DETAILED ACTION
Status of Claims
This is a first office action on the merits in response to the application filed on 12 March 2021.
Claims 3-4 have been amended via preliminary amendment dated 28 April 2021.
Claims 1-20 are currently pending and have been considered by the examiner.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 26 October 2022 and 11 April 2011 have been considered by the examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


As per claim 1, the claimed invention is directed to an abstract idea without significantly more because:
Claim 1 recites:
A method comprising: receiving a request for authorization to perform an action relating to a first financial account associated with an account holder; 
receiving, from one or more databases, first financial data relating to the first financial account of the account holder; 
determining, based on the first financial account, a second financial account associated with the account holder;
receiving, from the one or more databases, second financial data relating to the second financial account associated with the account holder; 
parsing the second financial data to identify one or more merchants with which the account holder conducted a transaction using the second financial account within a predetermined time period; 
receiving, from the one or more databases, a set of false merchant choices; 
generating a modified set of false merchant choices, the modified set of false merchant choices comprising a subset of the set of false merchant choices by excluding the one or more merchants with which the account holder conducted a transaction using the second financial account within the predetermined time period; 
generating, based on the first financial data and the modified set of false merchant choices, an authorization question for determining whether to perform the action relating to the first financial account; 
generating, based on the first financial data, the authorization question, and the modified set of false merchant choices, a correct answer to the authorization question; 
causing display of the authorization question, wherein the authorization question comprises at least one false merchant choice from the modified set of false merchant choices; 
receiving a response to the authorization question; and 
determining whether to grant the request for authorization to perform the action relating to the first financial account based on the response to the authorization question.
Under Step 1 of the Section 101 analysis, the claim(s) is/are directed to a method and a non-transitory media, which are statutory categories of invention.
Under Step 2A Prong One of the 2019 Revised Patent Subject Matter Eligibility Guidance, the claimed invention as drafted includes language (see underlined language above) that recites an abstract idea of risk mitigation (a certain method of organizing human activity such as a fundamental economic principles or practices, e.g. hedging, insurance, mitigating risk) but for the recitation of additional claim elements. That is, other than reciting risk mitigation, nothing in the claim precludes the language from being considered as simply performing the abstract of idea of risk mitigation using a network computer system.
A similar analysis can be applied to dependent claims 2-12 and 14-19, which further recite the abstract idea of risk mitigation. Specifically, claims 2-4 are directed determining authorization criteria, claims 5-6, 11-12, and 17-19 further describe the accounts from which risk mitigation data is collected, and claims 7-9 and 14-16 further describe the authentication questions used for risk mitigation purposes.
Under Step 2A Prong Two of the 2019 Revised Patent Subject Matter Eligibility Guidance, the additional claim element(s), considered individually, do not apply, rely on, or use the judicial exception in a manner that imposes a meaningful limit on the judicial exception and in a manner that integrates the exception into a practical application of the exception. The additional claim elements(s) merely add the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform the abstract idea of risk mitigation. Furthermore, the additional claim elements(s) generally link the use of the judicial exception to a particular technological environment or field of use, specifically, the technological field of network computing. Furthermore, the additional claim elements(s) add insignificant extra-solution activity to the judicial exception. For example, the concept of gathering data from a first and second account is an activity incidental to the primary process or product of generating authentication questions for risk mitigation purposes and are merely a nominal or tangential addition to the claim. The concept is merely an example of data gathering, which has been found to be insignificant extra-solution activity by the courts. See MPEP 2106.05(g).
A similar analysis can be applied to dependent claims 2-12 and 14-19, which further recite the abstract idea of risk mitigation. Specifically, claims 2-4 are directed determining authorization criteria, claims 5-6, 11-12, and 17-19 further describe the accounts from which risk mitigation data is collected, and claims 7-9 and 14-16 further describe the authentication questions used for risk mitigation purposes.
Under Step 2A Prong Two, the additional claim element(s), considered in combination, do not apply, rely on, or use the judicial exception in a manner that imposes a meaningful limit on the judicial exception and in a manner that integrates the exception into a practical application of the exception. The combination of elements is no more than the sum of their parts. Unlike the eligible claims in Diehr and Bascom, in which the elements limiting the exception taken together improve a technical field, the instant claim lacks an improvement to the functioning of a computer or to any other technology or technical field.
Under Step 2B, the additional claim element(s), considered individually and in combination, do not provide meaningful limitation(s) to transform the abstract idea into a patent eligible application of the abstract idea such that the claim(s) amounts to significantly more than the abstract idea itself for similar reasons outlined under Step 2A Prong Two. Furthermore, the steps of collecting data from two sources for risk mitigation purposes are well-understood, routine conventional activities previously known to the industry, specified at a high level of generality, to the judicial exception. Specifically, the following computer functions have been recognized by the courts as well-understood, routine, and conventional functions: Storing and retrieving information in memory, Versata Dev. Group, Inc. v. SAP Am., Inc., 793 F.3d 1306, 1334, 115 USPQ2d 1681, 1701 (Fed. Cir. 2015); OIP Techs., 788 F.3d at 1363, 115 USPQ2d at 1092-93; Receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network). See MPEP 2106.05(d) and Berkheimer Memo.
Therefore, claims 1-20 of the present application are not patent eligible under 35 USC 101 and have been rejected accordingly

