Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Derek Casper on February 7, 2022.





The application has been amended as follows: 



(Currently Amended)  An apparatus comprising:
a memory to store first data; and
an access control engine comprising circuitry, the access control engine to:
	receive a request for the first data from a communication device over a link established with the communication device; 
	control access to the first data to the communication device based on an authentication state of the communication device and a protection state of the link; and
	provide access to the first data to the communication device responsive to a determination that the protection state of the link indicates that confidentiality, replay, and integrity protections are enabled for the link; 
wherein the link is a Peripheral Component Interconnect Express (PCIe) link and the apparatus and the communication device comprise PCIe endpoints to communicate over the PCIe link.


(Original)  The apparatus of Claim 1, wherein the access control engine is to block access to the first data to the communication device responsive to a determination that the protection state of the link indicates that one or more of confidentiality, replay, and integrity protections are not enabled for the link. 

(Canceled)  
(Original)  The apparatus of Claim 1, wherein the authentication state indicates whether immutable components of the communication device have been authenticated. 

(Original)  The apparatus of Claim 1, wherein the authentication state indicates whether mutable components of the communication device have been authenticated.

(Original)  The apparatus of Claim 1, wherein the authentication state indicates whether credentials of a user associated with the first data have been authenticated. 

(Original)  The apparatus of Claim 1, wherein the access control engine is to control access to the first data to the communication device based on the authentication state and the protection state of the link responsive to a determination that the first data is to be protected. 

(Original)  The apparatus of Claim 7, wherein the access control engine is to provide access to second data over the link to the communication device without checking the protection state of the link responsive to a determination that the data is not protected.

(Original)  The apparatus of Claim 1, wherein, upon a determination that the protection state of the link has degraded, the access control engine is to deny access to the first data over the link to the communication device until the protection state of the link is restored.

(Original)  The apparatus of Claim 9, wherein the determination that the protection state of the link has degraded is made responsive to a notification that the link is to transition to a low power state.

(Original)  The apparatus of Claim 9, wherein the determination that the protection state of the link has degraded is made responsive to a notification that a checksum of a message transmitted over the link is invalid. 

(Original)  The apparatus of Claim 9, wherein responsive to the determination that the protection state of the link has degraded, the access control engine is to deny access to the first data over the link until authentication is performed again. 

(Original)  The apparatus of Claim 1, wherein responsive to a determination that the authentication state or the protection state of the link is insufficient to provide access to the first data, the access control engine is to cause a register accessible by the communication device to be written to, the register to indicate that the first data is inaccessible over the link.

(Original)  The apparatus of Claim 1, wherein responsive to a determination that the authentication state or the protection state of the link is insufficient to provide access to the first data, the apparatus is to tear down the link.

(Original)  The apparatus of Claim 1, further comprising a host computing device and the second communication device.

(Currently Amended)  A method comprising:
storing first data; 
receiving, by a first Peripheral Component Interconnect Express (PCIe) endpoint, a request for the first data from a second PCIe endpoint PCIe link established with the second PCIe endpoint 
controlling, by an access control engine comprising circuitry, access to the first data to the second PCIe endpoint based on an authentication state of the second PCIe endpoint and a protection state of the link; and
providing access to the first data to the communication device responsive to a determination that the protection state of the link indicates that confidentiality, replay, and integrity protections are enabled for the link.

(Canceled)  

(Currently Amended)  At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
store first data; 
receive a request for the first data from a communication device over a link established with a communication device; and
control access to the first data to the communication device based on an authentication state of the communication device and a protection state of the link, wherein the link is a Peripheral Component Interconnect Express (PCIe) link and the machine and the communication device comprise PCIe endpoints to communicate over the link, wherein controlling access to the first data comprises providing access to the first data to the communication device responsive to a determination that the protection state of the link indicates that confidentiality, replay, and integrity protections are enabled for the link.

(Original)  The storage medium of Claim 18, wherein controlling access to the first data comprises blocking access to the first data to the communication device responsive to a determination that the protection state of the link indicates that one or more of confidentiality, replay, and integrity protections are not enabled for the link. 

(Canceled)  
(Canceled)

Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: the prior art fails to teach a link established between two Peripheral Component Interconnect Express (PCIe) endpoint devices that is controlled based on the link having confidentiality, replay, and integrity protections.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRANDON HOFFMAN whose telephone number is (571)272-3863. The examiner can normally be reached Monday-Friday 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BRANDON HOFFMAN/Primary Examiner, Art Unit 2433