System and Method for Validating an Interaction of a User Using Encrypted Data in a Distributed Network

§101 §103

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on November 10, 2025 has been entered. Response to Amendment The amendment filed November 10, 2025 has been entered. Claims 1-6, 8-13, and 15-19 remain pending in the application. Applicant' s amendments to the Claims have overcome each and every objections previously set forth in the Final Office Action mailed July 25, 2025. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-6, 8-13, and 15-19 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more. Under the Step 1 of the Section 101 analysis, Claims 1-6 and 15-19 are drawn to a system which is within the four statutory categories (i.e. a machine), and Claims 8-13 are drawn to a method which is within the four statutory categories (i.e., a process). Since the claims are directed toward statutory categories, it must be determined if the claims are directed towards a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea). Based on consideration of all of the relevant factors with respect to the claim as a whole, claims 1-6, 8-13, and 15-19 are determined to be directed to an abstract idea. The rationale for this determination is explained below: Regarding Claims 1, 8, and 15: Claims 1, 8, and 15 are drawn to an abstract idea without significantly more. The claims recite “cause a first network node to generate a first encrypted data set by encrypting using homomorphic encryption a first data set received at the first network node from a first user device of a first device type associated with the user, wherein the first data set comprises a first interaction pattern of interactions performed by the user using the first user device in a previous time duration, wherein the first interaction pattern comprises first geolocation data associated with the first user device over the previous time duration; cause the first network node to store the first encrypted data set in a memory associated with the first network node; cause a second network node to generate a second encrypted data set by encrypting using homomorphic encryption aa second data set received at the second network node from a second user device of a second device type associated with the user, wherein the second data set comprises a second interaction pattern of interactions performed by the user using the second user device in the previous time duration, wherein the second interaction pattern comprises second geolocation data associated with the second user device over the previous time duration; cause the second network node to store the second encrypted data set in a memory associated with the second network node; train an artificial intelligence (AI) engine to identify anomalies in interaction data sets relating to interactions requested by user devices associated with the user, wherein the AI engine is trained based on the first data set relating to the first user device and the second data set associated with the second user device; electronically receive a request from a third user device associated with the user to perform the interaction, wherein the processor is configured to receive the interaction data set associated with the interaction from the third user device, wherein the interaction data set associated with the interaction comprises third geolocation data associated with the third user device collected at the time of the interaction by the third user device; and in response to the request: retrieve the first encrypted data set from the memory associated with the first network node; retrieve the second encrypted data set from the memory associated with the second network node; execute the AI engine to: compare the interaction data set to the first encrypted data set and the second encrypted data set, wherein the comparing comprises comparing the third geolocation data with the first geolocation data associated with the first user device of the first device type over the previous time period and the second geolocation data associated with the second user device of the second device type over the previous time duration; determine, based on the comparison, that the third geolocation data does not match with the first geolocation data as well as the second geolocation data; and in response to determining that the third geolocation data does not match with the first geolocation data as well as the second geolocation data, determine that an anomaly exists in the interaction data set, wherein the anomaly comprises a mismatch of the third geolocation data from the interaction data set of the interaction requested by the user with the first geolocation data and the second geolocation data; and in response to identifying the anomaly, stop the interaction from being performed by denying the request from the user device to perform the interaction.” Under the Step 2A Prong One, the limitations, as underlined above, are processes that, under its broadest reasonable interpretation, cover Certain Methods Of Organizing Human Activity such as commercial or legal interactions (including agreements in the form of contracts; legal obligations; advertising, marketing or sales activities or behaviors; business relations). For example, but for the “network node”, “encrypted data set”, “user device”, “memory”, “Artificial Intelligence (AI) engine”, “electronically”, and “processor” language, the underlined limitations in the context of this claim encompass the human activity or mental processes. The series of steps belong to a typical sales activities or behaviors, because entities such as nodes and the user interact with one another and process data or information for validating an interaction of the user. Especially, the geolocation data associated with the user still can be