DETAILED ACTION
	Claims 1-20 are present for examination.
	Claims 1-13 have been amended.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 17-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because:
As per claim 17, they are rejected because the applicant has provided evidence that the applicant intends the term "computer-readable medium” to include non-statutory matter.  While the applicant provides examples of machine-readable mediums, neither the specification nor the claim itself adequately limits the medium to only include to include non-statutory matter; and thus it is reasonable to interpret it to include all possible mediums, including non-statutory mediums (see paragraph 78).  The words "storage" and/or "recording" are insufficient to convey only statutory embodiments to one of ordinary skill in the art absent an explicit and deliberate limiting definition or clear differentiation between storage media and transitory media in the disclosure.  As such, the claim(s) is/are drawn to a form of energy.  Energy is not one of the four categories of invention and therefore this/these claim(s) is/are not statutory.  Energy is not a series of steps or acts and thus is not a process.  Energy is not a physical article or object and as such is not a machine or manufacture.  Energy is not a combination of substances and therefore not a composition of matter.
The Examiner suggests amending the claim(s) to read as a “non-transitory computer-readable medium”.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim(s) 1-6, 13-15 and 17-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Parker et al. (US 2014/0331019) in view of Patel et al. (US 10,642,501).
With respect to claim 1, Parker et al. teaches a memory device to store memory data in a plurality of physical pages shared by a plurality of devices (see paragraphs 24 and 40; pages of memory 110 is shared by processors); and
an input output memory management unit (IOMMU) to receive requests from the plurality of devices to perform memory operations on the memory and determine page access permissions for the requests received from the plurality of devices(see paragraph 29 and 62; memory management unit may access the memory storage 110 to read from a directory page, read from a page table, or read a byte (or bits) from a memory location). 
Even though Parker et al. teaches wherein a single permission bit may be used to indicate permissions for the multiple processors in the page table, and a processor identifier table or other data structure associated with the page table can be used to distinguish between the processors(see paragraph 42).
Parker et al. does not explicitly teach using a first table to map each page of memory to an associated bundle identifier (ID) that identifies one or more devices having access to a page of memory and a second table to map each bundle ID to page access permissions that define access to one or more pages associated with a bundle ID.
However, Patel et al. teaches using a first table to map each page of memory to an associated bundle identifier (ID) that identifies one or more devices having access to a page of memory (see column 8, lines 28-41; device table (DT). IOMMU 112 indexes a DT with a device number obtained from a device request. The DT also can map a device request to a specific GuestOS through a GuestID. Also in column 9 lines 28-35, Patel teaches wherein an entry in a device table may have only a valid bit and a GuestID… a device address (e.g., a GPA) can be used to identify a corresponding GuestID in the DT, which is then used to identify an entry in the IOMMU TLB); and a second table to map each bundle ID to page access permissions that define access to one or more pages associated with a bundle ID (see column 10, lines 32-45 and column 11, lines 30-36; device remap table (DRT). Guests can populate respective guest tables and permissions can be verified by IOMMU 112 using DRT 162. In an example, DRT 162 contains the same number of entries as the Device Table. In an example implementation, each DRT Entry (DRTE) is specified so that each Device maps to a unique GuestOS… device R/W permissions are further ANDed with read or write permissions maintained in the DRT).
It would have been obvious to a person having ordinary skill in the art to which said subject matter pertains before the effective filing date of the claimed invention to have modified the apparatus taught by Parker et al. to include the above mentioned able to set appropriate permissions and enforced the permissions (see Patel, column 1, lines 39-46; column 8, lines 28-41 and column 9, lines 28-35).

