DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Specification
The disclosure is objected to because of the following informalities: Regarding Para. 1, line 2—“U.S. Patent No._________”, the blank should be filled-in.  
Appropriate correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 7, 9-13, 15-17, 19, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Safadi et al. (US 2003/0126608 A1) in view of Hulse et al. (US 2012/0030706 A1).
Regarding claim 1, Safadi teaches a method, comprising: 
at a headend of a video programming distributor, e.g. a head-end (Fig. 1), hosting a…virtual set-top application, e.g. a DRM proxy device that receives content requests from the consumer device and retrieves the corresponding content for delivery to the user; the DRM proxy receives the requested content as if it were the consumer device (Fig. 1, el. 120; Para. 22, 23), each virtual set-top application corresponding to a client device, e.g. a consumer device (Fig. 1, el. 200):  
at a first virtual set-top application…the first virtual set-top application corresponding to a first client device:  receiving encrypted content from a content provider, wherein the content provider is distinct from the video programming distributor, e.g. receiving, by the DRM proxy device, the requested content from the content provider, wherein the content is encrypted at the content provider (Fig. 1, el. 52; Para. 22); 
decrypting the encrypted content in accordance with a first Digital Rights Management (DRM) protocol used by the content provider, e.g. decrypting, by the processor, the received content, wherein the received content is encrypted with the content provider DRM scheme (Para. 20-22); 
…generate a new data stream, e.g. encapsulating, by the processor, the content, gaining access to the content after decryption, or providing the decrypted content for encryption (Para. 14, 15, 22);
at a video programming distributor network, e.g. a headend network (Fig. 1, el. 60) that includes a headend processing system (Fig. 1, el. 100): 
determining a second DRM protocol compatible with the first client device, e.g. repackaging, at the processor, the content with the native DRM scheme for secure delivery to the consumer device (Para. 21, 22); 
encrypting, via a conditional-access encoder, e.g. a headend processor, wherein the DRM proxy device and the headend processor may be separate devices located at different locations in the headend (Fig. 1, el. 110; Para. 22, 23), the new data stream using the second DRM protocol compatible with the first client device, e.g. repackaging, at the processor, the content with the native DRM scheme for secure delivery to the consumer device (Para. 22); DRM may comprise encrypting of the streaming media content for secure delivery (Para. 20); and 
transmitting, to the first client device, the data as encrypted by the conditional-access encoder, e.g. transmitting, by the DRM proxy device, the encrypted content to the consumer device (Para. 12, 22).
Safadi does not clearly teach at a headend of a video programming distributor hosting a plurality of virtual set-top applications, each virtual set-top application corresponding to a client device:  at a first virtual set-top application of the plurality of virtual set-top applications, the first virtual set-top application corresponding to a first client device; and at a first virtual set-top application of the plurality of virtual set-top applications, the first virtual set-top application corresponding to a first client device: decrypting the encrypted content in accordance with a first Digital Rights Management (DRM) protocol used by the content provider; and modifying the decrypted content, including blending a user-interface overlay, provided by a playback application executing at the headend of the video programming distributor, with the decrypted content to generate a new data stream.
Hulse teaches at a headend of a video programming distributor, e.g. a digital content delivery system (Fig. 1, el. 100), hosting a plurality of virtual set-top applications, e.g. a VSTB server includes multiple VSTB instances (Fig. 1, el. 108; Fig. 3, el. 300; Para. 25),
each virtual set-top application corresponding to a client device:  at a first virtual set-top application of the plurality of virtual set-top applications, the first virtual set-top application corresponding to a first client device, e.g. a television (Fig. 1, el. 104A-104C), a given VSTB instance will generate a video stream targeting a specific device (Para. 27): 
receiving encrypted content from a content provider, wherein the content provider is distinct from the video programming distributor, e.g. receiving digital television channel broadcasts from a linear TV server, wherein the linear TV server receives the content from a content provider and wherein the content may be encrypted by the content provider (Para. 26, 51); 
decrypting the encrypted content in accordance with a first…protocol used by the content provider, e.g. decrypting the content by the VSTB instance (Para. 28, 29, 33, 51); 
modifying the decrypted content, including blending a user-interface overlay, provided by a playback application executing at the headend of the video programming distributor, with the decrypted content to generate a new data stream, e.g. shaping the raw frames for output, such as deinterlacing and scaling (Para. 51); overlaying or compositing a graphical user interface with the decoded and processed video stream (Para. 52), wherein a UI server provides the virtual user interfaces (VUIs) to the VSTB instances via Virtual Network Computing (VNC) sessions using VNC clients that are part of the VSTB instances (Para. 34, 35); and 
at a video programming distributor network, e.g. a digital content delivery system (Fig. 1, el. 100): 
determining a second DRM protocol compatible with the first client device, e.g. encrypting the content and graphical user interface using a DRM mechanism compatible with the target device (Para. 52, 54); 
encrypting, via a conditional-access encoder, the new data stream using the second DRM protocol compatible with the first client device, e.g. encrypting the content and graphical user interface using a DRM mechanism compatible with the target device (Para. 52, 54); and 
transmitting, to the first client device, the data as encrypted by the conditional-access encoder, e.g. sending the encrypted content directly to the target device or via an edge QAM muxer (Para. 41, 52, 54).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Safadi to include at a headend of a video programming distributor hosting a plurality of virtual set-top applications, each virtual set-top application corresponding to a client device:  at a first virtual set-top application of the plurality of virtual set-top applications, the first virtual set-top application corresponding to a first client device; and at a first virtual set-top application of the plurality of virtual set-top applications, the first virtual set-top application corresponding to a first client device: decrypting the encrypted content in accordance with a first Digital Rights Management (DRM) protocol used by the content provider; and modifying the decrypted content, including blending a user-interface overlay, provided by a playback application executing at the headend of the video programming distributor, with the decrypted content to generate a new data stream, using the known method of utilizing a VSTB instance at a VSTB server to receive encrypted content, and decrypt the content and to encrypt the content and a graphical user interface using a DRM mechanism compatible with the target device and transmit the encrypted content to the target device, as taught by Hulse, in combination with the content delivery security system of Safadi, for the purpose of improving system efficiency and eliminating the cost of a conventional set-top box (Hulse-Para. 15).

