DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
 
Claim Status
 Claims 10, 20-21 have been cancelled.  Claims 11-19 have been withdrawn.
 
Response to Applicant Remarks
    With regard to the rejections under 35 USC 112(a), rejections are withdrawn in view of amendments to claim 1 and cancellation of claim 10. However, new ground of rejection as introduced by claim amendments are discussed below.
With regard to the rejections under 35 USC 112(b), rejections are withdrawn in view of the claim amendments and cancellation of claim 10.  However, new ground of rejection as introduced by claim amendments are discussed below.
 With regard to the prior art rejections,  Applicant’s remarks have been considered but are deemed moot in view of new grounds of rejection necessitated by claim amendments.


Claim Rejections - 35 USC § 112(a)
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):


The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

 Claims 1-9 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention.
With regard to claim 1, the claim recites, “…receiving, on a third server operated by a third entity at a third network node, from a first server operated by a first entity at a first network node, a version of data from a first end user device, via a packet-switched data network, that is generated by a user of said first end user device, said first end user device connected to said packet-switched data network; receiving, on said third server, from said first server, a suspicion that said user of said first end user device is a fraudulent actor; receiving, on said third server, from said first server, a recording comprising key presses received by said first end user device, a timing of each key press of said key presses, and movements including at least one of button presses, motion, and timing of said button presses and motion thereof, further including where a touchscreen of said first end user device is pressed and how said touchscreen is swiped…” 
The claim also recites similar language regarding the sending of data and recordings between second server and third server:  receiving, on said third server, from a second server operated by a second entity at a second network node, data from a second end user device, via a packet-switched data network, that is generated by a user of said second end user device, said second end user device connected to said packet-switched data network; receiving, on said third server, from said second server, a suspicion that said user of said second end user device is a fraudulent actor; receiving, on said third server, from said second server, a recording comprising key presses received by said second end user device, a timing of each key press of said key presses, and movements including at least one of button presses, motion, and timing of said button presses and motion thereof, further including where a touchscreen of said second end user device is pressed and how said touchscreen is swiped;
However, Applicant’s specification does not disclose the third server receiving a version of data from first/second server, receiving a suspicion a user is fraudulent actor, and receiving a recording of key data from first server.  Rather, Applicant’s specification discloses the first server receiving a version of data from first user device, and, when there is a suspicion of fraud, recording and sending such data to the third server.  See PGPub [8], “…in an embodiment of the disclosed technology, a method of denying access to sensitive data is carried out by receiving from each of at least a first end user device and second end user device a version of data based on a recorded session having recorded interactions. The “version” of data is one which is representative of aspects of the original data with the parts thereof needed to carry out the method of the disclosed technology still present in a form which is usable to do same. The recorded interactions include at least one or more of key presses and timing of each key press of 
The claim is therefore rejected for comprising new matter and failing to comply with the written description requirement.  For purposes of examination, the version of data and suspicion will be interpreted as being received/formed at the first/second server and followed by the recording of data and subsequent sending to the third server, as disclosed in Applicant’s specification.  Dependent claims 2-9 inherit the same deficiency and are rejected for the same reason. 

 With regard to claim 1, the claim recites, “…concluding a likelihood that said user of said first end user device is a known fraudulent actor…concluding a likelihood that said user of said second end user device is a known fraudulent actor…concluding a likelihood that said user of said first end user device is a same user as said user of said second end user device…”  (Emphasis added.)  Applicant’s specification does not specifically disclose such concluding steps, nor does the specification disclose an algorithm for concluding a likelihood, nor what parameters would establish such a likelihood conclusion. 
See PGPub [15], “…The third party server further receives or generates an indication that the recording matches data associated with a user indicated to have committed or likely to have committed fraud (a “fraudulent actor”)…”; [34], “…In examples of where the third party server makes the determination, this can be based on, for example, the recordings matching that of 
These disclose ‘matching’, implying a complete data match, but not determining or concluding a ‘likelihood’ of a match or therefore a fraudulent actor or same users.
See MPEP 2161.01 I,
 “…When examining computer-implemented functional claims, examiners should determine whether the specification discloses the computer and the algorithm (e.g., the necessary steps and/or flowcharts) that perform the claimed function in sufficient detail such that one of ordinary skill in the art can reasonably conclude that the inventor possessed the claimed subject matter at the time of filing. An algorithm is defined, for example, as "a finite sequence of steps for solving a logical or mathematical problem or performing a task." Microsoft Computer Dictionary (5th ed., 2002)… If the specification does not provide a disclosure of the computer and algorithm in sufficient detail to demonstrate to one of ordinary skill in the art that the inventor possessed the invention a rejection under 35 U.S.C. 112(a) or pre-AIA  35 U.S.C. 112, first paragraph, for lack of written description must be made…”
 
