Office Action Predictor
Last updated: April 16, 2026
Application No. 18/672,657

SECURE FRAME ENCRYPTION AS A SERVICE

Non-Final OA §103§DP
Filed
May 23, 2024
Examiner
FIELDS, COURTNEY D
Art Unit
2436
Tech Center
2400 — Computer Networks
Assignee
Cisco Technology, INC.
OA Round
1 (Non-Final)
84%
Grant Probability
Favorable
1-2
OA Rounds
3y 4m
To Grant
80%
With Interview

Examiner Intelligence

Grants 84% — above average
84%
Career Allow Rate
552 granted / 656 resolved
+26.1% vs TC avg
Minimal -4% lift
Without
With
+-4.5%
Interview Lift
resolved cases with interview
Typical timeline
3y 4m
Avg Prosecution
27 currently pending
Career history
683
Total Applications
across all art units

Statute-Specific Performance

§101
15.1%
-24.9% vs TC avg
§103
41.9%
+1.9% vs TC avg
§102
27.0%
-13.0% vs TC avg
§112
7.2%
-32.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 656 resolved cases

Office Action

§103 §DP
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 2. EXAMINER’S NOTE: The claims have been reviewed and considered under the new guidance pursuant to the 2019 Revised Patent Subject Matter Eligibility Guidance (PEG 2019) issued January 7, 2019. 3. This communication is in response to Applicant’s claims filed on 23 May 2024. Claims 1-20 remain pending. Information Disclosure Statement 4. The Information Disclosure Statement respectfully submitted on 23 March 2024 has been considered by the Examiner. Continued Prosecution Application 5. This application is a continuation-in-part of Serial No. 17/389,708 filed on 30 July 2021, which is now, US Patent No. 12,052,229, issued on 30 July 2024. Double Patenting 6. The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Instant Application 18/672,657 Issued Application 12,052,229 1. A method comprising: receiving, at a first endpoint, a media stream; encoding the media stream; performing secure frame encryption on the encoded media stream, wherein the secure frame encryption prevents the first endpoint has access to metadata of the media stream to route the media stream to a second endpoint without having access to media of the media stream; performing secure real-time transport protocol encryption on the secure frame media stream; and transmitting the secure frame media stream to a selective forwarding unit for subsequent forwarding to a second endpoint, wherein the selective forwarding unit does not have access to the media of the media stream. 2. The method of claim 1, wherein the secure frame encryption is performed per frame of the media stream. 3. The method of claim 1, further comprising: packetizing the encoded media stream into a plurality of packets; and performing the secure frame encryption of each of the plurality of packets. 4. The method of claim 3, further comprising: obtaining, by the first endpoint, a first encryption key for encrypting the plurality of packets; and encrypting the plurality of packets using the first encryption key. 5. The method of claim 1, wherein the media stream is part of a video conference. 6. The method of claim 1, wherein the media stream is part of an audio conference. 7. The method of claim 1, further comprising: obtaining, by the first endpoint, a first encryption key for encrypting the encoded media stream; and encrypting the media stream using the first encryption key. 8. The method of claim 1, further comprising: receiving, from the selective forwarding unit, a second secure frame media stream; and decrypting the second secure frame media stream. 9. The method of claim 1, further comprising: receiving, from the selective forwarding unit, a plurality of secure frame packets; and depacketizing the plurality of secure frame packets; and performing secure frame encryption of each of the depacketized plurality of packets. 10. A system comprising: one or more processors; and at least one non-transitory computer-readable storage medium having stored thereon instructions which, when executed by the one or more processors, cause the one or more processors to: receive a media stream; encode the media stream; perform secure frame encryption on the encoded media stream, wherein the secure frame encryption prevents a first endpoint has access to metadata of the media stream to route the media stream to a second endpoint without having access to media of the media stream; perform secure real-time transport protocol encryption on the secure frame media stream; and transmit the secure frame media stream to a selective forwarding unit for subsequent forwarding to a second endpoint, wherein the selective forwarding unit does not have access to the media of the media stream. 11. The system of claim 10, wherein the secure frame encryption is performed per frame of the media stream. 12. The system of claim 10, further comprising instructions which, when executed by the one or more processors, cause the one or more processors to: packetize the encoded media stream into a plurality of packets; and perform the secure frame encryption of each of the plurality of packets. 13. The system of claim 12, further comprising instructions which, when executed by the one or more processors, cause the one or more processors to: obtain a first encryption key for encrypting the plurality of packets; and encrypt the plurality of packets using the first encryption key. 14. The system of claim 10, wherein the media stream is part of a video conference. 15. The system of claim 10, wherein the media stream is part of an audio conference. 16. The system of claim 10, further comprising instructions which, when executed by the one or more processors, cause the one or more processors to: obtain a first encryption key for encrypting the encoded media stream; and encrypt the media stream using the first encryption key. 17. The system of claim 10, further comprising instructions which, when executed by the one or more processors, cause the one or more processors to: receive, from the selective forwarding unit, a second secure frame media stream; and decrypt the second secure frame media stream. 18. The system of claim 10, further comprising instructions which, when executed by the one or more processors, cause the one or more processors to: receive, from the selective forwarding unit, a plurality of secure frame packets; and depacketize the plurality of secure frame packets; and perform secure frame encryption of each of the depacketized plurality of packets. 