PERSISTENT DATA SECURITY FOR DATA PROCESSING UNITS

§103 §112

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant's arguments filed on 07/24/2025 have been fully considered but they are not fully persuasive (with the exception of page 12). Claims 2, 5, 7, and 20 have been amended. Claims 1-20 are currently pending. On pages 9-10 of the remarks, applicant argues: “1) None of the references cited against the independent claims is analogous art. The claims are directed to solving a different problem than the cited references. Claim 1 recites a system in which a DPU storage is secured by an access key that is provided by the BMC to firmware of the DPU during boot (e.g., so that the DPU firmware can boot the DPU OS), after which the DPU firmware deletes its copy of the access key, while the access key itself is retained by the BMC. This solves the problem of "securing persistent data related to DPUs." Application, ¶ 0003. None of the references cited against the independent claims are directed toward solving any such problem. Emerson, for example, discloses a system in which "The main hardware processor causes the baseboard management controller to serve as an agent that, independently from the host, responds to communications with a remote management entity to manage the host." Emerson, abs. Emerson does not disclose a DPU at all, let alone a technique for securing persistent data related to a DPU. To the extent Emerson discloses encryption techniques, those techniques are directed to managing keys for self-encrypting drives and have nothing to do with DPU storage. Subramanian discloses a system for "sanitizing" an SSD or flash drive that stores "personal and/or confidential information about individuals or businesses" and teaches complete destruction of all data on a disk. Subramanian, ¶ 0001. As discussed below, Subramanian neither teaches nor suggests anything to do with DPUs at all. Wentz is directed to a "secure computing hardware apparatus" that includes "a secret generator module" to allow fingerprinting of components. Wentz, ¶¶ 0004, 0011. Wentz, like the other references neither discloses nor has anything to do with a DPU. Thus, the Office Action attempts to combine three disclosures, all of which are directed to solutions to problems different from each other and nothing like the problem addressed by the claims of this application. Unsurprisingly, these references neither disclose nor suggest virtually any limitation of the independent claims. They certainly do not establish that any independent claims is prima facie unpatentable under § 103.” Examiner respectfully disagrees. In response to applicant's argument that the prior art of Emerson in view of Subramanian and Wentz is nonanalogous art, it has been held that a prior art reference must either be in the field of the inventor’s endeavor or, if not, then be reasonably pertinent to the particular problem with which the inventor was concerned, in order to be relied upon as a basis for rejection of the claimed invention. See In re Oetiker, 977 F.2d 1443, 24 USPQ2d 1443 (Fed. Cir. 1992). In this case, Examiner still maintains that Emerson does teach a DPU as seen in paragraphs [0032] – [0035] and Figure 2 wherein “… In accordance with example implementations, the secure enclave 140 may be a complete system-on-chip (SOC) and may be contained within a tightly-controlled cryptographic boundary 204. In general, the components of the secure enclave 140 may communicate over a bus infrastructure 205…”. Examiner also contends that Emerson does also disclose the management keys are seen in paragraph [0028] wherein… “In general, a “secret,” as used herein, refers to data that represents a security-protected entity, or artifact, such as a cryptographic key, a credential, a certificate, a measurement hash, a cryptographic platform identity, a seed, a password, and so forth. “Managing” a secret 145, in general, refers to controlling, or regulating, aspects related to storing and accessing the secret 145, such as reading, or retrieving, the secret 145 from the secure memory 144; writing the secret 145 to the secure memory 144; generating a secret 145 to be stored in the secure memory 144 (e.g., generating a cryptographic key); deleting the secret 145 from the secure memory 144; sealing a secret 145 to one or multiple measurement hashes or one or multiple measurement digest values (e.g., PCR values); unsealing the secret 145; and so forth…” Examiner does agree that Emerson does not fully disclose the limitation, but the prior art of Subramanian discloses the limitation of firmware’s ability to firmware is configures to delete accessing the DPU storage as seen in paragraph [0013] wherein “In a cryptographic erase, a cryptographic key, which is used to access stored encrypted data (e.g., encrypted data stored on a storage device or encrypted data stored in an adapter), is erased, or removed, from the storage device and/or adapter…” Further in paragraph [0020] demonstrates the limitation wherein “…a cryptographic erase may be used to remove a cryptographic key used to encrypt data stored on the hard drive…” Thus, the Office Action appears now to allege that the computer's CPU is the recited DPU. In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007). “On pg. 10-11 of the remarks, applicant argues: “The Applicant respectfully submits that no POSITA would understand a secure enclave to be a DPU, which is a specific term of art. For example, the application provides a