DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Acknowledgments
Claims 1-13 are pending. 
Applicant provided Information Disclosure Agreement (IDS). 
This is a final office action with respect to Applicant’s amendments filed 7/12/2021. 

Response to Arguments
Applicant's arguments filed 7/12/2021 have been fully considered but they are not persuasive. The rejections are maintained. 

35 USC 101

	Applicant argues on page 10 

	These limitations explicitly require that the method be performed with a server or terminal device implemented by circuits. Thus, there is no reasonable interpretation of amended independent claim 1 in which the recited method can be performed solely in the human mind or with pen and paper. Amended claim 1 is therefore not directed to a judicial exception (i.e., an abstract idea, specifically a mental process), under Step 2A of the test for subject matter eligibility (see M.P.E.P. 2106.04).

	Examiner respectfully disagrees. 

	Server or terminal device implemented by circuits (i.e., automatically executing steps in a computer environment) is invoked as a tool to implement instructions of the abstract idea and it merely limits the abstract idea in a field of use/particular technology which does not provide practical application/significantly more to the abstract idea (MPEP 2106.05 (f) & (h). For example, but for the language of server and terminal device, the claims state a user simply receiving an operation request, where the operation compromises an identity of operation requestor. 

	Applicant argues on page 10 

That is, the limitations explicitly recited in amended claim 1 improve the functioning of a computer (i.e., to calculate the risk coefficient of each operation request) and involve much more than just "applying" mental steps to a general purpose computer to perform an abstract idea. Amended claim 1 therefore recites "significantly more" than an abstract idea, and is integrated into a practical application, under Step 2B of the test for subject matter eligibility (see M.P.E.P. 2106.04(d)).

Examiner respectfully disagrees. 

	Mere automation of manual processes, such as using a generic computer to process an application for financing a purchase, Credit Acceptance Corp. v. Westlake Services, 859 F.3d 1044, 1055, 123 USPQ2d 1100, 1108-09 (Fed. Cir. 2017) or speeding up a loan-application process by enabling borrowers to avoid physically going to or calling each lender and filling out a loan application, LendingTree, LLC v. Zillow, Inc., 656 Fed. App'x 991, 996-97 (Fed. Cir. 2016) (non-precedential)

35 USC 103 

	Applicant argues on page 12 

	However, as amended, claim 1 clearly recites "wherein the operation request comprises an identity of an operation initiator which is an operator with a respective permission." Harris is totally silent in this regard. Specifically, Harris neither discloses or suggests "the operation request comprising an identity of an operation initiator", nor discloses or suggests "the operation initiator is an operator with a respective permission".

	The arguments are moot with respect to new grounds of rejection (See updated 103 rejection). 


	Applicant argues on page 13 

	Thus, Harris fails to disclose or suggest "according to a parameter carried in the operation request, selecting a risk evaluation algorithm for the operation request from an algorithm rule library shared by a plurality of service systems".

	Examiner respectfully disagrees. 

Harris teaches according to a parameter carried in the operation request, selecting at least one risk 5evaluation algorithm for the operation request (See para 0023- In an example where a corresponding input 20 represents a check-cashing event that occurred at administrator-facing device 12, risk data modeling device 16 may invoke and/or fine-tune one or more of controls 22 in response to a risk profile that is associated with the check-cashing nature of the respective input 20.) This shows the risk modeling device is calculating a risk and determines the transaction has a parameter of being a check cashing event. The risk modeling device then selects one or more controls (i.e. algorithms) to carry out the request. The controls correspond to risk algorithms because they are processes/steps to handle events such as check cashing events. (See para0023-Controls 22 represent process actions that provide resilience 20.)

from an algorithm rule library shared by a plurality of service systems The controls correspond to risk algorithms because they are processes/steps to handle events such as check cashing events. (See para0023-Controls 22 represent process actions that provide resilience from and/or prevention of various loss events that could result from risks introduced by inputs 20.  FIG. 1 illustrates an example in which risk data modeling device 16 locally stores controls 22. In other examples, as explained in more detail below, some or all of controls 22 may be distributed across other devices of network system 10) This shows the risk modeling device stores the plurality of controls (i.e. algorithms) in a database as seen in figure 1. The algorithms are shared by a plurality of systems, because they can be imposed on the various ATMs around a bank branch or bank company such as applicant Wells Fargo in this art.


	
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.



