Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This Office Action is sent in response to Applicant’s Communication received on 27 November 2020 for application number 17/105,771. The Office hereby acknowledges receipt of the following and placed of record in file: Oath/Declaration, Abstract, Specification, Drawings, and Claims.
Claim 12, 15, and 17 are currently amended.
Claims 1 – 18 are presented for examination.

Priority
As required by M.P.E.P. 201.14(c), acknowledgement is made of applicant’s claim for priority based on the application filed on 29 November 2019 (EP19212510.2).

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 27 November 2020 was filed on the mailing date of the application.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Drawings
The applicant’s drawings submitted are acceptable for examination purposes.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


Claims 1 – 18 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention.

Claim 1 recites “executing, by a processor, the program in unprivileged mode; and if the program requests the privileged function: checking, by the processor, whether the security bit is set; if the security bit is set, switching, by the processor, execution to kernel mode for performing the privileged function.” in the last three limitations.  The claim language is unclear based on the “if” statements.  It is unclear what happens if the cited limitation is not met.  It is unclear if the program does not request the privileged function, and likewise if the security bit is not set.  The claim language is indefinite.  Claims 9 and 18 are rejected with like reasoning.  Claims 2 – 8 and 10 – 17 depend from claims 1 and 9, and are subsequently rejected.

Claim 2 recites “wherein setting the security bit for the entry in the mapping table comprises: … determining, by the operating system kernel, whether to set the security bit based on the user.”  It is unclear what is the determining factor to set the security bit based on the user.  Determining “whether” to perform a function is indefinite language.  Claim 10 is rejected with like reasoning.

Claim 3 recites “wherein the unprivileged mode is a given unprivileged mode out of a plurality of unprivileged modes and the method further comprises setting a security bit for each other unprivileged mode of the plurality of unprivileged modes for the entry in the mapping table.”  First, it is unclear exactly what is a given unprivileged mode out of a plurality of unprivileged modes.  Second, it is unclear what are the plurality of unprivileged modes, and the setting of a security bit for each.  Third, it is unclear if the previous “a security bit” of claim 1, is the same “a security bit” for claim 3.  Fourth, each “other” unprivileged mode lacks an antecedent basis.  “Other” unprivileged mode has not been previously established in claim 3 or claim 1, such as “a given unprivileged mode” has been.  Claim 11 is rejected with like reasoning.

Claim 4 recites “if the executing additional program requests the privileged function: checking, by the processor, whether the respective additional security bit is set; if the respective additional security bit is set, switching, by the processor, execution to kernel mode for performing the privileged function.” in the last three limitations.  Claim 4 is rejected with like reasoning as claim 1 above.  Claim 12 is rejected with like reasoning as claim 4.

Claim 6 recites “the privileged function calls itself one or more times and/or a sequence in which the privileged function calls other privileged functions, and the method further comprises: setting a counter value to an initial value; increasing a counter value by one each time any privileged function is called; decreasing the counter value by one each time execution of any privileged function is completed; and wherein: switching execution to unprivileged mode and executing the return function are performed only if the counter value equals the initial value.”  First, the use of “and/or” leaves the claim limitation indefinite.  It is unclear if the limitation is requiring one of the items to occur or both.  Second, it is unclear if “other privileged functions” is claiming other separate different privileged functions or the same privileged function calling itself as stated prior in the claim.  Based on the claim language of “other” privileged functions, there is a lack of antecedent basis.  Third, similar to above, the claim language is unclear based on the “if” statements.  It is unclear what happens if the cited limitation is not met.  It is unclear if the counter value does not equal the initial value, what happens with respect to the switching execution and return function.  The claim language is indefinite.   Claim 14 is rejected with like reasoning.

Claim 7 recites “wherein the privileged function is one of a plurality of privileged functions comprising additional privileged functions” in the first limitation.  It is unclear if the claim is stating the privilege function, that is one of the plurality of privileged functions, comprising additional privileged functions or the plurality of privileged functions comprises additional privileged functions.  Claim 15 is rejected with like reasoning.

Claim 7 recites “checking, by the processor, whether an address of the given privileged function in the physical memory block satisfies a predetermined condition; and wherein checking whether the security bit is set is only performed if the predetermined condition is satisfied.” in the last limitation.  Claim 7 is rejected with like reasoning as claim’s 1 and 2 above.  Claim 15 is rejected with like reasoning as claim 7.

