DETAILED ACTION
This office action is in response to applicant’s RCE submission filed on 03/07/2022, which has an effective filing date of 01/04/2019.  Claims 1, 6, 8, 13, 15, and 18 have been amended.  Claims 1-20 are pending and are directed towards methods and computer product for Establishing a Secure Information Exchange Channel between a Host System and a Data Processing Accelerator.  This is Non-Final action. 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
1.	Applicant’s arguments filed 03/07/2022 have been fully considered.
A) Applicant’s arguments, with respect to the amended limitations of claims 1, 8, and 15, that Buer and Wu fail to teach “in response to receiving the request from the application to establish the secure channel with the DP accelerator, examining, by the HCM, an application identifier (ID) of the application to determine whether the application is entitled to access the DP accelerator; in response to the determining that the application is entitled to access the DP accelerator, generating by the HCM a first session key for the secure channel based on a first private key of a first key pair associated with the HCM and a second public key of a second key pair associated with the DP accelerator” (page 10-11 of the present response) have been fully considered but they are moot in view of the new grounds of 35 U.S.C. 103 rejections
Claim Rejections - 35 USC § 103
2.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
3.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Buer et al. (US Pub. 2004/0005061), hereinafter Buer, filed on Jul. 8, 2002 in view of Wu et al. (US Pub. 2019/0089530), hereinafter Wu, filed on Sep. 21, 2017 and Spracklen et al. (US Pub. 2008/0222396), hereinafter Spracklen, filed Mar. 9, 2007. 
Regarding claim 1, Buer teaches a computer-implemented method for establishing and exchanging information via a secure channel between a host system 5and a data processing accelerator (para 34, line 1-9; host processor 120 sends a message along with keys for the given session to the cryptographic accelerator 128 over the network), the method comprising: 
	a host channel manager (HCM) of a host system with an application to establish a secure channel with a data processing (DP) accelerator via the HCM (Fig. 1 and para 34, line 1-9 and para 50, line 1-11; host processor 322 or a server, containing key manager, assigns session keys and cooperates with a cryptographic accelerator 326 in order to provide data security for packets received from client applications communicating on network 324), 
wherein the DP accelerator is coupled to the host system over 10a bus (Fig. 10 and para 160, line 1-13; host processor 322 cooperates with a cryptographic accelerator 326, which may be connected with physical wire connections);
Buer does not teach receiving a request to establish a secure channel
Wu teaches receiving a request to establish a secure channel (para 48, line 1-8; key provider receives a session key request for transmitting secret information)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buer to incorporate the teachings of Wu to provide key provider receiving a session key request for transmitting secret information. Doing so would allow for securely transmitting and receiving cipher keys over a communication channel, as recognized by Wu.
Buer teaches a first private key of a first key pair associated with the HCM and a second public key of a second key pair associated with the DP 15accelerator (para 36, line 1-5 and para 52, line 1-4; private key and public key for the server, or host processor with key manager, and public key of asymmetric keys associated with a cryptographic accelerator); 
Buer does not teach in response to receiving the request from the application to establish the secure channel, generating by a host a first session key for the secure channel based on a first private key of a first key pair and a second public key of a second key pair 
 Wu teaches in response to receiving the request from the application to establish the secure channel, generating by a host a first session key for the secure channel based on a first private key of a first key pair and a second public key of a second key pair (para 40, line 1-19 and para 48, line 1-8 and para 75, line 1-22; in response to session key request communicated to application installed on the host, the key provider being performed on a host device may generate the session key based on public and private keys of the key provider and key requester)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buer to incorporate the teachings of Wu to provide key provider may generate the session key based on public and private keys of the key provider and key requester. Doing so would allow for securely transmitting and receiving cipher keys over a communication channel, as recognized by Wu.
