DETAILED ACTION
Claims 1, 8, 13, 16, 18 and 20 are amended.
Claims 4, 11, 14 were previously canceled. 
Claims 1-3, 5-10, 12-13, 15-21 are pending.
Priority: February 25, 2016
Assignee: RedHat Israel

   Claim objection
Amended claim 1 is objected to because of a typo. Claim 1 recites, ‘wherein the receive rings store incoming packets sent through the kernel to be processed by the device drive’. It must recite, ‘wherein the receive rings store incoming packets sent through the kernel to be processed by the device driver’.
Appropriate correction is requested.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
   A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 5, 7-10, 12, 17-19, 21 are rejected under AIA  35 U.S.C. 103(a) as being unpatentable over Andjelic (20090077572) in view of Kashyap et al (20090016217), Asanovic et al (7287140) and Pope et al (20100049876).

As per Claim 1, Andjelic discloses a system (Andjelic, [0036 – Fig. 1 shows network device driver architecture in its system environment, including user space, kernel space and network space]; [Claim 30 - A system for enabling access between operating system kernel space and a NIC as well as between user space and NIC]; [Fig. 11]) comprising: 
a network interface controller (NIC) (Andjelic, [Fig. 1, NIC 30]; [0072 - Fig. 11, Intel 82543GC Gigabit Ethernet NIC]); 
a memory (Andjelic, [Fig. 1, Kernel space, User space]; [0072 – In Fig. 11, each CPBB board comprises one or more Alpha servers and 1 GB of RAM]), 
the memory storing a device driver and instructions (Andjelic, [Fig. 2 shows device driver 10 in kernel space. This is similar to Fig. 1 of the spec]; [0055 - As per Fig. 3, the kernel agent 16 is realized by about 200 lines of new code/instructions together with about 300 lines of standard device driver framework code/instructions, all of which is resident in kernel space, thereby implying that the memory/kernel space stores a device driver and instructions]); 
one or more processors in communication with the memory (Andjelic, [0072 – In Fig. 11, two central processor base boards are in communication with the memory via a 32 bit/66 MHz cPCI bus between CPU and the cPCI-PCI bridge. Each CPBB board has one or more Alpha servers/processors]);
wherein the one or more processors (Andjelic, [0072 - [0072 – In Fig. 11, each CPBB board has one or more Alpha servers/processors]), when executing the instructions (Andjelic, [0002 – Operating system software/code/instructions provides the base functionality upon which application software is written and executed]; [0078 - In prototype testing, one CPBB was used for execution of the server instance of a test program, the other CPBB for execution of the client instance of the test program]), cause the system to: 
initialize the NIC (Andjelic, [0062 - The kernel-space device driver performs a standard initialization procedure as a base network device driver also called the NDD core 14]; [0065 - The NDD core 14 then performs basic initialization of NIC 30]) by loading, by a kernel of an operating system (OS) (Andjelic, [0003 - The central part of the OS is the kernel]), the device driver into a kernel memory space of the OS (Andjelic, [0062 - The operating system is loaded with a network device driver in kernel space; Since the claim does not define ‘machine memory space of the OS’, it is valid to interpret kernel space to be equivalent to the ‘machine memory space of the OS’]); 
wherein the transmit rings include a transmit ring (Andjelic, [0041 - In Fig. 2, each interface 15, 25 and 35 is associated with a send queue/transmit ring, thereby implying a plurality of transmit rings that include a transmit ring]) that is to be utilized by an application executing in an application memory space of the OS (Andjelic, [0067 – In Fig. 7, in the outbound direction from user space to the NIC, the user application delivers message descriptors/pointers to the user-space device driver functionality, which puts them in the transmit ring located in user/application address space, thereby implying that the transmit ring is to be utilized by an application executing in application space, wherein the transmit ring is included in the plurality of transmit rings]), 
assign receive rings (Andjelic, [0041 - In Fig. 2, each interface 15, 25 and 35 is associated with a receive queue/receive ring, thereby implying a plurality of receive rings]) of the NIC (Andjelic, [0045 – The receive buffer queues/rings are allocated in kernel space by the kernel driver. To make the queues visible to the NIC, they are first mapped to the NIC bus address space and the obtained addresses are then written to specific NIC registers; The claim recites ‘receive rings of the NIC’ without reciting if, where and how the receive rings are located. So the citation is a valid interpretation]) to the second set of physical memory pages (Andjelic, [0061 - Direct access between kernel space/second set and the NIC is provided via a kernel-space-NIC interface, thereby facilitating the assignment]; [0053 - The FIFO receive queue KRX of the kernel-space-user-space interface is allocated/assigned in kernel address space/second set. KRX, NRX, RX are receive rings]; [0064 – As per Fig. 6, in the inbound direction, messages from the NIC are put in the receive ring; Since Fig. 6, component 14 is kernel space, it implies that the receive rings are assigned to kernel space/second set]; [0070 - NIC 30 puts descriptors associated with inbound/receive messages in the receive ring]),
