DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 08/16/2021 was filed. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
 The NON-Patent URL documents could be retrieved from the Google searched. Applicant may submit the NON patent documents instead of URL in the replay.

Specification
The abstract of the disclosure is objected to because the phrase “ the present disclosure..”.  Correction is required.  See MPEP § 608.01(b).

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1-4 , 6-15 and 17-19  are rejected on the ground of nonstatutory double patenting as being unpatentable over claims  1-3,5-12, and 14-19   of U.S. Patent No. 11,093,637 in view of O,Mara et al US 2002/0120559.  
 	Although the claims at issue are not identical, they are not patentably distinct from each other because, as per claims 1,10 and 19 Patent 11,093,637 does not explicitly disclose determining, by the computing system, that the first merchant is one of the plurality of online merchants with which the user has transacted in an online transaction . 
 	However,  O’Mara discloses determining, by the computing system, that the first merchant is one of the plurality of online merchants with which the user has transacted in an online transaction( 0066] Next, at step 110, one or more analysts may review or otherwise investigate merchant accounts, i.e. determining the a merchant, contained in the second list of merchants using one or more of the workstations 16. As part of the review process, a review record may be developed for each merchant account that is reviewed).
 
Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of generation of user account of instant application , based on the teaching of finding the merchant accounts in the merchant list of O’Mara, because doing so would determining a risk score for each merchant( par 0028 ), thereby allowing for more rapid and effective risk mitigation and reduction in losses of online user.


Claims 1-3,5-12, and 14-19 of Patent No. 11,093,637 include all the limitations of claims 1-4,6-15 and 17-19  of the instant application 17/445170. 



Instant application # 17/445170
Patent application # 11,093,637
1. A method for improved security in a networked computing environment, the method comprising:
 receiving, by a computing system, a plurality of transactions associated with an account of a user, the plurality of transactions associated with a plurality of online merchants; 
determining, by the computing system, that a first merchant has experienced a data breach; based on the determining, parsing, by the computing system, the plurality of transactions to determine whether the user transacted in an online transaction with the first merchant that experienced the data breach; determining, by the computing system, that the first merchant is one of the plurality of online merchants with which the user has transacted in an online transaction; and based on determining that the user has transacted with the first merchant in an online transaction, performing, by the computing system, one or more remedial actions to protect the user from the data breach.  


2. The method of claim 1, further comprising: 


determining a preferred method of the user for receiving identity breach notifications; and sending a notification to the user in accordance with the preferred method for receiving identity breach notification.  

3. The method of claim 2, wherein sending the notification to the user comprises:
 sending a push notification to a banking app installed on a device of the user.  

4. The method of claim 1, further comprising:
 generating, by the computing system, a list of merchants by crowdsourcing transaction data for a plurality of users, the list of merchants comprising the first merchant; and 
generating a risk level for each merchant in the list of merchants. 
 


6. The method of claim 4, wherein generating the risk level for each merchant in the list of merchants comprises: using a machine learning model based at least on information about past breaches for each merchant.  

7. The method of claim 4, wherein generating the risk level for each merchant in the list of merchants is based on a fraudulent transaction rate or card-not-present transaction rate associated with each merchant.  

8. The method of claim 4, wherein generating the risk level for each merchant in the list of merchants is based on a type of personal data each merchant collects.  

9. The method of claim 1, wherein the one or more remedial actions comprises at least one of:
 sending a first request to the first merchant to delete personal information associated with the user, sending a second request to a financial service provider to revoke access to a financial account associated with the user, or sending a third request to the financial service provider to provision a new card number for the user.  

10. A non-transitory computer-readable medium having programming instructions stored thereon, which, when executed by a processor, causes a computing system to perform operations comprising: receiving, by the computing system, a plurality of online transactions associated with an account of a user, the plurality of online transactions associated with a plurality of merchants; generating, by the computing system, a user-merchant map comprising merchant information for the user; determining, by the computing system, that a first merchant has experienced a data breach; based on the determining, parsing, by the computing system, the user-merchant map to determine whether the user transacted in an online transaction with the first merchant that experienced the data breach; determining, by the computing system, that the first merchant is included in the user- merchant map; and based on determining that the first merchant is in the user-merchant map, performing, by the computing system, one or more remedial actions to protect the user from the data breach.  

