DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Acknowledgements
Claims 1-20 are pending in the application. 
Claims 5 and 15 are withdrawn from consideration. 
Claims 1-4, 6-14, and 16-20 are examined below.
Based on a comparison of the PGPub US 2018/0374090 A1 with applicant’s originally submitted specification, the PGPub appears to be a fair and accurate record of the applicant’s specification. Therefore, references to applicant’s specification will typically be made by this examiner as references to the PGPub. Unless otherwise noted, references to applicant’s specification as published via PGPub will be in the format [####], and references to applicant’s specification as filed will be in the format ¶## or by page and line number.
The notations in the immediately preceding paragraph apply to any future office actions from this examiner.

Examiner Request
Applicant is requested to indicate where in the specification there is support for amendments to claims should applicant amend. The purpose of this is to reduce potential 35 USC 112(a) or 35 USC 112, 1st paragraph issues that can arise when claims are amended without support in the specification. Examiner thanks applicant in advance. See also relevant portions of MPEP 2163.II.A:
With respect to newly added or amended claims, applicant should show support in the original disclosure for the new or amended claims. See, e.g., Hyatt v. Dudas, 492 F.3d 1365, 1370, n.4 (Fed. Cir. 2007) (citing MPEP § 2163.04 which provides that a "simple statement such as ‘applicant has not pointed out where the new (or amended) claim is supported, nor does there appear to be a written description of the claim limitation ‘___’ in the application as filed’ may be sufficient where the claim is a new or amended claim, the support for the limitation is not apparent, and applicant has not pointed out where the limitation is supported."); see also MPEP § 714.02 and § 2163.06 ("Applicant should ... specifically point out the support for any amendments made to the disclosure."); and MPEP § 2163.04 ("If applicant amends the claims and points out where and/or how the originally filed disclosure supports the amendment(s), and the examiner finds that the disclosure does not reasonably convey that the inventor had possession of the subject matter of the amendment at the time of the filing of the application, the examiner has the initial burden of presenting evidence or reasoning to explain why persons skilled in the art would not recognize in the disclosure a description of the invention defined by the claims.").

Election/Restrictions
Applicant’s election without traverse of species A is acknowledged. 
Claims 5 and 15 are withdrawn from further consideration pursuant to 37 CFR § 1.142(b) as being drawn to a nonelected species, there being no allowable generic or linking claim. 
The restriction requirement mailed November 25, 2020 is hereby made final.
 
Priority
This application is a continuation or continuation-in-part or divisional application of U.S. application nos. 11/763,240 and 13/352,247. See MPEP § 201.06 (divisional), MPEP § 201.07 (continuation), or MPEP § 201.08 (continuation-in-part). In accordance with MPEP § 609.02 A. 2 and MPEP § 2001.06(b) (last paragraph), the Examiner has reviewed and considered the prior art cited in the prior-filed application(s). Also in accordance with MPEP §2001.06(b) (last paragraph), all documents cited or considered ‘of record’ in the parent application are now considered cited or ‘of record’ in this application. Additionally, applicant is reminded that a listing of the information cited or ‘of record’ in the parent application need not be resubmitted in this application unless applicant desires the information to be printed on a patent issuing from this application. See MPEP §609.02 A. 2. Finally, applicant is reminded that the prosecution history of the parent application is relevant in this application. See e.g., Microsoft Corp. v. Multi-Tech Sys., Inc., 357 F.3d 1340, 1350, 69 USPQ2d 1815, 1823 (Fed. Cir. 2004) (holding that statements made in prosecution of one patent are relevant to the scope of all sibling patents).

Information Disclosure Statement
The attached information disclosure statements are in compliance with the provisions of 37 CFR § 1.97. Accordingly, the information disclosure statements are being considered by the Examiner.



Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-4, 6-14, and 16-20 are rejected under 35 U.S.C. § 101 because the claimed invention is directed to non-statutory subject matter.
Regarding claims 1-4, 6-14, and 16-20, the claimed invention is directed to an abstract idea without significantly more. Representative claim 1 recites receiving an authorization request message, determining if a dynamic challenge message is needed, sending the challenge message to a consumer, receiving a challenge response message, sending an authorization response message indicating whether the transaction is authorized, which constitutes a method of organizing human activity or mental process. This judicial exception is not integrated into a practical application because the additional elements beyond the abstract idea (a server computer, a portable consumer device, and an access device) simply link the abstract idea to a particular technological environment (computers). Because the abstract idea is not integrated into a practical application, claim 1 is “directed to” an abstract idea. The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements identified above represent only well-understood, routine, and conventional technology (or placeholders for such). Viewing the additional elements as a combination does not add anything further than 
Independent claim 11 contains limitations similar to claim 1 and is therefore rejected using the same rationale.
The dependent claims when analyzed as a whole are held to be patent ineligible under 35 U.S.C. 101. The additional limitations added by these claims, such as a mobile phone, an issuer computer, and a POS device, fail to either integrate the claims into a practical application or add an inventive concept. Viewing the additional elements of the dependent claims as a combination does not add anything further than the individual elements. Therefore, the dependent claims neither practically integrate the abstract idea nor constitute an inventive concept, and these claims are also rejected as patent ineligible.
 
