DETAILED ACTION
This Non-Final Office Action is in response to the request for continued examination filed on 12/29/2021.  	Claims 1-23 are being considered on the merits.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
2.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 12/29/2021 has been entered.
Response to Arguments
3.	Applicant's arguments filed 12/29/2021 have been fully considered but they are not persuasive. Applicant argues that regarding independent claims 1, 7-8, 14-15 and 22, Pappachan in view of McCrary and Ghosh fails to teach “the first command comprising an instruction and associated parameter data including an address of a memory region referenced by the first command and comprising first command data to be operated on by execution of the first command” and “compute a first authentication tag using a cryptographic key associated with the host device, the instruction and the first command data residing at the address of a memory region referenced by the first command”
With respect to this argument, as disclosed below, Pappachan in paragraph [0050] discloses  generating an authentication tag (first command data) using the encryption key used to protect the DMA channel. The authentication tag includes additional information to assist with integrity verification. Ghosh in paragraph [0042] discloses an initialization vector IV (first command data), secret key K, and associated parameter data) included with a DMA transfer request which includes addressing data, metadata or other data relating to the command instruction. In paragraph [0044], the processor configures the DMA controller by writing one or more descriptors or other commands that describe the DMA transfer. The descriptors identify a memory address or memory range where command data is residing. The DMA controller then performs one or more DMA transactions defined by the descriptors. 
Therefore, the combination of Pappachan in view of McCrary and Ghosh, as disclosed above, teach the claimed limitations of independent claims 1, 7-8, 14-15 and 22 and thereby the dependent claims. 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



4.	Claims 1-24 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub No. US 2017/0024568 A1 to Pappachan, (hereinafter, “Pappachan”) in view of US Pub. No. US 2019/0129754 A1 to McCrary, (hereinafter, “McCrary”) and in further view of US Pub. No. US 2019/0132118 A1 to Ghosh, (hereinafter, “Ghosh”).

As per claims 1, 8 and 15, Pappachan teaches an apparatus, a computer-implemented method and a non-transitory computer readable medium, respectively, comprising: 
a computer-readable memory comprising one or more command buffers; and a processing device communicatively coupled to the computer-readable memory (Pappachan, para. [0021] “a computing device 100 for I/O authenticity verification includes, among other components, a processor 120, main memory 132, a hardware cryptographic engine 140, and one or more I/O controllers 144 in communication with one or more I/O devices 146. In use, the cryptographic engine 140 provides on-the-fly encryption and decryption of data transferred via direct memory access operations (DMAed) between the platform I/O controllers 144 and the memory 132…In the case of input, the cryptographic engine 140 generates the AT metadata, which is written to a dedicated AT queue in the memory 132 (separate from the DMA buffer). In the case of output, trusted software generates the AT metadata and the cryptographic engine 140 reads the AT metadata from the AT queue and uses it to validate integrity. Thus, the computing device 100 may provide data origin authenticity, integrity, and replay protection of I/O data with zero hardware cost to the IO controllers 144 and/or devices 146, and may have a low cost/impact to the software stack (e.g., by avoiding impact to low-level I/O bus drivers). Additionally, the computing device 100 may size an AT queue to meet the latency and throughput requirements of a particular DMA channel.”) to:
compute a first authentication tag using a cryptographic key associated with the host device (Pappachan, para. [0050] “a metadata producer of the computing device 100 generates authentication tag (AT) metadata based on one or more DMA transactions. The metadata producer computes the authentication tag (AT) metadata using an authenticated encryption algorithm such as AES-GCM, using the encryption key used to protect the DMA channel. In addition to the AT metadata, additional information may be recorded to assist the integrity verifier and to manage the AT queue 318. As described further below, the metadata producer may be embodied as the cryptographic engine 140 for input data or as trusted software (e.g., the DDE 310) for output data.”); and 
authenticate the first command by comparing the first authentication tag with a second authentication tag computed by the host device and associated with the command (Pappachan, para. [0059] “a metadata consumer of the computing device 100 reads and validates the AT metadata from the AT queue 318. The metadata consumer may match the AT metadata from the AT queue 318 with DMA transfer data stored in the DMA buffer 316 and then validate the integrity of the DMA data using the AT metadata. One potential embodiment of an AT metadata to DMA data matching and verification algorithm is described further below in connection with FIG. 6. In some embodiments, in block 428 the trusted software may validate the AT metadata for one or more input DMA transactions. For example, when the DMA transaction is completed and the trusted software (e.g., the trusted DDE 310) is notified of the DMA completion, the trusted software may read the AT data from the AT queue 318 using the AT-data matching algorithm and validate the integrity of the DMA data. In some embodiments, in block 430 the cryptographic engine 140 may validate the AT metadata for one or more output DMA transactions. For example, when the cryptographic engine 140 intercepts the output data to be read by the I/O controller 144, the cryptographic engine 140 reads the corresponding AT metadata from the AT queue 318. For output data, the cryptographic engine 140 verifies the integrity of the output data and releases the output data to the I/O controller 144 if the integrity check passes. In some embodiments, the cryptographic engine 140 may be both the metadata producer and the metadata consumer, for example when performing one or more DMA transactions to copy I/O data in the memory 132.” And para. [0068] “One dimension of the frame metadata array corresponds to the number of frame data buffers stored in a frame buffer queue. The other dimension of the frame metadata array corresponds to the number of stages in the acceleration pipeline. Each metadata buffer includes authentication tag data that corresponds to each cacheline of a frame data buffer. In other words, a metadata buffer includes an integral number of authentication tags that is the same as the number of cachelines in a frame data buffer.”);

