DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on October 29, 2020 has been entered.
 
Response to Amendment
Claim 1 has been amended.  Claim 2 has been canceled.  Claims 10-18 have been withdrawn.  Claims 1 and 3-9 are pending and are provided to be examined upon their merits.

Response to Arguments
Applicant’s arguments with respect to claims 1 and 3-9 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.  Nevertheless, a response is provided below in bold where appropriate.
Applicant argues 35 USC §101 rejection, pg. 6 of Remarks:
The Rejection of Claims Under §101
Claims 1 and 3-9 were rejected under 35 U.S.C. § 101 as allegedly being directed to non-statutory subject matter.
Independent claim 1 includes obtaining of the beacon device identifier and the GPS location data. As such, Applicant again respectfully traverses the assertion that claims 1 and 2-9 are directed to an abstract idea, in particular to the abstract idea of applying a rule to approve a payment authorization request. This treatment of the claims ignores certain elements of the claims. Applicant requests the claims be examined in their entirety, taking into account all claim language and all elements not just individually, but as specific combinations of elements.
A combination of abstract elements is still abstract.  Receiving one of a beacon device identifier and a detected global positioning system location is not improving such technology but using existing technology.  
Applicant further submits that the claimed methods actually involve practical applications of quite concrete methods that define very specific data processing actions and data elements that are obtained and identified, including data from at least one beacon device or GPS data.
Respectfully, the above concrete methods and specific actions are not the requirement for a practical application.  See MPEP 2106.04(d) I.
Further, even though one or more abstract ideas may be involved in the claim, the claim elements operate in concert to provide a tangible solution providing greater security in approval of transactions.
The additional element(s) itself cannot be abstract.  A practical application or significantly more would comprise non-abstract element(s).
As such, Applicant respectfully requests reconsideration of the claims in view of the most recent Section 101 guidelines and withdrawal of the 35 U.S.C. § 101 rejections.
The rejection is respectfully maintained but modified for the claim amendments.
Applicant argues 35 USC §112 rejection, pg. 6 of Remarks:
The Rejection of Claims Under § 112

To avoid misinterpretation of the claim, the Examiner requests Applicant use the disjunctive term “or” and not the conjunctive term “and” as the specification does not teach both (only teaches disjunctive “or”).  

This rejection is respectfully maintained but modified based on further consideration and the claim amendments.

