DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination (“RCE”) under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on September 8, 2021 has been entered.

Acknowledgements
The present application is being examined under the pre-AIA  first to invent provisions. 
Claim 1, 3-9, 11-16 & 18-20 are pending. 
Claims 1, 3-9, 11-16 & 18-20 have been examined. 

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1, 3-9, 11-16 & 18-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more. 



According to the 2019 Revised Patent Subject Matter Eligibility Guidance1, the first prong of the first step of the § 101 analysis (STEP 2A-1) is to determine whether the claim recites an abstract idea, laws of nature or natural phenomena.

Claims 1, 3-9, 11-16 & 18-20 are directed to the series of steps for generating an authentication model based on user’s profile, which falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas such as commercial or legal interactions. 

The limitations that set forth the abstract idea are:
retrieve, from a database, (i) historical transaction data for a plurality of historical transactions processed over the payment processing network by a plurality of cardholders, and (ii) a respective one of a plurality of cardholder authentication types used for each of the historical transactions; 
build, based on the historical transaction data, a plurality of example data sets, each of the example data sets including, for a respective particular merchant and a respective particular cardholder, i) a preferred one of the plurality of cardholder authentication types used by the particular cardholder for transactions with the particular merchant and ii) a combination of transaction 
generate a model that predicts the one of the preferred cardholder authentication types for novel combinations of the transaction parameters […]; 
receive pending transaction data for each of a plurality of pending transactions from the payment processing network, the pending transaction data for each of the transactions including a cardholder identifier of 
for each of the plurality of pending transactions, i) build a pending combination of transaction parameters from the pending transaction data, and ii) predict a preferred cardholder authentication type by providing the corresponding pending combination of transaction parameters as an input to the trained model and assigning an output of the model as the predicted preferred cardholder authentication type; and 
transmit to a cardholder computing device of the respective cardholder for each pending transaction an authentication request of the corresponding predicted preferred cardholder authentication type. 




The second prong of the first step of the § 101 analysis (STEP 2A-2) is to determine whether the claim elements, when viewed individually and as an ordered combination, contain an inventive concept sufficient to integrate the claimed abstract idea into a practical application. 

The claim elements in addition to the abstract idea are:
authentication (AA) computer device;
raining a neural network on the example data sets
The additional elements noted above do not integrate the judicial exception into a practical application. More particularly, the claims do not recite additional limitations that: (i) improve the functionality of a computer or other technology or technical field, see MPEP § 2106.05(a); (ii) use a “particular machine” to apply or use the judicial exception, see MPEP § 2106.05(b); (iii) transform an article to a different thing or state, see MPEP§ 2106.05(c); or (iv) provide any other meaningful limitation, see MPEP § 2106.05(e). See also 84 Fed. Reg. at 55.
The authentication (AA) computer device is recited at a high level of generality, and comprises only a microprocessor and memory to simply perform the generic computer functions such as retrieving historical transaction data, building example data 
Generic computers performing generic computer functions, alone, do not integrate the claimed abstract idea into a practical application. 

Furthermore, the additional claimed elements, noted above, when viewed individually and as an ordered combination does not integrate the abstract idea into a practical application. 
The claim does not improve the functioning of any computerized device nor improves another technology or technical process, or provide meaningful limitations beyond generally linking an abstract idea to a particular technological environment or mere instructions to implement an abstract idea on a computer. 
The use of the additional elements noted above as tools to implement/automate the abstract idea does not render the claim patent eligible because it does not provide meaningful limitations beyond generally linking the use of an abstract idea to a particular technological environment and requires no more than a computer performing 

The second step of the § 101 analysis (STEP2B) is to determine whether the claim elements, when viewed individually and as an ordered combination, contain “an inventive concept sufficient to transform the claimed abstract idea into a patent-eligible application.” Alice, 134 S. Ct. at 2357. 