wherein the receive rings (Andjelic, [0041 - In Fig. 2, each interface 15, 25 and 35 is associated with a receive queue/receive ring, thereby implying a plurality of receive rings]) store incoming packets sent through the kernel to be processed by the device driver (Andjelic, [0053 - The FIFO receive queue KRX of the kernel-space-user-space interface is allocated/assigned in kernel address space/second set. KRX is a receive ring/queue]; [0064 – As per Fig. 6, in the inbound direction, messages/packets from the NIC are put in the NRX/receive ring]; [0070 - NIC 30 puts descriptors associated with inbound/receive messages in the receive ring]);
initiate a mapping of the transmit rings into the application memory space (Andjelic, [0053 - The kernel agent 16/kernel driver performs initialization procedures, allocates contiguous memory, implements the kernel-space-user-space interface 15 as well as the interface to/from the NDD core 14, and maps contiguous memory and memory mapped configuration and state registers to the address space of the user-space device driver functionality 20. In addition, the KTX FIFO queue or transmit ring of the kernel-space-user-space interface is allocated in kernel address space and mapped to user address space; thereby implying mapping TX/transmit rings in application space]). 
Andjelic discloses a network device driver architecture comprising of one or more processors, kernel space/second set of physical pages, an application space/first set of pages, a device driver, a NIC, a plurality of transmit rings and receive rings, a transmit ring and a receive ring, wherein the receive rings store incoming messages or packets sent through the kernel for processing.
The claim recites packets and packets do not move directly from an interface's output queue to being transmitted out of an interface. Instead, the router moves the packet from the interface output queue to another small FIFO queue on each interface. This separate, final queue is the Transmit Queue or Transmit Ring. Likewise the same is true for an inbound packet via the Receive Queue or Receive Ring.
Kashyap further clarifies,
wherein the receive rings (Kashyap, [0050 – Fig. 9 shows receive queues 501, 502 and 503, thereby implying a plurality of receive rings/queues]; [0032 - Ring buffer 34 is used for frame reception/RX]; [0032 - In Fig, 2, receive buffers containing data that are associated with frame reception are referenced on receive ring buffer 34/receive ring]) store incoming packets sent through the kernel to be processed by the device driver (Kashyap, [Fig. 9, incoming packets]; [0049 – In Fig. 9, after NIC 22B writes buffer descriptors of varying priority to the ring buffers 34B1, 34B2 and 34B3, the NIC device driver 26B is invoked via a hardware interrupt to retrieve the buffer descriptors and forward them to the kernel protocol stack 28B]; [0033 - NIC raise a hardware interrupt that will invoke the NIC device driver 26 to read the modified buffer descriptor on the receive ring buffer 34 in order to retrieve the new frame and process it into the host's kernel/device driver protocol stack. For efficiency reasons, such an interrupt is raised after some number of incoming frames/packets have been processed by NIC 22 and their buffer descriptors have been DMA burst transferred onto the receive ring buffer 34, thereby implying that the receive ring stores incoming packets sent through the kernel to be processed by the device driver]; [0037 – receiving frames through kernel, using device driver]);
Therefore it would have been obvious to a person of ordinary skill at the time of filing to incorporate the NIC and the receive ring of Kashyap into the network device architecture of Andjelic for the benefit of eliminating bottlenecks associated with internet protocol network endpoints, thus providing improvement in the network quality of service and supporting enhanced end-to-end efficiency in the network. The system handles incoming high priority packets efficiently according to a priority level, thus avoiding dropping of the high priority packets. The network data handling channels separately handle the frames with different priorities, thus avoiding blocking of higher priority frames behind lower priority frames (Kashyap, 0036).
Andjelic, Kashyap disclose a network device driver architecture comprising of one or more processors, kernel space/second set of physical pages, an application space/first set of physical pages, a device driver, a NIC, a plurality of transmit and receive rings, a kernel mode and a user mode wherein the user mode is less privileged than the kernel mode.
Asanovic further clarifies,
set access permissions to the first set of physical memory pages including a read-write access permission (Asanovic, [Fig. 2 – 60c, read-write]; [Col. 13, lines 1-4 - Every allocated region of Fig. 1, memory 30, is owned by one protection domain, and this ownership is maintained/set by memory supervisor 42 of Fig. 1; Since the claim does not define ‘first set of physical pages’ and its representation in memory, it is valid to interpret all the 60c as the first set of pages]) that identifies a physical memory page (Asanovic, [Col. 12, lines 23-26 - In Fig. 2, protection domains 52-58 are each associated with a range of memory addresses 62, which are physical memory addresses]; [Col. 12, lines 30-32 - Crosshatched regions shown in Fig. 2 each represent corresponding segments, each having a respective permission; Since neither the claims nor the spec recite how the pages are represented in memory, the citation is a valid interpretation and each segment identifies a page]; [Col. 3, lines 29-32 - Domain-page systems have an explicit protection domain identifier, and each protection domain can specify a permission value for each page. Permissions are managed only at page granularity]),
