DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  
Office Action is in response to the reply filed by Applicant on 3/12/2021.  No claims were canceled.  Claims 22-24 were added as New.  Claims 1-24 are pending. This Office Action is Final.

Response to Arguments
	Applicant’s arguments with respect to claim(s) 1, 12 and 20 have been considered but are moot because the new ground of rejection does not rely on the same exact rejection of record, which was necessitated by amendments filed by Applicant.



Allowable Subject Matter
Claim 21 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1, 12, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Jannard et al. (“Jannard”, US 2014/0196079), published on July 10, 2014 in view of Handal et al. (“Handal”, US 20130174271), published on July 4 2013 and Kershaw et al. (“Kershaw,” US 2008/0250217), published Oct. 9, 2008.

	Regarding claim 1, Jannard discloses a method operating at a secure processing zone on]] a user device for securing streaming content, the method comprising (Jannard: par. 0005; audiovisual asset [content], which can then be transmitted directly to the device and streamed to the user; par. 0009; audiovisual asset [content] can include a plurality of audiovisual clips; par. 0062; a secure environment which can decrypt):	receiving, in the secure processing zone,a manifest for requested streaming content (Jannard: par. 0037; requests to play an asset [content]; par. 0124; the player decrypts the asset [requested content] using the decrypted content key delivered [received] within an encrypted envelope [manifest]); Par. 0011; streaming audio visual content,   	in which the manifest provides [[multiple bitrates for viewing the requested media stream]], a Content Encryption Key (CEK) that is encrypted using a first public Key Encryption Key (KEK), a corresponding first private KEK being stored in secure storage in the secure processing zone (Jannard: par. 0060; distributor … generate[s] encryption envelope [manifest] for each intended recipient player; first content key K1 [CEK] can be encrypted using a global public key; par. 0060; each player has corresponding private keys and a global private key [KEK] to allow full unwrapping or decryption of the content keys);	decrypting, inside the secure processing zone, the CEK using the first private (Jannard: par. 0062; within the secure environment which can decrypt; asset key [CEK] can be decrypted in the key decrypt module using the global private key [KEK]);	decrypting, inside the secure processing zone, requested the streaming content using the decrypted content key to form decrypted content (Jannard: par. 0062; asset key K1 to be revealed and used in the asset decrypt module to decrypt the asset [content]).
	But fails explicitly teach multiple bitrates for viewing the requested media stream.
	However, in an analogous art Handal teaches multiple bitrates for viewing the requested media stream (Handal, Paragraph 0011 recites “In a still further embodiment, the playlist data includes content accessible by different bitrate streams that are encrypted by different keys.” And Paragraph 0060 recites “ In numerous embodiments, different bitrate streams are encrypted by different keys. This way only subscribers paying for the high quality or HD service will get the keys for the HD bitrate while other customers get only keys to decrypt Standard Definition (SD) content, for example.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date, to use Handal’s device authentication for secure key retrieval for streaming media players with the method of Jannard to include; a decoder in a secure environment because having different bitrates offers the advantage of users who pay for higher definition to have all version of the content per their subscriptions.  
	And fails to teach providing the decrypted content to a decoder inside the secure processing zone.
(Kershaw, Paragraph 0053 recites “Step 100 uses trusted software 82 (MPEG decoder) running in the trusted region 72 to decompress the decrypted compressed data and to write the decompressed data into a decompressed data region 76 which is accessible to the bulk of the non-secure operating system 68. Step 102 then uses a program code within the bulk of the non-secure operating system 68 to render the decompressed data and draw it to, for example, a computer screen.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date, to use Kershaw’s Memory domain based security control with data processing systems with the method of Jannard to include; a decoder in a secure environment because it offers the advantage of trusted decoding. 
	
	Regarding claim 12, claim 12 is directed to a user device to perform the steps claimed in claim 1 (Jannard: abstract; secure module on the player operating in a secure environment; par. 110 user device) Claim 12 is similar in scope to claim 1 and is therefore rejected under similar rationale.

	Regarding claim 20, claim 20 is directed to a non-transitory computer-readable medium to perform the steps claimed in claim 1 (Jannard: par. 0157; software module executed by a processor; can reside in RAM memory, flash memory, ROM memory). Claim 20 is similar in scope to claim 1 and is therefore rejected under similar rationale.

Claims 2 and 22-24 are rejected under 35 U.S.C. 103 as being unpatentable over Jannard, Handal and Kershaw and in further view of Olney et al, (“Olney”, US 2012/0155639).
	
