METHODS AND SYSTEMS FOR AUTHENTICATING USERS FOR AUTHORIZATION RULE RELAXATION

§101 §103 §112 §DP

DETAILED ACTION This is a Non-final office action on the merits. The U.S. Patent and Trademark Office (the Office) has received claims 1-20 in application number 18/801,137. Claims 1-20 are pending and have been examined on the merits. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Rejections - 35 USC § 112a The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claims contain subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Claim 8 (and similarly Claims 1 and 15) recite the phrase “(cause a message to be displayed on a user device requesting a retry of the first transaction); in response to receiving an acknowledgement from the user device to retry the first transaction, (request additional authentication data from a user to authenticate the user as the accountholder)”. Applicant does not appear to use the term “acknowledgement” or any equivalent term in their specification in the context of a communication from the user’s cell phone to the authentication server and, further, does not appear to teach nor imply that the authentication server’s sending of a request for additional authentication information to the user device is contingent on the authentication computer’s prior receipt of a response from the user device (i.e. does not teach “in response to”). Applicant states in their specification at ([0091-0092] “Accountholder computing device receives 724 a decline message as well. In one embodiment, the decline message includes details for the accountholder regarding the reason for the decline… In addition to the decline message, authentication computing device 706 transmits, to accountholder computing device 702, an additional authentication data request message, requesting the accountholder to provide additional authentication data in order to reattempt the transaction with authorization rules being relaxed at the issuer. The accountholder re-initiates the transaction at 726, this time also providing additional authentication data to authentication computing device 706”). While Applicant’s [0091-0092] teaches that the authentication server can send two messages to the user’s device (cellphone), Applicant does not teach nor imply that there is any intervening response or “acknowledgement” by the user between the two messages sent or required by the authentication server. Further, Applicant discloses in this same section that the user device only makes one “response” to the authentication server (by providing additional authentication data) in addition to re-initiating the transaction at the point of sale. Examiner further notes that Applicant provides an example of both messages from the authentication server to the user device in single message in [0102] “The additional authentication data request message is configured to display a message on accountholder computing device 802 such as “Sorry, your transaction will be declined due to authorization failure. Would you like to provide additional authentication data to complete the transaction? Y/N”. As discussed in the 35 USC 103 rejection, infra, based on Applicant’s specification and also Figure 7, Examiner holds that the broadest reasonable interpretation (BRI) of Applicant’s currently claimed “(cause a message to be displayed on a user device requesting a retry of the first transaction); in response to receiving an acknowledgement from the user device to retry the first transaction, (request additional authentication data from a user to authenticate the user as the accountholder)” in view of Applicant’s specification is that there is communication from the authentication server to the user device requesting a retry of the transaction and requesting additional authentication data. Dependent Claims 2-7, 9-14 and 16-20 are rejected for being dependent on a rejected claim. Therefore, Claims 1-20 are rejected under 35 USC 112a for new matter. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Claims 1, 8 and 15 are rejected on the ground of non-statutory double patenting as being unpatentable over claim 8 (and similarly Claims 1 and 15) of U.S. Patent No. 12,062,046 in view of Claim 14 (and similarly Claim 7) of U.S. Patent No. 12,062,046. Although the claims at issue are not identical, they are not patentably distinct from each other because it would be obvious to a person of ordinary skill in the art before the effective date of the claimed invention to display information on the display of a user cell phone with predictable results when a computer is communicating with user through the user’s cell phone. Claims 2, 9 and 16 are rejected on the ground of non-statutory double patenting as being unpatentable over claim 8 (and similarly Claims 1 and 15) of U.S. Patent No. 12,062,046 and, by virtue of their dependency on Claims 1,8 and 15, are also rejected over claim 8 (and similarly Claims 1 and 15) of U.S. Patent No. 12,062,046 in view of Claim 14 (and similarly Claim 7) of U.S. Patent No. 12,062,046. Although the claims at issue are not identical, they are not patentably distinct from each other because it would be obvious to a person of ordinary skill in the art before the effective date of the claimed invention to display information on the display of