DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
The present Office action is in response to Applicant’s amendment/request for reconsideration submitted on March 2, 2021, hereinafter “Reply”, after non-final rejection of December 8, 2020, hereinafter “Non-Final Rejection”.  Claims 1, 9, 15, and 21 have been amended.  No claims have been added or cancelled.  Claims 1-25 remain pending in the application.

Response to Amendments and Arguments
The Reply has been fully considered, with the Examiner’s response set forth below.
In view of the amendments to the abstract of the disclosure, the objections to the specification have been withdrawn.  
In view of the amendments to the claims, the objections to the claims have been withdrawn.  
Applicant’s arguments with respect to independent claims 1, 9, 15, and 21 and dependent claims thereof have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Another iteration of claim analysis has been made due to the amendments to the claims. Refer to the corresponding sections of the claim analysis below for details.  

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 3, 8-10, and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Buxton et al. (US 2008/0162816 A1), hereinafter “Buxton”, in view of DeLaurier et al. (US 2018/0181491 A1), hereinafter “DeLaurier”, and Erlingsson et al. (US 2008/0109625 A1), hereinafter “Erlingsson”.

Regarding claim 1, Buxton teaches: 
A computing system, comprising:
memory circuitry (FIG. 3; [0025]; “main memory 315”);
processor circuitry to execute instructions associated with a plurality of processes (FIGs. 1-3; [0003], [0012], [0014], [0025]; “processor 305”, “whenever a LOAD_CHECK instruction is executed, the processor checks that the attribute bit is set [i.e., execute instructions]”, “The thread then loads all the critical memory locations into the cache, 220, using a LOAD_SET or a similar instruction to set an attribute bit in association with each cache line into which a critical memory location is loaded”, “two threads (also interchangeably termed “processes” in the context of this application) executing on a processor based system share a cache memory (cache) [i.e., a plurality of processes]”, threads are used interchangeably as processes), the processor circuitry having at least a cache (FIG. 3; [0025], [0027]; “level one (L1) cache memory 310”, “The cache memory may be located either within the processor or in close proximity to the processor, such as on the processor's local bus 307”), the cache including at least:
a plurality of cache lines to store information from the memory circuitry (FIGs. 1, 3; [0008]-[0009], [0020], [0025]; “a cache memory 100 including a cache line 105, which corresponds to a particular block of memory (not shown)”, “FIG. 3 illustrates a front-side-bus (FSB) computer , each cache line including one or more S bits to indicate whether the corresponding cache line is shared between two or more of the plurality of processes (FIG. 1; [0003], [0009], [0011]; “FIG. 1 illustrates a portion of a cache memory, each cache line of which has an associated group of attribute bit storage locations, according to one embodiment of the invention. In particular, FIG. 1 illustrates a cache memory 100 including a cache line 105, which corresponds to a particular block of memory (not shown). The cache line 105 has associated therewith a number of attributes to be stored in the form of bits within storage location 110. Within the storage location 110 is a group of attribute bits 115 associated with cache line 105, which can store bits to represent various properties of the cache line, which can be used by a program executing on a processor based system that accesses the cache line”, “In addition to the attribute bits, each line of cache may also have associated therewith a state value stored in state storage location 120. For example, in one embodiment the state storage location 120 contain state bits 125 [i.e., one or more S bits] associated with cache line 105 which designates whether the cache line is in a modified state, exclusively owned state, shared state [i.e., indicate whether the corresponding cache line is shared between two or more of the plurality of processes], or invalid state. The state value can control whether various software threads, cores, or processors can use and/or modify information stored in the particular cache line. In some embodiments the state value is ; and
cache monitoring and eviction logic (FIGs. 1-3; [0017], [0020], [0024]; “the attribute bit selected is set to indicate to the underlying processor or processor core that its logic should respond to an [Memory Line Invalidate] MLI scenario for that cache line”, “the logic of the underlying processor or core to transfer control to the handler previously registered by the thread at 210”, “the sequence of actions described as being executed by a handler thread (software) may alternatively be executed by logic of a processor or processor core in hardware”) to:
form, based on the S bits, one or more cache line subsets, each of the one or more cache line subsets including a plurality of cache lines shared between a respective one of the plurality of processes and at least one other of the plurality of processes (FIGs. 1-3; [0003]-[0004], [0011]; “if two threads (also interchangeably termed " processes" in the context of this application) executing on a processor based system share a cache memory (cache), it is possible for one thread, a "spy" thread, to observe information about the access patterns of the other thread, a "target" thread.”, “the state ;
determine whether a context switch has occurred in at least one of the plurality of processes (FIG. 2B; [0021]; “Further processing may be required if critical data is evicted from the cache when a thread is not executing because of a context switch. In one embodiment, for which additional processing is depicted in FIG. 2 b, a mechanism may be used by a thread to detect that it has been context switched (one such mechanism is described in U.S. patent application Ser. No. 11/513,871 referenced above in the list of Cross-Referenced Related Applications, by McKeen, et al.). If a thread returns after a context switch, 205 and then the process detects that it has been context switched, 207”); and
responsive to the determination that the context switch has occurred, selectively evict the plurality of cache lines included in the cache line subset associated with the at least one process in which the context switch has occurred.

