DETAILED ACTION
Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Election/Restriction
Applicant’s election without traverse of Group I (claims 1-3, 6, 22, and 26) in the reply filed on 2022-07-19 is acknowledged.

Claims 1, 22, and 26 (as amended herein) are allowable.  The restriction requirement among groups I-, as set forth in the Office action mailed on 2022-05-31, has been reconsidered in view of the allowability of claims to the elected invention pursuant to MPEP § 821.04(a).  The restriction requirement is hereby withdrawn as to any claim that requires all the limitations of an allowable claim.  Specifically, the restriction requirement of 2022-05-31 is  withdrawn.  Claims 4-5, 7-21, and 23-25, directed to inventions II-VII no longer withdrawn from consideration because the claims require all the limitations of an allowable claim.
In view of the above noted withdrawal of the restriction requirement, applicant is advised that if any claim presented in a continuation or divisional application is anticipated by, or includes all the limitations of, a claim that is allowable in the present application, such claim may be subject to provisional statutory and/or nonstatutory double patenting rejections over the claims of the instant application.
Once a restriction requirement is withdrawn, the provisions of 35 U.S.C. 121 are no longer applicable.  See In re Ziegler, 443 F.2d 1211, 1215, 170 USPQ 129, 131-32 (CCPA 1971); See also MPEP § 804.01.


Priority
Receipt is acknowledged of papers submitted under 35 U.S.C. 119(a)-(d), which papers have been placed of record in the file


Information Disclosure Statement
The information disclosure statements (IDS) submitted on 2021-05-24 and 2021-08-18 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.


Examiner’s Amendment
An examiner’s amendment to the record appears below.  Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Thomas Kelton (Reg. 54,214) on 2022-08-23.

Please replace the Claims as follows:
1.	(Currently Amended)	A receiving circuit, the receiving circuit comprising:
at least one interface configured to receive a plurality of read or write requests from a plurality of requesting circuits accessible over at least one control bus, each of the read or write requests being a request to access at least one storage associated with the receiving circuit;
at least one register configured to store a plurality of permissions settings, wherein each of the plurality of permission settings indicates whether or not access is permitted to the at least one storage by one of the plurality of requesting circuits; and
processing circuitry configured to:
in response to each of at least one of the plurality of read or write requests to access the at least one storage received at the at least one interface, prevent [[the]] a respective read or write request from being serviced in response to an indication in the permission settings that access is not permitted for one of the requesting circuits that issued the respective request; 
in response to a first write request[[s]] to the at least one register received from a first management unit, update a first permission setting of the permissions settings to indicate that access is not permitted for a first requesting circuit of the requesting circuits; [[and]]
subsequently, in response to determining that the first management unit has written to the permissions settings indicating that access is not permitted for the first requesting circuit[[s]], prevent a second write request[[s]] received from a second management unit from re-enabling access for the first requesting circuit[[s]]; and
in response to a third write request received from the second management unit to update a second permission setting of the permission settings for a second requesting circuit of the requesting circuits, allow updating of the second permission setting to prevent access by the second requesting circuit.

2.	(Canceled)	

3.	(Original)	The receiving circuit of claim 1, wherein the permission settings comprise a plurality of first permission settings and a plurality of second permission settings, wherein each of the plurality of requesting circuits is associated with one of the first permission settings and one of the second permission settings.

4.	(Currently Amended)	The receiving circuit of claim 3, wherein the processing circuitry is configured to, for a given read or write request[[s]] to the at least one storage received from the second management unit, in response to determining that the given read or write request was received from the second management unit, service the given read or write request irrespective of the plurality of second permission settings.

5.	(Currently Amended) 	The receiving circuit of claim 3, wherein the processing circuitry is configured to, for a given read or write request[[s]] to the at least one storage received from the second management unit, prevent the given read or write request from being serviced in response to an indication in the plurality of first permission settings that access is not permitted.

6.	(Currently Amended)	The receiving circuit of claim 3, wherein the preventing the given read or write request from being serviced is performed in response to a determination that the requesting circuit from which the given read or write request originated is associated with  plurality of first permissions settings or the second permission setting indicating that access is not permitted.


7.	(Currently Amended)	The receiving circuit of claim 1, wherein the processing circuitry is configured to, for a given read or write request[[s]] to the at least one storage received from the first management unit, in response to determining that the given read or write request was received from the first management unit, service the given read or write request irrespective of the plurality of permission[[s]] settings.

8.	(Currently Amended) 	The receiving circuit of claim 1, wherein each of the requesting circuits is associated with at least one processor configured to execute computer readable instructions to generate the first write request[[s]].

