Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This Office Action is in response to the Amendment filed on 08/20/2021 in response to the communication and claim amendment; Claims 1, 8, and 10 are independent claims.  Claims 1-2, 4-5, 8, 10, 13, 18, and 21-32 have been examined and are pending.  This Action is made FINAL.
Response to Arguments
Applicants’ arguments in the instant Amendment, filed on 08/20/2021, with respect to claims 1-2, 4-5, 8, 10, 13, 18, and 21-32 are interpreted under 35 U.S.C. §112(f) have been fully considered but they are not persuasive.. The interpretation of claims 1-2, 4-5, 8, 10, 13, 18, and 21-32 under 35 U.S.C. § 112 (f) is maintained as the following reasons:
Although “access control unit” has functions such as performing the claimed function (e.g., “receive, from a programming agent, a message comprising an access control data item,” “store the access control data item in the secure memory,” “calculate a message digest by applying a cryptographic hash function to contents of the message, a cryptographic key shared between the programming agent and the access control unit, and a state variable reflecting a state of communications between the access control unit and the programming agent,” “authenticate the message using the message digest function, and “control, in view of the access control data item, access by an initiator device to a target device.”), the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.” MPEP §2181(1) (emphasis added).  The access control unit is coupled with functional language, but is not modified by sufficient structure or acts for performing the claimed function. As result, the claim in interpreted under 35 U.S.C. 112(f).  It’s noted that the specification provides sufficient corresponding structures for said claimed means-plus-functions; in addition, the functions receiving and storing could be performed by general computing device. Therefore, the claims are found definite.  Otherwise, 35 U.S.C 112(b) indefinite would have been applied to reject said claim.  

Applicants argue: The applicant respectfully requests that the double-patenting rejections be held in abeyance until allowable subject matter is identified.
		The Applicant held the double patenting matters in abeyance. Therefore The Examiner is maintained double patenting.
Applicants’ arguments in the instant Amendment, filed on 08/20/2021, with respect to limitations listed below, have been fully considered but they are not persuasive.
		Applicants argue: the cited references, taken individually or in combination, at least fail to teach or even suggest the claimed “update a state variable by applying a predetermined function to a current value of the state variable and a hash of contents of the secure memory” (Applicant Remarks/Arguments, pages 9-10).
         The Examiner disagrees with the Applicants. The Examiner respectfully submits that the combination of Fahrny, Jaffe, and Klustaitis does disclose the aforementioned limitations as the following:

receive a message comprising an access control data item (Fahrny: receive a message comprising authentication information as shown in figure 4); 
store the access control data item in the secure memory (Fahrny: par. 0026, 0050; store keys, secrets and related information in the memory); 
calculate a message digest by applying a cryptographic hash function to contents of the message and the state variable (Fahrny: pars. 0042, 0059; Using the RSA algorithm, in order to send a signed message, the first security device uses the first security device's own private key. The first security device may produce a hash value of the message.., State information [i.e. state variable] may be determined from parameters contained in the message header.  According to an embodiment and as illustrated in the Table, the message header includes various parameters including the Producer Id, Consumer Id, Counter Included Flag, DLDU counter, and Processing Rule Id…; par. 0046);
Fahrny further discloses a state variable reflecting a state of communications between the access control unit and a programming agent (Fahrny: pars. 0038, 0039, 0051, 0059, the state information parameter includes the DCS Layer Data Unit, DLDU counter between DCAS and the validation of the SoC).
Jaffe discloses updating a state variable by applying a predetermined function to a current value of the state variable (Jaffe: par. 0080, an intermediate new state may be generated by applying a hash function (SHA-224 or SHA-256) to a combination of the previous state, the counter, and the key knonce.  The new state mod Q may be used as the nonce …). Note that a hash function (SHA-224 or SHA-256) is equivalent to a 
Klustaitis teaches secure code verification enforcement in a trusted computing device, wherein hash of contents of the secure memory (Klustaitis: par. 0022, applying a hash function to the contents of the trusted memory in the trusted computing device (312).  Such a hash function may take the contents of the trusted memory in the trusted computing device (312) as input and generate a value output. ..  ).  Klustaitis discloses hashing the content of trusted memory is equivalent to “hashing of contents of the secure memory.”   
It is clear that the combination of Fahrny, Jaffe, and Klustaitis as a whole does teach the aforementioned limitations. Therefore, does disclose all limitations argued above.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.