definition of a DPU and non-limiting examples of DPUs: A DPU is a controllable device, such as a system on a chip ("SoC"), with hardware acceleration of data processing for data-centric computing. A DPU is generally installed on a physical server and operates in isolation of the server's central processing unit ("CPU"). The DPU offloads network interface data processing workloads from the CPU so that high performance network interfaces can process data at much faster rates. Application, ¶ 0001. A DPU can be a controllable device, such as a SoC, with hardware acceleration of data processing for data-centric computing. In an example, the DPU can be a network interface controller ("NIC") or SmartNIC that can be plugged into a server. Id., ¶ 0022. A POSITA would understand that a secure enclave with a secure processor is not a DPU. For example, claim 1 further recites that the BMC provisions the DPU, "including configuring a portion of the local storage device of the server for DPU storage, the DPU storage including a DPU operating system ('OS')." Emerson does not teach that the secure processor runs its own OS, and the record contains no evidence that at POSITA would believe that it could. Instead, the Office Action pivots, apparently alleging that the "operating system of a computing device" teaches the recited DPU OS. Even as characterized by the Office Action, this is plainly incorrect: As used herein, a baseboard management controller has management capabilities for sub-systems of a computing device, and is separate from a processing resource that executes an operating system of a computing device. The baseboard management controller is separate from a processor, such as a central processing unit, which executes a high-level operating system or hypervisor on a system. Office Action at 5 (quoting Emerson, ¶ 0031). The only operating system mentioned by Emerson (as quoted by the Office Action) is the operating system run by the CPU of the computing device. Nothing in this passage provides any indication that the secure processor has its own operating system. Thus, the Office Action appears now to allege that the computer's CPU is the recited DPU. Applicant specifically argues that Emerson does not disclose a DPU at all, let alone technique for securing persistent data related to a DPU. Emerson discloses in paragraph [0054] and in Figure 2 “In accordance implementations, the secure enclave 140 may be complete system-on-chip (SOC) and may contained within tightly controlled cryptographic boundary 204…” Although the Emerson does not explicitly use the term DPU, one in the ordinary skill in the art would know that under BRI, Emerson’s secure enclave would read as the applicant’s claimed DPU. Emerson further exemplifies of the concept of persistent data related to a DPU in paragraph [0054] and Figure 1 wherein “The secure memory 144 may be, for example, a non-volatile RAM (NVRAM)…” and the concept securing said persistent data in paragraph [0057] “As also depicted in FIG. 2, in accordance with example implementations, the secure enclave 140 may include a tamper detection circuit 234, which receives various environmental sensor signals 236 (e.g., sensor signals representing a temperature, a clock rate, a voltage, and so forth) for purposes of detecting malicious manipulation of the secure enclave's operating environment so that appropriate action may be taken when this occurs.” Therefore, based at least the above, paragraphs, Examiner respectfully discloses that the prior art teaches the limitation. On page 12 of the Remarks, the applicant argues: Moreover, the Office Action claims that Emerson teaches "providing the encrypted access key to the DPU firmware." Office Action at 6 (quoting Emerson ¶¶ 0064-65). This passage of Emerson teaches that "a CPU core 102 executing boot services firmware (e.g., UEFI 111 boot services firmware) may, responsive to the boot of the computer platform 100, detect the NVMe storage device 122 and perform credential management for the storage device 122." Presumably, the Office Action alleges that the disclosed UEFI firmware teaches the recited "DPU firmware," because the quoted passage discloses no other firmware. Emerson, however, clearly teaches that the UEFI firmware is executed by a core of the CPU. This again would require the computer's CPU to be a DPU. Thus, the Office Action takes the inconsistent positions that (1) Emerson's secure processor is a DPU and (2) Emerson's CPU (which Emerson teaches is a completely different processor) is a DPU. See Emerson, Fig. 1 (illustrating CPU 102 and security processor 142). In fact, Emerson teaches that the "hardware security processor 142 of the secure enclave 140" is part of the "the BMC 129 (as part of the BMC's security plane)."Id., ¶ 0033. As noted above Emerson is quoted by the Office Action as teaching that "[t]he baseboard management controller is separate from a processor, such as a central processing unit, which executes a high-level operating system or hypervisor on a system."Id., ¶ 0031 (quoted by Office Action at 6). In fact, Emerson explains in great detail in paragraph 0031 how separate the BMC is from the other hardware of the computer system. Thus, the Office Action inconsistently interprets two components, which Emerson expressly and emphatically teaches are different and separate components, as teaching the same recited DPU depending on the feature of claim 1 against which Emerson is cited. This inconsistency alone prevents Emerson