11. The non-transitory computer-readable medium of claim 10, further comprising: 

determining a preferred method of the user for receiving identity breach notifications; and 
sending a notification to the user in accordance with the preferred method for receiving identity breach notification.  

12. The non-transitory computer-readable medium of claim 11, wherein sending the notification to the user comprises: sending a push notification to a banking app installed on a device of the user.
  

13. The non-transitory computer-readable medium of claim 10, further comprising: generating, by the computing system, a list of merchants by crowdsourcing transaction data for a plurality of users, the list of merchants comprising the first merchant; and generating a risk level for each merchant in the list of merchants.


 
14. The non-transitory computer-readable medium of claim 13, wherein performing, by the computing system, the one or more remedial actions to protect the user from the data breach comprises: performing the one or more remedial actions to protect the user from the data breach based on the risk level calculated for the first merchant.  

15. The non-transitory computer-readable medium of claim 13, wherein generating the risk level for each merchant in the list of merchants comprises: using a machine learning model based at least on information about past breaches for each merchant.  
17. The non-transitory computer-readable medium of claim 13, wherein generating the risk level for each merchant in the list of merchants is based on a type of personal data each merchant collects.  



18. The non-transitory computer-readable medium of claim 10, wherein the one or more remedial actions comprises at least one of: sending a request to the first merchant to delete personal information associated with the user, sending a second request to a financial service provider to revoke access to a financial account associated with the user, or sending a third request to the financial service provider to provision a new card number for the user.  

19. A system comprising: 
    PNG
    media_image1.png
    15
    184
    media_image1.png
    Greyscale
 a memory having programming instructions stored thereon, which, when executed by the one or more processors, causes the system to perform operations comprising: receiving a plurality of online transactions associated with a plurality of accounts of a plurality of users, the plurality of online transactions associated with a plurality of online merchants; generating a merchant table based on the plurality of online transactions, wherein the merchant table comprises the plurality of online merchants and each user of the plurality of users that transacted with a respective online merchant; determining that a first merchant has experienced a data breach; based on the determining, identifying a subset of users of the plurality of users that transacted in an online transaction with the first merchant based on the merchant table; and based on the identifying, performing one or more remedial actions to protect the subset of users from the data breach.  



1. A method for improved security in a networked computing environment, the method comprising:
 receiving, by a computing system, permission from a user device of a user to access activity data associated with one or more user accounts, the activity data stored remotely from the computing system; accessing, by the computing system via an application programming interface (API), the activity data associated with the one or more user accounts, the activity data comprising at least transaction history data for a credit or debit card issued by a financial institution and online activity data from social media web sites; parsing, by the computing system, the activity data to identify one or more merchants with which the user has interacted; determining, by the computing system, that a first merchant of the one or more merchants has experienced a data breach; and performing, by the computing system, one or more remedial actions to protect the user from the data breach.

2. The method of claim 1 comprising, in response to determining that the first merchant has experienced the data breach: 
determining a user's preferred method for receiving identity breach notifications; and sending a notification to the user in accordance with the user's preferred method for receiving identity breach notification.

3. The method of claim 2 wherein sending the notification to the user comprises sending a push notification to a banking app installed on the user device.


5. The method of claim 1 comprising: generating a list of merchants by crowdsourcing activity data for a plurality of users, the list of merchants including the first merchant; and calculating a risk level for each merchant in the list of merchants, wherein performing the one or more remedial actions to protect the user from the data breach is based on the risk level calculated for the first merchant.


6. The method of claim 5 wherein calculating the risk level for each merchant in the list of merchants comprises using a machine learning model based at least on information about past breaches for the merchant.

7. The method of claim 5 wherein calculating the risk level for each merchant in the list of merchants is based on a fraudulent transaction rate or card-not-present transaction rate associated with the merchant.

8. The method of claim 5 wherein calculating the risk level for each merchant in the list of merchants is based on a type of personal data the merchant collects.

