DETAILED ACTION
1. 	This is in response to an application No. 16/837,793 filed on April 01, 2020. Claims 1-20 have been submitted for examination. Claims 6, 13 and 20 are canceled as a result of examiner’s amendment. Thus claims 1-5, 7-12 and 14-19 are pending and claims 1, 8 and 15 are independent.  
Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority	
3.	This application filed on 04/01/2020 doesn’t claim priority. Therefore, the effective filling date for the subject matter defined in the pending claims of this application is April 01, 2020.
					Information Disclosure Statement
4.	The information disclosure statements (IDS) submitted on 04/01/2020 has been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Form PTO-1449 is signed and attached hereto.
Drawings
5.	The drawings filed on April 1st, 2020, are accepted. 
Specification
6.	The specification filed on April 1st, 2020, is also accepted. 



EXAMINER’S AMENDMENT
8.	An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with attorney John A. Griffiths, Reg. No. 57,654, on February 23, 2022.


	The application has been amended as follows:
In the claims:

1.	(Currently Amended)  A method for mitigating security vulnerabilities in a heterogeneous computing system, by a processor, comprising:
dynamically detecting anomalous cache coherence behavior between a host and one or more accelerators using a cache controller at a shared last level cache based upon a pair-based coherence messages functioning as a proxy for indicating one or more security attack protocols ; wherein dynamically detecting the anomalous cache coherence behavior includes:
using a first table at the cache controller for dynamically tracking the pair-based 
coherence messages and comparing the pair-based coherence messages based on a set of allowed responses for a selected type of coherence messages for the pair-based coherence messages; 
using a second table at the cache controller for tracking and detecting the one or 
more accelerators as a potential cause of the one or more security attack protocols;
updates the second table with an identifier of the one or more accelerators upon detecting one or more security attack protocols; and
deleting an entry from the first table upon completion of a pair-based coherence 
message transaction. 
2.	(Original)  The method of claim 1, further including comparing the pair-based coherence messages based on a set of allowed responses for a selected type of coherence messages for the pair-based coherence messages, wherein the pair-based coherence messages include an incoming coherence message and an outgoing coherence message between the host and the one or more accelerators

3.	(Original)  The method of claim 1, further including indicating an exception to the pair-based coherence messages based upon comparing the pair-based coherence messages based on a set of allowed responses for a selected type of coherence messages.

4.	(Original)  The method of claim 1, further including marking the one or more accelerators as a potential cause of the one or more security attack protocols based 

5.	(Original)  The method of claim 1, further including increasing a frequency over a selected period of time of comparing the pair-based coherence messages based on a set of allowed responses for a selected type of coherence messages for the pair-based coherence messages. 

6.	(Cancelled)  

7.	(Currently Amended)  The method of claim [[6]] 1, further including[[:]]
updating the second table with an identifier of the one or more accelerators upon detecting one or more security attack protocols

8.	(Original)  A system for mitigating security vulnerabilities in a heterogeneous computing system, the system comprising: 
	one or more computers with executable instructions that when executed cause the system to:
	 	dynamically detect anomalous cache coherence behavior between a host and one or more accelerators using a cache controller at a shared last level cache based upon a pair-based coherence messages functioning as a proxy for indicating one or more security ; wherein dynamically detecting the anomalous cache coherence behavior includes:
using a first table at the cache controller for dynamically tracking the 
pair-based coherence messages and comparing the pair-based coherence messages based on a set of allowed responses for a selected type of coherence messages for the pair-based coherence messages; 
using a second table at the cache controller for tracking and detecting the 
one or more accelerators as a potential cause of the one or more security attack protocols;
updates the second table with an identifier of the one or more accelerators upon detecting one or more security attack protocols; and
deleting an entry from the first table upon completion of a pair-based 
coherence message transaction. 

9.	(Original)  The system of claim 8, wherein the executable instructions compare the pair-based coherence messages based on a set of allowed responses for a selected type of coherence messages for the pair-based coherence messages, wherein the pair-based coherence messages include an incoming coherence message and an outgoing coherence message between the host and the one or more accelerators
10.	(Original)  The system of claim 8, wherein the executable instructions indicate an exception to the pair-based coherence messages based upon comparing the pair-based coherence messages based on a set of allowed responses for a selected type of coherence messages.

11.	(Original)  The system of claim 8, wherein the executable instructions mark the one or more accelerators as a potential cause of the one or more security attack protocols based upon comparing the pair-based coherence messages based on a set of allowed responses for a selected type of coherence messages.

12.	(Original)  The system of claim 8, wherein the executable instructions increase a frequency over a selected period of time of comparing the pair-based coherence messages based on a set of allowed responses for a selected type of coherence messages for the pair-based coherence messages. 

13.	(Cancelled)  

14.	(Currently Amended)  The system of claim [[13]] 8, wherein the executable instructions[[:]]
update the second table with an identifier of the one or more accelerators upon detecting one or more security attack protocols


15.	(Original)  A computer program product for mitigating security vulnerabilities in a heterogeneous computing system, by a processor, the computer program product embodied 
	an executable portion that dynamically detects anomalous cache coherence behavior between a host and one or more accelerators using a cache controller at a shared last level cache based upon a pair-based coherence messages functioning as a proxy for indicating one or more security attack protocols; wherein dynamically detecting the anomalous cache coherence behavior includes:
using a first table at the cache controller for dynamically tracking the pair-based 
coherence messages and comparing the pair-based coherence messages based on a set of allowed responses for a selected type of coherence messages for the pair-based coherence messages; 
using a second table at the cache controller for tracking and detecting the one or 
more accelerators as a potential cause of the one or more security attack protocols;
updates the second table with an identifier of the one or more accelerators upon detecting one or more security attack protocols; and
deleting an entry from the first table upon completion of a pair-based coherence 
message transaction. 

