Acknowledgements
This communication is in response to applicant’s response filed on 12/03/2020.
Claims 11-15 and 21-35 are pending. Claims 1-10 and 16-20 have been cancelled. Claims 11, 21, 30-31, and 34-35 have been amended. Claims 21-26 and 28-29, 31, 33, and 35 have been withdrawn. 
Claims 11-15 and 26-27, 30, 32, and 34 have been examined.
Applicant’s amendments to claims 11 and 32 have resulted in new Claim Rejections 112(a) and Claim Rejections 112(b).

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 12/03/2020 has been entered.
 
Response to Arguments
Regarding applicant’s arguments:	
Regarding applicant’s arguments under Claim Rejections - 35 USC § 103 that the combination of Killoran (US 20140025599) in view of Custer (US 20140222624) in further view of Williamson (US 20150066768) does not teach or suggest a method that includes “generating, by the processor of the vendor system, a token for the transaction by sharing the phone number of the user and details of the transaction with an e-commerce system, wherein the token is generated based on the phone number and the details of the transaction” as recited in amended claim 11, examiner respectfully argues applicant’s arguments are moot in light of the new grounds of rejections necessitated by the amendment to claim 11. 
Applicant argues dependent claims 12-15 and 26-27, 30, 32, and 34 are allowable based on their dependence upon allowable base claim 11, and examiner respectfully argues applicant’s arguments are moot in light of the amendments made to claim 11.

Priority
This application claims the benefit of US Provisional Application 62/259,923 filed on 11/25/2015. Applicant’s claim for the benefit of this prior-filed application is acknowledged.

Election/Restrictions
Newly amended claims 21-25, 28-29, 31, 33, and 35 directed to an invention that is independent or distinct from the invention originally claimed for the following reasons: 

Furthermore, serious burden would result if restriction was not required because each invention would require a different field of search due to employing different search queries (Invention I: payment protocols, authorization, e.g. identification of payer or payee, verification of customer or shop credentials; Invention II: different communication protocols). It is noted that serious burden is established when at least one of a separate classification, a separate status in the 
Since applicant has received an action on the merits for the originally presented invention, this invention has been constructively elected by original presentation for prosecution on the merits. Accordingly, claims 21-25, 28-29, 31, 33, and 35 are withdrawn from consideration as being directed to a non-elected invention.  See 37 CFR 1.142(b) and MPEP § 821.03

Claim Rejections - 35 USC § 112(a)
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claim 11 is rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. 

Claims 12-15 and 26-27, 30, 32, and 34 are rejected based on rejected base claim 11.

Claim Rejections - 35 USC § 112(b)
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 11 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for 
The claim limitation “generating, by the processor of the vendor system, a token for the transaction by sharing the phone number of the user and details of the transaction with an e-commerce system, wherein the token is generated based on the phone number and the details of the transaction” contradicts the specification as shown above in the Claim Rejection 112(a) by claiming the vendor system processor generates a token for the transaction. Examiner is interpreting the claim to mean the vendor system shares the phone number and details of the transaction with the e-commerce system, then the e-commerce system, after looking up customer’s account using the phone number, generates a mailto link and token to send to the customer. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 11-12, 15, 27, 30, and 32 are rejected under 35 U.S.C. 103 as being unpatentable over Killoran (US 20140025599) in view of Wardman (US 20150371221) in further view of Custer (US 20140222624).

