DETAILED ACTION
Claim Objections
Claims 3, 8, 9, 13, 14, 15, 16, 17, 18, 19 and 20 are objected to because of the following informalities:  
Claims 3 and 14 recite, “wherein the authentication challenge is generated based on one or more parameters, and wherein the one or more parameters comprise user privacy settings and merchant data.”  This should be -- wherein the authentication challenge is generated based on one or more parameters, and wherein the one or more parameters comprise user privacy settings and the merchant data. –
Terms previously referenced should be preceded by terms such as “the” or “said” to clarify the prior reference.
Claim 8 recites, “wherein validating the user authentication response comprises comparing an obtained authentication response with an expected authentication response and updating an authentication status of the user to the merchant computer.”  This should be -- wherein validating the user authentication response comprises comparing the user authentication response with the expected authentication response and updating an authentication status of the user to the merchant computer. -- or something similar.
There appears to be a failure to use consistent terminology as there is antecedent basis for the “user authentication response” being received, but not an “authentication response” that was obtained.
.  Terms previously referenced should be preceded by terms such as “the” or “said” to clarify the prior reference.
Claim 9 recites, “wherein the user authentication response is validated by a payment platform dynamically by comparing the expected authentication response with the authentication response provided by the user.”  This should be -- wherein the user authentication response is validated by a payment platform dynamically by comparing the expected authentication response with the user authentication response. --
There appears to be a failure to use consistent terminology as there is antecedent basis for the “user authentication response” being received, but not an “authentication response” that was provided by a user.
Claim 18 recites, “compare an obtained authentication response with an expected authentication response and updating an authentication status of the user to the merchant computer.”  This should be -- compare the user authentication response with the expected authentication response and update an authentication status of the user to the merchant computer.”
There appears to be a failure to use consistent terminology as there is antecedent basis for the “user authentication response” being received, but not an “authentication response” that was obtained.
Terms previously referenced should be preceded by terms such as “the” or “said” to clarify the prior reference.
Consistent formatting.
Claims 13, 15, 16, 17, 19 and 20 recite, “wherein the instructions further cause the at least one processor to”  This should be -- wherein the instructions, when executed by the at least one processor, further cause the at least one processor to -- 
Consistent formatting.
Claim 18 recites, “further comprise instructions, which when executed by the at least one processor to compare an obtained authentication response with an expected authentication response and updating an authentication status of the user to the merchant computer.”  This should be -- further comprise instructions, which when executed by the at least one processor, further cause the at least one processor to compare an obtained authentication response with an expected authentication response and updating an authentication status of the user to the merchant computer. --
Appropriate correction is required.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1 - 20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
ALICE/ MAYO:  TWO-PART ANALYSIS
2A.   First, a determination whether the claim is directed to a judicial exception (i.e., abstract idea).  
Prong 1:  A determination whether the claim recites a judicial exception (i.e., abstract idea).

Groupings of abstract ideas enumerated in the 2019 Revised Patent Subject Matter Eligibility Guidance.

Mathematical concepts- mathematical relationships, mathematical formulas or equations, mathematical calculations.
Certain methods of organizing human activity- fundamental economic principles or practices (including hedging, insurance, mitigating risk); commercial or legal interactions (including agreements in the form of contracts; legal obligations; 
Mental processes- concepts performed in the human mind (including an observation, evaluation, judgement, opinion).

Prong 2:  A determination whether the judicial exception (i.e., abstract idea) is integrated into a practical application.

Considerations indicative of integration into a practical application enumerated in the 2019 Revised Patent Subject Matter Eligibility Guidance.

Improvement to the functioning of a computer, or an improvement to any other technology or technical field
Applying or using a judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition
Applying the judicial exception with, or by use of a particular machine.
Effecting a transformation or reduction of a particular article to a different state or thing
Applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception

Considerations that are not indicative of integration into a practical application enumerated in the 2019 Revised Patent Subject Matter Eligibility Guidance.

Merely reciting the words “apply it” (or an equivalent) with the judicial exception, or merely including instructions to implement an abstract idea on a computer, or merely using a computer as a tool to perform an abstract idea.
Adding insignificant extra-solution activity to the judicial exception.
Generally linking the use of the judicial exception to a particular technological environment or field of use.

