DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Response to Amendments and Arguments
The present Office action is in response to Applicant’s response of December 28, 2021, hereinafter “Reply”, and request for continued examination (RCE) of March 11, 2022, after final rejection of December 14, 2021, hereinafter “Final Rejection”.  In the Reply, claims 1, 9, and 15 have been amended, and no claims have been cancelled nor added.  Furthermore, in the Examiner’s Amendment below, claims 1, 9, and 15 have been amended.  Thus, with this Office action, claims 1-20 remain pending in the application. 
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submissions filed on March 11, 2022 have been entered.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
The examiner’s amendment was discussed in an interview with Applicant’s representative, Mark Watson, on April 26, 2022.  Authorization from Applicant for the examiner’s amendment was given on April 26, 2022.

Amendments to the Specification

Please amend the Abstract as followed.

An apparatus to facilitate memory map security in a system on chip (SOC)an access to a memory device and perform an alias checking process to verify accuracy of a memory map of the memory device.

Amendments to the Claims

Please amend the Abstract as followed.

1.	(Currently amended)   An apparatus to facilitate memory map security in a system on chip (SOC), comprising: 
a memory device; 
a plurality of interconnect protocol (IP) agents configured to access the memory device; 
a micro controller to receive a request to grant a host device an access to the memory device and perform an alias checking process for each of the plurality of IP agents, the alias checking process verifies 
cryptographic hardware to store the memory map;
wherein the micro controller in the SOC attests to each of the IP agents that the memory map has been verified;
wherein the alias checking process and the attestation are performed by the micro controller prior to enabling the access to the memory device for the host device, and
wherein there is no range overlap in the memory range across all of the plurality of IP agents.

9.	(Currently amended)   A method to facilitate memory map security in a system on chip (SOC), comprising: 
receiving a request at a micro controller from a Basic Input/output System (BIOS) firmware to grant a host device access to a memory device and perform access grant requests initiated by a boot firmware; 
the micro controller performing an alias checking process to verify accuracy of a memory map of the memory device that indicates how the memory device is configured for use by interconnect protocol (IP) [[IP]] agents, comprising:
comparing a memory range across each of the IP agents; and
verifying that one or more rules are adhered to across the IP agents; 
the micro controller performing an attestation process to verify the integrity of the memory map; and  
storing the memory map in cryptographic hardware;
wherein the micro controller in the SOC attests to each of the IP agents that the memory map has been verified;
wherein the alias checking process and the attestation are performed by the micro controller prior to enabling the access to the memory device for the host device, and
wherein there is no range overlap in the memory range across all of the IP agents. 

15.	(Currently amended)   A computing device comprising: 
a processor;
a memory device;
a Basic Input/output System (BIOS) firmware to program a memory map that indicates how the memory device is configured for a plurality of interconnect protocol (IP) agents; 
an integrated on-chip system fabric coupled between the processor, the memory device and the BIOS firmware; 
a micro controller, coupled to the system fabric, to receive a request from the BIOS firmware to grant the processor access to the memory device and perform access grant requests initiated by a boot firmware and perform an alias checking process to verify accuracy of the memory map of the memory device, including comparing a memory range across each of the IP agents and verifying that one or more rules are adhered to across the IP agents; and 
cryptographic hardware to store the memory map, wherein the memory map indicates how the memory is configured for use by the plurality of IP agents;
wherein the micro controller in the computing device attests to each of the IP agents that the memory map has been verified;
wherein the alias checking process and the attestation are performed by the micro controller prior to enabling the access to the memory device for the processor, and
wherein there is no range overlap in the memory range across all of the IP agents. 

The Examiner's statement of reasons for allowance is as followed.

The independent claim 1 recites:
An apparatus to facilitate memory map security in a system on chip (SOC), comprising: 
a memory device; 
a plurality of interconnect protocol (IP) agents configured to access the memory device; 
a micro controller to receive a request to grant a host device an access to the memory device and perform an alias checking process for each of the plurality of IP agents, the alias checking process verifies accuracy of a memory map of the memory device that indicates how the memory device is configured for use by the plurality of IP agents, wherein the micro controller performs the alias checking process by comparing a memory range across each of the IP agents and verifying that one or more rules are adhered to across the IP agents; and 
cryptographic hardware to store the memory map;
wherein the micro controller in the SOC attests to each of the IP agents that the memory map has been verified;
wherein the alias checking process and the attestation are performed by the micro controller prior to enabling the access to the memory device for the host device, and
wherein there is no range overlap in the memory range across all of the plurality of IP agents.

