DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 05/02/2022, 05/16/2022, 07/13/2022 and 08/19/2022 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Response to Amendment
	Claims 1-3, 11-13 and 15-16 have been amended and claims 4, 9 and 14 have been cancelled and claims 21-23 have been added. Claims 1-3, 5-8, 10-13 and 15-23 are currently pending. Applicant’s amendments, with respect to the objection to claim 1, overcome the objection to the claim.

Response to Arguments
Applicant’s arguments (See pg. 7), filed on 06/27/2022, with respect to the rejection(s) of claim(s) 1 under 35 USC 102 indicate that Sood ‘013 does not disclose “a cryptographic (hardware) identity” since Sood ‘013 ([0092]) recites “each token is associated with a valid virtual memory address range (or valid ranges)”, in other words, the tokens are transmitted and verified simply for memory access requests. Examiner respectfully disagrees. It has been well known that a security token has been used generally to gain access to an electronically restricted resource instead of or in addition to a password by storing cryptographic keys, digital signature or biometric data etc. Based on this context, Sood ‘013 ([0092], FIG. 8) recites that “secure tokens” are distributed to the accelerators and the memory controller/MEE with the CSME (a hardware device) for each memory access request to memory of a secure enclave, in other words, the “secure tokens” indicates hardware identities between the sender (e.g. the accelerators) of an access request and the receiver of the access request (e.g. the memory controller/MEE) for reading secured data stored in the secure enclave cryptographically protected. 
Applicant further argued (pg. 7) that Sood ‘013 in view of Yang ‘962 does not disclose “a cryptographic engine arranged in a PCIe path of the one or more PCIe accelerators to provide encryption and decryption operations for the one or more PCIe accelerators”. This has been fully considered and is persuasive especially because Sood ‘013 (FIG. 8) is silent as to whether the encrypt/decrypt device 810 communicates encrypted/unencrypted data with the other PCIe devices such as the GPU 806 or the accelerator 812 though they are connected via the same PCIe bus. 
Therefore, the rejections have been withdrawn. However, upon further consideration, a new ground(s) of rejection has been made. Please see the rejections below.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-2 and 21-22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sood et al., US-20180114013-A1 (hereinafter “Sood ‘013”) in view of Cui et al., US-20200387470-A1 (hereinafter “Cui ‘479”).
Per claim 1 (independent):
Sood ‘013 discloses: A system for providing a secure collaboration between one or more PCIe accelerators and an enclave, the system comprising:
A PCIe accelerator apparatus including: 
the one or more PCIe accelerators; 
a microcontroller configured to provide a cryptographic hardware identity to the PCIe accelerator apparatus, wherein the PCIe accelerator apparatus is configured to use the cryptographic hardware identity to establish communication between the PCIe accelerator apparatus and the enclave (FIG. 8, [0040], a dual-socket platform 800; Each socket 702-1 and 702-2 has a processor/CPU/SoC; [0088], the expansion slots comprise PCIe expansion slots, and each of GPU card 806 (PCIe accelerators) … encryption/decryption card 810, accelerator card 812 (PCIe accelerators) … are PCIe cards; [0090], Local memory 804 is further depicted as including secure enclaves 834 and 836; [0092], A secure enclave (an enclave) can establish a secure channel (secure collaboration; communication) with the CSME. In one embodiment, the CSME (microcontroller) distributes secure tokens to the accelerators and the memory controller/MEE. A secure token (cryptographic hardware identity) is then sent by the accelerator (the PCIe accelerator) to the memory controller/MEE for each memory access request (for communication) to memory contained in a secure enclave (the enclave).).

