Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
2.	EXAMINER’S NOTE: The claims have been reviewed and considered under the new guidance pursuant to the 2019 Revised Patent Subject Matter Eligibility Guidance (PEG 2019) issued January 7, 2019.
3.	This communication is in response to Applicant’s claims filed on 07January 2020. Claims 1-20 remain pending. 

	
Continued Prosecution Application
4.	This application is a continuation of Serial No. 13/415,184 filed on 08 March 2012 which is now, US Patent No. 8,869,245 issued on 21 October 2014, Serial No. 14/511,785 filed on 10 October 2014 which is now, US Patent No. 9,292,677 issued on 22 March 2016, and Serial No. 15/076,563 filed on 21 March 2016 which is now, US Patent No. 10,528,949 issued on 07 January 2020.

Double Patenting
5.	The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  
6.	Claims 1-20 of the instant application are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-19 of U.S. Patent No. 8,869,245. Although the claims at issue are not identical, they are not patentably distinct from each other because the scope of the claims are the same for the instant application and the issued application. Each claim identical mechanisms for determining a risk level based on the device reputation/trust score, the network reputation/trust score, and the device behavior for one or more action characteristics. 
Claims 1-20 of the instant application are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-17 of U.S. Patent No. 9,292,677. Although the claims at issue are not identical, they are not patentably distinct from each other because the scope of the claims are the same for the instant application and the issued application. Each claim identical mechanisms for determining a trust score/risk level and weight based upon the weight of the network risk determination in the risk level decreases with an increasing length of time since an update associated with the risk level that is updated by the system using an algorithm to increase or decrease. 
Claims 1-20 of the instant application are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,528,949. Although the claims at issue are not identical, they are not patentably distinct from each other because the scope of the claims are the same for the instant application and the issued application. Each claim identical mechanisms for determining a trust score/risk level and weight based upon the weight of the network risk determination in the risk level decreases with an increasing length of time since an update associated with the risk level that is updated by the system using an algorithm to increase or decrease.
Claims recited in the instant claim are broader version of claims 1-19 of ‘245, claims 1-17 of ‘677 and claims 1-20 of ‘949 and as such anticipates claims 1-20 of the instant application. 
8. 	"A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896,225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re 
Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). " ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001). 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 1-20 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Kolkowitz et al. (Pub No. 2010/0293094) in view of Faybishenko et al. (Pub No. 2003/0182421).
Referring to the rejection of claim 1, Kolkowitz et al. discloses a method, comprising:
receiving an indication that a user device has initiated an action, via a network, to access particular functionality of an online system, and wherein the action has one or more action characteristics; (See Kolkowitz et al., para. 35-36)
Please note that in this example, a transaction request (i.e. payment request) is received from the user device to the server via a network wherein data attributes associated with the user device are used to identify the user associated with the transaction. 
determining a unique identifier corresponding to the user device; (See Kolkowitz et al., para. 36-37)
Please note that in this example, a unique identifier corresponding to the user device is the computer fingerprint. The computer fingerprints comprise the processor characteristics that are associated with creating an electronic signature of the user. 
using the unique identifier, accessing a device trust score for the user device; (See Kolkowitz et al., para. 40, 71 and 73-74)
Please note that in this example, the unique identifier (i.e. computer fingerprint) is used as part of the electronic signature and used to access the trust score for the user device wherein the authentication system determines the trust score of the user device.