Buer and Wu do not teach the application to establish the channel with the DP accelerator, examining, by the system, an application identifier (ID) of the application to determine whether the application is entitled to access the DP accelerator; 
in response to the determining that the application is entitled to access the DP accelerator,
Spracklen teaches the application to establish the channel with the DP accelerator, examining, by the system, an application identifier (ID) of the application to determine whether the application is entitled to access the DP accelerator (para 34, line 1-9 and para 36, line 1-17; OS receives a request from an application to access the hardware accelerator and receives the process or application identifier to determine that the access is permitted); 
in response to the determining that the application is entitled to access the DP accelerator (para 36, line 1-17 and para 37, line 1-6; OS grants the application request to access the accelerator),
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buer and Wu to incorporate the teachings of Spracklen to provide OS receives a request from an application to access the hardware accelerator and receives the process or application identifier to determine that the access is permitted. Doing so would provide accelerators to be included in processor-based systems to perform specific predefined tasks, as recognized by Spacklen.
Buer teaches in response to the HCM receiving a first data associated with the application to be sent to the DP accelerator, encrypting by the HCM data using a key (para 35, line 1-14 and para 50, line 1-11; host processor 322 receives packets from client applications communicating on network 324 and host processor may encrypt a key using a key encryption key); and 
Buer does not teach encrypting the first data using the first session key 
Wu teaches encrypting the first data using the first session key (para 42, line 1-11; key provider encrypts a payload encrypted with a session key)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buer to incorporate the teachings of Wu to provide key provider encrypting a payload encrypted with a session key. Doing so would allow for securely transmitting and receiving cipher keys over a communication channel, as recognized by Wu.
Buer teaches transmitting the encrypted first data to the DP accelerator 20via the secure channel over the bus (para 35, line 1-14 and para 160, line 1-13; the host processor 120 sends the encrypted key to the cryptographic accelerator 128 over a physical wire connection).
Buer teaches transmitting, by the HCM, the encrypted first data to the DP accelerator 20via the secure channel over the bus (para 35, line 1-14 and para 160, line 1-13; the host processor 120 sends the encrypted key to the cryptographic accelerator 128 over a physical wire connection).
Regarding claim 2, Buer, Wu, and Spracklen teach method of claim 1.
Buer teaches the application communicating with the HCM to establish the secure channel with the DP accelerator and transmitting, by the HCM, a first public key of the first key pair associated with the HCM to the DP accelerator (para 36, line 1-5 and para 50, line 1-11; the host processor 120 containing a key manager shares a public key of asymmetric keys with the key manager of the cryptographic accelerator 128 in order to provide data security for packets received from client applications communicating on network 324)
Buer does not teach in response to the request from the application, transmitting a first public key
Wu teaches in response to the request from the application, transmitting a first public key (para 40, line 1-19 and para 48, line 1-8 and para 75, line 1-22; in response to session key request communicated to application installed on the host, the key provider receives a session key request for transmitting secret information and key provider may send a public of the key provider to the key requester)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buer to incorporate the teachings of Wu to provide key provider receives a session key request for transmitting secret information and key provider may send a public of the key provider to the key requester. Doing so would allow for securely transmitting and receiving cipher keys over a communication channel, as recognized by Wu.
102 Buer teaches receiving, by the HCM, the second public key of the second key pair 5associated with the DP accelerator from an accelerator channel manager (ACM) of the DP accelerator (para 36, line 1-5; host processor 120 receives public key of asymmetric keys from key manager 132 in the cryptographic accelerator)
Buer does not teach receiving the second public key of the second key pair5, in response to the host transmitting the first public key;
Wu teaches receiving the second public key of the second key pair5, in response to the host transmitting the first public key (para 40, line 1-19 and para 48, line 1-8 and para 75, line 1-22; the key provider being performed on the host receives a session key request for transmitting secret information, key provider may send a public of the key provider to the key requester, and key provider may receive a public of the key requester);
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buer to incorporate the teachings of Wu to provide key provider may send a public of the key provider to the key requester and key provider may receive a public of the key requester. Doing so would allow for securely transmitting and receiving cipher keys over a communication channel, as recognized by Wu.
