DETAILED ACTION
Status of Claims
This Office Action is in response to claims filed on 05/10/2021 and Interview on 10/20/2021.
Claims 1, 8, 22 and 24-28 are pending while claims 2-7, 9-21 and 23 are canceled
Claims 1, 8, 22 and 24-28 are Allowed.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below.  Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Vanessa Bell (Reg. No. 70,333) on 10/20/2021.
The Application has been amended as follows:
(Currently Amended) A method, comprising:
receiving, at a server computing device from a computing device of a user, during a transaction with a merchant server computer, over a communications network, a transaction authentication request message for the transaction in a Hypertext Transfer 
generating, by the server computing device based upon the transaction authentication request message, a risk assessment value for the transaction;
translating, by the server computing device, the transaction authentication request message to an International Organization for Standardization (ISO) 8583 message format comprising ISO 8583 fields, by 
(i) extracting, using an information collection submodule in the server computing device, the authentication information and the authorization information from the transaction authentication request message in the Hypertext Transfer Protocol (HTTP) message format, 
(ii) accessing, using a format conversion submodule in the server computing device, correlations between the ISO 8583 fields and the HTTP fields from a message format database, and 
(iii) based on the field correlations, generating, using a message generation submodule in the server computing device, a modified transaction authentication request message by inserting the authentication information and the authorization information collected [by] using the information collection submodule, the risk assessment value, 
transmitting, by the server computing device to an authorization computer, the modified transaction authentication request message in the ISO 8583 message format;
receiving, by the server computing device from the authorization computer, a challenge request message in the ISO 8583 message format requesting authentication of the user;
generating, by the server computing device, a modified challenge request message according to the HTTP message format;
transmitting, by the server computing device to the computing device of the user, the modified challenge request message in the HTTP message format;
receiving, by the server computing device from the computing device of the user, a challenge response message in the HTTP message format;
generating, by the server computing device, a modified challenge response message in the ISO 8583 message format;
transmitting, by the server computing device, the modified challenge response message in the ISO 8583 message format to the authorization computer;
receiving, by the server computing device from the authorization computer based on the modified transaction authentication request message and the modified challenge response message, an authorization response message in the ISO 8583 message format comprising an authorization result; and
transmitting, by the server computing device to the merchant server computer, the authorization response message in the ISO 8583 format.
-7.	(Cancelled)
(Currently Amended) A system comprising a server computing device comprising: 
a set of one or more processors; 
a set of one or more physical network interfaces coupled with the set of processors; and
a non-transitory computer readable storage medium coupled with the set of processors and storing instructions comprising an information collection submodule, a format conversion submodule, and a message generation submodule that, when executed by the set of processors, causes the set of processors to perform a method comprising:
receiving, from a computing device of a user, during a transaction with a merchant server computer, over a communications network, a transaction authentication request message for the transaction in a Hypertext Transfer Protocol (HTTP) message format comprising HTTP fields, the transaction authentication request message including both authentication information and authorization information comprising a device identifier of the computing device of the user, a merchant identifier, a merchant location, a card verification value, and a transaction amount;
generating, based upon the transaction authentication request message, a risk assessment value for the transaction; 
translating the transaction authentication request message to an International Organization for Standardization (ISO) 8583 message format comprising ISO 8583 fields, by 
(i) extracting, [by] using the information collection submodule in the server computing device, the authentication information and the authorization information from the transaction authentication request message in the Hypertext Transfer Protocol (HTTP) message format, 
(ii) accessing, [by] using the format conversion submodule in the server computing device, correlations between the ISO 8583 fields and the HTTP fields from a message format database, and 
(iii) based on the field correlations, generating, [by] using the message generation submodule in the server computing device, a modified transaction authentication request message in the ISO 8583 message format by inserting the authentication information and the authorization information collected [by] using the information collection submodule, the risk assessment value, 
transmitting, to an authorization computer, the modified transaction authentication request message in the ISO 8583 message format;
receiving, from the authorization computer, a challenge request message in the ISO 8583 message format requesting authentication of the user;
generating a modified challenge request message according to the HTTP message format;
transmitting, to the computing device of the user, the modified challenge request message in the HTTP message format;
receiving, from the computing device of the user, a challenge response message in the HTTP message format;
generating a modified challenge response message in the ISO 8583 message format;
transmitting the modified challenge response message in the ISO 8583 message format to the authorization computer; 
receiving, from the authorization computer based on the modified transaction authentication request message and the modified challenge response message, an authorization response message in the ISO 8583 message format comprising an authorization result; and
transmitting, to the merchant server computer, the authorization response message in the ISO 8583 message format.
