DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 06/22/2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement(s)  is/are being considered by the examiner. 

Status of Claims
This Office action is in reply to Applicant filing of 06/22/2022.
Claims    1, 8, 9, 11, 16, and 17 have been amended by Applicant.
Claims    2 - 7, 10,  12 - 15, and 18 - 20 remain as original.
Claims 1 - 20 are currently pending and have been examined.
THIS ACTION IS MADE FINAL.

Response to Arguments
The prior 35 USC 112(b) rejection as to claim 16 has been withdrawn due to Applicant's arguments and/or amendments.
With regard to the limitations of claims  1 -  20, Applicant argues that the claims as amended are patent eligible under 35 USC 101 because they meet the analysis set forth by the Supreme Court. Remarks 7 - 12. Examiner respectfully disagrees.  The subject claims noted were analyzed using the 2019 PEG guidelines and are still considered ineligible under U.S.C. The subject claims are not eligible under 35 USC 101 because they do not meet the requirements of the test set forth by the Supreme Court. Step 1 is met because the claims are directed towards one of the four statutory categories; Part 2A-Prong1 of the test is trying to evaluate if the claims recite a judicial exception (an abstract idea enumerated in the 2019 PEG);  Part 2A-Prong 2 is to evaluate whether the subject claims recite additional elements that integrate the exception into a practical application, and, lastly, Part 2B checks whether the amount to significantly more than the abstract idea. A detailed and formal analysis pursuant to 35 USC 101 as the same applies to the amended claim set will follow below.
As respects 35 USC 101, the claims as a whole amount to a drafting effort designed to monopolize the exception.  The additional limitations when taken individually and in combination are not sufficient to amount to significantly more than the judicial exception because the claims do not provide improvements to another technology or technical field, improvements to the function of the computer itself, nor do they provide meaningful limitations beyond generally linking the use of an abstract idea to a particular technological environment. Accordingly, the claim(s) recite an abstract idea. A detailed and formal analysis pursuant to 35 USC 101 as the same applies to the specifics of the claims follows below.
Applicant apparently argues at length per 35 USC 101 that claims 1 - 20 are neither generic nor conventional, and, thus, cannot be rejected per 35 USC 101. Remarks 7.  Examiner respectfully disagrees. No specific improvement to a computer / computer technology is set forth. Judging a user's trustworthiness does not so qualify, at least not on the facts argued.
Applicant argues that the claims are not directed to an abstract idea, and, instead, are directed to a practical application. Remarks 8 -9.  As above, the so called "practical application" is at a minimum quite unclear.  The claims as presently amended recite the abstract idea of:
authorizing a so called transaction by assessing "deterministic" events in connection with a user.
More detail with regard to why this application's claims are not patent eligible will follow in the formal 35 USC 101 analysis.
Applicant apparently argues that its claims are integrated into a practical application. Remarks 9 - 10. It then cites Specification at [070] in support thereof. That said, looking at a user's behavior deviances from the norm to estimate a potential fraud level, again, is not an improvement to a computer. It is the application, without more, of a computer to perform or automate an abstract idea.
Applicant argues so called "Step 2B". Remarks 11.  The argument however smacks of a 35 USC 103 analysis. Namely, Applicant argues that examiner has not "provided documents", Remarks 11, that apparently meet the Application's claims, and, thus, is 35 USC 101 deficient. Additionally, apart from their citing long passages of the claims as amended, no support of an inventive concept per Step 2B exists.
Applicant's arguments respecting 35 USC 102 are moot. Examiner in consideration of Applicant's arguments and amendments has remapped the claims as amended pursuant to 35 USC 103 utilizing a combination of prior art.  New motivation statement(s) as to the obviousness of combining  Choudhuri (US20130024375A1) in view of Cheston (US20080141037A1) in terms of 35 USC 103 have also been set forth, which statements were not addressed by said Remarks.  A formal analysis pursuant to 35 USC 103 as the same now applies to the amended claim set will follow below.
Generally as to obviousness, examiner submits that it is determined on the basis of the evidence as a whole and the relative persuasiveness of the arguments. See In re Oetiker, 977 F.2d 1443, 1445, 24 USPQ2d 1443, 1444 (Fed. Cir. 1992); In re Hedges, 783 F.2d 1038, 1039, 228 USPQ 685,686 (Fed. Cir. 1992); In re Piasecki, 745 F.2d 1468, 1472, 223 USPQ 785,788 (Fed. Cir. 1984); and In re Rinehart, 531 F.2d 1048, 1052, 189 USPQ 143,147 (CCPA 1976). Using this standard,  examiner submits that the burden of presenting a prima facie case of obviousness was successfully established in the prior Office Action of 05/03/2022, and also respecting the pending amended claim set of 06/22/2022, as seen below.