a user cell phone with predictable results when a computer is communicating with user through the user’s cell phone. Claims 3 and 10 are rejected on the ground of non-statutory double patenting as being unpatentable over claim 8 (and similarly Claims 1 and 15) of U.S. Patent No. 12,062,046 and, by virtue of their dependency on Claims 1,8 and 15, are also rejected over claim 8 (and similarly Claims 1 and 15) of U.S. Patent No. 12,062,046 in view of Claim 14 (and similarly Claim 7) of U.S. Patent No. 12,062,046. Although the claims at issue are not identical, they are not patentably distinct from each other because it would be obvious to a person of ordinary skill in the art before the effective date of the claimed invention to display information on the display of a user cell phone with predictable results when a computer is communicating with user through the user’s cell phone. Claims 4, 11 and 17 are rejected on the ground of non-statutory double patenting as being unpatentable over claim 8 (and similarly Claims 1 and 15) of U.S. Patent No. 12,062,046 in view of Claim 12 (and similarly Claims 5 and 18) of U.S. Patent No. 12,062,046. Although the claims at issue are not identical, they are not patentably distinct from each other because it would be obvious to a person of ordinary skill in the art before the effective date of the claimed invention to communicate the result of the process (the approval of the transaction) to all interested parties with predictable results. Claims 4, 11 and 17 are also rejected, by virtue of their dependency on Claims 1, 8 and 15, are rejected over claim 8 (and similarly Claims 1 and 15) of U.S. Patent No. 12,062,046 in view of Claim 14 (and similarly Claim 7) of U.S. Patent No. 12,062,046. Although the claims at issue are not identical, they are not patentably distinct from each other because it would be obvious to a person of ordinary skill in the art before the effective date of the claimed invention to display information on the display of a user cell phone with predictable results when a computer is communicating with user through the user’s cell phone. Claims 5, 12 and 18 are rejected on the ground of non-statutory double patenting as being unpatentable over claim 8 (and similarly Claims 1 and 15) of U.S. Patent No. 12,062,046 and, by virtue of their dependency on Claims 1,8 and 15, are also rejected over claim 8 (and similarly Claims 1 and 15) of U.S. Patent No. 12,062,046 in view of Claim 14 (and similarly Claim 7) of U.S. Patent No. 12,062,046. Although the claims at issue are not identical, they are not patentably distinct from each other because it would be obvious to a person of ordinary skill in the art before the effective date of the claimed invention to display information on the display of a user cell phone with predictable results when a computer is communicating with user through the user’s cell phone. Claims 6, 13 and 19 are rejected on the ground of non-statutory double patenting as being unpatentable over claim 8 (and similarly Claims 1 and 15) of U.S. Patent No. 12,062,046 and, by virtue of their dependency on Claims 1,8 and 15, are also rejected over claim 8 (and similarly Claims 1 and 15) of U.S. Patent No. 12,062,046 in view of Claim 14 (and similarly Claim 7) of U.S. Patent No. 12,062,046. Although the claims at issue are not identical, they are not patentably distinct from each other because it would be obvious to a person of ordinary skill in the art before the effective date of the claimed invention to display information on the display of a user cell phone with predictable results when a computer is communicating with user through the user’s cell phone. Claims 7, 14 and 20 are rejected on the ground of non-statutory double patenting as being unpatentable over Claim 12 (and similarly Claims 5 and 18) of U.S. Patent No. 12,062,046. Although the claims at issue are not identical, they are not patentably distinct from each other because it would be obvious to a person of ordinary skill in the art before the effective date of the claimed invention to communicate the result of the process (the approval of the transaction) to all interested parties with predictable results. Claims 7, 14 and 20 are also rejected, by virtue of their dependency on Claims 1, 8 and 15, are rejected over claim 8 (and similarly Claims 1 and 15) of U.S. Patent No. 12,062,046 in view of Claim 14 (and similarly Claim 7) of U.S. Patent No. 12,062,046. Although the claims at issue are not identical, they are not patentably distinct from each other because it would be obvious to a person of ordinary skill in the art before the effective date of the claimed invention to display information on the display of a user cell phone with predictable results when a computer is communicating with user through the user’s cell phone. Claims 1-20 are thus rejected on the ground of non-statutory double patenting. Following is an equivalency chart: 18801137 US Patent 12,062,046 8 (and similarly 1 and 15) A computer system for relaxing authorization rules applied to a transaction initiated by an accountholder with a merchant, the computer system comprising: 8 (and similarly 1 and 15) A system for authenticating an accountholder for relaxing authorization rules applied to a payment transaction conducted by the