Notice of Pre-AIA  or AIA  Status
The present application, filed on or after Jun 14, 2019, is being examined under the first inventor to file provisions of the AIA .

Detailed action
Claims 1, 5, 12, 14-15 and 18-30 are pending and are being considered.
Claims 1 and 5 have been amended.
Response to 103
Applicants argument filled on 09/09/2021 have been fully considered and are not persuasive. 
Argument regarding claims 1, 12 and 18
In response to applicant’s argument that Larkin fails to teach the limitation “after receiving the request from the computing device, transmitting by the application server to a risk indicator server a request for risk indicators associated with the network ID”. The applicant argues that application server does not transmit a request to risk indicator server. The examiner acknowledges applicant’s point of view but respectfully disagrees because Larkin on [page 12 para 4] teaches Risk Management Module RMM (i.e. risk indicator server) communicating with ASP server (i.e. application server). See also on [page 31 para 3] teaches the ASP server could provide feedback to the Risk management module, wherein the feedback sent by the ASP to RMM consist of metrics and other information. See also on [page 31 2nd last para] teaches an outbound call (i.e. request) from ASP server to RMM. See also on [page 34 para 1] teaches any outbound phone calls from the ASP, are automatically routed to the network security service, in one embodiment a mobile risk management system of the invention (which in this specification is interchangeably referred to as a Risk Management for Mobile (RMM) module). See on [page 36] teaches Risk management module performs risk analysis on the number form which the call originates. See on [page 26 para 2] teaches the RMM receives identifier such as MSISDN (i.e. network identifier such as IMEI in view of page 58 3rd last para) for each device and performs risk analysis. 
The applicant on page 9 of remarks further argues that the cited reference fails to teach the limitation “determining by the application server a risk score based on the first device history, the second device history,The ASP deems the Risk Score (i.e. determining risk score) and/or Reason code to be too high, the ASP sends and Access Denied to the user's mobile application. See also on [page 46 para 2] teaches the ASP can then assess the risk score (i.e. determine risk score) and decide whether or not to allow the user to access the service. See on [page 25 last para] teaches Risk score based on IMEI (i.e. first device history), SIM swap status (i.e. second device history) and multi-party call status (i.e. attribute of cellular account in view of para [0027 and 0053] of instant application).  For more detail see the rejection below. 

                                               Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

s 1, 5, 12, 14-15, 18-21, 25-27 and 28-30 are rejected under 35 U.S.C. 103 as being unpatentable over Larkin (WO2016050990) (provided in IDS) in view of Schenk et al (hereinafter Schenk) (US 20160021532).

