DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on July 23, 2021, has been entered.
 
Claims 1-24 are pending in this office action and presented for examination. Claims 1, 9, and 17 are newly amended by the RCE received July 23, 2021. 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-24 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject 
Claim 1 recites the limitation “prevents the branch predictor from predicting the target instruction of the indirect branch instruction for the first logical core based on software executed in a less privileged predictor mode by any of the at least one logical core” in lines 8-11. However, it is indefinite as to whether a) based on software executed in a less privileged predictor mode by any of the at least one logical core, the branch predictor is prevented from predicting the target instruction of the indirect branch instruction for the first logical core (such that no branch prediction is performed for the indirect branch instruction), or b) predicting the target instruction of the indirect branch instruction for the first logical core based on software executed in a less privileged predictor mode by any of the at least one logical core is prevented (but predicting the target instruction based on some other consideration is not prevented).
Claims 2-8 are rejected for failing to alleviate the rejection of claim 1 above. Note that claims 2-4 and 7-8 recite further language of analogous grammatical construction that is also indefinite for analogous reasons. 

Claim 3 recites the limitation “the indirect branch instruction executed in an enclave” in lines 2-3. However, there is insufficient antecedent basis for this limitation in the claims.

Claim 4 recites the limitation “the indirect branch instruction executed in a system-management mode” in lines 2-3. However, there is insufficient antecedent basis for this limitation in the claims.

Claim 9 recites the limitation “prevent a branch predictor of the processor from predicting a target instruction of an indirect branch instruction for the first logical core based on software executed in the less privileged predictor mode by any of the at least one logical core” in lines 6-8. However, it is indefinite as to whether a) based on software executed in a less privileged predictor mode by any of the at least one logical core, the branch predictor is prevented from predicting the target instruction of the indirect branch instruction for the first logical core (such that no branch prediction is performed for the indirect branch instruction), or b) predicting the target instruction of the indirect branch instruction for the first logical core based on software executed in a less privileged predictor mode by any of the at least one logical core is prevented (but predicting the target instruction based on some other consideration is not prevented).
Claims 10-16 are rejected for failing to alleviate the rejection of claim 9 above. Note that claims 10-12 and 15-16 recite further language of analogous grammatical construction that is also indefinite for analogous reasons. 

Claim 11 recites the limitation “the indirect branch instruction executed in an enclave” in line 2. However, there is insufficient antecedent basis for this limitation in the claims.

Claim 12 recites the limitation “the indirect branch instruction executed in a system-management mode” in lines 2-3. However, there is insufficient antecedent basis for this limitation in the claims.

Claim 17 recites the limitation “prevent a branch predictor of the processor from predicting a target instruction of an indirect branch instruction for the first logical core based on software executed in the less privileged predictor mode by any of the at least one logical core” in lines 7-9. However, it is indefinite as to whether a) based on software executed in a less privileged predictor mode by any of the at least one logical core, the branch predictor is prevented from predicting the target instruction of the indirect branch instruction for the first logical core (such that no branch prediction is performed for the indirect branch instruction), or b) predicting the target instruction of the indirect branch instruction for the first logical core based on software executed in a less privileged predictor mode by any of the at least one logical core is prevented (but predicting the target instruction based on some other consideration is not prevented).
Claims 18-24 are rejected for failing to alleviate the rejection of claim 17 above. Note that claims 18-20 and 23-24 recite further language of analogous grammatical construction that is also indefinite for analogous reasons. 

Claim 19 recites the limitation “the indirect branch instruction executed in an enclave” in line 3. However, there is insufficient antecedent basis for this limitation in the claims.

Claim 20 recites the limitation “the indirect branch instruction executed in a system-management mode” in line 3. However, there is insufficient antecedent basis for this limitation in the claims.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 7-10, and 15-16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Valles (Performance Insights to Intel® Hyper-Threading Technology) in view of Bonzini (Reading privileged memory with a side-channel | Hacker News).
Consider claim 1, Valles discloses a processor core (page 1, the discussion here refers to Intel® 64 architecture, with particular emphasis on Intel processors based on the Nehalem core including the Intel Core i7 Processor and the Intel Xeon processor 5500 series) comprising: at least one logical core (page 1, Intel HT Technology allows one physical processor core to present two logical cores to the operating system, which allows it to support two threads at once. The key hardware mechanism underlying this capability is an extra architectural state supported by the hardware, as shown in Figure 1); a branch predictor to predict a target instruction (page 2, last paragraph, branch mispredict) of an indirect branch instruction (page 1, the discussion here refers to Intel® 64 architecture, with particular emphasis on Intel processors based on the Nehalem core including the Intel Core i7 Processor and the Intel Xeon processor 5500 series; Examiner submits that it is inherent that the aforementioned architectures comprise a predictable indirect branch instruction); an instruction execution pipeline (page 2, execution pipeline of processors based on Intel® Core™ microarchitecture) to perform at least one data fetch operation (page 2, data to be fetched from cache or memory); and a model specific register (page 2,  for each thread, the processor maintains a separate, complete architectural state that includes its own set of registers as defined by the Intel 64 architecture).

