DETAILED ACTION
This Non-Final Office Action is in response to the request for continued examination filed on 01/27/2021.  	Claims 1-20 are being considered on the merits.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
2.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 01/27/2021 has been entered.
Response to Arguments
3.	Applicant's arguments filed 12/28/2020 have been fully considered but are moot because they do not apply to the newly cited reference below. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



s 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub No. US 2008/0219436 A1 to Chen, (hereinafter, “Chen”) in view of US Pub. No. US 2016/0149696 A1 to Winslow, (hereinafter, “Winslow”) and in further view of US Pub. No. US 2002/0006197 A1 to Carroll, (hereinafter, “Carroll”). 

As per claims 1, 8 and 15, Chen teaches a computer-implemented method, a system and a computer program product, respectively, for generating a keystream using media data stored in a database, comprising: 
at least one memory storing computer-executable instructions; and at least one processor of a sending device, wherein the at least one processor is configured to access the at least one memory and execute the computer-executable instructions, the computer program product comprising a storage medium readable by a processing circuit, the storage medium storing instructions executable by the processing circuit to cause a method to be performed (Chen, para. [0066] “the station or system 1700 comprises a processor 1710, a memory 1720, e.g., random access memory ("RAM") and/or read only memory (ROM), a DRM Engine module 1740, and various input/output devices 1730”), the method comprising:
generating, by a computer processor of a sending device, a session key that includes a plurality of subkeys (Chen, [0065] “the process 1600 generates a service key for a set of data…the process 1600 provides the service key (subkey) so that a traffic key (session key) is generated for a traffic protection group for the set of data.” And para. [0031] “A unique keystream message ("KSM") is generated for each of the traffic protection groups and services. As a result, encrypted traffic keys (TKs) may be delivered to receiving devices, e.g., mobile devices, utilizing KSMs. For instance, a unique KSM may be generated for the traffic protection group .alpha. 202 for the service X 102. Accordingly, the KSM X.sub..alpha. 208 may be utilized to deliver TKs that are unique service keys (subkeys) provided by the service provider of the service X 102. Further, a unique KSM may be generated for the traffic protection group .alpha. 202 for the service Y 104…As a result, different KSMs are utilized to provide access to media flows on the same Channel C 110.”); 
identifying, by the computer processor, a plurality of media streams in the media data, the media streams comprising audio/visual content, wherein the plurality of media streams are stored at indices in the database that correspond to values of the plurality of subkeys (Chen, para. [0028] “A media flow is a video or audio stream. For example, a television channel includes one or more media flows, i.e., one or more video and audio streams.” and para. [0030] “Channel C 110 may include a plurality of media flows (media stream). The DRM engine is utilized to categorize the media flows into traffic protection groups. A traffic protection group is a group of one or more media flows that are encrypted utilizing a common Traffic Key ("TK"), crypto period, and protection protocol.” And para. [0037] “the DRM engine 302 provides various functions for facilitating the secure delivery of media flows to the authorized user devices 320…the DRM engine 302 generates and stores service-level (subkey), program-level, and traffic-level keys. In addition, the DRM engine 302 provides for the delivery of traffic keys and access/usage rules to the user devices 320 through key stream messages”)
encrypting, by the computer processor, a message to generate an encrypted message; and sending, by the computer processor, the encrypted message to a receiving device (Chen, para. [0064] “at a process block 1504, the process 1500 encrypts the traffic key with an authorization encryption key to generate an encrypted traffic key. In addition, at a process block 1506, the process 1500 provides the encrypted traffic key in a keystream message through a network to a device”).
Chen teaches all the limitations of claims 1, 8 and 15 above, however fails to explicitly teach but Winslow teaches:

(Winslow, para. [0057] “a first byte of user data may be subject to an Exclusive-Or (XOR) operation with a byte of keystream from the block cipher. For example, the keystream may be produced by using AES in counter mode (e.g., CTR mode) to produce a stream cipher from the AES block cipher. The encrypted data byte may be storage in the Byte n position of N-Byte Shift Register 304. N-Byte Shift Register 304 may be a shift register that is the same length as or longer than the length of the framed synchronization data message.” And para. [0067] “in addition to the escape sequence and indication of the synchronized count value, the framed cryptographic synchronization message may also include authentication field (e.g., a checksum byte(s), CRC, etc.) in order to allow Serial Decryptor 400 to determine whether the received bytes correspond to a valid framed cryptographic synchronization message. The checksum may be calculated across the count value alone or across the combination of the count value and the escape sequence.” And [0068] “The same checksum calculation as was used to generate the checksum byte(s) at the encryptor may also be used to re-calculate/verify the checksum byte(s) at the decryptor. For example, an eight-bit CRC such as the International Telegraph and Telephone Consultative Committee (CCITT) CRC-8 may be used to generate/verify the checksum byte(s)”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Winslow’s transparent serial encryption into Chen’s method for providing a digital rights management engine, with a motivation to encrypt and decrypt data streams in such a way that unauthorized parties are unable to access the data even while it is traversing unsecured networks (Winslow, para. [0001]). 
The combination of Chen and Winslow teach all the limitations of claims 1, 8 and 15 above, however fail to explicitly teach but Carroll teaches:

the encrypting including using a stream cipher algorithm that uses keystream as a key (Carroll, para. [0037] “The keystream generator 106 may use an initial fill that is changed each time the generator 106 is clocked or, alternatively, is programmed to contain an initial fill, such as the master key produced by the key scheduler 102 or the frame key produced by the frame key generator 104.” And para. [0042] “To generate a keystream sequence (step 240), the keystream generator 104 may use the master key or, alternatively, the frame key, as an initial fill that establishes an initial state for the registers of the keystream generator 104.” Also shown in Figure 2.)
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Carroll’s stream-cipher method into Winslow’s transparent serial encryption and Chen’s method for providing a digital rights management engine, with a motivation for secure communications using a keystream (Carroll, para. [0007]). 

As per claims 2, 9 and 16, the combination of Chen, Winslow and Carroll teach the computer-implemented method of claim 1, the system of claim 8 and the computer program product of claim 15, respectively, and wherein aggregating the plurality of media streams comprises performing, by the computer processor, an exclusive-or (XOR) operation on the plurality of media streams (Winslow, para. [0057] “a first byte of user data may be subject to an Exclusive-Or (XOR) operation with a byte of keystream from the block cipher. For example, the keystream may be produced by using AES in counter mode (e.g., CTR mode) to produce a stream cipher from the AES block cipher.”).

As per claims 3, 10 and 17, the combination of Chen, Winslow and Carroll teach the computer-implemented method of claim 1, the system of claim 8 and the computer program product of claim 15, respectively, wherein generating the session key comprises selecting, by the computer processor, a number of the plurality of subkeys based at least in part on a desired level of security for the keystream (Chen, para. [0037] “the DRM engine 302 provides various functions for facilitating the secure delivery of media flows to the authorized user devices 320. The DRM engine 302 provides real-time encryption of media flows. Further, the DRM engine 302 generates and stores service-level, program-level, and traffic-level keys. In addition, the DRM engine 302 provides for the delivery of TKs (session key) and access/usage rules to the user devices 320 through KSMs. The DRM engine 302 also interfaces to entitlement management systems 338 which forward service and program keys to authorized user devices 320.” And para. [0046] The user device 320 registers with a Rights Issuer, e.g., the EMS 338, to obtain a Rights Object ("RO") containing encrypted service and/or program keys and related entitlement information. The End User Device's 320 DRM Agent 502 decrypts this information to reveal the SK (subkey) and/or PK. If the rights of the user device 320 match the rules, the DRM Agent 502 then sends the SK and/or PK to an ECM Agent 504 of the user device 320 to expose the TK (session key) encrypted in ECMs, i.e., KSMs, delivered via the broadcast network 322. Accordingly, a decryptor 506 of the user device 320 may then utilize the TK to decrypt the content so that a user device 320 has access to the content.”).

As per claims 4 and 11, the combination of Chen, Winslow and Carroll teach the computer-implemented method of claim 3 and the system of claim 10, respectively, wherein generating the session key further comprises selecting, by the computer processor, a number of bits for each of the plurality of subkeys based at least in part on the desired level of security for the keystream (Winslow, para. [0048] “if Counter Mode AES is to be utilized for encrypting the serial data stream, the serial data may be encrypted in 128-bit (e.g., 16 byte) increments. However, other encryption block/keystream sizes may be used as well depending on the encryption/decryption configuration (e.g., 64-bit increments, 256-bit increments, etc.). When Counter Mode encryption/decryption is utilized, a counter may be used at the encryptor to count the number of blocks that have been encrypted.” And para. [0067] “Sync Data Processing Module 406 may be configured to validate and extract cryptographic synchronization data such as a count value from a framed cryptographic synchronization data message. For example, in addition to the escape sequence and indication of the synchronized count value, the framed cryptographic synchronization message may also include authentication field (e.g., a checksum byte(s), CRC, etc.) in order to allow Serial Decryptor 400 to determine whether the received bytes correspond to a valid framed cryptographic synchronization message. The checksum may be calculated across the count value alone or across the combination of the count value and the escape sequence.” And para. [0069] “If the checksum as determined by Sync Data Processing Module 406 matches the checksum value included in the authentication field of the framed cryptographic synchronization message, Sync Data Processing Module 406 may determine that the count value indicated by the framed cryptographic synchronization message is valid.”). 