Claim Rejections - 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), 2nd Paragraph
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-4, 6-14, and 16-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter that the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Regarding claim 1, Applicant’s recitation “wherein the authorization request message is generated by an access device at the merchant after the consumer uses the portable consumer device to interact with the access device” would have been unclear to a person having ordinary skill in the art at the time of the invention. This recitation describes the history and origin of the authorization request message, which is received by the server computer. However, it is unclear whether “generat[ing]” and “us[ing]” are positively recited steps in the claimed method. Facts supporting the interpretation that these are positively recited steps include the presence of the recitation in the claim. Facts supporting the interpretation that these are not positively recited method steps include the lack of use of active language and the recitation not being placed on a separate line. If these are not positively recited method steps, then it is further unclear what limitation(s) this recitation places on the other positively recited method steps. That is, what manipulative difference in the step of receiving the authorization request message is required by the history of how that message was generated? For the purposes of comparison with the prior art, the examiner is interpreting the recitation as not further limiting the method, consistent with the broadest reasonable interpretation of the claims.
Claim 11 contains language similar to the recitation in claim 1 discussed in the immediately preceding paragraph, and claim 11 is rejected for reasons similar to those discussed above.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either statute. 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The following is a quotation of 35 U.S.C. 103(a) (pre-AIA ) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 1-4, 6-14, and 16-20, as understood by the Examiner, are rejected under 35 U.S.C. 103 as being unpatentable over Goldthwaite (US 2004/0019564 A1) in view of Evans (US 2004/0078340 A1).
Goldthwaite discloses as follows:
Claim Limitation
Representative disclosure in Goldthwaite

"The merchant server 104 routes the customer's mobile phone number and information about the purchase order to a payment server 106 (116). The payment server 106 contacts the authentication server 107 and routes the customer's mobile phone number and information about the purchase (118)." [0037]
sending, by the server computer, the challenge message to the consumer, wherein the challenge message is dynamic and is based on a transaction history of the consumer
"The authentication server 107 sends an SMS message to the customer's mobile phone 110 through an SMS carrier 109 (120). The customer 102 receives the SMS message asking her to authorize the purchase and choose a payment card (122)." [0037]
receiving, by the server computer, a challenge response message from the consumer, the challenge response message responsive to the challenge message that is dynamic and that is 

sending, by the server computer, an authorization response message to the access device or to the consumer, wherein the authorization response message indicates whether or not the transaction is authorized
"The authentication server 107 sends an SMS message confirming the payment transaction to the customer's mobile phone 110 (138).” [0037]
wherein the authorization request message comprises a transaction amount associated with the transaction
"The payment request includes information about the purchase, i.e., date, time, price" [0051]
wherein the portable consumer device is in the form of a card or a mobile phone
“The mobile phone 110 is adapted to receive a payment card (shown in FIG. 3) or has a built-in payment card (not shown).” [0037]

"The customer 102 receives the SMS message asking her to authorize the purchase and choose a payment card (122)." [0037]
wherein the server computer is in a payment processing network
See Fig. 2A, 2B, or 2C and associated text
forwarding the authorization request message to an issuer computer operated by an issuer of the portable consumer device
step 132 in Fig. 2A or 2B
receiving the authorization response message from the issuer computer before sending the authorization response message to the consumer
step 138 in Fig. 2A or 2B
wherein sending, by the server computer, the authorization response message to the consumer comprises sending the authorization response 

wherein the access device is a POS terminal
"Personal Point of Sale," [0018]
wherein sending, by the server computer, the challenge message to the consumer comprises sending the challenge message to a mobile device of the consumer
“The mobile phone 110 is adapted to receive a payment card (shown in FIG. 3) or has a built-in payment card (not shown).” [0037]
wherein the authorization request message comprises a primary account number of an account of the consumer
"The merchant server 104 routes the customer's mobile phone number and information about the purchase order to a payment server 106 (116)." [0037]


