Notice of Pre-AIA  or AIA  Status
	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This is in reply to papers filed on 10/06/2020. Claims 1-20 are pending. Claims 1, 10, and 19 is/are independent.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 

(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the 
an I/O subsystem to: 
establish a secured channel between the I/O subsystem and a trusted application running on the compute device; 
receive, in response to an establishment of the secured channel, I/O data from the I/O device via an unsecured channel; 
encrypt, in response to a receipt of the I/O data, the I/O data using a security key associated with the trusted application that is to process the I/O data; and 
transmit the encrypted I/O data to the trusted application via the secured channel, wherein the secured channel has a data transfer rate that is higher than a data transfer rate of the unsecured channel between the I/O device and the I/O subsystem.

Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.


Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 19-20 is/are rejected as being directed to non-statutory subject matter. The
claim(s) does/do not fall within at least one of the four categories of patent eligible subject
matter because the claim(s) recite “machine-readable storage media” and the broadest
reasonable interpretation of “machine-readable storage media” may include a transitory form of
signal transmission. See MPEP section 2106.03.

The disclosure at para. 9 states (emphasis added):
“[0009]      The disclosed embodiments may be implemented, in some cases, in hardware, firmware, software, or any combination thereof. The disclosed embodiments may also be implemented as instructions carried by or stored on a transitory or non-transitory machine- readable (e.g., computer-readable) storage medium, which may be read and executed by one or more processors. A machine-readable storage medium may be embodied as any storage device, mechanism, or other physical structure for storing or transmitting information in a form readable by a machine (e.g., a volatile or non-volatile memory, a media disc, or other media device).”

The description of machine-readable storage media in the specification is open ended. Unless the specification specifically states that “machine-readable storage media” excludes “signals” or defines it in some other way as hardware, the machine-readable storage media is considered non-statutory. Examiner suggests amending "machine-readable storage media" to “non-transitory machine-readable storage media." See In re Nuijten, 500 F.3d 1346, 84 USPQ2d 1495 (Fed. Cir. 2007).
	
	
Claim Rejections - 35 USC § 103
	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
	
	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

	
Claims 1-3, 6-12, and 15-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Durham et al. U.S. Publication 20170171194 (hereinafter “Durham”) in view of Case et al. U.S. Publication 20160364343 (hereinafter “Case”), further in view of Ahmad et al. U.S. Patent No. 9916129 (hereinafter “Ahmad”).

As per claim 1, Durham discloses a compute device for secure I/O data transfer, the compute device comprising: 
a processor to execute a trusted application; 
an input/output (I/O) device; and 
an I/O subsystem to: 
(See Durham Para. 21, CPU 120,[ processor])

establish a secured channel between the I/O subsystem and a trusted application running on the compute device; 
(See Durham a compute device for secure I/O data transfer is disclosed in figure 1 which shows a compute device which includes a combination of the processor (CPU 120) and I/O subsystem (ICE 128) and I/O device (device 110); compute device is everything depicted in figure 1 of the reference
Durham Para. 0018]
‘….Upon accesses to memory via DMA from a device that is in a secure mode [input/output (I/O) device], the ICE [an I/O subsystem = ICE ]  may fetch the data line stored in memory, identify the aforementioned identifying parameters to select a key[establish a secured channel] and obtain the replay counter, and then encrypt the data for the corresponding device using this key and replay counter. ….. Upon the subsequent read of the data from memory, trusted software may decrypt the data[trusted application running on the compute device; for secure I/O data transfer], …..’


encrypt, in response to a receipt of the I/O data, the I/O data using a security key associated with the trusted application that is to process the I/O data; and 
(See Durham Para. 0018]
‘….identifying parameters to select a key[security key associated with the trusted application; trusted software will use the security key to decrypt] and obtain the replay counter, and then encrypt the data for the corresponding device using this key [encrypt, in response to a receipt of the I/O data, the I/O data using a security key ]and replay counter. …… Upon the subsequent read of the data from memory, trusted software [trusted application ] may decrypt the data.’
)

transmit the encrypted I/O data to the trusted application via the secured channel, 
(See Durham Para. (See Durham Para. 0018]
‘….encrypt the data for the corresponding device using this key ….Upon the subsequent read of the data from memory[transmit the encrypted I/O data to the trusted application via the secured channel]; the encrypted data was written to memory and then subsequently trusted software retrieved the data from memory], trusted software [trusted application ] may decrypt the data.’
)

