DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The office action is in response to communication filed on October 7, 2021. 
Claims 1 – 25 are being considered on the merit.

Response to Arguments
Status of claims in the instant application:
Claims 1 – 25 are pending.
Claims 1, 14, and 20 are amended.
No claim has been cancelled.
No new claim has been added.
Examiner appreciate the explanation of the independent claim 1 and the presentation of support for the amended portion of the independent claim 1.
Applicant should submit an argument under the heading “Remarks” pointing out disagreements with the examiner’s contentions.  Applicant must also discuss the references applied against the claims, explaining how the claims avoid the references or distinguish from them.
Applicant's arguments fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.
Applicant’s arguments with respect to Claims 1 – 5, 7, 13 – 15, 17, 20 – 21, and 23, that were rejected under 35 U.S.C. 103 as being unpatentable over US 20170006030 A1 
The rejection of the dependent claims still stand based on the rejection of the independent claims 1, 14, and 20.

Drawings
The drawings filed on December 26, 2018 are accepted.

Specification
The specification filed on December 26, 2018 is accepted.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 – 5, 7, 13 – 15, 17, 20 –21, and 23 are rejected under 35 U.S.C. 103 as being unpatentable over US 20170006030 A1 Krishnamoorthy et al., (hereafter, “Krish”) in view of US 10419931 B1 to Sohail et al., (hereafter, "Sohail"). 
Regarding claim 1, Krish teaches a computing device comprising: a processor communicably coupled to an accelerator device, the processor to host an accelerator services enclave comprising a trusted execution environment and utilize the accelerator services enclave to: receive a unique device identifier from the accelerator device; [Krish, para. 28 discloses the information may comprise, for example, a key that may be used in encryption and/or decryption of data. In an example scenario, the key may be the public key of a public-private key pair. A device security server receives the request in the environment, generates a unique device identifier, stores the information from the request with the device identifier, and responds with the unique device identifier. A device subsequently attempts to access the device communication environment, the device provides the generated unique device identifier and may provide data that has been encrypted using the private key that corresponds to the public key. The device security server authenticates the particular device by decrypting the data using the public key. (Examiner notes that the particular device is mapped to the accelerator device and the device security server is mapped to the accelerator services enclave)] validate a device certificate for the unique device identifier in response to receipt of the unique device identifier; [Krish, para. 28 discloses a device subsequently attempts to access the device communication environment, the device provides the generated unique device identifier and may provide data that has been encrypted using the private key that corresponds to the public key. The device security server authenticates the particular device by decrypting the data using the public key. In an embodiment, the request from the device may also comprise a certificate that the device security server may compare to the certificate that was earlier generated and may have been stored in association with the particular device] authenticate the accelerator device in response to validation of the device certificate, wherein to authenticate the accelerator device comprises to receive attestation information indicative of a device configuration of the accelerator device; [Krish, para. 57 discloses Device security server 146 maintains security-related information for devices 130 that connect to environment 110. In an example embodiment, device security server 146 is programmed to process requests to register devices with environment 110. For example, entities such as, for example, device manufacturers, may forward requests to register devices with environment 110. Device security server 146 receives registration requests and assigns unique device identifiers to devices which use the device identifiers on subsequent requests to access environment 110. Device security server 146 stores, for each registered device, authentication information that is provided during the device registration process. For example, a request to register a device may comprise information identifying the device such as a device serial number and information for use in authenticating a device. In an example scenario, the information may comprise a digital certificate and may comprise a public key of a public key-private key pair. The information is stored in relation to the assigned device identifier for the particular device. When the device subsequently attempts to access environment 110, the request may be routed to device security server 146 for evaluation. Device security server 146 determines whether authentication information provided in the request is consistent with the authentication information stored in relation to the device identifier and provided during the registration process] wherein code and data comprised in the accelerator services enclave is protected by hardware protection circuitry of the processor while being executed or while being stored in a protected cache memory of the processor [Krish, para. 28 discloses the request may further comprise information for use in authenticating the device when it subsequently attempts to access the device communication system. The information for use in authentication may comprise any data that is suitable for authenticating the device. For example, the request may comprise a digital certificate for use in authenticating the particular device. In an example scenario, the information may comprise, for example, a key that may be used in encryption and/or decryption of data. In an example scenario, the key may be the public key of a public-private key pair. A device security server receives the request in the environment, generates a unique device identifier, stores the information from the request with the device identifier, and responds with the unique device identifier. In an example embodiment, the device registration process may further involve generating a certificate which, in an example embodiment, may be stored in association with the device identifier. In an alternate embodiment, a certificate may be generated and communicated to the manufacturer, but not associated with a particular device identifier. When a device subsequently attempts to access the device communication environment, the device provides the generated unique device identifier and may provide data that has been encrypted using the private key that corresponds to the public key. The device security server authenticates the particular device by decrypting the data using the public key], but Krish does not teach validate the attestation information based on the device certificate; establish a secure channel with the accelerator device in response to validation of the attestation information.
However, Sohail does teach validate the attestation information based on the device certificate. [Sohail, col. 18 lines 4 – 15 discloses the smart security agent will then extract the identifying information from the request that is received from the registered network device. The extracted device identifying information is utilized by the smart security agent to validate the network device. For example, the smart security agent can validate the network device by comparing the extracted device identifying information of the network device (e.g., serial number, firmware version, etc.) against the corresponding identifying information of associated with the SSL certification of the registered device (as maintained by the security agent) to validate the identity of the registered network device. Col. 15 lines 26 - 31 discloses once the smart security agent is registered with the computing platform, the smart security agent can proceed to register network devices to operate within the trusted network environment and perform security-related operations to detect anomalous activity within the trusted network] establish a secure channel with the accelerator device in response to validation of the attestation information. [Sohail, col. 17 lines 34 – 55 discloses a registered network device establishes a secure communications channel with the smart security agent 270 using the signed SSL certificate issued to the registered network device (block 500). In one embodiment, a secured SSL communications channel is generated using a standard SSL protocol. For example, the registered network device connects to the smart security agent 270 and the smart security agent 270 requests that the registered network device identify itself. The registered network device sends a copy of its signed SSL certificate to the smart security agent 270, and the smart security agent 270 checks the SSL certificate against a list of issued SSL certificates to ensure that the SSL certificate is not expired, or revoked, and otherwise still valid. If the SSL certificate is deemed valid, then the smart security agent 270 can create and encrypt a symmetric session key using the SSH private key, and then send the encrypted session key to the registered network device. The registered network device can then decrypt the session key using the public SSH key of the smart security agent 270. The network device and smart security agent 270 then communicate with messages that are encrypted using the session key.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Sohail’s system with Krish’s system, with a motivation to perform various types of security-related operations to detect for potential security threats and anomalous activity within the secured and trusted device network, and update and optimize security measures within the secure network based on information collected from actual detected threats and anomalies. [Sohail, col. 18 lines 25 – 41]

As per claim 2, modified Krish teaches the computing device of claim 1, wherein the accelerator services enclave is further to request the device certificate for the unique device identifier from a certificate service. [Krish, para. 40 discloses Upon receipt of requests from devices, the gateway server that was identified by the load balancer server and at which the request was received may communicate with the device security server and with the device to confirm that the device is registered with the system and not otherwise excluded from communicating with the system. In an example embodiment, the gateway server may forward to the device security server a device identifier received with the request along with any information that may be used to authenticate the device. The device security server may perform a handshake with the device via the gateway server in order to confirm that the device is, in fact, registered and eligible to communicate with the communication system.]

