DETAILED ACTION
Claims 1-4, 8-11 and 14-17 are pending in this application.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 8 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Pub. No. 2018/0041595 A1 to Dintenfass in view of U.S. Pat. No. 11,184,392 B2 issued to Thomas et al. and further in view of U.S. Pub. No. 2012/0036452 A1 to Coleman et al. and further in view of U.S. Pub. No. 2017/0286671 A1 to Chari et al.

As to claim 1, Dintenfass teaches a system for resource monitoring and transmitting electronic alerts using event-based triggers, the system comprising: 
a memory device with computer-readable program code stored (Memory Device 220) thereon; 
a communication device (Network Interface 260); and 
a processing device operatively coupled to the memory device and the communication device (Processor 210), wherein the processing device is configured to execute the computer-readable program code to: 
continuously monitor (Resource Activity Monitoring and Alert Application 500) a user account in real time/detect a trigger event associated with the user account, wherein the trigger event comprises a resource transfer request, wherein a resource transfer type associated with the resource transfer request is associated with unauthorized activity (The user resource activities and the related predetermined conditions for triggering an alert may vary and may be based on any designated user resource activity . For example , the user resource activity may comprise an account balance where the condition is the balance of the account falling below a minimum that may potentially result in an overdraft or penalty . In another exemplary embodiment the user resource activity maybe purchases on a credit or debit card where the related condition is unusual activity on the user account . In another exemplary embodiment the user resource activity maybe purchases on a credit or debit card where the related condition is nearing a credit limit . In another exemplary embodiment the user resource activity may be a direct deposit and the condition may be a missed deposit . In yet another exemplary embodiment the user resource activity may be a loan and the condition may be a late payment . In still another exemplary embodiment the user resource activity may be a loan and the condition may be the dropping the loan balance below a predetermined amount . In yet another exemplary embodiment the user resource activity may be a customer loyalty reward program and the condition may be the accumulation of " points ” in the program . These embodiments are made by way of example only and the user resource activity and related conditions may vary from those specifically described herein) (“...An embodiment of the resource activity monitoring and alert application 500 will be described with reference to FIG. 5. In the illustrated embodiment of the system of the invention , user resource activity is monitored and tracked by the resource activity monitoring and alert application 500 using, at least, data contained in the customer account data repository 480 (Block 701). These data bases maintain records of the resources offered by the financial institution that are utilized by the user as part of the user's relationship with the financial institution and record the user's transactions, transaction history and financial records and other data related to the user. The resource activity monitoring and alert application 500 tracks and monitors the user resource activity for conditions that trigger the sending of an alert to the user device 120. As previously explained, for any user resource activity predetermined conditions may occur that results in the sending of an alert to the user device and/or the third party device...The resource activity monitoring and alert application 500 also maintains or accesses the user's alert bundle that designates, based on the user's self-selected customized preferences and/or based on rules of the financial institution system 400, particular types, categories or classes of user resource activity and related conditions for which an alert is to be sent to that user ( block 702 ). The alert bundle is the set of user resource activities and related conditions for which an alert is to be sent to the user device 120 for a particular user or for a group of users . The user may request that an alert be sent for one user resource activity and one condition while the rules of the financial institution may require that an alert be sent to the user for a second user resource activity and a second condition . The set of user resource activities and conditions defines the user alert bundle. The resource activity monitoring and alert application 500 determines if any of the conditions of any of the user resource activities require an alert to be sent to the user based on the user ' s alert bundle ( Block 703). In one embodiment , the resource activity monitoring and alert application 500 compares the monitored user resource activity to predetermined conditions for sending alerts . The resource activity monitoring and alert application 500 may apply logic rules to determine if an alert should be sent to the user based on the user resource activity and conditions applied to that activity . The logic rules may be set up by the financial institution and retained in memory device 450 of the financial institution system 400 . In some embodiments the resource activity monitoring and alert application 500 may track utilization of all user resource activity . In other embodiments the resource activity monitoring and alert application 500 may