Buxton teaches determine whether a context switch has occurred and the cache lines. Nevertheless, Buxton does not teach each of the one or more cache line subsets including a plurality of cache lines shared between a respective one of the 

However, DeLaurier teaches: 
each of the one or more cache line subsets including a plurality of cache lines shared between a respective one of the plurality of processes and at least one other of the plurality of processes (FIG. 1; [0037]; “the first command stream 220 may write data into a first portion of a cache line and the second command stream 220 may write data into a second portion of the same cache line (i.e. command streams 220 may share cache lines”; note that the cache lines shared among command streams 220 is considered to be a subset of the cache lines);
responsive to the determination that the context switch has occurred, selectively evict the plurality of cache lines included in the cache line subset associated with the at least one process in which the context switch has occurred (FIG. 1; [0025], [0028]; “When a GPU is configured to flush and invalidate portions of a cache instead of the whole, the GPU may spend less cycles waiting for the cache to flush, in various embodiments. As such, the GPU may execute more command buffers within a given time interval than would otherwise be possible. Furthermore, the GPU may flush and invalidate the cache lines storing data for a first command buffer while preserving the cached data of a second command context switching, where cores 101A-B complete the current task for a process (e.g., thread) and start tasks for a different process. As such, cores 101A-B may store the state of the current process to primary memory and retrieve a new or previous process from primary memory. As such, processing complex 100 may replace the data in L1 cache 105 and L2 cache 110 relating to a first process with data relating to a second process. Processing complex 100 may ensure that all in-flight tasks for a particular core 101 have completed before the particular core 101 switches to a different process. Furthermore, processing complex 100 may flush and invalidate [i.e., evict] portions of L1 cache 105 associated with the particular core 101 or the entire L1 cache 105. In various embodiments, processing complex 100 flushes the contents of L1 cache 105 prior to invaliding portions or all of L1 cache 105. In some embodiments, when flushing L1 cache 105, processing complex 100 writes the contents of L1 cache 105 to primary memory; in other embodiments, processing complex 100 writes the contents to L2 cache 110. Furthermore, cores 101A-B may receive a request to switch from a first thread to a second thread and, in response, replace data (cache lines) in L2 cache 110 relating to the first thread with data relating to the second thread.”).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buxton to incorporate the teachings of DeLaurier to provide a front-side-bus (FSB) computer system for obscuring 

The combination of Buxton teaches responsive to the determination that the context switch has occurred, evict the plurality of cache lines included in the cache line subset associated with the at least one process in which the context switch has occurred. Nevertheless, the combination of Buxton does not teach responsive to the determination that the context switch has occurred, selectively evict the plurality of cache lines included in the cache line subset associated with the at least one process in which the context switch has occurred.

However, Erlingsson teaches: 
responsive to the determination that the context switch has occurred, selectively evict the plurality of cache lines included in the cache line subset associated with the at least one process in which the context switch has occurred (FIGs. 5-6; [0019]-[0020], [0035]-[0037], [0047]; “The term cache lineset refers to, for a K-way associative cache in which each address can be cached in any of K places, a set of K cache lines, all of which have the same pre-image … To flush a cache lineset, in sequence, a set of K memory addresses with K distinct physical (or virtual) addresses that all map to the cache lineset is accessed, and the previous contents of the cache lineset, whatever they may be, are thereby evicted”, “This can be achieved using page-table alerts to selectively choose when to flush the shadow cache lineset … At step 510, a context switch, e.g. due to a timeslice change, takes place to the owner process of the stealth memory page, and that page is marked as invalid in the page tables … At step 550, it is determined if context switching away from the owner process has occurred, and if so, at step 560, it is determined if the page-table alert indicates that the stealth memory has actually been used. If these conditions hold, then at step 570, a flush desirably takes place”, “Stealth memory techniques may be used on traditional computers (a single CPU with some caches, timesliced, by an OS or virtual memory manager, for example) or for multi-core and hyperthreaded systems that use shared caches”; note that cache lineset(s) in stealth memory is selectively flushed as shown in step 570 of FIG. 5 after it is determined that context switching away from the owner process has occurred in step 550).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Buxton to incorporate the teachings of Erlingsson to provide a front-side-bus (FSB) computer 

Regarding claims 9 and 15, the claimed method and the claimed devices comprise the steps or elements for carrying out the same steps or elements in claim 1. Accordingly, the claims are also rejected for the same reasons as set forth for those in claim 1 above.

Regarding claim 3, the combination of Buxton teaches the computing system of claim 1.

Buxton further teaches wherein:
the cache further includes a cache security policy register comprising one or more bits to indicate an active cache security policy (FIGs. 1-2; [0014]-[0016]; “In the case of an instruction that checks the attributes associated with a ; and
the cache monitoring and eviction logic is further to determine, based on contents of the cache security policy register, which of a plurality of cache security policies is active (FIGs. 1-2; [0014]-[0016], [0020]; “the logic of the underlying processor or core”, “In the case of an instruction that checks the attributes [i.e., contents of the cache security policy register] associated with a .

Regarding claims 10 and 16, the claimed method and the claimed devices comprise the steps or elements for carrying out the same steps or elements in claim 3. Accordingly, the claims are also rejected for the same reasons as set forth for those in claim 3 above.

Regarding claim 8, the combination of Buxton teaches the computing system of claim 1.