The claim does not include additional elements that are sufficient to amount to significantly more than the abstract idea. As discussed above with respect to integration of the abstract idea into a practical application, using the additional element noted above to perform the generic computer functions amount to no more than mere instructions to apply the abstract idea using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible.

The dependent claims further recite the following generic computer functions such as retrieving different types of historical data including authentication types, requesting from a user to identify an authentication type and receiving the authentication type, update the model/pattern based on selected authentication type, and identifying the user’s address/geographic area. 




Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 3-6, 8,9 11-14, 16 & 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Kirsch (US 20120323717 Al) (“Kirsch”) in view of Hubbard et al. (US 20170109752 A1) (“Hubbard”) and further in view of Paul et al (US 20180053105 A1) (“Paul”)

As per claims 1, 9 & 16, Kirsch discloses:
the AA computer device (e.g. identity repository)  (¶ [0010]) configured to: 
retrieve, from a database (e.g. databases 518 & 526), (i) historical transaction data (preferences ) for a plurality of historical transactions processed over the payment processing network by a plurality of cardholders
build, based on the historical transaction data, a plurality of example data sets, each of the example data sets including, for a respective particular merchant and a respective particular cardholder (¶¶ [0605]- [0611], [0628], [0698]]; fig. 5 & related text; see also ¶¶ [0645], [0702]), 
i) a preferred one of the plurality of cardholder authentication types used by the particular cardholder for transactions with the particular merchant (¶¶ [0605]- [0611], [00628, [0698]; fig. 5 & related text), and 
ii) […] transaction parameters including a frequency of transactions by the particular cardholder with the particular merchant, a range of transaction amounts for transactions by the particular cardholder with the particular merchant, and a geographic location of the particular merchant (¶¶ [[0460], 0605]- [0611], [00628, [0657], [0698]; fig. 5 & related text; 
The information comprises any information describing a characteristic of a user, a user system, or any other information that may be useful in a transaction. In one embodiment, the transaction information comprises an account number. In other embodiments, the transaction information can comprise payment methods, an address associated with a user, shipping addresses, billing addresses, usernames, money spent, reward or loyalty numbers, e-mail addresses, contact information, credit card numbers, routing numbers, signed documents, dates, devices involved in the transaction, user permissions, shopping histories, reputations, user ratings, other purchased items, business associations, family members, friends and associates, major cars or appliances owned, subscriptions, 
generate a model  (e.g. parsing the user authentication level and the relying party authentication level) that predicts the one of the preferred cardholder authentication types for novel combinations of the transaction parameters (¶ [0628], [0633]; authentication types with [transaction data] ({{ [0628], [0633], the relying part preferences can include information related to preferences established by the relying party or on behalf of the relying party, including transaction value limits, time periods during which transactions are initiated, geographic locations where the transaction is initiated, histories of returns or invalidated transactions, user reputations, number of transactions within a particular time period, or the like),)  […]; 
receive pending transaction data for each of a plurality of pending transactions from the payment processing network, the pending transaction data for each of the transactions including a cardholder identifier of 
for each of the plurality of pending transactions  (transaction information), i) build a pending combination of transaction parameters  from the pending transaction data (proposed transaction parameters), and ii) predict a preferred cardholder authentication type by providing the corresponding pending combination of transaction parameters as an input to the trained model and assigning an output of the model as the predicted preferred cardholder authentication type  (¶¶ [0434], [0618], [0625]); and 
transmit to a cardholder computing device of the respective cardholder for each pending transaction an authentication request of the corresponding predicted preferred cardholder authentication type (¶ [0622]; fig. 7 & related text).

Kirsch does not expressly disclose build, based on the historical transaction data, a plurality of example data sets…including a combination of transaction parameters. 

Hubbard, however, clearly discloses build, based on the historical transaction data, a plurality of example data sets…including a combination of transaction parameters (¶¶ [0032], [0033]). 