Sood ‘013 does not disclose but Cui ‘479 discloses: a cryptographic engine arranged in a PCIe path of the one or more PCIe accelerators to provide encryption and decryption operations for the one or more PCIe accelerators ( [0020], specialized hardware accelerators may be used for compression, decompression, encryption, decryption; [0023], a host system operates in conjunction with a cryptographic accelerator (a cryptographic engine) and a compression accelerator (one or more PCIe accelerators) to assist a network interface card in providing high throughput packet processing; [0024], the crypto accelerator, and the compression accelerator all communicate with a host device via a PCIe bus (a PCIe path) … The host device may recognize that the packet is both compressed and encrypted, and may first send the packet to a decryption accelerator (a cryptographic engine) via the PCIe root complex. The decryption accelerator (a cryptographic engine) returns the decrypted but still compressed packet to the host via the PCIe root complex, and the host device then finally sends the packet to the decompression accelerator (one or more PCIe accelerators) via the PCIe root complex (the PCIe path). The decompression accelerator decompresses the packet; Note that the decryption (or encryption) accelerator (the cryptographic engine) would be connected to the decompression (or compression) accelerator (and the network interface) via the PCIe root complex, i.e. arranged in a PCIe path, in a similar way shown in FIG. 2.)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Sood ‘013 with the processing of packets by distributing them into specialized hardware accelerators such as a cryptographic accelerator and a decompression accelerator as taught by Cui ‘479 because it would provide high throughput packet processing by assisting a network interface operated in conjunction with multiple accelerators [0023]. Additionally, Cui ‘479 is analogous to the claimed invention because it teaches a system using vertical peripheral component interconnect express (PCIe) communication connecting a crypto accelerator and a network controller [FIG. 2].

Per claim 2 (dependent on claim 1):
Sood ‘013 in view of Cui ‘479 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Sood ‘013 discloses: The system of claim 1, further comprising a circuit board on which each of the one or more PCIe accelerators and the microcontroller are arranged (FIG. 8, [0040], a dual-socket platform 800 (a circuit board); Note that FIG. 8 shows that each of GPU card 806, FPGA card 808, encryption/decryption card 810, accelerator card 812 are included along with the memory controller 708 and CSME/IE 832.).

Per claim 21 (dependent on claim 1):
Sood ‘013 in view of Cui ‘479 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Sood ‘013 discloses: The system of claim 1, wherein the cryptographic engine is a separate component from the one or more PCIe accelerators in the PCIe accelerator apparatus (FIG. 8, [0088], the expansion slots comprise PCIe expansion slots, and each of GPU card 806 (PCIe accelerators), FPGA card 808, encryption/decryption card 810 (the cryptographic engine), accelerator card 812 (PCIe accelerators) … are PCIe cards.).

Per claim 22 (dependent on claim 1):
Sood ‘013 in view of Cui ‘479 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Sood ‘013 discloses: The system of claim 1, wherein the cryptographic engine is arranged between the one or more PCIe accelerators and the enclave (FIG. 8, [0088], the expansion slots comprise PCIe expansion slots, and each of GPU card 806 (PCIe accelerators), FPGA card 808, encryption/decryption card 810 (the cryptographic engine), accelerator card 812 (PCIe accelerators) … are PCIe cards; [0090], Local memory 804 is further depicted as including secure enclaves 834 and 836; [0092], A secure token is then sent by the accelerator (the PCIe accelerator) to the memory controller/MEE for each memory access request to memory contained in a secure enclave (the enclave).).

Claim(s) 3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sood ‘013 in view of Cui ‘479 and M. M. Ozdal, "Emerging Accelerator Platforms for Data Centers," in IEEE Design & Test, vol. 35, no. 1, pp. 47-54, Feb. 2018 (hereinafter “Ozdal ‘2018”).
Per claim 3 (dependent on claim 1):
Sood ‘013 in view of Cui ‘479 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Sood ‘013 in view of Cui ‘479 does not disclose but Ozdal ‘2018 discloses: The system of claim 1, wherein each of the one or more PCIe accelerators is one of a tensor processing unit or a graphical processing unit (Google’s tensor processing unit, pg. 49-50, a custom ASIC chip—called tensor processing unit (TPU)—was designed and deployed by Google in 2015 … TPU has been designed as a coprocessor connected to the host CPU through PCIe, and thus it can be directly plugged into existing server platforms).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Sood ‘013 in view of Cui ‘479 with the plugging of TPUs into a host platform through PCIe as taught by Ozdal ‘2018 because it would accelerate the inference phase of different types of neural network application that may be applied to cryptography, compression, and machine learning [pg. 51], the left column. Additionally, Ozdal ‘2018 is analogous to the claimed invention because it teaches that the TPUs can be used for accelerating workloads related to cryptography (See [pg. 51], the left column).