set access permissions to the second set of physical memory pages including a read-only access permission (Asanovic, [Fig. 2 – 60b, read-only]; [Col. 13, lines 1-4 - Every allocated region of Fig. 1, memory 30, is owned by one protection domain, and this ownership is maintained/set by memory supervisor 42 of Fig. 1; Since the claim does not define ‘second set of physical pages’ and its representation in memory, it is valid to interpret all the 60b as the second set of pages]) that identifies a physical memory page (Asanovic, [Col. 12, lines 23-26 - In Fig. 2, protection domains 52-58 are each associated with a range of memory addresses 62, which are physical memory addresses]; [Col. 12, lines 30-32 - Crosshatched regions shown in Fig. 2 each represent corresponding segments, each having a respective permission; Since neither the claims nor the spec recite how the pages are represented in memory, the citation is a valid interpretation and each segment identifies a page]; [Col. 3, lines 29-32 - Domain-page systems have an explicit protection domain identifier, and each protection domain can specify a permission value for each page. Permissions are managed only at page granularity]),
Therefore it would have been obvious to a person of ordinary skill at the time of filing to incorporate the protection domains of Asanovic into the network device architecture of Andjelic, Kashyap for the benefit of providing computer memory protection to a word granularity. A permissions table has permission values associated with a computer memory arranged as protection domains. In addition, the permissions table associates each word in the range of memory addresses with a respective metadata value, wherein each metadata value is selected from among a read-only value, a write-only value, a read-write value, an execute-read value, an execute-write value, an execute-read-write value, an execute-only value, and a no-permission value (Asanovic, Cols. 3-4, lines 62-67,1-11).
Pope further discloses,
a memory (Pope, [0032 – Fig. 1, a host memory subsystem 122]) having a first set of physical memory pages (Pope, [0043 – Fig. 2, Pages 251, 252 on the bus 118 are allocated to NIC 116. Page 252 is used for communication between application processes and resources 231-234. This implies page 252 is assigned to application space/first set]) and a second set of physical memory pages (Pope, [0043 - Page 251 is used by the kernel driver to send instructions to the NIC. This implies page 251 is assigned to kernel space/second set]);  
assign transmit rings of the NIC (Pope, [0068 – In Fig. 5, NIC 116 includes a transmit queue/TX ring descriptor table 540. Each transmit queue/TX ring has a corresponding transmit queue ID, which is used as an index into the transmit queue descriptor table 540, thereby implying a plurality of TX rings]; [0023, 0066 - Fig. 5 supports separate TX rings/queues and the buffers used for a transmit queue are identified as ‘TX QUEUE BUF #n’]; [0103 – In Fig. 13, the NIC implements an algorithm for choosing among the multiple transmit queues/rings for the next queue to service]) to the first set of physical memory pages (Pope, [Fig. 6, step 610, Allocate/assign memory for data buffers for a TX queue/transmit ring]; [0041 - Kernel driver 225 stores a record of which resources on NIC 116 are allocated. Resources include a TX queue/ring. See Para-0044. When a resource such as TX queue/ring is to be allocated the driver identifies a suitable free resource of the required type on the NIC and transmits an allocation/assignment instruction to the NIC. The instruction also includes an ownership string, which identifies the application using the resource]; [0043 – In Fig. 2, pages 252 are allocated to NIC 116, wherein pages 252 are used for communication between application 222 and resources 231-234, thereby implying that pages 252 belong to the first set of memory pages]; [0044 - When an application wants to open a network connection it calls a routine in the user library to cause resources such as a transmit/TX queue or ring to be allocated/assigned to application space/first set for the communication. Here the routine makes calls to the device driver to do the allocation/assignment. See Para-0046. This implies that a TX ring of the NIC is assigned to the application/first set. This is a valid interpretation because the claim does not recite how the assignment was made]), 
assign receives rings of the NIC (Pope, [0023 - Fig. 5 supports separate receive rings/queues]; [0068 – In Fig. 5, NIC 116 includes a receive queue/RX ring descriptor table 540. Each receive queue/RX ring has a corresponding receive queue ID, which is used as an index into the receive queue descriptor table 540]) to the second set of physical memory pages (Pope, [Fig. 6, step 610, Allocate/assign memory for data buffers for a RX queue/receive ring]; [0083 - In Fig. 6, step 614, the kernel routine allocates/assigns a minimum set of the buffers for each of receive queue requested, and programs its buffer ID into the receive queue descriptor tables 541]; [0043 – As shown in Fig. 2, address space/page 251/second set is used by kernel driver 225 to send instructions to NIC 116, thereby implying that a RX ring of the NIC is assigned to the second set of pages]; [0079 - The system handles a receive queue in a similar manner as the TX queue/ring]),
