DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 6/6/2022 has been entered. 
Claims 1-3 and 17-20 are amended in response to the last office action. Claims 1-20 are pending. Bouvier, Kondoh et al, and Khosravi et al were cited, previously.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1-11, 13, and 15-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bouvier [US 2010/0235598 A1] in view of Kondoh et al [US 2011/0055528 A1].
	As to claims 1, 17, and 19, Bouvier teaches a computer system, comprising:
a memory configured to store at least instructions of routines of a plurality of predefined domains [e.g., “The memory management unit and address translation mechanism permit the virtual address space to be translated to the actual physical memory where the storage of data and instructions actually exists” in paragraph 0006; “A physical memory 306 is portioned into a plurality of domains, where each domain includes a plurality of physical addresses.  Shown are domains 308a through 308n” in paragraph 0037; “For convenience, the OS is shown as a module, but it should be understood that an OS is a type of software application made up of instructions stored in a memory that are operated upon by a processor.  These instructions may be referenced using virtual addressing, however, the OS instructions are actually stored in a physical memory” in paragraph 0041]; wherein each respective domain in the plurality of predefined domains is representative of a classification of routines in the domain among the routines of the plurality of predefined domains [e.g., “For convenience, the OS is shown as a module, but it should be understood that an OS is a type of software application made up of instructions stored in a memory that are operated upon by a processor.  These instructions may be referenced using virtual addressing, however, the OS instructions are actually stored in a physical memory” in paragraph 0041; “Each OS is assigned to one or more domains and given those numbers (domain IDs)” in paragraph 0044; fig. 8]; and
a processor coupled with the memory, the processor having a memory management unit configured to translate virtual addresses to physical addresses [e.g., MMU 402 in fig. 3; “The MMU normally translates virtual page numbers to physical page numbers via an associative cache called a Translation Lookaside Buffer (TLB), which is also referred to as page table map 404” in paragraph 0042]; and
a data representative of a current execution domain of routines [e.g., DOMAIN ID of MMU 402 in fig. 3; “During runtime, the OS or an application calculates and generates address pointers within their allocated virtual memory space.  When a load or store instruction occurs, the virtual memory address lookup occurs in the processor's MMU.  This lookup results returns the associated physical address and the additional attribute (domain) bits” in paragraph 0045];
wherein a virtual address used in execution of a routine in the current execution domain comprises an object identifier and an offset of a location within an object represented by the object identifier [e.g., EFFECTIVE PAGE ADDRESS, OFFSET within VIRTUAL ADDRESS in fig. 9];
wherein the processor is further configured to hash the object identifier, the offset, and a portion of the virtual address to generate an index [e.g., DOMAIN ID is generated from VIRTUAL ADDRESS having AS, PID, EFFECTIVE PAGE ADDRESS, OFFSET in fig. 9; “The DMU may also use the domain ID as an index to access a permission list look-up table to discover the following types of information: the base address associated with an OS, an address range, permission types, and steering information” in paragraph 0057];
wherein the processor is further configured to identify, based on the data representative of the current execution domain, the index, and the virtual address, a security configuration of the object for the current execution domain in response to the virtual address being used in the execution of the instruction in the processor [e.g., “In this aspect a processor 302 receives requests to access virtual memory addresses from the plurality of OSs (e.g., OSs 400a and 400b).  The processor 302 accesses MMU 402 to recover cross-referenced addresses in physical memory 306 and associated domain IDs, and sends the addresses in physical memory and domain IDs to the DMU as memory access messages” in paragraph 0052; “The DMU uses the domain ID to access a permission list, cross-reference the domain ID to a domain including addresses in physical memory, and grant the processor access to the address in response to the address being located in the domain.  The DMU fails to grant access to the address if the permission list does not locate the address in a domain cross-referenced to the domain ID” in paragraph 0022].
As such above, Bouvier teaches the processor somehow knows the current execution domain and uses the current execution domain for the message transaction, Bouvier does not explicitly teach, however Kondoh et al teach the processor further teach a domain register separate from or outside the memory management unit stores the current execution domain [e.g., “The data processor further includes: a domain ID register (XDMID) on which domain ID data for specifying which operating system to run a software program under is set” in paragraph 0028; XDMID in fig. 1]. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify to implement Kondoh et al’s teaching above including a domain register for storing the data representative of the current execution domain in order to further increase feasibility and/or applicability for using the data representative of the current execution domain of Bouvier
As to claim 2, the combination of Bouvier and Kondoh et al teaches wherein the processor is configured to apply the index in an address translation table for the current execution domain to retrieve the security configuration [e.g., “The DMU may also use the domain ID as an index to access a permission list look-up table to discover the following types of information: the base address associated with an OS, an address range, permission types, and steering information” in paragraph 0057 of Bouvier].
