DETAILED ACTION
Status of Claims
This is a first office action on the merits in response to the application filed on 26 November 2018.
Claims 1-20 are currently pending and have been considered by the examiner.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 28 September 2020, 16 December 2020, 12 March 2021, and 6 April 2021 have been considered by the examiner. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 5-7, 11, 15-16, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Borghetti et al. (US 20150106942 A1) in view of Yip et al (US 10755281 B1), in further view of Liu et al. (US 20190251234 A1) and Wright et al. (US 20160155110 A1).

In regards to Claims 1, 11, and 16, Borghetti discloses:
A system/(computer program product/method) for active malfeasance examination and detection based on dynamic graph network flow analysis, the system comprising: a controller for generating dynamic directed and undirected graphs (See Borghetti: Para. [0048] – “Using the enumerated results of the declared intents for the installed applications, reputation assessment program 300 builds a graph of possible app intent interactions (step 315). Reputation assessment program 300 builds a representation of possible interactions between declared intents of the installed applications. The representation is best perceived as a mathematical graph of vertices interconnected with edges, in which the vertices represent the applications and the edges represent the intents.”), 
detecting malfeasance activity based on the generated dynamic directed and undirected graphs (See Borghetti: Para. [0048] – “The graph of the interactions is a reference used to identify possible application intent activities or interaction of activities based on the initiated intents of applications loaded on mobile device 110, as determined by dynamic analyzer 230 and static analyzer 220. The graph includes the possible or potential interactions of intents from one application that may request an activity of one or more other applications.” See Borghetti: Para. [0056] – “Reputation assessment program 300 evaluates analyzed intents with respect to the analyzed rules (step 335). The intents analyzed by dynamic analyzer 230 and results from static analyzer 220, are sent to risk evaluator 210 to compare to the analyzed rules. “, See Borghetti: Para. [0059] – “Reputation assessment program 300 determines if there is a potential risk.”), and 
executing remediation actions (See Borghetti: Para. [0059] – “Determining that a potential risk exists (decision step 340, "Yes" branch), reputation assessment program 300 initiates an alert for mobile device 110 and to notify the user (step 345).”), 
the controller comprising one or more memory devices with a computer-readable program code stored thereon, one or more communication devices connected to a network, and one or more processing devices (See Borghetti Fig. 1 – 110 Mobile Device – The mobile device/controller , 

Borghetti fails to explicitly disclose:
wherein the one or more processing devices execute the computer-readable program code to: identify a first node of a plurality of nodes comprising a custom reputation value associated with a malfeasance, wherein the first node is associated with a first resource pool of a plurality of resource pools; 
identify a user associated with the first node and identify user information associated with the user; 
communicate a resource distribution request to the user based on the identified user information, wherein the resource distribution request is transmitted to mimic a transmission from a potential target of the malfeasance; 
receive an acceptance of the resource distribution request from a computing device of the user; and 
in response to receiving the acceptance of the resource distribution request, execute one or more remediation actions on one or more resource pools of the user, wherein the one or more resource pools comprise the first resource pool.

However, in a similar field of endeavor, Yip discloses:
wherein the one or more processing devices execute the computer-readable program code to: identify a first node of a plurality of nodes comprising a custom reputation value associated with a malfeasance, wherein the first node is associated with a first resource pool of a plurality of resource pools (See Yip: col. 46, lines 64-66 – “Upon identifying the recipient user account, the PSS 108 further determines a level of risk associated with it to determine whether or not an additional authentication step should be triggered.”, See Yip: col. 33, lines 23-30 – “For ; 
identify a user associated with the first node and identify user information associated with the user (See Yip: col. 47, lines 10-14 – “The PSS 108 analyzes the transaction history 1016 of the sender and recipient to determined patterns, behavior and trends with respect to mutual interaction, nature of such interaction, frequency of money transfer requests, and so on.” – Yip discloses analyzing the transaction history of an identified recipient. Therefore, the art inherently discloses the step of identifying a user associated with the recipient account and information associated with said recipient as analysis would not be possible without first identifying the target of said analysis.);

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to use the node/account identification method disclosed by Yip in order in identify nodes of interest within the dynamic graphs generated by Borghetti in order to increase the robustness of the invention by allowing the system to specifically target accounts of interest within the newly generated and organized dynamic graphs.

