DETAILED ACTION
Claims 1-4, 6, 11-13, 15 and 18-26 are pending in this action with claims 18-21 withdrawn from consideration.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter
Claims 2-4, 6, 15 and 24 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Claim Objections
Claim 1 is objected to because of the following informalities:  “the on-chip network” lacks antecedent basis.  Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 11-13, 22, 23, 25 and 26 are rejected under 35 U.S.C. 103 as being unpatentable over de Cesare et al. (US PGPUB No. 2016/0055102) [hereinafter “de Cesare”] in view of Gu et al. (WO 2017162192 A1) [hereinafter “Gu”].

A per claim 1, de Cesare teaches a system, comprising: a central processing unit (CPU) fabric communicatively coupled to a processor core ([0039], CPU on integrated circuit with multiple cores), the CPU fabric comprising a first storage location to store a first security identifier value ([0048]-[0050], source ID of requests made by SEP processor) see ([0020], source can be any other component on SOC, i.e. processors, memory, controllers, etc.); and a security engine, comprising: a processor to execute instructions ([0019], SEP processor which handles secure accesses to secure memory from CPU); and circuitry to: obtain a request from the processor core to perform a security function targeting a secure asset ([0020], request by CPU to SEP processor to perform secure 
	De Cesare does not explicitly teach the first security identifier value associated with a processor core. Gu teaches the first security identifier value associated with a processor core (Abstract, core and chip identifiers used to manage cache read and writes).
	At the time of filing, it would have been obvious to one of ordinary skill in the art to combine de Cesare with the teachings of Gu, the first security identifier value associated with a processor core, to control access to secure data based on particular processor cores in a multi-core system. The combination of de Cesare and Gu would be implemented by using the processor core identifiers taught in Gu as source ID’s taught in de Cesare so that memory accesses are controlled based on requests from specific cores.

As per claim 11, de Cesare teaches a method comprising: obtaining, by a security co-processor in a system-on-chip (SoC) (Abstract, a system-on-chip including a security co-processor), a request to perform a security function targeting a secure asset on an on-chip network of the SoC ([0020], a request is made to perform a security function targeting encryption keys, secure memory, etc.), the request obtained from a processor core of a host central processing unit (CPU) ([0020], request by CPU to SEP processor 
De Cesare does not explicitly teach one or more security identifiers associated with a processor core of a host CPU. Gu teaches one or more security identifiers associated with a processor core of a host CPU (Abstract, core and chip identifiers used to manage cache read and writes).
	At the time of filing, it would have been obvious to one of ordinary skill in the art to combine de Cesare with the teachings of Gu, one or more security identifiers associated with a processor core of a host CPU, to control access to secure data based on particular processor cores in a multi-core system. The combination of de Cesare and Gu would be implemented by using the processor core identifiers taught in Gu as source ID’s taught in de Cesare so that memory accesses are controlled based on requests from specific cores.

As per claim 12, the combination of de Cesare and Gu teaches the method of claim 11, further comprising: determining that access to the security asset by the security function is not authorized (de Cesare; [0020], determining if access request is a success/failure); and preventing issuing of the request over the on-chip network (de Cesare; [0020], 

As per claim 13, the combination of de Cesare and Gu teaches the method of claim 11, further comprising: obtaining, from a CPU fabric of the SoC, an indication of a security state of the host CPU (de Cesare; [0050], locking portions of the secure memory, i.e. locked state applied to CPU with respect to memory); and wherein determining that access to the secure asset by the security function is authorized comprises determining that the processor core is able to modify the stored values of the one or more security attributes associated with the processor core based on the indication of the security state of the host CPU (de Cesare; [0050], determining if locked which determines if the SEP address space can be read or modified by the SOC, i.e. host CPU).

As per claim 22, the combination of de Cesare and Gu teaches the system of claim 1, wherein a security mechanism is extended to the security co-processor from a CPU fabric of the SoC (de Cesare; Fig. 1, SEP state code extended to SEP processor via fabric of SoC).

