DETAILED ACTION
1.	This action is responsive to the communications filed on 06/22/2022.
2.	Claims 1, 2, 5, 6, 8-14, 16, 17, 19-25 are pending in this application.
3.	Claims 1, 5, 9-13, 16 have been amended.
4.	Claims 3, 4, 7, 15, 18 have been previously cancelled.
5.	Claims 23-25 are new.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s arguments with respect to claims 1, 2, 5, 6, 8-14, 16, 17, 19-23 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 2, 5, 6, 10, 11, 13, 14, 16, 17, 21, 23-25, are rejected under 35 U.S.C. 103 as being unpatentable over Killoran, Jr. (US 2016/0217454), hereinafter Killoran, in view of Kassemi et al. (US 2015/0052055).
Regarding claim 1, Killoran disclosed:
A method for improving security of a computer system (Paragraph 5, convenience and security) utilizing Simple Mail Transfer Protocol (SMTP) (Paragraph 66, SMTP), the method comprising: 
receiving, by an e-commerce system (Figure 7, e-commerce system 140), a request to access a secure webpage (Paragraph 102, URL checkout page) from a user (Figure 7, customer device 150) via an email, wherein the email is received using SMTP and is generated by the user selecting a mailto link (Paragraphs 66-67 using SMTP, which allows for any computer to send an email claiming to be from any source address. Paragraph 96, the email based e-commerce system allows vendors to send advertising emails or bills with a mailto link associated with a specific product offer or payment amount. The mailto link is selected and a response email is generated. Paragraph 102, a vendor sends emails with tokens generated for processing within the e-commerce system. When generating tokens, a related URL checkout page with a matching offer is generated. A customer activates the mailto link by clicking on the link and send the message to the e-commerce system. Paragraph 104, the customer via customer device 150 responds by activating a mailto link by sending the response to the e-commerce system 140); 
authenticating, by the e-commerce system, a sender of the email (Paragraph 104, the customer responds by activating a mailto link by sending the response to the e-commerce system. If the customer is registered and the incoming email is authenticated, when the token is decoded, the transaction is processed. Paragraph 128, commerce system 140 receives the email and authenticates the customer's email address); 
validating, by the e-commerce system, the user based on an identifier contained in the email (Paragraph 68, utilizing DKIM (DomainKeys Identified Mail) which allows receiving mail exchangers to check that incoming mail from a domain is authorized by that domain’s administrators. A digital signature included with the message is validated by the recipient using the signer’s public key published in the DNS. Paragraph 102, the e-commerce system includes a database of registered customers for payment processing. The e-commerce system identifies (i.e., validates) a customer by their email address (i.e., identifier) and decodes tokens included in the content of an email and processes payments based on the data in the token); and 
on a condition that the sender of the email is authenticated and the identifier is validated: 
causing, by the e-commerce6183079-1Applicant: Swoop IP Holdings LLCApplication No.: Not Yet Known system, a vendor system to grant the user access to the secure webpage of the vendor system by transmitting the identifier to the vendor system (Paragraph 102, a vendor that is associated with the e-commerce system sends emails with tokens generated for processing by the e-commerce system. When generating tokens, a related URL checkout page (i.e., secure webpage) and a matching offer is generated. This allows the vendor system to send emails with payment options, including payments for product offers, donations, services, and gift cards with each offer associated with a token and a URL checkout page. The token is associated to the mailto link. The customer activates the mailto link and sends the message to the e-commerce system. The e-commerce system identifies the email address and decodes the token. Paragraph 148, Figure 9, e-commerce system requests from the vendor further information required to complete the transaction. The vendor looks up information with the email address at step 465 (i.e., identifier transmitted to vendor system)).
While Killoran disclosed an identifier (Paragraph 102, email address), Killoran did not explicitly disclose that the identifier was a unique identifier, wherein the unique identifier is unique to the request. 