Claim 8 recites “wherein the security bit is set when it is safe for the processor to switch directly from unprivileged mode to kernel mode ...” in the last limitation.  First, it is unclear what “when it is safe for the processor” means.  It is unclear what constitutes “safe” for the processor.  Second, “when” it is safe is a contingent limitation for a method claim.  Examiner suggest replacing “when” to “in response to determining”.  Claim 16 is rejected with like reasoning

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3, 4, 9, 11, 12, 17, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Zimmer et al. [hereafter as Zimmer], US Pub. No. 2003/0188173 A1 in view of O’Connor [hereafter as O’Conner], US Pub. No. 2005/0268095 A1.

As per claim 1, Zimmer discloses a computer-implemented method comprising:
allocating a physical memory block for a privileged function [“A method of system for hardening a firmware environment. A trusted core framework of firmware components are segregated from initially non-trustworthy extended firmware components such that the trusted core components are executed in a privileged processor mode,…”] [Abstract]; 
storing the privileged function in the physical memory block [“Next, in a block 118 the core framework metadata that was generated during PEI phase 14 (e.g., core framework metadata 150) is copied to the privileged portion of the main memory, as depicted by framework core metadata 174. …. In addition, the function pointers are remapped to point to the new location of the function code. This will typically comprise a pointer to a memory page table entry (PTE) that provides a mapping to where in physical memory the function's code is stored. If the function corresponds to a trusted PEI module, the PTE is marked as corresponding to privileged memory….”] [para. 0050]; 
creating an entry for the physical memory block in a mapping table, wherein the entry associates the physical memory block to a virtual memory block in an address space of a program [“Typically, page-level protection schemes are implemented using a page directory and one or more page tables. Accordingly, a page directory and page table is set up in the system's main memory in a block 116, as depicted by a page directory 168, a page table 170 and main memory 172 in FIG. 5. Also as depicted in FIG. 5, main memory 166 includes a privileged (i.e., trusted) portion 174 and a non-privileged (i.e., non-trusted) portion 176. For convenience, the privileged and non-privileged portions of the main memory are shown as contiguous; as will be recognized by those skilled in the art, in actual practice the main memory may be interlaced with privileged and non-privileged portions. Next, in a block 118 the core framework metadata that was generated during PEI phase 14 (e.g., core framework metadata 150) is copied to the privileged portion of the main memory, as depicted by framework core metadata 174. …. In addition, the function pointers are remapped to point to the new location of the function code. This will typically comprise a pointer to a memory page table entry (PTE) that provides a mapping to where in physical memory the function's code is stored. If the function corresponds to a trusted PEI module, the PTE is marked as corresponding to privileged memory….”] [paras. 0049 – 0050];
setting the entry in the mapping table [a memory paging scheme, also known as a page-level protection scheme, wherein parameters in a page table entry (PTE) and/or corresponding page directory entry that maps to one or more PTE's is evaluated to determine whether the memory referenced by the page may only be read, or may be fully accessed] [“In accordance with one embodiment of the invention, trusted PEI modules are enabled to access data stored in "trusted" memory, while PEI modules that are not trusted are prevented from accessing the "trusted" memory. Such trusted memory is also commonly referred to as "protected" or "privileged" memory. Modern processors and operating systems provide built-in mechanisms for partitioning privileged memory from non-privileged memory. Typically, this may be done using a memory paging scheme, also known as a page-level protection scheme, wherein parameters in a page table entry (PTE) and/or corresponding page directory entry that maps to one or more PTE's is evaluated to determine whether the memory referenced by the page may only be read, or may be fully accessed (e.g., read and/or written to).”] [para. 0047].
However, Zimmer does not explicitly disclose by an operating system kernel; by an operating system kernel; by an operating system kernel; 
by an operating system kernel, a security bit for the mapping;
executing, by a processor, the program in unprivileged mode; and 
if the program requests the privileged function:
checking, by the processor, whether the security bit is set;
if the security bit is set, switching, by the processor, execution to kernel mode for performing the privileged function.
O’Connor teaches by an operating system kernel; by an operating system kernel; by an operating system kernel [“In embodiments represented by FIG. 2, memory translation for non-secure process 230 may be performed via translation tables in secure or non-secure memory. This may be dictated by the secure kernel by setting control bits in a control register to specify the location of page tables for non-secure processes.”] [para. 0020];
by an operating system kernel, a security bit for the mapping [“In embodiments represented by FIG. 2, memory translation for non-secure process 230 may be performed via translation tables in secure or non-secure memory. This may be dictated by the secure kernel by setting control bits in a control register to specify the location of page tables for non-secure processes.”] [para. 0020];
executing, by a processor, the program in unprivileged [user] mode [“In some embodiments, method 600 is performed when a processor is operating in non-secure mode, and in other embodiments, method 600 is performed when a processor is operating in secure mode. Further, method 600 may be performed when a processor is in either privileged mode or user mode.”] [para. 0049] [“In some embodiments, the processor transitions between non-secure mode and secure mode when a bit in a control register is set. This bit is referred to herein as the "S-bit" or "secure bit." In some embodiments, the S-bit may only be modified by platform OS 110 running in privileged mode. When the S-bit is set, monitor 102 takes control from platform OS 110.”] [para. 0013]; and 
if the program requests the privileged function [“In some embodiments, the processor transitions between non-secure mode and secure mode when a bit in a control register is set. This bit is referred to herein as the "S-bit" or "secure bit." In some embodiments, the S-bit may only be modified by platform OS 110 running in privileged mode. When the S-bit is set, monitor 102 takes control from platform OS 110.”] [para. 0013]:
checking, by the processor, whether the security bit is set [“In some embodiments, the processor transitions between non-secure mode and secure mode when a bit in a control register is set. This bit is referred to herein as the "S-bit" or "secure bit." In some embodiments, the S-bit may only be modified by platform OS 110 running in privileged mode. When the S-bit is set, monitor 102 takes control from platform OS 110.”] [para. 0013];
if the security bit is set, switching, by the processor, execution to kernel [privileged] mode for performing the privileged function [“In some embodiments, the processor transitions between non-secure mode and secure mode when a bit in a control register is set. This bit is referred to herein as the "S-bit" or "secure bit." In some embodiments, the S-bit may only be modified by platform OS 110 running in privileged mode. When the S-bit is set, monitor 102 takes control from platform OS 110.”] [para. 0013] [“As shown in FIG. 1, secure/non-secure modes and privileged/user modes are not exclusive. For example, privileged code may run in either a secure or non-secure mode, and user code may run in either a secure or non-secure mode. In some embodiments, the privileged code that runs in non-secure mode includes a platform operating system, and the privileged code that runs in secure mode includes a secure kernel. The secure kernel may be a small trusted code base that is more easily verifiable than an entire OS. User code that runs in non-secure mode may include the bulk of the applications software that runs on the processor, and user code that runs in secure mode may include security sensitive tasks such as encryption, decryption, authentication, certificate management, and the like.”] [para. 0011].
Zimmer and O’Connor are analogous art aimed to improve memory performance in storage systems.
It would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to combine Zimmer with O’Connor in order to modify Zimmer where “by an operating system kernel; by an operating system kernel; by an operating system kernel; 
by an operating system kernel, a security bit for the mapping;
executing, by a processor, the program in unprivileged mode; and 
if the program requests the privileged function:
checking, by the processor, whether the security bit is set;
if the security bit is set, switching, by the processor, execution to kernel mode for performing the privileged function” as taught by O’Connor.  One of ordinary skill in the art would be motivated to combine Zimmer with O’Connor before the effective filing date of the claimed invention to improve a system by providing for the ability where “privileged code may run in either a secure or non-secure mode, and user code may run in either a secure or non-secure mode.” [O’Connor, para. 0011].
Claims 9, 17, and 18 are rejected with like reasoning.

