DETAILED ACTION
The present application is being examined under the pre-AIA  first to invent provisions. 
The amendment filed 1/19/2022 has been placed of record in the file.
Claims 6, 12, 20, and 21 have been amended.
Claims 6-25 are pending.
The double patenting rejection remains of record.
The applicant’s arguments with respect to claims 6-25 have been considered but are moot in view of the following new grounds of rejection.

Response to Amendment
Claims have been amended to further define the security configuration register.  The amendment proves a change in scope to the independent claims as the independent claims now explicitly state storing a secure master designation set of bits, etc.  However, none of the amended claims show a patentable distinction over the prior art as evidenced by the following new grounds of rejection.

Claim Rejections - 35 USC § 103
8.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
9.	The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:


10.	Claims 6-11 and 20 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Williams et al. (U.S. Patent Application Publication Number 2011/0093750), hereinafter referred to as Williams, in view of Strongin et al. (U.S. Patent Application Publication Number 2003/0188184), hereinafter referred to as Strongin, in view of Conti (U.S. Patent Application Publication Number 2007/0011419), further in view of Hyser (U.S. Patent Application Publication Number 2005/0165783).
Williams disclosed a system for managing hardware resources that utilizes boundaries to divide the resources into multiple portions.  In an analogous art, Strongin disclosed a system for controlling access to segments of memory having particular data stored therein.  Also in an analogous art, Conti disclosed a system for defining memory protection regions that utilizes a memory security firewall.  Also in an analogous art, Hyser disclosed a system for verifying access rights for direct memory accesses.  All of these systems manage access requests to multiple different portions of data storage.
Regarding claim 6, Williams discloses an electronic device comprising: at least one processing core (paragraph 40, processor core); a security configuration register to store security privilege configuration information (paragraph 64, levels of privilege), the security configuration register including a non-secure indication (paragraph 69, designation of particular portion); memory including a plurality of addressable locations defined by an address space, the address space including a secure master region, a secure guest region, and a non-secure region, wherein the non-secure region is any portion of the address space other than the secure master region and the secure guest region (paragraph 71, first boundary value and further boundary value); and a 
Williams does not explicitly state the non-secure indication being a non-secure (NS) bit, wherein the security configuration register is configured to be updated only by the secure master, and controlling access to the memory by when the NS bit is a first logical value, granting a 
The combination of Williams and Strongin does not explicitly state the security configuration register including a lock/unlock (L/U) bit; the controlling access to the memory based at least partially on the L/U bit; and controlling access to the memory by when the L/U bit is the first logical value, granting and denying the memory access request as taught by Williams above, and when the L/U bit is the second logical value, granting a memory access request to the secure master region and to the secure guest region when the security indicator of the memory 
The combination of Williams, Strongin, and Conti does not explicitly state the at least one processing core including a plurality of master IDs, and the security configuration register including a secure master designation set of bits, wherein the secure master designation set of bits identifies one of the plurality of master IDs as a secure master.  However, utilizing such master IDs was well known in the art as evidenced by Hyser.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art at the time of the applicant’s invention to modify the combination of Williams, Strongin, and Conti by adding the ability for the at least one processing core including a plurality of master IDs, and the 
Regarding claim 7, the combination of Williams, Strongin, Conti, and Hyser discloses wherein the memory endpoint controller includes: at least one secure master register to store a base address defining the secure master region; and at least one secure guest register to store a base address defining the secure guest region (Williams, paragraph 60, boundary values stored in boundary registers).
Regarding claim 8, the combination of Williams, Strongin, Conti, and Hyser discloses wherein the at least one secure master register includes: a first secure master register that includes a first field to store a selected number of lowest order bits of the base address defining the secure master region; and a second secure master register that includes a second field to store all remaining higher order bits of the base address defining the secure master region other than the selected number of lowest order bits of the base address defining the secure master region (Strongin, paragraph 27, base address divided into lower and upper bits).
Regarding claim 9, the combination of Williams, Strongin, Conti, and Hyser discloses wherein the first secure master register includes a third field to store segment size information defining a size of the secure master region (Williams, paragraph 77, each boundary register provides resource size indication).
Regarding claim 10, the combination of Williams, Strongin, Conti, and Hyser discloses wherein the at least one secure guest register includes: a first secure guest register that includes a fourth field to store a selected number of lowest order bits of the base address defining the secure guest region; and a second secure guest register that includes a fifth field to store all remaining higher order bits of the base address defining the secure guest region other than the selected number of lowest order bits of the base address defining the secure guest region (Strongin, paragraph 27, base address divided into lower and upper bits).
Regarding claim 11, the combination of Williams, Strongin, Conti, and Hyser discloses wherein the first secure guest register includes a sixth field to store segment size information that defines a size of the secure guest region (Williams, paragraph 77, each boundary register provides resource size indication).
Regarding claim 20, Williams discloses a method for configuring a memory access firewall in a data processing system having a security configuration register and memory with an address space including a secure master region, a secure guest region, and a non-secure region (paragraph 71, first boundary value and further boundary value), the method comprising: configuring the memory access firewall to permit access to the secure master region by a memory access request only if a security indicator of the memory access request indicates a secure master level (paragraph 71, first portion accessible only to hypervisor), permit access to the secure guest region only if the security indicator of the memory access request indicates the secure master level or a secure guest level (paragraph 71, second portion accessible to both hypervisor and guest operating system).
Williams does not explicitly state wherein the security configuration register is configured to be updated only by a secure master, and determining a logic value of a non-secure 
The combination of Williams and Strongin does not explicitly state determining a logic value of a lock/unlock bit of the security configuration register, and when the lock/unlock bit has the first logic value, configuring the memory access firewall to permit access as taught by 
The combination of Williams, Strongin, and Conti does not explicitly state determining the secure master from a secure master designation set of bits of the security configuration register.  However, utilizing such master IDs was well known in the art as evidenced by Hyser.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art at the time of the applicant’s invention to modify the combination of .

