DETAILED ACTION


1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This action is responsive to the application filed 06/03/2020.
	
Claims 1-21 are presented for examination. 

Information Disclosure Statement

2. 	The Applicants’ Information Disclosure Statements (filed 05/12/2021, 03/02/2022, and 08/11/2022) have been received, entered into the record, and considered.  

Drawings


3.	The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they include the following reference character(s) not mentioned in the description: 300 and 500.  Corrected drawing sheets in compliance with 37 CFR 1.121(d), or amendment to the specification to add the reference character(s) in the description in compliance with 37 CFR 1.121(b) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Specification



4.	The specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant's cooperation is requested in correcting any errors of which applicant may become aware in the specification.

Claim Objections

5.	Claims 16 and 17 are objected to because of the following informalities:  
the abbreviations used in these claims should be defined. 

Appropriate correction is required.  



Claim Rejections - 35 USC § 112
6.	The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


	
Claims 9, 15, 17, and 20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Claims 9, 15, and 20 recite the limitation “the VMM”.  There is insufficient antecedent basis for this limitation in the claim.

Claim 17 recites the limitation “the the hardware I/O information”.  There is insufficient antecedent basis for this limitation in the claim.



Claim Rejections - 35 USC § 101

7.	35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-9 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. 

Claim 1 recites  “a data processing accelerator”. However, it appears that the data processing accelerator would reasonably be interpreted by one of ordinary skill in the art as software, per se, failing to be tangibly embodied or include any recited hardware as part of the system. The claim recites a data processing accelerator comprising “a resource management unit”, “one or more resources”,  and “one or more virtual functions”.  However, the hardware structure of these limitations is not disclosed in the specification, and the specification recites the method performed by processing logic comprises hardware, software or combination of both (paragraph 0053). Software alone is directed to non-statutory subject matter. 

Accordingly, claim 1 fails to recite statutory subject matter under 35 U.S.C. 101.

For the same reasons discussed supra with respect to independent claim 1, claims 2-9 fall outside the scope of § 101.

Applicant is advised to amend the claims to include a hardware element (i.e., a processor and/or memory) in order to overcome the 101rejection. 

Claim Rejections - 35 USC § 103

8.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 
102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.


Claims 1-21 are rejected under 35 U.S.C. 103 as being unpatentable over Alvarez et al.  (US 20170344391) in view of  Kancharla et al. (US 20160149877).
It is noted that any citations to specific, pages, columns, paragraphs, lines, or figures in the prior art references and any interpretation of the reference should not be considered to be limiting in any way. A reference is relevant for all it contains and may be relied upon for all that it would have reasonably suggested to one having ordinary skill in the art. See MPEP 2123.

As to claim 1: 
Alvarez teaches a data processing (DP) accelerator (a system; paragraph 0008), comprising: 
a resource management unit; one or more resources managed by the resource management unit, wherein the one or more resources can be dynamically configured and isolated by the resource management unit in response to an instruction (paragraph 0016: a Linux.RTM. kernel with special libraries to PCI and other resource access allows the device driver to use the normal means of controlling system resources (e.g., PCI configuration registers) in a way that can be isolated, to protect the system from unexpected software behavior; paragraph 0023: The kernel 132 includes libraries to PCI/PCIe and other resource access to allow the vendor driver 120 to use its normal means of controlling the system resources (e.g., PCI configuration resources) in a way that can be isolated to protect the system 100 from unexpected software behavior. The driver application 133 executes in an application space and controls operation of the vendor driver 120. The driver application 133 interacts with the hypervisor 102 and the HMC 103 to coordinate the flow of control for actions that require order for successful operation. For example, the driver application 133 ensures that code that configures VFs in a PCI device (e.g., the SR-IOV adapter 105) is not initiated until the HMC 103 knows the device is physically present in the system 100 and that a system administrator has indicated that the device should be used in SR-IOV mode rather than in a dedicated PCI device mode); and 
one or more virtual functions (VFs) each associated with one of the one or more resources, wherein a virtual machine (VM) of a host is assigned with one of the one or more VFs to access the resources associated with the assigned VF (paragraph 0015: To use SR-IOV devices in a virtualized system, the hardware must be configured to create many PCI virtual functions (VFs). These VFs are then made available to the hypervisor for allocations to virtual machines. The code to manipulate the device hardware to create, configure, monitor, and destroy these VFs is operationally independent of the code which uses the VFs (e.g., an operating system and/or applications executing on a virtual machine)…dynamically adding and removing PCI devices in an operational system…dynamically create, destroy, manage, or otherwise modify the VFs for a particular device. Once these VFs are made available in the PCI configuration space, the existing hypervisor and HMC facilities can be added to add, allocate, deallocate, or remove the PCI virtual functions in the same manner which physical PCI devices are managed; paragraph 0016: an additional application may execute in the application space of the private LPAR (or an operating system executing thereon) to control the operation of the device driver. This additional application may interact with the hypervisor and HMC to coordinate the flow of control for actions that require order for successful operation. In doing so, for example, the code that configures VFs in a PCI device will not be initiated until the HMC knows the device is physically present in the system, and an administrator has indicated that the device should be used in SR-IOV mode, rather than in a dedicated PCI device mode; Claim 2: creating, by the device driver, a virtual function of the SR-IOV device; and allocating, by the hypervisor, the virtual function of the SR-IOV device to one of a plurality of virtual machines executing on the host).
Alvarez, however, does not explicitly teach, Kancharla teaches the VM has no access to the rest of the one or more resources (paragraph 0027: the HSM-VMs 104 running on the same hypervisor 110 on the host 103 are isolated from each other and one HSM-VM 104 cannot access data/communication of any other HSM-VMs 104; Claim 26: isolating the VMs running on the same hypervisor/host from each other so that one VM cannot access data/communication of any other VMs).