19. A non-transitory computer-readable storage medium having stored thereon instructions which, when executed by one or more processors, cause the one or more processors to: receive a media stream; encode the media stream; perform secure frame encryption on the encoded media stream, wherein the secure frame encryption prevents a first endpoint has access to metadata of the media stream to route the media stream to a second endpoint without having access to media of the media stream; perform secure real-time transport protocol encryption on the secure frame media stream; and transmit the secure frame media stream to a selective forwarding unit for subsequent forwarding to a second endpoint, wherein the selective forwarding unit does not have access to the media of the media stream. 20. The non-transitory computer-readable storage medium of claim 19, wherein the secure frame encryption is performed per frame of the media stream. 1. A method comprising: receiving, by a network device, a first request for encrypting a first media stream associated with a first endpoint; configuring by the network device the first endpoint to perform secure frame encryption, wherein the secure frame encryption includes an encryption algorithm in which the first endpoint has access to metadata of the first media stream to route the first media stream to a second endpoint without having access to media of the first media stream; obtaining, by the first endpoint, a first encryption key for encrypting the first media stream associated with the first endpoint; receiving, from the first endpoint, a first plurality of media frames corresponding to the first media stream; encrypting each of the first plurality of media frames using the first encryption key to yield a first plurality of encrypted media frames; packetizing the first plurality of encrypted media frames into a first plurality of data packets for transmission to the second endpoint; and forwarding, by the first endpoint without having access to the media of the first media stream to second endpoint, the first plurality of data packets. 2. The method of claim 1, wherein the first request is received from at least one of a software defined wide area network (SD-WAN) controller, a Secure Access Service Edge (SASE) controller, a session border controller, and a cloud edge device. 3. The method of claim 1, wherein the network device corresponds to at least one of an edge router, a switch, a session border controller, or a base station. 4. The method of claim 1, further comprising: receiving a second request for encrypting a second media stream associated with a second endpoint. 5. The method of claim 4, further comprising: determining, based on metadata associated with the first endpoint and the second endpoint, that the first endpoint and the second endpoint can share the first encryption key; receiving, from the second endpoint, a second plurality of media frames corresponding to the second media stream; and encrypting each of the second plurality of media frames using the first encryption key to yield a second plurality of encrypted media frames. 6. The method of claim 4, further comprising: determining, based on metadata associated with the second endpoint, that the second endpoint is requesting a unique encryption key; and obtaining a second encryption key for encrypting the second media stream associated with the second endpoint. 7. The method of claim 4, further comprising: determining that the first media stream and the second media stream are directed to a same destination endpoint; and aggregating a plurality of data packets corresponding to a plurality of encrypted media frames associated with the first media stream and the second media stream. 8. The method of claim 1, further comprising: receiving, from a media server, a second plurality of data packets associated with a received media stream directed to the first endpoint; processing the second plurality of data packets to yield one or more encrypted media frames; obtaining a decryption key for decrypting the one or more encrypted media frames; decrypting the one or more encrypted media frames using the decryption key to yield a decrypted media stream; and sending the decrypted media stream to the first endpoint. 9. A system comprising: one or more processors; and at least one non-transitory computer-readable storage medium having stored thereon instructions which, when executed by the one or more processors, cause the one or more processors to: receive, by a network device, a first request for encrypting a first media stream associated with a first endpoint; configuring by the network device, the first endpoint to perform secure frame encryption, wherein the secure frame encryption includes an encryption algorithm in which the first endpoint has access to metadata of the first media stream to route the first media stream to a second endpoint without having access to media of the first media stream; obtain, by the first endpoint, a first encryption key for encrypting the first media stream associated with the first endpoint; receive, from the first endpoint, a first plurality of media frames corresponding to the first media stream; encrypt each of the first plurality of media frames using the first encryption key to yield a first plurality of encrypted media frames; packetize the first plurality of encrypted media frames into a first plurality of data packets for transmission to a second endpoint; and forward, by the first endpoint without having access to the media of the first media stream to second endpoint, the first plurality of data packets. 10. The system of claim 9, wherein the first request is received from at least one of a software defined wide area network (SD-WAN) controller, a Secure Access Service Edge (SASE) controller, a session border controller, and a cloud edge device. 11. The system of claim 9, wherein the first request is received by at least one of an edge router, a switch, a session border controller, or a base station. 12. The system of claim 9, the at least one non-transitory computer-readable storage medium storing instructions which, when executed by the one or more processors, cause the one or more processors to: receive a second request for encrypting a second media stream associated with a second endpoint. 