DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is responsive to application 17/080,556 that the Applicant filed on October 26, 2020 and presented 20 claims.  Original claims 1-20 remain pending in the application.
Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they include the following reference character(s) not mentioned in the description:
Fig. 1: 13, 15, 17, 18, 19, 28, 34,38, 45, 141, 161, 163, 201, and 203
Fig. 9: 122
Fig. 10: 122
Fig. 11: 27
Fig. 24: 122  
Corrected drawing sheets in compliance with 37 CFR 1.121(d), or amendment to the specification to add the reference character(s) in the description in compliance with 37 CFR 1.121(b) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
Claim Objections
Claim 1 is objected to because of the following informalities: “…the consumer profile information, a consumer breach history profile” should read “…the consumer profile information, the consumer breach history profile,” as the “consumer breach history profile” is initially recited in the preamble.
Claim 10 is objected to because of the following informalities:  based upon the limtations of “payor” and “payee” that occur in claim 9, “The method of claim 6,…” should read “The method of claim 9,….”  Appropriate correction is required.
Claim 17 is objected to because of the following informalities:  “breach clarity history profile” should read “consumer breach history profile.”  Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claim 2 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  Claim 2 states, “wherein appending the consumer breach history profile further includes: generating a breach information notification to the consumer.”  The claim is seemingly indefinite for it is unclear as to how generating a notice results in appending any type of information to the “consumer breach history profile.”
Claim 20 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  Claim 20 recites the limitation "breached information" in the limitation “determining a match between the breached information and the consumer profile.”  There is insufficient antecedent basis for this limitation in the claim, as it appears “breached information” should read “breached information element.”
Claim 20 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  Claim 20 recites, “appending the consumer breach history profile when a match is determined,” and claim 18 recites, “appending the consumer breach history profile when a match is determined.”  The two steps in claims 18 and 20 are identical, thus making the second recitation of the step in claim 20 unnecessary and ambiguous.  Thus, claim 20 should be amended to delete the identically recited step.
Claim 20 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  Claim 20 recites, “generating, in the database, a breach event including the breached information element.”  The Examiner finds one interpretation of this limitation to include the breaching of one’s own database, i.e., “generat[e], in the database, a breach event.”  Giving this interpretation, the limitation at issue is ambiguous.    
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1, 3-12, and 18-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to abstract idea without significantly more. Independent claims 1 and 18 possess steps within a process that can be performed as mental process.  See MPEP § 2106.04(II)(A)(1), stating Step 2A, Prong I assesses whether an abstract idea is claimed; and § 2106.04(a)(2)(III)(C), stating “a claim that requires a computer may still recite a mental process.”  Claims 1 and 18 possess the following limitations that can be performed as mental processes:
Claim 1
   “associating … the electronic transaction information with the consumer”
   “comparing the electronic transaction information with the breach information of the plurality of data breaches”
   “determining a match between the electronic transaction information and the breach information of a respective data breach”
   “associating … the respective data breach with the consumer breach history profile”
Claim 18
   “associating … the consumer breach history profile with the consumer profile information”
   “comparing the breach event information with the consumer profile information”
   “determining a match between the breach event information and the consumer profile information”
   “associating … the breach event information with the consumer breach history profile”
With respect to independent claims 1 and 18, this judicial exception of an abstract idea is not integrated into a practical application.  See MPEP § 2106.04(II)(A), stating that additional elements must be identified to determine whether the judicial exception is incorporated into a practical application; and MPEP § 2106.04(d)(1) stating a determination is made as to “evaluating improvements in the functioning of a computer, or an improvement to any other technology or technical field in Step 2A, Prong Two.”  Claims 1 and 18 recite a “computer server,” a “network,” and a “database,” but these are generic computer elements that do not add a meaningful limitation to the abstract idea mental process because they amount to simply implementing a mental process on a computer as opposed improving the functioning of a computer.  See MPEP § 2106.04(d)(1), stating “Limitations the courts have found indicative that an additional element (or combination of elements) may have integrated the exception into a practical application include: An improvement in the functioning of a computer….”  Here, the Examiner notes that each of the preambles for claims 1 and 18 state, “A method of generating a consumer breach history profile of a consumer…,” and generating a consumer profile without more fails to improve the functioning of a computer. 
Claims 1 and 18 fail to include additional elements that are sufficient to amount to significantly more than the judicial exception.  See MPEP § 2106.05, stating “Eligibility Step 2B: whether a claim amounts to significantly more.”  Claims 1 and 18 fail to include additional elements that amount to significantly more than the judicial exception because the claims fail to contribute to an “inventive concept.”  More specifically and as noted above, the claims fail to improve the functioning of a computer.  Indeed, the claims involve the managing of historical data (i.e., “a consumer breach history profile), and “the courts have indicated [claims] many not be sufficient to show an improvement in computer-functionality” when “providing historical usage information to users while they are inputting data, in order to improve the quality and organization of information added to the database because ‘an improvement to the information stored by a database is not equivalent to an improvement in the database’s functionality.’”  See MPEP § 2106.05(a)(I).
The Examiner notes that dependent claim 2 and independent claim 13 are not rejected for failing to comprise eligible statutory subject matter because claims 2 and 13 recite “generating a breach notification to the consumer.”  This limitation brings the claimed invention within the purview of eligible subject matter because it entails a practical application, i.e., it’s quite useful for a consumer to be notified of a data breach.  In contrast, “generating a consumer breach history profile of a consumer” – as recited in the preamble of the independent claims – literally accomplishes nothing in and of itself, which is why, at least in part, it’s an abstract idea.
To overcome the § 101 rejection, the Examiner suggests incorporating the generation of the notification into the independent claims, where such amendment may take the form of “a mitigation action that includes generating a notification to the consumer.”  The Examiner also suggests amending the preamble to focus on the “match” of the transaction information and breach information, as it’s the matching of this information as part of an inventive concept (under Step 2B) that leads to the generation of the notification.  Thus, for example, claim 1 might be amended to be consistent with the following: “A method of matching breach information with electronic transaction information…,” and “in response to determining that a match exists, generating a breach notification to the consumer.”
Claim 3
Claim 3 recites a “transaction time,” but this limitation individually and in combination with other claimed elements fails to implement a practical application or advance an inventive concept that improves the functionality of a computer for the reasons similarly provided for claim 1.
Claim 4
Claim 4 recites “the consumer profile information includes account credentials,” but this limitation individually and in combination with other claimed elements fails to implement a practical application or advance an inventive concept that improves the functionality of a computer for the reasons similarly provided for claim 1.
Claim 5 
Claim 5 recites an “account plug-in” to enable computerized steps to receive, transmit, and retrieve account information, but this limitation individually and in combination with other claimed elements fails to implement a practical application or advance an inventive concept that improves the functionality of a computer.  The Examiner notes that the “account plug-in” can be seen to contribute to a “practical application,” but a “plug-in” as a software component is well-known in art, see Applicant’s disclosure at ¶ [0080] that lists a plugin with other well-known elements, i.e., “algorithms,” “APIs,” and “widgets,” with the Examiner additionally taking official notice that “plugins” are well known in the art, see MPEP § 2106.07(a)(III).  Accordingly, claiming a “plug-in” fails to advance a practical application or an inventive concept that improves the functionality of a computer.
Claim 6
Claim 6 recites “transaction[s]” involving an “e-mail account,” but this limitation individually and in combination with other claimed elements fails to implement a practical application or advance an inventive concept that improves the functionality of a computer for the reasons similarly provided for claim 1.
Claim 7
	Claim 7 recites “determing a match between the breach information of the respective data breach and at least one of the email sender or the email recipient,” and this limitation amounts to another step that encompasses a mental process.  Accordingly, this limitation individually and in combination with other claimed elements fails to implement a practical application or advance an inventive concept that improves the functionality of a computer for the reasons similarly provided for claim 1.
Claim 8
	Claim 8 recites the “consumer identifier is an email address,” but this limitation individually and in combination with other claimed elements fails to implement a practical application or advance an inventive concept that improves the functionality of a computer for the reasons similarly provided for claim 1.
Claim 9
	Claim 9 recites an “electronic payment account,” “payor,” and “payee,” but these limitations individually and in combination with other claimed elements fails to implement a practical application or advance an inventive concept that improves the functionality of a computer for the reasons similarly provided for claim 1.
Claim 10
	Claim 10 recites “determining a match between the breach information of the respective data breach and at least one of the payor and payee,” and this limitation amounts to another step that encompasses a mental process.  Accordingly, this limitation individually and in combination with other claimed elements fails to implement a practical application or advance an inventive concept that improves the functionality of a computer for the reasons similarly provided for claim 1.
