Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 07/26/2022 has been entered.
 
DETAILED ACTION
	This Office Action is in response to a Request for Continued Examination (RCE) application received on 07/26/2022. In the application, Applicant has amended independent claims 1, 15 and 22. Claims 2-5, 16-18 and 23-25 remain cancelled. No new claim has been added and no further claim has been cancelled. Claims 6-14, 19-21 and 26-27 remain original.
	For this Office Action, claims 1, 6-15, 19-22 and 26-27 have been received for consideration and have been examined. 
Response to Arguments
Claim Interpretation under 35 USC § 112(f)
	Applicant’s remark regarding claim interpretation under 35 USC § 112(f) have been reviewed, and they are found to be persuasive based on the amendments. 

Claim Rejection under 35 USC § 112(a)
	Applicant’s remarks regarding claim rejection under 35 USC § 112(a) have been reviewed, however, they are unpersuasive. Examiner would like to note that Applicant’s remarks do not coincide with raised 112(a) rejection in the previous Final Office Action. Examiner would like to note that 35 USC § 112(a) rejection was issued for second last ‘wherein’ clause which recites “… restricted to microcode of an application processor of the one or more processors of the computing device”. Examiner mentioned that specification lacks support for the underlined phrase and specification only recites “microcode of the processor” which has totally different connotation from the claimed phrase of “microcode of an application processor”. Applicant did not address the rejection in the amendment and therefore this rejection has been maintained in this Office Action. 
Claim Rejection under 35 USC § 112(b)
	Regarding claims 1 and 15 rejection under 35 USC § 112(b), Applicant did not address this rejection in the remarks and also did not amend the limitation to overcome the rejection. Therefore this rejection has been maintained in this Office Action. 
Claim Rejection under 35 USC § 103
Applicant’s arguments, filed 07/26/2022, with respect to the rejection(s) of claim(s) under 35 USC § 103 have been fully considered, however, after careful consideration of the amended language, the first amended wherein clause “disabling the accesses includes flushing out stale data in one or more data buffers associated with the I/O controller” is still taught by Lal in paragraphs [0020] & [0049] which discloses that access to memory is further disabled by cleaning [flushing] the memory cells within the trusted I/O (TIO) processor reserved memory (PRM) region whenever the same memory cell is used again by untrusted or trusted components. 
	Regarding second amended wherein clause “wherein enabling the accesses includes re-enabling accesses to memory mapped I/O addresses to programmable I/O registers”, applicant’s remarks are moot.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

Claims 1, 15 and 22 are rejected under 35 U.S.C. 112(a), as failing to comply with the written description requirement. The claims contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, at the time the application was filed, had possession of the claimed invention.
Independent claims 1, 15 and 22 recite “wherein the TIO enable register is access restricted to microcode of an application processor of the one or more processors of the computing device”. Examiner did not find any support for the underlined phrase in the instant specification. However, instant specification repeatedly recites the phrase “microcode of the processor”. Examiner would like to note that specification only recites “microcode of the processor” which has totally different connotation from the claimed phrase of “microcode of an application processor”.
Therefore, for the purpose of examination, the above phrase will be interpreted as “microcode of the one or more processors” as mentioned in the instant specification.
Dependent claims inherit this deficiency.

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

Claims 1, 15 and 22 rejected under 35 U.S.C. 112(b), as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, regards as the invention.
Claims 1, 15 and 22 recite wherein limitation “wherein enabling accesses includes re-enabling accesses to memory mapped I/O addresses to programmable I/O registers”. It is unclear to an ordinary skill in the art before the effective filing date of claimed invention to understand the manner in which the act of ‘re-enabling access to memory’ is occurring when the access to address regions is already enabled in the previous limitation. For the purpose of claim interpretation, examiner will treat the limitation as single step of “enable accesses to address regions …”.
Claims 1, 15 and 22 recite wherein limitation “wherein the TIO enable register is set over the secure routing hardware”. The underlined term lacks antecedent basis as there is no recitation of “a secure routing hardware” preceding limitations.
For the purpose of further examination, the above mentioned wherein clause will be interpreted as “wherein the TIO enable register is set over a secure routing hardware”.
Dependent claims inherit this deficiency. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 6-15, 19-22 and 26-27 are rejected under 35 U.S.C. 103 as being unpatentable over Lal et al., (US20170364707A1) w.e.f.d. of 06/20/2016 in view of Luong et a., (US20180373543A1) w.e.f.d. of 06/22/2017 in view of Krishnakumar et al., (US20170177293A1) w.e.f.d. of 12/18/2015 and further in view of Sastry et al., (US20140282819A1) w.e.f.d. of 03/14/2013.
