DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  
 
Status of Claims
This action is in reply to the application filed on 11/24/2020, which is a continuation of application 15/843150 which was issued as US 11,295,301, wherein:
Claims 1-20 have been cancelled;
Claims 21-40 are new; and  
Claims 21-40 are currently pending and have been examined.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 21-40 of Application 17/652322 are rejected on the ground of nonstatutory double patenting as being unpatentable over: claims 1-20 of US Patent No. 11,295,301.  Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the ‘301 Patent recite all the limitations of claims 21-40 of the instant Application No. 17/652322 as indicated in the comparison table below.
Claims of 17/652322
Claims of 11,295,301
21. A method for managing secure processing of electronic payment transactions, comprising: 





receiving, by a server, a request from a merchant computing system for a security verifier to be displayed on an electronic display of the merchant computing system; 



transmitting, by the server, a request for security credentials associated with the merchant computing system to each security service provider among a plurality of security service providers; 

receiving, by the server, a plurality of security credentials from a subset of security service providers among the plurality of security service providers;




upon determining, by the server, that at least one set of security credentials among the plurality of security credentials meets a network security threshold, generating and transmitting a uniform resource locator ("URL") to the merchant computing system; 





















transmitting, by the server, a renewed request for the set of security credentials from the at least one security service provider among the subset of security service providers to measure against the network security threshold; 

receiving, in response to the renewed request, the set of security credentials from the at least one security service provider among the subset of security service providers; 

determining, by the server, whether the set of security credentials meets the network security threshold; and proceeding, by the server and based on the set of security credentials not meeting the network security threshold, to i) revoke access to the generated URL and ii) deny display of the security verifier on the electronic display of the merchant computing system.
1. A method for managing secure processing of electronic payment transactions, comprising: verifying, for each security service provider among a plurality of security service providers, that the security service provider meets a predetermined security standard;


receiving, by a server, a request from a merchant computing system for a security verifier, wherein the server and the merchant computing system are interconnected via an electronic network, the security verifier to be displayed on an electronic display of the merchant computing system;

transmitting, by the server, a request for security credentials associated with the merchant computing system to each security service provider among the plurality of security service providers;

receiving, by the server, a plurality of security credentials from a subset of security service providers among the plurality of security service providers; determining, by the server, whether at least one security service provider among the subset of security service providers was verified to meet the predetermined security standard;

determining, by the server, whether at least one set of security credentials among the plurality of security credentials meets a network security threshold;
upon determining, by the server, that the at least one security service provider was verified to meet the predetermined security standard and that at least one set of security credentials among the plurality of security credentials meets the network security threshold; generating, by the server, a uniform resource locator (“URL”), wherein the server hosts each of the generated URL and a global certified number unique to the security service provider, the URL generated based on the set of security credentials meeting the network security threshold; transmitting, by the server, the generated URL to the merchant computing system; and displaying the security verifier on the electronic display of the merchant computing system using the generated URL; receiving a request originating from a user interaction with the URL; responding to the request with security information, the security information including one or more of: information that the security service provider associated with the merchant computing system meets the network security threshold, or information about a global registry of certified security service providers;

transmitting, by the server, a renewed request for the set of security credentials from the at least one security service provider among the subset of security service providers to measure against the network security threshold;

receiving, in response to the renewed request, the set of security credentials from the at least one security service provider among the subset of security service providers;

determining, by the server, whether the set of security credentials meets the network security threshold; and
proceeding, by the server and based on the set of security credentials not meeting the network security threshold, to i) revoke access to the generated URL and ii) deny display of the security verifier on the electronic display of the merchant computing system.
22. The method of claim 21, wherein the server is a security badge arbitrator.
2. The method of claim 1, wherein the server is a security badge arbitrator.
23. The method of claim 21, wherein the electronic display is associated with an e-commerce website.  
3. The method of claim 1, wherein the electronic display is associated with an e-commerce website.
24. The method of claim 21, wherein the network security threshold includes global security standards established by at least one of EMVco, W3C, and OWASP.  
4. The method of claim 1, wherein the network security threshold includes global security standards established by at least one of EMVco, W3C, and OWASP.
25. The method of claim 21, wherein the at least one security service provider provides the set of security credentials to the server via a web service application programming interface ("API").  
5. The method of claim 1, wherein the at least one security service provider provides the set of security credentials to the server via a web service application programming interface (“API”).
26. The method of claim 21, wherein the renewed request for the set of security credentials from the at least one security service provider among the subset of security service providers to measure against the network security threshold is transmitted at periodic intervals.  
6. The method of claim 1, wherein the renewed request for the set of security credentials from the at least one security service provider among the subset of security service providers to measure against the network security threshold is transmitted at periodic intervals.
27. The method of claim 21, further comprising: transmitting at periodic intervals, by the server, a validation request to the merchant computing system; receiving, in response to the validation request, from the merchant computing system, a security policy as installed on the merchant computing system; 
determining, by the server, whether the security policy matches a security solution provided by the security service provider; and proceeding, by the server and based on the security policy not matching the security solution provided by the security service provider, to i) revoke access to the generated URL and ii) deny display of the security verifier on the electronic display of the merchant computing system.  
7. The method of claim 1, further comprising:
transmitting at periodic intervals, by the server, a validation request to the merchant computing system;
receiving, in response to the validation request, from the merchant computing system, a security policy as installed on the merchant computing system;

