DETAILED ACTION
The present application is being examined under the pre-AIA  first to invent provisions.
The amendment filed 3/17/2021 has been placed of record in the file.
Claim 21 has been amended.
Claims 6-25 are pending.
The double patenting rejection remains of record.
The applicant’s arguments with respect to claims 6-25 have been fully considered but they are not persuasive as discussed below.

Claim Rejections - 35 USC § 102
7.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
8.	The following is a quotation of the appropriate paragraphs of pre-AIA  35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on sale in this country, more than one year prior to the date of application for patent in the United States.

9.	Claims 12, 21, and 23-25 are rejected under pre-AIA  35 U.S.C. 102(b) as being anticipated by Williams et al. (U.S. Patent Application Publication Number 2011/0093750) listed on the applicant’s IDS filed 7/27/2018, hereinafter referred to as Williams.
Regarding claim 12, Williams discloses an electronic device comprising: at least one processing core (paragraph 40, processor core); memory including a plurality of addressable 
Regarding claim 21, Williams discloses an integrated circuit comprising: a crossbar (paragraph 40, bus connecting components); a set of processing cores coupled to the crossbar (paragraph 40, processor core); and a memory controller coupled to the crossbar and configured to couple to a memory (paragraph 40, MMU and memory), wherein the memory controller includes a firewall that includes: a first set of registers configured to store an identifier of a first region of the memory having a first security type (paragraph 60, boundary values stored in boundary registers); a second set of registers configured to store an identifier of a second region of the memory having a second security type (paragraph 60, boundary values stored in boundary registers); and a comparator coupled to the first set of registers and the second set of registers and configured to: receive a request to access the memory from a first processing core of the set of processing cores, wherein the request includes an address and an attribute of the first processing core (paragraph 66, access request, and paragraph 69, determines operating mode); determine, based on the first set of registers and the second set of registers, whether the address is directed to the first region, the second region, or a third region of the memory (paragraph 69, determines portion access directed to); determine, based on the attribute of the first processing 
Regarding claim 23, Williams discloses wherein the comparator is configured to determine, based on the attribute corresponding to a secure master, that the first processing core has permission to access the first region and the second region (paragraph 71, first and second portions accessible to hypervisor).
Regarding claim 24, Williams discloses wherein the comparator is configured to determine, based on the attribute corresponding to a secure guest, that the first processing core has permission to access the second region but not the first region (paragraph 71, first portion accessible only to hypervisor and second portion access to both hypervisor and guest operating system).
Regarding claim 25, Williams discloses wherein: the memory controller further includes a configuration register configured to store an identifier; and the comparator is configured to determine whether the first processing core has permission to access the address by comparing the attribute to the identifier (paragraph 69, portion and operating mode, and paragraph 71, portions defined by boundary values).



Claim Rejections - 35 USC § 103
10.	The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

11.	Claim 22 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Williams in view of Conti (U.S. Patent Application Publication Number 2007/0011419) listed on the applicant’s IDS filed 7/27/2018.
Williams disclosed a system for managing hardware resources that utilizes boundaries to divide the resources into multiple portions.  In an analogous art, Conti disclosed a system for defining memory protection regions that utilizes a memory security firewall.  Both systems manage access requests to multiple different portions of data storage.
Regarding claim 22, Williams discloses wherein: the comparator is configured to: determine that the first processing core has permission to access the address based on the attribute corresponding to a first security level; and determine that the first processing core does not have permission to access the address based on the attribute corresponding to a second security level (paragraph 71, first portion accessible only to hypervisor).
Williams does not explicitly state wherein: the memory controller further includes a configuration register configured to store a lock bit; and the comparator is configured to: when the lock bit has a first value, determine that the first processing core has permission to access the address based on the attribute corresponding to a first security level; and when the lock bit has the first value, determine that the first processing core does not have permission to access the address based on the attribute corresponding to a second security level; and when the lock bit has .

12.	Claims 13-18 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Williams in view of Strongin et al. (U.S. Patent Application Publication Number 2003/0188184), hereinafter referred to as Strongin.

