DETAILED ACTION
	This is a non-final action on the merits.  The U.S. Patent and Trademark Office has received claims 1-18 in application number 16/428,530.  Claims 1-18 are pending and have been examined on the merits.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Request for Continued Examination
	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 01/19/2022 has been entered.

Response to Remarks
	Regarding the rejections of claims 1-18 under 35 U.S.C. § 103 as obvious,
	Applicant argues that the “timing” of Applicant’s claimed method and device is distinct from that of the cited prior art, in so far as the timing of the server obtaining context data from the one or more supplemental devices.  The timing, or order of the performed functions is the same in the ZHANG reference as the cited prior art.  Figure 7 of ZHANG, as described in the cited paragraph, explicitly depicts the service request (702), the risk detection (704), the voice verification request (706), establish voice communication (708), and the transmission of the verification information (710), prior to (714) perform the service request according to verification information.  
	Moreover, that the obtaining . . . the context data is recited as occurring upon the determination that the transaction is provisionally declined, does not save this argument.  The recitation to provisionally declined is disclosed by step 704, where the server does not terminate the service request, but determines that the further biometric verification is needed before decided to ultimately suspend the transaction.  This interpretation is in accordance with the Specification: 
[0066] In the example depicted, the user 502 may be shopping for an expensive 15 gift to be given to another person. Purchasing such a gift may be uncharacteristic of the user 502 by virtue of the user not typically purchasing the type of product being purchased as well as the user not typically spending the amount that the gift costs. Because of this, the authorization provider 112 may be unsure that the user 502 is authentic and may provisionally decline the transaction. In a conventional system, the 20 resource provider 510 would simply receive an indication (via an authorization response message) that the transaction is declined. However, as the user 502 in the depicted example is authentic, this would represent a false decline by the authorization provider 112. In accordance with embodiments of the disclosure, the authorization provider 112 would instead provisionally decline the transaction. The authorization provider 112 25 would then determine a degree to which the context data obtained from the supplemental devices (504 and 506) supports the authenticity of the user 502. The transaction would then be reevaluated in light of that context data. This process is described in greater detail with respect to FIG. 4 above. .
Spec. at 0066.  ZHANG discloses performing the same steps, in the same order, in Fig. 7.  Therefore the recitation to provisionally declined does not distinguish over the cited prior art.


Claim Rejections 35 U.S.C. 103
	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

	Claims 1-7, 9-12, 15-18 are rejected under 35 U.S.C. § 103 over Patent Application Publication US 20150186892 A1 (hereinafter “ZHANG”) in view of US 20150073907 A1 (hereinafter “PURVES”).

