DETAILED ACTION
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 6/19/2020 has been entered.
 
Status of the Claims
This is a non-final office action on the merits in response to Applicant’s amendment filed on 6/19/2020 for application number 15/345,745.  Claims 1, 8, 10, 12-15, 17-19 were amended, Claim 20 was previously cancelled, Claim 21 is newly added. Claims 1-19 and 21 are currently pending and will be examined on the merits, below. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s arguments with respect to claims 1-19 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1-4, 6, 8-11, 13, 15-17, 19 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent 8401904 to Pavel Simakov et. al. (Simakov) in view of U.S. Patent Application 2015/0046340 to James Dimmick (Dimmick1). 

Regarding Claims 1, 8 and 15:
Simakov teaches a system to authenticate a user at a point of sale by using a separate out-of-band authentication by sending an SMS to the user’s cell phone. Simakov teaches: (currently amended) A method of authenticating an accountholder for relaxing authorization rules applied to a payment transaction initiated by the accountholder with a merchant, the method implemented by a server system of a payment interchange network, the server system configured to route messages over a transaction message channel between a merchant computing device associated with the merchant and an issuer computing device, the server system including at least one processor in communication with a memory, ([Column 7, lines 33-35] “The payment system 160 includes a data storage unit 167 accessible by the processing module 163. The exemplary data storage unit 167 can include one or more tangible computer-readable storage devices”).
the method comprising: detecting, on the transaction message channel, a decline message from the issuer computing device, wherein the decline message indicates that a first payment transaction initiated by the accountholder was declined by an issuer associated with the issuer computing device, ([Fig 8a, blocks 805 and 810] and [Column 17, lines 13-18] “the issuer 170 notifies the payment system 160 of the declined transaction via the card network 150, in block 805. In block 810, the payment system 160 receives the notification of the declined transaction from the issuer 170 via the card network 150”).
wherein the decline message includes a reason code for the decline, and wherein the issuer issued an account to the accountholder; ([Fig 8a, block 815] and [Column 17, lines 19-24) “The payment system 160 determines the reason the transaction was declined”).

determining from the reason code that the decline resulted from a failure to satisfy one of a plurality of authorization rules; ([Fig 8a, block 820] and [Column 17, lines 25-28] “In block 820, the payment system 160 determines whether the transaction was declined because the transaction did not meet one or more user-defined or other user-overrideable rules”).
 via an authentication message channel, [Column 4, lines 60-62] “secure communication channel…device 110” (POS) and “device 120” (user cell phone)).
transmitting…upon detecting the decline message, an authorization rules relaxation message to an accountholder computing device operated by the accountholder, wherein the authentication message channel is separate from the transaction message channel, and wherein the authorization rules relaxation message prompts the accountholder to request authorization rules relaxation; ([Fig 8a, block 825] and [Column 17, lines 31-39] “If the transaction does not meet the user-defined rules, the payment system 160 communicates a real-time override request to the user 101, in block 825. In an exemplary embodiment, the override request is communicated to the user's mobile device 120. In an exemplary embodiment, the user 101 is prompted to override the user-defined rule using the user interface 123 of the mobile device 120. In block 830, the user 101 responds to the override request using the user interface 123 of the mobile device 120” and [Column 17, lines 55-57] “If the user 101 authorizes the override, the mobile device 120 communicates the override authorization to the payment system 160, in block 840”). 
receiving, via the authentication message channel, from the accountholder computing device, an authorization rules relaxation response message; ([Fig 8a, block 845] and [Column 17, lines 58-59] “In block 845, the payment system 160 receives the override authorization from the mobile device 120”).

…receiving, via the transaction message channel from the merchant computing device, an authorization request message associated with a second payment transaction initiated 221652-00636 PATENT by the accountholder at the merchant, wherein the second payment transaction represents a reattempt of the first payment transaction; ([Fig 8a, block 855] and [Column 17, line 66 – Column 18, line 2] “the payment system 160 sends a new payment request to the issuer(s) 170 via the card network 150” and [Column 18, lines 60-61] “the user may immediately reinitiate the payment transaction with the merchant”).

enhancing, in response to the authentication of the authorization rules relaxation response message being successful, the authorization request message by inserting a rules relaxation identifier into the authorization request message, wherein the rules relaxation identifier is configured to inform the issuer computing device that the accountholder has requested, and satisfied at least one requirement for, the authorization rules relaxation; ([Column 2, lines 53-56] “Once the payment system receives authorization for the transaction, it can insert user identification information in an approval message before transmitting the approval to the merchant, through the card network and acquirer” and ([Column 19, lines 9-11] “the payment system 160 generated an authorization message and optionally adds user identification information to the authorization message”).