Claim 11
	Claim 11 recites “the consumer identifier is a payment account number associated with the consumer,” but this limitation individually and in combination with other claimed elements fails to implement a practical application or advance an inventive concept that improves the functionality of a computer for the reasons similarly provided for claim 1.
Claim 12
	Claim 12 recites “the payment account number is a payment card number,” but this limitation individually and in combination with other claimed elements fails to implement a practical application or advance an inventive concept that improves the functionality of a computer for the reasons similarly provided for claim 1.
Claim 19
	Claim 19 recites “the breach information source is the consumer,” but this limitation individually and in combination with other claimed elements fails to implement a practical application or advance an inventive concept that improves the functionality of a computer for the reasons similarly provided for claim 18.
Claim 20
	Claim 20 recites the additional mental processes of “identifying…,” “comparing…,” and “determining…,” but these limitations individually and in combination with other claimed elements fails to implement a practical application or advance an inventive concept that improves the functionality of a computer for the reasons similarly provided for claim 18.  The additional steps of “retrieving…,” “excerpting…,” “appending…,” “generating…,” and “appending…” all lead to the final result of creating a database entry that, as previously noted for claim 18, improves information within a database and fails to improve the functionality of a computer.  Thus, these limitations individually and in combination with other claimed elements fail to implement a practical application or advance an inventive concept that improves the functionality of a computer for the reasons now given and similarly provided for claim 18.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The following conventions apply to the mapping of the prior art to the claims:
Italicized text – claim language.
Parenthetical plain text – Examiner’s citation and explanation.
Quotation marks – language quoted from a prior art reference.
Underlining – language quoted from a claim.
Brackets – material altered from either a prior art reference or a claim, which includes the Examiner’s explanation that relates a claim limitation to the quoted material of a reference.
Braces – a limitation taught by another reference, but the limitation is presented with the mapping of the instant reference for context.
Numbered footnote – a first phrase to be moved upwards to the primary reference analysis.
Lettered footnote – a second phrase to be moved after the movement of the first phrase from which it was lifted, or more succinctly, move numbered material first, lettered material last.
A.	Claims 1-4 and 6-12 are rejected under 35 U.S.C. 103 as being unpatentable over Park (US 2018/0026996, “Park”) in view of Lockhart et al. (US 2017/0161520, “Lockhart”) and Caldwell (US 10,313,342, “Caldwell”), and further in view of Adjaoute (US 2015/0073981, “Adjaoute”).

Regarding Claim 1
Park discloses
A method of generating a consumer …1 history profile of a consumer (¶ [0030], “In an embodiment, the collected user information may be used to generate a consumer profile for the consumer. The consumer profile may be updated periodically [to add to the history profile] as new consumer information is gathered or received.”) over an electronic network (Fig. 1, ¶ [0020], “The network interface 111 allows the cyber-security device 100 to connect to and communicate with a network 130.”) via a computer server (Fig. 1, ¶ [0017], “The cyber-security device 100 may be a … server”), comprising: 
receiving, via a network, consumer profile information corresponding to a consumer (Fig. 2, ¶ [0068], “At step 505, cyber-security system 201 may generate a consumer profile based on received and collected consumer [profile] information [that correspond[s] to a consumer]. The consumer information may be collected [and thereby received via the network as illustrated in Fig. 2] by cyber-traffic event analysis system 222 which may continuously scan [via the network] for updated consumer information (addresses, credit card numbers, credentials, social security numbers, etc.);” see also Lockhart ¶¶ [0035]-[0036] where personally identifying information (PII) also comprises consumer profile information); 
generating, in a database and using the consumer profile information, a consumer {breach} history profile (Fig. 2, ¶ [0068], “At step 505, cyber-security system 201 may generate a consumer profile…;” ¶ [0023], “Cyber-security system 201 may analyze historic account information received from the account information system 226 to determine the likelihood of a data breach based on risk factors known for consumers with similar habits and/or characteristics;” and Fig. 1, ¶ [0017], “The data collection module 101 may be implemented with one or more processors and one or more storage units (e.g., databases, RAM, ROM, and other computer-readable media),” i.e., the generated consumer breach history profile is stored in a database; see also Lockhart ¶ [0032], i.e., breach data is aggregated to other data, i.e., the consumer profile information is aggregated with other data to create a consumer breach history profile); 
2 …; 
3 …; 
4 …; 
generating, via the electronic transaction account, electronic transaction information associated with the consumer transaction (¶ [0024], “The banking application 218 may allow the user to manage account preferences [within the electronic transaction account], manage financial accounts, view recent transactions [as electronic transaction information that has been generated in order to be viewed and possesses information associated with the consumer transaction],…”); 
5 …; 
wherein the electronic transaction information (¶ [0024]) includes: 
6 …; 
associating, in a database, the electronic transaction information with the consumer (¶ [0024], “The banking application 218 may allow the user to manage [electronic transaction information stored in the database] account preferences, manage financial accounts, view recent transactions,” i.e., the electronic transaction information is associate[ed] or stored with an account of a consumer to enable the “user” to view the “recent transactions”/electronic transaction information); 
7 …; 
8 …; 
9 …; 
10 …; and
11 …. 
Park doesn’t disclose
	1 …{consumer} breach {history profile}…
	2 associating, in the database, the consumer breach history profile with the consumer profile information;
	3 accessing, via a network, an electronic transaction account associated with the consumer;
	4 wherein the electronic transaction account is configured to execute a consumer transaction between the consumer and a party to the consumer transaction;
	5 retrieving, via the network, the electronic transaction information;
6 a consumer identifier corresponding to the consumer; a party identifier corresponding to the party; and a transaction time corresponding to the time the consumer transaction was executed;
7 wherein the database includes breach information corresponding to a plurality of data breaches;
8 comparing the electronic transaction information with the breach information of the plurality of data breaches;
9 wherein comparing the electronic transaction information includes: determining a match between the electronic transaction information and the breach information of a respective data breach;
10 appending the {consumer} breach {history profile} when a match is determined; and 
11 wherein appending the {consumer} breach {history profile} includes: associating, in the database, the respective data breach with the consumer breach history profile.
Lockhart, however, discloses
	1 …{consumer} breach {history profile}… (¶ [0032], “In addition to these attributes, attributes associated with the consumer may also be used to measure risk. These attributes might include the number and severity of data breaches a consumer has been involved with,…;” and “All of these data can be aggregated into risk based results, the aggregated results, or any combination thereof,” i.e., Park suggests but is silent to incorporating data about breaches into a consumer profile; Lockhart, however, discloses “aggregating” breach data)
	2 associating, in the database, the consumer breach history profile with the consumer profile information (¶¶ [0035]-[0036], “The compromised PII [personally identifying information] exchange system 102 may receive the PII data [that was accessed from a consumer via Caldwell Col. 21:8-33, see below], preferably in an encrypted and optionally disassociated form, from the compromised companies,” and “In some embodiments, each encrypted data item [as PII or consumer profile information] may be stored [and thereby associate[ed] in a database] with a breach identifier [providing breach history and thereby creating the consumer breach history profile] corresponding to the data exposure event in which the compromised data was exposed.”);
7 wherein the database includes breach information (Fig. 8, ¶ [0099], “At 806, the method 800 may include comparing the encrypted PII data to a database of compromised identities [that comprises breach information].”) corresponding to a plurality of data breaches (Fig. 9, ¶ [0101], “The match data may include a breach identifier or a risk score associated with a particular breach or piece of data,” i.e., a “particular breach,” with an “identifier” being required to distinguish one particular breach from a plurality of data breaches);
8 comparing the electronic transaction information with the breach information of the plurality of data breaches (Fig. 8, ¶ [0099], “At 806, the method 800 may include comparing the encrypted PII data [comprising electronic transaction information] to a database of compromised identities [comprising breach information].”);
9 wherein comparing the electronic transaction information (Fig. 8, ¶ [0099]) includes: determining a match between the electronic transaction information and the breach information of a respective data breach (Fig. 9, ¶¶ [0100]-[0102], “If there is a [determin[ed]] match at 904, the method 900 advances to 910 to determine information about each breach based on the match data. In some embodiments, the information about each breach may include a risk score reflecting multiple matches between the compromised PII data [or breach information] of a particular breach [possessing the breach information that is matched with the “PII/electronic transaction information];” see also ¶¶ [0043]-[0044], “In certain embodiments, the pattern analytics 134 may identify patterns of digits representing commonly breached pieces of PII data, such as social security numbers, phone numbers, and credit card numbers [as electronic transaction information], which may be verified by the PII detector 136.”);
10 appending the {consumer} breach {history profile (Park ¶¶ [0030])} when a match is determined (¶¶ [0047]-[0048], “By including an event identifier, subsequent usages of the data may be correlated to the data exposure event, making it possible to potentially fraudulent activity based on usage of such exposed data. Further, when multiple matches are found between the extracted or identified PII data patterns and the compromised PII data that share a common data exposure event, the risk score associated with any PII data that corresponds to the common data exposure event may be increased to reflect the potential that usage indicates potentially fraudulent activity,” i.e., in order to determine that “compromised PII data” as related consumer profile information “share[s]” a “common data exposure event” as a respective data breach, the compromised PII as related consumer profile information that forms the basis of the consumer breach history profile must be append[ed] with the “event identifier” of the “data exposure event” in order to perform a “subsequent” data analysis of determined matched breach events or else the commonality can’t be detected, or more succinctly, the compromised data possesses a breach identifier that was appended in order to subsequently relate compromised data to the breach event); and 
11 wherein appending the {consumer} breach {history profile (Park ¶¶ [0030])} includes: associating, in the database, the respective data breach with the consumer breach history profile (¶¶ [0047]-[0048], “By including an event identifier [of a respective data breach], subsequent usages of the [associated or stored] data [that includes the PII/consumer profile information] may be correlated to the data exposure event, making it possible to potentially fraudulent activity based on usage of such exposed data. Further, when multiple matches are found between the extracted or identified PII data patterns and the compromised PII data that share a common data [breach] exposure event, the risk score associated with any PII data that corresponds to the common data exposure event may be increased to reflect the potential that usage indicates potentially fraudulent activity,” i.e., in order to determine that “compromised PII data” as consumer profile information “share[s]” a “common data exposure event” as a respective breach event, the compromised PII as consumer profile information must be associated with a “data exposure event” as a respective breach event in the database or else the commonality can’t be detected, or more succinctly, the compromised data possesses a breach identifier in order to relate compromised data to the breach event).
