&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12225026.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,225,026 B1</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Detecting malicious activity using user-specific parameters</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Rongrong Zhou,  Washington, DC (US); and  Ganesh Babu Gopal,  Coppell, TX (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Citibank, N.A.,  New York, NY (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Citibank, N.A.,  New York, NY (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Oct.  11, 2024, as Appl. No. 18/914,035.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 18/914,035 is a continuation in part of application No. 18/374,906, filed on Sep.  29, 2023.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 9/40</b></i> (2022.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 63/1416</b></i> (2013.01)</td>
            <td class="table_data" align="right"><b>17 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12225026-20250211-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A system for using user-specific parameters to detect malicious activity in an interaction, the system comprising:<div class="claim_text">a storage device; and</div>
                <div class="claim_text">one or more processors communicatively coupled to the storage device storing instructions thereon, that cause the one or more processors to:<div class="claim_text">receive user action data representing user actions for a plurality of users relative to a plurality of applications;</div>
                  <div class="claim_text">extract, from the user action data, first user action data representing first user actions of a first user of the plurality of users;</div>
                  <div class="claim_text">generate, using the first user action data and without using other user action data representing other user actions for other users of the plurality of users, a plurality of parameters specific to the first user for determining whether interactions of the first user represent malicious activity, wherein each parameter of the plurality of parameters comprises a corresponding parameter identifier and a corresponding parameter value;</div>
                  <div class="claim_text">receive, for the first user, a request for a pending interaction with a particular application of the plurality of applications;</div>
                  <div class="claim_text">input, into a first user model, the pending interaction to cause the first user model to generate a plurality of parameter identifiers identifying a set of parameters within the plurality of parameters, wherein the set of parameters is more likely than another set of parameters within the plurality of parameters to identify the malicious activity, and wherein the first user model is trained for the first user using the first user action data and without using the other user action data; and</div>
                  <div class="claim_text">during pendency of the pending interaction;</div>
                  <div class="claim_text">determine, for the set of parameters, a corresponding set of interaction parameters, wherein the corresponding set of interaction parameters is extracted from the pending interaction that is received as part of the request;</div>
                  <div class="claim_text">determine whether the corresponding set of interaction parameters matches the set of parameters; and</div>
                  <div class="claim_text">based on determining that the corresponding set of interaction parameters matches the set of parameters, determine that the pending interaction is malicious.</div>
                </div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>