13. The system of claim 12, the at least non-transitory one computer-readable storage medium storing instructions which, when executed by the one or more processors, cause the one or more processors to: determine, based on metadata associated with the first endpoint and the second endpoint, that the first endpoint and the second endpoint can share the first encryption key; receive, from the second endpoint, a second plurality of media frames corresponding to the second media stream; and encrypt each of the second plurality of media frames using the first encryption key to yield a second plurality of encrypted media frames. 14. The system of claim 12, the at least one non-transitory computer-readable storage medium storing instructions which, when executed by the one or more processors, cause the one or more processors to: determine, based on metadata associated with the second endpoint, that the second endpoint is requesting a unique encryption key; and obtain, from a server, a second encryption key for encrypting the second media stream associated with the second endpoint. 15. The system of claim 12, the at least non-transitory one computer-readable storage medium storing instructions which, when executed by the one or more processors, cause the one or more processors to: determine that the first media stream and the second media stream are directed to a same destination endpoint; and aggregate a plurality of data packets corresponding to a plurality of encrypted media frames associated with the first media stream and the second media stream. 16. The system of claim 9, the at least non-transitory one computer-readable storage medium storing instructions which, when executed by the one or more processors, cause the one or more processors to: receive, from a media server, a second plurality of data packets associated with a received media stream directed to the first endpoint; process the second plurality of data packets to yield one or more encrypted media frames; obtain a decryption key for decrypting the one or more encrypted media frames; decrypt the one or more encrypted media frames using the decryption key to yield a decrypted media stream; and send the decrypted media stream to the first endpoint. 17. A non-transitory computer-readable storage medium having stored thereon instructions which, when executed by one or more processors, cause the one or more processors to: receive, by a network device, a first request for encrypting a first media stream associated with a first endpoint; configuring by the network device, the first endpoint to perform secure frame encryption, wherein the secure frame encryption includes an encryption algorithm in Which the first endpoint has access to metadata of the first media stream to route the first media stream to a second endpoint without having access to media of the first media stream; obtain, by the first endpoint, a first encryption key for encrypting the first media stream associated with the first endpoint; receive, from the first endpoint, a first plurality of media frames corresponding to the first media stream; encrypt each of the first plurality of media frames using the first encryption key to yield a first plurality of encrypted media frames; packetize the first plurality of encrypted media frames into a first plurality of data packets for transmission to a second endpoint; and forward, by the first endpoint without having access to the media of the first media stream to second endpoint, the first plurality of data packets. 18. The non-transitory computer-readable storage medium of claim 17, wherein the first request is received from at least one of a software defined wide area network (SD-WAN) controller, a Secure Access Service Edge (SASE) controller, a session border controller, and a cloud edge device. 19. The non-transitory computer-readable storage medium of claim 17, wherein the network device corresponds to at least one of an edge router, a switch, a session border controller, or a base station. 20. The non-transitory computer-readable storage medium of claim 17, comprising instructions which, when executed by one or more processors, cause the one or more processors to: receive a second request for encrypting a second media stream associated with a second endpoint. 7. Claims 1-20 is rejected on the ground of non-statutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 12,052,229. Although the claims at issue are not identical, they are not patentably distinct from each other because in both instances, the claims are drawn towards secure frame encryption as a service. The omission of “encrypting each of the first plurality of media frames using the first encryption key to yield a first plurality of encrypted media frames; packetizing the first plurality of encrypted media frames into a first plurality of data packets for transmission to the second endpoint; and forwarding, by the first endpoint without having access to the media of the first media stream to second endpoint, the first plurality of data packets” does not change the scope of the claims for the instant application and the issued application. Similarly, in both instances, a similarity measure may be attained wherein providing secure frame encryption for securing audio and video streams is being performed. Claim Rejections - 35 USC § 103 8. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 9. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 10. Claims 1-8, 10-17, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Fukada et al. (Pub No. 2014/0136853) and Herrero (Pub No. 2017/0104596), in view of Yamagishi et al. (Pub No. 2010/0034391) and in further view of Vendrow et al. (US Patent No. 9,843,606). Referring to the rejection of claim 1, Fukada et al. discloses a method comprising: receiving, at a first endpoint, a media stream, encoding the media stream; (See Fukada et al., para. 142-143 and 150-151, i.e. a security parameter requested by the communication terminal disclosed as the first endpoint and received by the base station disclosed as the network device wherein the security request parameter designates the cryptographic processing to be performed on transmitted packets from the communication terminal) Fukada et al. fail to disclose performing secure frame encryption on the encoded media stream, wherein the secure frame encryption prevents the first endpoint has access to metadata of the media stream to route the media stream to a second endpoint without having access to media of the media stream. Herrero discloses a method and system that performs encrypted media detection for real-time communications of a user equipment (UE). Herrero discloses performing secure frame encryption on the encoded media stream and performing secure real-time transport protocol encryption on the secure frame media stream; (See Herrero, Fig. 4, para. 21 and 39-45, i.e. in response to the incoming request configured by the network device disclosed as the session border controller which is implemented by the tunneling server and the first endpoint disclosed as the tunneling client within the user equipment to perform secure frame encryption generating secure real-time transport protocol that is sent in the tunnel) Motivation for such an implementation would enable performing encrypted media detection for real-time communication wherein based on the stored corresponding data, the system determines if the encrypted frame includes an encrypted media data frame. (See Herrero, para. 4) The combination of Fukada et al. and Herrero fail to explicitly disclose wherein the secure frame encryption prevents the first endpoint has access to metadata of the media stream to route the media stream to a second endpoint without having access to media of the media stream. Yamagishi et al. discloses a cryptographic-key management system, an external device, and a cryptographic-key management program, for managing a cryptographic key for copyrighted data. Yamagishi et al. discloses wherein the secure frame encryption prevents the first endpoint has access to metadata of the media stream to route the media stream to a second endpoint without having access to media of the media stream; (See Yamagishi et al., para. 15-17, 39-41, 58-59, 71-77 and 91-97, i.e. secure encryption for protecting recordable media is performed wherein a DTCP key is used for encrypting copyrighted data and prohibiting unauthorized distribution of copyrighted data and a CPRM key is used for decrypting copyrighted data and prohibiting unauthorized copying of copyrighted data. The first endpoint disclosed as external device, item 10 and the second endpoint disclosed as terminal, item 20, wherein having access to process copyrighted data routed from the external device to the terminal is performed without having access to the stored media provided in the external device which is protected by the cryptographic key. The processing of the copyrighted data is impossible to have access and the process is terminated with an error message) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date the claimed invention was made to combine Fukada et al.’s apparatus and method for performing different cryptographic algorithms in a communication system and Herrero’s method and system that performs encrypted media detection for real-time communications of a user equipment (UE) modified with Yamagishi et al.’s cryptographic-key management system, an external device, and a cryptographic-key management program, for managing a cryptographic key for copyrighted data. Motivation for such an implementation would enable countermeasure against unauthorized copying of digital data whose copyright is protected and a countermeasure against unauthorized distribution of copyrighted data through a network. (See Yamagishi et al., para. 7) The combination of Fukada et al., Herrero, and Yamagishi et al. fail to explicitly disclose and transmitting the secure frame media stream to a selective forwarding unit for subsequent forwarding to a second endpoint, wherein the selective forwarding unit does not have access to the media of the media stream. Vendrow et al. discloses a system and method for establishing a video conference. Vendrow et al. discloses and transmitting the secure frame media stream to a selective forwarding unit for subsequent forwarding to a second endpoint, wherein the selective forwarding unit does not have access to the media of the media stream. (See Vendrow et al., Col. 8, lines 1-18 and Col. 13, lines 35-46, i.e., media routers include selective forwarding unit (SFU) which can receive multiple media data streams for capturing data packets and transmitting video data stream and/or audio stream. The selective forwarding unit may block access to all the packets that originated from the client applications. The video application server control selective forwarding unit to transmit the received/or forwarded media data to multiple recording servers, each of which can generate a portion of the package containing the media data. The media data recorded can be the data that are forwarded to conference client application. The media data recorded can also be the data that are received by selective forwarding unit but not forwarded to conference client application (e.g., the media data is associated with a thumbnail windows which the viewer disabled by a selection in pop-up window, the scrolling action, etc.) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date the claimed invention was made to combine Fukada et al.’s apparatus and method for performing different cryptographic algorithms in a communication system, Herrero’s method and system that performs encrypted media detection for real-time communications of a user equipment (UE), and Yamagishi et al.’s cryptographic-key management system, an external device, and a cryptographic-key management program, for managing a cryptographic key for copyrighted data modified with Vendrow et al.’s system and method for establishing a video conference. Motivation for such an implementation would enable selective forwarding units to transmit media data from client applications and monitor collected data of video application servers to improve management of network resources. (See Vendrow et al., Col. 7, lines 9-37) Referring to the rejection of claim 2, (Fukada et al., Herrero, and Yamagishi et al. modified by Vendrow et al.) discloses wherein the secure frame encryption is performed per frame of the media