Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 9 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as failing to set forth the subject matter which the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the applicant regards as the invention.

Claim 9 recites the limitation "the merchant interface" in line 3.  There is insufficient antecedent basis for this limitation in the claim.

Claim Rejections - 35 USC§ 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the 

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
Determining the scope and contents of the prior art.
Ascertaining the differences between the prior art and the claims at issue.
Resolving the level of ordinary skill in the pertinent art.
Considering objective evidence present in the application indicating obviousness or non-obviousness.

Claims 1, 10, 11, 12, 15, and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Non-Patent Literature, "EMV® 3-D Secure, Protocol and Core Functions Specification - Version 2.1.0" to EMVCo (hereinafter, “EMVCo”) in further view of Non-Patent Literature, “Mobile – Based Multi-Factor Authentication Scheme for Mobile Banking” to .

With respect to claim 16, EMVCo discloses: A method [including] a timeout period (§§5.5, 5.5.1 of EMVCo, see page 104 of EMVCo) of a payment transaction, (3DS transaction, Page 104, ¶1 of §5.5.1 of EMVCo. See also Page 16 definition of “3-D Secure (3DS)”) the method comprising: 

receiving, by a server system (issuer domain (§2.3), including Access control server (“ACS”), see also Figs. 6.2 / 6.3, in further view of label ‘c’) associated with a payment network1 (See Figs. 6.2 / 6.3 on pages 121, 125 of EMVCo, “Payment Network”, and §§6.1.7,  on page 124 of EMVCo: “Payment System network”); While already read upon, Examiner also takes official notice it is generally known that credit card transactions, such as those of EMVCo, are performed via payment networks (e.g., VISA/MasterCard/Express networks);(i.e., it is obvious that sever system of EMVCo is associated with payment network through association with card , a payment transaction request initiated from a merchant interface2 for the payment transaction by a payment card3 of a user,  (§1, “Introduction,” page 13, 4th bullet of EMVCo discloses that transactions can originate from a 3DS requestor’s app (i.e., merchant’s application) which is ran on a consumer device. Introduction section also states e-commerce site as alternative (i.e., another example of merchant interface));(See also Page 21, “Merchant” definition);(See also Fig. 6.2, labels ‘b’ and c’)

(At least §1, “Introduction”, ¶1 of EMVCo makes clear the transaction is for a cardholder (i.e., consumer/ user where payment is by a payment card. See also Table in page 159 of EMVCo);

the payment transaction request comprising a payment card information of the payment card of the user; (Page 21, “Merchant” definition of EMVCo states that a card number is obtained via online shopping experience with cardholder, and transferred over to 3DS server for subsequent payment authentication);(See also at least page 17’s definition of “Access Control Server” stating: “A component that operates in the Issuer Domain, that verifies whether authentication is available for a card number and device type, and authenticates specific Cardholders.”, and §2.3.4, of EMVCo (page 32) disclosing that the access control server confirms the account information / card number eligibility)

upon receiving the payment transaction request, provisioning, by the server system, a plurality of authentication options for the user to authenticate the payment transaction on […] associated with an issuer of the payment card, (Figs. 6.3 labels c and d, in further view of  §§2.4.3, 2.4.4, and page 176, “challengeSelectInfo” of EMVCo implicitly discloses or otherwise renders obvious that the server system (i.e., issuer domain / ACS server) may provide the cardholder device a display with multiple authentication (i.e., challenge) options as challenge response transmission, of which is understood to occur after receiving the payment transaction request (particularly in view of Fig. 6.3). 

Even if it can be successfully argued that EMVCo does not implicitly disclose this limitation in view of the aforementioned, Examiner respectfully takes the stance it is obvious that the challenge responses of ACS server (i.e., issuer domain) can comprise challenge options (e.g., “challengeSelectInfo”, page 176) that result in presentation of selectable authentication / challenge options on user/cardholder device (per page 176), further resulting in a subsequent challenge request by cardholder (e.g., “back-and-forth” §§2.4.3 – 2.4.4 of EMVCo; see also Fig. 3.2, “loop” in gray, and §3.2, “step 12 and step 15”) to indicate selected challenge (authentication option), in order to apprise ACS server of which authentication method was selected, so as to advantageously provide the cardholder more out-of-band options for transaction authorization methods).

