Detailed Action

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Acknowledgments
The submission filed on 03/10/21 is acknowledged. 

Status of Claims
Claims 1-20 are pending. 
In the submission filed 03/10/21, claims 1, 2, 4-12 and 14-20 were amended; no claims were added or cancelled.
Claims 1-20 are rejected.

Response to Arguments
Regarding the objections to the drawings and the specification:
The objections to the drawings and specification have been overcome in view of Applicant's amendments thereto.

Regarding the rejection under 35 U.S.C. 112:
The previous rejection under 35 U.S.C. 112 has been overcome. Applicant's attention is directed to the instant rejection under 35 U.S.C. 112.

Regarding Applicant's arguments with respect to the rejections under 35 U.S.C. 102 and 103:
Applicant's arguments have been fully considered but are not persuasive and/or are moot in view of the new combination of prior art being used in the current rejection.
The substance of Applicant's arguments, in its entirety, consists of the following:
As discussed during the Interview, Abifaker is not asserted against the subject matter of independent claim 1 recited above. (Response, p. 17)

The Examiner deems this statement inaccurate. First, in the prior Office Action Abifaker was asserted against the subject matter of claim 1. Second, in the interview Abifaker was asserted against the proposed amendments to claim 1; accordingly, the statement does not accurately reflect the substance of the interview. As best understood and charitably interpreted, it is believed that Applicant may have intended to assert that Abifaker was not asserted against those of the claim amendments that were not presented at interview and that were 
Regarding Applicant's "Statement on the Substance of the Interview":
Applicant writes: 
While agreement as to allowable subject matter was not reached, all parties generally acknowledged the points and how the present technology distinguishes from the cited references. The claims are amended herein as discussed during the interview. (Response, p. 15; underlining added)

The Examiner deems these statements inaccurate, in particular the underlined content. The Interview Summary issued on 02/17/21 presents the Examiner's view as to the substance of the interview. (Addressing the underlined content in part, it is noted that the instant claim amendments reflect in part the proposed amendments discussed in the interview.)

Examiner's Comments
Not Positively Recited
Claim 1
"detecting … based on an intercepted communication between the computing device and the server …"
"requesting … wherein at least one of the series of verification steps is satisfied by a user calling a customer service representative associated with the server"
The recitation of the not positively recited use of the claimed invention does not serve to differentiate the claims from the prior art. See In re Wilder, 166 USPQ 545 (CCPA 1970).

Claim Objections
Claims 5 and 15 are objected to because of the following informalities:  
Claims 5 and 15 recite "request[ing] ... responsive to determining the connection type matches the encrypted layered tunneling protocol connection type." This recitation should read "requesting ... responsive to determining that the connection type matches the encrypted layered tunneling protocol connection type."
Claim 15 recites "determine ... matches-the encrypted layered tunneling protocol connection type." This recitation should read "determine ... matches the encrypted layered tunneling protocol connection type."
Appropriate correction is required.
Claim Rejections - 35 U.S.C. § 112
35 USC § 112(b)
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Unclear Scope 
Claims 1 and 11 recite "requesting [] a series of verification steps from the computing device responsive to matching the first value with the first look-up value, …." The recitations are ambiguous as to whether "responsive to …" modifies "requesting" or "a series of verification steps."
Claim 11 recites "A system to detect fraudulent purchases, comprising: a control system, intermediary between a computing device and a server, comprising one or more processors and memory, …." It is unclear whether the claim scope encompasses a system comprising a control system, one or more processors, and memory, or in combination with a computing device and a server. 
An essential purpose of patent examination is to fashion claims that are precise, clear, correct, and unambiguous. Only in this way can uncertainties of claim scope be removed (See In re Zletz, 893 F.2d 319,321 (Fed. Cir. 1989)).
Claims 2-10 and 12-20 are rejected as depending from a rejected base claim.

Lack of Antecedent Basis
Claims 2 and 12 recite "intercept[ing …] the network traffic originated from the computing device." These recitations lack antecedent basis.
Claims 5 and 15 recite "determin[ing] … the network traffic through which the computing device initiated the online transaction with the server." These recitations lack antecedent basis.

Hybrid Claims (Katz)
Claim 11 recites "requesting … wherein at least one of the series of verification steps is satisfied by a user calling a In re Katz Interactive Call Processing Patent Litigation, 97 USPQ2d 1737 (Fed. Cir. 2011).
Claims 12-20 are rejected by virtue of their dependency from a rejected base claim.