As to claim 3, the combination teaches wherein the plurality of predefined domains comprises at least one of a domain for hypervisor, a domain for operating system, or a domain for application, or any combination thereof; wherein the domains have no predefined levels of trust; and the virtual address is programmed and stored in a routine loaded from the memory [e.g., “Each OS is assigned to one or more domains and given those numbers (domain IDs)” in paragraph 0044, “During runtime, the OS or an application calculates and generates address pointers within their allocated virtual memory space.  When a load or store instruction occurs, the virtual memory address lookup occurs in the processor's MMU.  This lookup results returns the associated physical address and the additional attribute (domain) bits” in paragraph 0045 of Bouvier].
As to claim 4, the combination teaches wherein the security configuration identifies an object length; and the processor is further configured to compare the offset with the object length [e.g., “The DMU may also use the domain ID as an index to access a permission list look-up table to discover the following types of information: the base address associated with an OS, an address range, permission types, and steering information.  The DMU reads addresses in physical memory from the look-up table, compares the addresses from the look-up table to the address in the memory access message, and grants access to the physical memory in response to matching addresses” in paragraph 0057 of Bouvier].
As to claim 5, the combination teaches wherein the processor is configured to reject a memory access request associated with the virtual address in response to a determination that the offset exceeds a bound identified by the object length [e.g., “In Step 1106 the DMU grants the processor access to the address in physical memory, in response to the address being located in the domain.  Alternately, in Step 1108, the DMU fails to grant access to the address in physical memory if the permission list does not locate the address in a domain cross-referenced to the domain ID” in paragraph 0063 of Bouvier].
As to claim 6, the combination teaches wherein the security configuration includes a field; and the processor is further configured to compare the offset with the object length in response to the field having a first predetermined value [e.g., “In Step 1106 the DMU grants the processor access to the address in physical memory, in response to the address being located in the domain.  Alternately, in Step 1108, the DMU fails to grant access to the address in physical memory if the permission list does not locate the address in a domain cross-referenced to the domain ID” in paragraph 0063 of Bouvier].
As to claim 7, the combination teaches wherein the processor is further configured to skip comparing the offset with the object length in response to the field having a second predetermined value different from the first predetermined value [e.g., “It should be understood that some of these steps may be skipped, performed in parallel, or performed without the requirement of maintaining a strict order of sequence” in paragraph 0062, “The DMU cross-references domain ID AA to domain 308a, and notes that address ‘0000’ is located in domain 308a.  As a result, the processor is granted access to address ‘0000’.  In another example, the DMU 310 accepts a memory access message with an address in physical memory (e.g., ‘0000’) and a domain ID (e.g., BB), and uses the domain ID to access the permission list, as described above.  The DMU 310 fails to grant access to the address if the permission list does not locate the address in a domain (e.g., 308b) cross-referenced to the domain ID (BB)” in paragraph 0039, “However, the DMU fails to grant access to the address if the received access type does not match the permission type listed in the permission list” in paragraph 0056 of Bouvier].
As to claim 8, the combination teaches wherein the security configuration includes a permission bit for a type of memory access for the current execution domain; and wherein the processor is further configured to reject a memory access request associated with the virtual address based on a value of the permission bit [e.g., “However, the DMU fails to grant access to the address if the received access type does not match the permission type listed in the permission list” in paragraph 0056 of Bouvier].
As to claim 9, the combination teaches wherein the type of memory access is read data from virtual addresses, write data to virtual addresses, or execute instructions stored at virtual addresses, or any combination thereof [e.g., “Typically, ‘access’ involves either a read or write operation.  As explained in more detail below, the memory access message may include information to define the type of access allowed” in paragraph 0038, “However, the DMU fails to grant access to the address if the received access type does not match the permission type listed in the permission list” in paragraph 0056 of Bouvier].
As to claim 10, the combination teaches wherein the security configuration includes a field; and the processor is further configured to check the permission bit in response to the field having a first predetermined value [e.g., “In one aspect, accessing the permission list in Step 1104 includes using the domain ID as an index to access a permission list look-up table including the base address associated with an OS, an address range, permission types, and steering information.  Then, granting access to the address in physical memory in Step 1106 includes the DMU reading addresses in physical memory from the look-up table, comparing the addresses from the look-up table to the address in the memory access message, and granting access to the physical memory in response to matching addresses” in paragraph 0067, “However, the DMU fails to grant access to the address if the received access type does not match the permission type listed in the permission list” in paragraph 0056 of Bouvier].
As to claim 11, the combination teaches wherein the processor is configured to skip checking the permission bit in response to the field having a second predetermined value different from the first predetermined value [e.g., “It should be understood that some of these steps may be skipped, performed in parallel, or performed without the requirement of maintaining a strict order of sequence” in paragraph 0062, “The DMU cross-references domain ID AA to domain 308a, and notes that address ‘0000’ is located in domain 308a.  As a result, the processor is granted access to address ‘0000’.  In another example, the DMU 310 accepts a memory access message with an address in physical memory (e.g., ‘0000’) and a domain ID (e.g., BB), and uses the domain ID to access the permission list, as described above.  The DMU 310 fails to grant access to the address if the permission list does not locate the address in a domain (e.g., 308b) cross-referenced to the domain ID (BB)” in paragraph 0039, “However, the DMU fails to grant access to the address if the received access type does not match the permission type listed in the permission list” in paragraph 0056 of Bouvier].
