DETAILED ACTION
Claims 1-20 are pending.
Priority: July 28, 2020
Assignee: MediaTek

			  		Specification
The title of the disclosure is grammatically incorrect. Since claim 1 recites a multi-content process, the following title is suggested: ‘Method and system for improving the efficiency of protecting a multi-content process’.

                 		

Claim objections
A.	Claim 1 is grammatically incorrect. It recites, ‘A method applied to a system for improving efficiency of protecting multi-content process; the system cooperating with a memory, and comprising one or more hardware IPs (intellectual properties) for content processing: wherein:’
	The recitation must be, ‘A method applied to a system for improving the efficiency of protecting a multi-content process, the system cooperating with a memory, and comprising one or more hardware IPs (intellectual properties) for content processing, wherein:’
 
B.Claim 8 is objected to because of a typo. It recites, ‘each said access identity is associated with one of a plurality security levels’.
	The recitation must be, ‘each said access identity is associated with one of a plurality of security levels’.

				
Claim Rejections - 35 USC § 112
Claims 5, 11 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 5, 11 are rejected for being indefinite and ambiguous.
Claim 5 recites, ‘the preceding IP is associated with multiple preceding-IP access identities’. The meaning of ‘associated with multiple preceding-IP access identities’ is unclear. It is unclear if the ‘multiple preceding-IP access identities’ refer to the preceding IP’s own access identities or if they refer to its preceding IP’s access identities. Hence claim 5 is indefinite and ambiguous.
	For examination, the former is considered, namely, preceding IP’s own access identities.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
   A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 7-13, 16-20 are rejected under AIA  35 U.S.C. 103(a) as being unpatentable over Ahmed et al (20170220489) in view of Loh et al (20150278119).