Caldwell, however, discloses
	3 accessing, via a network, an electronic transaction account associated with the consumer (Col. 21:8-33, “For example, in certain embodiments, the event migration module 104 may receive an initial set of electronic credentials (e.g., a username and a password) from a user for an account of the user with a third party service provider 108, and the event migration module 104 may use the initial set of electronic credentials to access the user's [electronic transaction] account with the third party service provider 108 to set a new password, determined by the event migration module 104.”);
Adjaoute, however, discloses
4 wherein the electronic transaction account is configured to execute a consumer transaction between the consumer and a party to the consumer transaction (¶ [0095], “These attributes, in the context of a payment card fraud application would include datapoints for card type, transaction type, merchant name [as a party to the consumer transaction], merchant category code (MCC), transaction amount, time of transaction, time of processing, etc.,” i.e., the “payment card” has an associated electronic transaction account, such as the banking account as disclosed by Park ¶ [0024], that is configured to execute a consumer transaction);
5 retrieving, via the network, the electronic transaction information (¶ [0094], “A series of payment card transactions [comprising electronic transaction information] arriving [and thereby being retriev[ed]] in real-time in an authorization request message [that initiated the retrieving];” see also Caldwell Col. 21:8-33, “The event migration module 104, in certain embodiments, may receive different credentials from a user for different accounts of the user with different third party service providers 108 (e.g., different social networks, different photo sharing sites, different financial institutions) so that the event migration module 104 may download [and thereby retrieve], aggregate, and/or combine the user's data [or electronic transaction information] from the multiple different third party service providers 108.”);
6 a consumer identifier corresponding to the consumer (¶¶ [0094]-[0095], “Such record 502 begins with an account number 504 [corresponding to the consumer that serves as a consumer identifier];” and ¶ [0069], “The consumer data 114 [with an associated consumer identifier that is correlated to the respective consumer] may include names, dates of birth, addresses, phone numbers, emails, social security numbers, other information [as in an account number], or any combination thereof.”); 
a party identifier corresponding to the party (¶ [0095], “These attributes, in the context of a payment card fraud application would include datapoints for card type, transaction type, merchant name [as a party identifier corresponding to the party],…”); and 
a transaction time corresponding to the time the consumer transaction was executed (¶ [0095], “These attributes, in the context of a payment card fraud application would include … time of transaction,”);
Regarding the combination of Park and Lockhart, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the data breach method of Park to have included the breach matching feature of Lockhart. One of ordinary skill in the art would have been motivated to incorporate the breach matching feature of Lockhart because Lockhart teaches that matching personal identifying information (PII) to compromised PII associated with a breach can be used to determine a “potential risk to a consumer,” see Lockhart ¶ [0031].
Regarding the combination of Park-Lockhart and Caldwell, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the data breach method of Park-Lockhart to arrive at the claimed invention.  KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar devices in the same way.”  See MPEP § 2143(I)(C).
To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(C):
1) the prior art contained a base method, namely the data breach method of Park-Lockhart that received from companies personally identifying information (PII) associated with a consumer account, upon which the claimed invention can be seen as an “improvement” by accessing a consumer account directly to receive PII associated with an account;
2) the prior art contained a “comparable” method, specifically directly accessing a consumer account to receive PII as taught by Caldwell, that has been improved in the same way as the claimed invention through the accessing a consumer account directly; and
3) one of ordinary skill in the art could have applied the known improvement technique of applying the direct access of a consumer account to receive PII to the base method (i.e., the data breach method of Park-Lockhart), and the results would have been predictable to one of ordinary skill in the art.
Regarding the combination of Park-Lockhart-Caldwell and Adjaoute, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the data breach method of Park-Lockhart-Caldwell to have included the transaction information of Adjaoute. One of ordinary skill in the art would have been motivated to incorporate the transaction information because Adjaoute teaches that employing a multitude of “attributes” increases the degree data can be “mined” and to create “behavioral clusters” that are useful in “forecasting” legitimate or fraudulent transactions, see Adjaoute ¶¶ [0049]-[0052].  
Regarding Claim 2
Park in view of Lockhart and Caldwell, and further in view of Adjaoute (“Park-Lockhart-Caldwell-Adjaoute”) discloses the method of claim 1, and Park further discloses 
wherein appending the consumer {breach} history profile (¶ [0030], Lockhart ¶ [0032]) further includes: …1
Adjaoute further discloses
1 …generating a breach notification to the consumer (¶ [0085], “More hits in more channels should translate to an immediate alert and shutdown of all the affected accountholders accounts,” i.e., an alert is sent to a consumer notifying them of a shutdown account).
Regarding the combination of Park-Lockhart-Caldwell and Adjaoute, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the data breach method of Park-Lockhart-Caldwell to have included the alert feature of Adjaoute. One of ordinary skill in the art would have been motivated to incorporate the alert feature because Adjaoute teaches “an immediate alert and shutdown of all the affected accountholders,” see Adjaoute ¶ [0085], and the rapid immediate response minimizes damage created from the breach.
Regarding the combination of Park and Lockhart, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 2.
Regarding Claim 3
Park-Lockhart-Caldwell-Adjaoute discloses the method of claim 1, and Park further discloses 
wherein the transaction time includes the date on which the consumer transaction occurred (¶¶ [0169]-[0170], [0176], “Transactions for peak season dates, such Black Friday to Cyber Monday, were dropped,” i.e., the transaction time includes the date on which the consumer transaction occurred to facilitate a particular type of analysis in which particular days are dropped).  
Regarding the combination of Park-Lockhart-Caldwell and Adjaoute, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 3.
Regarding Claim 4
Park-Lockhart-Caldwell-Adjaoute discloses the method of claim 1, and Park further discloses 
wherein the consumer profile information (Fig. 2, ¶ [0068], “At step 505, cyber-security system 201 may generate a consumer profile based on received and collected consumer information [such as account credentials as disclosed by Caldwell Col. 21:8-33].”) includes …1;
2 ….
Caldwell further discloses
1 …account credentials corresponding to the electronic transaction account (Col. 21:8-33, “For example, in certain embodiments, the event migration module 104 may receive an initial set of electronic [account] credentials (e.g., a username and a password) from a user for an [electronic transaction] account of the user with a third party service provider 108, and the event migration module 104 may use the initial set of electronic credentials to access the user's [electronic transaction] account with the third party service provider 108 to set a new password, determined by the event migration module 104.” ); 
2 the method further comprising: accessing the electronic transaction account using the account credentials (Col. 21:8-33, For example, in certain embodiments, the event migration module 104 may receive an initial set of electronic credentials (e.g., a username and a password) from a user for an account of the user with a third party service provider 108, and the event migration module 104 may use the initial set of electronic [account] credentials to access the user's [electronic transaction] account with the third party service provider 108 to set a new password, determined by the event migration module 104.).
