COLLUSION DETECTION USING MACHINE LEARNING AND SEPARATION OF DUTIES (SOD) RULES

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION This is a non-final rejection. Claims 1-2, 6-11, 13-15, and 18-23 are pending. Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 01/28/2026 has been entered. Status of Claims Applicant’s amendment date 01/28/2026, amending claims 1, 10, and 15. Adding new claims 21-23 Response to Amendment The previously pending rejection under 35 USC 101, will be maintained. The 101 rejection is updated in light of the amendments. With regard to the rejection under 35 USC 103- Applicant’s arguments, see pages 11-12, filed 01/28/2026, with respect to the art rejection have been fully considered and are persuasive, the rejection under 35 USC 102/103 has been withdrawn. No art rejection has been put forth in the rejection for the reason found in the “Allowable Subject Matter” section found below. Response to Arguments Applicant’s argument received 01/28/2026 have been fully considered, but they are not persuasive. Response to Arguments under 35 USC 101: Applicant argues (Pages 11-12 of the remarks): abstract idea Applicant respectfully traverses the rejection of Claim 1 under 35 U.S.C. § 101. The Office Action alleges that the claims are directed to the abstract idea of "ranking detected pattern anomalies by risk level to identify potential collusive activities and presenting it to a user" and characterizes this as "organizing human activity" involving commercial/legal interactions and mitigating risk (Office Action, p. 4-5). Applicant submits that the claims, as amended, are not directed to this abstract idea. Even if the claims were viewed as directed to an abstract idea, the amended claims recite significantly more than the abstract idea by integrating it into a practical application. The Office Action argues that the limitations are "generic computer components" (Office Action, p. 6). Applicant disagrees. These claims explicitly recite that the model is trained using a feature set derived from "abstracted change documents" comprising a target entity, an action, and an impact value, thereby confirming the invention provides a specific technological solution to the problem of fraud detection in distributed systems. Examiner respectfully disagrees: Independent Claims 1, similar steps likewise reflect in claims 10 and 15, recites the abstract idea of ranking detected pattern anomalies by risk level to identify potential collusive activities and presenting it to a user. which is considered certain methods of organizing human activity because the bolded claim limitations pertain to (i) Fundamental economic principles or practices (including hedging, insurance, mitigating risk) and (ii) commercial or legal interactions (including agreements in the form of contracts; legal obligations; advertising, marketing or sales activities or behaviors; business relations) . See MPEP §2106.04(a)(2)(II). Applicant's claims as recited above provide a business offer of ranking detected pattern anomalies by risk level to identify potential collusive activities and presenting it to a user. Applicant's claimed invention pertains to commercial/legal interactions because the limitations recite ranking detected pattern anomalies by risk level to identify potential collusive activities and presenting it to a user. which pertain to "agreements in the form of contracts; legal obligation; behaviors; business relations" and “hedging, insurance, mitigating risk“ expressly categorized under commercial/legal interactions. See MPEP §2106.04(a)(2)(II). In prong two of step 2A, an evaluation is made whether a claim recites any additional element, or combination of additional element, that integrate the exception into a practical application of that exception. An “additional element” is an element that is recited in the claim in addition to (beyond) the judicial exception (i.e., an element/limitation that sets forth an abstract idea is not an additional element). The phrase “integration into a practical application” is defined as requiring an additional element or a combination of additional elements in the claim to apply, rely on, or use exception, such that it is more than a drafting effort designed to monopolize the exception. The claims recites the additional limitation of a systems, a processor, a non-transitory, machine learning model, and a user interface are recited in a high level of generality and recited as performing generic computer functions routinely used in computer applications. Adding the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, e.g., a limitation indicating that a particular function such as creating and maintaining electronic records is performed by a computer, as discussed in Alice Corp. 134 S. Ct, at 2360,110 USPQ2d at 1984 (see MPEP 2106.05(f). The additional elements of a “machine learning model”. This language merely requires execution of an algorithm that can be performed by a generic computer component and provides no detail regarding the operation of that algorithm. As such, the claim requirement amounts to mere instructions to implement the abstract idea on a computer, and, therefore, is not sufficient to make the claim patent eligible. See Alice, 573 U.S. at 226 (determining that the claim limitations “data processing system,” “communications controller,” and “data storage unit” were generic computer components that amounted to mere instructions to implement the abstract idea on a computer); October 2019 Guidance Update at 11–12 (recitation of generic computer limitations for implementing