DETAILED ACTION
This is a non-final Office action in response to communications received on 8/26/2021.   Claims 1 and 12 were amended.  No new claims were added or cancelled.  Claims 1-22 were selected in response to a restriction requirement in communications received on 11/09/2020.  Claims 23-36 are withdrawn at this time.  Claims 1-22 are pending and are examined.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 8/26/2021 has been entered.

Response to Arguments
Applicant’s arguments regarding the rejection of the claims under 103 have been considered but found unpersuasive.
Applicant further argues on pages 9-10 of the Remarks, filed 8/26/2021, that Pappachan does not teach the claim 1 limitation “generate an unvalidated request based on the DMA request”, however the Examiner respectfully disagrees.  The Examiner notes that claim 1 does not require actual validation, only that a request that 
Applicant argues on page 10 of the Remarks that the combination of Pappachan and Dhawan does not teach the claim 1 limitation “if the tags obtained is not found, executing rule miss handling” because Pappachan “is silent on what would happen if matching AT metadata is not found in the AT queue”, however the Examiner respectfully disagrees.  As cited in the Examiner’s Office Action, Dhawan teaches that if no appropriate rule based on the tags is obtained from the PUMP rule cache, then the Miss Handler handles the cache miss (Section 1).  Consequently, the combination of Pappachan and Dhawan teaches the limitations of claim 1. 
Applicant argues on page 11 of the Remarks that Dhawan does not teach an “input/output metadata processor having a cache”, because Pappachan states that  direct memory access operations (DMAed) between the platform I/O controllers 144 and the memory 132,” (para. [0022]) and that “the cryptographic engine 140 may encrypt and/or decrypt I/O data read or written by the I/O controllers 144 in one or more direct memory access (DMA) operations to the memory 132” (para. [0032]).  Therefore, Pappachan clearly teaches that the device has a computing device with I/O controllers that are clearly involved in exchanging DMA data involved in DMA operations.  Dhawan also teaches a Programmable Unit for Metadata Processing (PUMP) rule cache in which the most recently used rules are stored (Section 1, Introduction, Section 2, the Pump).  Consequently, Dhawan and Pappachan teach the limitations for which they are cited.
The remaining arguments fail to comply with 37 C.F.R. 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.
Consequently, the rejection of the claims under 35 U.S.C. 103 is sustained.
In addition, Applicant’s remaining arguments filed 8/26/2021, with respect to the rejection of claims 1-22 under 35 USC § 103(a) have been fully considered but are moot because newly added claim limitations requiring “generating an unvalidated request to obtain DMA data, the unvalidated request being based on the DMA request" require new grounds of rejection necessitated by amendments.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1.	Determining the scope and contents of the prior art.
2.	Ascertaining the differences between the prior art and the claims at issue.
3.	Resolving the level of ordinary skill in the pertinent art.
4.	Considering objective evidence present in the application indicating obviousness or nonobviousness.


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-22 are rejected under 35 U.S.C. 103 as being unpatentable over Pappachan (US 2017/0024568) in view of Udit Dhawan et al., Architectural Support for Software-Defined Metadata Processing, Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operations Systems (ASPLOS) 487-502 (March 14-18, 2015) (hereafter “Dhawan”) (Listed in Applicant’s IDS) and Zhou (US 6,324,599).
Regarding claim 1, Pappachan discloses the limitations substantially as follows:
A method comprising:
at an input/output (IO) metadata processor having a cache (paras. [0021], [0033]: I/O controller having a memory/cache),  
receiving, from a first fabric, a direct memory access (DMA) request directed to an address of a second fabric (paras. [0021], [0028], [0033], [0039]-[0040], [0051]: receiving from an I/O device (i.e. first fabric) a direct memory access request directed to memory and trusted applications of a computing device (i.e. address of a second fabric));
generating an unvalidated request, the unvalidated request based on the DMA request and at least one of the one or more rules (paras. [0021], [0043], [0052]: DDE requests an Authentication tag (AT) queue allocation (i.e. an unvalidated request) large enough to handle the AT metadata generated for the requested DMA transaction (i.e. based on the DMA request) by applying rules controlling generating of AT data); 
obtaining DMA data that was requested by the unvalidated request, the DMA data located at the address of the second fabric and obtaining tags associated with the DMA data (paras. [0021], [0032]-[0034], [0036], [0041], [0044]-[0046], [0049], [0051]: receiving encrypted I/O data that is part of the DMA transaction/operation (i.e. DMA data requested by the unvalidated request) from memory/addresses of the computing device (i.e. the DMA data is read from memory/addresses of the second fabric) and obtaining authentication tags such as channel IDs for each DMA transaction (i.e. tags associated with the DMA data)); and 
when the tags obtained is found, allowing the DMA request (paras. [0034], [0059]: if the authentication tag matches stored AT metadata, release the output data requested for the DMA transaction (i.e. allow the DMA request).
Pappachan does not explicitly disclose the remaining limitations of claim 1 as follows:
having a cache configured to store one or more rules;
generating an request to obtain DMA data, the request being based on the DMA request;
attempting to load at least one of the one or more rules from the cache of the IO metadata processor based on the tags obtained; 
when the at least one rule based on the tags obtained is not found in the cache, executing rule miss handling; and 
when the at least one rule based on the tags obtained is found in the cache, allowing the request.
However, in the same field of endeavor Dhawan discloses the limitations of claim 1 as follows:
having a cache configured to store one or more rules (Section 1. Introduction; Section 2, the PUMP: cache of most recently used rules are stored in a hardware structure, the PUMP rule cache)
attempting to load at least one of the one or more rules from the cache of the IO metadata processor based on the tags obtained (Section 2: the PUMP: cache rules of the PUMP (IO metadata processor) are obtained/loaded based on the metadata tags); 
when the at least one rule based on the tags obtained is not found in the cache, executing rule miss handling (Section 1. Introduction; Section 2: the PUMP, Miss Handler: if no appropriate rule based on the tags is obtained from the PUMP rule cache, then Miss Handler handles the cache miss); and 
when the at least one rule based on the tags obtained is found in the cache, allowing the request (Section 2: the PUMP, Miss Handler: if an appropriate rule based on the tags is found in the PUMP rule cache, allowing the operation requested).