With respect to claim 2, Parker et al. does not explicitly teach wherein the IOMMU receives a first request to perform a memory operation from a first of the plurality of devices and performs a lookup of the first table using a host physical address (HPA) associated with a first page of memory included in the first request to find a bundle ID associated with the HPA.
However, Patel et al. teaches wherein IOMMU 112 indexes a DT with a device number obtained from a device request. The DT also can map a device request to a specific GuestOS through a GuestID… a device address (i.e., device address received in request) can be used to identify a corresponding GuestID in the DT (see Table 1; column 8, lines 28-41 and column 9, lines 28-35).
It would have been obvious to a person having ordinary skill in the art to which said subject matter pertains before the effective filing date of the claimed invention to have modified the apparatus taught by Parker et al. to include the above mentioned to be able to set appropriate permissions and enforced the permissions (see Patel, column 1, lines 39-46; column 8, lines 28-41 and column 9, lines 28-35).

With respect to claim 3, Parker et al. does not explicitly teach wherein the IOMMU performs a lookup of the second table using the bundle ID to determine page access permissions associated with the bundle ID.
However, Patel et al. teaches teach wherein the IOMMU performs a lookup of the second table using the bundle ID to determine page access permissions associated with the bundle ID (see Table; column 10, lines 32-45 and column 1, lines 30-36; DRT table contains GuestID (i.e., device identifier) and access permissions of the guests IDs. Guests can populate respective guest tables and permissions can be verified by IOMMU 112 using DRT).
It would have been obvious to a person having ordinary skill in the art to which said subject matter pertains before the effective filing date of the claimed invention to have modified the apparatus taught by Parker et al. to include the above mentioned able to set appropriate permissions and enforced the permissions (see Patel, column 1, lines 39-46; column 8, lines 28-41 and column 9, lines 28-35).

With respect to claim 4, Parker et al. does not explicitly teach wherein the IOMMU allows the memory operation to proceed upon a determination that the page access permissions associated with the bundle ID indicates that the memory operation is permitted.
However, Parker et al. teaches a single permission bit may be used to indicate permissions for the multiple processors in the page table, and a processor identifier table or other data structure associated with the page table can be used to distinguish between the processors (see paragraph 42)…shared page table can include permission indicators for both the CPU and other processor. The permission indicators in the page table can be read to determine the permissions for the CPU or other processor accessing the shared page table (330). A value of the permission bits can be read to determine the particular virtual memory address access permission for the CPU or other processor accessing the shared page table (340). If the permission bit(s) indicate that no access is permitted, then a fault condition can result (350). If the permission bit(s) indicate that access is permitted, then the virtual memory address can be translated to physical memory address using the shared page table (360). The permission bits of the page table can be used to control physical memory access and perform a designated action (i.e., if the access permission indicated that the access is allowed, the access is performed) (see paragraph 66).
It would have been obvious to a person having ordinary skill in the art to which said subject matter pertains before the effective filing date of the claimed invention to have modified the apparatus to include the above mentioned to prevent unauthorized access of a shared memory (see Parker, paragraph 28 and paragraph 66).

With respect to claim 5, Parker et al. does not explicitly teach wherein the IOMMU blocks the memory operation upon a determination that the page access permissions associated with the bundle ID indicates that the memory operation is not permitted.
However, Parker et al. teaches a single permission bit may be used to indicate permissions for the multiple processors in the page table, and a processor identifier table or other data structure associated with the page table can be used to distinguish between the processors (see paragraph 42)…shared page table can include permission indicators for both the CPU and other processor. The permission indicators in the page table can be read to determine the permissions for the CPU or other processor accessing the shared page table (330). A value of the permission bits can be read to determine the particular virtual memory address access permission for the CPU or other processor accessing the shared page table (340). If the permission bit(s) indicate that no access is permitted, then a fault condition can result (350). If the permission bit(s) indicate that access is permitted, then the virtual memory address can be translated to physical memory address using the shared page table (360). The permission bits of the page table can be used to control physical memory access and perform a designated action (i.e., if the access permission indicated that the access is not allowed, the access is not performed) (see paragraph 66).
It would have been obvious to a person having ordinary skill in the art to which said subject matter pertains before the effective filing date of the claimed invention to have modified the apparatus to include the above mentioned to prevent unauthorized access of a shared memory (see Parker, paragraph 28 and paragraph 66).

