DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 08/29/2025 has been entered.
Claims Amendment
The amendment filed 08/29/25 has been entered. Claims amended: 1, 3, 9, 11, 15 and 17.
Claim Status
Claims 1-20 are pending. They comprise of 3 groups:
Method1: 1-8, and
Article (CRM1): 9-14, and
System1: 15-20.
All appear to have similar scope and will be rejected together.
As of 8/29/25, independent claim 1 is as followed:
1. (Currently Amended) A computer-implemented method comprising:
[1] receiving, from a user computing device associated with a user, a request to create a digital account, the request comprising user enrollment data and device data associated with the user computing device;
[2] creating, in response to receiving the request, the digital account;
[3] determining, utilizing a fraud-risk machine-learning model and in response to creating the digital account, an initial risk tier for the digital account from a plurality of risk tiers based on attributes corresponding to the user enrollment data and the device data, the plurality of risk tiers corresponding to a fraud-risk hierarchy of digital accounts sorted according to respective likelihoods that the digital accounts will perpetuate fraud-related incidents,
[4] wherein the fraud-risk machine-learning model is trained using known attributes of existing digital accounts to determine expected risk tiers for the existing digital accounts based on historical fraud-related data;
[5] identifying account usage data corresponding to the digital account; and
[6] determining, utilizing the fraud-risk machine-learning model and in response to identifying the account usage data, an updated risk tier from the plurality of risk tiers for the digital account based on the account usage data.
Note: for referential purpose, numerals [1]-[6] are added to the beginning of each step.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
Step 1: when considering subject matter eligibility under 35 U.S.C. § 101, it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e.,
(1) process,
(2) machine,
(3) manufacture or product, or
(4) composition of matter.
Step 2A, Prong 1: If the claim does fall within one of the statutory categories, it must then be determined whether the claim is directed to a judicial exception, i.e.,
1) law of nature,
2) natural phenomenon, and
3) abstract idea.
and if so, it must additionally be determined whether the claim is a patent-eligible application of the exception. If an abstract idea is present in the claim, any element or combination of elements in the claim must be sufficient to ensure that the claim amounts to significantly more than the abstract idea itself. Examples of abstract ideas include:
(1) Mathematical concepts -- mathematical relationships, mathematical formulas or equations, and mathematical calculations;
(2) Mental processes—concepts performed in the human mind (including an observation, evaluation, judgment, and opinion).
(3) Certain methods of organizing human activities.
(i) fundamental economic principles or practices (including hedging, insurance, mitigating risk);
(ii) commercial or legal interactions (including agreements in the form of contracts; Legal obligations; Advertising, marketing or sales activities or behaviors; business relations);
(iii) managing personal behavior or relationships or interactions between people (including social activities, teaching, and following rules or instructions).
>For instance, in Alice Corp. (Alice Corp. Pty. Ltd. v. CLS Bank Int’l, 134 S. Ct. 2347 (2014)), the Court found that “intermediated settlement” was a fundamental economic practice, which is considered as (1) a certain method of organizing human activities, which is an abstract idea.
(1) Step 2A, Prong 1: Does the claim recite a judicial exception?
(2) Step 2A, Prong 2: Are there any additional elements that integrate the judicial exception into a practical application?
Only if a claim (1) recites a judicial exception and (2) does not integrate that exception into a practical application, then proceeds to step 2B.
(3) Step 2B: Are there any additional elements that adds an inventive concept to the claim? Determine whether the claim:
(3) adds a specific limitation beyond the judicial exception that is not “well-understood, routine, and conventional” in the field (see MPEP 2106.05(d)); or
(4) simply appends well-understood, routine, and conventional activities previously known to the industry, specified at a high level of generality, to the judicial exception.
Step 1:
In the instant case, with respect to claims 1-20:
Claim categories:
Method1 (process): 1-7, and
System1 (machine): 8-14, and
Non-transitory CRS media1 (product): 15-20.
