DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Acknowledgments
Claims 1-13 are pending. 
Applicant provided Information Disclosure Agreement (IDS). 

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-13 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more than the judicial exception itself.
Regarding Step 1 of the Subject Matter Eligibility Test for Products and Processes (from 2019 Revised Patent Subject Matter Eligibility Guidance), claims 1-13 are directed to the statutory category of a method and device. 
Regarding step 2A-1, Claims 1-13 recite a Judicial Exception. Exemplary independent claim 1 and similarly claim 7 recite the limitations of 
receiving an operation request from a business system through a shared interface; according to a parameter carried in the operation request, selecting at least one risk 5evaluation algorithm for the operation request from an algorithm rule library shared by a plurality of service systems; performing a risk evaluation of the operation request with the selected risk evaluation algorithm; and according to a risk evaluation result, determining whether to allow the operation request.
These limitations, as drafted, are a process that, under its broadest reasonable interpretation cover concepts of collecting/receiving data as well as determining/analyzing data. The claim limitations fall under the abstract idea grouping of mental process, because the limitations can be performed in the human mind, or by a human using a pen and paper.  For example, but for the language of general purpose computer elements such as system, interface, memory, and processor, the claims language encompasses a user simply receiving an operation request, determining parameters of the operation request, selecting a risk evaluation algorithm, performing a risk evaluation with the algorithm, and determining whether to allow the operation request. 
The claims also deal with mitigating risks with respect to business operations (See pages 1-4 in Applicant’s Specification) which deals with certain methods of organizing human activity (business relations and mitigating risks). It is clear the limitations recite these abstract idea groupings, but for the recitations of generic computer components. The mere nominal recitations of generic computer components does not take the limitations out of the mental process and certain methods of 
Regarding step 2A-2- This judicial exception is not integrated into a practical application, and the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception.
The claims recite, for example, the additional elements of processor, system, processor, computer readable storage medium, storage device, and interface. These components are recited at a high level of generality, and merely automate the steps. Each of the additional limitations is no more than mere instructions to apply the exception using a generic computer component.
The combination of these additional elements is no more than mere instructions to apply the exception using a generic computer components or software. Accordingly, even in combination, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.	
	Further, the claims do not provide for recite any improvements to the functioning of a computer, or to any other technology or technical field; applying or using a judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition; applying the judicial exception with, or by use of, a particular machine; effecting a transformation or reduction of a particular article to a different state or thing; or applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological 
	The dependent claims have the same deficiencies as their parent claims as being directed towards an abstract idea, as the dependent claims merely narrow the scope of their parent claims. For example, the dependent claims further describe the algorithms in claim 4 and 10. In another example, claim 2 and 8 further describe the shared interface and what the operation request consists of. 

Regarding step 2B the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because claim 1 recites
Method, however method is not considered an additional element. 
Claim 1 further recites interface, systems
Claim 2 and 8 recite API
Claim 7 recites interface, system, storage device, processor, program
Claim 13 recites nonvolatile computer readable storage medium.
When looking at these additional elements individually, the additional elements are purely functional and generic, the applicant specifications states general purpose computer configurations as seen in pages 14-17.  
When looking at the additional elements in combination, the applicant’s specification merely states general purpose computer configurations as seen in pages 14-17. The computer components add nothing that is not already present when the steps are considered separately. See MPEP 2106.05

Looking at these limitations as an ordered combination and individually adds nothing additional that is sufficient to amount to significantly more than the recited abstract idea because they simply provide instructions to use generic computer components, recitations of generic computer structure to perform generic computer functions that are used to "apply" the recited abstract idea. Thus, the elements of the claims, considered both individually and as an ordered combination, are not sufficient to ensure that the claim as a whole amounts to significantly more than the abstract idea itself. Since there are no limitations in these claims that transform the exception into a patent eligible application such that these claims amount to significantly more than the exception itself, claims 1-13 are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.









Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claim(s) 1, 4, 5, 7, 10, 11, and 13 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Harris et al. (US20200410415A1) herein Harris. 