As per claim 3, modified Krish teaches the computing device of claim 1, wherein: to authenticate the accelerator device comprises to perform a secure key exchange with the accelerator device to establish a shared secret key; [Krish, para. 28 discloses the request may further comprise information for use in authenticating the device when it subsequently attempts to access the device communication system. The information for use in authentication may comprise any data that is suitable for authenticating the device. For example, the request may comprise a digital certificate for use in authenticating the particular device. In an example scenario, the information may comprise, for example, a key that may be used in encryption and/or decryption of data. In an example scenario, the key may be the public key of a public-private key pair] and to establish the secure channel comprises to complete the secure key exchange to establish the secure channel protected by the shared secret key. [Krish, para. 28 discloses when a device subsequently attempts to access the device communication environment, the device provides the generated unique device identifier and may provide data that has been encrypted using the private key that corresponds to the public key. The device security server authenticates the particular device by decrypting the data using the public key. In an embodiment, the request from the device may also comprise a certificate that the device security server may compare to the certificate that was earlier generated and may have been stored in association with the particular device.]

Regarding claim 4, modified Krish teaches the computing device of claim 1, wherein to validate the attestation information [Krish, para. 103 discloses gateway server 140 validates or authenticates the particular device. Para. 104 discloses the validation or authentication processing may further comprise processing an encrypted data item using the public key that was stored in association with the device during registration. For example, device 130 may have encrypted a known data item using its private key of the public-private key pair that was identified and stored with security server 146 during device registration. During the authentication process, gateway server 140 may retrieve the public key from security server 146 and use it to decrypt the received encrypted data. Gateway server 140 evaluates the unencrypted data to determine if the data was, in fact, encrypted using the private key corresponding to the registered public key and, therefore, received from the actual registered device], but Krish does not teach comprises to compare the attestation information indicative of the device configuration to device configuration data of the device certificate.
However, Sohail does teach comprises to compare the attestation information indicative of the device configuration to device configuration data of the device certificate. [Sohail, Col. 18, lines 4 – 15 discloses the smart security agent will then extract the identifying information from the request that is received from the registered network device. The extracted device identifying information is utilized by the smart security agent to validate the network device. For example, the smart security agent can validate the network device by comparing the extracted device identifying information of the network device (e.g., serial number, firmware version, etc.) against the corresponding identifying information of associated with the SSL certification of the registered device (as maintained by the security agent) to validate the identity of the registered network device. Col. 15, lines 26 - 31 discloses once the smart security agent is registered with the computing platform, the smart security agent can proceed to register network devices to operate within the trusted network environment and perform security-related operations to detect anomalous activity within the trusted network.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Sohail’s system with Krish’s system, with a motivation to perform various types of security-related operations to detect for potential security threats and anomalous activity within the secured and trusted device network, and update and optimize security measures within the secure network based on information collected from actual detected threats and anomalies.[Sohail, Col. 18, lines 25 – 41]

As per claim 5, modified Krish teaches the computing device of claim 1, wherein to validate the attestation information comprises to validate a testable attribute the attestation information, wherein the testable attribute is indicative of the device configuration. [Krish, para. 104 discloses the validation or authentication processing may further comprise processing an encrypted data item using the public key that was stored in association with the device during registration. For example, device 130 may have encrypted a known data item using its private key of the public-private key pair that was identified and stored with security server 146 during device registration. During the authentication process, gateway server 140 may retrieve the public key from security server 146 and use it to decrypt the received encrypted data. Gateway server 140 evaluates the unencrypted data to determine if the data was, in fact, encrypted using the private key corresponding to the registered public key and, therefore, received from the actual registered device]

As per claim 7, modified Krish teaches the computing device of claim 1, wherein the accelerator service enclave is further to: establish a data key; [Krish, para. 80 discloses the request may comprise a public key of a public key-private key pair. The public key may be used on subsequent attempts by the device 130 to communicate with environment 110. Para. 105 discloses device 130 may decrypt the received data using a public key that was provided by device security server 146 during the registration process. If device 130 determines that the decrypted data is acceptable, device 130 can determine that it is communicating with the appropriate environment] securely communicate the data key to the accelerator device via the secure channel; [Sohail, col.17, as in claim 1] and securely exchange data between the accelerator services enclave and the accelerator device protected by the data key in response to communication of the data key to the accelerator device. [Krish, para. 80 discloses subsequent attempts by the particular device 130 to access communication environment 110 may comprise data encrypted with the private key of the key pair. The communication platform 110 uses the public key to decrypt the received encrypted data and thereby authenticate the particular device 110. Para. 105 discloses  gateway server 140 and/or device security server 146 may generate and transmit a certificate by encrypting a known data item using a private key that corresponds to a public key that may have been exchanged with the device during the registration process. Device 130 evaluates the certificate to determine whether it indicates that device 130 is, in fact, communicating with the intended communication environment 110. For example, device 130 may decrypt the received data using a public key that was provided by device security server 146 during the registration process. If device 130 determines that the decrypted data is acceptable, device 130 can determine that it is communicating with the appropriate environment, para. 89 discloses the additional information provided in the response may comprise, for example, a public key that corresponds to a private key that is maintained in secrecy by the device security server 146. When the device 130 subsequently attempts to access the environment 110, the device 130 may use the public key to decrypt data that is sent by the device communication system 110 so as to authenticate that the device has connected to the intended system. Para. 105 discloses gateway server 140 and/or device security server 146 may generate and transmit a certificate by encrypting a known data item using a private key that corresponds to a public key that may have been exchanged with the device during the registration process. Device 130 evaluates the certificate to determine whether it indicates that device 130 is, in fact, communicating with the intended communication environment 110. For example, device 130 may decrypt the received data using a public key that was provided by device security server 146 during the registration process.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Sohail’s system with Krish’s system, with a motivation to perform various types of security-related operations to detect for potential security threats and anomalous activity within the secured and trusted device network, and update and optimize security measures within the secure network based on information collected from actual detected threats and anomalies. [Sohail, col. 18 lines 25 – 41]

As per claim 13, modified Krish teaches the computing device of claim 1, wherein the trusted execution environment comprises a secure enclave established with secure enclave support of a processor of the computing device. [Krish, para. 25 discloses a device communication environment that allows for devices to communicate with services accessible via the environment and allows for services to communicate with the devices via the environment. Devices that have been registered with the device communication environment may forward requests to the environment. For example, a device such as a dishwasher may communicate a request that its operating characteristics be communicated to a network services server accessible by the environment. A gateway server, which may be one of a plurality of gateway servers, may be identified to process the particular request. The identified gateway sever communicates with a device registry server to identify an executable function that corresponds to the request. For example, the device registry server may identify a particular function executable on a particular network service that corresponds to the particular request to communicate operating characteristics by the particular dishwasher .The gateway server requests that the identified function be communicated to the appropriate network service]