Analysis of Step 1:
method: claims 1-7 are directed to a process; i.e., a series of steps or acts, for managing fraud risk from a request to create an account by using a fraud-risk model to determine the risk level of a request and provide various responses based on the risk levels. (Step 1:Yes).
Machine: claims 8-14 are directed to a system comprising a processor, and memory having instructions for causing the system to carry out a series of steps or acts, for monitoring a business request for a service with a risk monitoring parameter, which is a machine. (Step 1:Yes).
Non-transitory CRS media1 (product): 15-20 are directed to an article comprising computer instructions for carrying out a series of steps or acts, for managing fraud risk from a request to create an account by using a fraud-risk model to determine the risk level of a request and provide various responses based on the risk levels. (Step 1:Yes).
Thus, the claims 1-20 are generally directed towards one of the four statutory categories under 35 USC § 101.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
A. Step 2A, Prong One:
Claim 1, as exemplary, recites a method for managing fraud risk from a request to create an account by using a fraud-risk model to determine the risk level of a request and provide various responses based on the risk levels, is a fundamental economic principle or business practice for managing risk in assisting a customer to open a business account for financial transaction with rules for minimizing fraud and financial loss (risk), which is considered as (i) a certain method of organizing human activities, which is an abstract idea.
(ii) commercial or legal interactions (including agreements in the form of contracts; Legal obligations; Advertising, marketing or sales activities or behaviors; business relations);
Furthermore, independent claims 1, 9 and 15 recite an abstract idea related to evaluation a condition for approval of a user with some rules form minimizing risk using a fraud-risk model, which constitutes an abstract idea based on “Mental Processes” related to concepts performed in the human mind including observation, evaluation, judgment, and opinion.
(2) Mental processes—concepts performed in the human mind (including an observation, evaluation, judgment, and opinion).
B. Step 2A, Prong Two:
The judicial exception is not integrated into a practical applications because it deals with a method for evaluation a condition for approval of a user with some rules form minimizing risk using a fraud-risk model, by carrying out steps of:
The claims recites the additional elements of:
Steps: Types
[1] receive … request (data) Data gathering, insignificant extra-solution activity (IE-SA) step.
[2] create … account mental step.
[3a] determine … risk tier. Mental step.
[3b] ML model is trained… Mental/analysis/modeling activities.
[4] identify … data. Data gathering, IESA.
[5] determine ... risk tier. Mental step.
Steps [1] and [4] are data gathering which are considered as insignificant extra-solution activity steps.
Steps [2], [3a], [3b] and [5] are steps for evaluating/determining the risk level of a user based on user’s attributes or input in the request and then analyze the user attributes using a fraud-risk model to generate results, including various solutions dependent upon the risk level. These mental steps or well known business activities for analyzing user request and determining various levels of risks associated with the user then provides well known solutions such as denial access to the account or allow access to the account.
The claim does not result in an improvement to the functioning of the computer system or to any other technology or technical field. Further, the claim limitations are not indicative of integration into a practical application by applying or using the judicial exception in some other meaningful way. The combination of these additional elements is no more than mere instructions to apply the exception using a generic device. Accordingly, even in combination, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea (e.g., a fundamental economic practice or mental processes) does not integrate a judicial exception into a practical application. See MPEP 2106.05(f).
C. Step 2B:
The claims recites the additional elements of steps [1]-[5] above.
Steps [1] and [4] are data gathering which are considered as insignificant extra-solution activity steps.