Regarding claim 1, Lal discloses:
A computing device comprising: 
one or more processors; and 
an input/output (I/O) controller having registers, the I/O controller (See FIG. 1; i.e. inline channel identifier (CID) filter hardware 136 attached to I/O Controller 138) to ([0017] As shown in FIG. 1, the illustrative computing device 100 includes a processor 120, an I/O subsystem 128, a memory 130, a data storage device 132, a CID filter 136, and one or more I/O controllers 138; [0019] The processor 120 may also include one or more range registers or other features to protect the TIO PRM from unauthorized access; [0042] In block 406, an I/O controller 138 of the computing device 100 generates an I/O transaction. The I/O transaction identifies a memory address in the memory 130 as well as plaintext I/O data, which may be received from an I/O device 140. The I/O transaction may be embodied as, for example, a PCI DMA transaction. In some embodiments, in block 408 the I/O controller 138 may add a CID to the I/O transaction. For example, the I/O controller 138 may add a CID to transactions that originate from a TIO-capable I/O device 140): 
disable accesses to memory regions (See [0040] i.e. processor reserved memory (PRM) region) (See [0040] i.e. generate a page fault, exception, or other error in response to a software attempt to access the TIO PRM range) associated with one or more programmable I/O registers of the I/O controller in response to programming the I/O controller to allow trusted I/O ([0040] one or more TIO PRM range registers may be set to define the TIO PRM range in memory. Continuing that example, the processor 120 may include a TIO PRM base register and a TIO PRM size register, which together define the TIO PRM range. After reserving the TIO PRM range, the processor 120 may generate a page fault, exception, or other error in response to a software attempt to access the TIO PRM range; [0044] For example, the CID filter 136 may look up the CID in the CAM table and then verify the associated address. In block 418, the CID filter 418 checks whether the address is within the CID TIO PRM range. If not, the method 400 branches to block 420, in which the CID filter 136 drops the I/O transaction, preventing the I/O data from being written to the memory 130), 
wherein the one or more programmable I/O registers allow access to plaintext I/O data to or from an I/O device ([0042] The I/O transaction identifies a memory address in the memory 130 as well as plaintext I/O data, which may be received from an I/O device 140; [0045] In block 422, the CID filter 136 allows the I/O transaction to write the plaintext I/O data to the memory address within the CID TIO PRM range; [0065] the I/O transaction also includes plaintext data received from the I/O device 140; [0074] the computing device 100 securely transfers the encrypted data through the untrusted system I/O stack before allowing trusted software (e.g., the application enclave 304) to decrypt and access the plaintext I/O data; Also see [0077]),
wherein disabling the accesses includes flushing out stale data in one or more data buffers associated with the I/O controllers ([0020] & [0049] which discloses that access to memory is further disabled by cleaning [flushing] the memory cells within the trusted I/O (TIO) processor reserved memory (PRM) region whenever the same memory cell is used again by untrusted or trusted components); 
perform I/O data transfers to or from an I/O device via direct memory access in response to disabling the accesses to the memory regions associated with the one or more programmable I/O registers ([0038] the CEE 302 (cryptographic engine) communicates with the CID filter driver 306 to securely program the crypto engine 124 of the processor 120 and the CID filter 136 to perform trusted I/O over a DMA channel; [0068] Referring now to FIG. 6B, in block 622 the filter driver 310 handles a DMA completion from the I/O controller 138. The DMA completion is generated when the I/O controller 138 performs a DMA operation to write I/O data from the I/O device 140 into the shadow buffer; [0069] In response to the DMA completion, in block 624 the filter driver 310 invokes a privileged processor feature to encrypt and copy the I/O data), 
wherein the I/O data transfers are protected by a trusted I/O channel ([0045] In block 422, the CID filter 136 allows the I/O transaction to write the plaintext I/O data to the memory address within the CID TIO PRM range. As described above, the TIO PRM is protected by the processor 120 from access by software of the computing device 100. Thus, even though the I/O data is written to the memory 130 in plaintext, the I/O data is protected from potential malicious software); and 
enable accesses to the address regions associated (i.e., reserving processor reserved memory (PRM) region in the memory 130 which is protected from untrusted I/O attempts) with the one or more programmable I/O registers in response to programming the I/O controller to disallow trusted I/O ([0040] The method 400 begins in block 402, in which the processor 120 of the computing device 100 reserves a trusted I/O (TIO) processor reserved memory (PRM) region in the memory 130. For example, one or more TIO PRM range registers may be set to define the TIO PRM range in memory; [0044] the CID filter 136 may look up the CID in the CAM table and then verify the associated address. In block 418, the CID filter 418 checks whether the address is within the CID TIO PRM range. If not, the method 400 branches to block 420, in which the CID filter 136 drops the I/O transaction, preventing the I/O data from being written to the memory 130), 