Applicant argues 35 USC §103 rejection, pg. 6 of Remarks:
The Rejection of Claims Under §103
Claims 1 and 3-9 were rejected under 35 U.S.C. § 103 over Duke Michael T (U.S. 10,303,869; hereinafter; “Duke”) in view of Bass Joshua David (U.S. 2015/0242890; hereinafter; “Bass”).
Applicant respectfully traverses the rejection of claims 1 and 3-9 as the asserted combination of references fails to teach or suggest all of the claim elements. For example, independent claim 1 includes receiving detected location data from a mobile device app of a holder of the account as a beacon device identifier and a detected global positioning system (GPS) location. The location is not determined in Duke in this same manner. There are no beacon devices actually disclosed in Duke and the location is not determined based on both a beacon device and GPS location data.
Applicant’s disclosure does not teach receiving and using both, but only one. 
Even if two or more modes of location finding are described in Duke, they are not described in a way that they are both used to locate an individual. GPS data is used for some purposes while other data, although not beacon data which is not described, is used for other purposes. Bass is asserted for purposes of showing both GPS and beacons, but the citation in Bass is merely examples of solutions that may be used, but not use of both at the same time. Thus, not only do the cited references fail to teach all of the claim elements individually, but also when combined. As such, there is no teaching or suggestion of utilizing both GPS location data and beacon locating data as claimed, considered in either a piecemeal or a combined manner. Withdrawal of the Section 103 rejections and allowance of claims 1 and 3-9 are respectfully requested.
Duke et al. alone teaches multifactor identification and geospatial attributes of users.  They also teach incorporating multiple devices.  Applicant’s own disclosure does not teach using both (beacon and GPS), however, the rejection is modified based on the claim amendments.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1 and 3-9 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. 
Claims 1 and 3-9 are directed to a method, which is a statutory category of invention.  (Step 1: YES).
The Examiner has identified method Claim 1 as the claim that represents the claimed invention for analysis.  Claim 1 recites the limitations of:
A method comprising:
receiving data defining an account payment authorization request via a computer network for an amount that exceeds an allowed amount for the account;
receiving detected location data from a mobile device app of a holder of the account as one of a beacon device identifier and a detected global positioning system (GPS) location and the other from a database,
applying a data processing rule, by a computer processor executing instructions, against the data defining the account payment authorization request and other data available in a database with regard to the account to determine whether to approve the account payment authorization request wherein:
the rule identifies a plurality of data items to consider as factors, which when present in the database are assigned weighted values based on the respective values of the data items, at least one of the data items identified in the rule includes at least one of the beacon device identifier and the detected GPS location of the mobile device of the holder of the account; and
the rule defines at least one of one or more individual weighted values and a sum of weighted values that determine whether the account payment authorization request is to be approved or denied subject to obtaining a secondary authorization, and
when application of the rule determines that the account payment authorization request is denied, transmitting a request to obtain a secondary authorization of the account payment authorization request.
These above limitations, under their broadest reasonable interpretation, cover performance of the limitation as certain methods of organizing human activity.  The claim recites elements, highlighted in bold above, which covers performance of the limitation as a fundamental economic practice (e.g. mitigating risk by determining that the payment authorization request is denied) and commercial interactions (e.g. receiving data defining an account payment authorization request).  If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation as a fundamental economic practice, then it falls within the “Certain Methods of Organizing Step 2A-Prong 1: YES. The claims are abstract)
This judicial exception is not integrated into a practical application. In particular, the claims only recite: a computer; mobile device; beacon; and a global positioning system.  The computer hardware is recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer component.  See the Specification and problem being solved in para. [0001] and [0057].  The beacon and GPS are taught and claimed at a high level of generality (paras. [0012] and [0043]) in the specification, which indicates the use of existing technology (e.g GPS for location information and Bluetooth, WiFi for beacon), and does not teach what the identifier is for the beacon (e.g. network address of WiFi, etc.).  See MPEP 2106.05(f) and 2106.05(h) where applying a computer or generally linking a judicial exception to a technological environment is not indicative of a practical application. Also the October 2019 Update: Subject Matter Eligibility, pg. 13 where a technical explanation of new or improved technology in the disclosure and claims would indicate a practical application.  Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they  do not impose any meaningful limits on practicing the abstract idea. Therefore claim 1 is directed to an abstract idea without a practical application.  (Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application)
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when considered separately and ep 2B: NO. The claims do not provide significantly more)  
Dependent claims 3-9 further define the abstract idea that is present in the independent claim 1 and thus correspond to Certain Methods of Organizing Human Activity and hence are abstract for the reasons presented above.  The dependent claims do not include any additional elements that integrate the abstract idea into a practical application or are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination. Therefore, the claims 3-9are directed to an abstract idea.  Thus, the claims 1 and 3-9 are not patent-eligible.

Claim Rejections - 35 USC § 112

(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1 and 3-9 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention.  
Claim 1 has “receiving detected location data from a mobile device app…. as one of a beacon device identifier and a detected global positioning system (GPS) location;” and “the rule identifies a plurality of data items to consider as factors, which when present in the database are assigned weighted values based on the respective values of the data items, at least one of the data items identified in the rule includes at least one of the beacon device identifier and the detected GPS location of the mobile device of the holder of the account; where no written description of receiving and data items 
From Applicant’s specification…
“In one such embodiment, the card issuer system may look to additional evidence as to the veracity of the requested payment, such as by considering a location of ,where the payment tendering is being made in view of other data stored in a database with regard to the account. This other data may include location data as received from or with regard to a mobile device of the account holder in proximity to the location where the payment tendering is being made. This location data may be received based on BLUETOOTH@ beacon data or global positioning system (GPS) data received by a card issuer system from an app that executes on the mobile device of the account holder. Other location may also or alternatively be considered, such as a location of one or more most recent transactions, known travel destinations, a location of a last login to a card issuer ,website as determined from a login source IP location, and the like. The other data may also consider the difference between the requested payment amount and the available payment amount. This data and other data may be considered and given a weighting for determining whether to approve the requested transaction.” [0012]
Therefore an app provides either beacon data or GPS data, but not both.
To avoid misinterpretation of the claim, the Examiner requests Applicant use the disjunctive term “or” and not the conjunctive term “and” as the claim does not teach the conjunctive term.
Claims 3-9 are further rejected as they depend from Claim 1.