Regarding claim 1 and similarly claim 7, Harris teaches
 

An operation defense method, comprising 
An operation defense device comprising: one or more processors; and  15a storage device configured for storing one or more programs, wherein the one or more programs are executed by the one or more processors to enable the one or more processors to (Figure 1 shows a device) (See para 0006-In one example, this disclosure is directed to a computing device that includes a memory, one or more processors in communication with the memory, and a communication unit.)

receiving an operation request from a business system through a shared interface  Examiner interprets operation request to be a transaction made by a user (See para 0023-Inputs 20 may include information, such as raw data and/or metadata, associated with transactions performed at administrator-facing device 12.) The operation request in the art for example is a check cashing transaction request (See para 0023-In an example where a corresponding input 20 represents a check-cashing event that occurred at administrator-facing device 12) The user provides an input for a check cashing event, and input is received by a admin facing device such as an ATM (See para 0020- In one example, administrator-facing device 12 represents one or more banker-operated modalities (e.g., computing terminals) positioned in a bank branch)(See para 0024-As such, administrator-facing device 12
according to a parameter carried in the operation request, selecting at least one risk 5evaluation algorithm for the operation request (See para 0023- In an example where a corresponding input 20 represents a check-cashing event that occurred at administrator-facing device 12, risk data modeling device 16 may invoke and/or fine-tune one or more of controls 22 in response to a risk profile that is associated with the check-cashing nature of the respective input 20.) This shows the risk modeling device is calculating a risk and determines the transaction has a parameter of being a check cashing event. The risk modeling device then selects one or more controls (i.e. algorithms) to carry out the request. The controls correspond to risk algorithms because they are processes/steps to handle events such as check cashing events. (See para0023-Controls 22 represent process actions that provide resilience from and/or prevention of various loss events that could result from risks introduced by inputs 20.)

from an algorithm rule library shared by a plurality of service systems The controls correspond to risk algorithms because they are processes/steps to handle events such as check cashing events. (See para0023-Controls 22 represent process actions that provide resilience from and/or prevention of various loss events that could result from risks introduced by inputs 20.  FIG. 1 illustrates an example in which risk data modeling device 16 locally stores controls 22. In other examples, as explained in more detail below, some or all of controls 22 may be distributed across other devices 10) This shows the risk modeling device stores the plurality of controls (i.e. algorithms) in a database as seen in figure 1. The algorithms are shared by a plurality of systems, because they can be imposed on the various ATMs around a bank branch or bank company such as applicant Wells Fargo in this art.

performing a risk evaluation of the operation request with the selected risk evaluation algorithm The risk evaluation is done again by the risk correlation engine to see what risk does the input pose to other entities. This is done with respect to the controls (i.e. algorithms) that were selected initially. (See para 0030- In this example, risk correlation engine 24 may link the check-cashing event to various business units, according to techniques of this disclosure. For instance, risk correlation engine 24 may associate the check-cashing event of inputs 20 with different ones of risk data models 23 associated with different business units in addition to the fraudulent check-cashing risk data model associated with an identity protection unit. For example, risk correlation engine 24 may detect a link between the additional identity-verification measures of controls 22 and a customer satisfaction risk data model of risk data models 23 stemming from the additional verification procedures to which a valid check-cashing customer is subjected. In this case, risk correlation engine 24 may associate the inputs and controls of the check-cashing risk data model of risk data models 23 with the customer satisfaction risk data model.)(See para 0031- In accordance with techniques of this disclosure, risk data modeling 16 may adjust the application of one or more of controls 22 based on the risk correlation information generated by risk correlation engine 24. )

and according to a risk evaluation result, determining whether to allow the operation request  Based on the calculation result from the risk correlation engine. The system determines whether to adjust the controls (i.e. algorithms) and let the check cashing operation request proceed with adjusted controls. The example from the art shows that the operation request is allowed with the adjusted controls. (See para 0031- In accordance with techniques of this disclosure, risk data modeling device 16 may adjust the application of one or more of controls 22 based on the risk correlation information generated by risk correlation engine 24. For instance, using the risk correlation information described above with respect to the check-cashing event of inputs 20, risk data modeling device 16 may adjust controls 22 to balance the risk-mitigation process actions associated with both identity verification and customer satisfaction. In accordance with the techniques of this disclosure, risk data modeling device 16 may, subject to various conditions or considerations, adjust at least one of controls 22. In this particular example, risk data modeling device 16 may adjust the escalated identity-verification measures that are customarily triggered in response to a check-cashing alert received from administrator-facing device 12.