Examiner recognizes that references cannot be arbitrarily altered or modified, and that there must be some reason why a person having ordinary skill in the relevant art would be motivated to make the proposed modifications. Although the motivation or suggestion to make modifications must be articulated, it is respectfully submitted that there is no requirement that the motivation to make modifications must be expressly articulated within the references themselves. References are evaluated by what they suggest to one versed in the art, rather than by their specific disclosures, In re Bozek, 163 USPQ 545 (CCPA 1969).
Examiner also notes that the motivation to combine the applied references is, where appropriate in the below detailed analysis pursuant to 35 USC 103, additionally accompanied by select passages from the respective references which specifically support that particular motivation. It is also respectfully submitted that motivation based on the logic and scientific reasoning of one ordinarily skilled in the art at the time of the invention, which evidence can also support a finding of obviousness, is otherwise provided in the detailed 35 USC 103 analysis of the claim set below.  In re Nilssen, 851 F.2d 1401, 1403, 7 USPQ2d 1500, 1502 (Fed. Cir. 1988) (references do not have to explicitly suggest combining teachings); Ex parte Clapp, 227 USPQ 972 (Bd. Pat. App. & Inter. 1985) (examiner must present convincing line of reasoning supporting rejection); and Ex parte Levengood, 28 USPQ2d 1300 (Bd. Pat. App. & Inter. 1993) (reliance on logic and sound scientific reasoning).
Examiner recognizes that obviousness can only be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to a person of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988) and In re Jones, 958 F.2d 347.

Examiner Note
While none are imposed at this time, examiner will likely place Obviousness type Double Patenting rejections on the claims herein based on a multitude of quite similar applications filed by the same inventor(s) / Applicant.   These applications may well end up having objectively similar claims. However, at this time, since all of the ODP candidates' claims are still morphing, judgment will be withheld on this point. This issue will be revisited at the next opportunity, should one exist.

Claim Objection
Claim 20 is objected to as it has likely has omitted the word "(original)" from said claim. 
Appropriate correction is required.

Drawing Objection
The drawing(s) is/are objected to as failing to comply with 37 CFR 1.84(p)(5).  Corrected drawing sheets in compliance with 37 CFR 1.121(d), or amendment to the specification to add the reference character(s) in the description in compliance with 37 CFR 1.121(b) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
New corrected drawing(s) in compliance with 37 CFR 1.121(d) are required in this application because FIG. 4 of the drawings is illegible and does not comply with line uniformity, density definition requirement and the use of shading standards put forth in 37 CFR 1.84 (l) and (m): 
(l) All drawings must be made by a process which will give them satisfactory reproduction characteristics. Every line, number, and letter must be durable, clean, black (except for color drawings), sufficiently dense and dark, and uniformly thick and well-defined. The weight of all lines and letters must be heavy enough to permit adequate reproduction. This requirement applies to all lines however fine, to shading, and to lines representing cut surfaces in sectional views. Lines and strokes of different thicknesses may be used in the same drawing where different thicknesses have a different meaning. 
(m) Shading. The use of shading in views is encouraged if it aids in understanding the invention and if it does not reduce legibility. Shading is used to indicate the surface or shape of spherical, cylindrical, and conical elements of an object. Flat parts may also be lightly shaded. Such shading is preferred in the case of parts shown in perspective, but not for cross sections. See paragraph (h)(3) of this section. Spaced lines for shading are preferred. These lines must be thin, as few in number as practicable, and they must contrast with the rest of the drawings. As a substitute for shading, heavy lines on the shade side of objects can be used except where they superimpose on each other or obscure reference characters. Light should come from the upper left corner at an angle of 45°. Surface delineations should preferably be shown by proper shading. Solid black shading areas are not permitted, except when used to represent bar graphs or color. 
Corrected drawing sheet(s) in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as "amended." If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either "Replacement Sheet" or "New Sheet" pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
Applicant is advised to employ the services of a competent patent draftsperson outside the Office, as the U.S. Patent and Trademark Office no longer prepares new drawings. 
Examiner further notes that due the grayscale conversion process inherent in the Office's electronic application filing system, elements and other writings of FIG. 4 will likely be further illegible which interferes with providing a clear disclosure of the invention to the public.
Applicant may further refer to MPEP § 608.02 et seq. for further information regarding acceptability of drawings presented in a utility patent application.
Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Claim Rejections - 35 USC § 101

35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1 - 20 as amended are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  

Independent claim 1 is directed to a method (process), independent claim 11 is directed to a server (machine), and independent claim 17 (composition) is directed to a CRM, all of which are statutory categories of invention pursuant to 35 USC 101. (Step 1: YES, the independent claims all fall within a statutory category).
Independent method claim 1 (and claims 11 and 17 as above) recites:
receiving signal data from a subscriber indicating that a subscriber initiated a transaction; accessing a data store to determine occurrence of one or more deterministic events with respect subscriber such as password resets; determine one or more behavior norms specific to the subscriber; and generating a an authentication, authorization, and/or auditing status of the transaction, dependent, at least in part, on the occurrence of the one or more deterministic events in relation to the one or more behavior norms.  
