Prosecution Insights
Last updated: May 22, 2026
Application No. 17/569,488

MULTI-TENANCY PROTECTION FOR ACCELERATORS

Non-Final OA §103
Filed
Jan 05, 2022
Priority
Mar 25, 2021 — continuation of PCTCN2021082931
Examiner
DINH, KHANH Q
Art Unit
2458
Tech Center
2400 — Computer Networks
Assignee
Intel Corporation
OA Round
5 (Non-Final)
84%
Grant Probability
Favorable
5-6
OA Rounds
0m
Est. Remaining
88%
With Interview

Examiner Intelligence

Grants 84% — above average
84%
Career Allowance Rate
608 granted / 727 resolved
+25.6% vs TC avg
Minimal +4% lift
Without
With
+4.3%
Interview Lift
resolved cases with interview
Typical timeline
2y 11m
Avg Prosecution
18 currently pending
Career history
745
Total Applications
across all art units

Statute-Specific Performance

§101
6.5%
-33.5% vs TC avg
§103
38.0%
-2.0% vs TC avg
§102
37.7%
-2.3% vs TC avg
§112
1.8%
-38.2% vs TC avg
Black line = Tech Center average estimate • Based on career data from 727 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION This is in response to the RCE filed on 2/18/26. Claims 1-3, 5, 7-9, 11 and 21-32 are presented for examination. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-3, 5, 9, 11 and 21-32 are rejected under 35 U.S.C. 103 as being unpatentable over Coon et al., US Pub. No.20180145828 in view of Ellison et al., US Pub. No.20150215293 and further in view of Conner et al., US Pub. No.20170086325. As to claim 1, Coon discloses an apparatus comprising: a processor circuitry coupled to a memory, the processor circuitry to: receive an encrypted workload associated with a tenant application, execute a cryptographic key exchange protocol with the tenant application to derive a session key for one or more compute zones associated with the processor circuitry (setting up a secure session between cryptographic coprocessor 320 and the second entity (i.e., smart card 310) in the target zone (i.e., zone B) using currently available methods known in the art. Key 315 is again encrypted under a session key (i.e., a transitory key- encrypting-key) established between the two entities (i.e., cryptographic co-processor 320 and smart card 310) and sent to the second smart card for secure storage, see abstract, fig.5, [0188] to [(0190)). Coon does not specifically disclose deriving a session key for compute zones. However, Ellison discloses deriving a session key for compute zones (102 and 106 fig,1) (establishing and maintaining the session key, and to make use of the session key to decrypt and/or authenticate data received over channel 100. This process can be designed to be transparent to application 102, which may simply invoke service 106 using an API, see fig.1, [0018] to [0019]). It would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was made to implement Ellison's teachings into the computer system of Coon to control data sessions because it would have maintained the secrecy of the session key and thus protected the confidentiality of the application data in a communication network (see Ellison's {0013]). Neither Coon nor Ellison discloses that the data is decrypted using compute zones in a trusted execution environment wherein the compute zones are associated with an accelerator. However, Connor discloses the data is decrypted using compute zones in a trusted execution environment wherein the compute zones are associated with an accelerator (implementing servers 110 to include storage, compute, input/output, field-programmable gate array (FPGA) custom accelerators, CODECS, load balancers, security (honeypot, honeynet, and/or demilitarized zone areas, decryption/decryption in a secure network environment, see [0025] to [0028]). It would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was made to implement Connor’s teachings into the computer system, of Coon to protect data information because it would have provided low latency in order to optimize performance of the data center during the trading window (see Connor’s [0028]). As to claim 2, Coon discloses the tenant application runs at a virtual machine and wherein the encrypted workload is downloaded from the tenant application, wherein the tenant application communicates with the one or more compute zones of the compute zones over one or more physical links including a bus (providing the virtual machine with multiple "virtual processors' and using cryptographic co-processor to decrypt or encrypt the security credentials of key and then subsequently send the encrypted security credentials to middleware, see [0018 and [0184]). Coon does not specifically disclose deriving a session key for compute zones. However, Ellison discloses deriving a session key for compute zones (102 and 106 fig,1) (establishing and maintaining the session key, and to make use of the session key to decrypt and/or authenticate data received over channel 100 This process can be designed to be transparent to application 102, which may simply invoke service 106 using an API, see fig.1, [0018] to [0019]). It would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was made to implement Ellison's teachings into the computer system of Coon to control data processing because it would have maintained the secrecy of the session key and thus protected the confidentiality of the application data in a communication network (see Ellison's {0013]). As to claim 3, Coon discloses the apparatus comprises a plurality of one or more compute zones are associated with an accelerator hosted by or coupled to the processor circuitry and the first compute zone is isolated from other compute zones in the accelerator, wherein a first compute zone of the one or more compute zones is independent of and isolated from a second compute zone of the one or more compute zones, wherein the one or more compute zones are assigned and correspond to one or more protected memory regions (setting up a Secure session between cryptographic coprocessor 320 and the second entity (i.e., smart card 310) in the target zone, see [0188)). Coon does not specifically disclose deriving a session key for compute zones. However, Ellison discloses deriving a session key for compute zones (102 and 106 fig,1) (establishing and maintaining the session key, and to make use of the session key to decrypt and/or authenticate data received over channel 100 This process can be designed to be transparent to application 102, which may simply invoke service 106 using an API, see fig.1, [0018] to [0019]). It would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was made to implement Ellison's teachings into the computer system of Coon to control data processing because it would have maintained the secrecy of the session key and thus protected the confidentiality of the application data in a communication network (see Ellison's {0013]). As to claim 5, Coon discloses the one or more first compute zone to store data streams and stores the decrypted data stream and the metadata in the corresponding one or more protected memory regions, wherein the one or more protected memory regions are assigned to the one or more compute zones based on one or more isolated memory region registers, wherein the encrypted workload is decrypted using the one or more compute zones (encrypt the decrypted security credentials (see [0185)). Coon does not specifically disclose deriving a session key for compute zones. However, Ellison discloses deriving a session key for compute zones (102 and 106 fig,1) (establishing and maintaining the session key, and to make use of the session key to decrypt and/or authenticate data received over channel 100 This process can be designed to be transparent to application 102, which may simply invoke service 106 using an API, see fig.1, [0018] to [0019]). It would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was made to implement Ellison's teachings into the computer system of Coon to control data processing because it would have maintained the secrecy of the session key and thus protected the confidentiality of the application data in a communication network (see Ellison's {0013]). As to claim 9, Coon discloses the one or more compute zones are associated with one or more of first compute zone comprises one or more cryptographic engines to perform cryptographic operations on the encrypted workload and one or more encrypted data streams the encrypted data stream, one or more media engines to perform media operations relating to one or more decrypted data streams on the decrypted data stream and or one or more inference engines to execute the decrypted workload to process the one or more decrypted data streams (decrypt or encrypt the security credentials of key and then subsequently send the encrypted security credentials to middleware see [0184] to [0187)). Coon does not specifically disclose deriving a session key for compute zones. However, Ellison discloses deriving a session key for compute zones (102 and 106 fig,1) (establishing and maintaining the session key, and to make use of the session key to decrypt and/or authenticate data received over channel 100 This process can be designed to be transparent to application 102, which may simply invoke service 106 using an API, see fig.1, [0018] to [0019]). It would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was made to implement Ellison's teachings into the computer system of Coon to control data processing because it would have maintained the secrecy of the session key and thus protected the confidentiality of the application data in a communication network (see Ellison's {0013]). As to claim 11, Coon discloses the processor circuitry comprises graphics processor circuitry coupled to application (see [0180)). Claims 21-26 are rejected for the same reasons set forth in claims 1-3, 5, 9 and 11 respectively. Claims 27-32 are rejected for the same reasons set forth in claims 1-3, 5, 9 and 11 respectively. Response to Argument Applicant’s arguments, filed 2/18/26, with respect to the rejection(s) of claim(s) 1-3, 5, 9, 11 and 21-32 under 35 USC 103 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Connor et al., US Pub. No.20170086325. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to Khanh Dinh whose telephone number is (571) 272- 3936. The examiner can normally be reached on Monday through Friday from 8:00 A.m. to 5:00 P.m. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Cheema Umar, can be reached on (571) 272-3. The fax phone number for this group is (571) 273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). Any response to this action should be mailed to: Commissioner for patents P O Box 1450 Alexandria, VA 22313-1450 /KHANH Q DINH/Primary Examiner, Art Unit 2458
Read full office action