Neither Pappachan or Dhawan disclose the remaining limitations of claim 1 as follows:
generating an request to obtain DMA data, the request being based on the DMA request;
However, in the same field of endeavor, Zhou discloses the remaining limitations of claim 1 as follows:
generating an request to obtain DMA data, the request being based on the DMA request (col. 3, ll. 45-50, col. 6, ll. 55-65; col. 7, ll. 8-29: generating a second read-ahead DMA request (i.e. request to obtain DMA data), wherein the second DMA request is to an address range within an ending address of a previous first DMA request (i.e. is based off the first DMA request));
Zhou is combinable with Pappachan and Dhawan because all three are from the same field of endeavor of improving and optimizing performance and security of hardware devices.  It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate Zhou’s method of generating a second unvalidated DMA request based upon a first DMA request with the system of Pappachan and Dhawan in order to improve access time and increase the efficiency and speed at which the DMA requests are processed.  

	Regarding claims 2 and 13, Pappachan, Dhawan and Zhou disclose the limitations of the method of claim 1 and the system of claim 12.
Pappachan discloses the limitations of claims 2 and 13 as follows:
wherein the first fabric is an untrusted fabric, and the second fabric is a trusted fabric (paras. [0004], [0026], [0028], [0501]: trusted applications and encrypted main memory of the computing device are secure/trusted (i.e. second fabric) while DMA data from the I/O devices (i.e. first fabric) is not trusted).

Regarding claims 3 and 14, Pappachan, Dhawan and Zhou disclose the limitations of the method of claim 1 and the system of claim 12.
Pappachan discloses the limitations of claims 3 and 14 as follows:
further comprising: 
when the DMA request is allowed, allowing reading of the address of the trusted fabric (paras. [0034], [0036], [0059]: if the matching AT is found and the DMA request allowed and the DMA transaction involves reading, allowing reading by the memory of the computing device); and 
when the DMA request is allowed and the DMA request is a write request, allowing write back to the address of the trusted fabric (paras. [0034], [0036], [0059]: if the matching AT is found and the DMA request allowed and the DMA transaction involves writing, allowing writing back to the memory of the computing device).


Pappachan discloses the limitations of claims 4 and 15 as follows:
wherein allowing reading of the address and allowing write back is performed over an output channel between the IO metadata processor and the untrusted fabric (paras. [0021], [0033]-[0034], [0036], [0059]: wherein allowing reading and writing over a DMA channel unique to each I/O device which permits outputting reading and writing of DMA data over an DMA channel between the I/O controller (i.e. IO metadata process) and the I/O device (i.e. untrusted fabric).

Regarding claims 7 and 18, Pappachan, Dhawan and Zhou disclose the limitations of the method of claim 1 and the system of claim 12.
Pappachan discloses the limitations of claims 7 and 18 as follows:
wherein obtaining the DMA data is over an initial channel from the trusted fabric to the IO metadata processor, the channel being isolated from the untrusted fabric (paras. [0021], [0032]-[0034]: wherein DMA transaction data is obtained over an encrypted DMA channel for transporting DMA data between memory of the computing device and the I/O controller, where the encrypted DMA channel is encrypted with encryption keys that are not available to the I/O devices enabling “isolation of I/O” (i.e. being isolated/kept unavailable to the untrusted fabric)).


