DETAILED ACTION
Claim Status
This Office Action is in response to the claims filed on 11/30/2020.
Claims 1, 4, 7-8, 11, 14, 22 and 24-28 are pending and claims 2-3, 5-6, 9-10, 12-13, 15-21 and 23 have been canceled.
Claims 1, 4, 7-8, 11, 14, 22 and 24-28 have been examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
With respect to claims rejected under 35 U.S.C. 103, Applicant is of the opinion that the cited references do not teach or suggest “receiving... a transaction authentication request message including both authentication information and authorization information comprising a device identifier, a merchant identifier, a merchant location, a card verification value, and a transaction amount. . . inserting the authentication information and the authorization information . . .and the risk assessment value into the transaction authentication request message to form the modified transaction authentication request message . . . receiving, by the server computing device from the authorization computer based on the authentication information in the modified transaction authentication request message, a transaction authentication response message comprising an authentication result value; receiving, from the authorization computer based on the authorization information in the modified transaction authentication request message, an authorization response message in the ISO 8583 message format comprising an authorization result.”  Further, Applicant alleges that Dominguez does not disclose receiving both an authentication response message comprising an authentication decision and an authorization response message comprising an authorization decision based on sending a modified transaction authentication request message that includes both authentication information and authorization information comprising a device identifier, a merchant identifier, a merchant location, a card verification value, and a transaction amount as Dominguez teaches away from such operations. FIG. 10 of Dominguez shows a Condensed Payer Authentication Request Message (CPRQ) which is described as - (PRO only includes data fields that are required for the account authentication process” - i.e., authorization information should not be included. (Par. 153). Paragraph 97 of Dominguez describes displaying payment details included in the Authentication Response message as well as other items such as merchant name, card number, etc. - i.e., the “other items” are not in the Authentication Response message. Accordingly, Dominquez teaches away from receiving... a transaction authentication request message including both authentication information and authorization information comprising a device identifier, a merchant identifier, a card verification value, and a transaction amount.  Additionally, Applicant alleges that Dominguez does not teach or suggest, based on information in a modified transaction authentication request message, receiving both an authentication decision and an authorization decision since Dominguez describes authentication processing in detail outside of the context of authorization. (E.g., 96 - 108, 127 - 135, and 153 - 165) and authorization processing separately. (E.g., 136, 166, and 214 - 215).  Although Dominguez notes that authorization can be combined with clearing and settlement, (Par. 215), Dominguez does not suggest combining the authorization and authentication processing off of a single authentication request as is claimed as clearing and settlement are generally in the same message format, and, as noted in Dominguez, they can be handled together in which handling authentication and authorization together was not possible without the present invention, as these processes are traditionally handled using different incompatible message formats.  Accordingly, Applicant adds, the detailed authorization processing described in Dominguez is a separate process requiring separate authentication and authorization requests in separate formats, as compared to the single modified transaction authentication request message recited in claims 1 and 8. Accordingly, the processing recited in claims 1 and 8 provides the advantage of sending a translated authentication request including both authentication and authorization information which triggers receipt of both an authentication decision and authorization decision.
Examiner fully considers Applicant’s position, but respectfully and considers the argument moot as the claims have been amended and the prior arts used to reject the instant claims have changed.  Further, Examiner disagree with Applicant’s characterization of “Dominguez teaches away from such operations” because “authorization information should not be included.”  However, Dominguez do not explicitly disclose “authorization information should not be included,” as Applicant alleges.  Further, Dominguez discloses,
“In alternative embodiments, the merchant is capable of providing additional information along with the authorization message. For instance, the following information can also be sent: a flag indicating if the cardholder was successfully authenticated, account information, digital signatures, a cardholder verification value 2, card authentication verification value (CAVV), an offline PIN authenticated by chip card Europay, Mastercard, and Visa (EMV) cryptogram, and the necessary fields to provide the merchant with guaranteed payment. The CAVV is data is created by the ACS which authenticated the cardholder and is a unique value for a given payment card and a specific payment transaction from that card. It is used by issuers to uniquely identify authenticated payment transactions if any subsequent disputes occur. After the issuer financial institution processing of the authorization transaction is complete, control of the payment transaction is then returned to the merchant's storefront software via the payment network. The issuer then returns the authorization response via the payment network to the merchant. In step 5 of FIG. 5, the issuer financial institution will either authorize or decline the transaction. In some embodiments, the authorization messages can be batched and sent in a group at a later time. The authentication information is also included in the batch authorization messages.
