DETAILED ACTION
This is office action on the merits in response to the application filed on 07/03/2025.
Claims 1-28 have been filed by the applicant.
Claims 9-16 are were previously canceled.
Claims 5 and 25 are presently canceled.
Claims 1, 4, 6, 17-19, 21, 24 and 26 are currently amended.
Claims 1-4, 6-8, 17-24 and 26-28 are currently pending and have been examined.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
Claim 17 recites repeated language “based on detecting the first communication, implement, based on detecting the first communication. Appropriate correction is required.
Response to Argument
Rejection under 101:
The examiner believes the claims now recite practical application to train machine learning model and using the trained model to detect attack. 101 rejection is withdrawn.
Rejection under 103:
The examiner agrees the previous cited prior arts do not specifically disclose the feature of adjusting weight of machine learning model. New prior art is provided, see 103 rejections below.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 1-4 and 21-24 is/are rejected under 35 U.S.C. 103 as being unpatentable over Stolarz (US 20180097841 A1), and further in view of Hernandez (US 11922495 B1) and Varadarajan (US 20110276495 A1).
With respect to claim 1 and 21:
Stolarz teaches (in italic):
detecting, by a computing device monitoring one or more communication channels and using a first machine learning model trained to identify social engineering attack to one or more users. (social engineering attack defense process 10 may identify 300 potential social engineering activity associated with one or more communications on a first communication channel of a plurality of communication channels. The machine learning process may analyze large numbers of communications, such as any or all communications that are passed into and out of an enterprise in any form. For example, social engineering attack defense process 10 may identify 300 potential social engineering activity within a text messaging communication session between user 46 and a third party. [0123, 0153-0154 0161-0162])
based on detecting the first communication, implementing at least one remedial action for the one or more users impacted by the social engineering attack. (For example, social engineering attack defense process 10 may identify 300 potential social engineering activity within a text messaging communication session between user 46 and a third party. Social engineering attack defense process 10 may perform 320 the action of automatically connecting 330 user 52 to the text messaging session. If the text message session is determined to be a malicious social engineering attack, social engineering attack defense process 10 may take various actions including terminating the text message session. [0149 0153-0154])
based on the transaction request indicating the fraudulent transaction, sending, […]. (If the text message session is determined to be a malicious social engineering attack, social engineering attack defense process 10 may take various actions including terminating the text message session. [0149 0153-0154])
Stolarz does not explicitly teach the following limitations. However,
Hernandez teaches:
based on the at least one remedial action, adjusting by the computing device, at least one weight associated with a second machine learning model trained to detect suspicious activity, wherein adjusting the at least one weight modifies a fraud detection threshold of the second machine learning model. (For instance, the service provider may train and utilize a machine-learned model that receives, as input, the reason(s) for denial and outputs which actions are likely to increase a chance of approval for subsequent lending queries. This model may be trained on previous loan denials and subsequent loan approvals, such that the model “learns” over time which actions taken by a user increase the likelihood of receiving favorable lending decisions. These recommendations, which in some examples can be actionable, may cause modifications to risk metrics used in lending decisions. In addition, lending decisions and associated context can be used to modify or improve machine trained models in some instances. [Col 18:67-Col 19:8, Col 19:39-44])
receiving, from a merchant, a transaction request associated with a first user impacted by the social engineering attack; determining, using the second machine learning model with the at least one adjusted weight, the transaction request indicates a fraudulent transaction. (By training the model, the model may now be configured to receive input signals associated with new lending queries and generate, as output, an indication that a lending query is approved or an indication that the lending query is denied and one or more reasons for the denial. [Col 16:60-65])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system as disclosed by Stolarz to adjust machine learning model to detect future transactions with the technique as disclosed by Hernandez to increase the chances of success transaction as Hernandez suggested in Abstract.
Stolarz in view of Hernandez does not explicitly teach the following limitations. However,
Varadarajan teaches:
[…] sending, to a first device associated with the first user, authentication parameters. (The issuer server may send the OTP to at least the user to use in settling the transaction 360. The issuer server can send the OTP to the authentication server 339 as part of the authentication of the user, or the issuer server can send the OTP to the authentication server as a later part of the transaction (not shown). [0046])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system as disclosed by Stolarz in view of Hernandez to sending authentication parameter to user with the technique as disclosed by Varadarajan to enhance security as Varadarajan suggested [0029].
Claim 21, a device with the same scope as claim 1, is rejected.