As per Claim 1, Ahmed discloses a method applied to a system (Ahmed, [0025 - Fig. 1 shows processor 100 comprising CPU 102, system bus 104, and a plurality of bus masters 106 and bus slaves connected to the bus 104 via a bus interconnect 108, also known as a bus matrix. System bus 104 connects CPU 102 to system memory 112, and is configured to deliver memory access requests 160 between various hardware subsystems of processor 100]) for improving efficiency of protecting multi-content process (Ahmed, [0007 - Various hardware subsystems make or forward memory access requests while one or more non-CPU memory-addressable protection units/PU autonomously allow or block those requests on the basis of access protection policies that are specific to the hardware subsystem making or forwarding that request]; [0024 - In a system which has two privilege/security levels/multi-content, the RTOS masks out access to a given active user task by raising the PU security requirement to specific memory ranges]); 
the system cooperating with a memory (Ahmed, [0025 – As per Fig. 1, system bus 104 connects CPU 102 to system memory 112], [0026 - Examples of bus slaves are system memory/SMEM 112 such as DRAM or SRAM, as well as memory-mapped peripherals 114 that control processes, receive inputs, or produce outputs]), 
and comprising one or more hardware IPs (intellectual properties) (Ahmed, [0034 - At a high-level tier, CPU 102 is equipped with a PU called CPUPU 150]; [0035 - At a middle-level tier, system bus masters 106, including the DMA controller 110, are equipped with a PU called BMPU 152]; [0036 - At a low-level tier, the peripheral bus bridge 118 is equipped with a PU called PPU 154. Finally, at an even lower-level tier, individual peripherals 156 that require internal delineation between secure/non-secure and/or privileged/non-privileged accesses are equipped with PUs called RPUs 158]) for content processing (Ahmed, [0031 - Processor 100 utilizes a multi-tiered system of PUs to administer access control policies characterized by different degrees of granularity]; [0058 – In Fig. 7, one or more of the memory access request 160 components 196, 194, 192 are carried on system bus 104 and through the bus interconnect 108]): 
wherein:
one of the one or more IPs is associated with multiple access identities (Ahmed, [0040 - Fig. 2 shows an access control policy structure 166 for CPUPU 102, comprising of a plurality of access control policies/access identities 0…q 168]);
the memory comprises multiple different ranges (Ahmed, [0041 - Each access control policy 168 is associated with a plurality of memory regions/ranges 0…q 180 identifying regions of addressable system memory and security attributes 182 associated with each identified memory region]; [0034 - CPUPU 150 defines requirements for access to various defined regions in memory]; [0046 - The BMPU's access control policy structure 184 is associated with a plurality of memory regions 0…n 180 identifying regions of addressable system memory and security attributes 182 associated therewith. Also see Figs. 4, 6]), 
each said range is configurable to register an access of one of the multiple access identities as a permissible access (Ahmed, [0047 – In a BMPU 152 that serves a peripheral 114 or DMA controller 110, the memory regions corresponding to the peripherals 114 are configured to pass the corresponding memory access requests 160 through to the appropriate PPU 154]; [0048 - Memory regions corresponding to system memory 112, which is not protected by a dedicated PU, are configured with finely tuned security restrictions appropriate to the hardware sub-context 186]); 
Ahmed discloses hardware IPs in a tiered system, access identities, memory ranges, security/privilege levels, and handling multi-content processes.
Loh further discloses,
and the method comprises:
selecting one of the multiple access identities for processing a first content (Loh, [0025 – As per Fig. 1, processing system 100 executes VMs 131 while separating accesses by the VMs and various other agents to the shared hardware resources, e.g., processors, memory, and/or peripheral devices, by implementing hardware-assisted virtualization]; [0044 – In Fig. 3, at step 310, the processing system initializes a secure VM/VM1 and a non-secure/VM2 virtual machine. The VMM assigns a unique identifier/VMID to each VM]; [0028 – In Fig. 1, non-secure VM 131B is programmed to input, via a network interface or from a file system, encrypted frames of a digital content item, thereby implying selecting one of the one of the multiple access identities/VMID=2 for processing a first content; Since the claim does not recite how the selection is done, the citation is a valid interpretation]; [0045 – In Fig. 3, at step 320, non-secure VM/VM2 receives encrypted frames of a digital content item]), 
using the selected access identity when said IP accesses the memory during processing of the first content (Loh, [0046 – In Fig. 3, at step 330, the non-secure VM/VM2 stores the encrypted content portions/frames in a shared memory region; Here the ‘said IP’ is comprised of the non-secure VM and CPU 111. Since the claim does not define ‘first content’, it is valid to interpret the encrypted frames as the ‘first content’]; [0026 - Processing core 111 is configured to store, in one or more internal registers 228, identifiers of VMs 131 being executed by the hardware platform. Processing core 111 is also configured to authenticate all transactions accessing shared interconnect 115, by including the respective VM identifier in all such transactions]; [0038 - Memory firewall implemented by shared interconnect 115 only allows a memory access transaction to proceed if the transaction is tagged with a VM identifier which is authorized, based on one of the mappings, to access the requested memory range]);
selecting a different one of the multiple access identities for processing a second content (Loh, [0047 – In Fig. 3, at step 340, the processing system configures its shared interconnect to only allow access to digital content decoder by the secure VM/VM1. The processing system further configures the shared interconnect to only allow access to a secure memory region by the secure VM/VM1, thereby implying selecting a different one of the multiple access identities/VMID=1 for processing a second content]), 
and using the selected different access identity when said IP accesses the memory during processing of the second content (Loh, [0048 – In Fig. 3, step 350, the secure VM/VM2 retrieves content portions of the encrypted digital content item from the shared memory region, decrypts them and store the decrypted content portions in the secure memory region; Here the decrypted frames represent the ‘second content’]; [0049 – In Fig. 3, step 360, the secure VM causes the digital content decoder to decode the decrypted content portions, thereby implying processing of the second content]; [0050 – In Fig. 3, step 370, the secure VM may transmits the decoded content portions to an I/O controller via a dedicated stream port]).
Therefore it would have been obvious to a person of ordinary skill at the time of filing to incorporate the hardware assisted virtualization of Loh into the multi-tiered system of PUs of Ahmed, for the benefit of implementing virtual machine-based protected video paths in Digital Rights Management thereby controlling, executing, viewing, copying, printing and altering of digital content items (Loh, 0014-0015).

