Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Application
This action is in response to remarks received 03/31/2026.
This application is a Continuation of 17449982, filed 10/05/2021, now U.S. Patent # 12154114 and having 1 RCE-type filing therein 17449982 is a Continuation of 15975394, filed 05/09/2018, now U.S. Patent # 11151568 and having 1 RCE-type filing therein.
Claims 1, 8 & 15 have been amended.
Applicant’s arguments, see pages 10-11, filed 03/31/2026, with respect to the rejection(s) of claim(s) 1, 2, 4, 7-9, 11, 14-16 & 18 under 35 USC 102 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Michael Hanley et al. (US 2020/0288315 A1, herein Hanley).
Claims 1, 8 & 15 being independent and claims 2-7, 9-14 and 16-20 are dependent claims.
Claims 1-20 are currently pending and have been examined.
Response to Arguments
Applicant's arguments filed 03/31/2026 have been fully considered but they are not persuasive.
With respect to Applicant’s arguments under 35 USC 101, Applicant asserts that the amended claims are patent-eligible and alleges that the Examiner indicated during the interview that the amendments would overcome the rejection. This argument is not persuasive.
The interview Summary of record indicates that the Examiner expressly noted that the additional elements, including the recited “data model”, are described at a high-level of generality and are used in a generic and functional manner to perform data analysis. The Examiner further indicated that the claims do not describe how the trained model is implemented in a non-conventional manner or how it improves the functioning of a computer or other technology.
Thus, any statements made during the interview were not an agreement of allowability, but rather identified deficiencies that would need to be addressed.
Upon further consideration, the claims, as amended, remain directed to evaluating transaction risk, assigning a risk score, and selecting an authentication procedure based on the risk score. This constitutes a method of organizing human activity and fundamental economic practice.
The additional limitations, including use of a “data model” and temporal associations, merely amount to generic data processing and analysis, and do not integrate the abstract idea into a practical application or provide an inventive concept.
Accordingly, the rejection under 35 USC 101 is maintained.
With respect to Applicant’s arguments under 35 USC 102, Applicant’s arguments do not address the combined teachings of the applied references and therefore are not persuasive.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Under Step 2A, Prong One of the Alice/Mayo framework, the claims are directed to an abstract Idea.
Claim 1 recites a series of steps for receiving notifications associated with account activity, receiving a request associated with a transaction, determining a risk score using a trained data model, selecting an authentication procedure based on the risk score, and providing authentication instructions.
As amended, the claim further recites that the data model is trained using historical account data and associates risk scores with estimated time periods.
These steps collectively describe monitoring account activity, evaluating transaction risk, and controlling access through authentication, which constitute organizing and managing human/commercial activity and risk assessment.
These steps reflect longstanding practices of fraud detection, transaction monitoring, and access control that can be, and historically have been, performed by humans using rules, judgement, and basic recordkeeping, now implemented using generic computing technology.
Courts have consistently held that concepts such as fraud detection, risk evaluation, transaction authorization, and access control constitute abstract ideas. See, e.g., Alice Corp. v. CLS Bank Int’l, 573 U.S. 208 (2014); Bilski v. Kappos, 561 U.S. 593 (2010); Credit Acceptance Corp. v. Westlake Servs., 859 F.3d 1044 (Fed. Cir. 2017).
Accordingly, the claims recite an abstract idea.
Under Step 2A, Prong Two, the claims do not integrate the abstract idea into a practical application.
Although the claims recite various computing elements, such as devices, data models, timestamps, risk scores and authentication procedures, these elements are recited at a high-level of generality and function are only as tools to implement the abstract idea.
The additional limitations directed to a “trained data model” including training based on historical account data and associating risk scores with estimated time periods, merely describe generic data analysis techniques and do not impose any meaningful limit on the abstract idea.
The claims do not recite how the data model is specifically implemented, trained, or applied in a non-conventional manner, nor do they provide any technical improvement to computer functionality or another technology. Further, the claims do not recite: an improvement to the functioning of a computer or server; an improvement to encryption technology or tokenization techniques; a specific technical solution to a problem rooted in computer technology; or a particular data structure or protocol that improves security or efficiency.