for supporting any argument that claim 1 is prima facie unpatentable under § 103. The Examiner respectfully agrees. On pages of 13-14 of the Remarks, Applicant contends that no cited references discloses DPU firmware configured to delete an access key, as recited by claim 1.The examiner respectfully disagrees. In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007). Applicant specifically argues that Subramanian does not disclose this feature. Subramanian discloses in paragraph [0040] and in Figure 1 wherein “In accordance with example implementations, the boot image 155 includes a sanitization application 158 (e.g., an Extensible Firmware Interface (EFI) application), which is executed in a warm reset boot of the computer system 100, if the storage sanitization option has been selected. The boot image 155 may also include drivers 159 (e.g., executable EFI images) for corresponding adapters of the computer system 100. It is noted that computer system 100 may store a driver for given adapter in a location other than the memory 150, which may be the case, for example, when the driver is loaded from the PCIe option card…” Although the Subramanian does not explicitly use the term DPU firmware, one in the ordinary skill in the art would know a PCIe option card can be DPU. Subramanian further exemplifies DPU firmware in paragraph [0042] “…. The SantizeMedia function, in accordance with example implementations, may be used to either cause the driver to perform a cryptographic key erase or perform a media type specific erase operation. The sanitization functions may also include a MonitorSanitizeStatus function, which causes the driver to return a completion status…” which further discloses configuration of the firmware to delete an access key. Therefore, based at least the above, paragraphs, Examiner respectfully discloses that the prior art teaches the limitation. On pages of 14 the Remarks, Applicant contends that Wentz, like Emerson and Subramanian, is non-analogous art .The examiner respectfully disagrees. In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007). Applicant states Wentz is directed to a completely different problem than that of either Emerson or Subramanian, and person of the ordinary skill in the arts would find no reason to combine Wentz. The reason to combine was previously stated in the office action in which the reason to combine was to prevent memory-based exploit such as a speculative execution race-condition exploit from accessing ostensibly secure memory retain in the at least a processor cache. On pages of 14-15 the Remarks, Applicant contends that Rao is also non-analogous art .The examiner respectfully disagrees. In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007). Applicant specifically contends that Rao does not disclose “installing a DPU operation system (“OS”) on a portion of a storage device that does not support access restriction with an encrypted access key” and “configuring a portion of a media card connected to the server for DPU storage, the DPU storage including a DPU operating system.” Rao discloses in paragraph [0032] and Figure 1 “Network interface 108 may comprise any suitable system, apparatus, or device operable to serve as interface between information handling system 102 and one or more other information handling systems. Network interface 108 may enable information handling 102 to communicate any suitable transmission protocol and/or standard. In these and other embodiments, network interface 108 may comprise a network interface card, or “NIC”, and DPU is a type of NIC which discloses the limitation. Further, Rao discloses installing DPU operating system (“OS”) on a portion of storage device in paragraph [0029] and Figure 1 “In these and other embodiments, BIOS 105 may comprise boot firmware configured to be the first code executed by processor 103 when information handling 102 is booted and/or powered on. As part of its initialization functionality, code for BIOS 105 may be configured to set components of information handling system 102 into a known state, so that one or more applications (e.g., an operating system or other application programs) stored on compatible media (e.g., memory 104) may be executed by processor 103 and given control of information handling system 102…” which is part of the process of installing of DPU OS therefore teaching the limitation. Also in paragraph [0040] and as seen in Figure 1 wherein “…key management server 122 may comprise a cryptoprocessor 126…. In some embodiments, cryptoprocessor 126 may comprise a non-volatile memory accessible only to cryptoprocessor 126…” disclosing that the limitation of a portion of a media card connected to the server for DPU storage, the DPU storage including a DPU operating system. Therefore, based at least the above, paragraphs, Examiner respectfully discloses that the prior art teaches the limitation. The Remarks, Applicant’s arguments, see pages 12 and 15-17 , filed on 07/24/2025, with respect to the rejections of independent claims under 35 USC 103 and the amended limitations of claim 2, 5, and 7 have been considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Bar-Ilan et al. (US PGPub No. US-20220334989-A1), Goel et al. (US PGPub No. 20220179674-A1), Pope et al. (US PGPub No. 20190103972-A1 ), Jaber et al. (US PGPub No. 20140025947-A1 ), Norton et al. (US PGPub No. 20190089724-A1), Doshi et al. (US PGPub No. 20220014466-A1 ), Medaglia et al. (US PGPub No. 20210367769-A1), Narayan et al. (US PGPub No. 20170075699-A1 ), Zayas et al. (US PGPub No. 20100011427-A1 ), Kumble Seetharama et al. (US PGPub No. 20210336845-A1), Colp et al. (US PG Pub No. 20140006805-A1), Nelson et al. (US Pat No.11349710-B1), and Miller et al. (US PGPub No. 20200410097-A1 ). Thus, in view of the above, the present rejections are maintained as written below. Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 1 rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. The specification does not reasonably convey to one of ordinary skill in the art that the inventors had possession of the subject matter now claimed, specifically the requirement that the baseboard management controller (BMC) encrypts, or otherwise performs encryption-based locking of, access to the DPU storage using an encrypted access key. This deficiency applies to claims 1, 5-8, 11-13, 15, and 18-20. The claims place the encryption or access-locking operation on the BMC, either expressly (e.g., “encrypting access to the DPU storage with the encrypted access key” in claim 1) or through corresponding method and CRM language. However, the specification provides no disclosure of any mechanism by which a BMC can technically perform encryption, decryption, or storage-locking operations on a DPU storage device. In conventional architectures, a DPU controls its own local flash, host-assigned partitions, or remote block storage, while a BMC communicates only over sideband interfaces (e.g., NC-SI, I2C) for management functions such as reset, monitoring, and firmware updates. Moreover, claims 1, 8, and 15 defines “DPU storage” as a portion of the server’s local storage device. Although the specification contains isolated high-level functional statements such as ¶[0026](“the BMC can encrypt access to the DPU storage”), these passages are purely conclusory and are unaccompanied by any structural, architectural, or protocol-level explanation of how the BMC would perform such an operation. Notably, ¶[0026] also states that “the BMC can encrypt access to the DPU storage with the DPU OS,” but the specification provides no disclosure of any mechanism by which a BMC and a remote operating system running on a separate processor could jointly perform an encryption or access-control operation. Furthermore, the specification’s only embodiments of encryption/locking apply to storage physically attached to the DPU (e.g., eMMC, SD, DPU flash), creating a direct mismatch between the claim wording and the specification’s support. The conventional commands exchanged over these interfaces are limited to power control, reset signals, health/status polling, sensor readings, firmware update triggers, and mailbox-style messages which all do not include any block-storage encryption, password, or access-control operations. This phrasing is not reflective of any known security architecture and does nto correspond to any technically coherent interaction between a BMC and a DPU OS. The specification does not disclose: (1) how the BMC obtains control over any DPU storage interface contrary to conventional BMC/DPU architecture; (2) how the BMC issues encryption, decryption, password, or access-control commands; (3) how the BMC would invoke or drive any cryptographic engine; or (4) how the BMC would enforce exclusive storage access against the DPU firmware. Mere recitation of a desired functional result, without any supporting mechanism, does not satisfy the written-description requirement. See Ariad Phar.,Inc. v. Lilly, 598 F.3d 1336 (Fed. Cir. 2010)(en banc); LizardTech, Inc. v. ERM, 424 F.3d 1336 (Fed. Cir. 2005). And further, the specification lacks any disclosure of how the BMC accesses the DPU’s storage device, issues commands to lock/unlock it, or leverages a cryptographic engine under BMC control. The only detailed technical embodiments in the specification describe the DPU—not the BMC—performing storage access control operations. For removable media, ¶¶[0049]-[0052] disclose that the DPU firmware issues CMD42 SET_PWD and CMD42 unlock commands to lock or unlock the media card using the access key provided by the BMC. These CMD42 operations implement a password-based access restriction, which is an authentication mechanism, not encryption of the underlying storage media. For storage lacking hardware access-control support, ¶[0007] describes that the DPU OS “can encrypt access to the DPU data using the access key,” again indicating that the DPU, not the BMC, performs any encryption. No embodiment discloses the BMC performing software encryption, hardware encryption, or issuing OPAL/SED, ATA Security, NVMe Security, or any other cryptographic or access-control commands to a DPU storage device. While the provisioning steps and key-generation steps are supported, the core limitations of ‘encrypting access to the DPU storage’ as performed by the BMC over server-based storage (as claimed) has no description in the specification and contradicts the only detailed embodiments. Accordingly, because the detailed embodiments only disclose DPU-side authentication or DPU-side software encryption, and the specification provides no written description of a BMC performing the claimed encryption or access-locking operations, the above-identified claims lack adequate written-description support under 35 U.S.C. § 112(a). Claims 2, 3, 9, 10, 14, 16, and 17 are rejected for the same reasons discussed above with respect to their base claims. These claims depend, either directly or indirectly, from claims that have been found lacking adequate written-description support, and they do not include any additional limitations that remedy the deficiency. Accordingly, these dependent claims fall with their respective parent claims. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Claim 1 is rejected under 35 U.S.C. 103 as being unpatentable over Bar-Ilan et al. (US PGPub No. US-20220334989-A1) in view of Goel et al. (US PGPub No. 20220179674-A1), Pope et al. (US PGPub No. 20190103972-A1 ), Jaber et al. (US PGPub No. 20140025947-A1 ), and Norton et al. (US PGPub No. 20190089724-A1). With respect to claim 1, Bar-Ilan teaches a server, comprising: (¶0006: DPUs can be used as a stand-alone embedded processor, or may be incorporated into a network interface controllers. For example, a DPU may be incorporated into a SmartNIC, a network interface controller used in servers such as “next generation servers” which are a class of servers charactered by increased processor speed, enhanced management features, and greater energy efficiency, related to other servers. ). a central processing unit ("CPU");(¶0129: If the target functionality is part of the hardware programmable CPU may be programmed to perform the target service functionality described herein. As seen in ¶0186 The fabric target offload may operate as per Figure 6 wherein typically, only control path, management and exceptions go through target CPU software. Typically, data path and NVMe commands are handled by a network adapter). a data processing unit ("DPU") (¶0005: A DPU (Data Processing Unit) and direct memory access (DMA) typically comprises a platform that includes a networking interface, such as NVIDIA®'s ConnectX®, and a programmable processing module, such as ARM cores, which provides the DPU's processing power, and may be programmable. BlueField® (versions 1, 2 and 3) are all examples of state-of-the-art DPUs.) having a processor and a memory storage, (¶0034: A DPU (Data Processing Unit) and direct memory access (DMA) typically comprises a platform that includes a networking interface, such as NVIDIA®'s ConnectX®, and a programmable processing module, such as ARM cores, which provides the DPU's processing power, and may be programmable. BlueField® (versions 1, 2 and 3) are all examples of state-of-the-art DPUs.). the memory storage including a non-transitory, computer-readable medium, (¶0009: It is appreciated that software components of the present invention may, if desired, be implemented in ROM (read only memory) form. The software components may, generally, be implemented in firmware or hardware, if desired, using conventional techniques. It is further appreciated that the software components may be instantiated, for example: as a computer program product, or on a tangible medium.). wherein a DPU firmware persists on the memory storage; (¶0152: It is appreciated that any suitable method may be employed to generate and use a memory key (MKEY) that points to host memory. For example, a suitable call to DPU (BlueField®) firmware generates an MKEY that spans another system's memory instead of the memory of the caller (e.g. of an application running on internal processing units in the DPU that stores the logic which performs the methods of FIGS. 5a-5b and/or other methods herein).) . a baseboard management controller ("BMC"); and (¶0012: NVME Management Interface (NVMe-MI)) Specification—The command set and architecture for out of band management of NVM Express storage (e.g., discovering, monitoring, and updating NVMe devices using a BMC).). a local storage device, (¶0052: A computerized system according to any of the embodiments described herein which enables a host to access an emulated PCI storage device, by employing the computerized apparatus for coordinating execution of a host request arriving on an emulated interface, using less than 3 direct memory access (DMA) transfers, wherein the host request pertains to data stored or which is to be stored on at least one hardware storage device locally attached to the host, wherein the data passes between the host's original application buffer and the hardware storage device locally attached to the host.¶00180: It is appreciated that the DPU may locate at least a portion of the data referred to by a request, posted by a host via emulated storage device, as available in, or targeted to, at least one storage device/s which is/are locally attached to the host, but not to the DPU.). Bar-Ilan does not disclose: wherein the BMC performs stages comprising: provisioning the DPU on the server, including configuring a portion of the local storage device of the server for DPU storage, the DPU storage including a DPU operating system ("OS"); generating an encrypted access key; encrypting access to the DPU storage with the encrypted access key; However, Goel teaches wherein the BMC performs stages comprising: provisioning the DPU on the server, including configuring a portion of the local storage device of the server for DPU storage, the DPU storage including a DPU operating system ("OS"); (¶0033: In specific examples provided below, the BMC engine 306 may also include a management (MGMT)/ operating system communication (OS COMM.) sub-engine 306b that may be provided by hardware (e.g., a System on Chip SoC) included in the BMC processing system) and/or software (e.g., a virtual machine/container provided by instructions stored on the BMC memory system), and that may be configured to bifurcate responsibilities of the BMC engine 306/BMC