	Regarding independent claims 1 and 9 ZHANG discloses:
1	 	A method comprising:
ZHANG at 0005 (“In order to address the problems stated in the back ground section, the embodiments of the present disclosure provide methods and systems for real-time verification of a transaction.”).
9		 A service provider computer comprising: a processor; and a memory including instructions that, when executed with the processor, cause the service provider computer to, at least:
ZHANG at  0006 (“In some embodiments, a method of real-time biometric verification of a transaction is performed at a server system (e.g., server system 108, FIGS. 1-2) with one or more processors and memory.”).
NOTE: Henceforth only the limitations of method claim 1 are presented; claim limitations are enumerated by decimal for clarity in any later citation.
1.1		maintaining, at a service provider, an association between one or more supplemental devices and a user device, the one or more supplemental devices configured to provide context data, wherein the context data includes at least biometric information associated with a user of the user device collected by the one or more supplemental devices without prompting the user;
ZHANG at 0029, Fig. 1 (disclosing maintaining, at a service provider, an association between one or more supplemental devices and a user device) (“server-side module 106 communicates with one or more POS devices 122 (e.g., merchant/retail POS devices, a first device associated with the user, etc.) through one or more networks 110”); ZHANG at 0034, Fig. 1 (disclosing the server maintaining an association with the “client device 104” with “client-side module 102”); 
ZHANG at 0030-31 (disclosing representative embodiments for both the “first device” POS 122 and “second device” client device 104 as including several embodiments for both user and supplemental devices) (“a handheld computer, a wearable computing device, a personal digital assistant (PDA), a tablet computer, a laptop computer, a desktop computer, a cellular telephone, a smart phone, an enhanced general packet radio service (EGPRS) mobile phone, a media player, a navigation device, a game console, a television, a remote control, or a combination of any two or more of these data processing devices or other data processing devices.”); 
ZHANG at 0096 (disclosing wherein the context data includes at least biometric information associated with a user of the user device collected by the one or more supplemental devices) (“For example, in response to selection of remote entry affordance 516-1, biometric information (e.g., voice input) associated with information items 512-1 is input via the user's mobile device (i.e., the second device) and checked by server system 108.”); further at
ZHANG at 0099 (“[E]mbodiments of user interfaces and associated processes that may be implemented on a respective client device 104 with one or more speakers 602 enabled to output sound, zero or more microphones 604 enabled to receive sound input, and a touchscreen 606 (sometimes also herein called a touch screen display) enabled to receive one or more contacts and display information”).
1.2		 receiving, at the service provider, an authorization request message associated with a transaction using the user device with a resource provider;
ZHANG at 0108 (“In some embodiments, the service server obtains (702) a service request submitted by a user at client device 104. In some embodiments, the user uses a user terminal Such as a mobile phone, a personal computer, and a tablet computer to submit the service request to the service server through a payment/transaction application, a service Submission web page, an instant messaging client, a simple notification Service (SNS) client, or the like. In some embodiments, the service request includes a login request, a transaction request, a payment request, a session request, and the like, where the transaction request and the payment request may include payment information Such as a transaction order and a payment amount.”); 
See further ZHANG at 0103-104 (disclosing the user device as the “client device” with an “interface for the payment/transaction application,” such that the “user of client device 104 . . . is the administrator of the account used to initiate the transaction at the resource provider POS terminal”).
Claim Interpretation: (I) The present limitation does not recite from what device the service provider receives the message, only that it receives an authorization message.
(II) The present application describes the resource provider as follows: 
[0019] A "resource provider" may be an entity that manages access to one or more resources. Examples of resource providers may include merchants, vendors, suppliers, owners, traders, and the like. In some embodiments, such entities may be a single individual, small groups of individuals, or larger groups of individuals (e.g., 25 companies). Resource providers may be associated with one or more physical locations (e.g., supermarkets, malls, stores, etc.) and online platforms (e.g., mobile applications, e-commerce websites, online companies, etc.). In some embodiments, resource providers may make available physical items (e.g., goods, products, etc.) to the user. In other embodiments, resource providers may make available digital resources (e.g., 30 electronic documents, electronic files, etc.) to the user. 
Spec. at 0019.  Thus, ZHANG at 0103-104 discloses using the user device with a resource provider, as cited above.
1.3		 determining, based on the authorization request message, a level of risk associated with the transaction;
ZHANG at 0109 (“In some embodiments, the service server detects (704) a security risk in the service request. In some embodiments, in accordance with a preset risk assessment mechanism, the service server performs a risk assessment process on the service request. For example, the service server determines whether the payment amount of the service request exceeds a daily payment limit predetermined by the user, whether a previous login of the user to the service server had a security risk, whether the good or service corresponding to the service request has a security risk, or the like.”); 
ZHANG at 0110 (“If the service server determines that the service request has a security risk, the service server performs step 706. Additionally and/or optionally, in some embodiments, the service server further assigns a security risk level to the service request according to the preset risk assessment mechanism. For example, the security risks are classified into high, medium, and low risk levels. If the service request is assigned a high risk level, the service server rejects the service request. If the service request is assigned a low risk level, the service server performs the service request and returns a message indicating that the service processing is successful. If the service request is assigned a medium risk level, the service server performs step 706”). 
1.4		determining that the level of risk is greater than a threshold value;
1.5		determining, at the service provider, that the transaction is provisionally declined based on the level of risk being greater than the threshold value;
[0110] If the service server determines that the service request has a security risk, the service server performs step 706. Additionally and/or optionally, in some embodiments, the service server further assigns a security risk level to the service request according to the preset risk assessment mechanism. For example, the security risks are classified into high, medium, and low risk levels. If the service request is assigned a high risk level, the service server rejects the service request. If the service request is assigned a low risk level, the service server performs the service request and returns a message indicating that the service processing is successful. If the service request is assigned a medium risk level, the service server performs step 706.
ZHANG at 0110, Fig. 7 (disclosing the “medium risk level” as the recited provisional decline, such that the server will perform step 706, to obtain biometric data, before any authorization is performed at steps 712, 714).
Claim Interpretation: The phrase provisionally declined simply means that a transaction is declined and not yet approved.  The term provisional carries no patentable weight as a modifier that would somehow distinguish a declined transaction over a suspended one.
1.6		upon determining that the transaction is provisionally declined and before generating and transmitting an authorization response message declining the transaction: 
ZHANG at 0112-13 (“after detecting a security risk in step 704, the service server sends the voice verification request to the voice processing system. The Voice verification request instructs the Voice processing system to establish Voice communication with the user using the Voice contact information included in the Voice verification request.”).
		 obtaining, from the one or more supplemental devices, the context data that comprises input collected by the one or more supplemental devices at a time of the transaction without user intervention;
ZHANG at 0116 (“In some embodiments, the voice processing system sends (712) the obtained verification information to the service server.”); ZHANG at 0114 (disclosing the input from the supplemental device) (“In some embodiments, the voice processing system obtains (710), by means of the voice communication, the verification information from the user of client device 104. In some embodiments, during voice communication with the voice processing system, the user uses a physical keypad or virtual keys on the user terminal to enter, according to the prompt of the voice processing system, corresponding information related to voice verification request.”).
Claim Interpretation: (I) The recitation to without user intervention applies to the function of the recited supplemental devices—but the supplemental device is not part of the claimed computer-implemented method (claim 1) or the service provider computer (claim 9).  Whether the supplemental context data is received by the supplemental device with or without user intervention has no effect on the claimed function of the service provider obtaining the context data.  Moreover, the limitation does not recite to how the service provider computer obtains the context data; whether it is actually obtained from the supplemental device is not recited.  The scope now is broad enough to encompass the resource provider computer obtaining the context data from any computer or entity.  
