RISK ASSESSMENT SYSTEM AND METHOD FOR EVALUATING AND SCORING SMALL BUSINESSES ENGAGED IN CROSSBORDER TRADE

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION 1. This Office Action is in response to the Amendment filed on September 9, 2025, which paper has been placed of record in the file. 2. Claims 1-4, 6-7, 9-14, 16-17, and 19-20 are pending in this application. Claim Rejections - 35 USC § 101 3. 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. 4. Claims 1-4, 6-7, 9-14, 16-17, and 19-20 are rejected under 35 U.S.C. 101 because the claim invention is directed to a judicial exception (i.e., law of nature, natural phenomenon, or abstract idea) without significantly more. Regarding independent claim 1, which is analyzing as the following: Step 1: This part of the eligibility analysis evaluates whether the claim falls within any statutory category. See MPEP 2106.03. The claim recites a risk assessment system. Thus, the claim is to a machine, which is one of the statutory categories of invention. (Step 1: YES). Step 2A, Prong One: This part of the eligibility analysis evaluates whether the claim recites a judicial exception. As explained in MPEP 2106.04, subsection II, a claim “recites” a judicial exception when the judicial exception is “set forth” or “described” in the claim. The claim recites a risk assessment system for evaluating and scoring small businesses engaged in cross-border trade of food and agriproducts. The claim recites the steps: receive a plurality of data inputs...;, extract relevant information from the plurality of data inputs, process the extracted information…; secure the processed data…; calculate a transaction history score based on discrepancies between contracted and actual value of payment using the secured data, integrate IoT data related to shipment conditions into the traction history score…; generate a buyer risk score or a seller performance score ranging from 1 to 1000…; and update the buyer risk score or the seller performance score in real-time…”, under its broadest reasonable interpretation when read in light of the Specification, falls within “Certain Methods of Organizing Human Activity” grouping of abstract ideas as they cover performance of fundamental economic principles or practices including hedging, insurance, mitigating risk; commercial or legal interactions including agreements on the form of contracts, legal obligations, advertising, marketing or sales activities or behaviors, business relations. See MPEP 2106.04(a)(2), subsection III. The claim recites “a proprietary risk scoring model which are directed to mathematical relationships, falls within “Mathematical Concepts” grouping of abstract ideas (mathematical relationships, mathematical formulas or equations, mathematical calculations). See MPEP 2106.04(a)(2), subsection III. Therefore, the claim recites an abstract idea. (Step 2A, Prong One: YES). Step 2A, Prong Two: This part of the eligibility analysis evaluates whether the claim as a whole integrates the recited judicial exception into a practical application of the exception or whether the claim is “directed to” the judicial exception. This evaluation is performed by (1) identifying whether there are any additional elements recited in the claim beyond the judicial exception, and (2) evaluating those additional elements individually and in combination to determine whether the claim as a whole integrates the exception into a practical application. See MPEP 2106.04(d). The claim recites the additional elements of “buyer devices each having a user interface”, “seller devices each having a user interface”, “display the buyer risk score or the seller performance score on user interfaces of the buyer devices and the seller devices”, ““an Internet of Things (IoT) module associated with a plurality of sensors”, “a blockchain framework comprising an immutable ledger”, “receive, via the buyer devices and the seller devices, a plurality of data inputs”, “extract relevant information using an optical character recognition (OCR) data extractor”, “recording the processed data and transaction history in the immutable ledger”, “process the extracted information with artificial intelligence (AI) models”, and “apply a proprietary risk scoring model including pre-trained machine learning models.” The claim also recites that the steps of “receive a plurality of data inputs...;, extract relevant information from the plurality of data inputs, process the extracted information…; secure the processed data…; calculate a transaction history score based on discrepancies between contracted and actual value of payment using the secured data, integrate IoT data related to shipment conditions into the traction history score…; generate a buyer risk score or a seller performance score ranging from 1 to 1000…; and update the buyer risk score or the seller performance score in real-time…” are performed by a processor. The additional elements “buyer devices each having a user interface”, “seller devices each having a user interface”, “display the buyer risk score or the seller performance score on user interfaces of the buyer devices and the seller devices”, ““an Internet of Things (IoT) module associated with a plurality of sensors”, “a blockchain framework comprising an immutable ledger”, “receive, via the buyer devices and the seller devices, a plurality of data inputs”, “extract relevant information using an optical character recognition (OCR) data extractor”, “recording the processed data and transaction history in the