Regarding claim 1 Larkin teaches a computer-implemented method of authorizing computing device to log into a user account on an application server based on a network identification (ID) of a user mobile device, the method comprising (Larkin on [page 14 first para] teaches application running on mobile device sending a request to the application service provider to login. See on [page 19 last two para] teaches mobile banking application to login to bank account to access server resource. See on [page 43 third para] teaches a mobile application on a mobile device sends a request to ASP backend server to gain access based on MSISDN or IMSI to authenticate user of mobile device);
receiving a by the application server request from the computing device to log into the user account (Larkin on [page 14 first para] teaches application running on mobile device sending a request to the application service provider to login. See on [page 19 last two para] teaches mobile banking application to login to bank account to access server resource. See on [page 43 third para] teaches a mobile application on a mobile device sends a request to ASP backend server to gain access based on MSISDN or IMSI to authenticate user of mobile device);
after receiving the request from the computing device, transmitting by the application server to a risk indicator server a request for risk indicators associated with the network ID (Larkin on [page 12 para 4] teaches Risk Management Module RMM communicating with ASP server. See on [page 26 para 2] teaches user devices a user device accesses services from banking service provider. The RMM receives identifier such as MSISDN (i.e. network identifier such as IMEI in view of page 58 3rd last para) for each device and performs risk analysis. See on [page 5 2nd para] teaches MSISDN and IMEI as network identifier. See on [page 36] teaches Risk management module performs risk analysis on the number form which the call originates. See on [page 26 para 2] teaches the RMM receives identifier such as MSISDN (i.e. network identifier such as IMEI in view of page 58 3rd last para) for each device and performs risk analysis);
receiving, by the application server from the risk indicator server, a first device history and a second device history, [[the first device history indicating a change in an international mobile equipment identifier (IMEI) associated with the network ID from a first IMEI to a second IMEI]] and the second device history indicating a change in a subscriber identification module (SIM) card ID associated with the network ID(Larkin on [page 6 line 91-15, page 43 3rd para,  page 44 1st para and page 67 claim 33] teaches a profile generated based IMEI (i.e. first device history), IMSE or SIM swap status (i.e. second device history), MSISDN and serial number of mobile device. The mobile device receives this information from ASP server. Further on [page 8 line 1-25] teaches building a risk profile for each mobile device based on IMEI SIM sap, MSISDN etc. and then calculating risk score based on the generated profile. See on [page 25 last para] teaches Risk score based on IMEI (i.e. first device history), SIM swap status (i.e. second device history). See on [page 40] risk analysis based on SIM changed within specific period of time. See also on [page 43 para 5] teaches check if there has been any SIM Card changes recently for this mobile device and calculate a risk score. The Risk score can be based on various checks, such as but not limited to, SIM card Swap, if the user is accessing the service from a known or registered mobile device or MSISDIN, location of mobile device);
 receiving, by the application server, from the risk indicator server, one or more attributes of a cellular account to which a cellular network provider provides wireless services for the network ID (Larkin on [page 8 last para] teaches Using the mobile device as a trusted device during CNP transactions to obtain caller's mobile number from the mobile network, mobile number is then sent to card Issuer as part of transaction security check and performs risk management based on the identity of the mobile device (e.g. IMSI, MSISDN, etc.), location of the mobile device, mobile device history and mobile device settings (SIM Swap, Call forwarding, etc.)(I.e. attribute of cellular account in view of para [0027 and 0053] of instant application). See on [25 3rd last para] teaches performing risk analysis on SIM card inserted in mobile phone uniquely associated with IMSI (i.e. network ID) other risk management and analysis performed by security service includes checking multi-party call status and divert unconditional status (i.e. attribute of cellular account in view of para [0027 and 0053]). See on [page 26 last 2 para] teaches risk setting indicating (i.e. cellular account risk indicator) if device was compromised such as SIM swap status, call divert status etc. (i.e. attribute of cellular account));
