DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1-29 are pending. Claims 1, 3, 4, 6-11, 13-15, 17-23, 25-27, and 29 have been amended as per Applicants' request. Claim 30 has been canceled as per Applicants' request.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on March 19, 2020 is/are in compliance with the provisional of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-3, 8-12, and 22-27 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by PARKER et al. (US 2018/0150251) (hereinafter Parker) (PCT published December 22, 2016).
Regarding Claims 1, 28, and 29, taking claim 1 as exemplary, Parker discloses an apparatus comprising: processing circuitry to perform data processing in response to one or more software processes;
“FIG. 2 shows an example of a data processing apparatus 20 comprising a number of bus masters including several processing circuits for processing data in response to instructions. In this example, the processing circuits include two central processing units (CPUs) 24, a graphics processing unit (GPU) 25) and a security complex 28 which is a dedicated processing unit for managing certain security functions as will be discussed below” (Parker [0041])

a realm management unit to manage ownership of a plurality of memory regions, wherein a given memory region is associated with an owner realm specified from among a plurality of realms, each realm corresponding to at least a portion of at least one of the software processes; and
“ownership circuitry to enforce ownership rights of memory regions within a physical memory address space, a given memory region having a given owning process specified from among a plurality of processes and independently of privilege level, said given owning process having exclusive rights to control access to said given memory region” (Parker [0004])

“A page ownership table (POT) 50 is stored in memory 34 tracking which BD (if any) is the owner BD for each physical page of memory. The owner BD (also referred to as an owner process) for a given page of memory has the exclusive right to control access to that page. For example, the owner BD can set attributes in the page ownership table 50 which control whether other BDs are allowed to access the page” (Parker [0049])

memory access circuitry to enforce ownership rights for the plurality of memory regions, the owner realm of the given memory region having a right to exclude other realms from accessing data stored within the given memory region;
“ownership circuitry to enforce ownership rights of memory regions within a physical memory address space, a given memory region having a given owning process specified from among a plurality of processes and independently of privilege level, said given owning process having exclusive rights to control access to said given memory region” (Parker [0004])

“The physical address 76 is then passed to the BDMU 60 to enforce any access controls set by the owner BD in the POT 50 for the corresponding page of the physical address space” (Parker [0078])


“wherein said given owning process designates said given memory region as one of: private to said given owning process; and shared between said given owning process and at least one further source of memory access requests” (Parker [0004-0006])

the memory access circuitry is configured to permit execution, from within a current realm, of program code stored in a target memory region having an owner realm other than the current realm, when the target memory region is owned by a code realm and a code realm authorisation table stored in at least one memory region owned by the current realm indicates that execution of program code stored in the target memory region is permitted by said current realm.
“A page ownership table (POT) 50 is stored in memory 34 tracking which BD (if any) is the owner BD for each physical page of memory. The owner BD (also referred to as an owner process) for a given page of memory has the exclusive right to control access to that page. For example, the owner BD can set attributes in the page ownership table 50 which control whether other BDs are allowed to access the page” (Parker [0049])

“Sharing attribute indicating which processes other than the owner BDID can access the page. For example the sharing attribute may specify one of the following types of page: Private: the page can only be accessed by the owner BD identified in the BDID field 54, IO: the page can only be accessed by the owner BD identified in the BDID field 54 and any device 26 which has been claimed by the owner BD (see the discussion of claiming device ownership below); Shared: the page can be accessed by the owner BD and one or more selected other BDs, but not by any other BDs. The selected other BDs could be identified by further attributes of the attribute field 56 or by control data stored separately from the page ownership table 50. Global: the page can be accessed by any BD” (Parker [0060-0064])

“If the current context BD is the owner BD, then the BDMU 60 checks whether a VA 70 or IPA 75 provided with the input transaction matches the VA/IPA in the address field 58 of the corresponding POT entry 52. The BDMU 60 also checks whether an expected sharing attribute specified in the S1 page table entry for the current access matches the actual sharing attribute specified in the corresponding POT entry” (Parker [0083-0084])

Claims 28 and 29 have similar limitations to claim 1 and is rejected for similar reasons.

Regarding Claim 2, Parker further discloses wherein the memory access circuitry is configured to prevent execution of the program code stored in the target memory region, when the owner realm of 
“ownership circuitry to enforce ownership rights of memory regions within a physical memory address space, a given memory region having a given owning process specified from among a plurality of processes and independently of privilege level, said given owning process having exclusive rights to control access to said given memory region” (Parker [0004])

“Each bus master is provided with protection hardware 60, 62 for enforcing the permission attributes set by the owner BD of a given page to prevent access requests targeting that page from other BDs being output onto the bus 30 if they violate the restrictions controlled by the owner BD. In this way, any process can prevent other processes (including higher privilege level processes) accessing its data or instructions” (Parker [0049])

