DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 1, 2, 4-6, and 11-18 are rejected under 35 U.S.C. 103 as being unpatentable over US PGPub 2016/0344731 to Serebrin in view of US PGPub 2013/0238681 to Oka et al. (“Oka”).
Regarding claim 1, Serebrin discloses an apparatus, connectable to a memory and one or more peripherals (memory management unit 102, see fig. 1), the apparatus comprising:
translation request circuitry to receive a translation request from one of the peripherals to translate an input address within an input domain to an output address within an output domain (see paragraph 32);
signing circuitry to generate a signature of at least part of the output address using a private key (see paragraphs 33 and 34, a signature for a physical address is generated using a secret value);
translation response circuity to respond to the translation request by transmitting to the one of the peripherals a translation response, including the output address and the signature (see paragraph 36); and

the gateway circuitry is adapted to perform validation of the signature of the desired memory address using the private key (see paragraph 38) and in response to the validation of the given access failing, to perform an error action (see paragraph 40);
invalidation circuitry adapted, in response to receiving an invalidation request, to change the private key (see paragraphs 30 and 90, the system can change the key to invalidate access for a device);
there are a plurality of input domains, including the input domain (see fig. 1, a plurality of devices connect to the memory management unit); and
the apparatus comprises storage circuity to store a plurality of identifiers, each of the identifiers being associated with a different one of the input domains (see also paragraph 30, the secret value may be a per-device secret value which would make it a identifier of the domain), wherein
the private key comprises a plurality of component including one of the identifiers (see paragraph 27, the hash includes the MMU secret value along with other values including the device bus number); and
when the invalidation request is in respect of a given one of the input domains, the invalidation circuitry is adapted to determine an identifier in the identifiers that is associated with the given one of the input domains, and to change the identifier (see paragraph 30, when using per-device secret values, the MMU may change the secret value for just one device to invalidate that device).
Serebrin does not disclose the identifiers are counters and the identifiers are changed by incrementing the identifier. Oka discloses a system that uses a hash function to generate signatures for data wherein a counter value is used for the hash (see paragraph 96 of Oka). It would have been obvious 
Regarding claim 2, Serebrin discloses the apparatus comprising:
storage circuity to store a plurality of mappings between input addresses and output addresses (see paragraphs 32 and 66, a mapping stores the address translation), wherein
the translation response circuitry is adapted to obtain the output address with reference to the mappings (see paragraphs 32 and 66).
Regarding claim 4, Serebrin discloses the apparatus, wherein:
the signature is a cryptographic signature produced using a cryptographic hash function on the at least part of the output address and the private key (see paragraph 34 and 35, the signature is generated from the physical address and a secret value using a hash function).
Regarding claim 5, Serebrin discloses the apparatus, wherein
the cryptographic hash function comprises a truncation operation to truncate the cryptographic signature such that the cryptographic signature and the output address fit within an address field of the access requests (see paragraph 36, the signature can be appended or concatenated to the physical address).
Regarding claim 6, the combination of Serebrin and Oka renders obvious the apparatus, wherein
the private key comprises a plurality of component including one of the counters (see paragraph 27, the hash includes the MMU secret value along with other values including the device bus number; in combination with Oka, the secret value would be a counter).
Regarding claims 11 and 12, Serebrin discloses the apparatus wherein the error action comprises generating a memory fault (see paragraphs 50 and 75, if a signature is not valid, the memory management unit does not allow a request to be processed).
Regarding claim 13, Serebrin discloses the apparatus wherein the error action comprises inhibiting future access requests that originate from an origin peripheral of the given access request (see paragraph 75).
Regarding claim 14, Serebrin discloses the apparatus wherein:
the input address is a virtual address (see paragraph 32); and
the output address is a physical address of the memory (see paragraph 32).
Regarding claim 15, Serebrin discloses the apparatus wherein the peripherals are PCI or PCIe peripherals (see paragraphs 24 and 25, the devices are PCI).
Regarding claim 16, Serebrin discloses the apparatus wherein the output address is a physical address of the memory and the at least part of the output address is a page number of the memory (see paragraph 32, a physical address would necessarily include the page number in order to fully address the memory location).
Regarding claim 17, the combination of Serebrin and Oka renders obvious the method performed by the apparatus of claim 1.
Regarding claim 18, the combination of Serebrin and Oka renders obvious the apparatus with the means for performing the steps wherein the means are the claimed circuitry of claim 1.
Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Serebrin in view of Oka and further in view of US PGPub 2006/0047883 to O’Connor et al. (“O’Connor”).
As applied in the rejection above, the combination of Serebrin and Oka renders obvious the apparatus for translating a virtual address into a physical address. Serebrin does not disclose the translation response circuitry is adapted to obtain the output address by issuing a page walk request to .
Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Serebrin in view of Oka and further in view of US PGPub 2017/0286421 to Hayenga et al (“Hayenga”).
As applied in the rejection above, the combination of Serebrin and Oka renders obvious the apparatus for translating a virtual address into a physical address. Serebrin does not disclose the private key takes an at least pseudo-random number as an input and when the invalidation request is not in respect of a given one of the input domains, the invalidation circuitry is adapted to change the at least pseudo-random number. Hayenga discloses a hashing function wherein a pseud-random number is used (see paragraph 73 of Hayenga). It would have been obvious at the time the application was filed to a person of ordinary skill in the art for the private key to use a pseudo-random number and to change the pseudo-random number when the key needs to be changed in order to avoid prediction of the key.
Response to Arguments
Applicant's arguments filed January 13, 2022 have been fully considered but they are not persuasive. 
Applicant argues that the combination of Serebrin and Oka do not teach incrementing a counter associated with a particular input domain in response to an invalidation request. In particular, applicant argues, “even if a (POSITA) thought to instead increment the device number as though it were one of the claimed counters…” In response, Examiner has reiterated and clarified the previous rejection, noting that the counter of Oka is intended as a substitution of the “secret value” of Serebrin rather than the device bus number. Serebrin discloses resetting the secret value when an invalid address is detected in .
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANIEL D TSUI whose telephone number is (571)270-3253. The examiner can normally be reached Monday-Friday 8am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, David Yi can be reached on (571)270-7519. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DANIEL D TSUI/               Primary Examiner, Art Unit 2132