DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
	This office action is in response to Applicant’s communication of January 26, 2021. Applicant’s arguments have been considered.
Claims 1, 2, 5-11, 14-24 are currently pending and are being examined.
Claims 1, 11, and 17 have been amended.
Claims 3,4, 12, 13 have been canceled 
Claims 21-24 have been added.
Priority Date: March 01, 2019.
Status of Office Action: NON-FINAL
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 5-11, 14-16, and 17 and 20-24 are rejected under 35 U.S.C. 102 as being unpatentable over Ferenczi et al. (US 10,097,663 B1) in view of Chan-Bauza et al.(US2018/0082303 A1). Hereinafter, referred to as Ferenczi and Chan-Bauza respectively.
With respect to claim 1, 11, and 17 (Amended), Ferenczi teaches
A method comprising: 
receiving, by a processor via a computer network and from a user computing device, a payment request wherein the payment request comprises sender data, receiver data, and a payment amount (Ferenczi, c.9 l.17-42 teaches FIG. 6, an example of matching an authorization request to an enhanced authorization message and a device risk message is illustrated according to various embodiments. The transaction account issuer may poll the enhanced authorization queue 610 for an enhanced authorization message corresponding to the authorization request 620. In various embodiments the transaction account issuer may compare fields such as time received, a merchant associated with the message, a transaction account number, or a transaction 
retrieving, by the processor via the computer network and from the user computing device, device-related data associated with the user computing device (Ferenczi , c.9 l.43-54 The transaction account issuer may poll the device risk queue 660 for a device risk message having the same device ID or IP address as the enhanced authorization message 640. In the event that the device risk queue 660 contains more than one device risk message for the device ID, the transaction account issuer may select the most relevant device risk message.); 
and executing, by the processor, a payment risk analysis on the payment request based on the device-related data associated with the user computing device, and wherein the payment risk analysis determines a risk assessment associated with the user computing device, wherein when the risk assessment indicates a low risk that the user computing device is a fraudulent computing device or that a sender account comprises insufficient funds to complete the payment request based on the payment amount, the method further comprises (Ferenczi, c.1 l.51-66 The device registry may calculate a device risk score for the device based on a device profile stored in the device registry. The device ID may comprise the characteristics of the device, wherein the merchant server transmits an IP address of the device to the device registry. The characteristics of the device may uniquely identify the device. The system may store the enhanced authorization message in an enhanced authorization queue. The system may poll the enhanced authorization queue in response to the receiving the authorization request. The authorization request may be received via a payment processor, and wherein the enhanced authorization message is received via an application programming interface or the payment processor., c.7 l.58-c.8 l.13 further teaches For example, the device registry may determine that the IP address of the web client indicates that the web client is located at the same or nearby location of a billing address associated with the web client. This may indicate that there is a low fraud risk associated with the web client. In contrast, the device registry may determine that the IP address of the web client indicates that the web client is located in a different country than a billing address associated with the web client, which may indicate a higher fraud risk. In various embodiments, the device registry may evaluate the time zone of the device, the language being used, addresses, email addresses, etc. and identify inconsistencies which may indicate a higher likelihood of fraud. The device registry may also be used to determine when the last time the web client was seen by the device registry, how many times the web client has been seen by the device register, how many transaction accounts the web client has been associated with, etc.):
transmitting, by the processor, an authentication challenge (Ferenczi,  c.1 l.35-50 teaches receiving an authorization request from the merchant server; receiving an enhanced authorization message comprising the device ID from the merchant server; receiving a device risk message comprising the device ID from the device registry; storing the device risk message in a device risk queue; polling the device risk queue based on the device ID in the enhanced authorization message; merging, based on the device ID, the device risk message, the enhanced authorization message, and the authorization request into an enhanced authorization request; authorizing, based on the enhanced authorization request, the authorization request; and transmitting an authorization response to the merchant server.); 
receiving, by the processor, an authentication challenge response based on the authentication challenge (Ferenczi, c.1 l.35-50); 
and validating, by the processor, the authentication challenge response by comparing the authentication challenge to the authentication challenge response, wherein when the risk assessment indicates a high risk that the user computing device is a fraudulent computing device or that the sender account comprises insufficient funds to complete the payment request based on the payment amount, the method further comprises declining, by the processor, the payment request (Ferenczi, c.8 l.1-13, c.1 l.35-50).