It would have been obvious to a person of ordinary skill in the art to modify Kirsch’s authentication database to include authentication based on previous 


Kirsch does not expressly disclose generate a model [… ] by training a neural network on the example data sets; 

Paul, however, clearly discloses generate a model [… ] by training a neural network on the example data sets (¶¶ [0065], [0067]). 
It would have been obvious to a person of ordinary skill in the art to modify Kirsch’s authentication database to include authentication based on previous transaction amounts, as disclosed by Paul, to accurately and  quickly analyze transaction data thereby enhancing transaction speed and transaction security to prevent fraudulent transactions.

As per claims 3, 11 & 18, Kirsch/ Hubbard/ Paul discloses as shown above. 
Kirsch further discloses wherein at least one  of the plurality of historical transactions is associated with the first cardholder (¶¶ [0645], [0702]).

As per claims 4, 12 & 19, Kirsch/ Hubbard/ Paul discloses as shown above. 
Kirsch further discloses wherein each of the plurality of historical transactions is associated with a respective cardholder other than the first cardholder (e.g. multiple users) (¶ [0607]). 

As per claims 5, 13 & 20, Kirsch/ Hubbard/ Paul discloses as shown above. 
Kirsch further discloses wherein the predicted preferred cardholder authentication type is one of a PIN, a one-time password, a pattern code, a passcode, a digital signature, a signature capture, a biometric signature, a biometric sample, a challenge question, a low-energy infrared retinal scan, a finger vein scan, a near infrared iris scan, an optical fingerprint scan, a three-dimensional (3D) fingerprint scan, an optical palm print, a 3D facial scan, an optical facial scan, and a speech recognition sample (¶ [0630]) .
As per claims 6 &  14, Kirsch/ Hubbard/ Paul discloses as shown above. 
Kirsch further discloses retrieve, from the database using the cardholder identifier, a preferred contact channel of the cardholder, wherein the preferred contact channel includes at least one of a text message, an email, a telephone call, a link to a website, and a point-of-sale device (¶¶ [0204], [0419], [0498]). 

As per claim 8, Kirsch/ Hubbard/ Paul discloses as shown above. 
Kirsch further discloses wherein the transaction geographic location is defined relative to a cardholder home geographic area (¶¶ [0137], [0628]).

Claims  7 & 15 are rejected under 35 U.S.C. 103 as being unpatentable over Kirsch  in view of Hubbard and further in view of Brickell et al (US 20030115142 A1) (“Brickell”). 

As per claims 7 &  15, Kirsch/ Hubbard/ Paul discloses as shown above. 



Kirsch does not expressly disclose: 
transmit, to the cardholder computing device in response to the pending transaction data, a request to identify a specified preferred one of the cardholder authentication types:
receive, from the cardholder computing device, a specified preferred cardholder authentication type corresponding to specified transaction parameters; and
store, in the at least one memory device in association with the cardholder identifier of the first cardholder, a cardholder-specific update to the model based on the specified preferred candidate cardholder authentication type and the specified transaction parameters.

Hubbard, however, discloses 
transmit, to the cardholder computing device in response to the pending transaction data, a request to identify a specified […] one of the cardholder authentication types (¶ [0043]; fig. 4 & related text; In some implementations, the ACS may communicate with the cardholder to obtain one or more required forms 
receive, from the cardholder computing device, a specified […] cardholder authentication type corresponding to specified transaction parameters (¶ [0043]; fig. 4 & related text; and
store, in the at least one memory device in association with the cardholder identifier of the first cardholder, a cardholder-specific update to the model based on the specified […]  candidate cardholder authentication type and the specified transaction parameters (¶ [0043]; fig. 4 & related text; the like, which is then transmitted to the ACS for processing. The MPI then stores 418 the cardholder authentication data, which may include data such as cardholder identification data, issuer FI identification data, purchase transaction data associated with the current purchase transaction including the date of the transaction).

Kirsch/ Hubbard does not disclose a request for a preferred cardholder authentication type. 

