DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-6, 8-13, 15, 16 are presented for examination. Applicant elected group I ( 1-6, 8-13, 15, 16) without traverse and claims 21, 22, 24, 25, 27 and 28 had been withdraw from consideration. Applicant is required to cancel all non-elected claims 22, 24, 25, 27 and 28 .
The following is a quotation of 35 U.S.C. 112(f):
Element in Claim for a Combination. —An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof .The following is a quotation of pre-AlA35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination maybe expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AlA 35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection |, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AlA 35 U.S.C. 112, sixth paragraph:
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function;
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AlA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AlA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre- AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AlA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: a network interface device configured to in claims 1, 8.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AlA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AlA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AlA 35 U.S.C. 112, sixth paragraph (e.g., byreciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1, 2, 3, 4, 8 are rejected under 35 U.S.C. 103 as being unpatentable over Khare( US 11805109 B1) in view of Chhabra( US 20070101023 A1).
As to claim 1, Khare teaches a network interface device configured to communicate with a host and comprising a first computing circuit configured to support first offloading functions and first algorithms corresponding thereto( offloading hardware devices for encrypting and/or decrypting host communications during communication sessions that are compatible with software security protocols (such as Transport Layer Security and similar widely-used protocols). In at least some embodiments, a pair of networking sessions may collectively be used to transfer a given data set between two entities or endpoints, with the first session being used to obtain a symmetric encryption key at both endpoints, and the data set being encrypted/decrypted at an offloading hardware device using the key in the second session. An offloading hardware device may, for example, comprise a portion of the circuitry of a system-on-chip (SOC) that is incorporated within a peripheral card configured as a networking intermediary at a host in some embodiments, col 2, ln 55-67 to col 3, ln 1-6/ a given offloading hardware device may be capable of implementing any of several encryption algorithms in some embodiments, col 3, ln 6-11/ encryption/decryption operations performed at the offloading device, col 8, ln 55-60/ Encryption offloading hardware devices may also be referred to as encryption accelerators or encryption engines in some embodiments. The terms “encryption-related processing” or “encryption-related computations” may be used in at least some embodiments to refer collectively to computations that may be performed for encryption as well as decryption. With respect to a given data transfer, the pair of entities (e.g., respective application programs, operating system components, virtualization management software components, and/or combinations of such entities) , col 3, ln 50-60/ “encryption offloading device” may be used to refer to a device which is capable of offloading data integrity checking, encryption/decryption and/or other types of security-related computations from the primary processors of a host, with the respective categories of security-related computations being managed or controlled independently of each other, col 6, ln 40-50/ results of the encryption/decryption operations performed at the offloading device, col 8, ln 55-60/ In some embodiments, at least a subset of the virtualization management offload cards 715 of the VCS virtualization server fleet may include respective encryption engines 717 (e.g., 717A or 717B). Such encryption engines 717 may be used to encrypt and/or decrypt various types of messages, col 16, ln 50-56)
a computing storage device configured to store data( system memory 9020 may be one embodiment of a computer-accessible medium configured to store program instructions and data as described above for FIG. 1 through FIG. 11 for implementing embodiments of the corresponding methods and apparatus., col 26, ln 5-10/System memory 9020 may be configured to store instructions and data accessible by processor(s) 9010, col 25, ln 11-16)
and comprising a second computing circuit configured to support second offloading functions and second algorithms corresponding thereto( the present disclosure relates to using offloading hardware devices for encrypting and/or decrypting host communications, col 2, ln 55-60/ An offloading hardware device may, for example, comprise a portion of the circuitry of a system-on-chip (SOC) that is incorporated within a peripheral card configured as a networking intermediary at a host in some embodiments. Such circuitry may implement logic in hardware to perform, at very high throughputs and with very low latencies, encryption and/or decryption, col 2, ln 65-67 to col 3, ln 1-6/ given offloading hardware device may be capable of implementing any of several encryption algorithms in some embodiments, col 3, ln 6-11/ encryption/decryption operations performed at the offloading device, col 8, ln 55-60 / Encryption offloading hardware devices may also be referred to as encryption accelerators or encryption engines in some embodiments. The terms “encryption-related processing” or “encryption-related computations” may be used in at least some embodiments to refer collectively to computations that may be performed for encryption as well as decryption. With respect to a given data transfer, the pair of entities (e.g., respective