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1 and 3-9 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 has “…and the other from a database;” where there is no antecedence for “the other” and it is indefinite as to other refers to (what other?).  
Claims 3-9 are further rejected as they depend from Claim 1.

Examiner Request
The Applicant is requested to indicate where in the specification there is support for amendments to claims should Applicant amend.  The purpose of this is to reduce potential 35 U.S.C. §112(a) or §112 1st paragraph issues that can arise when claims are amended without support in the specification.  The Examiner thanks the Applicant in advance.


Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, and 3-9 are rejected under 35 U.S.C. 103 as being unpatentable over Patent No. US 10303869 to Duke et al. in view of Patent No. US 8640197 to Heffez.
Regarding claim 1
A method comprising:


Duke et al. teaches:
Obtained (receiving) a request for authorization…
“The method 500 starts at 502, when a set of parameters obtained at substantially the same time as (e.g., prior to, just prior to, during, and so on) an interaction between a user and an entity are compared with historical parameters associated with the user. The set of parameters may be obtained at about the same time as a user requests access to a resource, wherein authorization is needed before the resource may be accessed. For example, each authentication parameter of the set of authentication parameters may be associated with a distinct parameter. For example, at least one parameter may be obtained at initiation of the interaction.” (col. 20, lines 21-31)

Receiving authentication data, where the request exceeds a limit on an account…
“According to some implementations, the rule-based pattern 304 may take into account risk. For example, if the user is using an ATM is a bad section of town, it might be considered a higher risk interaction and additional authentication may be needed. In some implementations if a home address has changed in the last twenty-four hours, a limit on the ability to withdrawn money is placed on the user's account (e.g., may only withdraw up to $100 or up to $500).” (col. 12, lines 49-56)  Inherent with additional authentication at an ATM is receiving authentication data for an account.

	Table 5 teaches examples of monetary and authorization limits…


    PNG
    media_image1.png
    137
    371
    media_image1.png
    Greyscale



    PNG
    media_image2.png
    121
    368
    media_image2.png
    Greyscale




Carrying technology (mobile device)…
“The carrying technology 404 may be any device that a user carries with them, such as mobile devices (e.g., mobile phone). The carrying technology 404 may capture travel patterns and voiceprints (e.g., listen in). The carrying technology 404 may facilitate partner application authentication and/or authenticate to a third party (pre-arranged) by text or other manner of communication.” (col. 13, lines 59-67)

Table 3 and “Partner App Authentication” and Description Geo Location…


    PNG
    media_image3.png
    152
    374
    media_image3.png
    Greyscale



Geospatial attributes may relate to locations of the user, therefore receiving detected locations…
“The geospatial attributes may relate to various locations of the user including, but not limited to, where the user typically travels, duration of travel, duration of time at a particular location, activities performed at the location, and so on.” (col. 5, lines 40-44)  Inherent with geospatial attributes relate to locations of the user is receiving and detecting the locations.