Regarding Step 1 of the Subject Matter Eligibility Test for Products and Processes (from 2019 Revised Patent Subject Matter Eligibility Guidance), claims 1-13 are directed to the statutory category of a method and device. 

Regarding step 2A-1, Claims 1-13 recite a Judicial Exception. Exemplary independent claim 1 and similarly claim 7 recite the limitations of 

receiving, by a server or terminal device implemented by circuits, an operation request from a business system through a shared interface, wherein the operation request comprises an identity of an operation initiator which is an operator with a respective permission; according to a parameter carried in the operation request, selecting, by the server or terminal device implemented by circuits, at least one risk evaluation algorithm for the operation request from an algorithm rule library shared by a plurality of service systems; performing, by the server or terminal device implemented by circuits, [[a]] risk evaluation [[of]] to the operation request with the selected risk evaluation algorithm; and according to a risk evaluation result, determining, by the server or terminal device implemented by circuits, to allow the operation request.

These limitations, as drafted, are a process that, under its broadest reasonable interpretation cover concepts of collecting/receiving data as well as 
The claims also deal with mitigating risks with respect to business operations (See pages 1-4 in Applicant’s Specification) which deals with certain methods of organizing human activity (business relations and mitigating risks). It is clear the limitations recite these abstract idea groupings, but for the recitations of generic computer components. The mere nominal recitations of generic computer components does not take the limitations out of the mental process and certain methods of organizing human activity grouping. The claims are focused on the combination of these abstract idea processes. 
Regarding step 2A-2- This judicial exception is not integrated into a practical application, and the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception.
The claims recite, for example, the additional elements of processor, system, processor, computer readable storage medium, storage device, and interface. These components are recited at a high level of generality, and merely automate the steps. 
The combination of these additional elements is no more than mere instructions to apply the exception using a generic computer components or software. Accordingly, even in combination, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.	
	Further, the claims do not provide for recite any improvements to the functioning of a computer, or to any other technology or technical field; applying or using a judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition; applying the judicial exception with, or by use of, a particular machine; effecting a transformation or reduction of a particular article to a different state or thing; or applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception.
	The dependent claims have the same deficiencies as their parent claims as being directed towards an abstract idea, as the dependent claims merely narrow the scope of their parent claims. For example, the dependent claims further describe the algorithms in claim 4 and 10. In another example, claim 2 and 8 further describe the shared interface and what the operation request consists of. 

Regarding step 2B the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because claim 1 recites
Method, however method is not considered an additional element. 
Claim 1 further recites interface, systems, server, terminal device implemented by circuits. 
Claim 2 and 8 recite API
Claim 7 recites interface, system, storage device, processor, program, terminal device implemented by circuits. 
Claim 13 recites non-transitory computer readable storage medium.
When looking at these additional elements individually, the additional elements are purely functional and generic, the applicant specifications states general purpose computer configurations as seen in pages 14-17.  
When looking at the additional elements in combination, the applicant’s specification merely states general purpose computer configurations as seen in pages 14-17. The computer components add nothing that is not already present when the steps are considered separately. See MPEP 2106.05

Looking at these limitations as an ordered combination and individually adds nothing additional that is sufficient to amount to significantly more than the recited abstract idea because they simply provide instructions to use generic computer components, recitations of generic computer structure to perform generic computer functions that are used to "apply" the recited abstract idea. Thus, the elements of the 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim 1-5, 7-11, and 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Harris in view of Pitz et al. (US10417638B2) herein Pitz. 

Regarding claim 1 and similarly claim 7, Harris teaches

An operation defense method, comprising (Figures 3A-6 shows a method) Method is also seen here (See abstract- Techniques are described for correlating risk information and providing notifications to different devices based on the correlated risk information. ) (See para 0007-In another example, this disclosure is directed to a method) This clearly shows techniques/method. 
An operation defense device comprising: one or more processors; and  15a storage device configured for storing one or more programs, wherein the one or more programs are executed by the one or more processors to enable the one or more processors to (Figure 1 shows a device) (See para 0006-In one example, this disclosure is directed to a computing device that includes a memory, one or more processors in communication with the memory, and a communication unit.)

