DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Status
Claims 1-22 and 25 are rejected under 35 USC § 103.  Claims 23-24 are cancelled.

Claim Rejections - 35 USC § 112

The following is a quotation of the first paragraph of 35 U.S.C. 112(a): 
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. 

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112: 
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most 

Claims 1, 3, 5, 7-11,13,15 and 17-22 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention. 
Claim 1 has been amended to state " where at least a first one of the multiple different SMI functions or libraries within the same single SMI handler itself makes a direct call within the same given single SMM for at least a second one of the multiple different SMI functions or libraries within the same single SMI handler and within the same given single SMM …". The amendment lacks support in the original disclosure. Applicant did not point to any supporting section in the SPEC and examiner did not find any supported document either. Accordingly, the limitation is not supported by the original disclosure. 

Response to Arguments 
Applicant's arguments filed on 02/10/2022 have been fully considered but they are not persuasive. 
Applicant argues: Brannock 2 (provisional) does not sequentially execute the retrieved SMI functions or libraries within the same single SMI handler in an execution 
Examiner disagrees. Brannock2 (provisional) FIG. 12 and FIG. 13 both shows that SMI is entered in state 0 and SMI is exited by RSM in state 13. Hence Brannock2 does not go in and out of SMM and flow diagram in FIG. 13 shows that the codes are executed sequentially. Brannock2 (provisional) [0068]-[0070] teaches handling a single SMI in a system comprising multiple SMI handler domain. Brannock2 [0069] teaches “When the SMI occurs, the SPS-SX sets up the ring 0 protection environment, then switch to ring 3 OEM Handler Dispatcher.” ‘The SMI’ indicates that the FIG. 13 flow is triggered to execute a single SMI. Brannock2 [0070] teaches dispatcher dispatching multiple SMI handler. Since a handler is also a function it is possible that ‘the SMI’ may need to execute tasks that involves multiple function each having different access policies for the resources (Brannock2 [0061]) and Brannock2 calls them SMI handler domain and an SMI request may need one or more of these SMI functions/handlers that are executed in different SMI handler domains and when servicing ‘the requested SMI’ is complete, it executes RSM and exits SMM. A person skilled in the art can apply the teachings of Brannock2’s multiple SMI handler execution within single SMM session to the requested SMI’.
All functions that gets executed within the SMM mode between SMI entry and RSM are SMI related functions. Any person skilled in the art of coding divides a task while coding(writing program to execute) into many subtasks and those subtasks may also be divided into even smaller sub tasks and hence a good SMI function code may follow the same process and a main function (the SMI handler) may call other functions and they may call other functions and all are SMI functions. Also the natural flow of any code is its sequential execution which is evident from data dependency that results when output of one piece of code gets used for a next piece of the code and together it completes a task (and in the case of SMM that will be a system management task). Even though calling a function from a function is well known to any person skilled in the art of coding, examiner is adding couple of references to show the norm. Vu et al. (US 20150268978 A1) [0036] teaches that an application, being executed by the client may call a first function for execution and the application may include one or more function calls for execution by the processing unit. Kumar (US 20200042325 A1) [0014] teaches a request from a component may require one or more function calls to be made by components of the distributed system, for example to obtain or verify credentials and/or internal information.
	