determining, by the server, whether the security policy matches a security solution provided by the security service provider; and proceeding, by the server and based on the security policy not matching the security solution provided by the security service provider, to i) revoke access to the generated URL and ii) deny display of the security verifier on the electronic display of the merchant computing system.
28. A non-transitory computer readable medium storing a program causing a computer to execute a method for managing secure processing of electronic payment transactions, the method comprising: 



receiving, by a server, a request from a merchant computing system for a security verifier to be displayed on an electronic display of the merchant computing system; 


transmitting, by the server, a request for security credentials associated with the merchant computing system to each security service provider among a plurality of security service providers; 

receiving a plurality of security credentials from a subset of security service providers among the plurality of security service providers; 

upon determining, by the server, that at least one set of security credentials among the plurality of security credentials meets a network security threshold, generating and transmitting a uniform resource locator ("URL") to the merchant computing system; 




















transmitting, by the server, a renewed request for the set of security credentials from the at least one security service provider among the subset of security service providers to measure against the network security threshold; 

in response to the renewed request, receiving the set of security credentials from the at least one security service provider among the subset of security service providers; 

determining, by the server, whether the set of security credentials meets the network security threshold; and based on the set of security credentials not meeting the network security threshold, proceeding, by the server, to i) revoke access to the generated URL and ii) deny display of the security verifier on the electronic display of the merchant computing system.  
8. A non-transitory computer readable medium storing a program causing a computer to execute a method for managing secure processing of electronic payment transactions, the method comprising: verifying, for each security service provider among a plurality of security service providers, that the security service provider meets a predetermined security standard;

receiving, by a server, a request from a merchant computing system for a security verifier, wherein the server and the merchant computing system are interconnected via an electronic network, the security verifier to be displayed on an electronic display of the merchant computing system;

transmitting, by the server, a request for security credentials associated with the merchant computing system to each security service provider among the plurality of security service providers;

receiving a plurality of security credentials from a subset of security service providers among the plurality of security service providers; 

determining, by the server, whether at least one security service provider among the subset of security service providers was verified to meet the predetermined security standard; determining, the server, whether at least one set of security credentials among the plurality of security credentials meets a network security threshold; upon determining, by the server, that the at least one security service provider was verified to meet the predetermined security standard and that at least one set of security credentials among the plurality of security credentials meets the network security threshold: generating, by the server, a uniform resource locator (“URL”), wherein the server hosts each of the generated URL and a global certified number unique to the security service provider; transmitting, by the server, the generated URL to the merchant computing system; and displaying the security verifier on the electronic display of the merchant computing system using the generated URL; receiving a request originating from a user interaction with the URL; responding to the request with security information, the security information including one or more of: information that the security service provider associated with the merchant computing system meets the network security threshold, or information about a global registry of certified security service providers;

transmitting, by the server, a renewed request for the set of security credentials from the at least one security service provider among the subset of security service providers to measure against the network security threshold;

in response to the renewed request, receiving the set of security credentials from the at least one security service provider among the subset of security service providers;