As per Claim 2, the rejection of claim 1 is incorporated, and Ahmed, Loh disclose multiple access identities, permissible memory ranges, secure CPU and non-secure CPU.
Loh further discloses,
between processing of the first content and the second content, not reconfiguring the registered permissible access of each said range (Loh, [0047 – In Fig. 3, at step 340, the processing system initiates playback of the received encrypted digital content item. The processing system configures its shared interconnect to only allow access to digital content decoder by the secure VM. The processing system further configures the shared interconnect to only allow access to a secure memory region by the secure VM; Since the processing system only reconfigures the shared interconnect, it implies that the registered permissible access of each said range is not reconfigured between processing of the first and second content]).
Therefore it would have been obvious to a person of ordinary skill at the time of filing to incorporate the hardware assisted virtualization of Loh into the multi-tiered system of PUs of Ahmed, for the benefit of implementing virtual machine-based protected video paths in Digital Rights Management thereby controlling, executing, viewing, copying, printing and altering of digital content items (Loh, 0014-0015).

As per Claim 3, the rejection of claim 1 is incorporated, and Ahmed further discloses,
when selecting one of the multiple access identities, determining which one to select by a non-secure CPU (Ahmed, [0036 – In Fig. 2, at an even lower-level tier, individual peripherals 156 that require internal delineation between secure/non-secure and/or privileged/non-privileged accesses are equipped with PUs called register protection units 158/RPUs]; [0071,0072 – Fig. 12 shows a gatekeeping procedure for access requests 160 to a peripheral 114 from the perspective of RPU 158. If RPU 158 is applying the gatekeeping procedure 350, it uses the MASTERID 216 and MASTERSID 190 identifiers to index into its access control policy structure 200 to select the appropriate access control policy 320 for peripheral 114]).

As per Claim 4, the rejection of claim 1 is incorporated, and Ahmed, Loh disclose multiple access identities, secure CPU and non-secure CPU.
Ahmed further discloses,
each said range is configured by a secure CPU to register an access of one of the multiple access identities as a permissible access (Ahmed, [0034 - At a high-level tier, CPU 102/secure is equipped with a PU called CPUPU 150, which defines requirements for access to various defined regions in memory. CPUPU 150 enforces access restrictions to such memory regions in accordance with the security attributes of the currently active processor execution thread/task/context]; [0032 - In order to facilitate execution of multiple non-secure contexts, the PU's view of memory is re-configured for each context switch]).
Loh further clarifies,
each said range is configured by a secure CPU (Loh, [Fig. 1, 6A: CPU 111 which includes the VMM and VM1]) to register an access of one of the multiple access identities as a permissible access (Loh, [0040 -  The memory and/or peripheral firewall rules implemented by the shared interconnect are programmed by a trusted entity. The virtual machine manager/VMM associated with the VMID=0, the highest privilege level, configures shared interconnect 115 with the firewall rules comprising allowed address ranges and/or peripheral identifiers for each VM]).
Therefore it would have been obvious to a person of ordinary skill at the time of filing to incorporate the hardware assisted virtualization of Loh into the multi-tiered system of PUs of Ahmed, for the benefit of implementing virtual machine-based protected video paths in Digital Rights Management thereby controlling, executing, viewing, copying, printing and altering of digital content items (Loh, 0014-0015).

As per Claim 7, the rejection of claim 1 is incorporated, and Ahmed discloses,
one or more IPs further include a succeeding IP coupled to said IP (Ahmed, [0031 - Processor 100 utilizes a multi-tiered system of PUs to administer access control policies characterized by different degrees of granularity]; [0034 - At a high-level tier, CPU 102 is equipped with a PU called CPUPU 150]; [0035 - At a middle-level tier, system bus masters 106, including the DMA controller 110, are equipped with a PU called BMPU 152]; [0036 - At a low-level tier, the peripheral bus bridge 118 is equipped with a PU called PPU 154. Finally, at an even lower-level tier, individual peripherals 156 that require internal delineation between secure/non-secure and/or privileged/non-privileged accesses are equipped with PUs called RPUs 158]); 
and the method further comprises:
when one of the multiple access identities is selected, propagating the selected access identity to the succeeding IP, and using the selected access identity when the succeeding IP accesses the memory (Ahmed, [0075 – In Fig. 14, each time 418 a task switch occurs, CPU 102 configures SMU 162 to update CPUPU 150, any PPUs 154, and any RPUs 158 with access control policies that are appropriate for that task]; [0050 - BMPU 152 is configured to mark an entire channel 120 as always privileged. That channel 120, moreover, is bound to the RTOS. After the RTOS issues a memory access request 160 to DMA controller 110, BMPU 152 asserts privilege and/or security lines on the system bus 104. Then, as the memory access request 160 works its way through the PPU 154 and/or the RPU 158, it has what is essentially an all-access pass; The above citations thereby imply propagating the selected access identity to the succeeding IP when the succeeding IP accesses the memory]).

