Detailed Action
Acknowledgements
This office action is in reply to the claim amendment filed February 2, 2022. 
Claims 1-20 are pending and have been examined.  

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-4 & 7-20 are rejected under 35 U.S.C. 103 as being unpatentable over Fordyce, III et al. (US 20190333089 Al) (“Fordyce”) in view of Hammad (US 20120023567 Al) (“Hammad”) and further in view of Weber et al (US 20140310183 A1) (“Weber”). 

As per claims 1, 14 & 20, 
a payment initiation device (POS 114) associated with the merchant (merchant 108), which in operation, is configured to accept a payment request for electronic payment initiated by a customer (consumer 110) via a financial instrument (portable payment device 112) and collect electronic payment transaction data for the payment request (¶¶ [0028], [0030]), wherein the electronic payment transaction data includes a sensitive data portion (financial data) and a non-sensitive data portion (non-financial data) (¶¶ [0034], [0039]); 
[…]
transmit the electronic payment transaction data with the payment request through a payment gateway (acquirer) (¶¶ [0034], [0058]); 
said payment gateway, which in operation, is configured to: accept and forward both the sensitive and the non-sensitive data portion of the electronic payment transaction data with the payment request to the payment processor (transaction handler) for payment processing (¶¶ [0034], [0039], [0040], [0046], [0068], [0078]); 
transmit only the non-sensitive data portion of the electronic payment transaction data to a payment service engine for [service] analysis (qualifier) to determine if the payment request should be processed or not once the payment request has been approved by an issuer (issuer) of the financial instrument (Therefore, the transaction processor 408 does not receive the non-financial transaction data associated with the incentive program. ……. Upon receiving payment of the authorized transaction amount from the issuer 102, the acquirer 106 forwards the payment to merchant 108 after deducting any transaction costs and fees) (¶¶ [0034], [0039], [0040], [0046], [0058], [0059], [0068], [0078]; claim 6); 
 said payment processor, which in operation, is configured to […] and send the payment request with the electronic payment transaction data over a payment network to the issuer of the financial instrument for approval (¶ [0061]); 
said payment service engine, which in operation, is configured to accept and analyze the non-sensitive data portion of the electronic payment transaction data in real time to determine whether the payment request should be processed or not based on a [rewards] [….] (e.g. whether to apply reward to the transaction) (¶¶ [0055], [0062], claim 6).

Fordyce does not expressly disclose a payment service engine for risk analysis… to determine whether the payment request should be processed or not based on the risk analysis and to transmit a notification to the payment initiation device based on the determination, wherein the notification comprises a successful response when the payment request is determined to not be at risk and a declined response when the payment request is determined to be at risk.

Hammad, however, discloses a payment service engine for risk analysis (¶¶ [0147], [0149]) … to determine whether the payment request should be processed or not based on the risk analysis (¶¶ [0147], [0149]) and to transmit a notification (e.g. risk score) to the payment initiation device (e.g. authorizing entity, such as an issuer or a merchant) based on the determination (¶¶ [0129]), wherein the notification comprises a successful response when the payment request is determined to not be at risk and a declined response when the payment request is determined to be at risk (¶¶ [0128]-[0131]; e.g. whether the transaction was approved or rejected based on the risk score generated in step S311).


Hammad, further discloses the received information may comprise, for instance, verification information (e.g. whether the token and/or portable device is valid), transaction information, account information, and/or any other information that the authorization system 25 may utilize in determining the risk of a transaction.
 In some embodiments, the received information may also comprise whether an authorization entity (e.g. an issuer or merchant) approved or declined a transaction (¶ [0097]).  

Hammad further discloses … the risk score may be sent to an authorizing
entity, such as an issuer or a merchant. In some embodiments, the risk score may be included in an authorization request message. In some embodiments, the risk score may further comprise reason codes that indicate the factors that were considered (and their respective impact on) the generation of the risk score. At step, S313, the authorizing entity may then determine whether to approve or reject the transaction based at least in part on the calculated risk score indicating the likelihood that the transaction may be fraudulent (¶ [0129]).

It would have been obvious to a person of ordinary skill in the art to modify Fordyce’s teachings to include transaction risk analysis, as disclosed by Hammad, to prevent fraudulent transaction thereby mitigating monetary losses (Hammad: ¶ [0002], [0146]). 

