DETAILED ACTION
Acknowledgements
This Office Action is in response to Applicant’s response filed on 9/30/21.
The Examiner notes that citations to United States Patent Application Publication paragraphs are formatted as [####], #### representing the paragraph number.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Status of Claims
Claims 1-10, 12-18 are currently pending.
Claims 1-10, 12-18 are rejected as set forth below.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Response to Arguments	
Claim Rejections - 35 U.S.C. § 103
Applicant’s arguments with respect to claims 1-10, 12-18 have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection.

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 1-6, 8-10, 12-17 are rejected under 35 U.S.C. 103(a) as being unpatentable over United States Patent Application Publication No. 20170061441 to Kamal in view of United States Patent Application Publication No. 2017/0024719 to Finch and United States Patent Application Publication No. 2017/0364919 to Ranganath.
As per claims 1, 12¸ Kamal teaches:
A secondary authentication system for obtaining real-time cardholder authentication of a payment transaction associated with a cardholder's payment card, the secondary authentication system being a component of an interchange network, said secondary authentication system comprising: a memory device for storing data; and a processor communicatively coupled to said memory device, said processor programmed to: ([0014], “Moreover, as used herein the terms “payment card system” and/or “payment network” refer to a system and/or network for processing and/or handling purchase transactions and related transactions, which may be operated by a payment card system operator such as MasterCard International Incorporated, or a similar system.”)
receive from a mobile device associated with a cardholder: account registration information, the account registration information including a primary account number corresponding to a payment account of the cardholder and mobile device identification data corresponding to the mobile device; account credentials comprising a login identifier and a password; a biometric profile of the cardholder, the biometric profile including a digital representation of a select physical feature of the cardholder; generate a new cardholder account, the new cardholder account including the account registration information and secondary authentication restrictions; store the new cardholder account and the biometric profile on the memory device; ([0029] – [0031], [0033], “In some embodiments, a consumer or user or cardholder may be required to participate in a consumer mobile device registration and user authentication enrollment process before user authentication processing in accordance with methods described herein can occur. In some implementations, such a registration process may include a user or consumer or cardholder operating his or her consumer mobile device to interact with one or more payment processing systems or networks (not shown). For example, in a payment processing network example, a cardholder may register information associated with a financial institution associated with the user's or cardholder's payment account (such as a credit card issuer bank which issued a credit card account and/or a debit card account to the user or consumer)…. The payment processing network server may then generate and transmit a consumer registration request challenge message to the consumer's mobile device prompting the user to provide biometric data for use in authentication of that user…. As part of the user enrollment process, the user may transmit a consumer device identifier (ID) and/or a mobile directory number (“MDN”) from the consumer mobile device to an entity, such as a payment processing network server or issuer financial institution.”)
receive, from a point-of-sale terminal, a payment authorization request message including a primary account number corresponding to a payment account of the cardholder and comparing the primary account number from a payment authorization request message to the cardholder account; ([0026], “For example, the proximity payment controller 138 may provide information, such as a user's payment card account number, when the consumer uses the mobile telephone 102 to conduct a purchase transaction with a POS terminal associated with a merchant.”) 
Kamal does not explicitly teach, but Finch teaches:
determine whether the payment account requires secondary authentication by the cardholder for the payment transaction; if, based on the determination, the payment transaction requires secondary authentication, interrupt a normal transaction process by placing the payment transaction on hold; identify a mobile device associated with the payment account of the cardholder based on the mobile device identification data; transmit an authentication request message to the identified mobile device; receive from the mobile device an authentication response message including a biometric sample of the select physical feature of the cardholder, and determine whether the biometric sample corresponds to the biometric profile of the cardholder. ([0048], “In various embodiments, authentication module 121 can verify the identity of consumer 125. For example, authentication module 121 can verify the identity of consumer 125 using a personal identification number (PIN), a password, one or more fingerprints, voice recognition, other biometrics (e.g., mobile phone bio-measurements), and/or other suitable authentication methods, to ensure that consumer 125 is authorized to associate mobile application 123 with consumer account 131 and/or make payments using mobile application 123.”; Fig. 4, [0095] – [0097], The mobile device receives an additional authentication request and responds with biometric information)
One of ordinary skill in the art would have recognized that applying the known technique of Finch to the known invention of Kamal would have yielded predictable results and resulted in an improved invention. It would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such transaction authorization features into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the invention to authorize a transaction based on a determined secondary authentication restriction results in an improved invention because applying said technique ensures that additional security measures are satisfied before authorizing the transaction, thus improving the overall security of the invention.
Kamal as modified does not explicitly teach, but Ranganath teaches:
receiving, from a mobile device associated with a card holder, a secondary authentication restriction, and storing the secondary authentication restriction in the user profile; ([0056], “As an additional option, a user may create a profile with multiple gestures including high security gestures, medium security gestures, and low security gestures. The high security gestures may include a combination of gestures or other authentication measures and may be used for high risk transactions, such as transactions involving transfer of funds or withdrawal of funds. Risk may also be evaluated based on geo-location enabled by the mobile device, such that specific transactions from specific locations may require a high degree of authentication.”)
One of ordinary skill in the art would have recognized that applying the known technique of Ranganath to the known invention of Kamal as modified would have yielded predictable results and resulted in an improved invention. It would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such payment authentication features into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying invention to receive and store a secondary authentication restriction from the card holder results in an improved invention because applying said technique ensures that the card holder is able to specify various security policies based on their risk tolerance for various situations, thus improving the overall security of the invention.

