IoT BASED AUTHENTICATION

§101 §103

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Status of Claims This action is in reply to the communication(s) filed on 11 February 2026. Claims 1, 11 and 17 are amended. Claim(s) 1-20 is/are currently pending and have been examined. Response to Arguments Applicant's arguments filed 11 February 2026 have been fully considered but they are not persuasive. Rejections under 35 U.S.C. §101 Applicant argues that the plurality of IoT enabled devices cannot be performed in the human mind. Examiner agrees as evidenced by the fact that the IoT devices are listed as additional elements in the 101 analysis. However, such recitations do not integrate the recited judicial exception into a practical application. “Use of a computer or other machinery in its ordinary capacity for economic or other tasks (e.g., to receive, store, or transmit data) or simply adding a general-purpose computer or computer components after the fact to an abstract idea (e.g., a fundamental economic practice or mathematical equation) does not integrate a judicial exception into a practical application or provide significantly more. See Affinity Labs v. DirecTV, 838 F.3d 1253, 1262, 120 USPQ2d 1201, 1207 (Fed. Cir. 2016) (cellular telephone); TLI Communications LLC v. AV Auto, LLC, 823 F.3d 607, 613, 118 USPQ2d 1744, 1748 (Fed. Cir. 2016) (computer server and telephone unit). Similarly, "claiming the improved speed or efficiency inherent with applying the abstract idea on a computer" does not integrate a judicial exception into a practical application or provide an inventive concept. Intellectual Ventures I LLC v. Capital One Bank (USA), 792 F.3d 1363, 1367, 115 USPQ2d 1636, 1639 (Fed. Cir. 2015)” (See MPEP 2106.05(f)). The use of generic computing components in the instant application to increase the speed or efficiency of the recited judicial exception does not afford the claim eligibility. Applicant arguers that the newly amended unique digital pattern is not an abstract mental process. Examiner respectfully disagrees. Step 2A Prong 1 requires examiners to evaluate whether a claim recites a judicial exception as the applicant cited. The elements which examiner identified in Step 2A Prong 1 are those which describe the noted abstract idea which means that the claim recites an abstract idea. “The mere inclusion of a judicial exception such as a mathematical formula (which is one of the mathematical concepts identified as an abstract idea in MPEP § 2106.04(a)) in a claim means that the claim "recites" a judicial exception under Step 2A Prong One.” See MPEP 2106.04(II)(A)(2). “When performing the analysis at Step 2A Prong One, it is sufficient for the examiner to provide a reasoned rationale that identifies the judicial exception recited in the claim and explains why it is considered a judicial exception (e.g., that the claim limitation(s) falls within one of the abstract idea groupings). Therefore, there is no requirement for the examiner to rely on evidence, such as publications or an affidavit or declaration under 37 CFR 1.104(d)(2), to find that a claim recites a judicial exception. Cf. Affinity Labs of Tex., LLC v. Amazon.com Inc., 838 F.3d 1266, 1271-72, 120 USPQ2d 1210, 1214-15 (Fed. Cir. 2016) (affirming district court decision that identified an abstract idea in the claims without relying on evidence); OIP Techs., Inc. v. Amazon.com, Inc., 788 F.3d 1359, 1362-64, 115 USPQ2d 1090, 1092-94 (Fed. Cir. 2015) (same); Content Extraction & Transmission LLC v. Wells Fargo Bank, N.A., 776 F.3d 1343, 1347, 113 USPQ2d 1354, 1357-58 (Fed. Cir. 2014) (same).” See MPEP 2106.07(a)(III). The omitted element(s) (if any) are elements in addition to the abstract idea (i.e. they are not abstract) which require further analysis under Step 2A Prong 2 in order to determine if they cause the recited abstract idea to be integrated into a practical application. See MPEP 2106.07(a)(II). The omitted element(s) (if any) are later enumerated under Step 2A Prong 2 as additional elements. The claims recite and/or describe a judicial exception because For example, but for the recited computer language, the limitations in the context of this claim describes Mitigating Risk or could reasonably describe an Evaluation. Mitigating Risk is described when analyzing data to determine a trust stated and determining said trust status. An Evaluation is described when analyzing data to determine a trust stated and determining said trust status. The claims recite and/or describe an abstract idea. The collected data coming from a computer does not negate this fact. Applicant argues that the machine learning is not a mental process. Examiner agrees as evidenced by the fact that the IoT devices are listed as additional elements in the 101 analysis. Step 2A Prong 1 requires examiners to evaluate whether a claim recites a judicial exception as the applicant cited. The elements which examiner identified in Step 2A Prong 1 are those which describe the noted abstract idea which means that the claim recites an abstract idea. “The mere inclusion of a judicial exception such as a mathematical formula (which is one of the mathematical concepts identified as an abstract idea in MPEP § 2106.04(a)) in a claim means that the claim "recites" a judicial exception under Step 2A Prong One.” See MPEP 2106.04(II)(A)(2). “When performing