DETAILED ACTION
The present application is being examined under the first inventor to file provisions of the AIA .  In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This Office Action is in response Applicant communication filed on 4/5/2022.  

Claims
Claims 1, 5, 11, 15, 16, 20, 22, and 27 have been amended. 
Claims 28 and 29 have been newly added.  
Claims 4, 9, 12, 14, 17-19, 23, and 25 have been cancelled.
Claims 1-3, 5-8, 10, 11, 13, 15, 16, 20-22, 24, and 26-29 are currently pending in the application. 


Response to Arguments
103
The applicant argues that the previously cited references do not teach the claim amendments: determining, by the payment service system, based at least on information related to the transaction and information related to a plurality of past transactions, a level of risk associated with the transaction; and based at least in part on identifying the account of the user and determining that the level of risk associated with the transaction is within a risk threshold, generating, by the payment service system, a resource configured to cause the payment application to execute on the mobile device of the user upon receipt by the mobile device of the user.  Applicant’s arguments with respect to claims 1 and 11, and 16 have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection.  

Rejections under 35 § U.S.C. 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all 
obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1-3, 5-8 and 11, 13, 15, 16, 20-22, 24, 26, and 27 are rejected under 35 U.S.C. 103 as being unpatentable over US 20140351126 A1 (“Priebatsch”) and US 20140249948 A1 (“Graylin”) and US 20160300224 A1 (“Liu”) and US 20120191569 A1 (“Shah”).

Per claims 1, 11, and 16, Priebatsch discloses:
receiving, by the payment service system (e.g. transaction server) associated with the payment service from a third-party merchant system (e.g. merchant system) associated with [an online shopping website] executing on the mobile device (e.g. consumer device or mobile device) of the user, a payment request for a transaction between the user and a third-party merchant (e.g. merchant), wherein the payment request originates from the  [online shopping website] executing on the mobile device (e.g. consumer mobile device) of the user and includes user information (e.g. account identifier) and a payment amount (e.g. transaction details) (Section [0018], [0024]-[0025], [0027], [0029]-[0033]);
in response to receiving the payment request: identifying, by the payment service system (e.g. transaction server) and based on the user information (e.g. unique identifier/email address), an account (e.g. account) of the user, payment information linked to the account (e.g. financial funding source), and a device identifier (e.g. mobile device/device id) of the mobile device of the user, the device identifier indicating that the user has associated the payment application on the mobile device of the user with the account of the user (e.g. the mobile device on which the app is downloaded is linked to the consumer’s account) ( (Section [0027], [0029]-[0031], and Fig. 3 step 316);
transmitting, by the payment service system, a signal (e.g. push notification)… to the mobile device of the user (Section [0030] and [0033]);
displaying, by the payment application executing on the mobile device of the user and upon receiving the signal, an indicator (e.g. dialog) requesting the user to authorize payment for the transaction using the identified payment information linked to the account of the user (e.g. touching an approval button displayed on the device) (Section [0029]-[0033]);  
receiving, by the payment application, an indication of authorization for the payment for the transaction through interaction of the user with a user interface of the payment application (e.g. touching an “approval” button displayed on the device) (Section [0030] and [0033]);
sending, by the payment application, an authorization message for the transaction to the payment service system (e.g. confirms over the second communication channel the consumer’s selection of the approval button as well as information authenticating the phone with the transaction server) (Section [0033]);
receiving, by the payment service system (e.g. transaction server), the authorization message for the transaction from the payment application executing on the mobile device of the user (e.g. confirms over the second communication channel the consumer’s selection of the approval button as well as information authenticating the phone with the transaction server) (Section [0033]);
in response to receiving the authorization message (e.g. approval) for the transaction from the mobile device (e.g. consumer device or mobile device) of the user, processing, by the payment service system, a payment from the user to the third-party merchant (e.g. merchant system) using the identified information linked to the account of the user (Section [0033]-[0034] and Figs. 4A and 4B).

Although Priebatsch discloses a payment service system that sends a push notification to a mobile application (online shopping website) that is linked to a consumer payment account, which then causes the payment application to display a dialog prompt on the user interface for transaction approval, Priebatsch does not specifically disclose determining, by the payment service system responsive to and based on identifying the account of the user and the device identifier of the mobile device of the user, to facilitate the transaction by interfacing with the payment application on the mobile device of the user; generating, by the payment service system, a resource configured to cause the payment application to execute on the mobile device of the user upon receipt by the mobile device of the user.  However Graylin, in analogous art of payment authorization, discloses:
generating, by the payment service system, a resource (e.g. push notification) configured to cause the payment application (e.g. checkout application) to execute (e.g. launch) on the mobile device (e.g. mobile communication device) of the user upon receipt by the mobile device of the user (Section [0097]).
It would have been obvious to one of ordinary skill in the art as of the effective filing date of the claimed invention to modify the push notification payment confirmation of Priebatsch to include the determination to send the push notification to the user account based on identifying the account of the user using a device identifier, as taught by Graylin, in order to provide a more seamless experience for the user. 