 receiving, by a server or terminal device implemented by circuits, an operation request from a business system through a shared interface  Examiner interprets operation request to be a transaction made by a user (See para 0023-Inputs 20 may include information, such as raw data and/or metadata, associated with transactions performed at administrator-facing device 12.) The operation request in the art for example is a check cashing transaction request (See para 0023-In an example where a corresponding input 20 represents a check-cashing event that occurred at administrator-facing device 12) The user provides an input for a check cashing event, and input is received by a admin facing device such as an ATM. This is also received by the risk modeling device. The risk modeling 

Even though Harris teaches operation requests, it doesn’t teach the operations request includes the identity. However Pitz 


wherein the operation request comprises an identity of an operation initiator (The payment card may be presented by the consumer 1004 )( In step 1040, the issuing financial institution 1002 may authorize the transaction account for payment of the payment transaction. The authorization may be based on an available credit amount for the transaction account and the transaction amount for the payment transaction, fraud scores provided by the transaction processing server 1012)(See fig. 10) This shows the operation request compromises the identity of the initiator because it includes the payment card which as identity in form of account and card name. This also includes the identity because the financial recognizes the transaction account which is the identity of the initiator as well. 

Harris and Pitz are analogous art because they are from the same problem solving area of transaction and risk/fraud. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have combined Harris’s invention by incorporating the method of Pitz because Harris would also be able to implement another layer of security by double checking if fraudulent transaction is 

In addition, Harris further teaches which is an operator with a respective permission (See para 0029-  In this example, risk data modeling device 16 may transmit a communication over network 14 that causes administrator-facing device 12 to initiate additional identity-verification measures at the bank branch, ATM, or pertinent business location.) (See para 0069- identity verification procedures (e.g., fingerprint collection, etc.) ) This shows the system will determined that the operator has respective permission because the operator has gone through identity verification procedures. 

according to a parameter carried in the operation request, selecting by a server or terminal device implemented by circuits at least one risk 5evaluation algorithm for the operation request (See para 0023- In an example where a corresponding input 20 represents a check-cashing event that occurred at administrator-facing device 12, risk data modeling device 16 may invoke and/or fine-tune one or more of controls 22 in response to a risk profile that is associated with the check-cashing nature of the respective input 20.) This shows the risk modeling device is calculating a risk and determines the transaction has a parameter of being a check cashing event. The risk modeling device then selects one or more controls (i.e. algorithms) to carry out the request. The controls correspond to risk algorithms because they are processes/steps to handle events such as check cashing events. (See para0023-22 represent process actions that provide resilience from and/or prevention of various loss events that could result from risks introduced by inputs 20.)

from an algorithm rule library shared by a plurality of service systems The controls correspond to risk algorithms because they are processes/steps to handle events such as check cashing events. (See para0023-Controls 22 represent process actions that provide resilience from and/or prevention of various loss events that could result from risks introduced by inputs 20.  FIG. 1 illustrates an example in which risk data modeling device 16 locally stores controls 22. In other examples, as explained in more detail below, some or all of controls 22 may be distributed across other devices of network system 10) This shows the risk modeling device stores the plurality of controls (i.e. algorithms) in a database as seen in figure 1. The algorithms are shared by a plurality of systems, because they can be imposed on the various ATMs around a bank branch or bank company such as applicant Wells Fargo in this art.

Performing by a server or terminal device implemented by circuits a risk evaluation of the operation request with the selected risk evaluation algorithm The risk evaluation is done again by the risk correlation engine to see what risk does the input pose to other entities. This is done with respect to the controls (i.e. algorithms) that were selected initially. (See para 0030- In this example, risk 24 may link the check-cashing event to various business units, according to techniques of this disclosure. For instance, risk correlation engine 24 may associate the check-cashing event of inputs 20 with different ones of risk data models 23 associated with different business units in addition to the fraudulent check-cashing risk data model associated with an identity protection unit. For example, risk correlation engine 24 may detect a link between the additional identity-verification measures of controls 22 and a customer satisfaction risk data model of risk data models 23 stemming from the additional verification procedures to which a valid check-cashing customer is subjected. In this case, risk correlation engine 24 may associate the inputs and controls of the check-cashing risk data model of risk data models 23 with the customer satisfaction risk data model.)(See para 0031- In accordance with techniques of this disclosure, risk data modeling device 16 may adjust the application of one or more of controls 22 based on the risk correlation information generated by risk correlation engine 24. )