However, the combination of Borghetti, and Yip fails to explicitly disclose:
communicate a resource distribution request to the user based on the identified user information, wherein the resource distribution request is transmitted to mimic a transmission from a potential target of the malfeasance; 
receive an acceptance of the resource distribution request from a computing device of the user; and 
in response to receiving the acceptance of the resource distribution request, execute one or more remediation actions on one or more resource pools of the user, wherein the one or more resource pools comprise the first resource pool.

However, in a similar field of endeavor, Liu discloses:
communicate a request to an entity based on the identified user information, wherein the resource distribution request is transmitted to mimic a transmission from a potential target of the malfeasance (See Liu: Para. [0035] – “Credit and fraud decisioning engine 130 may also calculate the fraud risk level based on application statistics, such as, for example, the IP address from user terminal 125 that initiated the fraud initiating request, the velocity of fraud initiating requests having similar data and attributes (e.g., the same name, address, etc.), whether the fraud initiating request is from a preexisting transaction account holder or merchant, or the like.” – Liu discloses a system receiving a request that has been deemed fraudulent due to said request having similar characteristics to a standard request such as name, address, etc. Therefore, because said request would have to be generated and communicated by a separate system in order for said request to be received, Liu implicitly discloses a system capable of communicating a request based on user information transmitted to mimic a target of malfeasance); 

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to apply the system capable of generating/communicating mimicked requests as disclosed Liu to communicate said requests to the nodes/accounts of the combination of Borghetti and Yip in order to increase the overall security of the system by allowing the system to perform penetration testing methods on its own member nodes. 

However, the combination of Borghetti, Yip, and Liu fails to explicitly disclose:
Communicate a resource distribution request to a user;
receive an acceptance of the resource distribution request from a computing device of the user; and 
in response to receiving the acceptance of the resource distribution request, execute one or more remediation actions on one or more resource pools of the user, wherein the one or more resource pools comprise the first resource pool.

However, in a similar field of endeavor, Wright discloses:
Communicate a resource distribution request to a user (See Wright: Para. [0029] – “After the custom insurance policy has been priced 210, the User B (renter) can pay this sum as part of their transaction cost. Alternatively, this payment might simply be held pending approval of the transaction by the User A. Here, User A would be presented with the opportunity to accept or decline 222 the request of the User B.”);
receive an acceptance of the resource distribution request from a computing device of the user; and 
in response to receiving the acceptance of the resource distribution request, execute one or more actions on one or more resource pools of the user, wherein the one or more resource pools comprise the first resource pool (See Wright: Para. [0029] – “Here, User A would be presented with the opportunity to accept or decline 222 the request of the User B. If the User A declines the request, the computing device(s) 102 may present the User B with alternate asset .

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to perform the communication and acceptance method as disclosed by Wright in place of the sole communication of a request method disclosed by the combination of Borghetti, Yip, and Liu in order to increase the overall efficiency of the system by allowing the system to immediately identify when a communicated request has been received allowing the system to immediately perform pending/subsequent functionality without needing the transmitter to perform an additional check/determination.

Additionally, it would have been obvious to one of ordinary skill in the art before the effective filing date to perform the remediation actions disclosed by the combination of Borghetti, Yip, and Liu in response to acceptance of the request in a similar nature to the method disclosed in Wright in order to increase the overall efficiency of the system by ensuring that no independent system would need to separately initiate said remediation actions.