If the VERes-Status has a value not equal to “Y,” then the merchant is notified that the payment transaction cannot be processed using the account authentication system. However, if the VERes-Status has a value of “Y,” then MPI 134 will format a payer authentication request message (PAReq). MPI 134 will send the PAReq message via the cardholder client device browser to the issuer's ACS server, as is shown by line 5.
After the merchant plug-in passes the PAReq message to the issuer's ACS, the ASC displays a window to the cardholder. The window displays the payment details contained in the Payer Authentication Response (PARes) message in addition to other items such as: an Issuer's logo, a service organization mark or brand logo, merchant name, merchant location (URL), total purchase amount and currency, purchase date, card number, installment/recurring payment terms, order description or link to description, special terms and conditions of sale or link to this information, personal assurance message (PAM), and prompt for the cardholder's password or any other type of authenticating token.
Upon matching of the password, the ACS generates and digitally signs a PARes message. The ACS also generates and sends a SaveReceipt message to the authentication history server 130 and receipt manager 131, as is shown by line 7. As shown by line 7 a, the SaveReceipt message may also be passed from authentication history server 130 to the issuers authorization and settlement system 138 to allow the issuer to match up the payment authorization request with the payer authenticated transaction in real time. Sending the SaveReceipt message to the issuer's authorization and settlement system 138 allows the issuer to determine simultaneously if the authorization request is for an authenticated purchase. The ACS will then re-direct the signed PARes message back to the merchant server plug-in, as is shown by line 6.
For most transactions the Payment Authentication Request and Response messages include fields that include but are not limited to Message Version Number, Merchant Identifier, Merchant Country Code, Order Number, Purchase Date, Purchase Amount, Transaction Status, and Purchase Terms and Conditions. Also, the QueryCardholderRes Message typically includes fields such as but not limited to Message Version Number, Merchant Name, Order Number, Purchase Date, Purchase Amount, Card Expiration Date, and Transaction Stain. These messages can be in XML (Extensible Markup Language) format.
Third, the MPI should include a hash of the cardholder's phone number, which may help the ACS to determine whether or not authentication will be available. This indication can be included in an extension field to the VEReq message called ChphoneHash. The MPI can create a SHA-1 hash of the cardholder's phone number. The phone number being hashed should be in the same format defined for a CHphone Extension field in the PAReq message. The ACS may use this field, if necessary, to determine whether the cardholder is using a phone number already known to the ACS. In one embodiment, the CHphone field is 28 bytes, containing the Base64 encoding of the 20-byte hash.
The main components of telecommunications network 800 are interchange centers 802, access points 804, 806 and processing centers 808 and 810. Other entities such as drawee banks and third party authorizing agents may also connect to the network through an access point. An interchange center is a data processing center that may be located anywhere in the world. In one embodiment, there are two in the United States and one each in the United Kingdom and in Japan. Each interchange center houses the computer system that performs the network transaction processing. The interchange center serves as the control point for the telecommunication facilities of the network, which comprise high speed leased lines or satellite connections based on IBM SNA protocol. Preferable, lines 820 and 822 that connect an interchange center to remote entities use dedicated high-bandwidth telephone circuits or satellite connections based on the IBM SNA-LU0 communication protocol. Messages are sent over these lines using any suitable implementation of the ISO 8583 standard.” (In at least Pars. 85, 96-97, 99, 193, 216)
Given the broadest reasonable interpretation of the claim in light of the Applicant’s Specification, Dominguez discloses receiving, at a server computing device from a computing device of a user, during a transaction with a merchant server computer, over a communications network, a transaction authentication request message for the transaction in a Hypertext Transfer Protocol (HTTP) message format comprising HTTP fields, the transaction authentication request message including both authentication information and authorization information comprising a device identifier, a merchant identifier, a merchant location, a card verification value, and a transaction amount.