Steps [2], [3a], [3b] and [5] are steps for evaluating/determining the risk level of a user based on user’s attributes or input in the request and then analyze the user attributes using a fraud-risk model to generate results, including various solutions dependent upon the risk level. These mental steps or well known business activities for analyzing user request and determining various levels of risks associated with the user then provides well known solutions such as denial access to the account or allow access to the account.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because as discussed above, the additional elements, steps [2], [3a], [3b], [5], when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea(s). As for the system or article claims, mere instructions to apply an exertion using generic computer components cannot provide an inventive concept. These generic computer components are claimed at high level of generality to perform their basis functions which amount to no more than generally linking the use of the judicial exception to the particular technological environment of field of use and further see insignificant extra-solution activity MPEP 2106.05 (f), (g) and (h). The Symantec, TLI, and OIP Techs, court decisions cited in MPEP 2106.05(d)(II) indicate that mere receipt or transmission of data over a network, sorting data, analyzing data, and transmitting the data is a well-understood, routine and conventional function when it is claimed in a merely generic manner (as it is here). The claim are basically collect data, analyze data, and provide set of results, which are not patent eligible, see Electric Power Group, LLC. For these reasons, there is no inventive concept in the claim, and thus the claim is not patent eligible.
As for dep. claims 2-3 (part of 1 above), which deal with further details of the risk tier analysis, these further limit the abstract idea of the risk analysis options, without including: (a) an improvement to another technology or technical field, (b) an improvement to the functioning of the computer itself, or (c ) meaningful limitations beyond generally linking the use of an abstract idea to a particular technological environment. Therefore, claims 2-3 are not considered as being “significantly more”, and thus do not facilitate the claim to meet the “inventive concept”.
As for dep. claim 4 (part of 1 above), which deals with further details of the analysis of the account, i.e. account usage, this further limits the abstract idea of the analyzed account data, and is not considered as being “significantly more”, and thus does not facilitate the claim to meet the “inventive concept”.
As for dep. claims 5-7 (part of 1 above), which deal with further details of the risk tier analysis/determination, these further limit the abstract idea of the risk analysis options, without including: (a) an improvement to another technology or technical field, (b) an improvement to the functioning of the computer itself, or (c ) meaningful limitations beyond generally linking the use of an abstract idea to a particular technological environment. Therefore, claims 5-7 are not considered as being “significantly more”, and thus do not facilitate the claim to meet the “inventive concept”.
As for dep. claim 8 (part of 1 above), which deals with further details of the risk tier analysis/determination, updating the tier analysis using a ML model, this further limits the abstract idea of the risk analysis model, without including: (a) an improvement to another technology or technical field, (b) an improvement to the functioning of the computer itself, or (c ) meaningful limitations beyond generally linking the use of an abstract idea to a particular technological environment. Therefore, claim 8 is not considered as being “significantly more”, and thus do not facilitate the claim to meet the “inventive concept”.
Therefore, claims 1-20 are not drawn to eligible subject matter as they are directed to an abstract idea without significantly more. step 2B: NO
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103(a) are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
On October 10, 2007, the Patent Office issued the "Examination Guidelines for Determining Obviousness Under 35 U.S.C. 103 in View of the Supreme Court Decision in KSR International Co. v. Teleflex Inc.," 73 Fed. Reg. 57,526 (2007) (hereinafter the Examination Guidelines). Section III is entitled "Rationales to support rejections under 35 U.S.C. 103." Within this section is the following quote from the Supreme Court: "rejections on obviousness grounds cannot be sustained by merely conclusory statements; instead there must be some articulated reasoning with some rational underpinning to support the legal conclusion of obviousness." KSR Int'l Co. v. Teleflex Inc., 127 S. Ct. 1727, 1741 (2007) (quoting In re Kahn, 441 F.3d 977, 988 (Fed. Cir. 2006)).
Under the Examination Guidelines, the following is a list of rationales that may be used to support a finding of obviousness under 35 U.S.C. § 103:
(a) combining prior art elements according to known methods to yield predictable results;
(b) simple substitution of one known element for another to obtain predictable results;
(c) Use of known technique to improve similar devices (methods, or products) in the same way;
(d) Applying a known technique to a known device (method, or product) ready for improvement to yield predictable results;
(e) "Obvious to try" choosing from a finite number of identified, predictable solutions, with a reasonable expectation of success;
(f) Known work in one field of endeavor may prompt variations of it for use in either the same field or a different one based on design incentives or other market forces if the variations would have been predictable to one of ordinary skill in the art; and
(g) Some teaching, suggestion, or motivation (TSM) in the prior art that would have led one of ordinary skill to modify the prior art reference or to combine prior art reference teachings to arrive at the claimed invention.
