DETAILED ACTION
Acknowledgements
This communication is in response to applicant’s response filed on 11/10/2020. 
Claims 3, 8, 11-15, and 18 are cancelled. Claims 1, 6, and 16 have been amended. 
Claims 1-2, 4-7, 9-10, 16-17, and 19-20 are pending and have been examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Regarding applicant’s arguments: 
Regarding applicant’s argument under Claim Rejections - 35 USC § 103 that the combination Fried (US 20130179156) in view of Heimbach (US 20140067619) in further view of Kaplan (US 20110040974) in further view of Killoran (US 20120253896) in further view of Schleicher (US 20060106738) does not teach or suggest a method that includes “identifying ... an email address of the particular user based on the decoded token and processing ... the e-commerce transaction when the email address of the sender matches the email address of the particular user identified when the validation of the email address of the sender is successful” as cited in amended claim 1, examiner respectfully agrees that . Applicant makes similar arguments for claims 6 and 16, examiner respectfully argues applicant’s arguments are moot for the same reasons listed above 
Applicant argues dependent claims 2, 4-5, 7, 9-10, 17, and 19-20 are patentable because of their dependency on independent claims 1, 6, and 16. Examiner respectfully argues applicant’s arguments are moot in light of the new grounds of rejection to claims 1, 6, and 16.

WO 2015/105688 PCT/US2014/072279Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4-7, 9-10, 16-17, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Fried (US 20130179156) in view of Heimbach (US 20140067619) in further view of Dorsey (US 20140279436) in further view of Bohannon (US 20090228340).

Regarding Claims 1, 6, and 16, Fried teaches a method for improving security of an e-commerce transaction (Paragraph 0008 teaches a QR data proxy and protocol gateway has input ports to receive QR scans and user data and output ports to facilitate highly personalized and preference-based transactions on behalf of the consumer), the method comprising: generating, by a processor, a Quick Response (QR) code that includes a token, wherein the token is associated with a particular user for the e-commerce transaction (Paragraphs 0011 and 0028-0029 teach a QR data proxy can dynamically generate QR codes by injecting consumer-specific data (e.g., consumer preference and privacy information associated with pre-stored templates) into the QR code); transmitting, by the processor, the QR code to the particular user (Paragraphs 0023-0024, 0046-0047, and 0053 teach the gateway can connect to a QR-equipped device also connected to the QR data proxy (i.e., email proxy) over the internet, and the gateway fetches both the QR code data, consumer preference, and routing information from the application running on the QR-equipped device and determines which type of communication the QR code and personal preference data will be converted to downstream and then pushes the preferred communication).
However, Fried does not explicitly teach a method for improving security of an e-commerce transaction using Simple Mail Transfer Protocol (SMTP), the method comprising: receiving, by the processor, an SMTP response email that includes the token from an email address of a sender via SMTP, wherein the SMTP response email is generated in response to activation of the QR code transmitted to the particular user.
Heimbach from same or similar field of endeavor teaches a method for improving security of an e-commerce transaction using Simple Mail Transfer Protocol (SMTP), the method comprising: receiving, by the processor, an SMTP response email that includes the token from an email address of a sender via SMTP, wherein the SMTP response email is generated in response to activation of the QR code transmitted to the particular user (Paragraphs 0033, 0023-0024, and 0030 teach the invention is not limited to usage of a printed product catalog and can be applied in a corresponding manner with an electronic product catalog that can be displayed on a computer video screen for example; here as well it is possible to display a user-specific user code 4 in such a manner that it can be read out together with the product code 3 by a suitable reading device; product codes 3 are presented in the product catalog and assigned to the respective product can be constructed as a QR code; information about the assigned product (product information) is contained in encoded form in the machine-readable product code 3; an identification means in the form of a machine-readable user code 4 is also arranged in the product catalog; the machine-readable user code 4 is preferably likewise implemented as a QR code; according to the invention, the machine-readable user code 4 is arranged in or on the product catalog in such a manner that it can be read out together with at least one product code 3 by means of a suitable reading device; the computer program running in a smart phone on a processor can decode a machine-readable code and/or recognizes the read-out data of the product code 3 for the selected product 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Fried to incorporate the teachings of Heimbach to receive, by the processor, an SMTP response email that includes the token from an email address of a sender, wherein the SMTP response email is generated in response to activation of the QR code transmitted to the particular user.
There is motivation to combine Heimbach into Fried because a user can order the products illustrated in the product catalog in the simplest manner, which saves times and has low susceptibility to error (Heimbach Paragraph 0005). The product catalog according to an embodiment of the invention allows an efficient and simultaneous acquisition of the data regarding the products being ordered (product information) and the user (user information) placing the order (Heimbach Paragraph 0007). 
However, the combination of Fried and Heimbach does not explicitly teach performing, by the processor, a validation of the email address of the sender using at least one of Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) validation; and on a condition that the validation of the email address of the sender is successful: identify, by the processor, the token.
Dorsey from same or similar field of endeavor teaches performing, by the processor, a validation of the email address of the sender using at least one of Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) validation (Paragraph 0034 teaches the system can authenticate received emails for integrity (e.g., the system can use domain keys to verify message integrity and a domain of an email sender, in addition to, prevent email spoofing and verify sender Internet Protocol (IP) addresses using sender policy framework (SPF)); the system identifies the sender email address, a service email address, and each recipient email address from the email message); and on a condition that the validation of the email address of the sender is successful: identify, by the processor, the token (Paragraph 0053 teaches the system can receive, through the resource, an indication to redeem the payment amount; that is, the recipient can follow a link, using a recipient device, in the resource to redeem the payment amount; the link, which is customized to the recipient, can be encoded with an identifier (i.e., token) that refers to the sender email address).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Fried and Heimbach to incorporate the teachings of Dorsey to perform a validation of the email address of the sender using at least one of Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) validation; and on a condition that the validation of the email address of the sender is successful: identify, by the processor, the token.