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ashfield et al. (US 8745698 B1) in view of Kohli (US 20180053185 A1) in further view of Sharan et al. (US 20160012480 A1).

Regarding Claims 1, 13, and 20, Ashfield discloses:
A method comprising: receiving a request for authorization to perform an action relating to a first financial account associated with an account holder (Fig. 2 – 210 – Financial Institution’s computer system receives request to access or use customer’s account);  
receiving, from the one or more databases, a set of false merchant choices (col. 12, lines 34-46 – Ashfield discloses receiving a set of authentication questions  from a rules datastore via the authentication engine); 
generating a modified set of false merchant choices, the modified set of false merchant choices comprising a subset of the set of false merchant choices (col. 13, lines 16-35 – Ashfield discloses selecting a subset of questions to present to the customer from a list of extra questions); 
generating, based the modified set of false merchant choices, an authorization question for determining whether to perform the action relating to the first financial account (col. 13, lines 30-40); 
generating, the authorization question, and the modified set of false merchant choices, a correct answer to the authorization question (col. 13, lines 30-40); 
causing display of the authorization question, wherein the authorization question comprises at least one false merchant choice from the modified set of false merchant choices (col 15, lines 43-51); 
receiving a response to the authorization question (col. 15, lines 52-57); and 
determining whether to grant the request for authorization to perform the action relating to the first financial account based on the response to the authorization question (col. 16, lines 36-42).

Ashfield fails to explicitly disclose:
receiving, from one or more databases, first financial data relating to the first financial account of the account holder; 
determining, based on the first financial account, a second financial account associated with the account holder;
receiving, from the one or more databases, second financial data relating to the second financial account associated with the account holder; 
parsing the second financial data to identify one or more merchants with which the account holder conducted a transaction using the second financial account within a predetermined time period;
by excluding the one or more merchants with which the account holder conducted a transaction using the second financial account within the predetermined time period

However, in a similar field of endeavor, Kohli discloses:
receiving, from one or more databases, first financial data relating to the first financial account of the account holder (See Kohli: Para. [0047] – Kohli discloses receiving transaction data for multiple accounts of a user including a first financial account); 
determining, based on the first financial account, a second financial account associated with the account holder (See Kohli: Para. [0047] – Kohli discloses receiving transaction data from multiple accounts of a user wherein the first is determined by whether they are included within a payment application and further determines that a second account is associated with the same user if it is included within the same payment application);
receiving, from the one or more databases, second financial data relating to the second financial account associated with the account holder (See Kohli: Para. [0047] - Kohli discloses receiving transaction data for multiple accounts of a user including a second financial account); 

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to apply the data intake from multiple accounts of a singular user as disclosed by Kohli to intake additional data that can be used to authenticate the user and generate authorization questions using the system of Ashfield increasing the overall security of the invention by allowing for stronger authorization questions to be generated.

However, the combination fails to explicitly disclose:
parsing the second financial data to identify one or more merchants with which the account holder conducted a transaction using the second financial account within a predetermined time period;
excluding the one or more merchants with which the account holder conducted a transaction using the second financial account within the predetermined time period

However, in a similar field of endeavor, Sharan discloses:
parsing the second financial data to identify one or more merchants with which the account holder conducted a transaction using the second financial account within a predetermined time period (See Sharan: Para. [0083-0085] – Sharan discloses identifying a group of merchants which an account holder has transacted with within a group of transaction history records spanning a period of time);
excluding the one or more merchants with which the account holder conducted a transaction using the second financial account within the predetermined time period (See Sharan: Para. [0085] – Sharan discloses filtering out merchants depending on filtering criteria such as previous transaction history)

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to apply the method of parsing financial data to group merchants as disclosed by Sharan to group the merchant data received from the first and second account of the combination in order to exclude duplicates from the authentication process increasing the overall efficiency of the invention by removing extraneous data from authorization calculation and determination methodology.