	As per claim 22, Jannard in combination with Handal and Kersahaw teaches the method recited in claim 1, but fails to teach in which the first private KEK in the secure storage is encrypted using a root key that is stored in the secure storage, and the method Includes, prior to decrypting the CEK, decrypting, inside the secure processing zone, the KEK using the root key.
	However, in an analogous art Oney teaches in which the first private KEK in the secure storage is encrypted using a root key that is stored in the secure storage, and the method Includes, prior to decrypting the CEK, decrypting, inside the secure processing zone, the KEK using the root key (Oney, Fig. 3, Paragraph 0045 recites “The client may then obtain its intermediate decryption keys from its scalable root license for decrypting and consuming content associated with its subscription, as indicated at 77.” and Paragraph 0048 recites “Returning to the method of FIG. 3, upon obtaining the desired intermediate decryption key, the content consumption device may then decrypt the encrypted content key, as indicated at 78.”).
	Therefore, it would have been obvious to one of ordinary skill in the art at or before the effective filing date of the claimed invention to combine the teachings of Oney’s encrypted content streaming with the method of Jannard to include because using root keys to decrypt other keys via a license offers the advantage of having additional security for transmitting data.   

	Regarding claim 2, Jannard in combination with Olney Kershaw discloses the method as recited in claim 1, Olney further teaches receiving a firmware-level distribution message containing a first key identification and the first private KEK that is encrypted using the root key stored in the secure storage (Olney, Fig. 3, Paragraph 0045 recites “The client may then obtain its intermediate decryption keys from its scalable root license for decrypting and consuming content associated with its subscription, as indicated at 77.” and Paragraph 0048 recites “Returning to the method of FIG. 3, upon obtaining the desired intermediate decryption key, the content consumption device may then decrypt the encrypted content key, as indicated at 78.”).
	Therefore, it would have been obvious to one of ordinary skill in the art at or before the effective filing date of the claimed invention to combine the teachings of Oney’s encrypted content streaming with the method of Jannard to include because using root keys to decrypt other keys via a license offers the advantage of having additional security for transmitting data.   
	And Jannard further teaches storing the first key identification and the first private KEK in the secure storage (Jannard: par. 0037; appropriate keys can be distributed to the players; par. 0055; using a player identification number; par. 0145; secure module comprises a decryption module configured to use the one or more private encryption keys to decrypt; par. 0149; against a root public key  And see Paragraph 0067).

	Regarding claims 23 and 24, claims 23 and 24 are directed to the user device and a non-transitory medium respectively. Claims 23 and 24 are similar in scope to method of claim 2 and is therefore rejected under similar rationale.

Claims 3-4, 7, 10-11, and 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Jannard, Handal Kershaw and Olney and in further view of Futa et al, (“Futa”, US 2014/0013453), January 9, 2014.

	Regarding claim 3, Jannard in combination with Handal, Kersahaw and Olney discloses the method as recited in claim 2. Jannard and Kershaw does not explicitly disclose further comprising storing the root key in one-time-only storage in the secure processing zone.	However, in an analogous art, Futa teaches further comprising storing the root key in one-time-only storage in the secure processing zone (Futa: par. 0207; controller key and the root public key are written into a non-volatile memory of the controller 900. The non-volatile memory is preferably a write-once memory so as to prevent tampering of the controller key and the root public key).	Therefore, it would have been obvious to one of ordinary skill in the art at or before the effective filing date of the claimed invention to combine the teachings of Futa with the method of Jannard to include; storing the root key in one-time-only storage in the secure processing zone; to provide a means to protect the decryption of encrypted media by using a root key of a device (Futa: par. 0207).

	Regarding claim 4, Jannard in combination with Handal, Kersahaw, Olney and Futa disclose the method as recited in claim 3. Jannard further discloses wherein the firmware-level distribution message comprises a plurality of private KEKs each having a corresponding key identification and storing the plurality of private KEKs and corresponding key identification in the secure storage (Jannard: par. 0037; appropriate keys can be distributed to the players; par. 0055; using a player identification number; par. 0144; non-transitory data storage configured to store one or more private encryption keys configured to decrypt information encoded with corresponding public encryption keys; computing environment and providing restricted access).

	Regarding claim 7, Jannard in combination with Handal, Kersahaw, Olney and Futa  disclose the method as recited in claim 3, Jannard further teaches wherein the CEK, the first private KEK, and the root key are AES-128 keys (Jannard: par. 0055; encoding system 315 can be configured to encrypt media files (e.g., video, audio, subtitles, etc.) using AES128; encoding system 315 can be configured to support public/private key encryption; par. 0067; signing chain can lead back to a root of trust, which can be a root public key present on a player).