Each rationale is resolved using the Graham factual inquiries.
Claims 1-8 (method), 9-14 (article), and 15 -20 (system1) are rejected under 35 pre-AIA U.S.C. 103(a) as being un-patentable over:
Name Publication
(1) CERVANTEZ US 2023/0.132.635, and
(2) FANG ET AL. 11,182,795, and
(3) CARPENTER ET AL. US 2016/0.086.184, and
As for independent claims 1, 9 and 15, CERVANTEZ fairly teaches a computer -implemented method for a business application, the method comprising:
[1] receiving, from a user computing device associated with a user, a request to create a digital account, the request comprising user enrollment data and device data associated with the user computing device;
{See Fig. 4, step 402, and respective [0036]}
PNG
media_image1.png
490
506
media_image1.png
Greyscale
PNG
media_image2.png
344
518
media_image2.png
Greyscale
PNG
media_image3.png
518
450
media_image3.png
Greyscale
[2] creating, in response to receiving the request, the digital account;
{see [0036] “to perform a task under a customer account… to create a new customer account, …”}
[3] determining an initial risk tier for the digital account from a plurality of risk tiers based on attributes corresponding to the user enrollment data and the device data;
{see Fig. 4, 404 “Analyze credentials associated with the request,” and 410 “obtain risk scores, relevant to request.” And par.
[0011… requests made using various customer credentials … suspicious or potentially fraudulent….] and
[0037]
PNG
media_image4.png
154
449
media_image4.png
Greyscale
[5] determining an updated risk tier for the digital account based on other criterias.
{see [0045… the data store is operable, …, to obtain, update or otherwise process data in response thereto..,], and
[claim 16 … to perform the updating of the machine learning model.], and
[0011… requests made using various customer credentials … suspicious or potentially fraudulent….] and Fig. 5, 502 “Obtain risk scores from authoritative sources,”, 504 “Determine overall risk score for requested task.”}. In view of the teaching of risk scores or levels and risk of fraudulent activities, it would have been obvious to create a fraud-risk hierarchy (level, structure) of accounts sorted according to respective likelihood that the digital accounts will perpetuate fraud-related incidents or activities.
As for the use of the fraud-rick machine learning model, CERVANTEZ discloses the use of the machine learning (ML) model for the process and the updating the model on claim 16.
CERVANTEZ fairly teaches the claimed invention except for explicitly discloses the use of ML model for the risk determination step and the model training features, step [identifying account usage data…, ], and using account usage data for step “determining… an updated risk tier.
In a similar business system with account management features, FANG ET AL. teaches the fraud-risk machine-learning model is trained using known attributes of existing digital accounts to determine expected risk tiers for the existing digital accounts based on historical fraud-related data, see claim 1.
PNG
media_image5.png
263
489
media_image5.png
Greyscale
Therefore, it would have been obvious to a person having ordinary skill in the art (PHOSITA) before the effective filing date of the claimed invention to application was filed to modify the system of CERVANTEZ by using ML model for determining the risk level and trained the model using existing data associated with the account as taught by FANG ET AL. , see claim 1.
CERVANTEZ /FANG ET AL. fairly teaches the claimed invention except for step [identifying account usage data…, ], and using account usage data for step “determining… an updated risk tier.
In a similar business system with account management features, CARPENTER ET AL. is cited to teach steps of:
[4] identifying account usage data corresponding to the digital account; and
PNG
media_image6.png
322
622
media_image6.png
Greyscale
[5] determining an updated risk tier (level) for the digital account based on the account usage data.