the abstract idea “would not be sufficient to demonstrate integration of a judicial exception into a practical application”). Such a generic recitation of “machine learning model” is insufficient to show a practical application of the recited abstract idea. The use of generic computer component to “ranking detected pattern anomalies by risk level to identify potential collusive activities and presenting it to a user” does not impose any meaningful limit on the computer implementation of the abstract idea. Thus, taken alone, the additional elements do not amount to significantly more than the above identified judicial exception (the abstract idea). Looking at the limitations as an ordered combination adds nothing that is not already present when looking at the elements taken individually. There is no indication that the combination of elements improves the functioning of a computer or improves any other technology. Their collective functions merely provide conventional computer implementation. The Examiner has therefore determined that the additional elements, or combination of additional elements, do not integrate the abstract idea into a practical application. Accordingly, the claim(s) is/are directed to an abstract idea (step 2A-prong two: NO). The Alice framework, we turn to step 2B (Part 2 of Mayo) to determine if the claim is sufficient to ensure that the claim amounts to “significantly more” than the abstract idea itself. These additional elements recite conventional computer components and conventional functions of: Claims 1, 10 and 15 does not include my limitations amounting to significantly more than the abstract idea, along. Claims 1, 10, and 15 includes various elements that are not directed to the abstract idea. These elements include a systems, a processor, a non-transitory, machine learning model, and a user interface. Examiner asserts that the additional elements in the claims are a generic computing element performing generic computing functions. Therefore, the claims at issue do not require any nonconventional computer, network, or display components, or even a “non-conventional and non-generic arrangement of know, conventional pieces,” but merely call for performance of the claimed on a set of generic computer components” and display devices. Claim Rejections 35 USC §101 35 U.S.C. § 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-2, 6-11, 13-15, and 18-23 are rejected under 35 U.S.C. § 101 because the claimed invention is directed to non-statutory subject matter, specifically an abstract idea without a practical application or significantly more than the abstract idea. Under the 35 U.S.C. §101 subject matter eligibility two-part analysis, Step 1 addresses whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter. See MPEP §2106.03. If the claim does fall within one of the statutory categories, it must then be determined in Step 2A [prong 1] whether the claim is directed to a judicial exception (i.e., law of nature, natural phenomenon, and abstract idea). See MPEP §2106.04. If the claim is directed toward a judicial exception, it must then be determined in Step 2A [prong 2] whether the judicial exception is integrated into a practical application. See MPEP §2106.04(d). Finally, if the judicial exception is not integrated into a practical application, it must additionally be determined in Step 2B whether the claim recites "significantly more" than the abstract idea. See MPEP §2106.05. Examiner note: The Office's 2019 Revised Patent Subject Matter Eligibility Guidance (2019 PEG) is currently found in the Ninth Edition, Revision 10.2019 (revised June 2020) of the Manual of Patent Examination Procedure (MPEP), specifically incorporated in MPEP §2106.03 through MPEP §2106.07(c). Regarding Step 1 Claims 1-2, 6-9, and 21 are directed to a method (process), Claims 10, 13-14, and 22 are directed to a system (machine), and Claims 15, 18-20, and 23 are directed to a system (machine) Thus, all claims fall within one of the four statutory categories as required by Step 1. Regarding Step 2A [prong 1] Claims 1-2, 6-11, 13-15, and 18-23 are directed toward the judicial exception of an abstract idea. Independent claims 10 and 15 recites essentially the same abstract features as claim 1, thus are abstract ideas of the claimed invention: Regarding independent claim 1, the bolded limitations emphasized below correspond to the abstract ideas of the claimed invention: Claim 1. A method for improving computer security by detecting collusive fraud in an organization’s computer system, comprising: training a machine learning (ML) model to recognize patterns in data indicative of collusive behavior of two or more individuals wherein the patterns indicative of collusive behavior include a scope exclusively pattern defined by instances where only first and second individuals execute a specific transaction type against a specific target entity to the exclusion of other individuals in the organization; collecting standardized computer-readable activity data from a plurality of disparate enterprise resource planning systems, the data relating to activities of a plurality of individuals in an organization, wherein collecting the data comprises abstracting change documents from the disparate enterprise resource planning systems to represent a target entity, an action performed on the target entity, and an impact value associated with the action; applying the ML model to the collected data to identify the scope exclusivity pattern by determining that the target entity is exclusively associated with the first and second