With respect to claim 2 and 22:
Varadarajan further teaches wherein the authentication parameters comprise a one-time code, wherein the method further comprises: receiving, from the merchant, the one-time code; based on receiving the one-time code from the merchant, authorizing the transaction. (The user may also receive the OTP from the user device 710. After receiving the OTP from the user device, the user may pass the OTP to the merchant 715. After receiving the account number and the OTP, the merchant may immediately transmit the data to another party to authorize the transaction 720, or the merchant may wait to transmit the data until later, possibly as part of a batch of transactions (not shown). [0056])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system to authenticate user using OTP with the technique as disclosed by Varadarajan to enhance security as Varadarajan suggested [0029].
Claim 22, a device with the same scope as claim 2, is rejected.
With respect to claim 3 and 23:
Stolarz further teaches providing, to a generative artificial intelligence model, a prompt to generate one or more second communications associated with social engineering attacks; receiving, based on the prompt, the one or more second communications associated with social engineering attacks; and inputting the one or more second communications associated with social engineering attacks to the machine learning model to train the machine learning model to identify social engineering attacks. (The threshold score may be generated based upon, at least in part, machine learning from the respective historical score. The threshold score may be updated based upon, at least in part, one or more temporal factors. At least one of the first current score and the second current score may be a weighted score and/or may be a normalized score. This method may also include the determination of a pattern between at least a portion of the plurality of communication channels and may further include using this pattern for future identification of social engineering activity. [0036])
Claim 23, a device with the same scope as claim 3, is rejected.
With respect to claim 4 and 24:
Stolarz further teaches analyzing, using the first machine learning model, the first communication; assigning a probability value to the first communication, wherein the probability value indicates a likelihood that the first communication comprises a social engineering attack; and based on a determination that the probability value exceeds a threshold, identifying the first communication as a social engineering attack. (identifying a profile with a user for a plurality of communication channels and determining a current score for two or more communication channels of the plurality of communication channels. The current score may be based upon, at least in part, a first current score for a first communication channel of the two or more communication channels and a second current score for a second communication channel of the two or more communication channels. A determination whether the current score for the two or more communication channels is greater than a threshold score for the profile is made. Identifying potential social engineering activity may be based upon, at least in part, a determination that the current score for the two or more communication channels is greater than the threshold score for the profile. [0035])
Claim 24, a device with the same scope as claim 4, is rejected.
Claim(s) 6-8 and 26-28 is/are rejected under 35 U.S.C. 103 as being unpatentable over "Stolarz” in view of “Hernandez" and “Varadarajan” as applied to claim 1 and 21 above, and further in view of Zhou (US 10171662 B1).
With respect to claim 6 and 26:
Stolarz in view of Hernandez and Varadarajan does not teach wherein a party to the first communication comprises a chatbot, wherein the method further comprises disabling at least a portion of a functionality of the chatbot to remediate the social engineering attack. However,
Zhou teaches wherein a party to the first communication comprises a chatbot, wherein the method further comprises disabling at least a portion of a functionality of the chatbot to remediate the social engineering attack. (In the computer-implemented method, a risk level of the conversation is evaluated. In response to the risk level being higher than a threshold, it is indicated that the conversation needs an intervention by a human agent. In response to the human agent intervening in the conversation, the conversation is handed over from the virtual agent to the human agent. Then, a simulative conversation is generated according to the conversation between the user and the human agent. In response to a determination by the human agent based on the simulative conversation, the conversation is handed over from the human agent to the virtual agent. [Abstract])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system as disclosed by Stolarz in view of Hernandez and Varadarajan to disable a chatbot with the technique as disclosed by Zhou to reduce risk.
Claim 26, a device with the same scope as claim 6, is rejected.
With respect to claim 7 and 27:
Zhou further teaches wherein disabling at least a portion of the functionality of the chatbot comprises disabling further responses from the chatbot. (In the computer-implemented method, a risk level of the conversation is evaluated. In response to the risk level being higher than a threshold, it is indicated that the conversation needs an intervention by a human agent. In response to the human agent intervening in the conversation, the conversation is handed over from the virtual agent to the human agent. Then, a simulative conversation is generated according to the conversation between the user and the human agent. In response to a determination by the human agent based on the simulative conversation, the conversation is handed over from the human agent to the virtual agent. [Abstract])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system to disable a chatbot with the technique as disclosed by Zhou to reduce risk.
Claim 27, a device with the same scope as claim 7, is rejected.
