DETAILED ACTION

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present Office action is in response to Applicant’s amendment/request for reconsideration submitted on April 27, 2021, hereinafter “Reply”, after the non-final rejection of April 33, 2021, hereinafter “Non-Final Rejection”.  Claims 1, 3, 8-9, 14-15, and 18-20 have been amended.  No claims have been added or cancelled.  Claims 1-20 remain pending in the application.

Response to Amendments and Arguments
The Reply has been fully considered, with the examiner’s response set forth below.
(1) 	In view of the amendments to the specification in the Reply, the objections to the specification have been withdrawn. 
(2)	In view of the amendments to the claims in the Reply, the objections to claims 1, 3, 8, 9, 14, and 18-20 of the Non-Final Rejection have been withdrawn.  As for claim 15 of the Non-Final Rejection, please see objections to the claim below because appropriate correction has not been made to the claim.
(3)	In view of the amendments to the claims in the Reply, the claim interpretation of claim 15 for the limitation of “fabric interface” of the Non-Final Rejection has been withdrawn. 

(5)	Another iteration of claim analysis has been made due to the amendments to the claims in the Reply. Refer to the corresponding sections of the claim analysis below for details.

Claim Objections
Claim 15 is objected to because of the following informalities:
In claim 15, line 4, “Basic Input/output System (BIOS) firmware” may be amended to “a Basic Input/output System (BIOS) firmware” to correct a grammatical error because an article is required since “Basic Input/output System (BIOS) firmware” is first introduced in the claim.  (Emphasis added.)
In claim 15, line 10, “boot firmware” may be amended to “a boot firmware” to correct a grammatical error because an article is required since “boot firmware” is first introduced in the claim.  (Emphasis added.)
Other claims with informalities that are the same as those above and not included here should be amended due to the same reasons set forth above.
Appropriate correction is required. 

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):


The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 

Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means”, but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder 
“a plurality of interconnect protocol (IP) agents” in claims 1, 3, and 20.
The Examiner has noted that the written description in paragraphs [0021]-[0022] of the specification is pertinent to a corresponding structure of the claim limitation.
Because these claim limitations are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have these limitations interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-20, as best thought and understood, are rejected under 35 U.S.C. 103 as being unpatentable over Moran et al. (US 2005/0086508 A1), hereinafter “Moran”, in view of Shivanna et al. (US 2018/0025150 A1), hereinafter “Shivanna”, and Meier (US 2020/0334171 A1), hereinafter “Meier”.

	Regarding claim 1, Moran teaches:
An apparatus to facilitate memory map security in a system on chip (SOC), comprising:  
a memory device (FIG. 6; “[0028] … main memory 630”); 
a plurality of interconnect protocol (IP) agents configured to access the memory device (FIG. 6; “[0029] … For example, in one embodiment, main memory 630, processor 610, and device A are trusted agents, while device B and device C are non-trusted agents”; “[0028] … The system 600 includes a processor 610, a MCH 620, a main memory 630, and a number of peripheral devices 640. … main memory 630 includes a random access memory (RAM), or other dynamic storage device, such as, for example, a dynamic random access memory (DRAM), to store data and instructions to be executed by processor 610. The data and instructions are routed between processor 610, main memory 630, and other peripheral devices 640 via MCH 620”; a plurality of interconnect protocol (IP) agents is considered to include the peripheral devices 640 that access data and instructions stored in the main memory 630 since data and instructions are routed between the main memory 630 and the peripheral devices 640 via the MCH 620); and 
a micro controller to receive a request to grant a host device access to the memory device and perform an alias checking process for each of the plurality of IP agents to verify accuracy of a memory map of the memory device, wherein the micro controller performs the alias checking process by comparing a memory range across each of the IP agents and verifying that one or more rules are adhered to across the IP agents (FIGs. 2, 6; “[0005] An existing address decoder in a MCH is shown in FIG. 2. The address decoder includes a number of address comparators 210 connected in parallel. Each comparator compares the destination address of the data with an address range of a device within the system. … The address range of the main memory is represented by cfg_bitsN 209. If the destination address falls within the address range .  

