DETAILED ACTION
Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Response to Amendment
The preliminary amendment filed 2020-12-23 has been entered and fully considered.


Priority
Receipt is acknowledged of papers submitted under 35 U.S.C. 119(a)-(d), which papers have been placed of record in the file


Information Disclosure Statement
The information disclosure statement (IDS) submitted on 2021-02-03 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.


Double Patenting
The Examiner is aware of copending US application numbers 17048937, 17255872, and 17255876, which are related to the instant Application.  Although the copending applications operate within the same context of security-state signaling on a bus as the instant application, the Examiner does not believe that the claims of the instant application, as amended herein, are obvious over the claims of the copending applications as they are currently claimed.


Examiner’s Amendment
An examiner’s amendment to the record appears below.  Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Robert F. Scotti (Reg. 39830) on 2022-01-14.

Please replace the Claims as follows:
1. (Currently Amended) An integrated-circuit device comprising:
a bus system, configured to carry bus transactions and to carry security-state signals for distinguishing between secure bus transactions and non-secure bus transactions;
a plurality of master components, each of the plurality of master components including circuitry, and each master component of the plurality of master components having a secure state and a non-secure state, wherein, when in the secure state, the respective master component initiates secure bus transactions, by outputting security-state signals to the bus system representative of secure bus transactions, and wherein, when in the non-secure state, the respective master component initiates non-secure bus transactions, by outputting security-state signals to the bus system representative of non-secure bus transactions;
a plurality of slave components; and
hardware filter logic,
wherein:
the hardware filter logic is configured to intercept bus transactions at an interception point within the bus system, the interception point being positioned within the bus system such that bus transactions from at least two of the master components pass the interception point, and such that bus transactions for at least two of the slave components pass the interception point; and
the hardware filter logic is configured, for each intercepted bus transaction, to use i) a slave address of the intercepted bus transaction, and ii) the security state of the intercepted bus transaction, to determine whether to allow the intercepted bus transaction, in accordance with a set of filtering rules, and is configured to block intercepted bus transaction that are determined not to be allowed.

15. (Currently Amended) A method of operating an integrated-circuit device, wherein the integrated-circuit device comprises:
a bus system for carrying bus transactions and for carrying security-state signals for distinguishing between secure bus transactions and non-secure bus transactions;
a plurality of master components, each of the plurality of master components including circuitry, and each master component of the plurality of master components having a secure state and a non-secure state, wherein, when in the secure state, the respective master component initiates secure bus transactions, by outputting security-state signals to the bus system representative of secure bus transactions, and wherein, when in the non-secure state, the respective master component initiates non-secure bus transactions, by outputting security-state signals to the bus system representative of non-secure bus transactions; and
a plurality of slave components,
the method comprising:
the bus system carrying secure bus transactions and non-secure bus transactions;
intercepting bus transactions at an interception point within the bus system, the interception point being positioned within the bus system such that bus transactions from at least two of the master components pass the interception point, and such that bus transactions for at least two of the slave components pass the interception point;
using the address of an intercepted bus transaction and the security state of the intercepted bus transaction to determine whether to allow the intercepted bus transaction, in accordance with a set of filtering rules; and
blocking the intercepted bus transaction when the intercepted bus transaction is determined not to be allowed.


Allowable Subject Matter
Claims 1-15 are allowed.

The following is a statement of reasons for the indication of allowable subject matter:
In interpreting the currently amended claims, in light of the specification, the Examiner finds the claimed invention to be patentably distinct from the prior art of record.

Lai (US Pre-Grant Publication No. 20140366131-A1, hereinafter “Lai”) teaches a security control module that protects a device on a bus interconnect and enforces security by inspecting bus transaction and determining whether the transaction complies with security based on the security attribute of the bus device in a similar manner as claimed by the instant application.  

Persson et al. (US Pre-Grant Publication No. 20170060637-A1, hereinafter “Persson”) teaches an accelerator that functions in both normal and protected mode.  The bus transactions that the accelerator can engage in is limited based on whatever mode the accelerator is functioning.

Arbel et al. (US Pre-Grant Publication No. 20160004656-A1, hereinafter “Arbel”) teaches bridging communication between first and second buses, wherein memory access transactions are tagged to indicate the security level of the requester, and non-secure master devices or software tasks are permitted access to only non-secure memory regions or slave devices.  

The prior art of record fails to teach or suggest, individually or in combination, each and every limitation of the claimed invention.  For example, Lai-Persson-Arbel in combination do not disclose the claimed invention as a whole, as recited in independent claims 1 and 15.
Although Lai and Persson similarly disclose enforcing transaction security on a system bus, neither Lai nor Persson disclose “the interception point being positioned within the bus Persson, only the accelerator is subjected to the bus transactional security requirement.  Lai, interestingly, discloses protecting every bus-attached device by its own security control module – whether separate from the device and bus, embedded in the device, or embedded in the bus (Figs. 4A-4C & 5A-5D), yet Lai surprisingly did not consider a single security control module though which intercepted traffic between multiple masters and slaves is collected and inspected.
The Examiner notes that Arbel discloses a bridge though which a plurality of masters and slaves on the attached bus communicate.  However, in Arbel the security level of the requester is pre-defined, in contrast to the claims which recite “each master component of the plurality of master components having a secure state and a non-secure state, wherein, when in the secure state, the respective master component initiates secure bus transactions, by outputting security-state signals to the bus system representative of secure bus transactions, and wherein, when in the non-secure state, the respective master component initiates non-secure bus transactions, by outputting security-state signals to the bus system representative of non-secure bus transactions”.  The Examiner finds that although Lai and Persson disclose what is lacking in Arbel, and vice-versa, their respective functioning and structure (e.g. performing security on a bridging between two buses rather than the devices on a bus itself) are too dissimilar to provide sufficient motivation to be modified and combined in such a way as to render obvious the claimed invention without the usage of impermissible hindsight reasoning.


Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”



Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool.  To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov.  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Kevin Bechtel/
Primary Examiner, Art Unit 2491