Regarding Claim 3, Parker further discloses wherein when a given code realm is in an active state in which program code stored in a memory region owned by the code realm is allowed to be executed, the memory access circuitry is configured to reject requests to write data to a memory region owned by the given code realm.
“BDDT 42 may specify a state of the blind domain as one of the following: Invalid: No blind domain has yet been established for this BDID; Scrub: the BDID is being claimed by the security complex 28 (as described below, this may include performing an overwriting procedure to overwrite any data in memory 34 associated with a process which previously used the same BDID); Prepare: The security complex 28 is initialising a BD associated with that BDID to prepare the BD for execution; Execute: The BD has been initialised and is ready for execution or is being executed” (Parker [0044-0048])

“At step 132, the MMU 40 determines whether write access is permitted for the specified page, and if either stage 1 or stage 2 of the MMU 40 determines that write access is not permitted, then at step 134 the request is rejected” (Parker [0104])

Regarding Claim 8, Parker further discloses wherein in response to a code realm open command issued by a given realm specifying at least one memory region, the realm management unit is configured to allocate or make valid a new entry to the code realm authorisation table of the given realm, wherein 
“A process that has ceased to be used is marked as invalid and its BDID will be available to be reclaimed by a new process. The hypervisor may be responsible for creating a process and setting up the process descriptor entry. The initialization of that process may be performed in conjunction with the security controller as previously described. The next state in sequence which may be adopted by the process is a “scrub” state. This indicates that the process BDID concerned has been claimed and associated pages for ownership by the process are undergoing scrubbing, e.g. existing entries in page ownership tables for earlier uses of the BDID concerned are removed and then new pages for the BDID are claimed and scrubbed (subject to destructive overwriting)” (Parker [0144])

Regarding Claim 9, Parker further discloses wherein in response to a code realm extend command issued by a given realm specifying at least one memory region, the realm management unit is configured to allocate or make valid a new entry to the code realm authorisation table of the given realm specifying the same parameters as a previous entry of the code realm authorisation table corresponding to at least one preceding memory region contiguous with the at least one memory region specified by the code realm extend command.
“The reference event could for example be the allocation of a new entry into the table for the given physical address, the updating of information in an existing entry of the table for the given physical address, the execution of a predetermined type of instruction (e.g. an instruction specifying the given first address) or a predetermined change of operating mode of the data processing apparatus (e.g. a change to a secure mode)” (Parker [0157])

Regarding Claim 10, Parker further discloses wherein in response to an execute permission setting command issued by a current realm specifying a given entry of the code realm authorisation table associated with the current realm, the realm management unit is configured to update the given entry to specify that execution of program code from at least one memory region corresponding to the given entry is permitted when said at least one memory region is owned by a code realm.
“When a page owner sets the Sharing attribute for a given page (which indicates whether the page is Private, IO, Shared or Global as discussed above), this may also 

Regarding Claim 11, Parker further discloses wherein each realm other than a root realm is a child realm of a parent realm which initialised the child realm; wherein the memory access circuitry is configured to permit access to memory regions owned by a code realm from within the parent realm of the code realm and from within a child realm or descendant realm of the parent realm of the code realm.
“The sharing of access by the owning process may take a variety of different forms, as illustrated in FIG. 14. An owning process for a page may transfer ownership of that page to a “child” process which is initialized by the owning process (the “parent” process). When such a parent process has initialized a child process and the child process is still in the “prepare” state, then it can transfer ownership of one or more of the pages which the parent owns to that child process. The child process will initially receive those pages marked as private to that child process. The child process may then, if it so wishes, change the shared access control status for any of the pages it owns to indicate a shared status in which it is shared with its parent process” (Parker [0135])

Regarding Claim 12, Parker further discloses wherein the realm management unit is configured to allocate a memory region owned by a given realm for storing the code realm authorisation table for the given realm in response to a code realm authorisation table register command issued by the parent realm of the given realm.
“The sharing of access by the owning process may take a variety of different forms, as illustrated in FIG. 14. An owning process for a page may transfer ownership of that page to a “child” process which is initialized by the owning process (the “parent” process). When such a parent process has initialized a child process and the child process is still in the “prepare” state, then it can transfer ownership of one or more of the pages which the parent owns to that child process. The child process will initially receive those pages marked as private to that child process. The child process may then, if it so wishes, change the shared access control status for any of the pages it owns to indicate a shared status in which it is shared with its parent process” (Parker [0135])

Regarding Claim 22, Parker further discloses wherein the memory access circuitry is configured to look up the code realm authorisation table in parallel with a lookup of at least one address translation table for translating first addresses into second addresses.
“It will be appreciated that the checks described above could be performed in any order or could be performed at least partially in parallel” (Parker [0084] see paragraphs [0077-0084])

