DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims

Claims 1-3, 5-12, 14-20, 22-25 are pending.  Claims 4, 13, 21 are cancelled.

Allowable Subject Matter
Claim 5 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claim 14 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claim 22 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Claim Objections
Claims 1, 10, 18 are objected to because of the following informalities:  
Claims 1, 10, 18 contain the following: “the plurality of bitmaps comprises…”.  This should be “the plurality of bitmaps comprising…” or similar.
Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3, 6, 8-10, 12, 15, 17-18, 20, 23, 25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zimmer (PGPUB 2005/0114639), and further in view of Shin et al (PGPUB 2007/0050586), Schmidt et al (PGPUB 2003/0226022), and McGrath et al (US 7,043,616).

Regarding Claim 1:
Zimmer teaches an apparatus, comprising:
memory to store instructions (paragraph 29, System Management Mode (SMM) Nub loaded into SMM-only memory space; paragraph 86, exemplary computer comprising memory); and 
processing circuitry coupled with the memory, the processing circuitry to (paragraph 86, exemplary computer comprising processor): 
detect an access request to access a computing resource while in a system management mode (SMM) (paragraph 29, SMM Nub responsible for coordinating all activities while control is transferred to system management mode, including providing SMM library to event handlers; paragraph 34, in response to system management interrupt (SMI) event, CPU switches to SMM mode and redirects instruction pointer to first instruction in SMM Nub; paragraph 62, operations performed in response to SMI event; paragraph 64, appropriate event handler is chosen; paragraph 73, handler code executed to completion using memory and I/O access policy; paragraph 83, event handler attempts to access I/O port; decision performed by logic contained in SMM Nub); 
a bitmap to indicate an access policy for the computing resource (paragraph 83-84, I/O permission bitmap defined via data structure managed by SMM Nub; determination is made to whether port address is one of port addresses that permission to access is allowed for as defined by the I/O permission bitmap); 
one or more bitmaps allocated for input/output (I/O) devices (paragraph 83-84, I/O permission bitmap);
determine whether the access request violate the access policy set in the bitmap (paragraph 83-84, determination is made to whether port address is one of port addresses that permission to access is allowed for as defined by the I/O permission bitmap; result of decision performed by logic contained in SMM Nub); 
perform the access request if the access request does not violate the access policy (paragraph 83, if answer to access decision is YES, direct access to I/O port is allowed); and 
cause a fault if the access request does violate the access policy (paragraph 84, in the event that a request to access I/O port having a port address that is not included in the I/O permission bitmap is performed, code fault is generated).
Zimmer does not explicitly teach determining a bit of a lock register is set to enable access to the bitmap associated with the computing resource.
However, Shin teaches determining a bit of a lock register is set to enable access to a bitmap associated with a computing resource  (paragraph 28, access check unit (ACU) connected to processor core and interrupt controller to perform access control in accordance with program under execution; paragraph 30, ACU includes ACU control register; paragraph 46-54, ACU control register comprises control register (CTR) which designates presence/absence of access check, and is used to switch on/off access check from processor core; paragraph 56-58, region switching table (RST) and domain switching table (DST) comprising permission bitmap arrays; paragraph 66, ACU determines permission/inhibition of access before processor core accesses main memory; if permission attribute corresponding to region number or domain boundary is checked, and access is not permitted, a fault is generated; ACU determines permission/inhibition of access only when CTR bit(s) is set to “ON”; therefore, CTR comprises lock register set to enable/disable access to permission bitmaps).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the control register of an access check unit teachings of Shin with the SMM access request handling teachings of Zimmer, in order to manage usage of the access control elements of the system and performing access checks only when necessary, thereby “decreasing the use frequency of the access control apparatus… reduc[ing] the cost and power consumption of the processor core without greatly degrading the performance” (Shin paragraph 33).
	Neither Zimmer nor Shin explicitly teaches the processing circuitry to:
	determine a location of the bitmap in the memory based on a location indicated in a model specific register (MSR) associated with a plurality of bitmaps including the bitmap, the plurality of bitmaps comprises one or more bitmaps allocated for MSRs and one or more bitmaps allocated for input/output (I/O) devices.
	However, Schmidt teaches the concept of processing circuitry to (paragraph 31, computer system including CPU and memory):
	determine a location of a bitmap in memory based on a location indicated in a model specific register (MSR) associated with a plurality of bitmaps including the bitmap (abstract, method for handling a security exception; paragraph 64-66, I/O permission bitmap stored within portion of memory; MSR used to store base address of I/O permission bitmap), the plurality of bitmaps comprises one or more bitmaps allocated for input/output (I/O) devices (paragraph 64, I/O permission bitmap stored within portion of memory; paragraph 65, SEM I/O permission bitmap includes different I/O permission bitmap for each of the n different SCID values, i.e. plurality of bitmaps).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the base address of an I/O permission bitmap MSR teachings of Schmidt with the SMM access request handling teachings of Zimmer in view of Shin, in order to provide a reliable method to indicate to a system where the I/O policy was located, allowing the bitmap to be allocated dynamically as required by the system.
	Neither Zimmer nor Shin nor Schmidt explicitly teaches the plurality of bitmaps comprises one or more bitmaps allocated for MSRs.
	However, McGrath teaches the concept wherein a plurality of bitmaps comprises one or more bitmaps allocated for MSRs (abstract, method of controlling access to a model specific register of a microprocessor; col 14 line 53-60, access to certain MSRs may present a security risk when secure mode is enabled; the listing of protected MSRs of processor may be a trusted mode data structure in the form of a bit map; col 14 line 61-col 15 line 6, Protected MSR bit map may be 4 Kbyte bit map including several smaller 1 Kbyte bit maps).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the protected MSR bit map teachings of McGrath with the SMM access request handling teachings of Zimmer in view of Shin and Schmidt, in order to improve the security of a system by providing a bitmap that secures processor model specific registers against unauthorized access, as the bitmap is a trusted mode data structure which allows a security kernel to protect MSRs in a secure mode.