Buer teaches wherein the application runs within a trusted execution environment (TEE) and the HCM and secure channel are secured by a trusted platform module within the host system, and the application communicating with the HCM to establish the secure channel and to exchange information via the secure channel on behalf of the application (Fig. 1 and para 34, line 1-9 and para 50, line 1-11; host processor 322 or a server, containing key manager, assigns session keys and cooperates with a cryptographic accelerator 326 in order to provide data security for packets received from client applications communicating on network 324).
	Buer does not teach application calls the host to establish the secure channel
	Wu teaches application calls the host to establish the secure channel (para 48, line 1-8 and para 75, line 1-22; session key request communicated to application installed on the host)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buer to incorporate the teachings of Wu to provide session key request communicated to application installed on the host. Doing so would allow for securely transmitting and receiving cipher keys over a communication channel, as recognized by Wu.
Regarding claim 3, Buer, Wu, and Spracklen teach method of claim 2.
Buer teaches the ACM is configured to derive 10a second session key and to encrypt the second session key based on the first public key and a second private key of the second key pair before sending the encrypted second session key to the HCM, wherein the first session key and the second session key is a same symmetric key (Fig. 10 and para 34, line 1-9 and para 95, line 1-9; the cryptographic accelerator derives the session key, encrypt it using a key, and sends the encrypted key through the host processor, where the host processor may also generate session keys for use by the cryptographic accelerator for encryption and decryption).
Regarding claim 4, Buer, Wu, and Spracklen teach method of claim 3.
Buer teaches the ACM is configured to decrypt the encrypted first data using the second session key to recover the first data (para 34, line 1-9 and para 95, line 1-9; the cryptographic accelerator may derive the session key and session key is used for decrypting the received encrypted packets).
Regarding claim 5, Buer, Wu, and Spracklen teach method of claim 3.
Buer teaches receiving, by the HCM, an encrypted second data from the ACM of the DP accelerator, wherein the second data was encrypted using the second session key (para 33, line 1-14 and para 34, line 1-9; cryptographic accelerator encrypts the message with the session key and sends the encrypted message to the host processor); and 
Buer does not teach decrypting, by the host, the encrypted second data using the first session 25key to recover the second data.
Wu teaches decrypting, by the host, the encrypted second data using the first session 25key to recover the second data (para 40, line 1-19 and para 42, line 1-11 and para 75, line 1-22; key provider being performed on the host decrypts cipher key and authentication tag of the key requester using its session key).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buer to incorporate the teachings of Wu to provide key provider decrypts cipher key and authentication tag of the key requester using its session key. Doing so would allow for securely transmitting and receiving cipher keys over a communication channel, as recognized by Wu.
Regarding claim 6, Buer, Wu, and Spracklen teach method of claim 1.
Buer teaches the application to access the DP accelerator (para 50, line 1-11; host processor 322 or a server, containing key manager, cooperates with a cryptographic accelerator 326 in order to provide data security for packets received from client applications)
Buer does not teach wherein the first session key is 5generated by the host only if the requester is entitled to access the key provider.
Wu teaches wherein the first session key is 5generated by the host only if the requester is entitled to access the key provider (para 56, line 1-6 and para 58, line 1-8 and para 75, line 1-22; in order to generate the session key, key provider being performed by the host verifies an identity of the key requester using the token included in the request).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buer to incorporate the teachings of Wu to provide key provider verifies an identity of the key requester using the token included in the request in order to generate the session key. Doing so would allow for securely transmitting and receiving cipher keys over a communication channel, as recognized by Wu.
Regarding claim 7, Buer, Wu, and Spracklen teach method of claim 1.
Buer teaches receiving, by the HCM, a request from the application to terminate the secure channel from the 10application (Fig. 3 and para 50, line 1-11 and para 145, line 1-17; host processor may communicate with client applications on network 324 and messages may contain requests for clear all keys and reset secure channel);
in response to the request, transmitting, by the HCM, an instruction to the ACM instructing the ACM to terminate the secure channel by destroying the second session key (para 102, line 1-8 and para 144, line 1-5 and para 145, line 1-17; cryptographic accelerator may receive commands for clear all keys and reset secure channel); and 
destroying the first session key by the HCM (para 102, line 1-8 and para 144, line 1-5 and para 145, line 1-17; cryptographic accelerator may receive commands for clear all keys and reset secure channel).