	However, the combination of Fried, Heimbach, and Dorsey does not explicitly teach decoding, by the processor, the token to generate a decoded token; identifying, by the processor, an email address of the particular user based on the decoded token; and processing, by the processor, the e-commerce transaction when the email address of the sender matches the email address of is the particular user identified.
	Bohannon from same or similar field of endeavor teaches decoding, by the processor, the token to generate a decoded token (Paragraphs 0060-0064 teach the user's registration information (i.e., email address) may be saved to a member silo; a user may receive and select hyperlinks associated with a proprietor's campaign in an e-mail message generated by an e-mail engine running as a system application program on the replication server that may contain an encrypted unique user identification “cookie” that may be used to associate the user with the registration information stored on the administrative silo; a validation process may be performed by a validation engine running as a system application program on the application server, wherein a crypto engine running as a system application program on the application server may decrypt (i.e., decode) the information (i.e., unique user identification)), identifying, by the processor, an email address of the particular user based on the decoded token (Paragraphs 0055-0056, 0064, and 0083-0084 teach the administrative silo may be used to manage system information, campaign information, or any other information not related to the user profiles, and may also include a lookup table that may direct any data queries to the correct member silo; the member silo may hold the system member information (i.e., comprises user’s email address); the administrative silo and the application server may validate the user's registration with the award program by comparing the user's cookie file with the registration information stored on the administrative silo), and processing, by the processor, the e-commerce transaction when the email address of the sender matches the email address of is the particular user identified (Paragraphs 0065-0066 teach the validation engine may determine if the user has previously completed the campaign task; if the user is validly registered and has not yet performed the present campaign task, a transaction engine running as a system application program on the application server may award a predetermined number of points to the user's account saved on the member's home silo by associating the campaign task, cell identification, and point quantity with the unique user identification).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the base invention in the combination of Fried, Heimbach, and Dorsey, which teaches identifying a token after SPF or DKIM validation is successfully performed, to incorporate the teachings of Bohannon to decode the token to generate a decoded token; identify an email address of the particular user based on the decoded token; 
	There is motivation to combine Bohannon into the combination of Fried, Heimbach, and Dorsey because by using the encrypted information, the user may not need to login to the system to complete a transaction. A user may only need to explicitly login to the system when the user visits the central website without going through a hyperlink containing the encrypted identification information and the user's browser does not contain an identifying cookie, or, when the user may perform a “sensitive” action associated with a user's private information or a transaction that may decrease the user's accumulated points (Bohannon Paragraph 0079). 
Regarding Claim 6, Fried teaches a system that improves security of an e-commerce transaction (Paragraph 0008 teaches a QR data proxy and protocol gateway has input ports to receive QR scans and user data and output ports to facilitate highly personalized and preference-based transactions on behalf of the consumer), the system comprising: a communication interface that is communicatively coupled to a user device via a network (Paragraph 0024 teaches QR data proxy and gateway are connected to a QR-equipped device (i.e., user device) over communication channels (i.e., internet, IP, or cellular-based)); a memory (Paragraphs 0033 and 0048 teach the QR database stores a variety of information relating to routing and destination data, consumer preference, privacy and other attributes stored in templates, and other data that aid in the processing and disposition of QR data and consumer preference data; templates are stored in the QR database that define pre-determined routines for processing consumer-and a processor  communicatively coupled to the communication interface and the memory (Paragraphs 0024 and 0048 teach the gateway (i.e., processor) can process a plurality of QR codes and queries the pre-defined QR code and consumer preference templates loaded in the memory).
Regarding Claim 16, Fried teaches a non-transitory computer readable storage medium that stores instructions for utilizing Simple Mail Transfer Protocol (SMTP) to improve security of an e-commerce transaction, the instructions, when executed by a processor, cause the processor to execute a method (Paragraphs 0023, 0033, and 0048 teach the gateway is comprised of a QR database, and the QR database stores a variety of information relating to text or speech conversion protocols, social attribute tag data, routing and destination data, timing threshold information, consumer preference, privacy and other attributes stored in templates, and other data that aid in the processing and disposition of QR data and consumer preference data; templates are stored in the QR database that define pre-determined routines for processing consumer-specific media streams; the gateway stores the QR code data by accessing the QR proxy database, the gateway further queries the pre-defined QR code and consumer preference template and loads that data into memory; then, the application server matches the stored template data with the attributes of the QR code data).
	
