DETAILED ACTION
This Action is in consideration of the Applicant’s response on May 3, 2022.  Claims 1 and 11 are amended by the Applicant.  Claims 10 and 20 are withdrawn as a non-elected species.  Claims 1 – 9 and 11 – 19, where Claims 1 and 111 are in independent form, are presented for examination.  
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
	Applicant’s arguments filed May 3, 2022
 have been fully considered but they are not persuasive.  Applicant argued:
a)	Regarding Claim 1, the combination of Kancharla and Buer does not disclose or suggest “a secure storage area to store a private root key associated with the DP accelerator, wherein the private root key is utilized for authentication to allow the host system [to] authenticate the DP accelerator.”
The Office respectfully disagrees with Applicant’s assertions.
1.	With regards to a), in response to Applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
	As indicated in the Non-Final Rejection, mailed February 3, 2022 (hereinafter “Non-Final”), Kancharla was used to disclose “a secure storage area to store a private root key associated with the DP accelerator, wherein the private 
	The Office reminds the Applicant that the pending claims must be "given the broadest reasonable interpretation consistent with the specification" [In re Prater, 162 USPQ 541 (CCPA 1969)] and "consistent with the interpretation that those skilled in the art would reach" [In re Cortright, 49 USPQ2d 1464 (Fed. Cir. 1999)].
	The Applicant’s arguments regarding the new limitation describe limitations that are not part of the claimed limitation [See Remarks, Pg. 10-11].  The claim merely indicates that “the private root key is utilized for authentication to allow the host system [to] authenticate the DP accelerator.”  There are no nonce, random numbers, or temporary keys claimed.  The claim only requires that the private root key allows the host system to authenticate the DP accelerator.
	Kancharla further discloses that a successful secured handshake between the web service provider/host and the HSM-VM must occur before access to offload the key management and crypto operations (to allow the host system [to] authenticate the DP accelerator) [See, Fig. 1, Para. 0035, 0038].  Buer discloses that the security module uses the root key for digital signatures to securely identify the security module [Para. 0160].  Therefore, the combination of Kancharla and Buer discloses the claimed limitation.
2.	The balance of the arguments relies on the remarks presented for Claim 1 [See Remarks, Pg. 11-12].  Therefore, the Office relies on the arguments presented above regarding Claim 1.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 – 3 and 11 – 13 are rejected under 35 U.S.C. 103 as being unpatentable over PGPub. 2015/0358294 (hereinafter “Kancharla”), in view of PGPub. 2006/0085844 (hereinafter “Buer”).
3.	Regarding Claims 1 and 11, Kancharla discloses of a data processing system [Figs. 1 and 2; Para. 0017-18], comprising:
a host system hosting one or more trusted execution environments (TEEs), each TEE hosting at least one application therein [Fig. 1; Para. 0016-18; host running a plurality of HSM-VMs (TEEs) to provide enterprise/web/cloud application services]; and
one or more data processing (DP) accelerators coupled to the host system over a bus [Figs. 1 and 2; Para. 0018, 0020-21; HSM (DP accelerator) coupled to each host via PCIe connection], wherein each of the DP accelerators comprises:
one or more execution units (EUs) configured to perform data processing operations in response to an instruction received from a host system coupled over the bus [Fig. 2, item 208; Para. 0020-21; multi-core processor of the HSM],
a security unit (SU) configured to establish and maintain a secure channel with the host system to exchange commands and data associated with the data processing operations [Fig. 1, item 108; Para. 0022-23; each HSM partition can be configured to enable cryptographic acceleration by performing crypto operation with hardware accelerators and embedded software], wherein the security unit comprises:
a secure storage area to store a private  to allow the host system [to] authenticate the DP accelerator) [See, Fig. 1, Para. 0035, 0038],
a random number generator to generate a random number [Para. 0015, 0021, 0023; each HSM partition can support random number generation], and
a cryptographic engine to perform cryptographic operations on the data exchanged with the host system over the bus using a session key derived based on the random number [Para. 0022, 0038-39; each HSM partition is dedicated to support key and security credential management and to perform crypto operations offloaded from the associated web service provider/host; the secure communication channel is via SSL/TLS VPN (mutually authenticated channel that establishes a session key via a random number provided by each party], and 
a time unit (TU) coupled to the security unit to provide timestamp services [Para. 0028, 0039; HSM partition can store keys or other credentials along with timestamps; HSM partition also logs what keys are used along with the timestamps of the commands].
