DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Acknowledgements
Claims 1-20 are pending in the application. 
Claims 1-3 and 14-20 are withdrawn from consideration. 
Claims 4-13 are examined below.
Based on a comparison of the PGPub US 2021/0065171 A1 with applicant’s originally submitted specification, the PGPub appears to be a fair and accurate record of the applicant’s specification. Therefore, references to applicant’s specification will typically be made by this examiner as references to the PGPub. Unless otherwise noted, references to applicant’s specification as published via PGPub will be in the format [####], and references to applicant’s specification as filed will be in the format ¶## or by page and line number.
The notations in the immediately preceding paragraph apply to any future Office actions from this examiner.

Examiner Request
Applicant is requested to indicate where in the specification there is support for amendments to claims should applicant amend. The purpose of this is to reduce II.A:
With respect to newly added or amended claims, applicant should show support in the original disclosure for the new or amended claims. See, e.g., Hyatt v. Dudas, 492 F.3d 1365, 1370, n.4 (Fed. Cir. 2007) (citing MPEP § 2163.04 which provides that a "simple statement such as ‘applicant has not pointed out where the new (or amended) claim is supported, nor does there appear to be a written description of the claim limitation ‘___’ in the application as filed’ may be sufficient where the claim is a new or amended claim, the support for the limitation is not apparent, and applicant has not pointed out where the limitation is supported."); see also MPEP § 714.02 and § 2163.06 ("Applicant should ... specifically point out the support for any amendments made to the disclosure."); and MPEP § 2163.04 ("If applicant amends the claims and points out where and/or how the originally filed disclosure supports the amendment(s), and the examiner finds that the disclosure does not reasonably convey that the inventor had possession of the subject matter of the amendment at the time of the filing of the application, the examiner has the initial burden of presenting evidence or reasoning to explain why persons skilled in the art would not recognize in the disclosure a description of the invention defined by the claims.").

Election/Restrictions
Applicant's election with traverse of Invention II in the reply filed on November 29, 2021 is acknowledged. The traversal is on the ground(s) that the all three groups recite use of a returned payment history. Applicant asserts that this is required in the combination (Group I). The examiner respectfully disagrees. The combination requires “determining that the payment instrument does not have a returned payment during a first time period.” This does not require use of a payment history, as it can be accomplished by querying another entity in possession of the payment history. 
Claims 1-3 and 14-20 are withdrawn from further consideration pursuant to 37 CFR 1.142(b), as being drawn to a nonelected invention, there being no allowable generic or linking claim. Applicant timely traversed the restriction (election) requirement in the reply filed on November 29, 2021.

Information Disclosure Statement
The attached information disclosure statements are in compliance with the provisions of 37 CFR § 1.97. Accordingly, the information disclosure statements are being considered by the examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 4-13 are rejected under 35 U.S.C. § 101 because the claimed invention is directed to non-statutory subject matter.
Regarding claims 4-13, the claimed invention is directed to an abstract idea without significantly more. Representative claim 4 recites determining by a payee entity that a payment transaction using a payment instrument issued by a payement issuer is eligible for a delegation exemption from an authentication challenge by the payment issuer based at least in part on a previous authentication challenge by the payment issuer being successfully completed for a previous payment transaction using the 
The dependent claims when analyzed as a whole are held to be patent ineligible under 35 U.S.C. 101. The additional limitations added by these claims, such as hardware capability of a client computing device, encryption key, fail to either integrate the claims into a practical application or add an inventive concept, because they merely 

Claim Rejections - 35 U.S.C. 112(a) or 35 U.S.C. 112, 1st Paragraph
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claim 5 is rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claims contain subject matter that was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention.
Claim 5 recites a generic algorithm defined by its intended result: “determining … a hardware capability of a client computing device initiating the payment transaction.” This limitation is generic in that it encompasses every algorithm or mechanism that accomplishes the result of determining a hardware capability of a computing device. 

