DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 5/4/2026 has been entered.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 21, 23-31, 33-37, and 39-40 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (abstract idea) without significantly more.
Under the broadest reasonable interpretation, the following claim terms are presumed to have their plain meaning consistent with the specification as it would be interpreted by one of ordinary skill in the art. MPEP § 2111.
Step 1: Does the Claim Fall within a Statutory Category? (see MPEP 2106.03)
Claim 37 recites a product (apparatus). The claim is directed to a product, which is a statutory category of invention (Step 1: YES). Claim 31 recites a system, which is a statutory category of invention (Step 1: YES). Claim 21 recites a process, which is a statutory category of invention (Step 1: YES).
Step 2A, Prong One: Is a Judicial Exception Recited? (see MPEP 2106.04(a)). Yes.
The claims are analyzed to determine whether it is directed to a judicial exception. The following claims identify the limitations that recite additional elements in bold and the abstract idea without bold. Underlined claim limitations denote newly added claim limitations:
Claims 21, 31 and 37 recite: a method, implemented by a computing system using a memory and a processor, for automated fraud detection and analytics using aggregated payment vehicles and devices, the method comprising: receiving, by the computing system, transaction data from a plurality of electronic transactions associated with more than one payment vehicle and more than one device; aggregating, by the computing system in a transaction database, the transaction data using retrieved identifying data of an individual, the identifying data associated with the transaction data, wherein the aggregated transaction data is indexed to individuals in the transaction database using the identifying data associated with the transaction data; training, by the computing system, an aggregated fraud scoring model to using the aggregated transaction data, wherein the aggregated fraud scoring model is trained to detect that an electronic transaction is fraudulent based on identifying associations between the aggregated transaction data and an input transaction; receiving, by the computing system over a computer network, an authorization request for an electronic transaction using a first payment vehicle associated with the individual, the electronic transaction originating at a merchant system; in response to receiving the authorization request, capturing, by the computing system, a plurality of device data of a first device used in the electronic transaction originating at the merchant system and associated with the individual; retrieving, by the computing system from the transaction database and prior to routing the authorization request to a payment processor, the aggregated transaction data and the identifying data, first payment vehicle data, and the plurality of device data of the first device based on the authorization request; determining, by the computing system, that an individual fraud detection profile associated with the identifying data does not exist in a profile database, the profile database including identifiers of payment vehicles and identifiers of devices associated with the individual and associated with the identifying data; searching, by the computing system in the transaction database, for a second payment vehicle and/or a second device associated with the identifying data based on the individual fraud detection profile not existing in the profile database; generating, by the computing system, profile data for the individual using the retrieved aggregated transaction data, the profile data associated with one or more of the first payment vehicle, the second payment vehicle, the first device, or the second device; providing, by the computing system, the generated profile data and the electronic transaction to the trained aggregated fraud scoring model; outputting, by the aggregated fraud scoring model, an indication that the electronic transaction is fraudulent based on identifying associations between the generated profile data and the input electronic transaction; and transmitting, by the computing system and via a web server over the computer network, the authorization request including an attached notification to a financial institution that the electronic transaction is fraudulent based on the output indication of the aggregated fraud scoring model, and declining, by the computing system, the authorization request for the electronic transaction based on the attached notification. These limitations, as drafted, under its broadest reasonable interpretation, covers performance of the limitations via manual human activity, but for the recitation of generic computer components. Under human activity, more specifically, the limitations are fundamental economic practice, as well as commercial interaction and managing interactions between people. Under fundamental economic practice, the claims involve mitigating risk. Under commercial interaction, the claims involve business relations. And, under managing interactions between people, the claims involve following instructions. Accordingly, the claim recites an abstract idea. The mere recitation of generic computer components in the claims do not necessarily preclude that claim from reciting an abstract idea. (Step 2A-Prong 1: Yes. The claims recite an abstract idea).
Step 2A, Prong Two: Is the Abstract Idea Integrated into a Practical Application? (see MPEP 2106.04(d)). No.