Furthermore, EMVCo discloses: receiving, by the server system, a selection of an authentication option among the plurality of options from the user, (Fig. 4.8 on page 79 of EMVCo in further view of table on pages 151-152 of EMVCo)

the plurality of authentication options comprising a one-time password (OTP) option (Fig. 4.13 of EMVCo discloses option is a one-time password (OTP) option) and a static password option; (Page 81, ¶1: “The Out-of-Band (OOB) user interface allows issuers to utilise authentication methods other than dynamic and static data such as an Issuer’s mobile app.”);(See also tables in pages 151-152 of EMVCo disclosing authentication method options including both static and dynamic (i.e., OTP) passwords);(See also Figs. 4.6-4.7 of EMVCo disclosing OTP passwords as option)

Examiner notes it is also arguable the following is implicitly disclosed, but EMVCo fails to explicitly teach that the provisioning of plurality of options for authentication is to authenticate the payment transaction on an issuer interface associated with an issuer of the payment card.

However, EMVCo discloses authentication processes may occur on an issuer interface associated with an issuer of the payment card. (Fig. 4.8 on page 79 of EMVCo, note “your bank”, in view of the following):

(As previously noted, page 176 of EMVCo discloses the ACS server (i.e., issuer domain) can provide challenge selection information comprising a list of options for authentication) to other than dynamic and static data such as an Issuer’s mobile app.” (i.e., authentication processes may be performed via issuer’s mobile app);(See also Fig. 4.10 on page 81 of EMVCo explicitly stating your bank application can be used for authentication process).

Accordingly, in view of the aforementioned disclosures of EMVCo, it would have been obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention that the plurality of authentication options for the user to authenticate the payment transaction of EMVCo could be presented / subsequently performed on an issuer interface associated with an issuer of the payment card, (in view of the aforementioned) in order to advantageously increase trust of the overall solution to cardholder. Examiner also notes the claimed invention is merely a combination of old elements that would yield a predictable result.

While Examiner respectfully maintains that EMVCo renders obvious a plurality of options for the user to authenticate the payment transaction on an issuer interface, Examiner, Arguendo, notes Handson disclosing a mobile banking application (See Figs. 14-16, e.g., issuer 

Accordingly, in view of the aforementioned disclosures of EMVCo and Handson, it would have been obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention that the plurality of authentication options for the user to authenticate the payment transaction of EMVCo could be presented / subsequently performed on an issuer interface associated with an issuer of the payment card (in view of the aforementioned disclosure of both EMVCo and Handson), in order to advantageously increase trust of the overall solution to cardholder. Examiner also notes the claimed invention is merely a combination of old elements that would yield a predictable result.

EMVCo in view of Handson, despite disclosing timeouts for payment processing steps (at least entirety of §5.5 of EMVCo and at least ¶3 of abstract of Handson, Fig. 1 (page 16) Handson, and  tables in §3.9 of Handson (pages 35 - 43)), fails to disclose the transaction method dynamically adapting a timeout period of a payment transaction, and further fails to disclose: adapting, by the server system, the timeout period of an authentication session for authenticating the payment transaction based on the selection of the authentication option and one or more of:
a set of predefined rules,
a plurality of usage analytics data, and
a user profile information. (Examiner notes list is claimed in the alternative, and only one of the list needs to be read upon to reject claim).

However, Szwalbenest, of a similar field of endeavor, discloses: dynamically adapting a timeout period for a payment transaction, which includes adapting, the timeout period of an authentication session for authenticating the payment transaction based on the selection of the authentication option (Col 12, lines 29 – 38 of Szwalbenest discloses a plurality of authentication options conducted over “secondary” communication channels, and further discloses in Col 11, lines 45-52 and Col 13, lines 6 – 20 of Szwalbenest discloses that the time afforded to authentication transaction may be “variably controlled” based on the authentication communication channel utilized (e.g., selected)) and one or more of:
a set of predefined rules, (Examiner notes the aforementioned constitutes a predefined rule.  Arguendo, Examiner notes ‘pre-defined rule’ is broad enough to include merely programmatically setting a timer value in view of ¶¶57-59 of Applicant specification).