	Moran does not teach a micro controller to receive a request to grant a host device access to the memory device and perform an alias checking process for each of the plurality of IP agents to verify accuracy of a memory map of the memory device, wherein the micro controller performs the alias checking process by comparing a memory range across each of the IP agents and verifying that one or more rules are adhered to across the IP agents.

	However, Shivanna teaches:
a micro controller to receive a request to grant a host device access to the memory device and perform an alias checking process for each of the plurality of IP agents to verify accuracy of a memory map of the memory device (FIG. 1; “[0018] As used herein, the boot firmware engine of the computing device may be any combination of hardware and programming to implement the functionalities of a boot firmware such as the BIOS or the United Extensible Firmware Interface (UEFI). In some examples, the functionalities of the boot firmware engine may be at least partially implemented in the form of electronic circuitry.”; “[0019] … Each one of the manageability hardware components 101 a-101N comprises a bus configuration space 103-104 … the bus configuration space 103-104 of each manageability hardware component 101 a-101N comprises memory map registers 105-106 through which the OS components 107 a-107N, such as OS drivers, OS application or OS utilities that are run on-demand, may access the manageability hardware components 101 a-101N … Each one of the OS components 107 a-107N comprises a corresponding OS component authentication module 108 a-108N that communicates with a boot firmware authentication module 110 in the boot firmware engine 109 of the computing device 100 to verify and authenticate the OS components 107 a-107N … Once the enumeration process is complete, the boot firmware engine 109 may check the addresses pointing to the memory map registers 105-106 of the enumerated manageability hardware components 101 a-101N and reprogram the addresses of the memory map registers 105-106 to an encrypted, encoded or transposed address using a random key that is generated at every booting process”; “[0023] Once one of the OS components 107 a-107N [host device], for example OS component 107 a, request access to one of the manageability hardware components 101 a-101N, for example manageability hardware component 101 a, and the boot firmware authentication module 110 verifies and micro controller is considered to be the hardware or the electronic circuitry that controls the functionalities of a boot firmware such as the BIOS or the United Extensible Firmware Interface (UEFI) of the boot firmware engine; the memory device is considered to be a memory component that contains the bus configuration space 103/104 with the memory map register 105/106; a memory map is considered to be a mapping of the addresses pointing to the memory map registers 105-106 of the enumerated manageability hardware components 101 a-101N).  

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Moran to incorporate the teachings of Shivanna to provide a computer system having data security of Moran, with a system of Shivanna having a boot firmware engine of a computing device that enumerates manageability hardware components.  Doing so with the system of Moran would provide a solution that protect the manageability hardware components of the computing device from unauthorized accesses by PDoS attacks, OS malwares, root kits and badly written/misbehaving device components during the booting process and during runtime 

	The combination of Moran does not teach the micro controller performs the alias checking process by comparing a memory range across each of the IP agents and verifying that one or more rules are adhered to across the IP agents.

	However, Moran in view of Meier teaches:
the micro controller performs the alias checking process by comparing a memory range across each of the IP agents and verifying that one or more rules are adhered to across the IP agents (Moran: FIGs. 2, 6; “[0005] An existing address decoder in a MCH [micro controller] is shown in FIG. 2. The address decoder includes a number of address comparators 210 connected in parallel. Each comparator compares the destination address of the data with an address range of a device within the system. … The address range of the main memory is represented by cfg_bitsN 209. If the destination address falls within the address range of a device, the corresponding comparator outputs a signal to enable the MCH to route the data to the device”; “[0029] … MCH 620 includes a priority address decoder 622 and a set of configuration registers 624 to route data between the devices of computer system 600”; “[0030] … MCH 620 [micro controller] checks the destination address of the secured data with the priority address decoder 622”; “[0031] … the priority address decoder 622 includes one comparator for each device [IP agent] in the computer system to determine whether the range of the device [IP agent]”) (Meier: FIG. 1; “[0038] … the host 110 can provide an access command and/or a plurality of access commands to the memory device 120. Access commands can be provided to access a protected region of the memory device 120. The access command can be associated with an address or a range of addresses and a key. The memory device 120 can compare the provided address to a protected range [memory range] to determine whether the address is within the protected range. If the address is within the protected range, the memory device 120 can compare the key with a stored key to determine whether the key and the stored key match. If the key matches the stored key, then the memory device can enter a non-persistent unlocked mode from a locked mode. The memory device 120 can, via the controller 140 [micro controller], enable a row driver to activate a row or rows of the memory array 130 corresponding to the address (e.g., protected region)”; note that the alias checking process is considered to be a process in which the provided address is compared to a protected range [memory range] to determine whether the address is within the protected range; verifying one or more rules is considered to be determining whether the key and the stored key match if the address is within the protected range) (Note that Moran teaches the MCH 620 checking the destination address of the secured data with the priority address decoder 622 that includes one comparator for each device in the computer system to determine whether the destination address of the data falls within the address range of the device, and Meier teaches the controller 140 comparing the provided address to a protected range to determine whether the address is within the protected range; as such, one of ordinary skill in the art would be able to combine the teachings to compare the address .

