DETAILED ACTION
Status of Claims
This is the final office action in response to the applicant’s arguments/remarks made in an amendment filed on 02/08/2022.
Claims 1-9 and 12-20 have been amended.
Claims 1-20 are currently pending and have been examined. 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. The applicant's submission filed on 08/18/2021 has been entered.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .





   Response to Arguments/Remarks
Claim Objections:
The amended claims have overcome the claim objections except claim 8, and the claim objections have been withdrawn for claims 3-4, 9, and 16-17.

Claim Interpretation:
The amended claims have overcome the claim interpretation, and the claim interpretation has been withdrawn.

35 U.S.C. § 112:
The amended claims have overcome the 35 U.S.C. § 112 rejections, and the 35 U.S.C. § 112 rejections have been withdrawn. However, the amended claims cause more 35 U.S.C. § 112 issues, and the applicant is advised to refer to the 35 U.S.C. § 112 section for more details.

35 U.S.C. § 103:
The applicant’s amendments have overcome the 35 U.S.C. § 103 rejections. However, there are new grounds of rejection necessitated by the applicant’s amendments as detailed on the U.S.C. § 103 section.



Claim Objections
Claim 8 is objected to because of the following informalities:
Claim 8 recites “the registering of each mobile device performed responsive to receiving, by the first server computer, a registration request from the user device.” The phrase “each mobile device” should be corrected to “each mobile device of the one or more mobile devices,” or “each of the one or more mobile devices,” so that it is clearer that each mobile device is from “the one or more mobile devices.” Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. 
Claims 1 recites “a third server computer comprising a risk analysis module, the third server computer in communication with the first server computer … a second server computer in communication with the first server computer and the third server computer … the devices external to the second server computer including at least the user device, the first server computer, and the third server computer”; claim 6 recites “and a third server computer comprising a risk analysis module, the third server computer in communication with the first server computer and the second server computer … generating by the third server computer … and the third server computer, a risk ”; and claim 14 recites “and a third server computer comprising a risk analysis module … generate, by the third server computer … and the third server computer.” The specification is in silent with these limitations. The specification discloses: “In the illustrated embodiment, the cryptoasset custodial system 100 includes a server computer 102, a relay server 103, a risk analysis module 104, the hardware security module 105, and a data storage facility 106,” in paragraph [0028], and “The risk analysis module 104 performs a risk-based review of communications (endorsements, approvals) of cryptoasset transactions before the transactions can be performed. The risk analysis module 104 is illustrated and described in more detail with reference to FIG. 1 and can be implemented in hardware or software. The risk analysis module 104 is communicably coupled to the server computer 102,” in paragraph [0086]. The applicant has pointed out the paragraph [0134] of the publication, which discloses that software may be stored in a machine-readable storage medium accessible by a computer. The specification discloses that a risk analysis module can be implemented in hardware or software, or be stored in a machine-readable storage medium, but does not disclose that a server computer comprises the risk analysis module.
Claims 3, 5-6, 8-9, 12-13, 16-17, and 20 recite the third server, and they are rejected for the same reason shown above.
Dependent claims 2-5, 7-13, and 15-20 are rejected because they depend on the rejected independent claims 1, 6, and 14, respectively.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 3, 6, 8, 10-11, 14, 16, and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Herder et al. (US 20190356491 A1) in view of Tussy (US 20180181737 A1), and further in view of Clark et al. (US 20160253663 A1) and SMITH et al. (CN 102769529 A).
Claims 1, 6, and 14:
Herder discloses the following:
a.	transmit an endorsement request for a cryptoasset transaction to be performed by the server computer, the endorsement request transmitted to a user device associated with a user, configured to prompt the user, and confirm the cryptographic endorsement of the cryptoasset tranasaction. (See Figs. 15-17; Fig. 19; paragraph [0160]; paragraph [0175], “[h]ere, a user 1502 via a computer with a biometric reader 1504 and coupled to a biometric scanner 1503 communicates with a wallet service 1514.… The web server system 1506 may provide a wallet user interface and constructs trades [e.g., cryptocurrency]. The biometric server system 1508 performs biometric public key authentication and executes transactions based on public key information stored in a backend database [biometric PK database backend] 1510 communicatively coupled to the biometric server system 1508. The biometric server system 1508 executes the transactions in communication with the Blockchain [e.g., Bitcoin] 1512. Among other things, this exemplary embodiment allows the provider of the wallet service 1514 to be a full-service wallet/custody provider, e.g., selling to cryptocurrency exchanges and hedge funds”; paragraph [0177]; and paragraph [0179], “[i]n block 1702, the transaction is confirmed with the user to verify that the transaction being approved is the transaction that is intend by the user, e.g., to confirm that the transaction amount and other party are correct. Upon confirming the transaction, user authentication is performed in accordance with blocks 1703-1707. Specifically, in block 1703, biometric and any other information required for authentication [e.g., a user identifier, in some embodiments] is captured from the user.