Dominguez does not specifically disclose generating, using the server computing device based upon the transaction authentication request message, a risk assessment value for the transaction.  Rathbun discloses,
“An authentication response may be generated and transmitted (block 560). For example, after a transaction is approved due to the authenticating of a user of mobile device 110 via mobile pin pad authentication, authentication server 140 may generate an authentication response. The authentication response may include information to notify web server 130 that the second form of authentication was successfully received and that, accordingly, the transaction is approved. The authentication response may further include a transaction identifier, assigned by a relying application of web server 130, which was included in the authentication request transmitted by web server 130 to authentication server 140.
The authentication response may also include other information requested by web server 130. In one implementation, the authentication response may include geographic location coordinates of mobile device 110. In another implementation, the authentication response may include a risk score calculated for the transaction. A risk score engine of authentication server 140 may calculate the risk score based on a variety of factors, including, for example, the geographic location coordinates of mobile device 110 at the time of the transaction/ the mobile pin pad authentication, the user's prior usage pattern (e.g., other transactions that were previously approved for the user), etc. For example, the risk engine may compare the geographic location coordinates of mobile device 110 and geographic location coordinates of computer terminal 120 (located, for example, where the user is participating in a transaction (e.g., making a purchase)). A better risk score may be assigned when areas associated with the geographic location coordinates coincide.” (In at least Pars. 59-60)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to substitute the risk evaluation and risk management policy for authentication request of consumers in transactions (Pars. 138, 204) of Dominguez in view of generating, by the server computing device based upon the transaction authentication request message, a risk assessment value for the transaction (Figs. 5; Pars. 22, 52, 60, 65, 83) of Rathbun in order to reduce the risk of fraud for both merchants and cardholders during a card not present transaction such as those occurring online, via mobile devices, via mail or over the telephone (Dominguez, Par. 5) and to calculate and determine a risk score for transaction approval (Rathbun, Par. 21).  ("Express suggestion to substitute one equivalent technique for another need not be present to render such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)).
Dominguez nor Rathbun explicitly elaborate translating HTTP message to ISO message by (i) extracting, using an information collection submodule in the server computing device, information from the transaction authentication request message in the Hypertext Transfer Singh discloses, 
“FIG. 2 depicts a more detailed description of gateway 104 according to one embodiment of the present invention. As shown, gateway 104 includes one or more request handlers 202, an inbound message stream parser 204, a security manager 206, an adaptive route selector 208, a flow handler 210, an outbound message stream builder 212, a message dispatcher 214, a coordinator 216, an administration module 218, a configuration loader 220, a rules database 222, a context information database 224, and a dynamic information monitor 226.
Request handlers 202 are configured to receive transactions from clients 102. Clients 102 may send transactions in different protocols and formats, such as hypertext transfer protocol (HTTP), file transfer protocol (FTP), extensive markup language (XML), ISO 8583 standards, etc. Request handlers 202 provide an interface for transactions sent in various protocols and formats, and provide the transactions to inbound message stream parser 204. For example, an ISO message handler is configured to receive ISO 8583 requests from clients 102 and pass them to inbound message stream parser 204. Also, an XML message handler, an HTTP request handler, and an FTP request handler can handle XML, HTTP, and FTP messages and/or requests. Accordingly, request handlers 202 allow gateway 104 to receive messages in different protocols and formats. Although the above formats and protocols are described, it will be understood that a person skilled in the art will appreciate other formats and protocols that request handlers 202 may process.
Gateway 104 provides connectivity to different transaction processors 108 for client 102. Gateway 104 may accept HTTP(s) and other XML-based requests. Based on application level content and the current state of a transport environment, a service and transaction processor 108 may be selected. Because the transaction may have been sent in HTTP or any other XML-based request, gateway 104 may translate the message to a format expected by transaction processor 108 before switching the transaction. For example, transaction processor 108 may require that a message be processed in an ISO 8583 format. Typically, when a POS device processes a transaction, the transaction may be sent in the ISO 8583 format. However, when a transaction is processed by an Internet gateway, an Internet client 702 may not be configured to send an ISO 8583 message. Thus, gateway 104 is configured to format the message into the ISO 8583 format required by transaction processor 108.
FIG. 11 depicts a system 1000 for parsing messages according to one embodiment of the present invention. System 1000 is configured to parse multi-format message streams, such as ISO 8583 messages into a canonical message format referred to as an internal message format (IMF) and build multi-format message streams, such as ISO 8583 message streams, from the IMF. Although financial message streams are described, it will be understood that any multi-format message streams may be parsed and built using system 1000.