Regarding Claim 2, the combination discloses:
wherein determining whether to grant the request for authorization further comprises comparing the response to the authorization question to the correct answer to the authorization question (See Ashfield: col. 16, lines 36-42).

Regarding Claim 3, the combination discloses:
further comprising granting the request for authorization based on the response to the authorization question matching the correct answer to the authorization question (See Ashfield: col. 16, lines 36-42).

Regarding Claim 4, the combination discloses:
further comprising denying the request for authorization based on the response to the authorization question not matching the correct answer to the authorization question (See Ashfield: col. 16, lines 36-42).

Regarding Claim 5, the combination discloses:
wherein the action comprises accessing funds of the first financial account (See Ashfield: Fig. 2 - 210).

Regarding Claim 6, the combination discloses:
wherein the action comprises accessing secure information relating to the first financial account (See Ashfield: Fig. 2 - 210).

Regarding Claims 7 and 14, the combination discloses:
wherein the authentication question comprises a request to indicate whether the account holder conducted a transaction with the at least one false merchant choice (See Ashfield: col. 15, lines 18-36).

Regarding Claims 8 and 15, the combination discloses:
wherein the authentication question comprises: an amount of a transaction indicated by the first financial data relating to the first financial account of the account holder; and a request to indicate whether the account holder conducted the transaction with the at least one false merchant choice (See Ashfield: col. 15, lines 18-36).
Regarding Claims 9 and 16, the combination discloses:
wherein the authentication question comprises the at least one false merchant choice as an option as an answer to the authentication question (See Ashfield: col. 15, lines 37-42).

Regarding Claim 10, the combination discloses:
further comprising receiving the response as a verbal response (See Ashfield: col. 15, lines 47-55 – Ashfield discloses communicating with the user via an output device such as a telephone system to transmit and receive authentication questions and answers).

Regarding Claims 11 and 17, the combination discloses:
wherein the first financial account is a personal financial account (The examiner has determined that the aforementioned claim limitation constitutes a recitation of nonfunctional descriptive material as the type of financial account provides no further limitation to the functional step of receiving financial data from said account. However, for purposes of expedited prosecution, the examiner provides the following citation: See Ashfield: col. 9, lines 65-67 and col. 10, lines 1-3).

Regarding Claim 12, the combination discloses:
wherein the second financial account is a corporate financial account (The examiner has determined that the aforementioned claim limitation constitutes a recitation of nonfunctional descriptive material as the type of financial account provides no further limitation to the functional step of receiving financial data from said account. However, for purposes of expedited prosecution, the examiner provides the following citation: See Kohli: Para: [0047] – Kohli discloses receiving transaction data from multiple different payment accounts regardless of issuers associated with said payment accounts. It is clear to one of ordinary skill in the art these accounts would encompass at least a corporate financial account).

Regarding Claim 18, the combination discloses:
wherein the second financial account is an account owned by one or more users (The examiner has determined that the aforementioned claim limitation constitutes a recitation of nonfunctional descriptive material as the type of financial account provides no further limitation to the functional step of receiving financial data from said account. However, for purposes of expedited prosecution, the examiner provides the following citation: See Kohli: Para: [0047] – Kohli discloses receiving transaction data from multiple different payment accounts regardless of issuers associated with said payment accounts. It is clear to one of ordinary skill in the art these accounts would encompass at least a multi-user account).

Regarding Claim 19, the combination discloses:
wherein the second financial account is an account owned by an entity other than the user (The examiner has determined that the aforementioned claim limitation constitutes a recitation of nonfunctional descriptive material as the type of financial account provides no further limitation to the functional step of receiving financial data from said account. However, for purposes of expedited prosecution, the examiner provides the following citation: See Kohli: Para: [0047] – Kohli discloses receiving transaction data from multiple different payment accounts regardless of issuers associated with said payment accounts. It is clear to one of ordinary skill in the art these accounts would encompass at least an access-only financial account).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Krishna et al. (US 10216943 B2) generally discloses methods and systems for generating dynamic security questions for purposes of authenticating account access via a pre-established ruleset.
Hammad et al. (US 20190005494 A1) generally discloses methods and system for facilitating transaction authorization via the use of challenge questions to prevent fraudulent transactions.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICHOLAS K PHAN whose telephone number is (571)272-6748. The examiner can normally be reached M-F 8 am-5 pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on 571-270-1492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/NICHOLAS K PHAN/Examiner, Art Unit 3685                                                                                                                                                                                                        

/NEHA PATEL/Supervisory Patent Examiner, Art Unit 3685