	Kancharla, however, does not specifically disclose that the stored private key is a private root key.  Alternatively, if Applicant opines that a session key is derived based on the random number, Buer is referenced below.
	Buer discloses a system and method for establishing a security boundary within a host device utilizing a security module to store and utilize encryption keys on behalf of the host device [Figs. 5 and 9; Para. 0116-117, 151, 0157].  Buer discloses that the root key, comprising a private, public key pair, is stored in the security module and are used for digital signatures to securely identify the security module [Para. 0160-161].  Buer further discloses that the security module can generated one or more keys using a random number as a seed that are used to establish a secure channel with a remote device and to authenticate information sent from the module to the remove device and vice versa (e.g., session key) [Para. 0159, 0162, 0192].  Buer further discloses of storing the session private key [Para. 0171].  It would have been obvious to one skilled in the art before the effective filing date of the current invention to incorporate the teachings of Buer with Kancharla since both systems utilizes a security module to perform cryptographic operations on behalf of a couple host system.  The motivation to do so would be to provide new keys for each established session between the security module and the host for improved security and key management (obvious to one skilled in the art).
4. 	Regarding Claims 2 and 12, Kancharla, in view of Buer discloses all the limitations of Claims 1 and 11 above.  Buer further discloses that the private root key was preconfigured and stored in the secure storage area during manufacturing of the DP accelerator [Para. 0161].  It would have been obvious to one skilled in the art before the effective filing date of the current invention to incorporate the teachings of Buer with Kancharla since both systems utilizes a security module to perform cryptographic operations on behalf of a couple host system.  The motivation to do so would be to provide new keys for each established session between the security module and the host for improved security and key management (obvious to one skilled in the art).
5. 	Regarding Claims 3 and 13, Kancharla, in view of Buer discloses all the limitations of Claims 1 and 11 above.  Kancharla further discloses that security unit is configured to:
receive a request from the host system to establish a secure connection with the DP accelerator [Par. 0039; each new connection request received from the user/web service, the HSM-VM establishes a secured communication channel with the user/web service provider]; and
in response to the request, generate the session key based on the random number generated by the random number generator, wherein the session key is utilized to encrypt or decrypt the data exchanged with the host system over the secure connection [Para. 0022, 0038-39; each HSM partition is dedicated to support key and security credential management and to perform crypto operations offloaded from the associated web service provider/host; the secure communication channel is via SSL/TLS VPN (mutually authenticated channel that establishes a session key via a random number provided by each party].
Claims 4, 5, 14, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Kancharla, in view of Buer, in further view of PGPub. 2015/0213433 (hereinafter “Khan”).
6.	Regarding Claims 4 and 14, Kancharla, in view of Buer discloses all the limitations of Claims 3 and 13 above.  Neither Kancharla nor Buer, however, specifically discloses that the random number generator is configured to generate the random number based on a seed value.
	Khan discloses a system and method for generation encryption key pairs within a security device [Abstract].  Khan further discloses that the encryption key pairs are generated using a pseudo-random number generator that utilizes a positive integer as input to the RND function (based on a seed value) [Para. 0051].  It would have been obvious to one skilled in the art before the effective filing date of the current invention to incorporate the teachings of Khan with Kancharla since both systems utilizes a security module to generate encryption key pairs utilized for secure communication between parties.  The modification of the RNG in Kancharla to a pseudo-random number generator of Khan would have been an obvious variation and design choice that does not change or affect the functionalities of the Kancharla system.
7.	Regarding Claims 5 and 15, Kancharla, in view of Buer discloses all the limitations of Claims 4 and 14 above.  Kancharla further discloses that the timestamp is further utilized to determine whether the session key has expired [Para. 0028, 0044; SSL rekey time], in which a new session key is to be generated [Para. 0044; SSL rekey time].
Allowable Subject Matter
Claims 6 – 9 and 16 – 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Contacts
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Tae K. Kim, whose telephone number is (571) 270-1979.  The examiner can normally be reached on Monday - Friday (10:00 AM - 6:30 PM EST).
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jorge Ortiz-Criado, can be reached on (571) 272-7624.  The fax phone number for submitting all Official communications is (703) 872-9306.  The fax phone number for submitting informal communications such as drafts, proposed amendments, etc., may be faxed directly to the examiner at (571) 270-2979.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov.  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free).
/TAE K KIM/Primary Examiner, Art Unit 2496