With respect to claim 6, Parker et al. teaches translation tables (see paragraph 31; TLB)

With respect to claim 13, Parker et al. teaches receiving a request to perform a memory operation from a first of a plurality of devices (see paragraph 66 and claims 7 and 11; an operation/instruction for accessing memory is executed/received).
Even though Parker et al. teaches wherein a single permission bit may be used to indicate permissions for the multiple processors in the page table, and a processor identifier table or other data structure associated with the page table can be used to distinguish between the processors(see paragraph 42).
Parker et al. does not explicitly teach performing a lookup of a first table using a host physical address (HPA) associated with a first page of memory included in the request to find a bundle ID associated with the HPA; and performing a lookup of a second table using the bundle ID to determine page access permissions associated with the bundle ID.
However, Patel et al. teaches perform a lookup of a first table using a host physical address (HPA) associated with a first page of memory included in the request to find a bundle ID associated with the HPA (see column 8, lines 28-41; device table (DT). IOMMU 112 indexes a DT with a device number obtained from a device request. The DT also can map a device request to a specific GuestOS through a GuestID. Also in column 9 lines 28-35, Patel teaches wherein an entry in a device table may have only a valid bit and a GuestID… a device address (e.g., a GPA) can be used to identify a corresponding GuestID in the DT, which is then used to identify an entry in the IOMMU TLB); and perform a lookup of a second table using the bundle ID to determine page access permissions associated with the bundle ID (see column 10, lines 32-45 and column 11, lines 30-36; device remap table (DRT). Guests can populate respective guest tables and permissions can be verified by IOMMU 112 using DRT 162. In an example, DRT 162 contains the same number of entries as the Device Table. In an example implementation, each DRT Entry (DRTE) is specified so that each Device maps to a unique GuestOS… device R/W permissions are further ANDed with read or write permissions maintained in the DRT).
It would have been obvious to a person having ordinary skill in the art to which said subject matter pertains before the effective filing date of the claimed invention to have modified the method taught by Parker et al. to include the above mentioned able to set appropriate permissions and enforced the permissions (see Patel, column 1, lines 39-46; column 8, lines 28-41 and column 9, lines 28-35).

With respect to claim 14, Parker et al. does not explicitly teach allowing the memory operation to proceed upon a determination that the page access permissions associated with the bundle ID indicates that the memory operation is permitted.
However, Parker et al. teaches a single permission bit may be used to indicate permissions for the multiple processors in the page table, and a processor identifier table or other data structure associated with the page table can be used to distinguish between the processors (see paragraph 42)…shared page table can include permission indicators for both the CPU and other processor. The permission indicators in the page table can be read to determine the permissions for the CPU or other processor accessing the shared page table (330). A value of the permission bits can be read to determine the particular virtual memory address access permission for the CPU or other processor accessing the shared page table (340). If the permission bit(s) indicate that no access is permitted, then a fault condition can result (350). If the permission bit(s) indicate that access is permitted, then the virtual memory address can be translated to physical memory address using the shared page table (360). The permission bits of the page table can be used to control physical memory access and perform a designated action (i.e., if the access permission indicated that the access is allowed, the access is performed) (see paragraph 66).
It would have been obvious to a person having ordinary skill in the art to which said subject matter pertains before the effective filing date of the claimed invention to have modified the method to include the above mentioned to prevent unauthorized access of a shared memory (see Parker, paragraph 28 and paragraph 66).

