6Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed Action
1.	This action is responsive to communication filed on: 23 May 2022 with acknowledgement of an original application filed on 31 December 2020 and priority established by France Application field 31 December 2019.
2.	Claims 1, 3-9, and 11-19, are pending.  Claims 1, 9, and 14, are independent claims.  Claims 1, 3-5, 9, and 11, have been amended.  Claim 13-19 are new.  Claims 2 and 10 have been canceled.  
Response to Arguments

3.	Applicant's arguments filed 23 May 2022 have been fully considered however they are moot due to new grounds of rejection necessitated by applicant’s amendments to the claims.
Claim Rejections - 35 USC § 112
4.	The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


5. 	Claims 1 and 9 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  Claim 1 has been amended, the amendments although are an improvement over the original filed claim, the language used in the claim is still indefinite.  Below is claim 1.
“A processor having multiple protection rings assigned to software layers and configured to execute a software layer in an arbitrary protection ring provided by a programmable ownership table assigning privileged resources to protection rings, wherein the ownership table is itself a privileged resource programmable upon booting the software layers”. 
The claim as worded appears to be claiming “results” without any clear steps as to what the processor is performing.  Also note the phrase “arbitrary protection ring” is also indefinite because the word “arbitrary” means indefinite.  The Examiner recommends the word “arbitrary” be deleted from the claims as well as that the claims be amended to contain limitations similar to claim 14 or include the limitations from one of dependent claims into claims 1 and 9.  Appropriate Correction is required.
6.	To expedite a complete examination of the instant application the claims rejected under 35 U.S.C. 112 above are further rejected as set forth below in anticipation of applicant amending these claims to overcome the above rejections.

Claim Rejections – 35 USC § 103
7.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


8.	Claims 1, 3-4, 9, and 12-15, are rejected under 35 U.S.C. 103 as being unpatentable over Van De Van et al. U.S. Patent Application Publication No. 2015/0007318 (hereinafter ‘318) in view of Smith et al. U.S. Patent Application Publication No. 2016/0335429 (herein after ‘429).
As to independent claim 1, “A processor having multiple protection rings assigned to software layers and configured to execute a software layer in an arbitrary protection ring provided by a programmable ownership table assigning privileged resources to protection rings” is taught in ‘318 paragraphs 1-2, and 12, note as shown in the background many computer architectures implement some form of hierarchical protection domains or “rings”, “The use of protection domains or rings allows the corresponding computer system to provide protection of data and applications (i.e. privileged resources and software layers executing), also note the ‘ownership table’ in ‘318 is interpreted equivalent to ‘memory page table’; 
the following is not explicitly taught in ‘318:
“wherein the ownership table is itself a privileged resource programmable upon booting the software layers” however ‘429 teaches an administrator programs a layered security module that is loaded during system boot in paragraphs 3 and 11;

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of managing device driver cross ring accesses taught in ‘318 to include a means to program an ownership table upon booting.  One of ordinary skill in the art would have been motivated to perform such a modification because virtualization technology requires mechanisms that are not vulnerable to other compromised device drivers and offer data security, see ‘429 paragraphs 2-3.

	As to dependent claim 3, “The processor according to claim 1, wherein the programmable table additionally assigns exceptions to protection rings and the processor is configured to respond to an exception by diverting handling of the exception to the ring programmed for the exception in the ownership table” is taught in ‘318 paragraph 12.
	As to dependent claim 4, The processor according to claim 1, configured to: trigger a privilege trap when accessing a privileged resource in the ownership table; and respond to the privilege trap by diverting the handling of the trap to the ring programmed for the privileged resource in the ownership table” is shown in ‘318 paragraph 12.

As to independent claim 9, “A method for executing software layers on a processor having multiple protection rings, comprising the following steps:”  “and upon execution of a software layer, determining its protection ring from the ownership table” is taught in ‘318 paragraphs 1-2, and 12, note as shown in the background many computer architectures implement some form of hierarchical protection domains or “rings”, “The use of protection domains or rings allows the corresponding computer system to provide protection of data and applications (i.e. privileged resources and software layers executing), also note the ‘ownership table’ in ‘318 is interpreted equivalent to ‘memory page table’; 
the following is not explicitly taught in ‘318:

“upon booting the software layers, programming an ownership table for attributing privileged resources to an arbitrary protection ring, where the ownership table is itself a privileged resource” however ‘429 teaches an administrator programs a layered security module that is loaded during system boot in paragraphs 3 and 11;