Buxton further teaches wherein the context switch comprises at least one of:
an interrupt return (IRET);
a far call;
a task switch (FIG. 2B; [0021]; “If a thread returns after a context switch, 205 and then the process detects that it has been context switched, 207”);
a change in a control register of the cache; and 
a virtual machine (VM) schedule switch.

Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Buxton et al. (US 2008/0162816 A1), hereinafter “Buxton”, in view of DeLaurier et al. (US 2018/0181491 A1), hereinafter “DeLaurier”, and Erlingsson et al. (US 2008/0109625 A1), hereinafter “Erlingsson”, as applied to claim 1 above, and further in view of Kaplan et al. (US 2018/0032447 A1), hereinafter “Kaplan”.

Regarding claim 2, the combination of Buxton teaches the computing system of claim 1.

Buxton teaches the S bits of the cache lines. Nevertheless, the combination of Buxton does not teach wherein: the processor circuitry is to execute instructions to set one or more page S bits in a page table entry; and the S bits of the cache lines are based on the page S bits.

However, Buxton in view of Kaplan teaches wherein:
the processor circuitry is to execute instructions to set one or more page S bits in a page table entry (Kaplan: FIG. 4; [0054], [0069]; “In reverse map table 228, each entry 400 [i.e., page table entry] is configured to store global ; and
the S bits of the cache lines (Buxton: FIGs. 1-3; [0003]-[0004], [0011]; “state bits 125 [i.e., S bits]) are based on the page S bits (Kaplan: FIG. 4; [0054], [0069]; “global shared pages indicator (“GSP”) 402”).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Buxton to incorporate the teachings of Kaplan to provide a front-side-bus (FSB) computer system for obscuring memory access patterns to protect the cryptographic algorithm, AES, from cache side channel attacks of Buxton having a processor that accesses data from a level one (L1) cache memory having cache lines and main memory, and state bits associated with cache line which designates whether the cache line is in a shared state, whereby the state value of Buxton can control whether various software threads, cores, or processors can use and/or modify information stored in the particular cache line, with a computing device that includes a processor having cache memories (e.g., level-one (L1) caches 210 and 211 (“L1 210” and “L1 211”) in each of cores 208 and 209) of Kaplan using the reverse map table and the guest accessed pages table for marking a page as immutable as described can prevent “replay” attacks where an earlier and possibly outdated version of a page (including a page that is encrypted) is maliciously or erroneously substituted in the place of a desired/current page. Doing so with the system of Buxton, incorporated with the state bits associated .

Claims 4-6, 11-13, and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Buxton et al. (US 2008/0162816 A1), hereinafter “Buxton”, in view of DeLaurier et al. (US 2018/0181491 A1), hereinafter “DeLaurier”, and Erlingsson et al. (US 2008/0109625 A1), hereinafter “Erlingsson”, as applied to claims 3, 10, and 16 above, and further in view of Cammarota et al. (US 2018/0046808 A1), hereinafter “Cammarota”.

Regarding claim 4, the combination of Buxton teaches the computing system of claim 3.

Buxton further teaches:
wherein the cache monitoring and eviction logic to, responsive to a determination that a context switch has occurred, evict one or more of the subset of cache lines comprises cache monitoring and eviction logic to, responsive to a determination that a context switch has occurred (Buxton: FIG. :
select, based on the active security policy, one or more of the subset of cache lines to evict (Buxton: FIG. 2B; [0015], [0017], [0020]; “one scenario that may be defined is one that invokes an event and corresponding handler upon detecting an Unexpected Memory State (UMS scenario). This may be useful if a thread or other process attempts to access a cache line expecting it to have a certain state, based on the attribute bits [i.e., active security policy] of the line, and instead the cache line is in another memory state, indicating that the cache line may no longer be associated with that particular thread or process … memory attributes of locations of finer granularity than the cache line may also be checked [i.e., one or more of the subset of cache lines]”, “the attribute bit selected is set to indicate to the underlying processor or processor core that its logic should respond to an MLI scenario for that cache line”, i.e., the active security policy includes a procedure of handling a scenario when the cache line may no longer be associated with that particular thread or process).

The combination of Buxton does not teach evict the selected cache lines.


evict the selected cache lines (FIG. 8; [0056]-[0058]; “The cache status information can also be used to store information related to insertion of data into the cache as well as for cache eviction … The table can be used by the cache to maintain the assignment of sets of cache lines (whether assigned randomly or otherwise) for each partition where the cache has been partitioned. The table can included with cache status information that is stored in response to a context switch, so that the state of the cache can be restored once the execution of the thread or process resumes”).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Buxton to incorporate the teachings of Cammarota to provide a front-side-bus (FSB) computer system for obscuring memory access patterns to protect the cryptographic algorithm, AES, from cache side channel attacks of Buxton having a processor that accesses data from a level one (L1) cache memory having cache lines and main memory, and state bits associated with cache line which designates whether the cache line is in a shared state, with a computing device including a processor that can include a cache used to store data retrieved from a memory and/or data to be written to the memory of Cammarota to select all of the cache lines of the cache when the cache lines can be invalidated prior to setting the cache to operate in the randomized operating mode. Doing so with the system of Buxton would provide a method for protecting software that operates on sensitive data and requires data 

Regarding claims 11 and 17, the claimed method and the claimed devices comprise the steps or elements for carrying out the same steps or elements in claim 4. Accordingly, the claims are also rejected for the same reasons as set forth for those in claim 4 above.

