DETAILED ACTION

The instant application having application No 16/692980 filed on 11/22/2019 is presented for examination by the examiner.

Claim Objections
Claims 7 and 18 are objected to because of the following informalities: “DPA” on Claims 7 and 18 should be written in its expanded form.

Examiner Notice
Claim 1 would be allowable if (i) claim 5 is incorporated into the independent claim 1.
Claim 8 would be allowable if (i) claim 10 is incorporated into the independent claim 8.
Claim 12 would be allowable if (i) claim 16 is incorporated into the independent claim 12.
Claim 19 would be allowable if (i) claim 20 is incorporated into the independent claim 19.
    	The claims 1, 8, 12 and 19 have the conditional limitation “when establishing the session key” and “when executed by the processor”, please clarify the conditional language features from the limitations of the claims, See MPEP 2111.04.II provides guidance for contingent limitations.

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.


Claims 1-4, 7-9, 12-15, 18 and 19 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Edirisooriya et al. (U.S. 20180225237, Aug. 9, 2018) in view of Levi et al. (U.S. 20190140979, May 9, 2019)
Regarding Claim 1, Edirisooriya discloses the method comprising receiving, by the first VDP accelerator, from a host device, via a first virtual communication channel of the switch, a list of the one or more second VDP accelerators(page 2, par(0028), line 1-5, hosts employ accelerators to provide the capabilities for hardware-based VM-to-VM data communication);  
for each of the one or more second VDP accelerators, determining a session key between the first VDP accelerator and the second VDP accelerator, wherein the first VDP accelerator uses at least the first virtual communication channel of the switch and a second virtual communications channel of the second VDP accelerator to communicate with the second VDP accelerator when establishing the session key, wherein the second virtual communications channel is determined by the switch(page 2, par(0021), line 1-5, the accelerator include a processing unit for handling data communication sessions originated from VMs , a first VM initiate data communication, destined to a second VM, by posting a DMA descriptor in registers associated with the virtual function of the first VM, the DMA descriptor include a source address, a destination address, data payload, a virtual function identifier (session key) of a second VM for receiving the data payload, and control parameters for establishing VM-to-VM data communication); 
and transmitting, by the first VDP accelerator, to the host device, via the first virtual communication channel of the switch, an indication that the first VDP accelerator is configured for secure communication with each of the one or more second VDP accelerators, wherein the first VDP accelerator and each of the one or more VDP accelerators communicate securely via the switch(page 2, par(00281), line 5-20, Responsive to receiving the DMA descriptor, the DMA descriptor processing circuit inspect the parameters of the physical function to determine data communication is allowed between the first VM and the second VM, the parameters of the physical function specify an access control table that includes the communication permissions among different VMs. Responsive to determining that the data communication between the first VM and the second VM is allowed based on the access control table, the DMA descriptor processing circuit enable the data communication between VMs based on PCIe protocol).
Edirisooriya discloses all aspects of the claimed invention, except a first virtual data processing (VDP) accelerator securely communicating with one or more second VDP accelerators via a switch.
Levi is the same field of invention teaches a first virtual data processing (VDP) accelerator securely communicating with one or more second VDP accelerators via a switch (page 2, par(0020), line 1-5, the network interface controller by a plurality of virtual machines having respective virtual network interface controllers(wherein network controllers are the switches), and processed data that is returned from the accelerator (virtual data processing accelerator)is transmitted from one of the virtual network interface controllers to another of the virtual network interface controllers).
Edirisooriya and Levi are analogous art because they are from the same field of endeavor of access to a service device.
It would have been obvious to one of ordinary skill in the art at the time of the invention to modify the  first virtual data processing (VDP) accelerator securely communicating with one or more second VDP accelerators via a switch the teaching of Edirisooriya to include the network interface controller by a plurality of virtual machines 
Regarding Claim 2, Edirisooriya discloses generating, by the first VDP accelerator, an adjacency table with an entry for each of the one or more second VDP accelerators, each entry comprising a unique identifier of one of the one or more second VDP accelerators, and a session key association with the one of the one or more second VDP accelerators(page 2, par(0021), line 1-5, the accelerator include a processing unit for handling data communication sessions originated from VMs , a first VM initiate data communication, destined to a second VM, by posting a DMA descriptor in registers associated with the virtual function of the first VM, the DMA descriptor include a source address, a destination address, data payload, a virtual function identifier (session key) of a second VM for receiving the data payload, and control parameters for establishing VM-to-VM data communication).