wherein the accesses to the memory regions associated with the one or more programmable I/O registers of the I/O controller are locked to provide exclusive access to the I/O controller ([0040] The method 400 begins in block 402, in which the processor 120 of the computing device 100 reserves a trusted I/O (TIO) processor reserved memory (PRM) region in the memory 130. For example, one or more TIO PRM range registers may be set to define the TIO PRM range in memory; [0047] The method 500 begins in block 502, in which system firmware of the computing device 100 assigns a trusted I/O (TIO) processor reserved memory (PRM) region in the memory 130. In some embodiments, in block 504, the firmware of the computing device 100 may set one or more TIO PRM range registers to define the TIO PRM range in memory. For example, the processor 120 may include a TIO PRM base register and a TIO PRM size register, which together define the TIO PRM range. In block 506, the processor 120 locks down the TIO PRM range to be inaccessible to software);
control access to a TIO enable register of the I/O controller to enable or disable one or more of the accesses to the memory regions associated with one or more programmable I/O registers ([0019] the cryptographic engine 124 may perform TIO functions such as encrypting and/or decrypting DMA I/O data input from and/or output to one or more I/O devices 142. In particular, as described further below, in some embodiments, plaintext I/O data may be stored in a TIO Processor Reserved Memory (TIO PRM) region that is not accessible to software of the computing device 100, and the cryptographic engine 124 may be used to encrypt the plaintext DMA I/O data and copy the encrypted data to an ordinary kernel I/O buffer. The processor 120 may also include one or more range registers or other features to protect the TIO PRM from unauthorized access).
Lal fails to disclose:
	wherein enabling the accesses includes re-enabling accesses to memory mapped I/O addresses to programmable I/O registers, wherein a secure session is established between an application executed by the computing device- Page 2 of 14 -Application No. 15/856,570 Art Unit 2432and the I/O controller, wherein a secure session request is received from the application to establish the secure session between the application and the I/O controller, wherein the TIO enable register is access restricted to microcode of the one or more processors of the computing device, wherein the TIO enable register is set over a secure routing hardware.
However, Luong discloses:
	wherein enabling the accesses includes re-enabling accesses to memory mapped I/O addresses to programmable I/O registers ([0029-0030] discloses the concept of disabling and re-enabling selected memory regions associated with the memory accessing operation).
	It would have been obvious to an ordinary skill in the art before the effective filing date of the claimed invention to modify the Lal reference and include an information handling system which includes disabling and enabling access to memory regions as per conditions and requirements, as disclosed by Luong.
	The motivation to include such information handling system is to efficiently manage and protect memory regions of a computing device.
The combination of Lal and Luong fails to disclose:
	wherein a secure session is established between an application executed by the computing device and the I/O controller, wherein a secure session request is received from the application to establish the secure session between the application and the I/O controller, wherein the TIO enable register is access restricted to microcode of the one or more processors of the computing device, wherein the TIO enable register is set over a secure routing hardware.
However, Krishnakumar discloses:
	wherein a secure session (i.e. a session configuration request by a trusted software component of the computing device to establish an audio session between an untrusted audio driver of the computing device 100 to establish an audio session with an audio controller; See [0030]) is established between an application (i.e. untrusted audio driver) executed by the computing device and the I/O controller ([0006] FIG. 3 is a simplified block diagram of at least one embodiment of an environment that may be established by the computing device of FIGS. 1-2; [0007] FIGS. 4A and 4B are a simplified flow diagram of at least one embodiment of a method for protecting I/O data that may be executed by the computing device of FIGS. 1-3; [0030] The session configuration module 302 is configured to request, by a trusted software component of the computing device 100, an untrusted audio driver of the computing device 100 to establish an audio session with an audio controller 144 … The trusted software component may be embodied as a secure enclave established with the secure enclave support 122 of the processor 120. In some embodiments, the session configuration module 302 may be further configured to allocate, by the untrusted audio driver, one or more DMA engines 202, 204 of the audio controller 144 for the audio session. Each of the host DMA engines 202 is associated with a stream buffer 210 established in the memory 130),
	wherein a secure session request is received from the application to establish the secure session between the application and the I/O controller ([0030] The session configuration module 302 is configured to request, by a trusted software component of the computing device 100, an untrusted audio driver of the computing device 100 to establish an audio session with an audio controller 144).
It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the Lal and Luong references and include a session configuration module to establish a secure session between audio application and audio controller, as disclosed by Krishnakumar.
	The motivation to the session configuration module to establish a secure session between audio application and audio controller is protect audio application data associated with the audio session (see Krishnakumar: Abstract).