Regarding Claims 2, 7, and 17, the combination of Fried, Heimbach, Dorsey, and Bohannon teaches all the limitations of claims 1, 6, and 16 above; and wherein the QR code includes an embedded mail-to link that generates the SMTP response email (Paragraph 0023 and 0034 teach assuming the routing and destination data in a stored template in the QR database calls for the QR code data to be converted into an email, the text conversion processor and media server will parse the data, create a MIME (Multipurpose Internet Mail Extensions) header, and embed all of the requisite addressing information into the item).

Regarding Claims 4, 9, and 19, the combination of Fried, Heimbach, Dorsey, and Bohannon teaches all the limitations of claims 1, 6, and 16; and Fried further teaches generating, by the processor, a request for billing details (Paragraphs 0023, 0027 and 0032 teach the application server is connected to the service creation and administration interface over a communications channel, which is used to set up scripts and templates to facilitate preference-based transactions on behalf of the consumer to process customer-service related information); transmitting, by the processor, the request for billing details (Paragraphs 0023, 0043, and 0045 teach a QR code, consumer preference data, and other relevant information may be inserted into the body of an email transmitted from the outgoing data access point); and receiving, by the receiver, the billing details (Paragraphs 0034 and 0046 teach QR gateway fetches both the incoming QR code data and consumer information (i.e., billing details) from the application running on the QR code equipped device).

Regarding Claims 5, 10, and 20, the combination of Fried, Heimbach, Dorsey, and Bohannon teaches all the limitations of Claims 4, 9, and 19 above; and Fried further teaches wherein the billing details provide information for completing the e-commerce transaction (Paragraphs 0023 and 0029 teach the gateway has input ports to facilitate highly personalized and preference-based transactions by receiving attributes that may be useful in processing (i.e., completing the transaction) customer service-specific data).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to COURTNEY JONES whose telephone number is (469)295-9137.  The examiner can normally be reached on 7:30 am - 5:00 pm CST (M-F).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached at (571) 270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/C.P.J./Examiner, Art Unit 3685   

/JAY HUANG/Primary Examiner, Art Unit 3685