determining, by the server, whether the set of security credentials meets the network security threshold; and
based on the set of security credentials not meeting the network security threshold, proceeding, by the server, to i) revoke access to the generated URL and ii) deny display of the security verifier on the electronic display of the merchant computing system.
29. The non-transitory computer readable medium of claim 28, wherein the server is a security badge arbitrator.  
9. The non-transitory computer readable medium of claim 8, wherein the server is a security badge arbitrator.
30. The non-transitory computer readable medium of claim 28, wherein the electronic display is associated with an e-commerce website.  
10. The non-transitory computer readable medium of claim 8, wherein the electronic display is associated with an e-commerce website.
31. The non-transitory computer readable medium of claim 28, wherein the network security threshold includes global security standards established by at least one of EMVco, W3C, and OWASP.  
11. The non-transitory computer readable medium of claim 8, wherein the network security threshold includes global security standards established by at least one of EMVco, W3C, and OWASP.
32. The non-transitory computer readable medium of claim 28, wherein the at least one security service provider provides the set of security credentials to the server via a web service application programming interface ("API").  
12. The non-transitory computer readable medium of claim 8, wherein the at least one security service provider provides the set of security credentials to the server via a web service application programming interface (“API”).
33. The non-transitory computer readable medium of claim 28, wherein the renewed request for the set of security credentials from the at least one security service provider among the subset of security service providers to measure against the network security threshold is transmitted at periodic intervals.  
13. The non-transitory computer readable medium of claim 8, wherein the renewed request for the set of security credentials from the at least one security service provider among the subset of security service providers to measure against the network security threshold is transmitted at periodic intervals.
34. The non-transitory computer readable medium of claim 28, the method further comprising: transmitting at periodic intervals, by the server, a validation request to the merchant computing system; in response to the validation request, receiving from the merchant computing system, a security policy as installed on the merchant computing system; determining, by the server, whether the security policy matches a security solution provided by the security service provider; and based on the security policy not matching the security solution provided by the security service provider, proceeding, by the server, to i) revoke access to the generated URL and ii) deny display of the security verifier on the electronic display of the merchant computing system.  
14. The non-transitory computer readable medium of claim 8, the method further comprising: transmitting at periodic intervals, by the server, a validation request to the merchant computing system; in response to the validation request, receiving from the merchant computing system, a security policy as installed on the merchant computing system;
determining, by the server, whether the security policy matches a security solution provided by the security service provider; and based on the security policy not matching the security solution provided by the security service provider, proceeding, by the server, to i) revoke access to the generated URL and ii) deny display of the security verifier on the electronic display of the merchant computing system.
35. A computing system for managing secure processing of electronic payment transactions, the computing system comprising: a memory having processor-readable instructions stored therein; and a processor configured to access the memory and execute the processor-readable instructions, which when executed by a processor cause the processor to perform a plurality of functions, including functions to:




 receive, by a server, a request from a merchant computing system for a security verifier to be displayed on an electronic display of the merchant computing system; 


transmit, by the server, a request for security credentials associated with the merchant computing system to each security service provider among a plurality of security service providers; 

receive a plurality of security credentials from a subset of security service providers among the plurality of security service providers; 




upon determining, by the server, that at least one set of security credentials among the plurality of security credentials meets a network security threshold, generating and transmitting a uniform resource locator ("URL") to the merchant computing system; 
















transmit, by the server, a renewed request for the set of security credentials from the at least one security service provider among the subset of security service providers to measure against the network security threshold; 

in response to the renewed request, receive the set of security credentials from the at least one security service provider among the subset of security service providers; determine, by the server, whether the set of security credentials meets the network security threshold; and based on the set of security credentials not meeting the network security threshold, proceed to i) revoke access to the generated URL and ii) deny display of the security verifier on the electronic display of the merchant computing system.  
15. A computing system for managing secure processing of electronic payment transactions, the computing system comprising: a memory having processor-readable instructions stored therein; and
a processor configured to access the memory and execute the processor-readable instructions, which when executed by a processor cause the processor to perform a plurality of functions, including functions to:
verify, for each security service provider among a plurality of security service providers, that the security service provider meets a predetermined security standard;

receive, by a server, a request from a merchant computing system for a security verifier, wherein the server and the merchant computing system are interconnected via an electronic network, the security verifier to be displayed on an electronic display of the merchant computing system;

transmit, by the server, a request for security credentials associated with the merchant computing system to each security service provider among the plurality of security service providers;

receive a plurality of security credentials from a subset of security service providers among the plurality of security service providers; determine, by the server, whether at least one security service provider among the subset of security service providers was verified to meet the predetermined security standard;

determine, by the server, whether at least one set of security credentials among the plurality of security credentials meets a network security threshold; upon determining, by the server, that the at least one security service provider was verified to meet the predetermined security standard and that at least one set of security credentials among the plurality of security credentials meets the network security threshold: generate, by the server, a uniform resource locator (“URL”), wherein the server hosts each of the generated URL and a global certified number unique to the security service provider; transmit, by the server, the generated URL to the merchant computing system; and displaying the security verifier on the electronic display of the merchant computing system using the generated URL; receive a request originating from a user interaction with the URL; respond to the request with security information, the security information including one or more of: information that the security service provider associated with the merchant computing system meets the network security threshold, or information about a global registry of certified security service providers;

transmit, by the server, a renewed request for the set of security credentials from the at least one security service provider among the subset of security service providers to measure against the network security threshold;