Claims 1-2, 4-5, 8-, 10, 13, 18, and 21-32 are interpreted under 35 U.S.C. 112(f) 
Regarding claims 1-2, 4-5, 8-, 10, 13, 18, and 21-32; claims 1-2, 4-5, 8-, 10, 13, 18, and 21-32 of this application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: Claim 1: access control unit to: receive/store/update/calculate/validate/control.  Claim 8: access control unit to: receive/store/update/calculate/validate/control.  A review of the specification shows that the following appears to be the corresponding structure described in the specification for the 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph limitation: paragraphs describe block diagrams/flowcharts, depicted in figures 1, 7, 8A, 8B, 8C, 9, and 12-13 providing discussions (i.e., algorithms) regarding how to perform the claimed means plus functions.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to 
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).

The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  


Claims 1, 8, and 10 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1, 14, and 17 of US Patent 10,482,275. Although the conflicting claims are not identical, they are not patentably distinct from each other because of common subject matter, as follows:
The instant claim 1 of the instant application cites the limitations: an access control unit comprising a secure memory for storing access control data, the access control unit to: receive a message comprising an access control data item; store the access control data item in the secure memory; update a state variable by applying a predetermined function to a 
The instant claim 8 of the instant application cites the limitations: an access control unit comprising a first secure memory and a second secure memory for storing access control data, the access control unit to: receive a first message comprising a first an access control data item; store the first access control data item in the first secure memory; update a state variable by applying a predetermined function to a current value of the state variable and a hash of contents of the secure memory; calculate a secure memory digest by applying a cryptographic hash function to contents of the message and the state variable; validate the contents of the secure memory by comparing a stored reference value to the secure memory digest; and control, in view of  the access control data item, access by an initiator device to a target device which are fully disclose in claim 14 of the US Patent 10,482,275.
The instant claim 10 of the instant application cites the limitations: receiving, by a system-on-chip (SoC), a message comprising an access control data item; authenticating the message using a message digest function; storing the access control data item in a secure memory; updating a state variable by applying a predetermined function to a current value of the state variable and a hash of contents of the secure memory; calculating a message digest by applying a cryptographic hash function to contents of the message and the state variable; authenticating the message using the message digest: and controlling, in view of the access 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person.
Claims 1, 2, 8, 24, 10, 13, 21-23,  and 27- 31 are rejected under 35 U.S.C. 103 as being unpatentable over Fahrny et al. (“Fahrny,” US 2010/0217985, published Aug. 26, 2010) in view of Jaffe (“Jaffe,” US 2015/0288524, published Oct. 8, 2015), further in view of Klustaitis et al. (“Klustaitis,” US 2014/0068766, Mar. 6, 2014).
Regarding claim 1, Fahrny teaches a system-on-chip (SoC), comprising:
  an access control unit comprising a secure memory for storing access control data, the access control unit to:
receive a message comprising an access control data item (Fahrny: receive a message comprising authentication information as shown in figure 4); 
store the access control data item in the secure memory (Fahrny: par. 0026, 0050; store keys, secrets and related information in the memory); 
calculate a message digest by applying a cryptographic hash function to contents of the message and the state variable (Fahrny: pars. 0042, 0059; Using the RSA algorithm, in order to send a signed message, the first security device uses the first security device's own private key. The first security device may produce a hash value of the message.., State information may be determined from parameters contained in the message header.  According to an embodiment and as illustrated in the Table, the message header includes various parameters including the Producer Id, Consumer Id, Counter Included Flag, DLDU counter, and Processing Rule Id…; par. 0046);
authenticate the message using the message digest (Fahrny: par. 0045, 0046; the message is authenticated using message digest); and
control, in view of the access control data item, access by an initiator device to a target device (Fahrny: par. 0007, 0008; Binding to establish trust, a first security device to second security device using the authentication information). 
Fahrny discloses a state variable reflecting a state of communications between the access control unit and a programming agent (Fahrny: pars. 0038, 0039, 0051, 0059, the state information parameter includes the DCS Layer Data Unit, DLDU counter between DCAS and the validation of the SoC) but does not explicitly disclose update a state variable by applying a predetermined function to a current value of the state variable and a hash of contents of the secure memory.