processed manually by people. Under the Step 2A Prong Two, this judicial exception is not integrated into a practical application. In particular, the claim only recites additional elements – “A system for validating an interaction of a user in a network, the system comprising: a memory operable to store an interaction data set associated with interactions associated with the user; a processor operably coupled to the memory and configured to:”, “A method for validating an interaction of a user in a network, the method comprising:”, “A system for validating an interaction of a user in a network, the system comprising: a first network node in the network, the first network node comprising a first processor configured to receive a first data set associated with a first user identifier, the first network node further comprising a memory associated with the first network node, the memory configured to store a first encrypted data set; a second network node in the network, the first network node comprising a second processor configured to receive a second data set associated with a second user identifier, the second network node comprising a memory associated with the second network node, the memory configured to store a second encrypted data set; an entity server comprising a memory operable to store an interaction data set associated with the interaction with a user device associated with the user, the entity server comprising a third processor operably coupled to the memory and configured to:”, “network node”, “encrypted data set”, “user device”, “memory”, “Artificial Intelligence (AI) engine”, “electronically”, and “processor”. The additional elements are recited at a high-level of generality (i.e., performing generic functions of an interaction) such that it amounts no more than mere instructions to apply the exception using a generic computer component, merely implementing an abstract idea on a computer, or merely using a computer as a tool to perform an abstract idea. Additionally, regarding the specification and claims, there is no improvement in the functioning of a computer or an improvement to other technology or technical field present, there is no applying or using the judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition present, there is no implementing the judicial exception with or using the judicial exception in conjunction with a particular machine or manufacture that is integral to the claim present, there is no effecting a transformation or reduction of a particular article to a different state or thing present, and there is no applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment present such that the claim as a whole is more than a drafting effort designed to monopolize the exception. Accordingly, these additional elements, individually or in combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claims are directed to an abstract idea. Under the Step 2B, the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements in the process amounts to no more than mere instructions to apply the exception using generic computer components. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claims are not patent eligible. Regarding Claims 2-6, 9-13, and 16-19: Dependent claims 2-6, 9-13, and 16-19 include additional limitations, for example, “network node”, “encrypted data set”, and “homomorphic encryption” (Claims 2, 9, and 16); “network node”, “encrypted data set”, and “social media” (Claims 3, 10, and 17); “encrypted data set”, “social media”, and “network node” (Claims 4, 11, and 18); “artificial intelligence engine” and “encrypted data set” (Claims 5, 12, and 19); and “user device”, “network node”, and “encrypted data set” (Claims 6 and 13), but none of these limitations are deemed significantly more than the abstract idea because, as stated above, they require no more than generic computer structures or signals to be executed, and do not recite any Improvements to the functioning of a computer, or Improvements to any other technology or technical field. Thus, taken alone, the additional elements do not amount to significantly more than the above-identified judicial exception (the abstract idea). Furthermore, looking at the limitations as an ordered combination adds nothing that is not already present when looking at the elements taken individually. There is no indication that the combination of elements improves the functioning of a computer or improves any other technology, and their collective functions merely provide conventional computer implementation or implementing the judicial exception on a generic computer. Therefore, whether taken individually or as an ordered combination, claims 2-6, 9-13, and 16-19 are nonetheless rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-6, 8-13, and 15-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gupta (US 20160203490 A1) in view of An (WO 2023128341 A1; refer to the English translation), and in further view of Adjaoute (US 20150039513 A1). Regarding Claims 1, 8, and 15, Gupta teaches A system for validating an interaction of a user in a network, the system comprising (Gupta: Abstract; Paragraph(s) 0063): a memory operable to store an interaction data set associated with interactions associated with the user; a processor operably coupled to the memory and configured to (Gupta: Fig. 2; Paragraph(s) 0042-0043, 0053-0054, 0085): A method for validating an interaction of a user in a network, the method comprising (Gupta: Abstract; Paragraph(s) 0063): A system for validating an interaction of a user in a network, the system comprising (Gupta: Abstract; Paragraph(s) 0063): a first network node in the network, the first network node comprising a first processor configured to receive a first data set associated with a first user identifier, the first network node further