Claim(s) 5-8 and 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sood ‘013 in view of Cui ‘479 and VARERKAR et al., US-20180300556-A1 (hereinafter “VARERKAR ‘556”).
Per claim 5 (dependent on claim 1):
Sood ‘013 in view of Cui ‘479 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Sood ‘013 in view of Cui ‘479 does not disclose but VARERKAR ‘556 discloses: The system of claim 1, wherein the PCIe accelerator apparatus further comprises an application processor configured to communicate with the enclave (FIG. 6, [0090], The GPU may be communicatively coupled to the host processor/cores over a bus or other interconnect ( e.g., a high-speed interconnect such as PCIe or NVLink); [0148], graphics processing unit ("GPU" or simply "graphics processor"; PCIe accelerator) 614 … central processing unit ("CPU" or simply "application processor"; an application processor) 612; [0151], tracking and privacy mechanism 610 may be hosted by or part of central processing unit ("CPU" or simply "application processor") 612; FIG. 7, [0178], for any data that is to be protected, such as raw data, classification results, etc., securing/outsourcing logic 719 is triggered to protect such data/results by having it processed in secure enclaves (the enclave).).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Sood ‘013 in view of Cui ‘479 with the hosting of a tracking and privacy mechanism into an application processor for processing private data in secure enclaves as taught by VARERKAR ‘556 because it would balance the load of data processing based on data privacy between untrusted platforms and secure enclaves [0178]. Additionally, VARERKAR ‘556 is analogous to the claimed invention because it teaches that a computing device including an application processor and a GPU connected over PCIe processes private data in secure enclaves (See FIG. 6 ,7 and 9B).

Per claim 6 (dependent on claim 5):
Sood ‘013 in view of Cui ‘479 and VARERKAR ‘556 discloses the elements detailed in the rejection of claim 5 above, incorporated herein by reference.
Sood ‘013 in view of Cui ‘479 does not disclose but VARERKAR ‘556 discloses: The system of claim 5, wherein the application processor is incorporated into the microcontroller (FIG. 6, [0148], central processing unit ("CPU" or simply "application processor") 612 … include operating system (OS) 606 serving as an interface between hardware and/or physical resources of the computer device 600 and a user).

Per claim 7 (dependent on claim 5):
Sood ‘013 in view of Cui ‘479 and VARERKAR ‘556 discloses the elements detailed in the rejection of claim 5 above, incorporated herein by reference.
Sood ‘013 in view of Cui ‘479 does not disclose but VARERKAR ‘556 discloses: The system of claim 5, wherein the application processor further includes a dedicated function for communicating with an operating system of a computing device on which the enclave resides (FIG. 6, [0148], central processing unit ("CPU" or simply "application processor") 612 … include operating system (OS) 606 serving as an interface between hardware and/or physical resources of the computer device 600 (a computing device) and a user; [0151], tracking and privacy mechanism 610 (a dedicated function) may be hosted by or part of central processing unit ("CPU" or simply "application processor") 612; FIG. 7, [0178], evaluation/computation logic 717 may be used to evaluate the data and perform any computations necessary to determine whether the data is to be protected … for any data that is to be protected, such as raw data, classification results, etc., securing/outsourcing logic 719 is triggered to protect such data/results by having it processed in secure enclaves (the enclave); Note that the tracking and privacy mechanism 610 hosted by  the application processor 612 in the computer device 600 would have the data processed in the secure enclaves based on whether the data is to be protected.).