Regarding claim 5, the combination of Buxton teaches the computing system of claim 4.

The combination of Buxton does not teach responsive to a determination that a first security policy is active, select all of the subset of cache lines.

However, Cammarota teaches responsive to a determination that a first security policy is active, select all of the subset of cache lines (FIGs. 1-2, 5-7; [0037]; “The cache can be set to operate in the randomized mode using the cache status information (stage 915). The cache can be set to operate in the randomized operating mode, such is discussed above with respect to stage 210 of the process of FIG. 2. The cache lines can be invalidated prior to setting the cache to operate in the randomized operating mode. All of the cache lines of the cache 115 [i.e., select all of the subset of cache lines] can be invalidated prior to setting the cache to operate in the randomized mode. One or more of the cache lines may be “dirty” and .

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Buxton to incorporate the teachings of Cammarota to provide a front-side-bus (FSB) computer system for obscuring memory access patterns to protect the cryptographic algorithm, AES, from cache side channel attacks of Buxton having a processor that accesses data from a level one (L1) cache memory having cache lines and main memory, and state bits associated with cache line which designates whether the cache line is in a shared state, with a computing device including a processor that can include a cache used to store data retrieved from a memory and/or data to be written to the memory of Cammarota to select all of the cache lines of the cache when the cache lines can be invalidated prior to setting the cache to operate in the randomized operating mode. Doing so with the system of Buxton would provide a 

Regarding claims 12 and 18, the claimed method and the claimed devices comprise the steps or elements for carrying out the same steps or elements in claim 5. Accordingly, the claims are also rejected for the same reasons as set forth for those in claim 5 above.

Regarding claim 6, the combination of Buxton teaches the computing system of claim 4.

The combination of Buxton does not teach responsive to a determination that a second security policy is active, select one or more of the subset of cache lines based on an output of a random number generator.

However, Cammarota teaches responsive to a determination that a second security policy is active, select one or more of the subset of cache lines based on an output of a random number generator (FIGs. 1-2, 5-7; [0037]; “Side-channel attacks can utilize cache timing and cache miss behavior to deduce information about other software that is utilizing the cache 115. One technique that can be used to randomize the cache usage is to randomly select a partition into which to store data in the cache 115. In this approach, the cache can be segmented .

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Buxton to incorporate the teachings of Cammarota to provide a front-side-bus (FSB) computer system for obscuring memory access patterns to protect the cryptographic algorithm, AES, from cache side channel attacks of Buxton having a processor that accesses data from a level one (L1) cache memory having cache lines and main memory, and state bits associated with cache line which designates whether the cache line is in a shared state, with a computing device including a processor that can include a cache used to store data retrieved from a memory and/or data to be written to the memory of Cammarota to select all of the cache lines of the cache when the cache lines can be invalidated prior to setting the cache to operate in the randomized operating mode. Doing so with the system of Buxton would provide a method for protecting software that operates on sensitive data and requires data 

Regarding claims 13 and 19, the claimed method and the claimed devices comprise the steps or elements for carrying out the same steps or elements in claim 6. Accordingly, the claims are also rejected for the same reasons as set forth for those in claim 6 above.

Claims 7, 14, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Buxton et al. (US 2008/0162816 A1), hereinafter “Buxton”, in view of DeLaurier et al. (US 2018/0181491 A1), hereinafter “DeLaurier”, Erlingsson et al. (US 2008/0109625 A1), hereinafter “Erlingsson”, and Cammarota et al. (US 2018/0046808 A1), hereinafter “Cammarota”, as applied to claims 4, 11, and 17, respectively above, and further in view of Pohlack et al. (US 9,436,603 B1), hereinafter “Pohlack”.

Regarding claim 7, the combination of Buxton teaches the computing system of claim 4.

The combination of Buxton does not teach monitor memory access patterns associated with the plurality of processes; determine, based at least on the memory access patterns, a likelihood that a side-channel attack is occurring; and modify the contents of the cache security policy register based on the likelihood of a 

