DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 09/09/2019 is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-9, 12-13 and 15-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Seshadri et al. (US 2010/0031360) in view of Chen et al. (US 2015/0220455).
With respect claim 1, Seshadri et al. teaches a kernel (see paragraph 43; kernel); and 
a page protection layer that controls a content of page tables used by one or more processors in the computer system for translation of virtual memory addresses to physical memory addresses (see paragraphs 56 and 120; monitoring program (i.e., page protection layer) maintains virtual page to physical page translations), wherein the kernel transmits commands to the page protection layer to request updates to the page tables (see paragraph 56; kernel may request to read and modify the page table via “safe” function  calls). 
Seshadri et al. does not explicitly teach wherein the page protection layer: determines whether or not the updates are permissible; prevents the updates that are not permissible; and performs the updates that are permissible.
However, Seshadri teaches wherein monitoring program protect the page tables from being modified by any entity but the monitoring program 9 and its TCB 16. There are multiple ways to achieve this. One, the monitoring program 9 can keep the page tables in its own address space and allow the kernel to read and modify them only via "safe" function calls (i.e., page tables are prevented from being updated if updates/modifications are not from the monitoring program or using safe function calls)). 
It would have been obvious to a person having ordinary skill in the art to which said subject matter pertains before the effective filing date of the claimed invention to have modified the medium to include the above mentioned to prevent unauthorized modifications in the system (see Seshadri, paragraph 5, lines 1-3).

However, Chen et al. teaches a kernel that controls virtual to physical page assignments in a virtual memory system (see paragraph 55; OS kernel decides to dedicate a particular memory region, which can be compromised of one or more memory pages, to store its data. A virtual mapping may exist to map the memory pages comprising this region into one or more corresponding physical address).
 It would have been obvious to a person having ordinary skill in the art to which said subject matter pertains before the effective filing date of the claimed invention to have modified the medium taught by Seshadri et al. to include the above mentioned to protect data integrity (see Chen, paragraph 2 and 6).

With respect claim 2, Seshadri et al. does not teach wherein the commands are transactions that are either terminated with an error or completed in their entirety.
However, Chen et al. teaches wherein the commands are transactions that are completed in their entirety (see paragraph 56;update to mappings is send/executed after allocation of page is completed). 
It would have been obvious to a person having ordinary skill in the art to which said subject matter pertains before the effective filing date of the claimed invention to have modified the medium taught by Seshadri et al. to include the above mentioned to protect data integrity (see Chen, paragraph 2 and 6).

claim 3, Seshadri et al. teaches the page protection layer enforces one or more security policies for mappings in the page tables (see paragraphs 56-57; memory program (i.e., page protection layer) protect the page tables from being modified by any entity).

With respect claim 4, Seshadri et al. teaches wherein the one or more security policies include ensuring that the page protection layer is an only component in the computer that is able to modify the page tables (see paragraphs 56-57; only the memory program may modify the page tables).

With respect claim 5, Seshadri et al. teaches wherein the one or more security policies include ensuring that no component in the system is able to modify a page that is marked executable in any address space (see paragraphs 52 and 60; memory containing approved code should not be modifiable, except by the monitoring program) .

With respect claim 6, Seshadri et al. teaches does not explicitly teach wherein the one or more security policies include ensuring that any page that is marked executable has code with a verified code signature.
However, Seshadri et al. teaches wherein memory containing approved code should not be modifiable , except by the monitoring program (see paragraph 52 and 60); and wherein  CPU 2 refuses to execute any code that is not approved by the user. In the interest of simplicity, henceforth, the monitoring program 9 will be referred to as approving the kernel code, with the understanding that the monitoring program 9 uses the user supplied policy for code approval (see paragraph 44).


With respect claim 7, Seshadri et al. teaches wherein the page protection layer is included in a trusted computing base of the computer and the kernel is external to the trusted computing base (see paragraphs 41, 43-44 and 56; trusted computing base 16).

With respect claim 8, Seshadri et al. teaches wherein the computer includes one or more memory management units (see Fig. 2, paragraph 55; MMU), and wherein the page protection layer is an only component in the computer that controls the memory management units (see paragraph 55; memory program (i.e., page protection layer) controls modifications to MMU).