Regarding claim 8, Buer teaches a non-transitory machine-readable medium having instructions stored therein, which when executed by a processor, cause the processor to perform operations (para 159, line 1-11 and para 162, line 1-5; data memories of data storage and processors are used to implement the functions of host processor and cryptographic accelerators), the operations comprising: 
a host channel manager (HCM) of a host system with an application to establish a secure channel with a data processing (DP) accelerator via the HCM (Fig. 1 and para 34, line 1-9 and para 50, line 1-11; host processor 322, containing key manager, cooperates with a cryptographic accelerator 326 in order to provide data security for packets received from client applications communicating on network 324), 
wherein the DP accelerator is coupled to the host system over 10a bus (Fig. 10 and para 160, line 1-13; host processor 322 cooperates with a cryptographic accelerator 326, which may be connected with physical wire connections);
Buer does not teach receiving a request for the host to establish a secure channel
Wu teaches receiving a request for the host to establish a secure channel (para 48, line 1-8 and para 75, line 1-22; key provider being performed on the host receives a session key request for transmitting secret information)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buer to incorporate the teachings of Wu to provide key provider receiving a session key request for transmitting secret information. Doing so would allow for securely transmitting and receiving cipher keys over a communication channel, as recognized by Wu. 
Buer teaches a first private key of a first key pair associated with the HCM and a second public key of a second key pair associated with the DP 15accelerator (para 36, line 1-5 and para 50, line 1-11 and para 52, line 1-4; private key and public key for the host, which may contain client applications, and public key of asymmetric keys associated with a cryptographic accelerator); 
Buer does not teach in response to the receiving request from the application, generating by a host a first session key for the secure channel based on a first private key of a first key pair and a second public key of a second key pair 
 Wu teaches in response to the receiving request from the application, generating by a host a first session key for the secure channel based on a first private key of a first key pair and a second public key of a second key pair (para 40, line 1-19 and para 48, line 1-8 and para 75, line 1-22; in response to session key request communicated to application installed on the host, the key provider being performed on a host device may generate the session key based on public and private keys of the key provider and key requester)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buer to incorporate the teachings of Wu to provide key provider may generate the session key based on public and private keys of the key provider and key requester. Doing so would allow for securely transmitting and receiving cipher keys over a communication channel, as recognized by Wu.
Buer and Wu do not teach the application to establish the channel with the DP accelerator, examining, by the system, an application identifier (ID) of the application to determine whether the application is entitled to access the DP accelerator; 
in response to the determining that the application is entitled to access the DP accelerator,
Spracklen teaches the application to establish the channel with the DP accelerator, examining, by the system, an application identifier (ID) of the application to determine whether the application is entitled to access the DP accelerator (para 34, line 1-9 and para 36, line 1-17; OS receives a request from an application to access the hardware accelerator and receives the process or application identifier to determine that the access is permitted); 
in response to the determining that the application is entitled to access the DP accelerator (para 36, line 1-17 and para 37, line 1-6; OS grants the application request to access the accelerator),
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buer and Wu to incorporate the teachings of Spracklen to provide OS receives a request from an application to access the hardware accelerator and receives the process or application identifier to determine that the access is permitted. Doing so would provide accelerators to be included in processor-based systems to perform specific predefined tasks, as recognized by Spacklen.
Buer teaches in response to the HCM receiving a first data associated with the application to be sent to the DP accelerator, encrypting by the HCM data using a key (para 35, line 1-14 and para 50, line 1-11; host processor 322 receives packets from client applications communicating on network 324 and host processor may encrypt a key using a key encryption key); and 
Buer does not teach encrypting the first data using the first session key 
Wu teaches encrypting the first data using the first session key (para 42, line 1-11; key provider encrypts a payload encrypted with a session key)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buer to incorporate the teachings of Wu to provide key provider encrypting a payload encrypted with a session key. Doing so would allow for securely transmitting and receiving cipher keys over a communication channel, as recognized by Wu.