Claim Rejections - 35 USC § 103

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-9, 11-19 and 21-25 are rejected under 35 U.S.C. 103 as being unpatentable over Brannock et al. (US 20170286318 A1)[Brannock1] in view of Brannock et al. (US 20190156015 A1)[ Brannock2] and further in view of Vu et al. (US 20150268978 A1).
Brannock2 claims the benefit of provisional application 62/722,103, which is incorporated by reference herein.
Regarding Claim 1, Brannock1 discloses, An information handling system, comprising: 
a system memory (0070] a system memory 806); and 	a programmable integrated circuit coupled to the system memory, the programmable integrated circuit being programmed to respond to receipt of only a single given system management interrupt (SMI) by entering and operating only in a same single given system management mode (SMM) that corresponds only to the single given SMI to retrieve multiple different SMI functions or libraries within a single SMI handler that are required by the same single given SMM from the system memory upon entry into the same single given SMM, [and to sequentially execute the retrieved SMI functions or libraries within the same single SMI handler in an execution flow during the same single given SMM in response to the receipt of only the single given SMI without  exiting the same single given SMM and before only then responding to receipt of any other SMI after exiting the same single given SMI] (Brannock1: [0065] For example, the logic flow 700 may illustrate operations performed by device 100 and CPU 120. In the illustrated embodiment shown in FIG. 7, the logic flow 700 may include allocating a portion of the memory as system management random access memory (SMRAM) including a system management interrupt (SMI) handler for a system management mode (SMM), the SMI handler to handle SMIs for the SMM at block 705. Retrieving at least one SMI is similar to the SMI handler used by Brannock1 to handle SMI);
where the programmable integrated circuit is programmed to control the execution flow of the retrieved SMI functions or libraries within the same single SMI handler during and without exiting the same single given SMM in response to the receipt of the single given SMI by controlling access by each different retrieved SMI function or library within the same single SMI handler to directly call data or code regions of the system memory required by the execution flow of the same single given SMM according to a respective data permission listing that is configured upon entry to the single given SMM to be specific to the execution flow of the retrieved SMI functions or libraries within the same single SMI handler that are 2required by the same single given SMM and that identifies one or more permitted system memory page ranges that include only a portion of all SMI functions or libraries held in the system memory for which each respective SMI function or library within the same single SMI handler is permitted access to itself directly call within the same given single SMM and without exiting the same single given SMM (Brannock1: [0096] In a first example, a system, device, apparatus may include memory and logic, at least a portion of which is implemented in processing circuitry coupled to the memory. In some embodiments, the logic may allocate a portion of the memory as system management random access memory (SMRAM) including a system management interrupt (SMI) handler for a system management mode (SMM), the SMI handler to handle SMIs for the SMM, generate a page table for the SMM, the page table comprising one or more mapped pages to map virtual addresses to physical addresses for the SMM, and set one or more page table attributes for the page table to prevent a malicious code attack on the SMM. Examiner indicates that 'programmable integrated circuit' is similar to 'processing circuitry'. Applicant uses 'data permission list' to identify one or more permitted system memory page ranges for which the executing SMI function/library is permitted access and the reference uses 'page table attributes' to permit/control access to pages needed by the SMI and hence prevent a malicious code attack on the SMM. Detailed definition of ‘page table attribute’ can be found in section [0066]). Applicant configures permission listing for the pages that involves executing the current SMI upon entry to SMM but Brannock1 creates page table and page table attributes while configuring memory and allocating SMRAM for SMI handlers. Both achieves the same end-result of protecting the system from malicious attack during SMM and both does it by controlling access permission to the pages containing SMI handling code.); and
where [at least a first one of the multiple different SMI functions or libraries within the same single SMI handler itself makes a direct call within the same given single SMM for at least a second one of the multiple different SMI functions or libraries within the same single SMI handler and within the same given single SMM while the first one of the multiple different SMI functions or libraries is executing within the same single SMI handler during the same single given SMM and without exiting the same single given SMM and while still responding to only the receipt of the same single given SMI,] a first data permission listing for the first one of the multiple different SMI functions or libraries of the execution flow within the same single SMI handler being different than a second data permission listing for the second one of the multiple different SMI functions or libraries of the execution flow within the same single SMI handler in response to receipt of only the single given SMI so that in the execution flow during and within the same single given SMM the first SMI function or library is first permitted to access one or more other SMI functions or libraries within the same single SMI handler in response to the receipt of the single given SMI that are different from one or more other SMI functions or libraries that the second SMI function or library is then permitted to access within the same single SMI handler [when the first SMI function or library  itself directly calls within the same given single SMM for the second SMI function or library within the same ] (Brannock1: [0024] "Further, the SMRAM 107 may include an SMI handler 115 installed by the firmware 101 to handle SMls to cause the device 100 to enter the SMM. The SMls offer extended functionality, such as legacy hardware device emulation and system management tasks." Brannock1: [0096] "… generate a page table for the SMM, the page table comprising one or more mapped pages to map virtual addresses to physical addresses for the SMM, and set one or more page table attributes for the page table to prevent a malicious code attack on the SMM". Examiner indicates that SMIs cover different functionality like legacy hardware emulation and system management tasks. Hence Brannock's system also has multiple different SMI functions. Also, Brannock's system uses one or more page table attributes for the page tables and different SMI function can have different page ranges and hence can have different page table attributes and have different access permissions.).
Brannock1 teaches system management modes and system management interrupts to get into SMM mode and execute SMI handlers which are special functions run in privileged mode. Brannock1 also teaches using page table attributes for the page tables used for the pages containing SMI handler code and data to prevent a malicious code attack on the SMM. However, Brannock1 does not explicitly discloses use of multiple SMI functions. Brannock2 teaches use of multiple SMI functions.
Brannock2 discloses: a programmable integrated circuit coupled to the system memory, the programmable integrated circuit being programmed to respond to receipt of only a single given system management interrupt (SMI) by entering and operating only in a same single given system management mode (SMM) that corresponds only to the single given SMI to retrieve multiple different SMI functions or libraries within a single SMI handler that are required by the same single given SMM from the system memory upon entry into the same single given SMM, and to sequentially execute the retrieved SMI functions or libraries within the same single SMI handler in an execution flow during the same single given SMM in response to the receipt of only the single given SMI without  exiting the same single given SMM and before only then responding to receipt of any other SMI after exiting the same single given SMI (Brannock2: [0077] “FIGS. 11 and 12 illustrate flows for performing a function by an SPS service handler 606 in a system comprising multiple SMI handler domains 600A-600C in accordance with certain embodiments. The SPS-SX is responsible for ring 3 environment switch. When the SMI occurs, the SPS-SX sets up the ring 0 protection environment, then switch to ring 3 Handler Dispatcher. This dispatcher inspects the SMI source and decides which SMI handler should be run to handle this SMI (the embodiment depicted assumes HandlerX). Then the system uses SPS-SX service call to dispatch HandlerX. After SPS-SX gets the service call, it switches the ring 3 context and loads the resource policy and use SYS_EXIT to enter SMI HandlerX”. Brannock2: [0078] “Once SMI HandlerX finishes the work, it uses SERVICE_RET back to SPS-SX. Control is then given back to Handlers Dispatcher to dispatch the next SMI handler. After all, SMI handlers are dispatched, the dispatcher returns control back to SPS-SX and SPS-SX does RSM”. Fig. 11 and 12 shows a single SMI entering in step 0 and RSM getting executed in step 13. Between step 0 and step 13 a single SMI is serviced. Flow proceeds from steps 0->1->2->3->4->5->6->7 where an SMI function is serviced and the function returns to steps ->8->9->10. At step 10 the dispatcher may return/jump back to step 1 and repeat steps 2-7 where in 7 it runs another function and returns to step 8->9->10->1->2. The dispatcher handler in step 2 may repeat the steps ->3…->7 and execute/run another function and return to step 2 again and finally from step 2 it may jump to step 12 to step 13 where RSM is executed and the system returns to regular mode after completing service to a single system management interrupt (SMI). Thus the single SMI executes multiple different SMI functions. 