9.	(Currently Amended) 	The receiving circuit of claim 1, wherein each of the requesting circuits is associated with circuitry configured to generate the 

10.	(Original) 	The receiving circuit of claim 1, wherein at least one of the plurality of requesting circuits is associated with the first management unit or the second management unit. 

11.	(Currently Amended) 	The receiving circuit of claim 1, wherein the processing circuitry is configured to: 
prior to receiving the first write request[[s]] 
store the identifier of the first management unit in the at least one register; and[[,]]
first write requestfirst permission[[s]] setting[[s]] in response to determining that an identifier in the first write request matches the identifier of the first management unit in the at least one register.

12.	(Original) 	The receiving circuit claim 11, wherein the third management unit stores the identifier of the first management unit in one or more fuses.

13.	(Currently Amended) 	The receiving circuit of claim 11, wherein the processing circuitry is configured to:
receive from the first management unit, [[an]] a second identifier of the second management unit;
store the second identifier 
subsequently, in response to a further write request[[s]] to the at least one register received from the second management unit, update the second permission[[s]] setting[[s]] in response to determining that an identifier in the further write request[[s]] matches the second identifier 

14.	(Currently Amended) 	The receiving circuit of claim 1, wherein the processing circuitry is configured to: in response to each of at least one of the plurality of read or write requests to access the at least one storage received at the at least one interface, cause a given read or write operation to be performed at at least one address in the at least one storage indicated in [[the]] a respective request. 

15.	(Currently Amended) 	The receiving circuit of claim 1, wherein the at least one register comprises an indication of at least one address to which the plurality of permission[[s]] settings do not apply, wherein the processing circuitry is configured to, in response to determining that a given read or write request[[s]] indicates an address that matches the indication of at least one address to which the permissions settings do not apply, servicing the given read or write request.

16.	(Currently Amended) 	The receiving circuit of claim 15, wherein the processing circuitry is configured to .

17.	(Currently Amended) 	The receiving circuit of claim 1, wherein in response to the second write request, the processing circuitry is further configured to send second write request to [[a]] the first requesting circuit

18.	(Currently Amended) 	The receiving circuit of claim 1, wherein the receiving circuit is suitable for use in an integrated circuit.

19.	(Original) 	The receiving circuit of claim 18, implemented in an integrated circuit, the integrated circuit being configured to act as an accelerator subsystem for a host system.

20.	(Original) 	The receiving circuit of claim 19, wherein the second management unit is associated with a hypervisor running on the host system.

21.	(Original) 	The receiving circuit of claim 19, wherein the integrated circuit includes a plurality of processing units configured to execute computer readable instructions to perform operations on data, wherein each of the plurality of processing units comprises a control register, wherein the at least one storage comprises the control registers of the processing units. 

22.	(Currently Amended)	A method comprising:
storing a first permission setting in a register, the permission setting indicating access is permitted by a first bus initiator of a plurality of bus initiators to a storage associated with a bus target;
updating the first permission setting to indicate that access is not permitted for the first bus initiator in response to receiving a first write request to the register from a first management unit; 
receiving a second write request from a second management unit, the second write request including a request to update the first permission setting to allow access for the first bus initiator;
in response to determining that the first management unit has written to the first permission setting indicating that access is not permitted for the first bus initiator, preventing updating of the first permission setting by the second write request;
receiving an access request from the first bus initiator over a control bus, the access request including a request to access the storage; [[and]]
preventing the access request from being serviced in response to an indication in the first permission setting that access is not permitted for the first bus initiator; and
in response to a third write request received from the second management unit to update a second permission setting for a second bus initiator of the plurality of bus initiators, allowing updating of the second permission setting to prevent access by the second bus initiator.

23.	(Original) 	The method of claim 22, wherein the first bus initiator includes an item selected from a list consisting of:
an on-chip processor running software or firmware;
an input output (I/O) port;
a PCI express endpoint configured to receive the request from software running on an external processor; and
a hardware unit configured to use the control bus to communicate with another hardware unit on a same chip. 
	 
24.	(Original)	The method of claim 22, wherein the bus target includes an item selected from a list consisting of:
a hardware unit having control registers storing parameters controlling the hardware unit;
static random access memory (SRAM) on-chip storage;
non-volatile on chip storage; 
a bridge to off-chip storage;
a bridge to an off-ship dynamic random access memory (DRAM) memory controller; and
circuitry configured to convert packets from a first control bus communication protocol a second control bus communication protocol.

25.	(Currently Amended)	The method of claim 22, wherein the bus target[[s]] and the plurality of bus initiators are implemented on a same chip as the control bus.