In regards to Claims 2, 12, and 17 the combination of Borghetti, Yip, Liu, and Wright discloses:
he system of claim 1, wherein the one or more processing devices execute the computer-readable program code to identify the first node comprising the custom reputation value associated with malfeasance by: extracting resource distribution information for the plurality of resource pools (See Liu: Para. [0035] – “Credit and fraud decisioning engine 130 may also calculate the fraud risk level based on application statistics, such as, for example, the IP address from user terminal 125 that initiated the fraud initiating request, the velocity of fraud initiating requests having similar data and attributes (e.g., the same name, address, etc.), ; 
generating a one or more directed and/or undirected graphs comprising the plurality of nodes and a plurality of edges, wherein each of the plurality of nodes is associated with at least one of the plurality of resource pools (See Borghetti: Para. [0048] – “Using the enumerated results of the declared intents for the installed applications, reputation assessment program 300 builds a graph of possible app intent interactions (step 315). Reputation assessment program 300 builds a representation of possible interactions between declared intents of the installed applications. The representation is best perceived as a mathematical graph of vertices interconnected with edges, in which the vertices represent the applications and the edges represent the intents.”), and 
wherein each of the plurality of edges represent the resource distribution information associated with a resource distribution event between two of the plurality of nodes (See Borghetti: Para. [0048] – “Using the enumerated results of the declared intents for the installed applications, reputation assessment program 300 builds a graph of possible app intent interactions (step 315). Reputation assessment program 300 builds a representation of possible interactions between declared intents of the installed applications. The representation is best perceived as a mathematical graph of vertices interconnected with edges, in which the vertices represent the applications and the edges represent the intents.” – It would have been obvious to one of Borghetti with the transactions disclosed by Wright in order to increase the robustness of the invention by allowing the edges to contain alternative types of data rather than simply intents), 
wherein the plurality of nodes are associated with at least one of customers, accounts, devices, and entities (See Borghetti: Para. [0048] – “Using the enumerated results of the declared intents for the installed applications, reputation assessment program 300 builds a graph of possible app intent interactions (step 315). Reputation assessment program 300 builds a representation of possible interactions between declared intents of the installed applications. The representation is best perceived as a mathematical graph of vertices interconnected with edges, in which the vertices represent the applications and the edges represent the intents.” – Borghetti discloses the generation of a graph with nodes/vertices representative of entities such as an application); 
calculating custom reputation values for each of the plurality of nodes based on one or more factors and hierarchical analysis of characteristics associated with the plurality of nodes and the plurality of edges (See Yip: col. 46, lines 64-66 – “Upon identifying the recipient user account, the PSS 108 further determines a level of risk associated with it to determine whether or not an additional authentication step should be triggered.”, See Yip: col. 33, lines 23-30 – “For example, through the payment service application, users create account logins to utilize financial services offered by the payment service 601, to link their financial accounts with the payment service 601 (e.g., registration with the payment service 601), to transfer money using their user accounts and/or financial accounts, and/or otherwise engage with the services offered by the payment service 601 via the payment service application.” – Yip discloses a computing device capable of determining a level risk based on factors associated with an account. It would have been obvious to one of ordinary skill in the art before the effective filing date to include the node/edge structure disclosed by Borghetti within the factors used to determine risk disclosed by Yip in order to increase the security strength of the system by introducing more information to the risk calculation); 
comparing each of the custom reputation values with a predetermined threshold (See Yip: col. 46, lines 64-68 – “Upon identifying the recipient user account, the PSS 108 further determines a level of risk associated with it to determine whether or not an additional authentication step should be triggered.” For example, a request may be higher than a risk threshold if the amount being transferred is more than a predetermined amount); and 
identifying that the custom reputation value of the first node is associated with malfeasance based on comparing each of the custom reputation values with the predetermined threshold (See Yip: col. 46, lines 64-68 – “Upon identifying the recipient user account, the PSS 108 further determines a level of risk associated with it to determine whether or not an additional authentication step should be triggered.” For example, a request may be higher than a risk threshold if the amount being transferred is more than a predetermined amount).

In regards to Claim 5, the combination of Borghetti, Yip, Liu, and Wright discloses:
wherein the resource distribution information comprises resource distribution amount, resource distribution time, payor resource pool information, and payee resource pool information (See Wright: Para. [0029] – “After the custom insurance policy has been priced 210, the User B (renter) can pay this sum as part of their transaction cost. Alternatively, this payment might simply be held pending approval of the transaction by the User A. Here, User A would be presented with the opportunity to accept or decline 222 the request of the User B.”, See Wright: Para. [0031] – “Additional criteria relating to the specific transaction may also be factored in to the risk analysis including, but not limited to, time/duration of the transaction, value of transaction, and the transaction history of the users involved.” – Wright discloses transaction information comprising amount, time, payor, and payee).

In regards to Claim 6, 15, and 20 the combination of Borghetti, Yip, Liu, and Wright discloses:
The system of claim 2, wherein the one or more factors comprise at least one of (1) a resource distribution history for a resource pool associated with each individual node, (2) a malfeasance history for the resource pool associated with each individual node, (3) entity information associated with an entity that is linked with the resource pool of each individual node, (4) a nodal anomaly score for each respective node, and (5) a transaction anomaly score for one or more edges of each respective node (See Wright: Para. [0031] – “Additional criteria relating to the specific transaction may also be factored in to the risk analysis including, but not limited to, time/duration of the transaction, value of transaction, and the transaction history of the users involved.” – Wright discloses transaction information comprising amount, time, payor, and payee).