Per claim 8 (dependent on claim 7):
Sood ‘013 in view of Cui ‘479 and VARERKAR ‘556 discloses the elements detailed in the rejection of claim 7 above, incorporated herein by reference.
Sood ‘013 in view of Cui ‘479 does not disclose but VARERKAR ‘556 discloses: The system of claim 7, wherein the dedicated function is configured to enable a communication path between the application processor and the enclave via the computing device (FIG. 6, [0151], tracking and privacy mechanism 610 (a dedicated function) may be hosted by or part of central processing unit ("CPU" or simply "application processor") 612; FIG. 7, [0178], evaluation/computation logic 717 (of the application processor) may be used to evaluate the data and perform any computations necessary to determine whether the data is to be protected … for any data that is to be protected, such as raw data, classification results, etc., securing/outsourcing logic 719 (of the application processor) is triggered to protect such data/results by having it processed in secure enclaves (the enclave).).

Per claim 10 (dependent on claim 7):
Sood ‘013 in view of Cui ‘479 and VARERKAR ‘556 discloses the elements detailed in the rejection of claim 7 above, incorporated herein by reference.
Sood ‘013 in view of Cui ‘479 does not disclose but VARERKAR ‘556 discloses: The system of claim 7, further comprising memory on which the enclave is stored (FIG. 7, [0178], evaluation/computation logic 717 may be used to evaluate the data and perform any computations necessary to determine whether the data is to be protected … for any data that is to be protected, such as raw data, classification results, etc., securing/outsourcing logic 719 is triggered to protect such data/results by having it processed in secure enclaves (the enclave).).

Claim(s) 11-12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sood ‘013 in view of Cui ‘479 and Yang et al., US-9735962-B1 (hereinafter “Yang ‘962”).
Per claim 11 (dependent on claim 1):
Sood ‘013 in view of Cui ‘479 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Sood ‘013 in view of Cui ‘479 does not disclose but Yang ‘962 discloses: The system of claim 1, wherein the cryptographic engine configured to encrypt information entering the PCIe accelerator apparatus ([Col. 1], ll. 65 – [Col. 2], ll. 15, The encryption accelerator encrypts host data stored in a memory of the storage processor … iv) encrypting the set of host data, using the plaintext data encryption key, to generate a set of encrypted host data; [Col. 2], ll. 42-55, The encryption accelerator and the storage processor may be communicably coupled by … a Peripheral Component Interconnect Express (PCI Express).).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Sood ‘013 in view of Cui ‘479 with the encryption/decryption of host data in an encryption accelerator via an encryption key stored in the encryption accelerator as taught by Yang ‘962 because any system vulnerabilities of the storage processor cannot be exploited to obtain unauthorized access to unencrypted keys and host data [Col. 3], ll. 39-53. Additionally, Yang ‘962 is analogous to the claimed invention because it teaches that an encryption accelerator connected via PCIe encrypts/decrypts host data (See FIG. 1).


Per claim 12 (dependent on claim 1):
Sood ‘013 in view of Cui ‘479 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Sood ‘013 in view of Cui ‘479 does not disclose but Yang ‘962 discloses: The system of claim 1, wherein the cryptographic engine is configured to decrypt information leaving the PCIe accelerator apparatus ([Col. 2], ll. 42-55, The encryption accelerator and the storage processor may be communicably coupled by … a Peripheral Component Interconnect Express (PCI Express); [Col. 3], ll. 20-38, decrypting the set of encrypted host data stored in the memory of the storage processor … iv) decrypting, by the encryption accelerator, the set of encrypted host data, using the plaintext data encryption key, to obtain a set of 35 plaintext host data.).

Claim(s) 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sood ‘013 in view of Cui ‘479 as applied to claim 1 above, and further in view of Ozdal ‘2018.
Per claim 13 (dependent on claim 1):
Sood ‘013 in view of Cui ‘479 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Sood ‘013 in view of Cui ‘479 does not disclose but Ozdal ‘2018 discloses: The system of claim 1, wherein the cryptographic engine is a line-rate cryptographic engine ([Microsoft’s configurable cloud], pg. 49, A server configuration is illustrated in Figure 2 … Observe that an FPGA accelerator card has been placed between the network interface card (NIC) and the Ethernet network switch. In addition, the FPGA is connected to one of the host CPUs through PCIe… It was shown that host-to-host line-rate encryption or decryption can be performed on these FPGAs without the involvement of the host CPUs.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Sood ‘013 in view of Cui ‘479 with the connection of a FPGA accelerator card via PCIe for providing host-to-host line-rate cryptographic operations as taught by Ozdal ‘2018 because it would accelerate data process including encryption/decryption without incurring additional loads on the host CPUs [Microsoft’s configurable cloud], pg. 49.