Fordyce does not expressly disclose:
encrypt the sensitive data portion using one or more keys provided by and shared only with a payment processor and decrypt the sensitive data portion of the electronic payment transaction data using the keys shared only with the payment initiation device. 

Weber, however, clearly discloses encrypt the sensitive data portion using one or more keys provided by and shared only with a payment processor and decrypt the sensitive data portion of the electronic payment transaction data using the keys shared only with the payment initiation device (An authorization request message is generated by the POS terminal using the encrypted data and sent 910 to the switch 806. The switch 806 receives the authorization request message which includes an encrypted payload and may include one or more plain text fields) (¶ [0008], [0101]). 

It would have been obvious to a person of ordinary skill in the art to modify Fordyce’s teachings to include encrypting sensitive data, as disclosed by Weber, to increase transactions’ security to prevent fraudulent transaction thereby mitigating monetary losses (Weber: ¶ [0004]). 

The examiner further notes that the following limitations have been considered but are not giving patentable weight because the limitations have been interpreted as intended use limitations that are not positively claimed:
…to determine whether the payment request should be processed or not based on the risk analysis …as recited by at least claim 20. 
…to transmit a notification to the payment initiation device based on the determination …as recited by at least claim 20.
A recitation of the intended use of the claimed invention must result in a structural difference between the claimed invention and the prior art in order to patentably distinguish the claimed invention from the prior art.  If the prior art structure is capable of performing the intended use, then it meets the claim. See MPEP 2114 and Ex parte Masham, 2 USPQ2d 1647 (Bd. Pat. App. & Inter. 1987).  

	
As per claim 2, Fordyce/ Hammad/ Weber discloses as shown above.
Fordyce further discloses wherein: the financial instrument is a credit card, a debit card, a prepaid card, chip card, or a mobile communication device having a near-field communication (NFC) chip and an app to support mobile payment (¶¶ [0026], [0028]). 

As per claim 3, Fordyce/ Hammad/ Weber discloses as shown above.
Fordyce further discloses wherein: the payment initiation device is a stand-alone POS payment terminal, a pin-pad linked to a POS payment terminal, a potable card reader attached to a mobile communication device, a mobile communication device capable of recognizing the financial instrument, or a device with integrated hardware and software that together accepts the payment request from the customer (¶¶ [0028], [0030]).

As per claims 4 & 15, Fordyce/ Hammad/ Weber discloses as shown above.
Fordyce further discloses wherein: the payment initiation device is configured to collect the electronic payment transaction data by one of accepting card information manually entered by the customer, reading data stored on a magnetic stripe of a card swiped at the payment initiation device, reading data stored on a chip of a chip card inserted into the payment initiation device, and transmitting data from a near-field communication (NFC) chip on a mobile communication device when tapped by the customer (¶ [0033]). 

As per claim 7, Fordyce/ Hammad/ Weber discloses as shown above.
Fordyce further discloses financial and non-financial data, the financial and non-financial transaction data were transmitted through the first payment processing system 100 in the same message. (¶¶ [0034], [0039], [0043]) 
Fordyce further discloses discloses wherein: the sensitive data portion includes one or more of full card number, CVV code, expiration date, and other sensitive data stored on the financial instrument (¶ [0044]). 

As per claim 8, Fordyce/ Hammad/ Weber discloses as shown above.
Fordyce further discloses wherein: the payment gateway is a stand-alone system, a piece of software embedded within the payment initiation device, or a component embedded within the payment processor (¶¶ [0034], [0039], [0040], [0046], [0068], [0078]); 

As per claims 9 & 16, Fordyce/ Hammad/ Weber discloses as shown above.
Fordyce further discloses wherein: the payment gateway is configured to access only the non-sensitive portion of the electronic payment transaction data (¶ [0040]).

As per claim 10 & 17, Fordyce/ Hammad/ Weber discloses as shown above.
Fordyce further discloses wherein: the payment gateway is configured to transmit the non-sensitive data portion of the electronic payment transaction data to the payment service engine[…] (¶¶ [0034], [0039], [0040], [0046], [0058], [0059], [0068], [0078]; claim 6);  
Fordyce does not disclose invoking an Application Program Interface (API) call to the payment service engine.  
Weber, however, discloses Invoking an Application Program Interface (API) call to transmit message related to financial transaction (¶ [0065]). 
 