However, Valles does not disclose the aforementioned model specific register is to store an indirect branch restricted speculation bit for a first logical core of the aforementioned at least one logical core that, when set after a transition of the first logical core to a more privileged predictor mode, prevents the aforementioned branch predictor from predicting the aforementioned target instruction of the aforementioned indirect branch instruction for the first logical core based on software executed in a less privileged predictor mode by any of the aforementioned at least one logical core, and allows the aforementioned branch predictor to predict a second target instruction of a second indirect branch instruction based on software executed in the more privileged predictor mode.
On the other hand, Bonzini discloses a branch predictor to predict a target instruction of an indirect branch instruction (page 12, indirect branch predictor); and a model specific register to store an indirect branch restricted speculation bit (page 12, chicken bit to disable indirect branch prediction) that, when set after a transition to a more privileged predictor mode, prevents the branch predictor from predicting the target instruction of the indirect branch instruction based on software executed in a less privileged predictor mode (page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect branch predictor on kernel mode entry), and allows a branch predictor to predict a second target instruction of a second indirect branch instruction based on software executed in a more privileged predictor mode (page 12, chicken bit to disable indirect branch prediction; page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect branch predictor on kernel mode entry; in other words, the 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Bonzini with the invention of Valles in order to increase security. Alternatively, this modification merely entails the combination of prior art elements (the architecture of Valles, and the security features of Bonzini) according to known methods to yield predictable results, which is an exemplary rationale that may support a conclusion of obviousness, as per MPEP 2143. Note that the teachings of Bonzini, when applied to the invention of Valles (entailing logical cores), results in the overall claim limitations. 

Consider claim 2, the overall combination discloses the at least one logical core is a plurality of logical cores, and a respective indirect branch restricted speculation bit being set in the model specific register for a logical core of the plurality of logical cores prevents the branch predictor from predicting the target instruction of the indirect branch instruction for the logical core of the plurality of logical cores based on software executed by the other of the plurality of logical cores (Bonzini, page 12, indirect branch predictor; page 12, chicken bit to disable indirect branch prediction; page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect branch predictor on kernel mode entry; Valles, page 1, the discussion here refers to Intel® 64 architecture, with particular emphasis on Intel processors based on the Nehalem core including the Intel Core i7 Processor and the Intel Xeon processor 5500 series; page 1, Intel HT Technology allows one physical 

Consider claim 7, the overall combination discloses the indirect branch restricted speculation bit (Bonzini, page 12, chicken bit to disable indirect branch prediction) being set before the transition to the more privileged predictor mode prevents the branch predictor from predicting the target instruction for the first logical core based on software executed, before the transition, in the less privileged predictor mode by any of the at least one logical core (Bonzini, page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect branch predictor on kernel mode entry; Valles, page 1, the discussion here refers to Intel® 64 architecture, with particular emphasis on Intel processors based on the Nehalem core including the Intel Core i7 Processor and the Intel Xeon processor 5500 series; page 1, Intel HT Technology allows one physical processor core to present two logical cores to the operating system, which allows it to support two threads at once. The key hardware mechanism underlying this capability is an extra architectural state supported by the hardware, as shown in Figure 1). 

Consider claim 8, the overall combination discloses the indirect branch restricted speculation bit (Bonzini, page 12, chicken bit to disable indirect branch prediction) being set after the transition to the more privileged predictor mode also prevents the branch predictor from predicting the target instruction for the first logical core based on software executed in a less privileged predictor mode by any of the at least one logical core for a later, second transition of 