Claim(s) 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sood ‘013 in view of Cui ‘479 as applied to claim 1 above, and further in view of VARERKAR ‘556.
Per claim 15 (dependent on claim 1):
Sood ‘013 in view of Cui ‘479 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Sood ‘013 in view of Cui ‘479 does not disclose but VARERKAR ‘556 discloses: The system of claim 1, wherein the PCIe accelerator apparatus further comprises an application processor configured to manage keys used by the cryptographic engine (FIG. 6, [0151], tracking and privacy mechanism 610 may be hosted by or part of central processing unit ("CPU" or simply "application processor") 612; FIG. 7, [0178], evaluation/computation logic 717 (of an application processor) may be used to evaluate the data and perform any computations necessary to determine whether the data is to be protected … for any data that is to be protected, such as raw data, classification results, etc., securing/outsourcing logic 719 (of the application processor) is triggered to protect such data/results by having it processed in secure enclaves (the enclave); FIG. 9B, [0203], secure enclaves 921, 923 for processing of personal or private data, while including additional layers 927, 929; Note that the private key 928 would be used for sealing and protecting data in the secure enclaves 921 and 923 in FIG. 9B).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Sood ‘013 in view of Cui ‘479 with the encryption of personal or private data within secure enclaves via private keys as taught by VARERKAR ‘556 because it would protect personal or private data in a more secure way by using the private keys.

Claim(s) 16-18 and 23 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sood ‘013 in view of Cui ‘479 and Raindel et al., US-20160330301-A1 (hereinafter “Raindel ‘301”).
Per claim 16 (independent):
Sood ‘013 discloses: A method for providing a secure collaboration between one or more PCIe accelerators and an enclave, the method comprising: (FIG. 8, [0092], A secure enclave can establish a secure channel (secure collaboration) with the CSME … A secure token is then sent by the accelerator (PCIe accelerators) to the memory controller/MEE for each memory access request to memory contained in a secure enclave (an enclave).).

Sood ‘013 does not disclose but Cui ‘479 discloses: retrieving, by one or more PCIe accelerators, encrypted one or both of code or data out of memory of a host computing device; 
decrypting, by the one or more PCIe accelerator, the encrypted one or both of code or data using a cryptographic engine, the cryptographic engine arranged in a PCIe path of the one or more PCIe accelerators 
([0020], specialized hardware accelerators may be used for compression, decompression, encryption, decryption; [0023], a host system operates in conjunction with a cryptographic accelerator (a cryptographic engine) and a compression accelerator (one or more PCIe accelerators) to assist a network interface card (of a host computing device) in providing high throughput packet processing; [0024], the crypto accelerator, and the compression accelerator all communicate with a host device via a PCIe bus (a PCIe path) … The host device may recognize that the packet is both compressed and encrypted, and may first send the packet (retrieving encrypted one) to a decryption accelerator (a cryptographic engine) via the PCIe root complex. The decryption accelerator (the cryptographic engine) returns the decrypted but still compressed packet to the host via the PCIe root complex, and the host device then finally sends the packet to the decompression accelerator (one or more PCIe accelerators) via the PCIe root complex (the PCIe path). The decompression accelerator decompresses the packet; Note that the decryption (or encryption) accelerator (the cryptographic engine) would be connected to the decompression (or compression) accelerator (and the network interface) via the PCIe root complex, i.e. arranged in a PCIe path, in a similar way shown in FIG. 2.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Sood ‘013 with the processing of packets by distributing them into specialized hardware accelerators such as a cryptographic accelerator and a decompression accelerator as taught by Cui ‘479 because it would provide high throughput packet processing by assisting a network interface operated in conjunction with multiple accelerators [0023].