the analysis at Step 2A Prong One, it is sufficient for the examiner to provide a reasoned rationale that identifies the judicial exception recited in the claim and explains why it is considered a judicial exception (e.g., that the claim limitation(s) falls within one of the abstract idea groupings). Therefore, there is no requirement for the examiner to rely on evidence, such as publications or an affidavit or declaration under 37 CFR 1.104(d)(2), to find that a claim recites a judicial exception. Cf. Affinity Labs of Tex., LLC v. Amazon.com Inc., 838 F.3d 1266, 1271-72, 120 USPQ2d 1210, 1214-15 (Fed. Cir. 2016) (affirming district court decision that identified an abstract idea in the claims without relying on evidence); OIP Techs., Inc. v. Amazon.com, Inc., 788 F.3d 1359, 1362-64, 115 USPQ2d 1090, 1092-94 (Fed. Cir. 2015) (same); Content Extraction & Transmission LLC v. Wells Fargo Bank, N.A., 776 F.3d 1343, 1347, 113 USPQ2d 1354, 1357-58 (Fed. Cir. 2014) (same).” See MPEP 2106.07(a)(III). The omitted element(s) (if any) are elements in addition to the abstract idea (i.e. they are NOT abstract) which require further analysis under Step 2A Prong 2 in order to determine if they cause the recited abstract idea to be integrated into a practical application. See MPEP 2106.07(a)(II). The omitted element(s) (if any) are later enumerated under Step 2A Prong 2 as additional elements. The claims recite and/or describe a judicial exception. Applicant argues that the constellation structure provides a technical solution to the problem of transaction authentication and fraud detection thereby providing a specific technical improvement to IoT-based authentication systems. Examiner respectfully disagrees. The MPEP clarifies how additional elements can impose meaningful limits on a recited judicial exception: “Consideration of improvements is relevant to the eligibility analysis regardless of the technology of the claimed invention. That is, the consideration applies equally whether it is a computer-implemented invention, an invention in the life sciences, or any other technology. See, e.g., Rapid Litigation Management v. CellzDirect, Inc., 827 F.3d 1042, 119 USPQ2d 1370 (Fed. Cir. 2016), in which the court noted that a claimed process for preserving hepatocytes could be eligible as an improvement to technology because the claim achieved a new and improved way for preserving hepatocyte cells for later use, even though the claim is based on the discovery of something natural. Notably, the court did not distinguish between the types of technology when determining the invention improved technology. However, it is important to keep in mind that an improvement in the abstract idea itself (e.g. a recited fundamental economic concept) is not an improvement in technology. For example, in Trading Technologies Int’l v. IBG, 921 F.3d 1084, 1093-94, 2019 USPQ2d 138290 (Fed. Cir. 2019), the court determined that the claimed user interface simply provided a trader with more information to facilitate market trades, which improved the business process of market trading but did not improve computers or technology.” (MPEP 2106.05(a)(II)) Drawing attention to the emphasized section, an improvement in the judicial exception itself is not an improvement in technology. In the current case, regardless of whether or not applicant’s invention improves the recited judicial exception, improving a method, algorithm, or process of a judicial exception absent of any technological modification, would be an improvement to the judicial exception (e.g. via the improvement in the efficiency of the judicial exception), but does not improve computers or technology. Applicant argues that the machine learning comparison provides a specific technical implementation that improves fraud detection capabilities. Examiner respectfully disagrees. “The courts often cite to Parker v. Flook as providing a classic example of a field of use limitation. See, e.g., Bilski v. Kappos, 561 U.S. 593, 612, 95 USPQ2d 1001, 1010 (2010) ("Flook established that limiting an abstract idea to one field of use or adding token postsolution components did not make the concept patentable") (citing Parker v. Flook, 437 U.S. 584, 198 USPQ 193 (1978)). In Flook, the claim recited steps of calculating an updated value for an alarm limit (a numerical limit on a process variable such as temperature, pressure or flow rate) according to a mathematical formula "in a process comprising the catalytic chemical conversion of hydrocarbons." 437 U.S. at 586, 198 USPQ at 196. Processes for the catalytic chemical conversion of hydrocarbons were used in the petrochemical and oil-refining fields. Id. Although the applicant argued that limiting the use of the formula to the petrochemical and oil-refining fields should make the claim eligible because this limitation ensured that the claim did not preempt all uses of the formula, the Supreme Court disagreed. 437 U.S. at 588-90, 198 USPQ at 197-98. Instead, the additional element in Flook regarding the catalytic chemical conversion of hydrocarbons was not sufficient to make the claim eligible, because it was merely an incidental or token addition to the claim that did not alter or affect how the process steps of calculating the alarm limit value were performed. Further, the Supreme Court found that this limitation did not amount to an inventive concept. 