With respect to claim 8 and 28:
Zhou further teaches wherein a first party to the first communication comprises a chatbot, wherein the method further comprises sending a second party to the first communication to a user service representative. (In the computer-implemented method, a risk level of the conversation is evaluated. In response to the risk level being higher than a threshold, it is indicated that the conversation needs an intervention by a human agent. In response to the human agent intervening in the conversation, the conversation is handed over from the virtual agent to the human agent. Then, a simulative conversation is generated according to the conversation between the user and the human agent. In response to a determination by the human agent based on the simulative conversation, the conversation is handed over from the human agent to the virtual agent. [Abstract])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system to use human intervene with the technique as disclosed by Zhou to reduce risk.
Claim 28, a device with the same scope as claim 8, is rejected.
Claim(s) 17 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Stolarz (US 20180097841 A1), and further in view of Hernandez (US 11922495 B1) and Varadarajan (US 20110276495 A1).
With respect to claim 17:
Stolarz teaches (in italic):
detect, based on monitoring one or more communication channels and using a first machine learning model trained to identify social engineering attacks, a first communication that indicates a social engineering attack to one or more users. (social engineering attack defense process 10 may identify 300 potential social engineering activity associated with one or more communications on a first communication channel of a plurality of communication channels. The machine learning process may analyze large numbers of communications, such as any or all communications that are passed into and out of an enterprise in any form. For example, social engineering attack defense process 10 may identify 300 potential social engineering activity within a text messaging communication session between user 46 and a third party. [0123, 0153-0154 0161-0162])
based on detecting the first communication, implement, based on detecting the first communication, at least one remedial action for the one or more users impacted by the social engineering attack. (For example, social engineering attack defense process 10 may identify 300 potential social engineering activity within a text messaging communication session between user 46 and a third party. Social engineering attack defense process 10 may perform 320 the action of automatically connecting 330 user 52 to the text messaging session. If the text message session is determined to be a malicious social engineering attack, social engineering attack defense process 10 may take various actions including terminating the text message session. [0149 0153-0154])
based on the transaction request indicating the fraudulent transaction, sending, […]. (If the text message session is determined to be a malicious social engineering attack, social engineering attack defense process 10 may take various actions including terminating the text message session. [0149 0153-0154])
Stolarz does not explicitly teach the following limitations. However,
Hernandez teaches:
based on the at least one remedial action, adjust at least one weight associated with a second machine learning model trained to detect suspicious activity, wherein adjusting the at least one weight modifies a fraud detection threshold of the second machine learning model. (For instance, the service provider may train and utilize a machine-learned model that receives, as input, the reason(s) for denial and outputs which actions are likely to increase a chance of approval for subsequent lending queries. This model may be trained on previous loan denials and subsequent loan approvals, such that the model “learns” over time which actions taken by a user increase the likelihood of receiving favorable lending decisions. These recommendations, which in some examples can be actionable, may cause modifications to risk metrics used in lending decisions. In addition, lending decisions and associated context can be used to modify or improve machine trained models in some instances. [Col 18:67-Col 19:8, Col 19:39-44])
receive, from a merchant, a transaction request associated with a first user impacted by the social engineering attack; determine, using the second machine learning model with the at least one adjusted weight, the transaction request indicates a fraudulent transaction. (By training the model, the model may now be configured to receive input signals associated with new lending queries and generate, as output, an indication that a lending query is approved or an indication that the lending query is denied and one or more reasons for the denial. [Col 16:60-65])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system as disclosed by Stolarz to adjust machine learning model to detect future transactions with the technique as disclosed by Hernandez to increase the chances of success transaction as Hernandez suggested in Abstract.
Stolarz in view of Hernandez does not explicitly teach the following limitations. However,
Varadarajan teaches:
[…] send, to a device associated with the first user, a one-time code. (The issuer server may send the OTP to at least the user to use in settling the transaction 360. The issuer server can send the OTP to the authentication server 339 as part of the authentication of the user, or the issuer server can send the OTP to the authentication server as a later part of the transaction (not shown). [0046])
receive, from the merchant, the one-time code; and authorizing, based on receiving the one- time code, the transaction. (The user may also receive the OTP from the user device 710. After receiving the OTP from the user device, the user may pass the OTP to the merchant 715. After receiving the account number and the OTP, the merchant may immediately transmit the data to another party to authorize the transaction 720, or the merchant may wait to transmit the data until later, possibly as part of a batch of transactions (not shown). [0056])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system as disclosed by Stolarz in view of Hernandez to sending authentication parameter to user with the technique as disclosed by Varadarajan to enhance security as Varadarajan suggested [0029].
