DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This is in response to Application with case number 17/235,504, filed on 4/20/2021 in which claims 2-21 are presented for examination.
The examiner notes that Abstract does not include any legal phraseology and is less than 15 lines.
The examiner notes that the Specification does not include any URL link(s) and any trademarks requiring capitalization.
	The examiner notes no claims invoke USC 112(f).
Status of Claims
Claims 2-21 are pending, of which claims 2, 11, and 18 are in independent form.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum,
686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321 (c) or 1.321 (d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321 (b).

The USPTO internet Web site contains terminal disclaimer forms which may be used. Please visit http://www.uspto.gov/forms/. The filing date of the application will determine what form should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-l.jsp.
Claims 2, 11, and 18 of the instant application are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over the claims 13 and 17 of US Patent No. 10,438,009.
Although the conflicting claims are not identical, they are not patentably distinct from each other because the subject matter of the instant application would have been obvious to one of ordinary skill in the art in light of the disclosure of each application or patent listed above and because both applications disclose method, system, and storage medium for limiting device functionality limitation based on a user device data detection and risk found from the user device data.
Claims 2, 11, and 18 of instant application includes similar limitations as claims 13 and 17 of US Patent No. 10,984,120 as follows.
Instant Application
US Patent No. 10,984,120
2. (New) A system comprising:
one or more processors; and
one or more machine-readable storage media having instructions stored thereon that, in response to being executed by the one or more processors, cause the system to perform operations comprising:

receiving, by a data detection component, data associated with a user device;





determining that the data associated with the user device includes a risk;

analyzing, the risk to determine a limitation on the user device; and








limiting a funding amount available on a digital wallet of the user device based in part of the risk analyzed.
13. A method comprising: 








processing data detected by a data detection component of a user device system; transmitting the data detected by the data detection component to an additional device based on the processing the data, wherein the additional device is designated to receive the data in response to the data detection component detecting the data;

 determining a risk in conducting a transaction with the user device system; 

determining a risk avoidance process executable by the user device system based on the risk; determining a limitation for an application executable by the user device system based on the data and the risk avoidance process, wherein the limitation affects a process of the application, and wherein the limitation is associated with conducting the transaction via the process of the application; 

applying the limitation to the process of the application; determining an authentication process to remove the limitation to the process of the application; and displaying the authentication process in response to the transmitting the data and the applying the limitation.
17. The method of claim 13, wherein prior to determining the limitation, the method further comprises: determining a geo-location of the user device system; and determining that the geo-location is within a geographic area associated with a crime report, wherein the limitation comprises a spend limitation or an access limitation on the process of the application.


Limitations of claims 11 and 18 of instant application are similar to those of claim 2 of the instant application and thus claims 11 and 18 are rejected under the same rationale as in claim 2.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 2-6, 8-16, 18-21 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Lotter et al. (US 2016/0242143 A1) hereinafter Lotter.
As to claim 2, Lotter teaches a system (see Fig. 1, for smart phone 12 including Device Data Monitor 13) comprising:
one or more processors; and
one or more machine-readable storage media having instructions stored thereon that, in

