Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present Office Action is responsive to communications received 7/15/2020. Claims 1-20 are pending.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 7/15/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-11 of U.S. Patent No. 10757123 (’123). Although the claims at issue are not identical, they are not patentably distinct from each other because .
Claims 1, 15 and 20 are anticipated by claim 1 of ‘123.
Claims 2 and 16 are anticipated by claim 1 of ‘123.
Claims 3 and 17 are anticipated by claim 2 of ‘123.
Claims 4 and 18 are anticipated by claim 3 of ‘123.
Claims 5 and 19 are anticipated by claim 4 of ‘123.
Claim 6 is anticipated by claim 5 of ‘123.
Claim 7 is anticipated by claim 6 of ‘123.
Claim 8 is anticipated by claim 7 of ‘123.
Claim 9 is anticipated by claim 1 of ‘123.
Claim 10 is anticipated by claim 8 of ‘123.
Claim 11 is anticipated by claim 1 of ‘123.
Claim 12 is anticipated by claim 9 of ‘123.
Claim 13 is anticipated by claim 10 of ‘123.
Claim 14 is anticipated by claim 11 of ‘123.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 7, 15-16 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over US 20100169192 to Zoldi et al., hereinafter Zoldi, in view of US 20080319889 to Hammad, hereinafter Hammad. Zoldi, Hammad and Barcelo are cited in IDS dated 7/15/2020.

 Regarding claims 1 (and substantially claims 15 and 20), Zoldi discloses:           A computing platform, comprising: at least one processor; a communication interface communicatively coupled to the at least one processor; and memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to ([0067]): receive account reconnaissance data identifying a first plurality of user accounts that have experienced at least one event associated with account security concern characteristics ([0026]: capture account information associated with common points of purchase, detected by fluctuations in pre-fraud rate); based on receiving the account reconnaissance data identifying the first plurality of user accounts that have experienced at least one event associated with account security concern characteristics, analyze event history data associated with the first plurality of user accounts to identify one or more common interactions associated with a subset of the first plurality of user accounts ([0029]: use account history profile, account transactions profiles used to determine pre-fraud statistics to identify deviations of the compromise cluster from normal pre-fraud pattern, the common interaction being transaction in the common point of compromise) ; based on analyzing the event history data associated with the first plurality of user accounts to identify the one or more common interactions associated with the subset of the first plurality of user accounts, identify a point of compromise among the subset of the first plurality of user accounts, the point of compromise corresponding to a particular common interaction of the one or more common interactions ([0029][0045]: all accounts that transacted (transaction A, [0037][0039]) at particular merchant during a suspected period are added to a compromise cluster); search enterprise user account records to identify a second plurality of user accounts that have at least one event associated with the point of compromise ([0048]-[0051]: use transaction B to update compromise cluster variables i.e account profiles and transaction profiles ).  Zolbi does not explicitly teach based on searching the enterprise user account records to identify the second plurality of user accounts, add the second plurality of user accounts to an alert table. In an analogous art, Hammad discloses reporting compromised accounts and other associated accounts in a watch list, sending notification that the accounts are on the watch list ([0025]), the watch list being interpreted as the claimed alert table. Therefore, Hammad teaches the limitation. It would have been obvious to a skilled artisan before the filing of the present application to add the identified compromised accounts to an alert watch list because it would help managing compromised accounts and associated accounts on a single database, and optimizing time for alerting all concerned parties, instead of the time-consuming notification process observed in the prior arts ([0004][006]).

Regarding claims 2 and 16, Zoldi in view of Hammad discloses the computing platform of claim 1, wherein identifying the point of compromise among the subset of the 

Regarding claim 7, Zoldi in view of Hammad discloses the computing platform of claim 2, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: after receiving the account reconnaissance data identifying the first plurality of user accounts that have experienced at least one event associated with account security concern characteristics: send, via the communication interface, to an account management computer system, a request for account activity information associated with the first plurality of user accounts; and receive, via the communication interface, from the account management computer system, the event history data associated with the first plurality of user accounts in response to the request for the account activity information associated with the first plurality of user accounts (Zoldi, [0032]: receive account histories).  