It would have been obvious to a person of ordinary skill in the art to modify Fordyce’s to incorporate APIs, as disclosed by Weber, because APIs are very versatile and can be used on web-based systems, operating systems, database systems and computer hardware which would allow communication among different applications/software.  


As per claim 11, Fordyce/ Hammad/ Weber discloses as shown above.
Fordyce further discloses wherein: the payment service engine is provided by a third party payment service provider, which is a separate payment service entity outside of the payment transaction process between the payment initiation device and the payment processor (¶ [0046]). 

As per claim 12 & 18, Fordyce/ Hammad/ Weber discloses as shown above.
Fordyce further discloses wherein: the payment service engine is configured to assess the [associated services] of the payment request in real time by analyzing the non-sensitive data portion of the payment transaction in view of historical payment transaction data of the customer and/or the merchant (¶¶ [0034], [0039], [0040], [0046], [0058], [0059], [0068], [0078]; claim 6); 
Fordyce does not expressly discloses risk analysis. 
Hammad, however, discloses using risk analysis for approving/declining transactions ((¶¶ [0147], [0149]).  
Hammad, further discloses the received information may comprise, for instance, verification information ( e.g. whether the token and/or portable device is valid), transaction information, account information, and/or any other information that the authorization system 25 may utilize in determining the risk of a transaction.
 In some embodiments, the received information may also comprise whether an authorization entity (e.g. an issuer or merchant) approved or declined a transaction (¶ [0097]).  

Hammad further discloses … the risk score may be sent to an authorizing
entity, such as an issuer or a merchant. In some embodiments, the risk score may be included in an authorization request message. In some embodiments, the risk score may further comprise reason codes that indicate the factors that were considered (and their respective impact on) the generation of the risk score. At step, S313, the authorizing entity may then determine whether to approve or reject the transaction based at least in part on the calculated risk score indicating the likelihood that the transaction may be fraudulent (¶ [0129]).

It would have been obvious to a person of ordinary skill in the art to modify Fordyce’s teachings to include transaction risk analysis,  with ……, as disclosed by reference B, to prevent fraudulent transaction thereby mitigating monetary losses (Hammad: ¶ [0002], [0146]). 

As per claims 13 & 19, Fordyce/ Hammad/ Weber discloses as shown above.
Fordyce further discloses wherein: the payment service engine is configured to notify the payment initiation device and/or the merchant of assessment of the risk of the payment request via the payment gateway (¶¶ [0055]-[0057]). 

Claims 5 & 6 are rejected under 35 U.S.C. 103 as being unpatentable over Fordyce in view of Hammad, in view of Weber and further in view of  Ankolekar et al. (US 20130132281 Al) (“Ankolekar”). 

As per claim 5, Fordyce/ Hammad/ Weber discloses as shown above.
Fordyce further discloses financial and non-financial data, the financial and non-financial transaction data were transmitted through the first payment processing system 100 in the same message. (¶¶ [0034], [0039], [0043]) 
Fordyce does not expressly discloses wherein: the non-sensitive data portion includes one or more of name and/or billing address of the customer, non-sensitive part of a unique identifier/number of the financial instrument, type of the financial instrument, and brand of the financial instrument.  

Ankolekar, however, clearly discloses wherein: the non-sensitive data portion includes one or more of name and/or billing address of the customer, non-sensitive part of a unique identifier/number of the financial instrument, type of the financial instrument, and brand of the financial instrument (¶ [0024]).   


It would have been obvious to a person of ordinary skill in the art to modify Fordyce’s teachings to include non-sensitive data in payments transactions, as disclosed by Ankolekar, to be able to analyze and route payment transaction to the appropriate issuer to comply with the ISO transaction standards. 

As per claim 6, Fordyce/ Hammad/ Weber discloses as shown above.
Fordyce further discloses financial and non-financial data, the financial and non-financial transaction data were transmitted through the first payment processing system 100 in the same message. (¶¶ [0034], [0039], [0043]) 
Fordyce does not expressly discloses wherein: the non-sensitive data portion further includes details of the payment request including one or more of the amount being requested for approval, a list of the products and/or services purchased, name or id of the merchant, and device id and/or location of the payment initiation device. 