437 U.S. at 588-90, 198 USPQ at 197-98. The Court reasoned that to hold otherwise would "exalt[] form over substance", because a competent claim drafter could attach a similar type of limitation to almost any mathematical formula. 437 U.S. at 590, 198 USPQ at 197.” See MPEP 2106.05(h). The recitation of machine learning does not altar or affect the process steps of how the fraud detection is performed. The machine learning does not integrate the recited judicial exception into a practical application. Applicant argues that the instant claims are similar to Example 40 of the USPTO’s “Subject Matter Eligibility Examples: Abstract Ideas” for use in conjunction with the 2019 PEG. Examiner respectfully disagrees. Example 40 is eligible because the claim is integrated into a practical application through being directed towards an improvement of network monitoring technology. In Example 40 network traffic data is collected to determine whether or not to further collect NetFlow records which in the background is discussed to be very large such that continuous collection of NetFlow records would hinder network performance. “Specifically, the method limits collection of additional Netflow protocol data to when the initially collected data reflects an abnormal condition, which avoids excess traffic volume on the network and hindrance of network performance. The collected data can then be used to analyze the cause of the abnormal condition. This provides a specific improvement over prior systems, resulting in improved network monitoring. The claim as a whole integrates the mental process into a practical application” (Eligibility Example 40). The instant application is not so concerned with limiting collection of a NetFlow data or any collector that would hinder network performance if run continuously. Rather, the application is merely applying a commonplace business method (i.e. fraud detection and fraud detection modelling) on a general purpose computer which the courts have indicated may not be sufficient to show an improvement to technology (See MPEP 2106.05(a)(II)). Example 40 is not analogous to the instant claims. Rejections under 35 U.S.C. §103 Applicant argues that Votaw does not teach aggregating interaction data from multiple physically distinct IoT devices with geolocation and timestamp information for each device interaction. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). Kodali addresses this deficiency by collecting data from multiple IoT enabled devices including from third-party platforms (see the instant 103 rejection. Applicant argues that Kodali does not teach generating a unique digital pattern of IoT device interactions. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). Votaw already discloses patterning of user device interaction with their IoT device (i.e. constellation) in the combination. Applicant argues that Mardikar does not teach generating constellations based on IoT device interactions. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). Votaw already discloses patterning of user device interaction with their IoT device (i.e. constellation) in the combination. Applicant argues that none of the cited references teaches or suggests using a machine learning model. Examiner respectfully disagrees. Although Votaw does not disclose machine learning, Kodali teaches “Any action items not listed above may be recognized and categorized by the system 200 based on a similarity comparison (e.g., using supervised machine learning) to identify which of the action items explicitly discussed herein are most similar to the unlisted action item.” See at least paragraph [0033]. It would be obvious to one of ordinary skill in the art before the effective filing date to use machine learning for similarity comparisons as taught by Kodali because Kodali additionally teaches the motivation that “In this manner, the multi-data source personality profile generator 110 can utilize techniques (e.g., the one or more pattern recognition algorithms) to generate the behavior metrics 124.” See at least paragraph [0051]. Also, usage of machine learning for similarity measures as taught by Kodali in the system of Votaw is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable. The combination with Kodali teaches comparison using machine learning. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Step 1 of the 101 Analysis: Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claims recites a computing platform, method, and non-transitory machine-readable storage medium for IoT based Authentication. These are a machine, process, and article of manufacture which are within the four categories of statutory subject matter. Step 2A Prong 1 of the 101 Analysis: The following limitations and/or similar versions are recited in claim(s) 1, 11 and 17: Claim 1, 11 and 17: “generate a first constellation, the first constellation based on the received plurality of IoT enabled devices information regarding the interactions with the user of the plurality of IoT enabled devices, wherein the first constellation comprises a unique digital pattern of IoT device interactions with the user, the unique digital pattern including geolocation information and time stamp information associated with each interaction with the plurality of IoT enabled devices;” “compare,…, the