When considering the independent claim 1 as a whole, the prior art of record does not teach the limitations:  An apparatus to facilitate memory map security in a system on chip (SOC), comprising: a memory device; a plurality of interconnect protocol (IP) agents configured to access the memory device; a micro controller to receive a request to grant a host device an access to the memory device and perform an alias checking process for each of the plurality of IP agents, the alias checking process verifies accuracy of a memory map of the memory device that indicates how the memory device is configured for use by the plurality of IP agents, wherein the micro controller performs the alias checking process by comparing a memory range across each of the IP agents and verifying that one or more rules are adhered to across the IP agents; and cryptographic hardware to store the memory map; wherein the micro controller in the SOC attests to each of the IP agents that the memory map has been verified; wherein the alias checking process and the attestation are performed by the micro controller prior to enabling the access to the memory device for the host device, and wherein there is no range overlap in the memory range across all of the plurality of IP agents.  

Therefore, in the context of the independent claim 1 as a whole, the prior art of record does not teach the claimed subject matter.  Thus, the subject matter of the independent claim 1 is allowable.

Furthermore, when considering the independent claims 9 and 15, the independent claims 9 and 15 are allowable on substantially the same rationale as that in the independent claim 1 above.

Corresponding dependent claims depend directly or indirectly from the allowable independent claims and are therefore also allowable.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Wentz (US 2021/0091952 A1) discloses a method of manufacturing a secure computing hardware apparatus includes receiving at least a secret generator, wherein the secret generator is configured to generate a module-specific secret, receiving a device identifier, wherein the device identifier is configured to produce at least an output comprising a secure proof of the module-specific secret, and communicatively connecting the device identifier to the secret generator.
Ho (US 2015/0317089 A1) discloses a system and a method for managing an expansion read-only memory (ROM), and a management host thereof are provided. The management host is connected with a computer host through a bridge. The management host establishes an address lookup table to assign a virtual function and an expansion ROM corresponding to the virtual function. When a request is issued by the computer host to obtain a size of the expansion ROM, the management host provides data in a shadow register block corresponding to the expansion ROM to the computer host according to the address lookup table. The computer host assigns a memory block in the computer host to the expansion ROM according to the data in the shadow register block. When another request is issued by the computer host to obtain data of the expansion ROM, the management host provides the data of the expansion ROM to the computer host.
Lukacs et al. (US 2015/0271139 A1) discloses systems and methods allow protecting a client system, such as a computer system or smartphone, from malware. In some embodiments, a network regulator device is used to distribute a bootable image of a hypervisor, on demand, to each of a set of client systems connected to a network. After booting on a client system, the hypervisor loads the local OS and applications into a virtual machine. Integrity measurements of the hypervisor and/or OS are sent to the network regulator for verification. When the network regulator determines that software executing on a client system, such as the hypervisor and/or the OS, are not in a trusted state, the network regulator may block access of the respective client system to the network.
Brannock et al. (US 2019/0042780 A1) discloses various embodiments are generally directed to an apparatus, method and other techniques to detect an access request to access a computing resource while in a system management mode (SMM), determine a bit of a lock register is set to enable access to a bitmap associated with the computing resource, the bitmap to indicate an access policy for the computing resource, and determine whether the access request violate the access policy set in the bitmap. Embodiments may also include performing the access request if the access request does not violate the access policy, and causing a fault if the access request does violate the access policy.
Chen et al. (US 2016/0216893 A1) discloses a smart card management method, a memory storage device, and a memory control circuit unit are provided. The method includes: receiving a first setting command corresponding to a temporary file from a host system. The temporary file is configured to access the smart card, and the first setting command includes a plurality of first setting messages. One of the first setting messages includes first setting command verification information and first location identification information. The first setting command verification information is configured to verify whether the first setting command is configured to set the temporary file, and the first location identification information is configured to find a logical unit corresponding to the first setting message including the first location identification information. The method also includes: recording a first logic range belonging to the temporary file in a look-up table according to the first setting command.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Tong B Vo whose telephone number is (571)272-7568. The examiner can normally be reached on M-F 9:00 AM - 5:00 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Charles Rones can be reached on (571)272-4085. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/T.B.V./Patent Examiner, Art Unit 2136

/CHARLES RONES/Supervisory Patent Examiner, Art Unit 2136