Ankolekar, however, clearly discloses wherein: the non-sensitive data portion further includes details of the payment request including one or more of the amount being requested for approval, a list of the products and/or services purchased, name or id of the merchant, and device id and/or location of the payment initiation device (¶ [0024]).   

It would have been obvious to a person of ordinary skill in the art to modify Fordyce’s teachings to include non-sensitive data in payments transactions, as disclosed by Ankolekar, to be able to analyze and route payment transaction to the appropriate issuer to comply with the ISO transaction standards. 

Response to Arguments
Applicant’s arguments with respect to at least claim 1 have been considered but are not persuasive. 
Claim Rejection under (AIA ) 35 U.S.C. § 103
Applicants argue (pages 9-10+):
Fordyce fail to disclose the above quoted features of claim 1. For example, and assuming the Office is associating the “non-financial transaction data” of Fordyce with the claimed “non- sensitive data portion of the electronic payment transaction data,” which Applicant does not concede is appropriate, nonetheless there is no teaching in the cited portions of Fordyce that the “non-financial transaction data” is transmitted to the “transaction processor 408” for risk analysis to determine if a payment request should be processed or not, let alone for risk analysis to determine if a payment request should be processed or not once the payment request has been approved by an issuer of a financial instrument. Indeed, Fordyce teaches otherwise, in stating that “[t]he transaction processor 408 forwards the financial transaction data to the issuer 410 which processes the request in that data for payment authorization and sends a corresponding message back to the acquirer 404.” See Fordyce, paras. [0060]- [0061]. The cited portions of Hammad and Weber do not appear to cure these deficiencies of Fordyce, and the Office Action does not indicate otherwise. Thus, at least for this reason, the rejection should be withdrawn. 


The Examiner, however, respectfully disagrees. 
First, the examiner notes that the limitations “ …to determine whether the payment request should be processed or not based on the risk analysis …” and “…to transmit a notification to the payment initiation device based on the determination …” are intended use limitations which were considered but not given patentable weights because they’re not positive limitations. 
Second, the examiner notes that the following feature is not recited in the rejected claims “….risk analysis to determine if a payment request should be processed or not once the payment request has been approved by an issuer of a financial instrument…”

Third, Fordyce teaches in at least ¶ [0052]: “…. The transaction processor 308 and/or the qualifier 314 may utilize the merchant identifier code to facilitate matching the financial and non-financial transaction data.)

Fourth, Hammad teaches to determine whether the payment request should be processed or not based on a [rewards] (¶¶ [0055])

Fifth, Hammad teaches in at least (¶¶ [0022] to determine whether the payment request should be processed or not based on [risk analysis]:
Authorization systems may generate a risk score (which takes into account various factors related to a transaction) that indicates the likelihood that a financial transaction is fraudulent ( e.g. the portable device or payment account
information used in the transaction is stolen or otherwise fraudulent). This risk score may be used by a financial institution (such as an issuer of a payment account) or a merchant in determining whether to approve the transaction. A verification token (which may be a secure device that may interact with a portable device) may be used in such financial transactions to provide additional information that may be utilized in generating the risk score for the particular transaction. For instance, the verification token may interact with a portable
consumer device and send relevant information securely to an authorization system or similar entity. Because the validation token is a secured device, if it is validated, then a portable device that interacts with the verification token and a corresponding transaction are less likely to be fraudulent. Moreover, the verification token may be utilized as a secure way to send information that may be later utilized to authenticate a transaction and generate a risk score.


Therefore, the combination Fordyce/Hammad/ Webber teach the limitations as claimed. 




Prior Art Made of Record
The prior art made of record and not relied upon is considered pertinent to Applicant's disclosure, and is listed in the attached form PTO-892 (Notice of References Cited). Unless expressly noted otherwise by the Examiner, all documents listed on form PTO-892 are cited in their entirety.
US 20160171499 A1
The processor then receives the fraud score from the network service provider and authorizes the pending payment transaction to be processed when the fraud score does not exceed a threshold, and sends a notification requiring an additional security measure when the fraud score matches or exceeds the threshold.

US 20120284187 Al
A system and associated data processing flow for processing
payment transactions that are conducted using a payment
account or portable consumer device. The portable consumer
device may be in any suitable form, including cards, key fobs ,
devices containing a contactless element, smart cards (having
contacts or without contacts), etc. The invention separates the
authentication of the payment account or payment device
from the transaction authorization process, enabling different
entities to be responsible for each of those functions. 