device 304 while the server device 300 is in a pre-boot environment (as discussed in further detail below) by providing a management subsystem that handles management functionality for the BMC engine 306/BMC device 304, and providing an operating system interaction subsystem that dynamically hosts relatively small operating system images used to provide BMC operating systems that interact with a host operating system (e.g., using Intelligent Platform Management Interface (IPMI) channels, Representational States Transfer (REST) interfaces, and/or other operating system) to provide data encryption keys that enable initialization operations that provision the host operating system on the server device 300.). generating an encrypted access key; encrypting access to the DPU storage with the encrypted access key; (¶0032-0036: In the specific examples provided below, the BMC engine 306 may include key generation sub-engine 306a maybe provided by hardware (e.g., as part of the BMC processing system) and/or software (e.g., instruction stored on the BMC memory system) For example, the key vault 308 may be utilized to store data encryption keys that are utilized in the encryption of data generated by virtual infrastructure such as the virtual machines discussed below, and that are associated with identity information for those data encryption keys (e.g., identity information used for mapping those data encryption keys/virtual infrastructure keys with corresponding data encryption keys/virtual infrastructure keys maintained at the hypervisor layer and in a vendor-managed key agent on a host operating system in the server device 300), and may be involved in synchronization operations between the BMC device 304 and a host operating system in the server device 300 that operate to synchronize data encryption keys stored in the key vault 308) . It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention utilize the teachings of Goel to the method of Bar-Ilan in order to better manage the storage of encryption keys (Goel ¶0002-0005 ). Bar-Ilan in view of Goel does not disclose: providing the encrypted access key to the DPU firmware, However, Pope teaches providing the encrypted access key to the DPU firmware, (¶0032-0036: The sec-nic key is preferably stored in the ASIC secure memory but in other embodiments may be stored in a further external secure memory. The firmware is configured such that it cannot access the sec-nic key itself but can only cause the sec-nic to be used to encrypt data written to the secure memory outside the ASIC and/or decrypt data read out of the secure memory outside the NIC. Therefore removal and inspection of the secure memory will not reveal the NIC's private key. A replacement of the secure memory contents cannot inject firmware or modify state such as the private key priv-nic which is stored in the secure memory.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention utilize the teachings of Pope to the method of Bar-Ilan in view of Goel in order to better secure data and protect against malicious malware being applied such as viruses, worms, Trojan horses, and spyware (Pope ¶0101-0103). Bar-Ilan in view of Goel and Pope does not disclose: wherein the DPU firmware is configured to delete the access key after accessing the DPU storage; and retaining the encrypted access key in a secure storage location of the BMC. However, Jaber teaches wherein the DPU firmware is configured to delete the access key after accessing the DPU storage; and (¶0025: As provided within the disclosure, references to the term "kill switch" refers to the functionality that causes sensitive customer configuration data (which is KSEK-encrypted) to be permanently lost and/or unreadable and/or irretrievable, following the execution of a single encryption key erasure command. Execution of this single encryption key erasure command (i.e., the kill switch) permanently deletes the established KSEK utilized for system-wide encryption of sensitive customer configuration data from a secure storage in which the KSEK is maintained. ¶0039: The remainder of disclosure references specific functionality provided by service processor 125 and specifically execution of firmware 127 within service processor 125 as related to creation and utilization of the KSEK. According to one embodiment, service processor F/W 127 includes program code that configures the service processor 125 to provide the various functions described within the present disclosure. …. Specifically, the firmware 127 configures the service processor 125 to: establish a kill switch encryption key (KSEK) to provide data security for data stored within one or more storage devices that are associated with one or more configurable components of an IHS; configure the one or more configurable components to provide access to and enable decryption of data stored within the one or more storage devices only when a valid copy of the KSEK is received from the service processor along with a request for access to the stored data; automatically encrypt, with the KSEK, data that is written to the one or more storage devices; ); It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention utilize the teachings of Jaber to the method of Bar-Ilan in view of Goel and Pope in order to prevent future access to encrypted data (Jaber ¶0009). Bar-Ilan in view of Goel, Pope, and Jaber does not disclose: retaining the encrypted access key in a secure storage location of the BMC. Although Jaber does disclose