Consider claim 9, Valles discloses transitioning a first logical core of at least one logical core of a processor core of a processor to a more privileged predictor mode from a less privileged predictor mode (page 1, the discussion here refers to Intel® 64 architecture, with particular emphasis on Intel processors based on the Nehalem core including the Intel Core i7 Processor and the Intel Xeon processor 5500 series; page 1, Intel HT Technology allows one physical processor core to present two logical cores to the operating system, which allows it to support two threads at once. The key hardware mechanism underlying this capability is an extra architectural state supported by the hardware, as shown in Figure 1; page 2, last paragraph, branch mispredict; Examiner submits that it is inherent that the aforementioned architectures comprise a more privileged mode and a less privileged mode); a model specific register (page 2,  for each thread, the processor maintains a separate, complete architectural state that includes its own set of registers as defined by the Intel 64 architecture); a branch predictor (page 2, last paragraph, branch mispredict), a target address of an indirect branch instruction (page 1, the discussion here refers to Intel® 64 architecture, with particular emphasis on Intel processors 
To any extent to which Valles does not implicitly disclose the aforementioned at least one data fetch operation being for the aforementioned target instruction in particular, Examiner submits that it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the aforementioned at least one data fetch operation being for the aforementioned target instruction in particular, as this implementation is “obvious to try" — choosing from a finite number of identified, predictable solutions, with a reasonable expectation of success — given that one of ordinary skill in the art before the effective filing date of the claimed invention would readily recognize that any instruction can be a target instruction, and an instruction that fetches data is one type of instruction. Moreover, to any extent to which Valles does not implicitly disclose that the aforementioned at least one data fetch operation is performed for the aforementioned target instruction before execution of the target instruction, Examiner submits that it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the target instruction to be executed twice (such that a data fetch operation performed in response to the first execution of the target instruction occurs before the second execution of the target instruction), as this implementation is “obvious to try" — choosing from a finite number of identified, predictable solutions, with a reasonable expectation of success — given that one of ordinary skill in the art before the effective filing date of the claimed invention would readily recognize that more than one instance of an instruction 
However, Valles does not disclose setting an indirect branch restricted speculation bit for the first logical core in the aforementioned model specific register of the aforementioned processor after the aforementioned transitioning of the aforementioned first logical core to the aforementioned more privileged predictor mode to prevent the aforementioned branch predictor of the aforementioned processor from predicting the aforementioned target instruction of the aforementioned indirect branch instruction for the aforementioned logical core based on software executed in the aforementioned less privileged predictor mode by any of the aforementioned at least one logical core.
On the other hand, Bonzini discloses setting an indirect branch restricted speculation bit in a model specific register of a processor after transitioning to a more privileged predictor mode to prevent a branch predictor of the processor from predicting a target instruction of an indirect branch instruction based on software executed in a less privileged predictor mode (page 12, indirect branch predictor; page 12, chicken bit to disable indirect branch prediction; page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect branch predictor on kernel mode entry), and allow a branch predictor to predict a second target instruction of a second indirect branch instruction based on 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Bonzini with the invention of Valles in order to increase security. Alternatively, this modification merely entails the combination of prior art elements (the architecture of Valles, and the security features of Bonzini) according to known methods to yield predictable results, which is an exemplary rationale that may support a conclusion of obviousness, as per MPEP 2143. Note that the teachings of Bonzini, when applied to the invention of Valles (entailing logical cores), results in the overall claim limitations. 

Consider claim 10, the overall combination discloses the at least one logical core is a plurality of logical cores, further comprising setting a respective indirect branch restricted speculation bit being set in the model specific register for a logical core of the plurality of logical cores to prevent the branch predictor from predicting the target instruction of the indirect branch instruction for the logical core of the plurality of logical cores based on software executed by the other of the plurality of logical cores (Bonzini, page 12, indirect branch predictor; page 12, chicken bit to disable indirect branch prediction; page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect 

Consider claim 15, the overall combination discloses setting of the indirect branch restricted speculation bit in the model specific register (Bonzini, page 12, chicken bit to disable indirect branch prediction) after the transitioning to the more privileged predictor mode prevents the branch predictor from predicting the target instruction for the first logical core based on software executed, before the transitioning, in the less privileged predictor mode by any of the at least one logical core (Bonzini, page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect branch predictor on kernel mode entry; Valles, page 1, the discussion here refers to Intel® 64 architecture, with particular emphasis on Intel processors based on the Nehalem core including the Intel Core i7 Processor and the Intel Xeon processor 5500 series; page 1, Intel HT Technology allows one physical processor core to present two logical cores to the operating system, which allows it to support two threads at once. The key hardware mechanism underlying this capability is an extra architectural state supported by the hardware, as shown in Figure 1). 

Consider claim 16, the overall combination discloses the setting of the indirect branch restricted speculation bit (Bonzini, page 12, chicken bit to disable indirect branch prediction) in .

Claims 3 and 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Valles and Bonzini as applied to claims 1 and 9 above, and further in view of Lee et al. (Lee) (Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing).
Consider claim 3, the combination thus far discloses the branch predictor is prevented from predicting the target instruction, for the indirect branch instruction executed in a more privileged predictor mode, based on software executed in a less privileged predictor mode by any of the at least one logical core (Bonzini, page 12, indirect branch predictor; page 12, chicken bit to disable indirect branch prediction; page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect branch predictor on kernel mode entry; Valles, page 1, the discussion here refers to Intel® 64 
However, the combination thus far does not disclose that the indirect branch is executed in an enclave and the software is executed outside the enclave.
On the other hand, Lee discloses preventing branch prediction for a branch executed in an enclave based on software executed outside an enclave (page 567, whenever an enclave context switch (via the EENTER, EEXIT, or ERESUME instructions or AEX) occurs, the processor needs to flush the BTB and BPU states).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Lee with the combination of Valles and Bonzini in order to preclude attacks against software executed in enclaves in particular. Alternatively, this modification merely entails the combination of prior art elements (Lee’s enclaves, and the security feature of the combination of Valles and Bonzini) according to known methods (that which is applicable to the kernel and non-kernel mode of the combination of Valles and Bonzini being analogously applicable to enclave and non-enclave code of Lee) to yield predictable results, which is an exemplary rationale that may support a conclusion of obviousness, as per MPEP 2143. Note that Lee’s teaching of preventing branch prediction for a branch executed in an enclave based on software executed outside an enclave, when applied to the combination of Valles and Bonzini, results in the overall claim limitation.

