DETAILED ACTION
This communication responsive to the Application No. 17/156,945 filed on January 25,
2021. Claims 1-20 are pending and are directed towards SECURE PEER-TO-PEER CONNECTION NETWORK AND ASSOCIATED PROTOCOLS FOR A GROUP-BASED COMMUNICATION SYSTEM.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 01/25/2021 was Acknowledge. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Specification
The use of the term “WIFI, BLUETOOTH” in para [0020][0041], which is a trade name or a mark used in commerce, has been noted in this application. The term should be accompanied by the generic terminology; furthermore the term should be capitalized wherever it appears or, where appropriate, include a proper symbol indicating use in commerce such as ™, SM , or ® following the term.
Although the use of trade names and marks used in commerce (i.e., trademarks, service marks, certification marks, and collective marks) are permissible in patent applications, the proprietary nature of the marks should be respected and every effort made to prevent their use in any manner which might adversely affect their validity as commercial marks.

Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(4) because: Reference character “205” in FIG. 2 has been used to designate both “Group-Based Communication Circuitry” and “Communications Circuitry”. 
Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
In addition to Replacement Sheets containing the corrected drawing figure(s), applicant is required to submit a marked-up copy of each Replacement Sheet including annotations indicating the changes made to the previous version.  The marked-up copy must be clearly labeled as “Annotated Sheets” and must be presented in the amendment or remarks section that explains the change(s) to the drawings.  See 37 CFR 1.121(d)(1).  Failure to timely submit the proposed drawing and marked-up copy will result in the abandonment of the application.

Allowable Subject Matter
Claim 4 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Claims 5 and 6 are objected by dependency on claim 4. 

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1, 7, 10-11, 15-18 and 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Hsieh et al. US 2015/0134843 A1 (hereinafter “Hsieh”)

As per claims 1, 11 and 18, Hsieh teaches a group-based communication system (a method of establishing network connection for establishing peer-to-peer connection among a plurality of network devices, and the plurality of network devices includes at least a first network device and a second network device. Hsieh, para [0007] and Fig. 7) comprising: 
one or more processors (Control server. Hsieh, Fig. 7 element 71); and 
one or more computer-readable media storing instructions that, when executed by the one or more processors, cause the group-based communication system to perform operations comprising: receiving a peer-to-peer connection request associated with a first identifier for a first client device and a second identifier for a second client device (the first server 11 receiving a connection request package. More specifically, the first network device 12 is connection to the first server 11 (i.e., the first network device 12 is at online status), and the first network device 12 sends connection request package to the first server 11. The connection request package includes the first identifier of the first network device 12 and the second identifier in response to the second network device 13. Hsieh, para [0037])( the first network device 12 is going to establish peer-to-peer connection with the second network device 13. Hsieh, para [0036]); 
comparing the first identifier and the second identifier to a group-based communication system validation registry associated with the group-based communication system (the first server 11 comparing the connection request package and the connection response package. More specifically, when the first server 11 receives the connection response package, the first server 11 compares the connection request package and the connection response package and confirms whether the content of the connection request package and the connection response package match or not (i.e., whether the first and second identifiers of the connection request package and the connection response package match). Hsieh, para [0041]); and 
based at least in part on a determination that the peer-to-peer connection request is authorized per the group-based communication system validation registry, causing establishment of a peer-to-peer connection between the second client device and the first client device for sharing data associated with the group-based communication system (according to the connection signaling package which includes the first identifier, the second network device 13 retrieves the first identifier from the second match table and responds with the connection response package which includes the first and second identifiers to the first server 11 (S403). Subsequently, the first server 11 compares whether the connection request package and the connection response package match. If they are matched, the first server 11 transmits a second confirmation package to the first network device 12 and the second network device 13 to inform the first network device 12 and the second network device 13 that they can execute the first connection mode (S404). Following that, the first network device 12 and the second network device 13 execute the first connection mode. In other words, the first network device 12 directly establishes peer-to-peer connection with the second network device 13. Hsieh, para [0044]).