9. The method of claim21 wherein the one or more remedial actions comprise at least one of: 
sending a request to the first merchant to delete personal information associated with the user, sending a request to a financial service provider to revoke access to a financial account associated with the user, and sending a request to a financial service provider to provision a new card number for the user.


10. A non-transitory computer-readable medium storing program instructions that are executable to: receive, by a computing system, permission from a user device of a user to access activity data associated with one or more user accounts, the activity data stored remotely from the computing system; access, by the computing system via an application programming interface (API), the activity data associated with the one or more user accounts, the activity data comprising at least transaction history data for a credit or debit card account issued by a financial institution and online activity data from social media websites; parse, by the computing system, the activity data to identify one or more merchants with which the user has interacted; determine, by the computing system, that a first merchant of the one or more merchants has experienced a data breach; and perform, by the computing system, one or more remedial actions to protect the user from the data breach.



11. The non-transitory computer-readable medium of claim 10 storing program instructions that are executable to, in response to determining that the first merchant has experienced a data breach: determine a user's preferred method for receiving identity breach notifications; and
 send a notification to the user in accordance with the user's preferred method for receiving identity breach notification.

12. The non-transitory computer-readable medium of claim 11 wherein sending the notification to the user comprises sending a push notification to a banking app installed on the user device.

14. The non-transitory computer-readable medium of claim 10 storing program instructions that are executable to: generate a list of merchants by crowdsourcing activity data for a plurality of users, the list of merchants including the first merchant; and calculate a risk level for each merchant in the list of merchants, wherein performing the one or more remedial actions to protect the user from the data breach is based on the risk level calculated for the first merchant.
15. The non-transitory computer-readable medium of claim 14 wherein calculating the risk level for each merchant in the list of merchants comprises using a machine learning model trained using information about past breaches for the merchant.



16. The non-transitory computer-readable medium of claim 14 wherein calculating the risk level for each merchant in the list of merchants is based on a fraudulent transaction rate or card-not-present transaction rate for the merchant.


17. The non-transitory computer-readable medium of claim 14 wherein calculating the risk level for each merchant in the list of merchants is based on a type of personal data the merchant collects.




18. The non-transitory computer-readable medium of claim 10 wherein the one or more remedial actions comprise at least one of: sending a request to the first merchant to delete personal information associated with the user, sending a request to a financial service provider to revoke access to a financial account associated with the user, and sending a request to a financial service provider to provision a new card number for the user.

19. A system for improved security in a networked computing environment, the system comprising: a processor; and a non-volatile memory storing computer program code that when executed on the processor causes the processor to execute a process operable to: receive permission from a user device of a user to access activity data associated with one or more user accounts, the activity data stored remotely from the system; access, via an application programming interface (API), the activity data associated with the one or more user accounts, the activity data comprising at least transaction history data for a credit or debit card account issued by a financial institution and online activity data from social media websites; parse the activity data to identify one or more merchants with which the user has transacted interacted; determine that a first merchant of the one or more merchants has experienced a data breach; and perform one or more remedial actions to protect the user from the data breach.






Claim Rejections - 35 USC § 101


35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim recites determining, that a first merchant has experienced a data breach; determining, that the first merchant is one of the plurality of online merchants with which the user has transacted in an online transaction;
The limitation of determining of the merchants from the list, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “by a computing system,” nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “by a computing system” language, “determining” in the context of this claim encompasses the user manually calculating the merchant is experienced a data breach from the list of the merchants. Similarly, the limitation of based on the determining, parsing, by the computing system, the plurality of transactions to determine whether the user transacted in an online transaction with the first merchant that experienced the data breach, and   based on determining that the user has transacted with the first merchant in an online transaction, performing, by the computing system, one or more remedial actions to protect the user from the data breach  are  a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. For example, but for the “by a computing system” language, “ parsing and performing” in the context of this claim encompasses the user thinking that those steps can be formed by mentally or manually based on the broadest reasonable interpretation without a practical application. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes/ manual by human” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. 
This judicial exception is not integrated into a practical application. In particular, the claim only recites one additional element – using a computing system to perform both the parsing and perform and determining steps.  The computing system in both steps is recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of parsing , performing and determining) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits or any thing improved upon on those steps on practicing the abstract idea. The claim is directed to an abstract idea. 
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a computing system, memory, processor and medium to perform both the determining ,.. , parsing.. and performing  steps amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept and improvement to the abstract idea. The claim is not patent eligible.








Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-3, 9, 10-12,18, and 19 -20 are rejected under 35 U.S.C. 103 as being unpatentable over Caldwell US 2019/0108363 (provisional date Oct,11,2017 Caldwell’s publication and provisional have the same disclosure ) in view of O’Mara et al US 2002/0120559.

 	As per claim 1, Caldwell discloses a method for improved security in a networked computing environment, the method comprising: 
 	receiving, by a computing system, a plurality of transactions associated with an account of a user, the plurality of transactions associated with a plurality of online merchants (0043  The aggregation module 104, is receiving the user financial truncation , accesses a server 108 of a third party service provider 108 using a user's electronic credentials to download data , i.e. receiving  associated with the user from the server 108, such as a user's photos, a user's social media posts, a user's medical records, a user's financial transaction records or other financial data, and/or other data associated with and/or owned by a user but stored by a server 108 of a third party service provider 108 (e.g., stored by hardware not owned, maintained, and/or controlled by the user). and par 0112,  fig.1,  a user's affiliation with a provider merchants (e.g., a creator, a vendor, an owner, a seller, a reseller, a manufacturer, the backend server 110, or the like) of the one or more aggregation modules 104, and par 0162 the method 1000 begins and the data module 902 receives 1002 user data from a darknet. The user data may include user credential information that has been misappropriated from a third-party service provider, i.e. merchants, where the user has an online account. In further embodiments, the match module 904 determines 1004 whether the user credential information matches a user's credentials for the user's one or more online accounts. If not, then the method 1000 ends. Otherwise, in certain embodiments, the action module 906 triggers 1006 a security action related to the user's one or more online accounts to make the user's one or more online accounts more secure in response to determining that the user credential data matches the user's credentials at the user's one or more online accounts, and the method 1000 ends.); 
 	determining, by the computing system, that a first merchant has experienced a data breach (par 0067 A detection module 112, in certain embodiments, may compare a user's electronic credentials for one account, one third party service provider 108, or the like to those for another (e.g., to determine if a breach may affect another account, another third party service provider 108, or the like), and may alert the user, another third party service provider, or the like, of the other account and/or third party service provider 108 that may be affected, the merchant third party has experienced a data breach,  may take corrective and/or reparative actions for the other account and/or third party service provider, or the like. A detection module 112 may determine an action and/or type of action based on the downloaded data and/or metadata.  Andpar 0157, par 0158  the breach module 908 is configured to detect, i.e. determining,  a data breach at one or more third-party service providers, i.e. merchant,  associated with the user's one or more online accounts based on receiving the user's misappropriated user data from the darknet. Receiving the user's misappropriated user data may be an indication of a larger-scale data breach at the third-party service provider ); 
based on the determining, parsing, by the computing system, the plurality of transactions to determine whether the user transacted in an online transaction with the first merchant that experienced the data breach (par 0076,0077  he direct access module 204, in certain embodiments, may follow instructions from a pattern module 308 to authenticate and/or access data from one or more webpages from a server 108 in a screen scraping manner, parsing one or more webpages to locate an entry location and/or submit electronic credentials; to locate, download, and/or extract data associated with a user; or the like. And );
the user has transacted with one or more  merchants in an online transaction (par 0088 a user comprises the user's financial transaction history (e.g., purchases and/or other financial transactions downloaded from one or more financial institutions 108 such as banks, credit unions, lenders, or the like),  wherein the user had a transaction with the more financial institutions , i.e. merchant ); and
 based on determining that the user has transacted with the first merchant in an online transaction, performing, by the computing system, one or more remedial actions to protect the user from the data breach (par 0067,fig.11,  the merchant third party has experienced a data breach,  may take corrective and/or reparative actions 1108-1116, i.e. remedial action  for the other account and/or third party service provider, or the like. A detection module 112 may determine an action and/or type of action based on the downloaded data and/or metadata.  And 0068 0068] A detection module 112 may cooperate with an aggregation module 104, to provide data breach detection and/or protection for electronic credentials and/or accounts of a user for which the aggregation module 104 aggregates data. Instead of being a potential source of a breach, providing electronic credentials to an aggregation module 104 for data aggregation, in cooperation with a detection module 112, may provide extra protection against a breach (e.g., providing extra safety and/or value to a user in addition to aggregating the user's data). In this manner, a detection module 112 may proactively protect a user from a data breach, in association with the user aggregating data using an aggregation module 104. To ensure the safety of a user's electronic credentials, limit a possibility of a breach, or the like, a detection module 112 may only compare the electronic credentials to data from the data network 106, the internet, the dark web, or the like internally on a backend server 110, a hardware device 102 of a user, or the like, without sending the electronic credentials over the data network 106, the internet, the dark web, or the like ).  
 Caldwell fails to disclose determining a merchant is one of the plurality of online merchants with which the user has transacted in an online transaction.
 However,  O’Mara, in analogous arts, disclose determining a merchant is one of the plurality of online merchants with which the user has transacted in an online transaction (0066] Next, at step 110, one or more analysts may review or otherwise investigate merchant accounts, i.e. determining the a merchant, contained in the second list of merchants using one or more of the workstations 16. As part of the review process, a review record may be developed for each merchant account that is reviewed).