It would be reasonable to conclude that the host system of Cui ‘479 provides encryption by the crypto accelerator in addition to decryption, however it does not disclose the details of the encryption process of the claim. Raindel ‘301 discloses: processing, by the one or more PCIe accelerators, the unencrypted one or both of code or data to generate results; 
encrypting, by the one or more PCIe accelerators, the results using the cryptographic engine; and 
sending, by the one or more PCIe accelerators, the encrypted results back to the memory of the host computing device for storage 
(FIG. 9, [0083], a computer system 180 with a cryptographic accelerator 186 … accelerator 186 is connected to CPU 28 and to a NIC 184 by a host bus 188, such as a PCIe bus; [0085], CPU 28 can provide the data (the unencrypted one) to be encrypted to accelerator 186 (the cryptographic engine), which then returns the encrypted data (the encrypted results) via bus 186. For example, accelerator 186 may expose the encrypted data on a bus interface … such as its PCIe base address register (BAR) space. CPU 28 can then instruct NIC 184 (of the host computing device) to fetch the packet content from this area (sending the encrypted results back).).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Sood ‘013 in view of Cui ‘479 with the encryption of data fetched from a NIC of a host system via a cryptographic accelerator attached to a PCIe bus as taught by Raindel ‘301 because it would improve the performance of computation operations by offloading cryptographic functions to an external accelerator. Additionally, Raindel ‘301 is analogous to the claimed invention because it teaches a computer system, where an accelerator is connected to CPU and to a NIC by a host bus, such as a PCIe bus [0083].

Per claim 17 (dependent on claim 16):
Sood ‘013 in view of Cui ‘479 and Raindel ‘301 discloses the elements detailed in the rejection of claim 16 above, incorporated herein by reference.
Sood ‘013 discloses: The method of claim 16, further comprising negotiating, by the one or more PCIe accelerators, a cryptographic session with an enclave (FIG. 8, [0092], A secure enclave can establish a secure channel (secure collaboration) with the CSME … A secure token is then sent by the accelerator (PCIe accelerators) to the memory controller/MEE for each memory access request to memory contained in a secure enclave (an enclave); [0112], Following decryption, data that is pulled from Acc input queue 1220 is processed by accelerator 1200 using one or more hardware-based packet processing operations. The types of operations may vary, depending on the particular type of accelerator used and the service operations or functions the accelerator is configured to perform. For example, in one embodiment accelerator 1200 performs one or more IP Sec operations (a cryptographic session). In other embodiments, the accelerator is an encryption/decryption unit and performs decryption of packets (a cryptographic session) that are received with encrypted data.).

Per claim 18 (dependent on claim 17):
Sood ‘013 in view of Cui ‘479 and Raindel ‘301 discloses the elements detailed in the rejection of claim 17 above, incorporated herein by reference.
Sood ‘013 discloses: The method of claim 17, wherein the cryptographic session is negotiated through host OS mediated communication (FIG. 8, [0087], MIC card 824 is an INTEL® XEON PHI™ card that … runs a local operating system and embedded application software, as depicted by MIC software 826 (host OS); [0092], A secure enclave can establish a secure channel (secure collaboration) with the CSME … A secure token is then sent by the accelerator (PCIe accelerators) to the memory controller/MEE for each memory access request to memory contained in a secure enclave.).

Per claim 23 (independent):
Sood ‘013 discloses: A non-transitory computer-readable medium storing instructions executable by one or more processors for providing a secure collaboration between one or more PCIe accelerators and an enclave, the instructions comprising: (FIG. 8, [0090], Local memory 804 is further depicted as including secure enclaves 834 and 836; [0092], A secure enclave (an enclave) can establish a secure channel (secure collaboration) with the CSME. In one embodiment, the CSME distributes secure tokens to the accelerators (one or more PCIe accelerators) and the memory controller/MEE. A secure token is then sent by the accelerator to the memory controller/MEE for each memory access request to memory contained in a secure enclave (the enclave).).