{see Fig. 3, “step 318 “Risk High, Medium or Low level (tier)” and respective [0102]}
Therefore, it would have been obvious to a person having ordinary skill in the art (PHOSITA) before the effective filing date of the claimed invention to application was filed to modify the system of CERVANTEZ /FANG ET AL. by identifying account usage data corresponding to the digital account and updating the risk tier/level as taught by CARPENTER ET AL. for effective account management, as taught in [0098].
Regarding dep. claim 2 (part of 1 above) and respective dep. claim 10 (part of 9 above) and respective 16 (part of 15 above), which deals with fraud risk parameters, comparing user address with geospatial location from the device data, this is taught in CERVANTEZ [0037].
PNG
media_image7.png
499
450
media_image7.png
Greyscale
Alternatively, this is also taught in CARPENTER ET AL. [0098] which teaches the use of a zip code (for geographic based authentication processes) and the requesting user 107, account, card, position of the mobile device 101, or any other data that is present in the provisioning request. The use of geospatial location from the device data would have been obvious because this is one many relevant to the user and the mobile device in view of the teaching of geographic based authentication processes.
Regarding dep. claim 3 (part of 1 above) and respective dep. claim 11 (part of 9 above) and respective 17 (part of 15 above), which deals the use of a fraud-risk model for determining the risk, this is taught in CERVANTEZ, see claim 16 … updating of the machine learning model..] and FANG ET AL. claim 1, col. 19, lines 5-20, or CARPENTER ET AL. [0129 …. The model used for the risk analysis…The model may also combine….].
Regarding dep. claim 4 (part of 1 above) and respective 18 (part of 15 above), which deals the feature of the usage of the account, i.e. transaction history, this is taught in CARPENTER ET AL. [0098] “determining how long the account has been open, a number of purchases in the past, etc.,].
Regarding dep. claims 5 (part of 1 above) and respective dep. claim 12 (part of 9 above) and respective 19 (part of 15 above), which deals the type of risk level or tier, this is taught in CARPENTER ET AL. [0105 ..determines which level of risk was determined… the risk score is within a range of values, ….] or CERVANTEZ [0037 … risk score analysis parameters].
Regarding dep. claims 6 (part of 1 above) and respective dep. claim 13 (part of 9 above), which deals with allowed activity for low-risk level, authorizing access to the account, this is taught in CERVANTEZ Fig. 4, element 406, “Valid?” “YES” and 414 “Exceed threshold?” “NO”, then “perform task”, 416.
Regarding dep. claims 7 (part of 1 above) and respective dep. claim 14 (part of 9 above), which deals with allowed action for high-risk level, authorizing access to the account, this is taught in CERVANTEZ Fig. 4, element 406, “Valid?” “NO”, the “Deny request” (408), and 414 “Exceed threshold?” “YES”, then “perform task”, then 418.
Regarding dep. claims 8 (part of 1 above) and respective dep. claim 20 (part of 15 above), which deals with determining of the risk tier using a machine-learning model, this is taught in CERVANTEZ claim 16 “updating … the machine learning model” or claim 19 “updating the machine learning algorithm….”
Response to Arguments
Applicant's arguments filed 08/29/25 have been fully considered but they are not persuasive.
(1) 101 Rejection:
Applicant’s comment on page 11 is noted but not persuasive. The specification pars. [0020]-[0023] has been reviewed and the claim scope appears to deal with improving business transactions by preventing fraud utilizing a fraud risk tier for initial and ongoing analysis/assessment of risk. The claim does not result in an improvement to the functioning of the computer system or to any other technology or technical field.
PNG
media_image8.png
294
676
media_image8.png
Greyscale
(2) 103 Rejection:
Applicant’s comment with the 103 rejection is not persuasive in view of the new citation to address the amended feature.
No claims are allowed.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Tan "Dean" D NGUYEN whose telephone number is (571)272-6806. The examiner can normally be reached on M-F: 6;30-4:30 PM ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Sarah M Monfeldt can be reached on 571-270-1833. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/TAN D NGUYEN/Primary Examiner, Art Unit 3689