Rather, the claimed components merely receive, transmit, analyze, select, and provide information, which are functions that constitute generic computer operations. Further, the claimed “data model” is invoked as a generic tool to perform risk evaluation without specifying any technological implementation details. The recited training of a data model and association of risk scores with time periods amount to data gathering and analysis steps that are part of the abstract idea itself; therefore, does not improve the functioning of the computer itself, but instead uses the computer as a tool to perform abstract data analysis.
Accordingly, the claims merely apply the abstract idea using generic computing components, rather than integrating the abstract idea into a practical application.
Under Step 2B, the additional elements, including the trained data model, timestamps, and risk based authentication selection, are well-understood, routine and conventional activities in the field of fraud detection and access control.
The claim does not recite any unconventional arrangement of these elements or any specific implementation that amounts to significantly more than the abstract idea.
The additional elements (i.e., claim limitations considered “beyond” the abstract idea) recited, such as generating a risk score, comparing timestamps, selecting an authentication procedure, and providing authentication instructions; are well-understood, routine, and conventional activities in the field of electronic fraud detection and access control.
When considered individually and as an ordered combination, the additional elements merely apply the abstract idea using generic computing components and do not transform the nature of the claim into a patent-eligible application.
Claims 8 and 15 recite limitations analogous to claim 1 and are rejected under the same rationale.
The dependent claims are separately considered. Each dependent claim adds further limitations (additional elements) beyond the abstract idea; however, those additional elements likewise amount to conventional computer implementation and/or insignificant extra-solution activity.
Claims 2, 9 and 16 recite restricting access to an account until an authentication procedure is completed. This limitation reflects routine access-control logic.
Claims 3, 10 and 17 recite providing instructions for a different authentication procedure when an authentication attempt fails, which constitutes routine conditional logic.
Claims 4, 11 and 18 further recite sending a request to restrict access to a profile management platform, which reflects conventional account management operations.
Claims 5, 12 and 19 further recite obtaining additional information from one or more data sources to identify actions to perform, which reflects routine data aggregation and decision support processing.
Claims 6, 13 and 20 further recite processing additional information to increase or decrease a likelihood of fraud, which reflects routine risk adjustment calculations.
Claims 7 and 14 further recite associating additional information with a social media account, which reflects conventional data association techniques.
Accordingly, each dependent claim adds only conventional computer implementation details and/or insignificant extra-solution activity beyond the abstract idea. Therefore, the dependent claims likewise do not recite an inventive concept for substantially the same reasons discussed above.
Because the claims are directed to an abstract idea and do not recite additional elements sufficient to amount to significantly more than the abstract idea itself, claims 1–20 are rejected under 35 U.S.C. § 101.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1, 8 & 15 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claims 1, 8 & 15 recite the limitation "wherein the data model" in amended language of the independent claims. There is insufficient antecedent basis for this limitation in the claim.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Dmitriy Nikolaevich Kovega et al. (US 2018/0295146 A1, herein Kovega) in view of Lior Golan et al. (US 8,572,391 B2, herein Golan) and in further view of Hanley.
As per claim 1, Kovega teaches a method, comprising:
receiving, by a first device and from a second device, a real-time notification indicating that information of an account stored in an information management platform is being modified, wherein the real-time notification is associated with a first time stamp (Kovega ¶¶ [82, 87, 90-91, 93, 97, 120, 122, 124, 126, 129 & 131]);
receiving, by the first device and from a third device, a request associated with a high-risk transaction involving the account, wherein the request is associated with a second time stamp, and wherein instructions for an authentication procedure from a plurality of authentication procedures was preemptively provided to the third device before receiving the request associated with the high-risk transaction involving the account (Kovega Kovega ¶¶ [80-82 & 85], also see ¶¶ [114, 116, 122-123, 139, 141 & 143-147]);
selecting, by the first device and based on the risk score, another authentication procedure from the plurality of authentication procedures (Kovega ¶ [85], also see ¶¶ [114, 116, 122, 130-131 & 143]); and
performing the selected other authentication procedure for authentication (Kovega ¶¶ [85 & 114-116]).