In regards to Claim 7, the combination of Borghetti, Yip, Liu, and Wright discloses:
The system of claim 6, wherein the resource distribution history for each of the resource pool associated with each individual node comprises information associated with (1) age of the resource pool, (2) connectivity between users associated with each of the resource distribution requests associated with the resource pool, (3) length of connection between the users associated with each of the resource distribution requests associated with the resource pool, (4) amount associated with each of the resource distribution requests associated with the resource pool, and (5) frequency associated with each of the resource distribution requests associated with the resource pool (See Wright: Para. [0031] – “Additional criteria relating to the specific transaction may also be factored in to the risk analysis including, but not limited to, time/duration of the transaction, value of transaction, and the transaction history of the users involved.”).

Claims 3, 13, and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Borghetti in view of Yip in further view of Liu, Wright, Kirti et al. (US 20170251013 A1) and Valecha et al. (US 20200067902 A1).

In regards to Claims 3, 13, and 18, the combination of Borghetti, Yip, Liu, and Wright discloses:
The system of claim 1, wherein the processing device is further configured to execute computer-readable program code to: 
transmitting an alert to a sender of the subsequent one or more resource distribution requests (See Borghetti: Para. [0059] – “Determining that a potential risk exists (decision step 340, "Yes" branch), reputation assessment program 300 initiates an alert for mobile device 110 and to notify the user (step 345).”) 

However, the combination of Borghetti, Yip, Liu, and Wright fails to explicitly disclose:
blocking the one or more resource pools of the user from sending resource distribution requests; 
freezing the one or more resource pools of the user from receiving subsequent one or more resource distribution requests;
alerting the sender to provide additional authentication credentials before executing the subsequent one or more resource distribution requests; 
prompting the sender of the subsequent one or more resource distribution requests to provide additional authentication credentials before executing the subsequent one or more resource distribution requests; and 
transmitting a notification associated with the user to a third party entity, wherein the notification comprises the user information and resource pool information associated with the one or more resource pools.

However, in a similar field of endeavor, Kirti discloses:
blocking the one or more resource pools of the user from sending resource distribution requests (See Kirti: Para. [0206] – “This helps a user to take or configure remediation actions like blocking apps in the firewall, educate the user to avoid the app, or suspend the user account.” – Blocking a payment application with a firewall constitutes blocking said resource pool from sending electronic communication requests); 
freezing the one or more resource pools of the user from receiving subsequent one or more resource distribution requests (See Kirti: Para. [0206] – “This helps a user to take or configure remediation actions like blocking apps in the firewall, educate the user to avoid the app, or suspend the user account.” – Suspension of a user account is the functional equivalent of freezing the funds associated with said account);

However, the combination of Borghetti, Yip, Liu, Wright, and Kirti fails to explicitly disclose:
alerting the sender to provide additional authentication credentials before executing the subsequent one or more resource distribution requests; 
prompting the sender of the subsequent one or more resource distribution requests to provide additional authentication credentials before executing the subsequent one or more resource distribution requests; and 
transmitting a notification associated with the user to a third party entity, wherein the notification comprises the user information and resource pool information associated with the one or more resource pools.

However, in a similar field of endeavor, Valecha discloses:
alerting the sender to provide additional authentication credentials and prompting the sender of the to provide additional authentication credentials (See Valecha: Para. [0049] – “At step 174, authentication center 120 uses the password from the user to decrypt the bytecode for the user. The authentication center then executes the bytecode, allowing the user-defined logic to ; and 
transmitting a notification associated with the user to a third party entity, wherein the notification comprises the user information  (See Valecha: Para. [0041] – “In some embodiments, client device 110 can include third party software or APIs 118 that allow the client to access third party applications or databases across the Internet … In general, third-party applications and APIs 118 can include access to any suitable network-based resources that the server can also access in some form that could be useful to the implementation logic.” – Valecha discloses a system capable of transmitting notifications in the form of requests associated with the user to third-party entities).

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to combine the remediation actions disclosed by the combination of Borghetti, Yip, Liu, Wright, and Kirti with the alerting, prompting, and transmitting actions disclosed by the Valecha to create a larger pool of remediation actions performable on the nodes and resource pools disclosed by the combination of Borghetti, Yip, Liu, Wright, and Kirti in order to increase the robustness of the invention by providing the invention an increased number of potential remediation actions it can perform automatically.

Claims 4, 9-10, 14, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Borghetti in view of Yip in further view of Liu, Wright, and Munoz (US 20190042879 A1).