However, in an analogous art, Jaffe discloses methods and systems for glitch-resistant cryptographic signing, wherein update a state variable by applying a predetermined function to a current value of the state variable (Jaffe: par. 0080, an intermediate new state may be generated by applying a hash function (SHA-224 or SHA-256) to a combination of the previous state, the counter, and the key knonce.  The new state mod Q may be used as the nonce …).
(Jaffe: abstract).
The combination of Jaffe teaches wherein update a state variable by applying a predetermined function to a current value of the state but does not explicitly disclose another input is hash of contents of the secure memory.
However, in an analogous art, Klustaitis teaches secure code verification enforcement in a trusted computing device, wherein hash of contents of the secure memory (Klustaitis: par. 0022, applying a hash function to the contents of the trusted memory in the trusted computing device (312).  Such a hash function may take the contents of the trusted memory in the trusted computing device (312) as input and generate a value output. ..  ).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Klustaitis with the method and system of Fahrny and Jaffe, wherein update a state variable by applying a predetermined function to a current value of the state variable and a hash of contents of the secure memory to provide user means for enabling effective secure code verification enforcement in the trusted computing device (Klustaitis: abstract, par. 0005).
Regarding claim 2, the combination of Fahrny, Jaffe, and Klustaitis teaches the SoC of claim 1, Fahrny further teaches wherein the access control data item comprises at least one of: an access control rule or an address translation rule including at least one of: an identifier of the initiator device, an identifier of the target device, an address range, an access permission, or an access authorization type (Fahrny: par. 0008, a downloadable conditional access system; par. 0060, the rule ID identifies rules previously sent by the security device).
Regarding claim 8,  Fahrny discloses a system-on-chip (SoC), comprising: 
an access control unit comprising a first secure memory and a second secure memory for storing access control data (Fahrny: par. 0026, 0050, a downloadable conditional access system, DCAS include memory for storing keys), the access control unit to:
 receive a first message comprising a first an access control data item (Fahrny: receive a message comprising authentication information as shown in figure 4); 
 store the first access control data item in the first secure memory Fahrny: par. 0026, 0050; store keys, secrets and related information in the memory); 
 calculate a secure memory digest by applying a cryptographic hash function to contents of the message (Fahrny: pars. 0042, 0059; Using the RSA algorithm, in order to send a signed message, the first security device uses the first security device's own private key. The first security device may produce a hash value of the message.., State information may be determined from parameters contained in the message header.  According to an embodiment and as illustrated in the Table, the message header includes various parameters including the Producer Id, Consumer Id, Counter Included Flag, DLDU counter, and Processing Rule Id…; par. 0046);
validate the contents of the secure memory by comparing a stored reference value to the secure memory digest (Fahrny: pars. 0026, 0042, 0046, 0050, 0056,validate the authenticity of the message by comparing the symmetric key stored in memory with the calculated value of the message digest); and
control, in view of  the access control data item, access by an initiator device to a target device (Fahrny: par. 0007, 0008; Binding to establish trust, a first security device to second security device using the authentication information). 
Fahrny discloses a state variable reflecting a state of communications between the access control unit and a programming agent (Fahrny: pars. 0038, 0039, 0051, 0059, the state information parameter includes the DCS Layer Data Unit, DLDU counter between DCAS and the validation of the SoC) but does not explicitly disclose update a state variable by applying a predetermined function to a current value of the state variable and a hash of contents of the secure memory.
However, in an analogous art, Jaffe discloses methods and systems for glitch-resistant cryptographic signing, wherein update a state variable by applying a predetermined function to a current value of the state variable (Jaffe: par. 0080, an intermediate new state may be generated by applying a hash function (SHA-224 or SHA-256) to a combination of the previous state, the counter, and the key knonce.  The new state mod Q may be used as the nonce …).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Jaffe with the method and system of Fahrny, wherein update a state variable by (Jaffe: abstract).
The combination of Jaffe and Fahrny teaches wherein update a state variable by applying a predetermined function to a current value of the state variable but does not explicitly disclose another input is hash of contents of the secure memory.