[where the programmable integrated circuit is programmed to control the execution flow of the retrieved SMI functions or libraries within the same single SMI handler during and without exiting the same single given SMM in response to the receipt of the single given SMI by controlling access by each different retrieved SMI function or library within the same single SMI handler to directly call data or code regions of the system memory required by the execution flow of the same single given SMM according to a respective data permission listing that is configured upon entry to the single given SMM to be specific to the execution flow of the retrieved SMI functions or libraries within the same single SMI handler that are 2required by the same single given SMM and that identifies one or more permitted system memory page ranges that include only a portion of all SMI functions or libraries held in the system memory for which each respective SMI function or library within the same single SMI handler is permitted access to itself directly call within the same given single SMM and without exiting the same single given SMM] 
where at least a first one of the multiple different SMI functions or libraries within the same single SMI handler  itself makes a direct call within the same given single SMM for at least a second one of the multiple different SMI functions or libraries within the same single SMI handler and within the same given single SMM while the first one of the multiple different SMI functions or libraries is executing within the same single SMI handler during the same single given SMM and without exiting the same single given SMM and while still responding to only the receipt of the same single given SMI, a first data permission listing for the first one of the multiple different SMI functions or libraries of the execution flow within the same single SMI handler being different than a second data permission listing for the second one of the multiple different SMI functions or libraries of the execution flow within the same single SMI handler in response to receipt of only the single given SMI so that in the execution flow during and within the same single given SMM the first SMI function or library is first permitted to access one or more other SMI functions or libraries within the same single SMI handler in response to the receipt of the single given SMI that are different from one or more other SMI functions or libraries that the second SMI function or library is then permitted to access within the same single SMI handler when the first SMI function or library  itself directly calls within the same given single SMM for the second SMI function or library within the same single SMI handler while still responding to the receipt of only the same single given SMI in the execution flow within the same single SMI handler during the same single given SMM and without exiting the same single given SMM (Brannock2: [0078] “Once SMI HandlerX finishes the work, it uses SERVICE_RET back to SPS-SX. Control is then given back to Handlers Dispatcher to dispatch the next SMI handler. After all, SMI handlers are dispatched, the dispatcher returns control back to SPS-SX and SPS-SX does RSM”. So after an SMI function is serviced control is given back to dispatcher which may execute another SMI function and eventually dispatcher jumps to step 12 indicating dispatch done and in the next step RSM is executed. Brannock2: [0066] In various embodiments, the SPS service handler 606 may perform any suitable functions for the SPS (RAS service is merely one example). The policy enforcement owner may allow any suitable predefined services to be performed by the SPS service handler 606. Brannock2: [0067] The SPS-SX may segregate the tasks and the privilege in SMM. SPS-SX may also provide SMI handler domain isolation. So to serve an SMI request the SPS service handler may perform (multiple) functions and SPS-SX may segregate tasks which indicates executing multiple tasks/functions. As detailed in Fig. 12, a single SMI starts at step 0 (SMI entry) and completes at step 13 (by executing RSM) and in between a number of SMI functions/tasks gets executed in step 7 and after executing each function the control is returned back to dispatcher to dispatch and execute the next function/task. ).
Brannock2 discloses in provisional ref: a programmable integrated circuit coupled to the system memory, the programmable integrated circuit being programmed to respond to receipt of only a single given system management interrupt (SMI) by entering and operating only in a same single given system management mode (SMM) that corresponds only to the single given SMI to retrieve multiple different SMI functions or libraries within a single SMI handler that are required by the same single given SMM from the system memory upon entry into the same single given SMM, and to sequentially execute the retrieved SMI functions or libraries within the same single SMI handler in an execution flow during the same single given SMM in response to the receipt of only the single given SMI without  exiting the same single given SMM and before only then responding to receipt of any other SMI after exiting the same single given SMI (Brannock2 provisional ref: [0068]-[0069]: [0068] “Figure 12 illustrates a flow for performing a function by an SPS service handler in a system comprising multiple SMI handler domains in accordance with certain embodiments. Figure 13 illustrates a flow for providing SPS service in a system comprising multiple SMI handler domains in accordance with certain embodiments. Figure 13 illustrates operations performed by an SMI handlerX, an SPS, and an SPS service handler”. Brannock2 provisional ref: [0069] “The SPS-SX is responsible for ring 3 environment switch. When the SMI occurs, the SPS-SX sets up the ring O protection environment, then switch to ring 3 OEM Handler Dispatcher. This dispatcher inspects the SMI source and decides which SMI handler should be run to handle this SMI (the embodiment depicted assumes HandlerX). Then the system uses SPS-SX service call to dispatch HandlerX. After SPS-SX gets the service call, it switches the ring 3 context and loads the resource policy and use SYS_EXIT to enter SMI HandlerX”. Brannock2 provisional ref: [0070] “Once SMI HandlerX finishes the work, it uses SERVICE_RET back to SPS-SX. Control is then given back to OEM Handlers Dispatcher to dispatch the next SMI handler. After all SMI handlers are dispatched, the dispatcher returns control back to SPS- SX and SPS-SX Fig. 12 and 13 shows a single SMI entering in step 0 and RSM getting executed in step 13. Between step 0 and step 13 a single SMI is serviced. Flow proceeds from steps 0->1->2->3->4->5->6->7 where an SMI function is serviced and the function returns to steps ->8->9->10. At step 10 the dispatcher may return/jump back to step 1 and repeat steps 2-7 where in 7 it runs another function and returns to stpe 8->9->10->1->2. The dispatcher handler in step 2 may repeat the steps ->3…->7 and execute/run another function and return to step 2 again and finally from step 2 it may jump to step 12 to step 13 where RSM is executed and the system returns to regular mode after completing service to a single system management interrupt (SMI). Thus the single SMI executes multiple different SMI functions.);
where at least a first one of the multiple different SMI functions or libraries within the same single SMI handler  itself makes a direct call within the same given single SMM for at least a second one of the multiple different SMI functions or libraries within the same single SMI handler and within the same given single SMM while the first one of the multiple different SMI functions or libraries is executing within the same single SMI handler during the same single given SMM and without exiting the same single given SMM and while still responding to only the receipt of the same single given SMI, a first data permission listing for the first one of the multiple different SMI functions or libraries of the execution flow within the same single SMI handler being different than a second data permission listing for the second one of the multiple different SMI functions or libraries of the execution flow within the same single SMI handler in response to receipt of only the single given SMI so that in the execution flow during and within the same single given SMM the first SMI function or library is first permitted to access one or more other SMI functions or libraries within the same single SMI handler in response to the receipt of the single given SMI that are different from one or more other SMI functions or libraries that the second SMI function or library is then permitted to access within the same single SMI handler when the first SMI function or library  itself directly calls within the same given single SMM for the second SMI function or library within the same single SMI handler while still responding to the receipt of only the same single given SMI in the execution flow within the same single SMI handler during the same single given SMM and without exiting the same single given SMM (Brannock2 provisional ref: [0070] “Once SMI HandlerX finishes the work, it uses SERVICE_RET back to SPS-SX. Control is then given back to OEM Handlers Dispatcher to dispatch the next SMI handler. After all SMI handlers are dispatched, the dispatcher returns control back to SPS- SX and SPS-SX does RSM”. So after an SMI function is serviced control is given back to dispatcher which may execute another SMI function and eventually dispatcher jumps to step 12 indicating dispatch done and in the next step RSM is executed. Brannock2 provisional ref: [0056] “In various embodiments, the SPS service handler may perform any suitable functions for the SPS (RAS service is merely one example). The policy enforcement owner may allow any suitable predefined services to be performed by the SPS service handler”. Brannock2 provisional ref: [0057] “The SPS-SX may segregate the tasks and the privilege in SMM. SPS-SX may also provide SMI handler domain isolation. It may provide avoidance of situations in which one problem in an SMI handler breaks the So to serve an SMI request the SPS service handler may perform (multiple) functions and SPS-SX may segregate tasks which indicates executing multiple tasks/functions. As detailed in Fig. 12, a single SMI starts at step 0 (SMI entry) and completes at step 13 (by executing RSM) and in between a number of SMI functions/tasks gets executed in step 7 and after executing each function the control is returned back to dispatcher to dispatch and execute the next function/task.