As per claim 3, Zimmer in view of O’Connor discloses the computer-implemented method of claim 1, O’Connor teaches wherein the unprivileged mode is a given unprivileged mode [user modes] out of a plurality of unprivileged modes [user modes] [secure or non-secure mode] [user code may run in either a secure or non-secure mode] [“As shown in FIG. 1, secure/non-secure modes and privileged/user modes are not exclusive. For example, privileged code may run in either a secure or non-secure mode, and user code may run in either a secure or non-secure mode.”] [para. 0011] and the method further comprises setting a security bit for each other unprivileged mode of the plurality of unprivileged modes for the table [“In some embodiments, the processor transitions between non-secure mode and secure mode when a bit in a control register is set. This bit is referred to herein as the "S-bit" or "secure bit." In some embodiments, the S-bit may only be modified by platform OS 110 running in privileged mode.”] [para. 0013] [“As discussed above, in some embodiments, control bits may exist to designate whether page tables for a non-secure process are maintained in secure or non-secure memory.”] [para. 0019].
Zimmer discloses modes for the entry in the mapping [“In accordance with one embodiment of the invention, trusted PEI modules are enabled to access data stored in "trusted" memory, while PEI modules that are not trusted are prevented from accessing the "trusted" memory. Such trusted memory is also commonly referred to as "protected" or "privileged" memory. Modern processors and operating systems provide built-in mechanisms for partitioning privileged memory from non-privileged memory. Typically, this may be done using a memory paging scheme, also known as a page-level protection scheme, wherein parameters in a page table entry (PTE) and/or corresponding page directory entry that maps to one or more PTE's is evaluated to determine whether the memory referenced by the page may only be read, or may be fully accessed (e.g., read and/or written to).”] [para. 0047].
Claim 11 is rejected with like reasoning.

