Acknowledgements
This communication is in response to applicant’s response filed on 05/18/2022.
Claims 1-19 have been cancelled. Claims 20, 28, 30, and 38 have been amended.
Claims 20-39 are pending and have been examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Regarding applicant’s arguments:	
Regarding applicant’s arguments under Claim Rejections - 35 USC § 103 that the combination of Jacobson (US 20030004876) in view of Soghoian (US 20090198617) in further view of Klein (US 20120036075) does not teach or suggest “determining, by the server computer, a first level of assurance required by at least one of the authentication computer or the server computer, based on the first level of assurance, selecting, by the server computer from among a plurality of authentication processes comprising a first authentication process and a second authentication process, the first authentication process”, and “based on the second level of assurance: determining, by the server computer, the first authentication process is unsuitable, and selecting, by the server computer, the second authentication process as satisfying the required authentication process, the second authentication process being slower than the first authentication process,” in amended claim 20, examiner respectfully argues applicant’s arguments are moot in light of the new grounds of rejections necessitated by the amendment to claim 20. Applicant makes similar arguments for claim 30, and examiner respectfully argues applicant’s arguments are moot for the same reasons listed above for claim 20.
Applicant argues dependent claims 21-29 and 31-39 are allowable based on their dependence upon allowable base claims, and examiner respectfully argues applicant’s arguments are moot in light of the amendments made to claims 20 and 30.

Priority
This application is a continuation application of US Application 14/452,984 filed on 08/06/2014. Applicant’s claim for the benefit of this prior-filed application is acknowledged. US Application 14/452,984 claims the benefit of US Provisional Application No. 61/862,937 filed on 08/06/2013. Applicant’s claim for the benefit of this prior-filed application is acknowledged.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 20-24, 26-28, 30-34, and 36-38 are rejected under 35 U.S.C. 103 as being unpatentable over Kushevsky (US 20130226792) in view of Groarke (US 20150039506).