Regarding Claim 3, Edirisooriya discloses the session key generated for the first VDP accelerator and the one of the one or more second VDP accelerators is unique with respect to the first VDP accelerator and any other of the one or more second VDP accelerators(page 2, par(0021), line 1-5, the accelerator include a processing unit for handling data communication sessions originated from VMs , a first VM initiate data communication, destined to a second VM, by posting a DMA descriptor in registers associated with the virtual function of the first VM, the DMA descriptor include a source address, a destination address, data payload, a virtual function identifier (session key which is unique) of a second VM for receiving the data payload, and control parameters for establishing VM-to-VM data communication). 
Regarding Claim 4, Edirisooriya discloses each entry for one of the one or more second VDP accelerators further includes a unique identifier of the one of the one or more second VDP accelerators(page 2, par(0021), line 1-5, the accelerator include a processing unit for handling data communication sessions originated from VMs , a first VM initiate data communication, destined to a second VM, by posting a DMA descriptor in registers associated with the virtual function of the first VM, the DMA descriptor include a source address, a destination address, data payload, a virtual function identifier (session key) of a second VM for receiving the data).
Regarding Claim 7, Edirisooriya discloses communication between the first DPA and the second DPAs is encrypted with a session key that is not known to, or accessible by, the switch(page 2, par(0021), line 1-5, the DMA descriptor include a source address, a destination address, data payload, a virtual function identifier (session key) of a second VM for receiving the data payload, and control parameters for establishing VM-to-VM data communication, the DMA descriptor processing circuit may inspect the parameters of the physical function to determine whether data communication is allowed between the first VM and the second VM).
Regarding Claim 8, Edirisooriya discloses receiving, by the first VDP accelerator, from a host device, via a first virtual communication channel of the switch, a list of the one or more second VDP accelerators; for each of the one or more second VDP accelerators(page 2, par(0028), line 1-5, hosts employ accelerators to provide the capabilities for hardware-based VM-to-VM data communication), determining a session key between the first VDP accelerator and the second VDP accelerator, wherein the first VDP accelerator uses at least the first virtual communication channel of the switch and a second virtual communications channel of the second VDP accelerator to communicate with the second VDP accelerator when establishing the session key, wherein the second virtual communications channel is determined by the switch (page 2, par(0021), line 1-5, the accelerator include a processing unit for handling data communication sessions originated from VMs , a first VM initiate data communication, destined to a second VM, by posting a DMA descriptor in registers associated with the virtual function of the first VM, the DMA descriptor include a source address, a destination address, data payload, a virtual function identifier (session key) of a second VM for receiving the data payload, and control parameters for establishing VM-to-VM data communication); and transmitting, by the first VDP accelerator, to the host device, via the first virtual communication channel of the switch, an indication that the first VDP accelerator is configured for secure communication with each of the one or more second VDP accelerators, wherein the first VDP accelerator and each of the one or more VDP accelerators communicate securely via the switch(page 2, par(00281), line 5-20, Responsive to receiving the DMA descriptor, the DMA descriptor processing circuit inspect the parameters of the physical function to determine data communication is allowed between the first VM and the second VM, the parameters of the physical function specify an access control table that includes the communication permissions among different VMs. Responsive to determining that the data communication between the first VM and the second VM is allowed based on the access control table, the DMA descriptor processing circuit enable the data communication between VMs based on PCIe protocol).
Edirisooriya discloses all aspects of the claimed invention, except a non-transitory machine-readable medium having instructions stored therein, which when executed by a processor, cause the processor to perform operations of a first virtual data processing (VDP) accelerator securely communicating with one or more second VDP accelerators via a switch.
Levi is the same field of invention teaches a non-transitory machine-readable medium having instructions stored therein, which when executed by a processor, cause the processor to perform operations of a first virtual data processing (VDP) accelerator securely communicating with one or more second VDP accelerators via a switch (page 2, par(0020), line 1-5, the network interface controller by a plurality of virtual machines having respective virtual network interface controllers(wherein network controllers are the switches), and processed data that is returned from the accelerator (virtual data processing accelerator)is transmitted from one of the virtual network interface controllers to another of the virtual network interface controllers).
Edirisooriya and Levi are analogous art because they are from the same field of endeavor of access to a service device.
It would have been obvious to one of ordinary skill in the art at the time of the invention to modify the  first virtual data processing (VDP) accelerator securely communicating with one or more second VDP accelerators via a switch the teaching of Edirisooriya to include the network interface controller by a plurality of virtual machines having respective virtual network interface controllers the teaching of Levi because it is providing guidance to the acceleration task to be performed in the accelerator.