Prosecution Timeline

Show 8 earlier events
Mar 10, 2025
Non-Final Rejection mailed — §103
Jun 02, 2025
Response Filed
Sep 25, 2025
Final Rejection mailed — §103
Dec 23, 2025
Response after Non-Final Action
Feb 18, 2026
Request for Continued Examination
Feb 28, 2026
Response after Non-Final Action
Apr 07, 2026
Non-Final Rejection mailed — §103
May 07, 2026
Response Filed

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12634260
OPTIMAL DATA PLANE SECURITY & CONNECTIVITY FOR SECURED CONNECTIONS
3y 2m to grant Granted May 19, 2026
Patent 12627666
CONTROLLER-BASED NETWORK ACCESS CONTROL SYSTEM, AND METHOD THEREFOR
1y 12m to grant Granted May 12, 2026
Patent 12607377
Method of Associating an HVAC Controller with an External Web Service
3y 5m to grant Granted Apr 21, 2026
Patent 12598188
SYSTEM AND METHOD FOR DESCRIBING AND VISUALIZING ALLOWED, DENIED, CHAINED AND EFFECTIVE ACCESS TO A SYSTEM
2y 10m to grant Granted Apr 07, 2026
Patent 12574375
CLOUD VIRTUAL REALITY ECOSYSTEM
2y 2m to grant Granted Mar 10, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

5-6
Expected OA Rounds
84%
Grant Probability
88%
With Interview (+4.3%)
2y 11m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 727 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month