Papachan teaches all the limitations of claims 1, 8 and 15 above, however fails to explicitly teach, but McCrary teaches:
read, from a command buffer of the computer-readable memory, a first command received from a host device, the first command executable by one or more processing elements on the processing device (McCrary, para. [0034] “Function calls within the application are translated to commands by a given API. The processing unit 110 sends the translated commands to the memory 120 for storage in the ring buffer 122. The commands are placed in groups referred to as command groups. In some embodiments, the processing units 110 and 130 use a producer-consumer relationship, which is also be referred to as a client-server relationship. The processing unit 110 writes commands into the ring buffer 122. Then the parallel data processing unit 130 reads the commands from the ring buffer 122, processes the commands, and writes result data to the buffer 124.” And para. [0015] “A computing system uses a general-purpose central processing unit (CPU) and a parallel data processing unit, which utilizes a single instruction multiple word (SIMD) micro-architecture. In various embodiments, the parallel data processing unit is a graphics processing unit (GPU). The SIMD micro-architecture uses multiple compute resources and one or more non-secure memories, each accessed by at least one of the multiple compute resources. In various embodiments, each of the compute resources is a pipelined lane for executing a work item of many work items. Each work unit is a combination of a command and respective data.”); 
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of McCrary’s method for providing security  processing sensitive information (McCrary, para. [0004]). 
The combination of Pappachan and McCrary teach all the limitations of claims 1, 8 and 15 above, however fail to explicitly teach but Ghosh teaches: 
the first command comprising an instruction and associated parameter data including an address of a memory region referenced by the first command and comprising first command data to be operated on by execution of the first command (Ghosh, para. [0042] “The computing device 100 provides the initialization vector IV (first command data), secret key K, and additional authenticated data A (associated parameter data) to the secure DMA engine 138…The additional authenticated data A may be embodied as any addressing data, metadata, or other data related to the DMA transfer that will be authenticated but not encrypted by the security engine 200.” And para. [0044] “the processor 120 configures a DMA controller to perform a DMA transfer. The processor 120 may configure the DMA controller, for example, by writing one or more descriptors or other commands that describe the DMA transfer. The descriptors may identify a memory address, memory range, scatter-gather list of addresses or ranges, or other locations in memory and a direction of transfer (e.g., from the memory 130 to the accelerator 136 or vice versa). The DMA controller may perform the DMA transfer, for example, by performing one or more DMA transactions defined by the descriptors. Each DMA transaction may transfer a fixed block of data, such as a 512-bit block of data.” And para. [0085] “The execution of the MMIO transaction is conditional on the integrity of the MMIO transaction request. The MMIO read request may include an address in MMIO space or other data associated with the MMIO read request.”)
the instruction and the first command data residing at the address of a memory region referenced by the first command (Ghosh, para. [0042] “The additional authenticated data A may be embodied as any addressing data, metadata, or other data related to the DMA transfer that will be authenticated but not encrypted by the security engine 200.” And para. [0044] In block 506, the processor 120 configures a DMA controller to perform a DMA transfer. The processor 120 may configure the DMA controller, for example, by writing one or more descriptors or other commands that describe the DMA transfer. The descriptors may identify a memory address, memory range, scatter-gather list of addresses or ranges, or other locations in memory and a direction of transfer (e.g., from the memory 130 to the accelerator 136 or vice versa). The DMA controller may perform the DMA transfer, for example, by performing one or more DMA transactions defined by the descriptors. Each DMA transaction may transfer a fixed block of data, such as a 512-bit block of data.” And para. [0085] “The execution of the MMIO transaction is conditional on the integrity of the MMIO transaction request. The MMIO read request may include an address in MMIO space or other data associated with the MMIO read request.”)
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Ghosh’s secure data transfer into McCrary’s method for providing security of sensitive information and Pappachan’s integrity anti-replay and authenticity assurance, with a motivation for protection against both software and hardware attacks (Ghosh, para. [0002]). 
As per claims 2, 9 and 16, the combination of Pappachan, McCrary and Ghosh teach the apparatus of claim 1, the method of claim 8, and the non-transitory computer readable medium of claim 15, respectively, wherein the processing device is to: initialize an anti-replay counter prior to reading the first command from the command buffer (Pappachan, para. [0046] “The counter field is used as input to the initialization vector (IV) of the cryptographic algorithm. The counter field is used for replay protection. The consumer of the AT metadata may use the counter value in its IV when it performs authenticated decryption of the DMA data”).