Brannock2 (provisional) FIG. 12 and FIG. 13 both shows that SMI is entered in state 0 and SMI is exited by RSM in state 13. Hence Brannock2 does not go in and out of SMM and flow diagram in FIG. 13 shows that the codes are executed sequentially. Brannock2 (provisional) [0068]-[0070] teaches handling a single SMI in a system comprising multiple SMI handler domain. Brannock2 [0069] teaches “When the SMI occurs, the SPS-SX sets up the ring 0 protection environment, then switch to ring 3 OEM Handler Dispatcher.” ‘The SMI’ indicates that the FIG. 13 flow is triggered to execute a single SMI. Brannock2 [0070] teaches dispatcher dispatching multiple SMI handler. Since a handler is also a function it is possible that ‘the SMI’ may need to execute tasks that involves multiple function each having different access policies for the resources (Brannock2 [0061]) and Brannock2 calls them SMI handler domain and an SMI request may need one or more of these SMI functions/handlers that are executed in different SMI handler domains and when servicing ‘the requested SMI’ is complete, it executes RSM and exits SMM. A person skilled in the art can apply the teachings of Brannock2’s multiple SMI handler execution within single SMM session to execute multiple SMI functions each having different access policies like the different SMI handler and doing part of the tasks of ‘the requested SMI’.
 It would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of the cited references because Brannock2’s system would have allowed Brannock1 to facilitate translating guest addresses to host addresses and storing the translated host addresses. The motivation would be to enable executing many system management tasks where each task involves executing different codes where each code is protected from malicious attacks. 
It would have also been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of the cited references because Brannock2’s system would have allowed Brannock1 to apply the teachings of Brannock2’s multiple SMI handler execution within single SMM session to execute multiple SMI functions each having different access policies like the different SMI handler and doing part of the tasks of ‘the requested SMI’. The motivation would be to have a more secure and reliable system that breaks a SMI handling tasks into many system management tasks where each task involves executing different codes and where each code is protected from accessing codes to other codes access region and thus prevents malicious attacks.
Even though Brannock2 [provisional] teaches multiple functions/handlers in an SMM session with one SMI entry and RSM, examiner also points out that all functions that gets executed within the SMM mode between SMI entry and RSM are SMI related functions. Any person skilled in the art of coding divides a task while coding (writing program to execute) into many subtasks and those subtasks may also be divided into even smaller sub tasks and hence a good SMI function code may follow the same 
It would have also been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of the cited references because Vu’s system would have allowed Brannock1/Brannock2 to apply the teachings of Vu to divide the requested SMI handling code into number of functions and call them from the main function. The motivation would be to have a more secure and reliable system that breaks a SMI handling tasks into many system management tasks where each task involves executing different codes and offers the flexibility of applying access control to each code and its data region.
Regarding Claim 2, Brannock1/Brannock2/Vu discloses, where the permitted system memory page ranges exclude host kernel and user data regions of the system memory (Brannock1: [0016] In embodiments, the memory 105 may further include a portion having regions that may be allocated with a system management random access memory (SMRAM) 107 which may be further installed with an SMI handler 115. The memory 105 may also include other regions or a second portion to store information and instructions for an operating system(s) (OS) and virtual machine manager(s) (VMM) in OS/VMM 111. Brannock1: [0045] In another example, all mapped data pages may have page table attributes 129 that designate the pages as execution disable (eXecutionDisable) such that any attempt to execute a data page will cause a page fault.  Examiner notes that Brannock1 indicates memory 105 [system memory] may be separated into an SMRAM portion for SMM/SMI use, other regions [user data regions], and an OS portion which would include a kernel [host kernel]. Page ranges may be execution disabled [excluded] and as such the other regions and OS portion may be disabled [excluded]).
Regarding Claim 3, Brannock1/Brannock2/Vu discloses, The information handling system of claim 1, where the data permission listing comprises a memory page table that identifies different permitted system memory page ranges for each given one of the multiple different respective SMI functions or libraries to protect each given one of the multiple different respective SMI functions or libraries within the same single SMI handler from  one or more other of the multiple different respective SMI functions within the same single SMI handler that is directly calling the given one of the multiple different respective SMI functions or libraries from within the same given single SMM (Brannock1: [0014] “to configure the SMM and SMI handler, embodiments may include allocating a portion of the memory as SMRAM which 
Regarding Claim 4, Brannock1/Brannock2/Vu discloses, The information handling system of claim 1, where the system memory comprises volatile memory (Brannock1: [0073] In the illustrated embodiment shown in FIG. 8, the system memory 806 can include volatile memory 812). 
where the information handling system further comprises non-volatile memory coupled to the programmable integrated circuit and the system memory (Brannock1: [0073] In the illustrated embodiment shown in FIG. 8, the system memory 806 can include non-volatile memory 812).
where the data permission listing is stored as part of system basic input/output system (BIOS) on system nonvolatile memory (Brannock1: [0031] the firmware 101, which may be part of the BIOS instructions, may configure the page table 125 and pages 127 such that data requiring read and write permissions does not reside on a same page as data requiring read-only permissions. Brannock1: [0073] A basic input/output system (BIOS) can be stored in the non-volatile memory 810. Examiner indicates that the reference explains that firmware 101, part of BIOS instructions configure page table and pages with read/write permissions and are stored in non-volatile memory).
Regarding Claim 5, Brannock1/Brannock2/Vu discloses, The information handling system of claim 4, where the stored system BIOS includes:	 the multiple different SMI functions or libraries ((Brannock1: [0031] the firmware 101, which may be part of the BIOS instructions. Brannock1: [0034] The firmware 101 may be utilized to allocate the memory 105 for the SMRAM 107, initialize and install the SMI handler 115, and set the page table attributes 129. Examiner indicates that firmware 101 is part of the BIOS instructions and is used to initialize and install the SMI handler. Hence BIOS includes SMI functions);
a data listing identifying specific system volatile memory page ranges for which each of the different respective SMI functions or libraries within the same single SMI handler are to be permitted access to itself directly call within the same given single SMM and during the same single given SMM in response to the receipt of only the single given SMI, the data listing specifying at least the first one of the multiple different SMI functions or libraries as being permitted access within the same single SMI handler to itself directly call within the same given single SMM a first memory page range that includes a third one of the multiple different 4SMI functions or libraries, the data listing specifying at least the second one of the multiple different SMI functions or libraries as not being permitted access within the same single SMI handler to itself directly call within the same given single SMM the first memory page range that includes the third one of the multiple different SMI functions or libraries (Brannock1: [0041] At block 208 an SMI handler 115 may be installed or inserted in the SMRAM 107 region of the memory 105. Brannock1: [0043] the page table attributes 129 may be SMM page table Examiner indicates - 'data listing' is same as 'page table attributes 129'. The attributes sets read/write/execute permissions for SMM pages that includes pages for SMI functions. Hence based on permission attributes some SMI functions may have access to some pages and no access to other pages. Considering Brannock2's system of multiple SMI handler, Brannock1's different page ranges covering different SMI handlers can have different permission settings so that first SMI handler will not have access to page tables allocated for the third SMI handler and the third SMI handler will not have access permission for the pages allocated to the first one).
Regarding Claim 6, Brannock1/Brannock2/Vu discloses, where the data permission listing is predefined and stored as part of the system BIOS during manufacture or assembly of the information handling system (Brannock1: [0033] The firmware 101 may at least partially be implemented as part of the system BIOS that is used to initiate the device 100 and various hardware components of the device 100, such as the CPU 120 and the memory 105. Brannock1: [0034] The firmware 101 may be utilized to allocate the memory 105 for the SMRAM 107, initialize and install the SMI handler 115, in the SMRAM 107, generating a page table 125 and pages 127 for the SMRAM 107 and generating page table attributes 129 for the page table 125. Examiner indicates that ‘data permission listing’ is same as ‘page table attributes 129’. Ref Brannock1: [0034] says that firmware 101 generates page table attribute 129 and ref Brannock1: [0033] says that firmware 101 is part of BIOS. Hence ‘page table attribute’ i.e., ‘data permission listing’ is defined and stored as part of the system BIOS).