Buer teaches transmitting, by the HCM, the encrypted first data to the DP accelerator 20via the secure channel over the bus (para 35, line 1-14 and para 160, line 1-13; the host processor 120 sends the encrypted key to the cryptographic accelerator 128 over a physical wire connection).
Regarding claim 9, Buer, Wu, and Spracklen teach computer product of claim 8.
Buer teaches the application communicating with the HCM to establish the secure channel with the DP accelerator and transmitting, by the HCM, a first public key of the first key pair associated with the HCM to the DP accelerator (para 36, line 1-5 and para 50, line 1-11; the host processor 120 containing a key manager shares a public key of asymmetric keys with the key manager of the cryptographic accelerator 128 in order to provide data security for packets received from client applications communicating on network 324)
Buer does not teach in response to the request from the application, transmitting a first public key
Wu teaches in response to the request from the application, transmitting a first public key (para 40, line 1-19 and para 48, line 1-8 and para 75, line 1-22; in response to session key request communicated to application installed on the host, the key provider receives a session key request for transmitting secret information and key provider may send a public of the key provider to the key requester)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buer to incorporate the teachings of Wu to provide key provider receives a session key request for transmitting secret information and key provider may send a public of the key provider to the key requester. Doing so would allow for securely transmitting and receiving cipher keys over a communication channel, as recognized by Wu.
102 Buer teaches receiving the second public key of the second key pair 5associated with the DP accelerator from an accelerator channel manager (ACM) of the DP accelerator (para 36, line 1-5; host processor 120 receives public key of asymmetric keys from key manager 132 in the cryptographic accelerator)
Buer does not teach receiving the second public key of the second key pair5, in response to the host transmitting the first public key;
Wu teaches receiving the second public key of the second key pair5, in response to the host transmitting the first public key (para 40, line 1-19 and para 48, line 1-8 and para 75, line 1-22; the key provider being performed on the host receives a session key request for transmitting secret information, key provider may send a public of the key provider to the key requester, and key provider may receive a public of the key requester);
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buer to incorporate the teachings of Wu to provide key provider may send a public of the key provider to the key requester and key provider may receive a public of the key requester. Doing so would allow for securely transmitting and receiving cipher keys over a communication channel, as recognized by Wu.
Regarding claim 10, Buer, Wu, and Spracklen teach computer product of claim 9.
Buer teaches the ACM is configured to derive 10a second session key and to encrypt the second session key based on the first public key and a second private key of the second key pair before sending the encrypted second session key to the HCM, wherein the first session key and the second session key is a same symmetric key (Fig. 10 and para 34, line 1-9 and para 95, line 1-9; the cryptographic accelerator derives the session key, encrypt it using a key, and sends the encrypted key through the host processor, where the host processor may also generate session keys for use by the cryptographic accelerator for encryption and decryption).
Regarding claim 11, Buer, Wu, and Spracklen teach computer product of claim 10.
Buer teaches the ACM is configured to decrypt the encrypted first data using the second session key to recover the first data (para 34, line 1-9 and para 95, line 1-9; the cryptographic accelerator may derive the session key and session key is used for decrypting the received encrypted packets).
Regarding claim 12, Buer, Wu, and Spracklen teach computer product of claim 10.
Buer teaches receiving, by the HCM, an encrypted second data from the ACM of the DP accelerator, wherein the second data was encrypted using the second session key (para 33, line 1-14 and para 34, line 1-9; cryptographic accelerator encrypts the message with the session key and sends the encrypted message to the host processor); and 
Buer does not teach decrypting, by the host, the encrypted second data using the first session 25key to recover the second data.