Regarding claim 14, Krish teaches a method comprising: receiving, by a trusted execution environment of a computing device, a unique device identifier from an accelerator device of the computing device; [Krish, para. 28 discloses the information may comprise, for example, a key that may be used in encryption and/or decryption of data. In an example scenario, the key may be the public key of a public-private key pair. A device security server receives the request in the environment, generates a unique device identifier, stores the information from the request with the device identifier, and responds with the unique device identifier. A device subsequently attempts to access the device communication environment, the device provides the generated unique device identifier and may provide data that has been encrypted using the private key that corresponds to the public key. The device security server authenticates the particular device by decrypting the data using the public key. (Examiner notes that the particular device is mapped to the accelerator device and the device security server is mapped to the accelerator services enclave)]  validating, by the trusted execution environment, a device certificate for the unique device identifier in response to receiving the unique device identifier; [Krish, para. 28 discloses a device subsequently attempts to access the device communication environment, the device provides the generated unique device identifier and may provide data that has been encrypted using the private key that corresponds to the public key. The device security server authenticates the particular device by decrypting the data using the public key. In an embodiment, the request from the device may also comprise a certificate that the device security server may compare to the certificate that was earlier generated and may have been stored in association with the particular device] authenticating, by the trusted execution environment, the accelerator device in response to validating the device certificate, wherein authenticating the accelerator device comprises receiving attestation information indicative of a device configuration of the accelerator device; [Krish, para. 28 discloses The device security server authenticates the particular device by decrypting the data using the public key. In an embodiment, the request from the device may also comprise a certificate that the device security server may compare to the certificate that was earlier generated and may have been stored in association with the particular device] wherein code and data comprised in the trusted execution environment is protected by hardware protection circuitry of a processor of the computing device while being executed or while being stored in a protected cache memory of the processor [Krish, para. 28 discloses the request may further comprise information for use in authenticating the device when it subsequently attempts to access the device communication system. The information for use in authentication may comprise any data that is suitable for authenticating the device. For example, the request may comprise a digital certificate for use in authenticating the particular device. In an example scenario, the information may comprise, for example, a key that may be used in encryption and/or decryption of data. In an example scenario, the key may be the public key of a public-private key pair. A device security server receives the request in the environment, generates a unique device identifier, stores the information from the request with the device identifier, and responds with the unique device identifier. In an example embodiment, the device registration process may further involve generating a certificate which, in an example embodiment, may be stored in association with the device identifier. In an alternate embodiment, a certificate may be generated and communicated to the manufacturer, but not associated with a particular device identifier. When a device subsequently attempts to access the device communication environment, the device provides the generated unique device identifier and may provide data that has been encrypted using the private key that corresponds to the public key. The device security server authenticates the particular device by decrypting the data using the public key], but Krish does not teach validate, by the trusted execution environment, the attestation information based on the device certificate; establishing, by the trusted execution environment, a secure channel with the accelerator device in response to validating the attestation information..
However, Sohail does teach validate, by the trusted execution environment, the attestation information based on the device certificate. [Sohail, Col. 18, lines 4 – 15 discloses the smart security agent will then extract the identifying information from the request that is received from the registered network device. The extracted device identifying information is utilized by the smart security agent to validate the network device. For example, the smart security agent can validate the network device by comparing the extracted device identifying information of the network device (e.g., serial number, firmware version, etc.) against the corresponding identifying information of associated with the SSL certification of the registered device (as maintained by the security agent) to validate the identity of the registered network device. Col. 15, lines 26 - 31 discloses once the smart security agent is registered with the computing platform, the smart security agent can proceed to register network devices to operate within the trusted network environment and perform security-related operations to detect anomalous activity within the trusted network] establishing, by the trusted execution environment, a secure channel with the accelerator device in response to validating the attestation information. [Sohail, col. 17 lines 34 – 55 discloses a registered network device establishes a secure communications channel with the smart security agent 270 using the signed SSL certificate issued to the registered network device (block 500). In one embodiment, a secured SSL communications channel is generated using a standard SSL protocol. For example, the registered network device connects to the smart security agent 270 and the smart security agent 270 requests that the registered network device identify itself. The registered network device sends a copy of its signed SSL certificate to the smart security agent 270, and the smart security agent 270 checks the SSL certificate against a list of issued SSL certificates to ensure that the SSL certificate is not expired, or revoked, and otherwise still valid. If the SSL certificate is deemed valid, then the smart security agent 270 can create and encrypt a symmetric session key using the SSH private key, and then send the encrypted session key to the registered network device. The registered network device can then decrypt the session key using the public SSH key of the smart security agent 270. The network device and smart security agent 270 then communicate with messages that are encrypted using the session key.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Sohail’s system with Krish’s system, with a motivation to perform various types of security-related operations to detect for potential security threats and anomalous activity within the secured and trusted device network, and update and optimize security measures within the secure network based on information collected from actual detected threats and anomalies.[Sohail, Col. 18, lines 25 – 41]

As per claim 15, modified Krish teaches the method of claim 14, further comprising requesting, by the trusted execution environment, the device certificate for the unique device identifier from a certificate service. [Krish, para. 40 discloses Upon receipt of requests from devices, the gateway server that was identified by the load balancer server and at which the request was received may communicate with the device security server and with the device to confirm that the device is registered with the system and not otherwise excluded from communicating with the system. In an example embodiment, the gateway server may forward to the device security server a device identifier received with the request along with any information that may be used to authenticate the device. The device security server may perform a handshake with the device via the gateway server in order to confirm that the device is, in fact, registered and eligible to communicate with the communication system.]

As per claim 17, modified Krish teaches the method of claim 14, further comprising: establishing, by the trusted execution environment, a data key; [[Krish, para. 80 discloses the request may comprise a public key of a public key-private key pair. The public key may be used on subsequent attempts by the device 130 to communicate with environment 110. Para. 105 discloses device 130 may decrypt the received data using a public key that was provided by device security server 146 during the registration process. If device 130 determines that the decrypted data is acceptable, device 130 can determine that it is communicating with the appropriate environment] securely communicating, by the trusted execution environment, the data key to the accelerator device via the secure channel; [Sohail, col.17, as in claim 1] and securely exchanging data between the trusted execution environment and the accelerator device protected by the data key in response to communicating the data key to the accelerator device. [Krish, para. 80 discloses subsequent attempts by the particular device 130 to access communication environment 110 may comprise data encrypted with the private key of the key pair. The communication platform 110 uses the public key to decrypt the received encrypted data and thereby authenticate the particular device 110. Para. 105 discloses  gateway server 140 and/or device security server 146 may generate and transmit a certificate by encrypting a known data item using a private key that corresponds to a public key that may have been exchanged with the device during the registration process. Device 130 evaluates the certificate to determine whether it indicates that device 130 is, in fact, communicating with the intended communication environment 110. For example, device 130 may decrypt the received data using a public key that was provided by device security server 146 during the registration process. If device 130 determines that the decrypted data is acceptable, device 130 can determine that it is communicating with the appropriate environment, para. 89 discloses the additional information provided in the response may comprise, for example, a public key that corresponds to a private key that is maintained in secrecy by the device security server 146. When the device 130 subsequently attempts to access the environment 110, the device 130 may use the public key to decrypt data that is sent by the device communication system 110 so as to authenticate that the device has connected to the intended system. Para. 105 discloses gateway server 140 and/or device security server 146 may generate and transmit a certificate by encrypting a known data item using a private key that corresponds to a public key that may have been exchanged with the device during the registration process. Device 130 evaluates the certificate to determine whether it indicates that device 130 is, in fact, communicating with the intended communication environment 110. For example, device 130 may decrypt the received data using a public key that was provided by device security server 146 during the registration process.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Sohail’s system with Krish’s system, with a motivation to perform various types of security-related operations to detect for potential security threats and anomalous activity within the secured and trusted device network, and update and optimize security measures within the secure network based on information collected from actual detected threats and anomalies. [Sohail, col. 18 lines 25 – 41]