stream. (See Herrero, para. 30, i.e., In a tunneling configuration, encapsulated (i.e., in a packet/frame) media is typically communicated according to the real-time transport protocol (“RTP”) The rationale for combining Fukada et al., Herrero, and Yamagishi et al. in view of Vendrow et al. is the same as claim 1. Referring to the rejection of claim 3, (Fukada et al., Herrero, and Yamagishi et al. modified by Vendrow et al.) discloses further comprising: packetizing the encoded media stream into a plurality of packets; (See Fukada et al., para. 168-169 and 230-236, i.e. the step of packetization of the encrypted media frames are transmitted to the remote device disclosed as the second endpoint via a gateway GW) and performing the secure frame encryption of each of the plurality of packets. (See Herrero, Fig. 4, para. 21 and 39-45, i.e. in response to the incoming request configured by the network device disclosed as the session border controller which is implemented by the tunneling server and the first endpoint disclosed as the tunneling client within the user equipment to perform secure frame encryption generating secure real-time transport protocol that is sent in the tunnel) The rationale for combining Fukada et al., Herrero, and Yamagishi et al. in view of Vendrow et al. is the same as claim 1. Referring to the rejection of claim 4, (Fukada et al., Herrero, and Yamagishi et al. modified by Vendrow et al.) discloses further comprising: obtaining, by the first endpoint, a first encryption key for encrypting the plurality of packets; and encrypting the plurality of packets using the first encryption key. (See Fukada et al., para. 143-146, 151, 156, 221, and 230, i.e. the security parameter requested by the communication terminal disclosed as the first endpoint may specify a cryptographic algorithm such as a DES algorithm for voice and stream data packets. The acceptance of the security parameter by the base station and the acceptance of the security parameter response sent to the communication terminal, appends this information to the header of the data packets transmitted, wherein an encryption key is obtained by the cryptographic management unit of the base station) Referring to the rejection of claim 5, (Fukada et al., Herrero, and Yamagishi et al. modified by Vendrow et al.) discloses wherein the media stream is part of a video conference. (See Vendrow et al., Col. 6, lines 55-67 and Col. 7, lines 1-8, i.e., conference client application receives as a part of media data streams, video images and audio signals from conference client applications) The rationale for combining Fukada et al., Herrero, and Yamagishi et al. in view of Vendrow et al. is the same as claim 1. Referring to the rejection of claim 6, (Fukada et al., Herrero, and Yamagishi et al. modified by Vendrow et al.) discloses wherein the media stream is part of an audio conference. (See Vendrow et al., Col. 6, lines 55-67 and Col. 7, lines 1-8, i.e., conference client application receives as a part of media data streams, video images and audio signals from conference client applications) The rationale for combining Fukada et al., Herrero, and Yamagishi et al. in view of Vendrow et al. is the same as claim 1. Referring to the rejection of claim 7, (Fukada et al., Herrero, and Yamagishi et al. modified by Vendrow et al.) discloses further comprising: obtaining, by the first endpoint, a first encryption key for encrypting the encoded media stream; and encrypting the media stream using the first encryption key. (See Fukada et al., para. 165-166 and 230-233, i.e. encryption of the received data packets according to the selected security parameter, the DES algorithm is designated by the security parameter, and the encryption of the received data packets is performed by the base station) Referring to the rejection of claim 8, (Fukada et al., Herrero, and Yamagishi et al. modified by Vendrow et al.) discloses further comprising: receiving, from the selective forwarding unit, a second secure frame media stream; (See Fukada et al., para. 136-138 and 166-169, a second request for encrypting voice data packets or video data packets disclosed as a second media stream associated with a security gateway, GW disclosed as the second endpoint) and decrypting the second secure frame media stream. (See Fukada et al., para. 171-173 and 182-184, i.e., the decryption processing corresponding to the AES to decrypt the encrypted packet data. The security GW transmits the decrypted packet data to the remote node. The soft encryption unit outputs the decrypted packet data to the wired transmission and reception unit, transmits the decrypted packet data to the remote node, applies the decryption processing based on the AES to the data received from the cryptographic management unit and transmits the decrypted packet data to the communication terminal. The soft encryption unit outputs the decrypted packet data to the wired transmission and reception unit via the cryptographic management unit and transmits the decrypted packet data to the communication terminal via the baseband unit) Referring to the rejection of claim 10, (Fukada et al., Herrero, and Yamagishi et al. modified by Vendrow et al.) discloses a system comprising: one or more processors; (See Fukada et al., para. 72, CPU, item 140) and at least one non-transitory computer-readable storage medium having stored thereon instructions which, when executed by the one or more processors, cause the one or more processors to: (See Fukada et al., para. 72, the memory (ROM) disclosed as a non-transitory computer-readable storage medium having stored thereon instructions, which when executed by the CPU, item 140) receive a media stream and encode the media stream; (See Fukada et al., para. 142-143 and 150-151, i.e. a security parameter requested by the communication terminal disclosed as the first endpoint and received by the base station disclosed as the network device wherein the security request parameter designates the cryptographic processing to be performed on transmitted packets from the communication terminal) Fukada et al. fail to disclose performing secure frame encryption on the encoded media stream, wherein the secure frame encryption prevents the first endpoint has access to metadata of the media stream to route