The above judicial exception is not integrated into a practical application. In particular, the claim recites the additional elements of computing system, memory, processor, devices, computing system, computer network, merchant system, transaction database, profile database, known devices, first device, second device, user device, system for automated fraud detection, web server, and a non-transitory computer readable medium. The additional elements of a computing system, memory, processor, devices, computing system, computer network, merchant system, transaction database, profile database, known devices, first device, second device, user device, system for automated fraud detection, web server, and a non-transitory computer readable medium, are just applying generic computer components to the recited abstract limitations (MPEP 2106.05(f)). The computer components are recited at such a high-level of generality (i.e. as a generic computer components) such that it amounts to no more than mere instructions to apply the exception using generic computer components. Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea and are at a high level of generality. (Step 2A-Prong 2: NO. The judicial exception is not integrated into a practical application).
Step 2B: Does the Claim Provide an Inventive Concept? (see MPEP 2106.05). No.
The claims are next analyzed to determine if there are additional claim limitations that individually, or as an ordered combination, ensure that the claim amounts to significantly more than the abstract ideas (whether claim provides inventive concept). As discussed with respect to Step 2A2 above, the additional elements of (computing system, memory, processor, devices, computing system, computer network, merchant system, transaction database, profile database, known devices, first device, second device, user device, system for automated fraud detection, web server, and a non-transitory computer readable medium) in the claims amount to no more than mere instructions to apply the exception using a generic computer component. The same analysis applies here in Step 2B, i.e., mere instructions to apply an exception using a generic computer component cannot integrate a judicial exception into a practical application at Step 2A or provide an inventive concept in Step 2B. Viewing the limitations as an ordered combination does not add anything further than looking at the limitations individually. When viewed either individually, or as an ordered combination, the additional limitations do not amount to a claim as a whole that is significantly more than the abstract idea itself. Therefore, the claims do not amount to significantly more than the recited abstract idea (Step 2B: NO; The claims do not provide significantly more, and are not patent eligible).
Claim 23 recites wherein data of the electronic transaction comprises at least one of merchant's ID, transaction location and terminal information, source IP address, data and time, device information, transaction amount of a purchase, and a payment vehicle associated with the electronic transaction. These limitations are also part of the abstract idea identified in claim 21, and are similarly rejected under the same rationale as claim 21, supra.
Claim 24 recites further comprising, generating, at the computing system, a multidimensional score for the data of electronic transaction. These limitations are also part of the abstract idea identified in claim 21, and the additional elements of computing system are as addressed in the Steps 2A2 and B in the claim 21 analysis above. Therefore, this claim is similarly rejected under the same rationale as claim 21, supra.
Claim 25 recites wherein data of the individual fraud detection profile includes at least one of an individual's spending irregularities and fraud analysis according to a fraudulent activity associated with the payment vehicle and the electronic transaction. These limitations are also part of the abstract idea identified in claim 21, and are similarly rejected under the same rationale as claim 21, supra.
Claim 26 recites wherein the individual's spending irregularities are calculated based on at least one of the individual's spending habits, geographic area, and a type of payment vehicle used in the electronic transaction. These limitations are also part of the abstract idea identified in claim 21, and are similarly rejected under the same rationale as claim 21, supra.
Claim 27 recites further comprising, identifying, by the computing system, any fraudulent suspicion pertaining to the electronic transaction to the financial institution. These limitations are also part of the abstract idea identified in claim 21, and the additional elements of computing system are as addressed in the Steps 2A2 and B in the claim 21 analysis above. Therefore, this claim is similarly rejected under the same rationale as claim 21, supra.
Claim 28 recites wherein the plurality of device data comprises, one or more of: an identifier of the first device, passwords, user names and accounts, IP addresses, browser settings, browser history, cookies, font preferences, language preferences, and typing data. These limitations are also part of the abstract idea identified in claim 21, and are similarly rejected under the same rationale as claim 21, supra.
Claim 29 recites wherein the payment vehicle is a debit or credit card issued by a financial institution. These limitations are also part of the abstract idea identified in claim 21, and are similarly rejected under the same rationale as claim 21, supra.
Claim 30 recites wherein determining that the individual fraud detection profile associated with the retrieved identifying data does not exist includes searching for a unique hash value in the profile database. These limitations are also part of the abstract idea identified in claim 21, and the additional elements of profile database are as addressed in the Steps 2A2 and B in the claim 21 analysis above. Therefore, this claim is similarly rejected under the same rationale as claim 21, supra.
Claim 33 recites wherein data of the electronic transaction comprises at least one of merchant's ID, transaction location and terminal information, source IP address, data and time, device information, transaction amount of a purchase, and a payment vehicle associated with the electronic transaction. These limitations are also part of the abstract idea identified in claim 31, and are similarly rejected under the same rationale as claim 31, supra.