Brickell, however, discloses transmit, to the cardholder associated with the cardholder identifier in response to the pending transaction data, a request to identify the specified preferred one of the cardholder authentication types (¶ [0024], [0030]; fig. 2 & related text). 

It would have been obvious to a person of ordinary skill in the art to modify the combination Kirsch/Hubbard’s authentication database to include authentication based . 



Response to Arguments
Applicant's arguments filed August 9, 2021 have been fully considered but they are not persuasive. 

35 U.S.C. §101 Rejection
Applicants argue (page 11):
In this respect, the claim limitations are similar to those in Example 39 of the
USPTO’s January 2019 Subject Matter Eligibility Examples. Just as in Example 39, the claim does not recite any mathematical relationships, formulas, or calculations. While some of the limitations may be based on mathematical concepts, the mathematical concepts are not recited in the claims. Further, the claim does not recite a mental process because the steps are not practically performed in the human mind. Finally, the claim does not recite any method
of organizing human activity such as a fundamental economic concept or managing interactions between people. More specifically, while Claim 1 recites data having a financial content, the claim steps themselves recite no commercial or legal interactions.


The Examiner, however, respectfully disagrees. 
The claims are directed to the series of steps for generating an authentication model based on user’s profile, which falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas such as commercial or legal interactions.
The Examiner notes that the notes above steps can be performed mentally or manually using a pen and a paper (retrieving and receiving authentication parameters etc.) without the use of a machine. 


Applicants argue (page 12):
One path to establishing a practical application is to show that the claims recite an improvement to an existing technology. Here, Applicant’s specification expressly identifies existing limitations of conventional payment network authentication technology. First, as described for example at paragraphs [0004] of Applicant’s specification, the conventional authentication technology may cause an authentication request to be communicated to a cardholder in a way that the cardholder may not immediately receive. In addition, conventional technology does not enable the authentication to be situation-specific. For example, the same authentication types may be presented to a particular cardholder regardless of transaction amounts or proximity to a central location, such as a residence. Further, the conventional technology may unnecessarily require authentications for each visit to a merchant despite frequent authenticated visits. In other words, existing payment network authentication technology does not enable dynamically determined contextual, adaptive prediction or selection of authentication challenge types for different situations.


The Examiner, however, respectfully disagrees. 
The claims are directed to the series of steps for generating an authentication model based on user’s profile, which falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas such as commercial or legal interactions.
The authentication (AA) computer device is recited at a high level of generality, and comprises only a microprocessor and memory to simply perform the generic computer functions such as retrieving historical transaction data, building example data sets, generate a model based on user’s preferred authentication types, training a neural networks on the example data set, receiving pending transaction, and building by training a neural network on the example data sets and transmitting an authentication request corresponding to the determined authentication type . Additionally, these steps can be performed mentally ( or manually using a pen and paper) without the use of a machine. 
Applicants argue (page 12-13):
Claim 1 includes additional elements, which cannot be construed as merely part of any alleged abstract idea, that solve the problems identified in the specification. Specifically, as discussed above, the claimed computing device is programmed to perform steps including generating a model that predicts the one of the preferred cardholder authentication types for novel combinations of the transaction parameters by training a neural network on the example data sets”; and then for pending transactions, “i) building a pending combination of transaction parameters from the pending transaction data, and ii) predicting a preferred cardholder authentication type by providing the corresponding pending combination of transaction parameters as an input to the trained model and assigning an output of the model as the predicted preferred cardholder authentication type.” These steps directly facilitate a solution to the problem identified above, by providing dynamically determined, contextual, adaptive prediction of authentication challenge types for different situations.