As per claims 5, 12 and 18, the combination of Chen, Winslow and Carroll teach the computer-implemented method of claim 1, the system of claim 8 and the computer program product of claim 15, respectively, further comprising: 
encrypting, by the computer processor, the session key using a public key associated with the receiving device to generate an encrypted session key para. [0046] The user device 320 registers with a Rights Issuer, e.g., the EMS 338, to obtain a Rights Object ("RO") containing encrypted service and/or program keys and related entitlement information. The End User Device's 320 DRM Agent 502 decrypts this information to reveal the SK and/or PK. If the rights of the user device 320 match the rules, the DRM Agent 502 then sends the SK and/or PK to an ECM Agent 504 of the user device 320 to expose the TK (encrypted session key) encrypted in ECMs, i.e., KSMs, delivered via the broadcast network 322.”); and 
sending, by the computer processor, the encrypted session key to the receiving device, wherein the receiving device is configured to decrypt the encrypted session key using a private key to obtain the session key and utilize the session key to generate the keystream (Winslow, para. [0026] “data being communicated from Non-Secure Side 114 to Secure Side 108 may be decrypted by Processor 102. In another example, a module within Processor 102 and/or a separate functional block within E/D Device 100, such as Encrypt/Decrypt Engine 120, may perform the encryption and/or decryption. E/D Device 100 may be configured to support Type 1 encryption. E/D Device 100 may be configured to perform symmetric encryption (e.g., uses the same key to encrypt and decrypt), asymmetric encryption (e.g., uses different keys to encrypt and decrypt), public-key encryption (e.g., the publicly known key is used to encrypt and a private key is used to decrypt), manual encryption (e.g., user input may be utilized), transparent encryption (e.g., user input is not utilized), and/or the like. Encryption may be performed on serial data using block ciphers algorithms such as the Advanced Encryption Standard (AES).”).

As per claims 6 and 13, the combination of Chen, Winslow and Carroll teach the computer-implemented method of claim 1 and the system of claim 8, respectively, wherein encrypting the message using the keystream to generate the encrypted message comprises performing, by the computer processor, an exclusive-or (XOR) of the message and the keystream (Winslow, para. [0057] “a first byte of user data may be subject to an Exclusive-Or (XOR) operation with a byte of keystream from the block cipher. For example, the keystream may be produced by using AES in counter mode (e.g., CTR mode) to produce a stream cipher from the AES block cipher.”).

As per claims 7, 14 and 19, the combination of Chen, Winslow and Carroll teach the computer-implemented method of claim 1, the system of claim 8 and the computer program product of claim 15, respectively, further comprising: 
determining, by the computer processor, that a bit length of the message is greater than a bit length of a particular media stream of the plurality of media streams; and concatenating, by the computer processor, at least a portion of the particular media stream with the particular media stream to increase the bit length of the particular media stream to at least the bit length of the message (Winslow, para. [0091] “The serial data to be transmitted may include messages of various lengths. For example, if message length is greater than the size of the keystream generated by a given count value, the encryptor may be unable to send a framed cryptographic synchronization message prior to incrementing the counter to generate additional keystream data. In this case the decryptor may increment its block counter independently by counting received CT bytes as the serial link may maintain the bytes in the same order that they were transmitted. When sufficient time for generating and sending a framed cryptographic synchronization message is available after transmission of the longer message, the encryptor/decryptor can re-synchronize the count values in case there were any transmission errors while the previous count value(s) were being used.”).

As per claim 20, the combination of Chen, Winslow and Carroll teach the computer program product of claim 15, the method further comprising: determining that a bit length of the encrypted message is greater than a bit length of a particular media stream of the plurality of media streams (Winslow, para. [0091] “The serial data to be transmitted may include messages of various lengths. For example, if message length is greater than the size of the keystream generated by a given count value, the encryptor may be unable to send a framed cryptographic synchronization message prior to incrementing the counter to generate additional keystream data.”); 
and concatenating at least a portion of a media stream corresponding to a different index in the database with the particular media stream to increase the bit length of the particular media stream to at least the bit length of the encrypted message (Winslow, para. [0064] “the count value may correspond to a 32-bit counter value that is used as an input to the encryption algorithm in order to produce a keystream of length equal to the block size of the cryptographic block cipher algorithm. Serial Decryptor 400 may be configured to count the number of bytes that are decrypted in order to determine if the count value should be incremented. For example, if 128-bits of keystream are produced by the block cipher for each instance of a count value, then Serial Decryptor 400 may be configured to use a given count value to decrypt 16 bytes of user ciphertext data. Upon decrypting the 16th byte of ciphertext data using keystream bytes generated using a given count value, Serial Decryptor 400 may be configured to increment the count value and use the incremented count value to produce additional bytes of keystream. For example, the incremented count value and nonce may be input to the block cipher with the secret key in order to generate the additional keystream data.”).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US 20170264598 A1 – Symmetrical stream encryption of data
20140304503 A1 – Securing data in motion using a secure data parser.


Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Ali Abyaneh can be reached on (571) 272-7961. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ZOHA PIYADEHGHIBI TAFAGHODI/               Examiner, Art Unit 2437    


/SAMSON B LEMMA/              Primary Examiner, Art Unit 2498