DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This is a Non-Final Office Action in response to application 16/805,501 entitled "SYSTEMS AND METHODS FOR PROVIDING RISK BASED DECISIONING SERVICE TO A MERCHANT" filed on February 28, 2020 with claims 25-46 pending.
Status of Claims
Claims 1-24 are cancelled.
Claims 25-46 are pending and have been examined.
 Information Disclosure Statement
The information disclosure statement (IDS) submitted on February 28, 2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.


The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 25-46 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
The phrase “privileged cardholder” in Claims 25, 33, 40 introduces ambiguity and no clear description is provided in the specification.
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 25-46 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ). The term "privileged cardholder" in Claims 25, 33, and 40  is a  relative term which renders the claim indefinite.  The term  "privileged cardholder"   are not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. 
Therefore the claims are rejected.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 25-46 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
Claims 25-46 are directed to a system, method/process, or product program, which are/is one of the statutory categories of invention. (Step 1: YES).
The claimed invention is directed to an abstract idea without significantly more. 
Independent Claim 25 recites: 
“A transaction processing service (TPS) …. for online payment card transactions” 
“receive, from the merchant computing device, an authentication request”
“provide, to the merchant, a plurality of checkout options”
“transmitting the transaction data and the infrastructure data”
“compute an authentication risk score”
“receiving…the authentication risk score”
“determining whether the authentication risk score … indicates a lower risk level or a higher risk level for the online payment card transaction”
“transmitting an authentication response message to the merchant”
“determining whether to proceed with authorization of the online payment card transaction”
“initiating an authentication challenge”
“authenticating the online payment card transaction”
“receive, from the merchant computing device, one or more risk scoring configuration parameters”
“determine whether the authentication risk score is within the first risk score tier or the second risk score tier”
“process the online payment card transaction”
These limitations clearly relate to managing transactions/interactions between consumer/buyer, merchant, and/or processing service.  These limitations, under their broadest reasonable interpretation, cover performance of the limitation as certain methods of organizing human activity. Specific instances include instructing to receive an authentication request or compute an authentication risk score  or process an online payment card transaction recite a fundamental economic principles or practice   and/or commercial or legal interactions. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation as a fundamental economic, commercial, or financial action, principle, or practice then it falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. (Step 2A-Prong 1: YES. The claims recite an abstract idea).
This judicial exception is not integrated into a practical application. In particular, the claims recite the additional elements of:
“computing device”:
merely applying computer processing, storage, and networking technology  as  tools to perform an abstract idea 
“digital wallet”:
  generally linking to digital payment technology as a means to perform an abstract idea
are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer components and/or electronic processes. For Example, the Applicant’s Specification reads, “[0054] Client systems 114 could be any device capable of interconnecting to the Internet including a web-based phone, PDA, or other web-based connectable equipment.… [0072] Processor 305 may also be operatively coupled to a storage device 134. Storage device 134 is any computer-operated hardware suitable for storing and/or retrieving data….[0150] As used herein, the terms “machine-readable medium” “computer-readable medium” refers to any computer program product, apparatus and/or device …used to provide machine instructions and/or data to a programmable processor”. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept.   The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f). Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea and are at a high level of generality. Therefore, Claim 25 is directed to an abstract idea without a practical application.  (Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application)
Dependent Claims   recite additional elements.
This judicial exception is not integrated into a practical application. In particular, the recited additional elements of 
Claim 26: 
“computing device”: merely applying computer processing, networking, and display technologies  as a tool to perform an abstract idea
Claim 27: 
“computing device”: merely applying computer processing, networking, and display technologies  as a tool to perform an abstract idea
Claim 28: 
“computing device”: merely applying computer processing, networking, and display technologies  as a tool to perform an abstract idea
Claim 29: 
“computing device”: merely applying computer processing, networking, and display technologies  as a tool to perform an abstract idea
“digital wallet”:  generally linking to digital payment technology as a means to perform an abstract idea
Claim 30: 
“computing device”: merely applying computer processing, networking, and display technologies  as a tool to perform an abstract idea
Claim 31: 
“computing device”: merely applying computer processing, networking, and display technologies  as a tool to perform an abstract idea
Claim 32: 
“computing device”: merely applying computer processing, networking, and display technologies  as a tool to perform an abstract idea
“digital wallet”:  generally linking to digital payment technology as a means to perform an abstract idea
 are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer components and/or electronic processes.  For Example, the Applicant’s Specification reads, “[0054] Client systems 114 could be any device capable of interconnecting to the Internet including a web-based phone, PDA, or other web-based connectable equipment.… [0072] Processor 305 may also be operatively coupled to a storage device 134. Storage device 134 is any computer-operated hardware suitable for storing and/or retrieving data….[0150] As used herein, the terms “machine-readable medium” “computer-readable medium” refers to any computer program product, apparatus and/or device …used to provide machine instructions and/or data to a programmable processor”. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept.   The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f). Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea and are at a high level of generality. Therefore, these dependent claims are directed to an abstract idea without a practical application.  (Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application)
Independent Claim 33 recites: 