With respect to claim 15, Parker et al. does not explicitly teach blocking the memory operation upon a determination that the page access permissions associated with the bundle ID indicates that the memory operation is not permitted.
However, Parker et al. teaches a single permission bit may be used to indicate permissions for the multiple processors in the page table, and a processor identifier table or other data structure associated with the page table can be used to distinguish between the processors (see paragraph 42)…shared page table can include permission indicators for both the CPU and other processor. The permission indicators in the page table can be read to determine the permissions for the CPU or other processor accessing the shared page table (330). A value of the permission bits can be read to determine the particular virtual memory address access permission for the CPU or other processor accessing the shared page table (340). If the permission bit(s) indicate that no access is permitted, then a fault condition can result (350). If the permission bit(s) indicate that access is permitted, then the virtual memory address can be translated to physical memory address using the shared page table (360). The permission bits of the page table can be used to control physical memory access and perform a designated action (i.e., if the access permission indicated that the access is not allowed, the access is not performed) (see paragraph 66).
It would have been obvious to a person having ordinary skill in the art to which said subject matter pertains before the effective filing date of the claimed invention to have modified the method to include the above mentioned to prevent unauthorized access of a shared memory (see Parker, paragraph 28 and paragraph 66).

With respect to claim 17, Parker et al. receive a request to perform a memory operation from a first of a plurality of devices (see paragraph 66 and claims 7 and 11; an operation/instruction for accessing memory is executed/received).
Even though Parker et al. teaches wherein a single permission bit may be used to indicate permissions for the multiple processors in the page table, and a processor identifier table or other data structure associated with the page table can be used to distinguish between the processors(see paragraph 42).
Parker et al. does not explicitly teach perform a lookup of a first table using a host physical address (HPA) associated with a first page of memory included in the request to find a bundle ID associated with the HPA; and perform a lookup of a second table using the bundle ID to determine page access permissions associated with the bundle ID.
However, Patel et al. teaches perform a lookup of a first table using a host physical address (HPA) associated with a first page of memory included in the request to find a bundle ID associated with the HPA (see column 8, lines 28-41; device table (DT). IOMMU 112 indexes a DT with a device number obtained from a device request. The DT also can map a device request to a specific GuestOS through a GuestID. Also in column 9 lines 28-35, Patel teaches wherein an entry in a device table may have only a valid bit and a GuestID… a device address (e.g., a GPA) can be used to identify a corresponding GuestID in the DT, which is then used to identify an entry in the IOMMU TLB); and perform a lookup of a second table using the bundle ID to determine page access permissions associated with the bundle ID (see column 10, lines 32-45 and column 11, lines 30-36; device remap table (DRT). Guests can populate respective guest tables and permissions can be verified by IOMMU 112 using DRT 162. In an example, DRT 162 contains the same number of entries as the Device Table. In an example implementation, each DRT Entry (DRTE) is specified so that each Device maps to a unique GuestOS… device R/W permissions are further ANDed with read or write permissions maintained in the DRT).
It would have been obvious to a person having ordinary skill in the art to which said subject matter pertains before the effective filing date of the claimed invention to have modified the medium taught by Parker et al. to include the above mentioned able to set appropriate permissions and enforced the permissions (see Patel, column 1, lines 39-46; column 8, lines 28-41 and column 9, lines 28-35).

With respect to claim 18, Parker et al. does not explicitly teach having instructions, which when executed by a processor, further causes the processor to allow the memory operation to proceed upon a determination that the page access permissions associated with the bundle ID indicates that the memory operation is permitted.
However, Parker et al. teaches a single permission bit may be used to indicate permissions for the multiple processors in the page table, and a processor identifier table or other data structure associated with the page table can be used to distinguish between the processors (see paragraph 42)…shared page table can include permission indicators for both the CPU and other processor. The permission indicators in the page table can be read to determine the permissions for the CPU or other processor accessing the shared page table (330). A value of the permission bits can be read to determine the particular virtual memory address access permission for the CPU or other processor accessing the shared page table (340). If the permission bit(s) indicate that no access is permitted, then a fault condition can result (350). If the permission bit(s) indicate that access is permitted, then the virtual memory address can be translated to physical memory address using the shared page table (360). The permission bits of the page table can be used to control physical memory access and perform a designated action (i.e., if the access permission indicated that the access is allowed, the access is performed) (see paragraph 66).
It would have been obvious to a person having ordinary skill in the art to which said subject matter pertains before the effective filing date of the claimed invention to have modified the medium to include the above mentioned to prevent unauthorized access of a shared memory (see Parker, paragraph 28 and paragraph 66).

