Detailed Action
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
This is in response to amendment filed on 9/23/2022, claims 1-2, 4, 6-9, 11, 15-16 and 20 are amended, no claims have been cancelled, claims 1-20 are pending for examination.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
        				Specification

	The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors.  Applicant's cooperation is requested in correcting any errors of which applicant may become aware in the specification. 

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 9/30/2022 and 9/30/2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Objections
Claims 11-20 are objected to because of the following informalities:  
In claims 11 and 16, lines 6-7, “wherein the first token an the second token comprise encryption keys” should be changed to – wherein the first token and the second token comprise encryption keys--.
Claims 12-15 and 17-20 are objected since they are depended on objected claims 11 and 16 respectively.
-Appropriate correction is required.

Response to Applicant’s Arguments
Applicant’s arguments, see page 6-7, filed 9/29/2022, with respect to the rejection(s) of claim(s) 1-5, 11-14 and 16-19 under 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of TANIMOTO et al., US 2017/0255459 A1.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-10 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. 
In the independent claim 1, applicant amended claim “a first cryptographic engine to validate the address translation”, however, in the applicant’s specification section 0053; applicant defined “trusted agents 530 use a token to validate address translations”, host cryptographic engine 304 or the accelerator cryptographic 312” in the section 0026 and section 0029 are different than the trusted agents 530. Applicant does not explain or define the limitation “a first cryptographic engine to validate the address translation” in the specification or in the claim. Applicant needs to clarify the claim limitation “a first cryptographic engine to valid the address translation”.  
Claims 2-10 are rejected since they are depended on claim 1.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: 
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5, 11-14 and 16-19 are rejected under 35 U.S.C. 103 as being unpatentable over Rodriguez et al., US 11,336,287 B1, in view of TANIMOTO et al., US 2017/0255459 A1, further in view of Vick et al., US 2007/0283123 A1.
Regarding claim 1, Rodriguez teaches an apparatus comprising: 
a first host (Fig.1; processor system 106; PS 106 may be implemented as, or include, any of a variety of different processor types each capable of executing program code. For example, PS 106 may be implemented as an individual processor including one or more cores or a plurality of processors each including one or more cores; col.5; lines 6-16); and 
a first accelerator (Fig.1; it is taught as PL 104; PL 104 is circuitry that may be programmed to perform specified functions. As an example, PL 104 may be implemented as field programmable gate array type of circuitry; col.4, lines 28-31 and col. 33, lines 4-11 and Fig.12A and 12B; IC 100 is capable of including two or more different accelerators concurrently. Each accelerator may be implemented in one or more of the various systems described herein. For example, an accelerator may be implemented as one or more tiles of DPE array 102, as circuitry implemented in PL 104,) communicatively coupled to the first host (Fig.1), including: 
a first memory (Fig.12A; it is taught as memory 1214; memory 1214 includes memory region 1216 that is allocated to accelerator 1204 and a memory region 1218 that is allocated to accelerator 1206); 
a first page table (it is taught as a page table in memory 1214; col.40; lines 7-28) to perform a translation of virtual addresses to physical addresses in the first memory; and 
Translation circuit is capable of validate the address translations (col.40; lines 29-34; Translation circuit 1320, in response to receiving the physical address translated from the virtual address from fill circuit 1322, is capable of outputting the physical address. Translation circuit 1320 further is capable of asserting a valid address signal indicating that the physical address being output is valid (e.g., a logic high)).  
Rodriguez does not clearly teach a first cryptographic to validate the address translations using encryption keys.
However, TANIMOTO teaches a first cryptographic to validate the address translations using encryption keys (section 00260; the embedded device 40 validates the address translation; TANIMOTO also teaches the embedded device includes a cryptographic processing unit 404; The cryptographic processing unit 404 is a unit performing secure management of a cryptographic key, encryption or decoding of a program or data using a cryptographic key; section 0096 and Fig.5).
It would have been obvious to the ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of TANIMOTO into Rodriguez’s memory system such as a first cryptographic to validate the address translations because the cryptographic processing unit 404 is a unit performing secure management of a cryptographic key, encryption or decoding of a program or data using a cryptographic key, issue of a signature, verification of the signature, and the like. The cryptographic processing unit 404 verifies, for example, the signature of update information (section 0096 of TANIMOTO).
Rodriguez and TANIMOTO do not teach using tokens to validate the address translations.
However, Vick teaches using tokens to validate the address translations (section 0117 and section 0120-0121; when a processor (or a respective process) attempts to access memory, hardware or system software may include a token, corresponding to the processor's (or process') unique identifier, in an access-request packet before transmitting that request to the memory controller and The hardware or system software, such as the operating system, that allocates memory to a particular processes and assigns an identifier may, in some embodiments, be assumed to be trusted. In some embodiments, accesses by the processor on behalf of a trusted process may include a particular system-wide or processor-specific token value, such as zero. In such embodiments, when the memory controller receives an access request, the memory controller may be configured to compare the token in the request to both the stored identifier corresponding to the memory region of interest, and to a system-wide token value. If the token in the request packet matches the system-wide token value, this may indicate that the processor has verified the process' access rights, so the memory controller may not have to enforce protection for that block. For example, if the operating system is accessing the memory, the processor may validate that this is an allowed access and may include the system-wide token in the corresponding request packet).
It would have been obvious to the ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Vick into Rodriguez and’s TANIMOTO’s memory system such as using tokens to validate the address translations because the use of token-based memory protection, as described herein, along with various memory virtualization/translation techniques may in some embodiments provide protection in circumstances when the common stratagem of having the processor (or process) use memory address range as a placeholder for access rights to memory is not reliable (section 0124 of Vick).