“a transaction processing service (TPS) …. for online payment card transactions” 
“receiving, from the merchant computing device, an authentication request”
“providing, to the merchant, a plurality of checkout options”
“transmitting the transaction data and the infrastructure data”
“compute an authentication risk score”
“receiving…the authentication risk score”
“determining whether the authentication risk score … indicates a lower risk level or a higher risk level for the online payment card transaction”
“transmitting an authentication response message to the merchant”
“determining whether to proceed with authorization of the online payment card transaction”
“initiating an authentication challenge”
“authenticating the online payment card transaction”
“receiving, from the merchant computing device, one or more risk scoring configuration parameters”
“determining whether the authentication risk score is within the first risk score tier or the second risk score tier”
“processing the online payment card transaction”
These limitations clearly relate to managing transactions/interactions between consumer/buyer, merchant, and/or processing service.  These limitations, under their broadest reasonable interpretation, cover performance of the limitation as certain methods of organizing human activity. Specific instances include instructing to receive an authentication request or compute an authentication risk score  or process an online payment card transaction recite a fundamental economic principles or practice   and/or commercial or legal interactions. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation as a fundamental economic, commercial, or financial action, principle, or practice then it falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. (Step 2A-Prong 1: YES. The claims recite an abstract idea).
This judicial exception is not integrated into a practical application. In particular, the claims recite the additional elements of:
“computing device”, “a processor and a memory”:
merely applying computer processing, storage, and networking technology  as  tools to perform an abstract idea 
“digital wallet”:
  generally linking to digital payment technology as a means to perform an abstract idea
are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer components and/or electronic processes. For Example, the Applicant’s Specification reads, “[0054] Client systems 114 could be any device capable of interconnecting to the Internet including a web-based phone, PDA, or other web-based connectable equipment.… [0072] Processor 305 may also be operatively coupled to a storage device 134. Storage device 134 is any computer-operated hardware suitable for storing and/or retrieving data….[0150] As used herein, the terms “machine-readable medium” “computer-readable medium” refers to any computer program product, apparatus and/or device …used to provide machine instructions and/or data to a programmable processor”. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept.   The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f). Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea and are at a high level of generality. Therefore, Claim 33 is directed to an abstract idea without a practical application.  (Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application)
Dependent Claims   recite additional elements.
This judicial exception is not integrated into a practical application. In particular, the recited additional elements of 
Claim 34: 
“computing device”: merely applying computer processing, networking, and display technologies  as a tool to perform an abstract idea
Claim 35: (none found: does not include additional elements and merely narrows the abstract idea)
Claim 36: (none found: does not include additional elements and merely narrows the abstract idea)
Claim 37: 
“computing device”: merely applying computer processing, networking, and display technologies  as a tool to perform an abstract idea
“digital wallet”:  generally linking to digital payment technology as a means to perform an abstract idea
Claim 38: 
“computing device”: merely applying computer processing, networking, and display technologies  as a tool to perform an abstract idea
Claim 39: 
“computing device”: merely applying computer processing, networking, and display technologies  as a tool to perform an abstract idea
are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer components and/or electronic processes.  For Example, the Applicant’s Specification reads, “[0054] Client systems 114 could be any device capable of interconnecting to the Internet including a web-based phone, PDA, or other web-based connectable equipment.… [0072] Processor 305 may also be operatively coupled to a storage device 134. Storage device 134 is any computer-operated hardware suitable for storing and/or retrieving data….[0150] As used herein, the terms “machine-readable medium” “computer-readable medium” refers to any computer program product, apparatus and/or device …used to provide machine instructions and/or data to a programmable processor”. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept.   The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f). Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea and are at a high level of generality. Therefore, these dependent claims are directed to an abstract idea without a practical application.  (Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application)
Independent Claim 40 recites: 
“a transaction processing service (TPS) …. for online payment card transactions” 
“receive, from the merchant computing device, an authentication request”
“provide, to the merchant, a plurality of checkout options”
“transmitting the transaction data and the infrastructure data”
“compute an authentication risk score”
“receiving…the authentication risk score”
“determining whether the authentication risk score … indicates a lower risk level or a higher risk level for the online payment card transaction”
“transmitting an authentication response message to the merchant”
“determining whether to proceed with authorization of the online payment card transaction”
“initiating an authentication challenge”
“authenticating the online payment card transaction”
“receive, from the merchant computing device, one or more risk scoring configuration parameters”
“determine whether the authentication risk score is within the first risk score tier or the second risk score tier”
“process the online payment card transaction”
These limitations clearly relate to managing transactions/interactions between consumer/buyer, merchant, and/or processing service.  These limitations, under their broadest reasonable interpretation, cover performance of the limitation as certain methods of organizing human activity. Specific instances include instructing to receive an authentication request or compute an authentication risk score  or process an online payment card transaction recite a fundamental economic principles or practice   and/or commercial or legal interactions. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation as a fundamental economic, commercial, or financial action, principle, or practice then it falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. (Step 2A-Prong 1: YES. The claims recite an abstract idea).
