DETAILED ACTION
1. 	This Non-Final Office Action is in response to application filed on 12/16/2019.  	Claims 1-20 are being considered on the merits. 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Drawings
2. 	The drawings filed on 12/16/2019 are accepted. 
Information Disclosure Statement
3.	The information disclosure statements (IDS) submitted on 06/05/2020 and 10/27/2020 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, initialed and dated copies of the Applicant’s IDS forms 1449 filed on 06/05/2020 and 10/27/2020 are attached to this office action. 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



4.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub No. US 2015/0365520 A1 to Bennett, (hereinafter, “Bennett”) in view of US Pub. No. US 2018/0184351 A1 to Voloshin,(hereinafter, “Voloshin”) and in further view of US Pub. No. US 2019/0095655 A1 to Krawczewicz, (hereinafter, “Kraw”). 

As per claim 1, Bennett teaches a method for preserving evidence obtained from a mobile bug during a one-way communications session, the method comprising: 
receiving, at a mobile bug, a request to establish a one-way communications session responsive to receiving the request (Bennett, para. [0031] “an agency may desire to intercept audio on a source device that is placing a call to a target device by utilizing a virtual number. A covert application (mobile bug) for intercepting audio communications on the source device with a virtual number is provided to the source device. The covert application detects outbound connection requests on the source device to the target device and terminates the connection requests for replacement with connections routed through a virtual number. The covert application terminates an outbound connection request such that the outbound connection request attempted by the source device continues to appear in progress. The covert application transmits data about the attempted outbound connection request such as the number of the target device the source device attempted to communicate with to the agency service. In turn, the covert application receives a ready acknowledgement (ACK) from the agency service and covertly initiates an outbound connection request to the virtual number through which communications between the source device and target device are established.”), 
transmitting data to a database for storage while refraining from storing the transmitted data subsequent to the transmission of the data (Bennett, para. [0042] “The source device may subsequently transmit all or a portion of the collected real-time data and communications audio over existing channels (e.g., a network) back to the agency, agency service or another entity. Embodiments of the agency, agency service and/or other entities within the covert on device monitoring system receive the collected data for storage and/or live streaming to agent devices and records. Depending on the embodiment, the agent devices are further configured to access and present (e.g., play and/or display) a variety of the real-time and historical data stored on or streamed by the source device on the network in addition to inviting source devices to participate in the covert on device monitoring system.”); 
detecting a request for the data stored at the mobile bug (Bennett, para. [0180] “The covert application 141 monitors the source device 105 to detect 1010 instances of new inbound or outbound messages on the source device to/from target devices. For example, the covert application may compare sender and intended recipient information of a detected message with target device information stored in a local database (e.g., received from the agency service 115 based on target device—source device mapping) to determine whether to provide the message to the agency service 115. Alternatively, the covert application may receive an instruction to provide all detected inbound/outbound messages to the agency service.”); and 
responsive to detecting the request for the data stored at the mobile bug: transmitting the data to the database (Bennett, para. [0181] “The covert application 141 may package and encrypt the message contents and information about the message such as send/receive times, the source device, the target device, and a location of the source device. The covert application 141 transmits 1020 the package to the agency service 115.”); and 
deleting the data from the mobile bug (Bennett, para. [0084] “The agency service 115 ensures that it, and the provider 127, do not possess data collected by source devices 105 or from a virtual number beyond the time needed to facilitate transfer. However, in mission critical situations, agents and other agency 110 personnel cannot rely only on the availability of the appliance 150 for storing and maintaining collected data. Consequently, if the appliance 150 is unable to take possession of the collected data or go offline during transfer, the agency service 115 and/or the provider 127 may maintain possession of the collected data until the appliance 150 is functioning. Furthermore, the agency service 115 and/or provider 127 may determine whether checksums, hashes or sizes of transferred data match the appliance's 150 version prior to deleting stored data.”).
