DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1-23 are pending.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 10-13, 20, and 23 are rejected under 35 U.S.C. 112(a) or pre-AIA  35 U.S.C. 112, first paragraph, as based on a disclosure which is not enabling.  The disclosure does not enable one of ordinary skill in the art to practice the invention without knowing how to “insert an I/O key identifier into key identifier bits within a host physical address”, which is/are critical or essential to the practice of the invention but not included in the claim(s). See In re Mayhew
Claims 10, 20, and 23 recites “wherein an I/O key identifier is inserted into key identifier bits within a host physical address”, “inserting an I/O key identifier into key identifier bits within a host physical address”, and “inserting an I/O key identifier into key identifier bits within a host physical address” respectively.
The specification does not describe what it means or how to perform the insertion of a key into key identifier bits of a host physical address. The specification at paragraph [0039], [0076], [0086], and [0089], just recite “the fixed platform IOKeyID is inserted into the KeyID bits of the HPA”, “wherein an I/O key identifier is inserted into key identifier bits within a host physical address”, and “inserting an I/O key identifier into key identifier bits”. The specification does not provide any more with regards to what this insertion is or how it’s performed.
A) The breadth of the claims: insertion an I/O key identifier into key identifier bits within a host physical address
B) The nature of the claims: access of memory via keys and addresses
C) The state of the prior art: the use of encryption keys to encrypt and decrypt data at an address located in memory
D) The level of one of ordinary skill in the art: would know how to use a provided key to encrypt or decrypt data at a location provided by the address. The terms key identifier and host physical address are well known in the art and one of ordinary skill in the art would also know how to designate certain bits in host physical address for a specific purpose, but would not know what it means to insert a key identifier into key identifier bits within a host physical address.
E) The level of predictability in the art: high, there are many factors that can be influence how the key identifier can interact with the address and one of ordinary skill in the art would not know what this “insert” operation being performed is.
F) The amount of direction provided by the inventor: practically none, there is no definition of

G) The existence of working examples: none
H) The quantity of experimentation needed to make use of the invention based on the content
of the disclosure: immense as nothing is provided to define what it means to “inserting into the KeyID bits of the HPA”
Claims 11-13 depends upon claim 10 and inherits the same deficiencies.

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 8 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 8 recites “a system agent”, claim 8 is dependent upon 7, which is dependent upon 6, which is dependent upon 5, which is dependent upon 4, which is dependent upon 3, which is dependent upon 2. Claim 2 also recites “a system agent”, it is unclear whether the system agent in claim 8 is the same as the system agent in claim 2. If it is the same claim 8 should recite “the system agent”, if it is not the same examiner suggests using “a first system agent” and “a second system agent” to distinguish the two.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-8, 15-19, 21, and 22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sahita et al. (US 2019/0087575) (hereinafter Sahita) (published March 21, 2019) in view of Leclercq (US 2012/0042157) (hereinafter Leclercq) (published February 16, 2012).
Regarding Claim 1, Sahita discloses an apparatus to facilitate security of a shared memory resource, comprising: a memory device to store memory data, wherein the memory device comprises a plurality of private memory pages associated with one or more trusted domains; and
“In Example 5, the subject matter of any one of Examples 1-4 can optionally include wherein the MK-TME engine generates a plurality of encryption keys accessed via key IDs assigned to the TD for use in encrypting and decrypting the memory pages of the TD, and encrypting and decrypting memory pages corresponding to persistent memory assigned to the TD, and wherein the MOT to track the plurality of key IDs via one key ID associated with each entry in the MOT” (Sahita [0175])

a cryptographic engine to encrypt and decrypt the memory data, including a key encryption table having a key identifier associated with each trusted domain to access a private memory page,
“reference the MOT to obtain at least one key identifier (ID) corresponding to an encryption key assigned to the TD, the key ID to allow the processing device to decrypt memory pages assigned to the TD responsive to the processing device executing in the context of the TD, the memory pages assigned to the TD encrypted with the encryption key” (Sahita [0173])

But does not explicitly state wherein a first key identifier is generated to perform direct memory access (DMA) transfers for each of a plurality of input/output (I/O) devices. However does disclose a DMA Unit “a direct memory access (DMA) unit 1132” (Sahita [0162]).
Leclercq discloses wherein a first key identifier is generated to perform direct memory access (DMA) transfers for each of a plurality of input/output (I/O) devices.
“the DMA or micro DMA controller reads data stored in the secure RAM and provides the data to a crypto processor (i.e., one of the HW accelerators), which encrypts the data using the generated data encryption key” (Leclercq [0050])

It would have been obvious before the effective filing date of the invention to one of ordinary skill in the art to combine the using of an encryption key to perform DMA transfers in Leclercq with Sahita to yield predictable results of increased security by having the data encrypted.