accountholder with a merchant, the system comprising: 8 (and similarly 1 and 15) a memory; 8 (and similarly 1 and 15) a memory device configured to store authentication data; 8 (and similarly 1 and 15) and a server system comprising at least one processor in communication with the memory and a payment processing network, 8 (and similarly 1 and 15) and a server system of a payment interchange network, the server system including at least one processor in communication with the memory device configured to route messages over a transaction message channel between a merchant computing device associated with the merchant and an issuer computing device, 8 (and similarly 1 and 15) the at least one processor configured to: detect a decline message processed over the payment processing network, 8 (and similarly 1 and 15) and further configured to: detect, on the transaction message channel, a decline message from the issuer computing device, 8 (and similarly 1 and 15) wherein the decline message indicates that a first transaction initiated by the accountholder was declined for failure to satisfy at least one authorization rule; 8 (and similarly 1 and 15) wherein the decline message indicates that a first payment transaction initiated by the accountholder was declined by an issuer associated with the issuer computing device, wherein the decline message includes a reason code for the decline, and wherein the issuer issued an account to the accountholder; determining from the reason code that the decline resulted from a failure to satisfy one of a plurality of authorization rules; 8 (and similarly 1 and 15) cause a message to be displayed on a user device (requesting a retry of the first transaction); 14 (and similarly 7) cause the authorization rules relaxation message to be displayed on the accountholder computing device 8 (and similarly 1 and 15) (cause a message to be displayed on a user device) requesting a retry of the first transaction; in response to receiving an acknowledgement from the user device to retry the first transaction, request additional authentication data from a user to authenticate the user as the accountholder; ***note 1*** 8 (and similarly 1 and 15) transmitting, via an authentication message channel, upon detecting the decline message, an authorization rules relaxation message to an accountholder computing device operated by the accountholder, wherein the authentication message channel is separate from the transaction message channel, and wherein the authorization rules relaxation message prompts the accountholder to request authorization rules relaxation; 8 (and similarly 1 and 15) authenticate the user as the accountholder based on the additional authentication data; 8 (and similarly 1 and 15) receiving, via the authentication message channel, from the accountholder computing device, an authorization rules relaxation response message; authenticating the authorization rules relaxation response message as originating from the accountholder; 8 (and similarly 1 and 15) generate a new authorization message that includes a rules relaxation identifier for retrying the first transaction, wherein the rules relaxation identifier is configured to request that the authorization rules be relaxed for the retried first transaction in response to the additional authentication data being verified; 8 (and similarly 1 and 15) enhance, in response to the authentication of the authorization rules relaxation response message being successful, the authorization request message by inserting a rules relaxation identifier into the authorization request message, wherein the rules relaxation identifier is configured to inform the issuer computing device that the accountholder has requested, and satisfied at least one requirement for, the authorization rules relaxation; 8 (and similarly 1 and 15) and receive an approval message for the retried first transaction, the approval message denoting relaxation of one or more of the authorization rules and acceptance of the retried first transaction by an issuer associated with the accountholder. 8 (and similarly 1 and 15) and receive, via the transaction message channel in response to the enhanced authorization request message, an approval message from the issuer computing device, the approval message denoting relaxation of one or more authorization rules and acceptance of the second payment transaction by the issuer 9 (and similarly 2 and 16) The computer system of claim 8, wherein the first transaction initiated by the accountholder was initially declined by the issuer, wherein the decline message includes a reason code for the decline, and wherein the issuer issued an account to the accountholder. 8 (and similarly 1 and 15) wherein the decline message includes a reason code for the decline, and wherein the issuer issued an account to the accountholder; 10 (and similarly 3) The computer system of claim 9, wherein the at least one processor is further configured to determine, based on the reason code, that the decline resulted from the failure to satisfy the at least one authorization rule. 8 (and similarly 1 and 15) determine from the reason code (that the decline resulted from a failure to satisfy one of a plurality of authorization rules); 11 (and similarly 4 and 17) The computer system of claim 8, wherein the user device comprises one of a point-of-sale (POS) device operated by the merchant or a user computing device of the user, 12 (and similarly 5 and 18) transmit the approval message to the accountholder computing device; and transmit the approval message to a point-of-sale (POS) device operated by the merchant 11 (and similarly 4 and 17) and wherein the acknowledgement from the user device to retry the first transaction includes an approval to relax the authorization rules. 