DETAILED ACTION
1.	This is in reply to an application filed on 01/10/2020. Claims 1-25 are pending examination.

2.   The present application, filed on or after March 16, 2013, is being examined under 
      the first inventor to file provisions of the AIA .  

3.    

	Allowable subject matter

Claims 24-25 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Note Prior arts do not read on the limitations of claim 14.

4.
Claim Objection
Claims 1, 9 and 14 are objected to, because these claims have typographical errors. The examiner suggests the following correction: 
Claim 1: moving the limitation of “associate the secure TLP with a secure stream” to be after the limitation “encode a transaction layer packet (TLP) with integrity protection and encrypt data payload of the TLP with data encryption for form a secure TLP”.
Note the TLP becomes secure after the encoding and the encrypting steps (see [0109-0111], also see claims 16 and 21). 
Claim 9: Replacement of “a information;” with “an information”.
Claim 14: Replacement of “the fixed field are in bits” with “the fixed field is in bits”.
Claim 14: Replacement of “the invocation field are in bits” with “the invocation field is in bits”.
Claim 14: Replacement of “an linear feedback shift register” with “a linear feedback shift register”.


5.

Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(b):

(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

	Claims 1-15 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite, because claims 1 recites “transmit the secure TLP across the secure stream to the link partner”, claim 2 recites “determine that the apparatus and the link partner support integrity protection and data encryption for TLP encoding”, claim 3 recites “set in a control register indicating that the apparatus and the link partner support a secure stream using integrity protection or data encryption” however there is insufficient antecedent basis for this limitation in the claims. The examiner suggests the following correction: 
Claim 1: 
	Replacement of “transmit the secure TLP across the secure stream to the link partner” with “transmit the secure TLP across the secure stream to a link partner”

6.
Claim Rejections - 35 USC § 102

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1, 4-10, 12, and 15 are rejected under 35 U.S.C. 102(a)(1) as being unpatentable over Lal et al. US 2017/0026171 (hereinafter Lal).

Regarding claim 1 Lal teaches an apparatus comprising: transaction layer logic comprising hardware circuitry to: associate the secure TLP with a secure stream; encode a transaction layer packet (TLP) with integrity protection and encrypt data payload of the TLP with data encryption for form a secure TLP; and transmit the secure TLP across the secure stream to the link partner (Lal teaches a cryptographic engine may detect a TLPs that generated by a controllers to read/write data from/to a memory, wherein TLP prefix may include a flags which may allow the cryptographic engine to perform encryption on the transaction [0037-0041], [0050], and wherein the cryptographic engine may generate an authentication tag structure (ATS) based on the DMA write transaction. The ATS provides authenticity and integrity assurances for the encrypted cipher text. The authentication tag structure may be generated by any appropriate authenticated encryption algorithm, such as AES-GCM [0030], and [0047]).  


Regarding claim 4 Lal teaches the apparatus of claim 1, wherein the transaction layer logic encodes the secure TLP with a secure stream number, the secure stream number unique to the secure stream that the secure TLP will transit (Lal teaches TLP prefix includes a channel identifier field, which uniquely identifies the I/O controller and the DMA channel of the device associated with the transaction, respectively [0039]).  

Regarding claim 5 Lal teaches the apparatus of claim 1, further comprising an encryption engine comprising hardware circuitry to encrypt the TLP ([0030]).  

Regarding claim 6 Lal teaches the apparatus of claim 5, wherein the encryption engine uses an encryption standard based on an American Encryption Standard Galois counter mode (AES-GCM) encryption protocol [0050-0051].  

Regarding claim 7 Lal teaches the apparatus of claim 1, further comprising a data integrity protection engine comprising hardware circuitry to implement data integrity protection to the TLP (Lal teaches the cryptographic engine generates an authentication tag structure (ATS) based on the DMA write transaction. The ATS provides authenticity and integrity assurances for the encrypted cipher text. The authentication tag structure may be generated by any appropriate authenticated encryption algorithm, such as AES-GCM [0030], and [0047]).  

Regarding claim 8 Lal teaches the apparatus of claim 7, wherein the data integrity protection engine uses an integrity protocol based on an American Encryption Standard Galois Counter Mode (AES-GCM) protocol (Lal teaches the cryptographic engine generates an authentication tag structure (ATS) based on the DMA write transaction. The ATS provides authenticity and integrity assurances for the encrypted cipher text. The authentication tag structure may be generated by any appropriate authenticated encryption algorithm, such as AES-GCM [0047]).  

Regarding claim 9 Lal teaches the apparatus of claim 1, further comprising transaction layer logic circuitry to: augment the TLP with a information indicating that the TLP comprises integrity protection and data encryption (Lal teaches the cryptographic engine generates an authentication tag structure (ATS) based on the DMA write transaction. The ATS provides authenticity and integrity assurances for the encrypted cipher text. The authentication tag structure may be generated by any appropriate authenticated encryption algorithm, such as AES-GCM [0047]).  
  