Regarding claim 7, Safadi in view of Hulse teaches all elements of claim 1.
Safadi further teaches wherein receiving the encrypted content, decrypting the encrypted content…are performed in a secure application server at a central location, e.g. the DRM proxy device and processor may be located at different locations in the headend as separate devices, may be combined in a single device, or may be embodied in various combinations of hardware, software, and firmware (Fig. 1, el. 100, 110, 120; Para. 23), wherein the headend operates within a walled garden (Fig. 1, el. 25; Para. 19, 40).
Safadi does not clearly teach the method of claim 1, wherein receiving the encrypted content, decrypting the encrypted content, and modifying the decrypted content are performed in a secure application server at a central location.
Hulse teaches wherein receiving the encrypted content, decrypting the encrypted content, and modifying the decrypted content are performed in a secure application server at a central location, e.g. the VSTB server includes the multiple VSTB instances and is located (Fig. 1, el. 108; Fig. 3, el. 300; Para. 25).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Safadi to include wherein receiving the encrypted content, decrypting the encrypted content, and modifying the decrypted content are performed in a secure application server at a central location, as taught by Hulse, using the same motivation as in claim 1.

Regarding claim 9, Safadi in view of Hulse teaches the method of claim 1, wherein receiving the encrypted content from the content provider comprises receiving the encrypted content from a content-distribution network associated with the content provider, e.g. the streaming media content may be provided by content providers 50, 52 (Safadi-Fig. 1, el. 50, 52; Para. 11); wherein the content from content provider 52 may be secured by a DRM scheme (Safadi-Para. 20, 21); wherein the external network may comprise the Internet (Safadi-Fig. 1, el. 20, 50; Para. 31).

Regarding claim 10, Safadi in view of Hulse teaches the method of claim 9, wherein the encrypted content is received from the content-distribution network via the Internet, e.g. the streaming media content may be provided by content providers 50, 52 (Safadi-Fig. 1, el. 50, 52; Para. 11); wherein the content from content provider 52 may be secured by a DRM scheme (Safadi-Para. 20, 21); wherein the external network may comprise the Internet (Safadi-Fig. 1, el. 20, 50; Para. 31).

Regarding claim 11, Safadi in view of Hulse teaches the method of claim 1, wherein the encrypted content comprises encrypted video, e.g. providing streaming media in an existing video delivery system (Safadi-Para. 10), wherein streaming media is a technology used to deliver multimedia information, such as audio or video (Safadi-Para. 2);
Also note Hulse discloses the VSTB instance generates a media stream which may include either or both of audio and video components (Para. 21) and encryption may be originally applied to the stream by the content provider (Para. 26).

Regarding claim 12, Safadi in view of Hulse teaches all elements of claim 11.
Safadi does not clearly teach the method of claim 11, wherein the method further comprises processing the decrypted content to scale the video to fit a window of a screen.
Hulse teaches wherein the method further comprises processing the decrypted content to scale the video to fit a window of a screen, e.g. the VSTB may scale streams into variable-sized windows (Para. 17); scaling the video to appear within a window (Para. 52).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Safadi to include wherein the method further comprises processing the decrypted content to scale the video to fit a window of a screen, as taught by Hulse, using the same motivation as in claim 1.

Regarding claim 13, Safadi in view of Hulse teaches the method of claim 1, wherein the video programming distributor is a cable-TV company or a satellite-TV company, e.g. wherein the existing video delivery system may comprise a cable video delivery system or a satellite video delivery system (Safadi-Para. 28).

Regarding claim 15, Safadi in view of Hulse teaches the method of claim 1, wherein the encrypted content comprises encrypted audio, e.g. providing streaming media in an existing video delivery system (Safadi-Para. 10), wherein streaming media is a technology used to deliver multimedia information, such as audio or video (Safadi-Para. 2);
Also note Hulse discloses the VSTB instance generates a media stream which may include either or both of audio and video components (Para. 21) and encryption may be originally applied to the stream by the content provider (Para. 26).

Regarding claim 16, Safadi in view of Hulse teaches the method of claim 1, wherein the encrypted content comprises an encrypted image, e.g. providing streaming media in an existing video delivery system (Safadi-Para. 10), wherein streaming media is a technology used to deliver multimedia information, such as audio, video, or images (Safadi-Para. 2);
Also note Hulse discloses the VSTB instance generates a media stream which may include either or both of audio and video components (Para. 21) and encryption may be originally applied to the stream by the content provider (Para. 26).

Regarding claim 17, Safadi in view of Hulse teaches wherein the virtual set-top application is executed by a secure application server, e.g. the DRM proxy device and processor may be located at different locations in the headend as separate devices, may be combined in a single device, or may be embodied in various combinations of hardware, software, and firmware (Safadi-Fig. 1, el. 100, 110, 120; Para. 23), wherein the headend operates within a walled garden (Safadi-Fig. 1, el. 25; Para. 19, 40);
Also Note Hulse discloses the VSTB server includes the multiple VSTB instances and is located (Fig. 1, el. 108; Fig. 3, el. 300; Para. 25).