However, Pohlack teaches:
monitor memory access patterns associated with the plurality of processes (FIG. 2; col. 2, lines 36-50; col. 7, line 49 to col. 8, line 10; “The systems and methods described herein may be used to detect, prevent, mitigate, and/or curtail timing side-channel attacks in virtualized computing systems and/or in local (single) systems in which physical memory pages are shared between processes, applications, and/or users”, “the method may also include inspecting the program instructions in the neighborhood of the cache line flush type instruction that triggered the interrupt [i.e., memory access patterns], as in 230, in order to determine whether the program instructions that triggered the interrupt are likely to be part of a timing side-channel attack (e.g., to determine the root cause of the interrupt and/or use of the cache line flush type instructions), as in 240.”);
determine, based at least on the memory access patterns, a likelihood that a side-channel attack is occurring (FIG. 2; col. 7, line 49 to col. 8, line 10; “the method may also include inspecting the program instructions in the neighborhood of the cache line flush type instruction that triggered the interrupt [i.e., memory access patterns], as in 230, in order to determine whether the program instructions that triggered the interrupt are likely to be part of a timing side-channel attack [i.e., likelihood that a side-channel attack is occurring] (e.g., to determine the root cause of the interrupt and/or use of the cache line flush type instructions), as in 240. For example, in response to the interrupt, the method may ; and
modify the contents of the cache security policy register based on the likelihood of a side­channel attack occurring (FIG. 2; col. 7, line 49 to col. 8, line 10; “If it is determined that the program instructions that triggered the interrupt are likely to be part of a timing side-channel attack [i.e., the likelihood of a side­channel attack occurring], shown as the positive exit from 240, the method may include taking action in an attempt to curtail the timing side-channel attack or mitigate its effects (as described herein), as in 250. For example, if an interrupt handler or security module determines that each (or at least some) of the cache line flush type instructions are followed by a corresponding read targeting the same memory area that was flushed (e.g., in a tight loop), or determines that cache line flush type instructions repeatedly and/or frequently target a particular shared physical memory page, the method may include modifying the program instructions or page mapping [i.e., modify the contents] of the suspected attacking program, as described in more detail herein”, i.e., the cache security policy register may be construed as the page mapping of the suspected attacking program).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Buxton to 

Regarding claims 14 and 20, the claimed method and the claimed devices comprise the steps or elements for carrying out the same steps or elements in claim 7. Accordingly, the claims are also rejected for the same reasons as set forth for those in claim 7 above.

Claims 21 and 23-24 are rejected under 35 U.S.C. 103 as being unpatentable over Buxton et al. (US 2008/0162816 A1), hereinafter “Buxton”, in view of DeLaurier et al. (US 2018/0181491 A1), hereinafter “DeLaurier”, Cammarota et al. (US 2018/0046808 A1), hereinafter “Cammarota”, and Erlingsson et al. (US 2008/0109625 A1), hereinafter “Erlingsson”.

Regarding claim 21, Buxton teaches: 
A computing system, comprising:
memory circuitry (FIG. 3; [0025]; “main memory 315”);
processor circuitry to execute instructions associated with a plurality of processes (FIGs. 1-3; [0003], [0012], [0014], [0025]; “processor 305”, “whenever a LOAD_CHECK instruction is executed, the processor checks that the attribute bit is set [i.e., execute instructions]”, “The thread then loads all the critical memory locations into the cache, 220, using a LOAD_SET or a similar instruction to set an attribute bit in association with each cache line into which a critical memory location is loaded”, “two threads (also interchangeably termed “processes” in the context of this application) executing on a processor based system share a cache memory (cache) [i.e., a plurality of processes]”, threads are used interchangeably as processes), the processor circuitry having at least:
a cache including at least a plurality of cache lines to store information from the memory circuitry (FIGs. 1, 3; [0008]-[0009], [0020], [0025], [0027]; “a cache memory 100 including a cache line 105, which ; and
cache monitoring and eviction logic (FIGs. 1-3; [0017], [0020], [0024]; “the attribute bit selected is set to indicate to the underlying processor or processor core that its logic should respond to an [Memory Line Invalidate] MLI scenario for that cache line”, “the logic of the underlying processor or core to transfer control to the handler previously registered by the thread at 210”, “the sequence of actions described as being executed by a handler thread (software) may alternatively be executed by logic of a processor or processor core in hardware”) to:
monitor memory access patterns associated with the plurality of processes (FIGs. 1-3; [0020]; “If during the execution of the thread following the load of the critical memory locations at 220, an outside asynchronous event causes an eviction of any of the lines of the cache for which the attribute bit has been set by the thread, an MLI scenario is invoked at 260. This causes the logic of the underlying processor or core to transfer control to the handler previously registered by the thread at 210. The main function of the handler is to prevent a spy thread from using the cache walk technique described above or a similar technique to detect the memory access patterns of 
form one or more cache line subsets, each of the one or more cache line subsets including a plurality of cache lines shared between a respective one of the plurality of processes and at least one other of the plurality of processes (FIGs. 1-3; [0003]-[0004], [0011]; “if two threads (also interchangeably termed " processes" in the context of this application) executing on a processor based system share a cache memory (cache), it is possible for one thread, a "spy" thread, to observe information about the access patterns of the other thread, a "target" thread.”, “the state storage location 120 contain state bits 125 [i.e., S bits] associated with cache line 105 which designates whether the cache line is in a modified state, exclusively owned state, shared state, or invalid state”);
determine, based at least on the memory access patterns, a likelihood that a side-channel attack is occurring on at least one of the plurality of processes; and
responsive to a determination that the likelihood of the side-channel attack occurring on the at least one of the plurality of processes is above a threshold, selectively evict the plurality of cache lines included in the cache line subset associated with the at least one process in which the context switch has occurred.

Buxton does not teach the one or more cache line subsets including a plurality of cache lines shared between a respective one of the plurality of processes and at least one other of the plurality of processes; determine, based at least on the memory access patterns, a likelihood that a side-channel attack is occurring on at least one of the plurality of processes; and responsive to a determination that the likelihood of the side-channel attack occurring on the at least one of the plurality of processes is above a threshold, selectively evict the plurality of cache lines included in the cache line subset associated with the at least one process in which the context switch has occurred.

