COMPUTER-BASED SYSTEMS CONFIGURED TO DYNAMICALLY GENERATE AUTHENTICATION STEPS TO PERFORM AN AMELIORATIVE ACTION AND METHODS OF USE THEREOF

§102 §103

DETAILED ACTION Response to Amendment This action is in response to amendment filed January 27, 2026 for the application # 18/521,380 filed on November 29, 2023. Claims 1-2, 4-10, 19 and 20 are pending and are directed toward COMPUTER-BASED SYSTEMS CONFIGURED TO DYNAMICALLY GENERATE AUTHENTICATION STEPS TO PERFORM AN AMELIORATIVE ACTION AND METHODS OF USE THEREOF. Any claim objection/rejection not repeated below is withdrawn due to Applicant's amendment. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Response to Arguments Applicant’s arguments with regards to claims 1-2, 4-10, 19 and 20 have been fully considered, but they are not persuasive in regards to prior art rejections. “silent” argument – Applicant argues that CN'73B is silent on the source of the retrieved data items and does not disclose the claim recited "receiving ... input data from at least two external data sources.” (REMARKS, page 11). Response: As preliminary note, it seems that Applicant implies that external is the same as remote. But it is not. Remote can be external, but external is not necessarily remote. CN'73B teaches external data sources such as the Cache database, the UCI database, the MySQL database and the Smart Contract database, which are external to smart controllers (see CN'73B page 1 and page 5). “telecommunication data” argument – Applicant argues that CN'73B uses name, age, place of birth, trading area, beneficiary account, and face recognition, but none of these is telecommunication data as recited in claim 1. (REMARKS, page 11). Response: First, transactions are clearly fall under definition of telecommunication data. Second, Applicant provided examples of the “the telecommunication data may refer to cell phone number; years of ownership associated with the cell phone number; and general location of the smart phone tied with the cell phone number. In another embodiment, the external data source may refer the server computing device 106.” (Specification, pages 8-9). Those are in the same category as name, age, place of birth, trading area, beneficiary account of CN'73B. Compare also with “The network protocol is set to be controlled by a single centralized service provider; the operation of smart contracts and data calls in the operation layer are all carried out on trusted execution environments (TEEs). AWS acts as a review role and verifies honesty through TLSNotary Proof. Relying on the multi-signature mechanism to allow oracles (Oracles) that meet the minimum number of honest nodes to sign the transaction data at the same time; the contract layer determines whether the service request contract is passed.” (CN'73B page 5). “generating” argument – Applicant argues that although CN'73B discloses a KYC (customer identification) step, CN'73B' KYC is an existing procedure and not generated based on "the overall confidence score meeting or exceeding a predetermined threshold of risk" as recited in claim 1. (REMARKS, page 12). Response: First, Applicant admitted that CN'73B' teaches KYC. Second, to perform “KYC operations on them”, “The intelligent controller first retrieves the account data, scoring data, blacklist\whitelist and other data cached in the Cache database,” (CN'73B page 7). Thus, the causality is clearly established. Conclusion: Examiner maintains rejections. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention. Claims 1, 4, 5, 7, 8, and 19 are rejected under 35 U.S.C. 102(a)(1) as being unpatentable over Google translation of CN113011973B, published 2023-08-29, 9 pages, hereinafter referred to as CN’73B. As per claim 1, CN’73B teaches a computer-implemented method comprising: receiving, by the at least one processor, input data from at least two external data sources; (The intelligent controller first retrieves the account data, scoring data, blacklist\whitelist and other data cached in the Cache database, and performs KYC operations on them. CN’73B, page 2; see also the UCI database, the MySQL database and the Smart Contract database, CN'73B page 1 and page 5); utilizing, by the at least one processor, a trained machine learning algorithm to identify at least one digital signal within the input data (sorting out the machine learning data sets with financial characteristic attributes from the UCI database, and obtaining the training data sets and test data sets required for the experiment after data preprocessing, CN’73B, page 2), wherein the at least one data signal is associated with a particular interaction parameter associated with a particular user (Step S701, checking whether the information and transaction amount submitted when creating a user are true and legal; Step S702, checking whether the initiator and beneficiary of the transfer are legal users. CN’73B, page 2); utilizing, by the at least one processor, an initiation protocol-specific backbone engine to determine that the at least one digital signal fails to match a repository of telecommunication data associated with the particular interaction parameter (The contract layer includes order matching contract, service request contract, data call interface and service standard protocol. CN’73B, page 1); automatically updating, by the at least one processor, the repository of telecommunication data with a failure to match associated with the at least one digital signal (In step S50, under the command of the intelligent controller, the characteristic attribute data in the Smart Contract database is subjected to AML operation, and the execution result is determined after the transaction data is arbitrated by the triple method of behavior modeling, link analysis, and anomaly detection; if the execution result passes , then enter step S60, otherwise return, that is, terminate the transaction; In step S60, under the command of the intelligent controller, the data passed in step S50 and the characteristic attribute data mapped in the SmartContract database are subjected to the Credit Granting operation, and the transaction data obtains corresponding scores in the evaluation of the scorecard model, as this The credit score of the transaction; the intelligent controller stores the score result in the Cache database; Step S70, the intelligent controller returns the final judgment result of the machine learning engine to the Smart Contract database to determine the final transaction result and display the transaction status and prediction accuracy. CN’73B, page 1); utilizing, by the at least one processor, the trained machine learning algorithm to calculate a confidence score for