Regarding claim 19, Safadi teaches an electronic system, (Fig. 1), comprising: 
a secure application server, e.g. the DRM proxy device and processor may be located at different locations in the headend as separate devices, may be combined in a single device, or may be embodied in various combinations of hardware, software, and firmware (Fig. 1, el. 100, 110, 120; Para. 23), wherein the headend operates within a walled garden (Fig. 1, el. 25; Para. 19, 40), 
of a video programming distributor hosting a…virtual set-top application, e.g. a DRM proxy device that receives content requests from the consumer device and retrieves the corresponding content for delivery to the user; the DRM proxy receives the requested content as if it were the consumer device (Fig. 1, el. 120; Para. 22, 23),
each virtual set-top application corresponding to a client device, e.g. a consumer device (Fig. 1, el. 200),
…the one or more programs including instructions for: 
at a first virtual set-top application…the first virtual set-top application corresponding to a first client device:  receiving encrypted content from a content provider, wherein the content provider is distinct from the video programming distributor, e.g. receiving, by the DRM proxy device, the requested content from the content provider, wherein the content is encrypted at the content provider (Fig. 1, el. 52; Para. 22); 
decrypting the encrypted content in accordance with a first Digital Rights Management (DRM) protocol used by the content provider, e.g. decrypting, by the processor, the received content, wherein the received content is encrypted with the content provider DRM scheme (Para. 20-22); 
…generate a new data stream, e.g. encapsulating, by the processor, the content, gaining access to the content after decryption, or providing the decrypted content for encryption (Para. 14, 15, 22);
at a video programming distributor network, e.g. a headend network (Fig. 1, el. 60) that includes a headend processing system (Fig. 1, el. 100): 
determining a second DRM protocol compatible with the first client device, e.g. repackaging, at the processor, the content with the native DRM scheme for secure delivery to the consumer device (Para. 21, 22); 
encrypting, via a conditional-access encoder, e.g. a headend processor, wherein the DRM proxy device and the headend processor may be separate devices located at different locations in the headend (Fig. 1, el. 110; Para. 22, 23), the new data stream using the second DRM protocol compatible with the first client device, e.g. repackaging, at the processor, the content with the native DRM scheme for secure delivery to the consumer device (Para. 22); DRM may comprise encrypting of the streaming media content for secure delivery (Para. 20); and 
transmitting, to the first client device, the data as encrypted by the conditional-access encoder, e.g. transmitting, by the DRM proxy device, the encrypted content to the consumer device (Para. 12, 22).
Safadi does not clearly teach a secure application server of a video programming distributor hosting a plurality of virtual set-top applications, each virtual set-top application corresponding to a client device, comprising one or more processors and memory storing one or more programs configured to be executed by the one or more processors, the one or more programs including instructions for:  at a first virtual set-top application of the plurality of virtual set-top applications, the first virtual set-top application corresponding to a first client device; and at a first virtual set-top application of the plurality of virtual set-top applications, the first virtual set-top application corresponding to a first client device: decrypting the encrypted content in accordance with a first Digital Rights Management (DRM) protocol used by the content provider; and modifying the decrypted content, including blending a user-interface overlay, provided by a playback application executing at the headend of the video programming distributor, with the decrypted content to generate a new data stream.
Hulse teaches a secure application server, e.g. the VSTB server includes the multiple VSTB instances and is located (Fig. 1, el. 108; Fig. 3, el. 300; Para. 25), of a video programming distributor hosting a plurality of virtual set-top applications, e.g. a VSTB server includes multiple VSTB instances (Fig. 1, el. 108; Fig. 3, el. 300; Para. 25),
each virtual set-top application corresponding to a client device, e.g. a television (Fig. 1, el. 104A-104C),
comprising one or more processors, e.g. CPU cores (Para. 17); programmable logic devices, field-programmable logic arrays, or application-specific integrated circuits (Para. 66), and memory, e.g. physical memory (Para. 66), storing one or more programs configured to be executed by the one or more processors, the one or more programs including instructions for:  
at a first virtual set-top application of the plurality of virtual set-top applications, the first virtual set-top application corresponding to a first client device, e.g. a television (Fig. 1, el. 104A-104C), a given VSTB instance will generate a video stream targeting a specific device (Para. 27): 
receiving encrypted content from a content provider, wherein the content provider is distinct from the video programming distributor, e.g. receiving digital television channel broadcasts from a linear TV server, wherein the linear TV server receives the content from a content provider and wherein the content may be encrypted by the content provider (Para. 26, 51); 
decrypting the encrypted content in accordance with a first…protocol used by the content provider, e.g. decrypting the content by the VSTB instance (Para. 28, 29, 33, 51); 
modifying the decrypted content, including blending a user-interface overlay, provided by a playback application executing at the headend of the video programming distributor, with the decrypted content to generate a new data stream, e.g. shaping the raw frames for output, such as deinterlacing and scaling (Para. 51); overlaying or compositing a graphical user interface with the decoded and processed video stream (Para. 52), wherein a UI server provides the virtual user interfaces (VUIs) to the VSTB instances via Virtual Network Computing (VNC) sessions using VNC clients that are part of the VSTB instances (Para. 34, 35); and 
at a video programming distributor network, e.g. a digital content delivery system (Fig. 1, el. 100): 
determining a second DRM protocol compatible with the first client device, e.g. encrypting the content and graphical user interface using a DRM mechanism compatible with the target device (Para. 52, 54); 
encrypting, via a conditional-access encoder, the new data stream using the second DRM protocol compatible with the first client device, e.g. encrypting the content and graphical user interface using a DRM mechanism compatible with the target device (Para. 52, 54); and 
transmitting, to the first client device, the data as encrypted by the conditional-access encoder, e.g. sending the encrypted content directly to the target device or via an edge QAM muxer (Para. 41, 52, 54).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Safadi to include a secure application server of a video programming distributor hosting a plurality of virtual set-top applications, each virtual set-top application corresponding to a client device, comprising one or more processors and memory storing one or more programs configured to be executed by the one or more processors, the one or more programs including instructions for:  at a first virtual set-top application of the plurality of virtual set-top applications, the first virtual set-top application corresponding to a first client device; and at a first virtual set-top application of the plurality of virtual set-top applications, the first virtual set-top application corresponding to a first client device: decrypting the encrypted content in accordance with a first Digital Rights Management (DRM) protocol used by the content provider; and modifying the decrypted content, including blending a user-interface overlay, provided by a playback application executing at the headend of the video programming distributor, with the decrypted content to generate a new data stream, using the known method of utilizing a VSTB instance at a VSTB server to receive encrypted content, and decrypt the content and to encrypt the content and a graphical user interface using a DRM mechanism compatible with the target device and transmit the encrypted content to the target device, as taught by Hulse, in combination with the content delivery security system of Safadi, for the purpose of improving system efficiency and eliminating the cost of a conventional set-top box (Hulse-Para. 15).