immutable ledger”, are mere data gathering, transmitting/receiving and outputting recited at a high level of generality, and thus are insignificant extra-solution activity. See MPEP 2106.05(g) (“whether the limitation is significant”). In addition, all uses of the recited judicial exceptions require such data gathering, transmitting/receiving and outputting, and, as such, these limitations do not impose any meaningful limits on the claim. These limitations amount to necessary data gathering and transmitting/receiving. See MPEP 2106.05. Moreover, these additional elements do not provide any improvement to the technology, improvement to the functioning of the computer, improvement of the IoT module/blockchain framework/immutable ledger/buyer devices/seller devices/user interfaces/OCR extractor/sensors, they are just merely used as general means for collecting, transmitting/receiving and displaying data. The additional elements “process the extracted information with artificial intelligence (AI) models” and “apply a proprietary risk scoring model including pre-trained machine learning models” are used to generally apply the abstract idea without placing any limits on how the artificial intelligence (AI) models and the machine learning models function. Rather, this limitation only recites the outcome of “process the extracted information” and “apply a proprietary risk scoring model”, and do not include any details about how the solution is accomplished. See MPEP 2106.05(f). The additional elements “process the extracted information with artificial intelligence (AI) models” and “apply a proprietary risk scoring model including pre-trained machine learning models” also merely indicate a field of use or technological environment in which the judicial exception is performed. Although the additional elements “process the extracted information with artificial intelligence (AI) models” and “apply a proprietary risk scoring model including pre-trained machine learning models” limit the identified judicial exceptions “process the extracted information” and “apply a proprietary risk scoring model”, this type of limitation merely confines the use of the abstract idea to a particular technological environment (artificial intelligence model and machine learning model) and thus fails to add an inventive concept to the claims. See MPEP 2106.05(h). Further, the steps of “receive a plurality of data inputs...;, extract relevant information from the plurality of data inputs, process the extracted information…; secure the processed data…; calculate a transaction history score based on discrepancies between contracted and actual value of payment using the secured data, integrate IoT data related to shipment conditions into the traction history score…; generate a buyer risk score or a seller performance score ranging from 1 to 1000…; and update the buyer risk score or the seller performance score in real-time…”, are recited as being performed by the processor. The processor is recited at a high level of generality. In the limitations “display the buyer risk score or the seller performance score on user interfaces of the buyer devices and the seller devices”, ““an Internet of Things (IoT) module associated with a plurality of sensors”, “a blockchain framework comprising an immutable ledger”, “receive, via the buyer devices and the seller devices, a plurality of data inputs”, “extract relevant information using an optical character recognition (OCR) data extractor”, “recording the processed data and transaction history in the immutable ledger”, the processor is used as a tool to perform the generic computer function of gathering, transmitting/receiving, and outputting data. See MPEP 2106.05(f). In limitations “process the extracted information, calculate a transaction history score based on discrepancies between contracted and actual value of payment using the secured data, integrate IoT data related to shipment conditions into the traction history score, and generate a buyer risk score or a seller performance score ranging from 1 to 1000, and update the buyer risk score or the seller performance score in real-time, the processor is used to perform an abstract idea, as discussed above in Step 2A, Prong One, such that it amounts to no more than mere instructions to apply the exception using a generic computer. See MPEP 2106.05(f). The additional elements recite generic computer components the processor, a memory unit and software programming instructions that are recited a high-level of generality that merely perform, conduct, carry out, implement, and/or narrow the abstract idea itself. Accordingly, the additional elements evaluated individually and in combination do not integrate the abstract idea into a practical application because they comprise or include limitations that are not indicative of integration into a practical application such as adding the words "apply it" (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea -- See MPEP 2106.05(f). Even when viewed in combination, these additional elements do not integrate the recited judicial exception into a practical application (Step 2A, Prong Two: NO), and the claim is directed to the judicial exception (Step 2A, Prong One: YES). Step 2B: This part of the eligibility analysis evaluates whether the claim as a whole, amounts to significantly more than the recited exception i.e., whether any additional element, or combination of additional elements, adds an inventive concept to the claim. See MPEP 2106.05. As explained with