Claims 3, 4, 8, 17 and 18 are rejected under 35 USC 103 as being unpatentable over Zoldi and Hammad, in view of US 20190130404 to Merz et al., hereinafter Merz. Merz is cited in IDS dated 7/15/2020.

Regarding claims 3 and 17, Zoldi in view of Hammad discloses the computing platform of claims 2, 16, but does not explicitly teach:  wherein identifying the point of compromise among the subset of the first plurality of user accounts comprises identifying the point of compromise among the subset of the first plurality of user accounts based on merchant weighting information determined and maintained by the computing platform. In an analogous art, Merz discloses detecting the source of account compromise by tracking transaction activity at a merchant, for a predetermined time interval and generating an implication score for the merchant ([0017]), which is a numeric indicator of the relative (e.g. normalized or otherwise scaled) likelihood that the merchant is compromised ([0028]), and interpreted as the weighting  information. Therefore, Merz teaches or suggests the limitation. It would have been obvious to a skilled artisan before the filing of the application to use merchant weighting information to determine the point of compromise because it would “identify point of data compromise much faster than traditional systems that rely only on reports of fraud” (Merz, [0017]).

Regarding claims 4 and 18, Zoldi in view of Hammad and Merz discloses the computing platform of claims 3, 17, wherein identifying the point of compromise among the subset of the first plurality of user accounts comprises identifying the point of compromise among the subset of the first plurality of user accounts based on temporal grouping information determined and maintained by the computing platform (Zoldi [0027]), Merz [0017] transaction during a time interval).  

Regarding claim 8, Zoldi in view of Hammad discloses the computing platform of claim 7, but does not explicitly teach the rest of the claim; in an analogous art, Merz discloses wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: load, from a merchant database maintained by the computing platform, merchant weighting information determined by the computing platform based on previously identified connections between one or more specific merchants and one or more specific occurrences of account reconnaissance activity, wherein identifying the point of compromise among the subset of the first plurality of user accounts comprises identifying the point of compromise among the subset of the first plurality of user accounts based on the merchant weighting information loaded from the merchant database maintained by the computing platform ( [0064], Fig 4, 422: store the merchant implication scores in a database (Fig. 4, 422), implications scores measure the likelihood a merchant represent a source of compromise ([0068], and are used to indicate a potential compromise of a merchant and issue an alert ([0069])).  It would have been obvious to a skilled artisan before the filing of the application to load merchant weighting information and using it to identify point of compromise because it would  “identify point of data compromise much faster than traditional systems that rely only on reports of fraud” (Merz, [0017]).

Claims 5, 6 and 19 are rejected under 35 USC 103 as being unpatentable over Zoldi and Hammad, in view of US 20150066772 to Griffin et al., hereinafter Griffin and further view of US 8812342 to Barcelo et al., hereinafter Barcelo. Griffin is cited in IDS dated 7/15/2020.

 Regarding claim 5 and 19, Zoldi in view of Hammad and Merz discloses the computing platform of claims 2, 16,  but does not explicitly teach:  wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: prior to receiving the account reconnaissance data identifying the first plurality of user accounts that have experienced at least one event associated with account security concern characteristics: receive, via the communication interface, from an account reconnaissance identification computer system, configuration information defining a data monitoring schedule for the computing platform; and set one or more configuration preferences for the computing platform based on the configuration information defining the data monitoring schedule for the computing platform.  
Setting a schedule for receiving monitoring data is well-known in the art, as evidenced by Griffin. Griffin in an analogous art, discloses analyzing customer’s behavior to assess risk ([0009]), collecting data from multiple financial institutions, on a predetermined schedule ([0152]). Therefore Griffin implicitly discloses  prior to receiving the account reconnaissance data identifying the first plurality of user accounts that have experienced at least one event associated with account security concern characteristics: receive, via the communication interface, from an account reconnaissance identification computer system, configuration information defining a data monitoring schedule for the computing platform. It would have been obvious to a 
However, Zoldi, Hammad and Griffin do not teach setting the one or more configuration preferences as recited in the claim. But in an analogous art, Barcelo discloses assessing risk scores about user account  based on data collected periodically (col. 10, lines 31-41). A user interface is used to setup parameters or preferences for the data collection, where to get the data from and when (Fig. 4, 406, col. 14, lines 17-41), therefore it would have been obvious to a skilled artisan to combine the teachings of Barcelo to the prior art in order to set one or more configuration preferences for the computing platform based on the configuration information defining the data monitoring schedule for the computing platform, because it would provide an interface for setting up monitoring preferences while being user friendly.