Hybrid Claims (Rembrandt)
Claim 11 recites "detect, based on an intercepted communication between the computing device and the server, …" and "requesting … wherein at least one of the series of verification steps is satisfied …." Claim 11 is directed to a system comprising a control system, one or more processors, and memory. The language quoted above describes actions that are not attributed to any structure of the claimed products. This UltimatePointer, LLC v. Nintendo Co., 118 USPQ2d 1125 (Fed. Cir. 2016); Rembrandt Data Techs., LP v. AOL, LLC, 641 F.3d 1331, 98 USPQ2d 1393 (Fed. Cir. 2011).
Claims 12-20 are rejected by virtue of their dependency from a rejected base claim.
35 USC § 112(d)
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

Claims 10 and 20 are rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends.  Claims 10 and 20 recite "allow[ing] responsive to detecting an absence of the match between the first value and the first look-up value, the online transaction to proceed to the second state." Base claims 1 and 11 recite "request[ing] a series of verification steps from the computing device responsive to matching the first value with the first look-up value." Accordingly, claims 10 and 20 contradict their respective base claims 1 and 11. Where a claim contradicts its base claim, it does not further limit its base claim.
Applicant may cancel claims 10 and 20, amend claims 10 and 20 or base claims 1 and 11, or present a sufficient showing that claims 10 and 20 comply with the statutory requirements.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-4, 6-14 and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Abifaker et al. (U.S. Patent Application Publication No. 2015/0278817 A1), hereafter Abifaker, in view of Bhargava et al. (U.S. Patent No. 8,082,349), hereafter Bhargava, and further in view of Pany et al. ("Bypassing Network Restrictions Through RDP Tunneling").

Regarding Claims 1 and 11
Abifaker teaches:
(element A) detecting, by a control system (120 and/or 130) comprising a processor and memory intermediary between a computing device and a server (125 and/or 135), based on an intercepted communication between the computing device and the server, an online transaction initiated by the computing device; (0027, 0031, 0032, Fig. 1, Fig. 2, 203)
(element B) determining, by the control system responsive to identifying that the online transaction is in a first state by analyzing network traffic between the computing device and the server, a first value corresponding to information of the computing device; (0027, 0031, 0032)
(element C) obtaining, by the control system responsive to identifying that the online transaction is in the first state, a first look-up value corresponding to the first value; (0038, Fig. 2, 220A)
(element D) requesting, by the control system, a series of verification steps from the computing device responsive to matching the first value with the first look-up value, wherein at least one of the series of verification steps is satisfied by a user … a customer service representative associated with the server; (0038-0040, 0046, 0070, Fig. 2, 220A-220C, 245)
(element E) determining, by the control system responsive to identifying that the online transaction is in a second state, a second value from a field of the online transaction;
(element F) obtaining, by the control system responsive to identifying that the online transaction is in the second state, a second look-up value corresponding to the second value; (0038, Fig. 2, 220A)
(element G) selecting, by the control system, a routing policy based on comparing the second value with the second look-up value; (0038-0040, Fig. 2, 220A)
(element H) determining, by the control system, to interrupt the online transaction based on detecting a presence of a match between the second value and the second look-up value; and (0038-0040, Fig. 2, 220A)
(element I) interrupting, by the control system responsive to determining to interrupt the online transaction, the online transaction to direct the online transaction to a resolving state by … according to the routing policy. (0039, Fig. 2, 230)
(claim 11) a control system comprising one or more processors and memory, the control system configured to: (claim 21, 0028)
Abifaker, 0070-0071, Fig. 4, teaches a verification step that is a manual review involving a human audit interface 400 and a reviewer ("customer service representative associated with the server") reviewing information communicated by "a user," but Abifaker does not explicitly teach "calling."