	Ferenczi generally teaches
	transmitting, by the processor a debit pull to a sender bank indicated in the sender data to debit the payment amount from [[a]] the sender account indicated in the sender data, and --) transmitting, by the processor a credit push to a receiver bank indicated in the receiver data to credit the payment amount to a receiver account indicated in the receiver data,
However, Ferenczi does not explicitly mention
 wherein when the risk assessment indicates a medium risk that the user computing device is a fraudulent computing device or that the sender account comprises insufficient funds to complete the payment request based on the payment amount, the method further comprises:
	Chan-Bauza does teach
transmitting, by the processor a debit pull to a sender bank indicated in the sender data to debit the payment amount from [[a]] the sender account indicated in the sender data, and transmitting, by the processor a credit push to a receiver bank indicated in the receiver data to credit the payment amount to a receiver account indicated in the receiver data, wherein when the risk assessment indicates a medium risk that the user computing device is a fraudulent computing device or that the sender account comprises insufficient funds to complete the payment request based on the payment amount, the method further comprises (Chan-Bauza, [0033] teaches to setup mobile wallet 121, user 110 of mobile device 120 can add one or more underlying accounts, such as checking accounts, savings accounts, credit card accounts, or debit card accounts, to mobile wallet 121 by uploading account information (e.g., card number, account number, etc.) for the one or more accounts through mobile wallet 121 to mobile wallet provider 130. The process of uploading an underlying account to mobile wallet provider 130 to allow for future transactions in which mobile wallet 121 uses the underlying account is referred to as "provisioning." After the account has been provisioned to mobile wallet 121, mobile wallet 121 can perform secure financial transactions, typically using tokenized information, such that the underlying account information is not transferred between transacting parties. For example, mobile wallet 121 can communicate with mobile wallet provider 130 to obtain one or more to tokens, which can be obtained by mobile wallet provider 130 from token service provider 150. The provisioning of the underlying account allows token service provider 150 to provide tokens that are linked to that underlying account., [0056] teaches In many embodiments, the fraud risk level can be represented by a risk score, such as numeric score, an alphabetical score, a color score (e.g., green for low risk, yellow for medium risk, or red for high risk), or another suitable type of score. In some embodiments, a low fraud risk level can indicate that no negative or suspicious events were associated with the account, the mobile device (e.g., 120 (FIG. 1)), and/or the provisioning request. In several embodiments, a medium fraud risk level can indicate that there are some negative or suspicious events that were associated with the account, the mobile device (e.g., 120 (FIG. 1)), and/or the provisioning request. In many embodiments, a high risk level can indicate that there are major risks associated with the account, the mobile device (e.g., 120 (FIG. 1)), and/or the provisioning request, such as a credit card being compromised, an account having negative history, or a phone number of the mobile device (e.g., 120 (FIG. 1)) that does not match the phone number associated with the account., [0024] further teaches The inquiry can include: account information about the account, and device information about a mobile device that operates the mobile wallet. The acts also can include determining device ownership information for the mobile device, account ownership information for the account, device risk information associated with the mobile device, and account risk information associated with the account. The acts additionally can include determining an ownership correlation between the device ownership information and the account ownership information. The acts further can include generating a fraud risk level by applying business rules and one or more statistical modeling techniques to at least a portion of the ownership correlation, the device risk information, and the account risk information. The business rules can define one or more fraud risks based on at least a portion of the ownership correlation, the device risk information, and the account risk information. The acts additionally can include providing a response to the provider based on the fraud risk level, such that the provider sends to the mobile device information about the provisioning of the account to the mobile wallet, and such that the mobile wallet updates a user interface display on the mobile device based on the information about the provisioning of the account to the mobile wallet.  ):
It would have been prima facie obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified a systems and methods for to improving the security of transactions over a computer network as taught above by Ferenczi and implement a system authentication and fraud prevention in provisioning a mobile wallet as taught by Chan-Bauza to provide a medium fraud risk level that can indicate that there are some negative or suspicious events that were associated with the account, the mobile device (e.g., 120 (FIG. 1)), and/or the provisioning request (Chan-Bauza, [0056]), since there exist some teaching, suggestion, or motivation in the prior art that would have led one of ordinary skill to modify the prior art reference or to combine prior art reference teachings to arrive at the claimed invention, one of ordinary skill in the art would have recognized that the results of the combination were predictable. Both relate to the ability to improve the security of authenticating a user over a mobile transaction with the motivation to determine a risk of fraud using a combination of data sources to ensure that user 110 that is performing the provisioning of the account is authorized to access the account and has legitimate access to mobile device 120. (Chan-Bauza, [0039]).