Regarding Claims 20 and 30, Kushevsky teaches receiving, at a server computer and during a first transaction that uses a first account of a first user, a first personal identifier verification request message from an authentication computer, wherein the first personal identifier verification request message comprises a first personal identifier of the first user (Paragraphs 0071 and 0073 teach a “check out” user interface may present an option to pay using an e-wallet; the e-wallet identifier may include a login username and password for logging into an e-wallet account on coordination server; the coordination server may receive the request to conduct the e-commerce transaction directly from the purchaser device instead of from the merchant server; this may be possible, for example, in embodiments where the “shopping cart” and “check out” operations of the e-commerce store are executing directly on the purchaser device, and the “check out” operations on the purchaser device is configured to receive the e-wallet account identifier and/or mobile device identifier); in response to receiving the first personal identifier verification request message, determining, by the server computer, a first level of assurance required by at least one of the authentication computer or the server computer (Paragraph 0074 teaches the coordination server sends an activation message to a mobile device having an e-wallet storing a payment card comprising card payment information and a card security credential; the activation message may be addressed to the mobile device using the identifier earlier discussed (e.g., this may be an IP address or MAC address that is stored on an e-wallet database on the coordination server)), based on the first level of assurance, selecting, by the server computer from among a plurality of authentication processes comprising a first authentication process and a second authentication process, the first authentication process (Paragraph 0083-0084 and 0087 teach the mobile device receives a card selection input from a user indicating selection of a payment card for payment in the e-commerce transaction; the mobile device verifies a security input against the card security credential of the payment card; the secure element on the mobile device stores a payment card that includes a card security credential; it will be understood that other types of card security credentials may also be stored on the secure element, and verified by the e-wallet of the mobile device (e.g., some other form of shared secret besides a PIN, or biometric information such as a fingerprint scan, retina scan and/or facial recognition information of the owner of the payment card); depending on the type of card security credential, the e-wallet may be configured to provide a user interface for entering a security input that is appropriate for the card security credential); wherein the first authentication process comprises verifying that the received first personal identifier of the first user matches a stored first personal identifier of the first user, generating a first authentication indicator when the received first personal identifier of the first user matches the stored first personal identifier of the first user, and transmitting the generated first authentication indicator to the authentication computer (Paragraph 0089 teaches the mobile device sends the card payment information and confirmation that the card was present during the verifying for use in completing the e-commerce transaction; the e-wallet may be configured to send this information directly to the processing gateway for authorization; in alternate embodiments, the e-wallet may be configured to encrypt and send this data to merchant server, which, in turn, may relay it to the processing gateway for authorization), and the second authentication process comprises storing a second personal identifier of the first user in a database (Paragraphs 0097 and 0099 teach the secondary security credential may be independent and separate from the card security credential; the secondary security credential may be provided by the e-wallet application to provide supplementary or additional security; the e-wallet application may be configured to present a user interface that is capable of allowing a user to add, select and modify rules for when verification of the secondary security credential would be required; such ability to configure rules may be used by a purchaser who desires to add supplemental security when they deem the primary card security credential to be insufficient; for example, the owner of the e-wallet may add a rule that specifies that for amounts less than or greater than some trigger amount (e.g., “$50”), a secondary security input is required to be inputted to be verified against the secondary security credential before the transaction can proceed), and performing, by the server computer, the first authentication process in response to determining, by the server computer, the first authentication process to perform from among the plurality of authentication processes (Paragraph 0090 teaches the authorization process may include the processing gateway further sending the payment card information and/or the confirmation of card presence to other processing platforms such as an acquiring institution, a payment card network and/or an issuing institution; if these processing platforms approve the authorization of the payment card for use in the e-commerce transaction, the processing gateway may then send a message to the merchant server to indicate that payment for the e-commerce transaction has been authorized; as such, the e-commerce transaction may be considered to be complete if the payment card is authorized for use in the e-commerce transaction by the processing gateway); receiving, at the server computer and during a second transaction that uses a second account of a second user, a second personal identifier verification request message from the authentication computer, wherein the second personal identifier verification request message comprises a second personal identifier of the second user (Paragraphs 0073 and 0107-0109 teach the coordination server may receive the request to conduct the e-commerce transaction directly from the purchaser device instead of from the merchant server; in embodiments where the “shopping cart” and “check out” operations of the e-commerce store are executing directly on the purchaser device, and the “check out” operations on the purchaser device is configured to receive the e-wallet account identifier and/or mobile device identifier; if an owner of the e-wallet selects to require a secondary security credential, the e-wallet may also be configured to provide a user interface (not shown) for allowing the user to set up the secondary security credential; for example, if the secondary security credential is a secondary PIN, the e-wallet may also be configured to provide a user interface for allowing the user to initialize what the PIN should be; it will be understood that such initialization may occur prior to the second security credential being available for use in verification during a transaction; after having initialized the second security credential and selected the rules for when it is required to be verified, the rules may be evaluated during payment for a transaction; returning to the flowchart in FIG. 2 which describes a series of steps for an example embodiment of processing payment for an e-commerce transaction, steps 230 and 235 describe the optional steps for embodiments which employ a secondary security credential (i.e., this is an example of a transaction in which a secondary security credential is necessary)); in response to receiving the second personal identifier verification request message, determining, by the server computer, a second level of assurance required by at least one of the authentication computer or the server computer, the second level of assurance being higher than the first level of assurance (Paragraphs 0102-0103 teach a rule may be one that includes a trigger amount that is used by the e-wallet for comparing against a transaction amount; for example, the e-wallet may assess whether an amount of a transaction (e.g., an e-commerce transaction as described above) is less than or greater than the trigger amount; if so, the secondary security credential may be required; another example rule may include the identification of a predetermined payment card that requires verification of the secondary security credential when it is selected for payment; if such rule is selected to be applied, the determining may include assessing whether the payment card selected for payment in the e-commerce transaction corresponds to the predetermined payment card identified in the rule; the owner of the e-wallet has applied the rule that indicates that the secondary PIN is required when “the ‘ABC Bank MasterCard®’ is selected for payment); based on the second level of assurance: determining, by the server computer, that the first authentication process is unsuitable, and selecting, by the server computer, the second authentication process as satisfying the required authentication process, the second authentication process being slower than the first authentication process (Paragraphs 0110-0112 teach the mobile device may optionally determine if a secondary security credential is required to be verified; this may involve evaluating the transaction (including the payment card selected for payment at FIG. 4) against the rules described above with respect to FIG. 7; this may involve evaluating the requested e-commerce transaction at the merchant “BEST MART” against the rules that the owner of the e-wallet has selected for determining whether a secondary security credential is required to be verified; in the illustrated embodiment of FIG. 7, two rules were selected; as such, to determine whether a secondary PIN needs to be entered for the e-commerce transaction at the “BEST MART” merchant, the e-wallet would determine whether the total transaction amount was less than $50, and whether the owner of the e-wallet had selected the “ABC Bank MasterCard®” card for