determining by the application server, a risk score based on the first device history, the second device history,(Larkin on [page 25 last para] teaches Risk score based on IMEI (i.e. first device history), SIM swap status (i.e. second device history) and multi-party call status (i.e. attribute of cellular account in view of para [0027 and 0053] of instant application). See on [page 5 3rd para] teaches Risk score based on SIM swap (i.e. second device history). See also on [page 6 1st para] teaches Risk score based on SIM swap (i.e. second device history), Identify of mobile devoice (i.e. first device history), historical pattern of mobile identity and Risk score based on biometric information. See on [page 7 2nd para] teaches Risk score based on SIM swap and call divert function. See also [page 13 para regarding Fig 16] teaches calculating risk score based multi-party call active status for the mobile number. See on [page 43] teaches calculating risk score based on SIM swap, mobile device number and MSISDIN. See on [page 46 para 2] teaches the ASP can then assess the risk score (i.e. determine risk score) and decide whether or not to allow the user to access the service);
  in response to determining that the risk score is below a threshold, allowing, by the application server the computing device to log into the user account (Larkin [page 17 3rd para] teaches successfully login on the bank account is based on risk analysis. See on [page 31 last 2 para] teaches if the risk score is above certain threshold then a message with further authentication will be displayed to the user (i.e. access denied). If the risk score is below a certain threshold then customer is identified (i.e. access granted)).
	Although Larkin teaches Risk score based on IMEI of mobile device but fails to teach the first device history indicating a change in an international mobile equipment identifier (IMEI) associated with the network ID from a first IMEI to a second IMEI, however Schenk from analogous art teaches the first device history indicating a change in an international mobile equipment identifier (IMEI) associated with the network ID from a first IMEI to a second IMEI (Schenk on [0022-0029, 0060 and 0075] teaches a time information related to change in IMEI (International Mobile Equipment Identity) and a time information related to a swap of the subscriber identity module (i.e. Change in IMEI is  equivalent to changing IMEI of the mobile device to a different IMEI). Further on [0052-0060] teaches performing risk analysis on mobile equipment based SIM swap or change in IMEI information of mobile equipment).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teaching of Schenk into the teaching of Larkin by determining device history based on change in IMEI. One would be motivated to do so in order to prevent fraud or misuse based on a risk scoring associated with device (Schenk on [0002-0004]).
Regarding claim 5 the combination of Larkin and Schenk teaches all the limitations of claim 1 above, Larkin further teaches further comprising, determining  by the application server the network ID from information included in the request from the computing device (Larkin on [page 8 last para] teaches Using the mobile device as a trusted device during CNP transactions Invention allows service provider to obtain caller's mobile number from the mobile network, mobile number is then sent to card Issuer as part of transaction security check. Invention verifies mobile device identity from mobile network and performs risk management based on the identity of the mobile device (e.g. IMSI, MSISDN, etc.), location of the mobile device, mobile device history and mobile device settings (SIM Swap, Call forwarding, etc.). see also on [page 6] teaches determining risk score based on change of SIM of mobile device, historical pattern of mobile identity and identity of the mobile device).