… In block 1707, the secret key is extracted based on the user biometric and any other information along with the public key information, as described herein [e.g., FIG. 4]. Once authentication is complete, the transaction is executed in blocks 1708-1710. Specifically, the requested transaction is constructed in block 1708. This can involve, for example, gathering elements for the transaction [e.g., parties, amount, etc., depending on type of transaction or cryptocurrency]. The requested transaction is then signed with the secret key in block 1709.” These citations indicate that the user is prompted to confirm the transaction and  provide the required information.)
b.	receive a plurality of data points collected from the user device, the plurality of data points comprising a biometric data point and an amount of the cryptoasset transaction. (See Figs. 15-17; Fig. 19; paragraph [0175]; paragraph [0177]; and paragraph [0179], “[i]n block 1702, the transaction is confirmed with the user to verify that the transaction being approved is the transaction that is intend by the user, e.g., to confirm that the transaction amount and other party are correct. Upon confirming the transaction, user authentication is performed in accordance with blocks 1703-1707. Specifically, in block 1703, biometric and any other information required for authentication [e.g., a user identifier, in some embodiments] is captured from the user.”)
c.	receive a cryptographic endorsement of the cryptoasset transaction from the user device. (See Figs. 15-17; Fig. 19; paragraph [0175]; paragraph [0177]; and paragraph [0179], “[i]n block 1702, the transaction is confirmed with the user to verify that the transaction being approved is the transaction that is intend by the user, e.g., to confirm that the transaction amount and other party are correct. Upon confirming the transaction, user authentication is performed in accordance with blocks 1703-1707. Specifically, in block 1703, biometric and any other information required for authentication [e.g., a user identifier, in some embodiments] is captured from the user.”)
d.	apply a cryptographic digital signature to the cryptoasset transaction based on the generated biometric information associated with the cryptographic endorsement, using a cryptographic key that is stored in a secure enclave. (See paragraph [0136], “[f]or example, the record may characterize a public/private key pair for performing an asymmetric encryption algorithm as known in the art. The public key may be stored directly in the record, while the private key may be the secret number characterized by the biometric public key 37”; paragraph [0164], “[i]n embodiments, the local device or central server may be configured with a secure enclave [e.g., a hardware root of trust] where operations of the present invention [e.g., capturing biometric data, generating/extracting keys, encrypting/decrypting data, and signing transactions] may be securely performed”; Fig. 19; and paragraph [0179], “[t]he requested transaction is then signed with the secret key in block 1709. In block 1710, the signed transaction is submitted to a transaction processor.”)
e.	 one or more computer processors and/or computers communicably coupled to the server computer. (See Fig. 2; Fig. 12; paragraphs [0086]-[0088]; and paragraphs [0157].)
f.	a policy associated with the cryptoasset transaction. (See paragraphs [0184]-[0186], “[i]n one exemplary embodiment, a time lock is implemented using a pay-to-script-hash [P2SH]. The P2SH is configured to enable the original currency owner A to access the funds OR to enable a secondary [beneficiary] owner to access the funds. However, the secondary [beneficiary] owner is restricted such that he/she may only access the funds after the pre-set amount of time has elapsed, e.g., if user A has not logged in for 6 months.”)
Herder does not explicitly disclose the following:
prompt the user device to sign a cryptographic endorsement of the cryptoasset transaction using a private key associated with the user device;
a plurality of data points collected from one or more mobile devices communicably coupled to the user device and associated with the user; 
a third server computer comprising a risk analysis module;
generate on a risk metric based on the plurality of data points, the risk metric indicating a risk of accepting the cryptographic endorsement of the cryptoasset transaction from the user device in accordance with a policy retrieved from a vault associated with the cryptoasset transaction; and
a second server computer communicably coupled to the first server computer and configured to apply a cryptographic digital signature to the cryptoasset transaction based on the generated risk metric associated with the cryptographic endorsement, using a cryptographic key that is stored only within a secure storage device of the second server computer, the cryptographic key being inaccessible by devices external to the second sever computer, the devices external to the second server computer including at least the user device, the first server computer, and the third server computer.