External sensors (beacons) associated with a place…
“Further, the relative multifactor authentication may incorporate the pairing, coordination, monitoring, and communication of devices. These devices may include, but are not limited to, smartphones, smart watches, activity tracking devices, health monitoring devices, augmented reality devices (e.g., augmented reality headsets or heads-up displays, both wearable and non-wearable), vehicles (e.g., through near field communication, Bluetooth, or other communication technologies), and so on. These devices may also include appliances, vehicles, and other types of objects that have communication capability. The devices may include internet of things (IoT) devices that are under the control of and/or in proximity to the user. Further, the IoT devices may be external sensors and/or monitors associated with an object or a place (e.g., bank branch, ATM, merchant linked to the financial systems, and so on).” (col. 4, lines 44-59)

Location based on devices (plural)…
“The ability of the entity (e.g., the systems disclosed herein) to know the real-time geo-locations of customers may be determined based on devices that may be strongly bound to customers. Such devices may be, but are not limited to, smartphones and wearables. The customer's geo-location may be used as a factor in fraud detection and risk assessments.” (col. 19, lines 7-13)

Two geo-locations, where the customer is and where the account is being accessed…
“For example, fraud detection based on geo-location may be as straight forward as knowing that a customer is in Location A, but the customer's account is being accessed in Location Z. Further, risk assessment based on geo-location may also be as simple as knowing the customer is in a geo-location that the entity deems more risky.” (col. 19, lines 14-19)

	See Beacon and GPS below.

applying a data processing rule, by a computer processor executing instructions, against the data defining the account payment authorization request and other data available in a database with regard to the account to determine whether to approve the account payment authorization request wherein:

Based on (applying) rules-based pattern (data processing rule) for authentication…
“Based on a rules-based pattern, the relative multifactor authentication may be utilized to dynamically apply a weighted value to one or more attributes taken into account when users conduct interactions with the entity. As used herein an "interaction" may be any touch point or transaction between the financial institution (e.g., entity) and the user. The relativity of the multifactor authentication is the level of authentication needed relative to the type of interaction (e.g., transaction) between the entity and the user. Alternatively or additionally, the level of authentication may be based on the absence of a typical or usual factor, which triggers the need for an alternate factor leveraging a context function.” (col. 3, lines 20-32)

Authentication based on data store (database) of attributes…
“In order to authenticate the user seamlessly, historical data 202 (e.g., behavior metric profile) associated with the one or more attributes 102 may be determined and retained in a data store 204. According to some implementations, the data store 204 may be integrated, at least partially, with one or more other system 200 components and/or the memory 110. According to other implementations, the data store 204 may be retained external to the system 200, wherein the system 200 may access the external source as needed to access the historical data 202.” (col. 8, lines 52-61)


Geospatial data as attribute data… 
“The attributes (both historical and current) may be placed into different categories include geospatial, biological/health, and/or device categories. The geospatial category may include information related to where the user typically goes (e.g., a location), such as home, work, a store, a coffee shop, a school, a central location, and so on. The geospatial category may also relate to geolocation relationships. The geolocation relationships may include, the route the user travels to get to the location, for how long the user remains at the location, what the user does at the location, how often the user goes to the location (e.g., daily, weekly, bi-weekly, every three months, every six months, once a year), and so on. Pathing associated with the geospatial category may include information related to the user consistently going to the grocery store on Elm Drive, the grade school on Smith Circle, and the coffee shop on Spruce Road. Patterns associated with the geospatial category may include information related to the fact that the user visits the ATM by his office on Mondays and Fridays and typically withdraws $100 during each visit.” (col. 9, lines 37-56)

Using attribute data for authentication…
“By tracking and combining the attribute data, the evaluation component 118 and/or the analysis component 120 may review the combination for an authentication nominal variance. If the combination results in a value that is within the expected value range of the authentication nominal variance, the user 104 may be automatically validated by the authentication component 122 and the interaction 106 may proceed. However, if the resulting value is outside the range of the authentication nominal variance, additional information may be solicited from the user 104 by an assessment module 208.” (col. 10, lines 44-54)

For purchases (payments)…
“As non-limiting examples, a customer's physical credit card may be used to make purchases at a point of sale and/or a credit card number may be used to make purchases online. In other examples, the customer's account information may be accessed and viewed through a financial institution's website, the customer may manage an account through a phone bank, and so on.” (col. 1, lines 12-18)