Consider claim 11, the combination thus far discloses preventing the branch predictor from predicting the target instruction, for the indirect branch instruction executed in a more privileged predictor mode, based on software executed in a less privileged predictor mode by any of the at least one logical core (Bonzini, page 12, indirect branch predictor; page 12, chicken bit to disable indirect branch prediction; page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect branch predictor on kernel mode entry; Valles, page 1, the discussion here refers to Intel® 64 architecture, with particular emphasis on Intel processors based on the Nehalem core including the Intel Core i7 Processor and the Intel Xeon processor 5500 series; page 1, Intel HT Technology allows one physical processor core to present two logical cores to the operating system, which allows it to support two threads at once. The key hardware mechanism underlying this capability is an extra architectural state supported by the hardware, as shown in Figure 1).
However, the combination thus far does not disclose that the indirect branch is executed in an enclave and the software is executed outside the enclave.
On the other hand, Lee discloses preventing branch prediction for a branch executed in an enclave based on software executed outside an enclave (page 567, whenever an enclave context switch (via the EENTER, EEXIT, or ERESUME instructions or AEX) occurs, the processor needs to flush the BTB and BPU states).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Lee with the combination of Valles and Bonzini in order to preclude attacks against software executed in enclaves in particular. Alternatively, this modification merely entails the combination of prior art elements (Lee’s enclaves, and the security feature of the combination of Valles and Bonzini) according to known .

Claims 4 and 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Valles and Bonzini as applied to claims 1 and 11 above, and further in view of Smith et al. (Smith) (US 20030009692).
Consider claim 4, the combination thus far discloses the branch predictor is prevented from predicting the target instruction, for the indirect branch instruction executed in a more privileged predictor mode, based on software executed in a less privileged predictor mode by any of the at least one logical core (Bonzini, page 12, indirect branch predictor; page 12, chicken bit to disable indirect branch prediction; page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect branch predictor on kernel mode entry; Valles, page 1, the discussion here refers to Intel® 64 architecture, with particular emphasis on Intel processors based on the Nehalem core including the Intel Core i7 Processor and the Intel Xeon processor 5500 series; page 1, Intel HT Technology allows one physical processor core to present two logical cores to the operating system, which allows it to support two threads at once. The key hardware mechanism underlying this capability is an extra architectural state supported by the hardware, as shown in Figure 1).

On the other hand, Smith discloses a privileged mode of operation being a System Management Mode (SMM), wherein the SMM is entered via a system management interrupt, and wherein the privileged mode is not visible to other processes ([0040], lines 2-6, an exemplary privileged mode of operation, well known to those of ordinary skill in the art, is the System Management Mode (SMM). Entry into the SMM is initiated through a system management interrupt (SMI); [0040], lines 7-8, a privileged mode is defined as a mode of operation not visible to other processes). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Smith with the combination of Valles and Bonzini in order to preclude attacks against software executed in SMM in particular. Alternatively, this modification merely entails the combination of prior art elements (Smith’s SMM, and the security feature of the combination of Valles and Bonzini) according to known methods (that which is applicable to the kernel and non-kernel mode of the combination of Valles and Bonzini being analogously applicable to SMM and non-SMM of Smith) to yield predictable results, which is an exemplary rationale that may support a conclusion of obviousness, as per MPEP 2143. Note that Smith’s teaching of a privileged mode of operation being a System Management Mode (SMM), wherein the SMM is entered via a system management interrupt, and wherein the privileged mode is not visible to other processes, when applied to the combination of Valles and Bonzini, which entails a security feature to preclude a privileged mode from being visible to other processes, results in the overall claim limitation.

Consider claim 12, the combination thus far discloses preventing the branch predictor from predicting the target instruction, for the indirect branch instruction executed in a more privileged predictor mode, based on software executed in a less privileged predictor mode by any of the at least one logical core (Bonzini, page 12, indirect branch predictor; page 12, chicken bit to disable indirect branch prediction; page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect branch predictor on kernel mode entry; Valles, page 1, the discussion here refers to Intel® 64 architecture, with particular emphasis on Intel processors based on the Nehalem core including the Intel Core i7 Processor and the Intel Xeon processor 5500 series; page 1, Intel HT Technology allows one physical processor core to present two logical cores to the operating system, which allows it to support two threads at once. The key hardware mechanism underlying this capability is an extra architectural state supported by the hardware, as shown in Figure 1).
However, the combination thus far does not disclose that the indirect branch is executed in a system-management mode after a system-management interrupt, and the software is executed in the system-management mode.
On the other hand, Smith discloses a privileged mode of operation being a System Management Mode (SMM), wherein the SMM is entered via a system management interrupt, and wherein the privileged mode is not visible to other processes ([0040], lines 2-6, an exemplary privileged mode of operation, well known to those of ordinary skill in the art, is the System Management Mode (SMM). Entry into the SMM is initiated through a system management interrupt (SMI); [0040], lines 7-8, a privileged mode is defined as a mode of operation not visible to other processes). 
.