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Moran to incorporate the teachings of Meier to provide a computer system having data security of Moran, with an apparatus of Meier that includes the memory device 120 for comparing the provided address to a protected range to determine whether the address is within the protected range.  Doing so with the system of Moran would secure data by preventing unauthorized access to memory cells in which the data is stored.  (Meier, [0012])

Regarding claims 9 and 15, the claimed method and the claimed device comprise substantially the same steps or elements as those in claim 1.  Accordingly, the claims are also rejected for the same reasons as set forth for those in claim 1 above.

Further regarding claim 15, Moran further teaches:
an integrated on-chip system fabric coupled between the processor, the memory device and the BIOS firmware (“[0003] The MCH in the computer system allows software to allocate memory space in a memory map for various devices in the computer system. When the computer system is initialized, the basic input/output software (BIOS) programs a set of configuration registers in the MCH to define a memory map for the computer system”; “[0028] FIG. 6 shows an exemplary integrated on-chip system fabric is considered to be interfaces between the processor 610, the MCH 620 with the BIOS, and the main memory 630 as shown in FIG. 6); and 
a micro controller coupled to the system fabric (FIG. 1; “[0019] … The boot firmware engine 109 also comprises a boot firmware enumerator 111 that carry out an enumeration process to identify the topology of the manageability hardware subsystem that includes all the manageability hardware components 101 a-101N. During the enumeration process, the boot firmware engine 109 may store a list of addresses pointing to the memory map registers 105-106 of the enumerated manageability hardware components 101 a-101N, said manageability hardware components 101 a-101N being accessible to the OS components 107 a-107N”; a micro controller is considered to be the hardware or the electronic circuitry that controls the functionalities of a boot firmware such as the BIOS or the United Extensible Firmware Interface (UEFI) of the boot firmware engine; the system fabric is considered to be the interfaces coupled to the boot firmware engine 109, the manageability hardware components 101 a-101N, and the OS components 107 a-107N as shown in FIG. 1).  
	
	Regarding claim 2, the combination of Moran teaches the apparatus of claim 1.

Shivanna further teaches:
wherein the micro controller locks registers associated with the memory map (FIG. 1; “[0020] The manageability hardware components 101 a-101N may also registers (not shown in the figure), for example architected registers, to set attributes to hardware features that are mapped to the memory map register of the bus configuration spaces 103-104. The architected registers are programmable registers that are architected for the purpose of controlling access to a specific functionality of the particular manageability hardware component. These attributes, that are stored in the memory map register 105-106 of each manageability hardware components 101 a-101N, may be Read-Only, Read/Write or Hide. The attributes may be used to lock the bus configuration space 103-104 of the manageability hardware components 101 a-101N by setting the attributes as Read-Only or Hide”; note that the memory map is considered to be a mapping of the addresses pointing to the memory map registers 105-106 of the enumerated manageability hardware components 101 a-101N).  