Regarding Claim 2, Sahita further discloses further comprising a system agent including a memory ownership table to indicate a trusted domain having ownership of each of the private memory pages.
“reference the MOT to obtain at least one key identifier (ID) corresponding to an encryption key assigned to the TD, the key ID to allow the processing device to decrypt memory pages assigned to the TD responsive to the processing device executing in the context of the TD, the memory pages assigned to the TD encrypted with the encryption key; and reference the MOT to obtain a guest physical address corresponding to a host physical memory page assigned to the TD, wherein a match of the guest physical address obtained from the MOT with an accessed guest physical address is to allow the processing device access to the memory pages assigned to the TD responsive to the processing device executing in the context of the TD” (Sahita [0173])

Regarding Claim 3, Sahita further discloses wherein the memory ownership table includes a plurality of attributes, including an I/O attribute bit to indicate whether access to a private memory page comprises an access by an I/O device.
“In one implementation, the MOT 160 is aligned on a 4 KB boundary of memory and occupies a physically contiguous region of memory protected from access by software after platform initialization. In an implementation, the MOT is a micro-architectural structure and cannot be directly accessed by software. Architecturally, the MOT 160 holds the following security attributes for each 4 KB page of host physical memory:” (Sahita [0065])

“Page Category—DRAM, NVRAM, IO, Reserved” (Sahita [0067])

Regarding Claim 4, Sahita further discloses further comprising a central processing unit (CPU) to assign a private memory page for a DMA transfer to the first key identifier.
“The processor 112 consults the TDRM 180-managed MOT to assign allocation of memory to TDs 220. This allows the TDRM 180 the full ability to manage memory as a resource without having any visibility into data resident in assigned TD memory” (Sahita [0059] the DMA transfer disclosed above is provided memory by the processor)

Regarding Claim 5, Sahita further discloses wherein assigning the private memory page comprises mapping an I/O page to a guest physical address.
“reference the MOT to obtain a guest physical address corresponding to a host physical memory page assigned to the TD, wherein a match of the guest physical address obtained from the MOT with an accessed guest physical address is to allow the processing device access to the memory pages assigned to the TD responsive to the processing device executing in the context of the TD” (Sahita [0173])

Regarding Claim 6, Sahita further discloses wherein assigning the private memory page further comprises mapping the I/O page and the guest physical address to a host physical address.
“If the TDRM 180 has enabled an extended MOT, then the instruction can specify the initial guest physical address (GPA) that is mapped to the specified HPA” (Sahita [0080])

Regarding Claim 7, Sahita further discloses wherein assigning the private memory page further comprises storing the guest physical address and the host physical address in the memory ownership table and setting the I/O attribute bit in the memory ownership table to indicate that that the private memory page is accessible by the I/O device.
“In one implementation, the MOT 160 is aligned on a 4 KB boundary of memory and occupies a physically contiguous region of memory protected from access by software after platform initialization. In an implementation, the MOT is a micro-architectural structure and cannot be directly accessed by software. Architecturally, the MOT 160 holds the following security attributes for each 4 KB page of host physical memory:” (Sahita [0065])

“Page Category—DRAM, NVRAM, IO, Reserved” (Sahita [0067])

“If the TDRM 180 has enabled an extended MOT, then the instruction can specify the initial guest physical address (GPA) that is mapped to the specified HPA” (Sahita [0080])

“reference the MOT to obtain a guest physical address corresponding to a host physical memory page assigned to the TD, wherein a match of the guest physical address obtained from the MOT with an accessed guest physical address is to allow the processing device access to the memory pages assigned to the TD responsive to the processing device executing in the context of the TD” (Sahita [0173])

Regarding Claim 8, Leclercq further discloses wherein a system agent processes DMA transfers.
“the DMA or micro DMA controller reads data stored in the secure RAM and provides the data to a crypto processor (i.e., one of the HW accelerators), which encrypts the data using the generated data encryption key” (Leclercq [0050])

Regarding Claim 15, Sahita discloses a method to facilitate security of a shared memory resource, comprising: generating a plurality of key identifiers to be associated with a private memory page associated with one or more trusted domains,
“In Example 5, the subject matter of any one of Examples 1-4 can optionally include wherein the MK-TME engine generates a plurality of encryption keys accessed via key IDs assigned to the TD for use in encrypting and decrypting the memory pages of the TD, and encrypting and decrypting memory pages corresponding to persistent memory assigned to the TD, and wherein the MOT to track the plurality of key IDs via one key ID associated with each entry in the MOT” (Sahita [0175])