Accordingly, in view of EMVCo disclosing transaction timeouts for a transaction which affords a plurality of authentication options, both Handson and Szwalbenest disclosing that authentication methods may have different durations (tables in §3.9 (pages 35 - 43) of Handson and Col 11, lines 45-52 and Col 13, lines 6 – 20 of Szwalbenest),  it would have been obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention to have the ACS server handling  3DS transaction authentication  (i.e., by the server system,)  dynamically adapt, the timeout period of an authentication session for authenticating the payment transaction based on the selection of the authentication option, and a set of predefined rules (as suggested by Szwalbenest), in order to advantageously create a more secure transaction method that provides only a reasonable time frame to authenticate, while still accounting for feasibility of time to complete selected form of authentication.

While Examiner notes EMVCo in view of Handson and Szwalbenest render obvious the claim limitations, and not relying upon the following prior art in mapping, Examiner also notes that the concept of adjusting a timeout period based on authentication measures /  authentication channel considerations was known to more than just Szwalbenest prior to the effective filing date of claimed invention: 

United States Patent Publication No.  US-10929515-B2 to Prakash (“Prakash”), disclosing in Col 21, line 60 – Col 22 line 1, that different authentication methods may correspond to different lockout modes which comprise timeout intervals, further stating that biometric authentication timeout interval may be as short as “less than a second”, in order to quickly and intuitively allow biometric authentication. (Examiner notes in view of the aforementioned, that the other methods of authentication, (e.g., PIN, Col 16, line 44-47 of Prakash) are generally understood to not be able to be realistically entered by an average smart phone user in less than a second, and further speaks to timeout intervals differing amongst different authentication methods).

WIPO document WO-2020060432-A1 to Burlitsky (“Burlitsky”), disclosing in ¶54-55, that different mobile authorization channels each have different timeouts for operations stored together on a database, further disclosing illustrative examples of selecting a mobile authentication channel on a user device using a graphical user interface (¶43 in further view of Figs. 4A-4D). Burlitsky also generally discloses that multiple forms of authentication may be used.

With respect to claim 17, EMVCo in view of Handson and Szwalbenest disclose: The method as claimed in claim 16, further comprising terminating, by the server system, the authentication session upon expiry of the timeout period. (§5.5.1 on page 104 of EMVCo discloses the transaction timeout is maintained by the ACS, particularly in view of SEQ 5.38 disclosing that the ACS ‘shall: […] maintain the state of a 3-D Secure transaction [...] so that the corresponding CReq message can be processed and timeout values can be enforced.);(§5.5.1 on page 104 of EMVCo also discloses that the transaction timeout provides the time a 3-D secure transaction should be considered valid (i.e., authentication session ends after expiration). See also table on page 203 of EMVCo characterizing session as authentication session));(See also at least Col 13, lines 7-20 of Szwalbenest disclosing timeout resulting in failing to authenticate in further view of Fig. 4, 340, “Authentication entity system”, and 358, “Time-out portion” of “Authenticating processing portion 350”).

With respect to claim 18, EMVCo in view of Handson and Szwalbenest discloses: The method as claimed in claim 16, wherein the plurality of authentication options further comprises:

a Quick Response (QR) code option; and (§2.3.1, “Mobile Device-Based Authentication” on second paragraph of page 10 of Handson discloses that authentication may include use of QR codes which can be scanned and validated with other digital devices).

a biometric-based password option. (Page 16, §2.9, “Summary” of Handson discloses that biometrics may be another factor to use in authentication of mobile transactions));(Page 151 of EMVCo also discloses biometric authentication as an option in the ACS authentication flow);(See also Col 11, lines 45 -56 of Szwalbenest disclosing biometrics as a form of authentication information).

Accordingly, it would have been obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention that the method of EMVCo in view of Handson and Szwalbenest could include both biometric and QR-code based options for cardholder authentication, in order to advantageously provide more authentication options to user.