Regarding the combination of Park-Lockhart and Caldwell, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 4.
Regarding Claim 6
Park-Lockhart-Caldwell-Adjaoute discloses the method of claim 1, and Park further discloses 
wherein: the electronic transaction account is an email account (¶ [0042], “In an embodiment, cyber-security account analysis system 203 may monitor a consumer's email accounts to determine a listing of the consumer accounts with financial institutions. Similarly, a consumer's email accounts may also be monitored…”); 
the consumer transaction is an email transaction between an email sender and an email recipient (¶¶ [0071]-[0073], “The parsed metadata may include a domain name identifying the source of the email correspondence. In an embodiment, monitoring of the user's email account [as an email recipient] may be limited to a user's inbox or specified folders containing email correspondence [that includes at least one email transaction]. In an embodiment, based on the determined source information for each email correspondence [comprising an email sender], cyber-security system 201 may at step 520 generate a list of financial institutions [as email senders] associated with a consumer.”); and 
the party to the consumer transaction is one of the email sender and the email recipient (¶¶ [0071]-[0073], “The parsed metadata may include a domain name identifying the source of the email correspondence. In an embodiment, monitoring of the user's email account may be limited to a user's inbox or specified folders containing email correspondence. In an embodiment, based on the determined source information for each email correspondence [comprising an email sender], cyber-security system 201 may at step 520 generate a list of financial institutions [as email senders that comprise a party to the consumer transaction associated with the transactions of the bank] associated with a consumer.”).  
Regarding Claim 7
Park-Lockhart-Caldwell-Adjaoute discloses the method of claim 6, and Lockhart further discloses 
wherein comparing the electronic transaction information with the breach information (Fig. 8, ¶ [0099], “At 806, the method 800 may include comparing the encrypted PII data [comprising electronic transaction information] to a database of compromised identities [comprising breach information].”) includes: 
determining a match between the breach information of the respective data breach and at least one of the email sender or the email recipient (¶ [0062], “The compromised entity 204 may include the exposed PII data 214 [that comprises breach information that is then match[ed] to determine a breach] in a database. The exposed PII data 214 may include exposed names, dates of birth, social security numbers, addresses, phone numbers, email addresses, other data, or any combination thereof.”).
Regarding the combination of Park and Lockhart, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 7.
Regarding Claim 8
Park-Lockhart-Caldwell-Adjaoute discloses the method of claim 6, and Lockhart further discloses 
wherein the consumer identifier is an email address associated with the consumer (¶ [0069], “The consumer data 114 [with an associated consumer identifier that is correlated to the respective consumer] may include names, dates of birth, addresses, phone numbers, emails [and thereby the email address associated with the consumer], social security numbers, other information [as in an account number], or any combination thereof.”).
Regarding the combination of Park and Lockhart, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 8.
Regarding Claim 9
Park-Lockhart-Caldwell-Adjaoute discloses the method of claim 1, and Adjaoute further discloses 
wherein: the {electronic transaction account (Caldwell Col. 21:8-33)} is an electronic payment account (¶ [0084], “For example, such channels can include channel transactions and authorization requests for card-not-present, card-present, high risk merchant category code (MCC), micro-merchant, small and medium sized enterprise (SME) finance, international, domestic, debit card, credit card [with an associated electronic payment account to enable a consumer to pay the debt of a purchase], contactless, or other groupings or financial networks,” i.e., the means of Caldwell to access an electronic transaction account can be employed to access the electronic payment account for the associated credit card disclosed by Adjaoute); 
the consumer transaction is an electronic payment transaction between a payor and a payee (¶ [0084] and ¶ [0095], “These attributes, in the context of a payment card [involving an electronic payment transaction] fraud application would include datapoints for card type, transaction type, merchant name [as a payee], merchant category code (MCC), transaction amount [involving the consumer possessing the “card” to act as the payee for the transaction amount], time of transaction, time of processing, etc.,”); and 
the party to the consumer transaction is one of the payor and the payee (¶ [0095], “These attributes, in the context of a payment card fraud application would include datapoints for card type, transaction type, merchant name [as a party to the consumer transaction and acts as the payee], merchant category code (MCC), transaction amount, time of transaction, time of processing, etc.,””).
Regarding the combination of Park-Lockhart-Caldwell and Adjaoute, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 9.
Regarding the combination of Park-Lockhart and Caldwell, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 9.
Regarding Claim 10
Park-Lockhart-Caldwell-Adjaoute discloses the method of claim 6 [see objection, most likely claim 10 depends on claim 9], and Lockhart further discloses 
wherein comparing the electronic transaction information with the breach information (Fig. 8, ¶ [0099], “At 806, the method 800 may include comparing the encrypted PII data [comprising electronic transaction information] to a database of compromised identities [comprising breach information].”) includes: 
determining a match between the breach information of the respective data breach and at least one of44BRCLO101.1 the payor and the payee (Fig. 9, ¶¶ [0100]-[0102], “If there is a match at 904, the method 900 advances to 910 to determine information about each breach based on the match data. In some embodiments, the information about each [respective data] breach may include a risk score reflecting multiple matches between the compromised PII data [that includes information on the payee] of a particular breach [possessing the breach information that is matched with the PII data and the payee];” ¶ [0097], “At 802, the method 800 may include receiving PII data from a source. In some embodiments, the source may be an at-risk entity [as the payee], a consumer [as the payor], or another entity;” and ¶ [0070], “In certain embodiments, the at-risk entity 104 may include consumer data 114, which data may need to be evaluated for risk due to a data exposure event at another company,” i.e., “another company” implies the “at-risk entity” is a company that acts as the payee when the consumer acts as the payor).
Regarding the combination of Park and Lockhart, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 10.
Regarding Claim 11
Park-Lockhart-Caldwell-Adjaoute discloses the method of claim 9, and Adjaoute further discloses
wherein the consumer identifier is a payment account number associated with the consumer (¶¶ [0094]-[0095], “Such record 502 begins with an [payment] account number 504 [corresponding to the consumer that serves as a consumer identifier];” and ¶ [0069], “The consumer data 114 [with an associated consumer identifier that is correlated to the respective consumer] may include names, dates of birth, addresses, phone numbers, emails, social security numbers, other information [as in a payment account number], or any combination thereof.”).
Regarding the combination of Park-Lockhart-Caldwell and Adjaoute, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 11.
Regarding Claim 12
Park-Lockhart-Caldwell-Adjaoute discloses the method of claim 11, and Adjaoute further discloses 
wherein the payment account number (¶¶ [0094]-[0095], “Such record 502 begins with an [payment] account number 504;” is a payment card number (¶ [0084], “For example, such channels can include channel transactions and authorization requests for card-not-present, card-present, high risk merchant category code (MCC), micro-merchant, small and medium sized enterprise (SME) finance, international, domestic, debit card, credit card, contactless, or other groupings or financial networks,” i.e., it would be obvious to one skilled in the art that a payment account number is a payment card number because this is the traditional practice that enables consumers to easily correlate a card number to the account number that needs to be paid on a monthly basis.  See MPEP § 2141(III), stating “Prior art is not limited just to the references being applied, but includes the understanding of one of ordinary skill in the art. The prior art reference (or references when combined) need not teach or suggest all the claim limitations, however, Office personnel must explain why the difference(s) between the prior art and the claimed invention would have been obvious to one of 
ordinary skill in the art.”). 
B.	Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Park in view of Lockhart, Caldwell and Adjaoute, and further in view of Tyler et al. (US 2017/0195310, “Tyler”).
Regarding Claim 5
Park-Lockhart-Caldwell-Adjaoute discloses the method of claim 1, and Caldwell further discloses 
wherein accessing the electronic transaction account (Col. 21:8-33) includes: 
1 …;
executing …2 to transmit the transaction account information via the network (Col. 21:8-33, “The event migration module 104, in certain embodiments, may receive different credentials from a user for different accounts of the user with different third party service providers 108 (e.g., different social networks, different photo sharing sites, different financial institutions) so that the event migration module 104 may [execut[e] the plugin as disclosed by Tyler ¶ [0120] and thereby] download [which is thus transmit[ted]], aggregate, and/or combine the user's data [or transaction account information] from the multiple different third party service providers 108;); and
retrieving, …,3 the electronic transaction information from the account (Col. 21:8-33, “The event migration module 104, in certain embodiments, may receive different credentials from a user for different accounts of the user with different third party service providers 108 (e.g., different social networks, different photo sharing sites, different financial institutions) so that the event migration module 104 may download [and thereby retrieve], aggregate, and/or combine the user's data [or electronic transaction information] from the multiple different third party service providers 108;” see also Adjaoute ¶ [0094], “A series of payment card transactions [comprising electronic transaction information] arriving [and thereby being retriev[ed]] in real-time in an authorization request message [that initiated the retrieving];”).