This judicial exception is not integrated into a practical application. In particular, the claims recite the additional elements of:
“computing device”, “non-transitory computer-readable storage media having computer-executable instructions”:
merely applying computer processing, storage, and networking technology  as  tools to perform an abstract idea 
“digital wallet”:
  generally linking to digital payment technology as a means to perform an abstract idea
are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer components and/or electronic processes. For Example, the Applicant’s Specification reads, “[0054] Client systems 114 could be any device capable of interconnecting to the Internet including a web-based phone, PDA, or other web-based connectable equipment.… [0072] Processor 305 may also be operatively coupled to a storage device 134. Storage device 134 is any computer-operated hardware suitable for storing and/or retrieving data….[0150] As used herein, the terms “machine-readable medium” “computer-readable medium” refers to any computer program product, apparatus and/or device …used to provide machine instructions and/or data to a programmable processor”. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept.   The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f). Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea and are at a high level of generality. Therefore, Claim 33 is directed to an abstract idea without a practical application.  (Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application)
Dependent Claims   recite additional elements.
This judicial exception is not integrated into a practical application. In particular, the recited additional elements of 
Claim 41: 
“computer-readable storage media”, “computing device”: merely applying computer processing, networking, and display technologies  as a tool to perform an abstract idea
Claim 42: 
“computer-readable storage media”: merely applying computer processing, networking, and display technologies  as a tool to perform an abstract idea
Claim 43: 
“computer-readable storage media”: merely applying computer processing, networking, and display technologies  as a tool to perform an abstract idea
Claim 44: 
“computer-readable storage media”, “computing device”: merely applying computer processing, networking, and display technologies  as a tool to perform an abstract idea
“digital wallet”:  generally linking to digital payment technology as a means to perform an abstract idea
Claim 45: 
“computer-readable storage media”, “computing device”: merely applying computer processing, networking, and display technologies  as a tool to perform an abstract idea
Claim 46: 
“computer-readable storage media”, “computing device”: merely applying computer processing, networking, and display technologies  as a tool to perform an abstract idea
are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer components and/or electronic processes.  For Example, the Applicant’s Specification reads, “[0054] Client systems 114 could be any device capable of interconnecting to the Internet including a web-based phone, PDA, or other web-based connectable equipment.… [0072] Processor 305 may also be operatively coupled to a storage device 134. Storage device 134 is any computer-operated hardware suitable for storing and/or retrieving data….[0150] As used herein, the terms “machine-readable medium” “computer-readable medium” refers to any computer program product, apparatus and/or device …used to provide machine instructions and/or data to a programmable processor”. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept.   The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f). Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea and are at a high level of generality. Therefore, these dependent claims are directed to an abstract idea without a practical application.  (Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application)
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when considered separately and as an ordered combination, they do not add significantly more (also known as an “inventive concept”) to the exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using  computer hardware and/or software amounts to no more than mere instructions to apply the exception using a generic computer component. For Example, the Applicant’s Specification reads, “[0054] Client systems 114 could be any device capable of interconnecting to the Internet including a web-based phone, PDA, or other web-based connectable equipment.… [0072] Processor 305 may also be operatively coupled to a storage device 134. Storage device 134 is any computer-operated hardware suitable for storing and/or retrieving data….[0150] As used herein, the terms “machine-readable medium” “computer-readable medium” refers to any computer program product, apparatus and/or device …used to provide machine instructions and/or data to a programmable processor”. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept.   The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f). Accordingly, these additional elements, do not change the outcome of the analysis, when considered separately and as an ordered combination. Dependent claims further define the abstract idea that is present in their respective independent claims and hence are abstract for the reasons presented above.  The dependent claims do not include any additional elements that integrate the abstract idea into a practical application or are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination.  Therefore, the dependent claims are directed to an abstract idea.  Thus, Claims 25-46 are not patent eligible. (Step 2B: NO. The claims do not provide significantly more) 
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claims 25-46   are rejected under 35 U.S.C. 102(a)(2) as being clearly anticipated by Hammad ("GRADUATED SECURITY SEASONING APPARATUSES, METHODS AND SYSTEMS", U.S. Publication Number: 2013/0218765  A1).