As per claims 3, 10 and 17, the combination of Pappachan, McCrary and Ghosh teach the apparatus of claim 2, the method of claim 9, and the non-transitory computer readable medium of claim 16, respectively, wherein the processing device is to: compute the first authentication tag using at least a portion of the anti- replay counter (Pappachan, para. [0046] “The counter field is used as input to the initialization vector (IV) of the cryptographic algorithm. The counter field is used for replay protection. The consumer of the AT metadata may use the counter value in its IV when it performs authenticated decryption of the DMA data.” And TABLE 1 – “CE Counter value used to compute the AT for this ATS.”)

As per claims 4, 11 and 18, the combination of Pappachan, McCrary and Ghosh teach the apparatus of claim 2, the method of claim 9, and the non-transitory computer readable medium of claim 16, respectively, wherein the processing device is to: execute the first command when the first authentication tag matches the second authentication tag (Pappachan, para. [0059] “a metadata consumer of the computing device 100 reads and validates the AT metadata from the AT queue 318. The metadata consumer may match the AT metadata from the AT queue 318 with DMA transfer data stored in the DMA buffer 316 and then validate the integrity of the DMA data using the AT metadata. One potential embodiment of an AT metadata to DMA data matching and verification algorithm is described further below in connection with FIG. 6. In some embodiments, in block 428 the trusted software may validate the AT metadata for one or more input DMA transactions. For example, when the DMA transaction is completed and the trusted software (e.g., the trusted DDE 310) is notified of the DMA completion, the trusted software may read the AT data from the AT queue 318 using the AT-data matching algorithm and validate the integrity of the DMA data. In some embodiments, in block 430 the cryptographic engine 140 may validate the AT metadata for one or more output DMA transactions. For example, when the cryptographic engine 140 intercepts the output data to be read by the I/O controller 144, the cryptographic engine 140 reads the corresponding AT metadata from the AT queue 318. For output data, the cryptographic engine 140 verifies the integrity of the output data and releases the output data to the I/O controller 144 if the integrity check passes. In some embodiments, the cryptographic engine 140 may be both the metadata producer and the metadata consumer, for example when performing one or more DMA transactions to copy I/O data in the memory 132.”)

As per claims 5, 12 and 19, the combination of Pappachan, McCrary and Ghosh teach the apparatus of claim 4, the method of claim 11, and the non-transitory computer readable medium of claim 18, respectively, wherein the processing device is to: increment the anti-replay counter after the first command is executed (Pappachan, para. [0063] “Referring now to FIG. 6, in use, the computing device 100 may execute a method 600 for matching authentication tags with associated DMA data. The computing device 100 may execute the method 600 during authenticated decryption to verify the integrity of the DMA data and to prevent replay in the system memory 132 by reading authentication tag (AT) data from the AT queue 318 and matching the AT metadata against data from the DMA buffer 316. As described above, the method 600 may be performed by the metadata consumer (i.e., the trusted software for input or the cryptographic engine 140 for output) in connection with block 426 of FIG. 4. The method 600 begins in block 602, in which the computing device 100 initializes a message length counter for the DMA channel to zero. In block 604, the computing device 100 starts at the first byte of the DMA data buffer 316. In block 606, the computing device 100 starts processing at the last ATS entry processed in the AT queue 318.”).