The combination of Lal, Luong and Krishnakumar fails to disclose:
	wherein the TIO enable register is access restricted to microcode of the one or more processors of the computing device, wherein the TIO enable register is set over a secure routing hardware.
However, Sastry discloses:
	wherein the TIO enable register is access restricted to microcode of the one or more processors of the computing device (See FIG. 10; [0084] The process begins in a block 1002, wherein a processor core generates a restricted core transaction to configure a mode register in the system agent with the core's current mode … This results in generation of an n-bit security attribute that includes a bit encoding indicating that it is microcode access; [0086] The security attributes accompanying the sideband message are verified by the access control policy register before access is permitted to the mode register, as depicted in a block 1010. In this case, a security attribute indicating an execution mode of the transaction initiator is verified to correspond to a microcode execution mode before permitting a write to the mode register. The mode register is then updated to core's current mode),
wherein the TIO enable register is set over a secure routing hardware (i.e. fabric-based enforcement such as through I/O Fabric 220 and through Memory Fabric 206 in Figures 5 & 8) ([0004] FIGS. 3 a and 3 b respective show course-grain and fine-grain subject initiator to target object mappings for source-based, target-based and fabric-based SAI enforcement schemes; [0006] FIG. 5 shows the SoC of FIG. 2, further including a bus implementing a proprietary protocol and a mapper for mapping security attributes between the proprietary protocol and a protocol employed by the SoC fabrics; [0067] FIG. 8 depicts an example of securely enforcing device accesses to memory. Under this example, device 222 initiates a transaction (e.g., read or write) to access DRAM 218. At an I/O bridge 252, appropriate SAIs are generated via the bridge hardware; these SAI will be forwarded with the transaction message across interfaces until reaching an applicable security enforcement entity, which in this case are policy registers 256 in memory fabric 206. At policy registers 256, the SAI will be inspected and evaluated against the applicable policy register in accordance with the type of transaction, e.g., read or write).	
	It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the reference of Lal, Luong and Krishnakumar and include Security Attribute indicator (SAI) enforcement schemes, as disclosed by Sastry.
	The motivation to include SAI is define immutable properties of a subject or initiator used for making access decisions (See Sastry: Abstract).
Regarding claim 6, the combination of Lal, Luong, Krishnakumar and Sastry discloses:
The computing device of claim 5, wherein to set the TIO enable register comprises to:
route a command that sets the TIO enable register over the secure routing hardware to the I/O controller (Lal: [0047] The method 500 begins in block 502, in which system firmware of the computing device 100 assigns a trusted I/O (TIO) processor reserved memory (PRM) region in the memory 130. In some embodiments, in block 504, the firmware of the computing device 100 may set one or more TIO PRM range registers to define the TIO PRM range in memory. For example, the processor 120 may include a TIO PRM base register and a TIO PRM size register, which together define the TIO PRM range);
	verify, by the secure routing hardware, a security attribute of the initiator (SAI) of the command to ensure that the command is issued from microcode of the computing device (Sastry: [0085] In a block 1006, the restricted core transaction along with the security attributes is sent to the IO fabric … a security attribute indicating an execution mode of the transaction initiator is verified to correspond to a microcode execution mode before permitting a write to the mode register. The mode register is then updated to core's current mode).
Regarding claim 7, the combination of Lal, Luong, Krishnakumar and Sastry discloses:
The computing device of claim 1, wherein to program the I/O controller of the computing device to disallow trusted I/O comprises to clear the TIO enable register over the secure routing hardware (Lal: [0047] For example, the processor 120 may include a TIO PRM base register and a TIO PRM size register, which together define the TIO PRM range. In block 506, the processor 120 locks down the TIO PRM range to be inaccessible to software. For example, after being locked down, the processor 120 may generate a page fault, exception, or other error in response to a software attempt to access the TIO PRM range; [0059] In block 538, after reading the cryptographic response, the CID filter device driver 306 invokes a privileged processor feature to securely clear the CID TIO PRM range).
Regarding claim 8, the combination of Lal, Luong, Krishnakumar and Sastry discloses:
The computing device of claim 7, wherein to clear the TIO enable register comprises to:
route a command that clears the TIO enable register over the secure routing hardware to the I/O controller (Lal: [0047] For example, the processor 120 may include a TIO PRM base register and a TIO PRM size register, which together define the TIO PRM range. In block 506, the processor 120 locks down the TIO PRM range to be inaccessible to software. For example, after being locked down, the processor 120 may generate a page fault, exception, or other error in response to a software attempt to access the TIO PRM range; [0059] In block 538, after reading the cryptographic response, the CID filter device driver 306 invokes a privileged processor feature to securely clear the CID TIO PRM range);
verify, by the secure routing hardware, a security attribute of the initiator (SAI) of the command to ensure that the command is issued from microcode of the computing device (Sastry: [0085] In a block 1006, the restricted core transaction along with the security attributes is sent to the IO fabric. The system agent sends the restricted transaction over the SoC primary interface as a regular I/O read/write transaction. During a parallel operation, the security attributes bits are sent on the IO fabric's primary master interface). 	