Regarding claim 20, Krish teaches one or more computer-readable storage media comprising a plurality of instructions stored thereon that, in response to being executed, cause a computing device to: [Krish, para. 231 discloses each of the processes, methods, and algorithms described in the preceding sections may be embodied in, and fully or partially automated by, code modules executed by one or more computers or computer processors. The code modules may be stored on any type of non-transitory computer-readable medium or computer storage device, such as hard drives, solid state memory, optical disc, and/or the like. The processes and algorithms may be implemented partially or wholly in application-specific circuitry. The results of the disclosed processes and process steps may be stored, persistently or otherwise, in any type of non-transitory computer storage such as, e.g., volatile or non-volatile storage] receive, by a trusted execution environment of the computing device, a unique device identifier from an accelerator device of the computing device; [Krish, para. 28 discloses the information may comprise, for example, a key that may be used in encryption and/or decryption of data. In an example scenario, the key may be the public key of a public-private key pair. A device security server receives the request in the environment, generates a unique device identifier, stores the information from the request with the device identifier, and responds with the unique device identifier. A device subsequently attempts to access the device communication environment, the device provides the generated unique device identifier and may provide data that has been encrypted using the private key that corresponds to the public key. The device security server authenticates the particular device by decrypting the data using the public key. (Examiner note that the particular device is mapped to the accelerator device and the device security server is mapped to the accelerator services enclave)] validate, by the trusted execution environment, a device certificate for the unique device identifier in response to receiving the unique device identifier; [Krish, para. 28 discloses a device subsequently attempts to access the device communication environment, the device provides the generated unique device identifier and may provide data that has been encrypted using the private key that corresponds to the public key. The device security server authenticates the particular device by decrypting the data using the public key. In an embodiment, the request from the device may also comprise a certificate that the device security server may compare to the certificate that was earlier generated and may have been stored in association with the particular device] authenticate, by the trusted execution environment, the accelerator device in response to validating the device certificate, wherein authenticating the accelerator device comprises receiving attestation information indicative of a device configuration of the accelerator device; [Krish, para. 28 discloses The device security server authenticates the particular device by decrypting the data using the public key. In an embodiment, the request from the device may also comprise a certificate that the device security server may compare to the certificate that was earlier generated and may have been stored in association with the particular device] [Krish, para. 29 discloses the request is received at the device security server and information associating the particular entity stored in relation to the device identifier. when the particular entity subsequently attempts to communicate data or commands to the particular device, the device security server uses the information received in the registration request to confirm that the particular entity is authorized to communicate with or control the particular device. Conversely, when an unregistered entity attempts to communicate with or control the device, the communication environment uses the information provided during registration to deny any such request] wherein code and data comprised in the trusted execution environment is protected by hardware protection circuitry of a processor of the computing device while being executed or while being stored in a protected cache memory of the processor [Krish, para. 28 discloses the request may further comprise information for use in authenticating the device when it subsequently attempts to access the device communication system. The information for use in authentication may comprise any data that is suitable for authenticating the device. For example, the request may comprise a digital certificate for use in authenticating the particular device. In an example scenario, the information may comprise, for example, a key that may be used in encryption and/or decryption of data. In an example scenario, the key may be the public key of a public-private key pair. A device security server receives the request in the environment, generates a unique device identifier, stores the information from the request with the device identifier, and responds with the unique device identifier. In an example embodiment, the device registration process may further involve generating a certificate which, in an example embodiment, may be stored in association with the device identifier. In an alternate embodiment, a certificate may be generated and communicated to the manufacturer, but not associated with a particular device identifier. When a device subsequently attempts to access the device communication environment, the device provides the generated unique device identifier and may provide data that has been encrypted using the private key that corresponds to the public key. The device security server authenticates the particular device by decrypting the data using the public key], but Krish does not teach validate, by the trusted execution environment, the attestation information based on the device certificate; establish, by the trusted execution environment, a secure channel with the accelerator device in response to validating the attestation information.
However, Sohail does teach validate, by the trusted execution environment, the attestation information based on the device certificate. [Sohail, Col. 18, lines 4 – 15 discloses the smart security agent will then extract the identifying information from the request that is received from the registered network device. The extracted device identifying information is utilized by the smart security agent to validate the network device. For example, the smart security agent can validate the network device by comparing the extracted device identifying information of the network device (e.g., serial number, firmware version, etc.) against the corresponding identifying information of associated with the SSL certification of the registered device (as maintained by the security agent) to validate the identity of the registered network device. Col. 15, lines 26 - 31 discloses once the smart security agent is registered with the computing platform, the smart security agent can proceed to register network devices to operate within the trusted network environment and perform security-related operations to detect anomalous activity within the trusted network] establish, by the trusted execution environment, a secure channel with the accelerator device in response to validating the attestation information. [Sohail, col. 17 lines 34 – 55 discloses a registered network device establishes a secure communications channel with the smart security agent 270 using the signed SSL certificate issued to the registered network device (block 500). In one embodiment, a secured SSL communications channel is generated using a standard SSL protocol. For example, the registered network device connects to the smart security agent 270 and the smart security agent 270 requests that the registered network device identify itself. The registered network device sends a copy of its signed SSL certificate to the smart security agent 270, and the smart security agent 270 checks the SSL certificate against a list of issued SSL certificates to ensure that the SSL certificate is not expired, or revoked, and otherwise still valid. If the SSL certificate is deemed valid, then the smart security agent 270 can create and encrypt a symmetric session key using the SSH private key, and then send the encrypted session key to the registered network device. The registered network device can then decrypt the session key using the public SSH key of the smart security agent 270. The network device and smart security agent 270 then communicate with messages that are encrypted using the session key.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Sohail’s system with Krish’s system, with a motivation to perform various types of security-related operations to detect for potential security threats and anomalous activity within the secured and trusted device network, and update and optimize security measures within the secure network based on information collected from actual detected threats and anomalies.[Sohail, Col. 18, lines 25 – 41]

As per claim 21, modified Krish teaches the one or more computer-readable storage media of claim 20, wherein the plurality of instructions, in response to being executed, cause the computing device to request, by the trusted execution environment, the device certificate for the unique device identifier from a certificate service. [Krish, para. 40 discloses Upon receipt of requests from devices, the gateway server that was identified by the load balancer server and at which the request was received may communicate with the device security server and with the device to confirm that the device is registered with the system and not otherwise excluded from communicating with the system. In an example embodiment, the gateway server may forward to the device security server a device identifier received with the request along with any information that may be used to authenticate the device. The device security server may perform a handshake with the device via the gateway server in order to confirm that the device is, in fact, registered and eligible to communicate with the communication system.]