2B. Second, a determination whether the claim provides an inventive concept (i.e., Whether the claim(s) include additional elements, or combinations of elements, that are sufficient to amount to significantly more than the judicial exception (i.e., abstract idea)).
Considerations indicative of an inventive concept (aka “significantly more”) enumerated in the 2019 Revised Patent Subject Matter Eligibility Guidance.

Improvement to the functioning of a computer, or an improvement to any other technology or technical field
Applying the judicial exception with, or by use of a particular machine.
Effecting a transformation or reduction of a particular article to a different state or thing
Applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception  NOTE:  The only consideration that does not overlap with the considerations indicative of integration into a practical application associated with step 2A: Prong 2.

Considerations that are not indicative of an inventive concept (aka “significantly more”) enumerated in the 2019 Revised Patent Subject Matter Eligibility Guidance.

Merely reciting the words “apply it” (or an equivalent) with the judicial exception, or merely including instructions to implement an abstract idea on a computer, or merely using a computer as a tool to perform an abstract idea.
Adding insignificant extra-solution activity to the judicial exception.
Generally linking the use of the judicial exception to a particular technological environment or field of use.
Simply appending well-understood, routine, conventional activities previously known to the industry, specified at a high level of generality, to the judicial exception.  NOTE:  The only consideration that does not overlap with the considerations that are not indicative of integration into a practical application associated with step 2A: Prong 2.

See also, 2010 Revised Patent Subject Matter Eligibility Guidance; Federal Register; Vol. 84, No. 4; Monday, January 7, 2019

Claims 1 - 20 is/are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.  
1:  Statutory Category
Applicant’s claimed invention, as described in independent claim 1, is/are directed to a process (i.e. a method).

2(A):  The claim(s) are directed to a judicial exception (i.e., an abstract idea).
PRONG 1:  The claim(s) recite a judicial exception (i.e., an abstract idea).
Certain Method of Organizing Human Activity
The claim as a whole recites a method of organizing human activity.  The claimed invention is involves receiving an authentication request, wherein the authentication request comprises one or more data fields, the one or more data fields  a fundamental economic principles or practices (authentication); commercial or legal interactions (authentication); and managing personal behavior or relationships or interactions between people (receiving, assessing, sending, generating, validating, returning).  The mere nominal recitation of technology does not take the claim out of the method of organizing human activity grouping.  Thus, the claim recites an abstract idea.

Mental Processes

The claim recites limitations directed to receiving an authentication request, wherein the authentication request comprises one or more data fields, the one or more data fields comprise user data, merchant data and transaction data; assessing the one or more data fields to generate an authentication challenge for a user, wherein assessing the one or more data fields comprises verifying merchant enrollment and user enrollment for authentication using one or more third-party account service providers; sending to the one or more third-party account service providers, a request to extract user-related data based on a set of primitive information; receiving from the one or more third-party account service providers extracted user- related data based on the set of primitive information; generating the authentication challenge based on the extracted user related data; sending the authentication challenge; receiving a user authentication response to the authentication challenge; validating the user authentication response wherein validating the user authentication response comprises comparing the user authentication response with an expected authentication response by communicating with the one or more third-party account service providers; and returning an authentication status, wherein the authentication status is returned as a data field to the merchant computer. 

The limitation(s), as drafted, is/are a process that, under it’s broadest reasonable interpretation, covers performance of the limitation(s) in the mind.  Although the preamble recites “computer implemented”, nothing in the claim precludes the steps from practically being performed in the mind.  For example, the claim encompasses the user manually receiving an authentication request, wherein the authentication request comprises one or more data fields, the one or more data fields comprise user data, merchant data and transaction data; assessing the one or more data fields to generate an authentication challenge for a user, wherein assessing the one or more data fields comprises verifying merchant enrollment and user enrollment for authentication using one or more third-party account service providers; sending to the one or more third-party account service providers, a request to extract user-related data based on a set of primitive information; receiving from the one or more third-party account service providers extracted user- related data based on the set of primitive information; generating the authentication challenge based on the extracted user related data; sending the authentication challenge; receiving a user authentication response to the authentication challenge; validating the user authentication response wherein validating the user authentication response comprises comparing the user authentication response with an expected authentication response by communicating with the one or more third-party account service providers; and returning an authentication status, wherein the authentication status is returned as a data field to the merchant computer.  NOTE:  (a) The claim is silent regarding any of the positively recited steps or acts being performed by a computer.  (b) Although a “merchant computer” is also mentioned in the claim, the claimed invention is not from the perspective of the “merchant computer” and the “merchant computer” does not perform any of the positively recited steps or acts required of the claimed invention.  The “merchant computer” merely interacts with whatever entity (unclaimed) performing the positively recited steps or acts.  (c)  Although a “user’s portable consumer device” is also mentioned in the claim, the claimed invention is not from the perspective of the “user’s portable consumer device” and the “user’s portable consumer device” does not perform any of the positively recited steps or acts required of the claimed invention.  The “user’s portable consumer device” merely interacts with whatever entity (unclaimed) performing the positively recited steps or acts.  
    