first generated constellation to at least a second constellation stored in the memory;” “determine a trust status based on the compared first generated constellation to the at least stored second constellation;” These limitations, as drafted, are a process that, under its broadest reasonable interpretation, describes Fundamental Economic Principles or Practices or could reasonably describe Concepts Performed in the Human Mind but for the recitation of generic computer components. That is, other than reciting “a plurality of IoT enabled devices”, “at least one processor”, “memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to:”, or “A non-transitory machine-readable storage medium storing machine-readable instructions that when executed, cause an apparatus to:” nothing in the claims’ elements precludes the steps from practically describing Fundamental Economic Principles or Practices or Concepts Performed in the Human Mind. For example, but for the recited computer language, the limitations in the context of this claim describes Mitigating Risk or could reasonably describe an Evaluation. Mitigating Risk is described when analyzing data to determine a trust stated and determining said trust status. An Evaluation is described when analyzing data to determine a trust stated and determining said trust status. If a claim limitations, under their broadest reasonable interpretation, describes Fundamental Economic Principles or Practices or Concepts Performed in the Human Mind but for the recitation of generic computer components, then it falls within the “Certain Methods of Organizing Activity” or “Mental Processes” grouping of abstract ideas respectively. Accordingly, the independent claims recite an abstract idea. Step 2A Prong 2 of the 101 Analysis: This judicial exception is not integrated into a practical application. In particular, the independent claim(s) recite the following (or similar) additional elements: Claim(s) 1, 11 and 17: “receive from a plurality of IoT enabled devices information regarding interactions with a user of the plurality of IoT enabled devices and at least one third party IoT enabled device;” “…using a machine learning model…” “transmit the trust status to the plurality of IoT enabled devices.” Claim 1: “at least one processor;” “memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to:” Claim 17: “A non-transitory machine-readable storage medium storing machine-readable instructions that when executed, cause an apparatus to:” The computer components (IoT enabled devices, at least one processor, memory storing computer-readable instructions, and non-transitory machine-readable storage medium storing machine-readable instructions) are recited at a high level of generality (i.e. as generic IoT enabled devices, a generic processor, and generic storage) such that it amounts to no more than mere instructions to implement the judicial exception on a computer or by using a computer merely as a tool to perform an existing process. These element(s) in combination do not add anything that is not already present when the steps are considered separately. Simply implementing an abstract idea on a computer as a tool to perform an existing process is not indicative of integration into a practical application (See MPEP § 2106.05(f).) The receiving and transmitting step(s) are recited at a high-level of generality (i.e., as generally receiving and generally transmitting) such that they amounts to no more than mere data gathering which is adding insignificant extra-solution activity. These element(s) in combination do not add anything that is not already present when the steps are considered separately. Simply adding insignificant extra-solution activity is not indicative of integration into a practical application (See MPEP § 2106.05(g).) The use of machine learning is implemented at a high level of generality (i.e. as simply using the technology) such that it amounts to no more than generally linking the use of the judicial exception to a particular technological environment or field of use. These element(s) in combination do not add anything that is not already pre-sent when the steps are considered separately. Generally linking the use of the judicial exception to a particular technological environment or field of use is not indicative of integration into a practical application (See MPEP § 2106.05(h).) Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The independent claims are directed to an abstract idea. Step 2B of the 101 Analysis: The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements identified in Step 2A Prong 2 (if any) amount to no more than mere instructions to implement the judicial exception on a computer or no more than mere data gathering or data outputting which only adds insignificant extra solution activity to the judicial exception. Accordingly, the Examiner: • Carries over their identification of the additional element(s) in the claim from Step 2A Prong Two; • Carries over their conclusions from Step 2A Prong Two on the considerations discussed in MPEP §§ 2106.05(a) - (c), (e) (f) and (h): • Re-evaluates any additional element or combination of elements that was considered to be insignificant extra-solution activity per MPEP § 2106.05(g), because if such re-evaluation finds that the element is unconventional or otherwise more than