the media stream to a second endpoint without having access to media of the media stream. Herrero discloses a method and system that performs encrypted media detection for real-time communications of a user equipment (UE). Herrero discloses perform secure frame encryption on the encoded media stream and perform secure real-time transport protocol encryption on the secure frame media stream; (See Herrero, Fig. 4, para. 21 and 39-45, i.e. in response to the incoming request configured by the network device disclosed as the session border controller which is implemented by the tunneling server and the first endpoint disclosed as the tunneling client within the user equipment to perform secure frame encryption generating secure real-time transport protocol that is sent in the tunnel) Motivation for such an implementation would enable performing encrypted media detection for real-time communication wherein based on the stored corresponding data, the system determines if the encrypted frame includes an encrypted media data frame. (See Herrero, para. 4) The combination of Fukada et al. and Herrero fail to explicitly disclose wherein the secure frame encryption prevents the first endpoint has access to metadata of the media stream to route the media stream to a second endpoint without having access to media of the media stream. Yamagishi et al. discloses a cryptographic-key management system, an external device, and a cryptographic-key management program, for managing a cryptographic key for copyrighted data. Yamagishi et al. discloses wherein the secure frame encryption prevents a first endpoint has access to metadata of the media stream to route the media stream to a second endpoint without having access to media of the media stream; (See Yamagishi et al., para. 15-17, 39-41, 58-59, 71-77 and 91-97, i.e. secure encryption for protecting recordable media is performed wherein a DTCP key is used for encrypting copyrighted data and prohibiting unauthorized distribution of copyrighted data and a CPRM key is used for decrypting copyrighted data and prohibiting unauthorized copying of copyrighted data. The first endpoint disclosed as external device, item 10 and the second endpoint disclosed as terminal, item 20, wherein having access to process copyrighted data routed from the external device to the terminal is performed without having access to the stored media provided in the external device which is protected by the cryptographic key. The processing of the copyrighted data is impossible to have access and the process is terminated with an error message) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date the claimed invention was made to combine Fukada et al.’s apparatus and method for performing different cryptographic algorithms in a communication system and Herrero’s method and system that performs encrypted media detection for real-time communications of a user equipment (UE) modified with Yamagishi et al.’s cryptographic-key management system, an external device, and a cryptographic-key management program, for managing a cryptographic key for copyrighted data. Motivation for such an implementation would enable countermeasure against unauthorized copying of digital data whose copyright is protected and a countermeasure against unauthorized distribution of copyrighted data through a network. (See Yamagishi et al., para. 7) The combination of Fukada et al., Herrero, and Yamagishi et al. fail to explicitly disclose and transmitting the secure frame media stream to a selective forwarding unit for subsequent forwarding to a second endpoint, wherein the selective forwarding unit does not have access to the media of the media stream. Vendrow et al. discloses a system and method for establishing a video conference. Vendrow et al. discloses and transmit the secure frame media stream to a selective forwarding unit for subsequent forwarding to a second endpoint, wherein the selective forwarding unit does not have access to the media of the media stream. (See Vendrow et al., Col. 8, lines 1-18 and Col. 13, lines 35-46, i.e., media routers include selective forwarding unit (SFU) which can receive multiple media data streams for capturing data packets and transmitting video data stream and/or audio stream. The selective forwarding unit may block access to all the packets that originated from the client applications. The video application server control selective forwarding unit to transmit the received/or forwarded media data to multiple recording servers, each of which can generate a portion of the package containing the media data. The media data recorded can be the data that are forwarded to conference client application. The media data recorded can also be the data that are received by selective forwarding unit but not forwarded to conference client application (e.g., the media data is associated with a thumbnail windows which the viewer disabled by a selection in pop-up window, the scrolling action, etc.) The rationale for combining Fukada et al., Herrero, and Yamagishi et al. in view of Vendrow et al. is the same as claim 1. Referring to the rejection of claim 11, (Fukada et al., Herrero, and Yamagishi et al. modified by Vendrow et al.) discloses wherein the secure frame encryption is performed per frame of the media stream. (See Herrero, para. 30, i.e., In a tunneling configuration, encapsulated (i.e., in a packet/frame) media is typically communicated according to the real-time transport protocol (“RTP”) The rationale for combining Fukada et al., Herrero, and Yamagishi et al. in view of Vendrow et al. is the same as claim 1. Referring to the rejection of claim 12, (Fukada et al., Herrero, and Yamagishi et al. modified by Vendrow et al.) discloses further comprising instructions which, when executed by the one or more processors, cause the one or more processors to: packetize the encoded media stream into a plurality of packets; (See Fukada et al., para. 168-169 and 230-236, i.e. the step of packetization of the encrypted media frames are transmitted to the remote device disclosed as the second endpoint via a gateway GW) and perform the secure frame encryption of each of the plurality of packets. (See Herrero, Fig. 4, para. 21 and 39-45, i.e. in response to the incoming request configured by the network device