comprising a memory associated with the first network node, the memory configured to store a first encrypted data set; a second network node in the network, the first network node comprising a second processor configured to receive a second data set associated with a second user identifier, the second network node comprising a memory associated with the second network node, the memory configured to store a second encrypted data set (Gupta: Fig. 2; Paragraph(s) 0042-0043, 0049, 0066-0067, 0070, 0085); an entity server comprising a memory operable to store an interaction data set associated with the interaction with a user [device] associated with the user, the entity server comprising a third processor operably coupled to the memory and configured to (Gupta: Fig. 2; Paragraph(s) 0042-0043, 0053-0054, 0085): cause a first network node to generate a first encrypted data set by encrypting using … a first data set received at the second network node from a second user device of a second device type associated with the user, wherein the second data set comprises a second interaction pattern of interactions performed by the user using the second user device in the previous time duration, wherein the second interaction pattern comprises second geolocation data associated with the second user device over the previous time duration (Gupta: Paragraph(s) 0042, 0049, 0070, 0056, 0139-0141, 0145, 0136-0137 teach(es) the computing environment may be configured to retain the processed information within memory so that responses can be generated for the user at different levels of detail as well as allow a user to interactively query against this information; data and/or transactional details may be encrypted; The transmission network database system may be for managing, storing, and retrieving large amounts of data that are distributed to and stored in the one or more network-attached data stores or other data stores that reside at different locations within the transmission network database system; a network device can allow a user to access, control, and/or configure devices, such as office-related devices (e.g., copy machine, printer, or fax machine), audio and/or video related devices (e.g., a receiver, a speaker, a projector, a DVD player, or a television), media-playback devices (e.g., a compact disc player, a CD player, or the like), computing devices (e.g., a home computer, a laptop computer, a tablet, a personal digital assistant (PDA), a computing device, or a wearable device), etc.; The retrieved data typically includes customer identification data and purchase location data, based on the card account number and the merchant information that typically accompanies the request for authorization of the transaction); cause the first network node to store the first encrypted data set in a memory associated with the first network node (Gupta: Paragraph(s) 0042, 0049, 0070 teach(es) Network-attached data stores are used to store data to be processed by the computing environment as well as any intermediate or final data generated by the computing system in non-volatile memory); cause a second network node to generate a second encrypted data set by encrypting using … a second data set received at the second network node from a second user device of a second device type associated with the user, wherein the second data set comprises a second interaction pattern of interactions performed by the user using the second user device in the previous time duration, wherein the second interaction pattern comprises second geolocation data associated with the second user device over the previous time duration (Gupta: Paragraph(s) 0042, 0049, 0070, 0056, 0139-0141, 0145, 0136-0137, as stated above); cause the second network node to store the second encrypted data set in a memory associated with the second network node (Gupta: Paragraph(s) 0042, 0049, 0070 teach(es) Network-attached data stores are used to store data to be processed by the computing environment as well as any intermediate or final data generated by the computing system in non-volatile memory); train an [artificial intelligence (AI)] engine to identify anomalies in interaction data sets relating to interactions requested by user devices associated with the user, wherein the [AI] engine is trained based on the first data set relating to the first user device and the second data set associated with the second user device (Gupta: Paragraph(s) 0138, 0166, 0171 teach(es) technology such as decision trees, PCA (principal component analysis), and CNN (compression neural networks), for example, may be used to create a measure of how similar or dissimilar a given transaction is from a group of previous transactions. Training such a model can be performed with or without a target, depending on the needs and desires of the end client; The travel score is produced using hundreds of complex variables derived based on the transactional history using machine learning techniques, such as neural networks and statistical analysis. A few examples include the average amount spent on airline purchases during particular time of the year from certain geographical locations, and the number of travel related purchases, such as airline, hotel, car rental, rail, bus/charter, cruise, and tour operators, among others); electronically receive a request from a third user device associated with the user to perform the interaction, wherein the processor is configured to receive the interaction data set associated with the interaction from the third user device, wherein the interaction data set associated with the interaction comprises third geolocation data associated with the third user device collected at the time of the interaction by the third user device (Gupta: Paragraph(s) 0100, 0102-0103, 0139-0141, 0054, 0056, 0145, 0136-0137 teach(es) The