only track a subset of the user resource activity based on the user alert bundle and/or other criteria . The system determines if a user resource activity meets the predetermined conditions as set out in the logic rules for an alert (Block 704) . If the conditions are not met the system takes no further action and no alert is sent (Block 705) . If the conditions are met , the full functionality of the resource activity monitoring and alert application 500 is initiated to transmit an alert message to the user device 120 ( Block 706 ). The user resource activities and the related predetermined conditions for triggering an alert may vary and may be based on any designated user resource activity. For example , the user resource activity may comprise an account balance where the condition is the balance of the account falling below a minimum that may potentially result in an overdraft or penalty . In another exemplary embodiment the user resource activity maybe purchases on a credit or debit card where the related condition is unusual activity on the user account . In another exemplary embodiment the user resource activity maybe purchases on a credit or debit card where the related condition is nearing a credit limit . In another exemplary embodiment the user resource activity may be a direct deposit and the condition may be a missed deposit . In yet another exemplary embodiment the user resource activity may be a loan and the condition may be a late payment . In still another exemplary embodiment the user resource activity may be a loan and the condition may be the dropping the loan balance below a predetermined amount . In yet another exemplary embodiment the user resource activity may be a customer loyalty reward program and the condition may be the accumulation of " points ” in the program . These embodiments are made by way of example only and the user resource activity and related conditions may vary from those specifically described herein...” paragraphs 0037/0038); 
transmit a first notification to a user device (User Device 120) associated with the user account; and transmit a second notification to a third party device (Third party) associated with the user account, wherein the first notification and the second notification each indicate that an unauthorized action has been attempted (“...An embodiment of the resource activity monitoring and alert application 500 will be described with reference to FIG. 5. In the illustrated embodiment of the system of the invention , user resource activity is monitored and tracked by the resource activity monitoring and alert application 500 using, at least, data contained in the customer account data repository 480 (Block 701). These data bases maintain records of the resources offered by the financial institution that are utilized by the user as part of the user's relationship with the financial institution and record the user ' s transactions, transaction history and financial records and other data related to the user. The resource activity monitoring and alert application 500 tracks and monitors the user resource activity for conditions that trigger the sending of an alert to the user device 120. As previously explained, for any user resource activity predetermined conditions may occur that results in the sending of an alert to the user device and/or the third party device...As described above, the system of the invention provides alerts and other related information directly to the user via a user device 110. In some situations, it may be desirable to provide alerts to a third party in addition to or in place of the alert to the user. The resource activity monitoring and alert application 500 provides a secondary alert where the secondary alert is transmitted to a third party that is not the customer of the financial institution for the user resource activity being monitored. It is contemplated that the secondary alert may be provided to a third party where the third party has a relationship with the user such as a fiduciary, familial, care giver, guardian or other similar relationship but where the third party does not have control over or rights to the accounts, transactions and relationships of the user resource activity being monitored. The user provides alert status to a selected third party or third parties where in some embodiments the user must grant and the third party must accept the third party alert status. While alert status is provided to the third party the third party does not have equal rights or control, or in some embodiments does not have any rights or control, in or over the accounts, transactions and relationships of the user resource activity being monitored. In this manner, while alerts may be provided to the third party, control over the accounts, transactions and relationships of the user resource activity being monitored may be maintained exclusively by the user...” paragraphs 0038/0043/0050).
  Dintenfass is silent with reference to receive a distress signal from a user computing device associated with a user, wherein the distress signal indicates that the user is under influence of an unauthorized party, wherein the distress signal is a hidden PIN associated with the user,
detect a presence of a third party screen sharing application or a remote access application on the user computing device,
based on detecting the distress signal and the presence of the third party screen sharing application or the remote access application on the user computing device, automatically block the resource transfer request from being processed.
