DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 03 May 2021 has been entered. 
Response to Amendment
Applicant’s amendment filed 03 May 2021 amends claims 1 and 11. Applicant’s amendment has been fully considered and entered.
Response to Arguments
Applicant argues, “It is respectfully submitted that none of the cited references described this subject matter. Krishnamurthy merely describes prompting a user to select delivery channel when a risk level exceeds predetermined threshold to send a passcode to…, and thus does not describe the determination of the optimal communication channel to transmit the one-time 
Applicant argues, “Golan, for example, provides no teaching or suggestion of considering specific fraud data information pertaining to at least two of its ‘web browsers’ that is provides password recovery when the risk is low, nor any of the alternative channels (e.g., email or billing address) that it sends a new password to when the risk level is high, in its determination of which channel to use for password recovery.” In response, the claim merely requires that the fraud data include information “relating” to a risk assessment of at least two of a plurality of communication channels. The assignment described in Golan where web browsers are used when the risk is low and email/mail are used when the risk is high meets 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 3-8, 11, 13-18 are rejected under 35 U.S.C. 103 as being unpatentable over Krishnamurthy, U.S. Publication No. 2019/0325449, in view of Golan, U.S. Publication No. 2005/0097320. Referring to claims 1, 11, Krishnamurthy a dynamic authentication scheme wherein a user sends a transaction request to a transaction server ([0036]) that can be implemented along with the identity decisioning server in a single device ([0097]), which meets the limitation of receive, via an electronic input, a contact from a customer device associated with a customer. The transaction server/decisioning server includes a database of customer information ([0025]), device identification information ([0036]), and information pertaining to the identity decisioning techniques such as the one-time password exam ([0027]: the information pertaining to the identity decision techniques would read on the claimed fraud data because identity decision techniques are “related” to risk assessments as claimed since the additional authentication exams are performed when a determined risk level is above a threshold) that are utilized for additional authentication exams when risk levels are high ([0059] & [0062]), which meets the limitation of a memory that stores and maintains customer profile data comprising customer data, device data, and fraud data, wherein the fraud data includes information relating to a risk assessment [of at least two of a plurality of communication channels]. The transaction server also includes a processor ([0097]-[0098]), which meets the limitation of a computer processor, coupled to the memory. The transaction request involves a customer username ([0036]), the customer’s actual name (Figure 4), and a request for a one-time password (Figures 7-8 & [0062]-[0063]: one-time password generation is “involved” with the request to the extent that a one-time password is generated and utilized in the transaction process), which meets the limitation of wherein the contact involves a customer identifier and a request for a one-time passcode. The transaction server utilizes the received request information, which includes the customer name (Figure 4) and username ([0036]), to determine whether the requesting user is associated with an existing customer account that includes device identification ([0036]) and the information pertaining to the one or more identity decisioning techniques are retrieved to determine which exams to utilize ([0027] & [0062]), which meets the limitation of retrieve, using the customer identifier, a customer profile comprising customer data, device data, and fraud data, wherein the fraud data includes information relating to a risk assessment [of at least two of a plurality of communication channels]. A risk level is calculated based upon the results of the identity verification stage ([0058]) that utilizes customer account information such as device identification information and user credentials ([0054]-[0055] & [0036]), which meets the limitation of apply, via a risk decision engine, a risk determination based on the customer profile to generate a risk score for the contact. The risk level is compared against a predetermined threshold and an additional authentication exam will be performed if the risk level exceeds the predetermined threshold ([0059] & [0062]: additional authentication exam is not performed unless the risk level exceeds the threshold) such that the additional authentication exam includes presenting the requesting user with a plurality of selectable delivery channels for transmission of a one-time password (Figure 7 & [0062] & [0071]: selection of delivery channel is based on the risk level because the additional authentication exam is not performed unless the risk level exceeds the threshold), which meets the limitation of determining an optimal communication channel from a plurality of communication channels to transmit the one-time passcode to the customer based on the risk score, [and the information relating to the risk assessment of the at least two of the plurality of communication channels from the fraud data, wherein the optimal communication channel determined varies depending on a magnitude of the risk score]. Once selected, the one-time password is provided to the user over the selected channel ([0073]), which meets the limitation of [automatically] transmit the one-time passcode via the optimal communication channel to the customer. 
Krishnamurthy does not specify that the one-time password is automatically provided to the user over the selected channel. However, it is not invention to provide an automatic or mechanical means to replace a manual activity which accomplishes the same result. In re Venner, 262 F.2d 91, 95, 120 USPQ 193, 194 (CCPA 1958). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the one-time password of Krishnamurthy to have been automatically provided to the user over the selected channel because providing an automatic means to replace manual activity is not regarded as invention.
Krishnamurthy discloses that the risk level is compared against a predetermined threshold and an additional authentication exam will be performed if the risk level exceeds the predetermined threshold ([0059] & [0062]) and that the additional authentication exam includes presenting the requesting user with a plurality of selectable delivery channels for transmission of a one-time password (Figure 7 & [0062] & [0071]). Krishnamurthy does not disclose that the available delivery channels for selection depend upon the determined risk level. Golan discloses an authentication mechanism wherein password information is distributed using channels specific to a determined risk level ([0090]: low risk utilizes a web-based password recovery system and high risk utilizing channels such as email/mail), which meets the limitation of determining an optimal communication channel from a plurality of communication channels to transmit the one-time passcode to the customer based on the risk score and the information relating to the risk assessment of the at least two plurality of communication channels from the fraud data, wherein the optimal communication channel determined varies depending on a magnitude of the risk score. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the delivery channels available for selection in Krishnamurthy to have been different depending upon the determined risk level in order to offer a higher degree of assurance as to the individual’s identity while reducing the use of stolen identities as suggested by Golan ([0028] & [0030]). 