However, DeLaurier teaches: 
the one or more cache line subsets including a plurality of cache lines shared between a respective one of the plurality of processes and at least one other of the plurality of processes (DeLaurier: FIG. 1; [0037]; “the first command stream 220 may write data into a first portion of a cache line and the second command stream 220 may write data into a second portion of the same cache line (i.e. command streams 220 may share cache lines”; note that the cache lines shared among command streams 220 is considered to be a subset of the cache lines).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Buxton to incorporate the teachings of DeLaurier to provide a front-side-bus (FSB) computer system for obscuring memory access patterns to protect the cryptographic algorithm, AES, from cache side channel attacks of Buxton having a processor that accesses data from a level one (L1) cache memory having cache lines and main memory, and state bits associated with cache line which designates whether the cache line is in a shared state, with a graphics processing unit (GPU), comprising a cache that includes a plurality of cache lines and configured to flush ones of the cache lines having first tag portions indicating the particular command buffer as having data stored in the cache lines of DeLaurier. Doing so with the system of Buxton would allow the GPU to spend less cycles waiting for the cache to flush when the GPU is configured to flush and invalidate portions of a cache instead of the whole (DeLaurier, [0025]).

The combination of Buxton does not teach determine, based at least on the memory access patterns, a likelihood that a side-channel attack is occurring on at least one of the plurality of processes; and responsive to a determination that the likelihood of the side-channel attack occurring on the at least one of the plurality of processes is above a threshold, selectively evict the plurality of cache lines included in the cache line subset associated with the at least one process in which the context switch has occurred.

However, Cammarota in view of Erlingsson teaches: 
determine, based at least on the memory access patterns, a likelihood that a side-channel attack is occurring on at least one of the plurality of processes (Cammarota: FIG. 8; [0001], [0056]; “Software Side-Channel Attacks (SCAs) can occur in servers in the cloud exposing assets even in secure software and/or data—IP, confidential information. An attacker can manipulate a shared resource used by process controlled by the attacker and a target process on a cloud server to discern information about the secure software and/or data of the target process. Cache interference is one technique that an attacker may use to modify a shared resource (the cache) in order to breach the security of the software and/or data of the target process”, “A determination that a context switch has occurred while executing software requiring data protection can be made (stage 805)”); and
responsive to a determination that the likelihood of the side-channel attack occurring on the at least one of the plurality of processes is above a threshold, selectively evict the plurality of cache lines included in the cache line subset associated with the at least one process in which the context switch has occurred (Cammarota: FIG. 8; [0001], [0056]-[0058]; “The cache status information can also be used to store information related to insertion of data into the cache as well as for cache eviction … The table can be used by the cache to maintain the assignment of sets of side-channel attack) (Erlingsson: FIGs. 5-6; [0019]-[0020], [0035]-[0037], [0047]; “The term cache lineset refers to, for a K-way associative cache in which each address can be cached in any of K places, a set of K cache lines, all of which have the same pre-image … To flush a cache lineset, in sequence, a set of K memory addresses with K distinct physical (or virtual) addresses that all map to the cache lineset is accessed, and the previous contents of the cache lineset, whatever they may be, are thereby evicted”, “This can be achieved using page-table alerts to selectively choose when to flush the shadow cache lineset … At step 510, a context switch, e.g. due to a timeslice change, takes place to the owner process of the stealth memory page, and that page is marked as invalid in the page tables … At step 550, it is determined if context switching away from the owner process has occurred, and if so, at step 560, it is determined if the page-table alert indicates that the stealth memory has actually been used. If these conditions hold, then at step 570, a flush desirably takes place”, “Stealth memory side-channel attack, and Erlingsson teaches cache lineset(s) in stealth memory is selectively flushed after it is determined that context switching away from the owner process has occurred; as such, one of ordinary skill in the art would be able to combine the teachings to selectively flush cache lineset(s) after it is determined that context switching away from the owner process has occurred and once a determination that a context switch of the processes has occurred can indicate the likelihood of the side-channel attack in order to prevent memory from exposing information about its usage pattern to an attacker or adversary, for example via side-channels).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Buxton to incorporate the teachings of Cammarota to provide a front-side-bus (FSB) computer system for obscuring memory access patterns to protect the cryptographic 

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Buxton to incorporate the teachings of Erlingsson to provide a front-side-bus (FSB) computer system for obscuring memory access patterns to protect the cryptographic algorithm, AES, from cache side channel attacks of Buxton having a processor that accesses data from a level one (L1) cache memory having cache lines and main memory, and state bits associated with cache line which designates whether the cache line is in a shared state, with a method of protecting the portion of memory as stealth memory of Erlingsson, in which cache lineset(s) is selectively flushed after it is determined that context switching away from the owner process has occurred. Doing so with the system of Buxton would prevent stealth memory from exposing 

Regarding claim 23, the combination of Buxton teaches the computing system of claim 21.

