DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Acknowledgment
Applicant’s amendment filed on November 15, 2021 is acknowledged. Accordingly claims 1-20 remain pending and have been examined.

Response to Arguments
Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Double Patenting
A rejection based on double patenting of the “same invention” type finds its support in the language of 35 U.S.C. 101 which states that “whoever invents or discovers any new and useful process... may obtain a patent therefor...” (Emphasis added). Thus, the term “same invention,” in this context, means an invention drawn to identical subject matter. See Miller v. Eagle Mfg. Co., 151 U.S. 186 (1894); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Ockert, 245 F.2d 467, 114 USPQ 330 (CCPA 1957).
A statutory type (35 U.S.C. 101) double patenting rejection can be overcome by canceling or amending the claims that are directed to the same invention so they are no longer coextensive in scope. The filing of a terminal disclaimer cannot overcome a double patenting rejection based upon 35 U.S.C. 101.
Claims 1-20, are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of copending Application No. 16/933,353 (reference 
Claims 1, 12 and 20 of the U.S. Patent Application No. 16/933,353 is verbatim copy or obvious variants of claims 1, 12 and 20 of the current application. 
Claims 2 and 13 of the U.S. Patent Application No. 16/933,353 is verbatim copy or obvious variants of claims 2 and 13 of the current application. 
Claim 3 of the U.S. Patent Application No. 16/933,353 is verbatim copy or obvious variants of claim 3 of the current application. 
Claims 4 and 14 of the U.S. Patent Application No. 16/933,353 is verbatim copy or obvious variants of claims 4 and 14 of the current application. 
Claims 5 and 15 of the U.S. Patent Application No. 16/933,353 is verbatim copy or obvious variants of claims 5 and 15 of the current application. 
Claim 6 of the U.S. Patent Application No. 16/933,353 is verbatim copy or obvious variants of claim 6 of the current application. 
Claim 7 of the U.S. Patent Application No. 16/933,353 is verbatim copy or obvious variants of claim 7 of the current application. 
Claims 8 and 16 of the U.S. Patent Application No. 16/933,353 is verbatim copy or obvious variants of claims 8 and 16 of the current application. 
Claims 9 and 17 of the U.S. Patent Application No. 16/933,353 is verbatim copy or obvious variants of claims 9 and 17 of the current application. 
Claim 10 of the U.S. Patent Application No. 16/933,353is verbatim copy or obvious variants of claim 10 of the current application

Claim 18 of the U.S. Patent Application No. 16/933,353is verbatim copy or obvious variants of claim 18 of the current application
Accordingly, it would have been obvious to one of ordinary skill in the art at the time of applicant’s invention to modify claims 1-20 of U.S. Patent Application No. 16/933,353by adding and/or substituting the limitations resulting generally in the claims of the present application since the present application and the claims recited U.S. Patent Application No. 16/933,353 actually perform the same or similar function. It is well settled that the omission of an element and its function is an obvious expedient if the remaining elements perform the same function as before. In re Karlson, 136 USPQ 184 (CCPA 1963; Also note Ex parte Rainu, 168 USPQ 375 (Bd. App. 1969). Omission of a reference element whose function is not needed would be obvious to one of ordinary skill in the art.
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sharma et al (hereinafter “Sharma”) U.S. Patent Application Publication No. 2020/0097956 A1 in view of Fosmark et al (hereinafter “Fosmark”) U.S. Patent Application Publication No. 2019/0043022 A1.