As per claim 23, modified Krish teaches the one or more computer-readable storage media of claim 20, wherein the plurality of instructions, in response to being executed, cause the computing device to: establish, by the trusted execution environment, a data key; [Krish, para. 80 discloses the request may comprise a public key of a public key-private key pair. The public key may be used on subsequent attempts by the device 130 to communicate with environment 110. Para. 105 discloses device 130 may decrypt the received data using a public key that was provided by device security server 146 during the registration process. If device 130 determines that the decrypted data is acceptable, device 130 can determine that it is communicating with the appropriate environment] securely communicate, by the trusted execution environment, the data key to the accelerator device via the secure channel; [Sohail, col.17, as in claim 1] and securely exchange data between the trusted execution environment and the accelerator device protected by the data key in response to communicating the data key to the accelerator device. [Krish, para. 80 discloses subsequent attempts by the particular device 130 to access communication environment 110 may comprise data encrypted with the private key of the key pair. The communication platform 110 uses the public key to decrypt the received encrypted data and thereby authenticate the particular device 110. Para. 105 discloses  gateway server 140 and/or device security server 146 may generate and transmit a certificate by encrypting a known data item using a private key that corresponds to a public key that may have been exchanged with the device during the registration process. Device 130 evaluates the certificate to determine whether it indicates that device 130 is, in fact, communicating with the intended communication environment 110. For example, device 130 may decrypt the received data using a public key that was provided by device security server 146 during the registration process. If device 130 determines that the decrypted data is acceptable, device 130 can determine that it is communicating with the appropriate environment, para. 89 discloses the additional information provided in the response may comprise, for example, a public key that corresponds to a private key that is maintained in secrecy by the device security server 146. When the device 130 subsequently attempts to access the environment 110, the device 130 may use the public key to decrypt data that is sent by the device communication system 110 so as to authenticate that the device has connected to the intended system. Para. 105 discloses gateway server 140 and/or device security server 146 may generate and transmit a certificate by encrypting a known data item using a private key that corresponds to a public key that may have been exchanged with the device during the registration process. Device 130 evaluates the certificate to determine whether it indicates that device 130 is, in fact, communicating with the intended communication environment 110. For example, device 130 may decrypt the received data using a public key that was provided by device security server 146 during the registration process.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Sohail’s system with Krish’s system, with a motivation to perform various types of security-related operations to detect for potential security threats and anomalous activity within the secured and trusted device network, and update and optimize security measures within the secure network based on information collected from actual detected threats and anomalies. [Sohail, col. 18 lines 25 – 41]

Claims 6, 16, and 22  are rejected under 35 U.S.C. 103 as being unpatentable over US 20170006030 A1 Krishnamoorthy et al., (hereafter, “Krish”) in view of US 10419931 B1 to Sohail et al., (hereafter, "Sohail") in further view of US 10057243 B1 to Kumar et al., (hereafter, “Kumar”).
Regarding claim 6, modified Krish teaches the computing device of claim 1, but modified Krish does not teach wherein to receive the unique device identifier comprises to receive a device identifier based on a physical unclonable function (PUF) of the accelerator device. 
However, Kumar does teach wherein to receive the unique device identifier comprises to receive a device identifier based on a physical unclonable function (PUF) of the accelerator device. [Kumar, col. 8 lines 63 - 64 discloses a device authentication artifact such as a Physically Unclonable Function (PUF) generated device unique identifier.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Kumar’s system with modified Krish’s system, with a motivation to be an immutable static identifier or regenerated dynamically at power-on using a PUF engine on the device. [Kumar, Col. 8 lines 65 – 67]

Regarding claim 16, modified Krish teaches the method of claim 14, but modified Krish does not teach wherein receiving the unique device identifier comprises receiving a device identifier based on a physical unclonable function (PUF) of the accelerator device. 
However, Kumar does teach wherein receiving the unique device identifier comprises receiving a device identifier based on a physical unclonable function (PUF) of the accelerator device.  [Kumar, col. 8 lines 63 - 64 discloses a device authentication artifact such as a Physically Unclonable Function (PUF) generated device unique identifier.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Kumar’s system with modified Krish’s system, with a motivation to be an immutable static identifier or regenerated dynamically at power-on using a PUF engine on the device. [Kumar, Col. 8 lines 65 – 67]

Regarding claim 22, modified Krish teaches the one or more computer-readable storage media of claim 20, but modified Krish does not teach wherein to receive the unique device identifier comprises to receive a device identifier based on a physical unclonable function (PUF) of the accelerator device. 
However, Kumar does teach wherein to receive the unique device identifier comprises to receive a device identifier based on a physical unclonable function (PUF) of the accelerator device. [Kumar, col. 8 lines 63 - 64 discloses a device authentication artifact such as a Physically Unclonable Function (PUF) generated device unique identifier.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Kumar’s system with modified Krish’s system, with a motivation to be an immutable static identifier or regenerated dynamically at power-on using a PUF engine on the device. [Kumar, Col. 8 lines 65 – 67]

Claims 8, 18, and 24 are rejected under 35 U.S.C. 103 as being unpatentable over US 20170006030 A1 Krishnamoorthy et al., (hereafter, “Krish”) in view of US 10419931 B1 to Sohail et al., (hereafter, "Sohail") in further view of US 20150347768 A1 to Martin et al., (hereafter, "Martin").
 	Regarding claim 8, modified Krish teaches the computing device of claim 7, but modified Krish does not teach further comprising a tenant enclave, wherein: the accelerator services enclave is further to (i) authenticate a second trusted execution environment, wherein the second trusted execution environment comprises a tenant application of the tenant enclave, and (ii) securely receive the data key from the second trusted execution environment in response to authentication of the second trusted execution environment; and the tenant enclave is to securely exchange the data between the tenant application and the accelerator device.
	However, Martin does teach further comprising a tenant enclave, wherein: the accelerator services enclave is further to (i) authenticate a second trusted execution environment, wherein the second trusted execution environment comprises a tenant application of the tenant enclave, and [Martin, para. 112 discloses the first secure enclave authenticating the second secure enclave. This may be in response to inspecting the policy (block 75) but that is not necessarily the case in other embodiments. Block 725 does not necessarily demand that the first enclave authenticate itself to the second enclave or vice versa. More essential is that first secure enclave appreciate “who” the second enclave is in order to later vet the second secure enclave as including an application that may examine the content in question]
(ii) securely receive the data key from the second trusted execution environment in response to authentication of the second trusted execution environment; and [Martin, para. 112 discloses authentication may include the second secure enclave communicating a report to the first secure enclave, the report (block 730) being based on at least one of (a) an identifier that is specific to at least one a computing platform including the second secure enclave, an independent software vendor (ISV) (e.g., a key or signature corresponding to the ISV), and a portion of the at least one processor (e.g., based on register settings in a processor for the platform that includes the second secure enclave)]
the tenant enclave is to securely exchange the data between the tenant application and the accelerator device. [Martin, para. 131 discloses at least one processor comprising: initializing first and second secure enclaves each comprising a trusted software execution environment that prevents software executing outside the first and second secure enclaves from having access to software and data inside the first and second secure enclaves; the first secure enclave (a)(i) inspecting a policy, (a)(ii) authenticating the second secure enclave in response to inspecting the policy; and (a)(iii) communicating encrypted content to the second secure enclave in response to authenticating the second secure enclave; and the second secure enclave (b)(i) decrypting the encrypted content to produce decrypted content, and (b)(ii) inspecting the decrypted content. Para. 123 discloses one or more of processing elements, may be an element other than a processor, such as an accelerator or a field programmable gate array. (examiner note that the processor being used to interact with the second secure enclaves can be an FPGA)]
	Therefore, it would have obvious to one of ordinary skill within the art before the effective filling date to combine Martin’s system with Krish’s system, with a motivation to authenticate by the policy including a whitelist listing an authorized inspection engine included in the second secure enclave which allow the whitelist to determine if the application of the second secure node should inspect the contents. [Martin, para. 113]