based on a network address used by the user device to initiate the action, accessing a network trust score for the user device, wherein the network trust score is based on one or more devices, including the user device, that are associated with the network address; (See Kolkowitz et al., para. 57-63)
Please note that in this example, based on the network IP address used by the user device, accessing a network trust score, wherein the trust score is based on the user device that is requesting payment may be a function of the user match score, the reputation score of the user, payment instrument, and computer involved in the payment request, and/or the strength of any existing relationships between the payment instrument and computer.
determining a risk level for the action based on the device trust score, the network trust score, and the one or more action characteristics; (See Kolkowitz et al., para. 56-63, 74, and 78)
Please note that in this example, a risk level is determined for the actions of the user device based on the attributes which include the computer fingerprint (i.e. device trust score), the IP address (i.e. network trust score), the browser fingerprint, the IP geolocation, and the browser geolocation wherein the authentication system may provide fraud checks combined with transaction data for the user device.
Kolkowitz et al. fail to explicitly disclose in response to the determined risk level exceeding a threshold, requiring the user device to perform an authentication process in order to allow access to the particular functionality of the online system and updating one or more of the device trust score or the network trust score based on a result of the authentication process.	Faybishenko et al. discloses a method for the distribution of identities and reputation on a network. 
Faybishenko et al. discloses in response to the determined risk level exceeding a threshold, requiring the user device to perform an authentication process in order to allow access to the particular functionality of the online system; (See Faybishenko et al., para. 50-53)
Please note that in this example, a reputation score is used to determine the risk level exceeding a threshold, wherein the user device is required to perform an authentication process before access is allowed to perform online transactions requests. 
Faybishenko et al. discloses and updating one or more of the device trust score or the network trust score based on a result of the authentication process. (See Faybishenko et al., para. 54-57)
Please note that in this example, after the verification process is performed the device trust score (i.e. reputation score) is updated based on the successful results of the authentication process which allows access to the online system. 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date the claimed invention was made to combine Kolkowitz et al.’s system and method for authentication transactions to identify fraudulent payments modified with Faybishenko et al.’s method for the distribution of identities and reputation on a network.
Motivation for such an implementation would enable determining a node on a network in question may be trusted by providing valid reputation for authenticating the user device when the risk level has exceeded or is above a threshold before a transaction is performed. (See Faybishenko et al., para. 58-59)
Referring to the rejection of claims 2 and 14, (Kolkowitz et al. modified by Faybishenko et al.) discloses further comprising: receiving an indication that the user device has successfully performed the authentication process and in response, allowing the action to access the particular functionality of the online system. (See Kolkowitz et al., para. 46, 82, and 101)
Referring to the rejection of claim 3, (Kolkowitz et al. modified by Faybishenko et al.) discloses wherein the unique identifier is based on one or more hardware characteristics of the user device. (See Kolkowitz et al., para. 36-37)
Referring to the rejection of claims 4 and 19, (Kolkowitz et al. modified by Faybishenko et al.) discloses wherein the unique identifier is based on one or more software characteristics of the user device. (See Kolkowitz et al., para. 36 and 82)
Referring to the rejection of claim 5, (Kolkowitz et al. modified by Faybishenko et al.) discloses wherein the one or more software characteristics include information reported to the online system regarding one or more characteristics of a web browser installed on the user device. (See Kolkowitz et al., para. 76)
Referring to the rejection of claim 6, (Kolkowitz et al. modified by Faybishenko et al.) discloses wherein the particular functionality comprises a login to an electronic transaction system.  (See Kolkowitz et al., para. 36-37)