Regarding claim 12 Larkin teaches A restricted-access system of computing devices, comprising: (Larkin on [page 9 last para] teaches a mobile device using a service, including restriction of service based on a mobile device's location, such as for example restriction of a service such as mobile payments to reduce fraudulent behavior);
 a user mobile device on which a network identification (ID) has been activated (Larkin on [page 2nd last para] teaches sending message from a mobile device having correct mobile number for accessing service. See also on [page 8] Checks time and date of last call of cardholder's registered mobile number to ensure mobile device was the device used to make the purchase over the phone. See also on [page 13 text related to figure 16] teaches the cardholder's or fraudster's mobile number (MSISDN) is obtained from the network and is forwarded as part of the credit card check to the issuing bank via the acquiring bank. The invention's network security services receives a request by the issuing bank to check if the card holder's mobile number (MSINSDN) is legitimate);
 and an application server, configured to: 8Docket No.: ZUMI/0010USP01 (PATENT) receive a request from a computing device to log into a user account on the application server (Larkin on [page 14 first para] teaches application running on mobile device sending a request to the application service provider to login. See on [page 19 last two para] teaches mobile banking application to login to bank account to access server resource. See on [page 43 third para] teaches a mobile application on a mobile device sends a request to ASP backend server to gain access based on MSISDN or IMSI to authenticate user of mobile device);
 upon receiving the request from the computing device, transmit a request to a risk indicator server for risk indicators associated with the network ID (Larkin on [page 12 para 4] teaches Risk Management Module RMM communicating with ASP server. See on [page 26 para 2] teaches user devices a user device accesses services from banking service provider. The RMM receives identifier such as MSISDN (i.e. subscriber identifier such as IMEI in view of page 58 3rd last para) for each device and performs risk analysis. See on [page 5 2nd para] teaches MSISDN and IMEI as network identifier);
the risk indicators including [[a first device history that indicates a change in an international mobile equipment identifier (IMEI) associated with the network ID from a first IMEI to a second IMEI]], a second device history indicating a change in a subscriber identification module (SIM) card ID associated with the network ID 3Docket No.: ZUMI/0010USP01 (PATENT) from a first SIM card ID to a second SIM card ID (Larkin on [page 6 line 91-15, page 43 3rd para,  page 44 1st para and page 67 claim 33] teaches a profile generated based IMEI (i.e. first history), IMSE or SIM swap status (i.e. second history), MSISDN and serial number of mobile device. The mobile device receives this information from ASP server. Further on [page 8 line 1-25] teaches building a risk profile for each mobile device based on IMEI SIM sap, MSISDN etc. and then calculating risk score based on the generated profile. See on [page 25 last para] teaches Risk score based on IMEI (i.e. first device history), SIM swap status (i.e. second device history). See on [page 40] risk analysis based on SIM changed within specific period of time. See also on [page 43 para 5] teaches check if there has been any SIM Card changes recently for this mobile device and calculate a risk score. The Risk score can be based on various checks, such as but not limited to, SIM card Swap, if the user is accessing the service from a known or registered mobile device or MSISDIN, location of mobile device);
and one or more attributes of a cellular account to which a cellular network provider provides wireless services for the network ID (Larkin on [page 8 last para] teaches Using the mobile device as a trusted device during CNP transactions to obtain caller's mobile number from the mobile network, mobile number is then sent to card Issuer as part of transaction security check and performs risk management based on the identity of the mobile device (e.g. IMSI, MSISDN, etc.), location of the mobile device, mobile device history and mobile device settings (SIM Swap, Call forwarding, etc.)(I.e. attribute of cellular account in view of para [0027 and 0053] of instant application). See on [25 3rd last para] teaches performing risk analysis on SIM card inserted in mobile phone uniquely associated with IMSI (i.e. network ID) other risk management and analysis performed by security service includes checking multi-party call status and divert unconditional status (i.e. attribute of cellular account in view of para [0027 and 0053]). See on [page 26 last 2 para] teaches risk setting indicating (i.e. cellular account risk indicator) if device was compromised such as SIM swap status, call divert status etc. (i.e. attribute of cellular account));
receive, from the risk indicator server the first device history, the second device history, and the one or more attributes of the cellular account (Larkin on [page 8 last para] teaches Using the mobile device as a trusted device during CNP transactions to obtain caller's mobile number from the mobile network, mobile number is then sent to card Issuer as part of transaction security check and performs risk management based on the identity of the mobile device (e.g. IMSI, MSISDN, etc.), location of the mobile device, mobile device history and mobile device settings (SIM Swap, Call forwarding, etc.)(I.e. attribute of cellular account in view of para [0027 and 0053] of instant application). See on [25 3rd last para] teaches performing risk analysis on SIM card inserted in mobile phone uniquely associated with IMSI (i.e. network ID) other risk management and analysis performed by security service includes checking multi-party call status and divert unconditional status (i.e. attribute of cellular account in view of para [0027 and 0053]). See on [page 26 last 2 para] teaches risk setting indicating (i.e. cellular account risk indicator) if device was compromised such as SIM swap status, call divert status etc. (i.e. attribute of cellular account));
 determine a risk score based on the first device history, the second device history, and the one or more attributes of the cellular account (Larkin on [page 25 last para] teaches Risk score based on IMEI (i.e. first device history), SIM swap status (i.e. second device history) and multi-party call status (i.e. attribute of cellular account in view of para [0027 and 0053] of instant application). See on [page 5 3rd para] teaches Risk score based on SIM swap (i.e. second device history). See also on [page 6 1st para] teaches Risk score based on SIM swap (i.e. second device history), Identify of mobile devoice (i.e. first device history), historical pattern of mobile identity and Risk score based on biometric information. See on [page 7 2nd para] teaches Risk score based on SIM swap and call divert function. See also [page 13 para regarding Fig 16] teaches calculating risk score based multi-party call active status for the mobile number. See on [page 43] teaches calculating risk score based on SIM swap, mobile device number and MSISDIN. See on [page 46 para 2] teaches the ASP can then assess the risk score (i.e. determine risk score) and decide whether or not to allow the user to access the service);
 and in response to determining that the risk score is below a threshold, allow the computing device to log into the user account (Larkin [page 17 3rd para] teaches successfully login on the bank account is based on risk analysis. See on [page 31 last 2 para] teaches if the risk score is above certain threshold then a message with further authentication will be displayed to the user (i.e. access denied). If the risk score is below a certain threshold then customer is identified (i.e. access granted)).

