DETAILED ACTION

This office action is in response to application 16/774,638 filed on 1/28/2020.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 have been examined.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 1/28/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.




Claim(s) 1, 3, 11-12, and 14-15 is/are rejected under 35 U.S.C. 102(a)(1), (a)(2) as being anticipated by Ebrahim (US 5,987,557).
With respect to claim 1, Ebrahim teaches of a control device comprising: a controller (fig. 2, item 212, column 5, lines 59-61) to: receive, from a requester device that is separate from the control device, a request to access a first memory region of a memory (fig. 2; column 5, line 59-column 6, line 3; where the system control block controls access of the processor to the memory blocks and the access control signals from the processor including the access type and address to be accessed); and
determine, based on occurrence of a system initialization event and according to permissions information that identifies access permissions for respective memory regions of the memory, whether access of content in the first memory region is allowed (column 2, lines 46-50; as the protection check logic (PCL) is configured at initialization time by the OS, its operations therefore must occur based on that configuration during initialization (claimed system initialization event).  fig. 2-3; column 6, line 60-column 7, line 16, column 10, lines 35-62; where the access control is expressed as a function of the process requesting access, the type of transaction (read/write) and the address.  The access type signal from the context comparator is compared with the received access type signal in the request and then the access match signal is asserted if the access type matches).
With respect to claim 3, Ebrahim teaches of wherein the access permissions identified by the permissions information are selected from among: a read access mode, a write access mode, 
With respect to claim 11, Ebrahim teaches of wherein the controller is to: determine a type of access of the first memory region based on metadata in the request (column 5, line 64-column 6, line 1; column 6, line 61-column 7, line 5; column 10, lines 43-62; where a signal is received that indicates if the request is a read or write); and
determine whether access of the content in the first memory region is allowed further based on the determined type of access (column 5, line 64-column 6, line 1; column 6, line 61-column 7, line 5; column 10, lines 43-62; where a signal is received that indicates if the request is a read or write and if it matches the context field signal (permissions type) then it is used in generating a pass signal to allow the access).
With respect to claim 12, Ebrahim teaches of wherein the metadata indicates whether the access of the first memory region is a privileged access or an un-privileged access (fig. 3; column 8, lines 7-21; where the request includes a supervisor bit signal that indicates if it is a privileged access).
With respect to claim 14, Ebrahim teaches of wherein the controller is determine the type of access based on whether the request is for a read or a write (column 5, line 64-column 6, line 1; column 6, line 61-column 7, line 5; column 10, lines 43-62; where a signal is received that indicates if the request is a read or write).
With respect to claim 15, Ebrahim teaches of a system comprising: a requester device (fig. 2, item 202; column 5, lines 59-column 6, line 2; where the processor requests access to the memory blocks); and 

determine a type of the access of the request based on the request and metadata in the request (column 5, line 64-column 6, line 1; column 6, line 61-column 7, line 5; column 10, lines 43-62; where a signal is received that indicates if the request is a read or write and if it matches the context field signal (permissions type) then it is used in generating a pass signal to allow the access), and 
determine, based on occurrence of a systems initialization event and according to permissions information that identifies access permissions for respective memory regions of the memory that contain different protected information, whether the type of access of request of content in the first memory region is allowed (column 2, lines 46-50; as the protection check logic (PCL) is configured at initialization time by the OS, its operations therefore must occur based on that configuration during initialization (claimed system initialization event).  fig. 2-3; column 6, line 60-column 7, line 16, column 10, lines 35-62; where the access control is expressed as a function of the process requesting access, the type of transaction (read/write) and the address.  The access type signal from the context comparator is compared with the received access type signal in the request and then the access match signal is asserted if the access type matches).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 2, 4-7, 9-10, 13, 16, and 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ebrahim and Kotary et al. (US 2018/0173294).
With respect to claim 2, Ebrahim teaches of wherein the memory regions of the memory for which the permissions information identifies the access permissions contain data, and wherein the request is a request to access the data (column 5, lines 1-8; where the memory addresses contain data).
Ebrahim fails to explicitly teach of wherein the memory regions of the memory for which the permissions information identifies the access permissions contain program code, and wherein the request is a request to access the program code.
However, Kotary teaches of wherein the memory regions of the memory for which the permissions information identifies the access permissions contain program code, and wherein the request is a request to access the program code (fig. 3; paragraph 26, 32; where the firmware sleep mapper shim is stored in protected memory and the microcode executes a jump to the firmware sleep mapper).
Ebrahim and Kotary are analogous art because they are from the same field of endeavor, as they are directed to securing memory regions.
It would have been obvious to one of ordinary skill in the art having the teachings of Ebrahim and Kotary before the time of the effective filing of the claimed invention to store firmware of Ebrahim in protected memory as taught in Kotary.  Their motivation would have been to ensure the firmware is protected from unauthorized access (Kotary, paragraph 26).
With respect to claim 4, Kotary teaches of a lock indicator that when set to a specified value prevents modification of at least a portion of the permissions information (fig. 3; paragraph 26; where permissions/IMR registers are locked to prevent modification.  Since they are locked, there must be some indicator that lets the system know they are locked).