set access permissions to the first set of physical memory pages including a read-write access permission (Pope, [0043 - During system setup, pages 252 are allocated to NIC 116. Pages like 252/first set are used for communication between application processes such as application 222 and resources 231-234, thereby implying that r-w access permissions are set to the first set of pages so that the applications can r-w to them]; [0043 – In Fig. 2, the RCU/resource configuration unit 236 stores a record of the pages that are allocated to the NIC 116 for use by resources/transmit rings, thereby implying assignment between the first set and the TX rings]) that identifies a physical memory page assigned to the transmit ring (Pope, [0048 - The sub-page address may need to be supplemented with the address of the page in which the sub-page lies if that cannot be inferred as a result of only a single page having been allocated for use by the resources/transmit ring]; [0084 - In Fig. 6, step 616, the kernel routine determines the doorbell address in the NIC 116 for each transmit queue, and maps them as into the application's virtual address space. In step 618, the kernel routine programs into NIC 116 certain access/authorization rights that are associated with the particular transmit queue/transmit ring, thereby implying that the first physical page with r-w permission is assigned to the transmit ring which is mapped into application space]) as a writeable page for the application in the application memory space of the OS (Pope, [0049 - NIC 116 checks that the identity of the application from which the access has been received matches the identity indicated in the table 237 for the resource. If it matches, it is passed to the relevant resource/transmit ring, thereby implying giving write access to the application via the transmit ring]; [0106 - In Fig. 13, step 1322, if the NIC 116 determines that the packet is authorized, then in step 1324, after packet retrieval, the NIC 116 updates its device centric transmit queue read pointer. The NIC 116 then writes a transmit completion event into the event queue associated with the current transmit queue, for retrieval by the user level process]);
set access permissions to the second set of physical memory pages including a read-only access permission (Pope, [0043 - During system setup, pages like 251/second set are allocated to NIC 116. Part of this address space like page 251 is used by the kernel driver 225 to send instructions to the NIC 116, thereby implying that since the pages are used by the kernel driver, the applications can get only read-only access for them]) that identifies a physical memory page assigned to a receive ring (Pope, [0046 - The routines for allocation/assignment of resources require access to restricted memory mapped addresses, such as page 251/second set for sending configuration instructions to NIC 116. Since the user level transport library 224 lacks the necessary privilege level to perform these accesses, these routines make calls to kernel driver 225. These calls cause an initial context switch to a kernel level process, which in turn communicate the instructions to NIC 116 for the allocation of the resources/receive rings. Those instructions specify the identity of the application or process with which the resources/rings are to be associated, and the nature of the resources, thereby implying that the receive rings are assigned to the read-only second set. Furthermore the same receive rings are also associated with the appropriate application]; [0048 - The sub-page address is supplemented with the address of the page in which the sub-page lies if that cannot be inferred as a result of only a single page having been allocated for use by the resources/receive ring, thereby implying that a second page is allocated/assigned to the receive ring]) for read only access by the application in the application memory space (Pope, [0008 - The processor will not allow user level processes to access memory locations which are outside of a user-level physical or virtual address space allocated to the process, thereby implying that user-level applications are at best allowed only read access to the second set of pages]; [0068 - In order to keep track of the state of each of the receive queue for user-level applications in communication with NIC 116, the NIC 116 includes a receive queue descriptor table 541. Each receive queue has a corresponding receive queue ID, which is used as an index into the receive queue descriptor table 540, thereby implying that since the receive ring is assigned to the second set page, it is tracked to provide read-only access of the page to the application]);
Therefore it would have been obvious to a person of ordinary skill at the time of filing to incorporate the physical memory pages of Pope into the network device architecture and protection domains of Andjelic, Kashyap, Asanovic for the benefit of efficient resource management wherein during system setup a first and second set of pages are allocated to the NIC. The second set is used by the kernel driver and hence is part of kernel space. The first set of pages are used for communication between application processes and the ring resources. The resource configuration unit stores a record of the pages that are allocated to the NIC for use by resources (Pope, 0043).

