DETAILED ACTION
	This action is responsive to application filed on 10/11/2019. Claims 1-20 are cancelled. Claims 21-40 are pending and being considered. Claims 21, 28 and 35 are independent. Thus, the claims 21-40 are rejected.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
The present disclosure, filed on 10/11/2019, claims the benefit of priority to U.S. application no. 15/381,908, filed on December 16, 2016.

Information Disclosure Statement


The information disclosure statement (IDS) submitted on 10/11/2019 was filed on or after the mailing date of the application no.16/599,715 on 10/11/2019. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner and an initialed and dated copy of Applicant’s IDS forms 1449 filed on 10/11/2019 is attached to the instant office action. Examiner notes that a non-patent literature document (Cite No 1) has been listed on the filed IDS, however a copy of the listed NPL document (cite no 1) is missing.

Specification
The disclosure(s), filed on 10/11/2019, has been reviewed and accepted.
Drawings
The drawings (Figs. 1-5), filed on 10/11/2019, has been reviewed and accepted.

Abstract
The abstract of the disclosure, filed on 10/11/2019, has been reviewed and accepted.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 21-40 are rejected on the ground of non-statutory double patenting as being un-patentable over claims 1-2, 4-8, 10-14 and 16-17 of U.S. Patent No. 10,484,415 B1. Although the claims at issue are not identical, they are not patentably distinct from each other because all the limitations of the claims 21-40 (of current application 16/599,715) are taught by the U.S. Patent No. 10,484,415 B1, as mentioned in comparison table(s) below, wherein the matched limitations of the U.S. Patent 10,484,415 B1 are underlined:

Current Application 16/599,715
U.S. Patent Application 10,484,415 B1
Claim 21: A method for detecting security risks in network pages, comprising:
 providing at least one secure transaction page to a secure transaction provider, the secure transaction page enabling the secure transaction provider to request secure transactions; 
determining an expected request rate for the secure transaction page by the secure transaction provider based on a history of request rate for the secure transaction page; 
determining an actual request rate for the secure transaction page by the secure transaction provider; 



determining a first predetermined threshold for a change in request rate for the secure transaction page by the secure transaction provider, the change in request rate representing a difference 
determining that the first predetermined threshold has been exceeded; and 






in response to determining that the first predetermined threshold has been exceeded: 


declining a token request from the secure transaction provider; and   


providing a notification to the secure transaction provider based on the determination that the first predetermined threshold has been exceeded.  



Claim 22: wherein the actual request rate is indicative of a number of calls for the secure transaction page over a predetermined time period.  
Claim 24: receiving secure transaction data from the secure transaction provider; and determining a second predetermined threshold different from the first predetermined threshold based on the secure transaction data.




Claim 1: A method for detecting security risks in network pages, comprising:
providing at least one secure transaction page to a secure transaction provider, the secure transaction page enabling the secure transaction provider to request secure transactions; 
determining an expected request rate for the secure transaction page by the secure transaction provider based on a history of request rate for the secure transaction page; 
determining an actual request rate for the secure transaction page by the secure transaction provider, the actual request rate being indicative of a number of calls for the secure transaction page over a predetermined time period; 
determining a first predetermined threshold for a change in request rate for the secure transaction page by the secure transaction provider, the change in request rate representing a difference between the expected request rate and the actual request rate; 
determining that the first predetermined threshold, for the change in request rate for the secure transaction page by the secure transaction provider, has been exceeded, with the actual request rate being lower than the expected request rate by an amount exceeding the first predetermined threshold; 
in response to determining that the first predetermined threshold, for the change in request rate for the secure transaction page by the secure transaction provider, has been exceeded, 
declining at least one of a new token request or a card-not-present (CNP) token request from the secure transaction provider; 
providing a notification to the secure transaction provider based on the determination that the first predetermined threshold, for the change in request rate has been exceeded; 
the actual request rate being indicative of a number of calls for the secure transaction page over a predetermined time period;
receiving secure transaction data from the secure transaction provider; and determining a second predetermined threshold, the second predetermined threshold being lower than the first predetermined threshold, for a change in request rate for the secure transaction page by the secure transaction provider, based on the secure transaction data from the secure transaction provider.
Claim 23: wherein determining the first predetermined threshold for the change in request rate comprises: comparing the actual request rate with the expected request rate to determine the first 
Claim 2: wherein determining the first predetermined threshold for the change in request rate comprises: comparing the actual request rate with the expected request rate to determine the first predetermined threshold for the change in request rate.
Claim 25: determining whether the secure transaction page is functioning; receiving an electronic transaction request associated with the secure transaction provider; and in response to determining that the secure transaction page is not functioning, declining the electronic transaction request.  
Claim 4: determining whether the secure transaction page is functioning; receiving an electronic transaction request associated with the secure transaction provider; and in response to determining that the secure transaction page is not functioning, declining the electronic transaction request.
Claim 26: wherein the secure transaction provider is an online merchant.  
Claim 5: wherein the secure transaction provider is an online merchant.
Claim 27: wherein the secure transaction page is an iFrame hosted by a third party, such that sensitive data received via the secure transaction page is isolated from the secure transaction page.  
Claim 6: wherein the secure transaction page is an iFrame hosted by a third party, such that sensitive data received via the secure transaction page is isolated from the secure transaction page.