However, in an analogous art, Klustaitis teaches secure code verification enforcement in a trusted computing device, wherein hash of contents of the secure memory (Klustaitis: par. 0022, applying a hash function to the contents of the trusted memory in the trusted computing device (312).  Such a hash function may take the contents of the trusted memory in the trusted computing device (312) as input and generate a value output. ..).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Klustaitis with the method and system of Fahrny and Jaffe, wherein update a state variable by applying a predetermined function to a current value of the state variable and a hash of contents of the secure memory to provide user means for enabling effective secure code verification enforcement in the trusted computing device (Klustaitis: abstract, par. 0005).
Regarding claim 10
Regarding claim 13, claim 13 is similar in scope to claim 2, and is therefore rejected under similar rationale.
Regarding claim 21, the combination of Fahrny, Jaffe, and Klustaitis teaches the SoC of claim 1.  Fahrny further discloses wherein the initiator device is provided by one of: a central processing unit (CPU), a graphical processing unit (GPU), or a cryptographic core (Fahrny: par. 0031, a hardware security element is a smart chip (CPU).
Regarding claim 22, the combination of Fahrny, Jaffe, and Klustaitis teaches the SoC of claim 1.  Fahrny further discloses wherein the target device is provided by one of: a memory device, a storage device, or an input/output (I/O) device (Fahrny: par. 0049, fig. 5; content for viewing is sent from the secure micro over the communication channel to the Soc).
Regarding claim 23, the combination of Fahrny, Jaffe, and Klustaitis teaches the SoC of claim 1.  Fahrny further teaches wherein the access control unit is further to: validate the contents of the secure memory by comparing a stored reference value to the message digest (Fahrny: pars. 0026, 0042, 0046, 0050, 0056,validate the authenticity of the message by comparing the symmetric key stored in memory with the calculated value of the message digest).
Regarding claim 24, claim 24 is similar in scope to claim 2, and is therefore rejected under similar rationale. 
Regarding claim 27, claim 27 is similar in scope to claim 21, and is therefore rejected under similar rationale. 
Regarding claim 28, claim 28 is similar in scope to claim 22, and is therefore rejected under similar rationale. 
Regarding claim 29, claim 29 is similar in scope to claim 23, and is therefore rejected under similar rationale.
Regarding claim 30, claim 30 is similar in scope to claim 21, and is therefore rejected under similar rationale.
Regarding claim 31, claim 31 is similar in scope to claim 22, and is therefore rejected under similar rationale.
Regarding claim 32, the combination of Fahrny, Jaffe, and Klustaitis teaches the method of claim 10. Fahrny further teaches wherein authenticating the message further comprises:  calculating a hash message authentication code (HMAC) using the message digest function (Fahrny:  pars. 0044, 0046, computing (calculating a HMAC) using the digest value).
Claims 4 and 25 are rejected under 35 U.S.C. 103 as being unpatentable over Fahrny et al. (“Fahrny,” US 2010/0217985, published Aug. 26, 2010) in view of Jaffe (“Jaffe,” US 2015/0288524, published Oct. 8, 2015), further in view of Klustaitis et al. (“Klustaitis,” US 2014/0068766, Mar. 6, 2014), and Finn et al. (“Finn,” US 20060208066, published Sep. 21, 2006).
Regarding claim 4, the combination of Fahrny, Jaffe, and Klustaitis teaches the SoC of claim 1.  Fahrny further discloses a SoC wherein the access control unit is implemented by a network-on-chip (NoC) (Fahrny: pars. 0023, 0026, 0050, the DCAS is implemented on the host processor SoC that communicates with network of numerous devices). Fahrny does not explicitly disclose filtering firewall to enforce access control in view of the access control data item while transporting at least one of data frames or electric signals between the initiator device and the target device.
However, in an analogous art, Finn discloses RFID token with multiple interface controller wherein filtering firewall to enforce access control in view of the access control data item while transporting at least one of data frames or electric signals between the initiator device and the target device (Finn: pars. 0087, 0117, 0182, 0481, a firewall packet filter used for access control to transfer messages by moving signals in active mode between the initiator and target device).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Finn with the method and system of Fahrny, Jaffe, and Klustaitis, wherein filtering firewall to enforce access control in view of the access control data item while transporting at least one of data frames or electric signals between the initiator device and the target device. It is desirable because all messages entering or leaving the intranet pass through the firewall, which examines each message and block those that do not meet the specified security criteria (Finn: par. 0087).
Regarding claim 25, claim 25 is similar in scope to claim 4, and is therefore rejected under similar rationale. 