Regarding Claim 7, Brannock1/Brannock2/Vu discloses, The information handling system of claim 1, where the programmable integrated circuit comprises a central processing unit (CPU) that includes embedded microcode hardware (Brannock1: [0056] For example, instructions and operations of the SMM may have limited or no access to the I/O memory 113 (memory mapped I/O) associated with address_range_0 451-0. Further, the OS/VMM 111 region may not be accessibly by the CPU 120 in SMM. Alternatively, the reserved region 117 associated with address_range_2 451-3 may be fully accessible to the SMM and used by the SMM to store information, data, variables, and so forth while the CPU 120 is processing in SMM. The SMRAM 107 associated with address_range_3 451-3 may be limitedly accessible to the SMM. The accessibility of each address_range illustrated in FIG. 4 may be determined and based on whether one or more page table attributes 129 exist and on the particular page table attributes 129 settings themselves. Examiner indicates that microcode is basically firmware that runs on the processor. Also ‘embedded microcode hardware’ is same as ‘permissions table 123’ as explained by applicant in section Brannock1: [0017] Embedded hardware microcode 107 may be mapped during BIOS pre-boot to a function/library permissions table 123. The ‘permissions table 123’ is similar to the term ‘page table attributes 129’ used by Brannock1 in the reference. The above reference shows that CPU 120 is using ‘page table attributes 129’. Hence CPU includes ‘table attributes 129’ i.e. CPU includes ‘embedded microcode hardware’), 
and where the programmable integrated circuit is programmed to use the embedded microcode hardware while responding to receipt of only the single given SMI to control access by the executing multiple different SMI functions or libraries within the same single SMI handler to different data or code regions of the system memory by blocking access within the same single SMI handler by each of the multiple different SMI functions or libraries to itself directly call within the same given single SMM data or code regions of the system memory that are not identified as being permitted for the given function or library (Brannock1: [0056] “For example, instructions and operations of the SMM may have limited or no access to the I/O memory 113 (memory mapped I/O) associated with address_range_0 451-0. Further, the OS/VMM 111 region may not be accessibly by the CPU 120 in SMM. Alternatively, the reserved region 117 associated with address_range_2 451-3 may be fully accessible to the SMM and used by the SMM to store information, data, variables, and so forth while the CPU 120 is processing in SMM. The SMRAM 107 associated with address_range_3 451-3 may be limitedly accessible to the SMM. The accessibility of each address_range illustrated in FIG. 4 may be determined and based on whether one or more page table attributes 129 exist and on the particular page table attributes 129 settings themselves”. Examiner indicates that the above reference shows that CPU 120 is using 'table attributes 129' to determine full, limited access or no-access to different memory regions while in SMM mode executing SMI functions. This access control using table attribute is not limited for a single SMI handler and hence can be easily applied/extended for any number of different SMI handlers).
 