Regarding claim 4 and similarly claim 10, Harris further teaches

wherein the risk evaluation algorithm comprises one or more of an authority evaluation algorithm, a block evaluation algorithm, a quota evaluation algorithm, a speed-limit evaluation algorithm, a service level objection evaluation algorithm, wherein different operation objects correspond to different risk evaluation algorithms. (See para0029- As one example, risk data modeling device 16 may invoke strengthened authentication procedures (from controls 22) to mitigate or potentially eliminate fraudulent check-cashing risks. In this example, risk data modeling device 16 may transmit a communication over network 14 that causes administrator-facing device 12 to initiate additional identity-verification measures at the bank branch, ATM, or pertinent business location.) This shows that the controls (i.e. algorithms) compromise procedures that include authority evaluation algorithms such as identity verification measures. 

Regarding claim 5 and similarly claim 11, Harris further teaches

wherein the according to a risk evaluation result, determining to allow the operation request comprises: in a case that a plurality of risk evaluation algorithms are selected for the operation request 
performing a weighted calculation according to weights (See para 0075- In turn, risk data modeling device 16 may invoke risk correlation engine 24 to correlate the input to one or more risks across different business units/entities associated with risk-correlated devices 18 (84). ) (See para 0003- However, the existing risk identification models may make it difficult to identify risk correlations between different business silos, such as between different business units within a firm (e.g., business units under the umbrella of a financial institution entity), or across an industry (e.g., across different business entities within the financial industry).) This shows the risk correlation engine does a weighed calculation because it is looking at the impact (i.e. weight) an input would have on across different business units/entities. The weights corresponds to how many business entities would be affected by the input. 

risk evaluation results of the plurality of risk evaluation algorithms The risk evaluation is also done by the risk correlation engine to see what risk does the input pose to other entities. This is done with respect to the controls (i.e. algorithms) that were selected initially. (See para 0030- In this example, risk correlation engine 24 may link the check-cashing event to various business units, according to techniques of this disclosure. For instance, risk correlation engine 24 may associate the check-cashing event of inputs 20 with different ones of risk data models 23 associated with different business units in addition to the fraudulent check-cashing risk data model associated with an identity protection unit. For example, risk correlation engine 24 may detect a link between the 22 and a customer satisfaction risk data model of risk data models 23 stemming from the additional verification procedures to which a valid check-cashing customer is subjected. In this case, risk correlation engine 24 may associate the inputs and controls of the check-cashing risk data model of risk data models 23 with the customer satisfaction risk data model.)(See para 0031- In accordance with techniques of this disclosure, risk data modeling device 16 may adjust the application of one or more of controls 22 based on the risk correlation information generated by risk correlation engine 24. )

to determine allow the operation request The system determines whether to adjust the controls (i.e. algorithms) and let the check cashing operation request proceed with adjusted controls. This is based on the weighed calculation and risk evaluation of controls as seen above. 

The example from the art shows that the operation request is allowed with the adjusted controls. (See para 0031- In accordance with techniques of this disclosure, risk data modeling device 16 may adjust the application of one or more of controls 22 based on the risk correlation information generated by risk correlation engine 24. For instance, using the risk correlation information described above with respect to the check-cashing event of inputs 20, risk data modeling device 16 may adjust controls 22 to balance the risk-mitigation process actions associated with both identity verification and customer satisfaction. In accordance with the techniques of this disclosure, risk data modeling 16 may, subject to various conditions or considerations, adjust at least one of controls 22. In this particular example, risk data modeling device 16 may adjust the escalated identity-verification measures that are customarily triggered in response to a check-cashing alert received from administrator-facing device 12.