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Moran to incorporate the teachings of Shivanna to provide a computer system having data security of Moran, with a system of Shivanna having a boot firmware engine that uses attributes to lock the bus configuration space 103-104 of the manageability hardware components 101 a-101N.  Doing so with the system of Moran would provide a solution that protect the manageability hardware components of the computing device from unauthorized accesses by PDoS attacks, OS malwares, root kits and badly written/misbehaving device components during the booting process and during runtime of the computing devices by authorizing on-demand access to the manageability 

Regarding claim 10, the claimed method comprises substantially the same steps or elements as those in claim 2.  Accordingly, the claim is also rejected for the same reasons as set forth for those in claim 2 above.

	Regarding claim 3, the combination of Moran teaches the apparatus of claim 2.

Moran further teaches:
a Basic Input/output System (BIOS) firmware to program the memory map for the plurality of IP agents (FIG. 6; “[0003] The MCH in the computer system allows software to allocate memory space in a memory map for various devices in the computer system. When the computer system is initialized, the basic input/output software (BIOS) programs a set of configuration registers in the MCH to define a memory map for the computer system”; “[0029] … For example, in one embodiment, main memory 630, processor 610, and device A are trusted agents, while device B and device C are non-trusted agents”; “[0028] … The system 600 includes a processor 610, a MCH 620, a main memory 630, and a number of peripheral devices 640. … main memory 630 includes a random access memory (RAM), or other dynamic storage device, such as, for example, a dynamic random access memory (DRAM), to store data and instructions to be executed by processor 610. The data and instructions are routed between processor 610, main memory 630, and other peripheral devices 640 via MCH interconnect protocol (IP) agents is considered to include the peripheral devices 640 that access data and instructions stored in the main memory 630 since data and instructions are routed between the main memory 630 and the peripheral devices 640 via the MCH 620).  

	Regarding claim 4, the combination of Moran teaches the apparatus of claim 3.

Shivanna further teaches:
wherein the micro controller further performs an attestation process to verify the integrity of the memory map (“[0020] The manageability hardware components 101 a-101N may also comprise registers (not shown in the figure), for example architected registers, to set attributes to hardware features that are mapped to the memory map register of the bus configuration spaces 103-104. The architected registers are programmable registers that are architected for the purpose of controlling access to a specific functionality of the particular manageability hardware component. These attributes, that are stored in the memory map register 105-106 of each manageability hardware components 101 a-101N, may be Read-Only, Read/Write or Hide. The attributes may be used to lock the bus configuration space 103-104 of the manageability hardware components 101 a-101N by setting the attributes as Read-Only or Hide”; “[0023] Once one of the OS components 107 a-107N, for example OS component 107 a, request access to one of the manageability hardware components 101 a-101N, for example manageability hardware component 101 a, and the boot firmware authentication module 110 verifies and authenticates the OS component 107 attestation process is considered to be a process in which the boot firmware engine 109 locks the bus configuration space 103-104 by setting the attributes as Read-Only or Hide, unlock the bus configuration space 103 of the manageability hardware component 101 a by setting its attribute as Read/Write, re-program the memory map registers 105 with a proper address that was stored during the enumeration process, and re-lock the bus configuration space 103 by setting its attribute as Read-Only or Hide; at this point, the integrity of the memory map is verified since a proper address is programmed to provide full access to the manageability functions of the manageability hardware component 101 a to the authorized OS component 107 a).  

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Moran to incorporate the teachings of Shivanna to provide a computer system having data security of Moran, with a system of Shivanna having a boot firmware engine that uses attributes to lock the bus configuration space 103-104 of the manageability hardware components 101 a-101N.  Doing so with the system of Moran would provide a solution 

Regarding claim 16, the claimed device comprises substantially the same steps or elements as those in claim 4.  Accordingly, the claim is also rejected for the same reasons as set forth for those in claim 4 above.

	Regarding claim 5, the combination of Moran teaches the apparatus of claim 4.

