DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-8, 14-16, and 18-20, is/are rejected under 35 U.S.C. 103 as being unpatentable over Gross et al., (WO 2013/174503) and Cooperstein et al., (US 8,245,270), both sited as prior art.

As per claim 1, Gross teaches a device, comprising: a plurality of execute units configured to perform operations identified by instructions (implemented to securely execute an untrusted applications using a secure loader, 2) loaded from a memory; and a domain register configured (via a native processor instructed to enter sandbox domain, Fig. 1, 1, pg. 2, lines 30-34) to store an identifier of a current domain of a routine having instructions (wherein a memory page is dynamically loads new code from external memory regions, pg.2, lines 27-34) being executed via the plurality of execute units, wherein the current domain is in a predefined set of domains of routines (Gross, Fig. 1, 1, pg. 2, lines 30-34). Gross does not expressly discloses “wherein the device is configured to apply, based at least on a setting identified using the identifier of the current domain stored in the domain register, a security control on a resource to be accessed in execution of an instruction of the routine being executed via the plurality of execute units while the domain register has the identifier.”  Nonetheless, Cooperstein discloses in an analogous art a sandbox application which a domain register – in the form of a resource based security system using sandboxed code – stores and identifies if a current domain can be trusted according to a policy associated with denying or granting access, by a processor. (Cooperstein, Fig. 3, item 310, col. 4, lines 66-col. 5, lines 1-8)
Therefore, it would have been obvious for one of ordinary skills in the art before the effective filing data at the time of Applicant’s invention to modify Gross’ secure loader with Cooperstein’s sandbox application in which a resource based security system with a domain register stores and identifies if a current domain can be trusted according to a policy associated  with denying or granting access, by a processor, hence rendering the cited limitations obvious and lacking patentable significance.
As per claim 2, Gross in view of Cooperstein teaches wherein  the memory configured to store the routines, wherein each of the routines stored in the memory is classified in one of the domains in the predefined set.  (Gross discloses a type of sandbox domain that at the same time aims to provide an execution environment that allows the safe and undisturbed execution of applications Gross pg.9, lines 22-26, Cooperstein discloses storing and identifying if a current domain can be trusted according to a policy associated  with denying or granting access, by a processor, Cooperstein, Fig. 3, item 310, col. 4, lines 66-col. 5, lines 1-8)

As per claim 3, Gross in view of Cooperstein teaches wherein the security control is configured to allow or deny, based on the setting, access to the memory during the execution the instruction of the routine in the plurality of execute unit at a time when the domain register stores the identifier of the current domain.  (sandbox uses a dedicated stack for all privileged code to prevent data leaks to the /unprivileged domain, Gross col. 17, lines 29-31, Cooperstein discloses storing and identifying if a current domain can be trusted according to a policy associated  with denying or granting access, by a processor, Cooperstein, Fig. 3, item 310, col. 4, lines 66-col. 5, lines 1-8)

As per claim 4, Gross in view of Cooperstein teaches wherein the type of memory access includes at least one of reading data from the memory region, writing data into the memory region, or loading an instruction from the memory region for execution in the processor, or any combination thereof.  (Gross discloses a type of sandbox domain that at the same time aims to provide an execution environment that allows the safe and undisturbed execution of applications Gross pg.9, lines 22-26, Cooperstein discloses storing and identifying if a current domain can be trusted according to a policy associated  with denying or granting access, by a processor, Cooperstein, Fig. 3, item 310, col. 4, lines 66-col. 5, lines 1-8)


As per claim 5, Gross in view of Cooperstein teaches wherein the processor further comprises a privileged register; and the security measures include controlling access to the privileged register based on a permission specified for the current domain.  (sandbox uses a dedicated stack for all privileged code to prevent data leaks to the /unprivileged domain, Gross col. 17, lines 29-31, Cooperstein discloses storing and identifying if a current domain can be trusted according to a policy associated  with denying or granting access, by a processor, Cooperstein, Fig. 3, item 310, col. 4, lines 66-col. 5, lines 1-8)

As per claim 6, Gross in view of Cooperstein teaches wherein the security measures include selectively deployment a sandboxing operation to isolate resources of a calling routine and a called routine based on a permission specified for the current domain.  (Gross discloses a type of sandbox domain that at the same time aims to provide an execution environment that allows the safe and undisturbed execution of applications Gross pg.9, lines 22-26, Cooperstein discloses storing and identifying if a current domain can be trusted according to a policy associated  with denying or granting access, by a processor, Cooperstein, Fig. 3, item 310, col. 4, lines 66-col. 5, lines 1-8)