As per Claim 8, the rejection of claim 1 is incorporated, and Ahmed discloses,
the one or more IPs (Ahmed, [0036 - At a low-level tier, the peripheral bus bridge 118 is equipped with a PU called peripheral protection unit/PPU 154. Finally, at an even lower-level tier, individual peripherals 156 that require internal delineation between secure/non-secure and/or privileged/non-privileged accesses are equipped with PUs called register protection units/RPUs 158, thereby implying the one or more IPs]) further include a plurality of preceding IPs coupled to said IP (Ahmed, [0035 - At a middle-level tier, system bus masters 106, including the DMA controller 110, are equipped with a PU called as bus master protection unit/BMPU 152, thereby implying the preceding IPs coupled to the said IP]);
each said access identity is associated with one of a plurality security levels (Ahmed, [0041 – As per Fig. 2, each access control policy 168 is associated with a plurality of memory regions 0…q 180 identifying regions of addressable system memory and security attributes 182 associated with each identified memory region. The security attributes 182 include whether access is limited to privileged and/or secure threads, whether access is read-only or not, and any other access restrictions supported by the processor's and operating system's architecture]);
each said preceding IP is associated with multiple corresponding access identities (Ahmed, [0046 – In Fig. 3, the BMPU's access control policy structure 184 is associated with a plurality of memory regions 0…n 180 identifying regions of addressable system memory and security attributes 182 associated therewith. Also, the BMPU's access control policy structure 184 differentiates policies 188 by hardware sub-context 186]), 
and is arranged to select one of the multiple corresponding access identities (Ahmed, [0047 – In Fig. 3, BMPU 152 that serves a peripheral 114 or DMA controller 110, the memory regions corresponding to the peripherals 114 are configured to pass the corresponding memory access requests 160 through to the appropriate PPU 154. BMPU 152 may have a channel 120 that blocks hardware subsystems from accessing the peripheral region entirely, thereby preventing memory access requests 160 through that channel 120 from ever reaching the peripherals 114, thereby implying to select one of the multiple corresponding access identities]);
each said corresponding access identity is associated with one of the plurality of security levels (Ahmed, [0041 – In Fig. 2, each access control policy 168 is associated with a plurality of memory regions 0…q 180 identifying regions of addressable system memory and security attributes 182 associated with each identified memory region. The security attributes 182 include whether access is limited to privileged and/or secure threads/level, whether access is read-only or not/another level, and any other access restrictions supported by the processor's and operating system's architecture]); 
the method further comprises:
when selecting one of the multiple access identities (Ahmed, [0053 – As per Fig. 4, when presented with a memory access request 160, PPU 154 indexes into the PPU Access Control Policy structure using the HW context and HW sub-context of the bus master, e.g., the DMA controller 110 and the peripheral assigned to a DMA channel]), selecting a said access identity according to the security levels associated with the selected corresponding access identities of the plurality of preceding IPs (Ahmed, [0053 – In Fig. 4, PPU 154 compares the targeted memory location 192 and security attributes 194 of the access request 160 with the access policy 200 and selectively allows or blocks the request 160]).

As per Claim 9, the rejection of claim 1 is incorporated, and Ahmed discloses,
The remaining limitations are similar to claim 8.
the method further comprises:
when selecting one of the multiple access identities (Ahmed, [0049 – As per Fig. 3, BMPU 152 indexes the HW sub-context 186 of the bus master 106 into the BMPU Access Control Policy Structure 184 to identify an access control policy 188 for that bus master 106. When BMPU 152 processes a memory access request 160, it compares the targeted memory location 192 and security attributes 194 of the access request 160 with the access control policy 188 and selectively allows or blocks the request 160. The BMPU 152 contains access control policies 188 for all sub-contexts of that master 106, which are identified and distinguished via a hardware context signal 196. See Fig. 7]), applying a predefined rule to the security levels associated with the selected corresponding access identities of the plurality of preceding IPs to evaluate a resultant security level (Ahmed, [0046 - BMPU 152 can be programmed to prevent a peripheral 114 bound to channel 1 from accessing memory allocated to another peripheral 114 bound to channel 0, thereby applying a predefined rule]; [0049 - BMPU 152/second tier administers its access control policies 198 automatically once it is configured. This is unlike CPUPU 150/first tier, which is reprogrammed each time the CPU switches execution to the succeeding thread. BMPU 152 does the access control by comparing the region attributes to the bus transaction signals relating to those attributes, e.g. security:ARM HNONSEC signal or privilege levels:ARM HPROT signals];), 
selecting a said access identity that is associated with the resultant security level (Ahmed, [0050 - BMPU 152 for a DMA controller 110 also sets the security attributes of a memory access request 160 passing through one of the DMA channels 120. BMPU 152 is configured to mark an entire channel 120 as always privileged. That channel 120, moreover, is bound to the RTOS. After the RTOS issues a memory access request 160 to the DMA controller 110, the BMPU 152 asserts privilege and/or security lines on the system bus 104]).