With respect to claim 5, Kotary teaches of wherein the lock indicator is to be reset responsive to a restart of a system in which the control device is to be provided (fig. 3; paragraph 25-26; where when the system is booted (restarted), the pre-boot firmware copies the firmware sleep mapper him function into the protected memory and then locks the permissions of the protected memory).
The reasons for obviousness are the same as those indicated with respect to claim 2 above.
With respect to claim 6, Kotary teaches of wherein an access permission identified by the permissions information for the first memory region indicates that the first memory region contains program code (paragraph 26; where the permissions identify the protected memory region as executable, thus it contains code).
The reasons for obviousness are the same as those indicated with respect to claim 2 above.
With respect to claim 7, Kotary teaches of wherein the controller is to permit execution of the program code in the first memory region responsive to the request (paragraph 32-33; where the firmware sleep mapper is verified it is executed and puts all cores into a deep idle power state).
The reasons for obviousness are the same as those indicated with respect to claim 2 above.
With respect to claim 9, Ebrahim teaches of that access to the first memory region is at a privileged level (fig. 3; column 8, lines 7-21; where the access occurs in supervisor mode).
Kotary teaches of wherein the access permission identified by the permissions information for the first memory region indicates instruction access of the first memory region (paragraph 26; where the permissions include the region being executable). 
The reasons for obviousness are the same as those indicated with respect to claim 2 above.
With respect to claim 10, the combination of Ebrahim and Kotary teaches of wherein the controller is to permit execution of the program code from the first memory region responsive to the request indicating that the requester device is at the privileged level (Ebrahim, fig. 3; column 8, lines 7-21; where the access occurs in supervisor mode, which results in the access being permitted.  In the combination with Kotary, the access is the execution of the firmware sleep mapper, Kotary paragraph 32).
The reasons for obviousness are the same as those indicated with respect to claim 2 above.
With respect to claim 13, the combination of Ebrahim and Kotary teaches of wherein the metadata indicates whether the access of the first memory region is a data access or an instruction access (Ebrahim column 5, lines 1-8; where the addresses in the memory space indicate the data stored at the location in memory.  Kotary, fig. 3; paragraph 32; where the address indicates a jump to the firmware sleep mapper).
The reasons for obviousness are the same as those indicated with respect to claim 2 above.
With respect to claim 16, Kotary teaches of wherein the permissions information is to be populated by the OS kernel or firmware responsive to writing of the protected information to the respective memory regions of the memory (fig. 3; paragraph 26; where after copying the firmware image of the firmware sleep mapper shim function to the protected memory, the protected memory region may be designated as read-only and executable (permissions).  This is done in the pre-boot firmware environment, thus it is done by the pre-boot firmware).
The reasons for obviousness are the same as those indicated with respect to claim 2 above.
With respect to claim 19, Ebrahim teaches of a method performed by a controller in a system, comprising: receiving, from a requester device that is separate from the controller, a request to access a first memory region of the memory (fig. 2; column 5, line 59-column 6, line 3; where the system control block controls access of the processor to the memory blocks and the access control signals from the processor including the access type and address to be accessed); and
determining, based on occurrence of a systems initialization event and according to the permissions information, whether access of content in the first memory region is allowed (column 2, lines 46-50; as the protection check logic (PCL) is configured at initialization time by the OS, its operations therefore must occur based on that configuration during initialization (claimed system initialization event).  fig. 2-3; column 6, line 60-column 7, line 16, column 10, lines 35-62; where the access control is expressed as a function of the process requesting access, the type of transaction (read/write) and the address.  The access type signal from the context 
Ebrahim fails to explicitly teach of responsive to writing protected information to respective memory regions of a memory, populating a data structure with permissions information that identifies access permissions for the respective memory regions; setting a lock indicator after the populating of the data structure with the permissions information, the lock indicator when set preventing a modification of the permissions information.
However, Kotary teaches of responsive to writing protected information to respective memory regions of a memory, populating a data structure with permissions information that identifies access permissions for the respective memory regions (fig. 3; paragraph 26; where after copying the firmware image of the firmware sleep mapper shim function to the protected memory, the protected memory region may be designated as read-only and executable (permissions));
setting a lock indicator after the populating of the data structure with the permissions information, the lock indicator when set preventing a modification of the permissions information (fig. 3; paragraph 26; where permissions/IMR registers are locked to prevent modification.  Since they are locked, there must be some indicator that lets the system know they are locked).
Ebrahim and Kotary are analogous art because they are from the same field of endeavor, as they are directed to securing memory regions.
It would have been obvious to one of ordinary skill in the art having the teachings of Ebrahim and Kotary before the time of the effective filing of the claimed invention to store 
With respect to claim 20, Kotary teaches of wherein the access of the content in the first memory region comprises fetching of a program code in the first memory region for execution (fig. 3; paragraph 32; where the microcode jumps to the firmware sleep mapper),
the method further comprising: denying a request to fetch a program code in a second memory region of the memory for execution, responsive to determining that the permissions information does not identify a privileged access level for the second memory region (fig. 3; paragraph 32; where if the firmware sleep mapper is not verified as it isn’t trusted (not privileged access level) then an exception is generated and it is prevented from being executed).
The reasons for obviousness are the same as those indicated with respect to claim 19 above.
Claim 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ebrahim and Kotary as applied to claim 7 above, and further in view of Mergard et al. (US 6,484,227).
With respect to claim 8, the combination of Ebrahim and Kotary fails to explicitly teach of wherein the controller is to deny permission to execute a program code from a second memory region in the memory, the second memory region different from the first memory region.
However, Mergard teaches of wherein the controller is to deny permission to execute a program code from a second memory region in the memory, the second memory region different from the first memory region (fig. 4; column 6, line 62-column 7, line 10; where when an attempt to fetch an instruction from a region marked as execution denied, a fault is generated).