Wu teaches decrypting, by the host, the encrypted second data using the first session 25key to recover the second data (para 40, line 1-19 and para 42, line 1-11 and para 75, line 1-22; key provider being performed on the host decrypts cipher key and authentication tag of the key requester using its session key).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buer to incorporate the teachings of Wu to provide key provider decrypts cipher key and authentication tag of the key requester using its session key. Doing so would allow for securely transmitting and receiving cipher keys over a communication channel, as recognized by Wu.
Regarding claim 13, Buer, Wu, and Spracklen teach computer product of claim 8.
Buer teaches the application to access the DP accelerator (para 50, line 1-11; host processor 322 or a server, containing key manager, cooperates with a cryptographic accelerator 326 in order to provide data security for packets received from client applications)
Buer does not teach wherein the first session key is 5generated by the host only if the requester is entitled to access the key provider.
Wu teaches wherein the first session key is 5generated by the host only if the requester is entitled to access the key provider (para 56, line 1-6 and para 58, line 1-8 and para 75, line 1-22; in order to generate the session key, key provider being performed by the host verifies an identity of the key requester using the token included in the request).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buer to incorporate the teachings of Wu to provide key provider verifies an identity of the key requester using the token included in the request in order to generate the session key. Doing so would allow for securely transmitting and receiving cipher keys over a communication channel, as recognized by Wu.
Regarding claim 14, Buer, Wu, and Spracklen teach computer product of claim 8.
Buer teaches receiving, by the HCM, a request from the application to terminate the secure channel from the 10application (Fig. 3 and para 50, line 1-11 and para 145, line 1-17; host processor may communicate with client applications on network 324 and messages may contain requests for clear all keys and reset secure channel);
in response to the request, transmitting, by the HCM, an instruction to the ACM instructing the ACM to terminate the secure channel by destroying the second session key (para 102, line 1-8 and para 144, line 1-5 and para 145, line 1-17; cryptographic accelerator may receive commands for clear all keys and reset secure channel); and 
destroying the first session key by the HCM (para 102, line 1-8 and para 144, line 1-5 and para 145, line 1-17; cryptographic accelerator may receive commands for clear all keys and reset secure channel).
Regarding claim 15, Buer teaches a computer-implemented method for secure communications between a host system and a data processing accelerator (para 34, line 1-9; host processor 120 sends a message along with keys for the given session to the cryptographic accelerator 128 over the network), the method comprising:  
5 an accelerator channel manager (ACM) of a data processing (DP) accelerator communicating with a host channel manager (HCM) of a host system and an application to establish a secure channel between the host system and the DP accelerator via the HCM (Fig. 1 and para 34, line 1-9 and para 50, line 1-11; host processor 322, containing key manager, cooperates with a cryptographic accelerator 326 in order to provide data security for packets received from client applications communicating on network 324), 
wherein the DP accelerator is coupled to the host system over 10a bus (Fig. 10 and para 160, line 1-13; host processor 322 cooperates with a cryptographic accelerator 326, which may be connected with physical wire connections);
Buer does not teach receiving a request to establish a secure channel
Wu teaches receiving a request to establish a secure channel (para 48, line 1-8; key provider receives a session key request for transmitting secret information)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buer to incorporate the teachings of Wu to provide key provider receiving a session key request for transmitting secret information. Doing so would allow for securely transmitting and receiving cipher keys over a communication channel, as recognized by Wu.
Buer teaches generating a second session key for the secure channel and encrypting the second session key based on a second private key of a second key pair associated with the DP accelerator and a first public 15key of a first key pair associated with the HCM before sending the encrypted second session key to the HCM (Fig. 10 and para 34, line 1-9 and para 95, line 1-9; the cryptographic accelerator derives the session key, encrypt it using a key, and sends the encrypted key through the host processor, where the host processor may also generate session keys for use by the cryptographic accelerator for encryption and decryption);
Buer does not teach in response receiving to the request by the application from the host, generating a second session key 
Wu teaches in response receiving to the request by the application from the host, generating a second session key (para 40, line 1-19 and para 48, line 1-8 and para 75, line 1-22; in response to session key request communicated to application installed on the host, the key provider being performed on a host device transmits a session key request to key provider and key requester may generate the session key)
 It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buer to incorporate the teachings of Wu to provide key requester transmits a session key request to key provider and key requester may generate the session key. Doing so would allow for securely transmitting and receiving cipher keys over a communication channel, as recognized by Wu.