The parse/build engine of FIG. 11 uses a schema table 1028. Each schema is a data structure that provides metadata, including a grammar structure for the received format as well as pointers to handlers in handler table 1030. The handlers correspond to particular fields in the message and convert the different fields of the message into the internal message format using the grammar structure. The handlers are code that is individually compiled. Thus, rather than compiling the overall system, the handlers are separately compiled, giving the speed of compiled software while retaining a modular system that can be easily upgraded without disturbing other elements of the engine.
Systems 1006 and 1008 may be any system that is configured to send messages 1010 and/or receive messages 1012 from parse/build engine 1004 (or gateway 104). In one embodiment, systems 1006 and 1008 may be point of sale devices, smart card devices, transaction processors 108, any system configured to process transactions, such as an acquirer, issuer, a service provider, a transaction authenticator, etc. Systems 1006 and 1008 may send/receive messages in many different formats such as ISO 8583 messages, extensible mark-up language (XML), HTML, etc. The input message stream may also be in any of multiple encoding schemes, such as ASCII, EBCDIC, BCD, etc., and have different data types, such as numeric, string, byte-array etc.” (In at least Pars. 55-56, 105, 115, 118-119)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to substitute the messages sent over lines using any suitable implementation of the ISO 8583 standard (Par. 216) of Dominguez, Rathbun in view of translating HTTP message to ISO message by (i) extracting, using an information collection submodule in the server computing device, information from the transaction authentication Singh in order to international standard format for transaction related messages (Dominguez, Par. 216) and to handle multi-format financial messages (Singh, Abstract).  ("Express suggestion to substitute one equivalent technique for another need not be present to render such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)).
Neither Dominguez, Rathbun nor Singh explicitly discloses receiving, by the server computing device from the authorization computer based on the authentication information in the modified transaction authentication request message, a transaction authentication response message in the ISO 8583 message format, the transaction authentication response message comprising an authentication result value; and receiving, by the server computer from the authorization computer based on the authorization information in the modified transaction authentication request message, an authorization response message in the ISO 8583 message format comprising an authorization result.  Seshadri discloses,
“At operation 256, the issuer server receives the modified payment request message from the payment network server.
At operation 260, the issuer server generates a receipt message. The receipt message indicates whether or not the transaction has been authorized. The receipt message may be sent to the payment network server to inform the payment network server whether or not the transaction has been authorized. By way of example, the transaction is considered to be authorized when the holder account is in good standing (e.g. no outstanding bills and/or poor credit history) and an amount equivalent to the total value of the good and/or service is available in the holder's account balance or holder's account “open to buy” limit (credit account).” (In at least Pars. 134-137)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to substitute the modified authentication response message that indicates user authentication in response to authentication request and used to request authorization of the user’s transaction from the user’s payment account issuer by the merchant based on the authentication and authorization information of the user (Figs. 7-11; Pars. 9, 83-85, 97, 107, 130-134, 142, 216) of Dominguez, Rathbun, Singh in view of receiving, by the server computing device from the authorization computer based on the authentication information in the modified transaction authentication request message, a transaction authentication response message in the ISO 8583 message format, the transaction authentication response message comprising an authentication result value (Figs. 2H; Pars. 17, 83, 86, 92, 122, 124-132, 143-144, 148, 200-203, 212, 233); and receiving, by the server computer from the authorization computer based on the authorization information in the modified transaction authentication request message an authorization response message in the ISO 8583 message format comprising an authorization result; and transmitting, by the server computer to the merchant server computer, the authorization response message in the ISO 8583 (message) format (Figs. 2G-I; Pars. 45, 134-137, 205, 212) of Seshadri in order to process/authorize transaction of Express suggestion to substitute one equivalent technique for another need not be present to render such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)).

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 4 and 11 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention.