(II) Examiner finds support for the recitation to without user intervention at paragraphs 0066-67 of the Specification, describing the function of the “biomonitor device 506.”  This involves no prompt or action of the user because the user is wearing the device that transmits the biometric contextual data.  Thus, the data is obtained without user intervention.  This embodiment without user intervention is in contrast to the “user action” embodiment described in the Specification at paragraph 0073, where the contextual data is obtained with user intervention.  Spec. at 0073 (“User action data may include any indication of actions previously performed by a user. For example, user action data may 25 include data on a search (i.e., an Internet search) performed by the user or websites visited by the user. In some embodiments, user action data may include clickstream data indicating mouse clicks and other user actions.”).  Examiner interprets the recitation to without user intervention at the independent claim to preclude any embodiments of obtaining contextual data via user action, i.e., with user intervention.  See MPEP 2173.05(i) Negative Limitations (“If alternative elements are positively recited in the specification, they may be explicitly excluded in the claims.”).
1.7		determining a degree to which the context data supports an authenticity of the user;
ZHANG 0117 (“In some embodiments, the service server performs (714) service processing on the service request according to the verification information from the user. In some embodiments, the service server verifies the obtained verification information by determining whether the verification information is the same as the related information corresponding to the service request (e.g., by comparison).”); 
ZHANG at 0118 (“alternatively and/or additionally, in some embodiments, the Verification information includes Voice information from the user. In this event, the service server performs voice recognition on the voice information to verify that the Voice signature in the Voice information matches a voice signature corresponding to the user of the account used to initiate the transaction.”); ZHANG at 0119 (“if the verification succeeds, the security risk is downgraded by one level; in other words, it is determined that the current service request has a lower risk. If the verification fails, the security risk is upgraded by one level; in other words, it is determined that the current service request has a higher risk.”).
1.8		 adjusting the level of risk based on the degree to which the context data supports the authenticity of the user;
ZHANG at 0119 (“Further, in some embodiments, the service server adjusts the security risk level assessment of the current Service request according to the verification result. For example, if the verification succeeds, the security risk is downgraded by one level; in other words, it is determined that the current service request has a lower risk. If the verification fails, the security risk is upgraded by one level; in other words, it is determined that the current service request has a higher risk.”).
1.9		approving the transaction if the adjusted level of risk is less than the threshold value;
ZHANG at 0119 (“Further, in some embodiments, the service server adjusts the security risk level assessment of the current Service request according to the verification result. For example, if the verification succeeds, the security risk is downgraded by one level; in other words, it is determined that the current service request has a lower risk. If the verification fails, the security risk is upgraded by one level; in other words, it is determined that the current service request has a higher risk.”); ZHANG at 0110 (“Additionally and/or optionally, in some embodiments, the service server further assigns a security risk level to the service request according to the preset risk assessment mechanism… If the service request is assigned a low risk level, the service server performs the service request and returns a message indicating that the service processing is successful.”).
1.10		 generating the authorization response message indicating whether the transaction is approved or declined; and
[0164] In accordance with at least a determination that the voice verification information matches (1028) the stored account verification data corresponding to the account, the server system: processes (1030) the transaction; and instructs (1032) the first device to complete the transaction and to replace display of the first interface on the first device with a second interface indicating completion of the transaction. In some embodiments, in addition to handling security verification, the server is a payment server that also processes the transaction or causes the transaction to be processed by another server (e.g., a server associated with a credit card company). FIG. 5C, for example, shows notification 530 displayed on the first device (e.g., POS device 122, FIGS. 1 and 3), which indicates that the transaction has been processed.
ZHANG at 0164. Further, ZHANG at 0133 (“In some embodiments, the payment server sends (818) an online payment result to the first device.”); ZHANG at 0150 (“In accordance with a determination that the obtained verification information matches the stored account verification data, the server performs (912) the service request.”).
1.11		 transmitting the authorization response message to the resource provider.
ZHANG at 0164 (“the server is a payment server that also processes the transaction or causes the transaction to be processed by another server (e.g., a server associated with a credit card company”).
	While ZHANG discloses a message that serves the same function as the recited authorization response message, in the “instruct[ion] to the first device (1032) to complete the transaction,” where the “the server is a payment server that also processes the transaction or causes the transaction to be processed by another server.” 
	However, ZHANG does not explicitly disclose: (at 1.6) [the input collected] without user intervention; (at 1.10, 1.11) the authorization response message.
	PURVES discloses the remaining elements:
1.6		upon determining that the transaction is provisionally declined and before generating and transmitting an authorization response message declining the transaction: 
		 obtaining, from the one or more supplemental devices, the context data that comprises input collected by the one or more supplemental devices at a time of the transaction without user intervention;
[0068] In another example, the authentication process may involve the merchant system 177 sending an authentication request to the WIVD device 171, which in response detects the requested biometric information 173 of the user 170. Instead of transmitting the detected biometric information 173 to the merchant system 177, however, the WIVD device 171 may transmit the detected biometric information 173 along with an authentication request to the WIVD server 178 for verification.
PURVES at 0068 (disclosing the WIVD device, supplemental device, transmitting the biometric information obtained without user intervention to the server);  PURVES at 0077 (explicitly disclosing this is automatic) (“As another example, a pair of WIVD glasses may automatically submits retina/iris scanning information to a WIVD payment server when a wallet payment authorization request is received”); PURVES at 0057 (“In one embodiment, a WIVD device may take a form of various wearable devices that can be worn or attached to a human body in a similar manner as a general purpose gadget for daily life use; the WIVD device may be worn by a user in close contact or within proximity of the human body so that the WIVD device may capture and/or sense user biological characteristics data, such as, but not limited to heart rates, pulse rates, body movements, blood pressure, vision focus, brain wave, and/or the like. Examples of a WIVD device may include, but not limited to a pair of glasses, headbands, headphones, neck straps, neck collars, wrist watches, wrist bands, keychain fobs, tokens, footwear, and/or the like.”); See with PURVES at 0066 (disclosing the recited devices and server functioning as in in the present application) (“The WIVD device 171 and/or the mobile device 172 may communicate (e.g., via the Internet, NFC, WiFi, etc.) directly with either or both of the merchant system 177 and WIVD server 178, and the merchant system 177 and the WIVD server 178 may be communicatively linked as well.”).
1.10		 generating the authorization response message indicating whether the transaction is approved or declined; and
1.11		 transmitting the authorization response message to the resource provider.
[0077] In another implementation, biological characteristics captured by WIVD devices may be used for consumer identity verification for fraud prevention. For example, a consumer may be prompted to submit biological data while engaging a mobile wallet payment, such as but not limited to retina/iris scanning by WIVD glasses, finger print reading by WIVD wrist watch (e.g., equipped with a fingerprint reader, etc.). As another example, a pair of WIVD glasses may automatically submits retina/iris scanning information to a WIVD payment server when a wallet payment authorization request is received, so that the payment server may determine wallet account holder identity based on correlation, e.g., whether the transaction originates from the same location of the WIVD devices, whether the submitted biological information matches the record of the wallet holder, etc.
[0360] In some embodiments, the pay network server may forward a transaction authorization response, e.g., 4032, to the user wallet device, PoS client, and/or merchant server. The merchant may obtain the transaction authorization response, and determine from it that the user possesses sufficient funds in the card account to conduct the transaction.
PURVES at 0077, 0360 (disclosing the “authorization request” sent to the server and the “authorization response” transmitted from the server to the user/POS device.”).
	Where ZHANG discloses the server, supplemental device, and user device, such that the server performs the recited steps involving an initial transaction risk determination, and responsive to, obtaining biometric context data prior to determine whether to decline or authorize a transaction; and where PURVES discloses that the supplemental device collects the context data without intervention, and subsequently generates and transmits an authorization response message—It would be obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the server of ZHANG to obtain context data from a supplemental device without user intervention, and for the ZHANG message to be an authorization response message, because each of these modifications can be performed the same alone as in combination, to a predictable result.
	Therefore independent claims 1 and 9 are rendered obvious by ZHANG in view of PURVES.

