DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-25 are allowed.
EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with John Kacvinsky on 8/11/22.
The application has been amended as follows: 

1. 	(Currently Amended) An apparatus, comprising: 
circuitry, the circuitry arranged to:
receive, from a hardware accelerator, an instruction including an indication of a privileged component;
determine whether the instruction is invalid based on a configuration, the configuration to provide a set of security rules to determine whether the instruction complies with one or more security features of a system; [[and]]
apply a restriction to the instruction based on a determination that the instruction is invalid;
determine a set of associated system management operations to restore the system to a secure operating state before receipt of the invalid instruction using state information stored in the configuration; and
send instructions to restore the system to the secure operating state.

2.	(Original) The apparatus of claim 1, the circuitry to determine whether the instruction is invalid based on at least one of:
a protocol validation operation;
a network address permission check;
a memory address range permission check;
an amount of bandwidth used by the hardware accelerator; 
an amount of thermal energy generated by the hardware accelerator; or
an amount of power used by the hardware accelerator.

3.	(Original) The apparatus of claim 1, the circuitry to forward the instruction to the privileged component based on a determination that the instruction is valid.

4.	(Original) The apparatus of claim 1, the circuitry to, at least one of the following:
send a control signal to the hardware accelerator to cause the hardware accelerator to reset based on a determination that the instruction is invalid; 
create an entry in a system log based on a determination that the instruction is invalid, the entry comprising an indication of the instruction;
generate and transmit a notification based on a determination that the instruction is invalid, the notification comprising an indication of the instruction; 
report the instruction via an application programming interface (API) based on a determination that the instruction is invalid; or
send a control signal to the hardware accelerator to cause the hardware accelerator to enter a low power state based on a determination that the instruction is invalid.

5.	(Original) The apparatus of claim 1, the circuitry comprising a first interface to couple to the and the privileged component and a second interface to couple to the hardware accelerator.

6.	(Original) The apparatus of claim 1, the circuitry to:
determine whether the hardware accelerator has responded to a Peripheral Component Interconnect Express (PCIe) request from the privileged component;
generate a response to the PCIe request from the privileged component on behalf of the hardware accelerator based on a determination that the hardware accelerator has not responded to the PCIe request from the privileged component; and
transmit the response to the privileged component.

7.	(Original) The apparatus of claim 1, circuitry to restrict the hardware accelerator from initiating Peripheral Component Interconnect Express (PCIe) transactions with the privileged component.

8.	(Original) The apparatus of claim 1, wherein the instruction is associated with an untrusted third party accessing the hardware accelerator in a cloud computing environment.

9. 	(Currently Amended) At least one non-transitory computer-readable medium, comprising instructions that when executed by a security broker coupled to a hardware accelerator and a privileged component, cause the security broker to:
determine whether an instruction received from the hardware accelerator is invalid based on a configuration, the configuration to provide a set of security rules to determine whether the instruction complies with one or more security features of a system, the instruction comprising an indication of the privileged component; [[and]]
apply a restriction to the instruction based on a determination that the instruction is invalid; 
determine a set of associated system management operations to restore the system to a secure operating state before receipt of the invalid instruction using state information stored in the configuration; and
send instructions to restore the system to the secure operating state.

10.	(Original) The at least one non-transitory computer-readable medium of claim 9, the instructions, when executed further cause the security broker to determine whether the instruction is invalid based on at least one of:
a protocol validation operation;
a network address permission check;
a memory address range permission check;
an amount of bandwidth used by the hardware accelerator; 
an amount of thermal energy generated by the hardware accelerator; or
an amount of power used by the hardware accelerator.

11.	(Original) The at least one non-transitory computer-readable medium of claim 9, the instructions, when executed further cause the security broker to forward the instruction to the privileged component based on a determination that the instruction is valid.

12.	(Original) The at least one non-transitory computer-readable medium of claim 9, the instructions, when executed further cause the security broker to:
send a control signal to the hardware accelerator to cause the hardware accelerator to reset based on a determination that the instruction is invalid; 
create an entry in a system log based on a determination that the instruction is invalid, the entry comprising an indication of the instruction;
generate and transmit a notification based on a determination that the instruction is invalid, the notification comprising an indication of the instruction; 
report the instruction via an application programming interface (API) based on a determination that the instruction is invalid; or
send a control signal to the hardware accelerator to cause the hardware accelerator to enter a low power state based on a determination that the instruction is invalid.

13.	(Original) The at least one non-transitory computer-readable medium of claim 9, the instructions, when executed further cause the security broker to:
determine whether the hardware accelerator has responded to a Peripheral Component Interconnect Express (PCIe) request from the privileged component;
generate a response to the PCIe request from the privileged component on behalf of the hardware accelerator based on a determination that the hardware accelerator has not responded to the PCIe request from the privileged component; and
transmit the response to the privileged component.

14.	(Original) The at least one non-transitory computer-readable medium of claim 9, the instructions, when executed further cause the security broker to restrict the hardware accelerator from initiating Peripheral Component Interconnect Express (PCIe) transactions with the privileged component.

15.	(Currently Amended) A system, comprising:
a hardware accelerator; and
circuitry coupled to the hardware accelerator, the circuitry to:
determine whether an instruction received from the hardware accelerator is invalid based on a configuration, the configuration to provide a set of security rules to determine whether the instruction complies with one or more security features of a system, the instruction comprising an indication of a privileged component; [[and]]
apply a restriction to the instruction based on a determination that the instruction is invalid;
determine a set of associated system management operations to restore the system to a secure operating state before receipt of the invalid instruction using state information stored in the configuration; and
send instructions to restore the system to the secure operating state.

