DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1, 4-15, 18-21, and 23 are pending. Claims 1, 4, 8, 9, 15, 18, and 21 have been amended as per Applicants' request. Claims 2, 3, 16, 17, and 22 have been canceled as per Applicants' request.

Papers Submitted
It is hereby acknowledged that the following papers have been received and placed of record in the file:
Amended Claims as filed on March 04, 2022

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-8, 15-19, 21, and 22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sahita et al. (US 2019/0087575) (hereinafter Sahita) (published March 21, 2019) in view of Leclercq (US 2012/0042157) (hereinafter Leclercq) (published February 16, 2012).
Regarding Claim 1, Sahita discloses an apparatus to facilitate security of a shared memory resource, comprising: a memory device to store memory data, wherein the memory device comprises a plurality of private memory pages associated with one or more trusted domains; and
“In Example 5, the subject matter of any one of Examples 1-4 can optionally include wherein the MK-TME engine generates a plurality of encryption keys accessed via key IDs assigned to the TD for use in encrypting and decrypting the memory pages of the TD, and encrypting and decrypting memory pages corresponding to persistent memory assigned to the TD, and wherein the MOT to track the plurality of key IDs via one key ID associated with each entry in the MOT” (Sahita [0175])

a cryptographic engine to encrypt and decrypt the memory data, including a key encryption table having a key identifier associated with each trusted domain to access a private memory page,
“reference the MOT to obtain at least one key identifier (ID) corresponding to an encryption key assigned to the TD, the key ID to allow the processing device to decrypt memory pages assigned to the TD responsive to the processing device executing in the context of the TD, the memory pages assigned to the TD encrypted with the encryption key” (Sahita [0173])

an input-output memory management unit (IOMMU) including a memory ownership table to indicate a trusted domain having ownership of each of the private memory pages,
“reference the MOT to obtain at least one key identifier (ID) corresponding to an encryption key assigned to the TD, the key ID to allow the processing device to decrypt memory pages assigned to the TD responsive to the processing device executing in the context of the TD, the memory pages assigned to the TD encrypted with the encryption key; and reference the MOT to obtain a guest physical address corresponding to a host physical memory page assigned to the TD, wherein a match of the guest physical address obtained from the MOT with an accessed guest physical address is to allow the processing device access to the memory pages assigned to the TD responsive to the processing device executing in the context of the TD” (Sahita [0173])

wherein the memory ownership table includes a plurality of attributes, including an I/O attribute bit to indicate whether access to a private memory page comprises an access by an I/O device
“In one implementation, the MOT 160 is aligned on a 4 KB boundary of memory and occupies a physically contiguous region of memory protected from access by software after platform initialization. In an implementation, the MOT is a micro-architectural structure and cannot be directly accessed by software. Architecturally, the MOT 160 holds the following security attributes for each 4 KB page of host physical memory:” (Sahita [0065])

“Page Category—DRAM, NVRAM, IO, Reserved” (Sahita [0067])

But does not explicitly state wherein a first key identifier is generated to perform direct memory access (DMA) transfers for each of a plurality of input/output (I/O) devices. However does disclose a DMA Unit “a direct memory access (DMA) unit 1132” (Sahita [0162]).
Leclercq discloses wherein a first key identifier is generated to perform direct memory access (DMA) transfers for each of a plurality of input/output (I/O) devices.
“the DMA or micro DMA controller reads data stored in the secure RAM and provides the data to a crypto processor (i.e., one of the HW accelerators), which encrypts the data using the generated data encryption key” (Leclercq [0050])

It would have been obvious before the effective filing date of the invention to one of ordinary skill in the art to combine the using of an encryption key to perform DMA transfers in Leclercq with Sahita to yield predictable results of increased security by having the data encrypted.

Regarding Claim 4, Sahita further discloses further comprising a central processing unit (CPU) to assign a private memory page for a DMA transfer to the first key identifier.
“The processor 112 consults the TDRM 180-managed MOT to assign allocation of memory to TDs 220. This allows the TDRM 180 the full ability to manage memory as a resource without having any visibility into data resident in assigned TD memory” (Sahita [0059] the DMA transfer disclosed above is provided memory by the processor)

Regarding Claim 5, Sahita further discloses wherein assigning the private memory page comprises mapping an I/O page to a guest physical address.
“reference the MOT to obtain a guest physical address corresponding to a host physical memory page assigned to the TD, wherein a match of the guest physical address obtained from the MOT with an accessed guest physical address is to allow the processing device access to the memory pages assigned to the TD responsive to the processing device executing in the context of the TD” (Sahita [0173])