	Regarding claim 2 PURVES further discloses: The method of claim 1,
		wherein the degree to which the context data supports the authenticity of the user is weighted based on a type of supplemental device from which the context data was received.  
[0090] In one implementation, the WIVD device may generate a second degree payment request for a two-factor authentication of the social pay 156c. For example, in one implementation, John's WIVD device may communicate with Jen's WIVD device via an optical message 157c, e.g., "blinking," to send a social payment request to Jen. In another implementation, John 120b may send a social payment request message via the wallet platform to Jen, e.g., 158. In one implementation, the WIVD device may query back the previously stored verbal commands to establish two-factor verification of a social payment request 156d. For example, the WIVD may extract information from a wallet social pay message 158, e.g., the transferee name "John Smith," and queried the recently captured verbal commend 157a to capture whether there is a verbal command from "John Smith." If the WIVD determines there is a match, the WIVD may establish a two-factor authentication of the potential social payment from Jen to John 163a, and proceed to social payment fund transfer 156e.
PURVES (disclosing one type for initiating the payment request and a second type to complete the two-factor authentication such that the server assigns a first weight for the first type and a second weight for the second type).
	Therefore claim 2 is rendered obvious by ZHANG in view of PURVES.

	Regarding claim 3, ZHANG discloses:  The method of claim 1, 
		wherein at least one of the one or more supplemental devices is an Internet of Things (IoT) device.
ZHANG at 0030-31 (disclosing IoT embodiments for the supplemental device).  
	Therefore claim 3 is rendered obvious by ZHANG in view of PURVES.

	Regarding claim 4, ZHANG further discloses: The method of claim 1,
		wherein the context data comprises at least one of audio data, image data, biometric data, or user action data. 
ZHANG at 0115 (“Alternatively, in some embodiments, the user pro vides the verification information to the Voice processing system by means of voice.”).  
	Therefore claim 4 is rendered obvious by ZHANG in view of PURVES.