With respect to claim 19, Parker et al. does not explicitly teach having instructions, which when executed by a processor, further causes the processor to block the memory operation upon a determination that the page access permissions associated with the bundle ID indicates that the memory operation is not permitted.
However, Parker et al. teaches a single permission bit may be used to indicate permissions for the multiple processors in the page table, and a processor identifier table or other data structure associated with the page table can be used to distinguish between the processors (see paragraph 42)…shared page table can include permission indicators for both the CPU and other processor. The permission indicators in the page table can be read to determine the permissions for the CPU or other processor accessing the shared page table (330). A value of the permission bits can be read to determine the particular virtual memory address access permission for the CPU or other processor accessing the shared page table (340). If the permission bit(s) indicate that no access is permitted, then a fault condition can result (350). If the permission bit(s) indicate that access is permitted, then the virtual memory address can be translated to physical memory address using the shared page table (360). The permission bits of the page table can be used to control physical memory access and perform a designated action (i.e., if the access permission indicated that the access is not allowed, the access is not performed) (see paragraph 66).
It would have been obvious to a person having ordinary skill in the art to which said subject matter pertains before the effective filing date of the claimed invention to have modified the medium to include the above mentioned to prevent unauthorized access of a shared memory (see Parker, paragraph 28 and paragraph 66).

Claim(s) 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over  Parker et al. (US 2014/0331019) and Patel et al. (US 10,642,501) as applied to claims 1-3 and 6 above, and further in view of Berry (US 6,859,867).
With respect to claim 7, Parker et al. and Patel et al. teach does not teach wherein the IOMMU uses the translation tables to validate the first request.
However, Berry teaches translation and protection table (TPT) 230 shown in FIG. 5 may be used to translate virtual addresses into physical addresses and to define memory regions of the host memory 206 that may be accessed by the host-fabric adapter 220 (validate access to host memory). In addition, the translation and protection table (TPT) 230 may also be used to validate access permission rights of the host-fabric adapter 220 and to perform address translation before accessing any other memory in the host 110 (see column 5, lines 15-25).
It would have been obvious to a person having ordinary skill in the art to which said subject matter pertains before the effective filing date of the claimed invention to have modified the apparatus taught by Parker et al. and Patel et al. to include the above mentioned to secure access to memory by defining memory regions of the host memory 206 that may be accessed by the host-fabric adapter 220 (validate access to host memory) (see Berry, column 5, lines 15-25).


Allowable Subject Matter
	Claims 8-12 and 16 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Claim 20 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and the 35 U.S.C 101 rejection is overcome.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Lindman et al. (US 2021/0318812). Lindman et al. teaches wherein physical address is selectively accessed based on the security attribute and access control rules associated with a device ID. The security attribute indicates whether a device associated with device ID is permitted to access a memory associated with physical address (see Fig. 6 and paragraphs 5 and 6).

Mukunan (US 2018/0032449). Mukunan teaches providing the ability for a non-system application to gain controlled access to a persistent memory region of a computing device. The computing device creates a group identifier that has permission only to a specific location under the persistent memory region (see Abstract).

Kegel et al. (US 2013/0080726). Kegel et al. teaches I/O memory management unit with protection mode for preventing memory access by I/O devices.

Kamano et al. (US 6,968,434). Kamano et al. teaches a mehod and apparatus for controlling access to storage device.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ARACELIS RUIZ whose telephone number is (571)270-1038. The examiner can normally be reached Monday-Friday 11:00am-7:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Reginald G. Bragdon can be reached on (571)272-4204. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ARACELIS RUIZ/Primary Examiner, Art Unit 2139