Claim 4 is rejected with like reasoning as claim 1 above with respect to performing another iteration. 
Claim 12 is rejected with like reasoning.


Claims 5 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Zimmer et al. [hereafter as Zimmer], US Pub. No. 2003/0188173 A1 in view of O’Connor [hereafter as O’Conner], US Pub. No. 2005/0268095 A1 as applied to claims 1 and 9 above, and further in view of Sieffert et al. [hereafter as Sieffert], US Pub. No. 2016/0371105 A1.

As per claim 5, Zimmer in view of O’Connor discloses the computer-implemented method of claim 1 O’Connor teaches further comprising, after execution of the privileged function in kernel mode:
switching, by the processor, execution to unprivileged mode [“FIG. 1 shows a block diagram of a processor security structure. Structure 100 shows monitor 102, platform operating system (OS) 110, non-secure resources 112, non-secure processes 122, 124, and 126, secure kernel 150, secure resources 152, and secure processes 162, 164, and 166. Dividing line 106 separates privileged mode and user mode, and dividing line 104 separates secure mode and non-secure mode.”] [para. 0010] [“Processor 400 may operate in any of the modes or combination of modes shown in FIG. 1. For example, processor 400 may operate in a secure mode or a non-secure mode, and may also operate in a privileged mode or user mode.”] [para. 0027];
Zimmer discloses executing, by the processor, a function [“During PEI phase 14, system memory is not available. Accordingly, the function code provided by each of the PEI modules is stored in the PEI module's executable image. For example, protocol interface 154 includes pointers to Functions 1 and 2, comprising code contained in the executable image of PEI module A. Protocol interface 156 includes pointers to Functions 3, 4, and 5, comprising code contained in the executable image of PEI module B.”] [para. 0044].
However, Zimmer and O’Connor do not explicitly disclose executing a return function.
Sieffert teaches executing a return function [return of the function] [“To create a virtual memory component (e.g. buffer) of the guest into which update data may be written, a call to ZwAllocateVirtualMemory may be injected. This may be done by updating the instruction pointer associated with the thread to point to the ZwAllocateVirtualMemory function, registering a hook on the function's return (if not already hooked), and resuming the guest to make the call to the function. The return of the function may indicate virtual memory pages(s) that were allocated, and these can be noted by the hypervisor or a component thereof. In some embodiments, the hypervisor causes the guest to access one or more locations (bytes) from each of the allocated page(s), for instance by redirecting execution of the thread to a ZwReadVirtualMemory function. This would ensure that the operating system commits the allocated virtual memory, rather than just reserving it.”] [para. 0060].
Zimmer, O’Connor, and Sieffert are analogous art aimed to improve memory performance in storage systems.
It would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to combine Zimmer and O’Connor with Sieffert in order to modify Zimmer and O’Connor where “by an operating system kernel; by an operating system kernel; by an operating system kernel; 
by an operating system kernel, a security bit for the mapping;
executing, by a processor, the program in unprivileged mode; and 
if the program requests the privileged function:
checking, by the processor, whether the security bit is set;
if the security bit is set, switching, by the processor, execution to kernel mode for performing the privileged function” as taught by Sieffert.  One of ordinary skill in the art would be motivated to combine Zimmer and O’Connor with Sieffert before the effective filing date of the claimed invention to improve a system by providing for the ability where the “return of the function may indicate virtual memory pages(s) that were allocated.” [Sieffert, para. 0060].
Claim 13 is rejected with like reasoning.