Regarding claim 9, the combination of Lal, Luong, Krishnakumar and Sastry discloses:
The computing device of claim 1, wherein the I/O controller is further to transmit, in response to programming the I/O controller to allow the trusted I/O, a controller state of the I/O controller to an operating system of the computing device (Lal: [0061] The method 600 begins in block 602, in which the application enclave 304 of the computing device 100 sends an I/O request to read data into a user buffer. The I/O request may identify a particular I/O device 140 that has previously been programmed to use a TIO channel as described above in connection with FIGS. 5A and 5B. Thus, the I/O request is associated with a particular channel identifier (CID) that identifies the particular I/O controller 138 and I/O device 140 … The application enclave 304 may use any appropriate technique to send the I/O request, for example by invoking one or more system calls, APIs, or other interfaces to an operating system I/O stack; [0062] The I/O request starts being processed through the operating system I/O stack; [0063] In block 606, the filter driver 310 intercepts the I/O request. The filter driver 310 may use any appropriate technique to intercept the I/O request. For example, certain operating systems such as Microsoft® Windows™ may maintain an I/O driver stack that allows a class driver 308 to pass the I/O request down to the filter driver 310).
Regarding claim 10, the combination of Lal, Luong, Krishnakumar and Sastry discloses:
The computing device of claim 1, wherein the I/O controller is further to drop a write request to the address regions associated with the one or more programmable I/O registers in response to disabling the accesses to memory regions associated with one or more programmable I/O registers (Lal: [0044] the CID filter 136 may look up the CID in the CAM table and then verify the associated address. In block 418, the CID filter 418 checks whether the address is within the CID TIO PRM range. If not, the method 400 branches to block 420, in which the CID filter 136 drops the I/O transaction, preventing the I/O data from being written to the memory 130).
Regarding claim 11, the combination of Lal, Luong, Krishnakumar and Sastry discloses:
The computing device of claim 1, wherein to disable the accesses to the memory regions associated with one or more programmable I/O registers comprises to disable accesses to memory mapped I/O addresses associated with the one or more programmable I/O registers (Lal: [0040] For example, one or more TIO PRM range registers may be set to define the TIO PRM range in memory. Continuing that example, the processor 120 may include a TIO PRM base register and a TIO PRM size register, which together define the TIO PRM range. After reserving the TIO PRM range, the processor 120 may generate a page fault, exception, or other error in response to a software attempt to access the TIO PRM range; [0047] The method 500 begins in block 502, in which system firmware of the computing device 100 assigns a trusted I/O (TIO) processor reserved memory (PRM) region in the memory 130. In some embodiments, in block 504, the firmware of the computing device 100 may set one or more TIO PRM range registers to define the TIO PRM range in memory. For example, the processor 120 may include a TIO PRM base register and a TIO PRM size register, which together define the TIO PRM range. In block 506, the processor 120 locks down the TIO PRM range to be inaccessible to software).
Regarding claim 12, the combination of Lal, Luong, Krishnakumar and Sastry discloses:
The computing device of claim 1, wherein to perform the I/O data transfers to or from the I/O device comprises to perform the I/O data transfers to the I/O device by encrypting I/O data using a cryptographic engine of the computing device where the I/O data is transferred to a trusted I/O processor reserved memory (TIO PRM) region (Lal: [0019] The cryptographic engine 124 may be embodied as one or more hardware functional blocks (IP blocks), microcode, or other resources of the processor 120 that allows the processor 120 to perform trusted I/O (TIO) functions).
Regarding claim 13, the combination of Lal, Luong, Krishnakumar and Sastry discloses:
The computing device of claim 1, wherein to enable the accesses to the memory regions associated with one or more programmable I/O registers comprises to enable accesses to memory mapped I/O addresses associated with the one or more programmable I/O registers (Lal: [0040] For example, one or more TIO PRM range registers may be set to define the TIO PRM range in memory. Continuing that example, the processor 120 may include a TIO PRM base register and a TIO PRM size register, which together define the TIO PRM range. After reserving the TIO PRM range, the processor 120 may generate a page fault, exception, or other error in response to a software attempt to access the TIO PRM range; [0047] The method 500 begins in block 502, in which system firmware of the computing device 100 assigns a trusted I/O (TIO) processor reserved memory (PRM) region in the memory 130. In some embodiments, in block 504, the firmware of the computing device 100 may set one or more TIO PRM range registers to define the TIO PRM range in memory. For example, the processor 120 may include a TIO PRM base register and a TIO PRM size register, which together define the TIO PRM range. In block 506, the processor 120 locks down the TIO PRM range to be inaccessible to software).
