DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 1/7/2021 has been entered. 
Claims 25 and 39 are amended and claim 55 is added in response to the last office action presented for examination. Claims 25-34, 39-48, and 55 are presented for examination. Moyer et al and Evans et al were cited, previously.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Claims 25-34, 39-48, and 55 is/are rejected under 35 U.S.C. 103(a) as being unpatentable over Moyer et al [US 2004/0243823 A1] in view of Weber et al [US 2011/0067114 A1].
	As to claim 25, Moyer et al teach a system, comprising:

a direct memory access (DMA) subsystem [e.g., “memory controller 32” receiving state information 60 related to DMA operation for accessing non-volatile memory 36 from a DMA circuitry in paragraphs 0027, 0016] coupled to the processor;
an L3 interconnect [e.g., SYSTEM INTERCONNECT 22, MEMORY CONTROLLER 32 in fig. 1] coupled to the DMA subsystem;
a component [e.g., one of Ref. Nos. 12-20 in fig. 1; “particular master” in paragraph 0025; one of “any number of masters as needed” in paragraph 0016; or one of “various places” sending state information 60 which includes DMA operation in paragraph 0027] coupled to the L3 interconnect and including a component access state [e.g., “Some of the multiple masters may be considered secure while others may be considered unsecure.  As used herein, a secure master refers to a master that is generally less accessible and less susceptible to corruption than an unsecure master, which is generally more accessible and more susceptible to corruption” in paragraph 0011], wherein the component access state can be an elevated access state or an unsecured access state, the elevated access state including one or more of multiple access rights types and the unsecured access state not including the access rights types [e.g., “Therefore, one embodiment of the present invention allows the contents of slaves or peripherals, such as, for example, a non-volatile memory, to be secured in a manner which allows program execution to proceed from the non-volatile memory when operating in a secured state, but to prevent unauthorized accesses from occurring when operating in a less-secured state” in paragraph 0012; “Note also that at any given point 
the DMA subsystem configured to:
determine, using first qualifiers, the component access state [e.g., “Flow then proceeds to block 88 where state information (such as state information 60) is received.  The state information may relate to, for example, debug operation, operation from 
when the component access state is determined to include at least the access rights types of the intended access state, allow the DMA channel to be configured either as a channel including one or more of the access rights types indicated by the intended access state or as a channel in the unsecured access state [e.g., “Memory controller 32, in response to a read access request, provides the requested information (data or instructions) back to the requesting master via system interconnect 22, assuming the requesting master has sufficient access permissions” in paragraph 0019]; and

As such above, though Moyer et al teach the request is disallowed when the request is a public access request and the request is to configured the DMA channel as a secure channel, Moyer et al do not explicitly teach what to do with the disallowed request and further discarding the disallowed request. Though Moyer et al teach the multiple first qualifiers indicating the access rights types of the component access state [e.g., “Access modification circuitry 40 receives state information 60 via conductors 62 from information within data processing system 10” in paragraph 0014], Moyer et al do not explicitly teach that the received multiple first qualifiers are included in the request from the component and received separately from the request. However, Weber et al teach a component couple to an L3 interconnect [e.g., Initiator 804, 806, SOC INTERCONNECT 802 in fig. 8] is configured to communicate a request to configure the channel using the L3 interconnect and including a component access state [e.g., “The target intellectual property blocks 808-812 field and service requests from any of the initiator intellectual property blocks 804-806 in the system-on-chip network.  The interconnect 802 transports a request with security identification information such as Initiator intellectual property block identification and dynamic role identification 
As to claim 26, the combination of Moyer et al and Weber et al teaches wherein the DMA subsystem includes security rules [e.g., “… determining access protection(96), … determining access permissions (86) based on the access request (84), and selectively modifying the access permissions based on the state information (90)” in Abstract, access protection fields 72, 74, …, 80 for each masters having different security levels, are employed by the access protection control register 38 in paragraphs 0021, 0024, fig. 2, state information 60 having security verification, security level, etc. 
