DETAILED ACTION
This office action is in response to amendment filed on 2/21/2022.
Claims 1, 2, 4, 6, 18 and 20 are amended.
Claims 1 – 20 are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4, 5, 7 – 16 and 18 – 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Volos et al (WO 2017142525, prior art part of IDS dated 10/23/2020, hereinafter Volos), in view of Van Riel et al (US 20190171379, hereinafter Van Riel).

As per claim 1, Volos discloses: A method of memory deallocation across a trust boundary between a first software component and at least a second software component, the method comprising: 
between the first and second software component; (Volos [0059]: inter-process communication mechanism; [0010]: “the sharing of data between processes executing on compute nodes can be accomplished using a shared memory region. A shared memory region can refer to a memory region that is implemented in memory media that is associated with respective compute nodes”.)
using the first software component to deallocate memory from the shared memory which has been allocated by the second software component. (Volos [0058]: “In other examples, instead of performing bulk de-allocation, a call to free a specific block can be made by a process, such as by using a free() method in the heap library. To free a block, the free() method can locate the zone containing the block, and if the zone is owned by the process that invoked the request to free the block, then the block can be freed by the memory manager. Otherwise, deallocation fails, and the user process would have to direct the call to free the block to the user process owning the zone”; [0059]: “Because multiple users share the heap, it is possible that a first process allocates a block, passes a pointer to the allocated block to a second process, and then the second process attempts to free (or de-allocate) the allocated block after the second process is done with processing the content of the allocated block. The second process does not own this block, so any attempt by the second process to de-allocate the block will fail. Instead the second process has to ask, such as by using an inter-process communication or other communication mechanism, the first (owner) process to de-allocate the block”.)
Volos did not explicitly disclose:
at least by adding a request to free a memory allocation to a record in the in-memory passing facility; and using the second software component to: take the request to free the memory allocation from the message passing facility; and free the memory allocation using a local deallocation mechanism.
However, Van Riel teaches:
at least by adding a request to free a memory allocation to a record in the in-memory passing facility; and using the second software component to: take the request to free the memory allocation from the message passing facility; and free the memory allocation using a local deallocation mechanism. (Van Riel [0024]: “the hypervisor may receive an identification of a storage block 118 that has been released by virtual machine 110A. The hypervisor 120 may receive a request (e.g., a page free request) from virtual machine 110A to free a storage block (e.g., memory page) 118 that was in use by virtual machine 110A”; [0023]: “the identification of storage blocks may include one or more signals for indicating to hypervisor 120 that one or more storage blocks have been released. The signal may be a message, interrupt, notification, exception, trap, other signal, or a combination thereof. The signal may be transmitted from a virtual machine to the hypervisor and may occur before, during, or after a storage block is released. The signal may be a message transmitted from virtual machine 110A to hypervisor 120 that includes identification data (e.g., identifier) for a released storage block 118 or a range of released storage blocks”.)
It would have been obvious for one of ordinary skill in the art at the effective filing date of the claimed invention to incorporate the teaching of Van Riel into that of Volos in order to add to free a memory allocation to a record in the in-memory passing facility; and using the second software component to: take the request to free the memory allocation from the message passing facility; and free the memory allocation using a local deallocation mechanism. Volos [0058] teaches the block can be freed by the memory manager if the memory zone is owned by the process that invoked the request to free the block. Van Riel has shown that such request to free memory is commonly conducted via messaging, thus applicant have merely claimed the combination of known parts in the field to achieve predictable results and is therefore rejected under 35 UCS 103.

As per claim 4, the combination of Volos and Van Riel further teach:
The method of claim 1 comprising taking the request to free the memory allocation from a queue in the message passing facility, the queue being associated with an allocator which allocated the allocation to be freed. (Volos [0057] – [0058])


The method of claim 1 which is performed by a thread and wherein the allocation to be freed has been identified as an allocation previously made by the thread. (Volos [0056]) 

As per claim 7, the combination of Volos and Van Riel further teach:
The method of claim 1 wherein the allocation to be freed has been added to the message passing facility by a thread of the second software component. (Volos [0058] – [0059])

As per claim 8, the combination of Volos and Van Riel further teach:
The method of claim 7 wherein the allocation to be freed is added to the message passing facility as part of a batch of allocations to be freed. (Volos [0057] – [0059])

As per claim 9, the combination of Volos and Van Riel further teach:
The method of claim 7 wherein the allocation to be freed has been added to a queue selected from a plurality of queues at the message passing facility, the queue (Volos [0057] – [0059])

As per claim 10, the combination of Volos and Van Riel further teach:
The method of claim 9 wherein the queue has been selected by using an allocator index to identify the allocator which allocated the allocation to be freed. (Volos [0057] – [0059])

As per claim 11, the combination of Volos and Van Riel further teach:
The method of claim 1 wherein the in-memory message passing facility is lockless. (Volos [0057] – [0059])

As per claim 12, the combination of Volos and Van Riel further teach:
The method of claim 1 wherein the in-memory message passing facility comprises a multi-producer, single-consumer queue. (Van Riel figure 1.)

As per claim 13, the combination of Volos and Van Riel further teach:
(Volos [0057] – [0059])

As per claim 14, the combination of Volos and Van Riel further teach:
The method of claim 1 wherein the in-memory message passing facility comprises a single canonical allocator index which maps a different range of memory regions to each of the software components. (Volos [0057] – [0059])

As per claim 15, the combination of Volos and Van Riel further teach:
The method of claim 1 wherein the first software component is an enclave and the second software component is a program outside the enclave and wherein the method comprises maintaining two allocator indexes, one in the enclave and one outside the enclave, and synchronizing the allocator indexes. (Volos [0057] – [0059])

As per claim 16, the combination of Volos and Van Riel further teach:
(Volos [0053]: heap library; [0057] – [0059])
As per claim 18, it is the apparatus variant of claim 1 and is therefore rejected under the same rationale.