The claim is therefore rejected for comprising new matter and failing to comply with the written description requirement.  For purposes of examination, the ‘concluding a likelihood’ limitations will be interpreted as ‘determining a match with data of a fraudulent actor’ or determining a match with data of another user’, as disclosed in Applicant’s specification;  


 Claim Rejections - 35 USC § 112(b)
 The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


 Claims 1-9, 22 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
With regard to claims 1 and 22, the claims recite, “…receiving, on said third server, from said first server, a recording comprising key presses received by said first end user device, a timing of each key press of said key presses, and movements including at least one of button presses, motion, and timing of said button presses and motion thereof, further including where a touchscreen of said first end user device is pressed and how said touchscreen is swiped…”  The claim recites a recording comprising data types, and then recites ‘further including where…and how…touchscreen swiped.’  It is not clear if the recording further includes the touchscreen press/swipe data, or if the recited ‘movements’, or even ‘motion thereof’ further include the “a recording comprising key presses received by said first end user device, a timing of each key press of said key presses, and movements including at least one of button presses, motion, timing of said button presses and motion thereof, and where a touchscreen of said first end user device is pressed and how said touchscreen is swiped…” (as supported by [8] of Applicant’s PGPub).  Dependent claims 2-9 inherit the same deficiency and are rejected for the same reason.
With regard to claim 1, the claim recites, “…concluding a likelihood that said user of said first end user device is a known fraudulent actor…concluding a likelihood that said user of said second end user device is a known fraudulent actor…concluding a likelihood that said user of said first end user device is a same user as said user of said second end user device…”  (Emphasis added.)  The language, ‘concluding a likelihood’ is not clear; it would appear such concluding is based upon a data match from the comparing step, but the match threshold and subsequent concluding is unclear and the claims is therefore unclear and indefinite.  For purposes of examination, the ‘concluding a likelihood’ limitations will be interpreted as ‘determining a match with data of a fraudulent actor’ or determining a match with data of another user’, as disclosed in Applicant’s specification; however, the level/degree of match is still unclear.  Dependent claims 2-9 inherit the same deficiency and are rejected for the same reason.

 
Claim Rejections - 35 USC § 103
 In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