As per claim 7, Hsieh teaches the group-based communication system as claim 1 recites, the operations further comprising: 
determining whether the first identifier and the second identifier are associated with at least one of a same group identifier or a same group-based communication interface (the first network device 12 and the second network device 13 shown in FIG. 4 have public IP address. That is to say, the first network device 12 and the second network device 13 do not need NAT server to translate from a private address to a public address. Both of the first and second network devices have the globally only IP address. Alternatively, the address type of the first network device 12 is a private IP and the address type of the second network device 13 is a public IP address. As shown in FIG. 4, when the first network device 12 is connected to the first server 11, and the first network device 12 actively sends connection request package which includes the first and second identifiers according to a first match table to the first server 11 (S401), the first server 11 transmits connection signaling package to the second network device 13 (the first server 11 has confirmed the connection with the second network device 13 in advance) to inform the second network device 13 that the first network device 12 is going to establish connection (S402). Then, according to the connection signaling package which includes the first identifier, the second network device 13 retrieves the first identifier from the second match table and responds with the connection response package which includes the first and second identifiers to the first server 11 (S403). Subsequently, the first server 11 compares whether the connection request package and the connection response package match [when matched it implies that they belong to a same group based communication interface]. Hsieh, para [0044]); and 
based at least in part on a determination that the first identifier and the second identifier are associated with at least one of the same group identifier or the same group-based communication interface, determining that the peer-to-peer connection request is authorized (If they are matched, the first server 11 transmits a second confirmation package to the first network device 12 and the second network device 13 to inform the first network device 12 and the second network device 13 that they can execute the first connection mode (S404). Following that, the first network device 12 and the second network device 13 execute the first connection mode. In other words, the first network device 12 directly establishes peer-to-peer connection with the second network device 13. Hsieh, para [0077]).

As per claims 10 and 20, Hsieh teaches the group-based communication system as claim 1 recites, the operations further comprising, based at least in part on the determination that the peer-to-peer connection request is authorized per the group-based communication system validation registry, transmitting, to the second client device, a peer-to-peer initiation instruction that comprises a data object that indicates at least one of (i) a characteristic or (ii) a condition associated with the data to be shared via the peer-to-peer connection, wherein the peer-to-peer connection is established based at least in part on the peer-to-peer initiation instruction (the first server 11 transmits a second confirmation package to the first network device 12 and the second network device 13 to inform the first network device 12 and the second network device 13 that they can execute the first connection mode (S404). Following that, the first network device 12 and the second network device 13 execute the first connection mode. In other words, the first network device 12 directly establishes peer-to-peer connection with the second network device. Hsieh, para [0044]).

As per claim 15, Hsieh teaches the method as claim 11 recites, further comprising, based at least in part on the determination that the peer-to-peer connection request is authorized per the group-based communication system validation registry, transmitting, to the second client device, a peer-to-peer initiation instruction (the first server 11 transmits a second confirmation package to the first network device 12 and the second network device 13 to inform the first network device 12 and the second network device 13 that they can execute the first connection mode (S404). Following that, the first network device 12 and the second network device 13 execute the first connection mode. In other words, the first network device 12 directly establishes peer-to-peer connection with the second network device. Hsieh, para [0044]) associated with a data object instructing the second client device to transmit all data received by the second client device and from the group-based communication server, that is associated with a group identifier with which the first identifier and the second identifier are associated, to the first client device (according to the public address and port number from both sides, the first network device 12 and the second network device 13 exchange a first user data protocol (UDP) package and a second user data protocol (UDP) (S607). Furthermore, the first network device 12 sends UDP package (i.e., package assigning port 31000) to the second network device 13 according to the public address and port number of the second network device (i.e., 138.76.29.7:31000), and the second network device 13 sends the UDP package (i.e., package assigning port 62000) to the first network device 12. Therefore, the first network device 12 and the second network device 13 can establish peer-to-peer Internet connection. Hsieh, para [0048]). 

