DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 5/11/2021 has been entered.

Response to Amendment
This action is in response to the communications and remarks filed on 5/11/2021.  Claims 1-3 and 5-18 are presently pending for examination.

Response to Arguments
Applicant's arguments, see pages 6-13, filed 5/11/2021, regarding the 102 and 103 rejections of Claims 1-3 and 5-18, have been fully considered and the arguments regarding Claims 6-18 are persuasive.  The arguments regarding Claims 1-3 and 5 are not persuasive however, the examiner proposed an examiner’s amendment to place 

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.  
Authorization for this examiner’s amendment was given in an emailed examiner’s amendment from Hector Agdeppa (Reg. No. 58,238) received on 7/30/2021.
The application has been amended as follows:
Please replace Claim 1 with the following:
(Currently Amended) A method comprising: 
implementing a firewall operating in a secure domain between a plurality of processors and a pool of shared memory, such that the firewall is downstream from the plurality of processors;
determining, by a trusted security agent that an access request is unaltered;
receiving the access request, at the firewall, to access a portion of memory within the pool of shared memory from one processor of the plurality of processor;
determining, by the firewall, whether the access request to access the portion of memory is allowed by identifying an address range associated with the one processor from which the access request is received, and determining, with the firewall, based on unmodifiable firewall configuration data when the one processor is operating in a non-secure domain, whether access to the address range is allowed by the processor and whether the processor is operating in a secure or non-secure domain; and

wherein the firewall operates independently of address translation or mapping performed by the plurality of processors.

Allowable Subject Matter
Claims 1-3 and 5-18 are allowed.
The following is an examiner’s statement of reasons for allowance:
Regarding Claim 1, although the closest prior art of record (such as Conti (US 7853997 B2), Hansson (US 20100319065 A1), and Azab et al., (US 20150199507 A1)) teaches A method comprising: implementing a firewall operating in a secure domain between a plurality of processors and a pool of shared memory, such that the firewall is downstream from the plurality of processors; determining, by a trusted security agent that an access request is unaltered; receiving the access request, at the firewall, to access a portion of memory within the pool of shared memory from one processor of the plurality of processor; determining, by the firewall, whether the access request to access the portion of memory is allowed by identifying an address range associated with the one processor from which the access request is received, and allowing the access request to proceed based on the determination, wherein the firewall operates independently of address translation or mapping performed by the plurality of processors.
However, none of the prior art, alone or in combination teaches and determining, with the firewall, based on unmodifiable firewall configuration data when the one processor is operating in a non-secure domain, whether access to the address range is allowed by the processor and whether the processor is operating in a secure or non-secure domain in view of other limitations of the independent claims.
Regarding Claim 6, although the closest prior art of record (such as Conti (US 7853997 B2), Hansson (US 20100319065 A1), and Azab et al., (US 20150199507 A1)) teaches A system comprising: a pool of shared memory; a processor operating in a first security domain to attempt access to a portion of memory within the pool of shared memory; a trusted security agent controlling the firewall determining whether the attempt to access has been altered; and a firewall situated downstream from the processor and operating in a second security domain to determine whether the access is allowed independently of address translation or mapping performed by the processor, the determination based on firewall configuration data specifying whether access to an address range commensurate with the portion of memory is allowed.
However, none of the prior art, alone or in combination teaches wherein the firewall configuration data cannot be modified by the processor when at least one of the processor is operating in the first security domain and when the trusted security agent determines that the attempt to access has been altered in view of other limitations of the independent claims.
Regarding Claim 12, although the closest prior art of record (such as Conti (US 7853997 B2), Hansson (US 20100319065 A1), and Azab et al., (US 20150199507 A1)) teaches A non-transitory processor readable medium containing thereon a set of instructions which when executed by a processor cause the processor to: receive, by an operating system running on the processor, a secure request from a security agent, the secure request to update a firewall configuration table, the firewall configuration table used by a firewall to determine whether access to a portion of memory is allowed, send the secure request to a local security agent, wherein the local security agent operates at a higher privilege level than the operating system; and update the firewall configuration table by the local security agent.
However, none of the prior art, alone or in combination teaches wherein the operating system cannot undetectably alter the secure request to update the firewall configuration table or a request to access the portion of memory; wherein the firewall configuration table can only be updated when operating at the higher privilege level such that subsequent determinations regarding whether access to the portion of memory is allowed is based on the updated firewall configuration table in view of other limitations of the independent claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDREW J STEINLE whose telephone number is (571)272-9923.  The examiner can normally be reached on M-F 10am-6pm CT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571) 272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ANDREW J STEINLE/Primary Examiner, Art Unit 2497