DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments, see remarks, filed 5/31/2022, with respect to claims over prior art have been fully considered and are persuasive, see for example page 15 paragraph 1-4 .  The 35 U.S.C. 103 rejection(s) of claims 1-20 has been withdrawn. 
Allowable Subject Matter
Claims 1, 3-8, 12-16, 19-22 are allowed. Claims 2, 9-11, and 17-18 have been cancelled. 
The following is an examiner’s statement of reasons for allowance:
The prior art, Chhabra et al (US 2017/0024584), discloses secure programming of a cryptographic engine include a computing device with a cryptographic engine and one or more I/O controllers. The computing device establishes, an invoking secure enclave using secure enclave support of a processor. The invoking enclave configures channel programming information, including a channel key, and invokes a processor instruction with the channel programming information as a parameter. The processor generates wrapped programming information including an encrypted channel key and a message authentication code. The encrypted channel key is protected with a key known only to the processor. The invoking enclave provides the wrapped programming information to untrusted software, which invokes a processor instruction with the wrapped programming information as a parameter. The processor unwraps and verifies the wrapped programming information and then programs the cryptographic engine. The processor generates an authenticated response that may be verified by the invoking enclave. 
The prior art, Chhabra et al (US 2019/0220721), discloses data exchanged between a processor and a hardware accelerator are disclosed. In various embodiments, a method comprises receiving, at a first endpoint, a first request to change a current tag frequency used to generate a first authentication tag for one or more transactions of a first transaction window sent over a data link to a second endpoint coupled to a processor core. The method further includes sending a message to the second endpoint that the current tag frequency is to change to a new tag frequency, where a second authentication tag for one or more transactions in a second transaction window is to be generated based on the new tag frequency. The method also includes changing the current tag frequency to the new tag frequency based, at least in part, on receiving an acknowledgement that the second endpoint received the message
The prior art, Liu et al (US 2021/.281408), discloses a DP accelerator includes one or more execution units (EUs) configured to perform data processing operations in response to an instruction received from a host system coupled over a bus. The DP accelerator includes a time unit (TU) coupled to the security unit to provide timestamp services. The DP accelerator includes a security unit (SU) configured to establish and maintain a secure channel with the host system to exchange commands and data associated with the data processing operations, where the security unit includes a secure storage area to store a private root key associated with the DP accelerator, where the private root key is utilized for authentication. The SU includes a random number generator to generate a random number, and a cryptographic engine to perform cryptographic operations on data exchanged with the host system over the bus using a session key derived based on the random number.
However, the prior art, either alone or in combination does not expressly disclose: “establishing an encrypted tunnel between a first trusted application in a first trusted execution environment (TEE) of a computing device and trusted software or firmware of a hardware accelerator; generating a call for a first command from the first trusted application; generating an integrity tag for the first command; transferring command parameters for the first command and the integrity tag to an untrusted kernel mode driver for the hardware accelerator to generate the first command; transferring the first command and the integrity tag from the kernel mode driver to the trusted software or firmware of the hardware accelerator; receiving the first command and the integrity tag at the trusted software or firmware of the hardware accelerator and authenticating the first command based on the integrity tag; upon the authentication of the first command being successful, processing the first command at the hardware accelerator; and upon the authentication of the first command being unsuccessful, aborting operation of the first command and clearing a state of the hardware accelerator.”
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Pappachan et al (US 2019/0042766) discloses a memory encryption circuit to encrypt data from a protected device, the data to be stored to a memory; and a filter circuit coupled to the memory encryption circuit, the filter circuit including a plurality of filter entries, each filter entry to store a channel identifier corresponding to a protected device, an access control policy for the protected device, and a session encryption key provided by an enclave, the enclave permitted to access the data according to the access control policy, where the filter circuit is to receive the session encryption key from the enclave in response to validation of the enclave.
Sood et al (US2019/0220601) discloses a processor to: receive a request to configure a secure execution environment for a first workload; configure a first set of secure execution enclaves for execution of the first workload, wherein the first set of secure execution enclaves is configured on a first set of processing resources, wherein the first set of processing resources comprises one or more central processing units and one or more accelerators; configure a first set of secure data paths for communication among the first set of secure execution enclaves during execution of the first workload, wherein the first set of secure data paths is configured over a first set of interconnect resources; configure the secure execution environment for the first workload, wherein the secure execution environment comprises the first set of secure execution enclaves and the first set of secure data paths.
Sheth et al (US 2020/0320199) discloses methods to confirm the integrity of a device for establishing and/or maintaining a trustworthy encrypted network session. An example method can include sending, via a server and using a cryptographic security protocol, a message associated with establishing an encrypted network session; receiving a response from a client device; identifying a level of trust of the client device based on the response; determining whether to perform a next step in the cryptographic security protocol based on the level of trust, wherein the cryptographic security protocol comprises at least one of a Secure Shell (SSH) protocol, a Transport Layer Security (TLS) protocol, a Secure Sockets Layer (SSL) protocol, and an Internet Protocol Security (IPsec) protocol.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KENDALL DOLLY whose telephone number is (571)270-1948. The examiner can normally be reached Monday-Thursday 8am-5pm(EST) and Friday 8am-12pm(EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/KENDALL DOLLY/Primary Examiner, Art Unit 2436