“According to an implementation, continuous (or nearly continuous) monitoring in context can be performed. Such monitoring may provide the ability to pre-approve a particular interaction. The pre-approval may be performed since there is sufficient information to initiate authorized interaction for certain types of interactions based on the user providing their name or recognizing their presence. For example, a user may walk into a bank branch or up to an ATM and the user may be automatically welcomed. Further, an interaction or options of interactions may be provided because the user is identified based on their behavior, devices, and/or context and the fact that the user is at a specific location.” (col. 19, lines 59-67 to col. 20, lines 1-4)

Example of authentication of a user…
“Further, the authentication may be tied to a device or a set of devices that include applications or other functionality to allow authentication for the associated user that selectively "opts in" to use relative multifactor authentication.” (col. 20, lines 5-8)

the rule identifies a plurality of data items to consider as factors, which when present in the database are assigned weighted values based on the respective values of the data items, at least one of the data items identified in the rule includes at least one of the beacon device identifier and the detected global positioning (GPS) location of the mobile device of the holder of the account; and
[The language only requires beacon or GPS, but not both… “at least one of the data items…includes at least one beacon device and a detected global positioning system (GPS)…” therefore one data item would be either beacon or GPS data.  Nevertheless, both are provided even though not required.]

Using location as a factor…
“The ability of the entity (e.g., the systems disclosed herein) to know the real-time geo-locations of customers may be determined based on devices that may be strongly bound to customers. Such devices may be, but are not limited to, smartphones and wearables. The customer's geo -location may be used as a factor in fraud detection and risk assessments.” (col. 19, lines 7-13)

Fig. 110, Memory (database)…


    PNG
    media_image4.png
    281
    359
    media_image4.png
    Greyscale




	
[The “sum” of weighted values includes one weighted value and a sum of that one value.  Therefore one weighted values is a “sum.”]

Geo-location as a factor…
“The ability of the entity (e.g., the systems disclosed herein) to know the real-time geo-locations of customers may be determined based on devices that may be strongly bound to customers. Such devices may be, but are not limited to, smartphones and wearables. The customer's geo -location may be used as a factor in fraud detection and risk assessments.” (col. 19, lines 7-13)

Example of weight for factors and “add (sum) weighted registrations…
“The weighted authentication value of 1 in Table 4 instructs the assessment module 208 to request to authentication. The weighted authentication value of 2 instructs the assessment module 208 to fetch customer authentication profile. The weighted authentication value of 3 instructs the assessment module 208 that X of N factors are registered, which results in a base authentication score (X of N factors registered=base authentication score), where X and N are integers and X is less than or equal to N. Further, the weighted authentication value of 4 instructs the assessment module 208 to add weighted registrations, which results in an extended authorization value. The weighted authentication value of 5 instructs the assessment module 208 to test each authentication test (e.g., stride, home location, partner application, and so on). Further, the weighted authentication value of 6 instructs the assessment module 208 that successful authorization is equal to 1 and unsuccessful authorization is equal to 0. The base authentication score added to the sum of the authorization test score multiplied by the weighted values is equal to the total authorization value, as per the following equation. Base Auth Score+(Auth Test Score*weighted values)=TotalAuthValue” (col. 15, lines 31-55

when application of the rule determines that the account payment authorization request is denied, transmitting a request to obtain a secondary authorization of the account payment authorization request.

Not authorize (deny) if outside tolerance level, and one or more actions of user may be necessary (obtain secondary authorization)…
“An authentication component 122 may be configured to selectivity authenticate the user based on the determination by the analysis component 120. For example, if the combination or total value of the attributes, after the weighted values or percentages are applied, is within a defined tolerance level, the user may be automatically authenticated to perform the interaction. However, if the weighted values or percentages are outside the defined tolerance level, one or more additional actions may be necessary before the user is authorized or a determination is made that the user should not be authorized. According to some implementations, if the weighted values or percentages are outside the defined tolerance level, authentication of the user may be automatically denied.” (col. 6, lines 35-48)

	Beacon and GPS
Duke teaches geo-location and smartphones.  They also teach detection of a customer at Location A and account accessed at Location B.  They do not teach beacons and GPS.