Claim 4 recite “wherein the modified transaction authentication request message further comprises user computing device data including one or more of: the device identifier, the device identifier being of the computing device of the user… and wherein the server computing device uses the user computing device data to generate the risk assessment value.”  Although the Applicant’s Specification discloses,
“In some embodiments, the transaction routing service 124 further comprises a risk analysis module 320 that may collect information from the communications between the cardholder 1 computing device and the transaction routing service 124 (e.g., at messages 7A, 8B, and/or 9B). This information may include a device identifier of the cardholder computing device, a device fingerprint, values from cookies used by the cardholder computing device, network addresses used by the cardholder computing device (e.g., an IP address), identifiers of traffic/network paths of the cardholder's messages, hashes of any of the previously mentioned data values, and/or any other data values accessible to the transaction routing service 124 from its interactions with the cardholder (e.g., any values from any protocol headers used to transport the data, including but not limited to IP header values, TCP/UDP header values, HTTP header values, etc.).
The risk analysis module 320 may process this information (e.g., send queries to risk analysis services) and may generate its own risk analysis output value(s) (e.g., one or more risk scores). In some embodiments, some or all of the collected information and/or the risk analysis output values may be provided to the issuer ACS 102 within one or more of the ISO-type messages represented by steps 7X, 8X, and 9X. In some embodiments, the risk analysis module 320 may transform the collected information, including but not limited to translating an IP address of the cardholder device into a geolocation value (based upon a geolocation database) that identifies a geographic location of the cardholder device. The issuer ACS 102, then, may receive the collected information and/or risk analysis output values, and may base its cardholder authentication and/or subsequent payment authorization decisions based upon this data. Thus, the issuer ACS 102 may gain additional insight into the cardholder and/or computing device used by the cardholder that would typically not be available in order to better perform authentication and/or payment authorization.” (PGPub, Pars. 95-96 as similarly in 37, 91, 101, 113, 124, 143-144)
However, the Applicant’s Specification does not describe how the server computing device uses the user computing device data to generate the risk assessment value.  That is, the Specification does not describe how the collected user device information is used by the server computing device to generate the risk assessment value.  Therefore, the Specification does not describe an algorithm in sufficient detail to demonstrate to one of ordinary skill in the art that the inventor possessed the invention. (See MPEP 2161.01).
Claim 11 is also rejected based on the same rational as it recites similar language.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4, 7-8, 11, 14, 22 and 24-28 are rejected under 35 U.S.C. 103 as being unpatentable over Dominguez et al. (US 2003/0200184), Rathbun (US 2012/0144461) in view of Singh .
With respect to claims 1 and 8, Dominguez discloses a method and a system comprising:
server computing device comprising a set of one or more processors; a set of one or more physical network interfaces coupled with the set of processors (Figs. 1-3, 5, 7-9; Pars. 38-39, 50, 56, 61, 216); and a non-transitory computer readable storage medium coupled with the set of processors and storing instructions comprising an information collection submodule, a format conversion submodule, and a message generation submodule that, when executed by the set of processors, causes the set of processors to perform a method comprising (Figs. 7, 19B; Pars. 41, 99, 225-228):
receiving, at a server computing device from a computing device of a user, during a transaction with a merchant server computer, over a communications network, a transaction authentication request message for the transaction in a Hypertext Transfer Protocol (HTTP) message format comprising HTTP fields, the transaction authentication request message including both authentication information and authorization information comprising a device identifier, a merchant identifier, a merchant location, a card verification value, and a transaction amount (Figs. 5-10; Pars. 63, 76-78, 82-85, 90, 95-99, 119, 127-131, 149, 153-156, 170, 182, 184, 186, 191-193, 200-201, 204);
translating, by the server computing device, the transaction authentication request message to an International Organization for Standardization (ISO) 8583 message format comprising ISO 8583 fields (Figs. 1, 7-9; Pars. 97, 127-130, 142, 157-162, 182-186, 213-216), by extracting, using an information collection submodule in the server computing device, the authentication information and the authorization 
generating, using the message generation submodule in the server computing device, a modified transaction authentication request message in the ISO 8583 message format into the transaction authentication request message to form the modified transaction authentication request message (Figs. 7-9; Pars. 97, 129-130, 142, 157-162, 182-186, 216) 
transmitting, by the server computing device to an authorization computer, the modified transaction authentication request message in the ISO 8583 message format (Figs. 7-9, 10; Pars. 82, 96-101, 131, 149-150, 153, 157-162, 182-186, 216);
Dominguez does not specifically disclose generating, using the server computing device based upon the transaction authentication request message, a risk assessment value for the transaction.  Rathbun discloses generating, by the server computing device based upon the transaction authentication request message, a risk assessment value for the transaction (Figs. 5; Pars. 22, 52, 59-60, 65, 83).  Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to substitute the risk evaluation and risk management policy for authentication request of consumers in transactions (Pars. 138, 204) of Dominguez in view of generating, by the server computing device based upon the transaction authentication request message, a risk assessment value for the transaction (Figs. 5; Pars. 22, 52, 60, 65, 83) of Rathbun in order to reduce the risk of fraud for both merchants and cardholders during a card not present transaction such as those occurring online, via mobile devices, via mail or over the telephone (Dominguez, Par. 5) and to calculate and determine a risk score for Express suggestion to substitute one equivalent technique for another need not be present to render such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)).