disclosed as the session border controller which is implemented by the tunneling server and the first endpoint disclosed as the tunneling client within the user equipment to perform secure frame encryption generating secure real-time transport protocol that is sent in the tunnel) The rationale for combining Fukada et al., Herrero, and Yamagishi et al. in view of Vendrow et al. is the same as claim 1. Referring to the rejection of claim 13, (Fukada et al., Herrero, and Yamagishi et al. modified by Vendrow et al.) discloses further comprising instructions which, when executed by the one or more processors, cause the one or more processors to: obtain a first encryption key for encrypting the plurality of packets; and encrypt the plurality of packets using the first encryption key. (See Fukada et al., para. 143-146, 151, 156, 221, and 230, i.e. the security parameter requested by the communication terminal disclosed as the first endpoint may specify a cryptographic algorithm such as a DES algorithm for voice and stream data packets. The acceptance of the security parameter by the base station and the acceptance of the security parameter response sent to the communication terminal, appends this information to the header of the data packets transmitted, wherein an encryption key is obtained by the cryptographic management unit of the base station) Referring to the rejection of claim 14, (Fukada et al., Herrero, and Yamagishi et al. modified by Vendrow et al.) discloses wherein the media stream is part of a video conference. (See Vendrow et al., Col. 6, lines 55-67 and Col. 7, lines 1-8, i.e., conference client application receives as a part of media data streams, video images and audio signals from conference client applications) The rationale for combining Fukada et al., Herrero, and Yamagishi et al. in view of Vendrow et al. is the same as claim 1. Referring to the rejection of claim 15, (Fukada et al., Herrero, and Yamagishi et al. modified by Vendrow et al.) discloses wherein the media stream is part of an audio conference. (See Vendrow et al., Col. 6, lines 55-67 and Col. 7, lines 1-8, i.e., conference client application receives as a part of media data streams, video images and audio signals from conference client applications) The rationale for combining Fukada et al., Herrero, and Yamagishi et al. in view of Vendrow et al. is the same as claim 1. Referring to the rejection of claim 16, (Fukada et al., Herrero, and Yamagishi et al. modified by Vendrow et al.) discloses further comprising instructions which, when executed by the one or more processors, cause the one or more processors to: obtain a first encryption key for encrypting the encoded media stream; and encrypt the media stream using the first encryption key. (See Fukada et al., para. 165-166 and 230-233, i.e. encryption of the received data packets according to the selected security parameter, the DES algorithm is designated by the security parameter, and the encryption of the received data packets is performed by the base station) Referring to the rejection of claim 17, (Fukada et al., Herrero, and Yamagishi et al. modified by Vendrow et al.) discloses further comprising instructions which, when executed by the one or more processors, cause the one or more processors to: receive, from the selective forwarding unit, a second secure frame media stream; (See Fukada et al., para. 136-138 and 166-169, a second request for encrypting voice data packets or video data packets disclosed as a second media stream associated with a security gateway, GW disclosed as the second endpoint) and decrypt the second secure frame media stream. (See Fukada et al., para. 171-173 and 182-184, i.e., the decryption processing corresponding to the AES to decrypt the encrypted packet data. The security GW transmits the decrypted packet data to the remote node. The soft encryption unit outputs the decrypted packet data to the wired transmission and reception unit, transmits the decrypted packet data to the remote node, applies the decryption processing based on the AES to the data received from the cryptographic management unit and transmits the decrypted packet data to the communication terminal. The soft encryption unit outputs the decrypted packet data to the wired transmission and reception unit via the cryptographic management unit and transmits the decrypted packet data to the communication terminal via the baseband unit) Referring to the rejection of claim 19, (Fukada et al., Herrero, and Yamagishi et al. modified by Vendrow et al.) discloses a non-transitory computer-readable storage medium having stored thereon instructions which, when executed by one or more processors, cause the one or more processors to: (See Fukada et al., para. 72, the memory (ROM) disclosed as a non-transitory computer-readable storage medium having stored thereon instructions, which when executed by the CPU, item 140) receive a media stream and encode the media stream; (See Fukada et al., para. 142-143 and 150-151, i.e. a security parameter requested by the communication terminal disclosed as the first endpoint and received by the base station disclosed as the network device wherein the security request parameter designates the cryptographic processing to be performed on transmitted packets from the communication terminal) Fukada et al. fail to disclose performing secure frame encryption on the encoded media stream, wherein the secure frame encryption prevents the first endpoint has access to metadata of the media stream to route the media stream to a second endpoint without having access to media of the media stream. Herrero discloses a method and system that performs encrypted media detection for real-time communications of a user equipment (UE). Herrero discloses perform secure frame encryption on the encoded media stream and perform secure real-time transport protocol encryption on the secure frame media stream; (See Herrero, Fig. 4, para. 21 and 39-45, i.e. in response to the incoming request configured by the network device disclosed as the session border controller which is implemented by the tunneling server and the first endpoint disclosed as the tunneling client within the user equipment to perform secure frame encryption generating secure real-time transport protocol that is sent in the