Although Larkin teaches Risk score based on IMEI of mobile device but fails to teach the first device history indicating a change in an international mobile equipment identifier (IMEI) associated with the network ID from a first IMEI to a second IMEI, however Schenk from analogous art teaches the first device history indicating a change in an international mobile equipment identifier (IMEI) associated with the network ID from a first IMEI to a second IMEI (Schenk on [0022-0029, 0060 and 0075] teaches a time information related to change in IMEI (International Mobile Equipment Identity) and a time information related to a swap of the subscriber identity module (i.e. Change in IMEI is  equivalent to changing IMEI of the mobile device to a different IMEI). Further on [0052-0060] teaches performing risk analysis on mobile equipment based SIM swap or change in IMEI information of mobile equipment).
(Schenk on [0002-0004]).

Regarding claim 14 the combination of Larkin and Schenk teaches all the limitations of claim 12 above, Larkin further teaches wherein the risk indicator server is configured to determine the first and the second device histories associated with the network ID(Larkin on [page 5 para 2 and page 13 para related to figure 17 and 18] query mobile network based Identifier {Originating Address) received In the SMS using MAP SRI to obtain trusted identifiers from mobile network, e.g. MCC, MNC, MSiSDN, IMEI, see on [26 second last para] teaches database recording device identifier. See on [page 54 4th last para] The various embodiments of the invention described above works independently of mobile device type / handset type used, and utilizes the mobile network to obtain an identifier (or iD) for the mobile device using a separate communication channel {using the signaling part of the mobile network) to where the data is sent between the mobile application and the application server).

 Regarding claim 15 the combination of Larkin and Schenk teaches all the limitations of claim 12 above, Larkin further teaches wherein the risk indicator server is configured to determine the one or more attributes of the cellular account by: querying the cellular network provider for the one or more attributes of the cellular account, and receiving the one or more attributes of the cellular account from the cellular network provider (Larkin on [pages para 2 and page 13 para related to figure 17 and 18] the system can query mobile network based on identifier (Originating Address) received in the SMS using MAP SRI to obtain trusted identifiers from mobile network, MSISDN, IMEI. See on [26 second last para] teaches database recording device identifier. See on [page 544th last para] The various embodiments of the invention described above works independently of mobile device type / handset type used, and the mobile network to obtain an identifier (or ID) for the mobile device using a separate communication channel (using the signaling part of the mobile network) to where the data is sent between the mobile application and the application server).

