algard et al. (Pub.No.: 2018/0176372 A1) and further in view of Halferty et al. (US PAT # 8,737,581 B1). Regarding claims 1, 17 and 20, Nygate teaches a computing platform, a method and a non-transitory computer-readable media comprising: at least one processor (see [0008]); a communication interface communicatively coupled to the at least one processor (see [0008]); and memory storing computer-readable instructions that, when executed by the at least one processor (see [0009]), cause the computing platform to: train, using historical call information, an identity verification model, wherein training the identity verification model configures the identity verification model to identify, for an initiated call between a first individual and a second individual, one or more authentication questions to validate an identity of the first individual (reads on predictive model to map relationships among KBA question topics, subject characteristics, and a corresponding pass/fail rate of answers received from subjects for improving the efficacy of the KBA question. In certain example implementations, the decision tree may be used as predictive modeling approach for data mining, machine learning, and/or to determine statistics regarding the KBA question(s), see [0047-009]); input, into the identity verification model and while the first call is paused, information of one or more of: the first call, the first individual, or the second individual, wherein inputting the information causes the identity verification model to output the one or more authentication questions (Note that KBA question may be based on derived data from the retrieved information. For example, a public record source may be utilized to retrieve an address of the subject, and then geospatial data may be utilized to find business around the address to generate a KBA question, see [0044-0046] and [0021]); wherein outputting the one or more authentication questions comprises outputting a sequence of at least two authentication questions, wherein the at least two authentication questions are configured to be presented in the sequence and increase in specificity as the sequence progresses (reads on two question topics are used for the KBA question: pet name or favorite color; and for which only two characteristics about the subject are collected: gender and age. After the decision tree learning period is completed for data collected on a given population of subjects, the “pet name” and “favorite color” (topics) KBA questions may be analyzed for correlation with gender and age (subject characteristics) to determine a probability for passing. Table 6 summarizes the metrics for the pet name KBA question, and Table 7 summarizes the metrics for the favorite color KBA question, see Nygate [0032]); send, while the first call is paused and to a user device of the first individual, the one or more authentication questions and one or more commands directing the user device of the first individual to present the one or more authentication questions, wherein sending the one or more commands directing the user device of the first individual to present the one or more authentication questions causes the user device of the first individual to output the one or more authentication questions (reads on sending, for display on a first computing device associated with the subject, the at least one KBA identity proofing question, see [0099] and step 612 as shown in Fig. 6); receive, while the first call is paused and from the user device of the first individual, authentication information comprising responses to the one or more authentication questions (reads on receiving a response answer, step 614 as shown in Fig. 6 and [0099]); validate, while the first call is paused, the authentication information (reads on sending, for display on the first computing device associated with the subject, and responsive to a match between the response answer and the personally identifiable correct answer, a first indication of authentication in step 616 as shown in Fig. 6 and [0099]); and based on successful validation of the authentication information, cause the first call to resume (inherently taught after step 616 and once the authentication is performed). Nygate features already addressed in the rejection of claims 1, 17 and 20. Nygate does not specifically teach “detect a first call between the first individual and the second individual, wherein the first individual comprises one of: an employee of an enterprise or an impersonator of the employee of the enterprise” as recited in claims 1, 17 and 20. However, Algard teaches verification generation module 218 generates verification messages including at least some of the supplemental information received in verification request messages and, optionally, enhanced information produced by the enhancement module 216. A verification message indicates that an associated communication placed via the telephone network 105 is verified as from a legitimate calling party 110. A verification message may also include additional information about the communication, such as information describing the purpose of the communication, an image associated with the calling party 110, and/or a sponsored message from the calling party 110. For example, a verification message may include the text string “Verified call from Bank ABC,” indicating that a telephone call from a particular calling party 110 (“Bank ABC”) is legitimately from the identified calling party 110 (see [0034, 0041 and 0021]). Nygate also does not specifically teach “temporarily pause the first call” as recited in claims 1, 17 and 20. However, Halferty teaches controlling real-time participation in a teleconference call, for example, at a step 416, a pause command is received, which indicates a desire to suspend real-time participation in a teleconference call and which begins a pause process. As previously mentioned, an embodiment of our technology allows a user to pause a live teleconference call. When the pause process is instantiated, such as by