Below table represents the double patenting rejection(s) for ‘a system’ claim set 28-34 of the current application 16/599,715:

Claims of Current App. 16/599,715
28, 29 & 31
30
32
33
34
Claims of US Patent 10,484,415 B1
7
8
10
11
12




Claims of Current App. 16/599,715
35, 36 & 38
37
39
40
Claims of US Patent 10,484,415 B1
13
14
16
17


Thus, the claims 21-40 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1-2, 4-8, 10-14 and 16-17, respectively, of the U.S. Patent US 10484415 B1, because all the limitations of claims 21-40 are taught by the claims 1-2, 4-8, 10-14 and 16-17 of the U.S. Patent No. 10419420, respectively.

Claim Rejections - 35 U.S.C. 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 21-40 are rejected under 35 U.S.C. 103 as being unpatentable over Randall, Lee (US 2015/0032628 A1; provided by IDS), hereinafter (Randall), in view of Aust, Matthias Andreas (US 2011/0131322 A1; provided by IDS), hereinafter (Aust) and further in view of Garrity; Justin (US 2012/0278741 A1), hereinafter (Garrity), and Nelsen; Mark et al. (US 2015/0142673 A1), hereinafter (Nelsen).

Regarding Claims 1-20, (Canceled).  

Regarding Claim 21, Randall teaches a method for detecting security risks in network pages, comprising: providing at least one secure transaction page to a secure transaction provider, the secure transaction page enabling the secure transaction provider to request secure transactions (Randall, Para. [0018, 0022, 0029] and Fig. 1, discloses that the online payment interface module 15 of payment system 7 associated with an intermediary payment service provider can serve one or more web page(s), or portion(s) of a web page such as inline frames or the like, to the consumer's browser 3a of consumer device 3 to prompt for a set of credentials for authentication (i.e., to request secure transactions) or see also Randall, Fig. 2A for receiving and serving secure checkout web pages to a payment system associated  with an intermediary payment service provider); 
However Randall teaches see Randall, Para. [0018, 0022, 0029] and Figs. 1 & 2); but fails to explicitly disclose “determining an expected request rate for the secure transaction page by the secure transaction provider based on a history of request rate for the secure transaction page”, wherein ‘Aust’ from the same field of technology teaches determining an expected request rate Aust, Para. [0007- 0008], discloses that the determined access rate is compared with an expected value (i.e., expected access rate), obtained for example, from history as obtained by the monitoring); 
determining a first predetermined threshold for a change in request rate Aust, Para. [0012], discloses a (i.e., first) predetermined threshold indicative of a low access rate, etc.), the change in request rate representing a difference between the expected request rate and the actual request rate (Aust, Para. [0007 & 0012], discloses that the determined access rate is compared with an expected value (e.g., obtained from history as obtained by the monitoring) to determine a difference (i.e., to determine a predetermined threshold for a change in request rate) with a predetermined threshold); 
determining that the first predetermined threshold has been exceeded (Aust, Para. [0012], discloses that the difference from the comparing step exceeds a predetermined threshold, or see also Para. [0042], discloses that the comparison result yields a value whose magnitude exceeds a predetermined threshold); and 
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Aust’ into the teachings of ‘Randall’, with a motivation to determine an expected request rate based on a history of request rate, and determining a first predetermined threshold for a change in request rate, the change in request rate representing a difference between 
However Randall as modified by Aust fails to explicitly disclose but Garrity from the same field of technology teaches determining an actual request rate for the secure transaction page by the secure transaction provider (Garrity, Fig. 10 and Para. [0047], discloses the nature of the statistics, or test results, that are collected for a particular test run […]. The test results table includes a row for each experiment associated with the test run, such as row 1014 in experimental-results table 1012. The row includes an indication of the experiment to which the row corresponds 1016, a count of the number of the times that the page corresponding to the experiment was accessed by a user of an active segment 1018 (such as order page 520 in Fig. 5), […]); 
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Garrity’ into the teachings of ‘Randall’ as modified by ‘Aust’, with a motivation to determine an actual request rate for the secure transaction page by the secure transaction provider, as taught by Garrity, in order to collect data that can be subsequently used to analyze the website pages (i.e., order page 520 shown in Fig. 5), wherein the data collection is based on a count of the number of times that particular page was accessed by a user; Garrity, Para. [0002 and 0047].