individuals; ranking detected scope exclusivity pattern anomalies by calculating a confidence value for the identified scope exclusivity pattern based on a statistical probability that the target entity is handled exclusively by the first and second individuals relative to a baseline of single-user handling level to identify potential collusive activities by two or more individuals in the organization; and presenting the identified potential collusive activities to a user over a user interface. The Applicant's Specification titled " COLLUSION DETECTION USING MACHINE LEARNING AND SEPARATION OF DUTIES (SOD) RULES" emphasizes the business need for data analysis, "In summary, the present disclosure relates to methods and systems for ranking detected pattern anomalies by risk level to identify potential collusive activities and presenting it to a user" (see [0001] of the specification). As the bolded claim limitations above demonstrate, independent claim1 recites the abstract idea of ranking detected pattern anomalies by risk level to identify potential collusive activities and presenting it to a user. which is considered certain methods of organizing human activity because the bolded claim limitations pertain to (i) Fundamental economic principles or practices (including hedging, insurance, mitigating risk) and (ii) commercial or legal interactions (including agreements in the form of contracts; legal obligations; advertising, marketing or sales activities or behaviors; business relations) . See MPEP §2106.04(a)(2)(II). Applicant's claims as recited above provide a business offer of ranking detected pattern anomalies by risk level to identify potential collusive activities and presenting it to a user. Applicant's claimed invention pertains to commercial/legal interactions because the limitations recite ranking detected pattern anomalies by risk level to identify potential collusive activities and presenting it to a user. which pertain to "agreements in the form of contracts; legal obligation; behaviors; business relations" and “hedging, insurance, mitigating risk“ expressly categorized under commercial/legal interactions. See MPEP §2106.04(a)(2)(II). Dependent claims 2, 6-9, 11, 13-14, and 18-20 further reiterate the same abstract ideas with further embellishments (the bolded limitations), such as claim 2 (Similarly Claim 11) wherein the patterns indicative of collusive behavior include instances where first and second individuals each have responsibilities with an exclusive scope, and where a target in the activity is exclusively associated with a discrete set of users representing different sides of a separation of duties risk. claim 3 (Similarly Claim 12) Cancelled claim 4 (Similarly Claim 16) Cancelled claim 5 (Similarly Claim 17) Cancelled Claim 6 (Similarly Claim 18) wherein the patterns indicative of collusive behavior include instances where a first individual engages in a given activity with a plurality of other independent individuals. claim 7 (Similarly Claims 13 and 19) wherein the collected data is collected from a plurality of disparate platforms. claim 8 (Similarly Claims 14 and 20) further comprising standardizing the format of the collected data from the plurality of disparate platforms. claim 9 wherein the ML model is trained using training data, wherein the training data includes data relating to activities of individuals engaging in collusive activities. claim 21 (Similarly Claims 22 and 22) wherein the ML model is trained using a feature set derived from abstracted change documents comprising a target entity, an action performed on the target entity, and an impact value associated with the action. which are nonetheless directed towards fundamentally the same abstract ideas as indicated for independent claims 1, 10, and 15. Regarding Step 2A [prong 2] Claims 1-2, 6-11, 13-15, and 18-23 fail to integrate the abstract idea into a practical application. Independent claims 1, 10, and 15 include the following additional elements which do not amount to a practical application: Claim 1 machine learning model, and a user interface, systems, Claim 10 a system, a processor, a non-transitory, machine learning model, and a user interface Claim 15 a non-transitory, machine learning model, and a user interface. The bolded limitations recited above in independent claims 1, 10, and 15 pertain to additional elements which merely provide an abstract-idea-based-solution implemented with computer hardware and software components, including the additional elements of a systems, a processor, a non-transitory, machine learning model, and a user interface. which fail to integrate the abstract idea into a practical application because there are (1) no actual improvements to the functioning of a computer, (2) nor to any other technology or technical field, (3) nor do the claims apply the judicial exception with, or by use of, a particular machine, (4) nor do the claims provide a transformation or reduction of a particular article to a different state or thing, (5) nor provide other meaningful limitations beyond generally linking the use of the judicial exception to a particular technological environment, in view of MPEP §2106.04(d)(1) and §2106.05 (a-c & e-h), (6) nor do the claims apply the judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition, in view of MPEP §2106.04(d)(2). The Specification provides a high level of generality regarding the additional elements claimed without sufficient detail or specific implementation structure so as to limit the abstract idea, for instance, (fig. 3). Nothing in the Specification