Regarding claim 14, the combination of Lal, Luong, Krishnakumar and Sastry discloses:
The computing device of claim 1, wherein the I/O controller is further to establish a default mode by enabling accesses to the memory regions associated with the one or more programmable I/O registers in response to a hardware reset of the computing device (Lal: [0048] the TIO PRM is locked down by platform firmware (e.g., UEFI firmware, ACPI firmware, BIOS, or other firmware), the platform firmware executed between platform reset and the point that the TIO PRM is cleaned may be inside a TIO application's trusted code base (TCB); [0053] The KWK may be sampled by a platform authenticated code module and provided to microcode and is cleared on reset. Consequently, wrapped blobs generated by EBIND do not survive across reset).
Regarding claim 15, Lal discloses:
One or more non-transitory, machine-readable storage media comprising a plurality of instructions stored thereon that, in response to being executed, cause a computing device to:
facilitate an input/output (I/O) controller (See FIG. 1; i.e. inline channel identifier (CID) filter hardware 136 attached to I/O Controller 138) of the computing device to allow trusted I/O, the I/O controller having registers: ([0017] s shown in FIG. 1, the illustrative computing device 100 includes a processor 120, an I/O subsystem 128, a memory 130, a data storage device 132, a CID filter 136, and one or more I/O controllers 138; [0019] The processor 120 may also include one or more range registers or other features to protect the TIO PRM from unauthorized access; [0042] In block 406, an I/O controller 138 of the computing device 100 generates an I/O transaction. The I/O transaction identifies a memory address in the memory 130 as well as plaintext I/O data, which may be received from an I/O device 140. The I/O transaction may be embodied as, for example, a PCI DMA transaction. In some embodiments, in block 408 the I/O controller 138 may add a CID to the I/O transaction. For example, the I/O controller 138 may add a CID to transactions that originate from a TIO-capable I/O device 140) 
disable accesses to memory regions (See [0040] i.e. processor reserved memory (PRM) region) (See [0040] i.e. generate a page fault, exception, or other error in response to a software attempt to access the TIO PRM range) associated with one or more programmable I/O registers of the I/O controller in response to programming the I/O controller to allow trusted I/O ([0040] one or more TIO PRM range registers may be set to define the TIO PRM range in memory. Continuing that example, the processor 120 may include a TIO PRM base register and a TIO PRM size register, which together define the TIO PRM range. After reserving the TIO PRM range, the processor 120 may generate a page fault, exception, or other error in response to a software attempt to access the TIO PRM range; [0044] For example, the CID filter 136 may look up the CID in the CAM table and then verify the associated address. In block 418, the CID filter 418 checks whether the address is within the CID TIO PRM range. If not, the method 400 branches to block 420, in which the CID filter 136 drops the I/O transaction, preventing the I/O data from being written to the memory 130), 
wherein the one or more programmable I/O registers allow access to plaintext I/O data to or from an I/O device ([0042] The I/O transaction identifies a memory address in the memory 130 as well as plaintext I/O data, which may be received from an I/O device 140; [0045] In block 422, the CID filter 136 allows the I/O transaction to write the plaintext I/O data to the memory address within the CID TIO PRM range; [0065] the I/O transaction also includes plaintext data received from the I/O device 140; [0074] the computing device 100 securely transfers the encrypted data through the untrusted system I/O stack before allowing trusted software (e.g., the application enclave 304) to decrypt and access the plaintext I/O data; Also see [0077]),
wherein disabling the accesses includes flushing out stale data in one or more data buffers associated with the I/O controllers ([0020] & [0049] which discloses that access to memory is further disabled by cleaning [flushing] the memory cells within the trusted I/O (TIO) processor reserved memory (PRM) region whenever the same memory cell is used again by untrusted or trusted components); 
perform I/O data transfers to or from an I/O device via direct memory access in response to disabling the accesses to the memory regions associated with the one or more programmable I/O registers ([0038] the CEE 302 (cryptographic engine) communicates with the CID filter driver 306 to securely program the crypto engine 124 of the processor 120 and the CID filter 136 to perform trusted I/O over a DMA channel; [0068] Referring now to FIG. 6B, in block 622 the filter driver 310 handles a DMA completion from the I/O controller 138. The DMA completion is generated when the I/O controller 138 performs a DMA operation to write I/O data from the I/O device 140 into the shadow buffer; [0069] In response to the DMA completion, in block 624 the filter driver 310 invokes a privileged processor feature to encrypt and copy the I/O data), 