Regarding claim 10 Lal teaches the apparatus of claim 9, wherein the information is contained in one of a TLP prefix or a TLP header (Lal teaches the cryptographic engine generates an authentication tag structure (ATS) based on the DMA write transaction. The ATS provides authenticity and integrity assurances for the encrypted cipher text. The authentication tag structure may be generated by any appropriate authenticated encryption algorithm, such as AES-GCM [0047], wherein the ATS is part of the TLP header (fig. 6)).  


Regarding claim 12 Lal teaches the apparatus of claim 1, wherein the secure stream comprises one or more substreams, the one or more secure substreams comprising a secure substream for posted requests, non-posted requests, or completions (Lal teaches protection module is configured to perform a cryptographic 



Regarding claim 15 Lal teaches the apparatus of claim 1, further comprising transaction layer logic circuitry to: determine that the TLP is to transmit to a link partner on a selective secure stream or a link secure stream; and selectively encode one or more TLPs in the secure stream and/or selectively encrypt data payload of one or more TLPs (Lal teaches a cryptographic engine may detect a TLPs that generated by a controllers to read/write data from/to a memory, wherein TLP prefix may include a flags which may allow the cryptographic engine to perform encryption on the transaction [0037-0041], and [0050]).


7.
Claim Rejections - 35 USC § 103
 In the event the determination of the status of the application as subject to AIA  35   U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



	Claims 2-3 are rejected under 35 U.S.C. 103 as being unpatentable over Lal as mentioned above, and further in view of Zhang et al, US. 2020/0084631 (Zhang et al claims priority to parent application PCT/CN2017/095301) (hereinafter Zhang).

Regarding claim 2 Lal teaches the apparatus of claim 1, further comprising transaction layer logic circuitry. Lal does not teach reading an extended capability register indicating a capability to support IDE; and determine that the apparatus and the link partner support integrity protection and data encryption. Zhang substantially teaches using registration information to determine whether to perform encryption/and or integrity protection on data that may transmitted between a user equipment and a network device, and [0170], and determining a security protection algorithm based on the user equipment security capability and an algorithm priority list supported by the AN [0176].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lal such that the invention further includes reading an extended capability register indicating a capability to support IDE; and determine that the apparatus and the link partner support integrity protection and data encryption. One would have been motivated to do so to avoid any communication issue, 

Regarding claim 3 Lal as modified teaches the apparatus of claim 2, further comprising transaction layer logic circuitry to: set in a control register indicating that the apparatus and the link partner support a secure stream using integrity protection or data encryption (Zhang teaches using registration information to determine whether to perform encryption/and or integrity protection on data that may transmitted between a user equipment and a network device based on the user equipment and the network device [0170], and [0176]).


8.
Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Lal as mentioned above, and further in view of Chesson et al, US. 7,245,724 (hereinafter Chesson).
Regarding claim 11 Lal teaches the apparatus of claim 9. Lal does not teach an L bit that when set indicates that the TLP is a last secure TLP on the secure stream and that subsequent TLPs received on the secure stream are to have a new encryption key set. Chesson substantially teaches a controlling station can send a message to another station indicating that it has sent its last packet using an old key and will use the new key for new packets (col. 3, lin. 60-63).  

9.
Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Lal as mentioned above, and further in view of Engel et al, US. 2009/0019206 (hereinafter Engel).
Regarding claim 13 Lal teaches the apparatus of claim 12, further comprising a transaction layer logic circuitry to. Lal does not teach construct an initialization vector (IV) that includes a fixed field unique to a device and an invocation field unique to the data to be transmitted. Engel substantially teaches an adapter builds a vector of fields, wherein a field vector may include fields that were extracted from the packet header (e.g., source/destination addresses Ethernet/IP etc.), fields extracted from the packet application data, data resulting from a certain operation (e.g. tupliz-hash calculation on the packet data/header-fields) [0115]).
 It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lal such that the invention further includes construct an initialization vector (IV) that includes a fixed field unique to a device and an invocation field unique to the data to be transmitted. One would have been motivated to do so to use the IV as an identifier to perform cryptographic operation on specific data.  