As per claim 19, the combination of Volos and Van Riel further teach:
The apparatus of claim 18 wherein the first software component is an enclave and the second software component is outside the enclave. (Volos [0057] – [0059])
As per claim 20, they claim substantially similar limitations of claim 1 and is therefore rejected under the same rationale.

Claims 2, 3 and 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Volos and Van Riel, and further in view of Wokhlu et al (US 20170371570, hereinafter Wokhlu).

As per claim 2, the combination of Volos and Van Riel further teach:
The method of claim 1 wherein a thread in the first software component takes the request to free the memory allocation from the message passing facility, and the thread frees the memory allocation using a local deallocation mechanism which is an allocator of the thread, the allocator owning a chunk of memory in the shared memory. (Volos [0057] – [0058])
Volos and Van Riel did not explicitly teach:
while validating that memory access to memory owned by data structures related to the memory allocation within the shared memory are within the shared memory;
However, Wokhlu teaches:
while validating that memory access to memory owned by data structures related to the memory allocation within the shared memory are within the shared memory; (Wokhlu [0044]: “A DOM may validate all shared memory access attempts”; [0055]: “The DOM 810 nevertheless provides the protection checking pass/fail signal to the data path of the memory controller 828 before physical memory is accessed during each memory access. This protection checking provided by the DOM 810 includes both checking access permissions of a requesting task in the DOT for a target memory block. The protection checking by the DOM 810 also includes checking whether the transaction context of a requesting task is present in a context table of the memory controller 828, and whether that transaction context is qualified to set or change permissions of the target memory block”.)
It would have been obvious for one of ordinary skill in the art at the effective filing date of the claimed invention to incorporate the teaching of Wokhlu into that of Volvos and Van Riel in order to validate memory access to memory owned by data structures related to memory allocation within the shared memory are within the shared memory. Volos [0058] teaches freeing specific blocks of memory within a zone within shared memory. Wokhlu has shown that validating memory access is necessary features for shared memory access, and thus applicant have merely claimed the combination of known parts in the field to achieve predictable results and is therefore rejected under 35 USC 103.

As per claim 3, the combination of Volos, Van Riel and Wokhlu further teach:
The method of claim 2 which is carried out without a cross-trust boundary call between the first and second software components. (Volos [0057] – [0059])

As per claim 6, the combination of Volos and Van Riel did not explicitly teach:
The method of claim 1 further comprising validating that memory access to memory owned by data structures related to memory allocation within the shared memory are within the shared memory, at least by making a range check that the memory accesses performed during the freeing of the at least one allocation are within the shared range
However, Wokhlu teaches:
The method of claim 1 further comprising validating that memory access to memory owned by data structures related to memory allocation within the shared memory are within the shared memory, at least by making a range check that the memory accesses performed during the freeing of the at least one allocation are within the shared range. (Wokhlu [0044]: “A DOM may validate all shared memory access attempts”; [0055]: “The DOM 810 nevertheless provides the protection checking pass/fail signal to the data path of the memory controller 828 before physical memory is accessed during each memory access. This protection checking provided by the DOM 810 includes both checking access permissions of a requesting task in the DOT for a target memory block. The protection checking by the DOM 810 also includes checking whether the transaction context of a requesting task is present in a context table of the memory controller 828, and whether that transaction context is qualified to set or change permissions of the target memory block”; [0021] – [0022]: verify address within range listed in page table.)
It would have been obvious for one of ordinary skill in the art at the effective filing date of the claimed invention to incorporate the teaching of Wokhlu into that of Volvos and Van Riel in order to validate memory access to memory owned by data structures related to memory allocation within the shared memory are within the shared memory. Volos [0058] teaches freeing specific blocks of memory within a zone within shared memory. Wokhlu has shown that validating memory access is necessary features for shared memory access, and thus applicant have merely claimed the combination of known parts in the field to achieve predictable results and is therefore rejected under 35 USC 103.

Claim 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Volos and Van Riel, in view of Lukacs et al (US 20150288659, hereinafter Lukacs).
As per claim 17, Volos and Van Riel did not teach:
The method of claim 1 wherein the first software component is a virtual machine and the second software component is a virtual machine which is less secure than the first software component.
However, Lukacs teaches:
The method of claim 1 wherein the first software component is a virtual machine and the second software component is a virtual machine which is less secure than the first software component. (Lukacs [0069])
It would have been obvious for one of ordinary skill in the art at the effective filing date of the claimed invention to incorporate the teaching of Lukacs into that of Volos and Van Riel in order to have the first software component is a virtual machine and the second software component is a virtual machine which is less secure than the first software component. Lukacs has shown that such feature would enhance the overall security of the system when there are VMs of different security present, thus the combination of reference would enhancer the overall appeals of all references.

Response to Arguments
Applicant’s arguments with respect to claim(s) 1 – 20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHARLES M SWIFT whose telephone number is (571)270-7756. The examiner can normally be reached Monday - Friday: 9:30 AM - 7PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Emerson Puente can be reached on 5712723652. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CHARLES M SWIFT/Primary Examiner, Art Unit 2196