Claim 9, Edirisooriya discloses generating, by the first VDP accelerator, an adjacency table with an entry for each of the one or more second VDP accelerators, each entry comprising a unique identifier of one of the one or more second VDP accelerators, and a session key association with the one of the one or more second VDP accelerators(page 2, par(0021), line 1-5, the accelerator include a processing unit for handling data communication sessions originated from VMs , a first VM initiate data communication, destined to a second VM, by posting a DMA descriptor in registers associated with the virtual function of the first VM, the DMA descriptor include a source address, a destination address, data payload, a virtual function identifier (session key) of a second VM for receiving the data payload, and control parameters for establishing VM-to-VM data communication).
Regarding Claim 12, Edirisooriya discloses receiving, by the first VDP accelerator, from a host device, via a first virtual communication channel of the switch, a list of the one or more second VDP accelerators(page 2, par(0028), line 1-5, hosts employ accelerators to provide the capabilities for hardware-based VM-to-VM data communication), for each of the one or more second VDP accelerators, determining a session key between the first VDP accelerator and the second VDP accelerator, wherein the first VDP accelerator uses at least the first (page 2, par(0021), line 1-5, the accelerator include a processing unit for handling data communication sessions originated from VMs , a first VM initiate data communication, destined to a second VM, by posting a DMA descriptor in registers associated with the virtual function of the first VM, the DMA descriptor include a source address, a destination address, data payload, a virtual function identifier (session key) of a second VM for receiving the data payload, and control parameters for establishing VM-to-VM data communication), and transmitting, by the first VDP accelerator, to the host device, via the first virtual communication channel of the switch, an indication that the first VDP accelerator is configured for secure communication with each of the one or more second VDP accelerators, wherein the first VDP accelerator and each of the one or more VDP accelerators communicate securely via the switch(page 2, par(00281), line 5-20, Responsive to receiving the DMA descriptor, the DMA descriptor processing circuit inspect the parameters of the physical function to determine data communication is allowed between the first VM and the second VM, the parameters of the physical function specify an access control table that includes the communication permissions among different VMs. Responsive to determining that the data communication between the first VM and the second VM is allowed based on the access control table, the DMA descriptor processing circuit enable the data communication between VMs based on PCIe protocol).
Edirisooriya discloses all aspects of the claimed invention, except a data processing system, comprising: a processor; and a memory coupled to the processor to store instructions, which when executed by the processor, cause the processor to perform operations of a first virtual data processing (VDP) accelerator securely communicating with one or more second DP accelerators via a switch.
Levi is the same field of invention teaches a data processing system, comprising: a processor; and a memory coupled to the processor to store instructions, which when executed by the processor, cause the processor to perform operations of a first virtual data processing (VDP) accelerator securely communicating with one or more second DP accelerators via a switch (page 2, par(0020), line 1-5, the network interface controller by a plurality of virtual machines having respective virtual network interface controllers(wherein network controllers are the switches), and processed data that is returned from the accelerator (virtual data processing accelerator)is transmitted from one of the virtual network interface controllers to another of the virtual network interface controllers).
Edirisooriya and Levi are analogous art because they are from the same field of endeavor of access to a service device.
It would have been obvious to one of ordinary skill in the art at the time of the invention to modify the  first virtual data processing (VDP) accelerator securely communicating with one or more second VDP accelerators via a switch the teaching of Edirisooriya to include the network interface controller by a plurality of virtual machines having respective virtual network interface controllers the teaching of Levi because it is providing guidance to the acceleration task to be performed in the accelerator.
Regarding Claim 13, Edirisooriya discloses generating, by the first VDP accelerator, an adjacency table with an entry for each of the one or more second VDP accelerators, each entry comprising a reference to a unique identifier of one of the one or more second VDP accelerators, and the session key association with the one of the one or more second DP accelerators(page 2, par(0021), line 1-5, the accelerator include a processing unit for handling data communication sessions originated from VMs , a first VM initiate data communication, destined to a second VM, by posting a DMA descriptor in registers associated with the virtual function of the first VM, the DMA descriptor include a source address, a destination address, data payload, a virtual function identifier (session key) of a second VM for receiving the data payload, and control parameters for establishing VM-to-VM data communication).
Regarding Claim 14, Edirisooriya discloses the session key generated for the first VDP accelerator and the one of the one or more second VDP accelerators is unique with respect to the first VDP accelerator and any other of the one or more second VDP accelerators(page 2, par(0021), line 1-5, the accelerator include a processing unit for handling data communication sessions originated from VMs , a first VM initiate data communication, destined to a second VM, by posting a DMA descriptor in registers associated with the virtual function of the first VM, the DMA descriptor include a source address, a destination address, data payload, a virtual function identifier (session key which is unique) of a second VM for receiving the data payload, and control parameters for establishing VM-to-VM data communication).