respect to Step 2A, Prong Two, the additional elements of “process the extracted information with artificial intelligence (AI) models” and “apply a proprietary risk scoring model including pre-trained machine learning models” are at best mere instructions to “apply” the abstract ideas, which cannot provide an inventive concept. See MPEP 2106.05(f). The additional elements “buyer devices each having a user interface”, “seller devices each having a user interface”, “display the buyer risk score or the seller performance score on user interfaces of the buyer devices and the seller devices”, ““an Internet of Things (IoT) module associated with a plurality of sensors”, “a blockchain framework comprising an immutable ledger”, “receive, via the buyer devices and the seller devices, a plurality of data inputs”, “extract relevant information using an optical character recognition (OCR) data extractor”, “recording the processed data and transaction history in the immutable ledger” were found to be insignificant extra-solution activity in Step 2A, Prong Two, because they were determined to be insignificant limitations as necessary data gathering and outputting. However, a conclusion that an additional element is insignificant extra solution activity in Step 2A, Prong Two should be re-evaluated in Step 2B. See MPEP 2106.05, subsection I.A. At Step 2B, the evaluation of the insignificant extra-solution activity consideration takes into account whether or not the extra-solution activity is well understood, routine, and conventional in the field. See MPEP 2106.05(g). As discussed in Step 2A, Prong Two above, the additional elements of “buyer devices each having a user interface”, “seller devices each having a user interface”, “display the buyer risk score or the seller performance score on user interfaces of the buyer devices and the seller devices”, “an Internet of Things (IoT) module associated with a plurality of sensors”, “a blockchain framework comprising an immutable ledger”, “receive, via the buyer devices and the seller devices, a plurality of data inputs”, “extract relevant information using an optical character recognition (OCR) data extractor”, “recording the processed data and transaction history in the immutable ledger” are recited at a high level of generality. These elements amount to gathering, transmitting/receiving, and outputting data over a network and are well-understood, routine, conventional activity. See MPEP 2106.05(d), subsection II. The courts have recognized the following computer functions as well understood, routine, and conventional functions when they are claimed in a merely genetic manner (e.g., at a high level of generality) or as insignificant extra-solution activity: Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network); and Electronically scanning or extracting data from a physical document, Content Extraction and Transmission, LLC v. Wells Fargo Bank, 776 F.3d 1343, 1348, 113 USPQ2d 1354, 1358 (Fed. Cir. 2014) (optical character recognition). As discussed in Step 2A, Prong Two above, the recitation of the processor to perform limitations “receive a plurality of data inputs...;, extract relevant information from the plurality of data inputs, process the extracted information…; secure the processed data…; calculate a transaction history score based on discrepancies between contracted and actual value of payment using the secured data, integrate IoT data related to shipment conditions into the traction history score…; generate a buyer risk score or a seller performance score ranging from 1 to 1000…; and update the buyer risk score or the seller performance score in real-time…”, amounts to no more than mere instructions to apply the exception using a generic computer component. Even when considered in combination, these additional elements represent mere instructions to implement an abstract idea or other exception on a computer and insignificant extra-solution activity, which do not provide an inventive concept. Therefore, the claim is not patent eligible. (Step 2B: NO). Regarding independent claim 11, Alice Corp. establishes that the same analysis should be used for all categories of claims. Therefore, independent claim 11 directed to a method, is also rejected as ineligible subject matter under 35 U.S.C. 101 for substantially the same reasons as independent method claim 1. Regarding dependent claims 2-4, 6-7, 9-10, 12-14, 16-17, and 19-20, the dependent claims do not impart patent eligibility to the abstract idea of the independent claim. The dependent claims rather further narrow the abstract idea and the narrower scope does not change the outcome of the two-part Mayo test. Narrowing the scope of the claims is not enough to impart eligibility as it is still interpreted as an abstract idea, a narrower abstract idea. Regarding dependent claims 2 and 12, the claims simply refine the abstract idea by further reciting wherein the user-uploaded dat includes at least financial statement…, that fall under the category of Organizing Human activity and Mental process groupings of abstract ideas as described above in the independent claim 1. Thus, the dependent claims do not add any additional element or subject matter that provides a technological improvement (i.e., an integration into a practical application under Step 2A-Prong Two), results in the claim being directed to patent eligible subject matter or include an element or feature that is significantly more than the recited abstract idea (i.e., a technological inventive concept