 
Claims 1-6, 8, are rejected under 35 U.S.C. 103 as being unpatentable over Burke (US Publication 2016/0132886), in view of Brannon (US Publication 2014/0053238), in further view of De Los Reyes (US Publication 2009/0150437), in further view of Rogers, (US Publication 2009/0313693).
With regard to claim 1, Burke discloses A method of denying access to transactions, comprising the steps of: receiving, on a third server operated by a third entity at a third network node, from a first server operated by a first entity at a first network node, a version of data from a first end user device… that is generated by a user of said first end user device ([30], [25], [26]; interpreted as being received at first/second server see 112a above), 
said first end user device connected to said … network ([29] discloses “…a customer's personal computer for conducting online banking, a mobile phone for conducting online banking, a bank teller's computer system, terminals for conducting wire transactions, or any other type of financial transaction terminal 105 connected through a network to one or more banking systems 103…”; [26] discloses servers 103 connected to fraud system via network);
receiving, on said third server, from said first server, a suspicion that said user of said first end user device is a fraudulent actor ([42] interpreted as being received at first/second server see 112a above); 
receiving, on said third server, from said first server, a recording comprising transaction or banking information ([29], [30]; 
receiving, on said third server, from a second server operated by a second entity at a second network node, data from a second end user device…that is generated by a user of said second end user device ([30], [25], [26]; interpreted as being received at first/second server see 112a above); 
said second end user device connected to said…network ([29] discloses “…a customer's personal computer for conducting online banking, a mobile phone for conducting online banking, a bank teller's computer system, terminals for conducting wire transactions, or any other type of ;
receiving, on said third server, from said second server, a suspicion that said user of said second end user device is a fraudulent actor ([42] interpreted as being received at first/second server see 112a above); 
receiving, on said third server, from said second server, a recording comprising transaction or banking information ([29], [30]);
comparing, on said third server, said recording received from said first server and movements data from known fraudulent actors ([40]); 
concluding a likelihood that said user of said first end user device is a known fraudulent actor ([40], “…A fraud detection server 102 may compare the names of the payer and payee against a watch list, such as a terrorist watch list, to prevent known terrorists or criminals from being funded or making purchases…”; interpreted as determining a match with data of a fraudulent actor as discussed above in rejections under 35 USC 112, above); 
comparing, on said third server, said recording received from said second server and movements data from known fraudulent actors ([40]);
concluding a likelihood that said user of said second end user device is a known fraudulent actor ([40], “…A fraud detection server 102 may compare the names of the payer and payee against a watch list, such as a terrorist watch list, to prevent known terrorists or criminals from being funded or making purchases…”; interpreted as determining a match with data of a fraudulent actor as discussed above in rejections under 35 USC 112, above); 
comparing, on said third server, said recording received from said first server and said recording received from said second server ([36], [37], “fraud detection server 102 may perform phonetic name-matching, and/or identify names that are not exact matches but have similar characters. For example, Sara Jones may be listed as “Sarah Jones” in one banking system 103a and “Sara Jones” in another banking system 103b…performs probabilistic analysis to determine if the data for Sara Jones is the same as the data for Sarah Jones”;
concluding a likelihood that said user of said first end user device is a same user as said user of said second end user device ([36], [37], interpreted as determining a match with data of another user, as discussed under 35 USC 112 rejections, above).  
Burke discloses said first end user device connected to said …network, in [29] as discussed above, but does not specifically disclose the fraud detection system connecting to the first/second entities (103, 105 in Burke) by means of Internet/packet-switched data network, as recited said first end user device connected to said packet-switched data network.  
Burke also discloses a third server operated by a third entity at a third network node receiving data from a first server operated by a first entity at a first network node, as discussed above, but does not specifically disclose receiving via a packet-switched data network.
However, Burke (in [41]) discloses the fraud-detection system connected to the financial institution via an internet connection.  It would have been obvious to one of ordinary skill in the art at the time the claimed invention was effectively filed, to have combined the specific Internet/packet-switched network connection as disclosed by Burke (for connecting the fraud detection system 100 and the financial institution 109), with network connections of the first/second entities (105) and first/second servers (103) as disclosed by Burke, because such a 


Burke, as discussed above, discloses receiving, on said third server, from said first/second server, a recording comprising transaction or banking information ([29], [30]), but does not specifically discloses the data received comprises key presses received by said first/second end user device, a timing of each key press of said key presses, and movements including at least one of button presses, motion, and timing of said button presses and motion thereof, further including where a touchscreen of said first end user device is pressed and how said touchscreen is swiped.  
However, Brannon discloses receiving data comprising key presses received by said second end user device…and movements including at least one of button presses, motion, and timing of said button presses and motion thereof ([48], “…capture visual, aural, physical, and/or other types of stimuli and/or information, such as spoken words, motions, gestures, biometric signatures and/or the like…”; [75], “…recording and/or sensing devices may, for example, comprise one or more cameras (e.g., still, video, infrared, and/or 3D--such as time-of-flight (TOF)--cameras, and/or any other types of cameras)…”; [65], [67], Figure 4, where #400 can be embodied in server 110 or 130); ([76], “…causing at least a portion of the at least one recording to be compared against at least one database. See operation 530…,”Figure 5; [77], “…determining a hashed and/or encrypted version of the portion of the recording, such that hashed and/or encrypted versions of the portion of the recording may be compared…,” Figure 6 #630; [86]); 
Burke discloses denying transactions for said first end user and/or for said second end user based on said concluded likelihoods ([37], “prevent known terrorists or criminals from being funded or making purchases”, [30], “…If data is received more frequently, then servers 101 of the fraud detection system 100 may have the ability to deny or allow financial transactions…”), but does not specifically disclose denying access or causing denial of access to a subset of further data intended for said first end user and/or for said second end user based on said concluded likelihoods. However, Brannon discloses denying access or causing denial of access to a subset of further data intended ([48], [75], [38], Figure 5, #530-560; Figure 6 #640-660; [87], [89], “restricting access to at least a portion of the data and/or resources of the user device 150, such as by locking the user device 150 and/or encrypting or wiping at least a portion of the memory of the user device… disabling one or more functions, features, and/or services of the user device 150…”; [80], [26], functionality can be receiving data, [43], network).  It would have been obvious to one of ordinary skill in the art at the time the claimed invention was effectively filed to have combined the fraudulent-user detection method and system as disclosed by Burke, as modified by the packet-switched network disclosed by Burke, with the use of video/biometrics for fraud detection and denial of access to data method/system as disclosed by Brannon, because of the increased security afforded by such measures (see Brannon, [11], [12]).