Regarding Claim 23, Parker further discloses wherein the processing circuitry is responsive to a realm entry instruction specifying a target realm to switch the current realm to the target realm.
“This pointer indicates a region of memory which is owned by the process concerned. The page descriptor entry also includes a current process status as will be discussed further below” (Parker [0143])

Regarding Claim 24, Parker further discloses wherein the realm management unit or the processing circuitry is configured to reject execution of the realm entry instruction when the target realm is a code realm.
“ownership circuitry to enforce ownership rights of memory regions within a physical memory address space, a given memory region having a given owning process specified from among a plurality of processes and independently of privilege level, said given owning process having exclusive rights to control access to said given memory region” (Parker [0004])

Regarding Claim 25, Parker further discloses wherein the realm management unit comprises a hardware unit.
“Each bus master is provided with protection hardware 60, 62 for enforcing the permission attributes set by the owner BD of a given page to prevent access requests targeting that page from other BDs being output onto the bus 30 if they violate the restrictions controlled by the owner BD” (Parker [0049])

Regarding Claim 26, Parker further discloses wherein the realm management unit comprises the processing circuitry executing realm management software.


Regarding Claim 27, Parker further discloses wherein the owner realm of a given memory region has a right to prevent access to the given memory region by a process executed at a greater privilege level than the owner realm.
“Each bus master is provided with protection hardware 60, 62 for enforcing the permission attributes set by the owner BD of a given page to prevent access requests targeting that page from other BDs being output onto the bus 30 if they violate the restrictions controlled by the owner BD. In this way, any process can prevent other processes (including higher privilege level processes) accessing its data or instructions” (Parker [0049])

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Parker (PCT published December 22, 2016) as applied to claim 1 above, and further in view of Cai et al. (US 2016/0285970) (hereinafter Cai) (published September 29, 2016).
Regarding Claim 13, Parker disclosed the apparatus of claim 1, but does not explicitly state wherein when a given realm is in an active state in which program code stored in a memory region owned by the given realm is executable, the realm management unit is configured to prevent 
Cai discloses wherein when a given realm is in an active state in which program code stored in a memory region owned by the given realm is executable, the realm management unit is configured to prevent deallocation of a memory region storing at least part of the code realm authorisation table for the given realm.
“Fast path memory management program 400 prevents GC 130 from moving or deallocating the memory containing the object/buffer until fast path memory management program 400 determines that the object/buffer is designated as “dead.” When fast path memory management program 400 determines that an object/buffer is “dead,” fast path memory management program 400 updates the managed memory list of GC 130 permitting GC 130 to reclaim shared memory” (Cai [0025])

It would have been obvious before the effective filing date of the invention to one of ordinary skill in the art to combine the prevention of deallocating memory containing objects that are not dead in Cai with Parker to yield the predictable results of better stability by not having objects that are still in use be deleted/deallocated.

Claims 15 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Parker (PCT published December 22, 2016) as applied to claim 1 above, and further in view of West (US 2002/0013822) (hereinafter West) (published January 31, 2002).
Regarding Claim 15, Parker disclosed the apparatus of claim 1, but does not explicitly state wherein the code realm authorisation table comprises at least one code realm authorisation table entry, each valid code realm authorisation table entry corresponding to a span comprising a contiguous block of two or more of said memory regions, and specifying whether execution of program code from the corresponding span is permitted.
West discloses wherein the code realm authorisation table comprises at least one code realm authorisation table entry, each valid code realm authorisation table entry corresponding to a span 
“Each of the above function calls manage one or more pools of shared memory, allowing applications to reserve varying lengths of contiguous shared memory to hold data that can be shared and/or updated by one of more processors in the computing system. It is obvious to one skilled in the art, that various other function calls dealing with shared memory management may also be employed, including but not limited to marking certain shared memory regions as exclusive to a single processor, or private to a set of one or more processors, transferring ownership of shared memory regions from one processor to another, etc.” (West [0042])

It would have been obvious before the effective filing date of the invention to one of ordinary skill in the art to combine the varying lengths of contiguous memory in West with Parker to yield the predictable results of better optimization by having less entries in the table to display the same amount of information.

Regarding Claim 16, Parker further discloses wherein the realm management unit is configured to limit a number of code realms which own memory regions within the same span to a maximum of 1.
“The owner BD (also referred to as an owner process) for a given page of memory has the exclusive right to control access to that page. For example, the owner BD can set attributes in the page ownership table 50 which control whether other BDs are allowed to access the page” (Parker [0049] there is only one owner process for the page of memory)


Allowable Subject Matter
Claims 4-7, 14, and 17-21 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SIDNEY LI whose telephone number is (571)270-5967. The examiner can normally be reached Monday to Friday 10:00 AM to 6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Charles Rones can be reached on (571) 272-4085. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SIDNEY LI/Examiner, Art Unit 2136    

/EDWARD J DUDEK  JR/Primary Examiner, Art Unit 2136