EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Brian Rosenbloom on 1/26/2021.

The application has been amended as follows: 

1. (Previously Presented) A method performed by a server, the method comprising:
receiving a request for a web service transmitted by a device application, wherein communication between the server and the device application is done via https and Web Real Time Control (WebRTC), and the device application has generated WebRTC credentials comprising a first private key, a first certificate, and a fingerprint of the first certificate, wherein the first certificate is paired with the first private key and the device application used a first fingerprint generation algorithm to generate the fingerprint of the first certificate;
receiving the fingerprint of the first certificate and a first fingerprint generation algorithm identifier identifying the first fingerprint generation algorithm that was used by the device application to generate the fingerprint of the first certificate;
storing the fingerprint of the first certificate and the first fingerprint generation algorithm identifier;
associating the fingerprint of the first certificate with the device application;  
receiving the first certificate from the device application; and
using the received certificate and the stored fingerprint of the first certificate  to identify the device application and to bind the device application to the web service.


using the fingerprint generation algorithm identified by the first fingerprint generation algorithm identifier to calculate a fingerprint of the received certificate; and
comparing the calculated fingerprint with the stored fingerprint to verify the identify the device application.

3. (Previously Presented) The method of claim 1, further comprising, when content of the web service is delivered from a secondary server:
requesting the device application to generate new WebRTC credentials comprising a second private key, second certificate, and a fingerprint of the second certificate, wherein the second certificate is paired with the second private key;
requesting the secondary server to generate WebRTC credentials comprising a third private key, third certificate, and a fingerprint of the third certificate, wherein the third certificate is paired with the third private key; 
receiving the fingerprint of the second certificate;
receiving the fingerprint of the third certificate
associating the fingerprint of the second certificate to the device application;
associating the fingerprint of the third certificate to the secondary server;
forwarding the fingerprint of the second certificate to the secondary server;
forwarding the fingerprint of the third certificate to the device application; and 
assisting the secondary server to identify the device application. 

4. (Currently Amended) A method performed by a device application, the method comprising:
requesting a web service from a primary server;
receiving logic that instructs the device application to start a web service session with the primary server with Web Real Time Control (WebRTC) and to generate first WebRTC credentials;
, and generating the WebRTC credentials comprises generating: 1) the first private key; 2) the first certificate; and 3) the first fingerprint of the first certificate;
storing the first private key and the first certificate;
sending the first fingerprint of the first certificate and the first fingerprint generation algorithm identifier identifying the first fingerprint generation algorithm that was used by the device algorithm to generate the first fingerprint of the first certificate to the primary server; and
establishing a connection with the primary server using the generated first WebRTC credentials, wherein the first WebRTC credentials are for use by the primary server to identify the device application and to bind the device application to the web service.

5. (Previously Presented) The method of claim 4, further comprising, whenever a new session with the requested web service is being established:
providing to the primary server the first certificate in a DTLS handshake message when the new session is established such that the primary server can calculate the first fingerprint of the first certificate, and compare the calculated first fingerprint with the stored fingerprint to identify the device application.

6. (Previously Presented) The method of claim 5, further comprising:
creating second WebRTC credentials comprising a second private key, second certificate, and a second fingerprint of the second certificate, wherein the second certificate is paired with the second private key; 
sending the second fingerprint of the second certificate to the primary server; and
receiving a third fingerprint generated by a secondary server; and
accessing the secondary server, wherein the device application is identified by secondary server with assistance from the primary server. 



8. (Previously Presented) The method of claim 4, wherein WebRTC identity APIs are used in combination with an Identity Provider to establish the identity of an end user of the device.

9. (Previously Presented) The method of claim 4, wherein the device application is a native application and wherein the received logic is received at installation of the device application.

10. (Cancelled)

11. (Previously Presented) A server, the server comprising:
memory; and
processing circuitry coupled to the memory, wherein the server is configured to:
receive a request for a web service transmitted by a device application, wherein communication between the server and the device application is done via https and Web Real Time Control (WebRTC), and the device application has generated WebRTC credentials comprising a first private key, a first certificate, and a fingerprint of the first certificate, wherein the first certificate is paired with the first private key and the device application used a first fingerprint generation algorithm to generate the fingerprint of the first certificate;
receive the fingerprint of the first certificate and a first fingerprint generation algorithm identifier identifying the first fingerprint generation algorithm that was used by the device application to generate the fingerprint of the first certificate;
store the fingerprint of the first certificate and the first fingerprint generation algorithm identifier;
associate the fingerprint of the first certificate with the device application;  
receive the first certificate from the device application; and
bind the device application to the web service using the received certificate and the stored fingerprint of the first certificate.

12. (Previously Presented) The server of claim 11 wherein the server is configured bind the device application to the web service by performing a process that comprises:
using the fingerprint generation algorithm identified by the first fingerprint generation algorithm identifier to calculate a fingerprint of the received certificate; and
comparing the calculated fingerprint with the stored fingerprint to verify the identify the device application.

13. (Previously Presented) The server of claim 11, wherein the server is further configured to:
request the device application to generate new WebRTC credentials comprising a second private key, second certificate, and a fingerprint of the second certificate, wherein the second certificate is paired with the second private key;
request the secondary server to generate WebRTC credentials comprising a third private key, third certificate, and a fingerprint of the third certificate, wherein the third certificate is paired with the third private key; 
receive the fingerprint of the second certificate;
receive the fingerprint of the third certificate
associate the fingerprint of the second certificate to the device application;
associate the fingerprint of the third certificate to the secondary server;
forward the fingerprint of the second certificate to the secondary server;
forward the fingerprint of the third certificate to the device application; and 
assist the secondary server to identify the device application. 

14. (Currently Amended) A device 
memory; and
processing circuitry coupled to the memory, wherein the device application is configured to:
request a web service from a primary server; 
first WebRTC credentials, wherein the first WebRTC credentials include a first private key, a first certificate, and a first fingerprint of the first certificate, wherein the first certificate is paired with the first private key;
generat the first private key, the first certificate, and the first fingerprint of the first certificate; 
store the private key and the certificate;
send the fingerprint of the first certificate and the first fingerprint generation algorithm identifier identifying the first fingerprint generation algorithm that was used by the device algorithm to generate the first fingerprint of the first certificate to the primary server; and
establish a connection with the primary server using the generated WebRTC credentials, wherein the first WebRTC credentials are for use by the primary server to identify the device application and to bind the device application to the web service.

15. (Currently Amended) The device 
provide to the primary server the certificate in a DTLS handshake message when a new session is established such that the primary server can calculate the fingerprint of the certificate, and 
compare the calculated fingerprint with the stored fingerprint to identify the device application.

16. (Currently Amended) The device 
create second WebRTC credentials comprising a second private key, second certificate, and a second fingerprint of the second certificate, wherein the second certificate is paired with the second private key; 
send the second fingerprint of the second certificate to the primary server; and
receive a third fingerprint generated by a secondary server; and


17. (Currently Amended) The device 

18. (Currently Amended) The device 

19. (Currently Amended) The device 

20. (Cancelled)
Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: 
The instant claims are deemed allowable for the same reasons as presented in the Office Action mailed 4/26/2020.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SCOTT B CHRISTENSEN whose telephone number is (571)270-1144. The examiner can normally be reached Monday through Friday, 6AM to 2PM.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Follansbee can be reached on (571) 272-3964. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

SCOTT B. CHRISTENSEN
Examiner
Art Unit 2444



/SCOTT B CHRISTENSEN/Primary Examiner, Art Unit 2444