what is well-understood, routine, conventional activity in the field, this finding may indicate that the additional element is no longer considered to be insignificant. These element(s) in combination do not add anything that is not already present when the steps are considered separately. Adding insignificant extra-solution activity cannot provide an inventive concept when the activities are well-understood routine and conventional. The courts have recognized the following computer functions as well-understood, routine, and conventional functions when they are claimed in a merely generic manner: (for receiving/transmitting various data) Receiving or transmitting data over a network, (See MPEP § 2106.05(d)(II)). The independent claims are not patent eligible. Dependent Claim(s) 2-10, 12-16 and 18-20 recite limitations that are similar to the abstract idea noted in the independent claims because they further narrow the independent claim(s) which recite one or more judicial exceptions. Accordingly, these claim elements do not serve to confer subject matter eligibility to the claims since they recite abstract ideas. The claims are not patent eligible. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claim(s) 1-9, 11-15 and 17-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Votaw et al. (US 2016/0055487 A1 hereinafter Votaw) in view of Mardikar et al. (US 2020/0311734 A1 hereinafter Mardikar) and in further view of Kodali et al. (US 2023/0224540 A1 hereinafter Kodali). Claim 1 A computing platform for authenticating transactions associated with a user, the computing platform comprising: at least one processor; and (Votaw discloses a processor. See at least paragraph [0003].) memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: (Votaw discloses memory storing code executable by the processor to perform embodiments of the invention. See at least paragraph [0003].) receive from a plurality of IoT enabled devices information regarding interactions with a user of the plurality of IoT enabled devices and at least one third party IoT enabled device; (Votaw discloses receiving a set of apparatus activities (i.e. device information regarding interactions with an IoT). See at least paragraph [0059]. Votaw discloses user pattern analysis may include identification of one or more second apparatus activities aggregated with the first apparatus activities. See at least paragraphs [0060]-[0061]. Although Votaw does disclose multiple apparatus activities, they might not explicitly disclose receiving said data from a plurality of IoT enabled devices. Kodali teaches that Internet of Things action data (i.e. interactions) relating to a risk assessment may be collected from a plurality of Internet of Things devices including from third-party platforms. See at least paragraphs [0018], [0031], [0041] and [0064]. It would be obvious to one of ordinary skill in the art before the effective filing date to collect data from a plurality of Internet of Things devices as taught by Kodali for the behavior analysis of Votaw because Kodali additionally teaches the motivation that such data allows for complex services, such as risk assessment, involving various facets of an individual. See at least paragraph [0002].) generate a first constellation, the first constellation based on the received plurality of IoT enabled devices information regarding the interactions with the user of the plurality of IoT enabled devices wherein the first constellation comprises a unique digital pattern of IoT device interactions with the user, the unique digital pattern including geolocation information and time stamp information associated with each interaction with the plurality of IoT enabled devices; (Votaw discloses detecting user patterns (i.e. constellations) based on user interaction with the computing device. See at least paragraph [0003]. Votaw discloses user pattern analysis may include identification of one or more second apparatus activities aggregated with the first apparatus activities. See at least paragraphs [0060]-[0061]. Votaw discloses information may include sensor information from a global positions system device. See at least paragraph [0073]. Votaw discloses patterns may include time of day (i.e. time stamp information) when a user interactions with applications. See at least paragraph [0010]. Usage of data from a plurality of IoT enabled devices is taught by the combination with Kodali as shown above which Examiner incorporates herein.) compare, using a machine learning model, the first generated constellation to at least a second constellation stored in the memory; (Votaw discloses determining a level of authentication (i.e. trust status required for a transaction based on a user pattern score. See at least paragraphs [0064]-[0065]. Votaw discloses determining a threshold score based on comparing the identification set of user patterns with a baseline set of user patterns (i.e. second constellation stored in memory). See at least paragraphs [0005] and [0015]. Votaw does not disclose machine learning. Although Votaw does not disclose machine learning, Kodali teaches “Any action items not listed above may be recognized and categorized by the system 200 based on a similarity comparison (e.g., using supervised machine learning) to identify which of the action items explicitly discussed herein are