METHOD FOR SECURE COMMUNICATION VIA THE INTERNET

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendment 1. This action is in response to the communication filed on February 12, 2026. Claims 1-16 were originally received for consideration. Per the received amendment, claims 2 and 4 have been cancelled. 2. Claims 1, 3, and 5-16 are currently pending consideration. Response to Arguments 3. Applicant's arguments filed on February 12, 2026 have been fully considered but they are not persuasive for the following reasons: 4. The Applicant argues that the Cited Prior Art (CPA), Westerlund et al. (U.S. Patent Pub. No. US 2008/0301278), does not disclose 1) that the communication takes between communication partners, i.e. human users each using a communication device, 2) an invitation is exchanged for establishing an initial, partner-specific communication connection, 3) a security certificate is provided by the installation of the computer program product, 4) a data transfer rate and a data capacity of the communication devices of the communication partners are determined, and 5) the communication devices are created in a cluster such that resources are balanced and distributed. The arguments 4 and 5 regarding newly added limitations 4) a data transfer rate and a data capacity of the communication devices of the communication partners are determined, and 5) the communication devices are created in a cluster such that resources are balanced and distributed. are moot in view of the new grounds of rejection in view of Jones et al. (U.S. Patent Pub. No. US 2008/0301278). Regarding argument 1, Westerlund does disclose communication between communication partners/devices as it explicitly mentions setting up a secure peer-to-peer connection (paragraph 0005-0007). The Applicant argues that the communication is between human users using communication devices but there is no mention of that in the claim language. Regarding argument 2, this argument is also not found persuasive. Westerlund does not explicitly disclose the exact term “invitation” but does disclose signaling messages exchanged between peers that lead to the initiation of a partner-specific communication session (paragraphs 0062-0065). For example, Westerlund discloses that a server is used for the exchange of configuration information for a connection between UA1 and UA1 (paragraph 0063). Furthermore, Westerlund discloses sending a certificate of the first and second peers to establish a communication channel in response to receiving a request (invitation) for an application (See Fig. 5B). Therefore, the argument is not found persuasive. Finally, argument 3 is also not found persuasive. There is no requirement that the security certificate be provided only during the installation procedure of the computer program product, but only that it is provided by the installation of the product. Westerlund discloses that the peers exchange fingerprints of the certificates to set up a peer-to-peer connection (paragraphs 0005-0006, 0015). Westerlund further discloses that the secure peer to peer connection may be a Datagram Transport Layer Security connection and each certificate is a DTLS certificate (paragraph 0015). Therefore, the argument is not found persuasive. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1, 3, and 5-16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Westerlund et al. (U.S. Patent Pub. No. US 2018/0205720) in view of Jones et al. Regarding claim 1, Westerlund discloses: A computer-implemented method for information-secure communication between at least a first communication partner and a second communication partner, wherein the first communication partner has a first communication device, and the second communication partner has a second communication device (paragraph 0002: WebRTCPeerConnections), comprising the following steps: a) installing a computer program product on a computing unit of the first communication device and the second communication device, wherein the computer program product (paragraphs 0037-0041: peer devices may include computer-readable instructions), b) transmitting an invitation from the first communication device to the second communication device, wherein a security certificate is transmitted to the second communication device upon transmission of the invitation (paragraphs 0029-0030, 0033-0037: fingerprint is analogous to a hash value of a certificate; receiving a directive for a fingerprint for a certificate of the peer), wherein the security certificate is provided by the installation of the computer program product (paragraphs 0005-0006, 0015, 0027-0028: a computer program is used to enable a setting up of a secure peer-to-peer connection which allows the transmission of the fingerprint of the certificate); c) accepting the invitation by the second communication device and verifying the security certificate (paragraphs 0031-0033: verifying, in a handshake process with the second peer, an identity of the second peer by comparing with the second fingerprint, wherein the handshake is only successful when the verification is successful), d) feeding back to an intermediate server when the test of the security certificate has passed (paragraphs 0120-0127: The F&C server can verify that the configuration information certificate fingerprint is matching the one the UA submitted to the server by using the F&C server to Web server API to either request the submitted fingerprint and perform the comparison in the F&C or submit the fingerprint from the configuration information and have the web server perform the comparison. [0121] 26. The F&C server 103 sends the configuration information 26a to UA2 102b, the intended destination. In addition, UA2 102b is also sent its white-list policy update URI. At the same time the F&C server 103 sends to UA1 102a the white-list policy update URI 26b), e) directly transmitting communication data between the first communication device and the second communication device (paragraph 0107: If Interactive Connectivity Establishment (ICE) 19a, e.g. as described in RFC5245, is successful in establishing a direct path between UA1 102a and UA2 102b, then the DTLS handshake 19b-c is performed. When that DTLS handshake is performed, the certificate used by each peer is normally exchanged. Upon receiving the certificate each of the UAs verify that the peer's certificate has a matching hash value to a value given in the “rtcpc-src” directive. If not, the connection establishment is aborted). Westerlund does not explicitly disclose wherein a data transfer rate and a data capacity of the communication devices of the communication partners is determined, wherein the communication devices are created in a cluster such that resources are balanced and distributed. In an analogous art, Jones discloses a cluster