Goldthwaite fails to explicitly disclose determining if a challenge message is needed, that the challenge is dynamic and based on transaction history of the consumer, wherein the challenge is a question based on a location of the consumer, 
Claim Limitation
Representative disclosure in Evans
determining, by the server computer, if a challenge message is needed
"[0016] Especially in categories (2) (3) and (4) above, transaction approval by a bank or other merchant processing or payment processing organization or network is often coupled with an automated risk detection processes and human follow-up, as when a credit card issuer's risk assessment system determines that an unexpectedly large, out-of-state purchase is "high risk" for a given account holder, and then provides that information to a customer service representative who may call the account holder's telephone to attempt to confirm the transaction's validity, typically after the fact, or to leave a message for the account holder that the card account is suspended pending the account holder's reply. It is often the case that the account holder's ability to judge what constitutes a 

"[0056] 6. Predefining and dynamically determining a plurality of sequences of actions and communications to be taken under differing conditions for differing transactions and differing pluralities of 

"[0056] 6. Predefining and dynamically determining a plurality of sequences of actions and communications to be taken under differing conditions for differing transactions and differing pluralities of parties thereto, based on information and parameters regarding the transaction and/or user-definable profiles regarding transactions, types of transactions, and/or parties and potential parties involved in, identified as involved in, and/or predetermined to have a potential interest in such transactions"
wherein the portable consumer device is in the form of a card or a mobile 

wherein the challenge message includes a question
"4) verifying private knowledge presumed known only to the account holder, such as the account holder's billing address" [0014]"[0070] Each such party may then be prompted to confirm his/her identity and intentions, which may include providing a PIN code, CVV2/CVC2/CID code (for a credit card), or other unique and private identifier(s), such as the initial letters of his/her mother's maiden name, which datum or data may be predefined to the central system, or may be supplied within or derived from the initiating transaction message. A confirming action or actions may be performed by said party via said communications link, using a means appropriate to his/her corresponding communications device. For example, on a telephone, DTMF digits may be pressed to convey the information prompted for by the central system."

"4) verifying private knowledge presumed known only to the account holder, such as the account holder's billing address" [0014]"[0070] Each such party may then be prompted to confirm his/her identity and intentions, which may include providing a PIN code, CVV2/CVC2/CID code (for a credit card), or other unique and private identifier(s), such as the initial letters of his/her mother's maiden name, which datum or data may be predefined to the central system, or may be supplied within or derived from the initiating transaction message. A confirming action or actions may be performed by said party via said communications link, using a means appropriate to his/her corresponding communications device. For example, on a telephone, DTMF digits may be pressed to convey the information prompted for by the central system."


wherein the access device is a POS terminal
"[0186] If an input is indeed required [FIG. 25, H], and the device supports it (per the Communication Sequence Pattern [FIG. 8, 8b: "Interactivity Flag"]), the executing Script process will preferably prompt for and wait to receive input from the party. The form of the input depends on the nature of the communication device and medium; for telephony-class devices, it is typically and preferably in the form of DTMF tones produced by touch-tone dialing or, additionally or alternatively, via voice, requiring the use of a voice recognition processor [FIG. 11, 711c]; while for Internet- and data-type devices, it is typically and preferably through a return message (such as HTML <FORM 

"[0064] When a transaction is initiated with reference to such party or parties, such as via identifiers such as credit card account number(s), bank account numbers, or Social Security Numbers (SSNs) or tax identification numbers"


It would have been obvious to one having ordinary skill in the art at the time of the invention to modify Goldthwaite to include determining if a challenge message is needed, that the challenge is dynamic and based on transaction history of the consumer, wherein the challenge is a question based on a location of the consumer, and wherein the authorization request message comprises a primary account number of Evans in order to achieve the predictable results of increasing the security of the system/method and making it applicable to a wider variety of environments.

Conclusion
References considered pertinent to Applicant’s disclosure are listed on form PTO-892. All references listed on form PTO-892 are cited in their entirety.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMIE KUCAB whose telephone number is (571) 270-3025. The Examiner can normally be reached on Monday through Friday, 10 a.m. to 4:00 p.m. ET. The Examiner’s email address is Jamie.Kucab@USPTO.gov. See MPEP 502.03 regarding email communications. Following is the sample authorization for electronic communication provided in MPEP 502.03.II: “Recognizing that Internet communications are not secure, I hereby authorize the USPTO to communicate with the undersigned and practitioners in accordance with 37 CFR 1.33 and 37 CFR 1.34 concerning any subject matter of this application by video conferencing, instant messaging, or electronic mail. I understand that a copy of these communications will be made of record in the application file.” Without such an authorization in place, an examiner is unable to respond via email.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the Examiner by telephone are unsuccessful, the Examiner’s supervisor, Neha Patel, can be reached on (571) 270-1492. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://portal.uspto.gov/external/portal. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free).

/JAMIE R KUCAB/Primary Examiner, Art Unit 3685