As per Claim 10, the rejection of claim 1 is incorporated, and Ahmed discloses,
each said access identity is associated with one of a plurality of security levels (Ahmed, [0041 – As per Fig. 2, each access control policy 168 is associated with a plurality of memory regions 0…q 180 identifying regions of addressable system memory and security attributes 182 associated with each identified memory region. The security attributes 182 include whether access is limited to privileged and/or secure threads, whether access is read-only or not, and any other access restrictions supported by the processor's and operating system's architecture]);
Loh discloses,
the first content is associated with one of the plurality of security levels (Loh, [0028 – As per Fig. 1, non-secure VM 131B is programmed to input, encrypted frames/first content of a digital content item]; [0029 - The processor stores the frames in shared memory region 135 which is accessible by secure and non-secure VMs and other agents, without compromising the security of the digital content item, as it is stored in the shared memory in the encrypted form, thereby implying that the encrypted frames are associated with one of a plurality of security levels. Since the claim does not define ‘security levels’, the citation is a valid interpretation]); 
the method further comprises:
when selecting one of the multiple access identities for processing the first content (Loh, [0026 - Processing core 111 is configured to store, in one or more internal registers 228, identifiers of one or more VMs 131 executed by the hardware platform]; [0027 – In Fig. 1, shared hardware platform executes a first secure VM 131A/VMID=1  and a second non-secure VM 131B/VMID=2]), selecting a said access identity according to the security level associated with the first content (Loh, [Claim 1 - Responsive to receiving a memory access transaction initiated by the first VM to access a memory buffer, tag the memory access transaction with an identifier of the first VM]; [0048 – In Fig. 3, step 350, secure VM retrieves one or more content portions of the encrypted digital content from the shared memory region]; [0030 - Processing system 100 configures shared interconnect 115 to only allow access to digital content decoder 121 by the secure VM]; [0047 - The processing system further configures the shared interconnect to only allow access to a secure memory region by the secure VM; Since the claim recites ‘processing the first content’ it is valid to interpret that since the inputted frames are encrypted, they are processed by a higher privileged VM/secure VM, thereby selecting a said access identity according to the security level associated with the first content]).
Therefore it would have been obvious to a person of ordinary skill at the time of filing to incorporate the hardware assisted virtualization of Loh into the multi-tiered system of PUs of Ahmed, for the benefit of implementing virtual machine-based protected video paths in Digital Rights Management thereby controlling, executing, viewing, copying, printing and altering of digital content items (Loh, 0014-0015).