Regarding claim 2, Rodriguez, TANIMOTO and Vick teach the claimed invention as shown above, Vick further teaches the first cryptographic engine receives a first message from the first host including a token that is used to validate the address translations (section 0117 and section 0120-0121; when a processor (or a respective process) attempts to access memory, hardware or system software may include a token, corresponding to the processor's (or process') unique identifier, in an access-request packet before transmitting that request to the memory controller and The hardware or system software, such as the operating system, that allocates memory to a particular processes and assigns an identifier may, in some embodiments, be assumed to be trusted. In some embodiments, accesses by the processor on behalf of a trusted process may include a particular system-wide or processor-specific token value, such as zero. In such embodiments, when the memory controller receives an access request, the memory controller may be configured to compare the token in the request to both the stored identifier corresponding to the memory region of interest, and to a system-wide token value. If the token in the request packet matches the system-wide token value, this may indicate that the processor has verified the process' access rights, so the memory controller may not have to enforce protection for that block. For example, if the operating system is accessing the memory, the processor may validate that this is an allowed access and may include the system-wide token in the corresponding request packet).

Regarding claim 3, Rodriguez teaches the first message further comprises a virtual address at the first memory that is to be shared and a length associated with the virtual address indicating a length of memory authorized to be shared (Fig.13B and col.39; lines 65 to col.40, lines 6; translation circuit 1320 receives the start virtual address for the transaction, the length of the DMA transfer (e.g., amount of data to be transferred by the transaction), and whether the transaction is a read or a write).  

Regarding claim 4, Rodriguez, TANIMOTO and Vick teach the claimed invention as shown above, Vick further teaches the first host transmits a second message including the token to a second host to be shared with a second cryptographic engine at a second accelerator, wherein the token indicates that the second accelerator has been authorized to access the first memory (section 0122; a single identifier may represent two or more processors, processes, or threads sharing a memory resource and this identifier may be stored by the appropriate memory controller as described above. All the processors, processes, or threads authorized to access the shared memory would be configured to include a token matching the single identifier in memory access request packets directed to the shared memory). It would have been obvious to the ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Vick into Rodriguez and TANIMOTO’s memory system such as the first host transmits a second message including the token to a second host to be shared with a second trusted agent at a second accelerator, wherein the token indicates that the second accelerator has been authorized to access the first memory because the use of token-based memory protection, as described herein, along with various memory virtualization/translation techniques may in some embodiments provide protection in circumstances when the common stratagem of having the processor (or process) use memory address range as a placeholder for access rights to memory is not reliable (section 0124 of Vick).

Regarding claim 5, Rodriguez, TANIMOTO and Vick teach the claimed invention as shown above, Vick further teaches the second message includes the first virtual address and the length associated with the virtual address (section 0090; The application's code segment starts at virtual address X1 and is of size S1. The application's data segment starts at virtual address X2 and is of size S2).  