and according to a risk evaluation result, determining by a server or terminal device implemented by circuits  to allow the operation request  Based on the calculation result from the risk correlation engine. The system determines whether to adjust the controls (i.e. algorithms) and let the check cashing operation request proceed with adjusted controls. The example from the art shows that the operation request is allowed with the adjusted controls. (See para 0031- In accordance with techniques of this disclosure, risk data modeling 16 may adjust the application of one or more of controls 22 based on the risk correlation information generated by risk correlation engine 24. For instance, using the risk correlation information described above with respect to the check-cashing event of inputs 20, risk data modeling device 16 may adjust controls 22 to balance the risk-mitigation process actions associated with both identity verification and customer satisfaction. In accordance with the techniques of this disclosure, risk data modeling device 16 may, subject to various conditions or considerations, adjust at least one of controls 22. In this particular example, risk data modeling device 16 may adjust the escalated identity-verification measures that are customarily triggered in response to a check-cashing alert received from administrator-facing device 12.
Regarding claim 2 and similarly claim 8, Harris teaches shared interface of ATMs and a user would use a ATM interface/application of the Bank to make operation requests, but the art does not mention API, However Pitz teaches 

wherein the receiving by a server or terminal device implemented by circuits an operation request from a business system through a shared interface comprises: calling by the server or terminal device implemented by circuits, an application programming interface of the business system to receive the operation request  (See col. 8- In some embodiments, the fraud engine 116 may comprise, for instance, an API) 

Harris and Pitz are analogous art because they are from the same problem solving area of transaction and risk/fraud. It would have been obvious to one of ordinary 
Harris further teaches the operation request further comprising one or more of an operation object, an operation parameter (See para 0023-  In an example where a corresponding input 20 represents a check-cashing event that occurred at administrator-facing device 12) This shows the operation request shows a operation parameter such as parameter of check cashing. This also shows an operation object such as the physical check of the check cashing transaction. 

Regarding claim 3 and claim 9, the arts above teach the limitations of claim 2 and 8, However Harris further teaches 

wherein selecting , by the server or terminal device implemented by circuits, at least one risk evaluation algorithm for the operation request from an algorithm rule library shared by a plurality of service systems, comprises: selecting , by the server or terminal device implemented by circuits, at least one risk evaluation algorithm from the algorithm risk evaluation rule library, according to one or more of the operation object, the identity of the operation initiator, and the 20operation parameter of the operation request, and in combination with a status of the operation object in the operation request and an operation history of the operation object (See para 0023-  In an example where a corresponding input 20 represents a check-cashing event that occurred at administrator-facing device 12, risk data modeling device 16 may invoke and/or fine-tune one or more of controls 22 in response to a risk profile that is associated with the check-cashing nature of the respective input 20.) This shows the system selects one or more controls (i.e. algorithms) based on the operation parameter /and parameter object of a check cashing process. Check cashing process corresponds to operation parameter and object. 


Regarding claim 4 and similarly claim 10, Harris further teaches

wherein the risk evaluation algorithm comprises one or more of an authority evaluation algorithm, a block evaluation algorithm, a quota evaluation algorithm, a speed-limit evaluation algorithm, a service level objection evaluation algorithm, wherein different operation objects correspond to different risk evaluation algorithms. (See para0029- As one example, risk data modeling device 16 may invoke strengthened authentication procedures (from controls 22) to mitigate or potentially eliminate fraudulent check-cashing risks. In this example, risk data modeling device 16 may transmit a communication over network 14 that causes administrator-facing device 12 to initiate additional identity-verification measures at the bank branch, ATM, or pertinent business 

Regarding claim 5 and similarly claim 11, Harris further teaches

wherein the according to a risk evaluation result, determining , by the server or terminal device implemented by circuits, to allow the operation request comprises: in a case that a plurality of risk evaluation algorithms are selected for the operation request The system is determining whether to allow operation request with specific set of controls. 
Performing , by the server or terminal device implemented by circuits, a weighted calculation according to weights (See para 0075- In turn, risk data modeling device 16 may invoke risk correlation engine 24 to correlate the input to one or more risks across different business units/entities associated with risk-correlated devices 18 (84). ) (See para 0003- However, the existing risk identification models may make it difficult to identify risk correlations between different business silos, such as between different business units within a firm (e.g., business units under the umbrella of a financial institution entity), or across an industry (e.g., across different business entities within the financial industry).) This shows the risk correlation engine does a weighed calculation because it is looking at the impact (i.e. weight) an input would have on across different 