Regarding Claim 6, Sahita further discloses wherein assigning the private memory page further comprises mapping the I/O page and the guest physical address to a host physical address.
“If the TDRM 180 has enabled an extended MOT, then the instruction can specify the initial guest physical address (GPA) that is mapped to the specified HPA” (Sahita [0080])

Regarding Claim 7, Sahita further discloses wherein assigning the private memory page further comprises storing the guest physical address and the host physical address in the memory ownership table and setting the I/O attribute bit in the memory ownership table to indicate that that the private memory page is accessible by the I/O device.
“In one implementation, the MOT 160 is aligned on a 4 KB boundary of memory and occupies a physically contiguous region of memory protected from access by software after platform initialization. In an implementation, the MOT is a micro-architectural structure and cannot be directly accessed by software. Architecturally, the MOT 160 holds the following security attributes for each 4 KB page of host physical memory:” (Sahita [0065])

“Page Category—DRAM, NVRAM, IO, Reserved” (Sahita [0067])

“If the TDRM 180 has enabled an extended MOT, then the instruction can specify the initial guest physical address (GPA) that is mapped to the specified HPA” (Sahita [0080])

“reference the MOT to obtain a guest physical address corresponding to a host physical memory page assigned to the TD, wherein a match of the guest physical address obtained from the MOT with an accessed guest physical address is to allow the processing device access to the memory pages assigned to the TD responsive to the processing device executing in the context of the TD” (Sahita [0173])

Regarding Claim 8, Leclercq further discloses wherein the IOMMU processes DMA transfers.
“the DMA or micro DMA controller reads data stored in the secure RAM and provides the data to a crypto processor (i.e., one of the HW accelerators), which encrypts the data using the generated data encryption key” (Leclercq [0050])

Regarding Claim 15, Sahita discloses a method to facilitate security of a shared memory resource, comprising: generating a plurality of key identifiers to be associated with a private memory page associated with one or more trusted domains,
“In Example 5, the subject matter of any one of Examples 1-4 can optionally include wherein the MK-TME engine generates a plurality of encryption keys accessed via key IDs assigned to the TD for use in encrypting and decrypting the memory pages of the TD, and encrypting and decrypting memory pages corresponding to persistent memory assigned to the TD, and wherein the MOT to track the plurality of key IDs via one key ID associated with each entry in the MOT” (Sahita [0175])

assigning a private memory page for a DMA transfer to the first key identifier,
“The processor 112 consults the TDRM 180-managed MOT to assign allocation of memory to TDs 220. This allows the TDRM 180 the full ability to manage memory as a resource without having any visibility into data resident in assigned TD memory” (Sahita [0059] the DMA transfer disclosed above is provided memory by the processor)

including: mapping an I/O page to a guest physical address;
“reference the MOT to obtain a guest physical address corresponding to a host physical memory page assigned to the TD, wherein a match of the guest physical address obtained from the MOT with an accessed guest physical address is to allow the processing device access to the memory pages assigned to the TD responsive to the processing device executing in the context of the TD” (Sahita [0173])

mapping the I/O page and the guest physical address to a host physical address;
“If the TDRM 180 has enabled an extended MOT, then the instruction can specify the initial guest physical address (GPA) that is mapped to the specified HPA” (Sahita [0080])

storing the guest physical address and the host physical address in a memory ownership table; and
“If the TDRM 180 has enabled an extended MOT, then the instruction can specify the initial guest physical address (GPA) that is mapped to the specified HPA” (Sahita [0080])

“reference the MOT to obtain a guest physical address corresponding to a host physical memory page assigned to the TD, wherein a match of the guest physical address obtained from the MOT with an accessed guest physical address is to allow the processing device access to the memory pages assigned to the TD responsive to the processing device executing in the context of the TD” (Sahita [0173])

setting an I/O attribute bit in the memory ownership table to indicate that that the private memory page is accessible by an I/O device
“In one implementation, the MOT 160 is aligned on a 4 KB boundary of memory and occupies a physically contiguous region of memory protected from access by software after platform initialization. In an implementation, the MOT is a micro-architectural structure and cannot be directly accessed by software. Architecturally, the MOT 160 holds the following security attributes for each 4 KB page of host physical memory:” (Sahita [0065])

“Page Category—DRAM, NVRAM, IO, Reserved” (Sahita [0067])

But does not explicitly state wherein plurality of key identifiers comprises a first key identifier to perform direct memory access (DMA) transfers for each of a plurality of input/output (I/O) devices. However does disclose a DMA Unit “a direct memory access (DMA) unit 1132” (Sahita [0162]).
Leclercq discloses wherein plurality of key identifiers comprises a first key identifier to perform direct memory access (DMA) transfers for each of a plurality of input/output (I/O) devices.
“the DMA or micro DMA controller reads data stored in the secure RAM and provides the data to a crypto processor (i.e., one of the HW accelerators), which encrypts the data using the generated data encryption key” (Leclercq [0050])

It would have been obvious before the effective filing date of the invention to one of ordinary skill in the art to combine the using of an encryption key to perform DMA transfers in Leclercq with Sahita to yield predictable results of increased security by having the data encrypted.