each factor of risk of a plurality of factors of risk associated with the at least one digital signal (Step S40, under the command of the smart controller, the characteristic data of different locations on the smart contract data are sequentially transmitted to the machine learning engine to perform pre-supervision, mid-supervision and post-supervision operations, respectively corresponding to: KYC (customer identification), AML ( Antimoney laundering detection), Credit Granting (credit risk scoring). The intelligent controller first retrieves the account data, scoring data, blacklist\whitelist and other data cached in the Cache database, and performs KYC operations on them. If the execution result is passed, enter step S50, otherwise return, that is, terminate the transaction; CN’73B, page 3); aggregating, by the at least one processor, the confidence score for each factor of risk of the plurality of factors of risk to calculate an overall confidence score (Step S605, calculating scorecard score coefficients for each attribute to obtain a final scorecard. CN’73B, page 3); generating, by the at least one processor, at least one authentication step to be performed by the particular user requesting a high-risk activity associated with the at least one digital signal based on the overall confidence score meeting or exceeding a predetermined threshold of risk (The six-dimensional characteristic data in the transaction data are all stored in the MySQL database; the customer type, attribution, offshore account, high-risk area, account opening time and other information are stored in the Cache database; the multi-currency related transaction characteristics Information such as transactions, surges in cash withdrawals, surges in large-amount consumption, loan ratios, and statistical characteristics of small-amount transfers are stored in the SmartContract database for easy access to smart controllers. The system structure diagram is shown in Figure 2, and the detailed architecture diagram is shown in Figure 3, Step S40, under the command of the smart controller, the characteristic data of different locations on the smart contract data are sequentially transmitted to the machine learning engine to perform pre-supervision, mid-supervision and post-supervision operations, respectively corresponding to: KYC (customer identification), AML ( Antimoney laundering detection), Credit Granting (credit risk scoring). The intelligent controller first retrieves the account data, scoring data, blacklist\whitelist and other data cached in the Cache database, and performs KYC operations on them. If the execution result is passed, enter step S50, otherwise return, that is, terminate the transaction; CN’73B, page 5); and automatically blocking, by the at least one processor, an initiation to an interaction session associated with the at least one digital signal in response to a failure by the particular user to complete the at least one authentication step (If the execution result is passed, enter step S50, otherwise return, that is, terminate the transaction; CN’73B, page 5, see also A common financial regulatory platform consists of two parts: a customer identification module and an anti-money laundering module. Among them, customer identification is carried out through customer due diligence, enhanced due diligence, SWIFT filtering, fingerprint face and other biological information identification methods to identify and authenticate customers. CN’73B, page 2). As per claim 4, CN’73B teaches the computer-implemented method of claim 1, wherein the repository of telecommunication data is generated by a plurality of data servers compiling information (the experimental data is stored in the MySQL database, the Cache database and the Smart Contract database respectively according to the attributes, characteristics, categories and factors of the processing stage; wherein the MySQL database stores all data types of the experimental data before performing supervision operations, and the Cache database stores short Data types with high-frequency fine-grained calls, including: relational data, account data, tax data, historical data, scoring data, and blacklist/whitelist data; the SmartContract database stores data types of transaction characteristic attributes. CN’73B, page 1). As per claim 5, CN’73B teaches the computer-implemented method of claim 1, wherein the plurality of factors of risk is associated with at least one of the at least two external data sources (The six-dimensional characteristic data in the transaction data are all stored in the MySQL database; the customer type, attribution, offshore account, high-risk area, account opening time and other information are stored in the Cache database; the multi-currency related transaction characteristics Information such as transactions, surges in cash withdrawals, surges in large-amount consumption, loan ratios, and statistical characteristics of small-amount transfers are stored in the SmartContract database for easy access to smart controllers. . CN’73B, page 5). As per claim 7, CN’73B teaches the computer-implemented method of claim 1, further comprising transmitting, by the at least one processor, via at least one graphical user interface (GUI) having at least one GUI programmable element within a computing device a request for at least one unique identifier associated with the particular user (Step S70, the intelligent controller returns the final judgment result of the machine learning engine to the Smart Contract database to determine the final transaction result and display the transaction status and prediction accuracy. CN’73B, page 3). As per claim 8, CN’73B teaches the computer-implemented method of claim 7, wherein the request for the at least one unique identifier is at least one authentication step (A common financial regulatory platform consists of two parts: a customer identification module and an anti-money laundering module. Among them, customer identification is carried out through customer due diligence, enhanced due diligence, SWIFT filtering, fingerprint face and other biological information identification methods to identify and authenticate customers. CN’73B, page 2). Claim 19 has limitations similar to those treated in the above rejection, and are met by the references as discussed above, and are rejected for the same reasons of anticipation as used above. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 2, 10 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Google translation of CN113011973B, published 2023-08-29, 9 pages, in view of Dill (US 2018/0232837, Pub. Date: Aug. 16, 2018), hereinafter referred to as CN’73B and Dill. As per claim 2, CN’73B teaches the computer-implemented method of claim 1, but does not teach MNO, Dill however teaches wherein at least one of the at least two external data sources is a mobile network operator (a third-party mobile network operator (MNO) (i.e., Vodafone, Smart communications, Att, Globe, etc.) may be able to utilize the customer confidence and verification data to verify their customers' identities. Dill, [0038]). CN’73B in view of Dill are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify CN’73B in view of Dill. This would have been desirable because MNO would enter into an agreement with the identity gathering entity to utilize such identity confidence information to verify the identities of their customers (Dill, [0038]). As per claim 10, CN’73B teaches the computer-implemented method of claim 1, but does not teach geo-location, Dill however teaches further comprising utilizing a geo-location algorithm to actively detect risk by determining a location of a mobile device associated with the at least one digital signal based on a threshold of risk (the information gathered may be information that typically is not gathered. For example, each instance that a customer entered into an agent location of a bank branch office (i.e., physical locations), such information would be captured and input into the customer's identity profile. Essentially any usable identity information source can be utilized in order to generate a fuller, more accurate identity profile for each customer. Dill, [0019]), wherein the threshold of risk is based on a global rate limit associated with the repository of telecommunication data (Furthermore, transaction requests for the customer may be monitored to identify whether a transaction has exceeded a threshold (process block 220). In one embodiment, the threshold may be a transaction amount threshold, a transaction destination location, a number of transactions threshold, etc. The threshold may be utilized to "flag" certain transaction requests as needing additional verification prior to executing the transaction. Dill, [0034]). CN’73B in view of Dill are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify CN’73B in view of Dill. This would have been desirable because determining, by the processing center server, whether or not to permit the requested transaction to be performed, based on a comparison of the identity confidence score associated with the user to a threshold (Dill, Claim 1). Claim 20 has limitations similar to those treated in the above rejection, and are met by the references as discussed above, and are rejected for the same reasons of obviousness as used above. Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Google translation of CN113011973B, published 2023-08-29, 9 pages, in view of Hawes et al. (US 11,797,657, Oct. 24, 2023), hereinafter referred to as CN’73B and Hawes. As per claim 6, CN’73B teaches the computer-implemented method of claim 1, but does not teach preventing any communication between at least two computing devices, Hawes however teaches wherein the automatically blocking the initiation to the interaction session comprises preventing any communication between at least two computing devices (In step 1105, the system 910 may make a decision regarding whether to grant access to an online account session or to block access to the online account session based on one or both of the comparisons performed in steps 1102 and 1104. More particularly, if a variation between the current mark and the one or more prior marks is within a mark matching threshold and/or if a variation between the behavioral characteristics and the behavioral characteristics stored in the profile is within a respective threshold, the user may be granted access to the online account session or be permitted to proceed with the online account session. However, if the variation between the current mark and the one or more prior marks is outside of the mark matching threshold and/or if the variation between the behavioral characteristics and the behavioral characteristics stored in the profile is within the respective threshold, the user may be denied access to the online account session or be blocked from proceeding with the online account session. Hawes, Column 6, lines 43-59), wherein at least one of the at least two computing devices is associated with the at least one digital signal to a mobile device (The channels of interaction may include personal computers, mobile devices, face-to-face communications, and related hardware and software (e.g., web portals, mobile applications), and the like. Hawes, Column 8, lines 38-43). CN’73B in view of Aronowitz are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify CN’73B in view of Aronowitz. This would have been desirable because Organizations strive to ensure secure and convenient user access to services or accounts. With the proliferation of identity theft and the growing emphasis on convenience, organizations are forced to find a balance between gathering enough identifying information to provide enough confidence in a user's identity and making the services or accounts accessible to users (Hawes, Column 1, lines 30-36). Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Google translation of CN113011973B, published 2023-08-29, 9 pages, in view of Aronowitz et al. (US 2018/0034859, Pub. Date: Feb. 1, 2018), hereinafter referred to as CN’73B and Aronowitz. As per claim 9, CN’73B teaches the computer-implemented method of claim 1, further comprising dynamically reducing at least one authentication step (606 - SELECT, BY THE SERVER, ONE OR MORE AUTHENTICATION METHODS FROM THE PLURALITY OF AUTHENTICATION METHODS ACCORDING TO THE RISK AND TO MINIMIZE THE COST ASSOCIATED WITH THE OPERATION, Aronowitz, FIG. 6). CN’73B in view of Aronowitz are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify CN’73B in view of Aronowitz. This would have been desirable because authentication services typically use multiple authentication factors to make an authorization decision. The use of multiple factors increases security due to the unlikelihood that an attacker could provide all of the elements required for authentication. Each additional factor increases the security of the system and decreases the likelihood that it could be breached (Aronowitz, [0003]). Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to OLEG KORSAK whose telephone number is (571)270-1938. The examiner can normally be reached on 5:00 AM- 4:00 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rupal Dharia can be reached on (571) 272-3880. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /OLEG KORSAK/Primary Examiner, Art Unit 2492