As per claims 1, 12 and 20, Sharma discloses a system for securing electronic payments, the system comprising: 
one or more processors (see fig. 1); and
a memory storing computer code instructions, the computer code instructions, when executed by the one or more processors, cause the one or more processors to:
provide a session identifier (ID) and a URL of an iFrame to an electronic commerce (e-commerce) host server for forwarding to a computing device responsive to the computing device initiating an e-commerce transaction on an information resource, the URL specific to a payment session associated with the session ID (see fig. 3A which discloses that “getiframeurl (CSS URL or CSS ID.”; 0023, which discloses that “In step 2 in FIG. 2, the partner embeds the iFrame URL in their web UI (e.g., checkout webpage) along with reference to an iFrame.js program provided by the payment service provider.”);
provide, upon receiving the URL and the first instance of the session ID from the computing device and validating the first instance of the session ID, the iframe to the computing device for embedding with the payment page provided by the commerce host server to the computing device, the iframe and the payment page associated with different domains (see fig. 3A, which discloses payment service provider providing iframe url and 1 time use token to partner step 312; 0024, which discloses that “At step 3 in FIG. 2, after a user completes a transaction and submits the payment form including the customer's sensitive information at the partner's web UI, the iFrame.js module captures the sensitive payment information from the user's submission as well as the onetime use token.”; 0025);
receive user payment data and a second instance of the session ID from the iFrame (see fig. 3A which shows receiving iframe URl and 1 time use token step 312; 0024, which discloses that “At step 3 in FIG. 2, after a user completes a transaction and submits the payment form including the customer's sensitive information at the partner's web UI, the iFrame.js module captures the sensitive payment information from the user's submission as well as the onetime use token.”….”);
provide, upon validating the second instance of the session ID, a one-time token (OTT) to the computing device for use to initiate payment pre-authorization, the OTT associated with the session ID  and indicative of the user payment data (0009, which discloses that “validating at the PSP server the onetime use token.”);
validate, upon receiving a payment pre-authorization request from the e-commerce host server including an instance of the OTT, the instance of the OTT (0009, which discloses that “validating at the PSP server the onetime use token.”);
obtain, upon validating the instance of the OTT, payment pre-authorization from a payment provider system using the user payment data (0009, which discloses that “generating, at the PSP server, a payment token associated with the user payment information.”); and
provide an indication of the payment pre-authorization to the e-commerce host server for forwarding to the computing device, the payment pre-authorization allowing the computing device to finalize the e-commerce transaction (0009, which discloses that “ receiving, at the PSP server from the partner server, an API call for a payment transaction that includes the payment token; and at the PSP server, using the payment token to execute the payment transaction by the user to the partner via a payment card network.”).
What Sharma does not explicitly use is the claim phrase “session id”. Sharma however discloses CSS ID which is equivalent to the claimed session id. 
Alternatively Formark discloses the system comprising:
provide a session identifier (ID) and a URL of an iFrame to an electronic commerce (e-commerce) host server for forwarding to a computing device responsive to the computing device initiating an e-commerce transaction on an information resource, the URL specific to a payment session associated with the session ID (0078, which discloses that “The trusted third party data processing system 106 generates and sends a message 510 in response to the entity data processing system 104.  The message 510 may include a security level identifier…an identifier for the session (e.g., an identifier for the entity data processing system 104, URL of a website, an identifier for the web session or an identifier of a computer or electronic lock)”).
Accordingly it would have been obvious to one of ordinary skill in the art at time of applicant’s invention to modify the system of Sharma and incorporate a system further comprising: provide a session identifier (ID) and a URL of an iframe to an electronic commerce (e-commerce) host server for forwarding to a computing device responsive to the computing device initiating an e-commerce transaction on an information resource, the URL associated with the session ID  in view of the teachings of Fosmark in order to facilitate transaction and enhance security.

As per claims 2 and 13, Sharma further discloses the system, wherein the URL is valid for a single payment session identified by the session ID (0009; one time use tokken).

As per claim 3, Sharma further discloses the system, wherein the request for the iFrame includes an instance of the URL appended with the first instance of the session ID (0009; 0022).

As per claims 4 and 14, Sharma further discloses the system, wherein the computer code instructions, when executed by the one or more processors, further cause the system to:
maintain a data structure associating the URL with the session ID (0009; 0022); and 
validate the first instance of the session ID by determining that the first instance of the session ID is equal to the session ID associated with the URL in the data structure (0009; 0022).

As per claims 5 and 15, Sharma further discloses the system, wherein the iFrame includes software instructions, which when executed by the computing device cause the computing device to:
display a user interface to prompt input of the user payment data (0020); 
encrypt the user input data when input via the user interface (0022); and 
send the encrypted user input data to the system (0009; 0022).

As per claim 6, Sharma further discloses the system, wherein the computer code instructions, when executed by the one or more processors, cause the one or more processors to:
provide the session ID and the URL of the iFrame to the e-commerce host server via a secure communication link between the system and the e-commerce host server (0009; 0022).

As per claim 7, Sharma further discloses the system, wherein the computer code instructions, when executed by the one or more processors, further cause the system to generate the OTT (0009; 0022).

As per claims 8 and 16, Sharma further discloses the  system, wherein the OTT expires after a predefined time period (0024).

As per claims 9 and 17, Sharma further discloses the system, wherein the predefined period is less than or equal to 15 minutes (0024).

As per claims 10 and 18, Sharma further discloses the system, wherein the computer code instructions when executed by the one or more processors further cause the one or more processors to maintain a data structure associating the OTT with the session ID (0009; 0022).

As per claims 11 and 19, Sharma further discloses the system, wherein in validating the instance of the OTT the computer code instructions, when executed by the one or more processors, cause the one or more processors to:
check that the instance of the OTT matches the OTT in the data structure and that the OTT in the data structure did not expire (0009; 0022);
check that the session ID in the data structure is valid (0009; 0022); and
determine validity of the OTT upon determining that the OTT in the data structure did not expire and that the session ID in the data structure is valid (0009; 0022).

Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Charles C. Agwumezie whose number is (571) 272-6838. The examiner can normally be reached on Monday – Friday 8:00 am – 5:00 pm.
	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Calvin Hewitt can be reached on (571) 272 – 6709.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/CHINEDU C AGWUMEZIE/Primary Examiner, Art Unit 3685                                                                                                                                                                                                        December 2, 2021