Pappachan discloses the limitations of claims 8 and 19 as follows:
wherein the untrusted fabric is at least one of a network device, ethernet DMA device, universal asynchronous receiver/transmitter (UART), and serial communication device (paras. [0021]: the I/O device (i.e. untrusted fabric) is a network device of the computing device).

Regarding claims 9 and 20, Pappachan, Dhawan and Zhou disclose the limitations of the method of claim 1 and the system of claim 12.
Pappachan and Dhawan disclose the limitations of claims 9 and 20 as follows:
wherein executing rule cache miss handling (Dhawan, Section 2, the PUMP, Miss Handler: executing rule cache Miss Handler for handling misses) includes at least one of (i) rejecting the DMA request and (ii) redirecting the DMA request to an address separate from the trusted fabric (Pappachan, para. [0062]: in response to determining that there is no match and authentication fails, terminating/rejecting the DMA request).
It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate miss handling of Dhawan with the system of Pappachan in order to minimize performance impact caused by situations where an error or Miss occurs in searching for a rule in the rule cache the rule cache.


Pappachan and Dhawan disclose the limitations of claims 2 and 13 as follows:
wherein executing rule cache miss handling (Dhawan, Section 2, the PUMP, Miss Handler: executing rule cache Miss Handler for handling misses) includes sending, from the IO metadata processor, an interrupt to a processor connected with the IO metadata processor (Pappachan, para. [0062]: sending from I/O controller an interrupt to trusted software in connection with the I/O controller).
It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate miss handling of Dhawan with the system of Pappachan in order to minimize performance impact caused by situations where an error or Miss occurs in searching for a rule in the rule cache the rule cache.

Regarding claims 11 and 22, Pappachan, Dhawan and Zhou disclose the limitations of the method of claim 1 and the system of claim 12.
Pappachan discloses the limitations of claims 2 and 13 as follows:
wherein the DMA data includes at least one of an operation group, a tag identifying a state of the untrusted fabric, a tag identifying the untrusted fabric, a tag indicating a trust level of the untrusted fabric, a memory input tag, an enable byte tag, a memory result tac, and tag of a state of the untrusted fabric state after the DMA request is processed (paras. [0021]: DMA transaction data includes an authentication tag which is used to verify the integrity/trust level of the I/O device (i.e. untrusted fabric)).

Regarding claim 12, Pappachan discloses the limitations substantially as follows: 
A system comprising: 
an input/output (IO) cache (para. [0021]: memory for the I/O devices); and 
an input/output (IO) metadata processor having a cache (paras. [0021]: I/O controller (i.e. IO metadata processor) having memory), the IO metadata processor configured to: 
receive, from a first fabric, a direct memory access (DMA) request directed to an address of a second fabric (paras. [0021], [0028], [0033], [0039], [0051]: receiving from an I/O device (i.e. first fabric) a direct memory access request directed to memory and trusted applications of a computing device (i.e. address of a second fabric));
generate an unvalidated request, the unvalidated request based on the DMA request and at least one of the one or more rules (paras. [0021], [0043], [0052]: DDE requests an Authentication tag (AT) queue allocation (i.e. an unvalidated request) large enough to handle the AT metadata generated for the requested DMA transaction (i.e. based on the DMA request) by applying rules controlling generating of AT data); 
obtain DMA data that was requested by the unvalidated request, the DMA data located at the address of the second fabric and obtaining tags associated with the DMA data (paras. [0021], [0032]-[0034], [0036], [0041], [0044]-[0046], [0049], [0051]: receiving encrypted I/O data that is part of the DMA transaction/operation (i.e. DMA data requested by the unvalidated request) from memory/addresses of the computing device (i.e. the DMA data is read from memory/addresses of the second fabric) and obtaining authentication tags such as channel IDs for each DMA transaction (i.e. tags associated with the DMA data)); 
when the tags obtained is not found, execute miss handling (paras. [0059], [0062]: if a matching authentication tag is not found, execute an appropriate failure mode (i.e. handling the missing matching tag)); and 
when the tags obtained is found, allow the DMA request (paras. [0034], [0059]: if the authentication tag matches stored AT metadata, release the output data requested for the DMA transaction (i.e. allow the DMA request).
Pappachan does not explicitly disclose the remaining limitations of claim 12 as follows:
having a cache configured to store one or more rules
generate an request to obtain DMA data, the request being based on the DMA request;
attempt to load at least one of the one or more rules from the cache of the IO metadata processor based on the tags obtained; 
when the at least one rule based on the tags obtained is not found in the cache, execute rule miss handling; and 
when the at least one rule based on the tags obtained is found in the cache, allow the request.