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of managing device driver cross ring accesses taught in ‘318 to include a means to program an ownership table upon booting.  One of ordinary skill in the art would have been motivated to perform such a modification because virtualization technology requires mechanisms that are not vulnerable to other compromised device drivers and offer data security, see ‘429 paragraphs 2-3.
	As to dependent claim 13, “The method according to claim 9, comprising the following steps: when booting the processor, programming in the ownership table an initial protection ring for a first software layer, authorizing the first software layer to access less privileged rings than the initial protection ring; and when booting the first software layer, programming in the ownership table a second protection ring for a second software layer, wherein the second protection ring is less privileged than the first protection ring” is taught in ‘429 paragraphs 3, 11, and 14-15.
As to independent claim 14, “A processor configured to execute software layers in corresponding protection rings, comprising: privileged resources accessible to software layers executed in corresponding protection rings” is taught in ‘318 paragraphs 1-2, and 12, note as shown in the background many computer architectures implement some form of hierarchical protection domains or “rings”, “The use of protection domains or rings allows the corresponding computer system to provide protection of data and applications (i.e. privileged resources and software layers executing); 
“a protection ring management system configured to: trigger a privilege trap when a currently executed software layer accesses a privileged resource from a less privileged protection ring than the ring programmed for the privileged resource in the ownership table” is shown in ‘318 paragraph 12, note the computing device is configured to monitor and manage cross ring memory access (e.g., a high privilege-to-low privilege memory access) and trap access request for analyzing / also note the ‘ownership table’ in ‘318 is interpreted equivalent to ‘memory page table’;
“and respond to the privilege trap by diverting the handling of the trap to the ring programmed for the privileged resource in the ownership table” is disclosed in ‘318 paragraph 12;
the following is not explicitly taught in ‘318:
“among the privileged resources, an ownership table assigning the privileged resources to protection rings, wherein the ownership table is programmable upon booting the software layers” however ‘429 teaches an administrator programs a layered security module that is loaded during system boot in paragraphs 3 and 11;
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of managing device driver cross ring accesses taught in ‘318 to include a means to program an ownership table upon booting.  One of ordinary skill in the art would have been motivated to perform such a modification because virtualization technology requires mechanisms that are not vulnerable to other compromised device drivers and offer data security, see ‘429 paragraphs 2-3.
As to dependent claim 15, “The processor according to claim 14, wherein the programmable table additionally assigns exceptions to protection rings and the processor is configured to respond to an exception by diverting handling of the exception to the ring programmed for the exception in the ownership table” is taught in ‘318 paragraph 12.

9.	Claims 5, 7-8, 11, 16, and 18-19, are rejected under 35 U.S.C. 103 as being unpatentable over Van De Van et al. U.S. Patent Application Publication No. 2015/0007318 (hereinafter ‘318) in view of Smith et al. U.S. Patent Application Publication No. 2016/0335429 (herein after ‘429) in further view of Cohen U.S. Patent 5,303,378 (hereinafter ‘378).
	As to dependent claim 5, the following is not explicitly taught in ‘319 and ‘429:
“The processor according to claim 1, comprising: hardware units that can trigger exceptions at the occurrence of events during execution of a program by the processor; a processor status register identifying a current protection ring applied to a currently executed program; a programmable ownership register embodying the programmable table; for each protection ring, a respective processor status backup register, defining the protection ring and corresponding rights; and an exception handler circuit, configured to, when an exception is triggered: index the ownership register with an identifier generated with the exception, to designate a corresponding protection ring; exchange the contents of the processor status register with the contents of the status backup register designated by the ownership register; and divert the current program to an exception handler, whereby the handler executes in the protection ring defined by the new contents of the processor status register” however ‘378 teaches triggering exceptions during the execution of a program in col. 12, lines 14-60.
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of managing device driver cross ring accesses taught in ‘318 and ‘429 to include a means to trigger exceptions at the occurrence of events.  One of ordinary skill in the art would have been motivated to perform such a modification because many popular personal computers are based on the Intel Corporation 8086 family of microprocessors and a method is needed to allow a protected mode kernel to service in V86 mode, interrupts which occur during execution of ring 0 protected mode code see ‘378 col. 1, lines 14-26 and col. 16, lines 17-38.
	As to dependent claim 7, “The processor according to claim 5, including a system-register-write instruction implemented by the processor to write into the ownership register, identified by the instruction, a sum of a rank of the current ring and a parameter of the instruction conveying a relative rank” is taught in ‘378 col. 5, line 50 through col. 6, line 26.
	As to dependent claim 8, “The processor according to claim 5, wherein the exceptions include a horizontal interrupt, the ownership register being programmed to attribute the horizontal interrupt to the same protection ring as the program running at the time the interrupt is triggered” is disclosed in ‘378 col. 5, line 50 through col. 6, line 7.
	As to dependent claim 11, “The method according to claim 9, further comprising: executing a current program in a protection ring and according to rights defined in a processor status register; for each protection ring, defining, in a respective processor status backup register, a protection ring and corresponding rights; and when the processor triggers an event signaling an access to a privileged resource in a less privileged ring than the one programmed in the table for the privileged resouce, exchanging contents of the processor status register with contents of the status backup register identified by the ownership table” is disclosed in ‘378 col. 12, lines 14-60.
As to dependent claim 16, “The processor according to claim 15, comprising: hardware units that can trigger exceptions at the occurrence of events during the execution of a program by the processor; a processor status register identifying the current protection ring applied to the currently executed program; a programmable ownership register embodying the programmable table; for each protection ring, a respective processor status backup register, defining the protection ring and corresponding rights; and an exception handler circuit, configured to, when an exception is triggered: index the ownership register with an identifier generated with the exception, to designate the corresponding protection ring; exchange the contents of the processor status register with the contents of the status backup register designated by the ownership register; and divert the current program to an exception handler, whereby the handler executes in the protection ring defined by the new contents of the processor status register” is taught in ‘378 col. 12, lines 14-60. 
As to dependent claim 18, “The processor according to claim 16, including a system-register-write instruction implemented by the processor to write into the ownership register, identified by the instruction, a sum of the rank of the current ring and a parameter of the instruction conveying a relative rank” is shown in ‘318 Abstract, paragraphs 12, and 30-32 and ‘378 col. 5, line 50 through col. 6, line 26.
As to dependent claim 19, “The processor according to claim 16, wherein the exceptions include a horizontal interrupt, the ownership register being programmed to attribute the horizontal interrupt to the same protection ring as the program running at the time the interrupt is triggered” is disclosed in ‘378 col. 5, line 50 through col. 6, line 7.