Several dependent claims further refine the abstract idea of claim 10 (17):
computing a first trust measure responsive to determining the occurrence of the one or more deterministic events; computing at least a second trust measure responsive to determining the one or more behavior norms specific to the subscriber; and determining the authentication, authorization, and/or auditing status of the transaction based, at least in part, on the first trust measure and the second trust measure (claim 2); determining the authentication, authorization, and/or auditing status of the transaction includes combining the first trust measure with at least the second trust measure to generate a combined trust measure that is greater than the first trust measure. (claim 3);determining the authentication, authorization, and/or auditing status of the transaction includes combining the first trust measure with at least the second trust measure to generate a combined trust measure that is less than or equal to the first trust measure (claim 4); wherein at least the first one of the one or more deterministic events is weighted differently than at least a second one of the one or more deterministic events. (claims 5,18);  wherein a deterministic event of the one or more deterministic events corresponds to a standalone historical event or a real-time event. (claims 6,13); wherein the one or more deterministic events correspond to at least one of the following: a velocity-type measure of one or more historical events; a tenure-type measure of one or more historical events; a real-time event measure; or any combination thereof. (claims 7,14); wherein one or more deterministic events correspond to one or more of the subscriber's off-line activities unrelated to the transaction. (claim 8);  wherein the one or more deterministic events comprise at least one of the following: reading, via a device affiliated with the subscriber, a machine- readable code; accessing content from a device external to the device affiliated with the subscriber; communicating with a wireless access point affiliated with the subscriber; or any combination thereof. (claims 9,15); wherein the one or more behavioral norms specific to the subscriber with respect to the mobile device are at least partially derived from a historical record of the occurrence of the one or more deterministic events performed by the subscriber with respect to the mobile device. (claim 10);  wherein the data store accessed by the at least one processor communicatively coupled to the at least one memory comprises: a first database to store records relevant to the one or more deterministic events with respect to the mobile device; and a second database to store records relevant to the one or more behavior norms specific to the subscriber with respect to the mobile device. (claim 12); wherein the one or more deterministic events corresponds to the subscriber initiating an application for credit at a geographical location widely separated from the subscriber's home. (claim 16); wherein the one or more deterministic events comprise at least one of the following: porting of a telephone number within a first period of time; replacing a subscriber identity module (SIM) within a second period of time; obtaining a mobile device, previously unused by the subscriber, within a third period of time; and the subscriber resetting a password within a fourth period of time. (claim 19); wherein the one or more behavior norms comprise at least one of the following: the subscriber's history of porting a telephone number within a first period of time; the subscriber's history of replacing a SIM within a second period of time, the subscriber's history of obtaining a mobile device, previously unused by the subscriber, within a third period of time; the subscriber's history of resetting a password within a fourth period of time, or any combination thereof. (claim 20).
  The claim(s) thus recite the abstract idea of:
authorizing a so called "transaction" by using a password or other identifier. 
Note that the above said abstract idea set forth by the claims as amended,  can be characterized as a user simply swapping his/her phone carrier company for another, a longstanding and well known abstract idea, and needing some sort of identification, say, a password for the account, to do so.
The above claim limitations, under their broadest reasonable interpretation, cover performance of the limitation(s) as certain methods of organizing human activity which include a fundamental principal or practice and/or a commercial interaction. As such, the limitations fall within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas. (Step 2A - Prong 1: YES. The claims recite an abstract idea).
The above referenced independent claim limitations do not integrate the abstract idea into a practical application as those limitations simply apply generic computer components to the recited abstract idea, without more. They otherwise attempt to use a computer as a tool to perform the abstract idea. The server, processor, memory, communications network, and mobile device, additional limitations of the independent claims  are simply being applied as tools as against the abstract idea. The recitation of a generic computer component(s) in a claim does not necessarily preclude that claim from reciting an abstract idea. These computer / computer related elements are simply applied as tools to the abstract idea. The limitations of the above analyzed claim(s) are all recited at a high-level of generality (e.g., a generic computer performing a generic computer function). The claims' additional elements (noted above) do not integrate the articulated abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea, and those additional elements are also set forth at a high level of generality. 
The dependent claims as above lack any elements, whether computer related (including device, machine readable code, external device, data storage device(s),  wireless access point, and SIM device), or not (subscriber's home), which are sufficient to amount to significantly more than the above stated abstract idea(s), either separately or as an ordered combination.
The claims are directed to an abstract idea without a practical application.  (Step 2A-Prong 2: NO. The additionally claimed elements in the claims do not integrate the abstract idea into a practical application).