With respect claim 9, Seshadri et al. teaches one or more central processing units (CPUs) (see Fig. 2 and paragraph 55; CPU), each of the one or more CPUs comprising a memory management unit (MMU) (see Fig.  and paragraph 55; CPU comprising MMU); and 
a memory controller coupled to the one or CPUs and coupled to a memory during use (see Fig. 1 and 2; and paragraph 40; memory controller), wherein the memory stores, during use, a plurality of instructions which are executable by the one or more CPUs (see paragraph 195; computer-readable media including computer storage mechanisms that contain instructions for use in execution by a processor) to cause the computer to implement: 
a kernel (see paragraph 43; kernel); and  

Seshadri et al. does not explicitly teach wherein the page protection layer: determines whether or not the updates are permissible; prevents the updates that are not permissible; and performs the updates that are permissible.
However, Seshadri teaches wherein monitoring program protect the page tables from being modified by any entity but the monitoring program 9 and its TCB 16. There are multiple ways to achieve this. One, the monitoring program 9 can keep the page tables in its own address space and allow the kernel to read and modify them only via "safe" function calls (i.e., page tables are prevented from being updated if updates/modifications are not from the monitoring program or using safe function calls)). 
It would have been obvious to a person having ordinary skill in the art to which said subject matter pertains before the effective filing date of the claimed invention to have modified the system to include the above mentioned to prevent unauthorized modifications in the system (see Seshadri, paragraph 5, lines 1-3).
 Seshadri et al. does not teach a kernel that controls virtual to physical page assignments in a virtual memory system.
However, Chen et al. teaches a kernel that controls virtual to physical page assignments in a virtual memory system (see paragraph 55; OS kernel decides to dedicate a particular memory 
 It would have been obvious to a person having ordinary skill in the art to which said subject matter pertains before the effective filing date of the claimed invention to have modified the system taught by Seshadri et al. to include the above mentioned to protect data integrity (see Chen, paragraph 2 and 6).

With respect claim 12, Seshadri et al. teaches wherein the commands include a create address space command, and wherein the page protection layer allocates a first page table in response to the create address space command and associates the first page table with the address space specified by the create address space command (see paragraphs 56 and 58; address space for kernel and user memories).

With respect claim 13, Seshadri et al. do not explicitly teach wherein the commands include commands to create mappings and remove mappings from the address space, and the page protection layer updates the first page table to create and remove mappings.
However, Chen et al. teaches wherein the commands include commands to create mappings and remove mappings from the address space, and the page protection layer updates the first page table to create and remove mappings (see paragraph 76; the status of the physical memory may be updated whenever a new set of physical pages are reserved and/or released for OS kernel data (or other protected data)).


With respect claim 15, Seshadri et al. teaches a first component that includes an input/output memory management unit (IOMMU) (see Fig. 2 and paragraph 55; Memory Management Unit (IOMMU) 22), and the page protection layer manages mapping in a second page table used by the IOMMU (see paragraphs 14, 55 and 61; monitoring program 9 uses the DMA write protection functionality of the IOMMU 22 to protect approved code pages from being modified by DMA writes. These protections along with the read-only protections set in the Protection Page Table 11).

With respect claim 16, Seshadri et al. teaches wherein the commands from the kernel to the page protection layer further include one or more input/output control (IOCTL) commands for the IOMMU (see paragraph 55; MMU 20 enforces memory accesses from the CPU 2 while the IOMMU 22 enforces DMA write protections. The monitoring program 9 should control modifications to the MMU 20 and IOMMU 22 state).

With respect claim 17, Seshadri et al. does not teach wherein the commands are transactions that are either terminated with an error or completed in their entirety.

It would have been obvious to a person having ordinary skill in the art to which said subject matter pertains before the effective filing date of the claimed invention to have modified the systemtaught by Seshadri et al. to include the above mentioned to protect data integrity (see Chen, paragraph 2 and 6).

