Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This is in response to the RCE filed on 2/18/26. Claims 1-3, 5, 7-9, 11 and
21-32 are presented for examination.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35
U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any
correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will
not be considered a new ground of rejection if the prior art relied upon, and the rationale
supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness
rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed
invention is not identically disclosed as set forth in section 102, if the differences
between the claimed invention and the prior art are such that the claimed invention as a
whole would have been obvious before the effective filing date of the claimed invention
to a person having ordinary skill in the art to which the claimed invention pertains.
Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-3, 5, 9, 11 and 21-32 are rejected under 35 U.S.C. 103 as being
unpatentable over Coon et al., US Pub. No.20180145828 in view of Ellison et al., US
Pub. No.20150215293 and further in view of Conner et al., US Pub. No.20170086325.
As to claim 1, Coon discloses an apparatus comprising: a processor circuitry coupled to
a memory, the processor circuitry to:
receive an encrypted workload associated with a tenant application, execute a
cryptographic key exchange protocol with the tenant application to derive a session key
for one or more compute zones associated with the processor circuitry (setting up a
secure session between cryptographic coprocessor 320 and the second entity (i.e.,
smart card 310) in the target zone (i.e., zone B) using currently available methods
known in the art. Key 315 is again encrypted under a session key (i.e., a transitory key-
encrypting-key) established between the two entities (i.e., cryptographic co-processor
320 and smart card 310) and sent to the second smart card for secure storage, see
abstract, fig.5, [0188] to [(0190)). Coon does not specifically disclose deriving a session
key for compute zones. However, Ellison discloses deriving a session key for compute
zones (102 and 106 fig,1) (establishing and maintaining the session key, and to make
use of the session key to decrypt and/or authenticate data received over channel 100.
This process can be designed to be transparent to application 102, which may simply
invoke service 106 using an API, see fig.1, [0018] to [0019]). It would have been
obvious to one of the ordinary skill in the art before the effective filing date of the invention was made to implement Ellison's teachings into the computer system of Coon to control data sessions because it would have maintained the secrecy of the session key and thus protected the confidentiality of the application data in a communication network (see Ellison's {0013]).
Neither Coon nor Ellison discloses that the data is decrypted using compute zones in a trusted execution environment wherein the compute zones are associated with an accelerator. However, Connor discloses the data is decrypted using compute zones in a trusted execution environment wherein the compute zones are associated with an accelerator (implementing servers 110 to include storage, compute, input/output, field-programmable gate array (FPGA) custom accelerators, CODECS, load balancers, security (honeypot, honeynet, and/or demilitarized zone areas, decryption/decryption in a secure network environment, see [0025] to [0028]). It would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was made to implement Connor’s teachings into the computer system, of Coon to protect data information because it would have provided low latency in order to optimize performance of the data center during the trading window (see Connor’s [0028]).
As to claim 2, Coon discloses the tenant application runs at a virtual machine and
wherein the encrypted workload is downloaded from the tenant application, wherein the
tenant application communicates with the one or more compute zones of the compute zones over one or more physical links including a bus (providing the virtual machine with multiple "virtual processors' and using cryptographic co-processor to decrypt or encrypt the security credentials of key and then subsequently send the encrypted security credentials to middleware, see [0018 and [0184]). Coon does not specifically disclose deriving a session key for compute zones. However, Ellison discloses deriving a session key for compute zones (102 and 106 fig,1) (establishing and maintaining the session key, and to make use of the session key to decrypt and/or authenticate data received over channel 100 This process can be designed to be transparent to application 102, which may simply invoke service 106 using an API, see fig.1, [0018] to [0019]). It would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was made to implement Ellison's teachings into the computer system of Coon to control data processing because it would have maintained the secrecy of the session key and thus protected the confidentiality of the application data in a communication network (see Ellison's {0013]).
As to claim 3, Coon discloses the apparatus comprises a plurality of one or more
compute zones are associated with an accelerator hosted by or coupled to the
processor circuitry and the first compute zone is isolated from other compute zones in
the accelerator, wherein a first compute zone of the one or more compute zones is
independent of and isolated from a second compute zone of the one or more compute
zones, wherein the one or more compute zones are assigned and correspond to one or
more protected memory regions (setting up a Secure session between cryptographic
coprocessor 320 and the second entity (i.e., smart card 310) in the target zone, see
[0188)). Coon does not specifically disclose deriving a session key for compute zones.