Heffez also in the business of geo-location and smartphones teaches:
Database with WiFi (beacon) unique ID…
“That verification seeks to confirm that the mobile phone owner's information and the credit card/bank account owner's information match. At step 208, the site may check if (a) the Internet user's identity at step 107 matches with the external or internal database and (b) if the Internet user did not uncheck the box at step 206. If the Internet user did not unchecked the checked checkbox in step 206, and the Internet user's information in step 107 matches, then the Internet site can request the Internet user's phone location 109 and begin authenticating the transaction using the Internet user's location details (mobile phone number /location, computer location such as WiFi, home address or Geo IP, etc.). This might entail accessing a database that matches a WiFi's unique ID (i.e., identity such as, but not limited to, an Internet media-access-control (MAC) address) with known positions corresponding to each WiFi unique ID. If the above conditions are not met, the site will use other authentication methods 110.” (col. 9, lines 22-39)

One device (e.g. smart phone) with WiFi location (beacon) and GPS location…
“Another example employs two separate devices with two separate sources of wireless locations, such as a laptop computer and a communication voice device such as a mobile phone. One source of information is the wireless location of the laptop's WiFi, provided by the browser, and the second source of wireless location is the mobile phone's location according to GPS, Cell site or antenna triangulation. Additionally, there could be one device with two separate sources of wireless location, such as a smart phone such as a PDA or iPhone.TM.. Here, it is a single device with the source of information being the WiFi location provided by the browser and the second and separate source of wireless location being the cellular carrier tower triangulation or GPS location provided by the mobile phone carrier.” (col. 10, lines 28-41)

It would have been obvious to one of ordinary skill in the art at the time of filing to include in the method and system of Duke et al. the ability to use both Wi-Fi (beacon) and GPS as taught by Heffez since the claimed invention is merely a combination of old elements and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.  Further motivation is provided by Heffez and the benefits of using such systems for identification of Internet users.  Duke et al. benefits by the enhanced security and convenience of a single device with both WiFi and GPS as they also allow for Internet users to perform transactions with location.

Regarding claim 3
The method of claim 1, wherein receiving the account payment authorization request includes receiving a payment authorization request from an entity receiving a payment tender associated with the account of the account payment authorization request.

Duke et al. teaches:
Example of make purchases with a card (payment tender)…
“As non-limiting examples, a customer's physical credit card may be used to make purchases at a point of sale and/or a credit card number may be used to make purchases online. In other examples, the customer's account information may be accessed and viewed through a financial institution's website, the customer may manage an account through a phone bank, and so on. Although these options provide increased access and convenience for the customer, each of these channels also provide opportunities for fraudulent access.” (col. 1, lines 12-21)

Regarding claim 4
The method of claim 3, wherein the payment tender is received through a provisioning of one of a bankcard, a wireless signal from a customer device, and a set of bankcard or account data via an input mechanism of a computing device.

Duke et al. teaches:
Example of make purchases with a card (payment tender)…
“As non-limiting examples, a customer's physical credit card may be used to make purchases at a point of sale and/or a credit card number may be used to make purchases online. In other examples, the customer's account information may be accessed and viewed through a financial institution's website, the customer may manage an account through a phone bank, and so on. Although these options provide increased access and convenience for the customer, each of these channels also provide opportunities for fraudulent access.” (col. 1, lines 12-21)

Regarding claim 5
The method of claim 1, wherein transmitting the secondary authorization request is performed via one or more transmission mechanisms as defined within data in association with the account.