	Regarding claim 5, ZHANG further discloses: The method of claim 1,
		wherein the threshold value represents a level of risk that the service provider is willing to undertake. 
ZHANG at 0110 (“For example, the security risks are classified into high, medium, and low risk levels. If the service request is assigned a high risk level, the service server rejects the service request. If the service request is assigned a low risk level, the service server performs the service request and returns a message indicating that the service processing is successful. If the service request is assigned a medium risk level, the service server performs step 706.”).  	Therefore claim 5 is rendered obvious by ZHANG in view of PURVES.

	Regarding claim 6, ZHANG further discloses: the method of claim 1,
		wherein the level of risk associated with the transaction is determined based at least in part on historical transaction data for the user. 
ZHANG at 0110 (“In some embodiments, the service server detects (704) a security risk in the service request. In some embodiments, in accordance with a preset risk assessment mechanism, the service server performs a risk assessment process on the service request. For example, the service server determines whether the payment amount of the service request exceeds a daily payment limit predetermined by the user, whether a previous login of the user to the service server had a security risk, whether the good or service corresponding to the service request has a security risk, or the like.”).  
	Therefore claim 6 is rendered obvious by ZHANG in view of PURVES.

	Regarding claim 7, The method of claim 1, PURVES further discloses:
		wherein obtaining context data from the one or more supplemental devices comprises contacting one or more application servers associated with the one or more supplemental devices
In one implementation, the mobile component 205a may communicate with an WIVD server 210 (e.g., being located with the Visa processing network) via wallet API calls 251a (e.g., PHP, JavaScript, etc.) to check-in with the WIVD server. In one implementation, the WIVD server 210 may retrieve consumer profile at an WIVD database 219 (e.g., see 218/220 in FIG. 2A).
PURVES at 0150 (disclosing that the supplemental device has a wallet API which communicates with the WIVD server).  ZHANG discloses the Payment Server and Voice Processing System as part of the Server System 108 such that the Voice Processing System is the server that establishes voice communication with the second supplemental device, and communicates with the payment server at Fig. 8 (814).  ZHANG at 0124, 0130.  PURVES discloses that the WIVD device may communicate with a WIVD server via API calls
	Therefore claim 7 is rendered obvious by ZHANG in view of PURVES.

	Regarding claim 8, the method of claim 7 further comprising, PURVES discloses: 
		providing, by the service provider, login credentials to the one or more application servers to obtain the context data from the one or more application servers.  
PURVES at 0066 (disclosing the WIVD device communicating with the WIVD device through the application server of the mobile device); PURVES at 0126 (“using a mobile device such as iPhone, the consumer may initially enter a device ID such as an Apple ID to get into the device. In one implementation, the device ID may be the ID used to gain access to the WIVD application. As such, the WIVD may use the device ID to identify the consumer and the consumer need not enter another set of credentials.”).
	Therefore claim 8 is rendered obvious by ZHANG in view of PURVES.

	Regarding claim 10, PURVES discloses: The method of claim 1,
		wherein the instructions further cause the service provider computer to maintain an association between one or more additional supplemental devices and at least one resource provider 
[0058] FIGS. 1A-1 and 1A-2 provide example structures of exemplary WIVD devices in the form of a wrist watch and a pair of glasses within embodiments of the WIVD. As shown in FIG. 1A-1, the WIVD device within embodiments may take a form similar to a wrist watch (and/or a wrist band, a headband, a neck collar, etc.). The WIVD watch 103a may comprise a LCD display screen 106a at its front surface 130a.1. In one implementation, the WIVD watch 130a may comprise a wireless receptor (e.g., WiFi, 3G, Bluetooth, Near Field Communication chips, etc.), so that the WIVD watch 130a may wirelessly communicate with a user mobile wallet, a merchant system, or a WIVD server. In one implementation, the WIVD watch may comprise a GPS component 106c to obtain user location.
PURVES at 0058.  Therefore claim 10 is rendered obvious by ZHANG in view of PURVES.

	Regarding claim 11, ZHANG further discloses:
		obtain additional context data from at least one of the one or more additional supplemental devices, the at least one of the one or more additional supplemental devices comprising supplemental devices associated with a resource provider indicated in the authorization request message.
[0122] A user submits (802) a payment request to a payment server through a first device (e.g., POS device 122). Specifically, the first user terminal in this embodiment is an Internet enabled device such as a personal computer, a tablet computer, a smart phone, or the like, which can submit the payment request to the payment server through a payment/transaction application, an online transaction web page, an instant messaging client, an SNS client, or the like. In some embodiments, the payment request includes payment information such as a transaction identifier or order number and a payment amount.
ZHANG at 0122.
	However, ZHANG does not explicitly disclose: additional supplemental devices or  additional context data.
	PURVES discloses:
		obtain additional context data from at least one of the one or more additional supplemental devices, the at least one of the one or more additional supplemental devices comprising supplemental devices associated with a resource provider indicated in the authorization request message.
[0058] FIGS. 1A-1 and 1A-2 provide example structures of exemplary WIVD devices in the form of a wrist watch and a pair of glasses within embodiments of the WIVD. As shown in FIG. 1A-1, the WIVD device within embodiments may take a form similar to a wrist watch (and/or a wrist band, a headband, a neck collar, etc.). The WIVD watch 103a may comprise a LCD display screen 106a at its front surface 130a.1. In one implementation, the WIVD watch 130a may comprise a wireless receptor (e.g., WiFi, 3G, Bluetooth, Near Field Communication chips, etc.), so that the WIVD watch 130a may wirelessly communicate with a user mobile wallet, a merchant system, or a WIVD server. In one implementation, the WIVD watch may comprise a GPS component 106c to obtain user location.
PURVES at 0058; see further PURVES at 0090 (disclosing two-factor authentication using biometric context data).
	Therefore claim 11 is rendered obvious by ZHANG in view of PURVES.