Bennett teaches all the limitations of claim 1 above, however fails to explicitly teach but Voloshin teaches:
detecting a deterioration in the one-way communications session that prevents, at least in part, the transmission of the data (Voloshin, para. [0114] “when an outgoing call is observed to get disconnected after a very short duration and a repeat of the outgoing call is made almost immediately after the disconnection, the calls may be identified as low/bad quality call, using this as a bad quality indicator. In one embodiment, a connection that ends in time period of 5 minutes may be considered as a threshold for a short call, an interval period of about 2 minutes between call attempts may be considered as a threshold for redial, i.e., if redial attempt was made in 2 minutes after short call was finished the redial attempt may be considered as low quality indicator, etc…if the process to try and make a connection with the called subscriber (receiver) is terminated then the connection may never happen. Accordingly, in one embodiment, the designated computer software is programmed to delete all the routes that were used to reach this particular subscriber (group) from the list of low quality routes. In a next step 446 the event of step 444 is logged and all the data regarding the situation and the called subscriber are entered into the “not possible to select a high quality route” list. This list may be made available to the system operator (administrator) who can take actions to prevent such situations in the future, for example, add more possible routes to the list of allowed routes for reaching this subscriber.”); 
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Voloshin’s communication system into (Voloshin, para. [0004]). 
The combination of Bennett and Voloshin teaches all the limitations of claim 1 above, however fails to explicitly teach but Kraw teaches:
responsive to detecting the deterioration, while the deterioration is detected, storing the data at the mobile bug in an encrypted format (Kraw, para. [0069] “Not only does the trusted display 260 provide user feedback while secure processes are being executed but also it provides instant notices if any attacks or policy breaches occur. For example, if a data breach attempt by a hacker occurs in the hardware/firmware of the crypto module, the display will automatically generate a message. The crypto module can actively respond to a data breach by terminating all trusted processes, make sure that any unprotected private data is encrypted and stored, erase unprotected keys, and block any further requests for trusted processes.”); 
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kraw’s cryptographic security module into Voloshin’s communication system and Bennett’s covert device communication monitoring, with a motivation to protect sensitive data from unauthorized access or attacks (Kraw, para. [0013]). 

As per claims 2 and 12, the combination of Bennett, Voloshin and Kraw teach the method of claim 1 and the non-transitory computer-readable medium of claim 11, respectively, wherein the data comprises at least one of audio data, video data, multimedia data, location data, and biometric data (Bennett, para. [0028] “the covert application intercepts communications by monitoring for audio on a traditional wireless telephonic communication channel between the source device and target device and establishing a separate VOIP communication channel with a VOIP endpoint for transmitting the audio from the traditional communication channel and that may be monitored by the agent or agency service.”).
As per claims 3 and 13, the combination of Bennett, Voloshin and Kraw teach the method of claim 1 and the non-transitory computer-readable medium of claim 11, respectively, wherein the detecting the deterioration comprises detecting a break in the communications session due to an inability for the mobile bug to continue accessing the network during the one-way communications session (Bennett, [0106] “the connection module 205 requests recorded audio from the recording module 230 once the VOIP connection is established and transmits the recorded over the VOIP connection. In another embodiment, the connection module 205 accesses line audio from the call and transmits the audio over the VIOP connection to the endpoint. The connection module 205 detects termination of the communications between the source device and the target device and instructs the recording module to stop the recording. Additionally, when the connection module 205 detects the source device has access to a WiFi or other high-speed connection (e.g., 4G LTE), it may establish a connection with the agency service 115 to upload any high-quality versions of communications recordings stored at the recording module 230 (as the recording module may downsample recorded audio provided to the connection module 205 for transmission over VOIP connections).”), and 
wherein detecting the request for the data stored at the mobile bug comprises detecting a reestablishment request for the one-way communications session based on the break being repaired (Bennett, para. [0098] “the connection module 205 may provide information about communications to/from and attempts thereof on the source device to the agency service 115 separate from intercepting conversations on the source device. For example, once the registration module 225 verifies access to the call log, the connection module 205 may detect new call log entries and transmit information about the entries including data/time of the entry and the parties to the agency service 115.”).