However Randall as modified by Aust in view of Garrity fails to explicitly disclose but Nelsen from the same field of technology teaches in response to determining that the first predetermined threshold has been exceeded: declining a token request from the secure transaction provider (Nelsen, Fig. 1 and Para. [0092], discloses that when the result of a risk analysis is a risk score of above 85 (e.g., the first predetermined threshold has been exceeded, as shown in Para. [0115]), the payment token request will be denied, and as disclosed in Para. [0070], that the token issuer computer system 160 may communicate with the merchant computer 130 using merchant APIs. The token issuer computer system 160 may exchange tokens and process or route tokens to an appropriate entity for the merchant operating the merchant computer 130 (e.g., when risk score is below)); and   
providing a notification to the secure transaction provider based on the determination that the first predetermined threshold has been exceeded (Nelsen, Para. [0064], discloses to generate payment token response messages indicating the approval or denial of a payment token request, and as disclosed in Para. [0092], when the result of a risk analysis is a risk score of above 85 (e.g., the first predetermined threshold has been exceeded)).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Nelsen’ into the teachings of ‘Randall’ as modified by ‘Aust’ in view of ‘Garrity’, with a motivation in which payment token request rules can be used to determine whether a payment token request should be approved or denied, in order to control fraud detection during an electronic payment transaction; Nelsen, Para. [0006 and 0002]

Regarding Claim 22, Randall as modified by Aust in view of Garrity and Nelsen teaches the method of claim 21, wherein Randall as modified by Aust fails to explicitly disclose but Garrity further teaches the actual request rate is indicative of a number of calls for the secure transaction page over a predetermined time period (Garrity, Para. [0047], discloses a count of the number of times that the page (i.e., order page 520 shown in Fig. 5) corresponding to the experiment was accessed by a user of an active segment between a start time and end time for the test run, and as further disclosed in Para. [0066], messages sent from user computers as a result of calls to the script-library routine "WM.convert" by user browsers are handled by a call to the routine "wm convert,". Note that the script-library routines "WM.setup" and "WM.convert" are called by a browser running on the user computer, and those script routines, in turn, call routines that initiate an information transmission with the analysis-and/or-testing service).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Garrity’ into the teachings of ‘Randall’ as modified by ‘Aust’, with a motivation to provide the actual request rate that is indicative of a number of calls for the secure transaction page over a predetermined time period, as taught by Garrity, in order to collect data that can be subsequently used to analyze the website pages (i.e., order page 520 shown in Fig. 5), wherein the data collection is based on a count of the number of times that particular page was accessed by a user; Garrity, Para. [0002 and 0047].
Regarding Claim 23, Randall as modified by Aust in view of Garrity and Nelsen teaches the method of claim 21, wherein Randall fails to explicitly disclose but Aust further teaches determining the first predetermined threshold for the change in request rate comprises: comparing the actual request rate with the expected request rate to determine the first predetermined threshold for the change in request rate (Aust, Para. [0007 & 0012], discloses that the determined access rate is compared with an expected value (obtained for example, from history as obtained by the monitoring) to determine a difference and if the difference from the comparing step exceeds a predetermined threshold indicative of an unexpected a low access rate (i.e., to determine a predetermined threshold for a change in request rate)).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Aust’ into the teachings of ‘Randall’, with a motivation to determine the first predetermined threshold for the change in request rate comprises: comparing the actual request rate with the expected request rate to determine the first predetermined threshold for the change in request rate, as taught by Aust, in order to utilize a monitoring function for determining access performance, and/or in order to detect changes in access performance by monitoring history; Aust, Para. [0006].