	However, Durham does not expressly disclose 
receive, in response to an establishment of the secured channel, I/O data from the I/O device via an unsecured channel; 
wherein the secured channel has a data transfer rate that is higher than a data transfer rate of the unsecured channel between the I/O device and the I/O subsystem.
Case discloses receive, in response to an establishment of the secured channel, I/O data from the I/O device via an unsecured channel; 

(See Case Para. [0068]
‘…..DMA interface 106 reads data from memory [reads data from memory = via an unsecured channel; the data read from memory is not encrypted yet ]that is un-encrypted [receive, in response to an establishment of the secured channel, I/O data ]which is routed through IEE 112 and then automatically encrypted with a key that is shared at the other end of the I/O channel [the I/O channel has already been established with the key]. This key is associated with the memory region, an I/O buffer [from the I/O device; this is an I/O buffer for some I/O device ]…..’
[0082]
‘In this way an I/O buffer may be realized in the memory to allow AES-CTR streaming of I/O data from one device[ from the I/O device] to another using inline encryption.’
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Durham with the technique for establishing the channel before receiving I/O data of Case to include 
receive, in response to an establishment of the secured channel, I/O data from the I/O device via an unsecured channel; 
One of ordinary skill in the art would have made this modification to improve the ability of the system to increase efficiency by setting up the channel before receiving the I/O data for encryption. The key is retrieved before the key is needed for encryption, which reduces delay associated with retrieving the key in setting up the channel.

However, the combination of Durham and Case does not expressly disclose wherein the secured channel has a data transfer rate that is higher than a data transfer rate of the unsecured channel between the I/O device and the I/O subsystem.
Ahmad discloses DMA mode has a higher data transfer rate
(See Ahmad Para. 
‘an I/O device of a system may receive data from an external source at a first data rate and place the data in a source buffer so it may be accessed by various devices of the system. DMA transfer transactions may attempt to read data from the source buffer at a rate that is faster than the rate at which the data is placed in the source buffer. …., the DMA transfer controller may write data at a faster rate than the data can be removed from the buffer and processed by the I/O device--resulting in an overflow of the destination buffer.’
[The DMA transfer rate according to Ahmad must be higher than the rate between the I/O device and the buffer since the rate from reading the buffer is higher according to Ahmad, otherwise the DMA channel would not be able to handle higher flow of data coming from the higher DMA reading rate from the buffer]
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Durham and Case with the higher transfer rate of the DMA transfer channel of Ahmad to include wherein the secured channel has a data transfer rate that is higher than a data transfer rate of the unsecured channel between the I/O device and the I/O subsystem.
One of ordinary skill in the art would have made this modification to improve the efficiency of the data transfer by utilizing DMA.  The modification of the Durham system according to the Case reference would have a higher DMA transfer rate after encryption of the data, since according to the Ahmad reference the DMA transfer is higher than the rate of 


The combined teaching of Durham, Case, and Ahmad discloses wherein to establish the secured channel comprises to receive the security key shared with the trusted application running on the compute device.
Para. 0018]
‘…., identify the aforementioned identifying parameters to select a key[establish a secured channel] ……, and then encrypt the data for the corresponding device using this key ….. Upon the subsequent read of the data from memory, trusted software may decrypt the data[security key shared with the trusted application running on the compute device], …..’
)