16.	(Original)  The computer program product of claim 15, further including an executable portion that compares the pair-based coherence messages based on a set of allowed responses for a selected type of coherence messages for the pair-based coherence messages, wherein the 

17.	(Original)  The computer program product of claim 15, further including an executable portion that indicates an exception to the pair-based coherence messages based upon comparing the pair-based coherence messages based on a set of allowed responses for a selected type of coherence messages.

18.	(Original)  The computer program product of claim 15, further including an executable portion that:
marks the one or more accelerators as a potential cause of the one or more security attack protocols based upon comparing the pair-based coherence messages based on a set of allowed responses for a selected type of coherence messages.

19.	(Original)  The computer program product of claim 15, further including an executable portion that increases a frequency over a selected period of time of comparing the pair-based coherence messages based on a set of allowed responses for a selected type of coherence messages for the pair-based coherence messages. 

20.	(Cancelled)  


Allowable Subject Matter
9.	Claims 1-5, 7-12 and 14-19 are allowed. 
10.	The following is an examiner’s statements of reasons for allowance:
11. 	 The following references/prior arts disclose the general subject matter recited in independent claims 1, 8 and 15.

A.	US Publication No. 2019/0207969 A1 to Brown discloses the system has processors for executing programming instructions to perform operations of receiving data associated with events detected at a monitored computing device from a monitored computing device, determining of a set of the events from the data for a time interval, identifying patterns within the set of the events based on the patterns satisfying a first predetermined criterion, determining of pattern scores associated with the patterns based on respective relative frequencies of occurrence of the patterns, a composite score for the set of the events based on the pattern scores and the set of the events associated with an incident indicating malicious activity based on the composite score. The processor tags the incident with an event type based on a pattern satisfying a second predetermined criterion. [This prior art is provided with the ids]

B. 	Npl document submitted with the IDS title “Method of Testing Shared Caches/TLB Intervention” discloses a validation test environment for testing shared cache and TLB intervention using true sharing of a set of address buckets, 

C. 	US Publication No. 2013/0081100 A1 to Sreehari discloses systems and methods for using a distributed object cache to propagate and activate changes to security information across nodes of a cluster. Embodiments of the present invention can be implemented, for example, in a security product that enforces security policies, i.e., access control, etc., on resources such as web content provided by a set of servers of nodes of a computing grid and provide ways to handle data synchronization between the servers or nodes of the grid. This synchronization can be performed using a distributed object cache that provides replicated and distributed object caching services. For example, Oracle Coherence is one such distributed object cache that is built on top of a reliable, highly scalable peer-to-peer clustering protocol. However, embodiment of the present invention are not limited to use with Coherence but rather are equally applicable to other distributed object caches.

D.	US Patent No. 9514050 B1 to Agarwal discloses a multicore processor comprises a plurality of cache memories, and a plurality of processor cores, each associated with one of the cache memories. Each of at least some of the cache memories is configured to maintain at least a portion of the cache memory in which each cache line is dynamically managed as either local to the associated processor core or shared among multiple processor cores.

E.	US Publication No. 2015/0058570 A1 to Wang discloses a method of constructing a Share-F state in a local domain of a multi-level cache coherency domain system, includes: 1) when it is requested to access S state remote data at the same address, determining an accessed data copy by inquiring a remote proxy directory RDIR, and determining whether the data copy is in an inter-node S state and an intra-node F state; 2) directly forwarding the data copy to a requester, and recording the data copy of the current requester as an inter-node Cache coherency domain S state and an intra-node Cache coherency domain F state; and 3) after data forwarding is completed, recording, in a remote data directory RDIR, an intra-node processor losing an F permission state as the inter-node Cache coherency domain S state and the intra-node Cache coherency domain F state.



G.  US Publication No.  20200104265 A1 to Berger discloses a method, a computer system, and a computer program product to perform a directory lookup in a first level cache for requested cache line data. A first processor core can detect that the requested cache line data is not found in a plurality of sets of data in the first level cache and detect that existing cache line data stored in a least recently used data set stored in the first level cache is in an exclusive state, wherein the existing cache line data stored in the least recently used data set is to be overwritten by the requested cache line data retrieved from a second level cache. Furthermore, the first processor core can send a request for the requested cache line data and a physical address of the least recently used data 




 H. 	See the other cited prior arts

However, the above prior arts of record including the rest of the cited prior arts including the prior arts cited in the parent applications IDS either taken alone or in combination neither anticipates nor renders obvious the claimed subject matter of the instant application that is taken as a whole including the functional limitation recited in independent claims 1, 8 and 15. For this reason, the specific claim limitations recited in independent claims 1, 8 and 15 taken as whole are found to be allowable.

12.	 The dependent claims which are dependent on the above independent claims 1, 8 and 15 being further limiting to the independent claims, definite and enabled by the specification are also allowed.

13.	Any comments Applicants considers necessary must be submitted no later than the payment of the Issue Fee and to avoid processing delays, should preferable accompany the Issue Fees. Such submission should be clearly labeled "Comments on Statement of 

Conclusion

14.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMSON B LEMMA whose telephone number is 571-272-3806.  The examiner can normally be reached on M-F 8am-10pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shaw Yin Chen can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.	
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SAMSON B LEMMA/
Primary Examiner, Art Unit 2498