Thomas teaches receive a distress signal (heartbeat) from a user computing device associated with a user, wherein the distress signal indicates that the user is under influence of an unauthorized party, wherein the distress signal is a hidden PIN (heartbeat may be encrypted/ heartbeat 626 may be cryptographically) associated with the user (“...The heartbeat system 314 may be used to provide periodic or aperiodic information from the endpoint 302 or other system components about system health, security, status, and so forth. A heartbeat may be encrypted or plaintext, or some combination of these, and may be communicated unidirectionally (e.g., from the endpoint 308 to the threat management facility 308) or bidirectionally (e.g., between the endpoint 302 and the server 306, or any other pair of system components) on any useful schedule. A suitable heartbeat system is described in greater detail below with reference to FIG. 6...The heartbeat 626 may be secured in any suitable manner so that the health monitor 630 can reliably confirm the source of the heartbeat 626 and the status of the endpoint 602. To this end, the heartbeat 626 may be cryptographically signed or secured using a private key so that the monitor 630 can authenticate the origin of the heartbeat 626 using a corresponding public key. In one aspect, the heartbeat 626 may include a combination of plaintext information and encrypted information, such as where the status information for the endpoint is provided in plaintext while a digital signature for authentication is cryptographically secured. In another aspect, all of the information in the heartbeat 626 may be encrypted...” Col. 22 Ln. 12-22, Col. 34 Ln. 32-44).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to modify the system of Dintenfass with the teaching of Thomas because the teaching of Thoms would improve the system of Dintenfass by providing mathematical techniques for encrypting and decrypting data in order to keep it private when transmitted or stored electronically.
Coleman teaches detecting a presence of a third party screen sharing application on the user device (“...According to an alternate embodiment of the invention, a third party (such as an owner or developer of an application) can manually identify components of the application (such as component 220 of application 210) with a visible indication, and manually identify other components of the application (such as component 230 of application 210) with a masking indication. In an embodiment where the application is a web page, the third party can manually determine components to be displayed during a screen sharing  session, and components to be masked during the screen sharing  session. According to the embodiment, the third party  can manually modify a style sheet of the web page to identify components to be displayed during a screen sharing  session with a visible indication, and to identify components to be masked during the screen sharing  session with a masking indication. As an example, similar to the example described above, the third party  can manually modify the style sheet of the web page to display components that are to be displayed during a screen sharing  session with a border of a visible color. In the example, the third party  can also manually modify the style sheet of the web page to display components that are to be masked during a screen sharing  session with a border of a masking color...In an alternate embodiment where the application is a software application, the third party  can manually determine components to be displayed during a screen sharing  session, and components to be masked during the screen sharing  session. According to the embodiment, the third party can manually modify one or more attributes of the software application to identify components to be displayed during a screen sharing  session with a visible indication, and to identify components to be masked during the screen sharing  session with a masking indication. In the above example, the third party  can manually modify the attributes of the software application to display components that to be displayed during a screen sharing session with a border of a visible color. In the example, the third party  can also manually modify the attributes of the software application to display components that are to be masked during a screen sharing session with a border of a masking color...” paragraphs 0039/0040).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to modify the system of Dintenfass and Thomas with the teaching of Coleman because the teaching of Coleman would improve the system of Dintenfass and Thomas by providing a technique for sharing screen and information between two or more devices.	
Chari teaches automatically block resource transfer requests associated with the user account (“...Further, the computer blocks the user from accessing the set of protected assets based on the malicious user activity alert (step 512). Furthermore, the computer sends the malicious user activity alert to an analyst for feedback (step 514). Subsequently, the computer receives the feedback corresponding to the malicious user activity alert from the analyst (step 516). The feedback may be, for example, analyst feedback 312 in FIG. 3....” paragraph 0101).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to modify the system of Dintenfass, Thomas and Coleman with the teaching of Chari because the teaching of Chari would improve the system of Dintenfass, Thomas and Coleman by providing a technique monitoring and controlling who and what devices can access a computing resource.   