Regarding Claim 25, 
Hammad teaches,





 A transaction processing service (TPS) computing device for providing risk-based decisioning to a merchant for online payment card transactions, said TPS computing device comprising a processor communicatively coupled to a memory, said TPS computing device in communication with a merchant computing device associated with the merchant 
(Hammad [Abstract] The GRADUATED SECURITY SEASONING APPARATUSES, METHODS AND SYSTEMS (“GSS”) transform user virtual wallet activity and historical fraud reports via GSS components into transaction authorization triggers ... transaction risk-appropriate, escalated security protocols.... The GSS identifies a transaction risk type associated with the request, and calculates a transaction risk level associated with the transaction risk type.
Hammad [0135] The GSS controller 2301 may be based on computer systems that may comprise, but are not limited to, components such as: a computer systemization 2302 connected to memory 2329.
Hammad [0133] the GSS controller 2301 may be connected to and/or communicate with users, e.g., 2333 a, operating client device(s), e.g., 2333 b, including, but not limited to, personal computer(s), server(s) 
Hammad [0038] the GSS may attempt to allocate the transaction risks associated with the current transaction request to one or more entities involved in the current transaction (e.g., user, merchant, issuer, acquirer, payment service processor, payment network, etc.).
Hammad [0132]  various processor accessible and operable areas of memory 2329 (e.g., registers, cache memory, random access memory, etc.). 
Hammad [0030] a user may be able to access a virtual wallet account from a point-of-sale (“POS”) terminal in a merchant store, or on a merchant website.)
and a risk-based decisioning (RBD) computing device,
(Hammad [0174] The configuration of the GSS controller will depend on the context of system deployment...results in a more distributed series of program components, and/or results in some combination between a consolidated and distributed configuration, data may be communicated, obtained, and/or provided. 
Hammad [0173] The component collection may be ...distributed in countless variations through standard data processing and/or development techniques. Multiple instances of any one of the program components in the program component collection may be instantiated ... numerous nodes to improve performance through load-balancing and/or data-processing techniques. Furthermore, single instances may also be distributed across multiple controllers and/or storage devices; e.g., databases.  
Hammad [0175] If component collection components are discrete, separate, and/or external to one another, then communicating, obtaining, and/or providing data with and/or to other components may be accomplished through inter-application data processing communication techniques 
Examiner notes that prior art includes embodiments where the "risk-based decisioning (RBD) computing device" is discretely  separate from the "transaction processing service (TPS) computing device" )
 said TPS computing device programmed to: receive, from the merchant computing device, an authentication request including transaction data
(Hammad [0162]  The cryptographic component facilitates the secure accessing of resources on the GSS and facilitates the access of secured resources on remote systems; i.e., it may act as a client and/or server of secured resources. Most frequently, the cryptographic component communicates with information servers, operating systems, other program components, and/or the like. The cryptographic component may contain, communicate, generate, obtain, and/or provide ... data communications, requests, and/or responses.
Hammad [0038] the GSS may attempt to allocate the transaction risks associated with the current transaction request to one or more entities involved in the current transaction (e.g., user, merchant, issuer, acquirer, payment service processor, payment network, etc.).
Hammad [Abstract] The GRADUATED SECURITY SEASONING APPARATUSES, METHODS AND SYSTEMS (“GSS”) transform user virtual wallet activity and historical fraud reports via GSS components into transaction authorization triggers
Hammad  [0170] The GSS component may transform user virtual wallet activity and historical fraud reports via GSS components into transaction authorization triggers generated pursuant to graduated, transaction risk-appropriate, escalated security protocols...In one embodiment, the GSS component 2335 takes inputs (e.g., current transaction request/security input 211; historical wallet activity data 212;...transaction data)
 and infrastructure data, 
(Hammad [0033]  device has to provide its IP address
Hammad [0035] geographical location
Hammad [0152] might have the IP portion of the request “123.124.125.126” resolved by a DNS server to an information server at that IP address)
the transaction data associated with an online payment card transaction initiated by a suspect consumer, wherein the transaction data includes payment card data provided by the suspect consumer from a digital wallet of a privileged cardholder, 
(Hammad [0035] Other parameters to which such familiarity-based transaction risk assessment may extend include, without limitation: user ID; merchant ID; product type; product ID; transaction cost; payment mechanism (e.g., account numbers); geographical location; 
Hammad [0036]  device fingerprint-wallet record comparison; 
Hammad [0066]  using a portion of a user payment card number, or a user ID (such as an email address) as a keyword for the database query.)
the infrastructure data including digital wallet data, the authentication request generated by the merchant computing device during an authentication process occurring after the online payment card transaction is initiated by the suspect consumer and prior to authorization of the online payment card transaction;
(Hammad [0036]  device fingerprint-wallet record comparison; 
Hammad [0031]  responses to secure authentication requests
Hammad [0036]   calls may be saved for the highest risk events, such as...high risk/high price consumer initiated events.