Although Priebatsch/Graylin discloses a payment service system that identifies a user account and device identifier of the mobile device of the user, generates a resource based on the identifying, and sends the resource to a user device so that the user device can approve a payment transaction, Priebatsch/Graylin does not specifically disclose determining, by the payment service system, based at least on information related to the transaction and information related to a plurality of past transactions, a level of risk associated with the transaction; and generating the resource based at least in part on identifying the account of the user and determining that the level of risk associated with the transaction is within a risk threshold.  However Liu, in analogous art of payment authorization, discloses:
determining, by the payment service system, based at least on information related to the transaction (e.g. amount of transaction, transaction location) and information related to a plurality of past transactions (e.g. transaction exceeding daily/weekly threshold, time of the transaction past a normal transaction hour, item associated with the transaction is outside of the normal purchasing habits of the user), a level of risk (e.g. security risk) associated with the transaction (Section [0122]-[0123]); 
based at least in part on identifying the account of the user and determining that the level of risk associated with the transaction is within a risk threshold (e.g. in accordance with a determination that the transaction information is associated with a security risk, the server performs a third verification process including: sending a notification to an electronic device linked to the respective user account and, in response to receiving an authorization message from the electronic device, processing the transaction request corresponding to the transaction request.  In various embodiments, the security risk is detected when the transaction information indicates at least one of: a transaction amount exceeding a single transaction limit, a transaction amount exceeding a daily transaction limit, a transaction location outside of a predetermined radius from a predefined home location, and one or more items corresponding to the transaction that do match a purchasing profile for the respective user account) (Section [0122]-[0123]).
It would have been obvious to one of ordinary skill in the art as of the effective filing date of the claimed invention to modify the push notification payment confirmation of Priebatsch/Graylin to include a risk determination of the transaction, as taught by Liu, in order to provide convenience to the user by only sending the resource to the user when a security risk is detected. 

Although Priebatsch/Graylin/Liu discloses a payment service system that receives a payment request from a merchant when the user is making a purchase from an online shopping website, Priebatsch/Graylin/Liu does not specifically disclose that the online shopping website is associated with a merchant application executing on a mobile device.  However Shah, in analogous art of mobile payment applications, discloses …[merchant application executing on a mobile device] (e.g. merchant app or browser)… (Section [0015] and Fig. 1).  
One of ordinary skill in the art knows that you can use a merchant mobile app or a mobile browser to shop online.  Since each individual element and its function are shown in the prior art, albeit shown in separate references, the difference between the claimed subject matter and the prior art rests not on any individual element or function but in the very combination itself that is in the substitution of the merchant application of Shah for the web browser of Priebatsch.  Thus, the simple substitution of one known element for another producing a predictable result renders the claim obvious.

Per claim 2, Priebatsch/Graylin/Liu/Shah discloses all of the limitations of claim 1 above.  Priebatsch further discloses:
receiving, by the payment application, the indication of authorization (e.g. consumers selection of approval button) for the payment for the transaction via interaction with the indicator (Section [0033]); 
upon receiving the authorization message for the transaction, transmitting, by the payment service system (e.g. transaction server), a payment authorization (e.g. approval) to a third-party server (e.g. merchant system) associated with the third-party merchant system (Section [0033]).  

Per claims 3 and 13, Priebatsch/Graylin/Liu/Shah discloses all of the limitations of claims 1 and 11 above.  Priebatsch further discloses:
wherein, after receiving the payment request, the payment service system (e.g. transaction server) causes the payment application (e.g. application) associated with the payment service to execute (e.g. display a dialog) on the mobile device (e.g. mobile device) of the user (Section [0030]-[0031]).  

Per claims 5, 15, and 20, Priebatsch/Graylin/Liu/Shah discloses all of the limitations of claims 1, 11, and 16 above.  Shah further discloses:
wherein the payment application (e.g. mobile payment app) associated with the payment service executes on the mobile device based at least in part in response to the merchant application (e.g. browser/merchant app) sending the payment request (Section [0020]-[0025]).  