response to being executed by the one or more processors, cause the system to perform operations comprising:
receiving, by a data detection component (e.g. Device Data Monitor 21 in Fig. 2), data associated with a user device (see Fig. 3P step 145, “Data Monitor records Device ID, data/time stamp, transaction amount, originating merchant ID, and any contextual data; see also Fig, 6A, step 161; see also Fig. 6A step 140 “Activity record is received by the Data Gateway”; see also para. [0076] “Once the transaction has been completed (step 130), Data Monitor 21 formats a data packet which includes the collected information (e.g., in an Activity Record) and sends one or more data packets to the central repository located in Data Center 17. In step 140, Data Gateway 30 located in Data Center 17 receives the data packet(s) and then writes the data packet(s) in step 150 (e.g., optionally in a signed and/or encrypted fashion as discussed in reference to FIG. 3a) to Activity Log 40, a central repository for all data collected from Mobile Communications Device 20”);
determining that the data associated with the user device includes a risk (see Fig. 6A step 162 “Data Gateway checks the Permissions database”; see Fig. 6C step 184 “Data Request Authorized”; see para. [0090] “Once the request for a data service has been received (Step 130), Data Monitor 21 formats a data packet which includes the collected information (Activity Record) and sends one or more data packets to the central repository located in Data Center 17. In step 140, Data Gateway 30 located in Data Center 17 receives the data packet(s) and then checks the content of the data packet(s) in step 162 against Permissions 50 database located in Data Center 17. If the data request was not authorized (step 163), Data Gateway 30 notifies (step 164) Mobile Communications Device 20 by sending a message through Cellular Service Provider 16 to Data Monitor 21 on Mobile Communications Device 20. In Step 166, Data Monitor 21 cancels the data service request. If the data request was authorized (step 163), Data Gateway 30 notifies (step 165) Mobile Communications Device 20 by sending a message through Cellular Service Provider 16 to Data Monitor 21 on Mobile Communications Device 20. In Step 167, Data Monitor 21 completes the authorized data service request.”; see also para. [0117] and [0118] as example of analyzing the received context data of the Device 20 in order to determine if any actions were violating the permission rules such that the actions in the context data include risk to authorize the data request step.);
analyzing, the risk to determine a limitation on the user device (see Fig. 6C, step 184 and para. [0117], [0118] “…the GPS information may be provided by Device Data Monitor 21 to Data Center 17, where it is stored in activity log 40, and an alert provided to the administrator if the Mobile Communications Device 20 enters a restricted area or proceeds outside of a defined geographic region”); and
limiting a funding amount available on a digital wallet of the user device based in part of the risk analyzed (see para. [0111] “…the monitoring of this particular data service use (e.g., by Device Data monitor 21 and/or Network Data Monitor 200) may allow the unauthorized attempt to access funds in a mobile wallet to be blocked using the techniques disclosed herein (e.g., as discussed in reference to FIGS. 5 and 6B) and/or to alert the user of the unauthorized activity (e.g., as discussed in reference to FIGS. 7A-7B).”).
Claims 11 and 18 includes similar or identical limitations as claim 2 and thus claims 11 and 18 are rejected under the same rationale as in claim 2.
As to claim 3, in view of claim 2, Lotter wherein the limiting can include a complete limitation without access to the digital wallet (see Fig. 6C step 187 “Data Monitor cancels data request.”; see para. [0019] “In general in accordance with some embodiments, the type of unauthorized activity being monitored may include any form of information transmission and/or reception (e.g., of audio, photo, video, textual data, or multimedia information), any type of change to the wireless data device, any form of financial transaction transmission and/or reception (e.g., a transaction recipient, a transaction originator, an amount threshold by account used, a time of day, a geo location, or other aspect of a financial transaction), and/or device presence or hardware operability (e.g., unauthorized devices in an area, usage of device cameras in the area, etc.).”; see also para. [0015] “Additional rules can be applied to alert and/or restrict or block access to the device and/or application based on a geographical location (sometimes referred to as a geo location or geo stamp), a proximity to the device, a time of day, single purchase thresholds, weekly purchase thresholds, content based on classification, alerts generated when the account balance goes below a certain threshold, and/or other suitable rules for monitoring, blocking, or restricting content.”)).

As to claims 4, 14, in view of claims 2, 11, respectively, Lotter teaches wherein the data associated with the device includes at least one of proximate data to the device and contextual data associated to the device in real-time (see para. [0015] “Additional rules can be applied to alert and/or restrict or block access to the device and/or application based on a geographical location (sometimes referred to as a geo location or geo stamp), a proximity to the device, a time of day, single purchase thresholds, weekly purchase thresholds, content based on classification, alerts generated when the account balance goes below a certain threshold, and/or other suitable rules for monitoring, blocking, or restricting content.”).

As to claims 5, 15, in view of claims 4, 14, respectively, Lotter teaches wherein the proximate data is determined using an application programming interface (see para. [0058] “Mobile Communications Device 20 may include a GPS-based or other type of location-determination application (e.g., as part of phone application 22 or Device Data Monitor 21) that periodically or continuously determines the location of Mobile Communications Device 20, with this location information provided to Data Center 17 (e.g., stored in Activity Log 40) via Data Monitor 21…”; It is noted that the Device Data Monitor 21 would use its own function to obtain location or proximate information or would interface with another application doing location determination using that program’s publicly accessible API.)

As to claims 6, 16, in view of claims 2, 11, respectively, Lotter teaches wherein the operations further comprise: restricting the user device functionality based in part on the data associated with the user device (see para. [0015] “Additional rules can be applied to alert and/or restrict or block access to the device and/or application based on a geographical location (sometimes referred to as a geo location or geo stamp), a proximity to the device, a time of day, single purchase thresholds, weekly purchase thresholds, content based on classification, alerts generated when the account balance goes below a certain threshold, and/or other suitable rules for monitoring, blocking, or restricting content.”).