The mere nominal recitation of a generic computer in the preamble does not take the claim limitation out of the mental processes grouping.  This/these limitation(s) recite a mental process. Thus, the claim recites an abstract idea.
PRONG 2:  The judicial exception (i.e., an abstract idea). Is not integrated into a practical application.
The claim recites the combination of additional elements of “computer implemented” in the preamble, although a computer does not perform any of the positively steps or acts performed in the body of the claim.  The entity (unclaimed) performing the positively recited steps or acts performed also interacts with a “merchant computer” in “receiving” and “returning” steps; and interacts with a “user’s portable data receipt/ transmission (e.g., “receiving”, “sending”, “returning” etc. step(s) as claimed); and (b) data processing (e.g., “assessing”, “generating”, “validating”, etc. step(s) as claimed).  The additional element(s) is/ are recited at a high level of generality (i.e., as general means of gathering authentication data), and amounts to mere data gathering, which is a form of insignificant extra-solution activity.  The “computer implemented” language is also recited at a high level of generality, and merely automates the step(s).  The “computer implemented” language is no more than mere instructions to apply the exception using generic computer components.  Accordingly, the additional element(s) does not integrate the abstract idea into a practical application because it does not impose any meaningful limitations on practicing the abstract idea.  The claim is directed to an abstract idea.

Since the claim(s) recite a judicial exception and fails to integrate the judicial exception into a practical application, the claim(s) is/are “directed to” the judicial exception.  Thus, the claim(s) must be reviewed under the second step of the Alice/ Mayo analysis to determine whether the abstract idea has been applied in an eligible manner.

2(B):  The claims do not provide an inventive concept (i.e., The claim(s) do not include additional elements, or combinations of elements, that are sufficient to amount to significantly more than the judicial exception (i.e., abstract idea)).
As discussed with respect to Step 2A Prong Two, the additional element(s) in the claim amounts to no more than mere instructions to apply the exception using a generic computer component.   The same analysis applies here in 2B, i.e., mere instructions to apply an exception using a generic computer component cannot integrate a judicial exception into a practical application at Step 2A or provide an inventive concept in Step 2B.
Furthermore, the additional element(s) under STEP 2A Prong 2 have been evaluated in STEP 2B to determine if it is more than what is well-understood, routine conventional activity in the field.   Applicant’s specification as filed 5/29/19 does not provide any indication there is anything other than generic, off-the-shelf computer components.  Furthermore, the prosecution history of the instant application provides Kenderov, Kohli, and Eichner operating in a similar environment, suggesting performing tasks such as (a) data receipt/ transmission (e.g., “receiving”, “sending”, “returning” etc. step(s) as claimed); and (b) data processing (e.g., “assessing”, “generating”, “validating”, etc. step(s) as claimed) are well understood, routine and conventional.  Furthermore, the courts have recognized that computer functions or tasks analogous to those claimed by applicant such as (a) data receipt/ transmission (e.g., “receiving”, data processing (e.g., “assessing”, “generating”, “validating”, etc. step(s) as claimed) are well understood, routine and conventional.  Symantec, TLI, OIP Techs and buySAFE court decisions cited in MPEP § 2106.05(D) (ii) indicate that mere collection or receipt of data over a network is a well-understood, routine, and conventional function when it is claimed in a merely generic manner (as here).  Flook, Bancorp court decisions cited in MPEP § 2106.05(D) (ii) indicate performing repetitive calculations is a well-understood, routine, and conventional function when it is claimed in a merely generic manner (as here).  Accordingly, a conclusion that the additional elements are well-understood, routine, conventional activity is supported under Berkheimer. 
For these reasons, there is no invention concept in the claim, and thus the claim is ineligible.
Dependent claims 2 - 11 are rejected as ineligible subject matter under 35 U.S.C. 101 based on a rationale similar to the claims from which they depend.  With respect to dependent claims 9 and 10, although a “payment platform” is introduced, the “payment platform” is limited to routine computer functions such as data processing discussed in the independent claim analysis.
Alice Corp. also establishes that the same analysis should be used for all categories of claims (e.g., product and process claims).  Therefore, independent non-transitory computer-readable media claim 12 is/are also rejected as ineligible subject matter under 35 U.S.C. 101 for substantially the same reasons as the method claims (claims 1-11).  The component(s) (e.g., “non-transitory computer-readable media”, “at least one processor”, etc.) described in non-transitory computer-readable media claim 12, add nothing of substance to the underlying abstract idea.  At best, the product (non-transitory computer-readable media) recited in the claim(s) are merely providing an environment to implement the abstract idea. 
Dependent claims 13 - 20 are rejected as ineligible subject matter under 35 U.S.C. 101 based on a rationale similar to the claims from which they depend.  
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1 and 12 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. 
Claims 1 and 12 recite, “generating the authentication challenge based on the extracted user related data; “ and “validating the user authentication response wherein validating the user authentication response comprises comparing the user authentication response with an expected authentication response by communicating with the one or more third-party account service providers; “