describes the specific operations recited in claims 1, 10, and 15 as particularly invoking any inventive programming, or requiring any specialized computer hardware or other inventive computer components, i.e., a particular machine, or that the claimed invention is somehow implemented using any specialized element other than all-purpose computer components to perform recited computer functions. The claimed invention is merely directed to utilizing computer technology as a tool for solving a business problem of data analytics. Nowhere in the Specification does the Applicant emphasize additional hardware and/or software elements which provide an actual improvement in computer functionality, or to a technology or technical field, other than using these elements as a computational tool to automate and perform the abstract idea. See MPEP §2106.05(a & e). The additional elements of a “a machine learning”. This language merely requires execution of an algorithm that can be performed by a generic computer component and provides no detail regarding the operation of that algorithm. As such, the claim requirement amounts to mere instructions to implement the abstract idea on a computer, and, therefore, is not sufficient to make the claim patent eligible. See Alice, 573 U.S. at 226 (determining that the claim limitations “data processing system,” “communications controller,” and “data storage unit” were generic computer components that amounted to mere instructions to implement the abstract idea on a computer); October 2019 Guidance Update at 11–12 (recitation of generic computer limitations for implementing the abstract idea “would not be sufficient to demonstrate integration of a judicial exception into a practical application”). Such a generic recitation of “a machine learning” is insufficient to show a practical application of the recited abstract idea. The relevant question under Step 2A [prong 2] is not whether the claimed invention itself is a practical application, instead, the question is whether the claimed invention includes additional elements beyond the judicial exception that integrate the judicial exception into a practical application by imposing a meaningful limit on the judicial exception. This is not the case with Applicant's claimed invention which merely pertains to steps of ranking detected pattern anomalies by risk level to identify potential collusive activities and presenting it to a user and the additional computer elements a tool to perform the abstract idea, and merely linking the use of the abstract idea to a particular technological environment. See MPEP §2106.04 and §21062106.05(f-h). Alternatively, the Office has long considered data gathering, analysis and data output to be insignificant extra-solution activity, and these additional elements do not impose any meaningful limits on practicing the abstract idea. See MPEP §2106.04 and §2106.05(g). Thus, the additional elements recited above fail to provide an actual improvement in computer functionality, or to a technology or technical field. See MPEP §2106.04(d)(1) and §2106§2106.05 (a & e). Instead, the recited additional elements above, merely limit the invention to a technological environment in which the abstract concept identified above is implemented utilizing the computational tools provided by the additional elements to automate and perform the abstract idea, which is insufficient to provide a practical application since the additional elements do no more than generally link the use of the abstract idea to a particular technological environment. See MPEP §2106.04. Automating the recited claimed features as a combination of computer instructions implemented by computer hardware and/or software elements as recited above does not qualify an otherwise unpatentable abstract idea as patent eligible. Alternatively, the Office has long considered data gathering and data processing as well as data output recruitment information on a social network to be insignificant extra-solution activity, and these additional elements used to gather and output recruitment information on a social network are insignificant extra-solution limitations that do not impose any meaningful limits on practicing the abstract idea. See MPEP §2106.05(g). The current invention rank detected pattern anomalies by risk level to identify potential collusive activities and presenting it to a user. When considered in combination, the claims do not amount to improvements of the functioning of a computer, or to any technology or technical field. Applicant's limitations as recited above do nothing more than supplement the abstract idea using additional hardware/software computer components as a tool to perform the abstract idea and generally link the use of the abstract idea to a technological environment, which is not sufficient to integrate the judicial exception into a practical application since they do not impose any meaningful limits. Dependent claims 2, 6-9, 11, 13-14, and 18-23 merely incorporate the additional elements recited above, along with further embellishments of the abstract idea of independent claims 1, 10, and 15 respectively, for example, claims 7-8, 13-14, and 19-23 recite “disparate platforms” but, these features only serve to further limit the abstract idea of independent claims 1, 10, and 15, furthermore, merely using/applying in a computer environment such as merely using the computer as a tool to apply instructions of the abstract idea do nothing more than provide insignificant extra-solution activity since they amount to data gathering, analysis and