However, in an analogous art, Kassemi disclosed validating, by the e-commerce system, the user based on a unique identifier contained in the email, wherein the unique identifier is unique to the request (Paragraph 41, registered customers receive emails with mailto hyperlinks allowing checkout by email. The mailto hyperlinks are associated with products or services offered by the vendor. Once selected, the customer sends a confirmation email that includes an email targeted token. The response email is sent to the vendor, where the email is authenticated and the token decoded. The tokens identify the customer via a customer email address embedded in the token (i.e., unique). The confirmation of the customer is based on a comparison between the email address associated in the reply with an email embedded in the received token (i.e., validating). Paragraphs 54-63, token generator generates tokens for use in e-commerce transactions. Among the tokens is a credit card token, that is a unique identifier that references a specific card associated with the customer and vendor. Paragraph 83, allowing vendors to send advertising emails with mailto hyperlinks associated with a specific product offer. The response email contains the token and is addressed to the e-commerce system. The response confirms the customer’s purchase of the product by parsing the information in the token (i.e., unique to the request). The e-commerce system then processes the payment and notifies the vendor and customer. Paragraph 90, Figure 4 showing the token 407 embedded in the email body).
	One of ordinary skill in the art would have been motivated to combine the teachings of Killoran and Kassemi because the references involve e-commerce systems and as such, are within the same environment.  
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the unique identifier of Kassemi with the teachings of Killoran in order to reduce or eliminate the need for segmentation of lists before sending campaigns (Kassemi, Paragraph 40).
	Regarding claims 13, 23, the claims are substantially similar to claim 1. Claim 13 recites a processor and memory (Killoran, Paragraph 163, processor and memory). Claim 23 recites a non-transitory computer readable storage medium (Paragraph 163, non-transitory computer readable storage medium). Therefore, the claims are rejected under the same rationale.
	Regarding claims 2, 14, 24, the limitations of claims 1, 13, 23, have been addressed. Killoran and Kassemi disclosed:
	wherein the authenticating is performed using at least one of Domain Key Identified Mail (DKIM) authentication (Killoran, Paragraph 64, the validation module 144 serves to authenticate received emails using DKIM and SPF protocols) and Domain-based Message Authentication, Reporting & Conformance (DMARC).
	Regarding claims 5, 16, 25, the limitations of claims 1, 13, 23, have been addressed. Killoran and Kassemi disclosed:
	further comprising: verifying, by the e-commerce system, fidelity of a Domain Name System (DNS) record for the sender of the email (Killoran, Paragraph 68, using DKIM, a digital signature included with the message is validated by the recipient using the signer’s public key published in the DNS); 
wherein the causing is performed on a condition that the sender of the email is authenticated, the unique identifier is validated and the fidelity of the DNS record for the Sender of the email is verified (Killoran, Paragraph 68, utilizing DKIM (DomainKeys Identified Mail) which allows receiving mail exchangers to check that incoming mail from a domain is authorized by that domain’s administrators. A digital signature included with the message is validated by the recipient using the signer’s public key published in the DNS. Paragraph 102, the e-commerce system includes a database of registered customers for payment processing. The e-commerce system identifies (i.e., validates) a customer by their email address (i.e., identifier) and decodes tokens included in the content of an email and processes payments based on the data in the token. Paragraph 104, the customer responds by activating a mailto link by sending the response to the e-commerce system. If the customer is registered and the incoming email is authenticated, when the token is decoded, the transaction is processed).
Regarding claims 6, 17, the limitations of claims 6, 16, have been addressed. Killoran and Kassemi disclosed:
The method according to claim 5, wherein the verifying is performed using Sender Policy Framework (SPF) protocol (Killoran, Paragraph 64, the validation module 144 serves to authenticate received emails using DKIM and SPF protocols).
Regarding claims 10, 21, the limitations of claims 1, 13, have been addressed. Killoran and Kassemi disclosed:
wherein the authenticating is performed by the e-commerce system: determining that a second authentication is required (Killoran, Paragraph 149, additionally, the e-commerce system sends a confirmation email with a mailto link and the amount to be charged (i.e., second authentication));
transmitting a request for the second authentication to the user (Killoran, Paragraph 149, sending a confirmation email with a mailto link to the customer); and 
receiving a response to the request for the second authentication from the6183079-1Applicant: Swoop IP Holdings LLC userApplication No.: Not Yet Knownuseruser (Killoran, Paragraph 149, the customer selects send at step 445 and when the e-commerce system receives the emails, authenticates the email and decodes the token and processes the payment).