11.	Claims 12-18 and 21-25 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Williams in view of Strongin, in view of Conti, in view of Hyser, further in view of Riou (U.S. Patent Application Publication Number 2010/0082927).
The combination of Williams, Strongin, Conti, and Hyser disclosed a system for managing hardware resources that utilizes boundaries to divide the resources into multiple portions.  In an analogous art, Riou disclosed techniques for secure data storage using a mode selector.  Both systems manage access requests to multiple different portions of data storage.
Regarding claim 12, Williams discloses an electronic device comprising: at least one processing core (paragraph 40, processor core); memory including a plurality of addressable locations defined by an address space, the address space including a secure master region, a secure guest region, and a non-secure region, wherein the non-secure region is any portion of the address space other than the secure master region and the secure guest region (paragraph 40, memory, and paragraph 71, first boundary value and further boundary value); a security configuration register to store security privilege configuration information (paragraph 64, levels of privilege); and a memory endpoint controller to control access to the memory by the at least one processing core based on the security configuration register, the memory endpoint controller 
Williams does not explicitly state the security configuration register including a non-secure (NS) bit, and wherein the security configuration register is configured to be updated only by the secure master.  However, delineating secure memory sections in such a way was well known in the art as evidenced by Strongin.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art at the time of the applicant’s invention to modify the system of Williams by adding the ability for the security configuration register including a non-secure (NS) bit, and wherein the security configuration register is configured to be updated only by the secure master as provided by Strongin (see paragraph 25, bit indicates secure section, and paragraph 23, security kernel marks section as secure or not, and paragraph 24, if region not designated secure, then no privilege check needed).  One of ordinary skill in the art would have recognized the benefit that dividing the memory into a plurality of segments would be useful when managing associated security information (see Strongin, paragraph 7).
The combination of Williams and Strongin does not explicitly state the security configuration register including a lock/unlock (L/U) bit.  However, utilizing such lock states was well known in the art as evidenced by Conti.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art at the time of the applicant’s invention to modify the combination of Williams and Strongin by adding the ability for the security configuration register including a lock/unlock (L/U) bit as provided by Conti (see paragraph 44, lock status bit).  One of ordinary skill in the art would have recognized the benefit 
The combination of Williams, Strongin, and Conti does not explicitly state the at least one processing core including a plurality of master IDs, and the security configuration register including a secure master designation set of bits, wherein the secure master designation set of bits identifies one of the plurality of master IDs as a secure master.  However, utilizing such master IDs was well known in the art as evidenced by Hyser.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art at the time of the applicant’s invention to modify the combination of Williams, Strongin, and Conti by adding the ability for the at least one processing core including a plurality of master IDs, and the security configuration register including a secure master designation set of bits, wherein the secure master designation set of bits identifies one of the plurality of master IDs as a secure master as provided by Hyser (see paragraph 29, master IDs and only single entity may access region).  One of ordinary skill in the art would have recognized the benefit that checking access rights would assist in providing access to only those particular portions of a resource authorized for access by the secure kernel (see Hyser, paragraph 10).
The combination of Williams, Strongin, Conti, and Hyser does not explicitly state the security state is assigned to the non-secure state when the security indicator, as received, indicates the security state is associated with the security level greater than the non-secure state.  However, switching security states in such a fashion was well known in the art as evidenced by Riou.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art at the time of the applicant’s invention to modify the combination of Williams, Strongin, Conti, and Hyser by adding the ability that, when the address of the 
Regarding claim 13, the combination of Williams, Strongin, Conti, Hyser, and Riou discloses wherein the at least one secure master register includes: a first secure master register that includes a first field to store a selected number of lowest order bits of the base address defining the secure master region; and a second secure master register that includes a second field to store all remaining higher order bits of the base address defining the secure master region other than the selected number of lowest order bits of the base address defining the secure master region (Strongin, paragraph 27, base address divided into lower and upper bits).
Regarding claim 14, the combination of Williams, Strongin, Conti, Hyser, and Riou discloses wherein the first secure master register includes a third field to store segment size information defining a size of the secure master region (Williams, paragraph 77, each boundary register provides resource size indication).
Regarding claim 15, the combination of Williams, Strongin, Conti, Hyser, and Riou discloses wherein the first field and the third field are not directly adjacent to each other within the first secure master register (Williams, paragraph 77, size indication, where one of ordinary skill would not have been limited as to where and how to store the size indication).
Regarding claim 16, the combination of Williams, Strongin, Conti, Hyser, and Riou discloses wherein the at least one secure guest register includes: a first secure guest register that 
Regarding claim 17, the combination of Williams, Strongin, Conti, Hyser, and Riou discloses wherein the first secure guest register includes a sixth field to store segment size information defining a size of the secure guest region (Williams, paragraph 77, each boundary register provides resource size indication).