As per claim 3, the rejection of claim 2 is incorporated herein. 
The combined teaching of Durham, Case, and Ahmad discloses wherein to encrypt the I/O data comprises to encrypt, in response to a receipt of the I/O data, the I/O data using a security key.
Para. [0018]
‘…., identify the aforementioned identifying parameters to select a key[establish a secured channel] ……, and then encrypt the data for the corresponding device using this key [encrypt, in response to a receipt of the I/O data, the I/O data using a security key.]….. Upon the subsequent read of the data from memory, trusted software may decrypt the data, …..’
)

As per claim 6, the rejection of claim 1 is incorporated herein. 
Durham discloses wherein the trusted application running inside a trusted execution environment (TEE) of the compute device.
(See Durham Para. para. 18, ‘trusted software may decrypt the data’
trusted software in a TEE .’
)

As per claim 7, the rejection of claim 1 is incorporated herein. 
However, Durham does not expressly disclose wherein the secured channel is a full-duplex communication channel.
Case discloses wherein the secured channel is a full-duplex communication channel.
(See Case Para. [0068] ‘IEE 112 can provide an AES-ECB, AES-CTR, or other suitable mode for read-encryption/write-decryption to support I/O encrypted communication’
[ secure channel is based on the key used to encrypt data that has been read from the memory and transmitting the encrypted data, and also data is received and decrypted and written to memory. Note this is input and output, reading and writing from the I/O buffer]
).
For the reasons discussed with respect to claim 1, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Durham with the technique for read-encryption/write-decryption of Case to include wherein the secured channel is a full-duplex communication channel.

As per claim 8, the rejection of claim 1 is incorporated herein. 
However, Durham does not expressly disclose wherein to receive the I/O data comprises to receive, in response to an establishment of the secured channel, I/O data via a communication channel between the I/O subsystem and the I/O device, wherein the communication channel is not encrypted.
Case discloses wherein to receive the I/O data comprises to receive, in response to an establishment of the secured channel, I/O data via a communication channel between the I/O subsystem and the I/O device, wherein the communication channel is not encrypted.
reads data from memory [receive, in response to an establishment of the secured channel, I/O data; wherein the communication channel is not encrypted ]that is un-encrypted which is routed through IEE 112 and then automatically encrypted with a key that is shared at the other end of the I/O channel..’
[0082]
‘In this way an I/O buffer may be realized in the memory to allow AES-CTR streaming of I/O data from one device[  receive, …, I/O data via a communication channel between the I/O subsystem and the I/O device] to another using inline encryption.’
).
For the reasons discussed with respect to claim 1, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Durham with the technique for read-encryption/write-decryption of Case to include wherein to receive the I/O data comprises to receive, in response to an establishment of the secured channel, I/O data via a communication channel between the I/O subsystem and the I/O device, wherein the communication channel is not encrypted.

As per claim 9, the rejection of claim 1 is incorporated herein. 
The combined teaching of Durham, Case, and Ahmad discloses wherein to transmit the encrypted I/0 data comprises to transmit metadata associated with the encrypted I/0 data to the trusted application via the secured channel, wherein the data transfer rate of the secured channel is based on a size of the metadata.
(See Durham Para. 0018]
‘encrypt the data for the corresponding device using this key and replay counter[ metadata = replay counter]. Metadata may then indicate that the data line stored in memory should remain encrypted on a subsequent read. Upon the subsequent read of the data from memory[transmit metadata associated with the encrypted I/0 data], trusted software may use the aforementioned counter verify that the data was not replayed [this indicates that the metadata, which is the replay counter, was transmitted]…….’
[For any given duration of time, if there is more metadata then there will be more data transferred which results in a higher effective transfer rate. If there is less metadata than there is less data transferred resulting in a lower effective transfer rate, since the transfer rate is quantity of data transferred per unit of time]
)

As per claim 10, the claim(s) is/are directed to a method with limitations which correspond to limitations of claim 1, and is/are rejected for the reasons detailed with respect to claim 1.  

As per claim 11, the claim(s) is/are directed to a method with limitations which correspond to limitations of claim 2, and is/are rejected for the reasons detailed with respect to claim 2.  

As per claim 12, the claim(s) is/are directed to a method with limitations which correspond to limitations of claim 3, and is/are rejected for the reasons detailed with respect to claim 3.  