However, Tussy discloses the following:
a.	receive a plurality of data points collected from one or more mobile devices communicably coupled to the user device and associated with the user. (See Fig.1; paragraph [0044], “[t]he user may also wear or hold any number of other devices. For, example, the user may wear a watch 130 containing one or more cameras 134 or biosensors disposed on the watch”; paragraph [0045]-[0047], “[w]hen pointed towards a user 108, the camera 134 may capture an image of the user's face. The camera 134 may be part of a module that may either include communication capability that communicates with either a mobile device 112, such as via Bluetooth.RTM., NFC, or other format, or communication directly with a network 116 over a wired or wireless link 154”; and paragraphs [0246]-[0248].)
b.	an authentication server comprising a risk analysis module, and the authentication server may be provided separately. (See paragraph [0079], “[t]he authentication server 120 may be included as a part of a server of the institution or entity providing user accounts [hereinafter ‘account server’), or the authentication server may be provided separately,” and paragraphs [0092]-[0095], “[u]sing facial detection in step 812, the mobile device 112 detects the user's face in each of the authentication images, crops the images, and sends the images to the authentication server 120…. For example, as shown in step 910 in FIG. 9, by using algorithms to process the characteristics of the face and light striking the face between the different images, the authentication server 120 can determine that the face in the authentication images is three-dimensional, i.e. not a representation on a printed picture or video screen. Where the mobile device 120 sends only the authentication biometrics 120 to the server, the server 120 may validate the realness or three-dimensional aspects of the user imaged by comparing the biometric results of the different images. Where the mobile device 120 sends only the authentication biometrics 120 to the server, the server 120 may validate the realness or three-dimensional aspects of the user imaged by comparing the biometric results of the different images.”)
c.	generate on a risk metric based on the plurality of data points, the risk metric indicating a risk of accepting the cryptographic endorsement of the transaction from the user device in accordance with a policy retried from a vault associated with the transaction. (See paragraphs [0092]-[0095]; paragraphs [0098]-[0099], “[t]he level of correspondence required to determine that the enrollment information sufficiently corresponds with the authentication information in the login attempt may be set in advance…. The required level of correspondence may be static or elastic based on the established thresholds.… In one embodiment, the authentication server 120 may require a 99.9% match rate as the level of correspondence when the GPS information of the mobile device corresponds with the location of the user's home or other authorized location[s]”; paragraphs [0123]-[0126], “[t]he accuracy meter 1026 may show a user a match rate [graphical, alpha, or numerical] of a predetermined number of images obtained during the authentication process. The accuracy meter can be represented on the display in a variety of ways including numeric percentages, color representation, graphical, and the like. A combination of representations may also be utilized”; and paragraph [0155], “[i]f the pattern is not a match, or does not meet a match threshold level, then the authentication process may fail [access denied] or the account access or transaction amount may be limited.” These citations indicate that the authentication server is based on the pre-defined policy (i.e., the level of correspondence required) to authenticate a user. One of ordinary skill in the art knows that the pre-defined policy needs to be stored in a data storage when it was set up, and that the policy needs to be retrieved/looked up when it was used in an authentication process. Additionally, the specification of the application does not explicitly disclose that a policy is retrieved from a vault by the first server.)
c.	authenticating the cryptographic transaction based on the generated risk metric associated with the transaction. (See paragraph [0155], “[i]f the pattern is not a match, or does not meet a match threshold level, then the authentication process may fail [access denied] or the account access or transaction amount may be limited,” and paragraphs [0244]-[0248], “[t]he authentication server may then authenticate the identity of the user and confirm that the user wishes to authorize the transaction on his or her account if the device information, authentication images and/or biometrics, and authentication movement correspond with the enrollment device information, the enrollment images and/or biometrics, and the enrollment movement. The authentication server then transmits an authorization message to the Gateway.”)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the subject matter of Tuessy in the Herder system. Moreover, in order to enhance the transaction authentication process, one of ordinary skill in the art would have been motivated to generate a risk metric based on the plurality of collected data points from one or more mobile devices coupled with the user device, so that the user and the transactions can be validated based on the more accurate risk analysis resulting from the collected data points of different devices.
The combination of Herder and Tussy discloses the claimed invention but does not explicitly disclose the following:
prompt the user device to sign a cryptographic endorsement of the cryptoasset transaction using a private key associated with the user device; and