Burke discloses fraud detection based on transaction data received, and further discloses the first and second user and first and second end user device, as discussed above, and Brannon discloses detection based on data comprising movement data, as discussed above, but neither key presses received by said first end user device, a timing of each key press of said key presses, and movements including at least one of button presses, motion, and timing of said button presses and motion thereof, further including where a touchscreen of said first/second end user device is pressed and how said touchscreen is swiped.  
However, de Los Reyes discloses data received comprises key presses received by said first/second end user device, a timing of each key press of said key presses ([20], [13], Figure 2a), and movements including at least one of button presses, motion, and timing of said button presses and motion thereof ([13], pressure at which key is pressed);   and movements including at least one of button presses, motion, and timing of said button presses and motion thereof ([13], pressure at which key is pressed); and the data being compared comprises timing of each said … key press ([23], where typeprints derived from keystroke dynamics are compared). 
 It would have been obvious to one of ordinary skill in the art at the time the claimed invention was effectively filed to have combined the fraudulent-user detection method and system as disclosed by Burke, as modified by the packet-switched network disclosed by Burke, as modified by the use of video/biometrics for fraud detection and denial of access to data method/system as disclosed by Brannon, with the further technique of using keystroke dynamics as the input data to be used for access control as disclosed by De Los Reyes because using keystroke dynamics would allow user tracking across devices and networks (see De Los Reyes [3], [4]), and further, the use of keystroke dynamics as disclosed by De Los Reyes would require use only of keyboard (or mouse/touch display) structural elements, and therefore obviate the need 

Burke discloses fraud detection based on transaction data received, and further discloses the first and second user and first and second end user device, as discussed above, and Brannon discloses detection based on data comprising movement data, and de Los Reyes discloses keystroke dynamics as the input data to be used for access control, as discussed above, but Burke, Brannon, an de Los Reyes do not specifically disclose data received further including where a touchscreen of said first/second end user device is pressed and how said touchscreen is swiped.  However, Rogers discloses authentication data including where a touchscreen of said first/second end user device is pressed and how said touchscreen is swiped ([40], [44], Figure 2a).   It would have been obvious to one of ordinary skill in the art at the time the claimed invention was effectively filed to have combined the fraudulent-user detection method and system as disclosed by Burke, as modified by the packet-switched network disclosed by Burke, as modified by the use of video/biometrics for fraud detection and denial of access to data method/system 


With regard to claim 2, Burke, in view of Brannon, in further view of De Los Reyes, in further view of Rogers, disclose the limitations of claim 1 as discussed above.  Brannon further discloses wherein if, and said… movements (video) received by said first end user device matches said recordings of said… movements of known fraudulent users, ([77], [75], [25], [26]),  said user is determined to be a fraudulent actor ([77]) and either said first server or said second server modifies data sent to said user to prevent fraud ([87]], result of match sent; [89] authorities contacted as a result, ‘to prevent fraud’ being the intended use).  De Los Reyes discloses  said recorded key presses, said timing of each key press of said key presses … matches said recordings of said key presses, said timing of each key press of said key presses … of known persons of interest said user is determined to be a person of interest ([13], [20], [23]).  Brannon discloses the person of interest comprising a fraudulent actor as above.  