Regarding Claim 18, Sahita further discloses further comprising processing DMA transfers.
“the DMA or micro DMA controller reads data stored in the secure RAM and provides the data to a crypto processor (i.e., one of the HW accelerators), which encrypts the data using the generated data encryption key” (Leclercq [0050])

Regarding Claim 19, Sahita further discloses wherein processing the DMA transfers comprises: receiving a DMA transfer request from an I/O device; and checking a table to verify whether the I/O device is authorized to access a private memory page included in the request.
“More specifically, one of the device driver 111, 121, or . . . in one of the domains 110, 120, . . . requests the control access module 320 to allow it access to the memory 240 of the system resource unit 200 through the DMA driver 310 (operation S201). Next, it is determined whether the access control policy allows the domain, which executes the device driver, to access the memory 240 (operation S202)” (Lee [0048])

Regarding Claim 21, Sahita discloses at least one computer-readable medium having instructions, which when executed by a processor, causes the processor to generate a plurality of key identifiers to be associated with a private memory page associated with one or more trusted domains,
“In Example 5, the subject matter of any one of Examples 1-4 can optionally include wherein the MK-TME engine generates a plurality of encryption keys accessed via key IDs assigned to the TD for use in encrypting and decrypting the memory pages of the TD, and encrypting and decrypting memory pages corresponding to persistent memory assigned to the TD, and wherein the MOT to track the plurality of key IDs via one key ID associated with each entry in the MOT” (Sahita [0175])

assign a private memory page for a DMA transfer to the first key identifier, including:
“The processor 112 consults the TDRM 180-managed MOT to assign allocation of memory to TDs 220. This allows the TDRM 180 the full ability to manage memory as a resource without having any visibility into data resident in assigned TD memory” (Sahita [0059] the DMA transfer disclosed above is provided memory by the processor)

mapping an I/O page to a guest physical address;
“reference the MOT to obtain a guest physical address corresponding to a host physical memory page assigned to the TD, wherein a match of the guest physical address obtained from the MOT with an accessed guest physical address is to allow the processing device access to the memory pages assigned to the TD responsive to the processing device executing in the context of the TD” (Sahita [0173])

mapping the I/O page and the guest physical address to a host physical address;
“If the TDRM 180 has enabled an extended MOT, then the instruction can specify the initial guest physical address (GPA) that is mapped to the specified HPA” (Sahita [0080])

storing the guest physical address and the host physical address in a memory ownership table; and
“If the TDRM 180 has enabled an extended MOT, then the instruction can specify the initial guest physical address (GPA) that is mapped to the specified HPA” (Sahita [0080])

“reference the MOT to obtain a guest physical address corresponding to a host physical memory page assigned to the TD, wherein a match of the guest physical address obtained from the MOT with an accessed guest physical address is to allow the processing device access to the memory pages assigned to the TD responsive to the processing device executing in the context of the TD” (Sahita [0173])

setting an I/O attribute bit in the memory ownership table to indicate that that the private memory page is accessible by an I/O device
“In one implementation, the MOT 160 is aligned on a 4 KB boundary of memory and occupies a physically contiguous region of memory protected from access by software after platform initialization. In an implementation, the MOT is a micro-architectural structure and cannot be directly accessed by software. Architecturally, the MOT 160 holds the following security attributes for each 4 KB page of host physical memory:” (Sahita [0065])

“Page Category—DRAM, NVRAM, IO, Reserved” (Sahita [0067])

But does not explicitly state wherein plurality of key identifiers comprises a first key identifier to perform direct memory access (DMA) transfers for each of a plurality of input/output (I/O) devices. However does discloses a DMA Unit “a direct memory access (DMA) unit 1132” (Sahita [0162]).
Leclercq discloses wherein plurality of key identifiers comprises a first key identifier to perform direct memory access (DMA) transfers for each of a plurality of input/output (I/O) devices.
“the DMA or micro DMA controller reads data stored in the secure RAM and provides the data to a crypto processor (i.e., one of the HW accelerators), which encrypts the data using the generated data encryption key” (Leclercq [0050])

It would have been obvious before the effective filing date of the invention to one of ordinary skill in the art to combine the using of an encryption key to perform DMA transfers in Leclercq with Sahita to yield predictable results of increased security by having the data encrypted.