As per Claim 2, the rejection of claim 1 is incorporated, in addition Andjelic discloses, 
wherein the device driver is further configured to send a mapping request to the kernel (Andjelic, [0059 - The interface 15 between the kernel agent 14 and the user-space device driver functionality 20 is preferably an interface supporting driver requests for opening a connection towards the kernel agent, mapping of contiguous buffer memory and memory mapped CSR from the kernel agent to application context]; [0065 – After a user application is started, the user-space device driver functionality 20 executing in application context opens a port connection to the kernel agent 16. It also requests from the kernel agent 16 the mapping of DMA area and CSR registers to its own address space. This is the mapping request from the driver to the kernel]).

As per Claim 3, the rejection of claim 2 is incorporated, in addition Andjelic discloses, 
wherein the kernel is configured to receive the mapping request from the device driver (Andjelic, [0019 - In user-space tunneled access mode, the driver core routes outgoing data to the kernel agent, implying communication path between driver and kernel]; [0059 – Message/request transfer between the kernel agent 16 and the user-space device driver functionality 20 is realized by means of a shared memory structure, implying that that kernel and driver can send and receive messages/requests]); 
map the transmit rings into the application memory space (Andjelic, [0041 – buffer queue]; [0008 - The VI comprises a send/transmit queue which is mapped directly to user/application address space]; [Claim 36 - The kernel-space device driver inserts into the transmit buffer associated with the kernel-space-user-space interface, pointer information that points to data in a shared memory/buffer queue. Pointers to transmit buffers are stored in transmit rings]; [Claim 41 – The user-space device driver fetches the pointer information from the transmit buffer associated with the kernel-space-user-space interface and inserts it into a transmit buffer associated with the user-space-NIC interface]).