payment; since the total amount payable in the e-commerce transaction  is greater than the “$50” indicated by the first rule, the first rule would not result in the secondary PIN being required; however, as the owner of the e-wallet had selected the “ABC Bank MasterCard®” card for payment in FIG. 4, the second rule would result in the secondary PIN being required to be verified; the mobile device may optionally verify the secondary security credential is required (i.e., requiring the second security credential makes the second authentication process slower than the first authentication process because the first authentication process only requires the first security credential not both the first and second security credential)); and performing, by the server computer, the second authentication process in response to determining, by the server computer, the second authentication process to perform from among the plurality of authentication processes (Paragraphs 0112-0113 teach as with the card security credential discussed above, this may involve the e-wallet being configured to provide a user interface for entering a secondary security credential (e.g., a PIN, or biometric input such as a fingerprint scan, facial recognition information or retina scan); since the second user-selected rule triggered the secondary PIN to be required, the e-wallet may be configured to further present a user interface for entering a secondary PIN similar to the user interface shown in FIG. 5; if the secondary security credential is verified, the mobile device may proceed with other acts of authorization, as, for example, discussed above).
However, Kushevsky does not explicitly teach the second authentication process comprises storing a second personal identifier of the first user in a database, generating a second authentication indicator, forwarding the second authentication indicator to the authentication computer, which then transmits the second authentication indicator and a first primary account identifier to a service provider computer, receiving a first authorization request message comprising the first primary account identifier Page 2 of 22and the second authentication indicator from the service provider computer, retrieving the second personal identifier of the first user from the database, modifying the first authorization request message to include the second personal identifier of the first user, and transmitting the first authorization request message to a first issuer computer which receives the second personal identifier of the first user, where the first issuer computer verifies that the received second personal identifier of the first user is authentic.
Groarke from same or similar field of endeavor teaches the second authentication process comprises storing a second personal identifier of the first user in a database, generating a second authentication indicator, forwarding the second authentication indicator to the authentication computer, which then transmits the second authentication indicator and a first primary account identifier to a service provider computer, receiving a first authorization request message comprising the first primary account identifier Page 2 of 22and the second authentication indicator from the service provider computer, retrieving the second personal identifier of the first user from the database (Paragraphs 0026-0029 teach upon receipt of the VEReq, the access control server (ACS) verifies whether the cardholder's payment card account is enrolled in a 3-D Secure service; the Directory Service server computer then forwards the positive VERes with the ACS address to the merchant server computer; the merchant server then generates a payer authentication request (“PAReq”) message to authenticate the consumer (payer) for that particular online purchase and transmits the PAReq message directly to the ACS for cardholder authentication; if the ACS successfully authenticates the cardholder, the ACS then generates a positive payer authentication response (“PARes”) message which includes a universal cardholder authentication field (UCAF); the positive PARes message is transmitted to the merchant server; when the merchant server receives the positive PARes message, it generates and then transmits a purchase transaction authorization request to an acquirer FI computer; the acquirer FI computer then forwards the purchase transaction authorization request to a payment network; the payment network receives the purchase transaction authorization request, and utilizing the merchant ID and/or the acquirer ID, recognizes that the purchase transaction authorization request may be eligible for 3-D Secure OBO merchants authentication service processing; in such cases, the payment system network transmits the purchase transaction authorization request to the 3-D Secure OBO merchant service computer; the 3-D Secure OBO merchant service computer then compares data in the purchase transaction authorization request with the information stored in the secure database to determine if 3-D Secure OBO merchants processing occurred), modifying the first authorization request message to include the second personal identifier of the first user, and transmitting the first authorization request message to a first issuer computer which receives the second personal identifier of the first user, where the first issuer computer verifies that the received second personal identifier of the first user is authentic (Paragraph 0031 teaches if a match occurs between the PARes information stored in the database and the data contained in the purchase transaction authorization request then the 3-D Secure OBO merchant service computer injects the UCAF into the purchase transaction authorization request to create an updated purchase transaction authorization request; the 3-D Secure OBO merchant service computer then transmits the updated purchase transaction authorization request to the payment network; the payment network then forwards that updated purchase transaction authorization request to the issuer FI computer for authorization processing as a 3-D Secure transaction; in this case, the issuer FI recognizes that the cardholder has been authenticated using a 3-D Secure authorization protocol, and proceeds to process the updated purchase transaction authorization request accordingly; the issuer FI therefore determines whether or not the consumer's payment card account is in good standing and/or whether the cardholder can or cannot afford to pay for the purchase transaction; if all is in order, the issuer FI transmits a positive purchase transaction authorization or “transaction approved” response to the payment network which is then routed or transmitted through to the acquirer FI; the acquirer FI transmits the transaction approved message to the merchant server).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kushevsky, which teaches determining whether to use a first authentication process or second authentication process during a transaction, to incorporate the teachings of Groarke for the second authentication process to comprise storing a second personal identifier of the first user in a database, generating a second authentication indicator, forwarding the second authentication indicator to the authentication computer, which then transmits the second authentication indicator and a first primary account identifier to a service provider computer, receiving a first authorization request message comprising the first primary account identifier Page 2 of 22and the second authentication indicator from the service provider computer, retrieving the second personal identifier of the first user from the database, modifying the first authorization request message to include the second personal identifier of the first user, and transmitting the first authorization request message to a first issuer computer which receives the second personal identifier of the first user, where the first issuer computer verifies that the received second personal identifier of the first user is authentic.
There is motivation to combine Groarke into Kushevsky because the described 3-D Secure OBO merchants authentication process is agnostic with regard to issuer FIs. In addition, the 3-D Secure OBO merchants service benefits merchants and/or acquirer FIs because, after a cardholder is authenticated and the purchase transaction is authorized, liability for that purchase transaction shifts to the issuer FI regarding any fraud charges and any related chargebacks that may occur (Groarke Paragraph 0031).
Regarding Claim 20, Kushevsky teaches a method (Paragraph 0067 teaches FIG. 2 illustrates a flowchart diagram showing the steps of processing payment during an e-commerce transaction, in accordance with an embodiment of the present disclosure; to illustrate the steps of the method, reference will be made simultaneously to FIGS. 3, 4, 5 and 6 which illustrate various example screenshots of a merchant website on merchant server or an e-wallet on mobile device for an example scenario in which a purchaser visits an e-commerce merchant named “BEST MART” to purchase various electronics items).
Regarding Claim 30, Kushevsky teaches a server computer comprising a processor, and a computer readable medium coupled to the processor, the computer readable medium comprising code, for causing the processor to implement a method (Paragraphs 0041 and 0058 teach the system, processes and methods of the described embodiments are capable of being distributed in a computer program product comprising a computer readable medium that bears computer usable instructions for one or more processors; the computer useable instructions may also be in various forms, including compiled and non-compiled code; the coordination server includes an e-wallet database that stores account information for individuals that desire to pay using an e-wallet; for example, such information may include a login username and/or password for an e-wallet account in the e-wallet database stored on the coordination server that corresponds to the e-wallet; such wallet information may also include information relating to methods of accessing the mobile device).