Regarding claim 6, Zoldi in view of Hammad, Griffin and Barcelo discloses the computing platform of claim 5, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: prior to receiving the account reconnaissance data identifying the first plurality of user accounts that have experienced at least one event associated with account security concern characteristics: request, via the communication interface, from the account reconnaissance identification computer system, the account .  

Claim 9-11 and 14 are rejected under 35 USC 103 as being unpatentable over Zoldi and Hammad, in view of US 20140201835  to Emigh et al., hereinafter Emigh. Emigh is cited in IDS dated 7/15/2020.

Regarding claim 9, Zoldi in view of Hammad discloses the computing platform of claim 2; Zoldi combined to Hammad does not teach, yet Emigh teaches, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: based on identifying the point of compromise among the subset of the first plurality of user accounts, generate a validation user interface for a user of an analyst computer system, the validation user interface comprising at least one user-selectable element of a plurality of user- selectable elements enabling the user of the analyst computer system to provide input validating the point of compromise identified by the computing platform ([0038][0039]: determine whether a record relating to a responsible institution is suspicious (point of compromise), provide a user interface prompting a user to confirm the point of compromise see [0040][0041], Fig. 3); provide, via the communication interface, to the analyst computer system, the validation user interface generated for the user of the analyst computer system, wherein providing the validation user interface generated for 
It would have been obvious to a skilled artisan before the application was filed to provide a user interface for validating the point of compromise because it would enhance the detection of the point of compromise by having an analysis provide feedback, on top of the machine based determination.

Regarding claim 10, Zoldi in view of Hammad and Emigh discloses the computing platform of claim 9, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: based on receiving the validation information from the analyst computer system, send, via the communication interface, to an account management computer system, a request for user account information; and receive, via the communication interface, from the account management computer system, the enterprise user account records in response to the request for user account information (Zolbi, [0064]: after 

Regarding claim 11, Zoldi in view of Hammad and Emigh discloses the computing platform of claim 9, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: generate one or more system configuration commands based on adding the second plurality of user accounts to the alert table; and send, via the communication interface, to an account management computer system, the one or more system configuration commands, wherein sending the one or more system configuration commands to the account management computer system causes the account management computer system to restrict transaction requests associated with the second plurality of user accounts processed by the account management computer system (Hammad, [0022]: freeze or close the compromised accounts and accounts associated with the compromised accounts).  
Regarding claim 14, Zoldi in view of Hammad and Emigh discloses the computing platform of claim 11, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: send, via the communication interface, to one or more of an analyst computer system or a user computing device, one or more alert notifications .  


Allowable Subject Matter
Claims 12 and13 are allowable over the prior art of record. 
Zoldi, in view of Hammad or any other prior art of the record, fails to teach: the computing platform of claim 11, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: send, via the communication interface, to an interactive voice response computer system, the one or more system configuration commands, wherein sending the one or more system configuration commands to the interactive voice response computer system causes the interactive voice response computer system to restrict access requests associated with the second plurality of user accounts processed by the interactive voice response computer system, as recited in claims 12, and consequently in claim 13, depending from claim 12.   Therefore claim 12 and 13 are allowable.

Claims 12, 13 are being objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Ahmed et al 10320813 discloses a security threat detection and mitigation platform in a multi-tenant virtualization environment that includes data analysis. The data analysis components may apply machine learning techniques to generate (based on training data sets) and refine (based on subsequently received data sets and feedback about the resulting classifications) predictors configured to detect particular types of security threats.
Scheidler et al 10681060 : discloses determining security threats of a plurality of user accounts, assigning a risk level to each account; for a plurality of events, assigning an event score relating to deviation from normal behavior of each event with respect to the respective user account; 
Maxwell et al. 20170214712 : collect events (failed login records), identify common password used for accounts, blacklist passwords.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CATHERINE B THIAW whose telephone number is (571)270-1138. The examiner can normally be reached Monday-Friday 7am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Catherine Thiaw/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        1/12/2022