having a cache configured to store one or more rules (Section 1. Introduction; Section 2, the PUMP: cache of most recently used rules are stored in a hardware structure, the PUMP rule cache)
attempt to load at least one of the one or more rules from the cache of the IO metadata processor based on the tags obtained (Section 2: the PUMP: cache rules of the PUMP (IO metadata processor) are obtained/loaded based on the metadata tags); 
when the at least one rule based on the tags obtained is not found in the cache, execute rule miss handling (Section 1. Introduction; Section 2: the PUMP, Miss Handler: if no appropriate rule based on the tags is obtained from the PUMP rule cache, then Miss Handler handles the cache miss); and 
when the at least one rule based on the tags obtained is found in the cache, allow the request (Section 2: the PUMP, Miss Handler: if an appropriate rule based on the tags is found in the PUMP rule cache, allowing the operation requested).
Pappachan and Dhawan are combinable because both are from the same field of endeavor of using rules, policies and tagging of addresses and/or metadata in order to create a more secure processor and computing device.  It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate the rule cache of Dhawan with the system of Pappachan in order to accelerate system performance by enhancing access and processing of the most recently used rules.

generate an request to obtain DMA data, the request being based on the DMA request;
However, in the same field of endeavor, Zhou discloses the remaining limitations of claim 1 as follows:
generate an request to obtain DMA data, the request being based on the DMA request (col. 3, ll. 45-50, col. 6, ll. 55-65; col. 7, ll. 8-29: generating a second read-ahead DMA request (i.e. request to obtain DMA data), wherein the second DMA request is to an address range within an ending address of a previous first DMA request (i.e. is based off the first DMA request));
Zhou is combinable with Pappachan and Dhawan because all three are from the same field of endeavor of improving and optimizing performance and security of hardware devices.  It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate Zhou’s method of generating a second unvalidated DMA request based upon a first DMA request with the system of Pappachan and Dhawan in order to improve access time and increase the efficiency and speed at which the DMA requests are processed.  

Claims 5-6 and 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Pappachan (US 2017/0024568) in view of Udit Dhawan et al., Architectural Support for Software-Defined Metadata Processing, Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operations Systems (ASPLOS) 487-502 (March 14-18, 2015) (hereafter “Dhawan”) .
Regarding claims 5 and 16, Pappachan, Dhawan and Zhou disclose the limitations of the method of claim 1 and the system of claim 12.
Neither Pappachan or Dhawan disclose the limitations of claims 5 and 16 as follows:
wherein the at least one rule based on the tags indicates a set of addresses.
However, in the same field of endeavor, Yates discloses the limitations of claims 5 and 16 as follows:
wherein the at least one rule based on the tags indicates a set of addresses (paras. [0021], [0068], [0602]: switching policies based on address tags, which represent address ranges (i.e. sets of addresses)).
Yates, Dhawan, Pappachan and Zhou are combinable because all four are from the same field of endeavor of improving and optimizing performance and security of hardware devices.  Yates, Zhou, and Pappachan are also combinable because both are from the same field of endeavor of securely exchanging Direct Memory Access (DMA) data.  It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate Yate’s method of generating policies/rules based on tags and sets of addresses with the system of Pappachan, Dhawan and Zhou in order to conserve cache resources by adapting policies based on success and failures of address ranges. 


Pappachan discloses the limitations of claims 6 and 17 as follows:
further comprising storing device state information in an untrusted fabric device (Pappachan, abstract, paras. [0021], [0059]: storing encrypted DMA transfer I/O data (i.e. device state information) in a DMA buffer separate from authentication tag data stored in a trusted authentication tag queue)
Neither Pappachan or Dhawan discloses the remaining limitations of claims 6 and 17 as follows:
further comprising storing device state information in an register file.
However, in the same field of endeavor, Yates discloses the limitations of claims 6 and 17 as follows:
further comprising storing device state information in an register file (Yates, paras. [0032], [0037], [0039], [0068]: storing profileable events of a computer profile (i.e. device state information) in a general register file (i.e. device register file) that is separate from main memory).
Yates, Dhawan, Pappachan and Zhou are combinable because all four are from the same field of endeavor of improving and optimizing performance and security of hardware devices.  Yates, Zhou and Pappachan are further combinable because both are from the same field of endeavor of securely exchanging Direct Memory Access (DMA) data.  It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate Yate’s method of storing device state information in a register file that is separate from main memory with the system of 

Conclusion
For the above-stated reasons, claims 1-22 are rejected.
Prior art considered but not relied upon includes:
1) Johnson (US 2006/0242332) discloses generating a second remote DMA request from a first DMA request.
	2) Hiji (US 2006/0080489) discloses receiving a first initial DMA request (para. [0036]) followed by a second DMA request (para. [0040] and sending a data read for a previous DMA request.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHARON S LYNCH whose telephone number is (571)272-4583.  The examiner can normally be reached on 10AM-6PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on 571-272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
/SHARON S LYNCH/Primary Examiner, Art Unit 2438