selecting button 336, then recording the current conversation continues but the user by way of device 300 is no longer engaged in real-time participation. For example, at a step 416a, communications device 300 continues to record the real-time inbound audio but prevents it from being presented via the speaker 310 of communications device 300 until a resume request is received. In this way, real-time outbound audio is prevented from being communicated to the other call participants at a step 416b. The pause process includes an ability to resume the call at will. Thus, at a step 416C, application 314 enables a resume option that allows the user of device 300 to rejoin the call. This can be activated by receiving the resume request, which, when received re-enables communication of real-time inbound and real-time outbound audio (see col. 5 line 9 through col. 6, line 5 and Fig. 4). Thus, it would have been obvious to one of ordinary skill in the art to incorporate the feature of generic out-of-band verification, providing more adaptive/fraud-resistant validation, as taught by Algard and the feature of pausing a call and resuming the call at will as taught by Halferty into the Nygate model-based authentication question generation system to strengthen fraud detection in live telephony scenarios (e.g., ensuring the call proceeds only after successful validation), a well-recognized problem, by combining known solutions (ML-based KBA, out-of-band call verification, and call suspension until validation). The combination yields predictable results: more reliable caller authentication and mitigation of vishing risk. Regarding claims 2 and 18 the combination of Nygate, Algard and Halferty teaches wherein the historical call information comprises one or more of: employee information corresponding to the first individual, enterprise information corresponding to the enterprise, customer information corresponding to the second individual, account information corresponding to the second individual (see Nygate [0039]) and details of historical calls between the second individual and the enterprise (see Nygate [0039]). Regarding claims 3 and 19, the combination of Nygate, Algard and Halferty teaches wherein the details of the historical calls between the second individual and the enterprise comprise transcripts of the historical calls (see Halferty, col. 3, lines 32-36). Regarding claim 4, the combination of Nygate, Algard and Halferty teaches wherein the one or more authentication questions further comprise one or more personalized questions for the first individual (see Nygate [0021 and 0090]). Regarding claim 5, the combination of Nygate, Algard and Halferty teaches wherein the one or more authentication questions prompt the first individual to verify one or more of: employee information corresponding to the first individual, enterprise information corresponding to the enterprise, customer information corresponding to the second individual, account information corresponding to the second individual (see Nygate [0039]) and details of historical calls between the second individual and the enterprise (see Nygate [0039]). Regarding claim 7, the combination of Nygate, Algard and Halferty teaches wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, further cause the computing platform to: send, to a user device of the second individual and prior to sending the one or more authentication questions to the user device of the first individual, the one or more authentication questions and a request to confirm the one or more authentication questions (see Nygate [0072]). Regarding claim 8, the combination of Nygate, Algard and Halferty teaches wherein the request to confirm the one or more authentication questions comprises a request to confirm one or more of: the one or more authentication questions are accurate measures for validating an identity of the first individual (reads on social security number (SSN) can be checked to determine if it is valid or not see Nygate [0095-0096]), and responses to the one or more authentication questions that may be used to validate the authentication information (reads on question/answer pairs may be stored by the host and used later to verify the person's identity, see [0037]). Regarding claim 9, the combination of Nygate, Algard and Halferty teaches wherein the first call is initiated by one of: the first individual or the second individual (see vendor and/or client in Fig. 3 and Fig. 4 with corresponding texts in Nygate). Regarding claim 10, the combination of Nygate, Algard and Halferty teaches wherein presenting the one or more authentication questions comprises: causing the one or more authentication questions to be presented, at the user device of the first individual, as an audio output (the verification presentation module 316 may also present the result of the verification using other techniques, such as by presenting an image, an audio cue (e.g., a ringtone) , see Algard [0043]). Regarding claim 11, the combination of Nygate, Algard and Halferty teaches wherein receiving the authentication information comprises receiving: a user input via a graphical user interface of the user device of the first individual, wherein the user input comprises: a selection of a user interface element corresponding to the authentication information (see Nygate [0073] and [0078]), a natural language input in a text input field (see Nygate [0073]), and a voice input corresponding to the authentication information (see Nygate [0073]). Regarding claim 12, the combination of Nygate, Algard and Halferty teaches wherein validating the authentication information comprises comparing the authentication information to known valid responses to the authentication questions (see Nygate [0095-0096]). Regarding claim 13, the combination of Nygate, Algard and Halferty teaches wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, further cause the computing platform to: based on failing to successfully validate the authentication information: identify that the first individual