Sood ‘013 does not disclose but Cui ‘479 discloses: retrieving encrypted one or both of code or data out of memory of a host computing device; 
decrypting the encrypted one or both of code or data using a cryptographic engine, the cryptographic engine arranged in a PCIe path of the one or more PCIe accelerators
 ([0020], specialized hardware accelerators may be used for compression, decompression, encryption, decryption; [0023], a host system operates in conjunction with a cryptographic accelerator (a cryptographic engine) and a compression accelerator (one or more PCIe accelerators) to assist a network interface card (of a host computing device) in providing high throughput packet processing; [0024], the crypto accelerator, and the compression accelerator all communicate with a host device via a PCIe bus (a PCIe path) … The host device may recognize that the packet is both compressed and encrypted, and may first send the packet (retrieving encrypted one) to a decryption accelerator (a cryptographic engine) via the PCIe root complex. The decryption accelerator (the cryptographic engine) returns the decrypted; Note that the decryption (or encryption) accelerator (the cryptographic engine) would be connected to the decompression (or compression) accelerator (and the network interface) via the PCIe root complex, i.e. arranged in a PCIe path, in a similar way shown in FIG. 2).

Sood ‘013 in view of Cui ‘479 does not disclose but Raindel ‘301 discloses: processing the unencrypted one or both of code or data to generate results; 
encrypting the results using the cryptographic engine; and 
sending the encrypted results back to the memory of the host computing device for storage 
(FIG. 9, [0083], a computer system 180 with a cryptographic accelerator 186 … accelerator 186 is connected to CPU 28 and to a NIC 184 by a host bus 188, such as a PCIe bus; [0085], CPU 28 can provide the data (the unencrypted one) to be encrypted to accelerator 186 (the cryptographic engine), which then returns the encrypted data (the encrypted results) via bus 186. For example, accelerator 186 may expose the encrypted data on a bus interface … such as its PCIe base address register (BAR) space. CPU 28 can then instruct NIC 184 (of the host computing system) to fetch the packet content from this area (sending the encrypted results back).).

Claim(s) 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sood ‘013 in view of Cui ‘479 and Raindel ‘301 as applied to claim 16 above, and further in view of Yang ‘962.
Per claim 19 (dependent on claim 16):
Sood ‘013 in view of Cui ‘479 and Raindel ‘301 discloses the elements detailed in the rejection of claim 16 above, incorporated herein by reference.
Sood ‘013 in view of Cui ‘479 and Raindel ‘301 does not disclose but Yang ‘962 discloses: The method of claim 16, wherein the encrypted one or both of code or data are retrieved using direct memory access ([Col. 2], ll. 42-55, The encryption accelerator and the storage processor may be communicably coupled by … a Peripheral Component Interconnect Express (PCI Express). The encrypted host data may be conveyed from the memory of the encryption accelerator to the memory of the storage processor over the serial bus, for example using DMA (Direct Memory Access) logic within the encryption accelerator.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Sood ‘013 in view of Cui ‘479 and Raindel ‘301 with the transmission of encrypted host data via the DMA within an encryption accelerator as taught by Yang ‘962 because it would move data between memory in the encryption accelerator and the memory of the storage processor without occupying processor resources [Col. 6], ll. 39-49.

Per claim 20 (dependent on claim 16):
Sood ‘013 in view of Cui ‘479 and Raindel ‘301 discloses the elements detailed in the rejection of claim 16 above, incorporated herein by reference.
Sood ‘013 in view of Cui ‘479 and Raindel ‘301 does not disclose but Yang ‘962 discloses: The method of claim 16, wherein the encrypted results are sent using direct memory access ([Col. 2], ll. 42-55, The encryption accelerator and the storage processor may be communicably coupled by … a Peripheral Component Interconnect Express (PCI Express). The encrypted host data may be conveyed from the memory of the encryption accelerator to the memory of the storage processor over the serial bus, for example using DMA (Direct Memory Access) logic within the encryption accelerator.).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANGSEOK PARK whose telephone number is (571)272-4332. The examiner can normally be reached Monday-Thursday 7:30-5:30 and Alternate Fridays 8:30-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, PHILIP CHEA can be reached on (571)272-3951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SANGSEOK PARK/Examiner, Art Unit 2499                                                                                                                                                                                                        /PHILIP J CHEA/Supervisory Patent Examiner, Art Unit 2499