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1, 2, 3, 10, 12, 13 and 14 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 1 and 12 recite, “wherein the authentication request comprises one or more data fields, the one or more data fields comprise user data, merchant data and transaction data; “

Claims 1 and 12 recite, “assessing the one or more data fields to generate an authentication challenge for a user, wherein assessing the one or more data fields comprises verifying merchant enrollment and user enrollment for authentication using one or more third-party account service providers;”
The language is indefinite because applicant is making two contradictory statements rendering the scope of the claim unclear.  On the one hand “one or more data fields’ suggests that as few as one data field is required by the claim for the “assessing”/ “verifying”, but the phrase, “merchant enrollment and user enrollment” suggests at least two data fields are required.
Re Claims 2 and 13:  The term "near" is a relative term which renders the claim indefinite.  The term "near" is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. 
Claims 3 and 14 recite, “wherein the authentication challenge is generated based on one or more parameters, and wherein the one or more parameters comprise user privacy settings and merchant data.”
The language is indefinite because applicant is making two contradictory statements rendering the scope of the claim unclear.  On the one hand “one or more 
Claim 10 recites the limitation " wherein the user authentication response is validated by the payment platform by communicating with one or more third-party account service providers.”.  There is insufficient antecedent basis for “the payment platform” in the claim.  NOTE:  Changing the claims dependency to depend from claim 9 would appear to cure this problem.
NOTE:  The specific language used is not required, but is intended as an aide to the applicant in overcoming one or more of the objections and/ or rejections noted in this office action.  Alternative language may be proposed.  Please indicate where support may be found in the specification for any amendments made.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. 

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1 - 2, 5 - 13 and 16 - 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kenderov, US Pub. No. 2015/0106216 in view of Kohli, US Pub. No. 2017/0344729 and Eichner, US Pub. No. 2013/0103584.
Re Claims 1 and 12:  Kenderov computer implemented method comprising: 
receiving an authentication request from a merchant computer, wherein the authentication request comprises one or more data fields, the one or more data fields comprise user data (Kenderov, abstract, [0007] [0024] [0025] [0027] [0034] [0097] [0101] [0102], See also, MPEP §2103 I. C. §2111.04 “wherein” clause interpreted as not further limiting of the claimed invention. See also, MPEP §2111 Broadest Reasonable Interpretation (BRI).  NOTE:  The BRI afforded the claims is that no more than one data field is required.  See also, 112 rejection above.); 
assessing the one or more data fields to generate an authentication challenge for a user, wherein assessing the one or more data fields comprises verifying user enrollment for authentication using one or more third-party account service providers (Kenderov, [0034] [0059] [0081] [0088] [ [0093] [0094] [0096] [0103] [0104], See also, MPEP §2103 
sending to the one or more third-party account service providers, a request to extract user-related data based on a set of primitive information (Kenderov, abstract, [0007] [0009] [0011] [0027] [0030] [0081] [0097]); 
receiving from the one or more third-party account service providers extracted user- related data based on the set of primitive information (Kenderov, abstract, [0007] [0009] [0011] [0027] [0030] [0081] [0097]); 
generating the authentication challenge based on the extracted user related data (Kenderov, abstract, [0001] [0003] [0005] [0006] [0008] [0009] [0011] [0015] [0024] [0025] [0026] [0027] [0104]); 
sending the authentication challenge to a user's portable consumer device (Kenderov, abstract, [0001] [0003] [0006] [0011] [0015] [0026] [0027] [[0130] [0132]); 
receiving a user authentication response to the authentication challenge from the user's portable consumer device (Kenderov, abstract, [0001] [0003] [0006] [0026] [0027] [0130] [0132]); 
validating the user authentication response wherein validating the user authentication response comprises comparing the user authentication response with an expected authentication response by communicating with the one or more third-party account service providers (Kenderov, abstract, [0002] [0003] [0006] [0020] [0021] [0026] [0130] [0132]); 