As per claims 6, 13 and 20, the combination of Pappachan, McCrary and Ghosh teach the apparatus of claim 1, the method of claim 8, and the non-transitory computer readable medium of claim 15, respectively, wherein processing device is to: abort execution of the first command when the first authentication tag does not match the second authentication tag (Pappachan, para. [0062] “Still referring to FIG. 4, in block 432, the metadata consumer determines whether the AT metadata is valid. If not, the method 400 branches to block 434, in which the metadata consumer executes an appropriate failure mode. For example, in some embodiments, the trusted software (e.g., the associated DDE 310) may be notified of the failure. The computing device 100 may handle the integrity failure by, for example, terminating the DMA transaction or changing the encryption key for computing the AT metadata to prevent the attacker from getting more information to break the integrity of the DMA channel data stream. As another example, in response to failure of the integrity check, the cryptographic engine 140 may also execute an appropriate failure mode. For example, for audio output data, in some embodiments the cryptographic engine 140 may send a packet of random bytes and/or blank data instead of sending the DMA data that was compromised. As another example, in some embodiments the cryptographic engine 140 may notify the trusted software of the failure through an interrupt, so that the trusted software can handle this situation. After executing the failure mode, the method 400 loops back to block 410, in which additional DMA transactions may be processed.”).

As per claims 7, 14 and 21, the combination of Pappachan, McCrary and Ghosh teach the apparatus of claim 1, the method of claim 8, and the non-transitory computer readable medium of claim 15, respectively, wherein the processing device is to: 
read, from the command buffer of the computer-readable memory, a second command received from the host device, the second command executable by one or more processing elements on  (McCrary, para. [0034] “Function calls within the application are translated to commands by a given API. The processing unit 110 sends the translated commands to the memory 120 for storage in the ring buffer 122. The commands are placed in groups referred to as command groups. In some embodiments, the processing units 110 and 130 use a producer-consumer relationship, which is also be referred to as a client-server relationship. The processing unit 110 writes commands into the ring buffer 122. Then the parallel data processing unit 130 reads the commands from the ring buffer 122, processes the commands, and writes result data to the buffer 124.” And para. [0015] “A computing system uses a general-purpose central processing unit (CPU) and a parallel data processing unit, which utilizes a single instruction multiple word (SIMD) micro-architecture. In various embodiments, the parallel data processing unit is a graphics processing unit (GPU). The SIMD micro-architecture uses multiple compute resources and one or more non-secure memories, each accessed by at least one of the multiple compute resources. In various embodiments, each of the compute resources is a pipelined lane for executing a work item of many work items. Each work unit is a combination of a command and respective data.”); 
compute a second authentication tag using a cryptographic key associated with the host device (Pappachan, para. [0050] “a metadata producer of the computing device 100 generates authentication tag (AT) metadata based on one or more DMA transactions. The metadata producer computes the authentication tag (AT) metadata using an authenticated encryption algorithm such as AES-GCM, using the encryption key used to protect the DMA channel. In addition to the AT metadata, additional information may be recorded to assist the integrity verifier and to manage the AT queue 318. As described further below, the metadata producer may be embodied as the cryptographic engine 140 for input data or as trusted software (e.g., the DDE 310) for output data.”); and 
authenticate the second command by comparing the first authentication tag with a second authentication tag computed by the host device and associated with the command (Pappachan, para. [0059] “a metadata consumer of the computing device 100 reads and validates the AT metadata from the AT queue 318. The metadata consumer may match the AT metadata from the AT queue 318 with DMA transfer data stored in the DMA buffer 316 and then validate the integrity of the DMA data using the AT metadata. One potential embodiment of an AT metadata to DMA data matching and verification algorithm is described further below in connection with FIG. 6. In some embodiments, in block 428 the trusted software may validate the AT metadata for one or more input DMA transactions. For example, when the DMA transaction is