Hammad [0037]  the request may take the form of a card authorization request, such as that card authorization request 1116, depicted in the example purchase transaction authorization (“PTA”) component 
Hammad [0182] For instance, it is to be understood that the logical and/or topological structure of any combination of any data flow sequence(s), program components ....and/or any present feature sets as described in the figures and/or throughout are not limited to a fixed operating order and/or arrangement, but rather, any disclosed order is exemplary and all equivalents, regardless of order, are contemplated by the disclosure.)
provide, to the merchant, a plurality of checkout options including a first checkout option and a second checkout option, 
(Hammad [0039] select payment options
Hammad [0081] requesting the user device to provide new payment options)
wherein the first checkout option includes: transmitting the transaction data and the infrastructure data to the RBD computing device, 
(Hammad  [0170] The GSS component may transform user virtual wallet activity and historical fraud reports via GSS components into transaction authorization triggers generated pursuant to graduated, transaction risk-appropriate, escalated security protocols...In one embodiment, the GSS component 2335 takes inputs (e.g., current transaction request/security input 211; historical wallet activity data 212;...transaction data 
Hammad [0033]  device has to provide its IP address
Hammad [0035] geographical location
Hammad [0135] The GSS controller 2301 may be based on computer systems that may comprise, but are not limited to, components such as: a computer)
the RBD computing device configured to compute an authentication risk score for the online payment card transaction based at least in part on the transaction data and the infrastructure data,
(Hammad  [0170] The GSS component may transform user virtual wallet activity and historical fraud reports via GSS components into transaction authorization triggers generated pursuant to graduated, transaction risk-appropriate, escalated security protocols...In one embodiment, the GSS component 2335 takes inputs (e.g., current transaction request/security input 211; historical wallet activity data 212;...transaction data 
Hammad [0033]  device has to provide its IP address
Hammad [0035] geographical location
Hammad [0135] The GSS controller 2301 may be based on computer systems that may comprise, but are not limited to, components such as: a computer
Hammad [0170] outputs (e.g., transaction risk assessment data/rules 215; risk types/risk scores 
Hammad  [0170] The GSS component may transform user virtual wallet activity and historical fraud reports via GSS components into transaction authorization triggers generated pursuant to graduated, transaction risk-appropriate, escalated security protocols...In one embodiment, the GSS component 2335 takes inputs (e.g., current transaction request/security input 211; historical wallet activity data 212;...transaction data)
 the authentication risk score indicating a likelihood that the suspect consumer is the privileged cardholder of a payment card used from the digital wallet;
(Hammad [0031]  For example, the GSS may identify one or more transaction risk types, and associated risk scores to each of the transaction risk types. Examples of risk types include, without limitation: user fraud...a risk score for each risk type based on factors such as, without limitation: the type of the current transaction (e.g., user enrollment into a new request, purchase transaction, modifying user wallet settings, modifying privacy settings, accessing personal information), current user transaction request details, historical (including recent/real-time) user virtual wallet activity)
receiving, from the RBD computing device, the authentication risk score for the online payment card transaction;
(Hammad [0047] Upon completing the rule processing, the GSS may return the assigned risk types and their associated risk scores (e.g., for graduated security protocol escalation, see, e.g., FIG. 8).
Hammad [0048] transforming transaction risk type and score assessments, ... via a Graduated Security Escalation (“GSE”) component into transaction authorization notifications/triggers and transaction denial notifications)
determining whether the authentication risk score received from the RBD computing device indicates a lower risk level or a higher risk level for the online payment card transaction;
(Hammad [0052] The GSS may compare the updated risk score to the predetermined maximum acceptable threshold risk value for the risk type in the current transaction, and determine whether the risk score has been lowered below the threshold.
Hammad  [0033] if a transaction risk type ...has a higher risk score, then the GSS may escalate the protocols employed from security protocol)
when the authentication risk score indicates the lower risk level, transmitting an authentication response message to the merchant computing device, the authentication response message including a data element comprising an indication of acceptable risk for use by the merchant computing device in determining whether to proceed with authorization of the online payment card transaction; 
(Hammad [0052] The GSS may compare the updated risk score to the predetermined maximum acceptable threshold risk value for the risk type in the current transaction, and determine whether the risk score has been lowered below the threshold.
Hammad [0038] If the risk score is acceptable, see 221, (e.g., lower than a maximum allowable risk threshold value for the risk type for the current transaction), then the GSS may authorize the transaction...then the GSS may select a set of security protocols for the entities involved in the transaction to engage in before authorizing the transaction)
and when the authentication risk score indicates the higher risk level, initiating an authentication challenge of the suspect consumer, 
(Hammad [0032] For example, where a transaction risk type is at a higher risk level, the GSS may escalate the security protocol required to authorize the transaction to a more secure protocol, which in some scenarios may come with additional attendant burden on the entity (e.g., a user) required to engage in the security protocol.