Regarding claim 18, modified Krish does teach the method of claim 17, but modified Krish does not teach further comprising: authenticating, by the trusted execution environment, a second trusted execution environment, wherein the second trusted execution environment comprises a tenant application; and securely receiving, by the trusted execution environment, the data key from the second trusted execution environment in response to authenticating the second trusted execution environment; wherein securely exchanging the data comprises securely exchanging the data between the tenant application and the accelerator device.
However, Martin does teach further comprising: authenticating, by the trusted execution environment, a second trusted execution environment, wherein the second trusted execution environment comprises a tenant application; and [Martin, para. 112 discloses the first secure enclave authenticating the second secure enclave. This may be in response to inspecting the policy (block 75) but that is not necessarily the case in other embodiments. Block 725 does not necessarily demand that the first enclave authenticate itself to the second enclave or vice versa. More essential is that first secure enclave appreciate “who” the second enclave is in order to later vet the second secure enclave as including an application that may examine the content in question]
securely receiving, by the trusted execution environment, the data key from the second trusted execution environment in response to authenticating the second trusted execution environment; [Martin, para. 112 discloses authentication may include the second secure enclave communicating a report to the first secure enclave, the report being based on at least one of (a) an identifier that is specific to at least one a computing platform including the second secure enclave, an independent software vendor (ISV) (e.g., a key or signature corresponding to the ISV), and a portion of the at least one processor (e.g., based on register settings in a processor for the platform that includes the second secure enclave)]
wherein securely exchanging the data comprises securely exchanging the data between the tenant application and the accelerator device. [Martin, para. 131 discloses at least one processor comprising: initializing first and second secure enclaves each comprising a trusted software execution environment that prevents software executing outside the first and second secure enclaves from having access to software and data inside the first and second secure enclaves; the first secure enclave (a)(i) inspecting a policy, (a)(ii) authenticating the second secure enclave in response to inspecting the policy; and (a)(iii) communicating encrypted content to the second secure enclave in response to authenticating the second secure enclave; and the second secure enclave (b)(i) decrypting the encrypted content to produce decrypted content, and (b)(ii) inspecting the decrypted content. Para. 123 discloses one or more of processing elements, may be an element other than a processor, such as an accelerator or a field programmable gate array. (Examiner note that the processor being used to interact with the second secure enclaves can be an FPGA)]
	Therefore, it would have obvious to one of ordinary skill within the art before the effective filling date to combine Martin’s system with Krish’s system, with a motivation to authenticate by the policy including a whitelist listing an authorized inspection engine included in the second secure enclave which allow the whitelist to determine if the application of the second secure node should inspect the contents. [Martin, para. 113]

Regarding claim 24, modified Krish teaches the one or more computer-readable storage media of claim 23, wherein the plurality of instructions, in response to being executed, but modified Krish does not teach cause the computing device to: authenticate, by the trusted execution environment, a second trusted execution environment, wherein the second trusted execution environment comprises a tenant application; and securely receive, by the trusted execution environment, the data key from the second trusted execution environment in response to authenticating the second trusted execution environment; wherein to securely exchange the data comprises to securely exchange the data between the tenant application and the accelerator device.
However, Martin does teach cause the computing device to: authenticate, by the trusted execution environment, a second trusted execution environment, wherein the second trusted execution environment comprises a tenant application; and [Martin, para. 112 discloses the first secure enclave authenticating the second secure enclave. This may be in response to inspecting the policy (block 75) but that is not necessarily the case in other embodiments. Block 725 does not necessarily demand that the first enclave authenticate itself to the second enclave or vice versa. More essential is that first secure enclave appreciate “who” the second enclave is in order to later vet the second secure enclave as including an application that may examine the content in question]
securely receive, by the trusted execution environment, the data key from the second trusted execution environment in response to authenticating the second trusted execution environment; [Martin, para. 112 discloses authentication may include the second secure enclave communicating a report to the first secure enclave, the report being based on at least one of (a) an identifier that is specific to at least one a computing platform including the second secure enclave, an independent software vendor (ISV) (e.g., a key or signature corresponding to the ISV), and a portion of the at least one processor (e.g., based on register settings in a processor for the platform that includes the second secure enclave)]
wherein to securely exchange the data comprises to securely exchange the data between the tenant application and the accelerator device. [Martin, para. 131 discloses at least one processor comprising: initializing first and second secure enclaves each comprising a trusted software execution environment that prevents software executing outside the first and second secure enclaves from having access to software and data inside the first and second secure enclaves; the first secure enclave (a)(i) inspecting a policy, (a)(ii) authenticating the second secure enclave in response to inspecting the policy; and (a)(iii) communicating encrypted content to the second secure enclave in response to authenticating the second secure enclave; and the second secure enclave (b)(i) decrypting the encrypted content to produce decrypted content, and (b)(ii) inspecting the decrypted content. Para. 123 discloses one or more of processing elements, may be an element other than a processor, such as an accelerator or a field programmable gate array. (Examiner note that the processor being used to interact with the second secure enclaves can be an FPGA)]
	Therefore, it would have obvious to one of ordinary skill within the art before the effective filling date to combine Martin’s system with Krish’s system, with a motivation to authenticate by the policy including a whitelist listing an authorized inspection engine included in the second secure enclave which allow the whitelist to determine if the application of the second secure node should inspect the contents. [Martin, para. 113]

Claims 9, 19, and 25 are rejected under 35 U.S.C. 103 as being unpatentable over US 20170006030 A1 Krishnamoorthy et al., (hereafter, “Krish”) in view of US 10419931 B1 to Sohail et al., (hereafter, "Sohail") in further view of US 20170024570 to Pappachan et al., (hereafter, "Pap").
Regarding claim 9, modified Krish teaches the computing device of claim 7, wherein: the accelerator device comprises a field-programmable gate array (FPGA); [Krish, para. 243 discloses some or all of the systems and/or modules may be implemented or provided in other ways, such as at least partially in firmware and/or hardware, including, but not limited to, one or more application-specific integrated circuits (ASICs), standard integrated circuits, controllers (e.g., by executing appropriate instructions, and including microcontrollers and/or embedded controllers), field-programmable gate arrays (FPGAs), complex programmable logic devices (CPLDs), etc.], but modified Krish does not teach and the accelerator services enclave is further to: establish a bitstream image key; securely communicatethe bitstream image key to the accelerator device via the secure channel; and program the accelerator device with an encrypted bitstream image in response to secure communication of the bitstream image key to the accelerator device, wherein the encrypted bitstream image is encrypted by the bitstream image key.
However, Pap does teach the accelerator services enclave is further to: establish a bitstream image key; [Pap, para. 41 discloses a secure enclave that communicates with the crypto engine driver 314 to program encryption keys and DMA channel information into the cryptographic engine on behalf of an application enclave and/or DDE]
securely communicate the bitstream image key to the accelerator device via the secure channel; and [Pap, para. 24 discloses the crypto engine programming support 126 allows the processor to program the cryptographic engine to provide cryptographic protection of I/O data. In particular, the processor may enable or disable encryption for certain I/O channels, and may securely provide encryption keys to the cryptographic engine. Para. 23 disclose the processor to establish a trusted execution environment known as a secure enclave, in which executing code may be measured, verified, and/or otherwise determined to be authentic. Para. 29 discloses he cryptographic engine 140 may be embodied as any microcontroller, microprocessor, functional block, logic, or other circuit or collection of circuits capable of performing the functions described herein. As further described below, the cryptographic engine 140 may encrypt and/or decrypt I/O data read or written by the I/O controllers 144 in one or more direct memory access (DMA) operations to the memory]
program the accelerator device with an encrypted bitstream image in response to secure communication of the bitstream image key to the accelerator device, wherein the encrypted bitstream image is encrypted by the bitstream image key. [Pap, para. 49 discloses the trusted application may be embodied as an application enclave that is protected with the secure enclave support of the processor. In block 424, the trusted application initializes protected DMA channels for use with the I/O devices associated with the trusted usage. The trusted application may use the crypto engine programming support of the processor to program the cryptographic engine to protect DMA channels associated with one or more I/O devices. Para. 57 discloses the cryptographic engine will encrypt the data with the key assigned to the DMA channel]
	Therefore, it would have obvious to one of ordinary skill within the art before the effective filling date to combine Pap’s system with Krish’s system, with a motivation to securely access the I/O devices associated with the requested secure usage after verifying the application attestation information by submitting the application attestation information to a remote verification service. [Pap, para. 54]