Buxton further teaches wherein:
each cache line includes one or more "S" bits to indicate whether the corresponding cache line is shared by two or more of the plurality of processes (FIG. 1; [0003], [0009], [0011]; “FIG. 1 illustrates a portion of a cache memory, each cache line of which has an associated group of attribute bit storage locations, according to one embodiment of the invention. In particular, FIG. 1 illustrates a cache memory 100 including a cache line 105, which corresponds to a particular block of memory (not shown). The cache line 105 has associated therewith a number of attributes to be stored in the form of bits within storage location 110. Within the storage location 110 is a group of attribute bits 115 associated with cache line 105, which can store bits to represent various properties of the cache line, which can be used by a program executing on a processor based system that accesses the cache line”, “In addition to the attribute bits, each line of cache may also have associated therewith a state value stored in state storage location 120. For example, in one embodiment the state storage location 120 contain state bits 125 [i.e., one or more S bits] associated with cache line 105 which designates whether the cache line is in a modified state, exclusively owned ; and
the cache monitoring and eviction logic to, responsive to the determination that the likelihood of the side-channel attack occurring is above the threshold, evict one or more of the cache lines comprises cache monitoring and eviction logic to:
determine, based on the S bits, which of the plurality of cache lines are shared cache lines (FIGs. 1-3; [0003]-[0004], [0011]; “the state storage location 120 contain state bits 125 [i.e., S bits] associated with cache line 105 which designates whether the cache line is in a modified state, exclusively owned state, shared state, or invalid state”).

Cammarota further teaches: 
responsive to the determination that the likelihood of the side-channel attack occurring is above the threshold, evict one or more of the shared cache lines (FIG. 8; [0001], [0056]-[0058]; “The cache status .

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Buxton to incorporate the teachings of Cammarota to provide a front-side-bus (FSB) computer system for obscuring memory access patterns to protect the cryptographic algorithm, AES, from cache side channel attacks of Buxton having a processor that accesses data from a level one (L1) cache memory having cache lines and main memory, and state bits associated with cache line which designates whether the cache line is in a shared state, with a computing device including a processor that can include a cache used to store data retrieved from a memory and/or data to be written to the memory of Cammarota to select all of the cache lines of the cache when the cache lines can be invalidated prior to setting the cache to operate in the randomized operating mode. Doing so with the system of Buxton would provide a method for protecting software that operates on sensitive data and requires data 

Regarding claim 24, the combination of Buxton teaches the computing system of claim 21.

Cammarota further teaches responsive to the determination that the likelihood of a side-channel attack occurring is above the threshold (FIG. 8; [0001], [0056]-[0058]; “The cache status information can also be used to store information related to insertion of data into the cache as well as for cache eviction … The table can be used by the cache to maintain the assignment of sets of cache lines (whether assigned randomly or otherwise) for each partition where the cache has been partitioned. The table can included with cache status information that is stored in response to a context switch, so that the state of the cache can be restored once the execution of the thread or process resumes”; note that a threshold can be one and once a determination that a context switch has occurred can indicate that the likelihood of the side-channel attack):
select, using a random number generator, one or more cache lines to evict (FIGs. 1-2, 5-7; [0037]; “Side-channel attacks can utilize cache timing and cache miss behavior to deduce information about other software that is utilizing the cache 115. One technique that can be used to randomize the cache usage is to randomly select a partition into which to store data in the cache 115. In this approach, the cache can be segmented into a plurality of partitions and each ; and
evict the selected cache lines (FIG. 8; [0056]-[0058]; “The cache status information can also be used to store information related to insertion of data into the cache as well as for cache eviction … The table can be used by the cache to maintain the assignment of sets of cache lines (whether assigned randomly or otherwise) for each partition where the cache has been partitioned. The table can included with cache status information that is stored in response to a context switch, so that the state of the cache can be restored once the execution of the thread or process resumes”).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Buxton to incorporate the teachings of Cammarota to provide a front-side-bus (FSB) computer system for obscuring memory access patterns to protect the cryptographic algorithm, AES, from cache side channel attacks of Buxton having a processor that accesses data from a level one (L1) cache memory having cache lines and main .

Claim 22 is rejected under 35 U.S.C. 103 as being unpatentable over Buxton et al. (US 2008/0162816 A1), hereinafter “Buxton”, in view of DeLaurier et al. (US 2018/0181491 A1), hereinafter “DeLaurier”, Cammarota et al. (US 2018/0046808 A1), hereinafter “Cammarota”, and Erlingsson et al. (US 2008/0109625 A1), hereinafter “Erlingsson”, as applied to claim 21 above, and further in view of Pohlack et al. (US 9,436,603 B1), hereinafter “Pohlack”, and Lee et al. (US 2010/0180083 A1), hereinafter “Lee”.

Regarding claim 22, the combination of Buxton teaches the computing system of claim 21.

The combination of Buxton does not teach wherein the memory access patterns include at least: a number of cache line flush (CLFLUSH) operations; a 

However, Pohlack teaches wherein the memory access patterns include at least: 
a number of cache line flush (CLFLUSH) operations (col. 5, line 66 to col. 6, line 45; “the processors may include a specific (dedicated) performance counter that counts the number of occurrences of a cache line flush type instruction (e.g., the number of times that the CLFLUSH instruction is executed)”);
a number of cache hits (col. 5, line 66 to col. 6, line 45; “a CPU may include more and/or different types of performance counters, such as those that are (or can be) configured to observe and/or count … cache hits”);
a number of cache misses (col. 5, line 66 to col. 6, line 45; “a CPU may include more and/or different types of performance counters, such as those that are (or can be) configured to observe and/or count cache misses”);
a relationship between the number of cache hits and the number of cache misses.