Shivanna further teaches:
wherein the micro controller permits the host device to access the memory device upon a determination that the integrity has been verified (“[0023] Once one of the OS components 107 a-107N, for example OS component 107 a, request access to one of the manageability hardware components 101 a-101N, for example manageability hardware component 101 a, and the boot firmware authentication module 110 verifies and authenticates the OS component 107 a, the boot firmware engine 109 may unlock the bus configuration space 103 of the manageability hardware component 101 a by setting its attribute as Read/Write, re-program the memory map registers 105 with a proper address that was stored during the enumeration process and re-lock the host device]”; note that once the integrity of the memory map is verified with the authentication and a proper address programmed, full access is provided to the manageability functions of the manageability hardware component 101 a to the authorized OS component 107 a [host device]; the memory device is considered to be a memory component that contains the bus configuration space 103/104 with the memory map register 105/106).  

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Moran to incorporate the teachings of Shivanna to provide a computer system having data security of Moran, with a system of Shivanna having a boot firmware engine that uses attributes to lock the bus configuration space 103-104 of the manageability hardware components 101 a-101N and a boot firmware authentication module 110 that verifies and authenticates the OS component 107 a.  Doing so with the system of Moran would provide a solution that protect the manageability hardware components of the computing device from unauthorized accesses by PDoS attacks, OS malwares, root kits and badly written/misbehaving device components during the booting process and during runtime of the computing devices by authorizing on-demand access to the manageability hardware components to those OS components previously verified and authorized by the boot firmware engine of the computing device.  (Shivanna, [0012])



Regarding claim 6, the combination of Moran teaches the apparatus of claim 5.

Shivanna further teaches:
wherein the micro controller blocks access to the host device upon a determination that the integrity has not been verified (“[0021] The modification of the bus configuration spaces 103-104 is blocked by setting their attributes to Read-Only or Hide on the manageability hardware components 101 a-101N. Any writing operation to this encrypted/transposed/obfuscated bus configuration spaces 103-104, will result in a system exception.”; “[0023] Once one of the OS components 107 a-107N, for example OS component 107 a, request access to one of the manageability hardware components 101 a-101N, for example manageability hardware component 101 a, and the boot firmware authentication module 110 verifies and authenticates the OS component 107 a, the boot firmware engine 109 may unlock the bus configuration space 103 of the manageability hardware component 101 a by setting its attribute as Read/Write, re-program the memory map registers 105 with a proper address that was stored during the enumeration process and re-lock the bus configuration space 103 by setting its attribute as Read-Only or Hide. This may provide full access to the manageability functions of the manageability hardware component 101 a to the authorized OS component 107 a [host device]”; note that the integrity of the memory map is verified after the authentication completes and the proper address is programmed; when the integrity of the memory map is not verified, full access to the manageability functions of the manageability hardware component 101 a to the authorized OS component 107 a [host device] is not provided [i.e., blocked] because the authentication is not completed and the proper address has not been programmed yet).  

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Moran to incorporate the teachings of Shivanna to provide a computer system having data security of Moran, with a system of Shivanna having a boot firmware engine that uses attributes to lock the bus configuration space 103-104 of the manageability hardware components 101 a-101N and a boot firmware authentication module 110 that verifies and authenticates the OS component 107 a.  Doing so with the system of Moran would provide a solution that protect the manageability hardware components of the computing device from unauthorized accesses by PDoS attacks, OS malwares, root kits and badly written/misbehaving device components during the booting process and during runtime of the computing devices by authorizing on-demand access to the manageability hardware components to those OS components previously verified and authorized by the boot firmware engine of the computing device.  (Shivanna, [0012])



Regarding claim 7, the combination of Moran teaches the apparatus of claim 6.