manager which groups destination connections into a plurality of performance clusters and can assign a synchronization mechanism to each performance cluster (paragraph 0013). Jones further discloses that performance capability can be defined in many ways including the bandwidth capability of each connection, and the cluster manager can be configured to group destination devices or communication links into performance clusters based on their similar performance capabilities (paragraph 0022). It would have been obvious to one of ordinary skill in the art to use the cluster manager of Jones in combination with Westerlund to optimize the communication of the devices based on the associated performance capabilities (paragraph 0022). Claim 3 is rejected as applied above in rejecting claim 1. Furthermore, Westerlund discloses: The computer-implemented method according to claim 1, wherein the communication data are encrypted for transmission, preferably by an asymmetric encryption method (paragraphs 0107, 0129: DTLS handshake uses asymmetric encryption). Claim 5 is rejected as applied above in rejecting claim 1. Furthermore, Westerlund discloses: The computer-implemented method according to claim 1, wherein the communication takes place between a plurality of communication partners, each of which has a communication device, and/or the communication takes place within a communication network (paragraphs 0063-0070: architecture uses web servers and peers). Claim 6 is rejected as applied above in rejecting claim 1. Furthermore, Westerlund discloses: The computer-implemented method according to claim 1, wherein the communication takes place between communication partners, wherein the first communication device and/or the computer program product installed on the computing unit of the first communication device provides the intermediate server (paragraphs 0064: connection between two peers). Claim 7 is rejected as applied above in rejecting claim 1. Furthermore, Westerlund discloses: The computer-implemented method according to claim 1, wherein the communication between communication partners takes place within a communication network (paragraphs 0063-0065: connection between two peers for communication). Claim 8 is rejected as applied above in rejecting claim 7. Furthermore, Westerlund discloses: The computer-implemented method according to claim 7, wherein the communication takes place with an intermediate server installed on a web server and acts as an exchange between the communication partners (paragraphs 0066-0069: the first and second peers connect to a web server and connects to a F&C server). Claim 9 is rejected as applied above in rejecting claim 1. Furthermore, Westerlund discloses: The computer-implemented method according to claim 1, wherein the communication data are selected from a group consisting of text messages, photos, videos, audio messages, attachments, and combinations thereof (paragraph 0002: WebRTC is used to transmit media such as audio and video). Regarding claim 10, Westerlund discloses: A communication device network for information-secure communication, comprising at least a first communication device and a second communication device, wherein the first communication device and the second communication device each comprise a computing unit (paragraph 0002: WebRTCPeerConnections), and are configured to carry out the following steps after installation of a computer program product: a) transmitting an invitation from the first communication device to the second communication device, wherein a security certificate is transmitted to the second communication device upon transmission of the invitation (paragraphs 0029-0030, 0033-0037: fingerprint is analogous to a hash value of a certificate; receiving a directive for a fingerprint for a certificate of the peer), wherein the security certificate is provided by the installation of the computer program product (paragraphs 0005-0006, 0015, 0027-0028: a computer program is used to enable a setting up of a secure peer-to-peer connection which allows the transmission of the fingerprint of the certificate); b) accepting the invitation by the second communication partner and verifying the security certificate (paragraphs 0031-0033: verifying, in a handshake process with the second peer, an identity of the second peer by comparing with the second fingerprint, wherein the handshake is only successful when the verification is successful), c) feeding back to an intermediate server when the test of the security certificate has passed (paragraphs 0120-0127: The F&C server can verify that the configuration information certificate fingerprint is matching the one the UA submitted to the server by using the F&C server to Web server API to either request the submitted fingerprint and perform the comparison in the F&C or submit the fingerprint from the configuration information and have the web server perform the comparison. [0121] 26. The F&C server 103 sends the configuration information 26a to UA2 102b, the intended destination. In addition, UA2 102b is also sent its white-list policy update URI. At the same time the F&C server 103 sends to UA1 102a the white-list policy update URI 26b), d) directly transmitting communication data between the first communication device and the second communication device (paragraph 0107: If Interactive Connectivity Establishment (ICE) 19a, e.g. as described in RFC5245, is successful in establishing a direct path between UA1 102a and UA2 102b, then the DTLS handshake 19b-c is performed. When that DTLS handshake is performed, the certificate used by each peer is normally exchanged. Upon receiving the certificate each of the UAs verify that the peer's certificate has a matching hash value to a value given in the “rtcpc-src” directive. If not, the connection establishment is aborted). Westerlund does not explicitly disclose wherein a data transfer rate and a data capacity of the communication devices of the communication partners is determined, wherein the communication devices are created in a cluster such that resources are balanced and distributed. In an analogous art, Jones discloses a cluster manager which groups destination connections into a plurality of performance clusters and can assign a synchronization mechanism to each performance cluster (paragraph 0013). Jones further discloses that performance capability can be defined in many ways including the bandwidth capability of each connection, and the cluster manager can be configured to group destination devices or communication links into performance clusters based on their similar performance capabilities (paragraph 0022). It would have been obvious to one of ordinary skill in the art to use the cluster manager of Jones in combination with Westerlund to optimize the communication of the