As per claim 7, Gross in view of Cooperstein teaches wherein the (security) setting measures are based on a -- 22 --Patent ApplicationAttorney Docket No. 120426-124501/US(security) setting configuration specified for the current domain and for a memory region.  (Gross discloses a type of sandbox domain that at the same time aims to provide an execution environment that allows the safe and undisturbed execution of applications Gross pg.9, lines 22-26, Cooperstein discloses storing and identifying if a current domain can be trusted according to a policy associated  with denying or granting access, by a processor, Cooperstein, Fig. 3, item 310, col. 4, lines 66-col. 5, lines 1-8)
As per claim 8, Gross in view of Cooperstein further comprises: a memory management unit coupled between the processor and the memory, wherein the memory management unit (Cooperstein, Fig. 2, 206) is configured to manage a page table (Gross discloses a type of sandbox domain that at the same time aims to provide an execution environment that allows the safe and undisturbed execution of applications Payer pg. 9, lines 22-26, the trusted execution domain (TED) communicates with a ‘kernel of the operating system, Gross, pg. 29, lines 1-15) containing a page table entry that includes the security configuration for the memory region (sandbox uses a dedicated stack for all privileged code to prevent data leaks to the /unprivileged domain, Payer col. 17, lines 29-31) that is identified by the page table entry.
As per claim 14,  Gross teaches a method, comprising: performing, using a plurality of execute units of a processor (implemented to securely execute an untrusted applications using a secure loader, 2), operations identified by instructions loaded from a memory; storing, in a domain register, a domain identifier of a routine (wherein a memory page is dynamically loads new code from external memory regions, pg.2, lines 27-34) having instructions (via native processor instructed to enter sandbox domain, (Fig. 1, 1, pg. 2, lines 30-34) being executed via the plurality of execute units, the domain identifier identifying a current domain among a predefined set of domains of routines. Cooperstein discloses in an analogous art a sandbox application which a domain register – in the form of a resource based security system using sandboxed code – stores and identifies if a current domain can be trusted according to a policy associated with denying or granting access, by a processor. (Cooperstein, Fig. 3, item 310, col. 4, lines 66-col. 5, lines 1-8) applied to instructions executed in the processor based at least in part on the identification stored in the domain register.  
 
Therefore, it would have been obvious for one of ordinary skills in the art before the effective filing data at the time of Applicant’s invention to modify Gross’ secure loader with Cooperstein’s sandbox application in which a resource based security system with a domain register stores and identifies if a current domain can be trusted according to a policy associated  with denying or granting access, by a processor, hence rendering the cited limitations obvious and lacking patentable significance.

As per claim 15, Gross in view of Cooperstein teaches further comprising: s  storing a plurality of settings in a page table entry for a plurality of domains respectively in the predefined set; and extracting the setting from the page table entry using the domain register during translating a virtual memory address to a physical memory address according to the page table entry. (Cooperstein, Fig. 2, 206) is configured to manage a page table (Gross discloses a type of sandbox domain that at the same time aims to provide an execution environment that allows the safe and undisturbed execution of applications Gross pg. 9, lines 22-26, the trusted execution domain (TED) communicates with a ‘kernel of the operating system, Gross, pg. 29, lines 1-15) containing a page table entry that includes the security configuration for the memory region (sandbox uses a dedicated stack for all privileged code to prevent data leaks to the /unprivileged domain, Gross col. 17, lines 29-31)
 
As per claim 16, Gross in view of Cooperstein, wherein the applying of the security control comprises: determining, based on the setting, whether to allow or deny a request to access a memory unit identified by the virtual memory address.  (sandbox uses a dedicated stack for all privileged code to prevent data leaks to the /unprivileged domain, Gross col. 17, lines 29-31, Cooperstein discloses storing and identifying if a current domain can be trusted according to a policy associated  with denying or granting access, by a processor, Cooperstein, Fig. 3, item 310, col. 4, lines 66-col. 5, lines 1-8)

As per claims 18-20, see rejections above.

Allowable Subject Matter
Claims 9-13 and 17 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Conclusion
The examiner requests, in response to this office action, support be shown for language added to any original claims on amendment and any new claims. That is, indicate support for newly added claim language by specifically pointing to page(s) and line number(s) in the specification and/or drawing figure(s). This will assist the examiner in prosecuting the application. When responding to this office action, applicant is advised to clearly point out the patentable novelty which he or she thinks the claims present, in view of the state of art disclosed by the references cited or the objections made. He or she must also show how the amendments avoid such references or objections. See 37 C.F.R.I .Hi(c). In amending in reply to a rejection of claims in an application or patent under reexamination, the applicant or patent owner must clearly point out the patentable novelty which he or she thinks the claims present in view the state of the art disclosed by the references cited or the objections made. The applicant or patent owner must also show how the amendments avoid such references or objections. Any inquiry concerning this communication or earlier communications from the examiner should be directed to TAMMARA R PEYTON whose telephone number is (571)272-4157. The examiner can normally be reached on 9am-5pm, EST M-F. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Henry Tsai can be reached on 571-272-4176. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/TAMMARA R PEYTON/
Primary Examiner, Art Unit 2184
May 7, 2022