Hammad [0036] challenge questions... the challenge presented to the entity taking the action....Authentication challenges during protocol escalation may include calls to third-party identification services (e.g., Idology, Experian, Accurint, 192.com, Dunn & Bradstreet, etc.).)
and wherein the second checkout option includes authenticating the online payment card transaction;
(Hammad [0036]  the GSS, authentication of a transaction can be done separately from authorization/payment...In some embodiments, authentication may be integrated into the authorization flow)
receive, from the merchant computing device, one or more risk scoring configuration parameters defining a first risk score tier associated with the first checkout option and a second risk score tier associated with the second checkout option;
(Hammad [0167] Similarly, configurations of the decentralized database controllers may be varied by consolidating and/or distributing the various database components 2319 a-r. The GSS may be configured to keep track of various settings, inputs, and parameters via database controllers.
Hammad [0036]  merchant history; device intelligence data elements; merchant category;...such as merchant automated underwriting or high risk/high price consumer initiated events.
Hammad [0033] a first tier of (low) risk may only require a security protocol set 1 (103 a), which may have a low burden....However, if a transaction risk type (e.g., risk types (iii), risk type 2 (112), risk type 3 (113)), has a higher risk score, then the GSS may escalate the protocols employed from security protocol set 1 to security protocol set 2 (103 b))
determine whether the authentication risk score is within the first risk score tier or the second risk score tier;
(Hammad [0052] The GSS may compare the updated risk score to the predetermined maximum acceptable threshold risk value for the risk type in the current transaction, and determine whether the risk score has been lowered below the threshold.
Hammad [0032] For example, where a transaction risk type is at a higher risk level, the GSS may escalate the security protocol required to authorize the transaction to a more secure protocol, which in some scenarios may come with additional attendant burden on the entity (e.g., a user) required to engage in the security protocol.)
 and process the online payment card transaction according to one of the first checkout option and the second checkout option based on the determination.
(Hammad [0077] for routing the card authorization request to the appropriate payment network for payment processing. For example, the pay gateway server may be able to select from payment networks, such as Visa, Mastercard, American Express, Paypal, etc., to process various types of transactions)
Regarding Claim 26, 
Hammad teaches,
   receive, from the merchant computing device, one or more additional risk scoring configuration parameters; 
(Hammad [0167] Similarly, configurations of the decentralized database controllers may be varied by consolidating and/or distributing the various database components 2319 a-r. The GSS may be configured to keep track of various settings, inputs, and parameters via database controllers.
Hammad [0036]  merchant history; device intelligence data elements; merchant category;...such as merchant automated underwriting or high risk/high price consumer initiated events.
Hammad [0033] a first tier of (low) risk may only require a security protocol set 1 (103 a), which may have a low burden....However, if a transaction risk type (e.g., risk types (iii), risk type 2 (112), risk type 3 (113)), has a higher risk score, then the GSS may escalate the protocols employed from security protocol set 1 to security protocol set 2 (103 b))
and transmit the one or more additional risk scoring configuration parameters to the RBD computing device, wherein the RBD computing device is further configured to compute the authentication risk score based at least in part on the one or more additional risk scoring configuration parameters.
(Hammad [0035] in some embodiments, the GSS may determine a transaction risk level in, of a transaction risk type associated with a transaction request, based on the familiarity 112 that the GSS has with the parameters of the transaction request.... In some embodiments, the GSS may utilize different seasoning thresholds 113 to determine the seasoning of different parameters in the calculation of transaction risk. Further, in various embodiments, the calculation of transaction risk may depend on numerous factors besides the seasoning levels of the parameters of the transaction request.)
Regarding Claim 27, 
Hammad teaches,
   The TPS computing device of claim 26, wherein the one or more additional risk scoring configuration parameters include a first additional risk scoring configuration parameter defining the lower risk level, and a second additional risk scoring configuration parameter defining the higher risk level.
(Hammad [0035] in some embodiments, the GSS may determine a transaction risk level in, of a transaction risk type associated with a transaction request, based on the familiarity 112 that the GSS has with the parameters of the transaction request.... In some embodiments, the GSS may utilize different seasoning thresholds 113 to determine the seasoning of different parameters in the calculation of transaction risk. Further, in various embodiments, the calculation of transaction risk may depend on numerous factors besides the seasoning levels of the parameters of the transaction request.
Hammad [0033] a first tier of (low) risk may only require a security protocol set 1 (103 a), which may have a low burden....However, if a transaction risk type (e.g., risk types (iii), risk type 2 (112), risk type 3 (113)), has a higher risk score, then the GSS may escalate the protocols employed from security protocol set 1 to security protocol set 2 (103 b))
Regarding Claim 28, 
Hammad teaches,
     wherein the first checkout option further includes storing an indication of merchant liability for the online payment card transaction, and wherein the second checkout option further includes storing an indication of issuer liability for the online payment card transaction.