Although Kenderov discloses receiving an authentication request from a merchant computer, wherein the authentication request comprises one or more data fields, the one or more data fields comprise user data;  Kenderov fails to explicitly disclose the one or more data fields further comprises merchant data and transaction data; 
	Although Kenderov discloses assessing the one or more data fields to generate an authentication challenge for a user, wherein assessing the one or more data fields comprises verifying user enrollment for authentication using one or more third-party account service providers;  Kenderov discloses wherein assessing the one or more data fields further comprises verifying merchant enrollment.
	Kohli discloses:
the one or more data fields further comprises merchant data and transaction data (Kohli, abstract, [0004] [0005] [0006] [0029] [0041] [0058] [0070] [0073], See also, MPEP §2103 I. C. §2111.04 “wherein” clause interpreted as not further limiting of the claimed invention. See also, MPEP §2111 Broadest Reasonable Interpretation (BRI).  NOTE:  The BRI afforded the claims is that no more than one data field is required.  See also, 112 rejection above.); 
	Eichner discloses:
wherein assessing the one or more data fields further comprises verifying merchant enrollment (Eichner, [0021] [0024], See also, MPEP §2111 Broadest Reasonable 
	It would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify the teachings of Kenderov by adopting the teachings of Kohli and Eichner to provide receiving an authentication request from a merchant computer, wherein the authentication request comprises one or more data fields, the one or more data fields comprise user data, merchant data and transaction data; assessing the one or more data fields to generate an authentication challenge for a user, wherein assessing the one or more data fields comprises verifying merchant enrollment and user enrollment for authentication using one or more third-party account service providers;
	One would have been motivated to improve security.
The claimed invention uses known techniques to improve a similar invention in the same way.  The claimed invention applies known techniques to a known method invention ready for improvement to yield predictable results.  Known work in one field of endeavor may prompt variations of it for use in either the same field or a different one based on design incentives or other market forces if the variations are predictable to one of ordinary skill in the art.  Thus, the claimed subject matter likely would have been obvious under KSR.  KSR, 127 S.Ct. at 1741, 82 USPQ2d at 1396.
Re Claim 2:  Kenderov by adopting the teachings of Kohli and Eichner discloses the claimed invention supra and Kenderov further discloses wherein the authentication challenge is generated in near real-time based on the extracted user-related data 
Re Claim 5:  Kenderov by adopting the teachings of Kohli and Eichner discloses the claimed invention supra and Kenderov further discloses wherein the authentication challenge sent to the user is based on one or more attributes (Kenderov, abstract, [0001] [0003] [0006] [0011] [0015] [0026] [0027] [[0130] [0132], See also, MPEP §2103 I. C. §2111.04 “wherein” clause interpreted as not further limiting of the claimed invention.).  
Re Claim 6:   Kenderov by adopting the teachings of Kohli and Eichner discloses the claimed invention supra and Kenderov further discloses wherein the authentication challenge comprises a response field format (Kenderov, abstract, [0001] [0003] [0005] [0006] [0008] [0009] [0011] [0015] [0024] [0025] [0026] [0027] [0104], See also, MPEP §2103 I. C. §2111.04 “wherein” clause interpreted as not further limiting of the claimed invention.).  
Re Claim 7:   Kenderov by adopting the teachings of Kohli and Eichner discloses the claimed invention supra and Kenderov further discloses wherein the authentication challenge is validated when the user authentication response is received within a pre-defined time frame (Kenderov, [0012] [0136] [0137], See also, MPEP §2103 I. C. §2111.04 “wherein” clause interpreted as not further limiting of the claimed invention.).  
Re Claim 8 and 18:  Kenderov by adopting the teachings of Kohli and Eichner discloses the claimed invention supra and Kenderov further discloses wherein validating the user authentication response comprises 