Duke et al. teaches:
User registers (defines) with the system, communication devices…
“For example, during a monitoring period (e.g., over a span of a few days, a week, two weeks, a month, and so on), the observation component 114 may be configured to monitor one or more attributes 102 associated with at least one user 104. During the monitoring period, or when the user 104 registers with the system 200, the user 104 may provide an indication of one or more external devices 116 that are associated with the user 104. The one or more external devices 116 may be proximity devices, wearable devices (e.g., a health monitoring device, an activity monitoring device, a wristwatch, jewelry, tracking devices, or other objects that includes communication capabilities, and so on). Other examples of wearable devices may include implanted devices (e.g., a pacemaker, microchip, smart tattoo, cardioverter-defibrillator, and so forth). Additionally or alternatively, the one or more external devices 116 may be other types of devices or objects that are associated with the user. Examples of these devices or objects include communication devices (both wired and wireless), a vehicle, an object with an RFID chip or other communication mechanism, and so on.” (col. 8, lines 62-67 to col. 9, lines 1-15)

Where secondary information may be needed…
“By tracking and combining the attribute data, the evaluation component 118 and/or the analysis component 120 may review the combination for an authentication nominal variance. If the combination results in a value that is within the expected value range of the authentication nominal variance, the user 104 may be automatically validated by the authentication component 122 and the interaction 106 may proceed. However, if the resulting value is outside the range of the authentication nominal variance, additional information may be solicited from the user 104 by an assessment module 208.” (col. 10, lines 44-54)

Where the interaction includes a user with an account (therefore association of account with user)…
“The interaction condition may also be the type of interaction (e.g., account balance review, withdrawal, address change, loan processing, loan payment, execute a power of attorney, and so on.) Additionally or alternatively, the interaction condition may be the type of risk factors involved with a particular interaction, historical analysis (e.g., interactions where fraud has occurred in the past, whether directed to the particular user, to the interaction, or to the location). The user condition may be a change in the user's health, routine, or other factors.” (col. 22, lines 57-67)

Regarding claim 6
6.    (Original) The method of claim 1, wherein transmitting the secondary authorization request includes transmitting a request for secondary authorization input via at least one of:
an SMS message to a mobile device of a holder of the account;

an in-app message to an app that executes on a mobile device of the holder of the account; 

an electronic message to a teller or clerk station located in proximity to a location where the account payment authorization request originated; and

an automated interactive voice response telephone call to a phone number associated with the holder of the account.

Duke et al. teaches:
Example of voiceprint…
“In another example, the continual authentication may be utilized to determine if the user's blood pressure range has spiked (e.g., the user is nervous or scared and may be under attack). For example, the user may be asked to say, "Hello!" during the process to verify the voiceprint.” (col. 4, lines 21-25)

Where interaction is over the telephone…
“For example, the weighted values may be altered based on an interaction condition, a user condition, a current context, or combinations thereof. The interaction condition may be the location of the interaction ( e.g., in person at a bank, online with the user's computer, over the telephone, and so on).” (col. 22, lines 52-57)

Regarding claim 7
The method of claim 1, further comprising:
receiving a satisfactory reply to the request for secondary authorization; and 

Duke et al. teaches:
Within tolerance (satisfactory reply)…
“An authentication component 122 may be configured to selectivity authenticate the user based on the determination by the analysis component 120. For example, if the combination or total value of the attributes, after the weighted values or percentages are applied, is within a defined tolerance level, the user may be automatically authenticated to perform the interaction. However, if the weighted values or percentages are outside the defined tolerance level, one or more additional actions may be necessary before the user is authorized or a determination is made that the user should not be authorized. According to some implementations, if the weighted values or percentages are 
approving the account payment authorization request.
Authenticate user…
“An authentication component 122 may be configured to selectivity authenticate the user based on the determination by the analysis component 120. For example, if the combination or total value of the attributes, after the weighted values or percentages are applied, is within a defined tolerance level, the user may be automatically authenticated to perform the interaction. However, if the weighted values or percentages are outside the defined tolerance level, one or more additional actions may be necessary before the user is authorized or a determination is made that the user should not be authorized. According to some implementations, if the weighted values or percentages are outside the defined tolerance level, authentication of the user may be automatically denied.” (col. 6, lines 35-48)

Regarding claim 8
The method of claim 1, wherein the other data available in the database includes: 

data identifying, or from which an identification can be made of, a location from which a holder of the account last logged in to the account;