Regarding claim 18 Larkin teaches a computer-implemented method of authorizing a computing device to log into a user account on an application server based on a network identification (ID) of a user mobile device, the method comprising: Larkin on [page 14 first para] teaches application running on mobile device sending a request to the application service provider to login. See on [page 19 last two para] teaches mobile banking application to login to bank account to access server resource. See on [page 43 third para] teaches a mobile application on a mobile device sends a request to ASP backend server to gain access based on MSISDN or IMSI to authenticate user of mobile device);
receiving a request from the application server for risk indicators associated with the network ID (Larkin on [page 12 para 4] teaches Risk Management Module RMM communicating with ASP server. See on [page 26 para 2] teaches user devices a user device accesses services from banking service provider. The RMM receives identifier such as MSISDN (i.e. subscriber identifier such as IMEI in view of page 58 3rd last para) for each device and performs risk analysis. See on [page 5 2nd para] teaches MSISDN and IMEI as network identifier. See on [page 28 last para] teaches the HTTP proxy initiates a Radius request for the originating IP address of the HTTP request to a Radius Server, to obtain the user's mobile number, and the associated MSISDN if available is returned. See on [page 43 para 3] teaches the mobile application will attempt to connect to the ASP backend server, in this example but not limited to a bank, via the Internet, the mobile application will send a request to gain access along with a request for a session identifier (Session ID), the online banking application will use the user's MSISDN (or IMSI) to authenticate the user of the mobile application);
determining that(Larkin on [page 40 1st para] teaches The network security service (RMM) checks the Merchant ID and card holder mobile number received from the issuing bank, against the RMM call log and verifies if it has an entry that matches those details and what time the call occurred at. The RMM then returns the time of the last call for the Card holder mobile number to the particular Merchant associated with the Merchant ID, to the issuing bank. If no entry is found the response to the issuing bank indicates that, returning for example an error or "no information" etc., to indicate that the RMM does not have any details on the call having taken place);
wherein the device history of the network ID includes [[a first device history that indicates a change in an international mobile equipment identifier (IMEI) associated with the network ID from a first IMEI to a second IMEI]] and a second device history indicating a change in a subscriber identification module (SIM) card ID associated with the network ID from a first SIM card ID to a second SIM card ID (Larkin on [page 6 line 91-15, page 43 3rd para,  page 44 1st para and page 67 claim 33] teaches a profile generated based IMEI (i.e. first history), IMSE or SIM swap status (i.e. second history), MSISDN and serial number of mobile device. The mobile device receives this information from ASP server. Further on [page 8 line 1-25] teaches building a risk profile for each mobile device based on IMEI SIM sap, MSISDN etc. and then calculating risk score based on the generated profile. See on [page 25 last para] teaches Risk score based on IMEI (i.e. first device history), SIM swap status (i.e. second device history). See on [page 40] risk analysis based on SIM changed within specific period of time. See also on [page 43 para 5] teaches check if there has been any SIM Card changes recently for this mobile device and calculate a risk score. The Risk score can be based on various checks, such as but not limited to, SIM card Swap, if the user is accessing the service from a known or registered mobile device or MSISDIN, location of mobile device); 
determining one or more attributes of  a cellular account to which a cellular network provider provides wireless services for the network ID (Larkin on [page 8 last para] teaches Using the mobile device as a trusted device during CNP transactions to obtain caller's mobile number from the mobile network, mobile number is then sent to card Issuer as part of transaction security check and performs risk management based on the identity of the mobile device (e.g. IMSI, MSISDN, etc.), location of the mobile device, mobile device history and mobile device settings (SIM Swap, Call forwarding, etc.)(I.e. attribute of cellular account in view of para [0027 and 0053] of instant application). See on [25 3rd last para] teaches performing risk analysis on SIM card inserted in mobile phone uniquely associated with IMSI (i.e. network ID) other risk management and analysis performed by security service includes checking multi-party call status and divert unconditional status (i.e. attribute of cellular account in view of para [0027 and 0053]). See on [page 26 last 2 para] teaches risk setting indicating (i.e. cellular account risk indicator) if device was compromised such as SIM swap status, call divert status etc. (i.e. attribute of cellular account));
and in response to the request from the application server, transmitting the one or more attributes of the cellular account to the application server, the application server being configured to determine a risk score based on the5Docket No.: ZUMI/0010USP01 (PATENT)one or more attributes of the cellular account (Larkin on [page 8 last para] teaches Using the mobile device as a trusted device during CNP transactions to obtain caller's mobile number from the mobile network, mobile number is then sent to card Issuer as part of transaction security check and performs risk management based on the identity of the mobile device (e.g. IMSI, MSISDN, etc.), location of the mobile device, mobile device history and mobile device settings (SIM Swap, Call forwarding, etc.)(I.e. attribute of cellular account in view of para [0027 and 0053] of instant application). See on [page 9] teaches receiving and ending incoming call from ASP server and calculating risk scored based SIM swap, location call divert etc. (cellular account risk indicator). See on [page 16 last 3 para] teaches perfuming risk analysis after revving a request and calculating risk score. See on [25 3rd last para] teaches performing risk analysis on SIM card inserted in mobile phone uniquely associated with IMSI (i.e. network ID) other risk management and analysis performed by security service includes checking multi-party call status and divert unconditional status (i.e. attribute of cellular account in view of para [0027 and 0053]). See on [page 26 last 2 para] teaches risk setting indicating (i.e. second risk) if device was compromised such as SIM swap status, call divert status etc. (i.e. attribute of cellular account));
and, in response to determining that the risk score is below a threshold, allow the computing device to log into the user account (Larkin [page 17 3rd para] teaches successfully login on the bank account is based on risk analysis. See on [page 31 last 2 para] teaches if the risk score is above certain threshold then a message with further authentication will be displayed to the user (i.e. access denied). If the risk score is below a certain threshold then customer is identified (i.e. access granted)).
Although Larkin teaches Risk score based on IMEI of mobile device but fails to teach the first device history indicating a change in an international mobile equipment identifier (IMEI) associated with the network ID from a first IMEI to a second IMEI, however Schenk from analogous art teaches the first device history indicating a change in an international mobile equipment identifier (IMEI) associated with the network ID from a first IMEI to a second IMEI (Schenk on [0022-0029, 0060 and 0075] teaches a time information related to change in IMEI (International Mobile Equipment Identity) and a time information related to a swap of the subscriber identity module (i.e. Change in IMEI is  equivalent to changing IMEI of the mobile device to a different IMEI). Further on [0052-0060] teaches performing risk analysis on mobile equipment based SIM swap or change in IMEI information of mobile equipment).
(Schenk on [0002-0004]).