Referring to the rejection of claim 7, (Kolkowitz et al. modified by Faybishenko et al.) discloses wherein the electronic transaction system is configured to allow transfers of currency between a plurality of user accounts. (See Kolkowitz et al., para. 98)
Referring to the rejection of claim 8, (Kolkowitz et al. modified by Faybishenko et al.) discloses wherein the unique identifier is generated based on a hash function that guarantees a low probability of a false match for the unique identifier with another device that has accessed the online system, wherein the low probability is not greater than one in six hundred million. (See Kolkowitz et al., para. 46-47)

Referring to the rejection of claim 9, (Kolkowitz et al. modified by Faybishenko et al.) discloses further comprising: wherein the network trust score is lowered after a threshold period of time has elapsed since a last action was taken relative to the online system using the network address. (See Kolkowitz et al., para. 52 and 56-57)
Referring to the rejection of claim 10, (Kolkowitz et al. modified by Faybishenko et al.) discloses further comprising: based on an indication that the user device has failed to complete the action, lowering the device trust score for the user device. (See Faybishenko et al., para. 52)
The rationale for combining Kolkowitz et al. in view of Faybishenko et al. is the same as claim 1. 
Referring to the rejection of claim 11, (Kolkowitz et al. modified by Faybishenko et al.) discloses wherein the updating the network trust score includes raising the network trust score by a given amount or lowering the network trust score by at least 1.5 times the given amount. (See Faybishenko et al., para. 52-53)
The rationale for combining Kolkowitz et al. in view of Faybishenko et al. is the same as claim 1. 
Referring to the rejection of claim 12, (Kolkowitz et al. modified by Faybishenko et al.) discloses wherein the network trust score is based on one or more previous actions attempted relative to the online system by the one or more devices. (See Kolkowitz et al., para. 82-83)
Referring to the rejection of claim 13, (Kolkowitz et al. modified by Faybishenko et al.) discloses a system comprising: 
a non-transitory memory; (See Kolkowitz et al., para. 86-87, i.e. system memory comprising computer storage media) 
a network interface device; (See Kolkowitz et al., para. 89, i.e. hard disk drive interface)
and one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising: (See Kolkowitz et al., para. 87, i.e. the processing unit comprising dual microprocessors and multi-processors coupled to the system memory)
receiving an indication that a user device has initiated an action, via a network, to access particular functionality of an online system, and wherein the action has one or more action characteristics; (See Kolkowitz et al., para. 35-36)
Please note that in this example, a transaction request (i.e. payment request) is received from the user device to the server via a network wherein data attributes associated with the user device are used to identify the user associated with the transaction. 
determining a unique identifier corresponding to the user device, wherein the unique identifier is based on at least one hardware characteristic of the user device and at least one software characteristic of the user device; (See Kolkowitz et al., para. 36-37)
Please note that in this example, a unique identifier corresponding to the user device is the computer fingerprint. The computer fingerprints comprise the processor characteristics that are associated with creating an electronic signature of the user. 
using the unique identifier, accessing a device trust score for the user device; (See Kolkowitz et al., para. 40, 71 and 73-74)
Please note that in this example, the unique identifier (i.e. computer fingerprint) is used as part of the electronic signature and used to access the trust score for the user device wherein the authentication system determines the trust score of the user device.
based on a network address used by the user device to initiate the action, accessing a network trust score for the user device, wherein the network trust score is based on one or more devices, including the user device, that are associated with the network address; (See Kolkowitz et al., para. 57-63)
Please note that in this example, based on the network IP address used by the user device, accessing a network trust score, wherein the trust score is based on the user device that is requesting payment may be a function of the user match score, the reputation score of the user, payment instrument, and computer involved in the payment request, and/or the strength of any existing relationships between the payment instrument and computer.
determining a risk level for the action based on the device trust score, the network trust score, and the one or more action characteristics; (See Kolkowitz et al., para. 56-63, 74, and 78)
Please note that in this example, a risk level is determined for the actions of the user device based on the attributes which include the computer fingerprint (i.e. device trust score), the IP address (i.e. network trust score), the browser fingerprint, the IP geolocation, and the browser geolocation wherein the authentication system may provide fraud checks combined with transaction data for the user device.
Kolkowitz et al. fail to explicitly disclose in response to the determined risk level exceeding a threshold, requiring the user device to perform an authentication process in order to allow access to the particular functionality of the online system and updating one or more of the device trust score or the network trust score based on a result of the authentication process.	Faybishenko et al. discloses a method for the distribution of identities and reputation on a network. 
Faybishenko et al. discloses in response to the determined risk level exceeding a threshold, requiring the user device to perform an authentication process in order to allow access to the particular functionality of the online system; (See Faybishenko et al., para. 50-53)
Please note that in this example, a reputation score is used to determine the risk level exceeding a threshold, wherein the user device is required to perform an authentication process before access is allowed to perform online transactions requests. 

Faybishenko et al. discloses and updating one or more of the device trust score or the network trust score based on a result of the authentication process. (See Faybishenko et al., para. 54-57)
Please note that in this example, after the verification process is performed the device trust score (i.e. reputation score) is updated based on the successful results of the authentication process which allows access to the online system. 
The rationale for combining Kolkowitz et al. in view of Faybishenko et al. is the same as claim 1. 