a second server computer communicably coupled to the first server computer and configured to apply a cryptographic digital signature to the cryptoasset transaction, using a cryptographic key that is stored only within a secure storage device of the second server computer, the cryptographic key being inaccessible by devices external to the second sever computer, the devices external to the second server computer including at least the user device, the first server computer, and the third server computer.
Clark discloses prompting the user device to sign an endorsement of the transaction using a private key associated with the user device. (See Fig.1; paragraphs [0015]-[0016]; and paragraphs [0038]-[0042], “the transaction signing module [TSM] 102 may be stored on a computer readable medium of the user device 32 [e.g., a chip card] and can [with a data processor (not shown in FIG. 1)] sign the transaction data [e.g., at least the user's public key, the merchant's public key, and the transaction amount] in the user device 32 using its private key 106. For example, the TSM 102, working with a data processor, can encrypt some or all of the transaction data 112 using the private key 106 as an input to a particular encryption algorithm to yield signed transaction data 114. If, for example, the user device 32 is a mobile phone, this signing can be done on the phone itself”; and paragraph [0048]. These citations indicate that the user device receives the endorsement request and endorses the endorsement by signing it with a private key. One of ordinary skill in the art knows that the user device should be prompted while it receives the endorsement. Additionally, the specification of the application does not explicitly disclose prompting the user device to sign the endorsement using a private key associated with the user device.)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Herder and Tussy by the Clark disclosure. One of ordinary skill in the art would have been motivated to sign the endorsement with a private key associated with the user device in order to make the endorsement more secure. The signature on the endorsement guarantees the authentication of the endorsement.
The combination of Herder, Tussy, and Clark discloses the claimed invention but does not explicitly disclose a second server computer communicably coupled to the first server computer and configured to apply a cryptographic digital signature to the cryptoasset transaction, using a cryptographic key that is stored only within a secure storage device of the second server computer, the cryptographic key being inaccessible by devices external to the second sever computer, the devices external to the second server computer including at least the user device, the first server computer, and the third server computer.
SMITH discloses a second server computer communicably coupled to the first server computer and configured to apply a cryptographic digital signature to a transaction, using a cryptographic key that is stored only within a secure storage device of the second server computer, the cryptographic key being inaccessible by all devices external to the second server computer. (See page 5, “[i]n an embodiment, each digital signature module can comprise hardware supports module [HSM], and it is physically separating with the processor of signature server and is being configured to the data that provided by signature server are carried out digital signature. In an embodiment, HSM can comprise a plurality of keys according to alias identifier identification”; pages 8-9, “[s]ignature server 142,146 can comprise hardware supports module [HSM] 144,148 and/or software respectively, and it can have the real figure signature function that comprises suitable digital signature keys…. As shown in Figure 2, client 210 can be represented, the front end services of supply system for example, and it can be configured to discern need be by the DNSSEC data of signature server 212 signatures”; and page 10, “[t]hereby each assembly need not exchange true key, and this under inaccessible state basically [for example, can not through access to netwoks] be kept key material fail safe aspect and had advantage, especially the key kept of specific components [for example among the HSM214].”)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Herder et al., Tussy, and Clark et al. by the SMITH disclosure. One of ordinary skill in the art would have been motivated to sign the transaction by using a separated server/device and to keep the cryptographic key inaccessible by external devices in order to store the sensitive information in a safe and secure environment, so as to prevent the sensitive data from being hacked or accessed by an unauthorized user and/or device.
Claims 1, 6, and 14 recite “the plurality of data points (…) comprising a biometric data point and an amount of the cryptoasset transaction.” This describes characteristics of the data points. Claims 1, 6, and 14 further recite “the devices external to the second server computer including at least the usre device, the first server computer, and the third ser computer. This describes characteristics of the device external to the second server computer. However, the recited characteristics are not processed or used to carry out any steps or functions that rely on these particular characteristics recited in the claims. Therefore, these claims recite nonfunctional descriptive material. When descriptive material is not functionally related to the substrate, the descriptive material will not distinguish the invention from prior art in terms of patentability. It has been held that where the printed matter is not functionally related to the substrate, the printed matter will not distinguish the invention from the prior art in terms of patentability. The critical question is whether there exists any new and unobvious functional relationship between the printed matter and the substrate (In re Ngai 367 F.3d 1336, 1339, 70 USPQ2d 1862 (Fed. Cir. 2004); Ex parte Nehls 88 USPQ2d 1883, 1888-1889 (BPAI 2008); In re Lowry, 32 USPQ2d 1031 (Fed. Cir. 1994); MPEP § 2111.05; Cf. In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 1983)).