As per claims 4 and 14, the combination of Bennett, Voloshin and Kraw teach the method of claim 1 and the non-transitory computer-readable medium of claim 11, respectively, wherein detecting the deterioration comprises detecting a network issue that prevents a first portion of the data from being transmitted to the database, but does not prevent a second portion of the data from being transmitted to the database (Bennett, para. [0139] “the covert application 141 checks to see if the outbound connection request is to a target device 107 before terminating 610 the connection request based on agreement of the dialed transmitting number (or selected contact) with target device information stored in a mapping table.” And para. [0140] “The covert application 141 transmits 615 data about the attempted outbound connection request such as the number of the target device and a source device identifier to the agency service 115. In one embodiment, the covert application 141 waits to receive 620 a ready acknowledgement (ACK) from the agency service notifying the covert application 141 that a virtual number associated with the source device is ready to receive a connection request from the source device. The covert application 141 may store information about the virtual number to request the connection with locally. In other embodiments, the ready ACK may include information about the virtual number the covert application 141 should initiate the connection request with. In the background, the agency service 115 utilizes the provided information about the target device to initiate a connection request to the target device from the virtual number such that it appears to originate from the source device.” and para. [0141] “The covert application 141 initiate 625 a new (replacement) outbound connection request to the virtual number. Throughout the process, the covert application 141 maintains the display of the dialing screen uninterrupted with the original outbound connection request information. In turn, when the covert application 141 detects connection to the virtual number (and/or the target device via the virtual number), the covert application 141 causes the source device 105 to display a connected screen with the information about the outbound connection request (e.g., the transmitting number and/or contact information) instead of that for the virtual number.” And para. [0142] “The covert application 141 modifies 630 call history on the source device 105 to scrub traces of termination of the original outbound connection request and subsequent establishment of the replacement connection with the virtual number. Thus, for example, the covert application 141 modifies 630 the call history to indicate that the target number, not the virtual number was dialed and updates communication session details (e.g., a duration) for the terminated outbound connection request with those from the communication session with the virtual number.”), and 
wherein the method further comprises, further responsive to detecting the deterioration, transmitting the second portion of the data to the database (Bennett, para. [0110] “The GPS module 210 monitors source device 105 location (e.g., as determined through GPS and/or WiFi location identification on the device) associated with intercepted communications. The GPS module 210 may append GPS data to transmissions from the covert application 141 (and/or transmit GPS data separately with identification information for the source device and the associated communication) to the agency service 115 to indicate current location of the source device when the source device communicates with a target device.”).
As per claims 5 and 15, the combination of Bennett, Voloshin and Kraw teach the method of claim 4 and the non-transitory computer-readable medium of claim 14, respectively, wherein storing the data at the mobile bug in the encrypted format comprises storing the first portion of the data in the encrypted format while refraining from storing the second portion of the data in the encrypted format (Kraw, para. [0069] “Not only does the trusted display 260 provide user feedback while secure processes are being executed but also it provides instant notices if any attacks or policy breaches occur. For example, if a data breach attempt by a hacker occurs in the hardware/firmware of the crypto module, the display will automatically generate a message. The crypto module can actively respond to a data breach by terminating all trusted processes, make sure that any unprotected private data is encrypted and stored, erase unprotected keys, and block any further requests for trusted processes. In essence, the trusted display provides feedback to the user of a tamper event.” And para. [0176] “very secure transaction between the CM and smartphone, generates a secure audit log (724). This provides the ability of the smartphone to be completely detached from the outside world (such as in a secure facility) yet still be able to execute a secure application locally. Each CM/smartphone one-time key, random number, time/data stamp, and event summary is recorded in a write-only secure log file. This file can store this audit information and make it available at a later time to an authorized Cryptographic Administrator (CA).”).
As per claims 6 and 16, the combination of Bennett, Voloshin and Kraw teach the method of claim 4 and the non-transitory computer-readable medium of claim 14, respectively, wherein storing the data at the mobile bug in the encrypted format comprises storing both the first portion of the data and the second portion of the data in the encrypted format (Kraw, para. [0069] “if a data breach attempt by a hacker occurs in the hardware/firmware of the crypto module, the display will automatically generate a message. The crypto module can actively respond to a data breach by terminating all trusted processes, make sure that any unprotected private data is encrypted and stored, erase unprotected keys, and block any further requests for trusted processes.” And para. [0282] “sensitive data is segmented and move only after the MC/R cryptographic algorithm is executed successfully. The potential attack surface is greatly reduced with this method.”).

As per claims 7 and 17, the combination of Bennett, Voloshin and Kraw teach the method of claim 1 and the non-transitory computer-readable medium of claim 11, respectively, wherein the encrypted format renders the stored data unreadable by the mobile bug (Kraw, para. [0179] “Yet another capability of the CM with a trusted NFC interface is secure zeroization of sensitive data written to volatile memory or registers (728). One security capability this provides is the user's ability to immediately and securely clear all sensitive data and processing, securely closing a trusted app, or prevent residual data from being serendipitously being read at a later point in time. To circumvent known vulnerabilities in residual retention of the most recent data in volatile memory, algorithms over-write the memory with certain data patterns to obfuscate residual data when power is removed.”).