In regards to Claims 4, 14, and 19 the combination of Borghetti, Yip, Liu, and Wright discloses the system of claim 2 but fails to explicitly disclose:
identify, from the one or more directed and/or undirected graphs, a nodal set of one or more pairs of nodes linked by an edge, based on the nodal set having an aggregate custom entropy and divergence value associated with interconnectivity or common control; 
collapse the nodal set into a single node that represents the one or more pair of nodes linked by an edge of the second nodal set as if it was a single resource pool.

However, in a similar field of endeavor, Munoz discloses:
identify, from the one or more directed and/or undirected graphs, a nodal set of one or more pairs of nodes linked by an edge, based on the nodal set having an aggregate custom entropy and divergence value associated with interconnectivity or common control (See Munoz: Para. [0021] – “Turning now to FIGS. 3A to 3B, an embodiment of a method 30 of unsupervised machine learning may include mapping a collection of data into two or more mathematical graph representations of the data based on a configurable set of rules that one of preserves or enhances relationships or properties of the data at block 31, and organizing the two or more graph representations into two or more clusters of data based on graph information entropy and one or more parameters at block 32.”); 
collapse the nodal set into a single node that represents the one or more pair of nodes linked by an edge of the second nodal set as if it was a single resource pool (See Munoz: Para. [0021] – “Some embodiments of the method 30 may further include selecting two or more graph representations as a new cluster candidate at block 34 (e.g., randomly or in other suitable way), determining a graph information entropy per node of constituent graphs at block 35”).

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to apply the method of grouping and collapsing graph nodes/data representation based on entropy value as disclosed by Munoz to group and collapse the graph nodes disclosed by the combination of Borghetti, Yip, Liu, and Wright in order to increase the overall processing time of the invention by reducing the data size of the dynamic graphs that need to be scanned to identify nodes.

In regards to Claim 9, the combination of Borghetti, Yip, Liu, Wright, and Munoz discloses:
The system of claim 6, wherein the nodal anomaly score for each individual node is determined based on a custom entropy and divergence value relative to other nodes of the plurality of nodes (See Munoz: Para. [0021] – “Turning now to FIGS. 3A to 3B, an embodiment of a method 30 of unsupervised machine learning may include mapping a collection of data into two or more mathematical graph representations of the data based on a configurable set of rules that one of preserves or enhances relationships or properties of the data at block 31, and organizing the two or more graph representations into two or more clusters of data based on graph information entropy and one or more parameters at block 32.”).

In regards to Claim 10, the combination of Borghetti, Yip, Liu, Wright, and Munoz discloses:
The system of claim 6, wherein the transaction anomaly score for the one or more edges of each respective node is based on a custom entropy and divergence value relative to other nodes and edges of the plurality of nodes and the plurality of edges that are within one degree of separation from the respective node (See Munoz: Para. [0021] – “Turning now to FIGS. 3A to 3B, an embodiment of a method 30 of unsupervised machine learning may include mapping a .

Claim 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Borghetti in view of Yip in further view of Liu, Wright, and Hatano et al. (US 20070255632 A1).

In regards to Claim 8, the combination of Borghetti, Yip, Liu, and Wright discloses the system of claim 6 but fails to explicitly disclose:
wherein the malfeasance history for each of the resource pool associated with each individual node comprises information associated with reported historical resource distribution requests and unreported historical resource distribution request linked with the resource pool.
 
However, in a similar field of endeavor, Hatano discloses:
History information of an entity, wherein said history information comprises information associated with reported data and unreported data linked with the entity (See Hatano: Para. [0138] – “history information included in a contents storage status report is regarded as unreported change history information, not only unreported change history information but also reported change history information may be included in a contents storage status report.”).

Borghetti, Yip, Liu, and Wright to specifically includes both reported and unreported data as disclosed in the method disclosed by Hatano in order to increase the overall security of the system by providing additional information to the system for the purposes of malfeasance detection.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Powers et al. (US 6684190 B1) discloses a system for dynamically generating visual graphs for the purposes of evaluating, exposing, and re-balancing a user’s risk tolerance in financial planning areas.
Yadav et al. (US 20190207976 A1) discloses systems, methods, and computer-readable media for gathering network intrusion counter-intelligence through identification of malicious user accessing actions on a network system.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICHOLAS K PHAN whose telephone number is (571)272-6748.  The examiner can normally be reached on M-F 8 am-5 pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on (571) 270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/NICHOLAS K PHAN/Examiner, Art Unit 3699            

/JAY HUANG/Primary Examiner, Art Unit 3685