in response to the renewed request, receive the set of security credentials from the at least one security service provider among the subset of security service providers; determine, by the server, whether the set of security credentials meets the network security threshold; and based on the set of security credentials not meeting the network security threshold, proceed to i) revoke access to the generated URL and ii) deny display of the security verifier on the electronic display of the merchant computing system.
36. The system of claim 35, wherein the server is a security badge arbitrator.  
16. The system of claim 15, wherein the server is a security badge arbitrator.
37. The system of claim 35, wherein the electronic display is associated with an e-commerce website.  
17. The system of claim 15, wherein the electronic display is associated with an e-commerce website.
38. The system of claim 35, wherein the network security threshold includes global security standards established by at least one of EMVco, W3C, and OWASP.  
18. The system of claim 15, wherein the network security threshold includes global security standards established by at least one of EMVco, W3C, and OWASP.
39. The system of claim 35, wherein the at least one security service provider provides the set of security credentials to the server via a web service application programming interface ("API").  
19. The system of claim 15, wherein the at least one security service provider provides the set of security credentials to the server via a web service application programming interface (“API”).
40. The system of claim 35, wherein the renewed request for the set of security credentials from the at least one security service provider among the subset of security service providers to measure against the network security threshold is transmitted at periodic intervals.
20. The system of claim 15, wherein the renewed request for the set of security credentials from the at least one security service provider among the subset of security service providers to measure against the network security threshold is transmitted at periodic intervals.


Allowable Subject Matter
Claims 21-40 would be allowable if rewritten to overcome the double patenting rejections set forth in this Office action.

The following is an examiner’s statement of reasons for allowable subject matter of independent clams 21, 28, and 35 over prior art.
The closest prior art of record is US 2009/0077373 to Kramer (hereinafter referred to as Kramer), US 7,092,912 to Khaishgi et al. (hereinafter referred to as Khaishgi), and US 9,691,089 to Grass et al. (hereinafter referred to as Grass).  Allowable subject matter is indicated because none of the prior art of record, alone or in combination, appears to teach or fairly suggest or render obvious the combination set forth in independent claims 21, 28, and 35.  For independent claims 21, 28, and 35, the prior art of Kramer, Khaishgi, and Grass specifically do not disclose: transmitting, by the server, a request for security credentials associated with the merchant computing system to each security service provider among a plurality of security service providers; receiving, by the server, a plurality of security credentials from a subset of security service providers among the plurality of security service providers; upon determining, by the server, that at least one set of security credentials among the plurality of security credentials meets a network security threshold; and transmitting, by the server, a renewed request for the set of security credentials from the at least one security service provider among the subset of security service providers to measure against the network security threshold.  Dependent claims 26-27, 29-34, and 36-40 are allowable over the prior art by virtue of their dependency on an allowed claim. 

The following is an examiner’s statement of reasons for indicating Patent-eligible subject matter in view of 35 USC § 101:
The steps in independent claim 21 of: “receiving, by a server, a request from a merchant computing system for a security verifier to be displayed on an electronic display of the merchant computing system; transmitting, by the server, a request for security credentials associated with the merchant computing system to each security service provider among a plurality of security service providers; receiving, by the server, a plurality of security credentials from a subset of security service providers among the plurality of security service providers; upon determining, by the server, that at least one set of security credentials among the plurality of security credentials meets a network security threshold, generating and transmitting a uniform resource locator ("URL") to the merchant computing system; transmitting, by the server, a renewed request for the set of security credentials from the at least one security service provider among the subset of security service providers to measure against the network security threshold; receiving, in response to the renewed request, the set of security credentials from the at least one security service provider among the subset of security service providers; determining, by the server, whether the set of security credentials meets the network security threshold; and proceeding, by the server and based on the set of security credentials not meeting the network security threshold, to i) revoke access to the generated URL and ii) deny display of the security verifier on the electronic display of the merchant computing system.” are limitations, which when considered as an ordered combination, are indicative of integration into a practical application.  Similar reasoning and rationale apply to the other independent claims 28 and 35.  
For these reasons, independent claims 21, 28, and 35 are deemed patent eligible under 35 USC 101.  Dependent claims 26-27, 29-34, and 36-40 are deemed patent eligible by virtue of dependency on an allowed claim. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Paul Schwarzenberg whose telephone number is (313) 446-6611.  The examiner can normally be reached on Monday-Thursday (7:30-6:30).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ryan Donlon, can be reached on (571) 270-3602.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/PAUL S SCHWARZENBERG/Primary Examiner, Art Unit 3695                                                                                                                                                                                             
12/02/2022