a secure qualifier that indicates if a DMA channel request is made in a secure mode [e.g., “Signals within state information 60 may also be combined in a variety of different ways to provide combined state information or state information based on more than one resource to access modification circuitry 40” in paragraph 0028, “state information 60 may be combined as desired” in paragraph 0029, “state information 60 may be combined in any variety of ways to determine when access permissions should be modified, depending on the needs of data processing system 10” in paragraph 0037, "each of master 12 and 14 may either be a secured or an unsecured” in paragraph 0016, “the non-volatile memory when operating in a secured state” in paragraph 0012; “state information 60 may therefor include any type of signals or indicators which provide the desired state information to access modification circuitry 40” in paragraph 0014 and the state information relates to operation from unsecured or unverified memories, software security verification, security level, security monitor operation, operating mode in paragraph 0027 of Moyer et al];
a debug qualifier that indicates if a DMA channel request is made in a debug mode [e.g., “debug operation” in paragraph 0027 of Moyer et al];
a privilege qualifier that indicates if a DMA channel request is made in a privilege mode [e.g., “Signals within state information 60 may also be combined in a variety of different ways to provide combined state information or state information based on more than one resource to access modification circuitry 40” in paragraph 0028, “state information 60 may be combined as desired” in paragraph 0029, “state information 60 
an instruction qualifier that indicates if a channel is to be used for transferring data to an executable memory space [e.g., “boot operation” in paragraph 0027, “a read request or a write request for either data or instructions” in paragraph 0019 of Moyer et al].
As to claim 27, the combination teaches wherein the DMA subsystem selectively configures a DMA channel as a secure user channel when the DMA channel request is one of a secure user mode access and a secure privilege mode access [e.g., “Access permissions may also be modified based on security levels of data processing system 10 or of masters 12 and 14.  For example, each master may have varying security 
As to claim 28, the combination teaches wherein the DMA subsystem selectively configures a DMA channel as a public privilege channel when the DMA channel request is one of a public privilege mode access, a secure user mode access, and a secure privilege mode access [e.g., “Access permissions may also be modified based on security levels of data processing system 10 or of masters 12 and 14.  For example, each master may have varying security levels (beyond just secure and unsecure) where, based on the security level during a particular access request, the access permission of control register 38 may be modified” in paragraph 0035 of Moyer et al].
As to claim 29, the combination teaches wherein the DMA subsystem selectively configures a DMA channel as a public user channel when the DMA channel request is one of a public user mode access, a public privilege mode access, a secure user mode access, and a secure privilege mode access [e.g., “Access permissions may also be modified based on security levels of data processing system 10 or of masters 12 and 14.  For example, each master may have varying security levels (beyond just secure and unsecure) where, based on the security level during a particular access request, the access permission of control register 38 may be modified” in paragraph 0035 of Moyer et al].
As to claim 30, the combination teaches wherein the DMA subsystem selectively configures a DMA channel as a secure privilege channel when the DMA channel request is a secure privilege mode access [e.g., “Access permissions may also be 
As to claim 31, the combination teaches wherein the DMA subsystem selectively configures a DMA channel as a debug channel when the DMA channel request is one of a debug mode access and a functional mode access [e.g., “In one example, access may need to be restricted during a debug operation since data processing system 10 is generally more accessible during debug.  Therefore, in one embodiment, state information 60 includes information from debug circuitry (not shown) that indicates when debug is enabled.  In this case, the permissions of some or all of masters 12 and 14 stored within access protection control register 38 may be modified by access modification circuitry 40” in paragraph 0032 of Moyer et al].
As to claim 32, Moyer et al teach the DMA subsystem selectively used to transfer data to one of a non-executable memory space and an executable memory space based on an instruction qualifier [e.g., “In another example, access permissions may be modified upon a boot operation to ensure that secure information remain secure because a system may be boot into an unknown state due to errant firmware, software, or settings” in paragraph 0035, “Memory controller 32, in response to a read access request, provides the requested information (data or instructions) back to the requesting master via system interconnect 22, assuming the requesting master has sufficient access permissions” in paragraph 0019 of Moyer et al].
As to claim 33, the combination teaches wherein the DMA channel can be used as an instruction channel selected from the group consisting of instruction channels consisting of: a public user instruction channel if the DMA channel request is one of a public privilege mode access, a secure user mode access, and a secure privilege mode access; a public privilege instruction channel if the DMA channel request is one of a secure user mode and a secure privilege mode access; a secure user instruction channel if the DMA channel request is a secure privilege mode access; and a secure privilege instruction channel if the DMA channel request is a secure privilege mode access [e.g., “In another example, access permissions may be modified upon a boot operation to ensure that secure information remain secure because a system may be boot into an unknown state due to errant firmware, software, or settings” in paragraph 0035, “Memory controller 32, in response to a read access request, provides the requested information (data or instructions) back to the requesting master via system interconnect 22, assuming the requesting master has sufficient access permissions” in paragraph 0019 of Moyer et al].