Conclusion
STATUS OF CLAIMS IN THE APPLICATION
CLAIMS REJECTED IN THE APPLICATION
Per the instant office action, claims 1 – 18 have received a first action on the merits and are subject of a first action non-final.  Claims 1, 3 – 5, 9, 11 – 13, 17, and 18 are rejected under a 103 rejection.  Claims 1 – 4, 6 – 12, 14 – 16, and 18 are rejected under a 112 rejection.  Examiner was not able to provide prior art to read on claims 2, 6 – 8, 10, and 14 – 16.  

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Dimitrov et al., US Pub. No. 2019/0012150 A1 – teaches “The virtualization layer includes a virtual-machine-monitor module 518 (“VMM”) that virtualizes physical processors in the hardware layer to create virtual processors on which each of the virtual machines executes. For execution efficiency, the virtualization layer attempts to allow virtual machines to directly execute non-privileged instructions and to directly access non-privileged registers and memory. However, when the guest operating system within a virtual machine accesses virtual privileged instructions, virtual privileged registers, and virtual privileged memory through the virtualization-layer interface 508, the accesses result in execution of virtualization-layer code to simulate or emulate the privileged resources. The virtualization layer additionally includes a kernel module 520 that manages memory, communications, and data-storage machine resources on behalf of executing virtual machines (“VM kernel”). The VM kernel, for example, maintains shadow page tables on each virtual machine so that hardware-level virtual-memory facilities can be used to process memory accesses. The VM kernel additionally includes routines that implement virtual communications and data-storage devices as well as device drivers that directly control the operation of underlying hardware communications and data-storage devices. Similarly, the VM kernel virtualizes various other types of I/O devices, including keyboards, optical-disk drives, and other such devices. The virtualization layer essentially schedules execution of virtual machines much like an operating system schedules execution of application programs, so that the virtual machines each execute within a complete and fully functional virtual hardware layer.” [para. 0040]
Circello et al., US Pub. No. 2014/0259149 A1 – teaches “In FIG. 1, data processor core 21 is illustrated to include storage locations 61 that store information indicating the security mode of the data processor core 21. In particular, a state of storage location labeled P/U indicates whether the data processor core 21 is operating in privileged mode (P) or a user mode (U), and a state of storage location labeled S/N indicates whether the data processor core 21, when in user mode, is operating in a secure mode (S) or a nonsecure mode (N). Note that according to the embodiment described herein, the state of the security bit (S/N) is only used to differentiate between user secure mode and user nonsecure mode, and therefore is not considered when the data processor core 21 is in privileged mode. The designator [P,X] is used herein to refer to the state of bits P/U and S/N when data processor core 21 is operating in privileged mode ([P,X]=(P/U==1)); the designator [U,S] is used to refer to the state of the bits P/U and S/N when the data processor core 21 is operating in user secure mode ([U,S]=(P/U==0) && (S/N==1)); and the designator [U,N] is used herein to refer to the state bits P/U and S/N when the data processor core 21 is operating in user nonsecure mode ([U,N]=(P/U==0) && (S/N==0)).” [para. 0022]
Allen, US Patent No. 10,419,483 B1 – teaches “A recursive function, procedure, or subroutine (collectively referred to as recursive functions) is a function that may call itself within its program code, thereby creating nested levels of the function in the call stack for the computer program, and, in a manner similar to placing bounds on the number of iterations of loops, bounds may also be placed on these recursive function calls. For example, if the code in the function represented by the path 218 is a function that, in addition to returning back to 206, can call itself, the code analyzer may evaluate the function to determine how deeply nested the function could go. In such a case, a counter may again be injected into the code to limit the depth of recursion allowed to the function. That is, the system may determine that the function may only be allowed to call itself a fixed number of times and, once that number is reached, the function at the deepest level of recursion may be forced to return to the calling function, whereupon the calling function may be forced to return to the function that called it, etc. E.g., using the example above, once the counter is decremented to zero, the function execution begins traversing back up the nest (e.g., popping back up the call stack) to make the return 228 to node 206.” [col. 10, last paragraph]

Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDWARD WADDY JR whose telephone number is (571)272-5156. The examiner can normally be reached M-Th 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Sanjiv Shah can be reached on (517)272-4098. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/EW/Examiner, Art Unit 2135       

/SANJIV SHAH/Supervisory Patent Examiner, Art Unit 2135