With respect to claim 19, it is rejected under the same rationale as claim 16, mutatis mutandis. (Examiner notes this claim element being further limited is optional, and is accordingly still rejected under same rational as claim 16). 

Examiner, Arguendo, notes However, Wolter discloses: user profile information comprising a historical [...] time for [user actions requiring timeout timer] based on [user activity]; and determining, by the server system, the timeout period for the payment transaction based at least on […] the user profile information. (¶55 of Wolter discloses adjustment of timers based on application data comprising historical user behavior / activity.)

Accordingly, in view of it being generally understood users may have different authentication speeds, it being generally understood authentication sessions are preferably as short as necessary to perform authentication, and Handson and Szwalbenest disclosing different methods corresponding to different authentication times, it would have been rendered obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention to have the ACS server of EMVCo in view of Handson monitor the historical authentication time for authenticating historical payment transactions based on the authentication option (e.g., user behavior in relation to application, ¶55 of Wolter), further resulting in ACS server adjusting the timeout period based at least on the authentication option (per Szwalbenest), the set of predefined rules (e.g., rules of associating timers to authentication types, and rule of dynamically adjusting timers based on user history), in order to advantageously customize/adjust the timeout value per each user to reflect their typical authentication speeds per each type of authentication.

With respect to claim 20, it is rejected under the same rationale as claim 16, mutatis mutandis. (Examiner notes this claim element being further limited is optional, and is accordingly still rejected under same rational as claim 16).

While Examiner maintains that claim 20 is rejected under the same rationale as claim 16, Examiner further notes EMVCo in view of Handson and Szwalbenest does not disclose the optional limitations of claim 20.

Arguendo, Herder III suggests: adapting, by [a] server system, the timeout period of an authentication session for authenticating a payment transaction based on usage analytics data (¶211 of Herder III suggests a lockout (e.g., session timeout) based on a timeout being modified in light of criteria, where criteria may involve anomalous (biometric, ¶65) activity); See also at least ¶¶3-4, 76, 85 of Provisional for support)), wherein the plurality of usage analytics data comprising one or more of:
 a type of a user device,
a web browser information, and
a typing speed of the user. (¶65 of Herder);(See ¶217 of Provisional for support)

Accordingly, it would have been rendered obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention that the ACS server of EMVCo in view of Handson and Szwalbenest use anomalous biometric activity as a form of criteria for modifying the timeout (¶211) via gathered usage analytics (¶65 of Herder III) from merchant 

With respect to claim 1, it is rejected under the same rationale as claim 16 (above), mutatis mutandis.

With respect to claim 10, it is rejected under the same rationale as claims 16 and 18 (above), mutatis mutandis. (e.g., See Page 151 of EMVCo)

With respect to claim 11, it is rejected under the same rationale as claim 17 (above), mutatis mutandis. 

With respect to claim 12, it is rejected under the same rationale as claim 16 (above), mutatis mutandis. (Examiner takes official notice that it is obvious servers such as the ACS server / issuer domain of EMVCo storing instructions would also comprise commonplace hardware elements such as memory and processors);(See also Col 13, line 51 – Col 14, line 15 of Szwalbenest generally disclosing processors and memory to carry out transaction methods, and Col 14, lines 30 – 40 of Szwalbenest;(I.e., it is obvious the ACS server may comprise a memory comprising executable instructions; and a processor communicably configured to execute the instructions to cause the server system to perform operations, as disclosed by Szwalbenest, as it is a combination of known elements to provide a predictable result).

With respect to claim 15, it is rejected under the same rationale as claims 16 and 18 (above), similar to claim 10 (also above), mutatis mutandis. 

Claims 2 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over EMVCo in further Handson, in further view of Szwalbenest, as applied to parent claims 1 and 16, in further view of United States Patent Publication No.  US-20180084419-A1 to Sun (“Sun”). Examiner notes further supporting rationale in view of United States Application Publication No.  US-20190065724-A1 to Dudley (“Dudley”).

