Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter
Claims 1-25 are allowed.
The following is an examiner’s statement of reasons for allowance:
Regarding independent claims 1, 10 and 19, the closest prior art are the following:
1. The previously cited reference Depeyrot (US 2017/0228326) teaches (see the Office Action (“OA”) dated 1/1/2021, pages 7-11) An apparatus, comprising: 
memory to store instructions; and
processing circuitry coupled with the memory, the processing circuitry operable to execute the instructions, which when executed, enable processing circuitry to:
receive a deprivileged call instruction from a first function, the deprivileged call instruction to call a second function in a deprivileged mode of operation (see [0047] and Fig. 1: “As represented by an arrow 108 in FIG. 1, in some embodiments one or more unctions (F) of the user mode may be called and executed from the sensitive data access mode. In order to ensure security during the execution of these functions, they are for example called using what will be referred to herein as "sandboxed" function calls. For example, such a sandboxed call is made using a specific instruction of the instruction set of the processing device, this instruction causing the privilege level to the temporarily degraded, with a corresponding restriction on memory accesses, so that the non-secure function may be executed in a secure fashion, for example in the user mode or in a dedicated sandbox mode”. And see [0007]: “there is provided a method of protecting sensitive data comprising: entering, by a processing device, a sensitive data access mode in which sensitive data is accessible; restricting, by a program running in the sensitive data access mode, one or more accessible address ranges for a non-secure function, and calling, from the sensitive data access mode, the non-secure function”. The Examiner interprets “a program running in the sensitive data access mode… calling… the non-secure function” taught in [0007] as a first function. The Examiner interprets “one or more [f]unctions (F) of the user mode…called from the sensitive data access mode” taught in [0047] as a second function), the deprivileged call comprising an indication of a callee address of the second function (see [0061]: “When a user mode function is to be called from the sensitive data access mode, a specific instruction, which will be called herein "USER_MODE_CALL", is used. The instruction for example indicates the address of the function that is to be executed”);
limit access by the second function to an address range … to enforce the deprivileged mode of operation (see [0075] and Fig. 3: “In an operation 302, when a non-secure function is to be called, access protection to the memory address space of the processing device is restricted. This operation is for example performed by configuring the register 224 in FIG. 2 to restrict the accessible memory addresses to a certain address range associated with the sensitive data access mode”. And see [0070] and Fig. 2: “The access protection circuit 206 is for example an MMU (memory management unit) configured to restrict, during a sandboxed function call from the sensitive data access mode, the range of memory addresses that are accessible by the memory 204. For example, the circuit 206 comprises a configuration register 224 accessible by the processing device 202 while the processing device is operating in the sensitive data access mode. Before the sandboxed function call and while the processing device 202 is in the sensitive data access mode, it for example sets one or more address ranges in the configuration register 224 in order to limit, during the sandboxed function call, the address ranges of the memory 204 that may subsequently be accessed by the processing device 202 while operating in the user mode. For example, the address ranges accessible during the sandboxed call are limited to certain address ranges among those associated with the sensitive data access mode”);
initiate execution of the second function in the deprivileged mode of operation.

2. A new reference Chen (US 7,478,388) teaches the processing circuitry comprising at least a data segment (DS) register (see col. 12, lines 8-13: “FIG. 3 generally illustrates the virtual memory segmentation of the x86-64 processor, as used in this invention. FIG. 3 shows a Global Descriptor Table Register (GDTR) 900, a Code Segment register (CS register) 902 and a DS data segment register (DS register) 904”) and one or more other segment registers (see col. 14, lines 59-63: “when saving the host context, the 64-bit FS.base and GS.base segment registers are saved, while, when saving the VMM context, only the 32-bit FS and GS segment registers are saved. The FS.base and GS.base registers are mapped to Model-Specific Registers (MSRs)”. The Examiner interprets “FS and GS segment registers” as one or more other segment registers), the processing circuitry operable to execute the instructions, which when executed, enable processing circuitry to:
load the DS register with a prepared entry from a global descriptor table (GDT) or a local descriptor table (LDT) (see col. 15, lines 56-60: “Next, at a step 808, the switch code 954 loads the DS register 904 with a value that points to the S-DS segment descriptor 916 in the switch GDT 910, which causes the S-DS segment descriptor 916 to be loaded into a software-invisible portion of the DS register 904”. The Examiner interprets “the S-DS segment descriptor 916 in the switch GDT 910” as a prepared entry from a global descriptor table (GDT)), the prepared entry associated with the first function (see Fig. 4, the Examiner interprets “the switch code 954” loading the DS register 904 with a value that points to the S-DS segment descriptor 916 (a prepared entry from a global descriptor table (GDT)) as the first function “associated with” “the prepared entry”).