The claims lack additional elements which are sufficient to amount to significantly more than the abstract idea (judicial exception), either separately or as an ordered combination. This lack of providing significantly more than the judicial exception is also referred to as a claim lacking an  “inventive concept”. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements consisting here of various pieces of computer hardware amount to no more than mere instructions to perform the judicial exception by applying generic computer(s) / computer components to it. Mere instructions to perform a judicial exception by applying generic computer components to it cannot provide an inventive concept. This Application's lack of providing significantly more than the judicial exception is also referred to as its claims lacking an “inventive concept. See MPEP 2106.05(f) where applying a computer as a tool is not indicative of significantly more. The above noted non-computer related elements do not change the outcome of the analysis, as they all depend from said independents and they simply further limit ways which the abstract idea may be performed.  (Step 2B: NO. The claims do not provide significantly more than the judicial exception).

Claims 1 - 20  as amended remain patent ineligible pursuant to 35 USC 101.  
 



Claim Rejections – 35 USC 103


In the event the determination of the status of the application as subject to AIA  35 USC 102 and 103 (or as subject to pre-AIA  35 USC 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 USC 103 which forms the basis for all obviousness rejections set forth in this Office Action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 USC 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating
     obviousness or nonobviousness.



Claims 1 - 20  are rejected under 35 USC 103 as being unpatentable over Choudhuri (US20130024375A1) in view of Cheston (US20080141037A1)..

Regarding claims 1, 11, 17: 
Choudhuri discloses:
receiving, at a server coupled to a communications network, a first signal indicating that a subscriber of a mobile device has initiated a transaction; ("The invention comprises receiving financial transaction data associated with one or more financial transactions; executing a preliminary fraud filtration on the financial transaction data using a first attribute; identifying one or more potentially fraudulent transactions when the one or more financial transactions meet the criteria of the preliminary fraud filtration; executing a user defined fraud filtration on the financial transaction data of one or more preliminary potentially fraudulent transactions identified in the preliminary fraud filtration using a second attribute; identifying one or more user defined potentially fraudulent transactions when the one or more preliminary potentially fraudulent transaction meet the criteria of the user defined fraud filtration; and initiating a fraud detection-related action for the one or more user defied potentially fraudulent transactions.", [004]) and ("As illustrated, the financial transaction environment 300 includes a plurality of channels for initiating a financial transaction such as a POS purchase 320, electronic funds transfer (EFT) 325, an ATM 330, a financial institution teller 335, an internet transaction 340, personal checks 345, and other financial transaction channels 350.", [071]) and ("The transaction identified as potentially fraudulent may be subject to one or more additional stages of more intense filtering, such as through user defined rules set up by fraud investigators.", [003]);
accessing a data store to determine occurrence of one or more deterministic events with respect to the mobile device;  In accord with examiner's obligation to employ Broadest Reasonable Interpretation (BRI) in interpreting claim terms, the claim term "deterministic event(s)" is, in light of the Specification [005], interpreted to include any  past or real-time event of whatsoever kind vis a vis the above said "mobile device"  (and note that BRI will be similarly employed vis a vis claim terms throughout this analysis), that said   .   .   .   ("In yet other embodiments of the invention, the first attribute or the second attribute comprises transaction information, such as an amount of the transaction, a transaction channel, a transaction time, or a customer related to the transaction.", [006]) and ("In still other embodiments of the invention, the first attribute or the second attribute comprises account events.", [007]) and ("In further accord with embodiments of the present invention, the first attribute or the second attribute comprises customer behavior", [008]) and ("It will be understood that one or more devices, such as one or more mobile device and/or one or more other computing devices and/or servers, can be configured to perform one or more steps of the method 500. In some embodiments, the one or more devices performing the steps are associated with a financial institution. In other embodiments, the one or more devices performing the steps are associated with a business, third party, and/or user.", [091])
accessing the data store to determine one or more behavior norms specific to the subscriber with respect to the mobile device; and In accord with examiner's obligation to employ Broadest Reasonable Interpretation (BRI) in interpreting claim terms, the claim term "behavioral norms" is, in light of the Specification [005], interpreted to include any  past or real-time doings of whatsoever kind regarding the user vis a vis the "mobile device",  that said   .   .   .    ("The first rule in the first stage filtration may include a calculation, an algorithm, or any type of formula for eliminating subsets of data from a data pool based on specified criteria. In some embodiments, for example, the first rule includes a transaction or monetary amount, a type of account (e.g., a checking account, a savings account, a basic checking account, a premier checking account, etc.), a type of user (e.g., an individual, joint account holders, a business, etc.), a financial transaction channel, a type of transaction, previous transactional behavior of a user, and the like. In one embodiment, the first rule includes a predetermined transaction amount. In some embodiments, the first rule includes a time period. For example, in some embodiments, the first rule includes time stamps associated with one or more transactions. The filtered data may include, for example, only transactions that occur on a certain day or week. It will be understood that the first rule includes one or more rules and/or filter criteria. The first rule may include, for example, a dollar amount and a type of account. It will be further understood that the transaction data may be filtered any number of times and in any order as described above with respect to FIGS. 1 and 2. For example, the transaction data can be filtered based on the financial transaction channel and then subsequently filtered based on a transaction amount and/or type of user, or vice versa.", [094]) and ("It will be understood that one or more devices, such as one or more mobile device and/or one or more other computing devices and/or servers, can be configured to perform one or more steps of the method 500. In some embodiments, the one or more devices performing the steps are associated with a financial institution. In other embodiments, the one or more devices performing the steps are associated with a business, third party, and/or user.", [091]) and ("In yet other embodiments of the invention, the first attribute or the second attribute comprises transaction information, such as an amount of the transaction, a transaction channel, a transaction time, or a customer related to the transaction.", [006]);