As to claim 34, the combination teaches wherein the DMA subsystem asserts a security violation signal if at least one security violation occurs, the security violations selected from the group consisting of: 
a public user mode access attempting to configure a DMA channel as a public privilege channel; one of a public user mode access and a public privilege access attempting to configure a DMA channel as a secure user channel; one of a public user mode access, a public privilege access, and a secure user mode access attempting to configure a DMA channel as a secure privilege channel; a debug mode access 
As to claim 39, Moyer et al teach a method comprising:
receiving, by a direct memory access (DMA) subsystem via an L3 interconnect [e.g., SYSTEM INTERCONNECT 22, MEMORY CONTROLLER 32 in fig. 1], a request from a component to configure a DMA channel, the request including multiple second 
determining, using first qualifiers, the component access state [e.g., “Flow then proceeds to block 88 where state information (such as state information 60) is received.  The state information may relate to, for example, debug operation, operation from unsecured or unverified memories, memory programming, direct memory access (DMA) operation, boot operation, software security verification, security level, security monitor operation, operating mode, fault monitor, external bus operation etc. That is, information may be provided via state information 60 to access modification circuitry 40 that may indicate one or more of the above conditions, states, or operations, or may indicate information related to one or more of the conditions, states, or operations” in paragraph 0027], and determining, using the second qualifiers, an intended access state [e.g.,  “In one embodiment, for an access request, a master identifier 26 is provided to memory controller 32 which identifies which master is requesting the current access.  R/W signal 28 may also be provided to memory controller 32 to indicate whether the current access request is for a read or a write type of access.  Memory controller 32 also receives address information corresponding to the current access request and provides the requested information via address/data 30.  Any other signals (such as status, control, data, etc.) needed to communicate to and from memory controller 32 may be provided via other signals 34” in paragraph 0019];
when the component access state is determined to include at least the access rights types of the intended access state, allowing the DMA channel to be configured 
when the component access state is determined not to include at least the access rights indicated by the intended access state, disallowing the request to configured the DMA channel [e.g., “Therefore, one embodiment of the present invention allows the contents of slaves or peripherals, such as, for example, a non-volatile memory, to be secured in a manner which allows program execution to proceed from the non-volatile memory when operating in a secured state, but to prevent unauthorized accesses from occurring when operating in a less-secured state” in paragraph 0012].
As such above, though Moyer et al teach the request is disallowed when the request is a public access request and the request is to configured the DMA channel as a secure channel, Moyer et al do not explicitly teach what to do with the disallowed request and further discarding the disallowed request. Though Moyer et al teach the multiple first qualifiers indicating the access rights types of the component access state [e.g., “Access modification circuitry 40 receives state information 60 via conductors 62 from information within data processing system 10” in paragraph 0014], Moyer et al do not explicitly teach that the received multiple first qualifiers are included in the request from the component and received separately from the request. However, Weber et al teach a component couple to an L3 interconnect [e.g., Initiator 804, 806, SOC 
As to claim 40, the combination teaches determining when the access is a debug mode access; and allowing a DMA channel to be configured as a debug channel, but 
As to claim 41, the combination teaches determining when the access is a functional mode access; and allowing a DMA channel to be configured as either one of a debug channel and a functional channel when the access is determined to be a functional mode access [e.g., “Also, in another example, access permissions may be modified based on an operating mode of data processing system or of memory controller 32, as indicated by state information 60.  For example, if data processing system 10 enters a reduced level operating state (such as a minimal operating state, where only a basic set of operations is supported), the programmed access permissions of control register 38 may be modified to protect the data processing system 10 while operating at the reduced level” in paragraph 0032 of Moyer et al].
As to claim 42, the combination teaches determining when the access is a privilege mode access; and allowing a DMA channel to be configured as either one of a privilege channel and a public channel when the access is determined to be a privilege mode access [e.g., “Access permissions may also be modified based on security levels of data processing system 10 or of masters 12 and 14.  For example, each master may have varying security levels (beyond just secure and unsecure) where, based on the 
As to claim 43, Moyer et al teach when the access is determined to be a secure user mode access, allowing the DMA channel to be configured as a public privilege channel [e.g., “Access permissions may also be modified based on security levels of data processing system 10 or of masters 12 and 14.  For example, each master may have varying security levels (beyond just secure and unsecure) where, based on the security level during a particular access request, the access permission of control register 38 may be modified” in paragraph 0035 of Moyer et al].