8 (and similarly 1 and 15) wherein the authorization rules relaxation message prompts the accountholder to request authorization rules relaxation; receive, via the authentication message channel, from the accountholder computing device, an authorization rules relaxation response message... inform the issuer computing device that the accountholder has requested, and satisfied at least one requirement for, the authorization rules relaxation 12 (and similarly 5 and 18) The computer system of claim 8, wherein the rules relaxation identifier is further configured to inform the issuer that the accountholder has requested and satisfied at least one requirement for the authorization rules. 8 (and similarly 1 and 15) wherein the rules relaxation identifier is configured to inform the issuer computing device that the accountholder has requested, and satisfied at least one requirement for, the authorization rules relaxation; 13 (and similarly 6 and 19) The computer system of claim 8, wherein the at least one processor is further configured to: transmit the new message to an issuer computing device associated with the issuer; and cause the issuer computing device to modify one or more transaction decline systems, wherein modifying the one or more transaction decline systems comprises relaxing one or more of the authorization rules that prompted the decline of the first transaction 8 (and similarly 1 and 15) transmit, via the transaction message channel, the enhanced authorization request message to the issuer computing device, causing the issuer computing device to modify one or more transaction decline systems, wherein the modifying of the one or more transaction decline systems includes relaxing the authorization rule that prompted the decline of the first payment transaction; 14 (and similarly 7 and 20) The computer system of claim 8, wherein the at least one processor is further configured to: transmit the approval message to the user device; and transmit the approval message to a point-of-sale (POS) device operated by the merchant 12 (and similarly 5 and 18) transmit the approval message to the accountholder computing device; and transmit the approval message to a point-of-sale (POS) device operated by the merchant ***note 1***: see the 35 USC 112a rejection. Examiner is interpreting Applicant’s claimed “message” and “request” to be equivalent to the term “an authorization rules relaxation message” in US Patent 12,062,046 since Applicant’s specification describes these communications as being two messages in [0091-0092] and one message in [0102]. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Examiner is using the “step” annotation from the flowchart of MPEP 2106 (III), and MPEP 2106.04 and MPEP 2106.05 for clarity. Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Step 1: Independent Claim 1 and dependent Claims 2-7 recite a method (process), independent Claim 8 and dependent claims 9-14 recite a system (machine) and independent Claim 15 and dependent claims 16-20 recite a medium (manufacture), thereby each claim falls into one of the four statutory categories of invention. Step 2A, prong 1: Independent Claim 8 is used as exemplary but Independent Claims 1 and 15 are similar. A computer system for relaxing authorization rules applied to a transaction initiated by an accountholder with a merchant, the computer system comprising: a memory; and a server system comprising at least one processor in communication with the memory and a payment processing network, the at least one processor configured to: detect a decline message processed over the payment processing network, wherein the decline message indicates that a first transaction initiated by the accountholder was declined for failure to satisfy at least one authorization rule; cause a message to be displayed on a user device requesting a retry of the first transaction; in response to receiving an acknowledgement from the user device to retry the first transaction, request additional authentication data from a user to authenticate the user as the accountholder; authenticate the user as the accountholder based on the additional authentication data; generate a new authorization message that includes a rules relaxation identifier for retrying the first transaction, wherein the rules relaxation identifier is configured to request that the authorization rules be relaxed for the retried first transaction in response to the additional authentication data being verified; and receive an approval message for the retried first transaction, the approval message denoting relaxation of one or more of the authorization rules and acceptance of the retried first transaction by an issuer associated with the accountholder. Examiner has bolded the elements that are part of the abstract