With respect to claim 2, EMVCo in view of Handson and Szwalbenest disclose: wherein the timeout period is dynamically adapted based on a plurality of [different times], each [time] of the plurality of time[s] being associated with one or more authentication options of the plurality of authentication options. (Col 12, lines 29 – 38 of Szwalbenest discloses a plurality of authentication options conducted over “secondary” communication channels, and further discloses in Col 11, lines 45-52 and Col 13, lines 6 – 20 of Szwalbenest discloses that the time afforded to authentication transaction may be “variably controlled” based on the authentication communication channel utilized (e.g., selected));(See also obviousness combination of claim 16 above (with respect to Szwalbenest))

despite disclosing (or otherwise rendering obvious) timeouts for authentication, and different time-outs for different authentication methods, EMVCo in view of Handson and Szwalbenest fails to teach: wherein the timeout period is dynamically adapted based on a plurality of timers, each timer of the plurality of timers being associated with one or more authentication options of the plurality of authentication options.

However, Sun discloses a plurality of authentication timers (See at least abstract in further view of at least ¶¶4, 20, “timeout, e.g., based on timers for the authentication process”).

Accordingly, in view of Handson and Szwalbenest disclosing it is generally known that different authentication techniques have different times to authenticate, and Sun disclosing a plurality of different authentication timers, it would have been obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention to have the ACS server of EMVCo in view of Handson and Szwalbenest manage the timeout values as a plurality of timers, in order to advantageously be able to apply the correct timer for the corresponding authentication method, as disclosed in Szwalbenest. Furthermore, to further support rationale, Examiner notes Dudley disclosing it is generally known that authentication techniques for financial transactions (¶63 of Dudley) may generally involve expiration timers in multifactor authentication systems (¶76 of Dudley). (i.e., combination is an obvious / known form of storing / utilizing the timeouts).

With respect to claim 13, it is rejected under the same rationale as claim 2 (above), mutatis mutandis. 

Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over EMVCo in further Handson, Szwalbenest, and Sun, as applied in parent claim 2, in further view of United States Application Publication No.  US-20180012222-A1 to Berger (“Berger”).

With respect to claim 3, EMVCo in view of Handson, Szwalbenest, and Sun discloses: configuring [a] plurality of timers; (¶¶4, 20, of Sun: “timeout, e.g., based on timers for the authentication process”, in further view of obviousness rationale above) 

EMVCo in view of Handson, Szwalbenest, and Sun fails to disclose: receiving, by the server system, a user preference input for configuring [a] plurality of timers; (¶¶4, 20, of Sun: “timeout, e.g., based on timers for the authentication process”, in further view of obviousness rationale above) and storing, by the server system, the user preference input.

However, Berger, of a similar field of endeavor, discloses: receiving, by the server system, a user preference input for configuring [a] plurality of timers; and storing, by the server system, the user preference input. (¶24 in further view of Fig. 3 and ¶39 of Berger discloses preferences received via a user for changing timeouts (¶24), where ¶39 in further view of Fig. 3 of Berger discloses the preferences may be stored by server);(Examiner also notes challenge requests / responses  of EMVCo are between user device and ACS (issuer) server).

Accordingly, it would have been obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention to modify the method of EMVCo in view of .

Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over EMVCo in further Handson, in further view of Szwalbenest, in further view of Sun, as applied to parent claims 2, in further view of United States Patent Publication No.  US-8473748-B2 to Sampas (“Sampas”).

With respect to claim 4, EMVCo in view of Handson, Szwalbenest, and Sun discloses: wherein dynamically adapting the timeout period comprises: determining, by the server system, the timeout period based at least on a set of predefined rules, (Examiner notes ‘pre-defined rule’ is broad enough to include merely programmatically setting a timer value in view of ¶¶57-59 of Applicant specification). ((Col 12, lines 29 – 38 of Szwalbenest discloses a plurality of authentication options conducted over “secondary” communication channels, and further discloses in Col 11, lines 45-52 and Col 13, lines 6 – 20 of Szwalbenest discloses that the time afforded to authentication transaction may be “variably controlled” based on the authentication communication channel utilized (e.g., selected));(See also claim 2 rejection regarding plurality of timers of Sun reference) and the set of predefined rules defined based on one or more timers of the plurality of timers; (Col 12, lines 29 – 38 of Szwalbenest in view of ¶¶4, 20 of Sun “timeout, e.g., based on timers for the authentication process”) 

EMVCo in view of Handson, Szwalbenest, and Sun fails to disclose: and facilitating, by the server system, display of the timeout period on the issuer interface.