But does not explicitly state wherein plurality of key identifiers comprises a first key identifier to perform direct memory access (DMA) transfers for each of a plurality of input/output (I/O) devices. However does disclose a DMA Unit “a direct memory access (DMA) unit 1132” (Sahita [0162]).
Leclercq discloses wherein plurality of key identifiers comprises a first key identifier to perform direct memory access (DMA) transfers for each of a plurality of input/output (I/O) devices.
“the DMA or micro DMA controller reads data stored in the secure RAM and provides the data to a crypto processor (i.e., one of the HW accelerators), which encrypts the data using the generated data encryption key” (Leclercq [0050])

It would have been obvious before the effective filing date of the invention to one of ordinary skill in the art to combine the using of an encryption key to perform DMA transfers in Leclercq with Sahita to yield predictable results of increased security by having the data encrypted.

Regarding Claim 16, Sahita further discloses further comprising assigning a private memory page for a DMA transfer to the first key identifier.
“The processor 112 consults the TDRM 180-managed MOT to assign allocation of memory to TDs 220. This allows the TDRM 180 the full ability to manage memory as a resource without having any visibility into data resident in assigned TD memory” (Sahita [0059] the DMA transfer disclosed above is provided memory by the processor)

Regarding Claim 17, Sahita further discloses wherein assigning the private memory page comprises: mapping an I/O page to a guest physical address;
“reference the MOT to obtain a guest physical address corresponding to a host physical memory page assigned to the TD, wherein a match of the guest physical address obtained from the MOT with an accessed guest physical address is to allow the processing device access to the memory pages assigned to the TD responsive to the processing device executing in the context of the TD” (Sahita [0173])

mapping the I/O page and the guest physical address to a host physical address;
“If the TDRM 180 has enabled an extended MOT, then the instruction can specify the initial guest physical address (GPA) that is mapped to the specified HPA” (Sahita [0080])

storing the guest physical address and the host physical address in a memory ownership table; and
“If the TDRM 180 has enabled an extended MOT, then the instruction can specify the initial guest physical address (GPA) that is mapped to the specified HPA” (Sahita [0080])

“reference the MOT to obtain a guest physical address corresponding to a host physical memory page assigned to the TD, wherein a match of the guest physical address obtained from the MOT with an accessed guest physical address is to allow the processing device access to the memory pages assigned to the TD responsive to the processing device executing in the context of the TD” (Sahita [0173])

setting an I/O attribute bit in the memory ownership table to indicate that that the private memory page is accessible by an I/O device.
“In one implementation, the MOT 160 is aligned on a 4 KB boundary of memory and occupies a physically contiguous region of memory protected from access by software after platform initialization. In an implementation, the MOT is a micro-architectural structure and cannot be directly accessed by software. Architecturally, the MOT 160 holds the following security attributes for each 4 KB page of host physical memory:” (Sahita [0065])

“Page Category—DRAM, NVRAM, IO, Reserved” (Sahita [0067])

Regarding Claim 18, Sahita further discloses further comprising processing DMA transfers.
“the DMA or micro DMA controller reads data stored in the secure RAM and provides the data to a crypto processor (i.e., one of the HW accelerators), which encrypts the data using the generated data encryption key” (Leclercq [0050])

Regarding Claim 19, Sahita further discloses wherein processing the DMA transfers comprises: receiving a DMA transfer request from an I/O device; and checking a table to verify whether the I/O device is authorized to access a private memory page included in the request.
“More specifically, one of the device driver 111, 121, or . . . in one of the domains 110, 120, . . . requests the control access module 320 to allow it access to the memory 240 of the system resource unit 200 through the DMA driver 310 (operation S201). Next, it is determined whether the access control policy allows the domain, which executes the device driver, to access the memory 240 (operation S202)” (Lee [0048])

Regarding Claim 21, Sahita discloses at least one computer-readable medium having instructions, which when executed by a processor, causes the processor to generate a plurality of key identifiers to be associated with a private memory page associated with one or more trusted domains,
“In Example 5, the subject matter of any one of Examples 1-4 can optionally include wherein the MK-TME engine generates a plurality of encryption keys accessed via key IDs assigned to the TD for use in encrypting and decrypting the memory pages of the TD, and encrypting and decrypting memory pages corresponding to persistent memory assigned to the TD, and wherein the MOT to track the plurality of key IDs via one key ID associated with each entry in the MOT” (Sahita [0175])

But does not explicitly state wherein plurality of key identifiers comprises a first key identifier to perform direct memory access (DMA) transfers for each of a plurality of input/output (I/O) devices. However does discloses a DMA Unit “a direct memory access (DMA) unit 1132” (Sahita [0162]).
Leclercq discloses wherein plurality of key identifiers comprises a first key identifier to perform direct memory access (DMA) transfers for each of a plurality of input/output (I/O) devices.