wherein the I/O data transfers are protected by a trusted I/O channel ([0045] In block 422, the CID filter 136 allows the I/O transaction to write the plaintext I/O data to the memory address within the CID TIO PRM range. As described above, the TIO PRM is protected by the processor 120 from access by software of the computing device 100. Thus, even though the I/O data is written to the memory 130 in plaintext, the I/O data is protected from potential malicious software); and 
enable accesses to the address regions associated (i.e., reserving processor reserved memory (PRM) region in the memory 130 which is protected from untrusted I/O attempts) with the one or more programmable I/O registers in response to programming the I/O controller to disallow trusted I/O ([0040] The method 400 begins in block 402, in which the processor 120 of the computing device 100 reserves a trusted I/O (TIO) processor reserved memory (PRM) region in the memory 130. For example, one or more TIO PRM range registers may be set to define the TIO PRM range in memory; [0044] the CID filter 136 may look up the CID in the CAM table and then verify the associated address. In block 418, the CID filter 418 checks whether the address is within the CID TIO PRM range. If not, the method 400 branches to block 420, in which the CID filter 136 drops the I/O transaction, preventing the I/O data from being written to the memory 130), 
wherein the accesses to the memory regions associated with the one or more programmable I/O registers of the I/O controller are locked to provide exclusive access to the I/O controller ([0040] The method 400 begins in block 402, in which the processor 120 of the computing device 100 reserves a trusted I/O (TIO) processor reserved memory (PRM) region in the memory 130. For example, one or more TIO PRM range registers may be set to define the TIO PRM range in memory; [0047] The method 500 begins in block 502, in which system firmware of the computing device 100 assigns a trusted I/O (TIO) processor reserved memory (PRM) region in the memory 130. In some embodiments, in block 504, the firmware of the computing device 100 may set one or more TIO PRM range registers to define the TIO PRM range in memory. For example, the processor 120 may include a TIO PRM base register and a TIO PRM size register, which together define the TIO PRM range. In block 506, the processor 120 locks down the TIO PRM range to be inaccessible to software);
control access to a TIO enable register of the I/O controller to enable or disable one or more of the accesses to the memory regions associated with one or more programmable I/O registers ([0019] the cryptographic engine 124 may perform TIO functions such as encrypting and/or decrypting DMA I/O data input from and/or output to one or more I/O devices 142. In particular, as described further below, in some embodiments, plaintext I/O data may be stored in a TIO Processor Reserved Memory (TIO PRM) region that is not accessible to software of the computing device 100, and the cryptographic engine 124 may be used to encrypt the plaintext DMA I/O data and copy the encrypted data to an ordinary kernel I/O buffer. The processor 120 may also include one or more range registers or other features to protect the TIO PRM from unauthorized access).
Lal fails to disclose:
	wherein enabling the accesses includes re-enabling accesses to memory mapped I/O addresses to programmable I/O registers, wherein a secure session is established between an application executed by the computing device- Page 2 of 14 -Application No. 15/856,570 Art Unit 2432and the I/O controller, wherein a secure session request is received from the application to establish the secure session between the application and the I/O controller, wherein the TIO enable register is access restricted to microcode of the one or more processors of the computing device, wherein the TIO enable register is set over a secure routing hardware.
However, Luong discloses:
	wherein enabling the accesses includes re-enabling accesses to memory mapped I/O addresses to programmable I/O registers ([0029-0030] discloses the concept of disabling and re-enabling selected memory regions associated with the memory accessing operation).
	It would have been obvious to an ordinary skill in the art before the effective filing date of the claimed invention to modify the Lal reference and include an information handling system which includes disabling and enabling access to memory regions as per conditions and requirements, as disclosed by Luong.
	The motivation to include such information handling system is to efficiently manage and protect memory regions of a computing device.
The combination of Lal and Luong fails to disclose:
	wherein a secure session is established between an application executed by the computing device and the I/O controller, wherein a secure session request is received from the application to establish the secure session between the application and the I/O controller, wherein the TIO enable register is access restricted to microcode of the one or more processors of the computing device, wherein the TIO enable register is set over a secure routing hardware.