generating, by the server coupled to the communications network, a second signal indicating an authentication, authorization, and/or auditing status of the transaction, ("In block 1128, the computer-implemented method 1100 may require enhanced user authentication after indicating a false positive. Enhanced user authentication may be confirmation from the user that the false positive should be processed or that the details of the transaction are correct. Requiring confirmation from the user is another means for determining that the transaction is in fact a false positive. In some embodiments, users may provide preferences that the user desires to be consulted before any transactions that have been flagged as potentially fraudulent are processed.", [0163]) and ("Turning briefly to FIG. 12, an example 1200 of one method of requiring enhanced user authentication is depicted. In an embodiment, a message 1212 is sent to a user 1208 requiring feedback from the user 1208 to authenticate the transaction. The message 1212 may be sent in the form of a text message, email, phone call, or other type of communication. In an embodiment, the user 1208 is contacted through a mobile device 1202 having a screen 1204 and an input device 1206. The message 1212 is depicted in the screen 1204, as shown in callout 1210. The user 1208 may reply to the message 1212 using the input device 1206 of the mobile device 1202 to confirm that the transaction should be processed. In one embodiment, sufficient details of the transaction are provided in the message 1212 to allow the user 1208 to identify the transaction and confirm whether the transaction is valid.", [0164]);
the authentication, authorization, and/or auditing status being dependent, at least in part, on the occurrence of the one or more deterministic events in relation to the one or more behavior norms. ("In still other embodiments of the invention, the first attribute or the second attribute comprises account events.", [007]) and ("In further accord with embodiments of the present invention, the first attribute or the second attribute comprises customer behavior.", [008]). 
Choudhuri does not expressly disclose, but Cheston teaches:
the one or more deterministic events relating to at least one of: porting of a subscriber identifier corresponding to the mobile device, subscriber tenure with respect to the mobile device, subscriber identity module tenure, and password reset occurrences; ("A computer system includes a CPU, a primary O.S. executable by the CPU, a HDD storing a copy of the primary O.S., and a memory accessible by the CPU and storing a basic input output system (BIOS). The system also includes a secondary O.S. In accordance with the present invention, the secondary O.S. can generate a password reset signal based on a number of unsuccessful log on attempts to any of the BIOS, HDD, and primary O.S. (as well as to primary O.S. applications), and/or the secondary O.S. can, based on a reset signal, automatically generate an intermediate password useful for accessing a component associated with the password to be reset.", [005]) and ("In a preferred embodiment, the reset signal is generated by the secondary O.S. based on a count of failed logon attempts generated by the primary O.S. Alternatively, the reset signal is generated by a human user. The preferred intermediate password is sent to a user, which sends back verification of receipt. The password is then protected by digitally signing and encrypting the password prior to making the password available to the primary O.S. Desirably, the secondary O.S. makes the intermediate password available to the primary O.S., and the primary O.S. can determine when an intermediate password is available upon start up of the primary O.S. and if so, reset the password to be the intermediate password. The primary O.S. contains system BIOS and conventional O.S", [006]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of this application to have modified Choudhuri to incorporate the teachings of Cheston because the system set forth in Choudhuri would increase its efficiency by being able to reset passwords as done in Cheston See [ABSTRACT] of Cheston).
Regarding claim 2:
The combination of Choudhuri and Cheston have all the limitations of claim 1.
Choudhuri further teaches:
computing a first trust measure responsive to determining the occurrence of the one or more deterministic events; computing at least a second trust measure responsive to determining the one or more behavior norms specific to the subscriber; and determining the authentication, authorization, and/or auditing status of the transaction based, at least in part, on the first trust measure and the second trust measure.  ("Embodiments of the invention comprise methods, systems, and/or computer program products for multi-stage filtering for fraud detection. The invention comprises receiving financial transaction data associated with one or more financial transactions; executing a preliminary fraud filtration on the financial transaction data using a first attribute; identifying one or more potentially fraudulent transactions when the one or more financial transactions meet the criteria of the preliminary fraud filtration; executing a user defined fraud filtration on the financial transaction data of one or more preliminary potentially fraudulent transactions identified in the preliminary fraud filtration using a second attribute; identifying one or more user defined potentially fraudulent transactions when the one or more preliminary potentially fraudulent transaction meet the criteria of the user defined fraud filtration; and initiating a fraud detection-related action for the one or more user defied potentially fraudulent transactions.", [004]), the so called "trust measure" and the above referenced "criteria of the user defined fraud filtration" are synonymous.