idea. These elements recite acquiring information relating to a rejected payment by a customer during a transaction at a retail POS and performing a secondary user authentication by requesting and receiving additional identification information from the customer. These elements represent an abstract idea in the category of Certain Methods of Organizing Human Activity in the subcategory of Commercial or Legal interactions because it is a common commercial practice for a retailer/issuer/payment network to request secondary user authentication – this is similar to a cashier asking for a customer’s driver’s license with a credit card payment. Claims 1, 8 and 15 thus recite an abstract idea. Dependent Claims 2-7, 9-14 and 16-20 contain the same abstract idea by virtue of their dependency on Claims 1, 8 and 15, respectively. Accordingly Claims 1-20 recite an abstract idea. Step 2A, prong 2: In addition to the abstract idea discussed above, Claim 1 also recites the following additional elements: memory – Applicant describes memory in their specification at [0045] by listing various memory technologies and stating that they are examples and “are not limiting”. Applicant does not provide a detailed technical disclosure of any special features or technologies of memory thus the claimed memory is general purpose memory. a server system/processor – Applicant describes server system/processor in their specification at [0071] and [0073] by listing various server and processor technologies and examples. Applicant does not provide a detailed technical disclosure of any special features or technologies of servers or processors thus the claimed server system/processor are general purpose computer devices. payment processing network – Applicant describes payment processing network in their specification at [0076] and does not provide a detailed technical disclosure of any special features or technologies of a payment processing network thus the claimed payment processing network is a general purpose payment processing network. user device - Applicant does not disclose the term “user device” in their specification but in a related context describes a personal computing device / accountholder computing device in their specification and defines this in [0103] as a mobile phone device. Applicant does not provide a detailed technical disclosure of any special features or technologies of a user device thus the claimed user device is a general purpose cell phone. point of sale device - Claims 4, 7, 11, 14, 17 and 20 also recite the additional element point of sale device. This element is described in Applicant’s specification in at least [0061] with no detailed technical disclosure of any special features or technologies of a point of sale device, thus the claimed point of sale device is a general purpose point of sale device. issuer computing device – Claims 6, 13 and 19 also recite the additional element of issuer computing device. This element is described in Applicant’s specification in at least [0061] with no detailed technical disclosure of any special features or technologies of an issuer computing device, thus the claimed issuer computing device is a general purpose issuer computing device. MPEP 2106.05(f)(2) states “Use of a computer or other machinery in its ordinary capacity for economic or other tasks (e.g., to receive, store, or transmit data) or simply adding a general purpose computer or computer components after the fact to an abstract idea (e.g., a fundamental economic practice or mathematical equation) does not integrate a judicial exception into a practical application”. As discussed, the additional elements memory, server system/processor, payment processing network, user device, point of sale device and issuer computing device are broadly claimed and used in their ordinary capacity with no detailed technical disclosure of any special features or technologies and, thus, they do not integrate the abstract idea into a practical application. The claims as a whole do not integrate the abstract idea into a practical application because they do not impose any meaningful limitations on practicing the abstract idea. Claims 1- 20 are therefore directed to an abstract idea. Step 2B: As discussed above, Applicant claims the abstract idea of acquiring information relating to a rejected payment by a customer during a transaction at a retail POS and performing a secondary user authentication by requesting and receiving additional identification information from the customer.. As discussed above, Applicant also recites the additional elements of: memory, server system/processor, payment processing network, user device, point of sale device and issuer computing device As discussed above with respect to Step 2A, the claimed memory, server system/processor, payment processing network, user device, point of sale device and issuer computing device are hardware or software constructs recited at a high level of generality and amount to no more than instructions to apply the exception using general purpose computer systems. MPEP 2106.05(f) states that merely adding a general purpose computer or computer components to an abstract idea does not amount to significantly more, thus memory, server system/processor, payment processing network, user