With regard to claim 3, Burke, in view of Brannon, in further view of De Los Reyes, in further view of Rogers, disclose the limitations of claim 2 as discussed above.  Burke further said receiving from said first end user device was by way of a first web server operated by a first banking institution ([25], [33], Figure 1); and said receiving from said second end user device was by way of a second web server operated by a second banking institution ([25], [33], Figure 1); wherein said modified data is modified in real time while said second end user device attempts to access secure data from said second web server ([30], data may be received and transaction allowed/denied in real time when fraud found in contemporaneous transaction, [45]); after said step of comparing said recorded transaction data with said recordings of transaction data from known fraudulent actors received from a second end user device ([30], [40], compare payee/payer names to those stored of known terrorists/watch lists; [38], [45]).  
Brannon further discloses comparing recorded movement data to stored movement recordings (video) in order to detect fraudulent actors ([75], [77], as discussed above), and De Los Reyes discloses comparing said recorded key presses, said timing of each key press of said key presses … with said recordings of key presses, timing of each key press of said key presses … of known persons of interest ([13], [20], [23]). 


With regard to claim 4, Burke, in view of Brannon, in further view of De Los Reyes, in further view of Rogers, disclose the limitations of claim 1 as discussed above.  Brannon discloses said step of recording, on a first server, … said movements (video or biometric information) is carried out only after and as a result of said step of suspecting whether the user is a fraudulent actor ([75]).  De Los Reyes discloses recording key presses received by said first end user device, said timing of each key press of said key presses, ([20], [13], [14], [23]). Brannon discloses receiving, on said third server, from said first server, a suspicion that the user of said first end user device is a fraudulent actor ([42] interpreted as being received at first/second server see 112a above).


With regard to claim 5, Burke, in view of Brannon, in further view of De Los Reyes, in further view of Rogers, disclose the limitations of claim 4 as discussed above.  Burke further discloses fraud detection comprising comparing data to each other as part of post-processing, wherein each of said first user on said first end user device and a second user on said second end user device has completed their interactions with a respective web server and/or financial institution ([33], receive data from multiple sources, [38], compare/match, [46], periodically receives data (post-processing, after interactions complete) [60], apply across data to track, [26], online banking system, Figure 1).  
Brannon further discloses said recording, on a first server, said… movements (video or biometric information) and a plurality of additional recordings including … movements including at least one of button presses, motion, and timing of said button presses and motion thereof are stored on a server are compared to each other ([77], [75], where videos comprise recordings of movements and motion).
De Los Reyes discloses said recording…key presses received by said first end user device, said timing of each key press of said key presses…and a plurality of additional recordings including key presses received by an end user device, timing of each key press of said key presses…are stored on a server are compared to each other ([20], [13], [23]).
 

With regard to claim 6, Burke, in view of Brannon, in further view of De Los Reyes, in further view of Rogers, disclose the limitations of claim 4 as discussed above.  Brannon discloses if said recording of said movements (video or biometric information) comprises at least one of … movements of a motion or touch device used to carry out a fraudulent financial transaction, the user is a fraudulent actor ([77], [75]).  De Los Reyes discloses if said recording of said key presses, of said timing of each key press of said key presses…comprises at least one of keystrokes … used to carry out a fraudulent financial transaction, the user is a person of interest ([20], [13], [14], [23]).  


With regard to claim 8, Burke, in view of Brannon, in further view of De Los Reyes, in further view of Rogers, disclose the limitations of claim 4 as discussed above.  Brannon discloses if said recording … of said movements matches other recordings which were indicated as fraudulent, the user may be considered unauthorized/untrusted ([77], [90], [26]).  De Los Reyes discloses if said recording of said key presses, of said timing of each key press of said key presses… matches other recordings which were indicated as fraudulent, the user is an individual of interest ([20], [13], [23]).  Burke further discloses if said recording of event data matches other event data recordings which were indicated as fraudulent, the transaction being attempted using the first end user device is categorized as fraud/illegitimate ([39], [33]).  Burke also discloses events comprising transfers ([33]). 
 


Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Burke (US Publication 2016/0132886), in view of Brannon (US Publication 2014/0053238), in further view of De Los Reyes (US Publication 2009/0150437), in further view of Rogers, (US Publication 2009/0313693), in further view of Freeman (US Patent 8,931,096).  
With regard to claim 7, Burke, in view of Brannon, in further view of De Los Reyes, in further view of Rogers, disclose the limitations of claim 1 as discussed above.  Brannon further  discloses wherein said sent suspicion that said user of said first end or of said second end user device is a fraudulent actor is due to a determination that a suspicious event has occurred…during said recording of said first end user device ([42], [75], suspicious determination prompts recording; [78], recording precedes determination of suspicious event).  Brannon does not specifically disclose that the suspicious event comprises that a specific software port is in use on said first end user device.  However, Freeman discloses suspecting a fraudulent use due to a determination that a specific software port is in use on said first end user device (Col. 5 lines 65- Col. 6 line 28, especially Col. 6 lines 19-28; Col. 13 line 57-Col. 14 line 53, especially Col. 14, lines 44-50, logging suspicious event).  It would have been obvious to one of ordinary skill in the art at the time the claimed invention was effectively filed to have combined the fraudulent-user detection method and system as disclosed by Burke, as modified by the packet-switched network . 
 

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Burke (US Publication 2016/0132886), in view of Brannon (US Publication 2014/0053238), in further view of De Los Reyes (US Publication 2009/0150437), in further view of Rogers, (US Publication 2009/0313693), in further view of Bailey (US Patent 8,618,913).  
With regard to claim 9, Burke, in view of Brannon, in further view of De Los Reyes, in further view of Rogers, disclose the limitations of claim 1 as discussed above.  Brannon further discloses movements/motions included in said recording thereof and compared in said step of comparing said recorded …movements with recordings of …movements data from known fraudulent actors received from said second end user device ([75] (videos), [77], [90], [26]).  De Los Reyes discloses included in said recording thereof and compared in said step of comparing said recorded key presses, said timing of each key press of said key presses…with recordings of key presses, timing of each key press of said key presses…data from known individuals of interest received from said second end user device ([20], [13], [23]). Neither Brannon nor De Los Reyes an inclination angle of said first end user device is included in said recording thereof and compared in said step of comparing said recorded…movements with recordings … movements data (Col. 3 lines 6-19, Col. 3 line 61-Col. 4 line 14, Col. 4 lines 32-38, Figure 3 and Claim 8).   It would have been obvious to one of ordinary skill in the art at the time the claimed invention was effectively filed to have combined the fraudulent-user detection method and system as disclosed by Burke, as modified by the packet-switched network disclosed by Burke, as modified by the use of video/biometrics for fraud detection and denial of access to data method/system as disclosed by Brannon, as modified by the technique of using keystroke dynamics in access control methods as disclosed by De Los Reyes, as modified by using touchscreen pressing/swiping data for user identification/authentication as disclosed by Rogers, with the further technique of determining user identity based on sensor data such as inclination as taught by Bailey because leveraging mobile device sensor capabilities in making security decisions regarding access to sensitive data would minimize possibility of identity theft (see Bailey, Col. 2 lines 10-17). 