With respect claim 18, Seshadri et al. teaches wherein the page protection layer enforces one or more security policies for mappings in the page tables (see paragraphs 56-57; memory program (i.e., page protection layer) protect the page tables from being modified by any entity), wherein the one or more security policies include: 
ensuring that the page protection layer is an only component in the computer that is able to modify the page tables (see paragraphs 56-57; only the memory program may modify the page tables); 
ensuring that no component in the system is able to modify a page that is marked executable in any address space (see paragraphs 52 and 60; memory containing approved code should not be modifiable, except by the monitoring program).
Seshadri et al. does not explicitly teach ensuring that any page that is marked executable has code with a verified code signature.
However, Seshadri et al. teaches wherein memory containing approved code should not be modifiable , except by the monitoring program (see paragraph 52 and 60); and wherein  CPU 2 refuses to execute any code that is not approved by the user. In the interest of simplicity, 
It would have been obvious to a person having ordinary skill in the art to which said subject matter pertains before the effective filing date of the claimed invention to have modified the  system to include the above mentioned to prevent unauthorized modifications in the system (see Seshadri, paragraph 5, lines 1-3).

With respect claim 19, Seshadri et al. teaches executing a kernel on one or more central processing units (CPUs) in a computer system (see paragraph 43; kernel); and 
executing a page protection layer on the one or more CPUs, wherein the page protection layer controls a content of page tables used by one or more processors in the computer system for translation of virtual memory addresses to physical memory addresses (see paragraphs 56 and 120; monitoring program (i.e., page protection layer) maintains virtual page to physical page translations), wherein the kernel transmits commands to the page protection layer to request updates to the page tables (see paragraph 56; kernel may request to read and modify the page table via “safe” function  calls).
Seshadri et al. does not explicitly teach wherein the page protection layer: determines whether or not the updates are permissible; prevents the updates that are not permissible; and performs the updates that are permissible.
However, Seshadri teaches wherein monitoring program protect the page tables from being modified by any entity but the monitoring program 9 and its TCB 16. There are multiple ways to 
It would have been obvious to a person having ordinary skill in the art to which said subject matter pertains before the effective filing date of the claimed invention to have modified the method to include the above mentioned to prevent unauthorized modifications in the system (see Seshadri, paragraph 5, lines 1-3).
 Seshadri et al. does not teach a kernel that controls virtual to physical page assignments in a virtual memory system.
However, Chen et al. teaches a kernel that controls virtual to physical page assignments in a virtual memory system (see paragraph 55; OS kernel decides to dedicate a particular memory region, which can be compromised of one or more memory pages, to store its data. A virtual mapping may exist to map the memory pages comprising this region into one or more corresponding physical address).
 It would have been obvious to a person having ordinary skill in the art to which said subject matter pertains before the effective filing date of the claimed invention to have modified the method taught by Seshadri et al. to include the above mentioned to protect data integrity (see Chen, paragraph 2 and 6).

With respect claim 20, Seshadri et a. does not teach wherein the commands are transactions that are either terminated with an error by the page protection layer or completed in their entirety by the page protection layer.

It would have been obvious to a person having ordinary skill in the art to which said subject matter pertains before the effective filing date of the claimed invention to have modified the method taught by Seshadri et al. to include the above mentioned to protect data integrity (see Chen, paragraph 2 and 6).

Claim 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Seshadri et al. (US 2010/0031360) and Chen et al. (US 2015/0220455) as applied to claims 9 and 12-13 above, and further in view of Kaplan et al. (US2018/0081830).
With respect claim 14, Seshadri et al. and Chen et al. do not teach wherein the page protection layer has a code directory that specifies virtual addresses of pages containing code and includes signatures for each page of code, and wherein the page protection layer validates code against the code directory prior to creating a mapping to a first page containing code, and wherein the page protection layer fails the create mapping command that attempts to map the first page responsive to the code not validating against the code directory.
However, Kaplan et al. teaches security module 115 can implement code signing to verify whether code stored in the code pages 140 is valid prior to marking entries associated with the code pages 140 as executable. Some embodiments of the security module 115 validate the code stored in the code pages 140 against known-good code pages. For example, a white list 145 can be stored in the protected region 120. The white list 145 includes signatures such as hashed values generated based on known-good code… In response to receiving the request to mark one or more 
It would have been obvious to a person having ordinary skill in the art to which said subject matter pertains before the effective filing date of the claimed invention to have modified the system taught by Seshadri et al. and Chen et al. to include the above mentioned to enhance the security of page tables (see Kaplan, paragraphs 8 and 9).

Allowable Subject Matter
Claims 10-11 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ARACELIS RUIZ whose telephone number is (571)270-1038.  The examiner can normally be reached on Monday-Friday 11:00am-7:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Reginald G. Bragdon can be reached on (571)272-4204.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/ARACELIS RUIZ/Primary Examiner, Art Unit 2139