Regarding claim 18, the combination of Williams, Strongin, Conti, Hyser, and Riou discloses wherein the fourth field and the sixth field are not directly adjacent to each other within the first secure guest register (Williams, paragraph 77, size indication, where one of ordinary skill would not have been limited as to where and how to store the size indication).
Regarding claim 21, Williams discloses an integrated circuit comprising: a crossbar (paragraph 40, bus connecting components); a set of processing cores coupled to the crossbar (paragraph 40, processor core); a security configuration register to store security privilege configuration information (paragraph 64, levels of privilege); and a memory controller coupled to the crossbar and configured to couple to a memory based on the security configuration register (paragraph 40, MMU and memory), wherein the memory controller includes a firewall that includes: a first set of registers configured to store an identifier of a first region of the memory having a first security type (paragraph 60, boundary values stored in boundary registers); a second set of registers configured to store an identifier of a second region of the memory having a second security type (paragraph 60, boundary values stored in boundary registers); and a 
Williams does not explicitly state the security configuration register including a non-secure (NS) bit, and wherein the security configuration register is configured to be updated only by the secure master.  However, delineating secure memory sections in such a way was well known in the art as evidenced by Strongin.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art at the time of the applicant’s invention to modify the system of Williams by adding the ability for the security configuration register including a non-secure (NS) bit, and wherein the security configuration register is configured to be updated only by the secure master as provided by Strongin (see paragraph 25, bit indicates secure section, and paragraph 23, security kernel marks section as 
The combination of Williams and Strongin does not explicitly state the security configuration register including a lock/unlock (L/U) bit.  However, utilizing such lock states was well known in the art as evidenced by Conti.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art at the time of the applicant’s invention to modify the combination of Williams and Strongin by adding the ability for the security configuration register including a lock/unlock (L/U) bit as provided by Conti (see paragraph 44, lock status bit).  One of ordinary skill in the art would have recognized the benefit that utilizing such access rules would help reduce the vulnerability of devices to attacks (see Conti, paragraph 4).
The combination of Williams, Strongin, and Conti does not explicitly state the set of processing cores including a plurality of master IDs, and the security configuration register including a secure master designation set of bits, wherein the secure master designation set of bits identifies one of the plurality of master IDs as a secure master.  However, utilizing such master IDs was well known in the art as evidenced by Hyser.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art at the time of the applicant’s invention to modify the combination of Williams, Strongin, and Conti by adding the ability for the set of processing cores including a plurality of master IDs, and the security configuration register including a secure master designation set of bits, wherein the secure master designation set of bits identifies one of the plurality of master IDs as a secure 
The combination of Williams, Strongin, Conti, and Hyser does not explicitly state updating the attribute to indicate a third security type associated with the third region.  However, switching security states in such a fashion was well known in the art as evidenced by Riou.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art at the time of the applicant’s invention to modify the combination of Williams, Strongin, Conti, and Hyser by adding the ability that, in response to the address directed to the third region and the attribute of the first processing core indicating permission to access addresses associated with the first region or the second region, update the attribute to indicate a third security type associated with the third region as provided by Riou (see paragraph 15, deactivates secure mode when address to be accessed is non-secure address).  One of ordinary skill in the art would have recognized the benefit that utilizing such security states would assist in managing memory devices with securing access (see Riou, paragraph 30).
Regarding claim 22, the combination of Williams, Strongin, Conti, Hyser, and Riou discloses wherein: the memory controller further includes a configuration register configured to store a lock bit; and the comparator is configured to: when the lock bit has a first value, determine that the first processing core has permission to access the address based on the attribute corresponding to a first security level; and when the lock bit has the first value, determine that the first processing core does not have permission to access the address based on the attribute corresponding to a second security level; and when the lock bit has a second value, 
Regarding claim 23, the combination of Williams, Strongin, Conti, Hyser, and Riou discloses wherein the comparator is configured to determine, based on the attribute corresponding to a secure master, that the first processing core has permission to access the first region and the second region (Williams, paragraph 71, first and second portions accessible to hypervisor).
Regarding claim 24, the combination of Williams, Strongin, Conti, Hyser, and Riou discloses wherein the comparator is configured to determine, based on the attribute corresponding to a secure guest, that the first processing core has permission to access the second region but not the first region (Williams, paragraph 71, first portion accessible only to hypervisor and second portion access to both hypervisor and guest operating system).
Regarding claim 25, the combination of Williams, Strongin, Conti, Hyser, and Riou discloses wherein: the memory controller further includes a configuration register configured to store an identifier; and the comparator is configured to determine whether the first processing core has permission to access the address by comparing the attribute to the identifier (Williams, paragraph 69, portion and operating mode, and paragraph 71, portions defined by boundary values).