under Step 2B). Regarding dependent claims 3 and 13, the claims simply refine the abstract idea by further reciting wherein the third-party data includes at least business registration licenses…, that fall under the category of Organizing Human activity and Mental process groupings of abstract ideas as described above in the independent claim 1. Thus, the dependent claims do not add any additional element or subject matter that provides a technological improvement (i.e., an integration into a practical application under Step 2A-Prong Two), results in the claim being directed to patent eligible subject matter or include an element or feature that is significantly more than the recited abstract idea (i.e., a technological inventive concept under Step 2B). Regarding dependent claims 4 and 14, the claims recite wherein the platform data is obtained from a trade platform…, are additional elements. Step 2A-Prong Two: The additional elements “wherein the platform data is obtained from a trade platform” are mere data gathering and outputting recited at a high level of generality, and thus are insignificant extra-solution activity. See MPEP 2106.05(g) (“whether the limitation is significant”). In addition, all uses of the recited judicial exceptions require such data gathering and transmitting/receiving, and, as such, these limitations do not impose any meaningful limits on the claim. These limitations amount to necessary data gathering and outputting. See MPEP 2106.05. Moreover, these additional elements do not provide any improvement to the technology, improvement to the functioning of the computer, improvement of the trade platform, they are just merely used as general means for collecting data. Step 2B: The additional elements “wherein the platform data is obtained from a trade platform” were found to be insignificant extra-solution activity in Step 2A, Prong Two, because they were determined to be insignificant limitations as necessary data gathering and outputting. However, a conclusion that an additional element is insignificant extra solution activity in Step 2A, Prong Two should be re-evaluated in Step 2B. See MPEP 2106.05, subsection I.A. At Step 2B, the evaluation of the insignificant extra-solution activity consideration takes into account whether or not the extra-solution activity is well understood, routine, and conventional in the field. See MPEP 2106.05(g). As discussed in Step 2A, Prong Two above, the recitations of “wherein the platform data is obtained from a trade platform” are recited at a high level of generality. These elements amount to gathering and outputting data over a network and are well-understood, routine, conventional activity. See MPEP 2106.05(d), subsection II. It is similar to other concepts that have been identified by the courts, such as Receiving or transmitting data over a network (Symantic, TLI Communications, OIP Techs, buySafe). Thus, the dependent claims do not add any additional element or subject matter that provides a technological improvement (i.e., an integration into a practical application under Step 2A-Prong Two), results in the claim being directed to patent eligible subject matter or include an element or feature that is significantly more than the recited abstract idea (i.e., a technological inventive concept under Step 2B). Regarding dependent claims 6 and 16, the claims simply refine the abstract idea by further reciting update the buyer risk score or the seller performance score in real-time…, that fall under the category of Organizing Human activity and Mental process groupings of abstract ideas as described above in the independent claim 1. Thus, the dependent claims do not add any additional element or subject matter that provides a technological improvement (i.e., an integration into a practical application under Step 2A-Prong Two), results in the claim being directed to patent eligible subject matter or include an element or feature that is significantly more than the recited abstract idea (i.e., a technological inventive concept under Step 2B). Regarding dependent claims 7 and 17, the claims recite wherein the immutable ledger is configured to record the transaction history…are additional elements. Step 2A-Prong Two: The additional elements “wherein the immutable ledger is configured to record the transaction history” are mere data gathering and outputting recited at a high level of generality, and thus are insignificant extra-solution activity. See MPEP 2106.05(g) (“whether the limitation is significant”). In addition, all uses of the recited judicial exceptions require such data gathering and transmitting/receiving, and, as such, these limitations do not impose any meaningful limits on the claim. These limitations amount to necessary data gathering and outputting. See MPEP 2106.05. Moreover, these additional elements do not provide any improvement to the technology, improvement to the functioning of the computer, improvement of the blockchain framework/immutable ledger, they are just merely used as general means for collecting data. Step 2B: The additional elements “wherein the immutable ledger is configured to record the transaction history” were found to be insignificant extra-solution activity in Step 2A, Prong Two, because they were determined to be insignificant limitations as necessary data gathering and outputting. However, a conclusion that an additional element is insignificant extra solution activity in Step 2A, Prong Two should be re-evaluated in Step 2B. See MPEP 2106.05, subsection