Regarding Claim 3:
(abstract, method of controlling access to model specific register; col 14 line 61-col 15 line 6, trusted mode data structure designated as protected MSR bit map (PMSRBM); PMSRBM accessed via PMSRBM Base MSR; col 15 line 33-57, PMSRBM Base MSR is itself a protected MSR; if limit field is equal to zero, all MSRs are protected and bit map lookup is disabled; accordingly, any write access to an MSR causes security exception to be generated).

Regarding Claim 6:
Zimmer in view of Shin, Schmidt, and McGrath teaches the apparatus of claim 1.  In addition, McGrath teaches the processing circuitry to disable write operations to a bitmap register associated with the bitmap based on the bit of the lock register being set (abstract, method of controlling access to model specific register; paragraph 76, trusted mode data structure designated as protected MSR bit map (PMSRBM); PMSRBM accessed via PMSRBM Base MSR; paragraph 79, PMSRBM Base MSR is itself a protected MSR; if limit field is equal to zero, all MSRs are protected and bit map lookup is disabled; accordingly, any write access to an MSR causes security exception to be generated).

Regarding Claim 8:
Zimmer in view of Shin, Schmidt, and McGrath teaches the apparatus of claim 1.  In addition, Zimmer teaches the apparatus, comprising one or more computing resources including the computing resource (paragraph 83, I/O port referenced by port address), wherein the one or more computing resources comprise Input/Output (I/O) devices (paragraph 83, I/O port), and central processing unit (paragraph 42-43, SMM Nub manages functions related to processor floating point registers); and 
Schmidt teaches wherein the one or more computing resources comprise model specific registers (MSRs) (abstract, method for handling a security exception; paragraph 64-66, I/O permission bitmap stored within portion of memory; MSR used to store base address of I/O permission bitmap).

Regarding Claim 9:
Zimmer in view of Shin, Schmidt, and McGrath teaches the apparatus of claim 1.  In addition, Zimmer teaches the apparatus, comprising:
a storage coupled with the memory and the processing circuitry, the storage to store data (paragraph 89, storage, e.g. CD-ROM comprising data on disk which can be read or transferred into memory); and 
one or more input/output (I/O) devices coupled with the storage, the memory, and the processing circuitry, the one or more I/O devices configured to couple with one or more devices (paragraph 88, input/output devices, e.g. USB connected mouse, monitor for outputting graphics, network interface card for connecting computer system to network).


Regarding Claims 10, 12, 15, 17:
	These are the computer-implemented method claims corresponding to the apparatus claims 1, 3, 6, 8 respectively, and are therefore rejected for corresponding reasons.

Regarding Claim 18, 20, 23, 25:
.