It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Alvarez with Kancharla because it would have provided the enhanced capability for supporting security management for a plurality of web services hosted in a cloud at a data center.
As to claim 2: 
Alvarez teaches the DP accelerator includes a single root input output virtualization (SR-IOV) pass through device (single root I/O virtualization (SR-IOV) device; Abstract and paragraphs 0007 and 0015). As to claim 3: 
Alvarez teaches the VM transmits data packets directly to the VF via hardware access to the VF using a VF driver running on the VM (paragraphs 0018 and 0027). As to claim 4: 
Alvarez teaches the resource management unit includes a table mapping the one or more VFs to the one or more resources (paragraphs 0015 and  0023). As to claim 5: 
Alvarez teaches the resources are dynamically configured based on a request size for the resources (paragraph 0015).
As to claim 6: 
Alvarez does not explicitly teach, Kancharla teaches the VF transmits data packets to the VM via a queue for the corresponding VF (paragraph 0027).

It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Alvarez with Kancharla because it would have provided the enhanced capability for supporting security management for a plurality of web services hosted in a cloud at a data center.

As to claim 7: 
Alvarez teaches the data packets are transmitted from the VF to the VM via direct memory access (DMA) independent of a processing unit of the host (paragraph 0025). As to claim 8: 
Alvarez teaches a virtual machine manager (VMM) of the host assigns VM of the host to communicate with the VF (paragraphs 0015, 0020, and 0024). As to claim 9: 
Alvarez does not explicitly teach, Kancharla teaches data packets are transmitted directly between the VM and the VF assigned to the VM without passing through the VMM (paragraphs 0027 and 0033). 
 It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Alvarez with Kancharla because it would have provided the enhanced capability for supporting security management for a plurality of web services hosted in a cloud at a data center.
As to claims 10-13: 
Refer to the discussion of claims 1-4 above, respectively, for rejections. Claims 10-13 are the same as claims 1-4, except claims 10-13 are DP system claims and claims 1-4 are DP accelerator claims.  Alvarez further teaches the use of a host and a DP accelerator (paragraph 0018). 
As to claim 14: 
Alvarez does not explicitly teach, Kancharla teaches the resources are dynamically re-isolated based on a request size for the resources (paragraphs 0027-0028). 
 It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Alvarez with Kancharla because it would have provided the enhanced capability for supporting security management for a plurality of web services hosted in a cloud at a data center.
As to claim 15: 
Alvarez teaches a computer-implemented method (a method comprises executing a device driver in a private logical partition on a compute host… configuring, responsive to a command sent by the adjunct partition to the device driver via the communication channel, a physical function of a single root I/O virtualization (SR-IOV) device of the host system; Abstract), comprising: 
receiving, by a virtual function a request from an application for DP accelerator resources, wherein the receiving is a direct pass through communication from a virtual machine (paragraph 0015: To use SR-IOV devices in a virtualized system, the hardware must be configured to create many PCI virtual functions (VFs). These VFs are then made available to the hypervisor for allocations to virtual machines. The code to manipulate the device hardware to create, configure, monitor, and destroy these VFs is operationally independent of the code which uses the VFs (e.g., an operating system and/or applications executing on a virtual machine)…dynamically adding and removing PCI devices in an operational system…dynamically create, destroy, manage, or otherwise modify the VFs for a particular device. Once these VFs are made available in the PCI configuration space, the existing hypervisor and HMC facilities can be added to add, allocate, deallocate, or remove the PCI virtual functions in the same manner which physical PCI devices are managed; paragraph 0016: an additional application may execute in the application space of the private LPAR (or an operating system executing thereon) to control the operation of the device driver. This additional application may interact with the hypervisor and HMC to coordinate the flow of control for actions that require order for successful operation. In doing so, for example, the code that configures VFs in a PCI device will not be initiated until the HMC knows the device is physically present in the system, and an administrator has indicated that the device should be used in SR-IOV mode, rather than in a dedicated PCI device mode; Claim 2: creating, by the device driver, a virtual function of the SR-IOV device; and allocating, by the hypervisor, the virtual function of the SR-IOV device to one of a plurality of virtual machines executing on the host).