I.A. At Step 2B, the evaluation of the insignificant extra-solution activity consideration takes into account whether or not the extra-solution activity is well understood, routine, and conventional in the field. See MPEP 2106.05(g). As discussed in Step 2A, Prong Two above, the recitations of “wherein the immutable ledger configure to record the transaction history” are recited at a high level of generality. These elements amount to gathering and outputting data over a network and are well-understood, routine, conventional activity. See MPEP 2106.05(d), subsection II. It is similar to other concepts that have been identified by the courts, such as Receiving or transmitting data over a network (Symantic, TLI Communications, OIP Techs, buySafe). Thus, the dependent claims do not add any additional element or subject matter that provides a technological improvement (i.e., an integration into a practical application under Step 2A-Prong Two), results in the claim being directed to patent eligible subject matter or include an element or feature that is significantly more than the recited abstract idea (i.e., a technological inventive concept under Step 2B). Regarding dependent claims 9-10 and 19-20, the claims recite wherein user interfaces in the one or more buyer devices and seller devices are configured to display the buyer risk score…, wherein the one or more buyer devices and seller devices are selected from a group comprising a laptop, mobile, a wearable watch or band, a desktop, …are additional elements. Step 2A-Prong Two: The additional elements “user interfaces in the one or more buyer devices and seller devices” are mere data gathering and outputting recited at a high level of generality, and thus are insignificant extra-solution activity. See MPEP 2106.05(g) (“whether the limitation is significant”). In addition, all uses of the recited judicial exceptions require such data gathering and transmitting/receiving, and, as such, these limitations do not impose any meaningful limits on the claim. These limitations amount to necessary data gathering and outputting. See MPEP 2106.05. Moreover, these additional elements do not provide any improvement to the technology, improvement to the functioning of the computer, improvement of the trade platform/buyer devices/seller devices, they are just merely used as general means for collecting and displaying data. Step 2B: The additional elements “user interfaces in the one or more buyer devices and seller devices” were found to be insignificant extra-solution activity in Step 2A, Prong Two, because they were determined to be insignificant limitations as necessary data gathering and outputting. However, a conclusion that an additional element is insignificant extra solution activity in Step 2A, Prong Two should be re-evaluated in Step 2B. See MPEP 2106.05, subsection I.A. At Step 2B, the evaluation of the insignificant extra-solution activity consideration takes into account whether or not the extra-solution activity is well understood, routine, and conventional in the field. See MPEP 2106.05(g). As discussed in Step 2A, Prong Two above, the recitations of “user interfaces in the one or more buyer devices and seller devices” are recited at a high level of generality. These elements amount to gathering and outputting data over a network and are well-understood, routine, conventional activity. See MPEP 2106.05(d), subsection II. It is similar to other concepts that have been identified by the courts, such as Receiving or transmitting data over a network (Symantic, TLI Communications, OIP Techs, buySafe). Thus, the dependent claims do not add any additional element or subject matter that provides a technological improvement (i.e., an integration into a practical application under Step 2A-Prong Two), results in the claim being directed to patent eligible subject matter or include an element or feature that is significantly more than the recited abstract idea (i.e., a technological inventive concept under Step 2B). Therefore, none of the dependent claims alone or as an ordered combination add limitations that qualify as significantly more than the abstract idea. Accordingly, claims 1-4, 6-7, 9-14, 16-17, and 19-20 are not draw to eligible subject matter as they are directed to an abstract idea without significantly more and are rejected under 35 USC § 101 as being directed to non-statutory subject matter. Novelty and Non-Obviousness 5. No prior arts were applied to the claims because the Examiner is unaware of any prior arts, alone or in combination, which disclose at least the limitations of : A risk assessment system and method for evaluating and scoring small businesses engaged in cross- border trade comprising: “calculate a transaction history score based on discrepancies between contracted and actual values of payment using the secured data; integrate IoT data related to shipment conditions into the transaction history score, and wherein the integration is achieved by correlating the IoT data with the transaction history score based on deviations in shipment condition and adjusting the score based on these correlations to reflect shipment quality and condition at the time of delivery; apply a proprietary risk scoring model including pre-trained machine learning models configured to analyze transaction history data derived from the contracted and actual payment values and shipment condition derived from IoT data; and generate a buyer risk score or a seller performance score ranging from 1 to 1000 based on the application