Per claim 6, Priebatsch/Graylin/Liu/Shah discloses all of the limitations of claim 1 above.  Priebatsch further discloses:
wherein the indicator requesting the user to authorize payment for the transaction comprises a notification (e.g. push notification) of a message from the payment service (e.g. transaction server) to the user requesting authorization (e.g. approve/deny) of the transaction (Section [0030] and [0033]).  

Per claim 7, Priebatsch/Graylin/Liu/Shah discloses all of the limitations of claim 1 above.  Priebatsch further discloses:
wherein the indicator requesting the user to authorize payment for the transaction comprises a notification (e.g. push notification) from the payment application (e.g. application) executing on the mobile device (e.g. mobile device) of the user requesting authorization of the transaction (Section [0030] and [0033]). 
	
Per claim 8, Priebatsch/Graylin/Liu/Shah discloses all of the limitations of claim 1 above.  Shah further discloses:
wherein the merchant application executing n the mobile device of the user comprises a web browser (e.g. browser app) on the mobile device (e.g. user device) providing a website (e.g. merchants website) associated with the third-party merchant (Section [0015], [0017], [0027], and Fig. 1).  

Per claim 21, Priebatsch/Graylin/Liu/Shah discloses all of the limitations of claim 1 above.  Priebatsch further discloses:
wherein the resource configured to cause the payment application to execute on the mobile device of the user is a message for the payment application, a token associated with the payment request, an instruction for a push notification (e.g. push notification) by the payment application (e.g. application), or an instruction to direct execution by the mobile device to the payment application (Section [0030]). 
	Note: the limitation “wherein the resource to cause the payment application to execute on the mobile device of the user is a message for the payment application, a token associated with the payment request, an instruction for a push notification by the payment application or an instruction to direct execution by the mobile device to the payment application” does not distinguish over the prior art because it is describing the data (e.g. resource) which does not affect the steps/functions of the claims in a manipulative sense. 

Per claim 22, Priebatsch/Graylin/Liu/Shah discloses all of the limitations of claim 2 above.  Priebatsch further discloses:
wherein the indicator (e.g. dialog) requesting the user to authorize payment for the transaction is interactive (e.g. approve or deny), and wherein the payment service system delays processing the transaction until the payment service system has received the indication of authorization of the transaction by the user (e.g. the transaction server communicates the response to the merchant system and, if authorization is granted, completes the transaction) (Section [0029]-[0032]). 

Per claim 24, Priebatsch/Graylin/Liu/Shah discloses all of the limitations of claim 1 above.  Priebatsch further discloses:
wherein causing the payment application to execute on the mobile device of the user comprises causing the payment application to come to a foreground on the mobile device of the user and causing the merchant application executing on the mobile device of the user to go into a background on the mobile device of the user (e.g. the application downloaded to the user device will display a dialog) (Section [0030]-[0032]).

Per claim 26, Priebatsch/Graylin/Liu/Shah discloses all of the limitations of claim 1 above.  Shah further discloses:
receiving, by the mobile device (e.g. registered mobile device) of the user, the signal comprising the generated resource (e.g. push notification) (Section [0119]);
in response to receiving the signal comprising the generated resource (e.g. push notification), initiating, by the mobile device (e.g. registered mobile device) of the user, execution of the payment application (e.g. The application downloaded to the device will display a dialog prompting the consumer to approve or deny the request) (Section [0119]).

Per claim 27, Priebatsch/Graylin/Liu/Shah discloses all of the limitations of claim 1 above.  Graylin further discloses:
identifying, in association with the account of the user and the payment information linked to the account, a device identifier (e.g. phone number or device identifier) of the mobile device (e.g. mobile communication device) of the user, the device identifier indicating that the user has associated the payment application (e.g. checkout application) with the account of the user (Section [0097]).

Claim 10 are rejected under 35 U.S.C. 103 as being unpatentable over Priebatsch/Graylin/Liu/Shah, as applied to claim 1 above, in further view of US 20060131385 A1 (“Kim”).