Claim Rejections - 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), 2nd Paragraph
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 4-13 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter that the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Regarding claim 4, applicant’s recitation “determining … that a payment transaction … is eligible for a delegation exemption … based at least in part on a previous authentication challenge by the payment issuer being successfully completed for a previous payment transaction using the payment instrument and a returned or a returned payment history associated with the payment instrument” (or similar). If this is not applicant’s desired interpretation, applicant is requested to amend to recite “determining … based at least in part on both a previous authentication challenge …” (or similar).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either statute. 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The following is a quotation of 35 U.S.C. 103(a) (pre-AIA ) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 4-13, as understood by the examiner, are rejected under 35 U.S.C. 103 as being unpatentable over Subramanian (US PGPub 2015/0269578 A1) in view of Mastercard’s Strong Customer Authentication and PSD2: How to adapt to new regulation in Europe (Reference 6 on the IDS submitted January 7, 2021; hereafter referred to as “MasterCard”).
Subramanian discloses as follows:
Claim
Limitation
Subramanian

determining, by a payee entity via at least one of one or more computing devices, that a payment transaction using a payment instrument issued by a payment issuer is eligible for a delegation exemption from an authentication challenge by the payment issuer based at least in part on a previous authentication challenge by the payment issuer being successfully completed for a previous payment transaction using the payment instrument and a returned payment history associated with the payment instrument
"Although the authentication gateway node 100 is shown as being separate from the merchant node 120, in some embodiments the authentication gateway node 100 is incorporated into the merchant node 120 so that at least some of the operations disclosed herein as being performed by the authentication gateway node 100 are performed within the merchant node 120. Thus for example, the risk scores can be generated internal to the merchant node 120 and used to control when eCommerce authentication requests are communicated to the authentication node 130. The merchant node 120 can use the risk score to selectively send an eCommerce authentication request to the authentication node 130 for authentication of the purchaser when the risk score satisfies a defined rule 

in response to determining that the payment transaction is eligible for the delegation exemption, generating, by the payee entity via at least one of the one or more computing devices, an alternative authentication challenge that does not involve the payment issuer instead of the authentication challenge by the payment issuer
"Authentication Challenge," Fig. 1 and associated text
6
submitting, via at least one of the one or more computing devices, an authentication confirmation to the payment issuer that is encrypted using the encryption key
"Authentication Response," Fig. 1 and associated text
7
wherein determining that the payment transaction is eligible for the delegation exemption further comprises requesting, via at least one of the one or more computing devices, an approval from the payment issuer to use the delegation 


wherein determining that the payment transaction is eligible for the delegation exemption further comprises determining, via at least one of the one or more computing devices, from the returned payment history that no returned payment has occurred for the payment instrument since a date of the previous authentication challenge by the payment issuer
"the authentication gateway node 100 may generate the risk score based on any one or more of: ... history of eCommerce authentication requests that fail authentication, and/or ... history of performing chargebacks against merchant nodes 120)" [0054] - [0060]

wherein determining that the payment transaction is eligible for the delegation exemption further comprises determining, via at least one of the one or more computing devices, that at least a threshold time has elapsed since a time of first use of the payment instrument through the payee entity
"gateway node 100 may generate the risk score based on a pattern of content items observed in eCommerce authentication requests associated with a same account number, same financial account information, similar financial account information that satisfies a defined rule, and/or a same identified merchant node 120. The pattern can be observable use of the same or similar financial card information in financial transactions that were earlier completed and/or in financial transactions that are presently pending awaiting authorization." [0054]
10
wherein determining that the payment transaction is eligible for the delegation exemption further comprises determining, via at least one of the one or more computing devices, that at least a threshold 


determining, via at least one of the one or more computing devices, that the alternative authentication challenge has been successfully completed by a client device
"The authentication node 130 can compare the security code to an expected code, and apply one or more rules which may be defined by the card issuing bank (referred to more generally as the credit/debit finance issuer node below) to generate an authentication response (e.g., authentication response code) that indicates an outcome of the authentication process." [0039]

submitting, via at least one of the one or more computing devices, the payment transaction for processing by the payment issuer in response to determining that the alternative authentication challenge has been successfully completed
"The merchant node 120 can initiate verification of the transaction by communicating to a credit/debit finance issuer node 140, via an acquirer node 122 (e.g., merchant's bank), the authentication response and financial transaction information that contains any one or more of the account number (e.g., credit/debit card number), the expiration date for the card, the CVV, the cardholder's name, the cardholder's home address, the purchaser's shipping address, the amount of the financial 

wherein the alternative authentication challenge comprises at least one of: a one-time password sent through a communication channel associated with a user account, or a biometric challenge
"requires the purchaser to enter a security code to complete the purchase" [0038]