Regarding Claims 11 and 32, Killoran teaches a method for improving security of a computer network using Simple Mail Transfer Protocol (SMTP) and Short Message Service (SMS) (Paragraph 0036 teaches a method for point-of-event based email e-fundraising and is described in context with the example system architecture of FIG. 1; a user of a mobile device desires to make a donation), the method comprising: receiving, by a processor of a vendor system, a request to perform a transaction from a user (Paragraphs 0042 and 0046 teach the mobile device sends a message to either a point-of-event terminal or a server 18 (i.e., vendor system), with the indicator of the desired donation); obtaining, by the processor of the vendor system, a phone number of the user (Paragraphs 0042 and 0045 teach the mobile device sends the message the server 18 (i.e., the mobile device sending a message to the server enables the vendor system processor to obtaining the phone number of the user); in addition, upon arriving at an event, a person may “register” by providing contact information such as a mobile number); transmitting, by the processor of the vendor system, an SMS message to the phone number of the user via the e-commerce system, wherein the SMS message contains the token and a link that when activated generates an email response that is transmitted to the e-commerce system via SMTP (Paragraphs 0047-0048, 0044, 0050, and receiving, by the processor of the vendor system, a notification from the e-commerce system that indicates that the user is authorized to perform the transaction in response to the transmitting (Paragraphs 0050 and 0092-0093 teach the email response sent to the e-fundraising system, confirms the purchase, therefore the e-fundraising system authorizes the transaction and sends a message to the server 18; wherein the selection of one or more of the buttons by the user causes the customer client device to generate a return email which includes the UUIDs (i.e., tokens) associated with the one or more selected buttons; the return email including the UUID(s) is then transmitted from the customer client device to the system), wherein the e-commerce system determines that the user is authorized by authenticating an email response received via SMTP as being from the user (Paragraphs 0075-0079, 0088, and 0062 teach the security module of the e-fundraising system generates a plurality of UUIDs; the UUIDs are associated with particular authentication information to create an authentication control packet, wherein the UUID is the unique identifier that will be imbedded in a portion of an email, for and permitting, by the processor of the vendor system, the user to perform the transaction in response to receiving the notification from the e-commerce system (Paragraphs 0051-0052 teach the server 18 sends a message to the point-of-event terminal to confirm the transaction; in the event that the point-of-event terminal is utilized to complete the transaction of the event, some type of “completion” action may follow (e.g., a cash register may register payment)), wherein the token is transmitted by the e-commerce system to the phone number via a SMS message (Paragraphs 0048 and 0044 teaches the e-fundraising system sends a donation confirmation message to the mobile device for payment of the desired donation; the body of the email includes a button (i.e. includes the token) for the user to select to confirm the donation; the body may have additional text describing the transaction; although the e-fundraising system may be referred to as “email-based”, that is only one alternative; the message may be a short message service (SMS) message; the e-fundraising system may handle any type of electronic message).
However, Killoran does not explicitly teach generating, by the processor of the vendor system, a token for the transaction by sharing the phone number of the user and details of the transaction with an e-commerce system, wherein the token is generated based on the phone number and the details of the transaction.
Wardman from same or similar field of endeavor teaches generating, by the processor of the vendor system, a token for the transaction by sharing the phone number of the user and details of the transaction with an e-commerce system, wherein the token is generated based on the phone number and the details of the transaction (Paragraphs 0036, 0038, 0041-0042 teach at step 202, the user accesses a merchant website that enables a user to shop and make a purchase; at step 204, the user is ready to make a payment and provides two pieces of information to the merchant during checkout: (1) an account identifier associated with the user and (2) contact information associated with the user, wherein the account ID and/or contact information of the user account may be the phone number; the merchant receives the account information and the contact information and sends them to the service provider server (i.e., e-commerce system) along with the details of the transaction; at step 208, the service provider server locates and accesses the user account using the received information to determine whether there are any restrictions or limitations that would prevent the user from making this purchase; if the payment request can be approved, the service provider server generates an access token for the transaction, wherein the access token may also only be used for one specific transaction between the user and the merchant).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Killoran to incorporate the teachings of Wardman to generate, by the processor of the vendor 
There is motivation to combine Wardman into Killoran because the access token may only be used in transactions between the user and that merchant. Because the access token links the user and a specific merchant by limiting the access token to be only used in a transaction between the user and the specific merchant, man-in-the-middle attacks are further prevented. An attacker in a man-in-the-middle attack may attempt to eavesdrop and intercept electronic communications between the user and the specific merchant, and/or electronic communications between the user and the service provider. However, even if the attacker intercepts the access token from a communication to or from the user, the access token is only valid for the transactions between the user and the specific merchant, and cannot be used for any other transaction. Thus, the attacker cannot use the access token to redirect the user's money into another account (Wardman Paragraph 0043).
However, the combination of Killoran and Wardman wherein the e-commerce system determines that the user is authorized by decoding a token contained in the email response.
Custer from same or similar field of endeavor teaches wherein the e-commerce system determines that the user is authorized by decoding a token contained in the email response (Paragraph 0083 teaches the e-commerce system receives the email, decodes the token, and authenticates the 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Killoran and Wardman to incorporate the teachings of Custer for the e-commerce system to determine that the user is authorized by decoding a token contained in the email response.
There is motivation to combine Custer into the combination of Killoran and Wardman because though two-factor authentication is becoming popular, it still requires the user to submit their credentials and then use a secondary application that they may not have installed to generate a code, or to verify a text message. This is a process that burdens the customer and can potentially lead to a period where a checkout will not be completed due to complications of authentication. Accordingly, improved methods for completing website cart checkouts are desired (Custer Paragraph 0007).
Regarding Claim 32, Killoran teaches a non-transitory computer readable storage medium storing instruction that when executed by the processor of the vendor system, cause the processor to execute the method of claim 11 (Paragraph 0035 teaches server 18 (i.e., vendor system) includes a processor and memory).