device, point of sale device and issuer computing device are not significantly more. The additional elements alone or in combination do not improve the functioning of a computer or any other technology or technological field. The additional elements alone or in combination do not apply the judicial exception to a particular (non-general purpose) machine. The additional elements alone or in combination do not effect a transformation or reduction of a particular article to a different state or thing. Applicant does not claim or teach in their specification any special purpose hardware or improvements thereof. Therefore, the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. Dependent Claims 2, 9 and 16 contain the same abstract idea by virtue of their dependency on Claims 1, 8 and 15, respectively, and further limit the abstract idea by further limiting the content of a message. Dependent Claims 3 and 10 contain the same abstract idea by virtue of their dependency on Claims 1 and 8, respectively, and further limit the abstract idea by further describing data. Dependent Claims 4, 11 and 17 contain the same abstract idea by virtue of their dependency on Claims 1, 8 and 15, respectively, and further limit the abstract idea by further describing data. Dependent Claims 5, 12 and 18 contain the same abstract idea by virtue of their dependency on Claims 1, 8 and 15, respectively, and further limit the abstract idea by further describing data. Dependent Claims 6, 13 and 19 contain the same abstract idea by virtue of their dependency on Claims 1, 8 and 15, respectively, and further limit the abstract idea by further describing data. Dependent Claims 7, 14 and 20 contain the same abstract idea by virtue of their dependency on Claims 1, 8 and 15, respectively, and further limit the abstract idea by further limiting the content of a message. Claims 1-20 are not patent eligible. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1-6, 8-13 and 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent 8,401,904 (Simakov) in view of U.S. Patent Publication 2012/0317025 (Wong). Regarding Claims 1, 8 and 15: Simakov teaches a system to authenticate a user at a point of sale by using a separate out-of-band authentication by sending an SMS to the user’s cell phone. Simakov teaches: (Claim 8 is used as exemplary) A computer system for relaxing authorization rules applied to a transaction initiated by an accountholder with a merchant, the computer system comprising: a memory; and a server system comprising at least one processor in communication with the memory and a payment processing network, the at least one processor configured to: ([Column 7, lines 33-35] "The payment system 160 includes a data storage unit 167 accessible by the processing module 163. The exemplary data storage unit 167 can include one or more tangible computer-readable storage devices”). detect a decline message processed over the payment processing network, ([Fig 8a, blocks 805 and 810] and [Column 17, lines 13-18] "the issuer 170 notifies the payment system 160 of the declined transaction via the card network 150, in block 805. In block 810, the payment system 160 receives the notification of the declined transaction from the issuer 170 via the card network l50"') wherein the decline message indicates that a first transaction initiated by the accountholder was declined for failure to satisfy at least one authorization rule; ([Fig 8a, block 815] and [Column 17, lines 19-24) "The payment system 160 determines the reason the transaction was declined" and [Fig 8a, block 820] and [Column 17, lines 25-28] "In block 820, the payment system 160 determines whether the transaction was declined because the transaction did not meet one or more user-defined or other user-overridable rules"). cause a message to be displayed on a user device requesting a retry of the first transaction; ([Fig 8a, block 825] and [Column 17, lines 31-39] "If the transaction does not meet the user-defined rules, the payment system 160 communicates a real- time override request to the user 101 in block 825. In an exemplary embodiment the override request is communicated to the user's mobile device 120. In an exemplary embodiment, the user 101 is prompted to override the user-defined rule using the user interface 123 of the mobile device 120. ln block 830, the user 101 responds to the override request using the user interface 123 of the mobile device 120" and [Column 17, lines 55-57] "If the user 101 authorizes the override, the mobile device 120 communicates the override authorization to the payment system 160, in block 840). and receive an approval message for the retried first transaction, the approval message denoting relaxation of one or more of the authorization rules and acceptance of the retried first transaction by an issuer associated with the accountholder. ([Fig 4b, blocks 455, 457 and 460] and [Column 16, lines 64-66] "the payment system sends a new payment request to each issuer (170a, 170b, etc.) via the card network 150, in block 455" and [Column 19, lines 3-8] "if the transaction is approved, the issuer 170 sends an authorization message to the payment system 160 via the card network 150, in block 460 "). Although Simakov teaches that the rules that can be relaxed by the user include