As per Claim 5, the rejection of claim 1 is incorporated, in addition Andjelic discloses, 
wherein the transmit ring and the receive ring (Andjelic, [0041 – In Fig. 2, each interface is associated with a send queue, TX and a receive queue, RX]) are located in memory available to the application memory space (Andjelic, [0066 - The user-space device driver functionality sets registers in the NIC indicating where the TX, RX rings are located, implying that the rings are located in user-space/application space]; [0067 – In Fig. 7, in the outbound direction from user space to the NIC, the user application delivers message descriptors/pointers to the user-space device driver functionality, which puts them in the TX ring located in user/application address space]).

As per Claim 7, the rejection of claim 1 is incorporated, in addition Andjelic discloses,
- wherein the device driver is configured to map a transmit request address into the application (Andjelic, [0043 – In Fig. 2, a message/request pointer P-1 that points to memory in system memory 50 is delivered to the user-space device driver functionality 20, which then puts the pointer/address into the TX/transmit queue located in user address space, thereby mapping the request address into user/application space]; [Claim 41 - The kernel-space device driver inserts pointer/address information pointing to data in a shared memory into a transmit buffer associated with the kernel-space-user-space interface]), 
-  the transmit request address is located on the NIC (Andjelic, [Claim 41 – The user-space device driver fetches the pointer information from the transmit buffer and inserts it into a transmit buffer associated with the user-space-NIC interface. The NIC then fetches the pointer information from the transmit buffer, implying that the transmit request address is located on the NIC]).

As per Claim 8, it is similar to claim 1 and therefore the same rejections are incorporated.

As per Claim 9, it is similar to claim 2 and therefore the same rejections are incorporated.

As per Claim 10, it is similar to claim 3 and therefore the same rejections are incorporated.

As per Claim 12, it is similar to claim 5 and therefore the same rejections are incorporated.

As per Claim 17, it is similar to claim 7 and therefore the same rejections are incorporated.

As per Claim 18, it is similar to claim 1 and therefore the same rejections are incorporated.

As per Claim 19, it is similar to claims 2-3 and therefore the same rejections are incorporated.

As per Claim 21, it is similar to claim 1 and therefore the same rejections are incorporated.


Claims 6, 15-16 are rejected under AIA  35 U.S.C. 103(a) as being unpatentable over Andjelic (20090077572) in view of Kashyap et al (20090016217), Asanovic et al (7287140), Pope et al (20100049876) and Zhou et al (20130215904).

As per Claim 6, the rejection of claim 1 is incorporated, and Andjelic, Kashyap, Asanovic, Pope disclose a page table.
Zhou further discloses,
wherein the mapping includes a page table that maps virtual addresses to physical addresses (Zhou, [0046 - Fig. 4A shows a hierarchy of a page directory 410 and a page table 430 utilized when mapping virtual addresses 400 to 4-K Byte pages 440]).
Therefore it would have been obvious to a person of ordinary skill at the time of filing to incorporate the page table of Zhou into the network device architecture of Andjelic, Kashyap, Asanovic, Pope for the benefit of performing direct virtual memory addressing of the user memory space using the one or more buffer descriptors and information contained within a translation data structure/page table stored within the system memory (Zhou, Abstract).

As per Claim 15, it is similar to claim 6 and therefore the same rejections are incorporated.