	Regarding claim 12, depending from claim 9, PURVES further discloses:
		the association between one or more supplemental devices and the user is established when the user enrolls the one or more supplemental devices with the service provider computer.
The WIVD server 178 may then use the information to query a database 179 for a user profile associated with the user 170. The user profile, for example, may have been created by the user 170 using an online registration system associated with the WIVD server 178, an app associated with the WIVD server 178 running on the user's 170 mobile device 172, a registration system on the WIVD device's 171 (e.g., a WIVD eyewear 171 may use voice prompts and voice detection technology to guide the user 170 through the registration process to create a user profile, and transmit detected biometric information 173 to the WIVD server 178 to be stored as part of the user profile), etc.
Claim Interpretation: This limitation is squarely outside the scope of independent claim 9, from which it depends, because it positively recites a function performed by the user (a person) with the respect to the supplemental devices, which are also not claimed within the scope of independent claim 9.  What is within the scope, is for the service provide to receive an enrollment request; however, that it is not what is recited here.
	Therefore claim 12 is rendered obvious by ZHANG in view of PURVES.

	Regarding claim 15, ZHANG further discloses:
		the degree to which the context data supports the authenticity of the user comprises a numeric value by which the level of risk should be adjusted. 
ZHANG at 0132 (“Further, in some embodiments, the payment server adjusts the security risk level assessment of the current payment request according to the Verification result. For example, if the verification Succeeds, the security risk is downgraded by one level; in other words, it is determined that the current payment request has a lower risk. If the verification fails, the security risk is upgraded by one level; in other words, it is determined that the current payment request has a higher risk. In some embodiments, the payment server sends (818) an online payment result to the first device.”).
	Therefore claim 15 is rendered obvious by ZHANG in view of PURVES.

	Regarding claim 16, ZHANG further discloses:
		adjusting the level of risk by the degree to which the context data supports the authenticity of the user comprises subtracting the numeric value from the level of risk. 
ZHANG at 0132 (“Further, in some embodiments, the payment server adjusts the security risk level assessment of the current payment request according to the Verification result. For example, if the verification Succeeds, the security risk is downgraded by one level; in other words, it is determined that the current payment request has a lower risk. If the verification fails, the security risk is upgraded by one level; in other words, it is determined that the current payment request has a higher risk. In some embodiments, the payment server sends (818) an online payment result to the first device.”).
	Therefore claim 16 is rendered obvious by ZHANG in view of PURVES.

	Regarding claim 17, ZHANG further discloses:
17.1		receiving, by a processor computer, an authorization request message comprising interaction data for an interaction between a user and a resource provider;
ZHANG at 0122 (“A user submits (802) a payment request to a payment server through a first device (e.g., POS device 122). Specifically, the first user terminal in this embodiment is an Internet enabled device Such as a personal computer, a tablet computer, a Smart phone, or the like, which can Submit the payment request to the payment server through a payment/ transaction application, an online transaction web page, an instant messaging client, an SNS client, or the like. In some embodiments, the payment request includes payment information Such as a transaction identifier or order number and a payment amount.”).
ZHANG at 0106 (“In an example usage scenario, when a user is standing in front of a POS device in a store, and after making a selection for remote entry of required verification information (e.g., as shown in FIG. 5A), the POS device displays the notification regarding Suspension of the transaction (e.g., as shown in FIG. 5B).”).
17.2		initially determining, by the processor computer, that the interaction is uncharacteristic for the user;
ZHANG at 0123 (“In some embodiments, the payment server detects (804) a security risk in the payment request. In some embodiments, in accordance with a preset risk assessment mechanism, the payment server performs a risk assessment process on the payment request. For example, the payment server determines whether the payment amount of the payment request exceeds a daily payment preset by the user, whether a previous login of the user to the payment server had a security risk, whether the good or service corresponding to the payment request has a security risk, or the like.”).
17.3		obtaining, by the processor computer, further information regarding the user, the further information obtained using one or more sensors proximate to the user during the interaction; 
ZHANG at 0125 (“In some embodiments, the payment server sends (806) a payment processing Suspension notification to the first device. As such, the payment server notifies the user that the payment request has a security risk and that the user needs to provide verification information, by means of voice communication with the Voice processing system, in order for the payment server to process the payment request.”).
in some embodiments, the Voice processing system obtains (812), by means of the voice communication, the verification information from the user of the second device. (ZHANG 0128); 
in some embodiments, the voice processing system sends (814) the obtained verification information to the payment Server. (ZHANG 0130)]
17.4		evaluating, by the processor computer, the interaction using the further information; and 
ZHANG at 0131 (“In some embodiments, the payment server processes (816) the payment request according to the verification information. In some embodiments, the payment server verifies the verification information by determining whether the Verification information matches stored information corresponding to the verification content information.”).
17.5		generating, by the processor computer, an indication of approval of the interaction after evaluating the further information and initially determining that the interaction is uncharacteristic for the user.
ZHANG at 0106 (“Once the server receives and verifies the voice input received from the registered device of the user, the server sends a confirmation to the POS device, and the POS device displays the notification indicating that the Voice verification has been completed, and the transaction has been processed (as shown in FIG.5C). The entire transaction process is completed within the same session at the POS device in real-time, while the user is waiting in front of the POS device.”).
	Therefore claim 17 is rendered obvious by ZHANG in view of PURVES.