However, Sampas discloses: and facilitating […] display of the timeout period on [an] interface. (Col 9, lines 59 – 62 of Sampas discloses a timeout corresponding to countdown timer being displayed)

Accordingly, it would have been obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention to have the ACS server facilitate display of a timeout period on issuer interface of EMVCo in view of Handson, Szwalbenest, and Sun comprise a timeout period displayed, as suggested by Sampas, in order to advantageously apprise user of time to complete transaction. 

Claims 5 is rejected under 35 U.S.C. 103 as being unpatentable over EMVCo in further Handson, Szwalbenest, Sun, and Sampas as applied to parent claims 4, in further view of Herder.

With respect to claim 5, it is rejected under the same rationale as claim 20 (above), and 9 (below), mutatis mutandis.

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over EMVCo in further Handson, Szwalbenest, Sun, and Sampas as applied to parent claims 4, in further view of Wolter.

With respect to claim 6, EMVCo in view of Handson, Szwalbenest, Sun, and Sampas disclose: determining, by the server system, the timeout period for the payment transaction based at least on the authentication option,

EMVCo in view of Handson, Szwalbenest, Sun, and Sampas fail to disclose: The method as claimed in claim 4, further comprising: accessing, by the server system, a user profile information of the user, the user profile information comprising a historical authentication time for authenticating a set of historical payment transactions based on the authentication option; and determining, by the server system, the timeout period for the payment transaction based at least on the authentication option, the set of predefined rules and the user profile information.

However, Wolter discloses: user profile information comprising a historical [...] time for [user actions requiring timeout timer] based on [user activity]; and determining, by the server system, the timeout period for the payment transaction based at least on […] the user profile information. (¶55 of Wolter discloses adjustment of timers based on application data comprising historical user behavior / activity.)

Accordingly, in view of it being generally understood users may have different authentication speeds, and it being generally understood authentication sessions are preferably as short as necessary to perform authentication, it would have been rendered obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention to have the ACS server of EMVCo in view of Handson, Szwalbenest, Sun, and Sampas monitor historical application usage during authentication process of EMVCo in view of Handson, Szwalbenest, Sun, and Sampas, resulting in ACS server to monitor the historical authentication times of users (e.g., user behavior in relation to application, ¶55 of Wolter), further resulting in ACS server adjusting the timeout period based at least on the authentication option (per Szwalbenest), the set of predefined rules (e.g., rules of associating timers to authentication types, and rule of dynamically adjusting timers based on user history), in order to advantageously customize/adjust the timeout value per each user to reflect their typical authentication speeds per each type of authentication.

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over EMVCo in further Handson, Szwalbenest, Sun, and Sampas as applied to parent claims 4, in further view of United States Patent Publication No.  US-10783227-B2 to Van Os (“Van Os”). 

With respect to claim 7, EMVCo in view of Handson, Szwalbenest, SUN, and Sampas fails to disclose:  a receiving, by the server system, an alternate authentication option from the user for authenticating the payment transaction by overriding the authentication option selected prior by the user,

However, Van Os discloses: a receiving, by the server system (Col 77, lines 1-7 and 51-57, see also ACS server of EMVCo), an alternate authentication option from the user for authenticating the payment transaction by overriding the authentication option selected prior by the user, (Col 201, lines 32-51 of Van Os discloses an alternative authentication method to display in response to authentication being unsuccessful. Van OS also suggests providing options for alternative forms of authentication as an option, and further elucidates an alternative).