Claims 5-6 and 13-14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Valles and Bonzini as applied to claims 1 and 9 above, and further in view of Naveh et al. (Naveh) (US 20060143485).
Consider claim 5, the combination thus far discloses a set indirect branch restricted speculation bit for the first logical core in the model specific register (Bonzini, page 12, indirect branch predictor; page 12, chicken bit to disable indirect branch prediction; page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect branch predictor on kernel mode entry; Valles, page 1, the discussion here refers to Intel® 64 architecture, with particular emphasis on Intel processors based on the 
On the other hand, Naveh discloses clearing a bit prior to entering a sleep state ([0031], lines 2-5, the voltage levels provided to processor 102 in power state C5 may be sufficiently low enough to cause processor 102 to lose its operating context; [0021], lines 3-22, an operating context may refer to the information used by the processor to execute instructions at a given point in time. For example, a processor may have a data path comprising one or more execution units, registers, and the communication paths between them. Examples of execution units may include arithmetic logic units (ALUs) or shifters. The registers may include data registers and control registers. Examples of registers may include a program counter (PC), an interrupt address register (IAR), a program status register (PSR), an instruction register (IR), memory address register (MAR), memory data register (MDR), and so forth. The PSR, for example, may contain all the status flags for a machine, such as interrupt enable, condition codes, and so forth. The information stored in the registers and execution units of a processor data path at a given point in time may represent the current operating context for a processor. In addition, any data in the caches and other on-chip arrays/memories used by the processor may comprise part of the operating context as well. The embodiments are not limited in this context).
Naveh’s teaching reduces power consumption (Naveh, [0020]).


Consider claim 6, the overall combination discloses the processor core is to re-set the cleared indirect branch restricted speculation bit for the first logical core in the model specific register after wakeup from the sleep state (Naveh, [0040], lines 1-9, In one embodiment, processor 102 may be restored to its operational state in response to the CONTEXT_RESTORE signal. For example, the voltage for processor 102 may be returned to normal operating levels. The internal variables for processor 102 may be initialized, and the saved operating context may be restored from memory 212 and/or memory 120, 148. If needed, additional arrays may be restored from the memory units to complete restoration operations; Bonzini, page 12, indirect branch predictor; page 12, chicken bit to disable indirect branch prediction; page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect branch predictor on kernel mode entry; Valles, page 1, the discussion here refers to Intel® 64 architecture, with particular emphasis on Intel processors based on the Nehalem core including the Intel Core i7 Processor and the Intel Xeon processor 5500 series; 

Consider claim 13, the combination thus far discloses a set indirect branch restricted speculation bit for the first logical core in the model specific register (Bonzini, page 12, indirect branch predictor; page 12, chicken bit to disable indirect branch prediction; page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect branch predictor on kernel mode entry; Valles, page 1, the discussion here refers to Intel® 64 architecture, with particular emphasis on Intel processors based on the Nehalem core including the Intel Core i7 Processor and the Intel Xeon processor 5500 series; page 1, Intel HT Technology allows one physical processor core to present two logical cores to the operating system, which allows it to support two threads at once. The key hardware mechanism underlying this capability is an extra architectural state supported by the hardware, as shown in Figure 1) but does not disclose clearing the aforementioned bit prior to entering a sleep state.
On the other hand, Naveh discloses clearing a bit prior to entering a sleep state ([0031], lines 2-5, the voltage levels provided to processor 102 in power state C5 may be sufficiently low enough to cause processor 102 to lose its operating context; [0021], lines 3-22, an operating context may refer to the information used by the processor to execute instructions at a given point in time. For example, a processor may have a data path comprising one or more execution units, registers, and the communication paths between them. Examples of execution units may 
Naveh’s teaching reduces power consumption (Naveh, [0020]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Naveh with the combination of Valles and Bonzini in order to reduce power consumption. Alternatively, this modification merely entails the combination of prior art elements (Naveh’s clearing a bit prior to entering a sleep state, and the indirect branch restricted speculation bit of the combination of Valles and Bonzini) according to known methods (that which is applicable to the bit of Naveh being analogously applicable to the indirect branch restricted speculation bit in particular of the combination of Valles and Bonzini) to yield predictable results, which is an exemplary rationale that may support a conclusion of obviousness, as per MPEP 2143.

Consider claim 14, the overall combination discloses  re-setting the cleared indirect branch restricted speculation bit for the first logical core in the model specific register after wakeup from the sleep state (Naveh, [0040], lines 1-9, In one embodiment, processor 102 may .