	Regarding claim 18, depending from claim 17, ZHANG further discloses:
		the further information comprises context data obtained from one or more supplemental devices having the one or more sensors. 
ZHANG at 0129 (‘Alternatively, in some embodiments, the user provides the verification information to the Voice processing system by means of Voice. For example, the user reads the information related to the service request according to the prompt during the Voice communication. The Voice processing system obtains the Voice information which serves as the verification information, and returns the obtained voice information to the service server. Further optionally, the voice processing system prompts the user to read a sentence (e.g., the verification content information, or another piece of information such as ‘I am XX, and I confirm this payment’). The Voice processing system sends the whole piece of voice information to the service server as a service credential of this service request.”).
	Therefore claim 17 is rendered obvious by ZHANG in view of PURVES.

	Claims 13-14 are rejected under 35 U.S.C. § 103 over ZHANG, in view of PURVES, and in further view of MAHESHWARI (US Patent Application Publication 2018/0025356 A1).

	Regarding claim 13, ZHANG in view of PURVES, discloses the service provider computer of claim 9.  
	However, the combination of ZHANG in view of PURVES does not explicitly disclose: wherein the level of risk associated with the transaction is determined based at least in part on a resource provider associated with the transaction.
	 MAHESHWARI discloses:
13.1		wherein the level of risk associated with the transaction is determined based at least in part on a resource provider associated with the transaction.
[0182] If the Fraud Engine 118 determines, at step 500, that the authentication is associated with an in-App purchase, then the Fraud Engine 118 generates, at step 502, the current location of the device 10 and determines, 504, if the current location falls within a set of secure locations. If so, then the Fraud Engine 118 increments, at step 506, the Confidence Level. For example, safe locations include: [0183] (a) home address of the device owner; [0184] (b) shipping address of device owner; and [0185] (c) office address of device owner
[0193] If the Fraud Engine 118 determines, at step 508, that the user has previously made a successful purchase with the same merchant, then the Fraud Engine 118 increments, at step 510, the Confidence Level. Further, the Fraud Engine 118 checks, at 512, to determine if the repeat purchase was recently made. If so, then the Fraud Engine 118 increments, at step 514, the Confidence Level.
[0200] The Fraud Engine 118 checks, at step 516, to see if the site where the purchase is being made is suspicious. If found to be suspicious, then the Fraud Engine 118 decrements, at step 518, the Confidence Level.
MAHESHWARI at 0182, 0193, 0200.
	MAHESHWARI is analogous art to ZHANG and PURVES, as the invention of MAHESHWARI involves “a computer device for monitoring for fraudulent activity . . .  to perform the steps of: (i) receiving instructions to determine a confidence level; (ii) determining a confidence level by monitoring one or more of the following: sensor data; user behaviour; payment history; security level; connected devices; and location data; and (iii) returning said confidence level, wherein the confidence level represents a relative risk of fraudulent activity.” MAHESHWARI at 0020-32.
	Where ZHANG discloses the server, supplemental device, and user device, such that the server performs the recited steps involving an initial transaction risk determination and obtaining biometric context data; and where PURVES discloses the one or more supplemental devices; and where MAHESHWARI further discloses determining the level of risk based on the resource provider associated with the transaction —It would be obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the server of ZHANG to obtain context data from a supplemental device without user intervention, as in PURVES, to include the risk determination of MAHESHWARI, because the server of ZHANG in combination with PURVES can perform the risk determination steps of MAHESHWARI the same alone, as in combination, to a predictable result.
	Therefore claim 13 is rendered obvious by ZHANG, in view of PURVES, and further in view of MAHESHWARI.