With respect to Claim 6 and 15 (Amended), Ferenczi in view of Chan-Bauza teaches the method of claim 1. Ferenczi further teaches wherein the executing the payment risk analysis comprises: capturing, by the processor, a user computing device characteristic from a user computing device (Ferenczi , c.9 l.43-54 The transaction account issuer may poll the device risk queue 660 for a device risk message having the same device ID or IP address as the enhanced authorization message 640., c.8 l.13-22 further teaches the device registry may transmit the device ID and the device risk score to the transaction account issuer in a device risk message. The device registry or the transaction account issuer may store the device risk message in a queue. In various embodiments, the queue may remove the device risk messages from the queue after a prescribed time limit, such as after fifteen minutes. The transaction account issuer may utilize the device risk score in making a determination as to whether to approve an authorization request.); 
and determining, by the processor, the risk assessment by comparing the user computing device characteristic to historical transaction fraud data (Ferenczi , c.3 l.50- c.4 l.6 Back-end processors accept settlements from front-end processors and, via The Federal Reserve Bank, move money from an issuing bank to the merchant bank. In an operation that will usually take a few seconds, the payment processor will both check the details received by forwarding the details to the respective account's issuing bank or card association for verification, and may carry out a series of anti-fraud measures against the transaction. Additional parameters, including the account's country of issue and its previous payment history, may be used to gauge the probability of the transaction being approved.).
With respect to Claim 7 and 16, Ferenczi in view of Chan-Bauza teaches the method of claim 1. Ferenczi further teaches further comprising assigning, by the processor, a unique identifier to the payment request (Ferenczi, c.12 l.14-24 A record of charge (or "ROC") may comprise any transaction or transaction data. The ROC may be a unique identifier associated with a transaction. A transaction may, in various embodiments, be performed by a one or more members using a transaction account, such as a transaction account associated with a gift card, a debit card, a credit card, and the like. A ROC may, in addition, contain details such as location, merchant name or identifier, transaction amount, transaction date, account number, account security pin or code, account expiry date, and the like for the transaction.).
With respect to Claim 8, Ferenczi in view of Chan-Bauza teaches the method of claim 7. Ferenczi further teaches a checking account number, a savings account number, a credit card number, a commercial account number a commercial charge card number, or a direct deposit account number (Ferenczi,  c.12 l.14-24).
With respect to Claim 9, Ferenczi in view of Chan-Bauza teaches the method of claim 1. Ferenczi further teaches further comprising approving, by the processor, the payment request in response to receiving a debit notification from the sender bank and a credit notification from the receiver bank (Ferenczi, c.3 l.50- c.4 l.6).
With respect to Claim 10, Ferenczi in view of Chan-Bauza teaches the method of claim 1. Ferenczi further teaches wherein the payment request is initiated between a customer and a merchant as payment for a transaction, and wherein in response to the debit pull and the credit push being transmitted the merchant completes the transaction with the customer (Ferenczi, c.3 l.10-21 teaches In response to a consumer submitting a request to initiate a transaction, the merchant may transmit an authorization request to the transaction account issuer. The merchant may also transmit an enhanced authorization message to the transaction account issuer. The enhanced authorization message may include additional information which is not able to be sent via the authorization request. The enhanced authorization message may include the IP address of the device. The transaction account issuer may combine the authorization request, the enhanced authorization message, and the device risk message in order to perform a fraud verification on the authorization request. The transaction account issuer may then return an authorization response to the merchant., c.3 l.50- c.4 l.6).
With respect to Claim 21 and 23, Ferenczi in view of Chan-Bauza teaches the method of claim 1. However, Ferenczi does not teaches wherein the medium risk is determined for the payment risk by validating that the sender account comprises sufficient funds to complete the payment request based on the payment amount and determining that a user of the user device is possibly not an owner of the user device .