Regarding claim 20, Safadi teaches …at a headend, e.g. a head-end (Fig. 1), of a video programming distributor hosting a…virtual set-top application, e.g. a DRM proxy device that receives content requests from the consumer device and retrieves the corresponding content for delivery to the user; the DRM proxy receives the requested content as if it were the consumer device (Fig. 1, el. 120; Para. 22, 23),
each virtual set-top application corresponding to a client device, e.g. a consumer device (Fig. 1, el. 200),
the one or more programs including instructions for: 
at a first virtual set-top application…the first virtual set-top application corresponding to a first client device:  receiving encrypted content from a content provider, wherein the content provider is distinct from the video programming distributor, e.g. receiving, by the DRM proxy device, the requested content from the content provider, wherein the content is encrypted at the content provider (Fig. 1, el. 52; Para. 22); 
decrypting the encrypted content in accordance with a first Digital Rights Management (DRM) protocol used by the content provider, e.g. decrypting, by the processor, the received content, wherein the received content is encrypted with the content provider DRM scheme (Para. 20-22); 
…generate a new data stream, e.g. encapsulating, by the processor, the content, gaining access to the content after decryption, or providing the decrypted content for encryption (Para. 14, 15, 22);
at a video programming distributor network, e.g. a headend network (Fig. 1, el. 60) that includes a headend processing system (Fig. 1, el. 100): 
determining a second DRM protocol compatible with the first client device, e.g. repackaging, at the processor, the content with the native DRM scheme for secure delivery to the consumer device (Para. 21, 22); 
encrypting, via a conditional-access encoder, e.g. a headend processor, wherein the DRM proxy device and the headend processor may be separate devices located at different locations in the headend (Fig. 1, el. 110; Para. 22, 23), the new data stream using the second DRM protocol compatible with the first client device, e.g. repackaging, at the processor, the content with the native DRM scheme for secure delivery to the consumer device (Para. 22); DRM may comprise encrypting of the streaming media content for secure delivery (Para. 20); and 
transmitting, to the first client device, the data as encrypted by the conditional-access encoder, e.g. transmitting, by the DRM proxy device, the encrypted content to the consumer device (Para. 12, 22).
Safadi does not clearly teach a non-transitory computer-readable storage medium storing one or more programs for execution by one or more processors at a headend of a video programming distributor hosting a plurality of virtual set-top applications, the one or more programs including instructions for:  at a first virtual set-top application of the plurality of virtual set-top applications, the first virtual set-top application corresponding to a first client device; and at a first virtual set-top application of the plurality of virtual set-top applications, the first virtual set-top application corresponding to a first client device: decrypting the encrypted content in accordance with a first Digital Rights Management (DRM) protocol used by the content provider; and modifying the decrypted content, including blending a user-interface overlay, provided by a playback application executing at the headend of the video programming distributor, with the decrypted content to generate a new data stream.
Hulse teaches a non-transitory computer-readable storage medium, e.g. physical memory (Para. 66), storing one or more programs for execution by one or more processors, e.g. CPU cores (Para. 17); programmable logic devices, field-programmable logic arrays, or application-specific integrated circuits (Para. 66), at a headend, e.g. a digital content delivery system (Fig. 1, el. 100),
of a video programming distributor hosting a plurality of virtual set-top applications, e.g. a VSTB server includes multiple VSTB instances (Fig. 1, el. 108; Fig. 3, el. 300; Para. 25), each virtual set-top application corresponding to a client device, e.g. a television (Fig. 1, el. 104A-104C),
the one or more programs including instructions for:
 at a first virtual set-top application of the plurality of virtual set-top applications, the first virtual set-top application corresponding to a first client device, e.g. a television (Fig. 1, el. 104A-104C), a given VSTB instance will generate a video stream targeting a specific device (Para. 27): 
receiving encrypted content from a content provider, wherein the content provider is distinct from the video programming distributor, e.g. receiving digital television channel broadcasts from a linear TV server, wherein the linear TV server receives the content from a content provider and wherein the content may be encrypted by the content provider (Para. 26, 51); 
decrypting the encrypted content in accordance with a first…protocol used by the content provider, e.g. decrypting the content by the VSTB instance (Para. 28, 29, 33, 51); 
modifying the decrypted content, including blending a user-interface overlay, provided by a playback application executing at the headend of the video programming distributor, with the decrypted content to generate a new data stream, e.g. shaping the raw frames for output, such as deinterlacing and scaling (Para. 51); overlaying or compositing a graphical user interface with the decoded and processed video stream (Para. 52), wherein a UI server provides the virtual user interfaces (VUIs) to the VSTB instances via Virtual Network Computing (VNC) sessions using VNC clients that are part of the VSTB instances (Para. 34, 35); and 
at a video programming distributor network, e.g. a digital content delivery system (Fig. 1, el. 100): 
determining a second DRM protocol compatible with the first client device, e.g. encrypting the content and graphical user interface using a DRM mechanism compatible with the target device (Para. 52, 54); 
encrypting, via a conditional-access encoder, the new data stream using the second DRM protocol compatible with the first client device, e.g. encrypting the content and graphical user interface using a DRM mechanism compatible with the target device (Para. 52, 54); and 
transmitting, to the first client device, the data as encrypted by the conditional-access encoder, e.g. sending the encrypted content directly to the target device or via an edge QAM muxer (Para. 41, 52, 54).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Safadi to include a non-transitory computer-readable storage medium storing one or more programs for execution by one or more processors at a headend of a video programming distributor hosting a plurality of virtual set-top applications, each virtual set-top application corresponding to a client device, the one or more programs including instructions for: at a first virtual set-top application of the plurality of virtual set-top applications, the first virtual set-top application corresponding to a first client device; and at a first virtual set-top application of the plurality of virtual set-top applications, the first virtual set-top application corresponding to a first client device: decrypting the encrypted content in accordance with a first Digital Rights Management (DRM) protocol used by the content provider; and modifying the decrypted content, including blending a user-interface overlay, provided by a playback application executing at the headend of the video programming distributor, with the decrypted content to generate a new data stream, using the known method of utilizing a VSTB instance at a VSTB server to receive encrypted content, and decrypt the content and to encrypt the content and a graphical user interface using a DRM mechanism compatible with the target device and transmit the encrypted content to the target device, as taught by Hulse, in combination with the content delivery security system of Safadi, for the purpose of improving system efficiency and eliminating the cost of a conventional set-top box (Hulse-Para. 15).