As per claim 16, Hsieh teaches the method as claim 11 recites, further comprising, based at least in part on the determination that the peer-to-peer connection request is authorized per the group-based communication system validation registry, transmitting, to the second client device, a peer-to-peer initiation instruction (the first server 11 transmits a second confirmation package to the first network device 12 and the second network device 13 to inform the first network device 12 and the second network device 13 that they can execute the first connection mode (S404). Following that, the first network device 12 and the second network device 13 execute the first connection mode. In other words, the first network device 12 directly establishes peer-to-peer connection with the second network device. Hsieh, para [0044])  associated with a data object instructing the second client device to transmit a portion of data received by the second client device and from the group-based communication server, that is (i) associated with a group identifier with which the first identifier and the second identifier are associated, and (ii) is requested by the first client device, to the first client device (according to the public address and port number from both sides, the first network device 12 and the second network device 13 exchange a first user data protocol (UDP) package and a second user data protocol (UDP) (S607). Furthermore, the first network device 12 sends UDP package (i.e., package assigning port 31000) to the second network device 13 according to the public address and port number of the second network device (i.e., 138.76.29.7:31000), and the second network device 13 sends the UDP package (i.e., package assigning port 62000) to the first network device 12. Therefore, the first network device 12 and the second network device 13 can establish peer-to-peer Internet connection. Hsieh, para [0048]).

As per claim 17, Hsieh teaches the method as claim 11 recites, further comprising, based at least in part on the determination that the peer-to-peer connection request is authorized per the group-based communication system validation registry, transmitting, to the second client device, a peer-to-peer initiation instruction (the first server 11 transmits a second confirmation package to the first network device 12 and the second network device 13 to inform the first network device 12 and the second network device 13 that they can execute the first connection mode (S404). Following that, the first network device 12 and the second network device 13 execute the first connection mode. In other words, the first network device 12 directly establishes peer-to-peer connection with the second network device. Hsieh, para [0044]) associated with a data object instructing the second client device to transmit all data received by the second client device and from the group-based communication server, that is associated with a group identifier with which the first identifier and the second identifier are associated, to the first client device in response to an indication that the first client device at least one of (i) lacks connection to the group-based communication server or (ii) is associated with a suboptimal connection to the group-based communication server (according to the public address and port number from both sides, the first network device 12 and the second network device 13 exchange a first user data protocol (UDP) package and a second user data protocol (UDP) (S607). Furthermore, the first network device 12 sends UDP package (i.e., package assigning port 31000) to the second network device 13 according to the public address and port number of the second network device (i.e., 138.76.29.7:31000), and the second network device 13 sends the UDP package (i.e., package assigning port 62000) to the first network device 12. Therefore, the first network device 12 and the second network device 13 can establish peer-to-peer Internet connection. Hsieh, para [0048]).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claim(s) 2, 8-9 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Hsieh et al. US 2015/0134843 A1 (hereinafter “Hsieh”) in view of Arora et al. US 2004/0064512 A1 (hereinafter “Arora”).

As per claim 2, Hsieh teaches the group-based communication system as claim 1 recites. Hsieh does not explicitly teach wherein the peer-to-peer connection request is received, from the first client device, in response to the first client device (i) receiving a broadcast communication packet from the second client device, wherein at least a portion of the broadcast communication packet is encrypted using encryption data associated with a group with which the first identifier and the second identifier are associated, and (ii) decrypting the broadcast communication packet using the encryption data.
However, Arora teaches wherein the peer-to-peer connection request is received, from the first client device, in response to the first client device (i) receiving a broadcast communication packet from the second client device (Peer 200A may broadcast discovery query message 820. Discovery query message 820 may be formatted in accordance with a peer-to-peer platform discovery protocol. Discovery query message 820 may include criteria specifying a particular type of resource in which the peer is interested. When the discovery query message 820 reaches a peer 200B that has advertisements 808A and 808B for resources matching the criteria in the discovery query message, peer 200B may respond by sending peer 200A a response message 822 that may include the advertisements 808A and 808B. Peer 200A may also receive one or more response messages from one or more other peers. Each of these response messages may include advertisements for resources for resources also matching the criteria in the discovery query message. After receiving the resource advertisements, peer 200A may access the corresponding resource. In one embodiment, each resource advertisement may include information describing how to access the particular resource corresponding to the resource advertisement. Arora, para [0352]), wherein at least a portion of the broadcast communication packet is encrypted using encryption data associated with a group with which the first identifier and the second identifier are associated (The message digest in the envelope may be used to guarantee the data integrity of messages. Messages may also be encrypted and signed for confidentiality and refutability. In one embodiment, each protocol body may include one or more credentials used to identify the sender to the receiver. A credential is a key that, when presented in a message body, may be used to identify a sender and to verify that sender's right to send the message to the specified endpoint. In one embodiment, the credential may be an opaque token that may be presented each time a message is sent. In one embodiment, the sending address placed in the message envelope may be crosschecked with the sender's identity in the credential. Credentials may be stored in the message body on a per-protocol &lt;tag&gt; basis. Arora, para [0232]), and (ii) decrypting the broadcast communication packet using the encryption data (a message body may be encrypted, with the credential providing further information on how to decrypt the content. Arora, para [0232]) (peer-to-peer platform advertisements may include information to describe the security mechanism(s) to be used in a peer group. For example, the advertisement may include information to do public key exchange, information to indicate what algorithms are to be used, etc. The advertisement may also include information that may be used to enforce secure information exchange on pipes (e.g. encryption information). Arora, para [0718]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Hsieh in view of Arora. One would be motivated to do so, to enhance the security of the system and guarantee the data integrity and confidentiality of exchanged messages. (Arora, para [0232]).