completed and the trusted software (e.g., the trusted DDE 310) is notified of the DMA completion, the trusted software may read the AT data from the AT queue 318 using the AT-data matching algorithm and validate the integrity of the DMA data. In some embodiments, in block 430 the cryptographic engine 140 may validate the AT metadata for one or more output DMA transactions. For example, when the cryptographic engine 140 intercepts the output data to be read by the I/O controller 144, the cryptographic engine 140 reads the corresponding AT metadata from the AT queue 318. For output data, the cryptographic engine 140 verifies the integrity of the output data and releases the output data to the I/O controller 144 if the integrity check passes. In some embodiments, the cryptographic engine 140 may be both the metadata producer and the metadata consumer, for example when performing one or more DMA transactions to copy I/O data in the memory 132.” And para. [0068] “One dimension of the frame metadata array corresponds to the number of frame data buffers stored in a frame buffer queue. The other dimension of the frame metadata array corresponds to the number of stages in the acceleration pipeline. Each metadata buffer includes authentication tag data that corresponds to each cacheline of a frame data buffer. In other words, a metadata buffer includes an integral number of authentication tags that is the same as the number of cachelines in a frame data buffer.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of McCrary’s method for providing security  processing sensitive information (McCrary, para. [0004]). 
The combination of Pappachan and McCrary teach all the limitations of claims 7, 14 and 21 above, however fail to explicitly teach but Ghosh teaches: 
the first command comprising an instruction and associated parameter data including an address of a memory region referenced by the second command and comprising second command data to be operated on by execution of the second command (Ghosh, para. [0042] “The additional authenticated data A may be embodied as any addressing data, metadata, or other data related to the DMA transfer that will be authenticated but not encrypted by the security engine 200.” And para. [0044] In block 506, the processor 120 configures a DMA controller to perform a DMA transfer. The processor 120 may configure the DMA controller, for example, by writing one or more descriptors or other commands that describe the DMA transfer. The descriptors may identify a memory address, memory range, scatter-gather list of addresses or ranges, or other locations in memory and a direction of transfer (e.g., from the memory 130 to the accelerator 136 or vice versa). The DMA controller may perform the DMA transfer, for example, by performing one or more DMA transactions defined by the descriptors. Each DMA transaction may transfer a fixed block of data, such as a 512-bit block of data.” And para. [0085] “The execution of the MMIO transaction is conditional on the integrity of the MMIO transaction request. The MMIO read request may include an address in MMIO space or other data associated with the MMIO read request.”)
the instruction and at least a portion of the parameter data including the second command data residing at the address of a memory region referenced by the second command (Ghosh, para. [0082] “In block 1010, the processor 120 sends an MMIO write request to the secure MMIO engine 140, including encrypted data (ciphertext) to be written to the accelerator 136. As described further below, the encrypted data may be decrypted by the secure MMIO engine 140 and transferred to the accelerator 136. The MMIO write request may be issued by the processor 120 using the MMIO engine 128 or other typical components of the processor 120 or SoC. MMIO requests are typically performed with small (e.g., 64-bit) payloads, and there may be an MMIO request every clock cycle that requires confidentiality and integrity protection. The execution of an MMIO transaction is conditional on the integrity of the MMIO transaction request. The MMIO request may include an address in MMIO space, encrypted data, or other data associated with the MMIO request. One potential embodiment of a method for processing MMIO write requests that may be performed by the secure MMIO engine 140 is described below in connection with FIG. 11.” And para. [0085] “The execution of the MMIO transaction is conditional on the integrity of the MMIO transaction request. The MMIO read request may include an address in MMIO space or other data associated with the MMIO read request.”)
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Ghosh’s secure data transfer into McCrary’s method for providing security of sensitive information and Pappachan’s integrity anti-replay and authenticity assurance, with a motivation for protection against both software and hardware attacks (Ghosh, para. [0002]). 