With respect to claim 20:
Hernandez further teaches provide, to a generative artificial intelligence model, a prompt to generate one or more second communications associated with social engineering attacks; receive, based on the prompt, the one or more second communications associated with social engineering attacks; and input the one or more second communications associated with social engineering attacks to the machine learning model to train the machine learning model to identify social engineering attacks. (For instance, the service provider may train and utilize a machine-learned model that receives, as input, the reason(s) for denial and outputs which actions are likely to increase a chance of approval for subsequent lending queries. This model may be trained on previous loan denials and subsequent loan approvals, such that the model “learns” over time which actions taken by a user increase the likelihood of receiving favorable lending decisions. These recommendations, which in some examples can be actionable, may cause modifications to risk metrics used in lending decisions. In addition, lending decisions and associated context can be used to modify or improve machine trained models in some instances. [Col 18:67-Col 19:8, Col 19:39-44])
Claim(s) 18-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over "Stolarz” in view of “Hernandez” and “Varadarajan" as applied to claim 17 above, and further in view of Jiwani (US 20140297320 A1).
With respect to claim 18:
Stolarz in view of Hernandez and Varadarajan teaches “implementing the at least one remedial action for one or more users impacted by the social engineering attack, a authentication parameter; providing based on receiving the authentication parameter, access to the account” as explained above in claim 17.
Stolarz in view of Hernandez and Varadarajan does not teach receive a request to access an account associated with a second user and grant access to the second user. However,
Jiwani teaches receive a request to access an account associated with a second user and grant access to the second user. (At block 604, a request to establish a communication session with a client device 102 may be communicated to an interface module. the request may include a request to authenticate the secondary user prior to establishing the communication session. For example, the secondary user may be prompted to input login credentials associated with management portal 124 previously communicated to them by the primary user. The login credentials and/or other authentication information may include, without limitation, a username/password, a digital certificate, an encryption key, etc. [0075-0081 Fig. 6])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system as disclosed by Stolarz in view of Hernandez and Varadarajan to enable access for a second user with the technique as disclosed by Jiwani to providing accurate and timely access as Jiwani suggests [0005].
With respect to claim 19:
Stolarz in view of Hernandez and Varadarajan teaches “implementing the at least one remedial action for one or more users impacted by the social engineering attack, a authentication parameter; providing based on receiving the authentication parameter, access to the account” as explained above in claim 17.
Stolarz in view of Hernandez and Varadarajan does not teach receive a request to access an account associated with a second user and deny access to the second user. However,
Jiwani teaches receive a request to access an account associated with a second user and deny access to the second user. (At block 604, a request to establish a communication session with a client device 102 may be communicated to an interface module. the request may include a request to authenticate the secondary user prior to establishing the communication session. For example, the secondary user may be prompted to input login credentials associated with management portal 124 previously communicated to them by the primary user. The login credentials and/or other authentication information may include, without limitation, a username/password, a digital certificate, an encryption key, etc. [0075-0081 Fig. 6])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system as disclosed by Stolarz in view of Hernandez and Varadarajan to enable access for a second user with the technique as disclosed by Jiwani to providing accurate and timely access as Jiwani suggests [0005].
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 20210073819 A1: Detecting fraudulent activity can include receiving, via at least one computing device, transactional data from a first computing system, the transactional data comprising data describing at least one transaction and user identifying information. The transactional data can be determined to correspond to a particular user account. Mobile device data associated with the particular user account can be received. Based on a comparison of the transactional data to the mobile device data, a likelihood of a fraudulent event can be determined. In response to the likelihood of the fraudulent event exceeding a predefined threshold, one or more remedial actions can be performed.
US 20220191233 A1: Systems and methods are described for improving assessment of security risk based on a user's personal information. Registration of personal information of a user of an organization is received at a security awareness system. Post receiving the registration of the personal information, at least one of an exposure check or a security audit of the personal information of the user is performed by the security awareness system. A personal risk score of the user is then generated or adjusted based at least on a result of one of the exposure check or the security audit.
US 20230046392 A1: In an example embodiment, a combination of machine learning and rule-based techniques are used to automatically detect social engineering attacks in a computer system. More particularly, three phases of detection are utilized on communications in a thread or stream of communications: attack contextualization, intention classification, and security policy violation detection. Each phase of detection causes a score to be generated that is reflective of the degree of danger in the thread or stream of communications, and these scores may then be combined into a single global social engineering attack score, which then may be used to determined appropriate actions to deal with the attack if it transgresses a threshold.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZESHENG XIAO whose telephone number is (571)272-6627. The examiner can normally be reached 10:00am-4:30pm M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on (571) 272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Z.X./Examiner, Art Unit 3698
/PATRICK MCATEE/Supervisory Patent Examiner, Art Unit 3698
Prosecution Insights