3. A new reference entitled “Intel® 64 and IA-32 Architectures, Software Developer’s Manual, Volume 3A: System Programming Guide, Part 1” (hereafter “Intel”) teaches a table comprising indications of addresses of the memory for … exception handlers (see section 6.10 INTERRUPT DESCRIPTOR TABLE (IDT), ¶ 1: “The interrupt descriptor table (IDT) associates each exception or interrupt vector with a gate descriptor for the procedure or task used to service the associated exception or interrupt”.  And see section 6.11 IDT DESCRIPTORS “The IDT may contain any of three kinds of gate descriptors: • Task-gate descriptor• Interrupt-gate descriptor• Trap-gate descriptor. Figure 6-2 shows the formats for the task-gate, interrupt-gate, and trap-gate descriptors. The format of a task gate used in an IDT is the same as that of a task gate used in the GDT or an LDT (see Section 7.2.5, “Task-Gate Descriptor”). The task gate contains the segment selector for a TSS for an exception and/or interrupt handler task. Interrupt and trap gates are very similar to call gates (see Section 5.8.3, “Call Gates”). They contain a far pointer (segment selector and offset) that the processor uses to transfer program execution to a handler procedure in an exception- or interrupt-handler code segment”. Also see section 6.12.1 and Fig. 6.3 reproduce below. When the interrupt descriptor table (IDT) contains interrupt-gate descriptors and trap-gate descriptors, the Examiner interprets the interrupt descriptor table (IDT) as a table comprising indications of addresses of the memory for … exception handlers for the following reason: the Examiner interprets the “offset” contained in the IDT as indications of addresses of the memory for … exception handlers. Therefore, an IDT containing interrupt-gate descriptors and trap-gate descriptors, which further comprise “a far pointer (segment selector and offset) that the processor uses to transfer program execution to a handler procedure in an exception- or interrupt-handler code segment” as a table comprising indications of addresses of the memory for … exception handlers.

    PNG
    media_image1.png
    727
    805
    media_image1.png
    Greyscale
). 

4. A new reference Wu (US 2003/0236940) teaches a table comprising indications of addresses of the memory for call-back functions (see [0015]: “Next, referring to FIG. 4. When a fixed program A or B in the fixed program zone wants to call a callback functions A" or B" in the application program zone, it needs to go to the callback function entrance point zone to find out a starting address value A' or B' in a callback function address mapping table”. The Examiner interprets a callback function address mapping table as a table comprising indications of addresses of the memory for call-back functions).

5. A new reference Murray (US 2010/0030975) teaches the processing circuitry operable to execute the instructions, which when executed, enable processing circuitry to: identify a protection key defined by at least one of the six highest order bits of the … address (see [0067] and FIG. 5: “The manipulating the two highest order address bits, with the values of the two highest order bits chosen according to page protection information for each subject page”); 
apply a permission set to the address range … based on the protection key (see [0067] and FIG. 5: “The content of the two highest order address bits can be used by the page protection fault handling unit 196 to distinguish four different page protection conditions. The two highest order bits are conveniently manipulated according to the page descriptor information in the page descriptor store. In the example of FIG. 5, in total four representations of the subject address space are provided by using the two highest order address bit”).

Independent claims 1, 10 and 19 are allowable for the following reason: none of the prior art of record alone or in combination teaches 
“limit access by the second function to an address range defined by the prepared entry to enforce the deprivileged mode of operation; 
load at least one of the one or more other segment registers with a table comprising indications of addresses of the memory for call-back functions and exception handlers with which the second function can interact to enforce the deprivileged mode of operation; 
identify a protection key defined by at least one of the six highest order bits of the callee address; 
defined by the prepared entry based on the protection key to enforce the deprivileged mode of operation” (emphasis added), which are recited features of claims 1, 10 and 19. 

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHIMEI ZHU whose telephone number is (571)270-7990.  The examiner can normally be reached on 10am-6pm Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 






/ZHIMEI ZHU/Examiner, Art Unit 2495       

/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495