As per Claim 11, Ahmed disclose a system (Ahmed, [0025 - Fig. 1 shows processor 100 comprising CPU 102, system bus 104, and a plurality of bus masters 106 and bus slaves connected to the bus 104 via a bus interconnect 108, also known as a bus matrix. System bus 104 connects CPU 102 to system memory 112, and is configured to deliver memory access requests 160 between various hardware subsystems of processor 100]) with improved efficiency of protecting multi-content process (Ahmed, [0007 - Various hardware subsystems make or forward memory access requests while one or more non-CPU memory-addressable protection units/PU autonomously allow or block those requests on the basis of access protection policies that are specific to the hardware subsystem making or forwarding that request]; [0024 - In a system which has two privilege/security levels/multi-content, the RTOS masks out access to a given active user task by raising the PU security requirement to specific memory ranges]), comprising:
one or more hardware IPs (Ahmed, [0034 - At a high-level tier, CPU 102 is equipped with a PU called CPUPU 150]; [0035 - At a middle-level tier, system bus masters 106, including the DMA controller 110, are equipped with a PU called BMPU 152]; [0036 - At a low-level tier, the peripheral bus bridge 118 is equipped with a PU called PPU 154. Finally, at an even lower-level tier, individual peripherals 156 that require internal delineation between secure/non-secure and/or privileged/non-privileged accesses are equipped with PUs called RPUs 158]) for content processing (Ahmed, [0031 - Processor 100 utilizes a multi-tiered system of PUs to administer access control policies characterized by different degrees of granularity]; [0058 – In Fig. 7, one or more of the memory access request 160 components 196, 194, 192 are carried on system bus 104 and through the bus interconnect 108]), 
a subset of the one or more hardware IPs implementing a secure CPU (Ahmed, [Fig. 1: CPU 102]) and a non-secure CPU (Ahmed, [Fig. 1, BMPU 152]); 
wherein:
the system cooperates with a memory (Ahmed, [0025 – As per Fig. 1, system bus 104 connects CPU 102 to system memory 112], [0026 - Examples of bus slaves are system memory/SMEM 112 such as DRAM or SRAM, as well as memory-mapped peripherals 114 that control processes, receive inputs, or produce outputs]) which comprises multiple different ranges (Ahmed, [0032 - The PU defines requirements for access to various defined regions in memory]; [0024 - In a system which has two privilege/security levels, the RTOS masks out access to a given active user task by raising the PU security requirement to specific memory ranges]);
Loh clarifies,
a subset of the one or more hardware IPs implementing a secure CPU (Loh, [Fig. 1: VM1-CPU 111]) and a non-secure CPU (Loh, [Fig. 1: VM2-CPU 111]);
The remaining limitations are similar to claim 1 and therefore the same rejections are incorporated.

As per Claim 12, the rejection of claim 11 is incorporated, and Ahmed, Loh disclose multiple access identities, permissible memory ranges, secure CPU and non-secure CPU.
Loh further discloses,
wherein the secure CPU is further arranged not to reconfigure the registered permissible access of each said range between processing of the first content and the second content (Loh, [0047 – In Fig. 3, at step 340, the processing system initiates playback of the received encrypted digital content item. The processing system configures its shared interconnect to only allow access to digital content decoder by the secure VM/VM1. The processing system further configures the shared interconnect to only allow access to a secure memory region by the secure VM; Since the processing system reconfigures the shared interconnect, it implies that the secure CPU does not reconfigure the registered permissible access of each said range between processing of the first content and the second content]).
Therefore it would have been obvious to a person of ordinary skill at the time of filing to incorporate the hardware assisted virtualization of Loh into the multi-tiered system of PUs of Ahmed, for the benefit of implementing virtual machine-based protected video paths in Digital Rights Management thereby controlling, executing, viewing, copying, printing and altering of digital content items (Loh, 0014-0015).

As per Claim 13, it is similar to claim 3 and therefore the same rejections are incorporated.

As per Claim 16, the rejection of claim 11 is incorporated, and Ahmed discloses,
an internal link (Ahmed, [Fig. 1: system bus 104 and bus interconnect 108]), wherein:
the one or more IPs further include a succeeding IP coupled to said IP via the internal link (Ahmed, [0025 – In Fig. 2, processor 100 comprises CPU 102, a system bus 104, and a plurality of bus masters 106 and bus slaves connected to the bus 104 via a bus interconnect 108; Also see Claim 7]);
the internal link is arranged to: when said IP selects one of the multiple access identities, propagate the selected access identity to the succeeding IP (Ahmed, [0058 - One or more of the memory access request 160 components 196, 194, and 192 are carried on the system bus 104 and through the bus interconnect 108; Also see claim 7]); 
The remaining limitation is similar to claim 7 and therefore the same rejections are incorporated.

As per Claim 17, it is similar to claim 8 and therefore the same rejections are incorporated.