As to claim 8, in view of claim 6, Lotter teaches wherein the restricted device functionality includes power off the device in a given location (see claim 8 “wherein the monitoring program is further configured to: deactivate the at least one data services use if the at least one data services use is not allowed based on the permission rules.”)

As to claim 21, claim 21 includes similar limitation as claim 8 above, and thus claim 21 is rejected under the same reason as in claim 8 above.
As to claim 9, in view of claim 2, Lotter teaches wherein the operations further comprise: detecting irregular use of an application of the user device; restricting user device functionality based in part on the data associated with the user device (see para. [0110] “…a particular application may attempt to access the user's telephone book, address book, email records, mobile wallet, or Internet use history without authorization, which may be blocked or the user notified by implementing the techniques disclosed herein. Specifically, the monitoring of this particular data service use (e.g., by Device Data monitor 21 and/or Network Data Monitor 200) may allow the unauthorized access attempt to privileged user information to be blocked…”).
As to claim 10, in view of claim 2, Lotter teaches wherein the operations further comprise: determining, a risk is no longer present at the user device; and reversing the limitation implemented on the user device (see Fig. 6C; The examiner notes that the enforcing of the permission rules is on-going process and it’s possible that as the user requesting the authorized data access runs out of a prohibited geographical region into a new allowed location, the data request access previously denied would be allowed at the new permitted location.)
As to claims 12, 19, in view of claims 11, and 18, respectively, Lotter teaches wherein the determining the risk includes an event associated with the user device (see para. [0110] “a particular application may attempt to access the user's telephone book, address book, email records, mobile wallet, or Internet use history without authorization, which may be blocked or the user notified by implementing the techniques disclosed herein. Specifically, the monitoring of this particular data service use (e.g., by Device Data monitor 21 and/or Network Data Monitor 200) may allow the unauthorized access attempt to privileged user information to be blocked u” and [0111]).
As to claims 13, 20, in view of claims 11, and 18, respectively, Lotter teaches wherein the limiting can include a complete limitation without access to the digital wallet (see para. [0111] “Specifically, the monitoring of this particular data service use (e.g., by Device Data monitor 21 and/or Network Data Monitor 200) may allow the unauthorized attempt to access funds in a mobile wallet to be blocked using the techniques disclosed herein (e.g., as discussed in reference to FIGS. 5 and 6B) and/or to alert the user of the unauthorized activity (e.g., as discussed in reference to FIGS. 7A-7B).”).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 7, 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lotter, in view of Sims et al. (US 2018/0211248 A1) hereinafter Sims. 
As to claims 7, 17, in view of claims 6, 16, respectively, Lotter teaches wherein the restricted device functionality includes limiting access to sensitive information on the user device (see para. [0110] “[0110] As a specific example, if an application within the wireless device (e.g., wireless device 20) attempts to gain access to privileged user information and/or services without the user providing permission, the attempt to gain access may be blocked. For example, a particular application may attempt to access the user's telephone book, address book, email records, mobile wallet, or Internet use history without authorization, which may be blocked or the user notified by implementing the techniques disclosed herein. Specifically, the monitoring of this particular data service use (e.g., by Device Data monitor 21 and/or Network Data Monitor 200) may allow the unauthorized access attempt to privileged user information to be blocked.”).
Lotter does not explicitly teach but Sims teaches the limitation “wherein the limiting access includes an authentication credential” (see para. [0082]-[0086] and claim 2 “wherein the module is further configured to: determine that additional user authentication is required for access to the requested function or feature; receive second user authentication credentials; validate the second user authentication credentials; and in response to validation, enable access to one or more features or functions of a mobile application.; It is noted that in order to load sensitive mobile wallet credentials another authentication is performed to confirm the user is trusted user.)

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Lotter and Sims before him or her, to modify the scheme of Lotter by including Sims. The suggestion/motivation for doing so would have been to securely process user’s sensitive information associated with mobile wallet by requiring additional security check with authentication prior to supplying the user’s sensitive information, as briefly discussed in para. [0001] and [0003] of Sims.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HEE K SONG whose telephone number is (571)270-3260. The examiner can normally be reached on M-F 9:00 am – 5:00 pm. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867 .  The fax phone number for the organization where this application or proceeding is assigned is 571-273-7291.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/HEE K SONG/Examiner, Art Unit 2497