As per claims 8 and 18, the combination of Bennett, Voloshin and Kraw teach the method of claim 1 and the non-transitory computer-readable medium of claim 11, respectively, wherein the encrypted format renders the stored data readable by the mobile bug for a predefined period of time (Kraw, para. [0073] “the user's electronically stored role, access privileges, and time-bounded access information can be scrolled on the segmented display to provide the verifier more granular data. Scrolling data on the segmented CM display 260 can provide any type of more detailed sensitive user data without exposing the data by printing it on the card. This type of data includes, social security number, date of birth, blood type, rank in military, country of citizenship provide, immunizations, special access privileges, vehicle registration, and more.”), and 
wherein the method further comprises: determining whether the predefined period of time has lapsed (Voloshin, para. [0087] “Once the onward calling device 110 and the receiving device 112 are connected, in one embodiment, the connection may continue for a sufficient time period, for example, route 116. After the connection is discontinued the onward user may make no further attempt to connect with the receiving user. In certain embodiments, the communication computing system may generate a subscriber ID of the receiving user (called subscriber) and mark the good quality route for future connections with the receiving user. In another embodiment, the onward call, routed, for example, via route 118, may get disconnected within a short interval/duration. It may be appreciated by a person with ordinary skill in the art, in light of and in accordance with the teachings of the present invention, that the short interval/time duration may depend on the route that is being attempted to be established between the onward calling device and the receiving device. In an exemplary embodiment, the short interval/time duration may include but not be limited to a time period of about 2 minutes to about 5 minutes. In various embodiments, the call may be disconnected due to reasons including but not limited to “no connection was established”, “the onward user cannot hear the receiving user”, “the receiving user cannot hear the onward caller”, “unintelligible audibility”, “interrupted sound”, “voice latencies”, “call drops”, “bugs in the network used by the onward calling device”, etc. . . . .Accordingly the onward user may use the onward calling device 112 and make an attempt to reestablish the connection with the receiving user within a short interval/duration. In this embodiment, the communication computing system 114 may treat this as a low/bad quality route 118 and capture the route details in a database”); and responsive to determining that the predefined period of time has lapsed, transcoding the stored data to another encrypted format that renders the stored data unreadable by the mobile bug (Bennett, para. [0084] “the agency service 115 ensures that it, and the provider 127, do not possess data collected by source devices 105 or from a virtual number beyond the time needed to facilitate transfer. However, in mission critical situations, agents and other agency 110 personnel cannot rely only on the availability of the appliance 150 for storing and maintaining collected data. Consequently, if the appliance 150 is unable to take possession of the collected data or go offline during transfer, the agency service 115 and/or the provider 127 may maintain possession of the collected data until the appliance 150 is functioning. Furthermore, the agency service 115 and/or provider 127 may determine whether checksums, hashes or sizes of transferred data match the appliance's 150 version prior to deleting stored data.”).
As per claims 9 and 19, the combination of Bennett, Voloshin and Kraw teach the method of claim 1 and the non-transitory computer-readable medium of claim 11, respectively, wherein the request for the data stored at the mobile bug comprises a deactivation request for the one-way communications session (Bennett, para. [0096] “the agency service 115 may transmit instructions to the registration module 225 to disable covert application 141 functions or uninstall itself from the source device 105. Hence, when an agency no longer needs to monitor the source device 105, monitoring functionality on the source device 105 may be disabled remotely. In some instances, the registration module 225 may initiate a timer corresponding to the duration for which a service or target should be monitored. When the timer expires, the registration module 225 may automatically unregister the source device 105 causing the covert application 141 to deactivate and optionally uninstall itself from the device.”).
As per claims 10 and 20, the combination of Bennett, Voloshin and Kraw teach the method of claim 9 and the non-transitory computer-readable medium of claim 19, respectively, wherein the deactivation request is initiated by the mobile bug (Bennett, para. [0089] “the agency service 115 may communicate with the registration module 235 remotely to activate/deactivate specific modules, add new modules (such as GPS tracking function), change the virtual number, or modify other configuration aspects. Hence, after registration, the protection module 220 may be executed to ensure that the function and execution of the covert application 141 to intercept communications on the source device 105 is hidden from any user.”).