transmitting, via the transaction message channel, the enhanced authorization request message to the issuer computing device causing the issuer computing device to modify one or more transaction decline systems, wherein the modifying of the one or more transaction decline systems includes relaxing the authorization rule that prompted the decline of the first payment transaction; and receiving, via the transaction message channel in response to the enhanced authorization request message, an approval message from the issuer computing device, the approval message denoting relaxation of one or more authorization rules and acceptance of the second payment transaction by the issuer.   ([Fig 4b, blocks 455, 457 and 460] and [Column 16, lines 64-66] “the payment system sends a new payment request to each issuer (170a, 170b, etc.) via the card network 150, in block 455” and [Column 19, lines 3-8] “if the transaction is approved, the issuer 170 sends an authorization message to the payment system 160 via the card network 150, in block 460. If the payment system 160 is the issuer of the financial account (see block 447), the payment system 160 notes the authorization of the transaction”).
While Simakov teaches hardware capable of authenticating a credit card/cell phone user ([Column 5, lines 46-50] “Certain mobile devices 120 can be used for multiple purposes, including … secure authentication….  The secure element 126”) and Simakov teaches using a secure side channel communication to and from the user cell phone for transaction authorization including to change user-defined or default (issuer-defined) transaction rules (see [Column 10, lines 21-25]), Simakov does not specifically teach using the secure side channel for authentication: authenticating the authorization rules relaxation response message as originating from the accountholder. Dimmick1 teaches a system that uses a side channel communication to a user cell phone [0030] “secure communication channel” related to a authenticating the authorization rules relaxation response message as originating from the accountholder. ([0092-93] “the authentication computer 112 may then send an authentication request message to the consumer device 102 … SMS messaging, instant messaging… Once the authentication request message is received at the consumer device 102, the user 101 may then enter their PIN into an authentication application on the consumer device 102)”. Examiner notes that Dimmick1 also teaches that after a user is authenticated the server appends this information into the transaction channel (ISO8583) messages: [0118] “(the server) modifies the authorization request message to include the personal identifier, and transmits the authorization request message to an issuer computer”). It would have been obvious to a person of ordinary skill in the art at the time of Applicant’s Application to use the side channel authentication system taught by Dimmick1 in the side channel payment authorization system taught by Simakov because the same communication can be used for both purposes and it predictably improves transaction security to ensure that a user who has the ability to modify transaction rules is actually the authorized user. 
Regarding Claims 2, 9 and 16:
Simakov in view of Dimmick1 teaches all of the elements of Claims 1, 8 and 15.  While Simakov does not specifically teach this, Dimmick1 teaches: (original) A method in accordance with Claim 1, wherein the authorization rules relaxation response message includes a candidate value associated with at least one additional authentication variable, and wherein the additional authentication variable includes one or more of. a passcode, a facial recognition biometric data identifier, and a fingerprint recognition biometric data identifier.   ([0023] “Some non-limiting examples of personal identifiers may include Personal Identification Numbers (PINs), biometric identifiers … include identifiers (or data) derived from biometrics such as fingerprints, facial 

Regarding Claims 3, 10 and 17:
Simakov in view of Dimmick1 teaches all of the elements of Claims 1, 2, 8, 9, 15 and 16. While Simakov does not specifically teach this, Dimmick1 teaches: (previously presented) A method in accordance with Claim 2, wherein authenticating the accountholder further comprises: comparing the candidate value to a stored value, wherein the stored value is associated with the account of the accountholder; and determining that the candidate value matches the stored value. ([0111] “compare”). It would have been obvious to a person of ordinary skill in the art at the time of Applicant’s Application to use the side channel authentication system taught by Dimmick1 in the side channel payment authorization system taught by Simakov because the same communication can be used for both purposes and it predictably improves transaction security to ensure that a user who has the ability to modify transaction rules is actually the authorized user. 

Regarding Claims 4 and 11:
  Simakov also teaches: (original) A method in accordance with Claim 1, wherein transmitting the authorization rules relaxation message to the accountholder computing device via the authentication message channel further comprises transmitting a push notification to the accountholder computing device.  ([Column 2, lines 48-50] “If the transaction is to be declined by the issuer or the payment system, the payment system can send a real-time message to the user via the user's mobile device” and [Column 3, lines 54-57] “If the transaction is to be declined, the payment system notifies the user of the declined transaction via a message communicated to the user's mobile device. If the violation of a rule caused the transaction to be declined, the user may be prompted to override the rule”). Examiner also notes that Dimmick1 teaches ([0022] “SMS”).