The Examiner, however, respectfully disagrees. 
The Examiner notes that the following steps/concepts can be performed mentally and/or manually without the use of a machine: generating a model and training a neural network using transaction parameters as input to the model and predicting the preferred authentication type as output of the model. The use of the additional elements noted above as tools to implement/automate the abstract idea does not render the claim patent eligible because it does not provide meaningful limitations beyond generally 

Applicants argue (page 14):
The fact that the pending claims overcome the cited references, as discussed in the Section 103 traversal below, strengthens the conclusion that the recited limitations are not well understood, routine, and conventional.

The Examiner, however, respectfully disagrees. The Examiner notes that he does not rely on the “well understood, routine, and conventional” rationale. See the rejection above. 

35 U.S.C. §103 Rejection
Applicants argue (page 15-16):
Notably, Kirsch does not describe or suggest i) predicting a preferred cardholder authentication type for each pending transaction of a plurality of pending transactions of a plurality of cardholders by providing corresponding pending transaction data as an input to a generated model and assigning an output of the model as the predicted preferred cardholder authentication type; ii) receiving a specified preferred cardholder authentication type from a specific cardholder; and iii) storing a cardholder-specific updated model in association with a specific cardholder based on the specified preferred authentication type and transaction parameters, as recited in Claim 1.

Notably, Hubbard does not describe or suggest i) predicting a preferred cardholder authentication type for each pending transaction of a plurality of pending transactions of a plurality of cardholders by providing corresponding pending transaction data as an input to a generated model and assigning an output of the model as the predicted preferred cardholder authentication type; ii) receiving a specified preferred cardholder authentication type from a specific cardholder; and iii) storing a cardholder-specific updated model in association with a specific cardholder based on the specified preferred authentication type and transaction parameters.



The Examiner, however, respectfully disagrees. 
Kirsch discloses as shown above. 
Kirsch further discloses: 
[0589] Embodiments of the present invention implement an improved mechanism for allowing both parties in a transaction to influence the authentication process. Accordingly, multiple authentication levels are made available for different types of transactions. As used herein, an "authentication level" can include requirements for authenticating a party's identity in a transaction. These requirements can include providing a password, providing a PIN number, performing a physical gesture with a user device, or approving the transaction on a second user device (such as a smart phone or tablet computer), or the like. Additional types of authentication levels are discussed in more detail below.
[0590] In one embodiment, an architecture is set up to receive or access preferences of the relying party, along with preferences of the opposite party, or "user". The relying party preferences and the user preferences can include conditions for the transaction, such as a dollar amount, along with a reference to an authorization level that should be used when those conditions are met. For example, a user preference might include a condition that a single purchase costs over $100, with a reference to an authorization level requiring a password to be entered.
[0591] According to various embodiments, a relying party authentication level may be determined using the relying party preferences and information associated with the transaction itself. Similarly, a user authentication level may be determined using the user preferences and the information associated with the transaction. A final authentication level to be used in the transaction (a "transaction authentication level") may then be determined. The transaction authentication level can involve a third party (referred to as an "identity repository"), additional user devices, and/or various passwords and PIN numbers.

[0608] The authentication level selection system 510 can also include an authentication level database 518. The authentication level database 518 stores authentication levels that may be applied to transactions. The authentication levels in the authentication level database 518 can be populated by the identity repository, by a user, or by a relying party. In one embodiment, authentication levels can be received as part of the transaction from one of the parties involved. 
[0609] The authentication level selection system 510 can also include an I/O module 522 configured to interface with external databases 540. The external databases 540 can provide preferences and authentication levels in addition to those provided by the parties of the transaction. In one embodiment, transactions may be subject to government regulations or technical standards that include specific authentication level requirements and/or preferences. The external databases 540 can include databases operated by governments, charities, professional organizations, standard-setting organizations, or the like. Preferences and authentication levels retrieved by the I/O module 522 may be used as inputs in a manner similar to the preferences stored in the preferences database 526 and the authentication levels stored in the authentication level database 518.