Regarding claim 19, modified Krish teaches the method of claim 17, wherein the accelerator device comprises a field-programmable gate array (FPGA) [Krish, para. 243 discloses some or all of the systems and/or modules may be implemented or provided in other ways, such as at least partially in firmware and/or hardware, including, but not limited to, one or more application-specific integrated circuits (ASICs), standard integrated circuits, controllers (e.g., by executing appropriate instructions, and including microcontrollers and/or embedded controllers), field-programmable gate arrays (FPGAs), complex programmable logic devices (CPLDs), etc.], but modified Krish does not teaches further comprising: establishing, by the trusted execution environment, a bitstream image key; securely communicating, by the trusted execution environment, the bitstream image key to the accelerator device via the secure channel; and programming, by the trusted execution environment, the accelerator device with an encrypted bitstream image in response to securely communicating the bitstream image key to the accelerator device, , and wherein the encrypted bitstream image is encrypted by the bitstream image key.
However, Pap teaches further comprising: establishing, by the trusted execution environment, a bitstream image key; [Pap, para. 41 discloses a secure enclave that communicates with the crypto engine driver 314 to program encryption keys and DMA channel information into the cryptographic engine on behalf of an application enclave and/or DDE]
securely communicating, by the trusted execution environment, the bitstream image key to the accelerator device via the secure channel; and [Pap, para. 24 discloses the crypto engine programming support 126 allows the processor to program the cryptographic engine to provide cryptographic protection of I/O data. In particular, the processor may enable or disable encryption for certain I/O channels, and may securely provide encryption keys to the cryptographic engine. Para. 23 disclose the processor to establish a trusted execution environment known as a secure enclave, in which executing code may be measured, verified, and/or otherwise determined to be authentic. Para. 29 discloses he cryptographic engine 140 may be embodied as any microcontroller, microprocessor, functional block, logic, or other circuit or collection of circuits capable of performing the functions described herein. As further described below, the cryptographic engine 140 may encrypt and/or decrypt I/O data read or written by the I/O controllers 144 in one or more direct memory access (DMA) operations to the memory]
programming, by the trusted execution environment, the accelerator device with an encrypted bitstream image in response to securely communicating the bitstream image key to the accelerator device, and wherein the encrypted bitstream image is encrypted by the bitstream image key. [Pap, para. 49 discloses the trusted application may be embodied as an application enclave that is protected with the secure enclave support of the processor. In block 424, the trusted application initializes protected DMA channels for use with the I/O devices associated with the trusted usage. The trusted application may use the crypto engine programming support of the processor to program the cryptographic engine to protect DMA channels associated with one or more I/O devices. Para. 57 discloses the cryptographic engine will encrypt the data with the key assigned to the DMA channel]
	Therefore, it would have obvious to one of ordinary skill within the art before the effective filling date to combine Pap’s system with Krish’s system, with a motivation to securely access the I/O devices associated with the requested secure usage after verifying the application attestation information by submitting the application attestation information to a remote verification service. [Pap, para. 54]

Regarding claim 25, modified Krish teaches the one or more computer-readable storage media of claim 23, wherein the plurality of instructions, in response to being executed, cause the computing device to: wherein the accelerator device comprises a field-programmable gate array (FPGA) [Krish, para. 70 discloses one way to address this reduction in performance is to use programmable and/or fixed-function accelerators, such Field Programmable Gate Arrays (FPGA)s, Graphic Processor Units (GPUs), encryption/decryption engines, etc.,. Generally, an accelerator, as used herein, is a hardware-based component or embedded logic block that is used to offload software-based processing from CPU cores, resulting in performance improvements for various types of applications. In accordance with further aspects of embodiments disclosed herein, aspect of SGX enclaves are extended to such programmable and fixed-function accelerators], but modified Krish does not teach establish, by the trusted execution environment, a bitstream image key; securely communicate, by the trusted execution environment, the bitstream image key to the accelerator device via the secure channel; and program, by the trusted execution environment, the accelerator device with an encrypted bitstream image in response to securely communicating the bitstream image key to the accelerator device, and wherein the encrypted bitstream image is encrypted by the bitstream image key.
However, Pap does teach establish, by the trusted execution environment, a bitstream image key; [Pap, para. 41 discloses a secure enclave that communicates with the crypto engine driver 314 to program encryption keys and DMA channel information into the cryptographic engine on behalf of an application enclave and/or DDE]
 securely communicate, by the trusted execution environment, the bitstream image key to the accelerator device via the secure channel; and [Pap, para. 24 discloses the crypto engine programming support 126 allows the processor to program the cryptographic engine to provide cryptographic protection of I/O data. In particular, the processor may enable or disable encryption for certain I/O channels, and may securely provide encryption keys to the cryptographic engine. Para. 23 disclose the processor to establish a trusted execution environment known as a secure enclave, in which executing code may be measured, verified, and/or otherwise determined to be authentic. Para. 29 discloses he cryptographic engine 140 may be embodied as any microcontroller, microprocessor, functional block, logic, or other circuit or collection of circuits capable of performing the functions described herein. As further described below, the cryptographic engine 140 may encrypt and/or decrypt I/O data read or written by the I/O controllers 144 in one or more direct memory access (DMA) operations to the memory]
program, by the trusted execution environment, the accelerator device with an encrypted bitstream image in response to securely communicating the bitstream image key to the accelerator device, and wherein the encrypted bitstream image is encrypted by the bitstream image key. [Pap, para. 49 discloses the trusted application may be embodied as an application enclave that is protected with the secure enclave support of the processor. In block 424, the trusted application initializes protected DMA channels for use with the I/O devices associated with the trusted usage. The trusted application may use the crypto engine programming support of the processor to program the cryptographic engine to protect DMA channels associated with one or more I/O devices. Para. 57 discloses the cryptographic engine will encrypt the data with the key assigned to the DMA channel]
	Therefore, it would have obvious to one of ordinary skill within the art before the effective filling date to combine Pap’s system with Krish’s system, with a motivation to securely access the I/O devices associated with the requested secure usage after verifying the application attestation information by submitting the application attestation information to a remote verification service. [Pap, para. 54]