application programs, operating system components, virtualization management software components, and/or combinations of such entities) , col 3, ln 50-60/ preferences regarding specific algorithms to be used at the offloading devices, col 7, ln 1-5/ plurality of hosts among which network messages may be exchanged, including host 110A and host 110B. Each of the hosts 100 may include some hardware devices and a software stack 160 (e.g., software stack 160A of host 110A, and software stack 160B of host 110B). The hardware devices may include a respective set of primary processors (e.g., CPUs/cores 120A or 120B) at which various operating system and application components may typically run, as well as at least one respective encryption offloading hardware device 121 (e.g., device 121A at host 110A, and device 121B at host 110B) in the depicted embodiment , col 7, ln 65-67/Fig.2/ a given offloading hardware device may be capable of implementing any of several encryption algorithms, col 3, ln 7-10);
and a system controller configured to perform a management operation to control an offloading computing operation to be performed by one of the first computing circuit and the second computing circuit according to an offloading request of the host(a communications configuration manager, running for example as an administrative component of a host at which a communication endpoint runs, may be provided guidance by an application user or client regarding various parameters pertaining to offloading of encryption-related tasks. For example, one or more programmatic interfaces may be implemented to enable clients to submit encryption offloading configuration requests, indicating whether encryption/decryption is to be offloaded conditionally (and if so, indicating the conditions to be checked) or unconditionally, the types of messages for which such offloading is to be performed, preferences regarding specific algorithms to be used at the offloading devices, and so on, col 6, ln 65-67/ A communications configuration manager (CCM) 126 may, for example, comprise one or more administration programs, processes and/or daemons responsible for determining and/or storing configuration metadata governing various properties of network transfers in the depicted embodiment, such as for example whether offloading of encryption-related processing is to be used for a given data transfer request, the kind of encryption algorithm to be employed at the offloading devices 121 for a given session, and so on. In at least one embodiment, the CCM 126 at a given host 110 may communicate with the encryption offloading hardware device 121 of the host, e.g., on behalf of a communication endpoint 130 of the host, to transmit a symmetric key to be used at the offloading device 121 for a given session. In some embodiments, the CCM 126 may indicate, to the offloading hardware device 121, the boundaries of one or more buffers set up in the offloading hardware device’s memory to store data that is to be encrypted/decrypted, and/or the boundaries of one or more buffers into which results of the encryption/decryption operations performed at the offloading device , col 8, ln 37-60/ is disabled in the depicted embodiment. In addition, the respective encryption offloading hardware devices 121 at each host may configured (e.g., as a result of one or more commands issued by the CCMs and/or the CEs) to perform encryption/decryption in hardware for messages of Session B. The data that was to be transferred, for example from host 110A to host 110B, may be encrypted as part of Session B at the offloading device 121A and decrypted at encryption offloading hardware device 121B., col 10, ln 6-20).
.
based on offload capability information about the first offloading functions, the second offloading functions, the first algorithms, and the second algorithms( while the other endpoint performs encryption and/or decryption in software on the main processors. In another embodiment, an offloading device may only be used for encryption, and not for decryption; or, an offloading device may only be used for decryption, and not for encryption. Depending on the algorithm being used for encryption, in some cases encryption may be more compute-intensive than decryption (or vice versa), making choices to offload only encryption or to offload only decryption more appealing, col 5, ln 60-67 to col 6, ln 1-5/ Such a request may comprise one or more parameters or elements, including for example an endpoints parameter 911, a request scope field 913, an offload-encryption parameter 915, an offload-decryption parameter 917 and/or a preferred encryption parameter 919. , col 19, ln 45-60/ The request scope parameter or field 913 may indicate the set of data transfers whose encryption or decryption operations are to be offloaded based on other parameters of the offloading configuration request 910 in the depicted embodiment. For example, one value of the request scope parameter may indicate that all data transfers associated with a specified application or applications are to be covered by the requested encryption settings, another value may indicate a time period during which messages between the specified endpoints are to be covered, while yet another value may indicate that offloading operations are only to be performed for data transfers that exceed a specified threshold size (or are smaller than a specified threshold size) in some embodiments, col 19, ln 65-67 to col 20, ln 1-12/ In at least one embodiment, metrics pertaining to offloading of encryption/decryption operations may be collected at or from one or more hosts equipped with offloading hardware devices of the kind discussed above, such as the total amount of data whose encryption and/or decryption was offloaded during a time interval, the time taken to encrypt/decrypt the data at the offloading device, the percentage of time that an offloading device was busy (analogous to CPU utilization metrics), and so on., col 20, ln 42-55).