As to claims 8 and 14, see the rejection of claim 1 above.

Claims 2, 9 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Pub. No. 2018/0041595 A1 to Dintenfass in view of U.S. Pat. No. 11,184,392 B2 issued to Thomas et al. and further in view of U.S. Pub. No. 2012/0036452 A1 to Coleman et al. and further in view of U.S. Pub. No. 2017/0286671 A1 to Chari et al. as applied to claims 1, 8 and 14 above, and further in view of U.S. Pub. No. 2015/0020162 A1 to Hefetz.

As to claim 2, Dintenfass as modified by Thomas, Coleman and Chari teaches the system according to claim 1, however it is silent with reference to wherein continuously monitoring the user account in real time comprises at least one of monitoring devices used to access the user account and geographic location of the devices used to access the user account.
Hefetz teaches wherein continuously monitoring the user account in real time comprises at least one of monitoring devices used to access the user account and geographic location of the devices used to access the user account (“...At step 506 the system will check if the locations of two sources of information are proximate, within a predetermined degree of separation. (In the example shown in FIG. 5, they are the mobile phone location and the geographic location of the foreign IP address.) If they are, at step 507 the system will authorize the connection. If it's not, at step 508 the system will raise a red flag or alternatively disconnect the session...One way of doing this is by programming a computer to implement the following steps (see FIG. 5):..Use a command such as netstat to identify one or more open sessions into the server, and the foreign IP address of each identified open session...Match the foreign IP address to the server domain or the server security log in order to identify which user name is using this foreign IP address...Once the user name is known, locate the mobile phone number or the address that allows access into the server...Determine the user's mobile phone location or the user's home location...Match the mobile phone location or home location of that user with the open session foreign IP address, then [0073] (a) If the match is positive, identify the user as an authorized user, or [0074] (b) If the match is negative, identify the user as an unauthorized user...” paragraphs 0066/0067/0071-0078).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to modify the system of Dintenfass, Thomas, Coleman and Chari with the teaching of Hefetz because the teaching of Hefetz would improve the system of Dintenfass, Thomas, Coleman and Chari by providing a technique monitoring and controlling who and what devices can access a computing resource.   

As to claims 9 and 15, see the rejection of claim 2 above.

Claims 3, 10 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Pub. No. 2018/0041595 A1 to Dintenfass in view of U.S. Pat. No. 11,184,392 B2 issued to Thomas et al. and further in view of U.S. Pub. No. 2012/0036452 A1 to Coleman et al. and further in view of U.S. Pub. No. 2017/0286671 A1 to Chari et al. as applied to claims 1, 8 and 14 above, and further in view of U.S. Pat. No., 11,288,359 A1 issued to Caldwell.

As to claim 3, Dintenfass as modified by Thomas, Coleman and Chari  teaches the system according to claim 1, however it is silent with reference to wherein the trigger event further comprises an attempt to access the user account using an unknown device and unusual geographic location.
Caldwell teaches wherein the trigger event is an attempt to access the user account using an unknown device and unusual geographic location (“...As used herein, a security breach may refer to an incident that results in the unauthorized access of a user's account, data, applications, services, and/or the like. An actual security breach may include a security breach where it can be confirmed that a user's account was illegitimately accessed, e.g., based on changed data for the account, based on the user confirming that he/she did not access the account at a time when it was accessed, and/or the like. A potential security breach may refer to a security breach that cannot be confirmed as unauthorized access to the user’s account but there may be activity related to the user’s account that is indicative of a security breach, e.g., detecting access to the user’s account from an unknown device, from an unrecognized location, and/or the like...In one embodiment, the trigger that the breach module 304 detects that is indicative of a potential or actual security breach includes detecting a login to the user’s account from one of an unknown device, an unknown location, and an unknown internet protocol address; identifying activity associated with the user’s account since the last login; identifying changes in the user’s account information that were not initiated by the user; receiving one or more electronic messages (e.g., emails, text messages, push notifications, and/or the like) from the one or more websites that indicate a possible security breach; and/or the like...” Col. 26 Ln. 34-44).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to modify the system of Dintenfass, Thomas, Coleman and Chari with the teaching of Caldwell because the teaching of Caldwell would improve the system of Dintenfass, Thomas, Coleman and Chari by providing a technique preventing unauthorized persons from accessing user account.