10.
Claims 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Lal as mentioned above, and further in view of Natu et al, US. 2012/0047309 (hereinafter Natu).
Regarding claim 16 Lal teaches a method comprising: determining, by logic circuitry at a transaction layer of a protocol stack of a device, that a packet is to traverse to a link partner on a secure stream; configuring a transaction layer packet (TLP) prefix to identify the TLP as a secure TLP; associating the secure TLP with the secure stream; applying integrity protection and data encryption to the Secure TLP; and transmitting the secure TLP across the secure stream to the link partner (Lal teaches a cryptographic engine may detect a TLPs that generated by a controllers to read/write data from/to a memory, wherein TLP prefix may include a flags which may allow the cryptographic engine to perform encryption on the transaction [0037-0041], and [0050]. The cryptographic engine generates an authentication tag structure (ATS) based on the DMA write transaction. The ATS provides authenticity and integrity assurances for the encrypted cipher text. The authentication tag structure may be generated by any appropriate authenticated encryption algorithm, such as AES-GCM [0030], and [0047]). Lal does not teach authenticating a receiving port of the link partner. Natu substantially teaches PCI Express Root ports and Switch Ports will compare the BDF fields in MCTP packets against this Address Validation List (AVL) for every request [0032].
  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lal such that the invention further includes 

Regarding claim 17 Lal as modified teaches the method of claim 16, further comprising: associating the secure stream with an authentication key; and associating the authentication key with a key identifier (Key ID), the Key ID unique to each of data encryption and integrity protection (Lal teaches the cryptographic engine generates an authentication tag structure (ATS) based on the DMA write transaction (i.e. authentication key is associated with a specific secure stream). The ATS provides authenticity and integrity assurances for the encrypted cipher text. The authentication tag structure may be generated by any appropriate authenticated encryption algorithm, such as AES-GCM [0047], [0061]. Using a channel identifier (CID) as a unique identifier for each DMA transaction [0031], and wherein the ATS is associated with the CID [0054]).  

Regarding claim 18 Lal as modified teaches the method of claim 16, wherein associating the secure TLP with the secure stream comprises associating the secure TLP with a secure stream number, the secure stream number encoded into the TLP prefix (Lal teaches using a channel identifier (CID) as a unique identifier for each DMA transaction [0031], wherein the CID is included in the TLP prefix (fig. 6))  


In response to Claim 19: Rejected for the same reason as claim 6
In response to Claim 20: Rejected for the same reason as claim 8

11.
Claims 21-22 are rejected under 35 U.S.C. 103 as being unpatentable over Lal as mentioned above, and further in view of Guddeti et al, US. 2016/0179738 (hereinafter Guddeti).
Regarding claim 21 Lal teaches a system comprising: the transaction layer comprising hardware circuitry to: encode a transaction layer packet (TLP) with a secure TLP prefix, the secure TLP prefix indicating that the TLP is to transit the interconnect on a secure stream; associate the TLP with the secure stream; perform data encryption on data payload of the TLP and integrity protection on the TLP; and transmit the TLP to the endpoint device (Lal teaches a cryptographic engine may detect a TLPs that generated by a controllers to read/write data from/to a memory, wherein TLP prefix may include a flags which may allow the cryptographic engine to perform encryption on the transaction [0037-0041], [0050], and wherein the cryptographic engine may generate an authentication tag structure (ATS) based on the DMA write transaction. The ATS provides authenticity and integrity assurances for the encrypted cipher text. The authentication tag structure may be generated by any appropriate authenticated encryption algorithm, such as AES-GCM [0030], and [0047]). Lal does not teach a root complex comprising a root port; an endpoint device comprising an upstream port; an interconnect coupling the root port with the upstream port; the root port comprising a protocol stack comprising a transaction layer. Guddeti substantially teaches a root complex may include multiple root ports, each has a full protocol stack [0018], wherein 
  	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lal such that the invention further includes a root complex comprising a root port; an endpoint device comprising an upstream port; an interconnect coupling the root port with the upstream port; the root port comprising a protocol stack comprising a transaction layer. One would have been motivated to do so to enhance the ability of IP reuse across a wide variety of chips [0040].

Regarding claim 22 Lal as modified teaches the system of claim 21, wherein the root port is directly linked to the upstream port and wherein the secure TLP prefix comprises a local TLP prefix (Lal teaches a TLP includes a prefix [0050], fig. 6, and further Guddeti teaches each root port is communicating with a bridge logic (upstream side) via an interconnect [0024]).  

12.
Claim 23 is rejected under 35 U.S.C. 103 as being unpatentable over Lal and Guddeti as mentioned above, and further in view of Price et al, US. 2008/0037658 (hereinafter Price).

Regarding claim 23 Lal as modified teaches the system of claim 22. Lal and Guddeti do not teach a stream comprises setting a stream identifier to zero in a packet 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lal and Guddeti such that the invention further includes a stream comprises setting a stream identifier to zero in a packet header. One would have been motivated to do so to indicate the type of data in the packet [0079].


















Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AYOUB ALATA whose telephone number is (313)446-6541.  The examiner can normally be reached on Monday - Friday 7:30 - 5:00 Est.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung (Jay) Kim can be reached on (571)272-3804.  The fax phone number for the organization where this application or proceeding is assigned is (571)273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/AYOUB ALATA/Primary Examiner, Art Unit 2494