Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-9 and 11-19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
With regard to claim 1, the instant claim recites “certificate of the device application,” where it is unclear if this is a new certificate generated based on the device application (which should have been recited as “a certificate of the device application,” or of this is the certificate of the private key which is associated with the device application via the recitation of “storing the fingerprint and the fingerprint generation algorithm and associating the fingerprint with the device application,” where the latter is assumed for purposes of prosecution.  Applicant should amend the instant claim to clearly reflect what the certificate of the device application is, where if the latter is intended, as is assumed, the instant claim should be clearly amended to associate the certificate with the device application, and to have the DTLS used to provide the certificate [now] associated with the device application.
Further, with regard to claim 1, the claim recites “using Datagram Transport Layer Security (DTLS) providing the certificate of the device application, in combination with the stored fingerprint to identify the device application to the web service to bind the device application to the web service.”  First, it is unclear if the identifying and binding actually occurs, where since this is recited in both the preamble and as part of this step, it is assumed that such identifying and binding is performed.  Second, it is unclear if the providing is providing both the certificate of the application and the stored fingerprint, or if the providing is providing the certificate of the application, where in combination with the stored fingerprint, the identifying and binding are performed (the former is assumed for prosecution).  Finally, it is unclear how the DTLS is used to provide such information, or to whom such information is provided.
Claims 2-3, which depend from claim 1, do not remedy the deficiencies of claim 1, and are thus rejected for the same.
With regard to claim 4, the instant claim provides a method to bind the device application to a web service, but never recites how or when this function is performed.  It is assumed that such binding still occurs, but the claim steps should be amended to reflect how/when such binding is performed (such as by providing a corrected form of the providing step in the instant claim.
With regard to claims 5-9, which depend from claim 4, do not remedy the deficiencies of claim 4, and are thus rejected for the same.
With regard to claims 11-19, the instant claims are similar to claims 1-9, and are rejected for the same.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 11-19 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the instant claims are directed towards software per se (server of claim 11 and device application of claim 14), where software is held to be non-statutory.  The instant claims should be amended to clearly be directed towards statutory subject matter, such as a device including a processor and memory that implements the claimed server and device application.

Allowable Subject Matter
If claims 1-9 and 11-19 were amended to overcome the above rejections (while maintaining the assumed scope of the instant claims), the instant claims would be found to be allowable.  The following is a statement of reasons for the indication of allowable subject matter:  
With regard to claim 1, refa discloses a method for a server to bind a device application to a web service, wherein Web Real Time Control (WebRTC) functionality is provided to the server (refa: Figure 1.  As a note, lacking specific detail of what constitutes “to bind,” this language appears to provide for a session persistence, similar to how a cookie provides information between sessions (Specification: Pages 1-2.  It appears that the disclosed invention is providing a way to provide cookie like persistence without using cookies.).), the method comprises: 
receiving a request for the web service from the device application, wherein communication between the server and the device application is done via https and WebRTC (refa: Figure 4 and Paragraph [0034]); 
receiving identifying information and associating the identifying information with the application (refa: Figure 4 and Paragraph [0034].  In the case of refa, the identifying information is a cookie, as opposed to the fingerprint of the instant claim.); and

refa fails to disclose: 
that the identifying information is a fingerprint;
the device application has generated WebRTC credentials comprising a private key, certificate of the private key and a fingerprint of the certificate; 
receiving the fingerprint and fingerprint generation algorithm of the certificate; 
storing the fingerprint and fingerprint generation algorithm and associating the fingerprint with the device application; and 
using Datagram Transport Layer Security, DTLS, (DTLS) providing the certificate of the device application, in combination with the stored fingerprint to identify…
that the service is a web service.
E. Rescorla in WebRTC Security Architecture, published June 8, 2016 teaches the binding of information to an identity using a fingerprint (Rescorla: Page 9), where the characteristics can include the cryptographic algorithm (Rescorla: Pages 17-18).  Rescorla fails to teach at least that the request (singular request) includes the WebRTC credentials including a private key, certificate of the private key, and a fingerprint of the certificate.
“Online Tracking”, posted at http://consumer.ftc.gov/articles/0042-online-tracking teaches the use of fingerprints to identify devices instead of cookies (Online Tracking: Page 2).  However, such fingerprinting is a device/browser fingerprint, as opposed to a fingerprint of a certificate.  Further, Online Tracking fails to provide for the use of a fingerprint of the private key (where, as best understood, the “certificate of the device application” would be the “certificate of the private key,” 
Further, reference is made to the ISA Written Opinion, as submitted on 3/27/2019, which, in combination with the above, demonstrates that the prior art of record, in view of the instant claim, as a whole, fails to fairly teach or suggest the specific providing, in a request, the private key, certificate of the private key, and a fingerprint of the certificate, then using the combination of the certificate of the private key (which was associated with the application, and thus would be the claimed certificate of the application) and the stored fingerprint to identify the device application to bind the device application to the web service.  Claims 4, 11, and 14, which include similar subject matter is found to include allowable subject matter for the same reasons.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SCOTT B CHRISTENSEN whose telephone number is (571)270-1144.  The examiner can normally be reached on Monday through Friday, 6AM to 2PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Follansbee can be reached on (571) 272-3964.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


SCOTT B. CHRISTENSEN
Examiner
Art Unit 2444



/SCOTT B CHRISTENSEN/Primary Examiner, Art Unit 2444