Kirsch does not expressly disclose:
generate a model associating each of the plurality of cardholder authentication types with a corresponding set of values for transaction parameters derived from the historical transaction data, and 
store, in the at least one memory device in association with the cardholder identifier of the first cardholder, a cardholder-specific update to the model based on the specified preferred preferred cardholder authentication type and the specified transaction parameters.

Hubbard, however, discloses:
a model associating each of the plurality of cardholder authentication types with a corresponding set of values for transaction parameters derived from the historical transaction data (¶¶ [0036]-[0039]) 
store, in the at least one memory device in association with the cardholder identifier of the first cardholder, a cardholder-specific update to the model based on the specified preferred preferred cardholder authentication type and the specified transaction parameters (¶¶ [0036]-[0039]).

Hubbard further discloses: 
[0039]  ….The data stored in the MPI database may be organized by issuer financial institution account range or the like, and can be can be utilized by the merchant server computer to predict a cardholder authentication experience for a particular cardholder with regard to a current purchase transaction.

[0047]….For example, based on past cardholder authentication history and/or prior
transaction experiences and/or circumstances, a merchant can make a prediction regarding the likelihood of a similar experience for a current purchase transaction for the cardholder, and thus elect to bypass cardholder authentication processing to speed up and/or facilitate the current purchase transaction. The merchant may also decide to proceed in this manner for purchase transactions involving similar cardholders having payment card accounts within a predetermined range of payment card accounts (i.e., for new consumers and/or customers having the same or similar type of payment card account from the same issuer FI as known cardholders). Thus, a merchant could determine to bypass the cardholder authentication process for a particular cardholder ( or group of cardholders) based on the authentication method( s) provided in the enhanced AA V utilized in a past purchase transaction or past purchase transactions for that cardholder and/or group of cardholders.

Kirsch does not expressly disclose build, based on the historical transaction data, a plurality of example data sets…including a combination of transaction parameters. 

Hubbard, however, clearly discloses build, based on the historical transaction data, a plurality of example data sets…including a combination of transaction parameters (¶¶ [0032], [0033]). 

It would have been obvious to a person of ordinary skill in the art to modify Kirsch’s authentication database to include authentication based on previous transaction amounts, as disclosed by Hubbard, to enhance security thereby mitigating fraudulent transactions.



It would have been obvious to a person of ordinary skill in the art to modify Kirsch’s authentication database to include authentication based on previous transaction amounts, as disclosed by Paul, to accurately and  quickly analyze transaction data thereby enhancing transaction speed and transaction security to prevent fraudulent transactions.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is cited in the Notice of References Cited (form PTO-892).
Grigg et al (US 9213814 B2) 
Embodiments of the invention are directed to a system, method, and a computer program product for a user authentication based on self-selected preferences. The system typically including a memory, a processor, and a module configured to receive a request to execute a user action from a user associated with an application, wherein the user action requires validation of one or more authentication credentials; access a user-selected preference indicating a level of authentication associated with a user-selected preference as desired by the user; determine authentication types from a plurality of authentication types associated with the level of authentication and the user-selected preference; request one or more authentication credentials corresponding to the determined one or more authentication types; receive one or more authentication credentials from the user; validate the one or more authentication 

US 20050010526 A1- discloses:  
The electronic business transaction system in accordance with claim 5, wherein said credit giving means determines the acceptance/refusal and the authentication level of the new site based on size of enterprise, amount of capital, and business transaction history of the new site upon receipt of a request to join from the new site

US 20090152343 A1
[0007] Examples of transaction characteristics that can be used in determining the selected authentication method include the monetary value of the transaction, and the type of the transaction. Examples of various authentication methods include fingerprint validation, voice validation, facial recognition validation, iris scan validation, PIN validation, and GPS location validation.