Regarding Claim 8, Brannock1/Brannock2/Vu discloses, The information handling system of claim 7, where the programmable integrated circuit is programmed to execute a system basic input/output system (BIOS) to map the data permission listing into the embedded microcode hardware during system pre-boot (Brannock1: [0024] “..the firmware 101 may be part of the basic input/output system (BIOS). Brannock1: [0034] The firmware 101 may be utilized to allocate the memory 105 for the SMRAM 107, initialize and install the SMI handler 115, and set the page table attributes 129”. Examiner indicates that setting the ‘page table attributes’ is same is mapping the ‘data permission listing’ to some hardware. In both cases the access control list is being created for future use.); and
where the embedded microcode hardware is programmed to respond to entry into the same single given SMM to control access by the executing SMI function or library within the same single SMI handler to itself directly call within the same given single SMM data or code regions of the system memory for the duration of the same single given SMM (Brannock1: [0043] “..the page table attributes 129 may be utilized to lock down various information and data in the pages 127 to make a malicious code attack more difficult or unachievable while operating in SMM”. (Brannock1: [0044] “The page table attributes 129 may ensure the pages 127 are protected and prevent malicious attacks”. Examiner indicates that to ensure page’s protection and save from malicious attack require the ‘page table attributes’ to respond with access control information when those pages are accessed).
Regarding Claim 9, Brannock1/Brannock2/Vu discloses, The information handling system of claim 7, where the programmable integrated circuit is programmed to operate in a non-SMM during normal operating system runtime, and to respond to receipt of only the single given SMI by:	 entering and operating in only the same single given SMM, and loading and executing the first SMI function or library within the same single SMI handler as corresponding to the same single given SMM without exiting the same single given SMM4 (Brannock1: [0002] “The processor may operate in a normal mode and a protected mode such as the system management mode (SMM). The processor may enter the SMM via a hardware interrupt referred to as a System Management Interrupt (SMI)”. Examiner indicate that System Management Mode is an operating mode of CPUs in which all normal execution, including the operating system, is suspended. An alternate software system which usually resides in the computer's firmware, or a hardware-assisted debugger, is then executed with high privileges. So, it is normal functionality of a CPU that it works in normal mode and enters into SMM in response to some interrupt and of course there always has to be a first time entrance to SMM from normal mode); and
then using the embedded microcode hardware to control access by the executing given SMI function or library within the same single SMI handler to itself directly call a first data or code region of the system memory within the same single SMI handler according to the data permission listing during the same single given SMM and without exiting the same single given SMM (Brannock1: [0058] “In the illustrated embodiment shown in FIG. 5, the processing flow 500 may include receiving a memory access request 505 from an instruction while the device 100 and CPU 120 are operating in SMM. Further, the processing flow 500 may also include applying one or more page table attributes 129 to the lookup request”. Examiner indicates that ‘applying page table attributes’ is simillar to ‘using embedded microcode hardware’ to control access).
Regarding claim 22, Brannock1/Brannock2/Vu discloses, The information handling system of claim 7, where the programmable integrated circuit is programmed to operate in a non-SMM during normal operating system runtime, and then to respond to receipt of only the same single given SMI by: 
entering only the same single given SMM, and loading and executing both the first SMI function or library and the second SMI function or library within the same single SMI handler and during the single given SMM (Brannock1: [0002] "The processor may operate in a normal mode and a protected mode such as the system management mode (SMM). The processor may enter the SMM via a hardware interrupt referred to as a System Management Interrupt (SMI)". (Brannock1: [0024] "Further, the SMRAM 107 may include an SMI handler 115 installed by the firmware 101 to handle SMls to cause the device 100 to enter the SMM. The SMIs offer extended functionality, such as legacy hardware device emulation and system management tasks". Examiner indicate that System Management Mode is an operating mode of CPUs in which all normal execution, including the operating system, is suspended. An alternate software system which usually resides in the computer's firmware, or a hardware-assisted debugger, is then executed with high privileges. So, it is normal functionality of a CPU that it works in normal mode and enters into SMM in response to some interrupt and of course there always has to be a first time entrance to SMM from normal mode. Brannock1/Brannock2/Vu discloses multiple SMI functionality and multiple SMIs and did not limit executing one SMI at each SMM mode. So, both SMI can be executed in an SMM mode if needed. ) ; and
then using the embedded microcode hardware to control access by executing the first SMI function or library during the same single given SMM to access one or more other SMI functions or libraries  within the same single SMI handler that are identified by the first data permission listing and then executing the first SMI function or library to itself directly call the second SMI function or library during the same single given SMM and without exiting the same single given 12SMM to access one or more other SMI functions or libraries within the same single SMI handler that are identified by the second data permission listing prior to exiting the single given SMM and before responding to receipt of any other SMI, the one or more other SMI functions or libraries within the same single SMI handler identified by the first data permission listing being different than the one or more other SMI functions or libraries within the same single SMI handler identified by the second data permission listing to control flow integrity during and without exiting the same single given SMM to protect at least one or more of the SMI functions or libraries within the same single SMI handler identified by the first data permission listing from being called by the second SMI function or library within the same single SMI handler during the single given SMM and without exiting the single given SMM (Brannock1: [0058] "In the illustrated embodiment shown in FIG. 5, the processing flow 500 may include receiving a memory access request 505 from an instruction while the device 100 and CPU 120 are operating in SMM. Further, the processing flow 500 may also include applying one or more page table Examiner indicates that 'applying page table attributes' is similar to 'using embedded microcode hardware' to control access. In Brannock1/Brannock2/Vus system there is no restriction for different page tables having different page table attributes which are similar to different data permission listings. In the combined Brannock1/Brannock2/Vu system different SMI handler may reside in different memory location having different page tables and hence having different page table attributes and hence having different access permissions); and
then exiting the single given  SMM and returning to the normal operating system runtime (Brannock1: [0052] "The logic flow 300 may include operating in the SMM at block 31 0 and determine whether to exit the SMM at decision block 312. The CPU 120 may exit the SMM when a resume from system management mode (RSM) instruction is received by the CPU 120". Examiner indicate that it is a standard essential requirement that SMI and any other interrupt handler returns to the main/normal operating mode once the interrupt handler code execution completes).

