DETAILED ACTION
This office action is in response to application filed on 7/3/2019.
Claims 1 – 20 are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 – 5, 7 – 16 and 18 – 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Volos et al (WO 2017142525, prior art part of IDS dated 10/23/2020, hereinafter Volos), in view of Wokhlu et al (US 20170371570, hereinafter Wokhlu).

As per claim 1, Volos discloses: A method of memory deallocation across a trust boundary between a first software component and at least a second software component, the method comprising: 
(Volos [0010]: “the sharing of data between processes executing on compute nodes can be accomplished using a shared memory region. A shared memory region can refer to a memory region that is implemented in memory media that is associated with respective compute nodes”.)
implementing an in-memory message passing facility using the shared memory; (Volos [0059]: inter-process communication mechanism.)
using the first software component to deallocate memory from the shared memory which has been allocated by the second software component, by: taking at least one allocation to be freed from the message passing facility; freeing the at least one allocation using a local deallocation mechanism. (Volos [0058]: “In other examples, instead of performing bulk de-allocation, a call to free a specific block can be made by a process, such as by using a free() method in the heap library. To free a block, the free() method can locate the zone containing the block, and if the zone is owned by the process that invoked the request to free the block, then the block can be freed by the memory manager. Otherwise, deallocation fails, and the user process would have to direct the call to free the block to the user process owning the zone”; [0059]: “Because multiple users share the heap, it is possible that a first process allocates a block, passes a pointer to the allocated block to a second process, and then the second process attempts to free (or de-allocate) the allocated block after the second process is done with processing the content of the allocated block. The second process does not own this block, so any attempt by the second process to de-allocate the block will fail. Instead the second process has to ask, such as by using an inter-process communication or other communication mechanism, the first (owner) process to de-allocate the block”.)
Volos did not explicitly disclose:
while validating that memory access to memory owned by data structures related to memory allocation within the shared memory are within the shared memory;
However, Wokhlu teaches:
while validating that memory access to memory owned by data structures related to memory allocation within the shared memory are within the shared memory; (Wokhlu [0044]: “A DOM may validate all shared memory access attempts”; [0055]: “The DOM 810 nevertheless provides the protection checking pass/fail signal to the data path of the memory controller 828 before physical memory is accessed during each memory access. This protection checking provided by the DOM 810 includes both checking access permissions of a requesting task in the DOT for a target memory block. The protection checking by the DOM 810 also includes checking whether the transaction context of a requesting task is present in a context table of the memory controller 828, and whether that transaction context is qualified to set or change permissions of the target memory block”.)
It would have been obvious for one of ordinary skill in the art at the effective filing date of the claimed invention to incorporate the teaching of Wokhlu into that of Volvos in 

As per claim 2, Volos and Wokhlu further teach:
The method of claim 1 wherein a thread in the first software component takes the at least one allocation to be freed from the message passing facility, and the thread frees the at least one allocation using a local deallocation mechanism which is an allocator of the thread, the allocator owning a chunk of memory in the shared memory. (Volos [0057] – [0058])

As per claim 3, Volos and Wokhlu further teach:
The method of claim 2 which is carried out without a cross-trust boundary call between the first and second software components. (Volos [0057] – [0059])


The method of claim 1 comprising taking the at least one allocation to be freed from a queue in the message passing facility, the queue being associated with an allocator which allocated the allocation to be freed. (Volos [0057] – [0058])

As per claim 5, Volos and Wokhlu further teach:
The method of claim 1 which is performed by a thread and wherein the allocation to be freed has been identified as an allocation previously made by the thread. (Volos [0056]) 

As per claim 7, Volos and Wokhlu further teach:
The method of claim 1 wherein the allocation to be freed has been added to the message passing facility by a thread of the second software component. (Volos [0058] – [0059])

As per claim 8, Volos and Wokhlu further teach:
(Volos [0057] – [0059])

As per claim 9, Volos and Wokhlu further teach:
The method of claim 7 wherein the allocation to be freed has been added to a queue selected from a plurality of queues at the message passing facility, the queue being associated with an allocator which allocated the allocation to be freed. (Volos [0057] – [0059])

As per claim 10, Volos and Wokhlu further teach:
The method of claim 9 wherein the queue has been selected by using an allocator index to identify the allocator which allocated the allocation to be freed. (Volos [0057] – [0059])

As per claim 11, Volos and Wokhlu further teach:
The method of claim 1 wherein the in-memory message passing facility is lockless. (Wokhlu [0047]: real time.)