Park-Lockhart-Caldwell-Adjaoute doesn’t disclose
1 receiving, via the network, an account plug-in for accessing the electronic transaction account; 
2 …the account plug-in…; and 
3 …, via the account plug-in,….  
Tyler, however, discloses
1 receiving, via the network, an account plug-in for accessing the electronic transaction account (¶ [0120], “An example of the system 3100 includes a browser plugin 3125 that communicates [and thereby access[es]] with a data store 3130 [as the electronic transaction account that possesses data];” and “The browser plugin 3125 can be included in the browser 3105 or used by the browser 3105,” i.e., in the case where the plugin is not included with the browser it is obvious that the other alternative is to receive, via the network, an account plug-in, see MPEP § 2141(III), stating “Prior art is not limited just to the references being applied, but includes the understanding of one of ordinary skill in the art. The prior art reference (or references when combined) need not teach or suggest all the claim limitations, however, Office personnel must explain why the difference(s) between the prior art and the claimed invention would have been obvious to one of ordinary skill in the art.”); 
2 …the account plug-in… (¶ [0120]); and 
3 …, via the account plug-in,…(¶ [0120]).  
	Regarding the combination of Park-Lockhart-Caldwell-Adjaoute and Tyler, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Park-Lockhart-Caldwell-Adjaoute to arrive at the claimed invention.  KSR establishes that a rationale for obviousness is proven by showing a “simple substitution of one known element for another to obtain predictable results.” See MPEP § 2143(I)(B).
To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(B):
1) the prior art contained a method that differed from the claimed method by the substitution of some component, and more specifically, Park discloses a “bank application 218” that differs from the claimed invention that possesses a plugin, where the plugin substitutes for the “bank application” of Park;
2) the substituted component of the plugin was known in the art, as demonstrated by Tyler; and
3) one of ordinary skill in the art could have substituted one known element (the plugin of Tyler) for another (the bank application of Park) and the results would have been predictable to one of ordinary skill in the art.
Regarding the combination of Park-Lockhart and Caldwell, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 5.
Regarding the combination of Park-Lockhart-Caldwell and Adjoute, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 5.
C.	Claims 13-16 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Park in view of Lockhart.
Regarding Claim 13
Park discloses
A method of generating a consumer …1 history profile of a consumer (¶ [0030], “In an embodiment, the collected user information may be used to generate a consumer profile for the consumer. The consumer profile may be updated periodically [to add to the history profile] as new consumer information is gathered or received.”) over an electronic network Fig. 1, ¶ [0020], “The network interface 111 allows the cyber-security device 100 to connect to and communicate with a network 130.”) via a computer server (Fig. 1, ¶ [0017], “The cyber-security device 100 may be a … server”), comprising: 
receiving, via a network, consumer profile information including at least one consumer information element corresponding to the consumer (Fig. 2, ¶ [0068], “At step 505, cyber-security system 201 may generate a consumer profile based on received and collected consumer [profile] information [that correspond[s] to a consumer]. The consumer information may be collected [and thereby received via the network as illustrated in Fig. 2] by cyber-traffic event analysis system 222 which may continuously scan [via the network] for updated consumer information [elements such as] (addresses, credit card numbers, credentials, social security numbers, etc.),” i.e., each of the enumerated consumer information elements (e.g., credit card numbers) contribute to the consumer profile information); 
generating, in a database and using the consumer profile information, a consumer {breach} history profile (Fig. 2, ¶ [0068], “At step 505, cyber-security system 201 may generate a consumer profile…;” ¶ [0023], “Cyber-security system 201 may analyze historic account information received from the account information system 226 to determine the likelihood of a data breach based on risk factors known for consumers with similar habits and/or characteristics;” and Fig. 1, ¶ [0017], “The data collection module 101 may be implemented with one or more processors and one or more storage units (e.g., databases, RAM, ROM, and other computer-readable media),” i.e., the generated consumer breach history profile is stored in a database; see also Lockhart ¶ [0032], i.e., breach data is aggregated to other data, i.e., the consumer profile information is aggregated with other data to create a consumer breach history profile); 
2 …; 
3 …; 
4 …; 
5 …; 
6 …; 
selecting, via the server (Figs. 1 & 2, ¶ [0017], “The cyber-security device 100 [that implements cyber-security system 201] may be a … server…”), at least one mitigation actions defined by the at least one breached information element (Fig. 5, ¶¶ [0073]-[0074], “In an embodiment, cyber-security system 201 may automatically initiate [and thereby select] closing [as a mitigation action] of select accounts [with the associated account number comprising one breached information element that define[s] the mitigation action to be implemented] listed in one of the generated lists based on predetermined criteria.”); 
associating, in the database, the at least one mitigation action with the consumer breach history profile (¶¶ [0073]-[0075], “In this case, a consumer may indicate via a user interface that various accounts should be closed [as a mitigation action] and cyber-security system 201 may begin an account closing process for the consumer,” and “In an embodiment, a user's email account may be monitored at a predetermined frequency in order to update the account listings. The newly generate lists may be compared to previously generated lists highlighting changes for the consumer,” i.e., the mitigation action of closing are associated or stored with the consumer breach history profile to enable “update[ing]” and “compar[ing] previously generated lists highlighting changes,” where the consumer breach history profile is based on the PII, matching, and breach events as disclosed by Lockhart ¶¶ [0047]-[0048]); and 
generating a notification to the consumer, wherein the notification includes the at least one mitigation action (¶ [0074], “In another embodiment, cyber-security system 201 may generate recommendations [that are presented in a notification to the consumer] based on the identification of the sources of the subscriptions. In another embodiment, the consumer may determine [upon reviewing the recommendation/notification] that various accounts should be closed [as a mitigation action] based on a review of the listings.”).