Subramanian fails to explicitly disclose, but Mastercard teaches:
Claim
Limitation
Mastercard
5
determining, via at least one of the one or more computing devices, a hardware capability of a client computing device initiating the payment transaction
"Mastercard is setting network security standards of a shared CVM, which examines both the types of CVM in use (biometrics, swipe patter, PIN etc.) and the technical requirements for the device to be securely used for authentication." Pg. 13
5
generating, via at least one of the one or more computing devices, the alternative authentication challenge to utilize the hardware capability


submitting, via at least one of the one or more computing devices, an authentication confirmation to the payment issuer that is encrypted using the encryption key
"– The resulting cryptographic token must be passed by the Acquirer in the authorisation request and must be unique for that specific transaction.– The Issuer must validate the cryptographic token passed in authorisation and ensure that there is a match in merchant and amount between the token and authorisation (or that the transaction authenticated is the same as the transaction authorized)." Pg. 7
12
wherein a liability for a fraudulent transaction shifts from the payment issuer to the payee entity upon use of the delegation exemption
"Merchants could bear liability for these transactions, if permitted by national competent authorities." Pg. 13


It would have been obvious to one having ordinary skill in the art at the time of the invention to modify Subramanian to include the above elements of Mastercard in order to achieve the predictable result of increased security.
Regarding claim 4, Subramanian fails to explicitly disclose that the challenge is used as an alternative to an issuer challenge as claimed. However, in light of 
Regarding claim 6, the combination of Subramanian/Mastercard fails to explicitly disclose utilizing the issuer public key to encrypt the authentication confirmation. However, Mastercard teaches encrypting an authentication confirmation and the issuer public key is one of a limited number of suitable keys to use for such purpose, and therefore would have been obvious.
Regarding claims 8 and 9, Subramanian fails to explicitly disclose “since a date of the previous authentication challenge” (claim 8) and “a threshold time” (claim 9). However, the data acted upon in these rules is available to Subramanian’s risk scoring model, and altering the system to utilize these rules would be an obvious business decision requiring little to no technical work that would accomplish the predictable result of reducing the risk of fraud while decreasing the time to authenticate a transaction.

Claim Interpretation
35 U.S.C. 112(f) or 35 U.S.C. 112 (pre-AIA ), 6th Paragraph
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.

Intended Use / Intended Result
Features of an apparatus may be recited either structurally or functionally. MPEP 2114(I); In re Schreiber, 128 F.3d 1473, 1478, 44 USPQ2d 1429, 1432 (Fed. Cir. 1997). A claim containing a recitation with respect to the manner in which a claimed apparatus is intended to be employed does not differentiate the claimed apparatus from the prior art apparatus if the prior art apparatus teaches all of the structural elements of the claim. MPEP 2114(II). See also MPEP 2103(I)(C). Similarly, limitations of a method claim that merely recite an intended result are not given patentable weight. See MPEP 2111.04.I. At least the following recitations are being interpreted as intended use or result for the purposes of comparison with the prior art and determination of statutory eligibility: 
“wherein a liability for a fraudulent transaction shifts from the payment issuer to the payee entity upon use of the delegation exemption” (claim 12).

Citation of Relevant Prior Art
All references listed on form PTO-892 are cited in their entirety. The following prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Goldenberg (US 20180137504 A1) discloses an authentication system that determines an authentication level of the user based on browsing data and provides the authentication level to the issuer who can use it to bypass issuer authentication.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMIE KUCAB whose telephone number is (571) 270-3025. The examiner can normally be reached on Monday through Friday, 10 a.m. to 4:00 p.m. ET. The examiner’s email address is Jamie.Kucab@USPTO.gov. See MPEP 502.03 regarding email communications. Following is the sample authorization for electronic communication provided in MPEP 502.03.II: “Recognizing that Internet communications are not secure, I hereby authorize the USPTO to communicate with the undersigned and practitioners in accordance with 37 CFR 1.33 and 37 CFR 1.34 concerning any subject matter of this application by video conferencing, instant messaging, or electronic mail. I understand that a copy of these communications will be made of record in the application file.” Without such an authorization in place, an examiner is unable to respond via email.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel, can be reached on (571) 270-1492. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status 

/JAMIE R KUCAB/Primary Examiner, Art Unit 3685