Claims 2-5 are rejected under 35 U.S.C. 103 as being unpatentable over Safadi in view of Hulse in view of Rothschild et al. (US 2013/0276015 A1) and further in view of Bots et al. (US 2006/0129792 A1).
Regarding claim 2, Safadi in view of Hulse teaches all elements of claim 1.
Safadi further teaches at the first virtual set-top application…:  
…
transmitting the encrypted…data stream over a…data link from the first virtual set-top application to the video programming distributor network, e.g. receiving, by the DRM proxy device, the requested content from the content provider and the processor can then terminate the original DRM scheme by decrypting the content (Para. 22), wherein the DRM proxy device and the processor may be located at different locations in the headend as separate devices (Para. 23); and 
at the video programming distributor network:  
decrypting the encrypted…data stream to generate decrypted data, e.g. the processor can then terminate the original DRM scheme by decrypting the content (Para. 22); 
…wherein encrypting the new data stream comprises encrypting the decrypted data, e.g. repackaging, at the processor, the content with the native DRM scheme for secure delivery to the consumer device (Para. 22); DRM may comprise encrypting of the streaming media content for secure delivery (Para. 20).
Safadi does not clearly teach the method of claim 1, further comprising:  at the first virtual set-top application, after modifying the decrypted content to generate the new data stream:  encrypting the new data stream corresponding to the modified decrypted content from the content provider; transmitting the encrypted new data stream over a secure data link from the first virtual set-top application to the video programming distributor network; and at the video programming distributor network:  decrypting the encrypted new data stream to generate decrypted data; sending the decrypted data to the conditional-access encoder, wherein encrypting the new data stream comprises encrypting the decrypted data.
Hulse further teaches at the first virtual set-top application, after modifying the decrypted content to generate the new data stream: 
encrypting the new data stream corresponding to the modified decrypted content from the content provider, e.g. encrypting, by the VSTB, the video and audio frames overlaid with the GUI (Para. 52); 
transmitting the encrypted new data stream over a…data link, e.g. an IP network (Fig. 1, el. 102; Para. 40), from the first virtual set-top application to the video programming distributor network, e.g. the output stream generated by the VSTB instance is sent by the back end IP network for subsequent transmission to the corresponding television (Fig. 1; Para. 54, 55).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Safadi to include at the first virtual set-top application, after modifying the decrypted content to generate the new data stream:  encrypting the new data stream corresponding to the modified decrypted content from the content provider; transmitting the encrypted new data stream over a data link from the first virtual set-top application to the video programming distributor network, as taught by Hulse, using the same motivation as in claim 1.
Safadi in view of Hulse does not clearly teach the method of claim 1, further comprising:  transmitting the encrypted new data stream over a secure data link from the first virtual set-top application to the video programming distributor network; and at the video programming distributor network:  decrypting the encrypted new data stream to generate decrypted data; sending the decrypted data to the conditional-access encoder.
Rothschild teaches at the first virtual set-top application, e.g. virtual STBs (Fig. 1, el. 158; Fig. 2, el. 215), after modifying the decrypted content to generate the new data stream, e.g. facilitating the overlay of EPG data and/or other data into a video stream and/or presentation for delivery to a consumer device and facilitating the generation and/or customization of suitable interfaces associated with a virtual STB (Fig. 1, el. 160; Fig. 2, el. 262; Para. 49, 50):
encrypting the new data stream corresponding to the modified decrypted content from the content provider, e.g. transcoding resources and link level encryption module facilitate the encoding and/or encrypting of content delivered to the consumer device (Fig. 2, el. 272, 274; Para. 50), wherein the content may be provided from one or more content providers (Para. 32);
transmitting the encrypted new data stream over a secure data link from the first virtual set-top application to the video programming distributor network, e.g. communicating the content to the customer device (Para. 66, 70), wherein communications between various components of the system may be facilitated via any number of networks including any number of private networks associated with the service provider and any number of routers may be provided to facilitate connectivity between or among networks (Para. 42).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Safadi in view of Hulse to include transmitting the encrypted new data stream over a secure data link from the first virtual set-top application to the video programming distributor network, using the known method of encrypting the content using link level encryption, DRM, and/or CAS and sending the encrypted content over the private network and generating an overlay interface using device capabilities, as taught by Rothschild, in combination with the content delivery security system of Safadi in view of Hulse, for the purpose of reducing maintenance costs and the number of service calls while providing a scalable system that is relatively easy to upgrade (Rothschild-Para. 77).
Safadi in view of Hulse in view of Rothschild does not clearly teach the method of claim 1, further comprising:  at the video programming distributor network:  decrypting the encrypted new data stream to generate decrypted data; sending the decrypted data to the conditional-access encoder.
Bots teaches at the first device, e.g. a router (Fig. 2, el. 240, 242, 244, 246)…:
encrypting the new data stream…, e.g. encrypting data at a VPNU and transmitting the encrypted data from the first router to the second router (Para. 32, 33, 35);
transmitting the encrypted new data stream over a secure data link from the first device to the…network, e.g. encrypting data at a VPNU and transmitting the encrypted data from the first router to the second router over the Internet or public network using a VPN (Fig. 2, el. 250; Para. 32, 33, 35), wherein the virtual private network connects the LAN of the first site and the LAN of the second site (Fig. 2; Para. 31, 32);
at the…network, e.g. the virtual private network connects the LAN of the first site and the LAN of the second site (Fig. 2; Para. 31, 32):
decrypting the encrypted new data stream to generate decrypted data, e.g. the receiving VPNU handles the process of decrypting the packet (Para. 33); identifying the encryption of the received encrypted data and reconstructing the original packet (Para. 38, 40);
sending the decrypted data to the destination device…, e.g. providing the reconstructed packet to the destination device (Para. 38, 40).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Safadi in view of Hulse in view of Rothschild to include at the first virtual set-top application, after modifying the decrypted content to generate the new data stream:  encrypting the new data stream corresponding to the modified decrypted content from the content provider; transmitting the encrypted new data stream over a secure data link from the first virtual set-top application to the video programming distributor network; and at the video programming distributor network:  decrypting the encrypted new data stream to generate decrypted data; sending the decrypted data to the conditional-access encoder, wherein encrypting the new data stream comprises encrypting the decrypted data, using the known method of encrypting data, transmitting the data across a VPN, receiving the data, and decrypting the data, as taught by Bots, in combination with the content delivery security system of Safadi in view of Hulse in view of Rothschild, for the purpose of providing additional security while the content is being sent across the network.

Regarding claim 3, Safadi in view of Hulse in view of Rothschild in view of Bots teaches all elements of claim 2.
Safadi in view of Hulse does not clearly teach the method of claim 2, wherein the encrypted new data stream is transmitted via a local network.
Rothschild teaches wherein the encrypted new data stream is transmitted via a local network, e.g. the networks may include one or more private networks and/or backbone networks associated with a service provider that operates and/or directs the operations of various components of the service provider system (Fig. 1, el. 115; Para. 21), wherein the encrypted content may be outputted for communication to the customer device (Para. 66, 70).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Safadi in view of Hulse to include wherein the encrypted new data stream is transmitted via a local network, using the known system wherein the networks may include one or more private networks and/or backbone networks associated with a service provider that operates and/or directs the operations of various components of the service provider system, wherein the encrypted content may be outputted for communication to the customer device, as taught by Rothschild, in combination with the content delivery security system of Safadi in view of Hulse, for the purpose of reducing maintenance costs and the number of service calls while providing a scalable system that is relatively easy to upgrade (Rothschild-Para. 77).
Also note Bots discloses the virtual private network connects the LAN of the first site and the LAN of the second site (Fig. 2; Para. 31, 32).