Regarding Claim 24, Randall as modified by Aust in view of Garrity and Nelsen teaches the method of claim 21, wherein Randall further teaches further comprising: receiving secure transaction data from the secure transaction provider (Randall, Fig. 2A and Step S2-5, illustrates to receive input selection of payment, via intermediary payment service, from transaction checkout web page(s) as shown in Fig. 2A and Step S2-3); and 
However Randall as modified by Aust in view of Garrity Fails to disclose but Nelsen further teaches determining a second predetermined threshold different from the first predetermined threshold based on the secure transaction data (Nelsen, Para. [0093], discloses that when the result of a risk analysis is a risk score of ).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Nelsen’ into the teachings of ‘Randall’ as modified by ‘Aust’ in view of ‘Garrity’, with a motivation to determine a second predetermined threshold different from the first predetermined threshold based on the secure transaction data, as taught by Nelsen, in which payment token request rules can be used to determine whether a payment token request should be approved or denied, in order to control fraud detection during an electronic payment transaction; Nelsen, Para. [0006 and 0002]

Regarding Claim 25, Randall as modified by Aust in view of Garrity and Nelsen teaches the method of claim 21, Randall further teaches further comprising: determining whether the secure transaction page is functioning (Randall, Fig. 2 and Steps S2-3, illustrates to serve checkout web page(s) if they are functioning); 
receiving an electronic transaction request associated with the secure transaction provider (Randall, Fig. 2 and Steps S2-1 thru S2-9, illustrates to receive input to proceed to checkout web page(s), receive input selection of payment via intermediary payment service); and 
in response to determining that the secure transaction page is not functioning, declining the electronic transaction request (Randall, Para. [0049], ).  

Regarding Claim 26, Randall as modified by Aust in view of Garrity and Nelsen teaches the method of claim 21, wherein Randall further teaches the secure transaction provider is an online merchant (Randall, Para. [0019], disclose that the merchant can be interchangeably referred to as a retailer, vendor, business, broker, service provider or the like).  

Regarding Claim 27, Randall as modified by Aust in view of Garrity and Nelsen teaches the method of claim 21, wherein Randall further teaches the secure transaction page is an iFrame hosted by a third party, such that sensitive data received via the secure transaction page is isolated from the secure transaction page (Randall, Para. [0029], disclose the online payment interface module 15 can serve one or more web page(s), or portion(s) of a web page such as inline frames (or iFrame) or the like and see also Fig. 2A and Step S2-9, illustrates transmitting transaction data to payment system received from the transaction checkout web page as shown in Fig. 2A and Step S2-3).  

Regarding claims 28-34, the claims recite substantially similar subject matter as claims 21-27, respectively. Therefore, the response set forth above with respect to the claims 21-27 is equally applicable to the claims 28-34 of “a system for detecting security risks in network pages”.

35-40, the claims recite substantially similar subject matter as claims 21-26, respectively. Therefore, the response set forth above with respect to the claims 21-26 is equally applicable to the claims 35-40 of “a non-transitory computer-readable medium storing instructions that, when executed by a transaction processor, cause the transaction processor to perform a method for detecting security risks in network pages”.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
1.	Mikael Hussain (US 2017/0004573 A1), the present disclosure generally relates to workflow processing and user interface generation based on activity data.
2.	Reiner et al. (US 20030023715 A1), this invention relates to a system and method for logical view analysis and visualization of user behavior in a distributed computer network.
3.	Murphy, JR. et al. (US 20150235207 A1), the disclosure relate to providing apparatus and methods for mitigating a risk of incurring a liability for a transaction between two or more transaction participants.
4.	Williamson et al. (US 20150066768 A1), this disclosure relates generally to online payment transactions and, more specifically, to systems and methods for verifying the cardholder's authenticity during the processing of online payment transactions and during the provisioning of a token used for online payment transactions

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALI CHEEMA, whose contact number is 571-272-1239. The examiner can normally be reached on Monday-Friday: 8:00AM – 4:00PM.
 If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).If you would like assistance from a USPTO
Customer Service Representative or access to the automated information system, call
800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ALI CHEEMA/
Examiner, Art Unit 2433

/SAMSON B LEMMA/Primary Examiner, Art Unit 2498