of the proprietary risk scoring model” recited in the independent claims 1 and 11. Response to Arguments/Amendment 6. Applicant's arguments with respect to claims 1-4, 6-7, 9-14, 16-17, and 19-20 have been fully considered but are not persuasive. Claim Rejections - 35 USC § 101 Claims 1-4, 6-7, 9-14, 16-17, and 19-20 are rejected under 35 U.S.C. 101 because the claim invention is directed to a judicial exception (i.e., law of nature, natural phenomenon, or abstract idea) without significantly more (see more details above). Step 2A-Prong One: In response to the Applicant’s arguments that the pending claims do not recite any method of organizing human activity, the Examiner respectfully disagrees and submits that the claim recites a risk assessment system for evaluating and scoring small businesses engaged in cross-border trade of food and agriproducts. The claim recites the steps: receive a plurality of data inputs...;, extract relevant information from the plurality of data inputs, process the extracted information…; secure the processed data…; calculate a transaction history score based on discrepancies between contracted and actual value of payment using the secured data, integrate IoT data related to shipment conditions into the traction history score…; generate a buyer risk score or a seller performance score ranging from 1 to 1000…; and update the buyer risk score or the seller performance score in real-time…”, under its broadest reasonable interpretation when read in light of the Specification, falls within “Certain Methods of Organizing Human Activity” grouping of abstract ideas as they cover performance of fundamental economic principles or practices including hedging, insurance, mitigating risk; commercial or legal interactions including agreements on the form of contracts, legal obligations, advertising, marketing or sales activities or behaviors, business relations. See MPEP 2106.04(a)(2), subsection III. The claim recites “a proprietary risk scoring model which are directed to mathematical relationships, falls within “Mathematical Concepts” grouping of abstract ideas (mathematical relationships, mathematical formulas or equations, mathematical calculations). See MPEP 2106.04(a)(2), subsection III. Therefore, the claims recite an abstract idea. Step 2A-Prong Two: In response to the Applicant’s arguments that the present claims are most like those of Example 37, the Examiner respectfully disagrees and submits that: in the Example 37, claim 1 recited receiving a user selection, determining the amount of use of each icon over a period of time and “automatically moving the most used icons to a position on the GUI closes to the start icon based on the determined amount of use”, which found by the Board that the claim integrated the mental process into a practical application because it provides a specific improvement over prior systems, resulting in an improved user interface for electronic devices. In contrast, the present claims recite the additional elements “buyer devices each having a user interface”, “seller devices each having a user interface”, “display the buyer risk score or the seller performance score on user interfaces of the buyer devices and the seller devices”, ““an Internet of Things (IoT) module associated with a plurality of sensors”, “a blockchain framework comprising an immutable ledger”, “receive, via the buyer devices and the seller devices, a plurality of data inputs”, “extract relevant information using an optical character recognition (OCR) data extractor”, “recording the processed data and transaction history in the immutable ledger”, are mere data gathering, transmitting/receiving and outputting recited at a high level of generality, and thus are insignificant extra-solution activity. See MPEP 2106.05(g) (“whether the limitation is significant”). In addition, all uses of the recited judicial exceptions require such data gathering, transmitting/receiving and outputting, and, as such, these limitations do not impose any meaningful limits on the claim. These limitations amount to necessary data gathering and transmitting/receiving. See MPEP 2106.05. Moreover, these additional elements do not provide any improvement to the technology, improvement to the functioning of the computer, improvement of the IoT module/blockchain framework/immutable ledger/buyer devices/seller devices/user interfaces/OCR extractor/sensors, they are just merely used as general means for collecting, transmitting/receiving and displaying data. Step 2B: In response to the Applicant’s arguments that the present claims amount to “significantly more” than the abstract idea, the Examiner respectfully disagrees and submits that: As explained with respect to Step 2A, Prong Two, the additional elements of “process the extracted information with artificial intelligence (AI) models” and “apply a proprietary risk scoring model including pre-trained machine learning models” are at best mere instructions to “apply” the abstract ideas, which cannot provide an inventive concept. See MPEP 2106.05(f). The additional elements “buyer devices each having a user interface”, “seller devices each having a user interface”, “display the buyer risk score or the seller performance score on user interfaces of the buyer devices and the seller devices”, ““an Internet of Things (IoT) module associated with a plurality of sensors”, “a blockchain framework comprising an immutable ledger”, “receive, via the buyer devices and the seller devices, a plurality of data inputs”, “extract