 	Caldwell and O’Mara are both considered to be analogous to the claimed invention because they are in the same field of identifying the breach of Merchant. 
 	Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Caldwell to incorporate the teachings of O,Mara and determining a risk score for each merchant( par 0028 ). 
 	Doing so would be able to determine a rule score and/or a risk score for each merchant identified in the list of merchants, thereby allowing for more rapid and effective risk mitigation and reduction in losses of online user.


  	As per claim 2, Caldwell in view of O’Mara  discloses the method of claim 1, further comprising: Caldwell discloses 
 	determining a preferred method of the user for receiving identity breach notifications ( Caldwell, par 0144 A route module 314 (e.g., on a different device 102, 110) determines 822 whether an alert or other message is available for the user based on the downloaded 820 data and pushes 824 and/or otherwise sends the alert or other message to a device 102 associated with the user (e.g., an unavailable device 102) in response to determining 822 that the alert or other message is available ); and 
 	sending a notification to the user in accordance with the preferred method for receiving identity breach notification ( Caldwell, par 0144  hardware device 102 of a user may be unavailable for downloading data (e.g., powered down, offline, asleep, using mobile data instead of Wi-Fi, or the like), but may receive a pushed 824 alert or other message anyway (e.g., over a different channel, such as a text message, a voicemail, an email, a push notification, or the like) and/or may receive a pushed 824 alert or other message in response to becoming available at a later time and [0145] An interface module 206 provides 826 the downloaded 818, 820 data and/or the pushed 824 alert to the user (e.g., displaying the data on a hardware device 102 of the user, displaying a pushed/sent 824 alert or other message on a hardware device 102 of the user, sending the data to a remote backend server 110 unaffiliated with the third party service provider 108 which the user may access using a web interface and/or API, or the like). The method 800, in certain embodiments, continues, periodically determining 806 whether there is a change in access for a third party service provider 108, determining 816 whether a hardware device 102 of the user is available, downloading 818, 820 data associated with the user, and/or providing 826 downloaded data and/or a pushed 824 alert or other message to the user, or the like. ).  

 	As per claim 3, Caldwell in view of O’Mara  discloses  The method of claim 2, Caldwell discloses wherein sending the notification to the user comprises: sending a push notification to a banking app installed on a device of the user ( Caldwell, 0081 the interface module 206 may provide a user access to the user's photos from multiple third party cloud storage providers 108 within a single photo application, may provide a user with access to the user's personal financial information within a single personal financial management application and/or online banking application, may provide a user with access to posts from multiple social networks within a single social networking application, or the like. and par 0144  a hardware device 102 of a user may be unavailable for downloading data (e.g., powered down, offline, asleep, using mobile data instead of Wi-Fi, or the like), but may receive a pushed 824 alert or other message anyway (e.g., over a different channel, such as a text message, a voicemail, an email, a push notification, or the like) and/or may receive a pushed 824 alert or other message in response to becoming available at a later time).  