Regarding claim 3:
The combination of Choudhuri and Cheston have all the limitations of claim 2.
Choudhuri further teaches:
wherein the determining the authentication, authorization, and/or auditing status of the transaction includes combining the first trust measure with at least the second trust measure to generate a combined trust measure that is greater than the first trust measure.  ("Embodiments of the invention comprise methods, systems, and/or computer program products for multi-stage filtering for fraud detection. The invention comprises receiving financial transaction data associated with one or more financial transactions; executing a preliminary fraud filtration on the financial transaction data using a first attribute; identifying one or more potentially fraudulent transactions when the one or more financial transactions meet the criteria of the preliminary fraud filtration; executing a user defined fraud filtration on the financial transaction data of one or more preliminary potentially fraudulent transactions identified in the preliminary fraud filtration using a second attribute; identifying one or more user defined potentially fraudulent transactions when the one or more preliminary potentially fraudulent transaction meet the criteria of the user defined fraud filtration; and initiating a fraud detection-related action for the one or more user defied potentially fraudulent transactions.", [004]), the so called "trust measure" and the above referenced "criteria of the user defined fraud filtration" are synonymous.
Regarding claim 4:
The combination of Choudhuri and Cheston have all the limitations of claim 2.
Choudhuri further teaches:
wherein the determining the authentication, authorization, and/or auditing status of the transaction includes combining the first trust measure with at least the second trust measure to generate a combined trust measure that is less than or equal to the first trust measure.  Examiner interprets this limitation to include the meaning that no fraud threshold is triggered for a transaction,   .   .   . ("FIG. 10 is a flow diagram of a method for identifying false positive fraud alerts, in accordance with embodiments of the invention;", [033]).
Regarding claim 5,18:
The combination of Choudhuri and Cheston have all the limitations of claims 2 and 17, respectively:
Choudhuri further teaches:
wherein at least the first one of the one or more deterministic events is weighted differently than at least a second one of the one or more deterministic events. ("The weight that the customer history is given in a particular filtration stage may be determined by a fraud investigator using the multi-stage filtration process. Indeed, more weight may be given to certain aspects of customer history and less weight given to others.", [0124]).
Regarding claim 6, 13:
The combination of Choudhuri and Cheston have all the limitations of claims 1 and 11, respectively:
Choudhuri further teaches:
wherein a deterministic event of the one or more deterministic events corresponds to a standalone historical event or a real-time event. ("The weight that the customer history is given in a particular filtration stage may be determined by a fraud investigator using the multi-stage filtration process. Indeed, more weight may be given to certain aspects of customer history and less weight given to others.", [0124]).
Regarding claim 7, 14:
The combination of Choudhuri and Cheston have all the limitations of claims 1 and 11, respectively:
Choudhuri further teaches:
wherein the one or more deterministic events correspond to at least one of the following: a velocity-type measure of one or more historical events; a tenure-type measure of one or more historical events; a real-time event measure; or any combination thereof.  ("For example, the transaction request may be automatically declined if the transaction meets a predetermined transaction amount, if a suspicious transaction occurs at a specific time and/or location (or does not occur at a specific time and/or location), or if the online account security has been breached. In other embodiments, the transaction request is declined based on the geo-positioning data, customer history, account event, velocity data, and/or other attribute described herein.", [0136]).
Regarding claim 8:
The combination of Choudhuri and Cheston have all the limitations of claim 1:
Choudhuri further teaches:
wherein accessing the data store is additionally to determine one or more additional deterministic events that correspond to one or more of the subscriber's off-line activities unrelated to the transaction.. ("The interactions with the accounts may be direct or indirect. Indirect interaction may include an online or mobile banking session, in which the individual may not specifically interact with accounts but performs some other financial institution-related activity. As such, account event data may include, but is not limited to, data related to changing account authorization credentials, such as a user identifier and/or password; ordering/re-ordering financial products, such as checks, debit/credit card; linking one account to one or more other accounts; opening and/or closing accounts; addition and/or deletion of account users; changing customer or account-specific personal information, such as mailing address; balance inquiries and the like. In some embodiments the account events may be “non-monetary events” such that monetary events are not related to the account events, however, in some embodiments the account events may include a monetary component.", [044]), the above said "activities" may certainly occur off-line and/or obviously not related to a particular transaction.
Regarding claims 9, 15:
The combination of Choudhuri and Cheston have all the limitations of claims 8 and 11, respectively:
Choudhuri further teaches:
wherein the one or more deterministic additional events comprise at least one of the following: reading, via a device affiliated with the subscriber, a machine- readable code; accessing content from a device external to the device affiliated with the subscriber; communicating with a wireless access point affiliated with the subscriber; or any combination thereof. ("The financial transaction network 310 may provide for wireline, wireless, or a combination of wireline and wireless communication between communication devices in the financial transaction network 310. The financial transaction network 310, in some embodiments, includes the Internet.", [070]).
