Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are presented for examination.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 7/31/2019, 12/13/2019, 12/20/2019, 3/11/2020, 7/9/2020, 9/26/2020, 10/7/2020, 2/17/2021, 3/30/2021, 5/11/2021, 6/9/2021, 7/15/2021, 8/10/2021, 8/18/2021 and 12/16/2021 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Specification
The disclosure is objected to because of the following informalities: 
Section [0021] recites “Thus, the register (183) has explicit permissions (111, 113, ... , 115) specified separately for the domains (101, 103, ... , 105) respectively (e.g., non-hierarchical), without relying upon a predefined hierarchy of trust for the domains ( 102, 103, ... , 105).” and should recite “Thus, the register (183) has explicit permissions (111, 113, ... , 115) specified separately for the domains (101, 103, ... , 105) respectively (e.g., non-hierarchical), without relying upon a predefined hierarchy of trust for the domains ( 101..  
Appropriate correction is required.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-2 and 5-13 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Masuyama (2002/0184345).

Regarding claim 1, Masuyama teaches
a computer system, comprising: 
a memory configured to at least store instructions of routines of a predefined set of domains; 
a processor coupled with the memory, wherein the processor has: 
an execution unit; (Masuyama, [0014] In accordance with the present invention, there is provided a multi-node computer system that includes a plurality of central processing unit (CPU) nodes 105, memory nodes 110, and input/output (I/O) nodes 115 coupled to a system interconnect 120.)
a register; and 
permission data corresponding to the register and the domains in the predefined set; (Masuyama, [0015] In one embodiment, a domain configuration unit 126 includes domain configuration registers 125 and routing table registers (not shown in FIG. 2). Domain configuration registers 125 (which can also be described as partition definition registers) are used to partition computer system 200 into domains 130, 135, 140.  Each domain has its own 
wherein in response to an instruction executed in the processor that generates a request to access the register, the processor is configured to determine whether to accept or reject the request based on a permission bit provided in the permission data corresponding to an execution domain in which the instruction is running (Masuyama, [0023] An individual configuration space 405 includes a domain address map 410 and an associated routing table 415. The routing table includes routing information and access control information for groups of registers. The routing table 415 is indexed by a register configuration space identifier, which value is given by the memory mapped register window  The domain read access field 420 of routing table is a list of domain that have read access for the groups of registers governed by routing table 415. As one example, the domain read access field 420 could be implemented as a bit vector with a bit set to "1" for each domain that has read permission and set to "0" for each domain that does not have read permission.)

Regarding claim 2, Masuyama teaches
the computer system of claim 1, wherein the permission data includes a first permission bit corresponding to a first domain and a second permission bit corresponding to a second domain; 
when the instruction is running in the first domain, the first permission bit controls whether to accept or reject the request; and 
when the instruction is running in the second domain, the second permission bit controls whether to accept or reject the request (Masuyama, [0023] An individual configuration space 405 includes a domain address map 410 and an associated routing table 415. The routing table includes routing information and access control information for groups of registers. The routing table 415 is indexed by a register configuration space identifier, which value is given by the memory mapped for each domain that has read permission and set to "0" for each domain that does not have read permission.) (Examiner Note: read permission for each domain satisfies accept or reject for the first and second domain)

Regarding claim 5, Masuyama teaches
the computer system of claim 2, wherein the permission data includes different permission bits for different types of accesses to the register from a same domain (Masuyama, [0023] FIG. 4 shows an example of system address map 400 with memory mapped register windows. The system address map 400 includes a configuration space window 405 for each domain. Each configuration space window is identified by an identifier, called the register configuration space identifier. An individual configuration space 405 includes a domain address map 410 and an associated routing table 415. The routing table includes routing information and access control information for groups of registers. The routing table 415 is indexed by a register configuration space identifier, which value is given by the memory mapped register window The domain read access field 420 of routing table is a list of domain that have read access for the groups of registers governed by routing table 415. As one example, the domain read access field 420 could be implemented as a bit vector with a bit set to "1" for each domain that has read permission and set to "0" for each domain that does not have read permission. Note that domain read access field 420 is optional. If the field is absent, the default is that every domain has read access.
[0024] Domain write access field 425 of domain routing table 415 is a list of domains that have write access to the local domain registers (i.e., local domain registers 145, 150, and 155) governed by the domain routing table 415. In one embodiment, the domain write access field 425 is a bit vector set for each domain that has write permission, e.g., the bit vector could be set to "1" for each domain that 