As per Claim 16, the rejection of claim 15 is incorporated, and Andjelic, Kashyap, Asanovic, Pope, Zhou disclose page table address translation, protection domains, and permissions.
Asanovic further discloses,
wherein the page table includes an indication of the access permissions to the first set of physical memory pages (Asanovic, [Col. 6, lines 54-57 - A protection lookaside buffer/PLB 18 holds information associated with one or more protection domains, i.e., addresses and associated metadata values provided by Fig. 1, permissions table 40]; [Cols. 6-7, lines 66-67,1-6 - PLB 18 stores recently used memory addresses and associated permission values. PLB 18 can be re-filled from permissions table 40 using either hardware or software. Entries in PLB 18 include one or more protection domains and also include protection domain identifiers to identify each of the one or more protection domains stored within PLB 18; Since Col. 3, lines 30-31 recites that each protection domain can specify a permission value for each page, it therefore implies that the protection domain identifiers in the page table are an indication of access permissions]; [Col. 7, lines 40-42 - A protection domain identifier register 24 holds a protection domain identifier value identifying a protection domain currently being used by the CPU; Since the claim does not recite how the page table is represented or define ‘indication of the access permission’, the citation is a valid interpretation. Furthermore, since the protection domains represent a plurality of physical pages, the Fig. 2, 60c,r-w regions correspond to the first set of pages]).
Therefore it would have been obvious to a person of ordinary skill at the time of filing to incorporate the protection domain identifiers of Asanovic into the network device architecture of Andjelic, Kashyap, Pope, Zhou for the benefit of utilizing a protection lookaside buffer that holds information associated with one or more protection domains, i.e., addresses and associated metadata values provided by the permissions table, wherein a protection domain identifier register holds a protection domain identifier value identifying a protection domain currently being used by the CPU (Asanovic, Col. 7, lines 40-42).


Claims 13, 20 are rejected under AIA  35 U.S.C. 103(a) as being unpatentable over Andjelic (20090077572) in view of Kashyap et al (20090016217), Asanovic et al (7287140), Pope et al (20100049876), Riddoch et al (20140355606) and Zhou et al (20130215904).

As per Claim 13, the rejection of claim 8 is incorporated, and 
Andjelic, Kashyap, Asanovic, Pope disclose setting permissions to the first and second set of pages.
Riddoch further discloses,
wherein the access permissions to the second set of memory pages (Riddoch, [0085,0089 - Fig. 12, pages 1252,1253, 1254]) are modified to allow read only access by applications in the application memory space (Riddoch, [0005 - The processor will not allow user level processes to access memory locations, including memory mapped addresses associated with specific hardware resources/RX rings which are outside of a user-level physical or virtual address space already allocated to the process, thereby implying read-only access]; [0085 – In Fig. 12, page 1252 is used for communication between application processes like application 1222 and resources 1231-1234]) based on (Riddoch, [0084 - The kernel driver 1225 stores a record of which resources/receive rings on the NIC 1116 are allocated. When a resource is to be allocated the driver 1225 identifies a suitable free resource of the required type on the NIC 1116 and transmits an allocation instruction to the NIC 1116. The instruction identifies the resource and specifies the details of how it is to be allocated, including details of the internal configuration of the resource, e.g. in the case of a timer the amount of time it is to run for; Here the use of the timer decides how long the RX rings will remain assigned to the second set]) the receive rings being assigned to the second set of physical memory pages (Riddoch, [0108 – Allocation of receive queue]; [0166 – In Fig. 24, step 2410, the kernel allocates memory for the buffers that will be used to hold the receive queues/RX rings. It then maps the buffers into the application's virtual address space so that the application can read to them directly]; [0093 - A resource that is no longer required is freed-up, thereby implying that the resources/receive rings ‘being assigned’ have a dynamic feature; The above citations imply that the access permissions to the second set are modified/dynamic to allow read only access to the applications based on the receive rings being assigned to the second set of physical pages]);
Therefore it would have been obvious to a person of ordinary skill at the time of filing to incorporate the privilege level of Riddoch into the network device architecture of Andjelic, Kashyap, Asanovic, Pope for the benefit of supporting transport protocols at user level, wherein data transfers that require use of standard protocols can be made without requiring data to traverse the kernel stack, without requiring context switches, and without requiring changing to a higher privilege level (Riddoch, 0009).
Zhou further clarifies,
wherein the access is a read-only access (Zhou, [0040 – Mark pages read only]; [0040 - Once a corresponding buffer descriptor is created by the network driver 215 for a particular payload buffer/RX ring, the network driver 215 marks the pages as read-only to user space applications]);
Therefore it would have been obvious to a person of ordinary skill at the time of filing to incorporate the page table of Zhou into the network device architecture of Andjelic, Kashyap, Asanovic, Pope, Riddoch for the benefit of performing direct virtual memory addressing of the user memory space using the one or more buffer descriptors and information contained within a translation data structure/page table stored within the system memory (Zhou, Abstract).