As to claims 10 and 16, see the rejection of claim 3 above.

Claims 4, 11 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Pub. No. 2018/0041595 A1 to Dintenfass in view of U.S. Pat. No. 11,184,392 B2 issued to Thomas et al. and further in view of U.S. Pub. No. 2012/0036452 A1 to Coleman et al. and further in view of U.S. Pub. No. 2017/0286671 A1 to Chari et al. as applied to claims 1, 8 and 14 above, and further in view of U.S. Pat. No., 11,037,160 B1 issued to Kolls.

As to claim 4, Dintenfass as modified by Thomas, Coleman and Chari  teaches the system according to claim 1, however it is silent with reference to wherein the first notification comprises a resource transfer amount and location at which the resource transfer was attempted.  
Kolls teaches wherein the first notification comprises a resource transfer amount and location at which the resource transfer was attempted (“...In various embodiments, if a risk level associated with any of the identified customer associations reaches a predetermined threshold (referred to herein as “high risk customer associations”), the financial institution computing system 120 is further configured to monitor information regarding the customer (e.g., social media information, location information, customer transaction information) to identify times when the customer may potentially engage in a transaction with a high risk customer association. For example, the financial institution computing system 120 may monitor activity in the customer's financial account to determine if the customer is attempting to transfer funds from the customer's financial account to a financial account associated with a high risk customer association. For example, if the identified high risk customer association has an account at the financial institution, the financial institution computing system 120 may flag the high risk customer association's account such that, if the customer (e.g., via a check or a person-to-person payment application) attempts to transfer funds into the high risk customer association's account, the customer is delivered a pre-emptive fraud alert notifying the customer of the high risk status of the transaction prior to authorizing the transaction to take place. This way, the customer is aware of the risks associated with the transaction prior to the transaction's completion...In some embodiments, the monitoring circuit 134 sets an account associated with the high risk customer association as a customer alert trigger. For example, an account number associated with the high risk customer association's account may be established as an alert trigger for the customer. This way, if the customer attempt to transfer funds to a high risk customer association (e.g., via a check or person-to-person payment application), the customer will be alerted. Additionally, the monitoring circuit 134 may set various other datasets as alert triggers for the customer. For example, the appearance of a high risk customer association's name in a description of an event to be attended by the customer may be established as an alert trigger. This way, if the monitoring circuit 134 detects such an event in the customer's social media data, an alert will be transmitted to the customer. Various other attributes of a high risk customer association (e.g., phone number, e-mail address) may also be established as customer alert triggers...” Col. 4 Ln. 38-62, Col. 13 Ln. 64-67, Col. 14 Ln. 1-14).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claim invention to modify the system of Dintenfass, Thomas, Coleman and Chari with the teaching of Kolls because the teaching of Kolls would improve the system of Dintenfass, Thomas, Coleman and Chari by providing a technique for preventing unauthorized persons from transferring funds in or out of a user account.

As to claims 11 and 17, see the rejection of claim 4 above.

Response to Arguments
Applicant’s arguments with respect to claims 1-4, 8-11 and 14-17 have been considered but are moot because the new ground of rejection relies on additional references not applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.



Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHARLES E ANYA whose telephone number is (571)272-3757. The examiner can normally be reached Mon-Fir. 9-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SOUGH HYUNG can be reached on 571-272-6799. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CHARLES E ANYA/Primary Examiner, Art Unit 2194