Regarding Claim 15, Edirisooriya discloses each entry for one of the one or more second VDP accelerators further includes a unique identifier of the one of the one or more second VDP accelerators(page 2, par(0021), line 1-5, the accelerator include a processing unit for handling data communication sessions originated from VMs , a first VM initiate data communication, destined to a second VM, by posting a DMA descriptor in registers associated with the virtual function of the first VM, the DMA descriptor include a source address, a destination address, data payload, a virtual function identifier (session key) of a second VM for receiving the data).
Regarding Claim 18, Edirisooriya discloses communication between the first DPA and the second DPAs is encrypted with a session key that is not known to, or accessible by, the switch(page 2, par(0021), line 1-5, the DMA descriptor include a source address, a destination address, data payload, a virtual function identifier (session key) of a second VM for receiving the data payload, and control parameters for establishing VM-to-VM data communication, the DMA descriptor processing circuit may inspect the parameters of the physical function to determine whether data communication is allowed between the first VM and the second VM).
Regarding Claim 19, Edirisooriya discloses each VDP accelerator in the plurality of VDP accelerators(page 2, par(0028), line 1-5, hosts employ accelerators to provide the capabilities for hardware-based VM-to-VM data communication); 
establishing a session key between the host device and the VDP accelerator; storing, by the host device, the session key in an adjacency table for the host, wherein each entry in the adjacency table includes: the session key and a unique identifier of the VDP accelerator(page 2, par(0021), line 1-5, the accelerator include a processing unit for handling data communication sessions originated from VMs , a first VM initiate data communication, destined to a second VM, by posting a DMA descriptor in registers associated with the virtual function of the first VM, the DMA descriptor include a source address, a destination address, data payload, a virtual function identifier (session key) of a second VM for receiving the data payload, and control parameters for establishing VM-to-VM data communication); transmitting, to the VDP accelerator, via a switch configured with a virtual communication channel to the VDP accelerator, a list of one or more additional VDP accelerators and an instruction that the VDP accelerator generate a unique session key for each additional VDP accelerator for securing communication between the VDP accelerator and the additional VDP accelerator in the list of one or more additional VDP accelerators(page 2, par(0021), line 1-5, the accelerator include a processing unit for handling data communication sessions originated from VMs , a first VM initiate data communication, destined to a second VM, by posting a DMA descriptor in registers associated with the virtual function of the first VM, the DMA descriptor include a source address, a destination address, data payload, a virtual function identifier (session key which is unique) of a second VM for receiving the data payload, and control parameters for establishing VM-to-VM data communication); and receiving, from the VDP accelerator, via the switch and virtual communication channel, an indication that the VDP accelerator has finished generating the unique session keys for communicating between the VDP (page 2, par(00281), line 5-20, Responsive to receiving the DMA descriptor, the DMA descriptor processing circuit inspect the parameters of the physical function to determine data communication is allowed between the first VM and the second VM, the parameters of the physical function specify an access control table that includes the communication permissions among different VMs. Responsive to determining that the data communication between the first VM and the second VM is allowed based on the access control table, the DMA descriptor processing circuit enable the data communication between VMs based on PCIe protocol).
Edirisooriya discloses all aspects of the claimed invention, except a processing system, comprising: one or more processors; and a memory coupled to the processor to store instructions, which when executed by the processor, cause the processor to perform operations for a host device to configure a plurality of virtual data processing (VDP) accelerators for secure communication.
Levi is the same field of invention teaches a processing system, comprising: one or more processors; and a memory coupled to the processor to store instructions, which when executed by the processor, cause the processor to perform operations for a host device to configure a plurality of virtual data processing (VDP) accelerators for secure  (page 2, par(0020), line 1-5, the network interface controller by a plurality of virtual machines having respective virtual network interface controllers(wherein network controllers are the switches), and processed data that is returned from the accelerator (virtual data processing accelerator)is transmitted from one of the virtual network interface controllers to another of the virtual network interface controllers).
Edirisooriya and Levi are analogous art because they are from the same field of endeavor of access to a service device.
It would have been obvious to one of ordinary skill in the art at the time of the invention to modify the  first virtual data processing (VDP) accelerator securely communicating with one or more second VDP accelerators via a switch the teaching of Edirisooriya to include the network interface controller by a plurality of virtual machines having respective virtual network interface controllers the teaching of Levi because it is providing guidance to the acceleration task to be performed in the accelerator.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure are:
Wang et al. (US 20200073734, Mar. 5, 2020) teaches Communication Method and Device for Virtual Base Stations.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, NGO RICKY can be reached on 571-272-3139.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).




/IQBAL ZAIDI/
Primary Examiner, Art Unit 2464