(Hammad [0049] the merchant may be able to bear the risk that the user is fraudulent 
Hammad [0035]  dependence of the transaction risk level of a transaction risk type associated with the transaction request on the familiarity of the GSS with the geographic location of the originator of the transaction (see 116 b). Other parameters to which such familiarity-based transaction risk assessment may extend include, without limitation:... merchant ID; 
Hammad [0042] stored fraud report data records)
Regarding Claim 29, 
Hammad teaches,
       receive, from an issuer of the payment card from the digital wallet, one or more additional risk scoring configuration parameters when the merchant selects the second checkout option; and transmit the one or more additional risk scoring configuration parameters to the RBD computing device, wherein the RBD computing device is further configured to compute the authentication risk score based at least in part on the one or more additional risk scoring configuration parameters.
(Hammad [0038] the GSS may attempt to allocate the transaction risks associated with the current transaction request to one or more entities involved in the current transaction (e.g., user, merchant, issuer, acquirer, payment service processor, payment network, etc.). 
Hammad [0059] the user wallet device may provide a transaction authorization input
Hammad [0033] the GSS may escalate the security protocol set for the entities involved in the transaction to security protocol set 3 (103 c) or security protocol set 4 (103 d).  It is to be understood that different transaction risk types may be escalated at different values of risk scores associated with each of the risk types, either dependent on or independent of the escalation of security protocols for any of the other transaction risk types associated with the transaction. For example, the graduated levels for the different transaction risk type may be drawn at different values of transaction risk scores associated with the transaction risk types.
Hammad [0035] the GSS may calculate the transaction risk(s) associated with the transaction request)
Regarding Claim 30, 
Hammad teaches,
  further programmed to receive, from the merchant computing device, one or more additional risk scoring configuration parameters including a transaction type parameter indicating whether to process each of a plurality of transaction types using the first checkout option or the second checkout option.
(Hammad [0038] the GSS may attempt to allocate the transaction risks associated with the current transaction request to one or more entities involved in the current transaction (e.g., user, merchant, issuer, acquirer, payment service processor, payment network, etc.). 
Hammad [0033] the GSS may escalate the security protocol set for the entities involved in the transaction to security protocol set 3 (103 c) or security protocol set 4 (103 d).  It is to be understood that different transaction risk types may be escalated at different values of risk scores associated with each of the risk types, either dependent on or independent of the escalation of security protocols for any of the other transaction risk types associated with the transaction. For example, the graduated levels for the different transaction risk type may be drawn at different values of transaction risk scores associated with the transaction risk types.)
Regarding Claim 31, 
Hammad teaches,
  wherein the TPS computing device is further communicatively coupled to an access control server (ACS) computing device, 
(Hammad [0174] The configuration of the GSS controller will depend on the context of system deployment...results in a more distributed series of program components, and/or results in some combination between a consolidated and distributed configuration, data may be communicated, obtained, and/or provided. 
Hammad [0173] The component collection may be ...distributed in countless variations through standard data processing and/or development techniques. Multiple instances of any one of the program components in the program component collection may be instantiated ... numerous nodes to improve performance through load-balancing and/or data-processing techniques. Furthermore, single instances may also be distributed across multiple controllers and/or storage devices; e.g., databases.  
Hammad [0175] If component collection components are discrete, separate, and/or external to one another, then communicating, obtaining, and/or providing data with and/or to other components may be accomplished through inter-application data processing communication techniques 
Examiner notes that prior art includes embodiments where the "TPS computing device" is discretely  separate from the "access control server (ACS) computing device" )
and wherein when the authentication risk score indicates the higher risk level, initiating the authentication challenge of the suspect consumer includes transmitting a challenge request message to the ACS computing device, 
(Hammad [0032] For example, where a transaction risk type is at a higher risk level, the GSS may escalate the security protocol required to authorize the transaction to a more secure protocol, which in some scenarios may come with additional attendant burden on the entity (e.g., a user) required to engage in the security protocol.
Hammad [0036] challenge questions... the challenge presented to the entity taking the action....Authentication challenges during protocol escalation may include calls to third-party identification services (e.g., Idology, Experian, Accurint, 192.com, Dunn & Bradstreet, etc.).)
wherein receipt of the challenge request message causes the ACS computing device to transmit a step-up challenge to the user computing device for authentication of the suspect consumer, 
(Hammad [0048] each protocol may have a protocol description, 802, burden level indicator(s) (e.g., intrusiveness into user experience, response time, bandwidth requirements, etc.), ... obtaining a user password, providing a text message challenge, placing an audio call to the user, placing a video call to the user.)
and wherein the TPS computing device is further configured to: receive, from the ACS computing device, an authentication challenge response including an indication of successful authentication of the suspect consumer and at least a portion of authentication data provided to the ACS computing device by the suspect consumer in response to the step-up challenge;
(Hammad [0128]  the GSS may initiate a video challenge for the user, e.g., 2121. For example, the user may need to present him/her-self via a video chat, e.g., 2122. In some implementations, a customer service representative, e.g., agent 2124, may manually determine the authenticity of the user using the video of the user. In some implementations, the GSS may utilize face, biometric and/or like recognition (e.g., using pattern classification techniques) to determine the identity of the user. 