US 20060156385 A1
[0076] In another embodiment either first factor or second factor authentication may be enhanced by policy control of authentication strength applied to a common authentication process. For example, a GUI may be used to provide selectability of a plurality of authentication policies associated with an authentication scheme, such as a grid card based challenge/reply scheme, wherein the policies select differing strength levels for the authentication scheme depending upon a specific user or user group or transaction type and provides different strength levels of authentication security for the authentication technique depending on a specified policy for a given user, group of users, or transaction type. Other authentication schemes include but are not limited to other location based article authentication schemes, out-of-band authentication techniques, question and answer based user authentication schemes, one time password list authentication schemes, machine based authentication schemes and any other suitable authentication schemes.


US 20060041507 A1
[0024] According to another aspect of the present invention, the method includes dynamically selecting a plurality of authentication methods to be used. 
[0025] According to yet another aspect of the present invention, the selection of authentication method(s) is also based upon at least a type of location from which the request is received and/or a type of communications mode used to make the request. 

US 20180053185 A1


US 8255971 B1
Thus, a solution is needed that considers particulars of the customer, the account, the channel, the application, and the requested interaction. Cross channel risk policy should track, record, and assess cross-channel customer transaction to understand and appropriately apply risk based authentication. The solution should be capable of selecting an appropriate authentication level based on such factors as transaction risk and customer account history. The solution should be centrally managed and executed in order to support appropriate, specific, and consistent strategies.
US 10755281 B1
By using the techniques described above, the payment service is capable expanding the functionality of a POS device or a customer device and generating an authentication method that is unique to the customer, is dynamic as it changes with the nature of transaction, and is secure as it is based, in part, on a behavior analysis of the customer transaction history at the current or any merchant location, over time. For instance, the POS device or customer device can download and execute a customized application that provides the POS with a mode of operation for receiving a challenge question and providing an answer to the challenge question. The customized application can also provide the POS device with functionality that is specific to a first type of business, such as retail, by 

US 2015/0278797 Al
[0041] Authentication module 140 may also determine the proximity of first user 135 to a pattern of location of first user 135. Authentication module 140 tracks first user 135's locations over a period of time to determine a pattern. First user 135 or banking associate 150 may also provide a location pattern of first user 135 to authentication module 140. For example, if first user 135 travels to work every Monday through Friday via the same route, and one morning stops at a coffee shop, authentication module 140 could determine the proximity of first user 135 to the location pattern, or work commute, of first user 135. 

US 20090152343 A1
A method comprising: initiating a financial transaction involving a person using a mobile device; determining a selected method for authenticating the transaction based on a characteristic of the transaction, wherein the selected method is selected from a plurality of authentication methods, each utilizing a different type of information for authentication; and receiving, by the mobile device, authentication information related to the person; authenticating the person using the mobile device by verification of the authentication information, using the selected method, wherein if the person is authenticated, the transaction is completed using the mobile device, and if the person is not authenticated, the transaction is prevented.

US 8905303 B1
The request for authentication can have the transaction details. On-line terminal 10 can also post the required authentication method for the request based on policies corresponding to the transaction risk, location risk, user risk, device risk, time risk . . . , i.e. simple action verification, pass code verification or biometric verification based on context, transaction authorization by a second person . . . . This enables adaptive authentication or stepped up authentication whereby authentication is eased when the user/location/transaction risk is lower, and the authentication is hardened automatically when the user/location/transaction/user risk is higher. The request for authentication can comprise first transaction information such as the name of the goods, quantity, price, merchant, photo of the good, or any other information. The first application can send a photo of the authorized user to the merchant for authentication.


Any inquiry concerning this communication or earlier communications from the Examiner should be directed to MAMON OBEID whose telephone number is (571)270-1813.  The Examiner can normally be reached on 8 AM- 5 PM.
If attempts to reach the Examiner by telephone are unsuccessful, the Examiner’s supervisor, John W. Hayes can be reached on 5712726708.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic 

/MAMON OBEID/Primary Examiner, Art Unit 3685                                                                                                                                                                                                                                                                                                                                                                                                             


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 https://www.govinfo.gov/content/pkg/FR-2019-01-07/pdf/2018-28282.pdf