As per claim 12, Hsieh teaches the method as claim 11 recites. Hsieh does not explicitly teach wherein the first client device and the second client device are associated with a common local area connection, and wherein the peer-to-peer connection request is received in response to the first client device receiving a broadcast communication packet from the second client device via the common local area connection, wherein the broadcast communication packet identifies the second identifier.
However, Arora teaches wherein the first client device and the second client device are associated with a common local area connection (Several peer-to-peer platform protocols that may be provided by embodiments of the peer-to-peer platform are described later in this document. The protocols defined in this document may be realized over networks including, but not limited to, the Internet, a corporate intranet, a dynamic proximity network, a home networking environment, LANs, and WANs. Arora, para [0136][0177]), and wherein the peer-to-peer connection request is received in response to the first client device receiving a broadcast communication packet from the second client device via the common local area connection, wherein the broadcast communication packet identifies the second identifier (Peer 200A may broadcast discovery query message 820. Discovery query message 820 may be formatted in accordance with a peer-to-peer platform discovery protocol. Discovery query message 820 may include criteria specifying a particular type of resource in which the peer is interested. When the discovery query message 820 reaches a peer 200B that has advertisements 808A and 808B for resources matching the criteria in the discovery query message, peer 200B may respond by sending peer 200A a response message 822 that may include the advertisements 808A and 808B. Peer 200A may also receive one or more response messages from one or more other peers. Each of these response messages may include advertisements for resources for resources also matching the criteria in the discovery query message. After receiving the resource advertisements, peer 200A may access the corresponding resource. In one embodiment, each resource advertisement may include information describing how to access the particular resource corresponding to the resource advertisement. Arora, para [0352])(The message digest in the envelope may be used to guarantee the data integrity of messages. Messages may also be encrypted and signed for confidentiality and refutability. In one embodiment, each protocol body may include one or more credentials used to identify the sender to the receiver. A credential is a key that, when presented in a message body, may be used to identify a sender and to verify that sender's right to send the message to the specified endpoint. In one embodiment, the credential may be an opaque token that may be presented each time a message is sent. In one embodiment, the sending address placed in the message envelope may be crosschecked with the sender's identity in the credential. Credentials may be stored in the message body on a per-protocol &lt;tag&gt; basis. Arora, para [0232]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Hsieh in view of Arora. One would be motivated to do so, to enhance the security of the system and guarantee the data integrity and confidentiality of exchanged messages. (Arora, para [0232]).

As per claim 8, Hsieh teaches the group-based communication system as claim 7 recites. Hsieh does not explicitly teach the operations further comprising: determining whether the first identifier and the second identifier are associated with a same privilege; and based at least in part on a determination that the first identifier and the second identifier are associated with the same privilege, determining that the peer-to-peer connection request is authorized.
However, Arora teaches determining whether the first identifier and the second identifier are associated with a same privilege (messages may include, at a minimum, a peer group credential that identifies the sender of the message as a full member peer in the peer group in good standing. Membership credentials may be used that define a member's rights, privileges, and role within the peer group. Content access and sharing credentials may also be used that define a member's rights to the content stored within the group. Arora, para [0717]); and based at least in part on a determination that the first identifier and the second identifier are associated with the same privilege, determining that the peer-to-peer connection request is authorized (Peers 200 in each peer group 210 may then discover each other through rendezvous proxy 206. Rendezvous proxy 206 may itself be a peer and may be a member in one or more peer groups 210. In one embodiment, access to rendezvous proxies 206 may be restricted to peers with rendezvous access privileges. Arora, para [0519]-[0520]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Hsieh in view of Arora. One would be motivated to do so, to restrict access communication to those client devices have the same rights and privileges. 