As per claim 23, the combination of de Cesare and Gu teaches the system of claim 1, wherein the security co-processor is outside the CPU fabric and distinct from a host CPU on the CPU fabric (de Cesare; Fig. 1, SEP processor is connected to the CPU fabric but not inside it – it is inside the SoC and is distinct from the CPU).



As per claim 26, the combination of de Cesare and Gu teaches the method of claim 11, further comprising: determining that access to the security asset by the security function is not authorized (de Cesare; [0050], source ID restrictions on accessing data by SEP – access controlled by SEP in tandem with memory controller based on source ID) based on the security identifier associated with the processor core (Gu; Abstract, core and chip identifiers used to manage cache read and writes – this would be combined with the source ID restriction taught in de Cesare); and preventing issuance of the request over the on-chip network (de Cesare; [0050], allowing or denying access request based on source ID).

Response to Arguments
Applicant's arguments with respect to the restriction of claim 11 and its dependent claims have been fully considered and are persuasive. The claims have been examined. See rejection above.

Applicant's arguments with respect to the rejection of claims 1, 11-13, 22, 23, 25 and 26 under 35 U.S.C. 102 and 103 have been fully considered but are moot in light of 
As per claim 1, Applicant argues that the cited prior art reference, de Cesare does not teach “a central processing unit (CPU) fabric communicatively coupled to a processor core, the CPU fabric comprising a first storage location to store a first identifier value associated with the processor core.”  Applicant reasons that the SEP data is “not storing a value associated with a core”. Examiner submits that Gu at Abstract, teaches the tracking of core and chip identifiers used to manage access to cache memory; this would be combined with the source ID restriction taught in de Cesare see [0050] to allow restrictions be made with respect to memory accesses by specific processor cores.
	Applicant furthers argues that the cited prior art reference, de Cesare does not teach “a security engine, comprising … circuitry to obtain a request from the processor core to perform a security function targeting a secure asset.” Applicant reasons that the SEP processor does not “handle secure accesses to memory from the CPU”; applicant reasons that it is the control circuitry described in de Cesare that does this. See Remarks dated 11/8/2021 Page 10 Para. 1. Examiner submits that in [0026] of de Cesare, it clearly describes obtaining requests from the SEP processor to perform security functions in association with a secure enclave or security peripherals. The memory controller is interpreted to be an extension of the security functionality and works in tandem with the security processor to achieve what is being claimed in the instant application. See de Cesare at [0050]. Furthermore, Gu teaches identifying a processor core as a request source to a shared cache (Page 9, Para. 7), i.e. secured 

To expedite prosecution, Examiner is open to conducting an interview to discuss claim amendments to overcome the current rejection and/or to place the application in condition for allowance.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Boivie et al. (US PGPUB No. 2017/0093804), Goto et al. (US PGPUB No. 2006/0015748) and Justin et al. (US PGPUB No. 2016/0149900) all disclose the use of a dedicated security processor to manage access privileges to secure storage and memory. Kocher et al. ("Security as a new dimension in embedded system design", IEEE, Proceedings. 41st Design Automation Conference, 2004, pp. 753-760), Perez ("Silicon systems security and building a root of trust", IEEE, doi: 10.1109/ASSCC.2015.7387431, 2015, pp. 1-4) and Meng et al. ("Built-in Security Computer: Deploying Security-First Architecture Using Active Security Processor", IEEE, doi: 10.1109/TC.2020.3011748, 2020, pp. 1571-1583) provide generally the state of the art involving embedded security hardware and co-processors. McKee (US PGPUB No. 2006/0023884), O’Connor (US PGPUB No. 2007/0106871), Mansell et al. (US PGPUB No. 2009/0222816), Contreras et al. ("Security vulnerability analysis of .

Any inquiry concerning this communication or earlier communications from the examiner should be directed to PETER C SHAW whose telephone number is (571)270-7179.  The examiner can normally be reached on Max Flex.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/PETER C SHAW/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        January 10, 2022