Claim 22 is rejected under 35 U.S.C. 103 as being unpatentable over Burke (US Publication 2016/0132886), in view of Brannon (US Publication 2014/0053238), in further view of De Los Reyes (US Publication 2009/0150437).
With regard to claim 22, Burke discloses A method of denying access to transaction, comprising the steps of: on a first server operated by a first entity at a first network node, opening a first … session with a first end user (([30], [25], “…The banking systems 103 may record and store data associated with the details of monitored transactions made through transaction terminals 105…”; [26]); on said first server, recording… transaction data entered by said first end user ([25]); sending data…comprising text to a third server operated by a third entity at a third network node ([29], [30]); on a second server operated by a second entity at a second network node, opening a second … session with a second end user ([30], [25], [26]); on said second server, recording, during said second … session, text entered by said second end user ([25]); sending data comprising … text, to said third server ([29], [30]); on said third server, receiving said data from said first server and said data from said second server ([29], [30]); on said third server, comparing said data from said first server with fraud-determining criteria to determine if said first end user is unauthorized ([40], compare with fraudulent actors); on said third server, comparing said data from said second server with fraud-determining criteria to determine if said second end user is unauthorized ([40], compare with fraudulent actors); on said third server, comparing said data from said first server with data from said second server to determine if said first end user is said second end user server ([36], [37], “fraud detection server 102 may perform phonetic name-matching, and/or identify names that are not exact matches but have similar characters. For example, Sara Jones may be listed as “Sarah Jones” in one banking system 103a and “Sara Jones” in another banking system 103b…performs probabilistic analysis to determine if the data for Sara Jones is the same as the data for Sarah Jones”).  
Burke discloses sending data to third server as above, but does not specifically disclose sending by way of a packet-switched network.  However, Burke (in [41]) discloses the fraud-detection system connected to the financial institution via an internet connection (by way of a packet-switched network).  It would have been obvious to one of ordinary skill in the art at the time the claimed invention was effectively filed, to have combined the specific Internet/packet-switched network connection as disclosed by Burke (for connecting the fraud detection system 100 and the financial institution 109), with network connections of the first/second entities (105) and first/second servers (103) as disclosed by Burke, because such a connection would provide flexibility and ease of use with industry-standard connections amongst entity device (See Burke [41], online banking embodiment, [29]).
Burke discloses sending data to third server, and the first and second servers as above, and further discloses anonymizing said text entered by said first end user ([51], “…hash function masks data so that personally identifiable information is removed before being processed by the datacenter”), but does not specifically disclose authenticated sessions.  However, Brannon discloses authenticated sessions ([2], [25], password-protected sessions) and on said… server, anonymizing said text entered by said first end user 
Burke discloses recording, on first/second server transaction data, and further discloses sending the data to a third server, as discussed above.  Brannon discloses anonymizing the data, as above.  However, neither Burke nor Brannon specifically disclose that the data comprises text entered by said first end user, a timing thereof, and other position-related inputs. 
However, De Los Reyes discloses text entered by said first end user, a timing thereof, and other position-related inputs ([20], [13], Figure 2a, [13], pressure at which key is pressed; [23], where typeprints derived from keystroke dynamics are compared). It would have been obvious to one of ordinary skill in the art at the time the claimed invention was effectively filed to have combined the fraudulent-user detection method and system as disclosed by Burke, as modified by the packet-switched network disclosed by Burke, as modified by the use of data anonymizing as disclosed by Brannon, with the further modification of using keystroke dynamics as the input data to be used for access control as disclosed by De Los Reyes because using keystroke dynamics would allow user tracking across devices and networks (see De Los Reyes [3], [4]), and further, the use of keystroke dynamics as disclosed by De Los Reyes would require use only of keyboard (or mouse/touch display) structural elements, and therefore obviate the need for additional structural elements or method steps, since keystroke dynamics could be collected and transmitted using the same structural elements employed during the login/authentication method which triggered the capturing steps, therefore allowing integration of the method across devices/systems/networks. Furthermore, Brannon discloses use of a plurality of authentication procedures to ensure authentication; see, for example, [34].  Use of an additional authentication feature, such as the use of the keystroke biometric data as disclosed by De Los Reyes, would 
Burke discloses, based on said comparisons, instructing said first server and/or said second server whether or not to deny transactions ([37], “prevent known terrorists or criminals from being funded or making purchases”, [30], “…If data is received more frequently, then servers 101 of the fraud detection system 100 may have the ability to deny or allow financial transactions…”; where the servers 103, as bank servers, would then allow or deny, receiving the instructions accordingly; see figure 1, and [26], “…The banking systems 103 may all be under the control of one financial institution…”, and [41], “…After the fraud detection system analyzes data received from the banking systems 103, the fraud detection system sends the results to a computing device 109 of the financial institution, such as a server, a workstation, or client computer…”), but does not specifically disclose modify and/or restrict further data sent to said first end user and/or to said second end user. 
However, Brannon discloses modify and/or restrict further data sent to said first end user and/or to said second end user ([48], [75], [38], Figure 5, #530-560; Figure 6 #640-660; [87], [89], “restricting access to at least a portion of the data and/or resources of the user device 150, such as by locking the user device 150 and/or encrypting or wiping at least a portion of the memory of the user device… disabling one or more functions, features, and/or services of the user device 150…”; [80], [26], functionality can be receiving data, [43], network).  



Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Margaret M. Neubig whose telephone number is (571)270-0437.  The examiner can normally be reached on Monday-Friday, 9:30-6.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on 571-270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/M.M.N. /Examiner, Art Unit 3685

/JAMES D NIGH/Senior Examiner, Art Unit 3685