Buer and Wu do not teach the application to establish the channel with the DP accelerator, and in response to the system examining an application identifier (ID) of the application and determining that the application is entitled to access the DP accelerator; 
Spracklen teaches the application to establish the channel with the DP accelerator, and in response to the system examining an application identifier (ID) of the application and determining that the application is entitled to access the DP accelerator (para 34, line 1-9 and para 36, line 1-17 and para 37, line 1-6; OS receives a request from an application to access the hardware accelerator and receives the process or application identifier to determine that the access is permitted); 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buer and Wu to incorporate the teachings of Spracklen to provide OS receives a request from an application to access the hardware accelerator and receives the process or application identifier to determine that the access is permitted. Doing so would provide accelerators to be included in processor-based systems to perform specific predefined tasks, as recognized by Spacklen.
Buer teaches in response to the DP accelerator having a first data to be sent to the host system, encrypting the first data using the second session key (para 33, line 1-14 and para 95, line 1-9; the cryptographic accelerator derives the session key, encrypt a message using the session key, and sends the encrypted message to the host processor 120); and 
20transmitting the encrypted first data from the DP accelerator to the HCM of the host system via the secure channel (para 33, line 1-14 and para 95, line 1-9; the cryptographic accelerator derives the session key, encrypt a message using the session key, and sends the encrypted message to the host processor 120),
wherein the HCM receives the encrypted first data received from the DP accelerator (para 33, line 1-14 and para 95, line 1-9; the cryptographic accelerator sends the encrypted message to the host processor 120)
Buer does not teach decrypt the encrypted first data received using the second session key
Wu teaches decrypt the encrypted first data received using the second session key (para 63, line 1-38 and para 75, line 1-22; key provider and key requester authenticate and decrypt the received message using the first and second key)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buer to incorporate the teachings of Wu to provide key provider and key requester authenticate and decrypt the received message using the first and second key. Doing so would allow for securely transmitting and receiving cipher keys over a communication channel, as recognized by Wu.
Regarding claim 16, Buer, Wu, and Spracklen teach method of claim 15.
Buer teaches the application communicating with the HCM to establish the secure channel with the DP accelerator and transmitting a second public key of the second key pair associated with the DP accelerator to the HCM of the host system (para 36, line 1-5 and para 50, line 1-11; key manager 132 in the cryptographic accelerator 128 shares a public key of asymmetric keys with the host processor 120 containing key manager in order to provide data security for packets received from client applications communicating on network 324)
Buer does not teach in response to the request from the application, transmitting a second public key
Wu teaches in response to the request, transmitting a second public key (para 40, line 1-19 and para 48, line 1-8 and para 75, line 1-22; key provider receives a session key request for transmitting secret information communicated to application installed on the host and key requester may send a public key of the key requester to the key provider)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buer to incorporate the teachings of Wu to provide key provider receives a session key request for transmitting secret information and key requester may send a public key of the key requester to the key provider. Doing so would allow for securely transmitting and receiving cipher keys over a communication channel, as recognized by Wu.
Regarding claim 17, Buer, Wu, and Spracklen teach method of claim 16.
Buer teaches the HCM is configured to derive a first session key and the first private key of the first key pair associated with the HCM and a second public key of the 10second key pair associated with the DP accelerator (para 34, line 1-9 and para 36, line 1-5 and para 52, line 1-4; the host processor 120 assigns a unique key to each session and private key and public key for the server and public key of asymmetric keys associated with a cryptographic accelerator).