Accordingly, it would have been obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention to have the ACS server of, EMVCo in view of Handson, Szwalbenest, SUN, and Sampas receive), an alternate authentication option from the user for authenticating the payment transaction by overriding the authentication option selected prior by the user, from a remainder of authentication options of EMVCo, as suggested by Van OS, in order to advantageously provide user an alternative authentication method if a form of authentication is not working properly. Examiner further notes, in view of Szwalbenest disclosing authentication method dependent time-outs, it would be understood that the subsequent timeout period would be adapted based on the alternate authentication option.

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over EMVCo in further Handson, Szwalbenest, as applied in claim 1 (and 16), in further view of Herder. 

With respect to claim 9, EMVCo in view of Handson, Szwalbenest, fails to disclose receiving, by the server system, a plurality of usage analytics data associated with the user from the merchant interface, the plurality of usage analytics data comprising one or more of:
 a type of a user device,
a web browser information, and
a typing speed of the user.

However, Herder III discloses: receiving, by the server system, a plurality of usage analytics data associated with the user from [an] interface (¶3 in further view of ¶¶¶65, 77, 211 of Herder III. (i.e., applications (e.g., interface) may be monitored by data received by authenticating server for biometrics / anomaly detection, such as typing speed. See also at least ¶¶3-4, 76, 85 of Provisional for support)), the plurality of usage analytics data comprising one or more of:
 a type of a user device,
a web browser information, and
a typing speed of the user. (¶65 of Herder);(See ¶217 of Provisional for support)

Accordingly, it would have been rendered obvious to one having ordinary skill in the art prior to the effective filing date of the claimed invention that the ACS server of EMVCo in view of Handson and Szwalbenest use anomalous biometric activity as a form of criteria for modifying the timeout (¶211) via  gathered usage analytics (¶65 of Herder III) from merchant . 


Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over EMVCo in further Handson, Szwalbenest, as applied in claim 1 (and 16), in further view of Wolter. 

With respect to claim 14, it is rejected under the same rationale as claim 6 (above), mutatis mutandis. (See obviousness rationale of claim 6 pertaining to Wolter).

Allowable Subject Matter
Claim 8 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:

United States Patent Publication No.  US-10013537-B1 to Trachtman (“Trachtman”), generally disclosing modification of amount of time before locking out access to computer resource (title), where resource may include banking transactions 

Prior art generally disclosing adjustment of timeouts / session times / timers that are not static:
United States Application Publication No.  US-20150213427-A1 to Hodges, disclosing in ¶47 that timeout periods may be dependent upon average amount of time for a customer to initiate and complete a typical transaction. Examiner notes Hodges fails to disclose the transaction occurring on an online merchant site, and instead discloses ATM transactions.

United States Application Publication No.  US-11114087-B1 to Leslie, disclosing in Col 11, lines 33 – 48 that timers may be changed based on prior user interactions, and that timers may vary from user to user based on historical differences between users. Leslie fails to generally disclose transactions, and is directed more towards communications between individuals.

United States Application Publication No.  US-20120137217-A1 to Amsterdam (“Amsterdam”), disclosing monitored user activity of application 

Prior art generally disclosing user selectable timeouts / time intervals:
United States Application Publication No.  US-20120054046-A1 to Albisu (“Albisu”), disclosing user preferences including user options to modify session time. (¶41)

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MARK A MALKOWSKI whose telephone number is (313)446-6624. The examiner can normally be reached Monday - Thursday 7:30AM-5:00PM, Alternating Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ryan Donlon can be reached on (571) 270-3602. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: 





/M.A.M./Examiner, Art Unit 3695                                                                                                                                                                                                        
/RYAN D DONLON/Supervisory Patent Examiner, Art Unit 3695                                                                                                                                                                                                        February 7, 2022 


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 Applicant specification states the term "payment network", refers to “a network or collection of systems used for transfer of funds through use of cash-substitutes” (¶37).
        2 Examiner notes ¶39 of Applicant Specification limits definition of ‘merchant interface’ to an “online store”.
        3 Examiner notes Applicant states in ¶36 of Applicant specification that a “payment card” may: be embodied in form of data stored in a user device, where the data is associated with payment account such that the data can be used to process the financial transaction between the payment account and a merchant's financial account. (i.e., account information may broadly constitute ‘payment card’).