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Buxton to incorporate the teachings of Pohlack to provide a front-side-bus (FSB) computer system for obscuring memory access patterns to protect the cryptographic algorithm, AES, from cache side channel attacks of Buxton having a processor that 

The combination of Buxton does not teach a relationship between the number of cache hits and the number of cache misses.

However, Lee teaches a relationship between the number of cache hits and the number of cache misses ([0009]; “Recent software cache-based, side-channel attacks show that cache memories are highly vulnerable to leakage of critical information such as cryptographic keys. They rely only on the timing .

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Buxton to incorporate the teachings of Lee to provide a front-side-bus (FSB) computer system for obscuring memory access patterns to protect the cryptographic algorithm, AES, from cache side channel attacks of Buxton having a processor that accesses data from a level one (L1) cache memory having cache lines and main memory, with a computer system having a processor core and a cache memory of Lee, whereby the cache memory allows for dynamic mapping of contents from a main memory, so as to provide enhanced security and performance. Doing so with the system of Buxton would provide a cache memory, having enhanced performance and security features, that includes a data array storing a plurality of data lines, a tag array storing a plurality of tags corresponding to the plurality of data lines, and an address decoder which permits dynamic memory-to-cache mapping to provide enhanced security of the data lines, as well as enhanced performance (Lee, [0014]).

Claim 25 is rejected under 35 U.S.C. 103 as being unpatentable over Buxton et al. (US 2008/0162816 A1), hereinafter “Buxton”, in view of DeLaurier et al. (US 2018/0181491 A1), hereinafter “DeLaurier”, Cammarota et al. (US 2018/0046808 A1), hereinafter “Cammarota”, and Erlingsson et al. (US 2008/0109625 A1), hereinafter “Erlingsson”, as applied to claim 21 above, and further in view of Johnson et al. (US 2019/0114422 A1), hereinafter “Johnson”.

Regarding claim 25, the combination of Buxton teaches the computing system of claim 21.

Cammarota teaches the determination that the likelihood of a side-channel attack occurring is above the threshold, and evicting the one or more cache as described in the rejection of claim 21 above. Nevertheless, the combination of Buxton does not teach responsive to the determination that the likelihood of a side-channel attack occurring is above the threshold: hold cache write instructions; after evicting the one or more cache lines, cause the held cache write instructions to be executed.

However, Cammarota in view of Johnson teaches:
responsive to the determination that the likelihood of a side-channel attack occurring is above the threshold (Cammarota: FIG. 8; [0001], [0056]-[0058]; “The cache status information can also be used to store information related to insertion of data into the cache as well as for cache eviction … The table can be used by the cache to maintain the assignment of sets of cache lines (whether assigned randomly or otherwise) for each partition where the cache has been partitioned. The table can included with cache status information that is stored in response to a context switch, so that the state of the cache can be restored once :
hold cache write instructions (Johnson: FIGs. 2-3, 6; [0069], [0071]-[0072]; “FIG. 6 illustrates an example flowchart 600 for holding a memory load operation based on a “pending” flag in the register file 309 … At decision block 603, it is determined whether the operation uses a register file entry whose flag is set … If the flag was set, the operation is held at block 605. Later the flag could be cleared (block 606) or the register file entry could be invalidated (block 607)”, “the microprocessor may also include a memory unit (e.g., MU 305) that is configured to hold any memory load operation that uses an address whose value is calculated based on a register file entry whose flag is set (e.g., block 605), unless all previous instructions have been retired or cancelled. In these implementations, the memory unit may continue a held memory load operation when all previous instructions have been retired, and/or may cancel a held memory load operation when all previous instructions have been cancelled”);
after evicting the one or more cache (Cammarota: FIG. 8; [0056]-[0058]; “The cache status information can also be used to store information related to insertion of data into the cache as well as for cache eviction … The table can be used by the cache to maintain the assignment of sets of cache lines (whether assigned randomly or otherwise) for each partition where the cache has been partitioned. The table can included with cache status information that is stored in response to a context switch, so that the state of the cache can be restored once , cause the held cache write instructions to be executed (Johnson: FIGs. 2-3, 6; [0069], [0071]-[0072]; “FIG. 6 illustrates an example flowchart 600 for holding a memory load operation based on a “pending” flag in the register file 309 … the register file 309 entry could be cleared or invalidated based on flowchart 500 of FIG. 5. If it is cleared, the processing of the operation is resumed at block 608”).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Buxton to incorporate the teachings of Johnson to provide a front-side-bus (FSB) computer system for obscuring memory access patterns to protect the cryptographic algorithm, AES, from cache side channel attacks of Buxton having a processor that accesses data from a level one (L1) cache memory having cache lines and main memory, with execution units and an L1 cache of Johnson that holds a memory load operation and resumes the operation based on the pending flag of the register file in a process for speculative side-channel attack mitigations. Doing so with the computer system for obscuring memory access patterns of Buxton would provide processor modifications that prevent the observation of the side effects of mispredicted speculative execution flows (Johnson, [0021]).

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Tong B Vo whose telephone number is (571)272-7568.  The examiner can normally be reached on M-F 8:00 AM - 4:00 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Charles Rones can be reached on (571)272-4085.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 



/T.B.V./Patent Examiner, Art Unit 2136

/CHARLES RONES/Supervisory Patent Examiner, Art Unit 2136