Regarding claims 11-19 and 21, these claims are the method claims corresponding to the apparatus claims 1-9 and 22 and are rejected for the same reasons mutatis mutandis.

Regarding claim 25, Brannock1/Brannock2/Vu discloses, The method of claim 16, further comprising identifying individual SMI functions or libraries that require access to specific regions of the system memory both inside and outside a SMM region of the system memory; then building the data permissions during a system basic input/output system (BIOS) compile time to provide the required access to the specific regions of the system memory for each of the identified individual SMI functions or libraries; then storing the system BIOS in the system non-volatile memory, the system BIOS including the data permission listing and one or more separate SMI handlers that are different from the data permission listing (Brannock1: [0096] "… generate a page table for the SMM, the page table comprising one or more mapped pages to map virtual addresses to physical addresses for the SMM, and set one or more page table attributes for the page table to prevent a malicious code attack on the SMM". Applicant uses 'data permission list' to identify one or more permitted system memory page ranges for which the executing SMI function/library is permitted access and Brannock1 uses 'page table attributes' to permit/control access to pages needed by the SMI and hence prevent a malicious code attack on the SMM. Detailed definition of ‘page table attribute’ can be found in section [0014],[0066]). Applicant configures permission listing for the pages that involves executing the current SMI upon entry to SMM but Brannock1 creates page table and page table attributes while configuring memory and allocating SMRAM for SMI handlers. Brannock1: [0031] the firmware 101, which may be part of the BIOS instructions, may configure the page table 125 and pages 127 such that data requiring read and write permissions does not reside on a same page as data requiring read-only permissions. Brannock1: [0073] A basic input/output system (BIOS) can be stored in the non-volatile memory 810. Firmware 101, part of BIOS instructions configure page table and pages with read/write permissions and are stored in non-volatile memory. Brannock1: [0033] The firmware 101 may at least partially be implemented as part of the system BIOS that is used to initiate the device 100 and various hardware components of the device 100, such as the CPU 120 and the memory 105. Brannock1: [0034] The firmware 101 may be utilized to allocate the memory 105 for the SMRAM 107, initialize and install the SMI handler 115, in the SMRAM 107, generating a page table 125 and pages 127 for the SMRAM 107 and generating page table attributes 129 for the page table 125. Examiner indicates that ‘data permission listing’ is same as ‘page table attributes 129’. Ref Brannock1: [0034] says that firmware 101 generates page table attribute 129 and ref Brannock1: [0033] says that firmware 101 is part of BIOS. Hence ‘page table attribute’ i.e., ‘data permission listing’ is defined and stored as part of the system BIOS);