(element D) … calling …; (13:22-27)
It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified Abifaker's systems and methods for detecting and preventing fraudulent online transactions, by replacing Abifaker's manual audit review by a human reviewer, involving interaction/communication of information between a user and a human reviewer via a human audit interface, with Bhargava's teachings of a customer calling a customer service representative to complete verification for a risky transaction, because such modification amounts to simple substitution of one known element for another to obtain predictable results. MPEP 2143.I.B.
Abifaker, 0039, Fig. 2, 230, teaches, in response to a match between a user's transaction information/computer information and a blacklisted value, denying the transaction. Bhargava, 3:4-4:28, 15:13-20, Fig. 3, 312, teaches analyzing network traffic/data stream to detect indicators of fraud, and performing real-time interdiction.
Abifaker and Bhargava do not explicitly teach "blocking network traffic between the computer device and the server." However, in analogous art, Pany teaches:
(element I) … blocking the network traffic between the computing device and the server … (pages 1-3)
It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified Abifaker's systems and methods for detecting and preventing fraudulent online transactions, by replacing Abifaker's operation of denying a transaction to thwart malicious actors with Pany's teachings of blocking network traffic between a user computing device and a server by host-based and network-based prevention techniques such as modifying firewall rules, disabling remote desktop services, and denying login via remote desktop protocol, in order to thwart malicious actors, because such modification amounts to simple substitution of one known element for another to obtain predictable results, and the use of a known technique to improve similar devices (methods or products) in the same way. MPEP 2143.I.B., C.

Regarding Claims 2 and 12
Abifaker in view of Bhargava and Pany teaches the limitations of base claims 1 and 11 as set forth above. Abifaker further teaches:
intercepting, by the control system, the network traffic originated from the computing device to identify the first value corresponding to the information of the computing device. (0027, 0032)

Regarding Claims 3 and 13
Abifaker in view of Bhargava and Pany teaches the limitations of base claims 1 and 11 as set forth above. Abifaker further teaches:
wherein the information of the computing device comprises an IP address of the computing device that initiated the online transaction. (0032)

Regarding Claims 4 and 14
Abifaker in view of Bhargava and Pany teaches the limitations of base claims 1 and 11 as set forth above. Abifaker further teaches:
(element A) determining, by the control system, a geographic location of the computing device as the first value according to the information of the computing device; (0032)
(element B) obtaining, by the control system, a list of flagged geographic locations as the first look-up value; (0036, 0038)
(element C) determining the presence of the match between the first value and the first look-up value by identifying that the geographic location of the computing device is located in one of the flagged geographic locations; and (0036, 0038-0040, Fig. 2, 220A)
(element D) directing, by the control system, the online transaction to the resolving state including at least one of blocking the online transaction or initiating at least one further authentication process to be performed through the computing device. (0039, Fig. 2, 230)

Regarding Claims 6 and 16
Abifaker in view of Bhargava and Pany teaches the limitations of base claims 1 and 11 as set forth above. Abifaker further teaches:
wherein the field of the online transaction comprises at least one of: a first name field, a last name field, an organization name field, a domain name field, or a phone number field. (0035)

Regarding Claims 7 and 17
Abifaker in view of Bhargava and Pany teaches the limitations of base claims 1 and 11 as set forth above. Abifaker further teaches:
(element A) obtaining, by the control system, responsive to identifying the second value as corresponding to a value for at least one of a first name field or a last name field, a list of flagged first names or last names as the second look-up value; (0038, Fig. 2, 220A)
(element B) determining the presence of the match between the second value and the second look-up value by identifying that the second value is one of the flagged first names or last names; and (0038-0040, Fig. 2, 220A)
(element C) directing, by the control system according to the routing policy, the online transaction to the resolving state including at least one of blocking the online transaction or initiating at least one further authentication process to be performed through the computing device. (0039, Fig. 2, 230)

Regarding Claims 8 and 18
Abifaker in view of Bhargava and Pany teaches the limitations of base claims 1 and 11 as set forth above. Abifaker further teaches:
(element A) obtaining, by the control system, responsive to identifying the second value as corresponding to a value for an organization name (0052, employer, 0059, corporate name) field, a list of flagged first names or last names as the second look-up value; (0038, Fig. 2, 220A, 0052, 0059)
(element B) determining the presence of the match between the second value and the second look-up value by identifying that the second value is one of the flagged first names or last names; and (0038-0040, Fig. 2, 220A)
(element C) directing, by the control system according to the routing policy, the online transaction to the resolving state including at least one of blocking the online transaction or initiating at least one further authentication process to be performed through the computing device. (0039, Fig. 2, 230)