Regarding claim 11, the limitations of claim 1 have been addressed. Killoran and Kassemi disclosed:
wherein the vendor system grants access to the secure webpage by sending a second email to the user (Killoran, Paragraph 102, customer activates the mailto link by selecting the link and sends the message to the e-commerce system. The e-commerce system identifies the email address and decodes the token. If the e-commerce system determines that the email address is not registered in the database, the e-commerce system sends an email back to the customer with a URL link that is a checkout (i.e., secure webpage)).

Claims 8, 9, 19, 20, are rejected under 35 U.S.C. 103 as being unpatentable over Killoran, Jr. (US 2016/0217454), hereinafter Killoran, in view of Kassemi et al. (US 2015/0052055) and Lesavich et al. (US 2016/0321654).
Regarding claims 8, 19, the limitations of claims 1, 13, have been addressed. Killoran and Kassemi did not explicitly disclose:
wherein the authenticating is performed by searching a blockchain ledger for the unique identifier.
However, in an analogous art, Lesavich disclosed wherein the authenticating is performed by searching a blockchain ledger for the unique identifier (Paragraph 389, Figure 17, blockchain 230 includes plural blocks and plural transactions. Transaction 238 includes owner-B’s public key for block 232 in blockchain 230, running it through a hash algorithm (e.g., SHA-256) and obtaining owner-A’s digital signature (i.e., unique identifier), owner-B signs the block 232 with its private key and owner-B’s signature is verified on the next block 234).
	One of ordinary skill in the art would have been motivated to combine the teachings of Killoran and Kassemi with Lesavich because the references involve e-commerce systems and as such, are within the same environment.  
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the searching a blockchain ledger of Lesavich with the teachings of Killoran and Kassemi in order to efficiently and quickly use encryption methods (Lesavich, Paragraph 224).
	Regarding claims 9, 20, the limitations of claims 8, 19, have been addressed. Killoran, Kassemi, and Lesavich disclosed:
	wherein the blockchain ledger is updated after the user is authenticated (Lesavich, Paragraph 375, blockchains are a digital ledger that records every transaction that has ever occurred. Whenever a new transaction occurs, a new blockchain is authenticated across the distributed network, and the transaction is included as new block on the chain. Paragraph 395, Figure 18A, at step 250, the cloud application inputs one or more predetermined inputs into the modified Galois field securely stored on the cloud server network device using any encryption method. Steps 244-248 showing that the Galois field is modified (i.e., updated) to include unique field elements).
	For motivation, please refer to claim 8.

Claims 12, 22, are rejected under 35 U.S.C. 103 as being unpatentable over Killoran, Jr. (US 2016/0217454), hereinafter Killoran, in view of Kassemi et al. (US 2015/0052055) and Morozov (US 2015/0058203).       
Regarding claims 12, 22, the limitations of claims 1, 13, have been addressed. Killoran and Kassemi did not explicitly disclose:
wherein the vendor system allows the user to access the secure webpage by establishing a secure channel between a device of the user and the vendor system utilizing WebSockets.
However, in an analogous art, Morozov disclosed:
wherein the vendor system allows the user to access the secure webpage by establishing a secure channel between a device of the user and the vendor system utilizing WebSockets (Paragraph 12, securely connecting a buyer’s web browser to a payment processing gateway for a buyer to authorize payment processing for online purchases made on a webpage of a merchant. The browser implementing the WebSocket protocol to establish a secure cross-domain connection between the browser and the payment processing gateway. The buyer may place an order and enter payment information on a webpage of the merchant hosted on a merchant server, the webpage supporting the WebSocket protocol).
	One of ordinary skill in the art would have been motivated to combine the teachings of Killoran and Kassemi with Morozov because the references involve e-commerce systems, and as such, are within the same environment.  
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the secure webpage utilizing WebSockets of Morozov with the teachings of Killoran and Kassemi in order to more effectively and efficiently integrate the payment authorization process into a checkout flow (Morozov, Paragraph 4). 

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Steven C Nguyen whose telephone number is (571)270-5663. The examiner can normally be reached M-F 7AM - 3PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Christopher Parry can be reached on 571-272-8328. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/S.C.N/
Examiner, Art Unit 2451                                                                                                                                                                                            
/Chris Parry/Supervisory Patent Examiner, Art Unit 2451