devices based on the associated performance capabilities (paragraph 0022). Claim 11 is rejected as applied above in rejecting claim 10. Furthermore, Westerlund discloses: The communication device network according to claim 10, wherein the communication takes place between communication partners, wherein the computing unit of the first communication device and/or the computer program product installed on the computing unit of the first communication device is configured to provide the intermediate server (paragraphs 0064: connection between two peers). Claim 12 is rejected as applied above in rejecting claim 10. Furthermore, Westerlund discloses: The communication device network according to claim 10, wherein the communication between communication partners takes place within a communication network (paragraphs 0063-0070: architecture uses web servers and peers). Claim 13 is rejected as applied above in rejecting claim 12. Furthermore, Westerlund discloses: The communication device network according to claim 12, wherein the communication takes place with an intermediate server installed on a web server and acts as an exchange between the communication partners (paragraphs 0120-0127: The F&C server can verify that the configuration information certificate fingerprint is matching the one the UA submitted to the server by using the F&C server to Web server API to either request the submitted fingerprint and perform the comparison in the F&C or submit the fingerprint from the configuration information and have the web server perform the comparison. [0121] 26. The F&C server 103 sends the configuration information 26a to UA2 102b, the intended destination. In addition, UA2 102b is also sent its white-list policy update URI. At the same time the F&C server 103 sends to UA1 102a the white-list policy update URI 26b). Regarding claim 14, Westerlund discloses: A computer program product for information-secure communication between a first communication device and a second communication device, wherein the following steps are carried out upon execution of the computer program product: a) transmitting an invitation from the first communication device to the second communication device, wherein a security certificate is transmitted to the second communication device upon transmission of the invitation (paragraphs 0029-0030, 0033-0037: fingerprint is analogous to a hash value of a certificate; receiving a directive for a fingerprint for a certificate of the peer), wherein the security certificate is provided by the installation of the computer program product (paragraphs 0005-0006, 0015, 0027-0028: a computer program is used to enable a setting up of a secure peer-to-peer connection which allows the transmission of the fingerprint of the certificate); b) accepting the invitation by the second communication partner and verifying the security certificate (paragraphs 0031-0033: verifying, in a handshake process with the second peer, an identity of the second peer by comparing with the second fingerprint, wherein the handshake is only successful when the verification is successful), c) feeding back to an intermediate server when the test of the security certificate has passed (paragraphs 0120-0127: The F&C server can verify that the configuration information certificate fingerprint is matching the one the UA submitted to the server by using the F&C server to Web server API to either request the submitted fingerprint and perform the comparison in the F&C or submit the fingerprint from the configuration information and have the web server perform the comparison. [0121] 26. The F&C server 103 sends the configuration information 26a to UA2 102b, the intended destination. In addition, UA2 102b is also sent its white-list policy update URI. At the same time the F&C server 103 sends to UA1 102a the white-list policy update URI 26b), d) directly transmitting communication data between the first communication device and the second communication device (paragraph 0107: If Interactive Connectivity Establishment (ICE) 19a, e.g. as described in RFC5245, is successful in establishing a direct path between UA1 102a and UA2 102b, then the DTLS handshake 19b-c is performed. When that DTLS handshake is performed, the certificate used by each peer is normally exchanged. Upon receiving the certificate each of the UAs verify that the peer's certificate has a matching hash value to a value given in the “rtcpc-src” directive. If not, the connection establishment is aborted). Westerlund does not explicitly disclose wherein a data transfer rate and a data capacity of the communication devices of the communication partners is determined, wherein the communication devices are created in a cluster such that resources are balanced and distributed. In an analogous art, Jones discloses a cluster manager which groups destination connections into a plurality of performance clusters and can assign a synchronization mechanism to each performance cluster (paragraph 0013). Jones further discloses that performance capability can be defined in many ways including the bandwidth capability of each connection, and the cluster manager can be configured to group destination devices or communication links into performance clusters based on their similar performance capabilities (paragraph 0022). It would have been obvious to one of ordinary skill in the art to use the cluster manager of Jones in combination with Westerlund to optimize the communication of the devices based on the associated performance capabilities (paragraph 0022). Claim 15 is rejected as applied above in rejecting claim 14. Furthermore, Westerlund discloses: The computer program product according to the claim 14, wherein the computer program product provides a user interface so that the invitation can be sent and/or accepted by operating the user interface (paragraph 0083: the user of the AU then initiates some activity in the web application, such as clicking a call button in the user interface). Claim 16 is rejected as applied above in rejecting claim 14. Furthermore, Westerlund discloses: The computer program product according to claim 14, wherein the computer program product provides a user interface so that the invitation can be accepted by operating the user interface (paragraph 0083: the user of the AU then initiates some activity in the web application, such as clicking a call button in the user interface which requires that a RTCPeerConnectoin is established with UA2). Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to KAVEH ABRISHAMKAR whose telephone number is (571)272-3786. The examiner can normally be reached M-F 9-5:30. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached at 571-272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /KAVEH ABRISHAMKAR/ 03/13/2026Primary Examiner, Art Unit 2494