As per Claim 18, the rejection of claim 17 is incorporated, and Ahmed discloses,
when selecting one of the multiple access identities, determine which one to select without intervention of the secure CPU, and regardless of whether and how the non-secure CPU instructs (Ahmed, [0071,0072 - Fig. 12 shows a gatekeeping procedure for access requests 160 to a peripheral 114 from the perspective of a PPU 154 or RPU 158.....In step 356, PPU 154 or RPU 158 compares characteristics/security attributes of the access request 160, e.g., secure v. non-secure, data v. instruction, read v. write, with the access restrictions provided by the access control policy 320 for the registers or register bits targeted by the access request 160. If in block 358 and on the basis of that comparison, the access request 160 is allowed, then in block 360, the access request 160 is fulfilled, thereby implying that the selection/gatekeeping is performed without intervention of the secure CPU and/or non-secure CPU. Since the claim does not define ‘secure CPU’ and ‘non-secure CPU’, it is valid to interpret CPU 102 and BMPU 152 as the secure CPU and non-secure CPU respectively]).

As per Claim 19, it is similar to claim 9 and therefore the same rejections are incorporated.

As per Claim 20, it is similar to claim 10 and therefore the same rejections are incorporated.


Claims 5-6, 14-15 are rejected under AIA  35 U.S.C. 103(a) as being unpatentable over Ahmed et al (20170220489) in view of Loh et al (20150278119) and Asai et al (20100030990).

As per Claim 5, the rejection of claim 1 is incorporated, and Ahmed further discloses,
the one or more IPs (Ahmed, [Fig. 1]; [0036 - At a low-level tier, the peripheral bus bridge 118 is equipped with a PU called peripheral protection unit/PPU 154. Finally, at an even lower-level tier, individual peripherals 156 that require internal delineation between secure/non-secure and/or privileged/non-privileged accesses are equipped with PUs called register protection units/RPUs 158, thereby implying the one or more IPs]) further include a preceding IP coupled to said IP (Ahmed, [Fig. 1], [0035 - At a middle-level tier, system bus masters 106, including the DMA controller 110, are equipped with a PU called as bus master protection unit/BMPU 152, thereby implying the preceding IP coupled to the said IP]);
the preceding IP is associated with multiple preceding-IP access identities (Ahmed, [0046 – In Fig. 3, the BMPU's access control policy structure 184 is associated with a plurality of memory regions 0…n 180 identifying regions of addressable system memory and security attributes 182 associated therewith. Also, the BMPU's access control policy structure 184 differentiates policies 188 by hardware sub-context 186; Also see 112(b)]), 
and is arranged to select one of the multiple preceding-IP access identities (Ahmed, [0047 – In Fig. 3, BMPU 152 that serves a peripheral 114 or DMA controller 110, the memory regions corresponding to the peripherals 114 are configured to pass the corresponding memory access requests 160 through to the appropriate PPU 154. BMPU 152 may have a channel 120 that blocks hardware subsystems from accessing the peripheral region entirely, thereby preventing memory access requests 160 through that channel 120 from ever reaching the peripherals 114, thereby implying to select one of the multiple corresponding access identities; Also see 112(b)]);
Asai further discloses,
each said access identity is bound (Asai, [Fig. 4: Bind ID acquirer]) to one of the multiple preceding-IP access identities (Asai, [0045 – In Fig. 5, identification information acquirer 152 acquires from the ADF 102A, the digital data of ‘www.aplication-a.com/download.html’ corresponding to the AP-ID of the application identifier and the digital data of ‘Corp. AAA’ corresponding to the CP-ID, as the application identification information. Then the identification information acquirer 152 acquires from UIM 13 or from management information storage 14, the digital data of ‘MOBILE101’ corresponding to the model ID of the wireless communication terminal identifier, the digital data of ‘1234’ corresponding to the series ID, and the digital data of ‘UIM-MOBILE101-1234’ corresponding to the UIM-ID, as the wireless communication terminal identification information. Then the acquirer 152 feeds the application identification information and the wireless communication terminal identification information to the generator 153. See step S102]; [0046 - Generator 153 generates the bind ID to specify the application 101A and the cell phone 1, based on the identification information acquired at step S102, using the predetermined hash function. Here the identification information fed to generator 153 at step S102 is used as arguments in the hash function, and a hash value calculated is defined as the bind ID; Here generation of the bind ID based on the identification information/access identity implies that the said access identity is bound to one of the multiple preceding-IP access identities]);
the method further comprises:
when selecting one of the multiple access identities, selecting a said access identity that is bound to the selected preceding-IP access identity (Asai, [0035 - The hash function is appropriately selected, in view of a security level of the external memory management. The generator 153 outputs the bind ID generated in this manner, to the writing section 155 and to the bind ID acquirer 156]; [0047 – In Fig. 5, step S104, reserving section 154 reserves the directory 20A in the external memory 2 not allocated yet to another application, as a storage area available for the application 101A]; [0048 – In Fig. 5, step S105, writing section 155 writes the bind ID generated at step S103, as a discrimination ID of the directory 20A reserved at step S104, in the attribute file 21 of the external memory 2. This associates directory 20A only with application 101A; Since the claim does not recite how selection of ‘a said access identity that is bound to the selected preceding-IP access identity’ is done, the citation is a valid interpretation]).
Therefore it would have been obvious to a person of ordinary skill at the time of filing to incorporate the bind ID generation of Asai into the multi-tiered system of PUs of Ahmed, Loh for the benefit of preventing a downloaded application from accessing data in the external memory unrelated to the application, and enabling safer management of access to the external memory (Asai, 0016).
Ahmed further clarifies,
when selecting one of the multiple access identities, selecting a said access identity that is bound to the selected preceding-IP access identity (Ahmed, [0067 - In Fig. 11, step 318, request 160 is picked up by PPU 154, which indexes hardware context 196 and peripheral number 222 into its access control policy structure 200 to select or retrieve or select the appropriate peripheral access policy 206]; [0068 – In Fig. 11, processor 100 could bind a peripheral number 222 to a different peripheral 114. But PPU 154 is agnostic about such bindings, relying instead on the hardware context 196, including hardware sub-context 186, if any, and peripheral number 222 to select or retrieve an appropriate access control policy 206]).