10.	Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Van De Van et al. U.S. Patent Application Publication No. 2015/0007318 (hereinafter ‘318) in view of Smith et al. U.S. Patent Application Publication No. 2016/0335429 (herein after ‘429) Traut U.S. Patent Application Publication No. 2005/0076186 (hereinafter ‘186).
As to dependent claim 12, the following is not explicitly taught in ‘319 and ‘429: “The method according to claim 9, further comprising: running a host hypervisor in a first ring; running a guest operating system in a second ring that is less privileged than the first ring, wherein the guest operating system is designed to manage a translation table for translating virtual addresses into physical addresses; running a user program in a third ring less privileged than the second ring, wherein the user program is designed to use virtual addresses applied to the translation table; in the ownership table, attributing to the second ring a virtual address allocation failure exception, triggered when the translation table has no entry for a virtual address applied by the user program; in the ownership table, attributing the translation table as a privileged resource to the first ring, whereby a write access attempt to the translation table by a less privileged ring triggers a privilege trap; and configuring a privilege trap handler, executed in the first ring by the hypervisor, to update the translation table” however ‘186 teaches running host hypervisor and guest operating system in different privilege rings in paragraphs 52-56.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of managing device driver cross ring accesses taught in ‘318 and ‘429 to include a means to respond to handling exceptions with hypervisor.  One of ordinary skill in the art would have been motivated to perform such a modification because improvements are needed in the x86 architecture, see ‘186 paragraph 5.

11.	Claims 6 and 17, are rejected under 35 U.S.C. 103 as being unpatentable over Van De Van et al. U.S. Patent Application Publication No. 2015/0007318 (hereinafter ‘318) in view of Smith et al. U.S. Patent Application Publication No. 2016/0335429 (herein after ‘429) in further view of Cohen U.S. Patent 5,303,378 (hereinafter ‘378) in further view of Traut U.S. Patent Application Publication No. 2005/0076186 (hereinafter ‘186) in further view of Traut U.S. Patent Application Publication No. 2002/0082823 (hereinafter ‘823).
As to dependent claim 6, the following is not explicitly taught in ‘318, ‘429, ‘378, and ‘186: “The processor according to claim 5, comprising: a program counter identifying an address of an instruction currently executed by the processor; for each protection ring, a respective backup register of the program counter; for each protection ring, a respective exception vector identifying the addresses of the exception handlers of the corresponding protection ring; wherein the exception handling circuit is also configured to, when an exception is triggered: save the contents of the program counter in the program counter backup register designated by the ownership register; and write the address provided by the exception vector designated by the ownership register into the program counter” however ‘823 teaches an emulation computing environment that uses address pointers and exception handlers to tract program counter address in paragraphs 29-30 and 35.  In addition ‘823 and ‘186 are the same inventor.
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of managing device driver cross ring accesses taught in ‘318, ‘429, ‘378, and ‘186, to include a means to identify an address of an instruction currently executing and exception vector addresses.  One of ordinary skill in the art would have been motivated to perform such a modification to manage the memory space in an emulated computing environment see ‘823 paragraphs 9-12.
As to dependent claim 17, “The processor according to claim 16, comprising: a program counter identifying the address of an instruction currently executed by the processor; for each protection ring, a respective backup register of the program counter; for each protection ring, a respective exception vector identifying the addresses of the exception handlers of the corresponding protection ring; wherein the exception handling circuit is also configured to, when an exception is triggered: save the contents of the program counter in the program counter backup register designated by the ownership register; and write the address provided by the exception vector designated by the ownership register into the program counter” is taught in ‘823 paragraphs 29-30 and 35.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
12.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ELLEN C TRAN whose telephone number is (571) 272-3842.  The examiner can normally be reached from M-F 9 AM to 6PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
		If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeff Pwu can be reached at 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ELLEN TRAN/Primary Examiner, Art Unit 2433                                                                                                                                                                                                        23 August 2022