Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions.

Status of the Application
This Office action is in response to a Request for Reconsideration after Non-Final Rejection filed on 08 December 2020.  Claims 1, 5, 8, 9, 12, 15, and 19 are amended and claims 6 and 13 are cancelled. Claims 1-5, 7-12 and 14-20 are therefore pending and currently under consideration for patentability.

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 1-2, 4-5, 8-9, 11-12, 15-16, and 18-19 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Fortenberry et al. U.S. Patent 6,101,485 (hereinafter Fortenberry) in view of Yang et al. U.S. Patent Application Publication 2006/0085504 A1 (hereinafter Yang) and further in view of Schiavone et al. U.S. Patent Application Publication 2002/0120581 A1 (hereinafter Schiavone).

Regarding claims 1, 8, and 15, Fortenberry teaches a method (col.2:22-30), an e-commerce system (col.6:13-17); and a non-transitory computer-readable storage medium having processor-executable instructions stored thereon which, that when executed by a processor of an e-commerce system, cause the processor to perform a method that improves security of an e-commerce transaction by using Simple Mail Transfer Protocol (SMTP), the method comprising (col.6:13-17):
associating, by a processor of an e-commerce system, a Universal Unique Identifier (UUID) with a mailto hyperlink, wherein the mailto hyperlink when activated generates an order email message that is addressed to an email address of the e-commerce system; (col. 2:24-32, the shopper activatable link back to the e-commerce site transmits a second e-mail message including the shopper's choice to purchase the at least one product.)
storing, by the processor, information in a database, wherein the information includes an identifier of a customer, and an email address of the customer (col.4:14-19, shoppers submit registration data to be stored by the system in order to receive the e-flyers. The system has the e-mail addresses in order to send the e-flyers to the shoppers. The shoppers also have a user id that can be used to log in to an e-commerce site.); 
transmitting, by the processor, an advertising email message to the email address of the customer via SMTP (col.4:38-41, e-mail provides a common mechanism for e-flyer distribution via mail serves such as SMTP, POP3 and the like), wherein the advertising email message includes the mailto hyperlink (col. 2:24-29, the first e-mail message includes a shopper activatable link that transmits a second e-mail message);
receiving, by the processor, the order email message via SMTP in response to activation of the mailto hyperlink, (col. 4:39-41. SMTP is a common protocol for distributing e-mail messages. Col.5:60-65, a GUI is advantageously provided with an activatable icon for initiating a data transmission back to the e-commerce site, for example a second e-mail message, including information representing purchase data entered by the shopper.), wherein the order email message is received form the email address of the customer (col.5:15-20, the e-flyer is created based on information stored in the shopper database. The recipient customer is identified so that credit and delivery confirmation is already available and need not be provided. Col.5:53-57, the recipient of the e-flyer is identified, and can order products without logging in to an e-commerce site.), and includes the UUID.
Fortenberry does not explicitly teach 
associating, by a processor of an e-commerce system, a Universal Unique Identifier (UUID) with a mailto hyperlink 
wherein the order email message includes the UUID; and
authenticating, by the processor, the order email message based on the UUID and the information stored in the database
However, Yang teaches 
associating, by a processor of an e-commerce system, a Universal Unique Identifier (UUID) with a mailto hyperlink (para. 0090, the email classification server returns a status code to the email sender classification client including a universal unique identifier (UUID). The email classification server creates an email data object and stores it in a table using UUID as the search key. Para. 0097, the email recipient classification client extracts the UUID from the email message. It authenticates itself with the email classification server using a user name and a password and sends UUID to the email classification server. The user name and the password are specific to the recipient on the email classification server. This step is called classification request)
wherein the order email message includes the UUID (Para. 0097, the email recipient classification client extracts the UUID from the email message.); and
authenticating, by the processor, the order email message based on the UUID and the information stored in the database (Para. 0098, in the classification response step the email classification server finds the stored email data object (33) associated with the UUID. It matches “FROM” and “TO” fields and the signature value if applicable. If they match, the email classification server sends the classification code to the email recipient classification client. Para. 0105, the email classification server verifies the user name and the password. These user name and password are not the same as the sender's email STMP/POP3 user name and password. The sender's email address may be used as the sender's user name on the email classification server. If the sender is authenticated by the user name and the password, the email classification server creates a universal unique identification number (UUID) and an email data object.)
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention to modify the teachings of Fortenberry to include associating, by a processor of an e-commerce system, a Universal Unique Identifier (UUID) with a mailto hyperlink; wherein the order email message includes the UUID; and authenticating, by the processor, the order email message based on the UUID and the information stored in the database, as taught by Yang, in order for the e-flyer to contain control features such as a customer service link, that link the shopper directly to the e-commerce site  (Fortenberry, col.3:49-54).

Fortenberry also does not explicitly teach on a condition that the order email message is authenticated, performing, by the processor, an order execution procedure that places an order for a product identified in the advertising email message based on the order email message.
However, Schiavone teaches on a condition that the order email message is authenticated, performing, by the processor, an order execution procedure that places an order for a product identified in the advertising email message based on the order email message (para. 0019, as an anti-fraud measure the recipient may be required to attach a digital signature. Para. 0021, a rule requires certain data for completing the transaction. For example, for a sales transaction, a digital Signature verifying the identity of the recipient, the recipient's name, shipping address and credit card number may be required by the rule.).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention to modify the teachings of Fortenberry to include on a condition that the order email message is authenticated, performing, by the processor, an order execution procedure that places an order for a product identified in the advertising email message based on the order email message, as taught by Schiavone, in order for the transaction to be completed without the credit and delivery information needing to be provided (Fortenberry, col.5:17-20) .