As modified above, the information associating the delivery channels of Krishnamurthy with specific risk levels would have additionally be stored along with the other customer/transaction information in the databases ([0025] & [0027]) because Krishnamurthy specifically discloses that the databases include any other information relevant to carrying out the transaction ([0025]) and any other information relevant to implementing dynamic identity decisioning ([0027]). The information pertaining directly to which delivery channel should be used when the measured risk is at particular levels would certainly be considered relevant information as defined by Krishnamurthy. Therefore, storage of the information associating the delivery channels of Krishnamurthy with specific risk levels would read on the claimed retrieve, a customer profile comprising fraud data, wherein the fraud data includes information relating to a risk assessment of at least two of a plurality of communication channels.
Referring to claims 3, 13, Krishnamurthy discloses that the transaction can be a financial transaction such as applying for a credit card or applying for a loan ([0024]), which meets the limitation of wherein the contact from the customer device comprises a financial transaction.
Referring to claims 4, 14, Krishnamurthy discloses that the selectable delivery channels include text/SMS message and email message ([0071]), which meets the limitation of wherein the optimal communication channel comprises an in-app communication to the customer’s device because the user device in Krishnamurthy is a mobile device that includes mobile applications ([0031]) and text/SMS/email messages are received on a mobile device using mobile applications.
Referring to claims 5, 15, Krishnamurthy discloses that the selectable delivery channels include voice message ([0071]), which meets the limitation of wherein the optimal communication channel comprises a call center communication.
Referring to claims 6, 16, Krishnamurthy discloses that the selectable delivery channels include text/SMS message ([0071]) to a user device such a smart phone ([0024]), which meets the limitation of wherein the optimal communication channel comprises a smart device associated with the customer.
Referring to claims 7, 17, Krishnamurthy discloses that the user is presented with an authentication exam if the risk level exceeds a predetermined threshold ([0062]), which meets the limitation of responsive to the risk score, identify and apply an additional authentication prior to transmitting the one-time passcode.
Referring to claims 8, 18, Krishnamurthy discloses that the risk level is calculated based upon the results of the identity verification stage ([0058]) that utilizes customer account information such as device identification information and user credentials ([0054]-[0055] & [0036]) and previous transaction information ([0025]), which meets the limitation of wherein the risk determination is based on device data, account data and fraud data.
Claims 2, 12 are rejected under 35 U.S.C. 103 as being unpatentable over Krishnamurthy, U.S. Publication No. 2019/0325449, in view of Golan, U.S. Publication No. 2005/0097320, and further in view of Kohli, U.S. Publication No. 2017/0337556. Referring to claims 2, 12, Krishnamurthy discloses that the transaction can be a financial transaction ([0024]). Krishnamurthy, as modified in view of Golan above, does not specify that the financial transaction includes adding a credit card to an electronic wallet application. 
Kohli discloses a transaction management scheme wherein the transactions can include adding a payment card to a digital wallet ([0033]), which meets the limitation of wherein the contact from the customer device comprises a request to add a credit card to an electronic wallet application executing on the customer’s device. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the financial transactions of Krishnamurthy to have include electronic wallet transactions as disclosed in Kohli in order to provide an easier mechanism for making purchases that does not require users to remember and input specific account credentials as suggested by Kohli ([0003]).
Claims 9, 19 are rejected under 35 U.S.C. 103 as being unpatentable over Krishnamurthy, U.S. Publication No. 2019/0325449, in view of Golan, U.S. Publication No. 2005/0097320, and further in view of Ranganathan, U.S. Publication No. 2012/0233665. Referring to claims 9, 19, Krishnamurthy discloses that the customer account includes device identification information ([0036]), but Krishnamurthy, as modified in view of Golan above, does not specify that the customer account includes device information that includes known fraudulent activity on the device, device type, and device location.
 Ranganathan discloses the storing of various device parameters that are utilized to create a device profile ([0032]). The device parameters include fraudulent activity by the device ([0051]: IP address used by the device is has been used in fraudulent activity), device type ([0020] Table 1), and device location ([0020] Table 1), which meets the limitation of wherein the device data comprises known fraud activity on the device, device type, and device location. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the device information of Krishnamurthy to have included the device parameters maintained in Ranganathan, in order to provide a more accurate assessment of the authenticity of a user request in a manner than goes beyond user credentials as suggested by Ranganathan ([0009]).
Claims 10, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Krishnamurthy, U.S. Publication No. 2019/0325449, in view of Golan, U.S. Publication No. 2005/0097320, and further in view of Priess, U.S. Publication No. 2015/0026027. Referring to claims 10, 20, Krishnamurthy, as modified in view of Golan above, does not disclose that the previous transaction information includes account change data or failed login history. Priess discloses a fraud detection system wherein monitored account transaction information includes changes to the account profile information ([0062] and failed login attempts ([0122]), which meets the limitation of wherein the fraud data comprises account change data and failed login history. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the previous transaction information of Krishnamurthy to have included changes to account information and failed login attempts in order to prevent fraudulent usage of the account as suggested by Priess ([0062] & [0122]).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN E LANIER whose telephone number is (571)272-3805.  The examiner can normally be reached on M-Th: 6:20-4:50.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 5712724063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/BENJAMIN E LANIER/Primary Examiner, Art Unit 2437