As per claim 9, Hsieh teaches the group-based communication system as claim 1 recites. Hsieh does not explicitly teach wherein the peer-to-peer connection request is associated with a token, the operations further comprising: determining whether the first identifier is associated with the token in the group-based communication system validation registry; and based at least in part on a determination that the first identifier is associated with the token in the group-based communication system validation registry, determining that the peer-to-peer connection request is authorized.
However, Arora teaches wherein the peer-to-peer connection request is associated with a token (the peer-to-peer platform may use credentials and authenticators (code (e.g. computer-executable instructions) that may be used to receive messages that either request a new credential or request that an existing credential be validated). A credential is a token. Arora, para [0716]), the operations further comprising: 
determining whether the first identifier is associated with the token in the group-based communication system validation registry (A credential is a token that when presented in a message body is used to identify a sender and can be used to verify that sender's right to send the message to the specified endpoint and other associated capabilities of the sender. The credential is an opaque token that must be presented each time a message is sent. The sending address placed in the message envelope may be crosschecked with the sender's identity in the credential. In one embodiment, each credential's implementation may be specified as a plug-in configuration, which allows multiple authentication configurations to co-exist on the same network. Arora, para [0716]); and 
based at least in part on a determination that the first identifier is associated with the token in the group-based communication system validation registry, determining that the peer-to-peer connection request is authorized (messages may include, at a minimum, a peer group credential that identifies the sender of the message as a full member peer in the peer group in good standing. Membership credentials may be used that define a member's rights, privileges, and role within the peer group. Content access and sharing credentials may also be used that define a member's rights to the content stored within the group. Arora, para [0717]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Hsieh in view of Arora. One would be motivated to do so, to enhance the security of the communication system.

Claim(s) 3 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Hsieh et al. US 2015/0134843 A1 (hereinafter “Hsieh”) in view of Chow et al. US 2007/0118875 A1 (hereinafter “Chow”).

As per claim 3, Hsieh teaches the group-based communication system as claim 1 recites. Hsieh does not explicitly teach the operations further comprising: receiving, from the second client device, a token generation request; generating, based at least in part on the token generation request and encryption data, a token; and sending the token to the first client device, wherein the peer-to-peer connection request is received in response to sending the token to the first client device.
However, Chow teaches receiving, from the second client device, a token generation request (an authentication service responds to a request for a token and a certificate from a client. A request from a client is received over a network. Chow, para [0060]); 
generating, based at least in part on the token generation request and encryption data, a token (token 122(N) and certificate 216(N) may be stored in memory for communication at a latter time (e.g, after further operations). Token 122(N) and certificate 216(N) are illustrated in phantom as storable in memory 210(m) of server prior to communication to client 104(1). Authentication service 102(m) responds to the request by communicating the token 122(N) and certificate 216(N) to client 104(N). FIG. 2 depicts client 104(N) as having received token 122(N) and certificate 216(N), and storing in memory 210(N). Chow, para [0052])(A response to the request is issued which includes a token to provide proof of identity of the client at a plurality of service providers and a certificate that is used to establish secure peer-to-peer transactions. Chow, para [0062]); and 
sending the token to the first client device, wherein the peer-to-peer connection request is received in response to sending the token to the first client device (Client 104(N) receives the response and may thereafter use the token 122(N) for proof of identity to access resources a plurality of service providers 112(s) and the SLC 216(N) to establish secure communications with another client. For instance, client 104(N) may share data, photos, files and so forth via sharing module 110(N). Chow, para [0062]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Hsieh in view of Chow. One would be motivated to do so, to establish a secure communication. (Chow, para [0062]).