Regarding claims 2, 9, and 16, the combination of Fortenberry, Yang, and Schiavone teaches all of the limitations of claims 1, 8, and 15 above; Fortenberry does not explicitly teach wherein the order execution procedure includes: transmitting, by the processor, one or more messages to a payment processing system.
However, Schiavone teaches wherein the order execution procedure includes: transmitting, by the processor, one or more messages to a payment processing system (para. 0021, address and credit card number may be required by the rule for payments, and the system may send messages to an intermediary system).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention to modify the combination of Fortenberry, Yang, and Schiavone to include wherein the order execution procedure includes: transmitting, by the processor, one or more messages to a payment processing system, as taught by Schiavone, in order for the shopper to perform a transaction with the e-flyer (Fortenberry, col.4:60-61).
Regarding claims 4, 11, and 18, the combination of Fortenberry, Yang, and Schiavone teaches all of the limitations of claims 1, 8, and 15 above, Fortenberry further teaches wherein the order execution procedure includes: transmitting, by the processor, one or more messages to an order fulfillment system. (col. 5:20-22, the order is automatically transmitted back to the e-commerce site for accounting and fulfillment of the order.)
Regarding claims 5, 12, and 19, the combination of Fortenberry, Yang, and Schiavone teaches all of the limitations of claims 1, 8, and 15 above; Fortenberry does not explicitly teach further comprising: on a condition that the sender is not authenticated as the customer, performing an order confirmation procedure.
However, Schiavone teaches further comprising: on a condition that the sender is not authenticated as the customer, performing an order confirmation procedure (para. 0019, an identity verification or anti-fraud measure may be required in order for the transaction to be completed). 
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention to modify the combination of Fortenberry, Yang, and Schiavone to include further comprising: on a condition that the sender is not authenticated as the customer, performing an order confirmation procedure, as taught by Schiavone, in order for the shopper to perform a transaction with the e-flyer (Fortenberry, col.4:60-61).

Claims 3, 10, and 17 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Fortenberry in view of Yang in view of Schiavone and further in view of O'Leary et al. U.S. Patent Application Publication 2002/0120581 A1 (hereinafter O'Leary).
Regarding claims 3, 10, and 17, the combination of Fortenberry, Yang, and Schiavone teaches all of the limitations of claims 2, 9, and 16 above; Fortenberry does not explicitly teach further comprising: storing, by the processor, credit card information of the customer in the database: wherein the one or more messages include the credit card information of the customer, and wherein the payment processing system is a payment gateway that is operated by an acquiring financial institution.
However, Schiavone teaches further comprising: storing, by the processor, credit card information of the customer in the database: wherein the one or more messages include the credit card information of the customer. (Para. 0021, the rule may be used by an intermediary's or the sender's communications device to identify at least some of the required data. Para. 0025, the recipient profile data store may store the recipient's name, address, telephone number, primary bank account number, the primary bank’s ABA routing number for electronic funds transfers, credit card number, etc. It should be appreciated that such information could be used for a wide variety of transactions with a diverse parties-vendors, service providers, direct marketers, etc.)
O'Leary also teaches wherein the payment processing system is a payment gateway that is operated by an acquiring financial institution (para. 0016, FIG. 1 depicts the conventional debit/credit transaction model. The retailer uses the information from the consumer and submits the proposed transaction to its bank or merchant acquirer via the Electronic Funds Transfer (EFT) system for approval. The merchant's bank then contacts the issuer bank which issued the debit/credit card to the consumer. The issuer either approves or rejects the proposed transaction, and this approval or denial is transmitted from the issuer bank back to the merchant bank which then informs the web retailer of the approval or denial. If the charge to the debit/credit card was approved, the transaction is completed by the web retailer.)
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention to modify the combination of Fortenberry and Schiavone to include further comprising: storing, by the processor, credit card information of the customer in the database: wherein the one or more messages include the credit card information of the customer, and wherein the payment processing system is a payment gateway that is operated by an acquiring financial institution, as taught by Schiavone and O'Leary, in order for the shopper to perform a transaction with the e-flyer (Fortenberry, col.4:60-61) .

Allowable Subject Matter
Claims 7, 14, and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.  As allowable subject matter has been indicated, applicant's reply must either comply with all formal requirements or specifically traverse each requirement not complied with.  See 37 CFR 1.111(b) and MPEP § 707.07(a).

Response to Arguments
Applicant’s arguments, see pages 14-18, filed 08 December 2020, with respect to the rejection(s) of claim(s) 1-5, 7-12, and 14-20 under U.S.C. § 103(a) have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Fortenberry, in view of Yang, and further in view of Schiavone. Applicant’s specification, para. 0042, teaches that the security module 109 generates a plurality of Universal Unique Identifiers (UUIDs), and that a UUID is an identifier standard used in software construction. The use of an identifying standard to authenticate an email is taught by the Yang reference, in which an email classification server authenticates emails sent by a sender and received by a recipient.




Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ROBERT C JOHNSON whose telephone number is (571)272-6450.  The examiner can normally be reached on Monday - Friday; 9am - 6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Waseem Ashraf can be reached on (571) 270-3948.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/ROBERT C JOHNSON/Examiner, Art Unit 3682                                                                                                                                                                                                        
/DAVID J STOLTENBERG/Primary Examiner, Art Unit 3682