Regarding claim 13, Harris further teaches 
A non-volatile computer readable storage medium stored with a computer program, wherein the computer program, when executed by a processor, implements the method of claim 1. (See para 0044- In some examples, storage device(s) 36 include non-volatile storage elements. Examples of such non-volatile storage elements include magnetic hard discs, optical discs, floppy discs, flash memories, or forms of electrically programmable memories (EPROM) or electrically erasable and programmable (EEPROM) memories. ) (See para 0086- By way of example, and not limitation, such computer-readable storage media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage, or other magnetic storage devices, flash memory, or any other medium that can be used to store desired program code in the form of instructions or data structures and that can be accessed by a computer. Also, any connection is properly termed a computer-readable medium. )





Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim 2, 3, 8, and 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Harris in view of Pitz et al. (US10417638B2) herein Pitz. 

Regarding claim 2 and similarly claim 8, Harris teaches shared interface of ATMs and a user would use a ATM interface/application of the Bank to make operation requests, but the art does not mention API, However Pitz teaches 

wherein the receiving an operation request from a business system through a shared interface comprises: calling an application programming interface of the business system to receive the operation request  (See col. 8- In some embodiments, the fraud engine 116 may comprise, for instance, an API) 

Harris and Pitz are analogous art because they are from the same problem solving area of transaction and risk/fraud. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have combined Harris’s invention by incorporating the method of Pitz because Harris would also be able to implement APIs in the ATM machines. Having APIs would make it easier for users to make operation requests from the Bank ATM because it would make navigating the ATM easier. 
Harris further teaches the operation request comprising one or more of an operation object, an identity of an operation initiator, and an operation parameter (See para 0023-  In an example where a corresponding input 20 represents a check-cashing event that occurred at administrator-facing device 12) This shows the operation request shows a operation parameter such as parameter of check cashing. This also shows an operation object such as the physical check of the check cashing transaction. 

Regarding claim 3 and claim 9, the arts above teach the limitations of claim 2 and 8, However Harris further teaches 

wherein selecting at least one risk evaluation algorithm for the operation request from an algorithm rule library shared by a plurality of service systems, comprises: selecting at least one risk evaluation algorithm from the algorithm rule library, according to one or more of the operation object, the identity of the operation initiator, and the 20operation parameter of the operation request, and in combination with a status of the operation object in the operation request and an operation history of the operation object (See para 0023-  In an example where a corresponding input 20 represents a check-cashing event that occurred at administrator-facing device 12, risk data modeling device 16 may invoke and/or fine-tune one or more of controls 22 in response to a risk profile that is associated with the check-cashing nature of the respective input 20.) This shows the system selects one or more controls (i.e. algorithms) based on the operation parameter /and parameter object of a check cashing process. Check cashing process corresponds to operation parameter and object. 


Claim 6 and 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Harris in view of Coronel et al. (US20150039381A1) herein Coronel. 

Regarding claim 6 and claim 12, the arts above teach the limitations of claim 5 and 11, However Harris further teaches 

in a case that the risk evaluation result indicates that the operation request is not allowed The art is capable of denying the operation request with respect to modified controls (See fig.6 step 92 where the correlation that would lead to modified controls is denied)
However the art does not teach information as to why the operation was denied. However Coronel teaches 
returning a reason for not allowing the operation request (See 0045-The message may also include whether or not the request was completed or denied. If the request was denied, the message may include comments or reasons as to why the request was denied.) 

Harris and Coronel are analogous art because they are from the same problem solving area of transaction with respect to a bank. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have combined Harris’s invention by incorporating the method of Coronel because Harris’s invention would be able to provide reasoning as to why the request was denied. This information would be used by the correlation engine to better understand why a request was denied and it would not suggest the same correlations to the risk correlating devices. Having more information as to why a request is denied leads to better understanding of the different correlations of the various business units.  


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MUSTAFA IQBAL whose telephone number is (469)295-9241.  The examiner can normally be reached on Monday Thru Friday 9:30am-7:30 CST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eric Stamber can be reached on 5712726724.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access 






/MUSTAFA IQBAL/Examiner, Art Unit 3683