Claims 17-18 and 23-24 is/are rejected under 35 U.S.C. 103 as being unpatentable over Valles (Performance Insights to Intel® Hyper-Threading Technology) in view of Bonzini (Reading privileged memory with a side-channel | Hacker News) in view of Examiner’s Official Notice.
Consider claim 17, Valles discloses transitioning a first logical core of at least one logical core of a processor core of a processor to a more privileged predictor mode from a less privileged predictor mode (page 1, the discussion here refers to Intel® 64 architecture, with particular emphasis on Intel processors based on the Nehalem core including the Intel Core i7 Processor and the Intel Xeon processor 5500 series; page 1, Intel HT Technology allows one 
To any extent to which Valles does not implicitly disclose the aforementioned at least one data fetch operation being for the aforementioned target instruction in particular, Examiner submits that it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the aforementioned at least one data fetch operation being for the aforementioned target instruction in particular, as this implementation is “obvious to try" — choosing from a finite number of identified, predictable solutions, with a reasonable expectation of success — given that one of ordinary skill in the art before the effective filing date of the claimed invention would readily recognize that any instruction can be a target instruction, and an instruction that fetches data is one type of instruction. Moreover, to any extent to which 
However, Valles does not disclose setting an indirect branch restricted speculation bit for the first logical core in the aforementioned model specific register of the aforementioned processor after the aforementioned transitioning of the aforementioned first logical core to the aforementioned more privileged predictor mode to prevent the aforementioned branch predictor of the aforementioned processor from predicting the aforementioned target instruction of the aforementioned indirect branch instruction for the aforementioned logical core based on software executed in the aforementioned less privileged predictor mode by any of the aforementioned at 
On the other hand, Bonzini discloses setting an indirect branch restricted speculation bit in a model specific register of a processor after transitioning to a more privileged predictor mode to prevent a branch predictor of the processor from predicting a target instruction of an indirect branch instruction based on software executed in a less privileged predictor mode (page 12, indirect branch predictor; page 12, chicken bit to disable indirect branch prediction; page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect branch predictor on kernel mode entry), and allow a branch predictor to predict a second target instruction of a second indirect branch instruction based on software executed in a more privileged predictor mode (page 12, chicken bit to disable indirect branch prediction; page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect branch predictor on kernel mode entry; in other words, the chicken bit, when not set to a value that prevents indirect branch prediction, allows indirect branch prediction. In addition, a chicken bit that is set to a value that prevents indirect branch prediction, in being writable to a value that allows indirect branch prediction, thus allows indirect branch prediction).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Bonzini with the invention of Valles in order to increase security. Alternatively, this modification merely entails the combination of 
However, the combination thus far does not disclose a non-transitory machine readable medium that stores code that when executed by a machine causes the machine to perform the aforementioned steps.
On the other hand, Examiner takes Official Notice of a non-transitory machine readable medium that stores code that when executed by a machine causes the machine to perform steps.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Examiner’s Official Notice with the combination of Valles and Bonzini, as this modification merely entails the combination of prior art elements according to known methods to yield predictable results, which is an exemplary rationale that may support a conclusion of obviousness, as per MPEP 2143.

Consider claim 18, the overall combination discloses the at least one logical core is a plurality of logical cores, further comprising setting a respective indirect branch restricted speculation bit being set in the model specific register for a logical core of the plurality of logical cores to prevent the branch predictor from predicting the target instruction of the indirect branch instruction for the logical core of the plurality of logical cores based on software executed by the other of the plurality of logical cores (Bonzini, page 12, indirect branch predictor; page 12, chicken bit to disable indirect branch prediction; page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect 

Consider claim 23, the overall combination discloses setting of the indirect branch restricted speculation bit in the model specific register (Bonzini, page 12, chicken bit to disable indirect branch prediction) after the transitioning to the more privileged predictor mode prevents the branch predictor from predicting the target instruction for the first logical core based on software executed, before the transitioning, in the less privileged predictor mode by any of the at least one logical core (Bonzini, page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect branch predictor on kernel mode entry; Valles, page 1, the discussion here refers to Intel® 64 architecture, with particular emphasis on Intel processors based on the Nehalem core including the Intel Core i7 Processor and the Intel Xeon processor 5500 series; page 1, Intel HT Technology allows one physical processor core to present two logical cores to the operating system, which allows it to support two threads at once. The key hardware mechanism underlying this capability is an extra architectural state supported by the hardware, as shown in Figure 1). 

Consider claim 24, the overall combination discloses the setting of the indirect branch restricted speculation bit (Bonzini, page 12, chicken bit to disable indirect branch prediction) in . 