Examiner Note: Examiner is interpreting the limitation “transmitting, by the processor of the vendor system, an SMS message to the phone number of the user via the e-commerce system, wherein the SMS message contains the token and a link that when activated generates an email response that is transmitted to the e-commerce system via SMTP,” to mean the e-commerce system, through request of the vendor system, transmits an SMS message that contains the token and link that when activated generated the email response as taught in Paragraph [00129] of the specification.

Regarding Claim 30, the combination of Killoran, Wardman, and Custer teaches all the limitations of claim 11 above; and Killoran further teaches wherein the SMS message includes the token as part of the link (Paragraphs 0046, 0048, 0050, and 0088 teach to obtain payment for the donation, the server 18 requests payment authentication from e-fundraising system; the e-fundraising system may handle any type of aforementioned message such as a short message service (SMS) message; the e-fundraising system sends a donation confirmation message (i.e., SMS message) to the mobile device for payment of the desired donation; after the user of the mobile device executes the button (i.e., link) and selects the reply button, the mobile device sends a response to the e-fundraising system; one or more UUIDs are embedded in an email as one or more buttons).

Regarding Claim 12, the combination of Killoran, Wardman, and Custer teaches all the limitations of claim 30 above; and Killoran further teaches wherein the link is a mailto link or a Uniform Resource Locator (URL) link (Paragraphs 0111 and 0063 teach the email messages generated by the message processing module may include one or more mailto hyperlinks that define the 

Regarding Claim 15, the combination of Killoran, Wardman, and Custer teaches all the limitations of claim 11 above; and Killoran further teaches sending, by the processor of the vendor system, a confirmation that the transaction has been completed to the user (Paragraph 0052 teaches in the event that the point-of-event terminal is utilized to complete the transaction of the event, some type of “completion” action may follow; for example, a printer may print out a receipt confirming the donation, a vending machine may vend a product, a cash register may register payment, or a video screen may acknowledge the donation in front of all of the donors attending the event; accordingly, as described, the email-based e-donation system confirms the payment for the donation (i.e., user is notified)).

Regarding Claim 27, the Killoran, Wardman, and Custer teaches all the limitations of claim 11 above; and Killoran further teaches wherein the transaction is a payment transaction (Paragraph 0052 teaches once that payment is confirmed, the server 18 may confirm the sale on behalf of the non-profit organization and the point-of-event terminal executes the transaction with the user of the mobile device).

Regarding Claim 34, the combination of Killoran, Wardman, and Custer teaches all the limitations of claim 11 above; however the combination does not explicitly teach wherein the SMS message is transmitted to the phone number when the e-commerce system successfully confirms that the phone number is registered to an account of the user.
Wardman further teaches wherein the SMS message is transmitted to the phone number when the e-commerce system successfully confirms that the phone number is registered to an account of the user (Paragraphs 0023, 0042, and 0044 teach the user identifier (i.e., phone number) may be used by the service provider server (i.e., e-commerce system) to associate the user with a particular user account maintained by the service provider server; the service provider server locates and accesses the user account using the received information; the service provider server sends the access token to the contact information of the user if the payment request is approved (e.g., the access token is sent, for example, in a phone number in a text)).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the  the SMS message to be transmitted to the phone number when the e-commerce system successfully confirms that the phone number is registered to an account of the user.
There is motivation to further combine Wardman into the combination of Killoran, Wardman, and Custer for the same reasons listed above for claim 11.