As per claim 9, Caldwell discloses the method of claim 1,  Caldwell discloses wherein the one or more remedial actions comprises at least one of: 
sending a first request to the first merchant to delete personal information associated with the user (par 0113 The test module 318 may provide an override interface, allowing an administrator, moderator user, or the like to remove an identification, adjust and/or override an identification, adjust and/or override a trust factor for a user, ban a user from providing identifications, and/or otherwise override a user or a user's identification, delete  and the action module 906 is further configured to notify third-party service providers of the user's one or more online accounts that the user's credential information has been hacked or otherwise misappropriated. For instance, the action module 906 may send an email, SMS message, chat message, automated phone call, or the like to the third-party service providers. The action module 906, in various embodiments, may use a direct connection, technical support connection, customer service connection, or the like provided by the third-party service providers to notify the third-party service providers that the user's account and/or credential information has been misappropriated. ), sending a second request to a financial service provider to revoke access to a financial account associated with the user, or sending a third request to the financial service provider to provision a new card number for the user ( examiner is considering only first request  par 0113 The test module 318 may provide an override interface, allowing an administrator, moderator user, or the like to remove an identification, adjust and/or override an identification, adjust and/or override a trust factor for a user, ban a user from providing identifications, and/or otherwise override a user or a user's identification, delete  and the action module 906 is further configured to notify third-party service providers of the user's one or more online accounts that the user's credential information has been hacked or otherwise misappropriated. For instance, the action module 906 may send an email, SMS message, chat message, automated phone call, or the like to the third-party service providers. The action module 906, in various embodiments, may use a direct connection, technical support connection, customer service connection, or the like provided by the third-party service providers to notify the third-party service providers that the user's account and/or credential information has been misappropriated).  
 	 As per claims 10,11,12 and 18, those medium claims are rejected based on the same rational set forth the clams 1-3 and 9 respectively.
 	As per claims 19 and 20, those system claims are rejected based on the same rational set forth the claims 1 and 2 respectively. 

Claim(s) 4-8 and 13-17 are rejected under 35 U.S.C. 103 as being unpatentable over Caldwell US 2019/0108363 (provisional date Oct,11,2017) in view of O’Mara et al US 2002/0120559 in view of Watson US 10,482,441.

 	As per claim 4.  Caldwell in view of O’Mara discloses the method of claim 1, further comprising: O”Mara discloses
 	generating, by the computing system, a list of merchants by user transaction data for a plurality of users, the list of merchants comprising the first merchant ( 0066] Next, at step 110, one or more analysts may review or otherwise investigate merchant accounts, i.e. determining the a merchant, contained in the second list of merchants using one or more of the workstations 16. As part of the review process, a review record may be developed for each merchant account that is reviewed); and 
 	generating a risk level for each merchant in the list of merchants ([0018] Merchant risk for a particular merchant is a function of the merchant's industry, credit card processing volumes, business practices, financial strength, viability and payment trends in the industry, as well as the extent to which there is delivery of a product or service. These elements can be used to estimate the level of merchant risk and to monitor for potential chargebacks. Changes in processing volumes and trends, negative card authorization results, changes in average transaction amounts and increasing sales returns may also represent signs of potential risk).  
 	The combination fails to disclose crowdsourcing transaction of a plurality of users to identify the merchants.
 	However, in analogous art, Watson discloses crowdsourcing transaction of a plurality of users to identify the merchants ( col 2, liens 45-50, the location of merchants may be identified using crowdsourcing techniques. For example, when a cardholder swipes a payment card at a POS, a location request can be sent to the cardholder's user device ).

 	Caldwell and O’Mara and Watson are both considered to be analogous to the claimed invention because they are in the same field of identifying the breach of Merchant. 
 	Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Caldwell to incorporate the teachings of O’Mara to incorporate the teaching of Watson and improved user experience by increasing accuracy in merchant location( col 3, lines 24-26), Doing so would be able to determine a rule score and/or a risk score for each merchant identified in the list of merchants, thereby decreasing the number of false positives of fraud( col 3, lines 24-26).