Claim 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Valles, Bonzini, and Examiner’s Official Notice as applied to claim 17 above, and further in view of Lee et al. (Lee) (Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing).
Consider claim 19, the combination thus far discloses preventing the branch predictor from predicting the target instruction, for the indirect branch instruction executed in a more privileged predictor mode, based on software executed in a less privileged predictor mode by any of the at least one logical core (Bonzini, page 12, indirect branch predictor; page 12, chicken bit to disable indirect branch prediction; page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect branch predictor on kernel mode entry; Valles, page 1, the discussion here refers to Intel® 64 
However, the combination thus far does not disclose that the indirect branch is executed in an enclave and the software is executed outside the enclave.
On the other hand, Lee discloses preventing branch prediction for a branch executed in an enclave based on software executed outside an enclave (page 567, whenever an enclave context switch (via the EENTER, EEXIT, or ERESUME instructions or AEX) occurs, the processor needs to flush the BTB and BPU states).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Lee with the combination of Valles, Bonzini, and Examiner’s Official Notice in order to preclude attacks against software executed in enclaves in particular. Alternatively, this modification merely entails the combination of prior art elements (Lee’s enclaves, and the security feature of the combination of Valles, Bonzini, and Examiner’s Official Notice) according to known methods (that which is applicable to the kernel and non-kernel mode of the combination of Valles, Bonzini, and Examiner’s Official Notice being analogously applicable to enclave and non-enclave code of Lee) to yield predictable results, which is an exemplary rationale that may support a conclusion of obviousness, as per MPEP 2143. Note that Lee’s teaching of preventing branch prediction for a branch executed in an enclave based on software executed outside an enclave, when applied to the combination of Valles, Bonzini, and Examiner’s Official Notice, results in the overall claim limitation.

Claim 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Valles, Bonzini, and Examiner’s Official Notice as applied to claim 17 above, and further in view of Smith et al. (Smith) (US 20030009692).
Consider claim 20, the combination thus far discloses preventing the branch predictor from predicting the target instruction, for the indirect branch instruction executed in a more privileged predictor mode, based on software executed in a less privileged predictor mode by any of the at least one logical core (Bonzini, page 12, indirect branch predictor; page 12, chicken bit to disable indirect branch prediction; page 12, disabling indirect branch prediction (and thus speculation after indirect branches) while in kernel mode, or flushing the indirect branch predictor on kernel mode entry; Valles, page 1, the discussion here refers to Intel® 64 architecture, with particular emphasis on Intel processors based on the Nehalem core including the Intel Core i7 Processor and the Intel Xeon processor 5500 series; page 1, Intel HT Technology allows one physical processor core to present two logical cores to the operating system, which allows it to support two threads at once. The key hardware mechanism underlying this capability is an extra architectural state supported by the hardware, as shown in Figure 1).
However, the combination thus far does not disclose that the indirect branch is executed in a system-management mode after a system-management interrupt, and the software is executed in the system-management mode.
On the other hand, Smith discloses a privileged mode of operation being a System Management Mode (SMM), wherein the SMM is entered via a system management interrupt, and wherein the privileged mode is not visible to other processes ([0040], lines 2-6, an exemplary privileged mode of operation, well known to those of ordinary skill in the art, is the 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Smith with the combination of Valles, Bonzini, and Examiner’s Official Notice in order to preclude attacks against software executed in SMM in particular. Alternatively, this modification merely entails the combination of prior art elements (Smith’s SMM, and the security feature of the combination of Valles, Bonzini, and Examiner’s Official Notice) according to known methods (that which is applicable to the kernel and non-kernel mode of the combination of Valles, Bonzini, and Examiner’s Official Notice being analogously applicable to SMM and non-SMM of Smith) to yield predictable results, which is an exemplary rationale that may support a conclusion of obviousness, as per MPEP 2143. Note that Smith’s teaching of a privileged mode of operation being a System Management Mode (SMM), wherein the SMM is entered via a system management interrupt, and wherein the privileged mode is not visible to other processes, when applied to the combination of Valles, Bonzini, and Examiner’s Official Notice, which entails a security feature to preclude a privileged mode from being visible to other processes, results in the overall claim limitation.

Claims 21-22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Valles, Bonzini, and Examiner’s Official Notice as applied to claim 17 above, and further in view of Naveh et al. (Naveh) (US 20060143485).
Consider claim 21, the combination thus far discloses a set indirect branch restricted speculation bit for the first logical core in the model specific register (Bonzini, page 12, indirect 
On the other hand, Naveh discloses clearing a bit prior to entering a sleep state ([0031], lines 2-5, the voltage levels provided to processor 102 in power state C5 may be sufficiently low enough to cause processor 102 to lose its operating context; [0021], lines 3-22, an operating context may refer to the information used by the processor to execute instructions at a given point in time. For example, a processor may have a data path comprising one or more execution units, registers, and the communication paths between them. Examples of execution units may include arithmetic logic units (ALUs) or shifters. The registers may include data registers and control registers. Examples of registers may include a program counter (PC), an interrupt address register (IAR), a program status register (PSR), an instruction register (IR), memory address register (MAR), memory data register (MDR), and so forth. The PSR, for example, may contain all the status flags for a machine, such as interrupt enable, condition codes, and so forth. The information stored in the registers and execution units of a processor data path at a given point in time may represent the current operating context for a processor. In addition, any data in the 
Naveh’s teaching reduces power consumption (Naveh, [0020]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Naveh with the combination of Valles, Bonzini, and Examiner’s Official Notice in order to reduce power consumption. Alternatively, this modification merely entails the combination of prior art elements (Naveh’s clearing a bit prior to entering a sleep state, and the indirect branch restricted speculation bit of the combination of Valles, Bonzini, and Examiner’s Official Notice) according to known methods (that which is applicable to the bit of Naveh being analogously applicable to the indirect branch restricted speculation bit in particular of the combination of Valles, Bonzini, and Examiner’s Official Notice) to yield predictable results, which is an exemplary rationale that may support a conclusion of obviousness, as per MPEP 2143.