Regarding Claims 21 and 31, the combination of Kushevsky and Groarke teaches all the limitations of claims 20 and 30 above; and Kushevsky further teaches wherein the first personal identifier of the first user is encrypted and is an encrypted PIN (Paragraphs 0084-0085 teach an example of a security credential may be an encrypted PIN that is stored on the secure element; this may be the same PIN that is encrypted on an integrated circuit (IC) card such as that which has been standardized by existing payment card providers Europay, MasterCard®, and Visa® (collectively known as EMV cards); the storing of the payment card on the secure element, allows the mobile device to be an actual payment card itself such that when a purchaser verifies a security input against the security credential, the presence of the payment card and/or the cardholder may be verified; when verifying the security credential, the e-wallet may be configured to determine whether the inputted PIN matches the encrypted PIN stored on the secure element of the mobile device).

Regarding Claims 22 and 32, the combination of Kushevsky and Groarke teaches all the limitations of claims 20 and 30 above; and Kushevsky further teaches wherein the server computer is in a payment processing network (Paragraph 0043 teaches FIG. 1, therein illustrated is a block diagram illustrating a system for processing payment during an e-commerce” transaction, referred to generally as 100; the system may include a purchaser device 110, a mobile device 112, a coordination server 120, a merchant server 130, and a processing gateway 140, each including a network interface (not shown) for connecting to a network).

