DETAILED ACTION
	This is in response to the application filed on January 7, 2019 where Claims 1 – 20 of which Claims 1, 9, and 15 are in independent form, are presented for examination.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statements (IDSs) submitted on April 29, 2021, May 5, 2021, June 8, 2021, June 10, 2021, August 17, 2021, September 8, 2021, and November 10, 2021 were filed before the mailing date of the current action.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
101 Analysis
	Claims 1, 9, and 15 are directed to protecting access by an application running within a secure enclave to memory pages allocated to a plurality of hardware accelerators using access control rules.  The claims do not recite an abstract idea, law of nature, or natural phenomenon.  Therefore, the claims satisfy Step 2A, Prong One of the 2019 Revised 101 Patent Eligibility Guidelines as patent eligible subject matter.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claim(s) 1 – 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by PGPub. 2018/0114013 (hereinafter “Sood”).
1.	Regarding Claims 1, 9, and 15, Sood discloses of a data processing host system [Figs. 6 – 8], comprising: 
a security module [Figs. 6 – 8; Para. 0091-92; TPM/CSME]; 
one or more processors coupled to the security module [Figs. 6 – 8; Para. 0075, 0080, 0087, 0263; multiple processing cores]; and 
a memory coupled to the processor to store instructions, which when executed by the processor, cause the processor to perform operations [Figs. 6 – 8; Para. 0263], the operations including: 
performing a secure boot using the security module of the host system [Para. 0054, 0091, 0092, 0094; launching encrypted firmware],
establishing a trusted execution environment (TEE) associated with one or more processors of the host system [Figs. 1, 2, 4 and 9; Para. 0037, 0051, 0097; enclave (SGX) generated for requesting application], 
launching a memory manager within the TEE [Figs. 1, 11a and 11b; Para. 0039, 0051-52; SECS, TCS, and/or service manager running in enclave], wherein the memory manager is configured to manage memory resources of a data processing (DP) accelerator coupled to the host system over a bus, including maintaining memory usage information of global memory of the DP accelerator [Figs. 1, 2, 4, 9 and 10; Para. 0037, 0039-49, 0052-54, 0100-102; service manager programs the registers of the accelerator with pointers to the 
in response to a request received from an application running within the TEE for accessing a memory location of the DP accelerator, allowing or denying the request based on the memory usage information [Fig. 9, 11a and 11b; Para. 0039-50, 0055-56, 0091, 0098, 0124-126; if a memory access request from the application within the secure enclave is received, the request is allowed if the virtual memory address is part of the enclave’s virtual address space containing the application; accelerator input and output queues in enclave’s virtual address space (e.g., Fig. 12a)].
2.	Regarding Claims 2, 10, and 16, Sood discloses all the limitations of Claims 1, 9, and 15 above.  Sood further discloses that the memory manager is implemented as a part of a runtime library associated with the DP accelerator, which is executed within the TEE of the host system [Figs. 2 and 3; Para. 0037, 0039-40, 0048-50, Enclave Page Cache (EPC) and Enclave Page Cache Map (EPCM), where runtime component includes page tables].
3. 	Regarding Claims 3, 11, and 17, Sood discloses all the limitations of Claims 1, 9, and 15 above.  Sood further discloses that maintaining memory usage information of global memory of the DP accelerator comprises maintaining a memory usage data structure to record memory allocation of memory blocks of the global memory of the DP accelerator [Figs. 3, 11a, and 11b; Para. 0044-50, virtual address translated to physical address corresponding to the enclave; accelerator input and output queues in enclave’s virtual address space (e.g., Fig. 12a)].
Claims 4, 12, and 18, Sood discloses all the limitations of Claims 3, 11, and 17 above.  Sood further discloses that the memory usage data structure comprises a plurality of entries, each entry recording a memory block of the global memory of the DP accelerator that has been allocated [Figs. 3, 11a, and 11b; Para. 0044-50, 0100-102; scatter approach for the input and output queues for the accelerator].
5. 	Regarding Claims 5, 13, and 19, Sood discloses all the limitations of Claims 4, 12, and 18 above.  Sood further discloses that each entry stores a starting memory address of a corresponding memory block, a size of the corresponding memory block, and a flag indicating whether the corresponding memory block has been allocated [Figs. 4 and 5; Para. 0051-53; EPCM entry indicating type of page, linear address (starting address), RWX (flags); enclave size].
6.	 Regarding Claims 6, 14, and 20, Sood discloses all the limitations of Claims 3, 11, and 17 above.  Sood further discloses of receiving a first request from the application to allocate a first memory block from the global memory of the DP accelerator [Figs. 4 and 5; Para. 0051; application calls SGX driver to allocate an enclave];
in response to the first request, determining whether the first memory block has been allocated based on the memory usage information stored in the memory usage data structure, without having to interrogate the DP accelerator [Figs. 4 and 5; Para. 0051-53; system software responsible for selecting a free EPC page, type, and attributes]; and 

7. 	Regarding Claim 7, Sood discloses all the limitations of Claim 6 above.  Sood further discloses of denying the first request, in response to determining that the first memory block has been allocated [Figs. 4 and 5; Para. 0051-53; system software responsible for selecting a free EPC page, type, and attributes].
8. 	Regarding Claim 8, Sood discloses all the limitations of Claim 3 above.  Sood further discloses of receiving a second request from the application to deallocate a second memory block from the global memory of the DP accelerator [Figs. 4 and 5; Para. 0056-58; application exits enclave];
in response to the second request, determining whether the second memory block has been allocated to the application based on the memory usage information stored in the memory usage data structure [Figs. 4 and 5; Para. 0056-58; clears the enclave addresses and TLB entries for enclave addresses, clears register state, and reclaims EPC pages];
deallocating the second memory block from the global memory, in response to determining that the second memory block has been allocated to the application [Figs. 4 and 5; Para. 0056-58; clears the enclave addresses and TLB entries for enclave addresses, clears register state, and reclaims EPC pages]; and 
.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. PGPub. 2014/0096132 – generating virtual address mapping for hardware accelerator; PGPub. 2016/0364341 – system and method for virtualizing a trusted application within a TEE; PGPub. 2019/0007334 – system and method for implementing remote hardware acceleration for host systems within a computing cloud.
Contacts
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Tae K. Kim, whose telephone number is (571) 270-1979.  The examiner can normally be reached on Monday - Friday (10:00 AM - 6:30 PM EST).
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jorge Ortiz-Criado, can be reached on (571) 272-7624.  The fax phone number for submitting all Official communications is (703) 872-9306.  The fax phone number for submitting informal communications such as drafts, proposed amendments, etc., may be faxed directly to the examiner at (571) 270-2979.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  
/TAE K KIM/Primary Examiner, Art Unit 2496