As per Claim 20, it is similar to claims 13 and therefore the same rejections are incorporated.


                   Response to arguments
The Applicant's arguments filed on March 24, 2022 have been fully considered, but they are not persuasive.

A.Applicant argues: ‘Specifically, Appl. No. 15/053,415Response to Non-Final Office Action of December 24, 2021a VMM mode in which the VMVM22 is executed, a VM kernel mode in which the first and second guest operating system kernels 23 and 24 are executed, and a VM user mode in which the first and second applications 25 and 26 are executed can be respectively defined. ….. Heo discourages using Heo's invention with systems like Andjelic's system.’ (Remarks, Pg. 10, 11).
Response: This argument is flawed. It makes incorrect, unproven and undisclosed assumptions.
Heo correctly discloses that VMM22 executing in privileged mode corresponds to the operating system kernel as required by claim 1, the spec and Andjelic. Therefore the VMM privileged mode corresponds to the operating system kernel mode and both the VM kernel mode and the VM user mode correspond to the unprivileged mode. See Heo, Paras-0029, 0030. 
Heo discloses the same setup as required by the claims, spec and Andjelic, .i.e. kernel space/privileged mode and application space/unprivileged mode. 
Please note ‘VM kernel’ refers to the guest operating system and runs on a VM in user/unprivileged mode. It is different from the VMM which interacts with the hardware and runs in privileged mode. VMM is also called the hypervisor and is the claim 1 ‘kernel’.
Andjelic, in Para-0010 recites the drawback of the Virtual Interface Architecture/VIA. Please note that VIA refers to kernel bypassing and RDMA in a network. VIA is different from virtualization. However Andjelic supports virtualization that involves hypervisors and VMs.
As required by the claims and the spec, Andjelic discloses an architecture with functionality distributed between kernel space and user space, wherein kernel space executes in privileged mode and user space in unprivileged mode. Accordingly, Heo’s privileged VMM executes in Andjelic’c kernel space and Heo’s unprivileged VM kernel and application, execute in Andjelic’s user/application space.
Furthermore, virtualization is implemented in embedded systems as well. So Andjelic and Heo are in the same realm. Thus Heo is valid art because it discloses the same principle of operation as required by the claims, the spec and Andjelic.

B.Applicant further argues: ‘Heo's system requires that data can be written to the VM user domain all the time, whereas claim 1 provides for setting the access permissions of the second set of physical memory pages to provide read only access to an application running in the application user space’ (Remarks, Pg. 11).
Response: This argument is flawed.
Heo’s VM user domain runs in unprivileged mode and data can be written to Heo’s VM user/application domain all the time because the VM user domain can be accessed by a user. The read only access provided to the user to access the second set of pages in amended claim 1, is a feature to prevent the user from writing to the second set of pages/kernel space. Accordingly the user/application cannot write to the second set of pages but the user can at all times write into the VM user domain/first set. This is a requirement as per the claims and the spec and Heo discloses it.
 Heo discloses a kernel space and an user space as disclosed in Andjelic and the instant application. Hence Heo is valid art. However to provide better clarity, the combination of Andjelic, Kashyap, Pope and Asanovic is used to address amended claim 1. Please see rejection. 

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ARVIND TALUKDAR whose telephone number is (571)270-3177. The examiner can normally be reached M-F, 10 am-6pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, David Yi can be reached on 571-270-7519. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

Arvind Talukdar
Primary Examiner
Art Unit 2132



/ARVIND TALUKDAR/
Primary Examiner, Art Unit 2132