Regarding Claims 23 and 33, the combination of Kushevsky and Groarke teaches all the limitations of claims 1, 11, and 21 above; however, the combination does not explicitly teach wherein the method further comprises: receiving a first authorization response message from the first issuer computer; and transmitting the first authorization response message to the service provider computer.
Groarke further teaches wherein the method further comprises: receiving a first authorization response message from the first issuer computer (Paragraph 0031 teaches if all is in order, the issuer FI transmits a positive purchase transaction authorization or “transaction approved” response to the payment network which is then routed or transmitted through to the acquirer FI); and transmitting the first authorization response message to the service provider computer (Paragraph 0031 teaches the acquirer FI transmits the transaction approved message to the merchant server, which transmits a message to the consumer device; the transaction approved message may appear, for example, on a display screen of the consumer's device and may be worded: “Thank you for your purchase”). 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Kushevsky and Groarke to further incorporate the further teachings of Groarke for the method to further comprise: receiving a first authorization response message from the first issuer computer; and transmitting the first authorization response message to the service provider computer.
There is motivation to further combine Groarke into the combination of Kushevsky and Groarke because of the same reasons listed above for claims 20 and 30.

Regarding Claims 24 and 34, the combination of Kushevsky and Groarke teaches all the limitations of claims 20 and 30 above; and Kushevsky further teaches wherein determining, by the server computer, the first authentication process to perform comprises analyzing issuer data and payment network data associated with the first personal identifier verification request message (Paragraph 0082-0084 teach FIG. 4 illustrates an example screenshot illustrating a payment card selection screen of an e-wallet on a mobile device; such example screenshot may be presented in the e-wallet application after the activation message is received at the mobile device; the e-wallet application may present the purchaser with a list of payment cards that are stored on the e-wallet that can be used to pay for the e-commerce transaction; the mobile device receives a card selection input from a user indicating selection of a payment card for payment in the e-commerce transaction; the purchaser may select their “ABC Bank Mastercard®;” the mobile device verifies a security input against the card security credential of the payment card; the secure element on the mobile device stores a payment card that includes a card security credential; this allows the e-wallet to receive a security input for the purpose of verifying against the card security credential; a PIN is encrypted on an integrated circuit (IC) card such as that which has been standardized by existing payment card providers Europay, MasterCard®, and Visa® (collectively known as EMV cards); the storing of the payment card on the secure element, in effect, allows the mobile device to be an actual payment card itself such that when a purchaser verifies a security input against the security credential, the presence of the payment card and/or the cardholder may be verified).