Claim 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sahita (published March 21, 2019) and Leclercq (published February 16, 2012) as applied to claim 8 above, and further in view of LEE et al. (US 2008/0256599) (hereinafter Lee) (published October 16, 2008).
Regarding Claim 9, the combination of Sahita and Leclercq disclosed the apparatus of claim 8, but does not explicitly state wherein the IOMMU receives a DMA transfer request from an I/O device and checks a table to verify whether the I/O device is authorized to access a private memory page included in the request.
Lee discloses wherein the IOMMU receives a DMA transfer request from an I/O device and checks a table to verify whether the I/O device is authorized to access a private memory page included in the request.
“More specifically, one of the device driver 111, 121, or . . . in one of the domains 110, 120, . . . requests the control access module 320 to allow it access to the memory 240 of the system resource unit 200 through the DMA driver 310 (operation S201). Next, it is determined whether the access control policy allows the domain, which executes the device driver, to access the memory 240 (operation S202)” (Lee [0048])

It would have been obvious before the effective filing date of the invention to one of ordinary skill in the art to combine the use of access control for DMA in Lee with the combination of Sahita and Leclercq to yield predictable results of increased security by filtering who can assess the memory.

Claim 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sahita (published March 21, 2019) and Leclercq (published February 16, 2012) as applied to claim 1 above, and further in view of Leis et al. (US 2005/0114688) (hereinafter Leis) (published May 26, 2005).
Regarding Claim 14, the combination of Sahita and Leclercq disclosed the apparatus of claim 1, but does not explicitly state wherein the first key identifier is generated during a system boot and is not reclaimable.
Leis discloses wherein the first key identifier is generated during a system boot and is not reclaimable.
“In accordance with one feature of the invention, a session key is generated once per boot, and the session key is used to encrypt and decrypt the contents of the paging file only during a single run of the system (e.g., between a startup and a shutdown). The session key is not persisted across boots of the machine” (Leis [0006]) 

It would have been obvious before the effective filing date of the invention to one of ordinary skill in the art to have the session key in Leis be key in the combination of Sahita and Leclercq to yield predictable results of increased security by not being able to reuse that key.


Response to Arguments
Applicant’s arguments, see page 7 of Remarks, filed March 04, 2022, with respect to enablement rejection have been fully considered and are persuasive.  The 112(a) rejection of claims 10, 20, and 23 has been withdrawn.
Applicant states in paragraph 3 of page 7 of Remarks “Paragraph [0034] of applicant's specification that "MMU212 or system agent 220 inserts the IOKeyID in a final HPA whenever the I/O field in MOT 226 is set." Applicant submits that one skilled in the art would recognize how a CPU or IOMMU would amend a host physical address to include additional bits associated with an IOKeyID”. This defines the “insert” operation of IOKeyID in a HPA to be the amending of the HPA to include additional bits associated with the IOKeyID. 
Applicant's arguments filed March 04, 2022 have been fully considered but they are not persuasive.
Applicant Argues:
a)	As shown above, Sahita discloses a memory ownership table that includes Free, Assigned, Blocked and Pending bits. However, there is no disclosure or suggestion in Sahita of the memory ownership table including an entry for an I/O attribute bit. Since Sahita and Leclercq each fail to disclose or suggest a memory ownership table that includes such an I/O attribute bit, any combination of the references necessarily fail to disclose or suggest an input-output memory management unit (IOMMU) including a memory ownership table that includes an I/O attribute bit to indicate whether access to a private memory page comprises an access by an I/O device.
With respect to (a), Applicant refers to uncited paragraph [0068] of Sahita which discloses Page State as the I/O attribute bit when the examiner cites to paragraph [0067] disclosing Page Category. The page category clearly shows four different states of DRAM, NVRAM, IO, and Reserved. When the page category is IO it would indicate that it is accessed by an I/O device as opposed to being accessed by the DRAM or NVRAM.

Allowable Subject Matter
Claims 10, 20, and 23 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SIDNEY LI whose telephone number is (571)270-5967. The examiner can normally be reached Monday to Friday 10:00 AM to 6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Charles Rones can be reached on (571) 272-4085. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SIDNEY LI/Examiner, Art Unit 2136              

/EDWARD J DUDEK  JR/Primary Examiner, Art Unit 2136