As per Claim 6, the rejection of claim 5 is incorporated, and Ahmed, Loh disclose access identities, IPs and preceding-IP.
Loh further discloses,
 selecting the said access identity that is bound to the selected preceding-IP access identity is performed without intervention of a secure CPU, and regardless of whether and how a non-secure CPU instructs (Loh, [0017 - The hardware platform is configured to authenticate all transactions accessing the shared interconnect, by including/binding the respective VM identifier in all shared interconnect access transactions. The shared interconnect, the memory controller, and the peripheral devices are configured to authenticate all accesses based on the VM identifier supplied by the processor]; [0035 – As per Fig. 2, interconnect 115 includes controller 220 to control the traffic on the shared communication link. In response to receiving a transaction directed to memory 118, controller 220 parses the transaction to identify an address range of the memory, and write or read the content at the address range through memory controller 228, thereby implying selecting the said access identity that is bound to the selected preceding-IP access identity without intervention of a secure CPU, and a non-secure CPU. Since the claim does not define ‘intervention’, the citation is a valid interpretation]). 
Therefore it would have been obvious to a person of ordinary skill at the time of filing to incorporate the hardware assisted virtualization of Loh into the multi-tiered system of PUs of Ahmed, for the benefit of implementing virtual machine-based protected video paths in Digital Rights Management thereby controlling, executing, viewing, copying, printing and altering of digital content items (Loh, 0014-0015).

As per Claim 14, it is similar to claim 5 and therefore the same rejections are incorporated.

As per Claim 15, the rejection of claim 14 is incorporated, and Ahmed discloses,
when selecting one of the multiple access identities, determine which one to select without intervention of the secure CPU, and regardless of whether and how the non-secure CPU instructs (Ahmed, [0071,0072 - Fig. 12 shows a gatekeeping procedure for access requests 160 to a peripheral 114 from the perspective of a PPU 154 or RPU 158.....In step 356, PPU 154 or RPU 158 compares characteristics/security attributes of the access request 160, e.g., secure v. non-secure, data v. instruction, read v. write, with the access restrictions provided by the access control policy 320 for the registers or register bits targeted by the access request 160. If in block 358 and on the basis of that comparison, the access request 160 is allowed, then in block 360, the access request 160 is fulfilled, thereby implying that the selection/gatekeeping is performed without intervention of the secure CPU and/or non-secure CPU. Since the claim does not define ‘secure CPU’ and ‘non-secure CPU’, it is valid to interpret CPU 102 and BMPU 152 as the secure CPU and non-secure CPU respectively]).


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ARVIND TALUKDAR whose telephone number is (571)270-3177. The examiner can normally be reached M-F, 10 am-6pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, David Yi can be reached on 571-270-7519. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

Arvind Talukdar
Primary Examiner
Art Unit 2132



/ARVIND TALUKDAR/Primary Examiner, Art Unit 2132