As per claim 13, Hsieh teaches the method as claim 11 recites. Hsieh does not explicitly teach the method further comprising: generating, based at least in part on receiving a token generation request from the second client device, a token; storing the token in the group-based communication system validation registry, wherein the token is associated with the first identifier and the second identifier; and sending the token to the first client device, wherein the peer-to-peer connection request is received in response to sending the token to the first client device.
However, Chow teaches generating, based at least in part on receiving a token generation request from the second client device, a token (an authentication service responds to a request for a token and a certificate from a client. A request from a client is received over a network. Chow, para [0060]); 
storing the token in the group-based communication system validation registry, wherein the token is associated with the first identifier and the second identifier (token 122(N) and certificate 216(N) may be stored in memory for communication at a latter time (e.g, after further operations). Token 122(N) and certificate 216(N) are illustrated in phantom as storable in memory 210(m) of server prior to communication to client 104(1). Authentication service 102(m) responds to the request by communicating the token 122(N) and certificate 216(N) to client 104(N). FIG. 2 depicts client 104(N) as having received token 122(N) and certificate 216(N), and storing in memory 210(N). Chow, para [0052])(A response to the request is issued which includes a token to provide proof of identity of the client at a plurality of service providers and a certificate that is used to establish secure peer-to-peer transactions. Chow, para [0062]); and
sending the token to the first client device, wherein the peer-to-peer connection request is received in response to sending the token to the first client device (Client 104(N) receives the response and may thereafter use the token 122(N) for proof of identity to access resources a plurality of service providers 112(s) and the SLC 216(N) to establish secure communications with another client. For instance, client 104(N) may share data, photos, files and so forth via sharing module 110(N). Chow, para [0062]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Hsieh in view of Chow. One would be motivated to do so, to establish a secure communication. (Chow, para [0062]).

Claim(s) 14 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Hsieh et al. US 2015/0134843 A1 (hereinafter “Hsieh”) in view of Huber et al. US 2019/0327220 A1 (hereinafter “Huber”).

As per claims 14 and 19, Hsieh teaches the method as claims 11 and 18 recite. Hsieh does not explicitly teach wherein determining whether the peer-to-peer connection request is authorized is based on one or more of: a group identifier associated with the first identifier or the second identifier; a group-based communication interface associated with the first identifier or the second identifier; or a token, in the group-based communication system validation registry, associated with the first identifier or the second identifier.
However, Huber teaches wherein determining whether the peer-to-peer connection request is authorized is based on one or more of: 
a group identifier associated with the first identifier or the second identifier (Access may further be facilitated by a validated request to join or an invitation to join transmitted by one group member user to another non-member user. Group identifiers are used to associate data, information, messages, etc., with specific groups. Huber, para [0048]) (Each message sent or posted to a group-based communication channel of the group-based communication system includes metadata comprising the following: a sending user identifier, a message identifier, message contents, a group identifier, and a group-based communication channel identifier. Each of the foregoing identifiers may comprise ASCII text, a pointer, a memory address. Huber, para [0049]) (The terms “user profile,” “user account,” and “user account details” refer to information associated with a user, including, for example, a user identifier, one or more group-based communication channel identifiers associated with enterprise group-based communication channels that the user has been granted access to, one or more group identifiers for groups with which the user is associated. Huber, para [0052]); a group-based communication interface associated with the first identifier or the second identifier; or a token, in the group-based communication system validation registry, associated with the first identifier or the second identifier.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Hsieh in view of Huber. One would be motivated to do so, to enhance the security of the system by ensuring that the client devices are associated with the same group. (Huber, para [0052]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
A. Shortt et al. US 2022/0286529 A1 directed to manage draft messages in a group-based communication system. 
B. Athlur et al. US 2020/0404573 A1 directed to bandwidth sharing amongst trusted peers.
C. Frank et al. US 2018/0197144 A1 directed to authenticating user communication within an enterprise group-based communication platform. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHALID M ALMAGHAYREH whose telephone number is (571)272-0179. The examiner can normally be reached Monday - Thursday 8AM-5PM EST & Friday variable.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SALEH NAJJAR can be reached on (571)272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



Respectfully Submitted

/KHALID M ALMAGHAYREH/Examiner, Art Unit 2492