Chhabra teaches network interface device configured to communicate with a host, offloading computing operation to be performed based on offload capability information about the first offloading functions, the second offloading functions, the first algorithms, and the second algorithms( The software on the host computer may subsequently send data packets to the network interface card and request that the network interface card perform those tasks on the data packet prior to transmission, para[0006], ln 5-10/ physical network interface card 305 and physical network interface card 307 may provide different offloading capabilities from each other. For example, physical network interface card 305 may have the capability to perform checksum calculation and verification, while physical network interface card 307 may have the capability to perform segmentation of large packets. From the perspective of operating system 301, the virtual network interface card 303 with which it communicates has the capability to perform both checksum calculation and verification and segmentation of large packets. Thus, for example, when operating system 301 sends a data packet to virtual network interface card 303 and requests that the virtual network interface card perform checksum calculation on the packet, the virtual network interface card may send the packet to physical network interface card 305 and request that physical network interface card 305 perform checksum calculation prior to sending the packet. Similarly, when operating system 301 sends a data packet to the virtual network interface card 303 and requests that the virtual network interface card perform large packet segmentation on the data packet, the virtual network interface card may send the packet to physical network interface card 307 and request that physical network interface card 307 perform segmentation on the packet, para[0034]/ each physical network interface card may provide the capability to perform multiple offloaded tasks. For example, in one embodiment, the system may include a physical network interface card 305 that is capable of performing offloaded checksum calculation, offloaded large packet segmentation, and offloaded packet encryption, para[0036], ln 3-11).
It would have been obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the above teaching to incorporate the above feature because this accomplishes the offloading of tasks to a network interface card, a network interface cards may announce to software on the host computer what tasks it is capable of performing.
As to claim 2, Khare teaches wherein the system controller is further configured to transmit a list, indicating offloading functions and algorithms supported by the storage system, to the host through the network interface device( col 19, ln 47-67 to col 20, ln 1-42/ col 3, ln50-67).
As to claim 3, Kare teaches performing the offloading computing operation based on the offloading request among the network interface device and the computing storage device, based on the offload capability information( col 10, ln 6-20) and Chhabra teaches wherein the system controller is further configured to search for a device capable and perform the management operation based on a search result( para[0039]) for the same reason as to claim 1 above.
As to claim 4, Kare teaches the first and second offloading functions comprise any one or any combination of a scan & filter offloading function, a compression/decompression function, an encryption/decryption offloading function, a machine learning offloading function, and an encoding/decoding function( col 6, ln 40-50).
As to claim 8, it is rejected for the same reason as to claim 1 above. In additional, Kare teaches encryption offloading function( An offloading hardware device may, for example, comprise a portion of the circuitry of a system-on-chip (SOC) that is incorporated within a peripheral card configured as a networking intermediary at a host in some embodiments. Such circuitry may implement logic in hardware to perform, at very high throughputs and with very low latencies, encryption and/or decryption of data buffered at the SOC in accordance with one or more encryption algorithms; in some cases, the particular encryption algorithm to be employed may be selectable or configurable (e.g., a given offloading hardware device may be capable of implementing any of several encryption algorithms in some embodiments). Other architectures, which may not necessarily use SOCs, and may or may not be incorporated within a card connected via a peripheral interconnect, may be implemented in some embodiments, col 2, ln 65-67 to col 3, ln 1-15), a second computing storage device configured to provide a second memory space to the host( System memory 9020 may be configured to store instructions and data accessible by processor(s) 9010. In at least some embodiments, the system memory 9020 may comprise both volatile and non-volatile portions; in other embodiments, only volatile memory may be used. In various embodiments, the volatile portion of system memory 9020 may be implemented using any suitable memory technology, such as static random access memory (SRAM), synchronous dynamic RAM or any other type of memory. For the non-volatile portion of system memory (which may comprise one or more NVDIMMs, for example), in some embodiments flash-based memory devices, including NAND-flash devices, may be used. In at least some embodiments, the non-volatile portion of the system memory may include a power source, such as a supercapacitor or other power storage device (e.g., a battery). In various embodiments, memristor based resistive random access memory (ReRAM), three-dimensional NAND technologies, Ferroelectric RAM, magnetoresistive RAM (MRAM), or any of various types of phase change memory (PCM) may be used at least for the non-volatile portion of system memory. In the illustrated embodiment, program instructions and data implementing one or more desired functions, such as those methods, techniques, and data described above, are shown stored within system memory 9020 as code 9025 and data 9026, col 25, ln 11-37), comprising a third computing circuit configured to support the encryption offloading function and third encryption algorithms corresponding thereto( plurality of hosts among which network messages may be exchanged, including host 110A and host 110B. Each of the hosts 100 may include some hardware devices and a software stack 160 (e.g., software stack 160A of host 110A, and software stack 160B of host 110B). The hardware devices may include a respective set of primary processors (e.g., CPUs/cores 120A or 120B) at which various operating system and application components may typically run, as well as at least one respective encryption offloading hardware device 121 (e.g., device 121A at host 110A, and device 121B at host 110B) in the depicted embodiment , col 7, ln 65-67/Fig.2/ a given offloading hardware device may be capable of implementing any of several encryption algorithms, col 3, ln 7-10);
Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Khare( US 11805109 B1) in view of Chhabra( US 20070101023 A1) and further in view of Crow(US 20210132807 A1).