Claims 10 - 12 are rejected under 35 U.S.C. 103 as being unpatentable over US 20170006030 A1 Krishnamoorthy et al., (hereafter, “Krish”)  in view of US 10419931 B1 to Sohail et al., (hereafter, "Sohail") in further view of US 20170024570 A1 to Pappachan et al., (hereafter, "Pap") and in further view of US 20150347768 A1 to Martin et al., (hereafter, "Martin").
Regarding claim 10, modified Krish teaches the computing device of claim 9, but modified Krish does not teach further comprising a tenant enclave, wherein the accelerator services enclave is further to: authenticate a second trusted execution environment, wherein the second trusted execution environment comprises a tenant application of the tenant enclave; and receive the encrypted bitstream image from the second trusted execution environment in response to authentication of the second trusted execution environment.
However, Martin does teach further comprising a tenant enclave, wherein the accelerator services enclave is further to: authenticate a second trusted execution environment, wherein the second trusted execution environment comprises a tenant application of the tenant enclave; and [Martin, para. 112 discloses the first secure enclave authenticating the second secure enclave. This may be in response to inspecting the policy (block 75) but that is not necessarily the case in other embodiments. Block 725 does not necessarily demand that the first enclave authenticate itself to the second enclave or vice versa. More essential is that first secure enclave appreciate “who” the second enclave is in order to later vet the second secure enclave as including an application that may examine the content in question] 
receive the encrypted bitstream image from the second trusted execution environment in response to authentication of the second trusted execution environment. [Martin, para. 114 discloses a message indicating authenticity leads to where the first secure enclave decrypts the encrypted content to produce additional decrypted content and processes the additional decrypted content (e.g., renders a document, plays a song, plays a television show) in response to receiving the message from the second secure enclave]
	Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to incorporated martin’s system into modified Krish’s system with a motivation to include an isolated memory region within an application's virtual address space (e.g., an inspection engine such as malware detection utility) and only code executing within the second secure enclave can access data (e.g., digital content such video, audio, text, and the like) located in the second secure enclave. [Martin, para. 108]

Regarding claim 11, modified Krish teaches the computing device of claim 1, but modified Krish does not teach further comprising a tenant enclave, wherein the accelerator services enclave is further to: authenticate a second trusted execution environment, wherein the second trusted execution environment comprises a tenant application of the tenant enclave; receive an encrypted bitstream image and a bitstream image key from the second trusted execution environment in response to authentication of the second trusted execution environment; decrypt the encrypted bitstream image with the bitstream image key to recover a bitstream image; determine whether the bitstream image satisfies an owner policy; and program the accelerator device with the encrypted bitstream image in response to a determination that the bitstream image satisfies the owner policy.
However, Martin does teach further comprising a tenant enclave, wherein the accelerator services enclave is further to: authenticate a second trusted execution environment, wherein the second trusted execution environment comprises a tenant application of the tenant enclave; [Martin, para. 112 discloses the first secure enclave authenticating the second secure enclave. This may be in response to inspecting the policy (block 75) but that is not necessarily the case in other embodiments. Block 725 does not necessarily demand that the first enclave authenticate itself to the second enclave or vice versa. More essential is that first secure enclave appreciate “who” the second enclave is in order to later vet the second secure enclave as including an application that may examine the content in question]
receive an encrypted bitstream image and a bitstream image key from the second trusted execution environment in response to authentication of the second trusted execution environment; [Martin, para. 87 discloses document use policy and encryption keys are stored in a database on a server remotely located from the platform operating any enclave that executes content. Para. 88 discloses a protected document is encrypted within the enclave that includes hardened application. An authorized user, upon receipt of an encrypted document, can view it using the secure document reader component of the client application, running inside an enclave. The policy engine, after validating that the use policy (downloaded securely from the server into the enclave) of the document is compatible with the user operation (e.g., an AV utility to inspect the content), also gets the document decryption key and transfers the key and control to the inspection engine. The inspection engine decrypts the document inside its enclave, parses the content, and generally inspects the content for malware and the like.]
decrypt the encrypted bitstream image with the bitstream image key to recover a bitstream image; [Martin, para. 114 discloses the second secure enclave decrypting the encrypted content to produce decrypted content, and inspecting the decrypted content. Para. 108 discloses The second secure enclave may include an isolated memory region within an application's virtual address space (e.g., an inspection engine such as malware detection utility) and only code executing within the second secure enclave can access data (e.g., digital content such video, audio, text, and the like) located in the second secure enclave. Para. 88 discloses The policy engine, after validating that the use policy (downloaded securely from the server into the enclave) of the document is compatible with the user operation (e.g., an AV utility to inspect the content), also gets the document decryption key and transfers the key and control to the inspection engine. The inspection engine decrypts the document inside its enclave, parses the content, and generally inspects the content for malware and the like.], but Krish in view of Martin does not teach determine whether the bitstream image satisfies an owner policy; and program the accelerator device with the encrypted bitstream image in response to a determination that the bitstream image satisfies the owner policy.
However, Pap does teach determine whether the bitstream image satisfies an owner policy; and [Pap, para. 51 discloses using the topology of the connected enclaves and this policy, the verifier searches for all I/O devices starting from the trusted application and verifies that the needed I/O devices for the TIO usage is a subset of the reachable devices] 
program the accelerator device with the encrypted bitstream image in response to a determination that the bitstream image satisfies the owner policy. [Pap, para. 49 discloses the trusted application may be embodied as an application enclave that is protected with the secure enclave support of the processor. In block 424, the trusted application initializes protected DMA channels for use with the I/O devices associated with the trusted usage. The trusted application may use the crypto engine programming support of the processor to program the cryptographic engine to protect DMA channels associated with one or more I/O devices. Para. 52 discloses the application enclave may perform the verification itself based on a policy provisioned by an independent software vendor.]
	Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Martin’s system and Pap’s system into Krish’s system, with a motivation to verify that all I/O devices needed for a particular usage are properly connected to the trusted application via trusted CEE, DDEs, middleware enclaves, and/or SBE enclaves [Pap, para. 51], securely access the I/O devices associated with the requested secure usage after verifying the application attestation information by submitting the application attestation information to a remote verification service [Pap, para. 54], and the second secure enclave may include an isolated memory region within an application's virtual address space (e.g., an inspection engine such as malware detection utility) and only code executing within the second secure enclave can access data (e.g., digital content such video, audio, text, and the like) located in the second secure enclave. [Martin, para. 108]
 
Regarding claim 12, modified Krish teaches the computing device of claim 11, wherein the computing device comprises the accelerator device, wherein the accelerator device comprises a field-programmable gate array (FPGA) [Krish, para. 243 discloses some or all of the systems and/or modules may be implemented or provided in other ways, such as at least partially in firmware and/or hardware, including, but not limited to, one or more application-specific integrated circuits (ASICs), standard integrated circuits, controllers (e.g., by executing appropriate instructions, and including microcontrollers and/or embedded controllers), field-programmable gate arrays (FPGAs), complex programmable logic devices (CPLDs), etc.], but modified Krish does not teach wherein the owner policy comprises a hardware safety policy.
However, Pap does teach wherein the owner policy comprises a hardware safety policy. [Pap, para. 51 discloses a policy from an operating system vendor, an independent software vendor, or other source may be available to the verifying entity to derive the list of I/O devices 146 for a specific TIO usage, such as trusted text input.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Martin’s system and Pap’s system into Krish’s system, with a motivation to verify that all I/O devices needed for a particular usage are properly connected to the trusted application via trusted CEE, DDEs, middleware enclaves, and/or SBE enclaves [Pap, para. 51].

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893.  The examiner can normally be reached on Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/P.P./Patent Examiner, Art Unit 2434                                                                                                                                                                                                        
/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434