Regarding claim 6, Masuyama teaches
the computer system of claim 5, wherein the types of accesses comprise at least one of retrieving content from the register, writing content from the register, or executing an instruction in the register, or any combination thereof (Masuyama, [0023] FIG. 4 shows an example of system address map 400 with memory mapped register windows. The system address map 400 includes a configuration space window 405 for each domain. Each configuration space window is identified by an identifier, called the register configuration space identifier. An individual configuration space 405 includes a domain address map 410 and an associated routing table 415. The routing table includes routing information and access control information for groups of registers. The routing table 415 is indexed by a register configuration space identifier, which value is given by the memory mapped register window The domain read access field 420 of routing table is a list of domain that have read access for the groups of registers governed by routing table 415. As one example, the domain read access field 420 could be implemented as a bit vector with a bit set to "1" for each domain that has read permission and set to "0" for each domain that does not have read permission. Note that domain read access field 420 is optional. If the field is absent, the default is that every domain has read access.
[0024] Domain write access field 425 of domain routing table 415 is a list of domains that have write access to the local domain registers (i.e., local domain registers 145, 150, and 155) governed by the domain routing table 415. In one embodiment, the domain write access field 425 is a bit vector set for each domain that has write permission, e.g., the bit vector could be set to "1" for each domain that 

Regarding claim 7, Masuyama teaches
the computer system of claim 6, further comprising: 
a permission register configured to store at least a portion of the permission data (Masuyama, [0023] As one example, the domain read access field 420 could be implemented as a bit vector with a bit set to "1" for each domain that has read permission and set to "0" for each domain that does not have read permission.)  (Examiner Note: read and write permission fields are separate, each is a portion)

Regarding claim 8, Masuyama teaches
the computer system of claim 7, wherein the permission data is stored in a predetermined location in the permission register (Masuyama, [0023] The routing table includes routing information and access control information for groups of registers. The routing table 415 is indexed by a register configuration space identifier, which value is given by the memory mapped register window The domain read access field 420 of routing table is a list of domain that have read access for the groups of registers governed by routing table) (Examiner Note: value provided by memory mapped register window for the index satisfies predetermined location)

Regarding claim 9, Masuyama teaches
the computer system of claim 7, wherein the permission register is programmable (Masuyama, [0020] Domain read/write access rights to local domain registers are programmable by the server manager and are enforced by the address map and the routing table.)

Regarding claim 10, Masuyama teaches
the computer system of claim 9, wherein the permission register is programmable via firmware or software running in the processor (Masuyama, [0020]  Note that a local domain preferably has read and write access only to the local registers of its domain. In one embodiment, a domain may be given read access to the local domain registers of the other domains of system 200.  Domain read/write access rights to local domain registers are programmable by the server manager and are enforced by the address map and the routing table.)

Regarding claim 11, Masuyama teaches
the computer system of claim 6, wherein the register is a privileged register, the computer system further comprising: 
a set of permission registers configured to store the permission data, wherein the permission registers correspond to the domains respectively; and 
each of the permission registers is configured to store a permission bit that controls accessing the privileged register by routines in a respective domain (Masuyama, [0020] Domain read/write access rights to local domain registers are programmable by the server manager and are enforced by the address map and the routing table. The address map and routing table can be combined. Whenever a domain attempts to access a register, the address map and routing table are accessed to determine what the access rights are and how to route the packet. [0023] The routing table includes routing information and access control information for groups of registers. The routing table 415 is indexed by a 

Regarding claim 12, Masuyama teaches
a method, comprising: 
storing a set of permission bits for a plurality of predefined domains and for a first register of a processor; (Masuyama, [0020] Domain read/write access rights to local domain registers are programmable by the server manager and are enforced by the address map and the routing table. The address map and routing table can be combined. Whenever a domain attempts to access a register, the address map and routing table are accessed to determine what the access rights are and how to route the packet. [0015] In one embodiment, a domain configuration unit 126 includes domain configuration registers 125 and routing table registers (not shown in FIG. 2). Domain configuration registers 125 (which can also be described as partition definition registers) are used to partition computer system 200 into domains 130, 135, 140.  Each domain has its own local domain registers 145, 150, 155 controlling the state of the local domain. The local domain registers can include a variety of different types of local registers, such as control registers,)
receiving, in the processor, a request to access the first register during an execution of a set of instructions; (Masuyama, [0020] Note that a local domain preferably has read and write access only to the local registers of its domain. In one embodiment, a domain may be given read access to the local domain registers of the other domains of system 200.)
identifying, among the plurality of predefined domains, an execution domain that contains the execution of the set of instructions; (Masuyama, [0023] The routing table includes routing information and access control information for groups of registers. The routing table 415 is indexed by a 
retrieving, from the set of permission bits, a permission bit corresponding to the execution domain; and 
controlling, by the processor and based on the permission bit, the request to access the register (Masuyama [0025] The routing destination field 430 defines how requests in the window defined by {base2, limit2} are handled. The routing destination field 430 is a required field. An access attempt to an undefined window is trapped and treated as an access control violation. [0024] Domain write access field 425 of domain routing table 415 is a list of domains that have write access to the local domain registers (i.e., local domain registers 145, 150, and 155) governed by the domain routing table 415. In one embodiment, the domain write access field 425 is a bit vector set for each domain that has write permission, e.g., the bit vector could be set to "1" for each domain that has write access permission and to "0" for each domain that does not have write access permission. The field is optional. If the field is absent, the default is that only the local domain has write permission unless the register is a domain configuration register, in which case no domain has write permission.)  (Examiner Note: Read or Write accesses are controlled by permission bits)