Park doesn’t disclose
	1 …{consumer} breach {history profile}…
	2 associating, in the database, the consumer breach history profile with the consumer profile information;
3 wherein the database includes a plurality of breach events, each breach event associated with at least one breached information element;
4 matching the consumer profile information to a respective breach event of the plurality of breach events;
5 wherein matching the consumer profile information to the respective breach event includes: determining a match between the at least one consumer information element and the at least one breached information element associated with the respective breach event;
6 associating, in the database, the consumer breach history profile with the respective breach event;
Lockhart, however, discloses
	1 …{consumer} breach {history profile}… (¶ [0032], “In addition to these attributes, attributes associated with the consumer may also be used to measure risk. These attributes might include the number and severity of data breaches a consumer has been involved with,…;” and “All of these data can be aggregated into risk based results, the aggregated results, or any combination thereof,” i.e., Park suggests but is silent to incorporating data about breaches into a consumer profile; Lockhart, however, discloses “aggregating” breach data)
 2 associating, in the database, the consumer breach history profile with the consumer profile information (¶¶ [0035]-[0036], “The compromised PII [personally identifying information] exchange system 102 may receive the PII data, preferably in an encrypted and optionally disassociated form, from the compromised companies,” and “In some embodiments, each encrypted data item [as PII or consumer profile information] may be stored [and thereby associate[ed] in a database] with a breach identifier [providing breach history and thereby creating the consumer breach history profile] corresponding to the data exposure event in which the compromised data was exposed.”);
3 wherein the database includes a plurality of breach events (Fig. 9, ¶ [0101]-[0102], “The match data may include a breach identifier or a risk score associated with a particular breach or piece of data,” i.e., a “particular breach,” with an “identifier” being required to distinguish one particular breach from a plurality of breach events; and “In some embodiments, the information about each breach [of a plurality of breach events] may include a risk score reflecting multiple matches between the compromised PII data of a particular breach or data exposure event”), each breach event associated with at least one breached information element (Fig. 8, ¶¶ [0098]-[0099], “At 806, the method 800 may include comparing the encrypted PII data to a database of compromised identities [that comprises breach information],” and “At 804, the method 800 may include re-encrypting the PII data using a different key for each field [that comprises one breached information element]”);
4 matching the consumer profile information (¶¶ [0035]-[0036]) to a respective breach event of the plurality of breach events (Fig. 9, ¶¶ [0100]-[0102], “If there is a match [of a respective breach event to consumer profile information as PII] at 904, the method 900 advances to 910 to determine information about each breach [of the plurality of breach events] based on the match data. In some embodiments, the information about each breach may include a risk score reflecting multiple matches between the compromised PII data [of a respective breach event that was matched to consumer profile information] of a particular breach;” see also ¶¶ [0043]-[0044], “In certain embodiments, the pattern analytics 134 may identify patterns of digits representing commonly breached pieces of PII data [as consumer profile information], such as social security numbers, phone numbers, and credit card numbers, which may be verified by the PII detector 136.”);
5 wherein matching the consumer profile information to the respective breach event (Fig. 9, ¶¶ [0100]-[0102]) includes: determining a match between the at least one consumer information element and the at least one breached information element associated with the respective breach event (Fig. 9, ¶¶ [0100]-[0102], “If there is a [determin[ed]] match at 904, the method 900 advances to 910 to determine information about each breach based on the match data. In some embodiments, the information about each [respective] breach [event] may include a risk score reflecting multiple matches between the compromised PII data [that includes one consumer information element that was matched with one breached information element] of a particular breach;” “In certain embodiments, the risk score may be based on a variety of data, including data about the breach event, data about the field [as one breached information element] that was matched (i.e., date of birth versus social security number [as one consumer element),…;” and ¶¶ [0043]-[0044], “In certain embodiments, the pattern analytics 134 may identify patterns of digits representing commonly breached pieces of PII data [with each piece comprising one consumer information element], such as social security numbers, phone numbers, and credit card numbers, which may be verified by the PII detector 136;”);
6 associating, in the database, the consumer breach history profile with the respective breach event (¶¶ [0047]-[0048], “By including an event identifier [of a respective data breach], subsequent usages of the [associated or stored] data [that includes the PII/consumer information elements incorporated within the consumer breach history profile] may be correlated to the data exposure event, making it possible to potentially fraudulent activity based on usage of such exposed data. Further, when multiple matches are found between the extracted or identified PII data patterns and the compromised PII data that share a common data [breach] exposure event, the risk score associated with any PII data that corresponds to the common data exposure event may be increased to reflect the potential that usage indicates potentially fraudulent activity,” i.e., in order to determine that “compromised PII data” as related consumer profile information “share[s]” a “common data exposure event” as a respective breach event, the compromised PII as related consumer profile information incorporated within the consumer breach history profile must be associated with a “data exposure event” as a respective breach event in the database or else the commonality can’t be detected, or more succinctly, the compromised data is correlated to a breach identifier in order to relate compromised data to the breach event);
Regarding the combination of Park and Lockhart, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the data breach method of Park to have included the breach matching feature of Lockhart. One of ordinary skill in the art would have been motivated to incorporate the breach matching feature of Lockhart because Lockhart teaches that matching personal identifying information (PII) to compromised PII associated with a breach can be used to determine a “potential risk to a consumer,” see Lockhart ¶ [0031].
Regarding Claim 14
Park in view of Lockhart (“Park-Lockhart”) discloses the method of claim 13, and Park further discloses 
further comprising: displaying, via a user device (Fig 1, ¶ [0020], “Through the network 130, the cyber security device 100 may communicate with one or more other computing devices 140 [as serves as a user device that possess a display as illustrated in Fig. 1]…”), a breach system interface (¶ [0074], “In another embodiment, cyber-security system 201 may generate recommendations [that are displayed via a breach system interface between the cyber-security system 201 and the user device] based on the identification of the sources of the subscriptions. In another embodiment, the consumer may determine [upon reviewing displayed recommendation/notification via the breach system interface] that various accounts should be closed based on a review of the listings.”); 
displaying, via the breach system interface, the at least one mitigation action (¶ [0074], “In another embodiment, cyber-security system 201 may generate recommendations [as a mitigation action that are displayed via the breach system interface between the cyber-security system 201 and the user/consumer] based on the identification of the sources of the subscriptions. In another embodiment, the consumer may determine [upon reviewing displayed recommendation via the breach system interface] that various accounts should be closed based on a review of the listings [that comprise a mitigation action to close an account].”); and 
associating, in the breach system interface, the at least one mitigation action with an interface45BRCLO101.1 element (¶ [0074], “In another embodiment, cyber-security system 201 may generate recommendations [as one mitigation action that is displayed via the breach system interface] based on the identification of the sources of the subscriptions. In another embodiment, the consumer may determine that various accounts should be closed based on a review of the listings,” i.e., an interface element is a dropdown menu option that displays one mitigation action to be selected amongst the “listings;” Park is silent to the use of a dropdown menu, but it would be obvious to one skilled in the art to associate a mitigation action with a dropdown menu as an interface element because menus are a common and well-known means to implement a choice of action.  See MPEP § 2141(III), stating “Prior art is not limited just to the references being applied, but includes the understanding of one of ordinary skill in the art. The prior art reference (or references when combined) need not teach or suggest all the claim limitations, however, Office personnel must explain why the difference(s) between the prior art and the claimed invention would have been obvious to one of ordinary skill in the art.”), 
wherein the interface element is actuable to complete the at least one mitigation action (¶ [0074], “In another embodiment, cyber-security system 201 may generate recommendations based on the identification of the sources of the subscriptions. In another embodiment, the consumer may determine that various accounts should be closed based on a review of the listings,” i.e., it would be obvious to one skilled in the to use a dropdown menu as an interface element to actuate and complete the at least one mitigation action because the use of dropdown menus is common and well-known at actuate the desires of a computer user. See MPEP § 2141(III).).  
Regarding Claim 15
Park-Lockhart discloses the method of claim 14, and Park further discloses 
further comprising: displaying, in the breach system interface, a visual indicator configured to indicate whether the at least one mitigation action is completed or incomplete (¶ [0075], “In an embodiment, a user's email account may be monitored at a predetermined frequency in order to update the account listings. The newly generate lists may be compared [and displayed via the breach system interface] to previously generated lists highlighting changes [that thereby visibly indicates whether one mitigation action is completed] for the consumer.”).  
Regarding Claim 16
Park-Lockhart discloses the method of claim 15, and Park further discloses 
further comprising: removing the at least one mitigation action from the breach system interface when the mitigation action is completed (¶ [0075], “In an embodiment, a user's email account may be monitored at a predetermined frequency in order to update the account listings. The newly generate lists may be compared to previously generated lists highlighting changes for the consumer,” i.e., the “update[ing]” involves removing the at least one mitigation action from the breach system interface because the option to the consumer/user is no longer viable as it has been completed, i.e., it would be pointless to include the mitigation action in the dropdown menu of the breach system interface if it has been completed.  See MPEP § 2141(III)).
Regarding Claim 18
Park discloses
A method of generating a consumer …1 history profile of a consumer (¶ [0030], “In an embodiment, the collected user information may be used to generate a consumer profile for the consumer. The consumer profile may be updated periodically [to add to the history profile] as new consumer information is gathered or received.”) over an electronic network (Fig. 1, ¶ [0020], “The network interface 111 allows the cyber-security device 100 to connect to and communicate with a network 130.”) via a computer server (Fig. 1, ¶ [0017], “The cyber-security device 100 may be a … server), comprising: 
receiving, via a network, consumer profile information corresponding to a consumer (Fig. 2, ¶ [0068], “At step 505, cyber-security system 201 may generate a consumer profile based on received and collected consumer [profile] information [that correspond[s] to a consumer]. The consumer information may be collected [and thereby received via the network as illustrated in Fig. 2] by cyber-traffic event analysis system 222 which may continuously scan [via the network] for updated consumer information (addresses, credit card numbers, credentials, social security numbers, etc.);” see also Lockhart ¶¶ [0035]-[0036] where personally identifying information (PII) also comprises consumer profile information); 
generating, in a database and using the consumer profile information, a consumer {breach} history profile (Fig. 2, ¶ [0068], “At step 505, cyber-security system 201 may generate a consumer profile…;” ¶ [0023], “Cyber-security system 201 may analyze historic account information received from the account information system 226 to determine the likelihood of a data breach based on risk factors known for consumers with similar habits and/or characteristics;” and Fig. 1, ¶ [0017], “The data collection module 101 may be implemented with one or more processors and one or more storage units (e.g., databases, RAM, ROM, and other computer-readable media),” i.e., the generated consumer breach history profile is stored in a database; see also Lockhart ¶ [0032], i.e., breach data is aggregated to other data, i.e., the consumer profile information is aggregated with other data to create a consumer breach history profile); 
2 …; 
3 …; 
4 …; 
5 …; 
6 …; and 
7 ….