and updating an authentication status of the user to the merchant computer (Kenderov, [0015] [0027] [0132]).  
Re Claim 9:  Kenderov by adopting the teachings of Kohli and Eichner discloses the claimed invention supra and Kenderov further discloses wherein the user authentication response is validated by a payment platform dynamically by comparing the expected authentication response with the authentication response provided by the user (Kenderov, abstract, [0002] [0003] [0006] [0020] [0021] [0026] [0130] [0132], See also, MPEP §2103 I. C. §2111.04 “wherein” clause interpreted as not further limiting of the claimed invention.).  
Re Claim 10:  Kenderov by adopting the teachings of Kohli and Eichner discloses the claimed invention supra and Kenderov further discloses wherein the user authentication response is validated by the payment platform by communicating with one or more third-party account service providers (Kenderov, abstract, [0002] [0003] [0006] [0020] [0021] [0026] [0130] [0132], See also, MPEP §2103 I. C. §2111.04 “wherein” clause interpreted as not further limiting of the claimed invention.).  
Re Claim 11:  Kenderov by adopting the teachings of Kohli and Eichner discloses the claimed invention supra and Kenderov further discloses wherein the user authentication response comprises an objective response, a subjective response, or a combination thereof (Kenderov, abstract, [0001] [0003] [0006] [0026] [0027] [0130] [0132], See also, MPEP §2103 I. C. §2111.04 “wherein” clause interpreted as not further limiting of the claimed invention.).
Re Claim 13:  Kenderov by adopting the teachings of Kohli and Eichner discloses the claimed invention supra and Kenderov further discloses wherein the instructions further cause the at least one processor to generate the authentication challenge in near real-time based on the extracted user-related data (Kenderov, [0098]).  
Re Claim 16:  Kenderov by adopting the teachings of Kohli and Eichner discloses the claimed invention supra and Kenderov further discloses wherein the instructions further cause the at least one processor to send the authentication challenge the user based on one or more attributes (Kenderov, abstract, [0001] [0003] [0006] [0011] [0015] [0026] [0027] [[0130] [0132]), 
and wherein the authentication challenge comprises a response field format (Kenderov, [0012] [0136] [0137], See also, MPEP §2103 I. C. §2111.04 “wherein” clause interpreted as not further limiting of the claimed invention.).  
Re Claim 17: Kenderov by adopting the teachings of Kohli and Eichner discloses the claimed invention supra and Kenderov further discloses wherein the instructions further cause the at least one processor to validate the authentication challenge when the user authentication response is received within a pre-defined time frame (Kenderov, [0012] [0136] [0137]).  
Re Claim 19:  Kenderov by adopting the teachings of Kohli and Eichner discloses the claimed invention supra and Kenderov further discloses wherein the instructions further cause the at least one processor to validate the user authentication response by communicating with one or more third-party connected accounts (Kenderov, abstract, [0002] [0003] [0006] [0020] [0021] [0026] [0130] [0132]).  
Re Claim 20:  Kenderov by adopting the teachings of Kohli and Eichner discloses the claimed invention supra and Kenderov further discloses wherein the instructions further cause the at least one processor to receive the user 41S2815.DOCXPage 32 of 34Attorney Docket No. 8549-1902670 (3468US01) authentication response in an objective response, a subjective response, or a combination thereof (Kenderov, abstract, [0001] [0003] [0006] [0026] [0027] [0130] [0132]).
Claims 3 and 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kenderov in view of Kohli and Eichner as applied to claims 1 and 12 above, and further in view of McLachlan, US Pub. No. 2014/0189829.
Re Claims 3 and 14:  Kenderov in view of Kohli and Eichner discloses the claimed invention supra but fails to explicitly disclose wherein the authentication challenge is generated based on one or more parameters, and wherein the one or more parameters comprise user privacy settings and merchant data. 
	McLachlan discloses: 
wherein the authentication challenge is generated based on one or more parameters (McLachlan, [0004] [0020] [0024] [0032] [0033] [0036] [0040] [0049], See also, MPEP §2103 I. C. §2111.04 “wherein” clause interpreted as not further limiting of the claimed invention.), 
and wherein the one or more parameters comprise user privacy settings and merchant data (McLachlan, [0004] [0020] [0024] [0032] [0033] [0036] [0040] [0049], See also, MPEP §2103 I. C. §2111.04 “wherein” clause interpreted as not further limiting of the claimed invention.).  
	It would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify the teachings of Kenderov in view of Kohli and Eichner by 
One would have been motivated to improve customization and privacy.