Dominguez nor Rathbun explicitly disclose transmitting, by the server computing device to an authorization computer, the modified transaction authentication request message.  However, this only involves separating the functionality performed by MPI 134 (Acquirer Domain system) of a single system into two separate systems or servers.  It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to separate functionality performed by one system into separate systems that perform the same functions, as it has been held that constructing a formerly integral structure in various elements involves only routine skill in the art (In re Dulberg, 129 USPQ 348, (CCPA 1961)) (MPEP 2144.04 (V)(C))
Further Dominguez nor Rathbun explicitly elaborate translating HTTP message to ISO message by (i) extracting, using an information collection submodule in the server computing device, information from the transaction authentication request message in the Hypertext Transfer Protocol (HTTP) message format, (ii) accessing, using a format conversion submodule in the server computing device, correlations between the ISO 8583 fields and the HTTP fields from a message format database and (iii) based on the field correlations, by a message generation submodule in the server computing device inserting the information collected by the information collection submodule and the risk assessment value to form the modified transaction message.  Singh discloses translating HTTP message to ISO message by (i) extracting, using an information Singh in order to international standard format for transaction related messages (Dominguez, Par. 216) Singh, Abstract).  ("Express suggestion to substitute one equivalent technique for another need not be present to render such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)).
Neither Dominguez, Rathbun nor Singh explicitly discloses receiving, by the server computing device from the authorization computer based on the authentication information in the modified transaction authentication request message, a transaction authentication response message in the ISO 8583 message format, the transaction authentication response message comprising an authentication result value; receiving, by the server computer from the authorization computer based on the authorization information in the modified transaction authentication request message an authorization response message in the ISO 8583 message format comprising an authorization result; and transmitting, by the server computer to the merchant server computer, the authorization response message in the ISO 8583 (message) format.  Seshadri discloses receiving, by the server computing device from the authorization computer based on the authentication information in the modified transaction authentication request message, a transaction authentication response message in the ISO 8583 message format, the transaction authentication response message comprising an authentication result value (Figs. 2H; Pars. 17, 83, 86, 92, 122, 124-132, 143-144, 148, 200-203, 212, 233); and receiving, by the server computer from the authorization computer based on the authorization information in the modified transaction authentication request message an authorization response message in the ISO 8583 message format comprising an authorization result; and transmitting, by the server computer to the merchant server computer, the authorization response message in the ISO 8583 Singh in view of receiving, by the server computing device from the authorization computer based on the authentication information in the modified transaction authentication request message, a transaction authentication response message in the ISO 8583 message format, the transaction authentication response message comprising an authentication result value (Figs. 2H; Pars. 17, 83, 86, 92, 122, 124-132, 143-144, 148, 200-203, 212, 233); and receiving, by the server computer from the authorization computer based on the authorization information in the modified transaction authentication request message an authorization response message in the ISO 8583 message format comprising an authorization result; and transmitting, by the server computer to the merchant server computer, the authorization response message in the ISO 8583 (message) format (Figs. 2G-I; Pars. 45, 134-137, 205, 212) of Seshadri in order to process/authorize transaction of a user only when the user is properly authenticated  (Dominguez, Pars. 69, 96-97, 130, 214-215) and to authorize transaction only based on an indication that the account holder is indicated to be authentic on the modified payment request message (Seshadri, Pars. 134-137).  ("Express suggestion to substitute one equivalent technique for another need not be present to render such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)).