Park doesn’t disclose
	1 …{consumer} breach {history profile}…
	2 associating, in the database, the consumer breach history profile with the consumer profile information;
	3 retrieving, via the network, breach event information from a breach information source;
	4 comparing the breach event information with the consumer profile information;
5 wherein comparing the breach event information includes: determining a match between the breach event information and the consumer profile information;
6 appending the {consumer} breach {history profile} when a match is determined;
7 wherein appending the consumer breach history profile includes: associating, in the database, the breach event information with the consumer breach history profile.
Lockhart, however, discloses
	1 …{consumer} breach {history profile}… (¶ [0032], “In addition to these attributes, attributes associated with the consumer may also be used to measure risk. These attributes might include the number and severity of data breaches a consumer has been involved with,…;” and “All of these data can be aggregated into risk based results, the aggregated results, or any combination thereof,” i.e., Park suggests but is silent to incorporating data about breaches into a consumer profile; Lockhart, however, discloses “aggregating” breach data)
	2 associating, in the database, the consumer breach history profile with the consumer profile information (¶¶ [0035]-[0036], “The compromised PII [personally identifying information] exchange system 102 may receive the PII data preferably in an encrypted and optionally disassociated form, from the compromised companies,” and “In some embodiments, each encrypted data item [as PII or consumer profile information] may be stored [and thereby associate[ed] in a database] with a breach identifier [providing breach history and thereby creating the consumer breach history profile] corresponding to the data exposure event in which the compromised data was exposed.”);
	3 retrieving, via the network, breach event information from a breach information source (Fig. 8, ¶ [0097], “FIG. 8 is a flow diagram of a method 800 of a method of exchanging [and thereby retrieving via the network] compromised identity data [that comprises breach event information], in accordance with certain embodiments of the present disclosure. At 802, the method 800 may include receiving PII data from a source. In some embodiments, the [breach information] source may be an at-risk entity, a consumer, or another entity”);
	4 comparing the breach event information with the consumer profile information (Fig. 8, ¶ [0099], “At 806, the method 800 may include comparing the encrypted PII data [comprising consumer profile information] to a database of compromised identities [comprising breach event information].”);
5 wherein comparing the breach event information (Fig. 8, ¶ [0099]) includes: determining a match between the breach event information and the consumer profile information (Fig. 9, ¶¶ [0100]-[0102], “If there is a [determin[ed]] match at 904, the method 900 advances to 910 to determine [breach] information about each breach [event] based on the match data. In some embodiments, the [breach] information about each breach [event] may include a risk score reflecting multiple matches between the compromised PII data [that includes consumer profile information, e.g., a social security number, that was matched with breach event information, e.g., a social security number] of a particular breach;” “In certain embodiments, the risk score may be based on a variety of data, including data about the breach event, data about the field [as breach information] that was matched (i.e., date of birth versus social security number [as included with consumer profile information]),…;” and ¶¶ [0043]-[0044], “In certain embodiments, the pattern analytics 134 may identify patterns of digits representing commonly breached pieces of PII data [with each piece related to consumer profile information], such as social security numbers, phone numbers, and credit card numbers, which may be verified by the PII detector 136”);
6 appending the {consumer} breach {history profile (Park ¶ [0030])} when a match is determined (¶¶ [0047]-[0048], “By including an event identifier [as breach event information], subsequent usages of the data may be correlated to the data exposure event, making it possible to potentially fraudulent activity based on usage of such exposed data. Further, when multiple matches are found between the extracted or identified PII data patterns and the compromised PII data that share a common data exposure event, the risk score associated with any PII data that corresponds to the common data exposure event may be increased to reflect the potential that usage indicates potentially fraudulent activity,” i.e., in order to determine that “compromised PII data” as related consumer profile information “share[s]” a “common data exposure event” as a breach event, the compromised PII as related consumer profile information that forms the basis of the consumer breach history profile must be append[ed] with the “event identifier” as breach event information of the “data exposure event” in order to perform a “subsequent” data analysis of determined matched breach events or else the commonality can’t be detected, or more succinctly, the compromised data possesses a breach identifier that was appended in order to subsequently relate compromised data to the breach event);
7 wherein appending the {consumer} breach {history profile} ((¶¶ [0047]-[0048]) includes: associating, in the database, the breach event information with the consumer breach history profile ((¶¶ [0047]-[0048], “By including an [breach] event identifier [as breach event information], subsequent usages of the [associated or stored] data [that relates to the PII/consumer breach history profile] may be correlated to the data exposure event, making it possible to (sic) potentially fraudulent activity based on usage of such exposed data. Further, when multiple matches are found between the extracted or identified PII data patterns and the compromised PII data that share a common data exposure event, the risk score associated with any PII data that corresponds to the common data exposure event may be increased to reflect the potential that usage indicates potentially fraudulent activity,” i.e., in order to determine that “compromised PII data” as breach event information “share[s]” a “common data exposure event,” the compromised PII as related consumer profile information that forms the basis of the consumer breach history profile must be associated with the “event identifier” as breach event information of a “data exposure event” in the database or else the commonality can’t be detected, or more succinctly, the compromised data possesses a breach identifier in order to subsequently relate compromised data to the breach event).
Regarding the combination of Park and Lockhart, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the data breach method of Park to have included the breach matching feature of Lockhart. One of ordinary skill in the art would have been motivated to incorporate the breach matching feature of Lockhart because Lockhart teaches that matching personal identifying information (PII) to compromised PII associated with a breach can be used to determine a “potential risk to a consumer,” see Lockhart ¶ [0031].
Regarding Claim 19
Park-Lockhart discloses the method of claim 18, and Lockhart further discloses
wherein the breach information source is the consumer (Fig. 8, ¶ [0097], “FIG. 8 is a flow diagram of a method 800 of a method of exchanging compromised identity data, in accordance with certain embodiments of the present disclosure. At 802, the method 800 may include receiving PII data from a source. In some embodiments, the [breach information] source may be an at-risk entity, a consumer, or another entity”).
Regarding the combination of Park and Lockhart, the rationale to combine is the same as provided for claim 18 due to the overlapping subject matter between claims 18 and 19.
Regarding Claim 20
Park-Lockhart discloses the method of claim 18, and Lockhart further discloses 
wherein the breach information source is a dark web service provider (Fig. 8, ¶ [0097], “At 802, the method 800 may include receiving PII data from a [breach information] source. In some embodiments, the [breach information] source may be an at-risk entity, a consumer, or another entity;” and ¶ [0040], “The compromised PII exchange system 102 may be configured to search data [as breach information] from multiple data sources 124, such as websites [with an associated service provider] that are not indexed on search engines (e.g., websites associated with the “Dark” web), to identify patterns of data that may represent PII data.”), the method further comprising: 
identifying, via the dark web service provider, dark web content (¶ [0040], “The compromised PII exchange system 102 may be configured to search [and thereby identify[]] data [as breach information] from multiple data sources 124, such as websites [with an associated service provider] that are not indexed on search engines (e.g., websites associated with the ‘Dark’ web), to identify patterns of data that may represent PII data,” i.e., dark web content related to PII is possessed by dark web service provider, and thus identifying of the dark web content by the PII exchange system is via the dark web service provider) including a breached information element (Fig. 8, ¶¶ [0098]-[0099], “At 806, the method 800 may include comparing the encrypted PII data to a database of [identified] compromised identities [that comprises breach information],” and “At 804, the method 800 may include re-encrypting the PII data using a different key for each field [that comprises a  breached information element]”); 
retrieving, via the network, the dark web content (Fig. 8, ¶ [0097], “FIG. 8 is a flow diagram of a method 800 of a method of exchanging [and thereby retrieving via the network] compromised identity data [that comprises dark web content], in accordance with certain embodiments of the present disclosure. At 802, the method 800 may include receiving [and thereby retrieving] PII data [as dark web content] from a [dark web] source. In some embodiments, the [breach information] source may be an at-risk entity, a consumer, or another entity [such as dark web service provider that is a source of dark web content]”); 
excerpting from the dark web content, the breached information element (¶¶ [0043]-[0044], “In certain embodiments, the pattern analytics 134 may identify [and excerpt[]] patterns of digits representing commonly breached pieces of PII data [as a breached information element], such as social security numbers, phone numbers, and credit card numbers [as electronic transaction information], which may be verified by the PII detector 136,” and ¶ [0100], “In certain embodiments, the risk score may be based on a variety of data, including data about the breach event, data about the field that was [excert[ed] and subsequently] matched (i.e., date of birth versus social security number),…”); 
comparing the breached information element with the consumer profile information (Fig. 8, ¶ [0099], “At 806, the method 800 may include comparing the encrypted PII data [comprising consumer profile information, e.g., a social security number] to a database of compromised identities [comprising the breached information element, e.g., a social security number].”); 