26.	(Currently Amended)	A non-transitory computer readable medium storing a computer program, which when executed by a processor causes a method to be carried out, the method comprising:
storing a first permission setting in a register, the permission setting indicating access is permitted by a first bus initiator of a plurality of bus initiators to a storage associated with a bus target;
updating the first permission setting to indicate that access is not permitted for the first bus initiator in response to receiving a first write request to the register from a first management unit; 
receiving a second write request from a second management unit, the second write request including a request to update the first permission setting to allow access for the first bus initiator;
in response to determining that the first management unit has written to the first permission setting indicating that access is not permitted for the first bus initiator, preventing updating of the first permission setting by the second write request;
receiving an access request from the first bus initiators over a control bus, the access request including a request to access the storage; and
preventing the access request from being serviced in response to an indication in the first permission setting that access is not permitted for the first bus initiator; and
in response to a third write request received from the second management unit to update a second permission setting for a second bus initiator of the plurality of bus initiators, allowing updating of the second permission setting to prevent access by the second bus initiator.


Allowable Subject Matter
Claims 1 and 3-26 are allowed.

The following is a statement of reasons for the indication of allowable subject matter:
In interpreting the currently amended claims, in light of the specification, the Examiner finds the claimed invention to be patentably distinct from the prior art of record.

McKee et al. (US Pre-Grant Publication No. 20070039045-A1, hereinafter “McKee”) teaches a dual layered access control list, wherein different sets of relevant permissions are combined to determine whether a particular access request should be granted or denied.  In the combination, deny permissions take precedence over grant permissions.  

Hydell et al. (US Patent No. 10375071-B1, hereinafter “Hydell”) teaches permissions required for modification of existing permissions.  

Park et al. (US Pre-Grant Publication No. 20150135261-A1, hereinafter “Park”) teaches various strategies for resolving policy conflicts, e.g. permissions-take-precedence, denials-take-precedence, specificity precedence, recency precedence, strong authorization overriding weak authorization, or explicit specification of policy priority.  

The prior art of record fails to teach or suggest, individually or in combination, each and every limitation of the claimed invention.  For example, McKee-Hydell-Park in combination do not disclose “in response to a first write request to the at least one register received from a first management unit, update a first permission setting of the permissions settings to indicate that access is not permitted for a first requesting circuit of the requesting circuits; subsequently, in response to determining that the first management unit has written to the permissions settings indicating that access is not permitted for the first requesting circuit, prevent a second write request received from a second management unit from re-enabling access for the first requesting circuit; and in response to a third write request received from the second management unit to update a second permission setting of the permission settings for a second requesting circuit of the requesting circuits, allow updating of the second permission setting to prevent access by the second requesting circuit”, within the context of the claimed invention as a whole, as recited in Claim 1.
Although McKee discloses different sets of permissions including the precedence of denial permissions, McKee does not disclose permission requirements for modifying permissions.  The Examiner notes that Hydell partially cures this deficiency.  However, the claimed invention does not merely provide restrictions of an entity (the second management unit) from modifying permissions, but instead limits the modifications to permissions it can make in view of the type of permissions set by a first management unit.  Specifically, the second management unit can set denial permissions taking precedence over a grant permission by the first management unit, but it cannot set grant permissions where denial permissions have been previously set by the first management unit.  Although denial permission precedence, modification permissions, and numerous other policy precedence is known in the art, e.g. Park, the prior art does not disclose or render obvious the claimed combination, nor does the prior art provide sufficient motivation to be modified and combined in such a way as to render obvious the claimed feature without the usage of impermissible hindsight reasoning.
Thus, the Examiner finds that the prior art does not provide sufficient teaching or motivation for anticipating or rendering obvious “in response to a first write request to the at least one register received from a first management unit, update a first permission setting of the permissions settings to indicate that access is not permitted for a first requesting circuit of the requesting circuits; subsequently, in response to determining that the first management unit has written to the permissions settings indicating that access is not permitted for the first requesting circuit, prevent a second write request received from a second management unit from re-enabling access for the first requesting circuit; and in response to a third write request received from the second management unit to update a second permission setting of the permission settings for a second requesting circuit of the requesting circuits, allow updating of the second permission setting to prevent access by the second requesting circuit”, within the claimed invention as a whole, without the usage of impermissible hindsight reasoning.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kevin Bechtel whose telephone number is (571)270-5436.  The examiner can normally be reached on Monday - Friday, 09:00 - 17:00 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool.  To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov.  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Kevin Bechtel/
Primary Examiner, Art Unit 2491