tunnel) Motivation for such an implementation would enable performing encrypted media detection for real-time communication wherein based on the stored corresponding data, the system determines if the encrypted frame includes an encrypted media data frame. (See Herrero, para. 4) The combination of Fukada et al. and Herrero fail to explicitly disclose wherein the secure frame encryption prevents the first endpoint has access to metadata of the media stream to route the media stream to a second endpoint without having access to media of the media stream. Yamagishi et al. discloses a cryptographic-key management system, an external device, and a cryptographic-key management program, for managing a cryptographic key for copyrighted data. Yamagishi et al. discloses wherein the secure frame encryption prevents a first endpoint has access to metadata of the media stream to route the media stream to a second endpoint without having access to media of the media stream; (See Yamagishi et al., para. 15-17, 39-41, 58-59, 71-77 and 91-97, i.e. secure encryption for protecting recordable media is performed wherein a DTCP key is used for encrypting copyrighted data and prohibiting unauthorized distribution of copyrighted data and a CPRM key is used for decrypting copyrighted data and prohibiting unauthorized copying of copyrighted data. The first endpoint disclosed as external device, item 10 and the second endpoint disclosed as terminal, item 20, wherein having access to process copyrighted data routed from the external device to the terminal is performed without having access to the stored media provided in the external device which is protected by the cryptographic key. The processing of the copyrighted data is impossible to have access and the process is terminated with an error message) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date the claimed invention was made to combine Fukada et al.’s apparatus and method for performing different cryptographic algorithms in a communication system and Herrero’s method and system that performs encrypted media detection for real-time communications of a user equipment (UE) modified with Yamagishi et al.’s cryptographic-key management system, an external device, and a cryptographic-key management program, for managing a cryptographic key for copyrighted data. Motivation for such an implementation would enable countermeasure against unauthorized copying of digital data whose copyright is protected and a countermeasure against unauthorized distribution of copyrighted data through a network. (See Yamagishi et al., para. 7) The combination of Fukada et al., Herrero, and Yamagishi et al. fail to explicitly disclose and transmitting the secure frame media stream to a selective forwarding unit for subsequent forwarding to a second endpoint, wherein the selective forwarding unit does not have access to the media of the media stream. Vendrow et al. discloses a system and method for establishing a video conference. Vendrow et al. discloses and transmit the secure frame media stream to a selective forwarding unit for subsequent forwarding to a second endpoint, wherein the selective forwarding unit does not have access to the media of the media stream. (See Vendrow et al., Col. 8, lines 1-18 and Col. 13, lines 35-46, i.e., media routers include selective forwarding unit (SFU) which can receive multiple media data streams for capturing data packets and transmitting video data stream and/or audio stream. The selective forwarding unit may block access to all the packets that originated from the client applications. The video application server control selective forwarding unit to transmit the received/or forwarded media data to multiple recording servers, each of which can generate a portion of the package containing the media data. The media data recorded can be the data that are forwarded to conference client application. The media data recorded can also be the data that are received by selective forwarding unit but not forwarded to conference client application (e.g., the media data is associated with a thumbnail windows which the viewer disabled by a selection in pop-up window, the scrolling action, etc.) The rationale for combining Fukada et al., Herrero, and Yamagishi et al. in view of Vendrow et al. is the same as claim 1. Referring to the rejection of claim 20, (Fukada et al., Herrero, and Yamagishi et al. modified by Vendrow et al.) discloses wherein the secure frame encryption is performed per frame of the media stream. (See Herrero, para. 30, i.e., In a tunneling configuration, encapsulated (i.e., in a packet/frame) media is typically communicated according to the real-time transport protocol (“RTP”) The rationale for combining Fukada et al., Herrero, and Yamagishi et al. in view of Vendrow et al. is the same as claim 1. Allowable Subject Matter 11. Claims 9 and 18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to COURTNEY D FIELDS whose telephone number is (571)272-3871. The examiner can normally be reached IFP M-F 8am-4:30pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHEWAYE GELAGAY can be reached at (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /COURTNEY D FIELDS/Examiner, Art Unit 2436 December 20, 2025 /FATOUMATA TRAORE/Primary Examiner, Art Unit 2436
Read full office action

Prosecution Timeline

May 23, 2024
Application Filed
Dec 20, 2025
Non-Final Rejection — §103, §DP
Mar 27, 2026
Response Filed

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12587838
ENCRYPTED END-TO-END MESSAGING USING NEAR-FIELD COMMUNICATION (NFC) TAGS
2y 5m to grant Granted Mar 24, 2026
Patent 12581311
METHOD AND DEVICE TO ESTABLISH A WIRELESS SECURE LINK WHILE MAINTAINING PRIVACY AGAINST TRACKING
2y 5m to grant Granted Mar 17, 2026
Patent 12581290
Security Negotiation Method and Apparatus
2y 5m to grant Granted Mar 17, 2026
Patent 12556552
AUTOMATIC INTEGRATION OF IOT DEVICES INTO A NETWORK
2y 5m to grant Granted Feb 17, 2026
Patent 12556568
MULTI-OBJECTIVE COMPUTER INFRASTRUCTURE VULNERABILITY PRIORITIZATION
2y 5m to grant Granted Feb 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

1-2
Expected OA Rounds
84%
Grant Probability
80%
With Interview (-4.5%)
3y 4m
Median Time to Grant
Low
PTA Risk
Based on 656 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month