Claims 3, 8, and 16:
Herder in view of Tussy, Clark, and SMITH discloses limitations shown above.
Herder discloses a cryptoasset custodial system. (See Figs. 15-17; paragraph [0175]; and paragraph [0177].)
Tussy further discloses that register the one or more mobile devices on the […] system prior to receiving the plurality of data points, the registering of the one or more mobile devices performed responsive to receiving, by the first server computer, a registration request from the user device, the registration request associating the user with the one or more mobile devices. (See Fig. 5 and paragraph [0081], “[n]ext, in step 516, the mobile device 112 may send device information to the authentication server 120. The device information may include among other information a device identifier that uniquely identifies the mobile device of the user. Such information may include device manufacturer, model number, serial number, and mobile network information. In step 518, when the authentication server 120 is incorporated with the account server 120B, the authentication server 120 associates and stores the device information with the user's account information.”)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the subject matter of Tuessy in the Herder system. Moreover, in order to enhance the transaction authentication process, one of ordinary skill in the art would have been motivated to register devices for collecting data points to authenticate the user, so that the user and the transactions can be validated based on the more accurate risk analysis resulting from the collected data points of the registered devices.  

Claims 10 and 18:
Herder in view of Tussy, Clark, and SMITH discloses limitations shown above.
Tussy further discloses wherein a mobile device of the one or more mobile devices is a smartwatch or a fitness tracker associated with the user, and wherein the plurality of data points comprises a geographical location of the smartwatch or the fitness tracker measured by a global positioning system receiver of the smartwatch or the fitness tracker. (See paragraph[0044], “[t]he user may also wear or hold any number of other devices. For, example, the user may wear a watch 130 containing one or more cameras 134 or biosensors disposed on the watch”; paragraph [0099]; and paragraph [0111], “[t]he system therefore provides enhanced security for authenticating a user who has a mobile device. As explained above, the system may use at least any one or more of the following in any number of combinations to securely authenticate the user: physical device verification, mobile network verification, facial recognition including the size of the face in the image, a face detected in every frame during the movement, accelerometer information, gyroscope information, magnetometer information, pixels per square inch, color bits per pixel, type of image, user entered code or pattern, and GPS information.”)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the subject matter of Tuessy in the Herder system. Moreover, in order to enhance the transaction authentication process, one of ordinary skill in the art would have been motivated to collect the data points via different types of mobile devices to authenticate the user, so that the user and the transactions can be validated based on the more accurate risk analysis resulting from the collected data points of different devices.   
Claims 10 and 18 recite “wherein the plurality of data points comprises a geographical location of the smartwatch or the fitness tracker measured by a global positioning system receiver of the smartwatch or the fitness tracker.” This describes characteristics of the data points. However, the recited characteristics are not processed or used to carry out any steps or functions that rely on these particular characteristics recited in the claims. Therefore, these claims recite nonfunctional descriptive material. When descriptive material is not functionally related to the substrate, the descriptive material will not distinguish the invention from prior art in terms of patentability. It has been held that where the printed matter is not functionally related to the substrate, the printed matter will not distinguish the invention from the prior art in terms of patentability. The critical question is whether there exists any new and unobvious functional relationship between the printed matter and the substrate (In re Ngai 367 F.3d 1336, 1339, 70 USPQ2d 1862 (Fed. Cir. 2004); Ex parte Nehls 88 USPQ2d 1883, 1888-1889 (BPAI 2008); In re Lowry, 32 USPQ2d 1031 (Fed. Cir. 1994); MPEP § 2111.05; Cf. In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 1983)).