Regarding claim 19 the combination of Larkin and Schenk teaches all the limitations of claim 18 above, Larkin further teaches wherein determining the one or more attributes of the cellular account comprises: querying the cellular network provider for the one or more attributes of the cellular account; and receiving the one or more attributes of the cellular account from the cellular network provider (Larkin on [pages para 2 and page 13 para related to figure 17 and 18] the system can query mobile network based on identifier (Originating Address) received in the SMS using MAP SRI to obtain trusted identifiers from mobile network, MSISDN, IMEI. See on [26 second last para] teaches database recording device identifier. See on [page 544th last para] The various embodiments of the invention described above works independently of mobile device type / handset type used, and the mobile network to obtain an identifier (or ID) for the mobile device using a separate communication channel (using the signaling part of the mobile network) to where the data is sent between the mobile application and the application server).
Regarding claim 20 the combination of Larkin and Schenk teaches all the limitations of claim 18 above, Larkin further teaches wherein the one or more attribute of the cellular account includes at least one of how long the cellular account has been activated, whether payment for the cellular account is currently overdue or is up-to-date, whether a payment for the cellular account has been referred for collection, whether the cellular account is a pre-paid account or a billed account, whether or how recently the11Docket No.: ZUMI/0010USP01(PATENT) cellular account transitioned from a billed account to a pre-paid account, whether or how (Larkin on [page 40 last para] teaches an offline payment if for example there was a problem with the integrated IVR and point of sale device, or the payment was cached due to the payment being of a low value, for example a payment under a certain threshold. See on [page 42] teaches a user would be allowed to, but is not limited to, view current balance on the user's account and make a payment to existing beneficiaries tied to the user's account when at least one authentication factor has been verified by the ASP).

Regarding claim 21 the combination of Larkin and Schenk teaches all the limitations of claim 1 above, Larkin further teaches wherein the first and second SIM card IDs are international mobile subscriber identities (IMSIs) (Larkin on [page 16 2nd last para] teaches analysis. The Subscriber Identification Module (SIM) card inserted into the mobile phone is uniquely associated with the IMSI. In this instance the network security service can query the HLR for the latest IMSI. The RMM can then perform SIM takeover/SIM swap attack analysis, and if such analysis indicates a high probability of SIM swap /takeover having occurred this can be reflected in the risk score and a reason code).
Regarding claim 25 the combination of Larkin and Schenk teaches all the limitations of claim 1 above, Larkin further teaches wherein the one or more attributes of the cellular account includes whether a call- forwarding feature is activated for the cellular account (Larkin on [page 8 2nd last para] teaches risk based on call forwarding SIM swap feature).
Regarding claim 26 the combination of Larkin and Schenk teaches all the limitations of claim 1 above, Larkin further teaches wherein the one or more attributes of the cellular account includes whether the network ID was ported to the cellular account from another cellular account (Larkin on [page 8 last para] teaches Using the mobile device as a trusted device during CNP transactions to obtain caller's mobile number from the mobile network, mobile number is then sent to card Issuer as part of transaction security check and performs risk management based on the identity of the mobile device (e.g. IMSI, MSISDN, etc.) (I.e. network ID for which the mobile device is activated with), location of the mobile device, mobile device history (i.e. risk based on history of device) and mobile device settings (SIM Swap, Call forwarding, etc.). see also on [page 6] teaches determining risk score based on change of SIM of mobile device, historical pattern of mobile identity and identity of the mobile device. See also on [page 43 para 5] teaches check if there has been any SIM Card changes recently for this mobile device and calculate a risk score. The Risk score can be based on various checks, such as but not limited to, SIM card Swap, if the user is accessing the service from a known or registered mobile device or MSISDIN, location of mobile device. See on [25 3rd last para] teaches performing risk analysis on SIM card inserted in mobile phone uniquely associated with IMSI (i.e. network ID));
Regarding claim 27 the combination of Larkin and Schenk teaches all the limitations of claim 12 above, Larkin further teaches wherein the application server is further configured to determine the network ID from information included in the request from the computing device (Larkin on [page 26 para 2] teaches the RMM receives identifier such as MSISDN (i.e. subscriber identifier such as IMEI in view of page 58 3rd last para) for each device and performs risk analysis. See on [page 5 2nd para] teaches MSISDN and IMEI as network identifier).