Regarding claim 4, Safadi in view of Hulse in view of Rothschild in view of Bots teaches all elements of claim 2.
Safadi does not clearly teach the method of claim 2, wherein the encrypted new data stream is transmitted via a wired Ethernet link.
Hulse teaches wherein the encrypted new data stream is transmitted via a wired Ethernet link, e.g. embodiments of the invention may be implemented in the context of both wired and wireless IP-based networks, such as using standard Ethernet or fiber-optic cable (Para. 23).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Safadi to include wherein the encrypted new data stream is transmitted via a wired Ethernet link, as taught by Hulse, using the same motivation as in claim 1.
Also note Bots discloses the virtual private network connects the LAN of the first site and the LAN of the second site (Fig. 2; Para. 31, 32), wherein the local area networks utilized for data communications may adhere to a wide variety of network protocols, the most common of which are Ethernet (Para. 29).

Regarding claim 5, Safadi in view of Hulse in view of Rothschild in view of Bots teaches all elements of claim 2.
Safadi further teaches wherein the secure data link comprises a bridged…network, e.g. receiving, by the DRM proxy device, the requested content from the content provider, wherein the content is encrypted at the content provider (Fig. 1, el. 52; Para. 22); repackaging, at the processor, the content with the native DRM scheme—bridged-- for secure delivery to the consumer device (Para. 22).
Safadi in view of Hulse does not clearly teach the method of claim 2, wherein the secure data link comprises a bridged private network.
Rothschild teaches wherein the secure data link comprises a…private network, e.g. the networks may include one or more private networks and/or backbone networks associated with a service provider that operates and/or directs the operations of various components of the service provider system (Fig. 1, el. 115; Para. 21).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Safadi in view of Hulse to include wherein the secure data link comprises a bridged private network, as taught by Rothschild, using the same motivation as in claim 2.
Also note Bots discloses the virtual private network connects the LAN of the first site and the LAN of the second site—bridged private network-- (Fig. 2; Para. 31, 32).

Claims 6 is rejected under 35 U.S.C. 103 as being unpatentable over Safadi in view of Hulse and further in view of Pierce et al. (US 2012/0124123 A1).
Regarding claim 6, Safadi in view of Hulse teaches all elements of claim 1.
Safadi in view of Hulse does not clearly teach the method of claim 1, wherein the playback application comprises an HTML5 application.
Pierce teaches wherein the playback application comprises an HTML5 application, e.g. the web server parses a static webpage written in HTML5 for the presence of the video element (Para. 53); if video is to be embedded, the web server selects a video player (Para. 55); generating an HTTP response including HTML or XHTML text that references the particular video content in a manner that is specific to the selected video player (Para. 56); retrieving the particular video content to be embedded in the webpage, such as a video file (Para. 59); transmitting the retrieved video file and HTTP response to the client application (Para. 60).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Safadi in view of Hulse to include wherein the playback application comprises an HTML5 application, using the known method of parsing, by a web server, a static webpage written in HTML5 for the presence of the video element, wherein if video is to be embedded, the web server selects a video player, generating an HTTP response including HTML or XHTML text that references the particular video content in a manner that is specific to the selected video player, retrieving the particular video content to be embedded in the webpage, such as a video file, and transmitting, by the web server, the retrieved video file and HTTP response to the client application, as taught by Pierce, in combination with the content delivery security system of Safadi in view of Hulse, for the purpose of using a playback application that utilizes cleaner, neater code that allows videos to play natively on any web browser.

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Safadi in view of Hulse and further in view of Li et al. (US 9,544,388 B1).
Regarding claim 8, Safadi in view of Hulse teaches all elements of claim 7.
Safadi in view of Hulse does not clearly teach wherein the method of claim 7, wherein decrypting the encrypted content is performed using a key from a secure keybox in the secure application server.
Li teaches wherein decrypting the encrypted content is performed using a key from a secure keybox in the secure application server, e.g. decrypting content which is encrypted under DRM using a decryption key (Col. 5, lines 4-9), wherein the decryption keys are stored in a content library in a data store within a computing environment, wherein the computing environment may comprise a server computer (Fig. 1B, el. 103, 157; Col. 3, lines 24-26).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Safadi in view of Hulse to include wherein decrypting the encrypted content is performed using a key from a secure keybox in the secure application server, using the known method of decrypting content which is encrypted under DRM using a decryption key, wherein the decryption keys are stored in a content library in a data store within a computing environment, wherein the computing environment may comprise a server computer, as taught by Li, in combination with the content delivery security system of Safadi in view of Hulse, for the purpose of increasing the security of storing and utilizing an encryption/decryption key.

Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Safadi in view of Hulse and further in view of Rothschild.
Regarding claim 14, Safadi in view of Hulse teaches all elements of claim 1.
Safadi further teaches wherein the headend of the video programming distributor distributes the data as encrypted by the conditional-access encoder…, e.g. repackaging, at the processor, the content with the native DRM scheme for secure delivery to the consumer device (Para. 22); DRM may comprise encrypting of the streaming media content for secure delivery (Para. 20); wherein the existing delivery network may comprise a large area network, a national network, or other similar network (Para. 31).
Safadi in view of Hulse does not clearly teach the method of claim 1, wherein the headend of the video programming distributor distributes the data as encrypted by the conditional-access encoder via the Internet.
Rothschild teaches wherein the headend, e.g. service provider computers (Fig. 1, el. 105), of the video programming distributor, e.g. service provider system (Fig. 1, el. 120), distributes the data as encrypted by the conditional-access encoder via the Internet, e.g. outputting encrypted content for communication to the customer device (Para. 66, 70), wherein the network may include the Internet (Fig. 1, el. 115; Para. 21).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Safadi in view of Hulse to include wherein the headend of the video programming distributor distributes the data as encrypted by the conditional-access encoder via the Internet, using the known system wherein the networks may include one or more private networks and/or backbone networks associated with a service provider that operates and/or directs the operations of various components of the service provider system, wherein the encrypted content may be outputted for communication to the customer device, as taught by Rothschild, in combination with the content delivery security system of Safadi in view of Hulse, for the purpose of reducing maintenance costs and the number of service calls while providing a scalable system that is relatively easy to upgrade (Rothschild-Para. 77).

Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Safadi in view of Hulse in view of Rothschild in view of Bots and further in view of Morard et al. (US 2017/0270077 A1).
Regarding claim 18, Safadi in view of Hulse teaches all elements of claim 1.
Safadi further teaches at a…virtual set-top application corresponding to a…client device:  receiving second encrypted content from the content provider, e.g. receiving, by the DRM proxy device, the requested content from the content provider, wherein the content is encrypted at the content provider (Fig. 1, el. 52; Para. 22); 
decrypting the second encrypted content in accordance with the first Digital Rights Management (DRM) protocol used by the content provider, e.g. decrypting, by the processor, the received content, wherein the received content is encrypted with the content provider DRM scheme (Para. 20-22); 
…
transmitting the encrypted second content over a…data link from the…virtual set-top application to the video programming distributor network, e.g. receiving, by the DRM proxy device, the requested content from the content provider and the processor can then terminate the original DRM scheme by decrypting the content (Para. 22), wherein the DRM proxy device and the processor may be located at different locations in the headend as separate devices (Para. 23);
at the video programming distributor network, e.g. a headend network (Fig. 1, el. 60) that includes a headend processing system (Fig. 1, el. 100): 
…
determining a third DRM protocol compatible with the…client device, e.g. repackaging, at the processor, the content with the native DRM scheme for secure delivery to the consumer device (Para. 21, 22); 
encrypting, via the conditional-access encoder, the decrypted second data using the third DRM protocol compatible with the…client device, e.g. repackaging, at the processor, the content with the native DRM scheme for secure delivery to the consumer device (Para. 22); DRM may comprise encrypting of the streaming media content for secure delivery (Para. 20); and 
transmitting, to the…client device (i) the second data as encrypted by the conditional-access encoder…, e.g. transmitting, by the DRM proxy device, the encrypted content to the consumer device (Para. 12, 22).
Safadi does not clearly teach at a second virtual set-top application corresponding to a second client device:  receiving second encrypted content from the content provider; decrypting the second encrypted content in accordance with the first Digital Rights Management (DRM) protocol used by the content provider; determining that the second client device supports user-interface overlay rendering; upon determining that the second client device does support user-interface overlay rendering:  re-encrypting the second decrypted content from the content provider; transmitting the re-encrypted second content over a secure data link from the second virtual set-top application to the video programming distributor network; at the video programming distributor network:  decrypting the re-encrypted second content to generate decrypted second data; determining a third DRM protocol compatible with the second client device; encrypting, via the conditional-access encoder, the decrypted second data using the third DRM protocol compatible with the second client device; and  transmitting, to the second client device (i) the second data as encrypted by the conditional-access encoder, and (ii) at least one user-interface overlay that has not been encrypted using the third DRM protocol.
Hulse further teaches at a second virtual set-top application, e.g. a VSTB server includes multiple VSTB instances (Fig. 1, el. 108; Fig. 3, el. 300; Para. 25), corresponding to a second client device, e.g. a television (Fig. 1, el. 104A-104C): 
receiving second encrypted content from the content provider, e.g. receiving digital television channel broadcasts from a linear TV server, wherein the linear TV server receives the content from a content provider and wherein the content may be encrypted by the content provider (Para. 26, 51); 
decrypting the second encrypted content in accordance with the first…protocol used by the content provider, e.g. decrypting the content by the VSTB instance (Para. 28, 29, 33, 51); 
determining that the second client device supports user-interface overlay rendering, e.g. overlaying or compositing a graphical user interface with the decoded and processed video stream (Para. 52); 
upon determining that the second client device does support user-interface overlay rendering, e.g. overlaying or compositing a graphical user interface with the decoded and processed video stream (Para. 52): 
…
transmitting the…second content over a…data link, e.g. an IP network (Fig. 1, el. 102; Para. 40), from the second virtual set-top application to the video programming distributor network, e.g. the output stream generated by the VSTB instance is sent by the back end IP network for subsequent transmission to the corresponding television (Fig. 1; Para. 54, 55); 
at the video programming distributor network, e.g. a digital content delivery system (Fig. 1, el. 100): 
…
determining a third DRM protocol compatible with the second client device, e.g. encrypting the content and graphical user interface using a DRM mechanism compatible with the target device (Para. 52, 54); 
 encrypting, via the conditional-access encoder, the decrypted second data using the third DRM protocol compatible with the second client device, e.g. encrypting the content and graphical user interface using a DRM mechanism compatible with the target device (Para. 52, 54); and 
transmitting, to the second client device (i) the second data as encrypted by the conditional-access encoder…using the third DRM protocol, e.g. sending the encrypted content directly to the target device or via an edge QAM muxer (Para. 41, 52, 54).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Safadi to include at a second virtual set-top application corresponding to a second client device:  receiving second encrypted content from the content provider; decrypting the second encrypted content in accordance with the first Digital Rights Management (DRM) protocol used by the content provider; determining that the second client device supports user-interface overlay rendering; upon determining that the second client device does support user-interface overlay rendering:  transmitting the second content over a data link from the second virtual set-top application to the video programming distributor network; at the video programming distributor network:  determining a third DRM protocol compatible with the second client device; encrypting, via the conditional-access encoder, the decrypted second data using the third DRM protocol compatible with the second client device; and  transmitting, to the second client device (i) the second data as encrypted by the conditional-access encoder using the third DRM protocol, as taught by Hulse, using the same motivation as in claim 1.
Safadi in view of Hulse does not clearly teach at a second virtual set-top application corresponding to a second client device:  upon determining that the second client device does support user-interface overlay rendering:  re-encrypting the second decrypted content from the content provider; transmitting the re-encrypted second content over a secure data link from the second virtual set-top application to the video programming distributor network; at the video programming distributor network:  decrypting the re-encrypted second content to generate decrypted second data; and transmitting, to the second client device (i) the second data as encrypted by the conditional-access encoder, and (ii) at least one user-interface overlay that has not been encrypted using the third DRM protocol.
Rothschild teaches at a second virtual set-top application, e.g. virtual STBs (Fig. 1, el. 158; Fig. 2, el. 215), corresponding to a second client device, e.g. customer devices (Fig. 1, el. 110A to 110N):
receiving second…content from the content provider, e.g. receiving content from one or more content providers (Para. 32); 
…