Buer does not teach derive a first session key based on the first private key of the first key pair and a second public key of the 10second key pair
Wu teaches derive a first session key based on the first private key of the first key pair and a second public key of the 10second key pair (para 40, line 1-19 and para 48, line 1-8; in response to session key request, the key provider may generate the session key based on public and private keys of the key provider and key requester)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buer to incorporate the teachings of Wu to provide key provider may generate the session key based on public and private keys of the key provider and key requester. Doing so would allow for securely transmitting and receiving cipher keys over a communication channel, as recognized by Wu.
Buer teaches 107receiving the first public key of the first key pair 5associated with the HCM from the HCM (para 36, line 1-5; cryptographic accelerator 128 receives public key of asymmetric keys from key manager in the host processor).
Regarding claim 18, Buer, Wu, and Spracklen teach method of claim 17.
	Buer teaches the HCM determines application to access the DP accelerator and establish the secure channel between the HCM and the ACM (para 50, line 1-11; host processor 322 or a server, containing key manager, cooperates with a cryptographic accelerator 326 in order to provide data security for packets received from client applications) 
	Buer does not teach prior to the key provider receiving the request to establish the secure channel.
	Wu teaches prior to the key provider receiving the request to establish the secure channel (para 56, line 1-6 and para 58, line 1-8 and para 75, line 1-22; in order to generate the session key, key provider being performed by the host verifies an identity of the key requester using the token included in the request prior to transmission of the request).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buer to incorporate the teachings of Wu to provide key provider being performed by the host verifies an identity of the key requester using the token included in the request prior to transmission of the request. Doing so would allow for securely transmitting and receiving cipher keys over a communication channel, as recognized by Wu.
Regarding claim 19, Buer, Wu, and Spracklen teach method of claim 17.
Buer teaches receiving, by the ACM encrypted second data from the HCM of the host system (para 34, line 1-9; cryptographic accelerator 128 receives an encrypted packet from the host processor 120),
Buer does not teach wherein the second data was encrypted using the first session key; and
Wu teaches wherein the second data was encrypted using the first session key (para 48, line 1-8; key requester receives a session key response including a second secret value from the key provider); and
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buer to incorporate the teachings of Wu to provide key requester receives a session key response including a second secret value from the key provider. Doing so would allow for securely transmitting and receiving cipher keys over a communication channel, as recognized by Wu.
Buer teaches 20decrypting, by the ACM, the encrypted second data using the second session key to recover the second data, wherein the first session key and the second session key is a same symmetric key (para 34, line 1-9 and para 95, line 1-9; the cryptographic accelerator may derive the session key, host processor 120 may also assigns session key, and session key is used for decrypting the received encrypted packet from the host processor 120).
Regarding claim 20, Buer, Wu, and Spracklen teach method of claim 15.
Buer teaches 25receiving, by the ACM, a request to terminate the secure channel from the HCM of the host system (Fig. 3 and para 50, line 1-11 and para 145, line 1-17; host processor cooperates with a cryptographic accelerator 326 in order to communicate with client applications on network 324 and key management messages may contain requests for clear all keys and reset secure channel); and  
108in response to the ACM receiving the request, destroying the first session key by the ACM (para 102, line 1-8 and para 144, line 1-5 and para 145, line 1-17; cryptographic accelerator may receive commands for clear all keys and reset secure channel).
Conclusion
4.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
	The following are the related patents and applications: Buer et al. (US Pub. 2010/0290624) discloses providing secured data transmission, for managing cryptographic keys, and host processor 120 cooperates with a cryptographic accelerator 128 to decrypt and encrypt messages received from and sent to the network 122; Spracklen et al. (US Pub. 2008/0222383) discloses the application 30 may request access to the hardware accelerator 30 by making an API call to the Hypervisor, where the Hypervisor may grant the request; Veale et al. (US Pub. 2020/0073721) discloses computing system is configured to control access to an accelerator, where the system includes a processor that executes an application and an accelerator that performs a data processing operation in response to an access request output from the application.
5.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to NHAN H NGUYEN whose telephone number is (571)272-6443.  The examiner can normally be reached on Monday-Friday 8:30am - 4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/NHAN HUU NGUYEN/Examiner, Art Unit 2492

/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492