The claimed invention uses known techniques to improve a similar invention in the same way.  The claimed invention applies known techniques to a known method invention ready for improvement to yield predictable results.  Known work in one field of endeavor may prompt variations of it for use in either the same field or a different one based on design incentives or other market forces if the variations are predictable to one of ordinary skill in the art.  Thus, the claimed subject matter likely would have been obvious under KSR.  KSR, 127 S.Ct. at 1741, 82 USPQ2d at 1396.
 Claims 4 and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kenderov in view of Kohli and Eichner as applied to claims 1 and 12 above, and further in view of Van Heerden, US Pub. No. 2016/0012427.
Re Claim 4:  Kenderov in view of Kohli and Eichner discloses the claimed invention supra and Kenderov further discloses wherein the authentication challenge is sent to the user's portable consumer device (Kenderov, abstract, [0001] [0003] [0006] [0011] [0015] [0026] [0027] [[0130] [0132], See also, MPEP §2103 I. C. §2111.04 “wherein” clause interpreted as not further limiting of the claimed invention.), 
and wherein the user authentication response is received from the user's portable consumer device (Kenderov, abstract, [0001] [0003] [0006] [0026] [0027] [0130] [0132], 
	Although Kenderov discloses wherein the authentication challenge is sent to the user's portable consumer device, and wherein the user authentication response is received from the user's portable consumer device.  Kenderov fails to explicitly disclose where sent and received occurs through a secure communication protocol.
	Van Heerden discloses:
where sent and received occurs through a secure communication protocol (Van Heerden, [0026], See also, MPEP §2103 I. C. §2111.04 “wherein” clause interpreted as not further limiting of the claimed invention.).
	It would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify the teachings of Kenderov in view of Kohli and Eichner by adopting the teachings of Van Heerden to provide wherein the authentication challenge is sent to the user's portable consumer device through a secure communication protocol, and wherein the user authentication response is received from the user's portable consumer device through the secure communication protocol. 
 	One would have been motivated to improve security.
The claimed invention uses known techniques to improve a similar invention in the same way.  The claimed invention applies known techniques to a known method invention ready for improvement to yield predictable results.  Known work in one field of endeavor may prompt variations of it for use in either the same field or a different one based on design incentives or other market forces if the variations are predictable to KSR, 127 S.Ct. at 1741, 82 USPQ2d at 1396.
Re Claim 15: Kenderov in view of Kohli and Eichner discloses the claimed invention supra and Kenderov further discloses wherein the instructions further cause the at least one processor to transmit the authentication challenge to the user's portable consumer device (Kenderov, abstract, [0001] [0003] [0006] [0011] [0015] [0026] [0027] [[0130] [0132]),  
and wherein the user authentication response is received from the user's portable consumer device (Kenderov, abstract, [0001] [0003] [0006] [0026] [0027] [0130] [0132], See also, MPEP §2103 I. C. §2111.04 “wherein” clause interpreted as not further limiting of the claimed invention.). 
	Although Kenderov discloses wherein the instructions further cause the at least one processor to transmit the authentication challenge to the user's portable consumer device, and wherein the user authentication response is received from the user's portable consumer device.  Kenderov fails to explicitly disclose where transmit and received occurs through a secure communication protocol.
	Van Heerden discloses:
where transmit and received occurs through a secure communication protocol (Van Heerden, [0026], See also, MPEP §2103 I. C. §2111.04 “wherein” clause interpreted as not further limiting of the claimed invention.).
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify the teachings of Kenderov in view of Kohli and Eichner by adopting the teachings of Van Heerden to provide wherein the instructions further cause 
One would have been motivated to improve security.
The claimed invention uses known techniques to improve a similar invention in the same way.  The claimed invention applies known techniques to a known method invention ready for improvement to yield predictable results.  Known work in one field of endeavor may prompt variations of it for use in either the same field or a different one based on design incentives or other market forces if the variations are predictable to one of ordinary skill in the art.  Thus, the claimed subject matter likely would have been obvious under KSR.  KSR, 127 S.Ct. at 1741, 82 USPQ2d at 1396.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SARA C HAMILTON whose telephone number is (571)272-1186.  The examiner can normally be reached on Monday-Thursday, 8-5, EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


SARA CHANDLER HAMILTON
Primary Examiner
Art Unit 3692



/SARA C HAMILTON/Primary Examiner, Art Unit 3692