fraud protection rules (see at least [Column 13, line 57 through Column 14, line 4]), Simakov does not specifically teach sending a request for additional authentication data in the side-channel communication. Simakov does not specifically teach: (in response to receiving an acknowledgement from the user device to retry the first transaction), request additional authentication data from a user to authenticate the user as the accountholder; As discussed in the 35 USC 112a rejection, supra, based on Applicant’s specification and also Figure 7, Examiner holds that the broadest reasonable interpretation (BRI) of Applicant’s currently claimed “in response to receiving an acknowledgement from the user device to retry the first transaction, request additional authentication data from a user to authenticate the user as the accountholder”, in view of Applicant’s specification, is that there is communication from the authentication server to the user device requesting additional authentication data. Wong, in a related field of art, teaches this: ([0019] “(the server computer) after receiving the indication that the user of the mobile communication device has entered the correct passcode into the mobile communication device, and determining that the transaction is in condition for authorization”). Wong also teaches: authenticate the user as the accountholder based on the additional authentication data; generate a new authorization message that includes a rules relaxation identifier for retrying the first transaction, wherein the rules relaxation identifier is configured to request that the authorization rules be relaxed for the retried first transaction in response to the additional authentication data being verified; ([0019] “the server computer can modify the authorization request message to include an indicator (e.g., the value "1") that indicates that the passcode has been correctly entered. This modified authorization request message can then be forwarded to the issuer for approval”). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to supplement the fraud detection rules override function taught by Simakov, by also sending a request for additional authentication data to the user’s cell phone, as taught by Wong, with the predictable result of providing an additional security factor and thereby enhancing security. Regarding Claims 2, 9 and 16: Simakov in view of Wong teach all of the elements of Claims 1, 8 and 15. Simakov also teaches: (Claim 9 is used as exemplary). The computer system of claim 8, wherein the first transaction initiated by the accountholder was initially declined by the issuer, ([Fig 8a, blocks 805 and 810] and [Column 17, lines 13-18] "the issuer 170 notifies the payment system 160 of the declined transaction via the card network 150, in block 805. In block 810, the payment system 160 receives the notification of the declined transaction from the issuer 170 via the card network l50"') wherein the decline message includes a reason code for the decline, and wherein the issuer issued an account to the accountholder. ([Fig 8a, block 815] and [Column 17, lines 19-24) "The payment system 160 determines the reason the transaction was declined" and [Fig 8a, block 820]). Regarding Claims 3 and 10: Simakov in view of Wong teach all of the elements of Claims 1, 8 and 15. Simakov also teaches: (Claim 10 is used as exemplary). The computer system of claim 9, wherein the at least one processor is further configured to determine, based on the reason code, that the decline resulted from the failure to satisfy the at least one authorization rule. ([Column 17, lines 25-28] "In block 820, the payment system 160 determines whether the transaction was declined because the transaction did not meet one or more user-defined or other user-overridable rules" and [Column 13, line 57 through Column 14, line 4] “Other rules that can cause a request to be declined include fraud protection rules. For example, the payment system 160 may decline a payment request if the transaction occurs outside of the user's 101 typical geographic area or if activity on the user's 101 account has exceeded a payment system 160 defined amount or number of transactions. Such fraud protection rules can be included in the default, static rules or the user-defined rules, or a combination thereof”). Regarding Claims 4, 11 and 17 Simakov in view of Wong teach all of the elements of Claims 1, 8 and 15. Simakov also teaches: (Claim 11 is used as exemplary). The computer system of claim 8, wherein the user device comprises one of a point-of-sale (POS) device operated by the merchant or a user computing device of the user, ([Column 5, line 9] “point of sale (POS) terminal system 110”). and wherein the acknowledgement from the user device to retry the first transaction includes an approval to relax the authorization rules. As discussed with respect to Claims 1, 8 and 15, supra, Examiner is interpreting this element to mean that there is communication from the authentication server to the user device requesting a retry of the transaction. ([Column 3, lines 63-66] “the payment system can decline the original payment request, communicate the notice message to the user, receive the user's response, and revise the stored rules for payment” and [Column 13, line 57 