Claim 34 recites the operations further including: generating, at the computing system, a multidimensional score for the data of the electronic transaction. These limitations are also part of the abstract idea identified in claim 31, and the additional elements of computing system are as addressed in the Steps 2A2 and B in the claim 31 analysis above. Therefore, this claim is similarly rejected under the same rationale as claim 31, supra.
Claim 35 recites wherein the plurality of device data comprises, one or more of: an identifier of the first device, passwords, user names and accounts, IP addresses, browser settings, browser history, cookies, font preferences, language preferences, and typing data. These limitations are also part of the abstract idea identified in claim 31, and the additional elements of first device are as addressed in the Steps 2A2 and B in the claim 31 analysis above. Therefore, this claim is similarly rejected under the same rationale as claim 31, supra.
Claim 36 recites wherein data of the individual fraud detection profile includes at least one of an individual's spending irregularities and fraud analysis according to the sent fraudulent activities associated with the payment vehicle and the electronic transaction. These limitations are also part of the abstract idea identified in claim 31, and are similarly rejected under the same rationale as claim 31, supra.
Claim 39 recites wherein data of the electronic transaction comprises at least one of merchant's ID, transaction location and terminal information, source IP address, data and time, device information, transaction amount of a purchase, and a payment vehicle associated with the electronic transaction. These limitations are also part of the abstract idea identified in claim 37, and are similarly rejected under the same rationale as claim 37, supra.
Claim 40 recites wherein determining that the individual fraud detection profile associated with the retrieved identifying data does not exist includes searching for a unique hash value in the profile database. These limitations are also part of the abstract idea identified in claim 37, and the additional elements of profile database are as addressed in the Steps 2A2 and B in the claim 37 analysis above. Therefore, this claim is similarly rejected under the same rationale as claim 37, supra.
Response to Arguments
Applicant's arguments filed 4/3/2026 have been fully considered but they are not persuasive.
Applicant argues that the currently recited claim limitations improve the functioning of a computing device (Applicant arguments, pg. 13-15). Examiner disagrees. In Enfish, the court evaluated the patent eligibility of claims related to a self-referential database. Id. The court concluded the claims were not directed to an abstract idea, but rather an improvement to computer functionality. In contrast, the current claims are not directed to an improvement to computer functionality and instead merely recite the computer elements at a high level of generality such that it amounts to no more than mere instructions to apply the exception using a generic computer component.
In DDR Holdings LLC v. Hotels.com, LP, the claims were found eligible as they reflected improvements to the functioning of a computer, i.e. a modification of conventional Internet hyperlink protocol to dynamically produce a dual-source hybrid webpage. In contrast, the current claims do not contain limitations reflective of an improvement to computer functionality and instead merely recite the computer elements at a high level of generality such that it amounts to no more than mere instructions to apply the exception using a generic computer component.
In Finjan, the claims to a “behavior-based virus scan” were found to provide greater computer security and were thus directed to a patent-eligible improvement in computer functionality. In contrast, the current claims do not contain limitations reflective of an improvement to computer functionality and instead merely recite the computer elements at a high level of generality such that it amounts to no more than mere instructions to apply the exception using a generic computer component.
The focus of the claims is not on such an improvement in computers as tools, but on certain independently abstract ideas that use computers as tools. The claims here are not directed to a specific improvement to computer functionality. Rather, they are directed to the use of conventional or generic technology in a well-known environment, without any claim that the invention reflects an inventive solution to any computer specific problem. More specifically, the claims are limited to a business solution to a technical problem, not a technical solution to a technical problem.
Lastly, the claims do not provide an inventive concept. As discussed above, the additional elements in the claim amount to no more than mere instructions to apply the exception using a generic computer. Even when viewed as whole, nothing in the claim adds significantly more (i.e. inventive concept) to the abstract idea.
The currently recited claims solve aggregation of transaction data with an aggregated fraud scoring model, which is not a significant improvement to the functioning of a computer or to any other technology or technical field (MPEP 2106.05(a)).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRANDON M DUCK whose telephone number is (469)295-9049. The examiner can normally be reached 8am - 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Michael Anderson can be reached at 571-270-0508. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BRANDON M DUCK/Examiner, Art Unit 3693