determining that the second client device supports user-interface overlay rendering, e.g. tailoring or customizing an interface based upon the input/output capabilities of the customer device and/or any number of generation parameters (Para. 29); generating interfaces by the virtual STB modules (Para. 39); 
upon determining that the second client device does support user-interface overlay rendering, e.g. tailoring or customizing an interface based upon the input/output capabilities of the customer device and/or any number of generation parameters (Para. 29); generating interfaces by the virtual STB modules (Para. 39): 
re-encrypting the second…content from the content provider, e.g. transcoding resources and link level encryption module facilitate the encoding and/or encrypting of content delivered to the consumer device (Fig. 2, el. 272, 274; Para. 50); 
transmitting the re-encrypted second content over a secure data link from the second virtual set-top application to the video programming distributor network, e.g. communicating the content to the customer device (Para. 66, 70), wherein communications between various components of the system may be facilitated via any number of networks including any number of private networks associated with the service provider and any number of routers may be provided to facilitate connectivity between or among networks (Para. 42).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Safadi in view of Hulse to include at a second virtual set-top application corresponding to a second client device:  upon determining that the second client device does support user-interface overlay rendering:  re-encrypting the second content from the content provider; and transmitting the re-encrypted second content over a secure data link from the second virtual set-top application to the video programming distributor network, using the known method of encrypting the content using link level encryption, DRM, and/or CAS and sending the encrypted content over the private network and generating an overlay interface using device capabilities, as taught by Rothschild, in combination with the content delivery security system of Safadi in view of Hulse, for the purpose of reducing maintenance costs and the number of service calls while providing a scalable system that is relatively easy to upgrade (Rothschild-Para. 77).
Safadi in view of Hulse in view of Rothschild does not clearly teach at a second virtual set-top application corresponding to a second client device:  upon determining that the second client device does support user-interface overlay rendering:  re-encrypting the second decrypted content from the content provider; at the video programming distributor network:  decrypting the re-encrypted second content to generate decrypted second data; and transmitting, to the second client device (i) the second data as encrypted by the conditional-access encoder, and (ii) at least one user-interface overlay that has not been encrypted using the third DRM protocol.
Bots teaches at the second device, e.g. a router (Fig. 2, el. 240, 242, 244, 246)…corresponding to a second client device, e.g. computers (Fig. 2, el. 201, 202, 203, 211, 212, 213, 221, 222, 223, 331, 332):
…
re-encrypting the second data…, e.g. encrypting data at a VPNU and transmitting the encrypted data from the first router to the second router (Para. 32, 33, 35);
transmitting the re-encrypted second data over a secure data link from the second device to the…network, e.g. encrypting data at a VPNU and transmitting the encrypted data from the first router to the second router over the Internet or public network using a VPN (Fig. 2, el. 250; Para. 32, 33, 35), wherein the virtual private network connects the LAN of the first site and the LAN of the second site (Fig. 2; Para. 31, 32);
at the…network, e.g. the virtual private network connects the LAN of the first site and the LAN of the second site (Fig. 2; Para. 31, 32):
decrypting the re-encrypted second content to generate decrypted second data, e.g. the receiving VPNU handles the process of decrypting the packet (Para. 33); identifying the encryption of the received encrypted data and reconstructing the original packet (Para. 38, 40);
…
transmitting, to the second client device (i) the second data as encrypted…, e.g. providing the reconstructed packet to the destination device (Para. 38, 40).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Safadi in view of Hulse in view of Rothschild to include at a second virtual set-top application corresponding to a second client device:  upon determining that the second client device does support user-interface overlay rendering:  re-encrypting the second decrypted content from the content provider; at the video programming distributor network:  decrypting the re-encrypted second content to generate decrypted second data, using the known method of encrypting data, transmitting the data across a VPN, receiving the data, and decrypting the data, as taught by Bots, in combination with the content delivery security system of Safadi in view of Hulse in view of Rothschild, for the purpose of providing additional security while the content is being sent across the network.
Safadi in view of Hulse in view of Rothschild in view of Bots does not clearly teach transmitting, to the second client device (i) the second data as encrypted by the conditional-access encoder, and (ii) at least one user-interface overlay that has not been encrypted using the third DRM protocol.
Morard teaches determining that the second client device supports user-interface overlay rendering; upon determining that the second client device, e.g. a client (Fig. 2, el. 200; Para. 100), does support user-interface overlay rendering, e.g. analyzing using a detector in the server to determine in which way the graphical user interface element and graphical user interface may be split in to basic elements to achieve a high performance rich GUI with minimum processing load at the server and the client (Para. 101, 104, 106, 177): 
re-encrypting the second…content from the content provider, e.g. a virtual device driver can be configured to provide and/or render the GUI element, to send the element text, and to encrypt the video data (Para. 145); and 
transmitting, to the second client device (i) the second data as encrypted by the conditional-access encoder, and (ii) at least one user-interface overlay that has not been encrypted using the third DRM protocol, e.g. sending the encrypted content separately from the GUI element text, wherein the text is not encrypted (Para. 145, 146, 153).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Safadi in view of Hulse in view of Rothschild in view of Bots to include transmitting, to the second client device (i) the second data as encrypted by the conditional-access encoder, and (ii) at least one user-interface overlay that has not been encrypted using the third DRM protocol, using the known method of sending the encrypted content separately from the GUI element text, wherein the text is not encrypted, as taught by Morard, in combination with the content delivery security system of Safadi in view of Hulse in view of Rothschild in view of Bots, for the purpose of achieving a high performance rich graphical user interface with minimum processing load at the server and the client (Morard-Para. 106).

Relevant Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Malhotra et al. (US 2010/0064307 A1)—Malhotra discloses sending a service guide unencrypted to the receiver device of a user (Para. 36).

Elliott (US 7,392,378 B1)—Elliott discloses a system wherein data is communicated using link level encryption.  The data is encrypted before it is sent from a first router and decrypted as it is received by a second router (Col. 2, lines 16-32).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEREMY DUFFIELD whose telephone number is (571)270-1643. The examiner can normally be reached Monday - Friday, 7:00 AM - 3:00 PM (ET).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on (571) 272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




10 November 2022
/Jeremy S Duffield/Primary Examiner, Art Unit 2498