Regarding claim 13, Masuyama teaches
the method of claim 12, wherein the storing comprises: storing the set of permission bits in a predefined portion of a second register of the processor (Masuyama, [0020] Domain read/write access rights to local domain registers are programmable by the server manager and are enforced by the address map and the routing table. The address map and routing table can be combined.  [0023] An individual configuration space 405 includes a domain address map 410 and an associated routing table for each domain that has read permission and set to "0" for each domain that does not have read permission.)


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 3 and 4 are rejected under 35 U.S.C. 103 as being unpatentable over Masuyama (2002/0184345) in view of Smith (2004/0221036).

Regarding claim 3, 
the computer system of claim 2, wherein the predefined set of domains comprises at least one of a domain for hypervisor, a domain for operating system, or a domain for application, or any combination thereof.
Masuyama teaches partitioning into domains with an operating system on each domain as part of the background art (Masuyama, [0004] Multi-node computer networks are often partitioned into  a domain for operating system.  For compact prosecution Smith is cited to teach a domain for an operating system.
However Smith teaches a domain for operating system (Smith [0027] Domains A and B may be configured to run independent operating systems which may be the same or different operating systems.)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Smith’s operating system domains with Masuyama’s domains because doing so improves the logical grouping of tasks (Smith, [0005] Resources which are allocated for particular tasks, or which are allocated for use by particular groups, may be logically grouped together into a separate domain.)

Regarding claim 4, Masuyama and Smith teach
the computer system of claim 3, wherein the execution domain in which the instruction is running is based on a memory address of the instruction (Masuyama, [0022] As previously described, each domain has its own address space. Register addresses are mapped within an address space. Examples of techniques to map register addresses to an address space include memory mapping using windows defined by {base, limit} address pairs or mapping to an entirely separate address space for register access, such as peripheral component interface (PCI). [0020] Domain read/write access rights to local domain registers are programmable by the server manager and are enforced by the address map and the routing table. The address map and routing table can be combined. Whenever a domain attempts to access a register, the address map and routing table are accessed to determine what the access rights are and how to route the packet.)

Claims 14 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Masuyama (2002/0184345) in view of Deshpande (2010/0228943).

Regarding claim 14,
the method of claim 13, wherein the plurality of predefined domains includes a domain for hypervisor. 
Masuyama does not teach predefined domains includes a domain for hypervisor.
However Deshpande teach predefined domains includes a domain for hypervisor (Deshpande, [0036] In this way, a hypervisor or virtualization system maintains virtual-to-physical mappings between I/O and coherency domain identifiers (much in the same way it may maintain shadow page tables for mappings between guest virtual addresses and underlying physical memory addresses) and delegates the mapping function for individual accesses or operations to PAMU 211.  [0018] For concreteness of description, we focus on certain illustrative implementations of a peripheral access management unit (PAMU) in a logically partitionable, multiprocessor-based computational system for which a multiplicity of logical I/O devices and domains are supported using underlying physical resources.)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Deshpande’s partitions with Masuyama’s partitions because doing so increases the flexibility or number of partitions (Deshpande  [0006] An access management unit implementation, whether styled or deployed as an MMU, IOMMU or PAMU, typically employs storage for representation of its mapping model. Unfortunately, as the number of address domains (or more generally, identifier domains) mapped increases and/or as the flexibility or number of mapping techniques available increases, mapping data storage requirements tend to increase as well. Accordingly, storage efficient mapping data representations and techniques are desired.)

Regarding claim 15, Masuyama and Deshpande teach
the method of claim 13, wherein the plurality of predefined domains includes a domain for operating system (Deshpande, [0018] Typically, operating system images are instantiated in individual partitions and one or more PAMU instances mediate address mappings between I/O domains and a coherency domain of the system)
The same reason to combine Deshpande with Masuyama as in claim 14 applies.

Claims 16, 17, 18 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Masuyama (2002/0184345) in view of Koufaty (2016/0110298).