relevant information using an optical character recognition (OCR) data extractor”, “recording the processed data and transaction history in the immutable ledger” were found to be insignificant extra-solution activity in Step 2A, Prong Two, because they were determined to be insignificant limitations as necessary data gathering and outputting. However, a conclusion that an additional element is insignificant extra solution activity in Step 2A, Prong Two should be re-evaluated in Step 2B. See MPEP 2106.05, subsection I.A. At Step 2B, the evaluation of the insignificant extra-solution activity consideration takes into account whether or not the extra-solution activity is well understood, routine, and conventional in the field. See MPEP 2106.05(g). As discussed in Step 2A, Prong Two above, the additional elements of “buyer devices each having a user interface”, “seller devices each having a user interface”, “display the buyer risk score or the seller performance score on user interfaces of the buyer devices and the seller devices”, “an Internet of Things (IoT) module associated with a plurality of sensors”, “a blockchain framework comprising an immutable ledger”, “receive, via the buyer devices and the seller devices, a plurality of data inputs”, “extract relevant information using an optical character recognition (OCR) data extractor”, “recording the processed data and transaction history in the immutable ledger” are recited at a high level of generality. These elements amount to gathering, transmitting/receiving, and outputting data over a network and are well-understood, routine, conventional activity. See MPEP 2106.05(d), subsection II. The courts have recognized the following computer functions as well understood, routine, and conventional functions when they are claimed in a merely genetic manner (e.g., at a high level of generality) or as insignificant extra-solution activity: Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network); and Electronically scanning or extracting data from a physical document, Content Extraction and Transmission, LLC v. Wells Fargo Bank, 776 F.3d 1343, 1348, 113 USPQ2d 1354, 1358 (Fed. Cir. 2014) (optical character recognition). Even when considered in combination, these additional elements represent mere instructions to implement an abstract idea or other exception on a computer and insignificant extra-solution activity, which do not provide an inventive concept. . Therefore, the claims are not patent eligible. Accordingly, the 101 rejection is maintained. Conclusion 7. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 8. Claims 1-4, 6-7, 9-14, 16-17, and 19-20 are rejected. 9. The prior arts made of record and not relied upon are considered pertinent to applicant's disclosure: Chirochangu et al. (US 2023/0116345) disclose computing risk in a complex, multi-channel, and multi-portfolio environment. The process begins by ingesting company data, generating a plurality of portfolios based on the ingested company data, obtaining risk models, ingesting external data, computing risk scores and benchmarking risk scores to identify dominant risk models. Fang et al. (US 2022/0067752) disclose a method involves receiving digital on blockchain information and digital off blockchain information. The digital data from the digital on blockchain information and the digital off blockchain information is extracted. The entity knowledge base engine contextualizes the relationships based on the digital data and the digital off blockchain information and the digital on blockchain information. Sindhu et al. (US 2022/0405739) disclose a third party security system having an intelligence unit for receiving and processing vendor related data to generate insights regarding vendor related tasks; a risk assessment unit for receiving and processing risk score data associated with the vendor and for generating a predicted risk score value of the vendor. Lin et al. (US 2021/0398023) disclose a system and a method to support a migration operation. Risk factors associated with a migration operation are assessed. The assessment includes assigning respective risk score values to the identified risk factors, assigning respective weight values to the identified risk factors, and calculating a composite risk score based on the assigned risk score values and the assigned weight values. Warren et al. (US 2021/0065079) disclose a computer-implemented method for assessing automation may include receiving risk factor data from a user. The risk factor data may correspond to one or more risk factors, as applied to an automation opportunity, wherein each risk factor has an associated risk inquiry and a factor weight. A risk score may be generated for each of the one or more risk factors, based on the risk factor data and a scoring matrix. Du (US 2020/0195679) discloses techniques for establishing a risk score for Internet of Things (IoT) device parameters and acting in response thereto. Villavicencio et al. (US 2019/0294786) disclose a method and computer system for on-demand risk assessment in on-line transactions. 10. Any inquiry concerning this communication or earlier communications from the examiner should be directed to examiner NGA B NGUYEN whose telephone number is (571) 272-6796. The examiner can normally be reached on Monday-Friday 7AM-5PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Beth Boswell can be reached on (571) 272-6737. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /NGA B NGUYEN/Primary Examiner, Art Unit 3625 January 5, 2026