It would have been obvious to one of ordinary skill in the art having the teachings of Ebrahim, Kotary, and Mergard before the time of the effective filing of the claimed invention to include the execution enabled/disable permissions of Mergard in the combination of Ebrahim and Kotary.  Their motivation would have been to prevent execution of improper instructions.
Claims 17-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ebrahim, Kotary, and Poo et al. (US 8,171,309).
With respect to claim 17, Ebrahim fails to explicitly teach of a register containing a lock indicator that when set to a specified value prevents modification of at least a portion of the permissions information, and wherein a program code is to, after the lock indicator has been set to the specified state, permit modification of the permissions information responsive to receiving a credential.
However, Kotary teaches of a register containing a lock indicator that when set to a specified value prevents modification of at least a portion of the permissions information (fig. 3; paragraph 26; where the permissions/IMR are locked to prevent unauthorized modification.  As must be something that identifies the regions as being locked, since registers a used for the permissions, this suggests to one of ordinary skill in the art that a register also identifies the permissions as being locked).
The combination of Ebrahim and Kotary fails to explicitly teach of wherein a program code is to, after the lock indicator has been set to the specified state, permit modification of the permissions information responsive to receiving a credential.

Ebrahim and Kotary are analogous art because they are from the same field of endeavor, as they are directed to securing memory regions.
It would have been obvious to one of ordinary skill in the art having the teachings of Ebrahim and Kotary before the time of the effective filing of the claimed invention to store firmware of Ebrahim in protected memory as taught in Kotary.  Their motivation would have been to ensure the firmware is protected from unauthorized access (Kotary, paragraph 26).
Ebrahim, Kotary, and Poo are analogous art because they are from the same field of endeavor, as they are directed to securing memory regions.
It would have been obvious to one of ordinary skill in the art having the teachings of Ebrahim, Kotary, and Poo before the time of the effective filing of the claimed invention to incorporate accessing locked memory by receiving a credential in the combination of Ebrahim and Kotary as taught in Poo.  Their motivation would have been to ensure that authenticated access can be granted.
With respect to claim 18, the combination of Ebrahim, Kotary, and Poo teaches of a configuration register including a mode indicator that if set to a first value indicates that the permissions information is to be written to a data structure according to a first mode in which the permissions information cannot be modified after being initialized in the data structure, and 
The reasons for obviousness are the same as indicated above with respect to claim 17.
	
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Liu et al. (US 10,942,870) discloses modification of access permissions is blocked for transactions in a lower access mode.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL C KROFCHECK whose telephone number is (571)272-8193.  The examiner can normally be reached on Monday - Friday 8am -5pm, first Friday off.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, David Yi can be reached on (571) 270-7519.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Michael Krofcheck/Primary Examiner, Art Unit 2138