through Column 14, line 4] “Other rules that can cause a request to be declined include fraud protection rules. For example, the payment system 160 may decline a payment request if the transaction occurs outside of the user's 101 typical geographic area or if activity on the user's 101 account has exceeded a payment system 160 defined amount or number of transactions. Such fraud protection rules can be included in the default, static rules or the user-defined rules, or a combination thereof”). Regarding Claims 5, 12 and 18: Simakov in view of Wong teach all of the elements of Claims 1, 8 and 15. While Simakov teaches that after the user has provided a rules override, the payment system sends a new approved payment request to the issuer in at least ([Column 3, line 63 to Column 4, line 3] “the payment system can decline the original payment request, communicate the notice message to the user, receive the user's response, and revise the stored rules for payment. Then, the user may immediately initiate a new payment transaction with the merchant using the proxy card. The payment system will then approve the payment transaction after receipt of a new payment request”), but Simakov does not specifically teach: (Claim 12 is used as exemplary).The computer system of claim 8, wherein the rules relaxation identifier is further configured to inform the issuer that the accountholder has requested and satisfied at least one requirement for the authorization rules. Wong teaches this: ([0019] “the server computer can modify the authorization request message to include an indicator (e.g., the value "1") that indicates that the passcode has been correctly entered. This modified authorization request message can then be forwarded to the issuer for approval”). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to supplement the fraud detection rules override function taught by Simakov, by also sending a request for additional authentication data to the user’s cell phone, as taught by Wong, with the predictable result of providing an additional security factor and thereby enhancing security. Regarding Claims 6, 13 and 19: Simakov in view of Wong teach all of the elements of Claims 1, 8 and 15. Simakov also teaches: (Claim 13 is used as exemplary). The computer system of claim 8, wherein the at least one processor is further configured to: transmit the new message to an issuer computing device associated with the issuer; ([Column 17, line 67 – Column 18, line 1] “the payment system 160 sends a new payment request to the issuer(s) 170 via the card network 150”). Simakov does not specifically teach but Wong teaches: and cause the issuer computing device to modify one or more transaction decline systems, wherein modifying the one or more transaction decline systems comprises relaxing one or more of the authorization rules that prompted the decline of the first transaction. ([0019] “the server computer can modify the authorization request message to include an indicator (e.g., the value "1") that indicates that the passcode has been correctly entered. This modified authorization request message can then be forwarded to the issuer for approval”). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to supplement the fraud detection rules override function taught by Simakov, by also sending a request for additional authentication data to the user’s cell phone, as taught by Wong, with the predictable result of providing an additional security factor and thereby enhancing security. Claim 7, 14 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent 8,401,904 (Simakov) in view of U.S. Patent Publication 2012/0317025 (Wong) in view of U.S. Patent Publication 2011/0251910 (Dimmick2). Regarding Claims 7, 14 and 20: Simakov in view of Wong teach all of the elements of Claims 1, 8 and 15. Simakov also teaches: (Claim 14 is used as exemplary). The computer system of claim 8, wherein the at least one processor is further configured to: … and transmit the approval message to a point-of-sale (POS) device operated by the merchant. ([Column 2, lines 55-56] "transmitting the approval to the merchant" and (Column 11, line 35] "POS terminal''). Simakov does not specifically teach: transmit the approval message to the user device; Dimmick2 teaches a system that uses SMS messages between a mobile phone and an issuer at a POS to authenticate a user. Dimmick2 teaches ([0068] “Confirmation may be sent to the consumer mobile device through a number of channels"). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to send notice of transaction approval to both the merchant as taught by Simakov and to the user's cell phone, as taught by Dimmick2, due to improved customer information and convenience. Examiner also notes that it is well known in the art for merchants to send electronic receipts showing transaction approval to users by SMS or email that are receivable on their cell phones in real time. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to KIMBERLY S BURSUM whose telephone number is (571)272-8213. The examiner can normally be reached M-F 9:30 AM - 6:30 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Florian (Ryan) m Zeender can be reached at 571-272-6790. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /KIMBERLY S. BURSUM/Examiner, Art Unit 3627