DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2.	Claims 1-24 are pending.

Information Disclosure Statement
3. 	The information disclosure statement (IDS) submitted on 06/19/2019 and 09/03/2020 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the Examiner.  

Claim Rejections - 35 USC § 102
4.	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


5.	Claims 1, 2, 9, 10, 17 and 18 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Apfelbaum et al. (US Pub. No. 2017/0249106 A1 hereinafter “Apfelbaum”).
Referring to claim 1, Apfelbaum discloses an apparatus comprising: 
a first input-output memory management circuit to couple a first device to memory (Apfelbaum – Fig. 4, step 406 disclosing associating a first device with a first input-output memory management unit having a first security designation.); 
(Apfelbaum – Fig. 4, step 407 disclosing associating a second device with a second input-output memory management unit having a second security designation.); and 
a processor to execute secure arbitration mode firmware (Apfelbaum – Fig. 1, par. [0016] disclosing a computer system executing a hypervisor 180.) to cause a first unique identification value to be assigned for the first input-output memory management circuit (Apfelbaum – Fig. 4, step 415 & par. [0035] disclosing the hypervisor 180 may then provide the table 160A to a guest virtual machine (e.g., first guest virtual machine 170A) having a plurality of guest addresses including a first guest address and a second guest address. Step 420 disclosing the first device 150A may access the first guest address through the first IOMMU.), a second unique identification value to be assigned for the second input-output memory management circuit (Apfelbaum – Fig. 4, step 415 & par. [0035] disclosing the hypervisor 180 may then provide the table 160A to a guest virtual machine (e.g., first guest virtual machine 170A) having a plurality of guest addresses including a first guest address and a second guest address. Step 425 disclosing the second device 150B may access the second guest address through the second IOMMU.), send the first unique identification value to the first device during a secure assignment of the first device to a first trusted domain of the memory (Apfelbaum – Fig. 4 & par. [0035] disclosing the first VIOMMU 171A may have the first security designation of one-to-one translation, such that the first VIOMMU 171A links the first guest virtual address (e.g., address 0100) with a first guest physical address (e.g., 0100) at the same address location.), and send the second unique identification value to the second device during a secure assignment of the second device to a second trusted domain of the memory (Apfelbaum – Fig. 4 & par. [0035] disclosing the second VIOMMU 172A may have the second security designation of standard translation, such that the second VIOMMU 172A links the second guest virtual address (e.g., address 3FF0) with a second guest physical address (e.g., A7F0) at a different address location.). 

Referring to claim 2, Apfelbaum discloses the apparatus of claim 1, wherein only execution of the secure arbitration mode firmware (Apfelbaum – Fig. 1, par. [0016] disclosing a computer system executing a hypervisor 180.) causes the first unique identification value to be assigned for the first input-output memory management circuit (Apfelbaum – Fig. 4, step 415 & par. [0035] disclosing the hypervisor 180 may then provide the table 160A to a guest virtual machine (e.g., first guest virtual machine 170A) having a plurality of guest addresses including a first guest address and a second guest address. Step 420 disclosing the first device 150A may access the first guest address through the first IOMMU.) or the second unique identification value to be assigned for the second input-output memory management circuit (Apfelbaum – Fig. 4, step 415 & par. [0035] disclosing the hypervisor 180 may then provide the table 160A to a guest virtual machine (e.g., first guest virtual machine 170A) having a plurality of guest addresses including a first guest address and a second guest address. Step 425 disclosing the second device 150B may access the second guest address through the second IOMMU.). 

Referring to claims 9 and 17, note the rejection of claim 1 above. The Instant Claims recite substantially same limitations as the above-rejected and discloses and is therefore rejected under same prior-art teachings.

Referring to claims 10 and 18, note the rejection of claim 2 above. The Instant Claims recite substantially same limitations as the above-rejected and discloses and is therefore rejected under same prior-art teachings.

Claim Rejections - 35 USC § 103
6.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

7.	Claims 3, 11 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Apfelbaum in view of Guim et al. (US Pub. No. 2017/0286326 A1 hereinafter “Guim”).
Referring to claim 3, Apfelbaum discloses the apparatus of claim 1, however, fails to explicitly disclose wherein the first unique identification value and the second unique identification value are stored in a protected register that is only accessible by the secure arbitration mode firmware.
	Guim discloses the first unique identification value and the second unique identification value are stored in a protected register (Guim – Claim 3 states a protection key register wherein each of the plurality of fields is indexed by one of the protection keys associated with the memory access permission.).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to include Guim’s teachings with Apfelbaum’s teachings for the benefit of implementing a protection key architecture that provides memory protection from external devices at a thread level (Guim – par. [0021]).

Referring to claims 11 and 19, note the rejection of claim 3 above. The Instant Claims recite substantially same limitations as the above-rejected and discloses and is therefore rejected under same prior-art teachings.