Regarding claims 11 and 16, Rodriguez teaches a method to facilitate secure memory sharing, comprising: 
a first accelerator receiving a first message from a first host (Fig.12A; it is taught as accelerator 1204); - 32 -Docket No. AD5598-US 
receiving a second message at a second accelerator requesting to access memory at the first accelerator (col.34; lines 6-29; transactions from accelerator 1204 are only allowed to access the region of memory allocated to accelerator 1204, e.g., memory region 1216. Similarly, transactions from accelerator 1206 are only allowed to access the region of memory allocated to accelerator 1206, e.g., memory region 1216. MPC 1212 is capable of enforcing these restrictions by only allowing transactions having an appropriate identifier for the target memory region to pass), 
validating the request to determine whether the second accelerator is to be granted access to the memory (col.40; lines 29-34; Translation circuit 1320, in response to receiving the physical address translated from the virtual address from fill circuit 1322, is capable of outputting the physical address. Translation circuit 1320 further is capable of asserting a valid address signal indicating that the physical address being output is valid (e.g., a logic high)).
Rodriguez does not clearly teach a first cryptographic engine and a second cryptographic engine.
However, TANIMOTO teaches a first cryptographic engine and a second cryptographic engine section 0096 and Fig.5; it is taught as the cryptographic processing unit; The cryptographic processing unit 404 is a unit performing secure management of a cryptographic key, encryption or decoding of a program or data using a cryptographic key, issue of a signature, verification of the signature, and the like).
It would have been obvious to the ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of TANIMOTO into Rodriguez’s memory system such as utilize a first cryptographic engine and a second cryptographic engine because the cryptographic processing unit 404 is a unit performing secure management of a cryptographic key, encryption or decoding of a program or data using a cryptographic key, issue of a signature, verification of the signature, and the like. The cryptographic processing unit 404 verifies, for example, the signature of update information (section 0096 of TANIMOTO).
Rodriguez and TANIMOTO do not clearly teach the first token and the second token.
However, Vick teaches the first token and the second token (section 0111; such transactions routinely include information beyond the destination addresses and data, such as in a packet header. In some embodiments, this additional information may include one or more tokens to be used by the memory controller to validate accesses to the memory unit).
It would have been obvious to the ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Vick into Rodriguez and TANIMOTO’s memory system such as use the first token and the second token because the use of token-based memory protection, as described herein, along with various memory virtualization/translation techniques may in some embodiments provide protection in circumstances when the common stratagem of having the processor (or process) use memory address range as a placeholder for access rights to memory is not reliable (section 0124 of Vick).

Regarding claims 12 and 17, Rodriguez, TANIMOTO and Vick teach the claimed invention as shown above, Vick further teaches the second accelerator is granted the access to the memory upon a determination that the first token matches the second token (section 0111 and section 0119-0120). It would have been obvious to the ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Vick into Rodriguez and TANIMOTO’s memory system such as the second accelerator is granted the access to the memory upon a determination that the first token matches the second token because the use of token-based memory protection, as described herein, along with various memory virtualization/translation techniques may in some embodiments provide protection in circumstances when the common stratagem of having the processor (or process) use memory address range as a placeholder for access rights to memory is not reliable (section 0124 of Vick).
 
Regarding claims 13 and 18, Rodriguez, TANIMOTO and Vick teach the claimed invention as shown above, Vick further teaches the first message further comprises a virtual address at the first memory that is to be shared (section 0090; The application's code segment starts at virtual address X1 and is of size S1. The application's data segment starts at virtual address X2 and is of size S2).  
 
Regarding claims 14 and 19, Rodriguez teaches the request further comprises a physical address in the memory that is requested to be accessed (Fig.12A and 12B and col.36; lines 31-44; the PMP circuits utilize physical addresses of memory 1214 as opposed to virtual addresses. Physical addresses of memory 1214, for example, may be known by each respective accelerator 1204, 1206. By using physical addresses instead of virtual address for purposes of checking validity of transactions, address translation need not be performed).
 
				Allowable Subject Matter
Claim 6-10, 15 and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is an examiner’s statement of reasons for allowance: 
The limitations not found in the prior art of record include the first cryptographic engine receives a third message from the second cryptographic engine including the token and a request to access the length at a physical address in the first memory in combination with the other claimed limitations as described in the claim 6 (claims 7-10 are depended on claim 6).  
The limitations not found in the prior art of record include the first cryptographic engine further validates the request by determining whether the physical address received from the second cryptographic engine matches a physical address associated with the virtual address received from the host in combination with the other claimed limitations as described in the claims 15 and 20.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

           When responding to the office action, Applicant is advised to clearly point out the patentable novelty which he or she thinks the claims present in view of the state of the art disclosed by the references cited or the objections made. He or she must also show how the amendments avoid such references or objections. See 37 C.F.R. 1.111 (c).
When responding to the office action, Applicants are advised to provide the examiner with the line numbers and page numbers in the application and/or references cited to assist examiner to locate the appropriate paragraphs.

	Any inquiry concerning this communication or earlier communications from the examiner should be directed to HUA JASMINE SONG whose telephone number is (571)272-4213.  The examiner can normally be reached on 9:00am to 5:30pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jared Rutz can be reached on 571-272-5535.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
            Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HUA J SONG/Primary Examiner, Art Unit 2133