	Regarding claim 14, the service provider computer of claim 13 service provider computer of claim 13, MAHESHWARI discloses:
14.1		wherein the level of risk associated with the transaction is inversely correlated to a level of trustworthiness associated with the resource provider.
[0157] As shown in FIG. 3, the Fraud Engine 118 is used to determine a Confidence Level of the authentication procedure. The Confidence Level is preferably a number which reflects the level of trust that should be associated with the procedure. The Fraud Engine 118 preferably performs the steps 400 shown in FIG. 4 to determine the Confidence Level.
	Therefore claim 14 is rendered obvious by ZHANG, in view of PURVES, and further in view of MAHESHWARI.

Relevant Prior Art Not Relied Upon
	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
O'CONNELL US 20120204257 A1 
[0022] FIG. 1 is a schematic diagram illustrating a set of processes 105, 140 transparently determining user identity based on data of user interactions with a touchscreen-equipped device during a browser session in accordance with an embodiment of the inventive arrangements disclosed herein. Processes 105, 140 can be performed in the context of method 200 and system 300. In process 105, a user 116 can interact with a Web site 120 via a client touchscreen device 110. Client touchscreen device 110 can be a touchscreen 112 enabled device, such as a smartphone, permitting user 116 to use hand 118 to interact with site 120. As user 116 browses site 120, interaction data 124 can be collected and persisted within data store 130. That is, interaction data 124 (e.g., scrolling/zooming actions) indicative of user interactions with client computing device 110 having touchscreen 112 during a browser session can be collected. Collected data (e.g., data 124) can be submitted during authentication process 140 to verify user identity. In process 140, user provided login information 150 can be communicated with interaction data 124 to authenticate user 116. That is, data 124 can be utilized within a ""two factor"" authentication process to uniquely identify user 116. It should be appreciated that the solution can be an active or a passive authentication solution. For example, embodiments of the present invention can be utilized to continuously (e.g., periodically) confirm a user identity throughout a browser session.
VAN OS US 20170339151 A1 
[0151] It shall be understood that the foregoing discussion regarding event handling of user touches on touch-sensitive displays also applies to other forms of user inputs to operate multifunction devices 100 with input devices, not all of which are initiated on touch screens. For example, mouse movement and mouse button presses, optionally coordinated with single or multiple keyboard presses or holds; contact movements such as taps, drags, scrolls, etc. on touchpads; pen stylus inputs; movement of the device; oral instructions; detected eye movements; biometric inputs; and/or any combination thereof are optionally utilized as inputs corresponding to sub-events which define an event to be recognized.
SHEETS US 20130232073 A1 
[0069] Biometric artifact validation module 362 is configured to determine whether the biometric digital artifact generated by the biometric artifact generation module 276 (FIG. 2) of consumer device 110 (FIG. 2) is valid. To determine whether the received biometric digital artifact is valid, the biometric artifact validation module 362 may compare the received biometric digital artifact against a previously stored valid biometric digital artifact for the particular payment user in the user fraud profile database 350. The comparison may be carried out using fuzzy logic. That is, the received biometric digital artifact need not be, and likely won't be, an exact match to the previously stored valid biometric digital artifact to be considered valid. It is expected that each biometric digital artifact for a particular payment user generated for each payment transaction will be different because of variances in the received user biometric data. For example, a user may not scan their fingerprint biometric data in the exact same location on the biometric sensor 220 (FIG. 2) each and every time. In another example, a user's biometric voice sample may not be spoken in the same tone each and every time. In some embodiments, if the payment user is initiating a payment transaction for the first time, there may not be a previously stored valid biometric digital artifact and as such, the first received biometric digital artifact may be considered valid and used for purposes of comparison for future received biometric digital artifacts.
MOKHASI US 20180332036 A1 
[0061] Turning to the contents of the memory 202 in more detail, the memory 202 may include an operating system 208, a database containing network data (e.g., the user profile data store 212) and the one or more application programs or services for implementing the features disclosed herein, including a transaction module 210. [0062] In some embodiments, the transaction module 210 may, in conjunction with the processor 204, be configured to receive data from the application 117 of FIG. 1 and initiate a transaction on behalf of a user. In some embodiments, the user may be associated with an account or profile stored at the service provider computer(s) 126 (e.g., at user profile data store 212. In some embodiments, the transaction module 210 may include an authentication engine 210A and an authorization engine 210B. The authentication engine 210A may be a software or hardware module configured to initiate an authentication process on the computing device 104 (e.g., via an initiation request) and receive biometric data of a user (e.g., an iris scan, a retina scan, and the like, via an authentication request message). Upon receipt of biometric data, the authentication engine 210A may perform a number of image recognition techniques in order to determine whether the received data matches stored user profile data (e.g., an iris scan or a retina scan previously-submitted by the user as a baseline image). The authentication engine 210A may be configured to trigger a process performed by the authorization engine 210B when the received data matches the stored user profile data. The authentication engine 210A may further be configured to cancel a transaction and/or provide feedback via application 117 (e.g., via a authentication response message) when the received data does not match the stored user profile data.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEFFREY L LICITRA whose telephone number is (571)272-5340. The examiner can normally be reached 9:00AM-5:00PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on 571-270-1492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

J.L.L.
Examiner
Art Unit 3685



/NEHA PATEL/Supervisory Patent Examiner, Art Unit 3685