Claims 10 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Brannock1/Brannock2/Vu in view of Savagaonkar et. al. (US 20070067590 A) 
Regarding Claim 10, Brannock1/Brannock2/Vu discloses:
[The information handling system of claim 9, where the programmable integrated circuit is programmed to further respond to receipt of only the same single given SMI prior to exiting the same single given SMM and before responding to receipt of any other SMI by: loading and executing the second SMI function or library simultaneously with the first SMI function or library within the same single SMI handler as also corresponding to the same single given SMM and different from the first SMI function or library];	 executing the first SMI function or library within the same single SMI handler to directly call the second SMI function or library within the same single SMI handler and without exiting the same single given SMM (Brannock2: [0078] “Once SMI HandlerX finishes the work, it uses SERVICE_RET back to SPS-SX. Control is then given back to Handlers Dispatcher to dispatch the next SMI handler. After all, SMI handlers are dispatched, the dispatcher returns control back to SPS-SX and SPS-SX does RSM”. So after an SMI function is serviced control is given back to dispatcher which may execute another SMI function and eventually dispatcher jumps to step 12 indicating dispatch done and in the next step RSM is executed); and
[then using the embedded microcode hardware to control access by the executing second SMI function or library within the same single SMI handler to directly call a second data or code region of the system memory according to the data permission listing during the same single given SMM, the second data or code region being different than the first data or code region]

Brannock1/Brannock2/Vu teaches all the limitations of claims 1.
Brannock1/Brannock2/Vu discloses multiple SMIs and SMI handlers and talks all the important aspects of executing multiple SMMs by one or multiple processors and also discloses different SMMs having different memory locations (Brannock2: section [0024]) but Brannock1/Brannock2 does not get into details of executing first SMM and second SMM, first SMI and second SMI etc.
Savagaonkar discloses, The information handling system of claim 9, where the programmable integrated circuit is programmed to further respond to receipt of only the same single given SMI prior to exiting the same single given SMM and before responding to receipt of any other SMI by: 
loading and executing the second SMI function or library simultaneously with the first SMI function or library within the same single SMI handler as also corresponding to the same single given SMM and different from the first SMI function or library (Savagaonkar: [0026] “… A call or generated interrupt to a special SMM registration handler 225 may be used to register the program. The handler and the registry are stored in the system management memory (SMRAM) 250. … When the program later must modify the previously protected page table entries, it invokes second SMM mode agent or SMI handler 230 that is also part of SMRAM. This handler operates to service such interrupts, first to validate that the interrupting process such as the one at 235, is properly registered in the registry 220, to check the integrity of memory management registers, and then to relax access restrictions in memory controller 265 to provide access to the page tables in memory”. Examiner indicates that the reference is using two SMI handler/function 225 and 230 for previous and second SMM. The first SMI was used to register the program and the second one was used to modify the previously protected page table entries).
[executing the first SMI function or library within the same single SMI handler to directly call the second SMI function or library within the same single SMI handler and without exiting the same single given SMM]; and
then using the embedded microcode hardware to control access by the executing second SMI function or library within the same single SMI handler to directly call a second data or code region of the system memory according to the data permission listing during the same single given SMM, the second data or code region being different than the first data or code region (Savagaonkar: [0026] Examiner indicates that the two SMI handlers 225 and 230 are different as the name and function suggests. The two code is doing two different things and hence the two code must exist in two different locations both being part of the SMRAM).
It would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of the cited references because Savagaonkar’s system would have allowed Brannock1/Brannock2/Vu to facilitate - where the programmable integrated circuit is programmed to respond to receipt of a second system management interrupt (SMI) by: entering a second SMM different from the first SMM mode, and loading and executing a second SMI function or library corresponding to the second SMM and different from the first SMI function or library; and then using the embedded microcode hardware to control access by the executing SMI function/library to a second data or code region of the system memory according to the data permission listing during the second SMM, the second data or code region being different than the first data or code region. The motivation to combine is apparent in Brannock1/Brannock2/Vu’s reference, because a processor operating in SMM provides a special-purpose, alternate operating environment that can be used to monitor and manage various system-wide functions. To carry out multiple system-wide functions it would require multiple SMI functions and multiple entrance to the SMM. 

Regarding claim 20, this claim is the method claim corresponding to the apparatus claim 10 and is rejected for the same reasons mutatis mutandis.


Conclusion
Applicant’s amendment necessitated the new grounds of rejection presented in this office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD S HASAN whose telephone number is (571)270-1737. The examiner can normally be reached on Mon-Fri 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Tim Vo can be reached on 571-272-3642. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/M.S.H/Examiner, Art Unit 4192 
/SHAWN X GU/
Primary Examiner, AU2138