wherein comparing the breached information element (Fig. 8, ¶ [0099]) includes: determining a match between the breached information [element, see § 112(b) rejection] and the consumer profile information (Fig. 9, ¶¶ [0100]-[0102], “If there is a [determin[ed]] match at 904, the method 900 advances to 910 to determine [breached] information [element] about each breach based on the match data. In some embodiments, the information about each breach may include a risk score reflecting multiple matches between the compromised PII data [that includes consumer profile information, e.g., a social security number, that was matched with the breached information element, e.g., a social security number] of a particular breach;” “In certain embodiments, the risk score may be based on a variety of data, including data about the breach event, data about the field [as the breached information element] that was matched (i.e., date of birth versus social security number [as included with the consumer profile information]),…;” and ¶¶ [0043]-[0044], “In certain embodiments, the pattern analytics 134 may identify patterns of digits representing commonly breached pieces of PII data [with each piece as a breached information element related to consumer profile information], such as social security numbers, phone numbers, and credit card numbers, which may be verified by the PII detector 136”); 
appending the {consumer} breach {history profile (Park ¶ [0030])} when a match is determined (see § 112(b) rejection as this step is identically recited in claim 18; ¶¶ [0047]-[0048], “By including an event identifier [as breach event information], subsequent usages of the data may be correlated to the data exposure event, making it possible to potentially fraudulent activity based on usage of such exposed data. Further, when multiple matches are found between the extracted or identified PII data patterns and the compromised PII data that share a common data exposure event, the risk score associated with any PII data that corresponds to the common data exposure event may be increased to reflect the potential that usage indicates potentially fraudulent activity,” i.e., in order to determine that “compromised PII data” as related consumer profile information “share[s]” a “common data exposure event” as a breach event, the compromised PII as related consumer profile information that forms the basis of the consumer breach history profile must be append[ed] with the “event identifier” as breach event information of the “data exposure event” in order to perform a “subsequent” data analysis of determined matched breach events or else the commonality can’t be detected, or more succinctly, the compromised data possesses a breach identifier that was appended in order to subsequently relate compromised data to the breach event); 
wherein appending the consumer breach history profile (¶¶ [0047]-[0048]) includes: 
generating, in the database, a breach event [see § 112(b) rejection] including the breached information element (¶¶ [0047]-[0048], “By including an [breach] event identifier [for the breach event], subsequent usages of the [associated or stored] data [that relates to the PII/consumer breach history profile] may be correlated to the data exposure event [involving the breached information element], making it possible to (sic) potentially fraudulent activity based on usage of such exposed data. Further, when multiple matches are found between the extracted or identified PII data patterns and the compromised PII data [as the breached information element] that share a common data exposure event, the risk score associated with any PII data that corresponds to the common data exposure event may be increased to reflect the potential that usage indicates potentially fraudulent activity,” i.e., in order to determine that “compromised PII data” related to the breach event “share[s]” a “common data exposure event,” the compromised PII involving the breached information element must be generated, in the database, with the “event identifier” for the breach event of a “data exposure event” or else the commonality can’t be detected, or more succinctly, the compromised data possesses a breach identifier in order to subsequently relate compromised data to the breach event); and 
associating, in the database, the breach event [see § 112(b) rejection] with the consumer breach history profile (¶¶ [0047]-[0048], “By including an [breach] event identifier [for the breach event], subsequent usages of the [associated or stored] data [that relates to the PII/consumer breach history profile] may be correlated to the data exposure event, making it possible to (sic) potentially fraudulent activity based on usage of such exposed data. Further, when multiple matches are found between the extracted or identified PII data patterns and the compromised PII data that share a common data exposure event, the risk score associated with any PII data that corresponds to the common data exposure event may be increased to reflect the potential that usage indicates potentially fraudulent activity,” i.e., in order to determine that “compromised PII data” related to the breach event “share[s]” a “common data exposure event,” the compromised PII as related consumer profile information that forms the basis of the consumer breach history profile must be associated with the “event identifier” for the breach event of a “data exposure event” in the database or else the commonality can’t be detected, or more succinctly, the compromised data possesses a breach identifier in order to subsequently relate compromised data to the breach event).
Regarding the combination of Park and Lockhart, the rationale to combine is the same as provided for claim 18 due to the overlapping subject matter between claims 18 and 20.
D.	Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over Park in view of Lockhart, and further in view of Adjaoute
Regarding Claim 17
Park-Lockhart discloses the method of claim 13, and Park further discloses 
further comprising: 1…, a completion status of the mitigating action (¶¶ [0074]-[0075], “In an embodiment, cyber-security system 201 may automatically initiate closing of select accounts,” and “In an embodiment, a user's email account may be monitored at a predetermined frequency in order to update the account listings. The newly generate lists may be compared to previously generated lists highlighting changes for the consumer,” i.e., the “updat[ing]” occurs after one mitigation action as a closing of an account is completed); and 
generating, via the consumer breach history profile, a consumer identity score defined by a combination of the at least one breached information element and… 2 (¶¶ [0100]-[0102], “Based on the data, a risk score may be calculated [and thereby generated] that can reflect the probability that a particular piece of consumer data may be misused,” “The risk score may be based both on a comparison to the database of compromised identities [of “consumer data” thus creating an consumer identity score] and on a comparison to the database of scraped data,” and “ In some embodiments, the information about each breach may include a risk score reflecting multiple matches between the compromised PII data [associated with the consumer breach history profile] of a particular breach or data exposure event ”).  
Park-Lockhart doesn’t disclose
1 indicating, in the consumer breach history profile, {a completion status}…	
2 {a consumer identity score defined by}…the one or more mitigation actions associated with the breach clarity history profile.
Lockhart further discloses
	1 indicating, in the consumer breach history profile, {a completion status}… (¶¶ [0047]-[0048], “By including an event identifier, subsequent usages of the data may be correlated to the data exposure event, making it possible to (sic) potentially fraudulent activity based on usage of such exposed data. Further, when multiple matches are found between the extracted or identified PII data patterns and the compromised PII data that share a common data exposure event, the risk score associated with any PII data that corresponds to the common data exposure event may be increased to reflect the potential that usage indicates potentially fraudulent activity,” i.e., both Park and Lockhart disclose the storage of data to “update” and have “subsequent usage,” with the storage of data being associated with a consumer breach history profile that is correlated with a breach.  The option to close an account to the consumer/user is no longer viable when it has been completed; thus, in order to maintain the “update[s],” it would be obvious to one skilled in the art that the status of accounts needs be recorded and tracked within the consumer breach history profile, as without such an indicat[ion] of a completion status it would not be apparent what mitigation actions (i.e., closing of particular accounts) have been completed.  See MPEP § 2141(III));
Adjaoute, however, discloses
	2 {a consumer identity score defined by} …the one or more mitigation actions associated with the [consumer] breach (Fig. 7, ¶¶ [0111]-[0113], “A corresponding set of warning triggers 730-734 [as mitigation actions] is fed back to all the applied fraud channel models 708-712 [analogous to the consumer breach history profile]. The compromised accountholder result 728 [or accountholder fraud scoring/consumer identity score] can be expected to be a highly accurate and early protection warning,” i.e., the use of the “warning triggers 730-734” define the fraud score 728/consumer identity score because they ultimately affect the results of the fraud score via the feedback between different channels).
Regarding the combination of Park and Lockhart, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the data breach method of Park to have included the profile feature of Lockhart. One of ordinary skill in the art would have been motivated to incorporate the profile feature of Lockhart because Lockhart teaches “subsequent uses of the data” can be “correlated to a data exposure event” that thereby “mak[es] it possible to [monitor] potentially fraudulent activity based on usage of such exposed data,” see Lockhart ¶ [0047], and the implementation of maintaining within the profile feature a “completion status of the mitigation action” against the “potentially fraudulent activity” improves security.
	Regarding the combination of Park-Lockhart and Adjaoute, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the data breach method of Park to have included the scoring feature of Adjaoute. One of ordinary skill in the art would have been motivated to incorporate the scoring feature of Adjaoute because Adjaoute teaches the “compromised accountholder score result 728 can be expected to be a highly accurate and early protection warning” when the “score result” is “defined” be “[feeding] back” warning triggers,” see Adjaoute ¶ [0113]. 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to D'ARCY WINSTON STRAUB whose telephone number is (303)297-4405. The examiner can normally be reached Monday-Friday 9:00-5:00 Mountain Time.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ASHOKKUMAR B PATEL can be reached on (571)272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/D'Arcy Winston Straub/Examiner, Art Unit 2491