As to claim 5, Crow teaches the offloading request indicates an offloading function and an algorithm each selected by the host( The host OS (310), via an offload component operating on the host OS (310), sends an offload request to the GPUs that specify processing the data in the shared memory (324) that was transferred from the host OS memory (328) [The offload request specifies performing a RLE compression algorithm on all of the data to obtain compressed data and to perform DIF calculations on 8-byte portions of the pre-compressed data to obtain additional metadata to be used to determine, para[0066], ln 3-12).
It would have been obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the above teaching to incorporate the above feature because this utilize computing resources of the computing devices such as processing, storage, and power consumption.
Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Khare( US 11805109 B1) in view of Chhabra( US 20070101023 A1) and further in view of LIU(US 20140211626 A1).
As to claim 6, Kare teaches wherein the system controller is further configured to collect information about offloading functions and algorithms supported by each of the network interface device and the computing storage device in an initialization operation( col 8, ln 35-67 to col 9, ln 1-4/ col 6, ln 57-67 to col 7, ln 1-17);
Liu teaches generate the offload capability information based on the collected information(In the access authentication process, the UE may further add an offload capability indication (that is, offload capability information of the UE) in an EAP-response message, so that all network elements that receive the EAP-response message, including the WLAN access network element, can obtain the offload capability information of the UE, para[0072], ln 1-9).
It would have been obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the above teaching to incorporate the above feature because this allows a network system are provided, so as to lower a requirement of IP flow offload processing on a UE.
Claim(s) 9, 10, 11, 12 are rejected under 35 U.S.C. 103 as being unpatentable over Khare( US 11805109 B1) in view of Chhabra( US 20070101023 A1) in view of Crow(US 20210132807 A1) and further in view of Newton( US 20030035547 A1).
As to claim 9, it is rejected for the same reason as to claim 5 above. In additional, Newton teaches encryption algorithm selected( Such encryption layer module is capable of selecting an encryption algorithm from a library of encryption algorithms. In operation, the encryption layer module offloads a host processor of the server by executing the selected encryption algorithm using dedicated encrypter hardware, para[0008], ln 3-12).
It would have been obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the above teaching to incorporate the above feature because this utilizes other types of hardware encrypts to improve performance is afforded, and the server is equipped with the ability to handle more secure connections.
As to claim 10, Karen teaches (the system controller is further configured to transmit a flag to the first computing storage device indicating encrypted data obtained through encryption by the first computing circuit and that the encryption operation has been performed( col 15, ln 17-27/ col 19, ln 47-67/ col 19, ln 65-67 to col 20, ln 1-40).
As to claim 11, Karen teaches the first computing storage device is further configured to store the encrypted data in the first memory space, based on the flag( col 8, ln 50-70).
As to claim 12, it is rejected for the same reason as to claim 9 above. In additional, Newton teaches encryption algorithm selected(para[0008], ln 3-12) for the same rejection as to claim 9 above.
Claim(s) 13, 15, 16 are rejected under 35 U.S.C. 103 as being unpatentable over Khare( US 11805109 B1) in view of Chhabra( US 20070101023 A1) in view of Crow(US 20210132807 A1) in view of Newton( US 20030035547 A1) and further in view of Chawla(US 20230214269 A1).
As to claim 13, it is rejected for the same reason as to claim 9 above. Additional, Karen teaches the system controller is further configured to transmit a flag, indicating data received through the network interface device and that the encryption operation has not been performed, to a device selected from among the first and second computing storage devices(col 15, ln 17-27/ col 19, ln 47-67/ col 19, ln 65-67 to col 20, ln 1-40/ selecting one or more hardware resources to perform the computational offload request to minimize the movement of the dataset, and (vii) initiate performance of the computational offload request at the selected hardware resources, para[0097], ln 14-20).