As per claims 2, 13, Kamal teaches:
said processor programmed to transmit the payment authorization request message to an issuer upon receipt of the authentication response message being indicative that the payment transaction is authorized. ([0063])
As per claims 3, 14, Finch teaches:
said transmitting the authentication request message to the identified mobile device comprises said processor programmed to push the authentication request message to a secondary authentication application at least partially installed on the mobile device, the authentication request message causing the mobile device to display a notification indicating that the authentication request message is received. ([0048])
As per claims 4, 15, Finch teaches:
said processor programmed to determine whether the authentication response message is valid or invalid. ([0053] – [0054])
As per claims 5, 16, Finch teaches:
said processor programmed to, upon determining that the authentication response message is valid, determine whether the cardholder authorized the payment transaction or declined the payment transaction. ([0053] – [0054])
As per claims 6, 17, Finch teaches:
said processor programmed to, upon determining that the cardholder authorized the payment transaction, release the hold on the payment transaction. ([0053] – [0054])
As per claim 8, Finch teaches:
wherein the authentication request message causes the mobile device to request authentication information from the cardholder, the authentication response message including the authentication information. ([0053] – [0054])
As per claim 9, Finch teaches:
wherein the authentication information includes one or more of a personal identification number and an alphanumeric password. ([0048])
As per claim 10, Finch teaches:
said processor programmed to compare the received authentication information in the authentication response message to cardholder authentication data. ([0053] – [0054])

Claims 7, 18 are rejected under 35 U.S.C. 103(a) as being unpatentable over United States Patent Application Publication No. 20170061441 to Kamal in view of United States Patent Application Publication No. 2017/0024719 to Finch and United States Patent Application Publication No. 2017/0364919 to Ranganath, and further in view of United States Patent Application Publication No. 2017/0186005 to Vaidya.
As per claims 7, 18, Kamal as modified does not explicitly teach, but Vaidya teaches:
said processor programmed to, upon determining that the authentication response message is invalid, populate a field of the payment authorization request message with a decline code; and transmit the payment authorization request message to an acquirer as a payment authorization response message; ([0080], If answers are determined to be invalid, the transaction message is modified to include a decline response code)
One of ordinary skill in the art would have recognized that applying the known technique of Vaidya to the known invention of Kamal as modified would have yielded predictable results and resulted in an improved invention. It would have been recognized that the application of the technique would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references applied shows the ability to incorporate such electronic payment features into a similar invention. Further, it would have been recognized by those of ordinary skill in the art that modifying the base invention upon determining that the authentication response message is invalid, populate a field of the payment authorization request message with a decline code results in an improved invention because applying said technique ensures that the acquirer is notified of the payment transaction not being executed.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
United States Patent Application Publication No. 2016/0117682 to Srinath discloses a method and system for facilitating payment. A user creates a user profile with a service provider, and the user profile is stored locally on a user device. When the user wants to make a payment from the user device, software running in the background of the device determines that a user profile is stored on the user device. If a user profile is detected, the software automatically presents the user with an option to make a payment with one or more funding sources. User credentials in the user profile are used to authenticate the user and authorize payment.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAY HUANG whose telephone number is (408)918-9799.  The examiner can normally be reached on 9:00a - 5:30p PT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Anita Coupe can be reached on (571) 270-3614.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JAY HUANG/Primary Examiner, Art Unit 3685