Claims 11 and 19:
Herder in view of Tussy, Clark, and SMITH discloses limitations shown above.
Tussy further discloses wherein the plurality of data points comprises at least one of: an identification number of a mobile device of the one or more mobile devices; an altitude of the mobile device relative to sea level measured by the mobile device; a service set identifier of a wireless network that the mobile device is connected to; or a Bluetooth device address of the mobile device. (See Fig. 8 and paragraph [0093], “[i]n step 816, the mobile device 112 sends the device information identifying the device and sends path parameters such as gyroscope, magnetometer, and accelerometer information defining the path of the mobile device taken during imaging, as well as the elapsed time during imaging [‘authentication movement’] to the server 120.”)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the subject matter of Tuessy in the Herder system. Moreover, in order to enhance the transaction authentication process, one of ordinary skill in the art would have been motivated to collect the device identification information as one type of the data points to authenticate the user, so that the user and the transactions can be validated based on the more accurate risk analysis resulting from the collected data points.  
Claims 11 and 19 recite “wherein the plurality of data points comprises at least one of: an identification number of a mobile device of the one or more mobile devices; an altitude of the mobile device relative to sea level measured by the mobile device; a service set identifier of a wireless network that the mobile device is connected to; or a Bluetooth device address of the mobile device.” This describes characteristics of the data points. However, the recited characteristics are not processed or used to carry out any steps or functions that rely on these particular characteristics recited in the claims. Therefore, these claims recite nonfunctional descriptive material. When descriptive material is not functionally related to the substrate, the descriptive material will not distinguish the invention from prior art in terms of patentability. It has been held that where the printed matter is not functionally related to the substrate, the printed matter will not distinguish the invention from the prior art in terms of patentability. The critical question is whether there exists any new and unobvious functional relationship between the printed matter and the substrate (In re Ngai 367 F.3d 1336, 1339, 70 USPQ2d 1862 (Fed. Cir. 2004); Ex parte Nehls 88 USPQ2d 1883, 1888-1889 (BPAI 2008); In re Lowry, 32 USPQ2d 1031 (Fed. Cir. 1994); MPEP § 2111.05; Cf. In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 1983)).

Claims 2, 7, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Herder et al. (US 20190356491 A1) in view of Tussy (US 20180181737 A1), and further in view of Clark et al. (US 20160253663 A1), SMITH et al. (CN 102769529 A), and Winklevoss et al. (US 9892460 B1).
Claims 2, 7, and 15:
Herder in view of Tussy, Clark, and SMITH discloses limitations shown above.
Herder discloses receiving the cryptographic endorsement of the cryptoasset transaction, responsive to authenticating of user biometric data; and generating the cryptographic key associated with the cryptoasset transaction by a secure enclave. (See Figs. 15-17; Fig. 19, paragraph [0175]; paragraph [0177]; paragraph [0179]; and paragraph [0169].)
Tussy discloses the risk metric, responsive to the risk metric being below a threshold risk metric. (See paragraphs [0098]-[0105].)
SMITH discloses a HSM is communication with the first server computer via a server. (See pages 8 and 9.)
None of Herder, Tussy, Clark, and SMITH explicitly discloses the second server communicably coupled to the first server via a relay server and generates a cryptographic key associated with the cryptoasset transaction and usable to control access to the blockchain.
Winklevoss discloses the second server/device communicably coupled to the first server/device via a relay server (see col 31, line 31 – col 32, line 38); and generate a cryptographic key associated with the cryptoasset transaction and usable to control access to the blockchain (see col 17, line 58 – col 18, line 2, col 21, line 50 – col 22, line 3)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Herde, Tussy, Clark, and SMITH by the Winklevoss disclosure. One of ordinary skill in the art would have been motivated to generate the keys via an isolated server in order to keep the sensitive information in a safe and secure environment, so as to prevent the sensitive data from being hacked or accessed by an unauthorized user and/or device.