the firmware deleting the access key after accessing a storage, but Jaber does not explicitly disclose retaining the encrypted access key in a secure storage location of the BMC. However, Norton teaches retaining the encrypted access key (¶0039: Resource 616 includes memory 618 which contains a secret 620. In some examples, secret 620 may be an encryption key loaded into memory 618 during manufacture of modular server 600) in a secure storage location of the BMC. (¶0012-¶0013: Security circuitry may include a security processor located with a baseboard management controller (BMC) resource, volatile memory, non-volatile memory, zeroization circuitry, anti-tampering sensors, and one or more auxiliary power source (e.g. backup battery). The security processor monitors the anti-tampering sensors for indications of tampering, the volatile memory actively retains the secret loaded within the volatile memory. Active zeroization may remove residual indications of the secret that are retained in memory circuitry, because volatile memory may retain evidence of the secret in capacitors and other components that could be discovered through forensic means. Similarly, zeroization circuitry of non-volatile memory may engage in active zeroization by overwriting the secret in memory. In some examples, the data used to overwrite the secret is random data, rather than all zeroes as implied by the name “zeroization.”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention utilize the teachings of Norton to the method of Bar-Ilan in view of Goel, Pope, and Jaber in order to prevent nefarious actors from accessing the system (Norton ¶0011). Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Bar-Ilan et al. (US PGPub No. US-20220334989-A1) in view of Goel et al. (US PGPub No. 20220179674-A1), Pope et al. (US PGPub No. 20190103972-A1 ), Jaber et al. (US PGPub No. 20140025947-A1 ), Norton et al. (US PGPub No. 20190089724-A1), and Doshi et al. (US PGPub No. 20220014466-A1). With respect to claim 2, the combination of Bar-Ilan in view of Goel, Pope, Jaber, and Norton teaches the method of claim 1 (see rejection of claim 1 above) but does not disclose wherein the DPU is a system on a chip (SoC) with hardware acceleration of data processing for data-centric computing. However, Doshi teaches wherein the DPU is a system on a chip (SoC) with hardware acceleration of data processing for data-centric computing. ( ¶0149: As seen in Figure 21 A, Also in some examples, the processor 2104 may be embodied as a specialized x-processing unit (xPU) also known as a data processing unit (DPU), infrastructure processing unit (IPU), or network processing unit (NPU). Such an xPU may be embodied as a standalone circuit or circuit package, integrated within an SOC, or integrated with networking circuitry (e.g., in a SmartNIC, or enhanced SmartNIC), acceleration circuitry, storage devices, or AI hardware (e.g., GPUs or programmed FPGAs) .Such an xPU may be designed to receive programming to process one or more data streams and perform specific tasks and actions for the data streams (such as hosting microservices, performing service management or orchestration, organizing or managing server or data center hardware, managing service meshes, or collecting and distributing telemetry), outside of the CPU or general purpose processing hardware.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention utilize the teachings of Doshi with regards to the DPU to the method of Bar-Ilan in view of Goel, Pope, Jaber, and Norton in order to enable secure access while ensuring data security (Doshi ¶0031-0034). Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Bar-Ilan et al. (US PGPub No. US-20220334989-A1) in view of Goel et al. (US PGPub No. 20220179674-A1), Pope et al. (US PGPub No. 20190103972-A1 ), Jaber et al. (US PGPub No. 20140025947-A1 ), Norton et al. (US PGPub No. 20190089724-A1), Doshi et al. (US PGPub No. 20220014466-A1), and Medaglia et al. (US PGPub No. 20210367769-A1) . With respect to claim 3, the combination of Bar-Ilan in view of Goel, Pope, Jaber, and Norton, and Doshi teaches the method of claim 2 (see rejection of claim 2 above) the stages further comprising, in response to the instructions, causing the DPU to shut down. However, Medaglia teaches the stages further comprising, in response to the instructions, causing the DPU to shut down. ( ¶0027-¶0029: Because the ephemeral memory region (110) has an associated encryption key, any data on the ephemeral memory region (110) of the non-volatile memory device (105) may be accessed once power is restored to the non-volatile memory device (105). Table 1 describes additional power modes associated with certain hardware resources and correspondent actions associated with these resources under different power states. To shut down, the SoC may be completely flushed. S3 (NVM + DRAM side-by-side)). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention utilize the teachings of Medaglia with regards to the DPU shutting down to the method of Bar-Ilan in view of Goel, Pope, Jaber, Norton, and Doshi in order to improve efficiency in the data storage (Medaglia ¶0008-¶0010). Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Bar-Ilan et al. (US PGPub No. US-20220334989-A1) in view of Goel et al. (US PGPub No. 20220179674-A1), Pope et al. (US PGPub No. 20190103972-A1 ), Jaber et al. (US PGPub No. 20140025947-A1 ), Norton et al. (US PGPub No. 20190089724-A1), and Bhatia et al. (US PGPub No. 20190052634-A1). With respect to claim 4, the combination of Bar-Ilan in view of Goel, Pope, Jaber, and Norton teaches the method of claim 1 (see rejection of claim 1 above) [the stages further comprising: in an instance where the server reboots, receiving, from the DPU firmware, a request for the encrypted access key; and providing the encrypted access key to the DPU firmware in response to the request, ] wherein the encrypted access is deleted by the DPU firmware after accessing the DPU storage. (Norton ¶0012-¶0013: Security circuitry may include a security processor located with a baseboard management controller (BMC) resource, volatile memory, non-volatile memory, zeroization circuitry, anti-tampering sensors, and one or more auxiliary power source (e.g. backup battery). The security processor monitors the anti-tampering sensors for indications of tampering, the volatile memory actively retains the secret loaded within the volatile memory. Active zeroization may remove residual indications of the secret that are retained in memory circuitry, because volatile memory may retain evidence of the secret in capacitors and other components that could be discovered through forensic means. Similarly, zeroization circuitry of non-volatile memory may engage in active zeroization by overwriting the secret in memory. In some examples, the data used to overwrite the secret is random data, rather than all zeroes as implied by the name “zeroization.”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention utilize the teachings of Norton to the method of Bar-Ilan in view of Goel, Pope, and Norton in order to prevent nefarious actors from accessing the system (Norton ¶0011). Bar-Ilan in view of Goel, Pope, Jaber, and Norton does not disclose: the stages further comprising: in an instance where the server reboots, receiving, from the DPU firmware, a request for the encrypted access key; and providing the encrypted access key to the DPU firmware in response to the request, However, Bhatia teaches the stages further comprising: in an instance where the server reboots, ( ¶0036: As seen in Figure 1, subsequently, the update service replaces the BMC fimrware106 stored in storage 117 with updated BMC firmware 106’. After reboot, the BMC 102 executes the updated BMC executes the updated BMC firmware 106’ and loads, among other components updated key logic 122’). receiving, from the DPU firmware, a request for the encrypted access key; ( ¶0036: The BMC sends the retrieved data to the encryption component 1367 for encryption. Accordingly, the encryption component 136 may request, from the key manager 134, an updated encryption key now generated by the updated key logic 133’ provided by the updated BMC firmware 106’). and providing the encrypted access key to the DPU firmware in response to the request, ( ¶0036: Subsequently, the encryption component 136 inputs the data and the updated encryption key to the encryption algorithm to obtain updated encrypted data. The encryption component 136 then sends the updated encrypted data to the update service of the BMC 102. ). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention utilize the teachings of Bhatia to the method of Bar-Ilan in view of Goel, Pope, Jaber, and Norton in order to prevent hackers from exploiting encryption keys and have access to sensitive data on a management system (Bhatia ¶0007). Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Bar-Ilan et al. (US PGPub No. US-20220334989-A1) in view of Goel et al. (US PGPub No. 20220179674-A1), Pope et al. (US PGPub No. 20190103972-A1 ), Jaber et al. (US PGPub No. 20140025947-A1 ), Norton et al. (US PGPub No. 20190089724-A1), and Narayan et al. (US PGPub No. 20170075699-A1). With respect to claim 5, the combination of Bar-Ilan in view of Goel, Pope, Jaber, and Norton teaches the method of claim 1 (see rejection of claim 1 above) but does not disclose wherein the stages further comprise verifying that the DPU OS is booted in secure mode before providing the access key. However, Narayanan teaches wherein the stages further comprise verifying that the DPU OS is booted in secure mode before providing the access key. (¶0037: When the conventional secure boot process is completed, the network operating system engine 308 indicates that the boot process is complete to the platform management controller SoC 304. ¶0041: If the current boot metric data is verified at decision block 508, the platform management controller SoC 304 may determine that the current boot metric data is valid and the method 500 proceeds to block 512 where the platform management controller SoC authenticates the network operating system engine 308 and assigns authentication role(s).). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention utilize the teachings of Narayanan with regards to the DPU OS to the method of Bar-Ilan in view of Goel, Pope, Jaber, and Norton in order to eliminate the need for external authentication services that require configuration and management by network administrator (Narayanan ¶0045). Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Bar-Ilan et al. (US PGPub No. US-20220334989-A1) in view of Goel et al. (US PGPub No. 20220179674-A1), Pope et al. (US PGPub No. 20190103972-A1 ), Jaber et al. (US PGPub No. 20140025947-A1 ), Norton et al. (US PGPub No. 20190089724-A1), Zayas et al. (US PGPub No. 20100011427-A1 ), Kumble Seetharama et al. (US PGPub No. 20210336845-A1), and Colp et al. (US PG Pub No. 20140006805-A1). With respect to claim 6, the combinat