As per claim 12, Volos and Wokhlu further teach:
The method of claim 1 wherein the in-memory message passing facility comprises a multi-producer, single-consumer queue. (Wokhlu figure 1: data plane 150.)

As per claim 13, Volos and Wokhlu further teach:
The method of claim 1 wherein the in-memory message passing facility comprises an allocator index in the shared memory and a second allocator index in memory of the first software component which is not part of the shared memory. (Volos [0057] – [0059])

As per claim 14, Volos and Wokhlu further teach:
The method of claim 1 wherein the in-memory message passing facility comprises a single canonical allocator index which maps a different range of memory regions to each of the software components. (Volos [0057] – [0059])



The method of claim 1 wherein the first software component is an enclave and the second software component is a program outside the enclave and wherein the method comprises maintaining two allocator indexes, one in the enclave and one outside the enclave, and synchronizing the allocator indexes. (Volos [0057] – [0059])

As per claim 16, Volos and Wokhlu further teach:
The method of claim 1 wherein the software components are library compartments and wherein the allocation to be freed is added to the message passing facility immediately. (Volos [0053]: heap library; [0057] – [0059])

As per claim 18, it is the apparatus variant of claim 1 and is therefore rejected under the same rationale.

As per claim 19, Volos and Wokhlu further teach:
The apparatus of claim 18 wherein the first software component is an enclave and the second software component is outside the enclave. (Volos [0057] – [0059])

.

Claim 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Volos and Wokhlu, in view of Rajagopal et al (US 20070079090, hereinafter Rajagopal).

As per claim 6, Volos and Wokhlu did not teach:
The method of claim 1 wherein the validating is done by making a range check that the memory accesses performed during the freeing of the at least one allocation are within the shared range.
However, Rajagopal teaches:
The method of claim 1 wherein the validating is done by making a range check that the memory accesses performed during the freeing of the at least one allocation are within the shared range. (Rajagopal [0129])
It would have been obvious for one of ordinary skill in the art at the effective filing date of the claimed invention to incorporate the teaching of Rajagopal into that of Volos and Wokhlu in order to have the validating is done by making a range check that the memory accesses performed during the freeing of the at least one allocation are within the shared range. Rajagopal has shown that the claimed steps are merely commonly known and used steps for validating memory access, and thus such combination would result in predictable results and is therefore rejected under 35 USC 103.

Claim 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Volos and Wokhlu, in view of Lukacs et al (US 20150288659, hereinafter Lukacs).
As per claim 17, Volos and Wokhlu did not teach:
The method of claim 1 wherein the first software component is a virtual machine and the second software component is a virtual machine which is less secure than the first software component.
However, Lukacs teaches:
The method of claim 1 wherein the first software component is a virtual machine and the second software component is a virtual machine which is less secure than the first software component. (Lukacs [0069])
It would have been obvious for one of ordinary skill in the art at the effective filing date of the claimed invention to incorporate the teaching of Lukacs into that of Volos and Wokhlu in order to have the first software component is a virtual machine and the second software component is a virtual machine which is less secure than the first software component. Lukacs has shown that such feature would enhance the overall security of the system when there are VMs of different security present, thus the combination of reference would enhancer the overall appeals of all references.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Chen et al (US 20160171147) teaches managing virtual boundaries to enable lock -free concurrent region optimization.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHARLES M SWIFT whose telephone number is (571)270-7756. The examiner can normally be reached Monday - Friday: 9:30 AM - 7PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Emerson Puente can be reached on 5712723652. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CHARLES M SWIFT/Primary Examiner, Art Unit 2196