Claims 4, 9, 12, 17, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Herder et al. (US 20190356491 A1) in view of Tussy (US 20180181737 A1), and further in view of Clark et al. (US 20160253663 A1), SMITH et al. (CN 102769529 A), and Voege et al. (US 20160189134 A1).
Claims 4, 9 and 17:
Herder in view of Tussy, Clark, and SMITH discloses limitations shown above.
Tussy discloses receive a plurality of data points collected from one or more mobile devices communicably coupled to the user device and associated with the user. (See Fig.1; paragraphs [0044]-[0047]; and paragraphs [0246]-[0248].)
None of Herder, Tussy, Clark, and SMITH explicitly discloses assigning, to each mobile device, a required status or a non-required status, such that a particular data point is collected from a mobile device of the one or more mobile devices, wherein the mobile device is assigned the required status.
Voege discloses assigning, to each of the one or more mobile devices, a required status or a non-required status, such that a particular data point is collected from each of the one or more mobile devices, wherein at least one of the one or more mobile devices is assigned the required status. (See paragraphs [0019]-[0021], “[f]or example, the biometric signals may be heat, heart rate, blood pressure, and/or the like being collected by sensors on the payment device, such as a ring, watch, glasses, and/or pants, which may be worn by the user. In some embodiments, a user may have a smart ring which could read biometric data while being worn by the user and have the biometric data authorize the user to perform a transaction”; paragraph [0052]; and paragraph [0061], “[i]n some embodiments, the device may be configured as a payment device by registering the device with a payment provider. The registration may be held or stored on a server, such as third-party device 108 and/or network-based security system 110 of FIG. 1.”)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Herder, Tussy, Clark, and SMITH by the Voege disclosure. In order to enhance the transaction authentication process, one of ordinary skill in the art would have been motivated to collect a particular data point from a mobile device to authenticate the user, so that the user and the transactions can be validated based on the more accurately collected user and device data.

Claims 12 and 20:
Herder in view of Tussy, Clark, and SMITH discloses limitations shown above.
Tussy discloses receive a plurality of data points collected from one or more mobile devices communicably coupled to the user device and associated with the user; updating, by the third server computer, the risk metric responsive to detecting a mismatch of collected data and stored data. (See Fig.1; paragraphs [0044]-[0047]; paragraph [0079]; paragraphs [0092]-[0094]; paragraphs [0098]-[0104]; paragraphs [0123]-[0126]; paragraph [0155]; and paragraphs [0246]-[0248].)
None of Herder, Tussy, Clark, and SMITH explicitly discloses detecting, by the third server computer, a mismatch between a first data point of the plurality of data points and a second data point of the plurality of data points, the first data point collected from a first mobile device of the one or more mobile devices and the second data point collected from a second mobile device of the one or more mobile devices; and updating, by the third server computer, the risk metric responsive to detecting the mismatch.
Voege discloses detecting, by a server, a mismatch between a first data point of the plurality of data points and a second data point of the plurality of data points, the first data point collected from a first mobile device of the one or more mobile devices and the second data point collected from a second mobile device of the one or more mobile devices; and updating, by the server, the risk metric responsive to detecting the mismatch. (See paragraph [0021], “[i]n some examples, the system may monitor biometric signals of several devices and check for anomalies. For example, a shirt and a ring may detect blood pressure X while a watch may detect blood pressure Y. The system may recognize that the difference in blood pressure between X and Y are sufficiently beyond standard deviations to deactivate, de-authorize, and/or de-authenticate the watch”; and paragraphs [0058]-[0059].)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Herder, Tussy, Clark, and SMITH by the Voege disclosure. In order to enhance the transaction authentication process, one of ordinary skill in the art would have been motivated to compare the data points from different devices to evaluate the risk, so that the user and the transactions can be validated based on the more accurate risk analysis resulting from the collected data points of different devices.  