US 20160180343 Al 
The present systems and methods provide for secured communication
between a mobile device and a server/gateway.
The systems and methods can be used, for example, as a way
to confirm whether or not a transaction was actually authorized
by the user, thereby settling a chargeback dispute for a
previously executed transaction. The method comprises
receiving the dispute regarding the transaction including
associated transaction data, and retrieving a digital signature
associated with the transaction data, the digital signature
computed by signing the transaction data. The digital signature
is then verified using a public key, wherein the public key
corresponds to a private key stored on a mobile device. It is
then determined whether or not the transaction is fraudulent
based on a verification result of the digital signature. 


US 20140046786 Al
Disclosed herein are payment systems and methods for
accepting and reconciling consumer credit or debit account
transactions between merchants and consumers. The
described systems and methods include merchant-employee
POS application software that can be downloaded onto portable
communication devices such that portable POS terminals
can be easily deployed into a mobile sales network.
Further disclosed are security techniques that can be
employed within this system analytics systems and methods
for gleaning useful data from the aggregation of multiple
merchant employee POS terminal sales data.


US 20170270557 Al
A method for tokenizing non-payment identifier, comprising
storing a plurality of account profiles, wherein each account
profile is a structured data set related to a transaction account
including at least a non-payment identifier, at least one of a
personal accollllt number (PAN), and quantity of points
affiliated with the non-payment identifier. Receiving a data
signal from a consumer commnnication device, wherein the
data signal may be superimposed with a tokenization
request, the tokenization request including at least a nonpayment
identifier. Provisioning, by a generation module of
the processing server, a token linking to the non-payment
identifier. Transmitting, by a transmitting device of the
processing server, the token linked to the non-payment
identifier to the consumer communication device.

US 20100274719 Al
Methods for deferring settlement of a transaction are disclosed.
A server computer receives an authorization request
message for a transaction. The server computer then receives
an authorization response message for the transaction. The
server computer then receives a deferred settlement indicator
for the transaction.

US 20110238510 Al
A dynamic signature/sign biometric verification system for
detecting and preventing fraudulent transactions is described.
The system comprises remote digital signature/sign input
devices, a means to extract spatial and temporal features from
the signature, a means to transmit the signature/sign features
along with customer identifier information to a centralized
signature/sign verification authority, a means for combining
signature/sign feature verification with other forms of fraud
detection technology, and a means for transmitting the results
of a signature/sign verification back to the remote location
where the signature/sign was captured. The system was primarily
developed for use in payment card industries (e.g.
credit cards, debit cards) but has applicability to other centralized
signature/sign verification applications such as Automated
Teller Machine authorizations and other identity theft
detection and monitoring services.

US 8020763 Bl
Systems and methods for assessing transaction risk. A consumer
tenders a transaction card to a merchant to purchase a
good or service. A payment device of the merchant, such as a
payment terminal or mobile communication device of the
merchant, is used to process the payment utilizing a risk
assessment system. Card data received by the payment device
is sent to the risk assessment system, which processes card
data and generates an indicator representing the risk associated
with accepting payment using the card. The indicator is
sent to the payment device to provide the merchant input
regarding risk associated with using the card ( e.g., likelihood
of fraud or chargeback) in a seamless manner. If the risk level
is too high, the merchant may reject the card. The risk indicator
may be based on different types of data from different
sources, e.g., data from a first source related to the credit
history of the consumer and data from a second source related
to the identity of the consumer.

US 20120054101 Al
A system and method for fraud prevention is provided. Specifically,
an application program interface may be used in
concert with an authorization request to process a transaction,
to utilize fraud prevention tools. A system, method and/or
computer program product for transmitting an authorization
request to a financial institution and transmitting a request to
utilize a fraud mitigation tool is disclosed. Additionally, a
system, method and/or computer program product for providing
value added services in the flow of data between a
merchant and a financial institution is disclosed. 


Conclusion
Any inquiry concerning this communication or earlier communications from the Examiner should be directed to MAMON OBEID whose telephone number is (571)270-1813.  The Examiner can normally be reached on 8 AM- 5 PM.
If attempts to reach the Examiner by telephone are unsuccessful, the Examiner’s supervisor, John W. Hayes can be reached on 5712726708.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MAMON OBEID/Primary Examiner, Art Unit 3685