	Regarding claim 10, Jannard in combination with Handal, Kersahaw, Olney and Futa disclose the method as recited in claim 3, Jannard further discloses further comprising receiving the manifest from a content control server in a content distribution network (Jannard: par. 0110; user device 925 can also receive the asset from the content distributor's network).

	Regarding claim 11, Jannard in combination with Handal, Kersahaw, Olney and Futa disclose the method as recited in claim 10, Jannard further discloses further comprising receiving the manifest via a security client operating on the user device and outside the secure processing zone (Jannard: par. 0007; access module [security client on user device] can be configured to function within a gateway environment on the player such that the gateway environment passes commands from the access module to the firmware or secure module on the player operating in a secure environment; par. 0124; delivered within an encrypted envelope [manifest]).

	Regarding claim 13, claim 13 is directed to the user device as recited in claim 12. Claim 13 is similar in scope to claim 3 and is therefore rejected under similar rationale.
	
	Regarding claim 14, claim 14 is directed to the user device as recited in claim 13. Claim 14 is similar in scope to claim 7 and is therefore rejected under similar rationale.

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Jannard, Handal, Kershaw, Olney and Futa as applied to claim 3 above, further in view of Pedlow, (“Pedlow”, US 2006/0274898), published on December 7, 2006.
	
	Regarding claim 5, Jannard in combination with Handal, Kersahaw, Olney and Futa disclose the method as recited in claim 3. Jannard, Kershaw and Futa fail to explicitly disclose further receiving  (Pedlow: par. 0045; basic access control system provides for dynamic replacement of the content keys used to encrypt/decrypt; par. 0054; content key pairs are associated with an index identifying a particular content key pair. The key data descriptor structure allows for the en masse replacement of an entire column (even or odd) of content keys in the table associated with a particular encryption phase; Key delivery and CPE authorization is performed through the delivery of an entitlement management message (EMM)).	Therefore, it would have been obvious to one of ordinary skill in the art at or before the effective filing date of the claimed invention to combine the teachings of Pedlow with the method of Jannard and Futa to include, further comprising receiving a replacement message containing the first key identification and a second private KEK encrypted using the root key and replacing the first private KEK with the second private KEK, to provide a means to process replacing keys (Pedlow: par. 0045).

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Jannard, Handal, Kershaw, Olney and Futa as applied to claim 3 above, further in view of Kozuka et al. (“Kozuka”, US 2013/0145481), published on June 6, 2013.

	Regarding claim 6, Jannard in combination with Handal, Kersahaw, Olney and Futa disclose the method as recited in claim 3. Jannard, Kershaw and Futa fail to explicitly disclose further comprising receiving a firmware-level revocation message containing the first key identification and revoking the first private KEK.	However, in an analogous art, Kozuka teaches further comprising receiving a firmware-level revocation message containing the first key identification and revoking the first private KEK (Kozuka: par. 0107; revocation list 612g includes a revocation identifier, associated with the content 611g, that identifies a revoked public key; par. 0291; communications unit 101 receives … the revocation file 242 … from the key issuing device 200 over the network 20. Next, the communications unit 101 writes the received root public key 232 in the root public key storage unit 106. The communications unit 101 also writes the received revocation file 242 in the revocation file storage unit 103).	Therefore, it would have been obvious to one of ordinary skill in the art at or before the effective filing date of the claimed invention to combine the teachings of Kozuka with the method of Jannard and Futa to include, further comprising receiving a revocation message containing the first key identification and revoking the first private KEK, to provide a means to prevent further unauthorized use of protected content (Kozuka: abstract).

Claims 8, 15, and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Jannard, Handal, Kershaw, Olney and Futa as applied to claim 3 above, further in view of Matsuyama et al. (“Matsuyama”, US 2002/0027992), March 7, 2002.

	Regarding claim 8, Jannard in combination with Handal, Kersahaw, Olney and Futa disclose the method as recited in claim 3, Jannard, Kershaw and Futa fail to explicitly disclose further comprising mutually authenticating the user device with a digital rights management server using a secure connection.	However, in an analogous art, Matsuyama teaches mutually authenticating the user device with a digital rights management server using a secure connection (Matsuyama: par. 0035; content distribution system performs mutual authentication upon performing data transmission between the distributing and receiving devices).	Therefore, it would have been obvious to one of ordinary skill in the art at or before the effective filing date of the claimed invention to combine the teachings of Matsuyama with the method of Jannard and Futa to include mutually authenticating the user device with a digital rights management server using a secure connection; to provide a means to provide a secure connection with a DRM (Matsuyama: par. 0035).