most similar to the unlisted action item.” See at least paragraph [0033]. It would be obvious to one of ordinary skill in the art before the effective filing date to use machine learning for similarity comparisons as taught by Kodali because Kodali additionally teaches the motivation that “In this manner, the multi-data source personality profile generator 110 can utilize techniques (e.g., the one or more pattern recognition algorithms) to generate the behavior metrics 124.” See at least paragraph [0051]. Also, usage of machine learning for similarity measures as taught by Kodali in the system of Votaw is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.) determine a trust status based on the compared first generated constellation to the at least stored second constellation; and (Votaw discloses determining a level of authentication (i.e. trust status required for a transaction based on a suer pattern score. See at least paragraphs [0064]-[0065]. Votaw discloses determining a threshold score based on comparing the identification set of user patterns with a baseline set of user patterns (i.e. second constellation stored in memory). See at least paragraph [0005] and [0015].) transmit the trust status to the plurality of IoT enabled devices. (Although Votaw does disclose collecting data across a plurality of network devices, they might not explicitly disclose transmitting the trust status to the plurality of IoT enable devices. Mardikar teaches that a network with IoT devices including third-party device data (Mardikar discloses any functions or steps may be outsourced to or performed by one or more third parties) may share data including fraud scores (i.e. trust level). See at least paragraphs [0019], [0033]-[0034] and [0053]. It would be obvious to one of ordinary skill in the art before the effective filing date to share a fraud score among a network as taught by Mardikar by sharing the trust status of Votaw among its network of IoT devices because Mardikar additionally teaches the motivation that this allows for a dynamic trust score based on a network of data. See at least paragraphs [0001]-[0002]. Also, sharing a fraud score among a network as taught by Mardikar by sharing the trust status of Votaw among its network of IoT devices is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.) Claim 2 The computing platform of claim 1, wherein the computer-readable instructions, when executed by the at least one processor, cause the computing platform to receive interaction information from at least one third party IoT enabled device. (Receipt and usage of third-party data is taught by the combination with Mardikar as shown above which Examiner incorporates herein.) Claim 3 The computing platform of claim 1, wherein the computer-readable instructions, when executed by the at least one processor, cause the computing platform to determine a risk ranking based on the comparison of the first generated constellation to the at least a second constellation stored in the memory. (Votaw discloses determining a level of authentication (i.e. trust status) required for a transaction based on a user pattern score (i.e. risk ranking). See at least paragraphs [0064]-[0065].) Claim 4 The computing platform of claim 3, wherein the risk ranking is updated based on a defined time period comprising real-time updates. (Votaw discloses data may be based on interactions at a time of day (i.e. based on a defined time period). See at least paragraph [0082]. Votaw discloses continuously updating user patters (i.e. in real-time). See at least paragraph [0085].) Claim 5 The computing platform of claim 3, wherein the risk ranking is updated based on detection of a generated constellation. (Votaw discloses updating user patterns when new data is received. See at least paragraph [0085]. Votaw discloses determining user pattern score by comparing the present pattern of usage to the normal pattern of usage. See at least paragraph [0015].) Claim 6 The computing platform of claim 1, wherein the plurality of IoT enabled devices information comprises geolocation information. (Votaw discloses information may include sensor information from a global positions system device. See at least paragraph [0073].) Claim 7 The computing platform of claim 1, wherein the plurality of IoT enabled devices information comprises time stamp information. (Votaw discloses patterns may include time of day (i.e. time stamp information) when a user interactions with applications. See at least paragraph [0010].) Claim 8 The computing platform of claim 1, wherein the determined trust status is further based on participation in a trust group. (Examiner notes the collection of consenting IoT devices is a trust group as per the applicant’s specification at paragraph [71] and therefore analysis based on said group’s data is analysis based on participation in a trust group. Votaw discloses detecting user patterns (i.e. constellations) based on user interaction with the computing device. See at least paragraph [0003]. Votaw discloses user pattern analysis may include identification of one or more second apparatus activities aggregated with the first apparatus activities. See at least paragraphs [0060]-[0061].) Claim 9 The computing platform of claim 8, wherein the trust group comprises members of a work group. (While Votaw does disclose