determining a first isolation of the DP accelerator resources are assigned to the VF (paragraph 0016: a Linux.RTM. kernel with special libraries to PCI and other resource access allows the device driver to use the normal means of controlling system resources (e.g., PCI configuration registers) in a way that can be isolated, to protect the system from unexpected software behavior; paragraph 0023: The kernel 132 includes libraries to PCI/PCIe and other resource access to allow the vendor driver 120 to use its normal means of controlling the system resources (e.g., PCI configuration resources) in a way that can be isolated to protect the system 100 from unexpected software behavior. The driver application 133 executes in an application space and controls operation of the vendor driver 120. The driver application 133 interacts with the hypervisor 102 and the HMC 103 to coordinate the flow of control for actions that require order for successful operation); 
determining the first isolation of resources does not meet a size of the request; and dynamically partitioning the first isolation of resources to second isolation of resources by a resource management unit of the DP accelerator to meet the request size (paragraph 0014: Embodiments disclosed herein provide a safe environment to run existing device driver code (e.g., vendor-provided device drivers), such that the device drivers can operate in conjunction with the components of virtualized platforms (such as hypervisors, virtual machines, and the like). More specifically, embodiments disclosed may run existing device drivers in a private logical partition, which is an isolated environment that exposes the device's functions to other components in the software stack while using isolation to prevent the existing device driver from having an adverse impact on the trusted parts of the hypervisor stack. Doing so allows the hypervisor to support new hardware devices without requiring the creation of new device drivers for each piece of hardware. In the event errors associated with the device driver are encountered, the private logical partition may be restarted to resolve the errors, while minimizing the impact on the system as a whole; see also, paragraph 0016). 
Alvarez, however, does not explicitly teach, Kancharla teaches , the VF is assigned to only one VM and the VF is one of a plurality of VFs of the DP accelerator (each HSM-VM 104 contains one or more of the following software components: a secured OS (e.g., Security Enhanced Linux or SE-Linux) 112, a virtual function (VF) network driver 114 configured to interact with a physical network adapter/card 116 of the host 103 to receive and transmit communications (e.g., packets) dedicated to the specific HSM-VM 104, and a VF HSM driver 118 configured to interact with an HSM partition 108 of the HSM 102 dedicated to the specific HSM-VM 104 and to set up a request/response communication path between the HSM-VM 104 and the HSM partition 108. The VF HSM driver 118 of the HSM-VM 104 and the HSM partition 108 of the HSM 102 communicate with each other through a SR-IOV PCIe bridge as discussed above, and each communication takes place in a FIPS-compliant way. As referred to herein, a VF driver is a lightweight PCIe function associated with the PCIe Physical Function (PF) on a network adapter (e.g., network adapter 116) that supports single root I/O virtualization (SR-IOV) and represents a virtualized instance of the network adapter. Each VF shares one or more physical resources on the network adapter, such as an external network port, with the PF and other VFs; paragraph 0026).

It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Alvarez with Kancharla because it would have provided secured key management for cloud-based web services hosted at a third party data center via HSMs.
As to claim 16: 
Alvarez teaches the request includes a request to train an AI model (paragraph 0028).As to claim 17: 
Alvarez teaches the hardware I/O information of the VF is located at a driver of the VM at a host hosting the application (paragraphs 0019 and 0027). 
As to claims 18-20: 
Refer to the discussion of claims 2, 8, and 9 above, respectively, for rejections. Claims 18-20 are the same as claims 2, 8, and 9, except claims 18-20 are method claims and claims 2, 8, and 9 are DP accelerator claims.
As to claim 21: 
Alvarez teaches data packets are transmitted between the VM and the VF corresponding to the VM via direct memory access (DMA) independent of a processing unit of the host (paragraph 0025).  
Conclusion

9.	The prior art made of record, listed on PTO 892 provided to Applicant is considered to have relevancy to the claimed invention. Applicant should review each identified reference carefully before responding to this office action to properly advance the case in light of the prior art.

Contact Information

10.	Any inquiry or a general nature or relating to the status of this application should 
              be directed to the TC 2100 Group receptionist: (571) 272-2100.

	Any inquiry concerning this communication or earlier communications from the 
	examiner should be directed to VAN H. NGUYEN whose telephone number is (571) 272-3765. The examiner can normally be reached on Monday- Friday from 9:00AM- 5:30 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LEWIS BULLOCK can be reached at (571) 272-3759. 

The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
	
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 


/VAN H NGUYEN/
Primary Examiner, Art Unit 2199