outputting. Furthermore, they do not pertain to a technological problem being solved in a meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, and/or the limitations fail to achieve an actual improvement in computer functionality or improvement in specific technology other than using the computer as a tool to perform the abstract idea. Therefore, the additional elements recited in the claimed invention individually, and in combination fail to integrate the recited judicial exception into any practical application. Regarding Step 2B Claims 1-2, 6-11, 13-15, and 18-23 do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional element(s) as described above with respect to Step 2A Prong 2, the additional element of claims 1, 10, and 15 include a system, a processor, a non-transitory, machine learning model, and a user interface. Claims 7-8, 13-14, and 19-23 recite “disparate platforms”. The displaying interface and storing data merely amount to a general purpose computer used to apply the abstract idea(s) (MPEP 2106.05(f)) and/or performs insignificant extra-solution activity, e.g. data retrieval and storage, as described above (MPEP 2106.05(g)) which are further merely well-understood, routine, and conventional activit(ies) as evidenced by MPEP 2106.06(05)(d)(II) (describing conventional activities that include transmitting and receiving data over a network, electronic recordkeeping, storing and retrieving information from memory, electronically scanning or extracting data from a physical document, and a web browser’s back and forward button functionality). Therefore, similarly the combination and arrangement of the above identified additional elements when analyzed under Step 2B also fails to necessitate a conclusion that the claims amount to significantly more than the abstract idea directed to ranking detected pattern anomalies by risk level to identify potential collusive activities and presenting it to a user. Claims 1-2, 6-11, 13-15, and 18-23 is accordingly rejected under 35 USC 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea(s)) without significantly more. Allowable Subject Matter Regarding the 35 USC 103 rejection, No art rejections has been put forth in the rejection. The closest prior art of record are Ramasubramanian et al. US 2016/0210631: Systems and methods for flagging potential fraudulent activities in an organization, Dhurandhar et al. US 2017/0293917: Ranking and tracking suspicious procurement entities, Saxena et al. US 2019/0327271: Automated access control management for computing systems, W. T. Young, H. G. Goldberg, A. Memory, J. F. Sartain and T. E. Senator, "Use of Domain Knowledge to Detect Insider Threats in Computer Activities," 2013 IEEE Security and Privacy Workshops, San Francisco, CA, USA, 2013, pp. 60-67, doi: 10.1109/SPW.2013.32. None of the prior art of record, taken individually or in combination, teach, inter alia, teaches the claimed invention as detailed in independent claims, “data relating to activities of a plurality of individuals in an organization, wherein collecting the data comprises abstracting change documents from the disparate enterprise resource planning systems to represent a target entity, an action performed on the target entity, and an impact value associated with the action; applying the ML model to the collected data to identify the scope exclusivity pattern by determining that the target entity is exclusively associated with the first and second individuals; ranking detected scope exclusivity pattern anomalies by calculating a confidence value for the identified scope exclusivity pattern based on a statistical probability that the target entity is handled exclusively by the first and second individuals relative to a baseline of single-user handling level to identify potential collusive activities by two or more individuals in the organization.”. The 35 USC 103 rejection of claims 1-2, 6-11, 13-15, and 18-23 in the instant application is not apply because the prior art of record fails to teach the overall combination as claimed. Therefore, it would not have been obvious to one of ordinary skill in the art to modify the prior art to meet the combination above without unequivocal hindsight and one of ordinary skill would have no reason to do so. Upon further searching the examiner could not identify any prior art to teach these limitations. The prior art on record, alone or in combination, neither anticipates, reasonably teaches, not renders obvious the Applicant’s claimed invention. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. W. T. Young, H. G. Goldberg, A. Memory, J. F. Sartain and T. E. Senator, "Use of Domain Knowledge to Detect Insider Threats in Computer Activities," 2013 IEEE Security and Privacy Workshops, San Francisco, CA, USA, 2013, pp. 60-67, doi: 10.1109/SPW.2013.32. Wang US 2022/0343329: Transaction anomaly detection. Ross et al. US 2021/0226970: Representing sets of behaviors within an entity behavior catalog. Sood et al. US 2020/0118137: Transaction management system. Parvatha WO2017/115341: Method and system for utility management. Marsa et al. US 8,561,184: System, method and computer program product for comprehensive collusion detection and network traffic quality prediction. Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAMZEH OBAID whose telephone number is (313)446-4941. The examiner can normally be reached M-F 8 am-5 pm EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patricia Munson can be reached at (571) 270-5396. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /HAMZEH OBAID/Primary Examiner, Art Unit 3624