query may be transmitted to the control node, where the query may include a request for executing a project; a network device can allow a user to access, control, and/or configure devices, such as computing devices (e.g., a home computer, a laptop computer, a tablet, a personal digital assistant (PDA), a computing device, or a wearable device), etc.); and in response to the request: retrieve the first encrypted data set from the memory associated with the first network node; retrieve the second encrypted data set from the memory associated with the second network node (Gupta: Paragraph(s) 0051, 0140-0141, 0061, 0049, 0070 teach(es) The transmission network database system may be for managing, storing, and retrieving large amounts of data that are distributed to and stored in the one or more network-attached data stores or other data stores that reside at different locations within the transmission network database system; the system retrieves data for processing the received transaction and calculates variables for decision-making, including risk variables and cardholder behavior variables); execute the [AI] engine to (Gupta: Paragraph(s) 0138, 0166, 0171, as stated above): compare the interaction data set to the first encrypted data set and the second encrypted data set, wherein the comparing comprises comparing the third geolocation data with the first geolocation data associated with the first user device of the first device type over the previous time period and the second geolocation data associated with the second user device of the second device type over the previous time duration (Gupta: Paragraph(s) 0141, 0170, 0174, 0049, 0070, 0054, 0056, 0058 teach(es) comparison of typical merchants, merchant category code, transaction amount bins, or times of day the user visits those merchants. The degree (e.g., magnitude) of departure from normal behavior may be selected by the processing system according to experience of the degree-of-departure value that corresponds to typically unacceptable risk. This degree-of-departure value for the data, and for the user's behavior, may be measured using a variety of measures, such as mahalanabolis distance or a discriminant function analysis; The transmission network database system may be for managing, storing, and retrieving large amounts of data that are distributed to and stored in the one or more network-attached data stores or other data stores that reside at different locations within the transmission network database system; a network device can allow a user to access, control, and/or configure devices, such as office-related devices (e.g., copy machine, printer, or fax machine), audio and/or video related devices (e.g., a receiver, a speaker, a projector, a DVD player, or a television), media-playback devices (e.g., a compact disc player, a CD player, or the like), computing devices (e.g., a home computer, a laptop computer, a tablet, a personal digital assistant (PDA), a computing device, or a wearable device), etc.) (i.e., first/second device types); determine, based on the comparison, that the third geolocation data does not match with the first geolocation data as well as the second geolocation data; and in response to determining that the third geolocation data does not match with the first geolocation data as well as the second geolocation data (Gupta: Paragraph(s) 0141-0142, 0056, 0041, 0179 teach(es) the “typical transaction location” risk variables may comprise an indicator that compares typical postal codes or addresses or geographic information and determines if the present transaction location corresponds to a postal code or address or other geographic information that indicates a location that is unusually risky from the locations that the user normally frequents), determine that an anomaly exists in the interaction data set, wherein the anomaly comprises a mismatch of the third geolocation data from the interaction data set of the interaction requested by the user with the first geolocation data and the second geolocation data; and in response to identifying the anomaly, stop the interaction from being performed by denying the request from the user device to perform the interaction (Gupta: Paragraph(s) 0141, 0170, 0174, 0049, 0070, 0054, 0056, 0179, 0154, 0156, 0161 teach(es) comparison of typical merchants, merchant category code, transaction amount bins, or times of day the user visits those merchants. The degree (e.g., magnitude) of departure from normal behavior may be selected by the processing system according to experience of the degree-of-departure value that corresponds to typically unacceptable risk. This degree-of-departure value for the data, and for the user's behavior, may be measured using a variety of measures, such as mahalanabolis distance or a discriminant function analysis; the “typical transaction location” risk variables may comprise an indicator that compares typical postal codes or addresses or geographic information and determines if the present transaction location corresponds to a postal code or address or other geographic information that indicates a location that is unusually risky from the locations that the cardholder normally frequents). However, Gupta does not explicitly teach an interaction data set associated with the interaction with a user device, ..receive a request from the user device, ..encrypting using homomorphic encryption, ..receive the interaction data set associated with the interaction from the user device. An from same or similar field of endeavor teaches ..encrypting using homomorphic encryption (An: Page 3, lines 24-27; Page 4, lines 12-20), an interaction data set associated with the interaction with a user device, ..receive a request from the user device, ..receive the interaction data set associated with the interaction from the