19 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Williams in view of Strongin, in view of Conti, in view of Hyser, in view of Riou, further in view of Porter et al. (U.S. Patent Application Publication Number 2002/0163522), hereinafter referred to as Porter.
The combination of Williams, Strongin, Conti, Hyser, and Riou disclosed a system for managing hardware resources that utilizes boundaries to divide the resources into multiple portions.  In an analogous art, Porter disclosed a system for maintaining secure and non-secure data in a shared memory system.  Both systems manage access requests to multiple different portions of data storage.
Regarding claim 19, the combination of Williams, Strongin, Conti, Hyser, and Riou does not explicitly state wherein the secure guest region of the address space includes at least two discontinuous regions.  However, partitioning memory in such a way was well known in the art as evidenced by Porter.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art at the time of the applicant’s invention to modify the combination of Williams, Strongin, Conti, Hyser, and Riou by adding the ability that the secure guest region of the address space includes at least two discontinuous regions as provided by Porter (see paragraph 35, secure portion may be discontiguous region).  One of ordinary skill in the art would have recognized the benefit that managing partitions between secure and non-secure data would assist in securing data in shared memory systems (see Porter, paragraph 6).



Conclusion
13.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
14.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to Victor Lesniewski whose telephone number is (571)272-2812. The examiner can normally be reached Monday thru Friday, 9am to 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.





/Victor Lesniewski/Primary Examiner, Art Unit 2493