Chan-Bauza does teach
wherein the medium risk is determined for the payment risk by validating that the sender account comprises sufficient funds to complete the payment request based on the payment amount and determining that a user of the user device is possibly not an owner of the user device (Chan-Bauza, [0024] teaches The inquiry can include: account information about the account, and device information about a mobile device that operates the mobile wallet. The acts also can include determining device ownership information for the mobile device, account ownership information for the account, device risk information associated with the mobile device, and account risk information associated with the account. The acts additionally can include determining an ownership correlation between the device ownership information and the account ownership information. The acts further can include generating a fraud risk level by applying business rules and one or more statistical modeling techniques to at least a portion of the ownership correlation, the device risk information, and the account risk information. The business rules can define one or more fraud risks based on at least a portion of the ownership correlation, the device risk information, and the account risk information. The acts additionally can include providing a response to the provider based on the fraud risk level, such that the provider sends to the mobile device information about the provisioning of the account to the mobile wallet, and such that the mobile wallet updates a user interface display on the mobile device based on the information about the provisioning of the account to the mobile wallet.c.3 l.50- c.4 l.6 Front-end processors have connections to various transaction accounts and supply authorization and settlement services to the merchant banks' merchants., c.5 l.6-22 further teaches For example, the device registry may determine that, based on the IP address of the web client 110, the web client 110 is located in a geographic region where many other device profiles have been previously associated with fraudulent transactions., [0100] further teaches In many embodiments, the fraud risk level can be represented by a risk score, such as numeric score, an alphabetical score, a color score (e.g., green for low risk, yellow for medium risk, or red for high risk), or another suitable type of score. In some embodiments, a low fraud risk level can indicate that no negative or suspicious events were associated with the account, the mobile device (e.g., 120 (FIG. 1)), and/or the provisioning request. In several embodiments, a medium fraud risk level can indicate that there are some negative or suspicious events that were associated with the account, the mobile device (e.g., 120 (FIG. 1)), and/or the provisioning request. In many embodiments, a high risk level can indicate that there are major risks associated with the account, the mobile device (e.g., 120 (FIG. 1)), and/or the provisioning request, such as a credit card being compromised, an account having negative history, or a phone number of the mobile device (e.g., 120 (FIG. 1)) that does not match the phone number associated with the account., [0080] further teaches In several embodiments, negative account events database 409 can include negative events recorded, common points of purchase data, credit card abuse data, third-party fraud contribution data, and/or other suitable information about negative account activity. The negative events recorded can include returned checks, not sufficient funds, previous fraudulent activity, etc. The common points of purchase data can include accounts that have possibly been compromised, as determined based on whether the account was present at a time and location (e.g., a merchant) in which other accounts (including accounts maintained by other financial institutions) have been compromised (e.g., Target data breach, Internal Revenue Service (IRS) data breaches, or other fraudulent activity)., NOTE: Examiner reasonably interprets that a positive account event will be an account with sufficient funds.)
With respect to Claim 22 and 24, Ferenczi in view of Chan-Bauza teaches the method of claim 1. Ferenczi further teaches wherein the medium risk is determined for the payment risk by validating that the sender account comprises sufficient funds to complete the payment request based on the payment amount and determining that the payment request is possibly fraudulent (Chan-Bauza, [0024], [0080], [0100]).

Claims 2, 5, 14, 18 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Ferenczi in view of Chan-Bauza in further view of Gilliam (US 2016/0321625 A1). Hereinafter known as Ferenczi and Gilliam respectively.
With respect to Claim 2, Ferenczi in view of Chan-Bauza teaches the method of claim 1. However, Ferenczi does not teach wherein the debit pull and the credit push are transmitted simultaneously or near simultaneously.
Gilliam does teach wherein the debit pull and the credit push are transmitted simultaneously or near simultaneously (Gilliam,  [0070] teaches As another example, the rules engine 188 may be used to configure the payment channel used to send funds to a recipient (e.g., ACH transfer, credit card network, PayPal network, printed and mailed check, and so on). As another example, the rules engine 188 may be used to configure the speed with which funds are transferred to the recipient (e.g., instantaneous, same day, overnight, 2-day payment, and so on). As another example, the rules engine 188 may be used to configure transaction limits (e.g., to ensure that no more than $500 can be charged to a particular token during a predetermined time period such as one day, one week, one month, etc.).).