Regarding Claims 6, 13 and 19:
Simakov in view of Dimmick1 teaches all of the elements of Claims 1, 2, 8, 9, 15 and 16. While Simakov teaches ([Column 9, lines 9-11) ““the payment system 160 generated an authorization message and optionally adds user identification information to the authorization message”), Simakov does not specifically teach: (previously presented) A method in accordance with Claim 2, further comprising: reformatting the candidate value received from the accountholder computing device; and combining the candidate value and transaction data for the second payment transaction into the enhanced authorization request message, wherein the enhanced authorization request message is in a format compatible with the issuer computing device.  Dimmick1, in a related field of art, teaches ([0081] “receiving an authorization request 



Regarding Claim 21:
Simakov in view of Dimmick1 teaches all of the elements of Claim 1.  While Simakov teaches the use of a cell phone application in one embodiment [Column 3, line 49] which, presumably, a user would have to register for in order to download, Simakov does not specifically teach: (new) A method in accordance with Claim 1, further comprising: receiving, from the accountholder computing device prior to detecting the decline message, a request to register for an authorization rules relaxation program, the request including registration data including at least authentication data to be used for relaxing authorization rules; and storing the registration data. Dimmick1 teaches this in at least ([0085] “Prior to conducting any transactions, the user 100 may register with the authentication computer 112”). It would have . 

Claims 5, 12 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent 8401904 to Pavel Simakov et. al. (Simakov) in view of U.S. Patent Application 2015/0046340 to James Dimmick (Dimmick1) and further in view of U.S. Patent Application 2011/0251910 to James Dimmick (Dimmick2). 

Regarding Claims 5, 12 and 18:
Simakov in view of Dimmick1 teaches all of the elements of Claims 1, 8 and 15. Simakov teaches transmitting the approval message to a point-of-sale (POS) device operated by the merchant.   ([Column 2, lines 55-56] “transmitting the approval to the merchant” and ([Column 11, line 35] “POS terminal”).  Simakov does not specifically teach: (original) A method in accordance with Claim 1, further comprising: transmitting the approval message to the accountholder computing device; Dimmick2 teaches a system that uses SMS messages between a mobile phone and an issuer at a POS to authenticate a user. Dimmick2 teaches ([0068] “Confirmation may be sent to the consumer mobile device through a number of channels”). It would have been obvious to a person of ordinary skill in the art at the time of Applicant’s .

Claims 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent 8401904 to Pavel Simakov et. al. (Simakov) in view of U.S. Patent Application 2015/0046340 to James Dimmick (Dimmick1) and further in view of U.S. Patent Application 2015/0319161 to James Dimmick (Dimmick3). 

Regarding Claims 7 and 14:

Simakov in view of Dimmick1 teaches all of the elements of Claims 1, 8 and 15. While Simikov teaches receiving a decline message (see at least [Column 2, line 48, Column 3, lines 53-57, and Column 17, lines 8-37]), Simakov does not specifically teach: (original) A method in accordance with Claim 1, further comprising: receiving transaction data for the first payment transaction in association with the decline message from the issuer computing device; parsing the transaction data to extract a transaction data value; and causing the authorization rules relaxation message to be displayed on the accountholder computing device, wherein the displayed authorization rules relaxation message includes the transaction data value.  Dimmick3 teaches a system that authenticates a user cell phone used at a POS using location. Dimmick3 also teaches ([0063] “the server computer can send a message (e.g., via 

Relevant Prior Art Not Relied Upon

The prior art is made of record and not relied upon is considered pertinent to applicant’s disclosure.  The additional cited art further establishes the state of the art at the time of applicant’s application.

U.S. Patent Application 2016/0027010 to Adolfo Babatz et. al. (Babatz)  - Babatz teaches out of band authentication at a point of sale using an SMS to a user’s cell phone to and from the POS not the issuer. Babatz also teaches a first transaction that is declined, the registration of the user’s phone and then a successful follow-on transaction.

U.S. Patent Application 2018/0114224 to Karl Newland et. al. (Newland) – Newland teaches an authentication server that obtains authenticating data from a mobile phone in an ecommerce transaction and appends it into an ISO8583 authentication request message

U.S. Patent Application 2011/0178926 to Mike Lindelsee et. al. (Lindelsee) – Lindelsee teaches an access control server and 3rd party authenticator that authenticates a user cell phone and provides the information to an issuer.

U.S. Patent Application 2010/0125737 to Denis Kang (Kang) – Kang teaches using a cell phone as out of band user authentication for a transaction.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KIMBERLY S BURSUM whose telephone number is (571)272-8213.  The examiner can normally be reached on M-F 9:30 AM - 6:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nathan C Uber can be reached on 571-270-3923.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-2786.







/K.S.B./Examiner, Art Unit 3687                                                                                                                                                                                                        
/NATHAN C UBER/Supervisory Patent Examiner, Art Unit 3687