Referring to the rejection of claim 15, (Kolkowitz et al. modified by Faybishenko et al.) discloses wherein the updating the device trust score includes raising the device trust score by a given amount or lowering the network trust score by at least 1.5 times the given amount. (See Faybishenko et al., para. 19 and 58)
The rationale for combining Kolkowitz et al. in view of Faybishenko et al. is the same as claim 1. 
Referring to the rejection of claim 16, (Kolkowitz et al. modified by Faybishenko et al.) discloses wherein the particular action includes a transaction between a first user account associated with the user device and a second user account, the first and second user accounts corresponding to the online system. (See Kolkowitz et al., para. 101)

Referring to the rejection of claim 17, (Kolkowitz et al. modified by Faybishenko et al.) discloses wherein the updating the network trust score includes raising the network trust score by a given amount or lowering the network trust score by at least twice the given amount. (See Faybishenko et al., para. 19 and 58)
The rationale for combining Kolkowitz et al. in view of Faybishenko et al. is the same as claim 1. 
Referring to the rejection of claim 18, (Kolkowitz et al. modified by Faybishenko et al.) discloses a non-transitory computer-readable medium having stored thereon instructions that are executable by a system to cause the system to perform operations comprising: (See Kolkowitz et al., para. 86-87, i.e. computer readable and computer storage media) 
receiving an indication that a user device has initiated an action, via a network, to access particular functionality of an online system, and wherein the action has one or more action characteristics; (See Kolkowitz et al., para. 35-36)
Please note that in this example, a transaction request (i.e. payment request) is received from the user device to the server via a network wherein data attributes associated with the user device are used to identify the user associated with the transaction. 
determining a unique identifier corresponding to the user device; (See Kolkowitz et al., para. 36-37)
Please note that in this example, a unique identifier corresponding to the user device is the computer fingerprint. The computer fingerprints comprise the processor characteristics that are associated with creating an electronic signature of the user. 
using the unique identifier, accessing a device trust score for the user device; (See Kolkowitz et al., para. 40, 71 and 73-74)
Please note that in this example, the unique identifier (i.e. computer fingerprint) is used as part of the electronic signature and used to access the trust score for the user device wherein the authentication system determines the trust score of the user device.
based on a network address used by the user device to initiate the action, accessing a network trust score for the user device, wherein the network trust score is based on one or more devices, including the user device, that are associated with the network address; (See Kolkowitz et al., para. 57-63)
Please note that in this example, based on the network IP address used by the user device, accessing a network trust score, wherein the trust score is based on the user device that is requesting payment may be a function of the user match score, the reputation score of the user, payment instrument, and computer involved in the payment request, and/or the strength of any existing relationships between the payment instrument and computer.
determining a risk level for the action based on the device trust score, the network trust score, and the one or more action characteristics; (See Kolkowitz et al., para. 56-63, 74, and 78)
Please note that in this example, a risk level is determined for the actions of the user device based on the attributes which include the computer fingerprint (i.e. device trust score), the IP address (i.e. network trust score), the browser fingerprint, the IP geolocation, and the browser geolocation wherein the authentication system may provide fraud checks combined with transaction data for the user device.
Kolkowitz et al. fail to explicitly disclose in response to the determined risk level exceeding a threshold, requiring the user device to perform an authentication process in order to allow access to the particular functionality of the online system and updating one or more of the device trust score or the network trust score based on a result of the authentication process.	Faybishenko et al. discloses a method for the distribution of identities and reputation on a network. 
Faybishenko et al. discloses in response to the determined risk level exceeding a threshold, requiring the user device to perform an authentication process in order to allow access to the particular functionality of the online system; (See Faybishenko et al., para. 50-53)
Please note that in this example, a reputation score is used to determine the risk level exceeding a threshold, wherein the user device is required to perform an authentication process before access is allowed to perform online transactions requests. 
Faybishenko et al. discloses and updating one or more of the device trust score or the network trust score based on a result of the authentication process. (See Faybishenko et al., para. 54-57)
Please note that in this example, after the verification process is performed the device trust score (i.e. reputation score) is updated based on the successful results of the authentication process which allows access to the online system. 
The rationale for combining Kolkowitz et al. in view of Faybishenko et al. is the same as claim 1. 

Referring to the rejection of claim 20, (Kolkowitz et al. modified by Faybishenko et al.) discloses the non-transitory computer-readable medium of claim 18, wherein the operations further comprise: based on an indication that the user device has completed the action, raising the device trust score for the user device. (See Faybishenko et al., para. 19 and 58)
The rationale for combining Kolkowitz et al. in view of Faybishenko et al. is the same as claim 1. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to COURTNEY D FIELDS whose telephone number is (571)272-3871. The examiner can normally be reached IFP M-F 8am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHEWAYE GELAGAY can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/COURTNEY D FIELDS/Examiner, Art Unit 2436                                                                                                                                                                                                        May 20, 2022

/SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436