It would have been prima facie obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified a systems and methods for to improving the security of transactions over a computer network as taught above by Ferenczi and implement a system for online payment processes maintained by an entity other than a financial institution as taught by Gilliam to provide securely transferring funds over an electronic money transfer network, such as an Automatic Clearing House (ACH) network, to individuals who have access to a second (e.g., public) network (Gilliam, [0005]), since there exist some teaching, suggestion, or motivation in the prior art that would have led one of ordinary skill to modify the prior art reference or to combine prior art reference teachings to arrive at the claimed invention, one of ordinary skill in the art would have recognized that the results of the combination were predictable. Both relate to the ability to improve the security of transactions over a computer network with the motivation to cost-effectively transfer money over electronic money transfer networks to individuals, particularly those individuals who lack access to the payment systems of financial institutions. (Gilliam, [0004]).
With respect to Claim 5 and 14,Ferenczi in view of Chan-Bauza teaches the method of claim 1. However, Ferenczi further teaches wherein the executing the payment risk analysis comprises validating, by the processor, sender bank data from the sender data, wherein the sender bank data is validated by verifying sender bank login information from the sender bank data validating that the sender account comprises sufficient funds to complete the payment request based on the payment amount.
Gilliam does teach
wherein the executing the payment risk analysis comprises validating, by the processor, sender bank data from the sender data, wherein the sender bank data is validated by verifying sender bank login information from the sender bank data validating that the sender account comprises sufficient funds to complete the payment request based on the payment amount (Gilliam, [0045] teaches Users may register their information with the information directory 128 prior to any financial transaction. A user may be added to the information directory 128 upon registering for the funds transfer system 100 through the bank computer system 120. Upon registration, a new entry may be created for the newly registered user in a database that implements the information directory 128. The user may provide one or more identifiers (e.g., phone numbers, e-mail addresses, and so on) that the user may share with other individuals with whom the user interacts (for example, in the same way that people selectively or freely share phone numbers and e-mail addresses with other individuals for purposes of communicating with such other individuals)., [0136] teaches to make the payment even quicker, the sending bank may not withdraw funds from the sender's account until after the recipient's account has been funded. The sending bank may however restrict a sender from choosing to send more money than available in the sender's account. This way, the sending back is assured that the sender's account has enough funds to pay back the sending bank.).
It would have been prima facie obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified a systems and methods for to improving the security of transactions over a computer network as taught above by Ferenczi and implement a system for online payment processes maintained by an entity other than a financial institution as taught by Gilliam to execute the motivation as mentioned in claim 2.

With respect to Claim 18, Ferenczi in view of Chan-Bauza teaches the method of claim 17. However, Ferenczi  in view of Chan-Bauza does not teach wherein the debit pull is transmitted at a first time and the credit push is transmitted at a second time, and wherein the first time is the same or proximate the second time.
Gilliam does teach wherein the debit pull is transmitted at a first time and the credit push is transmitted at a second time, and wherein the first time is the same or proximate the second time (Gilliam, [0070]).
It would have been prima facie obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified a systems and methods for to improving the security of transactions over a computer network as taught above by Ferenczi and implement a system for online payment processes maintained by an entity other than a financial institution as taught by Gilliam to execute the motivation as mentioned in claim 2.
With respect to Claim 19 (Amended), Ferenczi in view of Gilliam teaches the method of claim 18. However, Ferenczi in view of Chan-Bauza does not teach further comprising approving, by the processor, the payment request in response to transmitting the debit pull and the credit push, wherein in response to the payment request being approved the credited payment amount is available for use by a receiver associated with the receiver account.
Gilliam does teach further comprising approving, by the processor, the payment request in response to transmitting the debit pull and the credit push, wherein in response to the payment request being approved the credited payment amount is available for use by a receiver associated with the receiver account (Gilliam,  [0070]).
It would have been prima facie obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified a systems and methods for to improving the security of transactions over a computer network as taught above by Ferenczi and implement a system for online payment processes maintained by an entity other than a financial institution as taught by Gilliam to execute the motivation as mentioned in claim 2.

Response to Argument
Applicant's arguments have been fully considered but they are moot on the new grounds of rejection. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAVID ESTEBAN BERROA whose telephone number is (571)270-3487.  The examiner can normally be reached on Mon-Fri from 10:30am-6pm
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Christine Behncke can be reached at (571) 272-8103.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/DAVID ESTEBAN BERROA/Examiner, Art Unit 3697                                                                                                                                                                                                                                                                                                                                                                                                          /CHRISTINE M BEHNCKE/  Supervisory Patent Examiner, Art Unit 3697