determining, by the first device […], a risk score associated with a likelihood that the request is associated with a fraudulent transaction (Kovega ¶¶ [82 & 85]),
[…] associate a set of risk scores, including the risk score, with a set of estimated time periods at which the high-risk transaction may be performed (Kovega¶¶ [80-83]),
it can be argued Kovega does not explicitly teach, however, Golan further teaches:
[comparing transaction timing against known timing patterns] (Golan column 2 lines 5-20 and column 10 lines 40-65)
[identify a particular time range associated with the set of estimated time periods, and wherein the risk score is associated with the particular time range] (Golan column 2 lines 5-20)
it can be argued the combination of Kovega and Golan does not explicitly teach, however, Hanley further teaches:
determining, by the first device [and based on a data model that has been trained with historical account data associated with a group of accounts that include the account], a risk score associated with a likelihood that the request is associated with a fraudulent transaction (Hanley ¶¶ [51-52 & 63]),
[wherein the data model is trained on temporal transactions data] (Hanley ¶¶ [51-52])
It would have been obvious to one of ordinary skill in the art to modify Kovega’s abnormal activity detection system to incorporate Golan’s teachings of evaluating risk based on temporal behavioral patterns in order to improve detection accuracy by accounting for time-based user behavior. Further, it would have been obvious to incorporate Hanley’s machine learning-based trained model into the combined system to improve risk scoring by learning from historical transaction data over time. The combination represents a predictable use of prior art elements according to their established functions.
As per claims 8 & 15, the claims recite analogous limitations as claim 1 above and rejected under the same premise.
As per claim 2, the combination of Kovega, Golan and Hanley teach the method of claim 1, Kovega further teaches: wherein when the other authentication procedures is provided in conjunction with restricting access to the account, access to the account is not re-enabled until the other authentication procedure is completed successfully (Kovega ¶¶ [116 & 146-147]).
As per claims 9 & 16, the claims recite analogous limitations as claim 2 above and rejected under the same premise.
As per claim 3, the combination of Kovega, Golan and Hanley teach the method of claim 1, Kovega does not explicitly teach providing authentication instructions associated with a different authentication procedure when a prior authentication procedure is unsuccessful. However, Golan teaches:
further comprising: providing, based on determining that the other authentication procedure was not successful, authentication instructions associated with a different authentication procedure (Golan column 6 lines 18-33 and column 13 lines 11-34).
As per claims 10 & 17, the claims recite analogous limitations as claim 3 above and rejected under the same premise.
As per claim 4, the combination of Kovega, Golan and Hanley teach the method of claim 1, Kovega further teaches: wherein the other authentication procedure is a request to restrict access to the account that is sent to a profile management platform (Kovega ¶¶ [116 & 146-147]).
As per claims 11 & 18, the claims recite analogous limitations as claim 4 above and rejected under the same premise.
As per claim 5, the combination of Kovega, Golan and Hanley teach the method of claim 1, it can be argued Kovega does not explicitly teach, however, Golan further teaches:
wherein the other authentication procedure comprises: obtaining additional information from one or more additional data sources, wherein the additional information is used to identify optical actions to perform (Golan column 4 lines 37-65, column 5 lines 5-27, column 6 lines 18-47, column 7 lines 4-21, column 8 lines 12-31 & column 11 lines 14-50).
The motivation to combine the references is the same as seen above in claim 1.
As per claims 12 & 19, the claims recite analogous limitations as claim 5 above and rejected under the same premise.
As per claim 6, the combination of Kovega and Golan teach the method of claim 5, Golan further teaches: wherein the additional information is processed to increase or decrease the likelihood that the request is associated with the fraudulent transaction (Golan column 5 lines 21-49, column 6 lines 42-47, column 7 lines 26-52 and 65-67, column 8 lines 1-11, column 9 lines 29-51, column 11 lines 51-67, column 12 lines 32-40, column 16 lines 1-32 and column 17 lines 1-16).
The motivation to combine the references is the same as seen above in claim 1.
As per claims 13 & 20, the claims recite analogous limitations as claim 6 above and rejected under the same premise.
As per claim 7, the combination of Kovega, Golan and Hanley teach the method of claim 5, Kovega further teaches: wherein the additional information is associated with a social media account (Kovega ¶¶ [6, 77-78, 80, 84, 93, 99-100, 103, 105-106, 108-112 & 127]).
As per claim 14, the claim recites analogous limitations as claim 7 above and rejected under the same premise.
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TONY P KANAAN whose telephone number is (571)272-2481. The examiner can normally be reached Monday- Friday 7:30am - 3:30 pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Matthew Gart can be reached at 5712723955. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/T.P.K./Examiner, Art Unit 3696
/MATTHEW S GART/Supervisory Patent Examiner, Art Unit 3696