Regarding claim 13, Williams does not explicitly state wherein the at least one secure master register includes: a first secure master register that includes a first field to store a selected number of lowest order bits of the base address defining the secure master region; and a second secure master register that includes a second field to store all remaining higher order bits of the base address defining the secure master region other than the selected number of lowest order bits of the base address defining the secure master region.  However, storing memory addresses in such a way was well known in the art as evidenced by Strongin.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art at the time of the applicant’s invention to modify the system of Williams by adding the ability that the at least one secure master register includes: a first secure master register that includes a first field to store a selected number of lowest order bits of the base address defining the secure master region; and a second secure master register that includes a second field to store all remaining higher order bits of the base address defining the secure master region other than the selected number of lowest order bits of the base address defining the secure master region as provided by Strongin (see paragraph 27, base address divided into lower and upper bits).  One of ordinary skill in the art would have recognized the benefit that dividing the memory into a plurality of segments would be useful when managing associated security information (see Strongin, paragraph 7).
Regarding claim 14, the combination of Williams and Strongin discloses wherein the first secure master register includes a third field to store segment size information defining a size of the secure master region (Williams, paragraph 77, each boundary register provides resource size indication).
Regarding claim 15, the combination of Williams and Strongin discloses wherein the first field and the third field are not directly adjacent to each other within the first secure master register (Williams, paragraph 77, size indication, where one of ordinary skill would not have been limited as to where and how to store the size indication).
Regarding claim 16, Williams does not explicitly state wherein the at least one secure guest register includes: a first secure guest register that includes a fourth field to store a selected number of lowest order bits of the base address defining the secure guest region; and a second secure guest register that includes a fifth field to store all remaining higher order bits of the base address defining the secure guest region other than the selected number of lowest order bits of the base address defining the secure guest region.  However, storing memory addresses in such a way was well known in the art as evidenced by Strongin.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art at the time of the applicant’s invention to modify the system of Williams by adding the ability that the at least one secure guest register includes: a first secure guest register that includes a fourth field to store a selected number of lowest order bits of the base address defining the secure guest region; and a second secure guest register that includes a fifth field to store all remaining higher order bits of the base address defining the secure guest region other than the selected number of lowest order bits of the base address defining the secure guest region as provided by Strongin (see paragraph 27, base address divided into lower and upper bits).  One of ordinary skill in the art 
Regarding claim 17, the combination of Williams and Strongin discloses wherein the first secure guest register includes a sixth field to store segment size information defining a size of the secure guest region (Williams, paragraph 77, each boundary register provides resource size indication).
Regarding claim 18, the combination of Williams and Strongin discloses wherein the fourth field and the sixth field are not directly adjacent to each other within the first secure guest register (Williams, paragraph 77, size indication, where one of ordinary skill would not have been limited as to where and how to store the size indication).

13.	Claim 19 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Williams in view of Porter et al. (U.S. Patent Application Publication Number 2002/0163522), hereinafter referred to as Porter.
Williams disclosed a system for managing hardware resources that utilizes boundaries to divide the resources into multiple portions.  In an analogous art, Porter disclosed a system for maintaining secure and non-secure data in a shared memory system.  Both systems manage access requests to multiple different portions of data storage.
Regarding claim 19, Williams does not explicitly state wherein the secure guest region of the address space includes at least two discontinuous regions.  However, partitioning memory in such a way was well known in the art as evidenced by Porter.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art at the time of the applicant’s invention to modify the system of Williams by adding the ability that the .