Regarding claim 28-30 the combination of Larkin and Schenk teaches all the limitations of claim 1, 12 and 18 respectively, the second device history includes a third activation date associated with the first SIM card ID and a fourth activation date associated with the second SIM card ID (Larkin on [page 31 2nd para and page 33 2nd last para] teaches SIM takeover protection where analysis is performed to ascertain if the B party SIM has changed in the previous configurable time period, for example in the last 24-48 hours. Such configurable time periods can be agreed with the ASP).

Schenk further teaches wherein the first device history includes a first activation date associated with the first IMEI and a second activation date associated with the second IMEI (Schenk on [0022-0029, 0060 and 0075] teaches a time information related to change in IMEI (International Mobile Equipment Identity) and a time information related to a swap of the subscriber identity module).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teaching of Schenk into the teaching of Larkin by determining device history based on change in IMEI. One would be motivated to do so in order to prevent fraud or misuse based on a risk scoring associated with device (Schenk on [0002-0004]).


Claims 22-24 are rejected under 35 U.S.C. 103 as being unpatentable over Larkin (WO2016050990) (provided in IDS) in view of Schenk et al (hereinafter Schenk) (US 20160021532) and further in view of GRAHAM III et al (hereinafter Graham) (US 20110270748).
Regarding claim 22 the combination of Larkin and Schenk teaches all the limitations of claim 1 above, the combination fails to explicitly teach wherein the one or more attributes of the cellular account includes whether the cellular account has been activated for less than a predetermined period of time, however Graham from analogous art teaches wherein the one or more attributes of the cellular account includes whether the cellular account has been activated for less than a predetermined period of time (Graham on [0052] information regarding a status of an account maintained by the message provider for the user (e.g., no payment due, payment due, payment overdue by some amount of time, account in default, active, not active for some time period).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teaching of Graham into the combined teaching of Larkin and (Graham on [0011]).
Regarding claim 23 the combination of Larkin and Schenk teaches all the limitations of claim 1 above, the combination fails to explicitly teach wherein the one or more attributes of the cellular account includes whether an overdue payment is associated with the cellular account., however Graham from analogous art teaches wherein the one or more attributes of the cellular account includes whether an overdue payment is associated with the cellular account (Graham on [0052] information regarding a status of an account maintained by the message provider for the user (e.g., no payment due, payment due, payment overdue by some amount of time, account in default, active, not active for some time period).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teaching of Graham into the combined teaching of Larkin and Schenk by activating cellular account in a specified period of time. One would be motivated to do so in order to secure, protect and control the dissemination of their valuable information in a comprehensive and integrated manner (Graham on [0011]).

Regarding claim 24 the combination of Larkin and Schenk teaches all the limitations of claim 1 above, the combination fails to explicitly teach wherein the one or more attributes of the cellular account includes whether the cellular account is a pre-paid account, however Graham from analogous art teaches wherein the one or more attributes of the cellular account includes whether the cellular account is a pre-paid account (Graham on [0442] teaches a pre-paid account).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to implement the teaching of Graham into the combined teaching of Larkin and (Graham on [0011]).

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522.  The examiner can normally be reached on 7AM-5PM EST M-TH Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/MOEEN KHAN/               Examiner, Art Unit 2436   
                                                                                                                                                                                   
/SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436