Consider claim 22, the overall combination discloses  re-setting the cleared indirect branch restricted speculation bit for the first logical core in the model specific register after wakeup from the sleep state (Naveh, [0040], lines 1-9, In one embodiment, processor 102 may be restored to its operational state in response to the CONTEXT_RESTORE signal. For example, the voltage for processor 102 may be returned to normal operating levels. The internal variables for processor 102 may be initialized, and the saved operating context may be restored from memory 212 and/or memory 120, 148. If needed, additional arrays may be restored from the memory units to complete restoration operations; Bonzini, page 12, indirect branch predictor; page 12, chicken bit to disable indirect branch prediction; page 12, disabling indirect branch 

Response to Arguments
Applicant on page 10 argues: “Applicant submits that the amendments in this response overcome the objections in the Office action.”
In view of the aforementioned amendments, the previously presented objection to the specification is withdrawn.

Applicant on page 10 argues: “Applicant has submitted replacement drawings with changes requested by the Examiner.”
In view of the aforementioned replacement drawings, the previously presented objection to the drawings is withdrawn.

Applicant on page 11 argues: ‘However, the Office action in a) and b) in the quote above has taken Applicant's claim language and re-ordered it. There is no finding or reasoning explaining why one of ordinary skill in the art would have re-ordered the Applicant's claim language. The Applicant's claim language in its original order is definite. If the Office maintains 
However, Examiner has provided two reasonable interpretations of the cited limitation to show why the limitation is indefinite. Applicant does not elaborate on why the claim language is instead definite, or elaborate on why one (or both) of the two provided interpretations would be unreasonable. Examiner notes that the rejection is based on how one of ordinary skill in the art would interpret the claim language.
Examiner notes that Applicant’s argument above repeats a previously presented argument, without addressing a previously presented response to argument (which tracks the response to argument above). 

Applicant on page 12 argues: ‘However, "an indirect branch instruction" is recited in independent claim 1 that dependent claim 3 depends on, and "an enclave" includes the proper antecedent basis of "an". Rejections of the other dependent claims are traversed for analogous reasons.’
However, while an indirect branch instruction has indeed been recited in claim 1, it was not previously recited that the indirect branch instruction was executed in an enclave. As such, “the indirect branch instruction executed in an enclave” does not have antecedent basis. Examiner recommends reciting something akin to “wherein the indirect branch instruction is executed in an enclave” earlier in claim 3 (such as immediately after “[t]he processor of claim 1”). 


Applicant across pages 13-14 argues that the cited portions of the references do not appear to teach or suggest the newly amended claims.
However, the references appear to teach or suggest the newly amended claims — see the Claim Rejections - 35 USC § 103 section above.
Applicant on page 14 argues: ‘For example, the Bonzini comments of the alleged combination allege that "there is also a chicken bit to disable indirect branch prediction", but in sharp contrast…”
Examiner generally agrees that the overall inventive concept of the indirect branch restricted speculation bit goes beyond the chicken bit of Bonzini. However, Examiner submits that the latter still teaches the former as claimed. For example, Examiner submits that the chicken bit of Bonzini disables indirect branch prediction when the chicken bit is a first value, and enables indirect branch prediction when the chicken bit is a second value. As such, Bonzini’s chicken bit allows the branch predictor to predict an indirect branch instruction when the chicken bit is the second value. Note that claim 1 does not require “allowing the branch predictor to predict…” when the indirect branch restricted speculation bit is set — the “when set…” limitation is only necessarily associated with the “prevents the branch predictor…” limitation. Further note that the chicken bit may be set to enable indirect branch prediction and may be set to disable indirect branch prediction — it is the particular value to which the chicken bit is set 

Applicant on page 15 argues: “Also, Applicant incorporates its previous arguments by reference here as not being overcome. For example, the arguments about inherency and official notice.”
Regarding the aforementioned incorporated arguments — including the argument that “a non-transitory machine readable medium that stores code that when executed by a machine causes the machine to perform steps" is “not capable of instant and unquestionable demonstration as being well-known" — Examiner likewise incorporates his previous response to arguments by reference. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEITH E VICARY whose telephone number is (571)270-1314.  The examiner can normally be reached on Monday to Friday, 9:00 AM to 5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/KEITH E VICARY/Primary Examiner, Art Unit 2182