As to claim 13, the combination teaches wherein the virtual address identifies a memory location of a called routine that is called by the instruction in a calling routine; the security configuration includes a setting; and the processor is configured to isolate execution of the calling routine and execution of the called routine based on the setting [e.g., “This meant that more than one SW program was resident on the computer and the processor could switch back and forth between these programs” in paragraph 0005, “Permissions would include making a space ‘read-only’ vs.  ‘write-only’ vs.  ‘read-write’.  So it is possible to set up a producer-consumer arrangement where one OS has only the rights to write data into a memory location, while another OS has only rights to read data from that same memory location.  The domain programming controls such a privilege in the physical address map” in paragraph 0058 of Bouvier].
As to claim 15, the combination teaches wherein the processor is configured to select a table base of the address translation table according to an identifier of the current execution domain among the domains [e.g., “FIG. 9 is a diagram depicting address translation using a domain ID.  This figure represents an MMU operation for translating a virtual address into an address in physical memory.  As shown, the DMU uses the domain ID to gate the received physical (real) addresses” in paragraph 0061 of Bouvier].
As to claim 16, the combination teaches wherein an entry at the index in the address translation table is configured to specify a physical address of a page table or a page directory; and the processor is further configured to use the page table or a page directory to convert the virtual address to a physical address [e.g., “The MMU normally translates virtual page numbers to physical page numbers via an associative cache called a Translation Lookaside Buffer (TLB), which is also referred to as page table map 404.  The data found in such a data structure is typically called a page table entry (PTEs), and the data structure itself is typically called a page table.  The physical page number is typically combined with the page offset to give the complete physical address” in paragraph 0042 of Bouvier].
As to claim 18, the combination teaches identifying a table based on the current execution domain; and retrieving from a table an entry at the index, the entry containing the security configuration [e.g., “The DMU may also use the domain ID as an index to access a permission list look-up table to discover the following types of information: the base address associated with an OS, an address range, permission types, and steering information” in paragraph 0057 of Bouvier].
As to claim 20, the combination teaches wherein the memory management unit is configured to retrieve an entry using the index; wherein the entry identifies the security configuration of the object [e.g., “The DMU may also use the domain ID as an index to access a permission list look-up table to discover the following types of information: the base address associated with an OS, an address range, permission types, and steering information” in paragraph 0057 of Bouvier].
Claims 12 and 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bouvier and Kondoh et al as applied to claims 4 and 13 above, and further in view of Khosravi et al [US 2019/0196983 A1].
	As to claim 12, the combination of Bouvier and Kondoh et al does not teach, however Khosravi et al teach wherein the security configuration includes a key for cryptographic operations on an item stored at the virtual memory address [e.g., “In general, the present disclosure provides to encrypt individual tenant data in the SCM using separate keys and to reference the keys with a unique identification indicator for each tenant.  Encrypted memory locations (e.g., pages, or the like) in the SCM can be referenced with a physical address including an indication of the tenant unique identification indicator and the physical address of the encrypted data in the SCM.  The keys can be stored, for example, in a processing element cache or trusted execution environment.  As such, during operation, the SCM can be accessed using DAS and data encrypted and/or decrypted based on referencing the encryption keys with the tenant identification indication component of the physical address” in paragraph 0015; “In general, the present disclosure provides to encrypt individual tenant data in the SCM using separate keys and to reference the keys with a unique identification indicator for each tenant” in paragraph 0015; fig. 2]. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify to implement Khosravi et al’s teaching above including a key for cryptographic operations in the security configuration in order to further increase security and/or applicability for accessing the memory of the combination.
	As to claim 14, the combination of Bouvier and Kondoh et al does not explicitly teach, however Khosravi et al teach wherein the processor is configured to use separate call stacks for the calling routine and the called routine when the setting has a first predetermined value [e.g., “It is noted, SCM 130 does not execute host 150 or tenants 160.  Instead, SCM can store data and/or information related to host 150 and tenants 160.  Accordingly, as depicted in FIGS. 1A-1B, SCM stored data related to host 150 and tenants 160 while host 150 and tenants 160 execute on processor element 110 in stack 101” in paragraph 0024; fig. 1B]. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify to implement Khosravi et al’s teaching above including a stack for executing routines in order to increase operability for executing routines of the combination.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ILWOO PARK whose telephone number is (571) 272-4155.  The examiner can normally be reached on M-F, 9 AM-5 PM EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Dr. Henry Tsai can be reached on (571) 272-4176.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300. lnformation regarding the status of an application may be obtained from the Patent Application lnformation Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/ILWOO PARK/Primary Examiner, Art Unit 2184                                                                                                                                                                                                        7/2/2022