As per claim 11, Bennett teaches a non-transitory computer-readable medium comprising instructions encoded thereon for preserving evidence obtained from a mobile bug during a one-way communications session, the instructions, when executed by one or more processors, causing the one or more processors to perform operations the instructions comprising instructions to: 
receive, at a mobile bug, a request to establish a one-way communications session responsive to receiving the request (Bennett, para. [0031] “an agency may desire to intercept audio on a source device that is placing a call to a target device by utilizing a virtual number. A covert application (mobile bug) for intercepting audio communications on the source device with a virtual number is provided to the source device. The covert application detects outbound connection requests on the source device to the target device and terminates the connection requests for replacement with connections routed through a virtual number. The covert application terminates an outbound connection request such that the outbound connection request attempted by the source device continues to appear in progress. The covert application transmits data about the attempted outbound connection request such as the number of the target device the source device attempted to communicate with to the agency service. In turn, the covert application receives a ready acknowledgement (ACK) from the agency service and covertly initiates an outbound connection request to the virtual number through which communications between the source device and target device are established.”), 
transmit data to a database for storage while refraining from storing the transmitted data subsequent to the transmission of the data (Bennett, para. [0042] “The source device may subsequently transmit all or a portion of the collected real-time data and communications audio over existing channels (e.g., a network) back to the agency, agency service or another entity. Embodiments of the agency, agency service and/or other entities within the covert on device monitoring system receive the collected data for storage and/or live streaming to agent devices and records. Depending on the embodiment, the agent devices are further configured to access and present (e.g., play and/or display) a variety of the real-time and historical data stored on or streamed by the source device on the network in addition to inviting source devices to participate in the covert on device monitoring system.”); 
detect a connection (Bennett, para. [0180] “The covert application 141 monitors the source device 105 to detect 1010 instances of new inbound or outbound messages on the source device to/from target devices. For example, the covert application may compare sender and intended recipient information of a detected message with target device information stored in a local database (e.g., received from the agency service 115 based on target device—source device mapping) to determine whether to provide the message to the agency service 115. Alternatively, the covert application may receive an instruction to provide all detected inbound/outbound messages to the agency service.”); and 
responsive to detecting the connection, transmit the data to the database (Bennett, para. [0181] “The covert application 141 may package and encrypt the message contents and information about the message such as send/receive times, the source device, the target device, and a location of the source device. The covert application 141 transmits 1020 the package to the agency service 115.”).
Bennett teaches all the limitations of claim 11 above, however fails to explicitly teach but Voloshin teaches:
detect a deterioration in the one-way communications session that prevents, at least in part, the transmission of the data (Voloshin, para. [0114] “when an outgoing call is observed to get disconnected after a very short duration and a repeat of the outgoing call is made almost immediately after the disconnection, the calls may be identified as low/bad quality call, using this as a bad quality indicator. In one embodiment, a connection that ends in time period of 5 minutes may be considered as a threshold for a short call, an interval period of about 2 minutes between call attempts may be considered as a threshold for redial, i.e., if redial attempt was made in 2 minutes after short call was finished the redial attempt may be considered as low quality indicator, etc…if the process to try and make a connection with the called subscriber (receiver) is terminated then the connection may never happen. Accordingly, in one embodiment, the designated computer software is programmed to delete all the routes that were used to reach this particular subscriber (group) from the list of low quality routes. In a next step 446 the event of step 444 is logged and all the data regarding the situation and the called subscriber are entered into the “not possible to select a high quality route” list. This list may be made available to the system operator (administrator) who can take actions to prevent such situations in the future, for example, add more possible routes to the list of allowed routes for reaching this subscriber.”); 
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Voloshin’s communication system into Bennett’s covert device communication monitoring, with a motivation to improve quality of communications (Voloshin, para. [0004]). 
The combination of Bennett and Voloshin teaches all the limitations of claim 11 above, however fails to explicitly teach but Kraw teaches:
responsive to detecting the deterioration, while the deterioration is detected, store the data at the mobile bug in an encrypted format (Kraw, para. [0069] “Not only does the trusted display 260 provide user feedback while secure processes are being executed but also it provides instant notices if any attacks or policy breaches occur. For example, if a data breach attempt by a hacker occurs in the hardware/firmware of the crypto module, the display will automatically generate a message. The crypto module can actively respond to a data breach by terminating all trusted processes, make sure that any unprotected private data is encrypted and stored, erase unprotected keys, and block any further requests for trusted processes.”); 
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kraw’s cryptographic security module into Voloshin’s communication system and Bennett’s covert device communication monitoring, with a motivation to protect sensitive data from unauthorized access or attacks (Kraw, para. [0013]). 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US 20190035242 A1 – Next generation monitoring system.
US 20050047570 A1 – Virtual private switched telecommunications network.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZOHA P TAFAGHODI whose telephone number is (571)272-5199.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

/ZOHA PIYADEHGHIBI TAFAGHODI/Examiner, Art Unit 2437  

/KRISTINE L KINCAID/Supervisory Patent Examiner, Art Unit 2437