It would have been obvious before the effective filing date of the invention to one of ordinary skill in the art to combine the using of an encryption key to perform DMA transfers in Leclercq with Sahita to yield predictable results of increased security by having the data encrypted.

Regarding Claim 22, Sahita further discloses having instructions, which when executed by a processor, further causes the processor to assign a private memory page for a DMA transfer to the first key identifier, including:
“The processor 112 consults the TDRM 180-managed MOT to assign allocation of memory to TDs 220. This allows the TDRM 180 the full ability to manage memory as a resource without having any visibility into data resident in assigned TD memory” (Sahita [0059] the DMA transfer disclosed above is provided memory by the processor)

mapping an I/O page to a guest physical address;
“reference the MOT to obtain a guest physical address corresponding to a host physical memory page assigned to the TD, wherein a match of the guest physical address obtained from the MOT with an accessed guest physical address is to allow the processing device access to the memory pages assigned to the TD responsive to the processing device executing in the context of the TD” (Sahita [0173])

mapping the I/O page and the guest physical address to a host physical address;
“If the TDRM 180 has enabled an extended MOT, then the instruction can specify the initial guest physical address (GPA) that is mapped to the specified HPA” (Sahita [0080])

storing the guest physical address and the host physical address in a memory ownership table; and
“If the TDRM 180 has enabled an extended MOT, then the instruction can specify the initial guest physical address (GPA) that is mapped to the specified HPA” (Sahita [0080])

“reference the MOT to obtain a guest physical address corresponding to a host physical memory page assigned to the TD, wherein a match of the guest physical address obtained from the MOT with an accessed guest physical address is to allow the processing device access to the memory pages assigned to the TD responsive to the processing device executing in the context of the TD” (Sahita [0173])


“In one implementation, the MOT 160 is aligned on a 4 KB boundary of memory and occupies a physically contiguous region of memory protected from access by software after platform initialization. In an implementation, the MOT is a micro-architectural structure and cannot be directly accessed by software. Architecturally, the MOT 160 holds the following security attributes for each 4 KB page of host physical memory:” (Sahita [0065])

“Page Category—DRAM, NVRAM, IO, Reserved” (Sahita [0067])


Claim 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sahita (published March 21, 2019) and Leclercq (published February 16, 2012) as applied to claim 8 above, and further in view of LEE et al. (US 2008/0256599) (hereinafter Lee) (published October 16, 2008).
Regarding Claim 9, the combination of Sahita and Leclercq disclosed the apparatus of claim 8, but does not explicitly state wherein the system agent receives a DMA transfer request from an I/O device and checks a table to verify whether the I/O device is authorized to access a private memory page included in the request.
Lee discloses wherein the system agent receives a DMA transfer request from an I/O device and checks a table to verify whether the I/O device is authorized to access a private memory page included in the request.
“More specifically, one of the device driver 111, 121, or . . . in one of the domains 110, 120, . . . requests the control access module 320 to allow it access to the memory 240 of the system resource unit 200 through the DMA driver 310 (operation S201). Next, it is determined whether the access control policy allows the domain, which executes the device driver, to access the memory 240 (operation S202)” (Lee [0048])

It would have been obvious before the effective filing date of the invention to one of ordinary skill in the art to combine the use of access control for DMA in Lee with the combination of Sahita and Leclercq to yield predictable results of increased security by filtering who can assess the memory.

Claim 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sahita (published March 21, 2019) and Leclercq (published February 16, 2012) as applied to claim 1 above, and further in view of Leis et al. (US 2005/0114688) (hereinafter Leis) (published May 26, 2005).
Regarding Claim 14, the combination of Sahita and Leclercq disclosed the apparatus of claim 1, but does not explicitly state wherein the first key identifier is generated during a system boot and is not reclaimable.
Leis discloses wherein the first key identifier is generated during a system boot and is not reclaimable.
“In accordance with one feature of the invention, a session key is generated once per boot, and the session key is used to encrypt and decrypt the contents of the paging file only during a single run of the system (e.g., between a startup and a shutdown). The session key is not persisted across boots of the machine” (Leis [0006]) 

It would have been obvious before the effective filing date of the invention to one of ordinary skill in the art to have the session key in Leis be key in the combination of Sahita and Leclercq to yield predictable results of increased security by not being able to reuse that key.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SIDNEY LI whose telephone number is (571)270-5967. The examiner can normally be reached Monday to Friday 10:00 AM to 6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SIDNEY LI/Examiner, Art Unit 2136      

/EDWARD J DUDEK  JR/Primary Examiner, Art Unit 2136