Claims 5 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Herder et al. (US 20190356491 A1) in view of Tussy (US 20180181737 A1), and further in view of Clark et al. (US 20160253663 A1), SMITH et al. (CN 102769529 A), and BERMUDEZ-CISNEROS et al. (US 20190347666 A1).

Claim 5:
Herder in view of Tussy, Clark, and SMITH discloses limitations shown above.
Tusse discloses generate a graphical visualization. (See paragraph [0079]; paragraphs [0092]-[0094]; paragraphs [0098]-[0099]; paragraphs [0123]-[0126]; and paragraph [0155].)
None of Herder, Tussy, Clark, and SMITH discloses the graphical visualization comprising a trend of the plurality of data points, and determining the expected values of the plurality of data points based on the trend.
However, BERMUDEZ-CISNEROS discloses the [authentication platform] comprising a trend of the plurality of data points, and determining the expected value of the plurality of data points based on the trend. (See paragraph [0019], “the authentication platform may receive a request associated with a high-risk transaction involving the user account. In this case, the authentication platform may use a machine learning model [referred to herein as a data model] to determine a risk score indicating a likelihood of the request being made by an unauthorized user. The data model may determine the risk score based on trends associated with fraudulent transactions and/or legitimate transactions, as described further herein,” and paragraphs [0031]-[0032].)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Herder, Tussy, Clark, and SMITH by the BERMUDEZ-CISNEROS et al. disclosure. In order to enhance the transaction authentication process, one of ordinary skill in the art would have been motivated to use a trend to determine the expected values to prevent the likelihood of a fraudulent transaction, so that the system can determine whether the transactions associated with a user account are fraudulent or legitimate, based on the trend.

Claim 13:
Herder in view of Tussy, Clark, and SMITH discloses limitations shown above.
Herder discloses cryptographic endorsement. (See Figs. 15-17; Fig. 19; paragraph [0175]; paragraph [0177]; and paragraph [0179].)
Tusse discloses generate a risk metric. (See paragraph [0079]; paragraphs [0092]-[0094]; paragraphs [0098]-[0099]; paragraphs [0123]-[0126]; and paragraph [0155].)
None of Herder, Tussy, Clark, and SMITH discloses: extracting, by the one or more computer processors, a feature vector based on the plurality of data points; and generating, by the one or more computer processors, the risk metric based on the feature vector, the one or more computer processors trained, using machine learning, to indicate the risk of accepting the cryptographic endorsement based on whether the plurality of data points matches the expected values of the plurality of data points.
However, BERMUDEZ-CISNEROS discloses extracting, by the one or more computer processors, a feature vector based on the plurality of data points; and generating, by the one or more computer processors, the risk metric based on the feature vector, the one or more computer processors trained, using machine learning, to indicate the risk of accepting the [transaction] based on whether the plurality of data points matches the expected values of the plurality of data points. (See paragraph [0004]; paragraph [0019], “the authentication platform may receive a request associated with a high-risk transaction involving the user account. In this case, the authentication platform may use a machine learning model [referred to herein as a data model] to determine a risk score indicating a likelihood of the request being made by an unauthorized user. The data model may determine the risk score based on trends associated with fraudulent transactions and/or legitimate transactions, as described further herein”; and paragraphs [0036]-[0037].)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Herder, Tussy, Clark, and SMITH by the BERMUDEZ-CISNEROS disclosure. In order to enhance the transaction authentication process, one of ordinary skill in the art would have been motivated to train the module based on the feature vector to obtain the predicted results, so that the system can determine whether the transactions associated with a user account are fraudulent or legitimate by the trained module.

Conclusion
The prior art, made of record and not relied upon, is considered pertinent to the applicant’s disclosure.
Agrawal et al. (US 20200380523 A1) disclose that a system uses context data provided by supplemental devices to reduce false declines during transaction authorization.
Kirsch (US 20150088754 A1) discloses authenticating a transaction based on the received responses from one or more devices associated with a user.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHUNLING DING, whose telephone number is (571)270-3605. The examiner can normally be reached on 9:30 - 7:30 M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, an applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel, can be reached at 571-270-1492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/C.D./Examiner, Art Unit 3685     

/NEHA PATEL/Supervisory Patent Examiner, Art Unit 3685