As per claim 22, Pappachan teaches an apparatus, comprising: 
a computer-readable memory comprising one or more command buffers; and a processing device communicatively coupled to the computer-readable memory (Pappachan, para. [0021] “a computing device 100 for I/O authenticity verification includes, among other components, a processor 120, main memory 132, a hardware cryptographic engine 140, and one or more I/O controllers 144 in communication with one or more I/O devices 146. In use, the cryptographic engine 140 provides on-the-fly encryption and decryption of data transferred via direct memory access operations (DMAed) between the platform I/O controllers 144 and the memory 132…In the case of input, the cryptographic engine 140 generates the AT metadata, which is written to a dedicated AT queue in the memory 132 (separate from the DMA buffer). In the case of output, trusted software generates the AT metadata and the cryptographic engine 140 reads the AT metadata from the AT queue and uses it to validate integrity. Thus, the computing device 100 may provide data origin authenticity, integrity, and replay protection of I/O data with zero hardware cost to the IO controllers 144 and/or devices 146, and may have a low cost/impact to the software stack (e.g., by avoiding impact to low-level I/O bus drivers). Additionally, the computing device 100 may size an AT queue to meet the latency and throughput requirements of a particular DMA channel.”) to: 
generate a tag record array for the command buffer using a cryptographic key shared with the graphics processing unit (Pappachan, para. [0038] “The video capture module 206 is configured to monitor for an access to a cacheline of a frame buffer data array. The frame buffer data array includes frame data captured by a video capture controller of the computing device 100. The metadata access module 208 is configured to determine a metadata address as a function of an address of the cacheline and to access a frame authentication tag structure using the metadata address. The frame authentication tag structure is included in a frame metadata array that corresponds to the frame buffer data array. The metadata access module 208 may be further configured to authenticate the cacheline of the frame buffer data with the frame authentication tag structure.” And para. [0044] “the CED 304 allocates and initializes the AT queue 318. The CED 304 may, for example, allocate one or more free pages in the memory 132 to store authentication tag metadata in one or more authentication tag structures (ATSs). The CED 304 may allocate an AT queue 318 for each DMA channel, which may provide one AT queue 318 per I/O device 146.”), 
(Pappachan, para. [0067] “the computing device 100 may allocate a frame buffer data array as a two-dimensional array of frame data buffers, starting at a frame data base address in the memory 132. One dimension of the frame buffer data array corresponds to the number of frame data buffers (i.e., frames) stored in a frame buffer queue. The other dimension of the frame buffer data array corresponds to the number of stages in the acceleration pipeline. Each frame data buffer (i.e., frame) may include an integral number of cachelines.”), and 
an authentication tag generated using the cryptographic key shared with the graphics processing unit and data in the one or more address fields (Pappachan, para. [0050] “a metadata producer of the computing device 100 generates authentication tag (AT) metadata based on one or more DMA transactions. The metadata producer computes the authentication tag (AT) metadata using an authenticated encryption algorithm such as AES-GCM, using the encryption key used to protect the DMA channel. In addition to the AT metadata, additional information may be recorded to assist the integrity verifier and to manage the AT queue 318. As described further below, the metadata producer may be embodied as the cryptographic engine 140 for input data or as trusted software (e.g., the DDE 310) for output data.”); and 
store the command buffer and the tag record array in a memory communicatively couple to the apparatus (Pappachan, para. [0044] “the CED 304 allocates and initializes the AT queue 318. The CED 304 may, for example, allocate one or more free pages in the memory 132 to store authentication tag metadata in one or more authentication tag structures (ATSs). The CED 304 may allocate an AT queue 318 for each DMA channel, which may provide one AT queue 318 per I/O device 146. Certain high-bandwidth channels may require an AT queue 318 larger than one page. Additionally, devices 146 supported by the cryptographic engine 140 may be hot-plugged, meaning that the DDEs 310 associated with these devices 146 may be loaded long after the OS has booted. However, the longer an operating system is running, the more difficult it may be to allocate buffers larger than one page (i.e., 4 kB). Accordingly, in some embodiments the AT queue 318 may be constructed out of an arbitrary number of page-sized arrays of ATSs that may be scattered in memory. The AT queue 318 may be organized as a circular queue of one or more ATS arrays.” And para. [0050] “a metadata producer of the computing device 100 generates authentication tag (AT) metadata based on one or more DMA transactions. The metadata producer computes the authentication tag (AT) metadata using an authenticated encryption algorithm such as AES-GCM, using the encryption key used to protect the DMA channel.”).
Papachan teaches all the limitations of claim 22 above, however fails to explicitly teach, but McCrary teaches:

generate a command buffer for a graphics operation to be executed by a graphics processing unit communicatively coupled to the apparatus (McCrary, para. [0034] “a software application begins execution on the processing unit 110. Function calls within the application are translated to commands by a given API. The processing unit 110 sends the translated commands to the memory 120 for storage in the ring buffer 122. The commands are placed in groups referred to as command groups. In some embodiments, the processing units 110 and 130 use a producer-consumer relationship, which is also be referred to as a client-server relationship. The processing unit 110 writes commands into the ring buffer 122. Then the parallel data processing unit 130 reads the commands from the ring buffer 122, processes the commands, and writes result data to the buffer 124. The processing unit 110 is configured to update a write pointer for the ring buffer 122 and provide a size for each command group. The parallel data processing unit 130 updates a read pointer for the ring buffer 122 and indicates the entry in the ring buffer 122 at which the next read operation will use. In various embodiments, the memory controller 132 in the parallel data processing unit 130 performs these steps.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of McCrary’s method for providing security of sensitive information into Pappachan’s integrity anti-replay and authenticity assurance, with a motivation for securely processing sensitive information (McCrary, para. [0004]). 
The combination of Pappachan and McCrary teach all the limitations of claim 22 above, however fail to explicitly teach but Ghosh teaches: 
an instruction associated with the graphics operation and an address of a memory region referenced by the instruction (Ghosh, para. [0082] “In block 1010, the processor 120 sends an MMIO write request to the secure MMIO engine 140, including encrypted data (ciphertext) to be written to the accelerator 136. As described further below, the encrypted data may be decrypted by the secure MMIO engine 140 and transferred to the accelerator 136. The MMIO write request may be issued by the processor 120 using the MMIO engine 128 or other typical components of the processor 120 or SoC. MMIO requests are typically performed with small (e.g., 64-bit) payloads, and there may be an MMIO request every clock cycle that requires confidentiality and integrity protection. The execution of an MMIO transaction is conditional on the integrity of the MMIO transaction request. The MMIO request may include an address in MMIO space, encrypted data, or other data associated with the MMIO request. One potential embodiment of a method for processing MMIO write requests that may be performed by the secure MMIO engine 140 is described below in connection with FIG. 11.”)
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Ghosh’s secure data transfer into (Ghosh, para. [0002]). 

As per claim 23, the combination of Pappachan, McCrary and Ghosh teach the apparatus of claim 22, wherein the command buffer comprises: 
a ring buffer comprising a base command (McCrary, para. [0017] “the command processor schedules commands stored in an external command ring buffer for execution on the compute resources within the parallel data processing unit. Other embodiments use buffers other than the external command ring buffer. In various embodiments, the command processor schedules commands based on state information. For example, in some embodiments, the command processor schedules commands with a protected (trusted) state as assigned by the kernel mode driver to each of the compute units. In other examples, when the parallel data processing unit uses a relatively large number of compute units, the command processor partitions the compute units. In such a case, the command processor schedules commands with a protected (trusted) state to a first set of compute units, and schedules commands with an unprotected (non-trusted) state to a second set of compute units different from the first set.”); and 
at least a first batch buffer linked to the ring buffer by a first pointer and comprising one or more commands that execute in association with the base command (McCrary, para. [0034] “The processing unit 110 sends the translated commands to the memory 120 for storage in the ring buffer 122. The commands are placed in groups referred to as command groups. In some embodiments, the processing units 110 and 130 use a producer-consumer relationship, which is also be referred to as a client-server relationship. The processing unit 110 writes commands into the ring buffer 122. Then the parallel data processing unit 130 reads the commands from the ring buffer 122, processes the commands, and writes result data to the buffer 124. The processing unit 110 is configured to update a write pointer for the ring buffer 122 and provide a size for each command group. The parallel data processing unit 130 updates a read pointer for the ring buffer 122 and indicates the entry in the ring buffer 122 at which the next read operation will use. In various embodiments, the memory controller 132 in the parallel data processing unit 130 performs these steps.”).


Conclusion
5.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US 20190180038 A1 – Computer graphics processing system validation.
US 20110296440 A1 – Accelerator system for secure data storage.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZOHA P TAFAGHODI whose telephone number is (571)272-5199.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained 

/ZOHA PIYADEHGHIBI TAFAGHODI/               Examiner, Art Unit 2437                                                                                                                                                                                         

	/ALI S ABYANEH/	Primary Examiner, Art Unit 2437