Claims 5, 18, and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Fahrny et al. (“Fahrny,” US 2010/0217985, published Aug. 26, 2010) in view of Jaffe (“Jaffe,” US 2015/0288524, published Oct. 8, 2015), further in view of Klustaitis et al. (“Klustaitis,” US 2014/0068766, Mar. 6, 2014), and Omizo et al. (“Omizo,” US 2010/0185804, published Jul. 22, 2010).
Regarding claim 5, the combination of Fahrny, Jaffe, and Klustaitis teaches the SoC of claim 1.  Fahrny does not disclose wherein the access control unit is implemented by a memory management unit (MMU) to enforce access control in view of the access control data item while translating a first address to a second address referencing a memory location on the target device.
However, in an analogous art, Omizo discloses information processing device that accesses memory, processor and memory management method, wherein the access control unit is implemented by a memory management unit (MMU) to enforce access control in view of the access control data item while translating a first address to a second address referencing a memory location on the target device (Omizo: pars. 0027, 0042, 0072, and 0090; the access control unit is implemented by Memory Management Unit controls access between the processor and memory in view of the access control operation while converting  a logical address to a physical address of the secondary memory device).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Omizo with the method and system of Fahrny, Jaffe, and Klustaitis, wherein the access control unit is implemented by a memory management unit (MMU) to enforce access control in view of the access control data item while translating a first address to a second address referencing a (Omizo: par. 0121).
Regarding claim 18, the combination of Fahrny, Jaffe, and Klustaitis teaches the method of claim 10. Fahrny does not explicitly disclose translating a virtual address to a physical address, wherein the physical address references referencing a memory location on the target device.
However, in an analogous art, Omizo discloses information processing device that accesses memory, processor and memory management method, wherein the physical address references referencing a memory location on the target device (Omizo: pars. 0027, 0042, 0072, 0090, converting a logical address virtual to a physical address of the second memory device).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Omizo with the method and system of Fahrny, Jaffe, and Klustaitis, wherein the physical address references referencing a memory location on the target device for preventing unauthorized access to memory of the target device (Omizo: par. 0121).
Regarding claim 26, claim 26 is similar in scope to claim 5, and is therefore rejected under similar rationale. 

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Canh Le whose telephone number is 571-270-1380. The examiner can normally be reached on Monday to Friday 6:00AM to 3:30PM other Friday off.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  





/Canh Le/
Examiner, Art Unit 2439

November 18th, 2021 



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439