user device (An: Page 3, lines 32-36; Page 7, lines 13-20; Page 8, lines 19-22; Page 10, lines 1-8; Page 17, lines 13-20; Page 18, lines 16-18; Page 22, lines 30-33; Page 25, lines 6-9). It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Gupta to incorporate the teachings of An for ..encrypting using homomorphic encryption, an interaction data set associated with the interaction with a user device, ..receive a request from the user device, ..receive the interaction data set associated with the interaction from the user device. There is motivation to combine An into Gupta because An’s teachings of user device would facilitate the interaction between the user and the network such as financial services (An: Page 8, lines 19-22). However, the combination of Gupta and An does not explicitly teach artificial intelligence (AI). Adjaoute from same or similar field of endeavor teaches artificial intelligence (AI) (Adjaoute: Paragraph(s) 0108, 0115, 0087, 0119 teach(es) Business Rules, or Expert Systems are the most widely used commercial applications developed using artificial intelligence (AI); ADSC assists expert programmers to use a dozen artificial intelligence and classification technologies they incorporate into a variety of fraud models; Neural networks are not much better, they need to be trained, and many samples are needed in order to have a satisfactory result). It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of the combination of Gupta and An to incorporate the teachings of Adjaoute for artificial intelligence (AI). There is motivation to combine Adjaoute into the combination of Gupta and An because Adjaoute’s teachings of artificial intelligence engine would facilitate solving pattern recognition and forecasting problems (Adjaoute: Paragraph(s) 0095). Regarding Claim 2, the combination of Gupta, An, and Adjaoute teaches all the limitations of claim 1 above; however the combination does not explicitly teach wherein the processor is further configured to instruct the first network node to generate the first encrypted data set and instruct the second network node to generate the second encrypted data set using homomorphic encryption. An further teaches wherein the processor is further configured to instruct the first network node to generate the first encrypted data set and instruct the second network node to generate the second encrypted data set using homomorphic encryption (An: Abstract; Page 3, lines 13-23). It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of the combination of Gupta and An to incorporate the teachings of An for wherein the processor is further configured to instruct the first network node to generate the first encrypted data set and instruct the second network node to generate the second encrypted data set using homomorphic encryption. There is motivation to combine An into the combination of Gupta and An because An’s teachings of homomorphic encryption would facilitate protecting the user's personal information (location data) (An: Abstract; Page 5, lines 15-20). Regarding Claims 3, 10 and 17, the combination of Gupta, An, and Adjaoute teaches all the limitations of claims 1, 8, and 15 above; and Gupta further teaches wherein the first encrypted data set of the first network node and the second encrypted data set of the second network node each comprise at least one of time of interaction data, an image associated with the user, and social media activity of the user (Gupta: Paragraph(s) 0145, 0136-0137 teach(es) the self-similarity score is a score that is relevant to the card, account, or customer's past transaction behavior, relating to the purchase transaction for which authorization is requested, and the self-similarity score may not be a system-wide or card population metric. The self-similarity score may be, for example, a rank ordering of numbers that indicates how similar a transaction is to the previous history of the user. Thus, the self-similarity score relates to the behavior of the account owner, not of other persons who may have different spending patterns and different transaction history; if the customer makes an unusual purchase that is something outside of normal spending patterns, then the entity would have an easier time explaining to the customer the reason for being declined). Regarding Claims 4, 11, and 18, the combination of Gupta, An, and Adjaoute teaches all the limitations of claims 3, 10, and 17 above; and Gupta further teaches wherein the interaction data set comprises at least one of a spending amount in the interaction, a time of purchase for the interaction, and item of purchase for the interaction, wherein comparing the interaction data set to the first encrypted data set and the second encrypted data set comprises comparing at least one of the interaction pattern data of the user, the time of interaction data of the user, the image associated with the user, and the social media activity of the user to spending pattern data of the user, the time of purchase data, and the social media activity of the user provided by the first network node and the second network node to at least one of the spending amount in the interaction, the time of purchase for the interaction, the item of purchase for the interaction, to identify the anomaly (Gupta: Paragraph(s) 0140-0141, 0178-0179 further teach(es) the system retrieves data for processing the received transaction and calculates variables for decision-making, including risk variables and cardholder behavior variables. The retrieved data typically includes customer identification data and purchase location data, based on the card account number and the merchant information that typically accompanies the request for authorization of the transaction. The retrieved data also includes risk variables such as risk values associated with the