Regarding Claims 9 and 19
Abifaker in view of Bhargava and Pany teaches the limitations of base claims 1 and 11 as set forth above. Abifaker further teaches:
(element A) obtaining, by the control system, responsive to identifying the second value as corresponding to a value for a phone number field, a list of flagged phone number digits as the second look-up value; (0038, Fig. 2, 220A)
(element B) determining the presence of the match between the second value and the second look-up value by identifying that a number of digits of the second value matches one of the flagged phone number digits; and (0038-0040, Fig. 2, 220A)
(element C) directing, by the control system according to the routing policy, the online transaction to the resolving state including at least one of blocking the online transaction or initiating at least one further authentication process to be performed through the computing device. (0039, Fig. 2, 230)

Regarding Claims 10 and 20
Abifaker in view of Bhargava and Pany teaches the limitations of base claims 1 and 11 as set forth above. Abifaker further teaches:
(element A) allowing, by the control system responsive to detecting an absence of the match between the first value and the first look-up value, the online transaction to proceed to the second state; and (0040, Fig. 2)
(element B) according to the routing policy, directing, by the control system responsive to detecting the presence of the match between the second value and the second look-up value, the online transaction to the resolving state including at least one of blocking the online transaction or initiating at least one further authentication process to be performed through the computing device. (0039, Fig. 2, 230)

Claims 5 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Abifaker et al. (U.S. Patent Application Publication No. 2015/0278817 A1), hereafter Abifaker, in view of Bhargava et al. (U.S. Patent No. 8,082,349), hereafter Bhargava, further in view of Pany et al. ("Bypassing Network Restrictions .

Regarding Claims 5 and 15
Abifaker in view of Bhargava and Pany teaches the limitations of base claims 1 and 11 as set forth above. Abifaker further teaches:
(element A) determining, by the control system according to the information of the computing device, as the first value, a connection … of the network traffic through which the computing device initiated the online transaction with the server; (0032)
(element B) obtaining, by the control system, a list of flagged connection … as the first look-up value, the list of flagged connection … comprising an … connection …; (0036, 0038)
(element C) determining the presence of the match between the first value and the first look-up value by identifying that the connection … matches the … connection …; and (0036, 0038-0040, Fig. 2, 220A)
(element D) requesting, by the control system, the series of verification steps from the computing device responsive to determining the connection … matches the … connection …. (0038-0040, 0046, 0070, Fig. 2, 220A-220C, 245)

(element A) … type …; (0038, 0041-0042)
(element B) … types … types … type; (0038, 0041-0042)
(element C) … type … type; (0038, 0041-0042)
(element D) … type … type. (0038, 0041-0042)
It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified Abifaker's systems and methods for detecting and preventing fraudulent online transactions, by incorporating therein Schmitz's teachings that the connection type of network traffic through which the computing device initiated the online transaction can be used as the first value/ information of the computing device to be compared to a list of flagged connection types (first look-up value), because Abifaker, 0032, explicitly teaches using for this purpose/in this context (1) various specific types of information of the computing device (e.g., IP address, i.e., "a connection … of the network traffic through which the computing device initiated the online transaction with the server") that are very similar to this teaching of Schmitz (viz., connection type …), and (2) in general, other (unspecified) information of the computing device, which information may reasonably be understood by one of ordinary skill in the art to include this teaching of Schmitz 
Pany further teaches:
(element B) … encrypted layered tunneling protocol …; (pages 1-3)
(element C) … encrypted layered tunneling protocol …; (pages 1-3)
(element D) … encrypted layered tunneling protocol …. (pages 1-3)
It would have been obvious to one of ordinary skill in the art not later than the effective filing date of the claimed invention to have modified Abifaker's systems and methods for detecting and preventing fraudulent online transactions, by incorporating therein Pany's teachings that network traffic using an encrypted layered tunneling protocol should be considered suspicious and should be flagged (and blocked), because an encrypted layered tunneling protocol can be used by malicious actors to bypass firewalls, and hence this modification would serve Abifaker's purpose and improve .

Conclusion
The prior art made of record and not relied upon, as set forth in the accompanying Notice of References Cited (PTO-892), is considered pertinent to applicant's disclosure. Among the cited references, Comeaux teaches blocking network traffic, and Galobardes and Anthony, like Pany, teach flagging and blocking network traffic using an encrypted layered tunneling protocol connection type.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DOUGLAS W PINSKY whose telephone number is (571)272-4131.  The examiner can normally be reached on 8:30 am - 5:30 pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Calvin Hewitt II, can be reached on 571-272-6709.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through 
access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/DWP/
Examiner, Art Unit 3692  
/ERIC T WONG/Primary Examiner, Art Unit 3692