Claims 2, 11, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zimmer in view of Shin, Schmidt, and McGrath, and further in view of Kaplan et al (PGPUB 2018/0032447).

Regarding Claim 2:
Zimmer in view of Shin, Schmidt, and McGrath teaches the apparatus of claim 1.  In addition, Shin teaches wherein the access policy specifies one or more access settings for the computing resource, the one or more access settings comprising a write setting, a read-only setting, an executable setting, and an executable disabled setting (paragraph 35, memory operation types include memory read, memory write, and instruction read (i.e. “execute”); paragraph 40, RST permissions include “rwx”, i.e. “read” “write” “execute”).
Neither Zimmer nor Shin nor Schmidt nor McGrath teaches the one or more access settings comprising an immutable setting.
However, Kaplan teaches one or more access settings comprising an immutable setting (abstract, table walker determines when lock indicator for memory page in map table is set; paragraph 105, table walker determines if memory page access is permitted; table walker determines if entry is marked as immutable).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the immutable setting teachings of Kaplan with the SMM access request handling teachings of Zimmer in view of Shin, Schmidt, and McGrath, in order to provide a permission setting which prevents any changes from being made to a resource, thereby preventing 

Regarding Claim 11:
	This is the computer-implemented method corresponding to the apparatus of claim 2, and is therefore rejected for corresponding reasons.

Regarding Claim 19:
	This is the computer-readable storage medium corresponding to the apparatus of claim 2, and is therefore rejected for corresponding reasons.

Claims 7, 16, 24 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zimmer in view of Shin, Schmidt, and McGrath, and further in view of Weber et al (PGPUB 2003/0041248).

Regarding Claim 7:
Zimmer in view of Shin teaches the apparatus of claim 1.  In addition, Zimmer teaches the processing circuitry to detect a system management interrupt (SMI) (paragraph 33, process for handling SMI event; SMI event signal received by CPU; paragraph 34, in response to SMI event, CPU switches to SMM mode), and 
Shin teaches the processing circuitry to set the bit of the lock register (paragraph 46-54, ACU control register comprises control register (CTR) which designates presence/absence of access check, and is used to switch on/off access check from processor core; paragraph 47, access check unit switches value of CTR).

However, Weber teaches the concept of processing circuitry to save a SMM save state in one or more model specific registers in response to an SMI (abstract, method for providing external locking mechanism for memory locations; paragraph 84, SMI initiates SMM; paragraph 138, processor saves unfinished SMM state, saving state indications to one or more SMM MSRs).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the saving an SMM save state teachings of Weber with the SMM access request handling teachings of Zimmer in view of Shin, Schmidt, and McGrath, in order to improve system performance and reliability by capturing an SMM state in the event that the system management mode needs to be exited before completion, thereby allowing the system to resume the process at the exact point the SMM was exited at a later time.

Regarding Claim 16:
	This is the computer-implemented method corresponding to the apparatus of claim 7, and is therefore rejected for corresponding reasons.

Regarding Claim 24:
	This is the computer-readable storage medium corresponding to the apparatus of claim 7, and is therefore rejected for corresponding reasons.

Response to Arguments
Applicant's arguments filed 8/27/2021 have been fully considered but they are not persuasive.

Regarding the claim objections:
Applicant’s amendments have overcome the claim objections.  Therefore, the claim objections are withdrawn

Regarding the rejection of claims under 35 USC 101:
Applicant’s amendments have overcome the prior 35 USC 101 rejection.  Therefore, the rejection is withdrawn.

Regarding the rejection of claims under 35 USC 103:
	Applicant asserts that claims 1, 10, and 18 are allowable, as the claims have been “amended to substantially recite the language previously recited in claims 5, 14, and 22 and the intervening claims”, previously objected to as being allowable.  However, Applicant has incorporated only certain features of claims 5, 14, and 22 into the corresponding base claims, and not every feature of the claims.  Therefore, claims 1, 10, and 18 do not “substantially” recite the language of claims 5, 14, and 22.  Furthermore, Applicant’s amendments change the scope of the claims beyond merely incorporating elements of claims 5, 14, and 22 (e.g. “plurality” of bitmaps instead of “one or more”).  Therefore, a new ground(s) for rejection is presented above which teaches these new elements, as added by amendment.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814.  The examiner can normally be reached on 9:00AM-5:30PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.








/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491