8.	Claims 4, 5, 12, 13, 20 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Apfelbaum in view of Teh et al. (US Pub. No. 2013/0007332 A1 hereinafter “Teh”).
Referring to claim 4, Apfelbaum discloses the apparatus of claim 1, wherein the first device and a third device coupled to the memory (Apfelbaum – Figs. 3A, 3C show the first device 150A coupled to the first guest address 310 and the third device 250A coupled to the first guest address 310.), however, fails to explicitly disclose wherein the first device and a third device coupled to the memory have a same requester identification value.
	Teh discloses the first device and a third device have a same requester identification value (Teh – par. [0066] discloses hardware remapping logic 625 further handles all the bus master direct memory access (DMA) cycles from aggregated PCIe SSD devices 610-61N such that they are initiated using the same device identifier/Requester ID (i.e. Bus: Device: Function) as integrated AHCI/SATA controller 650 and SATA devices 680-68N (these bus master cycles may also be required to share a Tag value for the single Requester ID).).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to include Teh’s teachings with Apfelbaum’s teachings for the benefit of having a plurality of point-to-point serial connections for a plurality of endpoints managed as a single connection by the root complex (Teh – par. [0003]).

Referring to claim 5, Apfelbaum and Asaro disclose the apparatus of claim 4, wherein the processor is to execute the secure arbitration mode firmware to cause a request to be sent from (Apfelbaum – par. [0018-0021] disclose the use of the hypervisor through the IOMMU to control or block a device from accessing the memory.). 

Referring to claims 12 and 20, note the rejection of claim 4 above. The Instant Claims recite substantially same limitations as the above-rejected and discloses and is therefore rejected under same prior-art teachings.

Referring to claims 13 and 21, note the rejection of claim 5 above. The Instant Claims recite substantially same limitations as the above-rejected and discloses and is therefore rejected under same prior-art teachings.

9.	Claims 6-8, 14-16 and 22-24 are rejected under 35 U.S.C. 103 as being unpatentable over Apfelbaum in view of Asaro et al. (US Pub. No. 2020/0133878 A1 hereinafter “Asaro”).
Referring to claim 6, Apfelbaum discloses the apparatus of claim 1, however, fails to explicitly disclose wherein the processor is to execute the secure arbitration mode firmware to cause a request to be sent from the processor to a device coupled to the memory, and allow memory access to the first trusted domain of the memory by the device only when the device sends the first unique identification value in a response message.
	Asaro discloses the processor is to execute the secure arbitration mode firmware to cause a request to be sent from the processor to a device coupled to the memory, and allow memory access to the first trusted domain of the memory by the device only when the device sends the first unique identification value in a response message (Asaro – par. [0010] discloses he processor concurrently executes multiple VMs, and each VM uses the GPU to execute specified operations. For memory accesses resulting from these operations, the GPU generates memory access requests, and includes with each memory access request a request identifier indicating the VM associated with the request. In response to receiving a memory access request, the IOMMU identifies, based on the request identifier, a pointer to a set of page tables, and uses the set of page tables to identify a system memory address for the memory access request. The page tables are set up by a hypervisor so that each VM is only able to access a corresponding region of the system memory.).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to include Asaro’s teachings with Apfelbaum’s teachings for the benefit of implementing a virtualized computing environment thereby supporting efficient memory access by the bus devices while ensuring that the different regions of memory are protected from unauthorized access (Asaro – Abstract).

Referring to claim 7, Apfelbaum and Asaro disclose the apparatus of claim 6, wherein the memory access is a direct memory access by the device (Apfelbaum – par. [0042] disclosing access attempts are direct memory access attempts by the first device 150a and second device 150B.). 

Referring to claim 8, Apfelbaum and Asaro disclose the apparatus of claim 6, wherein, when the device sends the first unique identification value in the response message, the processor is to execute the secure arbitration mode firmware to select a trusted root pointer to use to perform the device to first input-output memory management circuit attachment (Asaro– par. [0017, 0030] discloses during initialization of a VM, a management entity (e.g., a hypervisor) sets up corresponding page tables, wherein the page tables identify the physical address associated with the virtual addresses used by the VM. The management entity generates the page tables for the VM so that the physical addresses correspond to the region of the memory 110 assigned to that VM. In addition, the management entity creates a set of page table pointers 115, wherein each page table pointer points to a different page table. The page table pointers 115 further include an identifier for each page table pointer that is used by the IOMMU to identify memory access requests targeted to a given set of page tables.).

Referring to claims 14 and 22, note the rejection of claim 6 above. The Instant Claims recite substantially same limitations as the above-rejected and discloses and is therefore rejected under same prior-art teachings.
	
Referring to claims 15 and 23, note the rejection of claim 7 above. The Instant Claims recite substantially same limitations as the above-rejected and discloses and is therefore rejected under same prior-art teachings.

Referring to claims 16 and 24, note the rejection of claim 8 above. The Instant Claims recite substantially same limitations as the above-rejected and discloses and is therefore rejected under same prior-art teachings.

Conclusion
The examiner requests, in response to this office action, support be shown for language added to any original claims on amendment and any new claims. That is, indicate support for newly added claim language by specifically pointing to page(s) and line number(s) in the 
In amending in reply to a rejection of claims in an application or patent under reexamination, the applicant or patent owner must clearly point out the patentable novelty which he or she thinks the claims present in view the state of the art disclosed by the references cited or the objections made. The applicant or patent owner must also show how the amendments avoid such references or objections.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAYTON LEWIS-TAYLOR whose telephone number is (571) 270-7754.  The examiner can normally be reached on Monday through Thursday, 8AM TO 4PM, EASTERN TIME.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Idriss Alrobaye, can be reached on (571) 270-1023. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available 

/DAYTON LEWIS-TAYLOR/
Examiner, Art Unit 2181     

/IDRISS N ALROBAYE/               Supervisory Patent Examiner, Art Unit 2181