Duke et al. teaches:
Historical location (therefore location data stored in a database)…
“The attributes (both historical and current) may be placed into different categories include geospatial, biological/health, and/or device categories. The geospatial category may include information related to where the user typically goes (e.g., a location), such as home, work, a store, a coffee shop, a school, a central location, and so on. The geospatial category may also relate to geolocation relationships. The geolocation relationships may include, the route the user travels to get to the location, for how long the user remains at the location, what the user does at the location, how often the user goes to the location (e.g., daily, weekly, bi-weekly, every three months, every six months, once a year), and so on. Pathing associated with the geospatial category may include information related to the user consistently going to the grocery store on Elm Drive, the grade school on Smith Circle, and the coffee shop on Spruce Road. Patterns associated with the geospatial category may include information related to the fact that the user visits the ATM by his office on Mondays and Fridays and typically withdraws $100 during each visit.” (col. 9, lines 37-56)  Inherent with historical location is storing in a database.

data identifying a date, time, and location of at least one recent transaction; and 

Location and time (how long, etc.)…
attributes (both historical and current) may be placed into different categories include geospatial, biological/health, and/or device categories. The geospatial category may include information related to where the user typically goes (e.g., a location), such as home, work, a store, a coffee shop, a school, a central location, and so on. The geospatial category may also relate to geolocation relationships. The geolocation relationships may include, the route the user travels to get to the location, for how long the user remains at the location, what the user does at the location, how often the user goes to the location (e.g., daily, weekly, bi-weekly, every three months, every six months, once a year), and so on. Pathing associated with the geospatial category may include information related to the user consistently going to the grocery store on Elm Drive, the grade school on Smith Circle, and the coffee shop on Spruce Road. Patterns associated with the geospatial category may include information related to the fact that the user visits the ATM by his office on Mondays and Fridays and typically withdraws $100 during each visit.” (col. 9, lines 37-56)  

Location at a previous time (date and time)…
“For example, user behavior may be tracked in other interactions and compared to another transaction (such as a high value transaction), or multiple other transactions. In another example, user and/or device movement may be tracked and compared with a current context. The comparison may indicate where the user and/or the device was at during a previous time to where the user and/or device is at currently.” (col. 5, lines 11-18

Traveling technology (mobile device) providing location of a user in the past days (date) or at a time…
“The traveling technology 406 may be various devices that may capture information related to a location of the user (e.g., near an ATM, near or in a store, and so on) or geospatial data. The traveling technology 406 may determine a home location (e.g., where the user has been most frequently in the last four days, last week, previous thirty days, and so on). According to some implementations, the traveling technology 406 may facilitate vehicle authentication (e.g., authentication with vehicle, driving behavior check, and so on). In an aspect, the traveling device may capture current contextual information, time of day, weather, environmental quality in relation to proximity of the user, and so forth.” (col. 14, lines 1-14)

Regarding claim 9
The method of claim 1, wherein the allowed amount for the account is zero based on a prior potential or actual account fraud activity determination.

Duke et al. teaches:
Mitigating fraud (potential fraud) on an account (allowed amount is zero)…
“If the user receives the alert and is still in the same house, it might indicate that fraud is about to occur (or has been occurring). In this manner, fraud may be proactively mitigated on the customer's account. This also ties into the mitigation of identity theft and, rather than detecting the identity theft after it occurs, the disclosed aspects may be able to notice a change that may indicate identity theft is likely to occur in the near future.” (col. 23, lines 26-34)


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
The following prior art teaches at least global positioning and beacon (or Bluetooth or WiFi) device(s) for location:
Pub. No.: US 20080062940 A1; US 20140206379 A1; US 20150247913 A1; US 20160171486 A1; US 20160260296 A1; US 20160323717 A1; US 20160323754 A1; US 20180286207 A1
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KENNETH BARTLEY whose telephone number is (571)272-5230.  The examiner can normally be reached on Mon-Fri: 7:30 - 4:00 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHAHID MERCHANT can be reached on (571) 270-1360.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/KENNETH BARTLEY/Primary Examiner, Art Unit 3693