	Regarding claim 15, claim 15 is directed to the user device as recited in claim 14. Claim 15 is similar in scope to claim 8 and is therefore rejected under similar rationale.
	
	Regarding claim 17, Jannard in combination with Handal, Kersahaw, Olney,  Futa and Matsuyama disclose the user device as recited in claim 15. Jannard teaches further comprising a security client embedded in the content request application, the security client configured to receive the manifest file from a content control server in a content distribution network and  (Jannard: par. 0068; once it has been verified that playback of a piece of content is permitted by a DRM license, the content key K1 embedded with the license can be extracted; par. 0138; a license can be further restricted and embedded in a new license, then signed a second time to validate that the player, access module, and/or asset server enforce the rules and restrictions).

	Regarding claim 18, Jannard in combination with Handal, Kersahaw, Olney, Futa and Matsuyama disclose the user device as recited in claim 15, Jannard further discloses further comprising instructions in the content request application that communicate with a security client that resides on a network server (Jannard: par. 0007; a content delivery network provider can use [communicate with] the systems and methods provided herein to provide an access module residing within the network-connected audiovisual player).

	Regarding claim 19, claim 19 is directed to the user device as recited in claim 15. Claim 19 is similar in scope to claim 10 and is therefore rejected under similar rationale.

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Jannard, Handal, Kershaw, Olney and Futa as applied to claim 3 above, further in view of Van Brandenburg et al. (“VanBrandenburg”, US 2016/0198202), July 7, 2016.

	Regarding claim 9, Jannard in combination with Handal, Kersahaw, Olney and Futa disclose the method as recited in claim 3. Jannard, Kershaw and Futa fail to explicitly disclose further comprising  (VanBrandenburg: par. 0075; client and a delivery node may be configured to communicate with each other on the basis of an adaptive streaming protocol, e.g., such as Apple HTTP Live Streaming, Progressive Download and Dynamic Adaptive Streaming over HTTP] and MPEG Dynamic Adaptive Streaming over HTTP [MPEG DASH ISO/IEC 23001-6]).	Therefore, it would have been obvious to one of ordinary skill in the art at or before the effective filing date of the claimed invention to combine the teachings of VanBrandenburg with the method of Jannard and Futa to include; receiving the requested content using one of HTTP Live Streaming (HLS) and Dynamic Adaptive Streaming over HTTP (DASH) protocol; to provide a means to provide a means for utilizing standard content streaming protocols (VanBrandenburg: par. 0075).

Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Jannard, Handal, Kershaw, Olney and Futa as applied to claim 3 above, further in view of Matsuyama et al. (“Matsuyama”, US 2002/0027992), March 7, 2002, further in view of Devadas et al. (“Devadas”, US 2006/0210082), published on September 21, 2006.
	
	Regarding claim 16Jannard in combination with Handal, Kersahaw, Olney, Futa and Matsuyama disclose the user device as recited in claim 15. Jannard, Futa and Matsuyama fail to explicitly disclose wherein the secure processing zone is ARM TrustZone.	However, in an analogous art, Devadas teaches the secure processing zone is ARM TrustZone (Devadas: par. 0073; existing or proposed digital rights management systems offered by private third parties or promoted by industry alliances including systems for trustworthy computing and digital certificate schemes that utilize keys created or stored in hardware for purposes such as authentication, computer resource management, encryption, end-user privacy protection, and general digital rights management (for example, Microsoft DRM, ARM’s TrustZone).	Therefore, it would have been obvious to one of ordinary skill in the art at or before the effective filing date of the claimed invention to combine the teachings of Devadas with the method of Jannard, Futa and Matsuyama to include, wherein the secure processing zone is ARM TrustZone, to provide a means to utilize techniques for trustworthy computing of existing or proposed digital rights management systems offered by private third parties or promoted by industry alliances (Devadas: par. 0073).

	Conclusion
	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

	Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODERICK TOLENTINO whose telephone number is (571)272-2661.  The examiner can normally be reached on Mon- Fri 8am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


RODERICK . TOLENTINO
Examiner
Art Unit 2439



/RODERICK TOLENTINO/Primary Examiner, Art Unit 2439