With respect to claims 4 and 11, Dominguez, Rathbun, Singh in view of Seshadri discloses all the limitation as described above.  Additionally, Dominguez discloses wherein the modified transaction authentication request message further comprises user computing device data including one or more of:
the device identifier, the device identifier being of the computing device of the user (Pars. 48, 131, 149, 183, 193, 200-201, 204),
a geolocation value that identifies a geographic location of the computing device of the user;
a feature identifier that identifies technological capabilities of the computing device of the user; and
a network address of the computing device of the user; and
Dominguez does not specifically disclose wherein the server computing device uses the user computing device data to generate the risk assessment value.  Rathbun discloses wherein the server computing device uses the user computing device data to generate the risk assessment value (Par. 18-19, 60, 65).  Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to substitute the risk evaluation and risk management policy for authentication request of consumers in transactions (Pars. 138, 204) of Dominguez in view of wherein the server computing device uses the user computing device data to generate the risk assessment value (Par. 18-19, 60, 65) of Rathbun in order to reduce the risk of fraud for both merchants and cardholders during a card not present transaction such as those occurring online, via mobile devices, via mail or over the telephone (Dominguez, Par. 5) Express suggestion to substitute one equivalent technique for another need not be present to render such substitution obvious"; In re Fout, 213 USPQ 532 (CCPA 1982), In re Siebentritt, 152 USPQ 618 (CCPA 1967); Ex Parte Smith, 83 USPQ2d 1509 (Bd. Pat. App. & Int. 2007); KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007)).
With respect to claims 7 and 14, Dominguez, Rathbun, Singh in view of Seshadri discloses all the limitation as described above.  Additionally, Dominguez discloses the method further comprising;
generating, by the server computing device based upon the transaction authentication response message, a modified authentication response message according to the (HTTP) message format (Figs. 7-9, 11; Pars. 129, 131, 159, 170); and
transmitting, by the server computing device to the computing device of the user, the modified transaction authentication response message (Figs. 7-9; Pars. 131-132, 140).
With respect to claims 22 and 24, Dominguez, Rathbun, Singh in view of Seshadri discloses all the limitation as described above.  Additionally, Dominguez discloses the method of claim 1,
wherein the server computing device receives the transaction authentication request message the user computing device (Merchant Server Plug-in (MPI)) (Figs. 7-9; Pars. 11, 90, 95-97, 127, 129-130, 170, 186), and 
wherein the method further comprises:
transmitting, by the server computing device to a resource provider computing device, the transaction authentication response message (Figs. 7-9; Pars. 131-132, 140, 170-172)
With respect to claims 25 and 27, Dominguez, Rathbun, Singh in view of Seshadri discloses all the limitation as described above.  Additionally, Rathbun discloses wherein the risk assessment value is generated based on historical information surrounding the user and computing device of the user (Pars. 19, 22, 60, 65, 79-84).
With respect to claims 26 and 28, Dominguez, Rathbun, Singh in view of Seshadri discloses all the limitation as described above.  Additionally, Singh discloses wherein translating the transaction authentication request message comprises adding data extracted from the HTTP message as one or more subfields of one or more existing ISO-defined data element fields (Abstract, Figs. 2, 8-9, 13B, 17; Pars. 7-10, 56, 105-107, 115-125, 129-134, 152-157, 159-164).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
PGPub Weller et al. (US 2010/0114776); Authenticating a user in real-time using challenge-response based on risk analysis (Abstract; Figs. 1-18; Pars. 53-54, 100, 125, 166-170, 177).
PGPub Jabbour et al.  (US 2014/0156535); receiving, at a server computing device from a computing device of a user, during a transaction with a merchant server computer, over a communications network, a transaction authentication request message for the transaction in a Hypertext Transfer Protocol (HTTP) message format comprising HTTP fields, the transaction authentication request message including both authentication information and authorization information comprising a device identifier, a merchant identifier, a merchant location, a card verification value, and a transaction amount (Figs. 1-4; Pars. 61).
THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WODAJO GETACHEW whose telephone number is (469)295-9069.  The examiner can normally be reached on M-F 8:00-6:00 CST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached on (571) 272-6708.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications 




/WODAJO GETACHEW/Examiner, Art Unit 3685                                                                                                                                                                                            
/Mohammad A. Nilforoush/Primary Examiner, Art Unit 3685