As to claim 44, the combination teaches determining when the access is a secure privilege mode access; and allowing a DMA channel to be configured as either one of a public user channel, a public privilege channel, a secure user channel, and a secure privilege channel when the access is determined to be a secure privilege mode access [e.g., “Access permissions may also be modified based on security levels of data processing system 10 or of masters 12 and 14.  For example, each master may have varying security levels (beyond just secure and unsecure) where, based on the security level during a particular access request, the access permission of control register 38 may be modified” in paragraph 0035 of Moyer et al].
As to claim 45, the combination teaches allowing a DMA channel to be configured as an instruction channel selected from the group of instruction channels consisting of: a public user instruction channel when the access is one of a privilege mode access, a secure mode access, and a secure privilege mode access; a public privilege instruction channel when the access is one of a secure mode access and a 
As to claim 46, the combination teaches asserting a security violation signal when a security violation occurs, the security violations selected from the group consisting of: 
attempting to configure a DMA channel as a public privilege channel using a public user mode access; attempting to configure a DMA channel as a secure channel using one of a public user mode access and a public privilege access; attempting to configure a DMA channel as a secure privilege channel using one of a public user mode access, a public privilege access, and a secure user mode access; attempting to configure a DMA channel as a functional channel using a debug mode access; attempting to configure a DMA channel as a public user instruction channel using a public user mode access; attempting to configure a DMA channel as a public privilege instruction channel using one of a public user mode access and a public privilege access; attempting to configure a DMA channel as a secure user instruction channel using one of a public user mode access, a public privilege mode access, and a secure 
As to claim 47, the combination teaches locking a DMA channel’s use of qualifiers during a DMA channel operation and unlocking a DMA channel’s use of qualifiers after the DMA channel operation is completed [e.g., “Generally, access protection control register 38 is software programmable by a secure master.  In one embodiment, access protection control register 38 may be programmed upon reset” in paragraph 0024; “That is, modified access permissions 66 may include permissions from access protection control register 38 that are not currently being modified” in paragraph 0025 of Moyer et al].
As to claim 48, the combination teaches when a DMA channel is started, generating at least one qualifier that corresponds to access rights of the DMA channel locking a DMA channel’s use of qualifiers during a DMA channel operation and unlocking a DMA channel’s use of qualifiers after the DMA channel operation is completed [e.g., RECEIVING AN ACCESS REQUEST 84, DETERMINING ACCESS PERMISSIONS 86, RECEDIVING STATE INFORMATION 88, MODIFYING THE ACCESS PERMISSSIONS 90, .. in fig. 3 of Moyer et al].
As to claim 55, the combination teaches wherein the multiple access rights types include at least a secure transaction mode and a privilege mode; wherein the privilege mode enables operating system accesses; and wherein the secure transaction mode enables governed by hardware based monitoring and control [e.g., OS Code 1142, CPU in supervisor 1146 in fig. 11C of Weber et al; “The state information may relate to, for example, debug operation, operation from unsecured or unverified memories, memory programming, direct memory access (DMA) operation, boot operation, software security verification, security level, security monitor operation, operating mode, fault monitor, external bus operation etc.” in paragraph 0027, “For example, in response to a fault monitor detecting a fault within any portion of data processing system 10, access permissions of control register 38 may be modified to restrict access upon the fault detection.  In this example, a signal from the fault monitor may be provided to access modification circuitry 40 via state information 60” in paragraph 0036 of Moyer et al].
Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 
Spicer et al [US 2015/0082413 A1] teach user access levels to provide restrictions /permission to the network resource. 
Anderson et al [US 2005/0193182 A1] disclose user’s level of data access for permitting/blocking the hard drive.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ILWOO PARK whose telephone number is (571) 272-4155.  The examiner can normally be reached on M-F, 10 AM-6 PM EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Henry Tsai can be reached on (571) 272-4176.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300. lnformation regarding the status of an application may be obtained from the Patent Application lnformation Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).


/ILWOO PARK/Primary Examiner, Art Unit 2184                                                                                                                                                                                                        2/10/2021