17132DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
Claim 8 is objected to because of the following informalities:  
In claim 8, line 2 “a domain identifiers” should read “ a domain identifier”. 
Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 5-10, 12-16, 20-22 are rejected under 35 U.S.C. 103 as being unpatentable over Pohlack et al. (US 10706147B1), hereinafter Pohlack in view of Heriman et al. (US 20200004684A1), hereinafter Heirman.
Regarding claim 1, Pohlack teaches an apparatus comprising (Pohlack: Abstract, Col. 2 Lines 55-59, Col. 8 Lines 31-40 provide for an apparatus to detect side channel attack):
a cache memory to store data (Pohlack: Col. 5 Lines 37-45 provides for a cache to store information); and 
a processor comprising target hardware circuitry for data to be stored in the cache memory (Pohlack: Col. 5 Lines 37-45 provide for the processor comprising logic circuitry to store sensitive information (data) in a cache), including: 
a cache set monitor circuitry to determine critical cache addresses to monitor to determine processes that retrieve data from the cache memory (Pohlack: Col 8 Lines 50-67, Col 9 Lines 1-8 provide for the memory usage monitor which may determine process that is repeatedly refreshing cache lines in a cache set as an attacker. Also, memory usage monitor generally monitor the miss rates of all the host memory pages used by the VMs which can be represented by the critical cache addresses). 
pattern monitor hardware circuitry to monitor cache access patterns to the target cache addresses to detect potential side-channel cache attacks on the cache memory by an attacker process (Pohlack: Col. 9 Lines 9-22 provides for a memory usage monitor to watch for particular memory access patterns to detect attacks).
Pohlack does not teach about the processor comprising prefetch circuitry to pre-fetch data. However, Heirman teaches this limitation (Heirman: [0075] provides for the processor comprising prefetch logic circuit to prefetch data to be stored in the cache).
Pohlack and Heirman are both considered to be analogous to the claimed invention because they are in the same field of cache monitoring. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pohlack to incorporate the teachings of Heirman and provide a data prefetching logic to cache monitoring. Doing so would aid in increasing speed of the processor by preemptively fetching instructions and data from relatively slower storage locations to faster storage locations (e.g. cache) before they are requested for execution.
Regarding claim 10, the claim teaches the same limitations as claim 1 for a method and is thereby rejected under the same rationale.
Regarding claim 16, the claim teaches the same limitations as claim 1 for a central processing unit and is thereby rejected under the same rationale.
Regarding claim 21, the claim teaches the same limitations as claim 1 for a computer readable medium and is thereby rejected under the same rationale.
Regarding claim 5, Pohlack teaches the apparatus of claim 1, wherein the pattern monitor circuitry generates an interrupt upon detection of a side-channel cache attack (Pohlack: Col. 21 Lines 27-58 provides for the generation of responsive actions (shutting down etc.) which can be represented by an interrupt upon detection of a side-channel cache attack).
Regarding claim 12, the claim teaches the same limitations as claim 5 for a method and is thereby rejected under the same rationale.
Regarding claim 20, the claim teaches the same limitations as claim 5 for a central processing unit and is thereby rejected under the same rationale.
Regarding claim 6, Pohlack teaches the apparatus of claim 5, wherein the pattern monitor circuitry transmits the interrupt to system software (Pohlack: Col. 21 Lines 27-58 provides for transmitting the interrupt using log of memory usage activities that evidence the suspected attack).
Regarding claim 13, the claim teaches the same limitations as claim 6 for a method and is thereby rejected under the same rationale.
Regarding claim 22, the claim teaches the same limitations as claim 5 and 6 for a computer readable medium and is thereby rejected under the same rationale.
Regarding claim 7, Pohlack teaches the apparatus of claim 6, wherein the system software performs one or more actions to mitigate the side-channel cache attack (Pohlack: Col. 21 Lines 27-58 provides for performing one or more actions (shutting down etc.) to mitigate the side-channel cache attack).
Regarding claim 8, Pohlack teaches the apparatus of claim 5, wherein the interrupt comprises a reason for exit and a domain identifier associated with each process that accessed the critical cache addresses (Pohlack: Col. 21 Lines 27-58 provides for the interrupt comprising log of memory usages that evidence the attack. Col. 6 Lines 52-64 provides for domain identifier associated with processes which can be used to identify the attack). 
Regarding claim 14, the claim teaches the same limitations as claim 8 for a method and is thereby rejected under the same rationale.
Regarding claim 9, Pohlack teaches the apparatus of claim 1, wherein the pattern monitor circuitry implements a machine learning model to monitor the cache access patterns (Pohlack: Col. 9 Lines 9-22 provides for a memory usage monitor to watch for particular memory access patterns to detect attacks. Col. 3 Lines 38-55 provides for different techniques to monitor the cache access patterns).
Using machine learning model to monitor patterns to detect anomaly is a well-known concept. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pohlack/Heirman to incorporate machine learning techniques to detect anomalies in cache access patterns. Doing so would aid in detecting the attack on cache more efficiently. 
Regarding claim 15, the claim teaches the same limitations as claim 9 for a method and is thereby rejected under the same rationale.
Claim 2, 3, 4, 11, 17, 18 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Pohlack (US 10706147B1) in view of Heriman (US 20200004684A1), and Roy et al. (US 20170286302A1), hereinafter Roy. 
Regarding claim 2, Pohlack and Heirman do not teach about the cache set monitor circuitry checking protection key permissions via protection key bits. However, Roy teaches this limitation (Roy: [0045][0046] provide for checking protection key via protection key bits).
Pohlack, Heirman and Roy are all considered to be analogous to the claimed invention because they are in the same field of cache monitoring. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pohlack/Heirman to incorporate the teachings of Roy and provide checking protection key permissions. Doing so would aid in specifying whether to monitor accesses to the virtual pages associated with the key bits for events. 
Regarding claim 11, the claim teaches the same limitations as claim 2 for a method and is thereby rejected under the same rationale.
Regarding claim 17, the claim teaches the same limitations as claim 2 for a central processing unit and is thereby rejected under the same rationale.
Regarding claim 3, Pohlack and Heirman do not teach about the apparatus of claim 2, comprising a translation lookaside buffer comprising a security bit including bit information to identify a page as being security critical. However, Roy teaches about this limitation (Roy: [0045] [0046] provide for the translation lookaside buffer comprising key bits including information to identify a page as being security critical and whether to monitor it).
Regarding claim 18, the claim teaches the same limitations as claim 3 for a central processing unit and is thereby rejected under the same rationale.
Regarding claim 4, Pohlack and Heirman do not teach about the cache set monitor circuitry determining a critical cache address as an address associated with a security critical page. However, Roy teaches this limitation (Roy: [0045] [0046] provide for the security critical page for which monitoring accesses for events is performed and which is associated with a cache address). 
Regarding claim 19, the claim teaches the same limitations as claim 4 for a central processing unit and is thereby rejected under the same rationale.
Pertinent Art
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure
Jiang et al. (US 20210192045A1) recites the method for detecting a cache-based side-channel attack.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to YASMIN JAHIR whose telephone number is (571)272-0346. The examiner can normally be reached Mon-Fri 9:00-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469)295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                                        




/YASMIN JAHIR/Examiner, Art Unit 2432