Regarding claim 16,
the method of claim 13, wherein the request to access the first register is controlled for a type of operations based at least in part on a value of the permission bit corresponding to the execution domain.
Masuyama does not teach the first register is controlled for a type of operations based at least in part on a value of the permission bit corresponding to the execution domain.
However Koufaty teaches the first register is controlled for a type of operations based at least in part on a value of the permission bit corresponding to the execution domain (Koufaty, [0055] At 408, the processing logic may select a protection key from a set of protection keys available to the processing logic. The protection key may be n-bit of binary codes that may be used to identify memory access permission stored in one or more permission registers. [0053] In one embodiment, the processing logic may receive the privilege level from a register that keeps a record of the 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Koufaty’s registers with Masuyama’s domains because doing so improves memory protection (Koufaty, [0002] To prevent the stray accesses from accessing or corrupting memory in unintended ways, certain memory protection mechanism is needed.)

Regarding claim 17, Masuyama and Koufaty teach
the method of claim 16, wherein the type comprises at least one of read, write, or execution, or a combination thereof (Koufaty, [0021] Based on the classification, the user domain of the memory (or portions of memory identified with the user mode) and the supervisor domain (or portions of memory identified with the supervisor mode) may be protected by separate permission registers. In certain implementations, the permission register associated with user domains may be modified directly by user application without the assistance of the kernel of the operating system.)

Regarding claim 18, Masuyama teaches
a computer processor, comprising:
at least one privileged register; (Masuyama, [0015] In one embodiment, a domain configuration unit 126 includes domain configuration registers 125 and routing table registers (not shown in FIG. 2).)
at least one execution unit; and (Masuyama, [0014] In accordance with the present invention, there is provided a multi-node computer system that includes a plurality of central processing unit (CPU) nodes 105, memory nodes 110, and input/output (I/O) nodes 115 coupled to a system interconnect 120)
at least one permission register configured to store permission data corresponding to the privileged register and predefined domains of instruction execution; (Masuyama, [0015] In one 
Masuyama teaches the server controls access to the privilege register (routing table register) but Masuyama does not teach the computer processor is configured to control a request to access
However Koufaty teaches wherein the computer processor is configured to control a request to access the privileged register based on a permission bit in the permission data corresponding to a domain in which an instruction is being executed in the computer processor to generate the request (Koufaty, [0129] In Example 23, the subject matter of any of Examples 21 and 22 can optionally provide that the first permission register is accessible by the task having a privilege level of the user-mode access, and wherein the first permission register comprises a write disable bit that is settable by the task having the privilege level of the user-mode access.)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Koufaty’s registers with Masuyama’s domains because doing so improves memory protection (Koufaty, [0002] To prevent the stray accesses from accessing or corrupting memory in unintended ways, certain memory protection mechanism is needed.)

Regarding claim 19, Masuyama and Koufaty teach
the computing device of claim 18, wherein the at least one privileged register includes a plurality of privileged registers; (Koufaty, [0053]  At 404, the processing logic may determine at which privilege level the task operates. The privilege level of the task determines the mode of memory access may receive the privilege level from a register that keeps a record of the current privilege level (CPL) which may support levels from 0 to 3 with 3 as the lowest level (such as a user application) and 3 as the highest (such as a kernel of the operating system). The task may either run at a user level (e.g., CPL=3) or at a supervisor level (e.g., CPL<3).) and the at least one permission register has a plurality of portions storing permission data for the plurality of privileged registers respectively (Koufaty, [0021] Based on the classification, the user domain of the memory (or portions of memory identified with the user mode) and the supervisor domain (or portions of memory identified with the supervisor mode) may be protected by separate permission registers. In certain implementations, the permission register associated with user domains may be modified directly by user application without the assistance of the kernel of the operating system.)

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Masuyama (2002/0184345) in view of Koufaty (2016/0110298) in view of Smith (2004/00221036).

Regarding claim 20, 
the computing device of claim 19, wherein the predefined domains comprise at least one of a domain of hypervisor, a domain of operating system, or a domain of application, or any combination thereof.
Masuyama teaches partitioning into domains with an operating system on each domain as part of the background art (Masuyama, [0004] Multi-node computer networks are often partitioned into domains, with each domain functioning as an independent machine with its own address space. An operating system runs separately on each domain. Partitioning permits the resources of a computer  a domain for operating system.  For compact prosecution Smith is cited to teach a domain for an operating system.
However Smith teaches a domain for operating system (Smith [0027] Domains A and B may be configured to run independent operating systems which may be the same or different operating systems.)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Smith’s operating system domains with Masuyama’s domains because doing so improves the logical grouping of tasks (Smith, [0005] Resources which are allocated for particular tasks, or which are allocated for use by particular groups, may be logically grouped together into a separate domain.)

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Godard (2018/0060244) teaches thread specific protection domains.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRUCE S ASHLEY whose telephone number is (571)270-0315. The examiner can normally be reached 9-5 PDT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jay Kim can be reached on 571-272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/BRUCE S ASHLEY/Examiner, Art Unit 2494