collecting data from a trust group, they might not explicitly disclose where the trust group comprises members of a work group. Mardikar teaches that registration of a digital identity in connection with a dynamic trust score may include indicating that an employer has verified that the user works for said employer (i.e. work group). See at least paragraph [0035]. It would be obvious to one of ordinary skill in the art before the effective filing date to use the work group designation as taught by Mardikar in the system of Votaw because Mardikar additionally teaches the motivation that this identity verifies that the user is who they claim to be and/or the like. See at least paragraphs [0035]-[0036]. Also, using the work group designation as taught by Mardikar in the system of Votaw is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.) Claim 11 A method comprising: … The remainder of Claim 11 is substantially similar to or broader than the corresponding elements in Claim 1 and is therefore rejected using similar reasoning. Claim 12 Claim 12 is substantially similar to or broader than the corresponding elements in Claim 2 and is therefore rejected using similar reasoning. Claim 13 The method of claim 12, further comprising generating a third constellation based on the received third party information regarding interaction with the user and the received plurality of IoT enabled devices information regarding the interactions with the user. (Receipt and usage of third-party data is taught by the combination with Mardikar as shown above which Examiner incorporates herein. Votaw discloses determining a level of authentication (i.e. trust status) required for a transaction based on a user pattern score (i.e. risk ranking). See at least paragraphs [0064]-[0065].) Claim 14 Claim 14 is substantially similar to or broader than the corresponding elements in Claim 8 and is therefore rejected using similar reasoning. Claim 15 Claim 15 is substantially similar to or broader than the corresponding elements in Claim 9 and is therefore rejected using similar reasoning. Claim 17 A non-transitory machine-readable storage medium storing machine-readable instructions that when executed, cause an apparatus to: (Votaw discloses embodiment using a non-transitory computer-readable medium. See at least paragraph [0095].) … The remainder of Claim 17 is substantially similar to or broader than the corresponding elements in Claim 1 and is therefore rejected using similar reasoning. Claim 18 Claim 18 is substantially similar to or broader than the corresponding elements in Claim 2 and is therefore rejected using similar reasoning. Claim 19 Claim 19 is substantially similar to or broader than the corresponding elements in Claim 8 and is therefore rejected using similar reasoning. Claim(s) 10, 16 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Votaw et al. (US 2016/0055487 A1 hereinafter Votaw) in view of Mardikar et al. (US 2020/0311734 A1 hereinafter Mardikar) further in view of Kodali et al. (US 2023/0224540 A1 hereinafter Kodali) further in view of Santosh et al. (US 2023/0145741 A1 hereinafter Santosh). Claim 10 The computing platform of claim 8, wherein the computer-readable instructions, when executed by the at least one processor, cause the computing platform to recommend specific trust groups based on analysis of generated intersecting constellations. (Although Votaw does disclose collecting information from a trust group, they might not explicitly disclose recommending specific trust groups based on analysis of generated intersecting constellations. Santosh teaches that a controller may suggest people (i.e. another specific trust group) to a sender who match previously identified behavior (i.e. generated intersecting constellations). See at least paragraph [0115]. It would be obvious to one of ordinary skill in the art before the effective filing date to implement suggesting matching people to a user as taught by Santosh in the system of Votaw because Santosh also teaches the motivation that these suggested people are most likely to also benefit from the senders product. See at least paragraph [0115]. Also, implementing suggest matching people to a user as taught by Santosh in the system of Votaw is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.) Claim 16 Claim 16 is substantially similar to or broader than the corresponding elements in Claim 10 and is therefore rejected using similar reasoning. Claim 20 Claim 20 is substantially similar to or broader than the corresponding elements in Claim 10 and is therefore rejected using similar reasoning. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Hallac (US 2023/0237335 A1) discloses usage of an LSTM to generate a fingerprint. Gean (WO 2024/097498 A1) discloses authentication based on user interactions. Dahit et al. (“Dynamic Trust and Risk Scoring Using Last-Known Profile Learning”) discloses a risk calculation method for IoT environments. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to ADAM J HILMANTEL whose telephone number is (571)272-8984. The examiner can normally be reached M-F 8:30AM-5:00PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Abhishek Vyas can be reached at (571) 270-1836. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /A.H./Examiner, Art Unit 3691 /ABHISHEK VYAS/Supervisory Patent Examiner, Art Unit 3691