Per claim 10, Priebatsch/Graylin/Liu/Shah do not specifically disclose wherein the payment request from the third-party merchant system further includes an identifier for the merchant application; wherein the indicator requesting the user to authorize payment for the transaction comprises the identifier for the merchant application.  However Kim, in analogous art of transaction notification, discloses:
wherein the payment request (e.g. transaction request) from the third-party merchant system further includes an identifier (e.g. merchant name) for the merchant application (Section [0034]); 
wherein the indicator requesting the user to authorize payment for the transaction comprises the identifier (e.g. name of merchant) for the merchant application (Section [0039]-[0041]).
It would have been obvious to one of ordinary skill in the art to include in the transaction authorization system of Priebatsch/Graylin/Liu/Shah the use of a merchant identifier as taught by Kim since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.  One of ordinary skill in the art knows that by including the merchant name in the payment request and in the mobile device indicator, it allows both the payment system and the user to know which transaction the request and indicator are referring to.  Adding the merchant identifier to the transaction request and indicator of Priebatsch would render predictable results.

Claim 28 are rejected under 35 U.S.C. 103 as being unpatentable over Priebatsch/Graylin/Liu/Shah, as applied to claim 1 above, in further view of US 20150242840 A1 (“Kursun”).

Per claim 28, Priebatsch/Graylin/Liu/Shah do not specifically disclose determining, for a plurality of risk factors, and based on the information related to the transaction and the information related to the plurality of past transactions, respective risk scores for respective risk factors of the plurality of risk factors; determining an aggregated risks core from the respective risks cores; comparing the aggregated risks core to the risk threshold to determine whether the level of risk is within the risk threshold.  However Kursun, in analogous art of transaction risk determination, discloses:
determining, for a plurality of risk factors (e.g. factor), and based on the information related to the transaction (e.g. transaction type) and the information related to the plurality of past transactions (e.g. history), respective risk scores for respective risk factors of the plurality of risk factors (e.g. each factor may be given an independent weighting) (Section [0157]); 
determining an aggregated risk score (e.g. combined risk factor) from the respective risk scores (Section [0157]).
comparing the aggregated risks core to the risk threshold to determine whether the level of risk is within the risk threshold (e.g. in the combined risk factor is above a certain threshold) (Section [0157]).
Since each individual element and its function are shown in the prior art, albeit shown in separate references, the difference between the claimed subject matter and the prior art rests not on any individual element or function but in the very combination itself that is in the substitution of the risk determination algorithm of Kursun for the risk determination algorithm of Priebatsch/Graylin/Liu/Shah.  Thus, the simple substitution of one known element for another producing a predictable result renders the claim obvious. 

Claim 29 are rejected under 35 U.S.C. 103 as being unpatentable over Priebatsch/Graylin/Liu/Shah, as applied to claim 1 above, in further view of US 20140214568 A1 (“Argue”).

Per claim 29, Liu, in section [0122] discloses that when there is a security risk, an email can be sent to an email address linked to the respective user account, or an SMS or automated phone call to phone number linked to the respective user account can be performed.  However, Priebatsch/Graylin/Liu/Shah do not specifically disclose wherein a first communication type for contacting the user is associated with a level of risk that exceeds the risk threshold, and a second communication type, different from the first communication type, is associated with a level of risk that is within the risk threshold, wherein the second communication type includes transmitting the signal comprising the generated resource to the mobile device of the user.  However Argue, in analogous art of transaction risk assessment, discloses:
wherein a first communication type for contacting the user is associated with a level of risk that exceeds the risk threshold, and a second communication type, different from the first communication type, is associated with a level of risk that is within the risk threshold, wherein the second communication type includes transmitting the signal comprising the generated resource to the mobile device of the user (e.g. An alert may be generated based on the characterization of risk. For example, where the characterization of risk, which may be represented by a numeric value, is above a threshold, an alert may be generated.  In some embodiments, multiple types of alerts may be generated, where each alert has its own threshold at which it is invoked (Section [0052]).
It would have been obvious to one of ordinary skill in the art as of the effective filing date of the claimed invention to modify the risk notification of Priebatsch/Graylin/Liu/Shah to include multiple alert types that each have their own threshold, as taught by Argue, in order to increase the security of the transaction by using a more secure notification alert when the risk is higher (See Wells Paragraph 10).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry of a general nature or relating to the status of this application or concerning this communication or earlier communications from the Examiner should be directed to TIMOTHY SAX whose telephone number is 571-272-0821.  The Examiner can normally be reached on M-F 9-5:30.  If attempts to reach the examiner by telephone are unsuccessful, the Examiner’s supervisor, Patrick McAtee can be reached at (571) 272-7575.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see  http://portal.uspto.gov/external/portal/pair .  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866.217.9197 (toll-free).

/TS/
Examiner, Art Unit 3685

/JACOB C. COPPOLA/Primary Examiner, Art Unit 3685