Claims 13 is rejected under 35 U.S.C. 103 as being unpatentable over Killoran (US 20140025599) in view of Wardman (US 20150371221) in further view of Custer (US 20140222624) in further view of McIntosh (US 20140143337).

Regarding Claim 13, the combination of Killoran, Wardman, and Custer teaches all the limitations of claim 30 above; however the combination does not explicitly teach wherein the link is short Uniform Resource Locator (URL) link.
McIntosh from same or similar field of endeavor teaches wherein the link is short Uniform Resource Locator (URL) link (Paragraph 0049 teaches the method includes the user visiting the individualized shortened URL included within a communication; a user may visit an individualized shortened URL included within a communication through multiple ways, such as, for example, selecting a link within an SMS or MMS message on a cell phone).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the 
There is motivation to combine McIntosh into the combination of Killoran, Wardman, and Custer because the base invention is improved because a way to track the usage of the shortened URL with subsequent Internet activity is provided that does not rely on locally stored tracking objects (McIntosh Paragraph 0006). A list of recipients is obtained for individualized shortened URL generation. In such an embodiment, the list defines the number of individualized shortened URLs that should be generated, and the recipients of each of the individualized shortened URL. In at least one embodiment of the present disclosure, the list of recipients is obtained from a database of information which stores customer and/or potential customer information. In such an embodiment, the database may include certain demographic information about such customers and/or potential customers. In such an embodiment, the database may include previously obtained tracking information associated with each customer and/or potential customer, such as, for example, individualized shortened URLs that the customer and/or potential customer visited, the number of times the customer and/or potential customer read, opened, or viewed a communication sent by the enterprise or through a marketing campaign (McIntosh Paragraph 0016).

Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Killoran (US 20140025599) in view of Wardman (US 20150371221) in further view of Custer (US 20140222624) in further view of Cadden (US 20130191892).

Regarding Claim 14, the combination of Killoran, Wardman, and Custer teaches all the limitations of claim 11 above; however the combination does not explicitly teach wherein if the authenticating of the email response is performed using at least one DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) protocols.
Cadden from same or similar field of endeavor teaches wherein if the authenticating of the email response is performed using at least one DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) protocols (Paragraphs 0038-0039 and 0045 teach test are performed for multiple security protocols, wherein the test may enable advanced SMTP email security mechanisms such as SPF or DKIM to check a sender email address of the email against a list of known valid email addresses).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Killoran, Wardman, and Custer to incorporate the teachings of Cadden for performing the response email authentication using at least one of DKIM and SPF protocols.
There is motivation to combine Cadden into the combination of Killoran, Wardman, and Custer because the validation ensures that mail only be received from a specified set of addresses and that the sender is authentic (Cadden Paragraph 0054).

Claim 26 is rejected under 35 U.S.C. 103 as being unpatentable over Killoran (US 20140025599) in view of Wardman (US 20150371221) in further view of Custer (US 20140222624) in further view of Shi (US 20130167208).

Regarding Claim 26, the combination of Killoran, Wardman, and Custer teaches all the limitations of claim 11 above; however the combination does not explicitly teach wherein the transaction is a secure login transaction that grants the user access to a secure webpage.
Shi from the same or similar field of endeavor teaches wherein the transaction is a secure login transaction that grants the user access to a secure webpage (Paragraph 0024 teaches after user is authenticated, website server may grant user access to the website and may present a login confirmation screen on mobile device).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Killoran, Wardman, and Custer to incorporate the teachings of Shi for the transaction to be a secure login transaction that grants the user access to a secure webpage.
There is motivation to combine Shi into the combination of Killoran, Wardman, and Custer because the method provides for efficiently and securely using capabilities of mobile devices to facilitate user logins to webpages (Shi Paragraph 0002). The server authenticates the user and enables the user to login to the website without having to manually enter login credentials (Shi Paragraph 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to COURTNEY JONES whose telephone number is (469)295-9137.  The examiner can normally be reached on 7:30 am - 5:00 pm CST (M-F).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached at (571) 270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to 



/C.P.J./Examiner, Art Unit 3685          
                                                                                                                                                                                      /JAY HUANG/Primary Examiner, Art Unit 3685