Shivanna further teaches:
wherein the micro controller blocks access to the host device via a hardware locking mechanism (“[0020] The manageability hardware components 101 a-101N may also comprise registers (not shown in the figure), for example architected registers, to set attributes to hardware features that are mapped to the memory map register of the bus configuration spaces 103-104. The architected registers are programmable registers that are architected for the purpose of controlling access to a specific functionality of the particular manageability hardware component. These attributes, that are stored in the memory map register 105-106 of each manageability hardware components 101 a-101N, may be Read-Only, Read/Write or Hide. The attributes may be used to lock the bus configuration space 103-104 of the manageability hardware components 101 a-101N by setting the attributes as Read-Only or Hide”; “[0023] Once one of the OS components 107 a-107N, for example OS component 107 a, request access to one of the manageability hardware components 101 a-101N, for example manageability hardware component 101 a, and the boot firmware authentication module 110 verifies and authenticates the OS component 107 a, the boot firmware engine 109 may unlock the bus configuration space 103 of the manageability host device]”; note that a hardware locking mechanism is considered to be using the attributes stored in the architected (hardware) registers to lock the bus configuration space 103-104 of the manageability hardware components 101 a-101N by setting the attributes as Read-Only or Hide).  

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Moran to incorporate the teachings of Shivanna to provide a computer system having data security of Moran, with a system of Shivanna having a boot firmware engine that uses attributes stored in the architected (hardware) registers to lock the bus configuration space 103-104 of the manageability hardware components 101 a-101N and a boot firmware authentication module 110 that verifies and authenticates the OS component 107 a.  Doing so with the system of Moran would provide a solution that protect the manageability hardware components of the computing device from unauthorized accesses by PDoS attacks, OS malwares, root kits and badly written/misbehaving device components during the booting process and during runtime of the computing devices by authorizing on-demand access to the manageability hardware components 

Regarding claims 13 and 19, the claimed method and the claimed device comprise substantially the same steps or elements as those in claim 7.  Accordingly, the claims are also rejected for the same reasons as set forth for those in claim 7 above.

Regarding claim 8, the combination of Moran teaches the apparatus of claim 4.

Shivanna further teaches:
wherein the micro controller publishes results of the attestation process to the BIOS firmware (“[0023] Once one of the OS components 107 a-107N [host device], for example OS component 107 a, request access to one of the manageability hardware components 101 a-101N, for example manageability hardware component 101 a, and the boot firmware authentication module 110 verifies and authenticates the OS component 107 a, the boot firmware engine 109 [BIOS firmware] may unlock the bus configuration space 103 of the manageability hardware component 101 a by setting its attribute as Read/Write, re-program the memory map registers 105 with a proper address that was stored during the enumeration process and re-lock the bus configuration space 103 by setting its attribute as Read-Only or Hide”; note that the attributes stored in the architected (hardware) registers to lock and unlock the bus configuration space 103-104 is considered to be used to publish results of the attestation process to the boot firmware engine 109 [BIOS firmware], similar to the description of paragraph [0031] of Applicant’s specification).  

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Moran to incorporate the teachings of Shivanna to provide a computer system having data security of Moran, with a system of Shivanna having a boot firmware engine that uses attributes stored in the architected (hardware) registers to lock the bus configuration space 103-104 of the manageability hardware components 101 a-101N and a boot firmware authentication module 110 that verifies and authenticates the OS component 107 a.  Doing so with the system of Moran would provide a solution that protect the manageability hardware components of the computing device from unauthorized accesses by PDoS attacks, OS malwares, root kits and badly written/misbehaving device components during the booting process and during runtime of the computing devices by authorizing on-demand access to the manageability hardware components to those OS components previously verified and authorized by the boot firmware engine of the computing device.  (Shivanna, [0012])

Regarding claim 14, the claimed method comprises substantially the same steps or elements as those in claim 8.  Accordingly, the claim is also rejected for the same reasons as set forth for those in claim 8 above.

the computing device of claim 15.
	
Moran further teaches:
the plurality of IP agents coupled to the system fabric (FIG. 6; “[0028] FIG. 6 shows an exemplary embodiment of a computer system 600. The system 600 includes a processor 610, a MCH 620, a main memory 630, and a number of peripheral devices 640”; note that the system fabric is considered to include the interface coupled between the MCH 620 and the peripheral devices 640 [IP agents] as shown in FIG. 6).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Charles Rones can be reached on (571)272-4085.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/T.B.V./Patent Examiner, Art Unit 2136


/CHARLES RONES/Supervisory Patent Examiner, Art Unit 2136