Regarding Claims 26 and 36, the combination of Kushevsky and Groarke teaches all the limitations of claims 20 and 30 above; and Kushevsky further teaches prior to receiving the second personal identifier verification request message: receiving, at the authentication computer, the second personal identifier of the second user from a consumer device, after the second user interacts with the service provider computer (Paragraphs 0110-0112 teach the mobile device may optionally determine if a secondary security credential (e.g., a PIN, or biometric input such as a fingerprint scan, facial recognition information or retina scan) is required to be verified; this may involve evaluating the transaction (including the payment card selected for payment at FIG. 4) against the rules described above with respect to FIG. 7; this may involve evaluating the requested e-commerce transaction at the merchant “BEST MART” against the rules that the owner of the e-wallet has selected for determining whether a secondary security credential is required to be verified; in the illustrated embodiment of FIG. 7, two rules were selected; as such, to determine whether a secondary PIN needs to be entered for the e-commerce transaction at the “BEST MART” merchant, the e-wallet would determine whether the total transaction amount was less than $50 (the first rule), and whether the owner of the e-wallet had selected the “ABC Bank MasterCard®” card for payment (the second rule); since the total amount payable is $625 in the e-commerce transaction, the first rule would not result in the secondary PIN being required; however, as the owner of the e-wallet had selected the “ABC Bank MasterCard®” card for payment in FIG. 4, the second rule would result in the secondary PIN being required to be verified).

Regarding Claims 27 and 37, the combination of Kushevsky and Groarke teaches all the limitations of claims 20 and 30 above; and Kushevsky further teaches wherein the service provider computer is a merchant computer, and the server computer is in a payment processing network (Paragraphs 0050 and 0060 teach a merchant server may be any suitable computing device that is capable of hosting an e-commerce store that allows purchasers to view and select items for purchase; the merchant server may include a network interface for connecting to the network, for example, to communicate with coordination server, processing gateway, purchasing device, and/or mobile device; although illustrated as separate servers, in various embodiments, the coordination server may be incorporated into the merchant server such that functionality of the coordination server resides on the same computing device as the merchant server).

Regarding Claims 28 and 38, the combination of Kushevsky and Groarke teaches all the limitations of claims 20 and 30 above; and Kushevsky further teaches wherein the first personal identifier of the first user, and the second personal identifier of the second user is each a biometric identifier (Paragraphs 0087 and 0098 teach it will be understood that other types of card security credentials may also be stored on the secure element, and verified by the e-wallet of the mobile device; for example, additional security credentials may include biometric information such as a fingerprint scan, retina scan and/or facial recognition information of the owner of the payment card; depending on the type of card security credential, the e-wallet may be configured to provide a user interface for entering a security input that is appropriate for the card security credential; the secondary card security credential may be any type of security credential that a security input received by the mobile device can be verified against; for example, this may be a biometric credential (e.g., facial recognition information, retina scan and/or fingerprint)).

Claims 25, 29, 35, and 39 are rejected under 35 U.S.C. 103 as being unpatentable over Kushevsky (US 20130226792) in view of Groarke (US 20150039506) in further view of Bacastow (US 20140025580).

Regarding Claims 25 and 35, the combination of Kushevsky and Groarke teaches all the limitations of claims 20 and 30 above; however, the combination does not explicitly teach wherein the first personal identifier verification request message is an ISO 8583 message including a PAN, transaction amount, and CVV.
Bacastow from same or similar field of endeavor teaches wherein the first personal identifier verification request message is an ISO 8583 message including a PAN, transaction amount, and CVV (Paragraphs 0062-0064 teach (ii) Cardholder then enters the required Cardholder Data such as: name, card number, expiration date, and cvv2 field into the Merchant Shopping Cart; the Merchant Shopping Cart formats a Payment Transaction and forwards the transaction to the Gateway or Acquirer; the Gateway or Acquirer acquires the transaction performs normal fraud and security checks including common eCommerce validations such as velocity checking (e.g. tracks the volume of payment transactions received from an IP address or payment card to detect possible fraud) and routes the ISO 8583 transaction to the SPDS)).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Kushevsky and Groarke to incorporate the teachings of Bacastow for the first personal identifier verification request message to be an ISO 8583 message including a PAN, transaction amount, and CVV.
There is motivation to combine Bacastow into the combination of Kushevsky and Groarke because this method enables the broad use of the PIN-Debit payment method for eCommerce and Mobile Wallet sales without requiring the cardholder to purchase or install special software or hardware on their PC, without requiring the merchant to make extensive changes to their eCommerce sites and without requiring the payment gateways, Debit Networks, card issuers or other stakeholders to make significant changes to their transaction authorization and settlement processes. The present invention also allows the participants to share a common infrastructure provided by the Secure PIN Debit Service (SPDS) for processing eCommerce and Mobile Wallet transactions while providing a basis for competitive differentiation (Bacastow Paragraph 0052).