16.	(Original) The system of claim 15, the circuitry to determine whether the instruction is invalid based on at least one of:
a protocol validation operation;
a network address permission check;
a memory address range permission check;
an amount of bandwidth used by the hardware accelerator; 
an amount of thermal energy generated by the hardware accelerator; or
an amount of power used by the hardware accelerator.

17.	(Original) The system of claim 15, the circuitry to forward the instruction to the privileged component based on a determination that the instruction is valid.

18.	(Original) The system of claim 15, the circuitry to, at least one of the following:
send a control signal to the hardware accelerator to cause the hardware accelerator to reset based on a determination that the instruction is invalid; 
create an entry in a system log based on a determination that the instruction is invalid, the entry comprising an indication of the instruction;
generate and transmit a notification based on a determination that the instruction is invalid, the notification comprising an indication of the instruction; 
report the instruction via an application programming interface (API) based on a determination that the instruction is invalid; or
send a control signal to the hardware accelerator to cause the hardware accelerator to enter a low power state based on a determination that the instruction is invalid.

19.	(Original) The system of claim 15, comprising an interface to couple to the privileged component.

20.	(Currently Amended) The system of claim 15, the circuitry to:
determine whether the hardware accelerator has responded to a Peripheral Component Interconnect Express (PCIe) request from the privileged component;
generate a response to the PCIe request from the privileged component on behalf of the hardware accelerator based on a determination that the hardware accelerator has not responded to the PCIe request from the privileged component; and
transmit the response to the privileged component.

21.	(Currently Amended) The system of claim 15, the hardware accelerator comprising an FPGA-based accelerator, the FPGA-based accelerator disposed on a first die, the circuitry implemented as one of: a chiplet, a second FPGA on a second die, the second FPGA on the first die and decoupled from the FPGA-based accelerator, an application specific integrated circuit (ASIC) separate from the FPGA-based accelerator, or a baseboard management controller (BMC).

22.	(Currently Amended) A system, comprising:
a privileged component; and
circuitry coupled to the privileged component, the circuitry to:
determine whether an instruction received from a hardware accelerator is invalid based on a configuration, the configuration to provide a set of security rules to determine whether the instruction complies with one or more security features of a system, the instruction comprising an indication of the privileged component; [[and]]
apply a restriction to the instruction based on a determination that the instruction is invalid;
determine a set of associated system management operations to restore the system to a secure operating state before receipt of the invalid instruction using state information stored in the configuration; and
send instructions to restore the system to the secure operating state

23.	(Original) The system of claim 22, the circuitry to forward the instruction to the privileged component based on a determination that the instruction is valid.

24.	(Original) The system of claim 22, the circuitry to, at least one of the following:
send a control signal to the hardware accelerator to cause the hardware accelerator to reset based on a determination that the instruction is invalid; 
create an entry in a system log based on a determination that the instruction is invalid, the entry comprising an indication of the instruction;
generate and transmit a notification based on a determination that the instruction is invalid, the notification comprising an indication of the instruction; 
report the instruction via an application programming interface (API) based on a determination that the instruction is invalid; or
send a control signal to the hardware accelerator to cause the hardware accelerator to enter a low power state based on a determination that the instruction is invalid.

25.	(Original) The system of claim 22, the privileged component comprising one or more of: a processor, memory, a network interface, a graphics processor, or a Peripheral Component Interconnect Express (PCIe) device.

Allowable Subject Matter
The following is an examiner’s statement of reasons for allowance:
The following is an examiner’s statement of reasons for allowance:
Hammond et al. U.S. Pub. No. 20170026040 discloses secure switch assembly comprising inputs associated with at least first and second security levels, switch elements outputs respectively associated with the at least first and second security levels and a FPGA operably interposed between the inputs and the switch element outputs wherein a gate array is programmed to generate entirely separate physical interconnections extending from the first side to the second side by which each of the first security level associated input ands and switch element outputs are connectable and each of the second security level associated inputs and switch element outputs are connectable.
Wettergren U.S. Pat. No. 7290284 discloses a system for data processing a security critical activity comprising security device having switch to control access to protected resources subsequent to validation process.
Kaminski et al. U.S. Pub. No. 20110161619 discloses method for using non-shared page tables to allow an accelerator device to share physical memory of a computer system that is managed by and operates under control of an operating system.
Javasena et al. U.S. Pub. No. 20190018800 discloses protecting host memory from access by untrusted accelerators.
The prior art of record do not explicitly disclose, in light of other features recited in independent claims, determine a set of associated system management operations to restore the system to a secure operating state before receipt of the invalid instruction using state information stored in the configuration; and send instructions to restore the system to the secure operating state.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Foschiano et al. U.S. Pub. No. 20090327514 discloses multi-layer hardware-based service acceleration.
Cela U.S. Pub. No. 20180278583 discloses hardware-accelerated payload filtering in secure communication.
Wu U.S. Pub. No. 20180293407 discloses secure data storage device with security function implemented in a data security bridge.
Buer et al. U.S. Pat. No. 9256734 discloses security controlled multi-processor system.
Liu et al. U.S. Pub. No. 20180191682 discloses method for deploying security access control policy.
Xing et al. U.S. Pub. No. 20160283404 discloses secure enclaves for user by kernel mode applications.
Callaghan et al. U.S. Pat. No. 7233830 discloses application and service management for industrial control devices.
Burger et al. U.S. Pub. No. 20160373416 discloses protecting communication with hardware accelerators for increased workflow security.
Abraham et al. U.S. Pat. No. 8973158 discloses trust level activation.
Wang et al. U.S. Pub. No. 20140283039 discloses enhanced security for hardware decode accelerator.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHIN HON (ERIC) CHEN whose telephone number is (571)272-3789. The examiner can normally be reached Monday to Thursday 9am- 7pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHIN-HON (ERIC) CHEN/Primary Examiner, Art Unit 2431