As per claim 15, the claim(s) is/are directed to a method with limitations which correspond to limitations of claim 6, and is/are rejected for the reasons detailed with respect to claim 6.  
  

As per claim 17, the claim(s) is/are directed to a method with limitations which correspond to limitations of claim 8, and is/are rejected for the reasons detailed with respect to claim 8.  

As per claim 18, the claim(s) is/are directed to a method with limitations which correspond to limitations of claim 9, and is/are rejected for the reasons detailed with respect to claim 9.  

As per claim 19, the claim(s) is/are directed to one or more machine-readable storage media with limitations which correspond to limitations of claim 1, and is/are rejected for the reasons detailed with respect to claim 1.  

Claims 4-5, 13-14, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Durham in view of Case, in view of Ahmad, further in view of Pappachan et al. U.S. Publication 20170024570 (hereinafter “Pappachan”).
As per claim 4, the rejection of claim 1 is incorporated herein. 
Durham discloses 
receive configuration data from the trusted application via the channel; 
configure the secured channel based on the configuration data.
(See Durham Para. [0017] ‘,This replay counter value may be a unique value that originates from authorized TEE software[receive configuration data from the trusted application via the channel] ….. the DMA data is encrypted using the replay counter value (e.g., as an encryption tweak, or as a counter with counter mode[configure the secured channel based on the configuration data).. ‘
)

However, the combination of Durham, Case, and Ahmad does not expressly disclose receive encrypted configuration data from the trusted application via the secured channel; 
decrypt the encrypted configuration data; and 
configure the secured channel based on the decrypted configuration data.

Pappachan discloses receiving data over an encrypted secured channel and decrypting the encrypted data
(See Pappachan Para. [0057] ‘security engine 138 may transmit the data over a protected DMA channel to the TIO software component, and the cryptographic engine 140 will encrypt the data with the key assigned to the DMA channel, which is also known to the TIO software component. Therefore, only the TIO software component may decrypt the value.’
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Durham, Case, and Ahmad with the technique for receiving data over an encrypted secured channel and decrypting the encrypted data of Pappachan to include 
receive encrypted configuration data from the trusted application via the secured channel; 
decrypt the encrypted configuration data; and 
configure the secured channel based on the decrypted configuration data.
rd parties from intercepting communication. The system (e.g., authorized software) of the primary reference can be modified to use a key to encrypt the replay information before transmitting such information, using the technique for transmitting over an encrypted channel as taught in the Pappachan reference.

As per claim 5, the rejection of claim 4 is incorporated herein. 
	However, Durham does not expressly disclose 
wherein to configure the secured channel comprises to configure the secured channel upon a power reset.
Case discloses wherein to configure the secured channel comprises to configure the secured channel upon a power reset.
(See Case Para. 0024]
‘Upon initial configuration out of reset crypto keys and permissions can be established. There may be long term keys which can be restored and ephemeral keys that are lost between power cycle’
).
For the reasons discussed with respect to claim 1, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Durham with the technique for configuration of the keys used for channels upon reset of Case to include wherein to configure the secured channel comprises to configure the secured channel upon a power reset.

As per claim 13, the claim(s) is/are directed to a method with limitations which correspond to limitations of claim 4, and is/are rejected for the reasons detailed with respect to claim 4.  

As per claim 14, the claim(s) is/are directed to a method with limitations which correspond to limitations of claim 5, and is/are rejected for the reasons detailed with respect to claim 5.  

As per claim 20, the claim(s) is/are directed to one or more machine-readable storage media with limitations which correspond to limitations of claim 4, and is/are rejected for the reasons detailed with respect to claim 4.  



Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HOWARD H LOUIE whose telephone number is 571-272-0036.  The examiner can normally be reached on Monday-Friday 9 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung W. Kim can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/HOWARD H. LOUIE/Examiner, Art Unit 2494                                                                                                                                                                                                        
/JUNG W KIM/Supervisory Patent Examiner, Art Unit 2494