Chawla teaches device selected from among the first and second computing storage devices(Additionally, the computational offload manager identifies that the computational storage system (616) is capable of performing encryption and compression. The computational offload manager further identifies that the system control processor is capable of performing encryption, compression, deduplication, indexing, and inferencing, para[0209], ln 10-16).
It would have been obvious to one of the ordinary skill in the art before the effective filling date of claimed invention was made to modify the above teaching to incorporate the above feature because this selects a resource of the resources to perform the computational offload; and initiates performance of the computational offload request on the selected resource.
As to claim 15, Karen teaches the selected device comprises the first computing storage device, and wherein the first computing storage device is further configured to perform(col 15, ln 17-27/ col 19, ln 47-67/ col 19, ln 65-67 to col 20, ln 1-40/ para[0097], ln 14-20).
Karen teaches perform the encryption operation on the received data using the second computing circuit, based on the fourth encryption algorithm and the flag, and store encrypted data in the first memory space( (col 15, ln 17-27/ col 19, ln 47-67/ col 19, ln 65-67 to col 20, ln 1-40).
As to claim 16, it is rejected for the same reason as to claim 9 above. In additional, Chawla teaches the first and second computing storage devices comprise correlated redundant array of independent disks (RAID )(includes the desire to perform computational offload management services. As discussed above, computational offloads may refer to offloading one or more computations of data from the applications to other hardware devices included in the resulting composed information handling system. The composition request may further specify the types of computational offloads (e.g., encryption, compression, deduplication, inferencing, filtering, indexing, etc.) to be performed, para[0157], ln 2-10/ Setting up computational offload management services and other management services may further include modifying the operation of one or more devices to provide computational offload management services and management functionality. Management functionalities may include, for example, data integrity functionality (e.g., RAID, ECC, etc.), security functionality (e.g., encryption), data protection functionality and/or other functionalities that are transparent to the composed information handling system, para[0168], ln 1-11/ Additionally, the computational offload manager identifies that the computational storage system (616) is capable of performing encryption and compression. The computational offload manager further identifies that the system control processor is capable of performing encryption, compression, deduplication, indexing, and inferencing, para[0209], ln 10-16) for the same reason as to claim 13 above.
Conclusion
US 11805109 B1 teaches the kind of encryption algorithm to be employed at the offloading devices for a given session, and so on. In at least one embodiment, the at a given host may communicate with the encryption offloading hardware device of the host, e.g., on behalf of a communication endpoint of the host, to transmit a symmetric key to be used at the offloading device for a given session. In some embodiments, the CCM may indicate, to the offloading hardware device , the boundaries of one or more buffers set up in the offloading hardware device’s memory.
US 20080240142 A1 teaches if a cryptographic offload capability is enabled for a virtual NIC, the virtual network stack may use the cryptographic offload ability to encrypt and decrypt packets. Packet processing using NIC capabilities is explained in further detail below with respect to FIG. 5.
US 20070101023 A1 teaches the offloading of tasks to a network interface card, a network interface cards may announce to software on the host computer (e.g., the operating system) what tasks it is capable of performing. The software on the host computer may subsequently send data packets to the network interface card and request that the network interface card perform those tasks on the data packet prior to transmission.
US 20060095969 A1 teaches the load balancer detects HTTPS traffic and redirects it to an SSL offloading device for decryption and return to the load balancer. The load balancer then uses the clear text traffic for load balancing purposes before it redirects the traffic back to the SSL offloading device for re-encryption. Thereafter, the re-encrypted traffic is sent to the destination servers in the data center. In one embodiment, the
US 8041940 B1 teaches host determines whether the host has a minimum processing bandwidth available to perform encryption processing. For example, the host determines a utilization parameter value. If the utilization parameter value is less than a predetermined threshold value for the host , the host performs the encryption processing. If the utilization parameter value is greater than a predetermined threshold value for the host , the processor performs the encryption processing. In one embodiment, a decision to offload encryption is made for each IO transaction.
US 20200236140 A1 teaches Various embodiments provide cryptographic (e.g., encrypt or decrypt) offload to a network interface (or other circuitry (e.g., local accelerator or remote accelerator)) while maintaining operation of the associated transport protocol and continuing to use offload capabilities in the event of packet drops or re-transmits. A transmitter system can cause data (e.g., a record) to be encrypted using a cryptographic offload engine and encrypted data segments transmitted using one or more packets.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LECHI TRUONG whose telephone number is (571)272-3767. The examiner can normally be reached 10-8 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor Young Kevin can be reached on (571)270-3180. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/LECHI TRUONG/Primary Examiner, Art Unit 2194