Regarding Claims 29 and 39, the combination of Kushevsky and Groarke teaches all the limitations of claims 20 and 30 above; however, the combination does not explicitly teach wherein the first personal identifier verification request message includes a transaction amount from a point of sale terminal and passes through an acquirer computer.
Groarke further teaches wherein the first personal identifier verification request message includes a transaction amount from a point of sale terminal and passes through an acquirer computer (Paragraphs 0027 and 0029 teach the positive PARes message includes fields the transaction amount; when the merchant server receives the positive PARes message, it generates and then transmits a purchase transaction authorization request to an acquirer FI computer).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Kushevsky and Groarke to further incorporate the teachings of Groarke for the first personal identifier verification request message to include a transaction amount from a point of sale terminal and pass through an acquirer computer.
There is motivation to further combine Groarke into the combination of Kushevsky and Groarke because of the same reasons listed above for claims 20 and 30.
However, the combination does not explicitly teach wherein the first personal identifier verification request message is an ISO 8583 message including a PAN, and CVV originating from a point of sale terminal and passes through an acquirer computer.
Bacastow from same or similar field of endeavor teaches wherein the first personal identifier verification request message is an ISO 8583 message including a PAN, and CVV originating from a point of sale terminal and passes through an acquirer computer (Paragraphs 0062-0064 teach (ii) Cardholder then enters the required Cardholder Data such as: name, card number, expiration date, and cvv2 field into the Merchant Shopping Cart; the Merchant Shopping Cart formats a Payment Transaction and forwards the transaction to the Gateway or Acquirer; the Gateway or Acquirer acquires the transaction performs normal fraud and security checks including common eCommerce validations such as velocity checking (e.g. tracks the volume of payment transactions received from an IP address or payment card to detect possible fraud) and routes the ISO 8583 transaction to the SPDS)).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Kushevsky and Groarke to incorporate the teachings of Bacastow for the first personal identifier verification request message to be an ISO 8583 message including a PAN, and CVV originating from a point of sale terminal and pass through an acquirer computer.
There is motivation to combine Bacastow into the combination of Kushevsky and Groarke because of the same reasons listed above for claims 25 and 35.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Royyuru et al. (US 20130198081) teaches systems and methods related to facilitating card present transaction. In one embodiment, a service provider system may receive a request from a merchant to initiate a card present transaction associated with a consumer. The service provider system may determine an identifier associated with a mobile device associated with the consumer. The service provider system may communicate to the mobile device, based at least in part on the identifier, a message that facilitates invocation of a transaction module associated with the mobile device. The service provider system may facilitate the car present transaction based at least in part on an interaction with the transaction module.
Phillips (US 20140250018) teaches a method of authorizing a transaction process, whereby a communication between a payment device and a payment processing network is established. Subsequently a transaction is initialized at the payment device, the input of a first User Identification Metric (UIM) is requested, the input of a second UIM is requested, the first and second UIMs are verified and the transaction process proceeds if both UIMs are verified.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to COURTNEY JONES whose telephone number is (469)295-9137.  The examiner can normally be reached on 7:30 am - 5:00 pm CST (M-F).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached at (571) 270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/C.P.J./Examiner, Art Unit 3685    

/NEHA PATEL/Supervisory Patent Examiner, Art Unit 3685