However, Ellison discloses deriving a session key for compute zones (102 and 106
fig,1) (establishing and maintaining the session key, and to make use of the session key
to decrypt and/or authenticate data received over channel 100 This process can be
designed to be transparent to application 102, which may simply invoke service 106
using an API, see fig.1, [0018] to [0019]). It would have been obvious to one of the
ordinary skill in the art before the effective filing date of the invention was made to implement Ellison's teachings into the computer system of Coon to control data processing because it would have maintained the secrecy of the session key and thus protected the confidentiality of the application data in a communication network (see Ellison's {0013]).
As to claim 5, Coon discloses the one or more first compute zone to store data streams
and stores the decrypted data stream and the metadata in the corresponding one or
more protected memory regions, wherein the one or more protected memory regions
are assigned to the one or more compute zones based on one or more isolated memory
region registers, wherein the encrypted workload is decrypted using the one or more
compute zones (encrypt the decrypted security credentials (see [0185)). Coon does not
specifically disclose deriving a session key for compute zones. However, Ellison
discloses deriving a session key for compute zones (102 and 106 fig,1) (establishing
and maintaining the session key, and to make use of the session key to decrypt and/or
authenticate data received over channel 100 This process can be designed to be
transparent to application 102, which may simply invoke service 106 using an API, see
fig.1, [0018] to [0019]). It would have been obvious to one of the ordinary skill in the art
before the effective filing date of the invention was made to implement Ellison's teachings into the computer system of Coon to control data processing because it would have maintained the secrecy of the session key and thus protected the confidentiality of the application data in a communication network (see Ellison's {0013]).
As to claim 9, Coon discloses the one or more compute zones are associated
with one or more of first compute zone comprises one or more cryptographic engines to
perform cryptographic operations on the encrypted workload and one or more encrypted
data streams the encrypted data stream, one or more media engines to perform media
operations relating to one or more decrypted data streams on the decrypted data
stream and or one or more inference engines to execute the decrypted workload to
process the one or more decrypted data streams (decrypt or encrypt the security
credentials of key and then subsequently send the encrypted security credentials to
middleware see [0184] to [0187)). Coon does not specifically disclose deriving a
session key for compute zones. However, Ellison discloses deriving a session key for
compute zones (102 and 106 fig,1) (establishing and maintaining the session key, and
to make use of the session key to decrypt and/or authenticate data received over
channel 100 This process can be designed to be transparent to application 102, which
may simply invoke service 106 using an API, see fig.1, [0018] to [0019]). It would have
been obvious to one of the ordinary skill in the art before the effective filing date of the invention was made to implement Ellison's teachings into the computer system of Coon to control data processing because it would have maintained the secrecy of the session key and thus protected the confidentiality of the application data in a communication network (see Ellison's {0013]).
As to claim 11, Coon discloses the processor circuitry comprises graphics processor circuitry coupled to application (see [0180)).
Claims 21-26 are rejected for the same reasons set forth in claims 1-3, 5, 9 and 11 respectively.
Claims 27-32 are rejected for the same reasons set forth in claims 1-3, 5, 9 and 11 respectively.
Response to Argument
Applicant’s arguments, filed 2/18/26, with respect to the rejection(s) of claim(s) 1-3, 5, 9, 11 and 21-32 under 35 USC 103 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Connor et al., US Pub. No.20170086325.
Conclusion
Any inquiry concerning this communication or earlier communications from the
examiner should be directed to Khanh Dinh whose telephone number is (571) 272-
3936. The examiner can normally be reached on Monday through Friday from 8:00 A.m.
to 5:00 P.m.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's
supervisor, Cheema Umar, can be reached on (571) 272-3. The fax phone number for
this group is (571) 273-8300.
Information regarding the status of an application may be obtained from the
Patent Application Information Retrieval (PAIR) system. Status information for published
applications may be obtained from either Private PAIR or Public PAIR. Status
information for unpublished applications is available through Private PAIR only. For
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you
have questions on access to the Private PAIR system, contact the Electronic Business
Center (EBC) at 866-217-9197 (toll-free).
Any response to this action should be mailed to: Commissioner for patents
P O Box 1450
Alexandria, VA 22313-1450
/KHANH Q DINH/Primary Examiner, Art Unit 2458