is an impersonator, terminate the first call, and initiate a plurality of security actions (reads on the subject 302 may be presented with other options or instructions to validate his or her identity, see Nygate [0059]). Regarding claim 14, the combination of Nygate, Algard and Halferty teaches wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, further cause the computing platform to: update, using a dynamic feedback loop and based on the one or more authentication questions (reads on refining the predictive model based on the match or a mismatch between the response answer and the personally identifiable correct answer. Certain example implementations may include refining the predictive model based on a history of matches between the response answer and the personally identifiable correct answer to produce KBA identity proofing questions that increase the probability of a match. In certain example implementations, refining the predictive model can include applying decision tree learning, see [100]), the authentication information, the information of the first individual, the information of the second individual, and the information of the first call (reads on predictive model to map relationships among KBA question topics, subject characteristics, and a corresponding pass/fail rate of answers received from subjects for improving the efficacy of the KBA question. In certain example implementations, the decision tree may be used as predictive modeling approach for data mining, machine learning, and/or to determine statistics regarding the KBA question(s), see Nygate [0047-009]), the identity verification model reads on predictive model to map relationships among KBA question topics, subject characteristics, and a corresponding pass/fail rate of answers received from subjects for improving the efficacy of the KBA question. In certain example implementations, the decision tree may be used as predictive modeling approach for data mining, machine learning, and/or to determine statistics regarding the KBA question(s), see Nygate [0047-009]. Regarding claim 15, the combination of Nygate, Algard and Halferty teaches wherein updating the identity verification model causes the identity verification model to perform one or more of: adding new authentication questions or removing the one or more authentication questions based on receiving consensus information from a plurality of individuals indicating that the one or more authentication questions resulted in one of: a false positive validation or a false negative validation (see Nygate [0037]). Regarding claim 21, the combination of Nygate, Algard and Halferty teaches wherein presenting the at least two authentication questions in the sequence and increasing the specificity as the sequence progresses comprises: initially presenting a first authentication question specific to an enterprise organization as a whole (see Nygate [0039]-[0043]), presenting, after presenting the first authentication question, a second authentication question specific to an employee of the enterprise organization (reads on two question topics are used for the KBA question: pet name or favorite color; and for which only two characteristics about the subject are collected: gender and age. After the decision tree learning period is completed for data collected on a given population of subjects, the “pet name” and “favorite color” (topics) KBA questions may be analyzed for correlation with gender and age (subject characteristics) to determine a probability for passing. Table 6 summarizes the metrics for the pet name KBA question, and Table 7 summarizes the metrics for the favorite color KBA question, see Nygate [0032]), and presenting, after presenting the second authentication question, a third authentication question specific to a prior interaction of the employee with a client (reads on the use of historical interaction data including prior communications or interactions between individuals and the enterprise, as a basis for authentication, see Nygate [0039] and Halferty, col. 3, lines 32-36). Response to Arguments 3. Applicant's arguments filed 11/25/2025 have been fully considered but they are not persuasive. Regarding Applicant’s arguments for independent claims 1, 17 and 20, the Examiner believes that the combination of prior arts teaches presenting multiple authentication questions based on information associated with a user, including personal information and prior interactions (Nygate [0032] and [0039] and Halferty). Presenting multiple authentication questions necessarily requires presenting the questions in a sequence during an authentication session. Further, the applied references teach authentication questions derived from different types of information, including user-related information and prior interaction data, arranging such questions so that the sequence progresses from broader information to more specific information represents an obvious implementation to improve identity verification. Therefore, the combination teaches or renders obvious presenting authentication questions in a sequence with increasing specificity. Examiner revied Applicant’s arguments for all other claims and have found that Applicant’s either arguing certain limitations invaluably and not considering the applied 103 rejection as a whole or arguing certain limitation after amending the claims language (e.g., and details of historical calls as in claim 5), however the Examiner believes that such arguments and changes still taught and suggested by the presented combination of prior arts of record. Conclusion 4. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 5. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Rasha S. AL-Aubaidi whose telephone number is (571) 272-7481. The examiner can normally be reached on Monday-Friday from 8:30 am to 5:30 pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Ahmad Matar, can be reached on (571) 272-7488. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). /RASHA S AL AUBAIDI/Primary Examiner, Art Unit 2693