-21.	(Cancelled)
(Previously Presented) The method of claim 1, wherein the server computing device receives the transaction authentication request message from the computing device of the user.
(Cancelled)
(Previously Presented) The system of claim 8, wherein the server computing device receives the transaction authentication request message from the computing device of the user.
(Previously presented) The method of claim 1, wherein the risk assessment value is generated based on historical information surrounding the user and computing device of the user.
(Previously presented) The method of claim 1, wherein translating the transaction authentication request message comprises adding data extracted from the HTTP message as one or more subfields of one or more existing ISO-defined data element fields.
(Previously Presented) The system of claim 8, wherein the risk assessment value is generated based on historical information surrounding the user and computing device of the user.
(Previously Presented) The system of claim 8, wherein translating the transaction authentication request message comprises adding data extracted from the HTTP message as one or more subfields of one or more existing ISO-defined data element fields.

REASONS FOR ALLOWANCE
The following is an Examiner’s statement of reasons for allowance:
The present invention is directed to authenticating of a user during the user making a transaction with a merchant server computer based on a transaction authentication message including both authentication information and authorization information comprising a device identifier of the computing device of the user, a merchant identifier, a merchant location, a card verification value, and a transaction amount, generating a risk assessment value for the transaction based upon the transaction authentication request message and an authorization computer (issuer) requesting an additional authentication of the user using a challenge-response once a modified transaction authentication request message in the ISO 8583 message format is received by server computing device.
receiving, at a server computing device from a computing device of a user, during a transaction with a merchant server computer, over a communications network, a transaction authentication request message for the transaction in a Hypertext Transfer Protocol (HTTP) message format comprising HTTP fields, the transaction authentication request message including both authentication information and authorization information comprising a device identifier of the computing device of the user, a merchant identifier, a merchant location, a card verification value, and a transaction amount is old and well known as evident by prior art of Dominguez et al. (US 2003/0200184) (Figs. 5-10; Pars. 77, 106-107, 116, 119, 148, 163-164, 195, 201-204).
The closest prior art of Rathbun (US 2012/0144461) disclose generating, by the server computing device based upon the transaction authentication request message, a risk assessment value for the transaction (Figs. 5; Pars. 22, 52, 59-60, 65, 83).
However, Dominguez nor does Rathbun teach transmitting, by the server computing device to an authorization computer, the modified transaction authentication request message in the ISO 8583 message format; receiving, by the server computing device from the authorization computer, a challenge request message in the ISO 8583 message format requesting authentication of the user.
An additional closest art considered in prosecuting the instant Application is Singh et al. (US 2010/0211938) as Singh discloses translating HTTP message to ISO message by (i) extracting, using an information collection submodule in the server computing device, information from the transaction authentication request message in the Hypertext Transfer Protocol (HTTP) message format (Abstract, Figs. 2, 9, 17), (ii) accessing, using a format conversion submodule in the server computing device, correlations between the ISO 8583 fields and the HTTP fields from a message format database (Abstract, Figs. 2, 11, 13B, 17), and (iii) based on the field correlations, by a message generation submodule in the server computing device inserting the information collected by the information collection submodule and the risk assessment value to form the modified transaction message (Abstract, Figs. 2, 11, 13B, 17-18).
Therefore, the prior arts do not teach nor do the prior arts fairly suggest, singly nor in combination transmitting, by the server computing device to an authorization computer, the modified transaction authentication request message in the ISO 8583 message format; receiving, by the server computing device from the authorization computer, a challenge request message in the ISO 8583 message format requesting authentication of the user; generating, by the server computing device, a modified challenge request message according to the HTTP message format; transmitting, by the server computing device to the computing device of the user, the modified challenge request message in the HTTP message format; receiving, by the server computing device from the computing device of the user, a challenge response message in the HTTP message format; generating, by the server computing device, a modified challenge response message in the ISO 8583 message format; transmitting, by the server computing device, the modified challenge response message in the ISO 8583 message format to the authorization computer; receiving, by the server computing device from the authorization computer based on the modified transaction authentication request message and the modified challenge response message, an authorization response message in the ISO 8583 message format comprising an authorization result; and transmitting, by the server computing device to the merchant server computer, the authorization response message in the ISO 8583 format.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WODAJO GETACHEW whose telephone number is (469)295-9069. The examiner can normally be reached M-F 8:00-6:00 CST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached on (571) 272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/WODAJO GETACHEW/Examiner, Art Unit 3685   

/JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3685