risk evaluation results of the plurality of risk evaluation algorithms The risk evaluation is also done by the risk correlation engine to see what risk does the input pose to other entities. This is done with respect to the controls (i.e. algorithms) that were selected initially. (See para 0030- In this example, risk correlation engine 24 may link the check-cashing event to various business units, according to techniques of this disclosure. For instance, risk correlation engine 24 may associate the check-cashing event of inputs 20 with different ones of risk data models 23 associated with different business units in addition to the fraudulent check-cashing risk data model associated with an identity protection unit. For example, risk correlation engine 24 may detect a link between the additional identity-verification measures of controls 22 and a customer satisfaction risk data model of risk data models 23 stemming from the additional verification procedures to which a valid check-cashing customer is subjected. In this case, risk correlation engine 24 may associate the inputs and controls of the check-cashing risk data model of risk data models 23 with the customer satisfaction risk data model.)(See para 0031- In accordance with techniques of this disclosure, risk data modeling device 16 may adjust the application of one or more of controls 22 based on the risk correlation information generated by risk correlation engine 24. )

to determine allow the operation request The system determines whether to adjust the controls (i.e. algorithms) and let the check cashing operation request proceed with adjusted controls. This is based on the weighed calculation and risk evaluation of controls as seen above. 

The example from the art shows that the operation request is allowed with the adjusted controls. (See para 0031- In accordance with techniques of this disclosure, risk data modeling device 16 may adjust the application of one or more of controls 22 based on the risk correlation information generated by risk correlation engine 24. For instance, using the risk correlation information described above with respect to the check-cashing event of inputs 20, risk data modeling device 16 may adjust controls 22 to balance the risk-mitigation process actions associated with both identity verification and customer satisfaction. In accordance with the techniques of this disclosure, risk data modeling device 16 may, subject to various conditions or considerations, adjust at least one of controls 22. In this particular example, risk data modeling device 16 may adjust the escalated identity-verification measures that are customarily triggered in response to a check-cashing alert received from administrator-facing device 12.

Regarding claim 13, Harris further teaches 
A non-transitory computer- readable storage medium storing computer instructions, wherein the computer instructions cause a computer to perform method according to claim 1. (See para 0044- In some examples, 36 include non-volatile storage elements. Examples of such non-volatile storage elements include magnetic hard discs, optical discs, floppy discs, flash memories, or forms of electrically programmable memories (EPROM) or electrically erasable and programmable (EEPROM) memories. ) (See para 0086- By way of example, and not limitation, such computer-readable storage media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage, or other magnetic storage devices, flash memory, or any other medium that can be used to store desired program code in the form of instructions or data structures and that can be accessed by a computer. Also, any connection is properly termed a computer-readable medium. )

Claim 6 and 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Harris in view of Pitz in view of Coronel et al. (US20150039381A1) herein Coronel. 

Regarding claim 6 and claim 12, the arts above teach the limitations of claim 5 and 11, However Harris further teaches 

in a case that the risk evaluation result indicates that the operation request is not allowed 
However the art does not teach information as to why the operation was denied. However Coronel teaches 
Returning by the server or terminal device implemented by circuits, a reason for not allowing the operation request (See 0045-The message may also include whether or not the request was completed or denied. If the request was denied, the message may include comments or reasons as to why the request was denied.) 

Harris and Coronel are analogous art because they are from the same problem solving area of transaction with respect to a bank. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have combined Harris’s invention by incorporating the method of Coronel because Harris’s invention would be able to provide reasoning as to why the request was denied. This information would be used by the correlation engine to better understand why a request was denied and it would not suggest the same correlations to the risk correlating devices. Having more information as to why a request is denied leads to better understanding of the different correlations of the various business units.  


Conclusion
The prior art made of record and not relied upon considered pertinent to Applicant’s disclosure
Huggins et al. (20180181900) Discloses computer-implemented system, and method for its use, for facilitation of procedural compliance with critical tasks, including the use of a computer having an interactive compliance application that enables both computer algorithm implemented checklists and human-aided checklists for procedural discipline and verifiable compliance in normal, emergency and work instruction situations.

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MUSTAFA IQBAL whose telephone number is (469)295-9241.  The examiner can normally be reached on Monday Thru Friday 9:30am-7:30 CST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eric Stamber can be reached on 5712726724.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MUSTAFA IQBAL/Examiner, Art Unit 3683                                                                                                                                                                                                        
/ALAN S MILLER/Primary Examiner, Art Unit 3683