Regarding claim 10:
The combination of Choudhuri and Cheston have all the limitations of claim 1:
Choudhuri further teaches:
wherein the one or more behavioral norms specific to the subscriber with respect to the mobile device are at least partially derived from a historical record of the occurrence of the one or more deterministic events performed by the subscriber with respect to the mobile device. ("The weight that the customer history is given in a particular filtration stage may be determined by a fraud investigator using the multi-stage filtration process. Indeed, more weight may be given to certain aspects of customer history and less weight given to others.", [0124]) and ("Examples of filtering based on other attributes include a transaction amount, time period (e.g., the last month, a 24 hour period, etc.), location associated with a transaction, an account number, a card number, customer history, customer information, account events, etc. or combinations thereof. It will be understood that the additional filtering includes one or more rules and/or filter criteria. In some embodiments, the additional filtering includes different values of the same rules associated with first rule filtering and/or the velocity filtering in bocks 620 and 640.", [0120]).
Regarding claim 12:
The combination of Choudhuri and Cheston have all the limitations of claim 11:
Choudhuri further teaches:
wherein the data store accessed by the at least one processor communicatively coupled to the at least one memory comprises: a first database to store records relevant to the one or more deterministic events with respect to the mobile device; and a second database to store records relevant to the one or more behavior norms specific to the subscriber with respect to the mobile device.  ("Further, in some embodiments, the memory device 386 includes a datastore 385 or database configured for storing information and/or data. In other embodiments, the datastore 385 is housed remotely from the multi-stage filtering platform system 380 and the multi-stage filtering platform system 380 is in communication with the datastore 385 across the financial transaction network 310 and/or across some other communication link.", [077]).
Regarding claim 16:
The combination of Choudhuri and Cheston have all the limitations of claim 11:
Choudhuri further teaches:
wherein the one or more deterministic events corresponds to the subscriber initiating an application for credit at a geographical location widely separated from the subscriber's home. Please note the above referenced 35 USC 112(b) rejection as to this claim,  and in accordance therewith, examiner interprets the claim term "widely separated" to include any separation of any sort  whatsoever from said "home",   .   .   .   ("The interactions with the accounts may be direct or indirect. Indirect interaction may include an online or mobile banking session, in which the individual may not specifically interact with accounts but performs some other financial institution-related activity. Direct interactions may include, but are not limited to, data related to changing account authorization credentials, such a user identifier and/or password; ordering/re-ordering financial products, such as checks, debit/credit card account changes; linking one account to one or more other accounts; opening and/or closing accounts; addition and/or deletion of account users; changing customer or account-specific personal information, such as mailing address; balance inquiries and the like.", [079]) and ("For example, the geo-positioning of a point of sale (POS) transaction may be the physical location of the POS, the geo-positioning of an internet transaction may be the IP address of the user, etc. Geo-positioning data includes: a physical address; a post office box address; an IP address; a phone number, a locality (e.g., a state, a county, a city, etc.); a country; geographic coordinates; or any other type of data that indicates a geographical location. The geo-positioning data can be associated with a transaction, an account event, a user, a transaction device (e.g., POS, automated teller machine (ATM), physical teller at a bank, etc.), a financial institution, a business, the location of the user's mobile device, and the like. The geo-positioning data may include, for example, a place of domicile of a user, a work location of a user, a secondary home (e.g., a vacation home), etc.", [048]).
Regarding claim 19:
The combination of Choudhuri and Cheston have all the limitations of claim 17:
Choudhuri further teaches:
wherein the one or more deterministic events comprise at least one of the following: porting of a telephone number within a first period of time; replacing a subscriber identity module (SIM) within a second period of time; obtaining a mobile device, previously unused by the subscriber, within a third period of time; and the subscriber resetting a password within a fourth period of time.  ("The interactions with the accounts may be direct or indirect. Indirect interaction may include an online or mobile banking session, in which the individual may not specifically interact with accounts but performs some other financial institution-related activity. Direct interactions may include, but are not limited to, data related to changing account authorization credentials, such a user identifier and/or password; ordering/re-ordering financial products, such as checks, debit/credit card account changes; linking one account to one or more other accounts; opening and/or closing accounts; addition and/or deletion of account users; changing customer or account-specific personal information, such as mailing address; balance inquiries and the like.", [079]).
Regarding claim 20:
The combination of Choudhuri and Cheston have all the limitations of claim 17:
Choudhuri further teaches:
wherein the one or more behavior norms comprise at least one of the following: the subscriber's history of porting a telephone number within a first period of time; the subscriber's history of replacing a SIM within a second period of time, the subscriber's history of obtaining a mobile device, previously unused by the subscriber, within a third period of time; the subscriber's history of resetting a password within a fourth period of time, or any combination thereof.  ("The interactions with the accounts may be direct or indirect. Indirect interaction may include an online or mobile banking session, in which the individual may not specifically interact with accounts but performs some other financial institution-related activity. Direct interactions may include, but are not limited to, data related to changing account authorization credentials, such a user identifier and/or password; ordering/re-ordering financial products, such as checks, debit/credit card account changes; linking one account to one or more other accounts; opening and/or closing accounts; addition and/or deletion of account users; changing customer or account-specific personal information, such as mailing address; balance inquiries and the like.", [079]).

Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
The following prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Please see attached form 892.
Mohammed  (US20140199962A1) - Disclosed is system comprising: a server platform operative to communicate with a wireless communication network; and data storage coupled to the server platform to store a plurality of business rules, wherein the server platform is operative to: generate a first provision instruction to provision a Policy and Charging Rules Function (PCRF) with a first rule set associated with a first set of business rules for wireless usage incurred by a mobile terminal operating in the wireless communication network; generate a first billing instruction based on the first set of business rules and a first data type determined by a packet gateway that inspects packet data communicated to or from the mobile terminal.
Adjaoute  (US20150039513A1) - A real-time fraud prevention system enables merchants and commercial organizations on-line to assess and protect themselves from high-risk users. A centralized database is configured to build and store dossiers of user devices and behaviors collected from subscriber websites in real-time. Real, low-risk users have webpage click navigation behaviors that are assumed to be very different than those of fraudsters. Individual user devices are distinguished from others by hundreds of points of user-device configuration data each independently maintains. A client agent provokes user devices to volunteer configuration data when a user visits respective webpages at independent websites. A collection of comprehensive dossiers of user devices is organized by their identifying information, and used calculating a fraud score in real-time. Each corresponding website is thereby assisted in deciding whether to allow a proposed transaction to be concluded with the particular user and their device.
Busch (US20120303455A1) -  In general, the invention relates to methods and systems that record the location of a user and transmit targeted content to a user based upon their current and past location information. A network includes a server programmed with a database of location information, a database of user information, and a wireless communication system capable of communicating with the user's mobile device. The location of the mobile device is ascertained and recorded. The system determines the businesses visited by the user. Managers of physical business locations provide content relating to their physical business locations the system. The content is caused to be transmitted to the mobile devices on behalf of the managers when it is reported that the mobile device is located at the physical business location. 
Priess (US20150026027A1) -  Systems and methods comprise a platform including a processor coupled to a database. Risk engines are coupled to the platform and receive event data and risk data from data sources. The event data comprises data of actions taken in a target account during electronic access of the account, and the risk data comprises data of actions taken in a accounts different from the target account. The risk engines, using the event data and the risk data, dynamically generate an account model that corresponds to the target account, and use the account model to generate a risk score. The risk score represents a relative likelihood an action taken in the target account is fraud. A risk application coupled to the platform includes an analytical user interface that displays for the actions in the target account at least one of the risk score and event data of any event in the account.
Proud  (US20140247144A1) - A method is provided for obtaining monitored information about an individual and provide the individual with feedback. A monitoring device with one or more sensors is used to measure or detect individual information selected from of at least one of, an individual's activities, behaviors and habit information, and an individual's health. The monitoring device has ID circuitry with an ID storage that contains a unique individual ID, a communication system which reads and transmits the unique individual ID from the ID storage, a power source and a pathway system. The monitoring device communicates with a telemetry system. The telemetry system has a database that includes base individual information selected from at least one of, individual physiological information, information that is indicative of the individual's activities, data indicative of one or more contextual parameters of the individual and information regarding a degree to which an individual has followed a routine.
Chintakindi (US20200104876A1) -  Methods, computer-readable media, systems, and/or apparatuses are provided for providing offer and insight generation functions. User input requesting an offer or insight may be received and an image of a photographic identification of a user may be requested. The image of the photographic identification may be captured and stored. A self-captured image of the user may be captured (e.g., via an image capture device of the computing device) and compared to an image of a user from the photographic identification. Responsive to determining that the images match, displaying an instruction to capture a vehicle identification number. The vehicle identification number may be captured. Data, including location data, may be extracted and an archive including the extracted data may be generated and the data may be transmitted to an entity computing system for processing. The entity computing system may evaluate the data and generate one or more insights and/or outputs.
Nahari (US20170053107A1) - Methods, systems, and computer program products for providing behavioral stochastic authentication (BSA) are disclosed. For example, a computer-implemented method may include authenticating a user of a mobile device at a plurality of different times based on authentication credentials, collecting stochastic data associated with the mobile device during time periods corresponding to authenticating the user of the mobile device at the plurality of different times, and in response to an authentication request, authenticating the user of the mobile device based on comparing current data associated with the mobile device and the collected stochastic data to determine that the user of the mobile device is trusted.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHEW COBB whose telephone number is (571) 272-3850. The examiner can normally be reached 9 - 5, M - F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Michael W. Anderson can be reached at (571) 270-0508. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.





/MATTHEW COBB/Examiner, Art Unit 3698          
/BRUCE I EBERSMAN/Primary Examiner, Art Unit 3698