As per claim 5, Caldwell in view of O’Mara in view of Watson discloses the method of claim 4,  Caldwell discloses wherein performing, by the computing system, the one or more remedial actions to protect the user from the data breach ( Caldwell, par 0067 A detection module 112 may determine an action and/or type of action based on the downloaded data and/or metadata.)comprises: 
 performing the one or more remedial actions to protect the user from the data breach based on the risk level calculated for the first merchant (Caldwell, fig.11 0164   the action module 906 triggers 1106 a security action related to the user's one or more online accounts. For instance, the action module 906 may login 1108 to the third-party service provider for the user's online account and change the user's credentials (e.g., password); the action module 906 may initiate 1110 a credential reset at the third-party service provider for the user's online account and change the user's credentials; the action module 906 may use 1112 an out-of-band network to communicate with the third-party service provider (e.g., to change the user's credentials, to initiate a credential reset, or the like); the action module 906 may initiate 1114 two-factor authentication for the user; and/or the action module 906 may lock 1116 the user's account at the third-party service provider). 

 
 	As per claim 6, Caldwell in view of O’Mara in view of Watson discloses the method of claim 4, wherein generating the risk level for each merchant in the list of merchants ( Caldwell, par0112   a trust factor may include and/or be based on one or more of a history of a user's previous identifications (e.g., correct or incorrect), a user's affiliation with a provider (e.g., a creator, a vendor, an owner, a seller, a reseller, a manufacturer, the backend server 110, or the like) of the one or more aggregation modules 104, positive and/or negative indicators (e.g., votes, likes, uses, feedback, stars, endorsements, or the like) from other users, and/or other indicators of whether or not a user's identification is likely to be correct.) comprises: using a machine learning model based at least on information about past breaches for each merchant (Caldwell  [0064] A detection module 112, may screen scrape and/or otherwise aggregate data from the data network 106, the internet, the dark web (e.g., a darknet, overly network, peer-to-peer network, or the like which may use the internet and/or another data network 106, but with predefined software, configuration, and/or authorization to access), or the like; may use machine learning and/or other artificial intelligence to pose as a buyer of data over the data network 106, the internet, the dark web, or the like; and/or may otherwise access or download data).  

 	 As per claim 7, Caldwell in view of O’Mara in view of Watson discloses the method of claim 4, O’Mara discloses  wherein generating the risk level for each merchant in the list of merchants is based on a fraudulent transaction rate or card-not-present transaction rate associated with each merchant (par 0019] One method currently used by transaction processors to detect risky merchant behavior involves reviewing daily hard copy mainframe reports, which identify merchants whose prior day's processing activity has met predefined criteria. For example, a hard copy report may list all merchants whose processing volume or average sales ticket amount exceeded expected levels. ).  

 	As per claim 8,  Caldwell in view of O’Mara in view of Watson discloses the method of claim 4, O’Mara discloses wherein generating the risk level for each merchant in the list of merchants is based on a type of personal data each merchant collects (par 0018 Merchant risk for a particular merchant is a function of the merchant's industry, credit card processing volumes, business practices, financial strength, viability and payment trends in the industry, as well as the extent to which there is delivery of a product or service. These elements can be used to estimate the level of merchant risk and to monitor for potential chargebacks and par 0026dentifying merchant risk includes collecting data elements for a plurality of merchants; automatically performing a first level process using the data elements so as to identify a first subset of merchants for review; automatically performing a second level process so as to collect additional information for the first subset of merchants; and automatically performing a third level process using the first subset of merchants and the additional information so as to identify a second subset of merchants ).  
 	As per claims 13-17, those claims are based on the same rational set forth the 4--8 respectively.
 	

 	




Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

 	Allbright et al US 2019/0188722 discloses 0027 proactively identifying merchants that are at-risk by comparing them against a card list, and then computing metrics that identify the merchants that might have been breached. A payment card issuer, such as a bank, may then more efficiently address at-risk PANs associated with the identified merchants, thereby significantly reducing the time and resources required to respond to large-scale ADC events.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABU S SHOLEMAN whose telephone number is (571)270-7314. The examiner can normally be reached EST: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JORGE ORTIZ CRIADO can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ABU S SHOLEMAN/Primary Examiner, Art Unit 2496