Hammad  [0129] In some implementations, the GSS may utilize a text challenge procedure to verify the authenticity of the user)
 and transmit, to the merchant computing device, an authentication response message including the indication of successful authentication of the suspect consumer and the portion of the authentication data provided to the ACS computing device by the suspect consumer, for use by the merchant computing device in determining whether to proceed with authorization of the online payment card transaction.
(Hammad [0038] there are security protocols that may mitigate the risk if successfully completed, then the GSS may request the entities involved in the transaction (e.g., user, user device, merchant, merchant device, issuer, acquirer, etc.) to provide security data, e.g., 224, 219. The entities may provide the rquested security data, otherwise the GSS may deny the transaction request. The GSS may utilize the new security data, in addition to the previously mentioned adat, to re-assess the risk(s) involved in the transaction, and if needed, re-apply the above-mentioned procedure until the level of each transaction risk type is reduced to acceptable levels, or the risks are assumed by one of the entities involved in the transaction)
Regarding Claim 32, 
Hammad teaches,
  wherein the ACS computing device is associated with an issuer of the payment card from the digital wallet, and wherein said TPS computing device is associated with a payment transaction processing system that processes the online payment card transactions.
(Hammad  [0033] the GSS may escalate the security protocol set for the entities involved in the transaction to security protocol set 3 (103 c) or security protocol set 4 (103 d).  It is to be understood that different transaction risk types may be escalated at different values of risk scores associated with each of the risk types, either dependent on or independent of the escalation of security protocols for any of the other transaction risk types associated with the transaction. For example, the graduated levels for the different transaction risk type may be drawn at different values of transaction risk scores associated with the transaction risk types.
Hammad [0035] the GSS may calculate the transaction risk(s) associated with the transaction request 
Hammad  [0104] The mode may be activated in accordance with rules defined by issuers, insurers, merchants, payment processor and/or other entities to facilitate processing of specialized goods and services. 
Hammad   [0119] The reallocation process may include the wallet contacting the payment processor to credit the amount of the prescription medication to the Visa card and debit the same amount to the user's FSA account.)
Claim 33 is rejected on the same basis as Claim 25.
Claim 34 is rejected on the same basis as Claim 26.
Claim 35 is rejected on the same basis as Claim 27.
Claim 36 is rejected on the same basis as Claim 28.
Claim 37 is rejected on the same basis as Claim 29.
Claim 38 is rejected on the same basis as Claim 30.
Claim 39 is rejected on the same basis as Claim 31.
Claim 40 is rejected on the same basis as Claim 25.
Claim 41 is rejected on the same basis as Claim 26.
Claim 42 is rejected on the same basis as Claim 27.
Claim 43 is rejected on the same basis as Claim 28.
Claim 44 is rejected on the same basis as Claim 29.
Claim 45 is rejected on the same basis as Claim 30.
Claim 46 is rejected on the same basis as Claim 31.

Prior Art Cited But Not Applied
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Petri (“IN-APPLICATION COMMERCE SYSTEM AND METHOD WITH FRAUD DETECTION”, U.S. Publication Number: 20120130853 A1) proposes A full-service turn-key in-application commerce solution with fraud detection is disclosed that provides web service interfaces to a commerce system. The in-application solution features fraud detection with user behavior tracking and fraud controls that limit the features that are offered to a user. Fraud detection involves input from the application, the commerce system, or third party systems. User fraud scores are updated frequently as events are processed. Controls are applied to the user account based on the user fraud score and risk classifications for ranges of fraud scores. An in-application solution also features a wallet with a personal threshold for microtransaction spending, limiting the amount that the user is allowed to spend before a wallet is cleared. The wallet is integrated with the fraud detection such that the personal threshold is determined from the user's latest fraud score.
Kowalchyk (“METHOD AND SYSTEM FOR ASSESSING MERCHANT RISK DURING PAYMENT TRANSACTION”, U.S. Patent: 8020763 B2) proposes  methods for assessing transaction risk. A consumer tenders a transaction card to a merchant to purchase a good or service. A payment device of the merchant, such as a payment terminal or mobile communication device of the merchant, is used to process the payment utilizing a risk assessment system. Card data received by the payment device is sent to the risk assessment system, which processes card data and generates an indicator representing the risk associated with accepting payment using the card. The indicator is sent to the payment device to provide the merchant input regarding risk associated with using the card.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHINEDU EKECHUKWU whose telephone number is (571)272-4493.  The examiner can normally be reached on Mon-Fri 10am to 4pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Christine Behncke, can be reached on (571) 272-8103.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/C.E./Examiner, Art Unit 3697         

/HAO FU/Primary Examiner, Art Unit 3697