transaction location, transaction amount, time of day, goods or services, and the like). Regarding Claims 5, 12, and 19, the combination of Gupta, An, and Adjaoute teaches all the limitations of claims 1, 8, and 15 above; and Gupta further teaches wherein the processor comprises an engine that compares the interaction data set to the first encrypted data set and the second encrypted data set to identify the anomaly (Gupta: Paragraph(s) 0141, 0170, 0174, 0049, 0070, 0054, as stated above with respect to claims 1, 8, and 15). Regarding Claims 6 and 13, the combination of Gupta, An, and Adjaoute teaches all the limitations of claims 1 and 8 above; and the combination further teaches wherein the memory is operable to store a second interaction data set associated with a second interaction from a second user device; wherein the processor is further configured to: communicate with a third network node in the network, wherein the third network node receives a third data set associated with a third user identifier; instruct the third network node to generate a third encrypted data set from the third data set; instruct third network node to store the third encrypted data set in a memory associated with the third network node; receive a request from the second user device to perform the second interaction, wherein the processor is configured to receive the second interaction data set associated with the second interaction from the second user device, and in response to the request: retrieve the third encrypted data set from the memory associated with the third network node; compare the second interaction data set to the third encrypted data set; identify an anomaly in the second interaction data set based on the comparison; and deny the request from the second user device to perform the second interaction, as stated above with respect to claims 1 and 8. Regarding Claims 9 and 16, the combination of Gupta, An, and Adjaoute teaches all the limitations of claims 8 and 15 above; and Gupta further teaches wherein the method further includes comparing, using the entity server, the interaction data set to the first encrypted data set and the second encrypted data set (Gupta: Paragraph(s) 0141, 0170, 0174, 0049, 0070, 0054 teach(es) comparison of typical merchants, merchant category code, transaction amount bins, or times of day the user visits those merchants. The degree (e.g., magnitude) of departure from normal behavior may be selected by the processing system according to experience of the degree-of-departure value that corresponds to typically unacceptable risk. This degree-of-departure value for the data, and for the user's behavior, may be measured using a variety of measures, such as mahalanabolis distance or a discriminant function analysis). However the combination does not explicitly teach using homomorphic encryption. An further teaches using homomorphic encryption (An: Abstract; Page 3, lines 13-23). It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of the combination of Gupta, An, and Adjaoute to incorporate the teachings of An for using homomorphic encryption. There is motivation to combine An into the combination of Gupta, An, and Adjaoute because An’s teachings of homomorphic encryption would facilitate protecting the user's personal information (location data) (An: Abstract; Page 5, lines 15-20). Response to Arguments Applicant's arguments filed November 10, 2025 have been fully considered but they are not persuasive. Regarding applicant’s argument under Claim Rejections - 35 USC § 101 that “Humans cannot perform encryption, train an AI model, or execute distributed comparisons of encrypted datasets in their minds,” examiner respectfully argues that humans can generate and store data set, can be trained, and can compare data sets. The additional elements such as encryption, AI model, and encrypted data set are recited without any technical details and contexts in the claims, thus not providing any improvements in the functioning of the computer or other technology or technical field. Regarding applicant’s further argument that “The claims further recite that the network nodes generate encrypted datasets which allows computations to be performed on encrypted data without decryption,” examiner respectfully argues that the feature is not recited in the claims. It is still recommended for the applicant to amend the claims with technical details and contexts of the interactions between the user devices and other entities, encrypting using homomorphic encryption, processing of the encrypted data set without decryption, AI engine, etc. Regarding applicant’s argument under Claim Rejections - 35 USC § 103 that “Gupta does not compare a transaction with user behavior collected from a plurality of user devices of different device types of the same user. Gupta does not determine that a location of a current transaction does not match with a location of previous transactions performed by two different devices of two different device types, and further does not determine that an anomaly exists when the current location does not match with the location of transactions performed by both devices,” examiner respectfully argues that Gupta teaches the features (Gupta: Paragraph(s) 0141-0142, 0056, 0041, 0179). It is recommended for the applicant to amend the claims with technical details and contexts of user devices of different device types, interactions between the user devices and the network nodes, geolocation data of the user devices, etc. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to CLAY LEE whose telephone number is (571)272-3309. The examiner can normally be reached Monday-Friday 8-5pm EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on (571)270-1492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /CLAY C LEE/Primary Examiner, Art Unit 3699