14.	Claims 6-11 and 20 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Williams in view of Strongin, further in view of Conti.
Williams disclosed a system for managing hardware resources that utilizes boundaries to divide the resources into multiple portions.  In an analogous art, Strongin disclosed a system for controlling access to segments of memory having particular data stored therein.  Also in an analogous art, Conti disclosed a system for defining memory protection regions that utilizes a memory security firewall.  All of these systems manage access requests to multiple different portions of data storage.
Regarding claim 6, Williams discloses an electronic device comprising: at least one processing core (paragraph 40, processor core); a security configuration register to store security privilege configuration information (paragraph 64, levels of privilege), the security configuration register including a non-secure indication (paragraph 69, designation of particular portion); memory including a plurality of addressable locations defined by an address space, the address space including a secure master region, a secure guest region, and a non-secure region, wherein the non-secure region is any portion of the address space other than the secure master region and the secure guest region (paragraph 71, first boundary value and further boundary value); and a memory endpoint controller coupled to the memory and configured to control access to the memory in response to memory access requests issued by the at least one processing core based 
Williams does not explicitly state the non-secure indication being a non-secure (NS) bit, and controlling access to the memory by when the NS bit is a first logical value, granting a memory access request to any of the secure master region, secure guest region, and the non-secure region regardless of the security indicator of the memory access request, and when the NS bit is a second logical value, granting and denying the memory access request as taught by 
The combination of Williams and Strongin does not explicitly state the security configuration register including a lock/unlock (L/U) bit; the controlling access to the memory based at least partially on the L/U bit; and controlling access to the memory by when the L/U bit is the first logical value, granting and denying the memory access request as taught by Williams above, and when the L/U bit is the second logical value, granting a memory access request to the secure master region and to the secure guest region when the security indicator of the memory access request is the secure master state or the secure guest state.  However, utilizing such lock states was well known in the art as evidenced by Conti.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art at the time of the applicant’s invention to modify the combination of Williams and Strongin by adding the 
Regarding claim 7, the combination of Williams, Strongin, and Conti discloses wherein the memory endpoint controller includes: at least one secure master register to store a base address defining the secure master region; and at least one secure guest register to store a base address defining the secure guest region (Williams, paragraph 60, boundary values stored in boundary registers).
Regarding claim 8, the combination of Williams, Strongin, and Conti discloses wherein the at least one secure master register includes: a first secure master register that includes a first field to store a selected number of lowest order bits of the base address defining the secure master region; and a second secure master register that includes a second field to store all remaining higher order bits of the base address defining the secure master region other than the selected number of lowest order bits of the base address defining the secure master region (Strongin, paragraph 27, base address divided into lower and upper bits).
Regarding claim 9, the combination of Williams, Strongin, and Conti discloses wherein the first secure master register includes a third field to store segment size information defining a size of the secure master region (Williams, paragraph 77, each boundary register provides resource size indication).
Regarding claim 10, the combination of Williams, Strongin, and Conti discloses wherein the at least one secure guest register includes: a first secure guest register that includes a fourth field to store a selected number of lowest order bits of the base address defining the secure guest region; and a second secure guest register that includes a fifth field to store all remaining higher order bits of the base address defining the secure guest region other than the selected number of lowest order bits of the base address defining the secure guest region (Strongin, paragraph 27, base address divided into lower and upper bits).
Regarding claim 11, the combination of Williams, Strongin, and Conti discloses wherein the first secure guest register includes a sixth field to store segment size information that defines a size of the secure guest region (Williams, paragraph 77, each boundary register provides resource size indication).
Regarding claim 20, Williams discloses a method for configuring a memory access firewall in a data processing system having a security configuration register and memory with an address space including a secure master region, a secure guest region, and a non-secure region (paragraph 71, first boundary value and further boundary value), the method comprising: configuring the memory access firewall to permit access to the secure master region by a memory access request only if a security indicator of the memory access request indicates a secure master level (paragraph 71, first portion accessible only to hypervisor), permit access to the secure guest region only if the security indicator of the memory access request indicates the 
Williams does not explicitly state determining a logic value of a non-secure bit of the security configuration register, and when the non-secure bit has a first logic value, configuring the memory access firewall to permit access to any of the secure master region, secure guest region, and the non-secure region by a memory access request regardless of a security level indicated by a security indicator of the memory access request, and when the non-secure bit has a second logic value, configuring the memory access firewall to permit access as taught by Williams above.  However, delineating secure memory sections in such a way was well known in the art as evidenced by Strongin.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art at the time of the applicant’s invention to modify the system of Williams by adding the ability for determining a logic value of a non-secure bit of the security configuration register, and when the non-secure bit has a first logic value, configuring the memory access firewall to permit access to any of the secure master region, secure guest region, and the non-secure region by a memory access request regardless of a security level indicated by a security indicator of the memory access request, and when the non-secure bit has a second logic value, configuring the memory access firewall to permit access as already taught as provided by Strongin (see paragraph 25, bit indicates secure section, and paragraph 24, if region not designated secure, then no privilege check needed).  One of ordinary skill in the art would have recognized the benefit that dividing the memory into a plurality of segments would be useful when managing associated security information (see Strongin, paragraph 7).
.


Response to Arguments
15.	In the remarks, the applicant has argued:
<Argument 1>
Williams does not disclose the features of independent claim 12 because he does not disclose “when the address of the memory access request corresponds to an address in the non-secure region, the security indicator is downgraded to the non-secure state when the security indicator, as received, indicates any security level greater than the non-secure state” as recited in claim 12.
<Argument 2>
The combination of Williams, Strongin, and Conti does not disclose the features of independent claim 6 because it does not disclose “when the NS bit is a first logical value, granting a memory access request to any of the secure master region, secure guest region, and the non-secure region regardless of the security indicator of the memory access request” as recited in claim 6.
16.	In response to argument 1, Williams does disclose the features as recited in claim 12.  The rejection cites paragraph 71, which shows that the further second portion is accessible to all of the hypervisor program, the guest operating system program, and a user program.  This is seen to meet the limitation at hand as a program with a greater level of privilege (ie. a hypervisor) accessing resources at the lowest user level is considered a downgrade for that program.
17.	In response to argument 2, the combination of Williams, Strongin, and Conti does disclose the features as recited in claim 6.  The rejection cites Strongin, paragraph 25, which shows the use of a bit that indicates whether or not a region is designated as secure.  This is seen to meet the limitation at hand as this designation of whether the region is secure or not is used to 

Conclusion
18.	THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
19.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to Victor Lesniewski whose telephone number is (571)272-2812.  The examiner can normally be reached on Monday thru Friday, 9am to 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/Victor Lesniewski/Primary Examiner, Art Unit 2493