However, Krishnakumar discloses:
	wherein a secure session (i.e. a session configuration request by a trusted software component of the computing device to establish an audio session between an untrusted audio driver of the computing device 100 to establish an audio session with an audio controller; See [0030]) is established between an application (i.e. untrusted audio driver) executed by the computing device and the I/O controller ([0006] FIG. 3 is a simplified block diagram of at least one embodiment of an environment that may be established by the computing device of FIGS. 1-2; [0007] FIGS. 4A and 4B are a simplified flow diagram of at least one embodiment of a method for protecting I/O data that may be executed by the computing device of FIGS. 1-3; [0030] The session configuration module 302 is configured to request, by a trusted software component of the computing device 100, an untrusted audio driver of the computing device 100 to establish an audio session with an audio controller 144 … The trusted software component may be embodied as a secure enclave established with the secure enclave support 122 of the processor 120. In some embodiments, the session configuration module 302 may be further configured to allocate, by the untrusted audio driver, one or more DMA engines 202, 204 of the audio controller 144 for the audio session. Each of the host DMA engines 202 is associated with a stream buffer 210 established in the memory 130),
	wherein a secure session request is received from the application to establish the secure session between the application and the I/O controller ([0030] The session configuration module 302 is configured to request, by a trusted software component of the computing device 100, an untrusted audio driver of the computing device 100 to establish an audio session with an audio controller 144).
It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the Lal and Luong references and include a session configuration module to establish a secure session between audio application and audio controller, as disclosed by Krishnakumar.
	The motivation to the session configuration module to establish a secure session between audio application and audio controller is protect audio application data associated with the audio session (see Krishnakumar: Abstract).
The combination of Lal, Luong and Krishnakumar fails to disclose:
	wherein the TIO enable register is access restricted to microcode of the one or more processors of the computing device, wherein the TIO enable register is set over a secure routing hardware.
However, Sastry discloses:
	wherein the TIO enable register is access restricted to microcode of the one or more processors of the computing device (See FIG. 10; [0084] The process begins in a block 1002, wherein a processor core generates a restricted core transaction to configure a mode register in the system agent with the core's current mode … This results in generation of an n-bit security attribute that includes a bit encoding indicating that it is microcode access; [0086] The security attributes accompanying the sideband message are verified by the access control policy register before access is permitted to the mode register, as depicted in a block 1010. In this case, a security attribute indicating an execution mode of the transaction initiator is verified to correspond to a microcode execution mode before permitting a write to the mode register. The mode register is then updated to core's current mode),
wherein the TIO enable register is set over a secure routing hardware (i.e. fabric-based enforcement such as through I/O Fabric 220 and through Memory Fabric 206 in Figures 5 & 8) ([0004] FIGS. 3 a and 3 b respective show course-grain and fine-grain subject initiator to target object mappings for source-based, target-based and fabric-based SAI enforcement schemes; [0006] FIG. 5 shows the SoC of FIG. 2, further including a bus implementing a proprietary protocol and a mapper for mapping security attributes between the proprietary protocol and a protocol employed by the SoC fabrics; [0067] FIG. 8 depicts an example of securely enforcing device accesses to memory. Under this example, device 222 initiates a transaction (e.g., read or write) to access DRAM 218. At an I/O bridge 252, appropriate SAIs are generated via the bridge hardware; these SAI will be forwarded with the transaction message across interfaces until reaching an applicable security enforcement entity, which in this case are policy registers 256 in memory fabric 206. At policy registers 256, the SAI will be inspected and evaluated against the applicable policy register in accordance with the type of transaction, e.g., read or write).	
	It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the reference of Lal, Luong and Krishnakumar and include Security Attribute indicator (SAI) enforcement schemes, as disclosed by Sastry.
	The motivation to include SAI is define immutable properties of a subject or initiator used for making access decisions (See Sastry: Abstract).
Regarding claim 19, the combination of Lal, Luong, Krishnakumar and Sastry discloses:
The one or more non-transitory, machine-readable medium of claim 18, wherein to set the TIO enable register comprises to:
route a command that sets the TIO enable register over the secure routing hardware to the I/O controller (Lal: [0047] The method 500 begins in block 502, in which system firmware of the computing device 100 assigns a trusted I/O (TIO) processor reserved memory (PRM) region in the memory 130. In some embodiments, in block 504, the firmware of the computing device 100 may set one or more TIO PRM range registers to define the TIO PRM range in memory. For example, the processor 120 may include a TIO PRM base register and a TIO PRM size register, which together define the TIO PRM range);
verify, by the secure routing hardware, a security attribute of the initiator (SAI) of the command to ensure that the command is issued from microcode of the computing device (Sastry: [0085] In a block 1006, the restricted core transaction along with the security attributes is sent to the IO fabric … a security attribute indicating an execution mode of the transaction initiator is verified to correspond to a microcode execution mode before permitting a write to the mode register. The mode register is then updated to core's current mode).
Regarding claim 20, the combination of Lal, Luong, Krishnakumar and Sastry discloses:
The one or more non-transitory, machine-readable storage media of claim 15, wherein to program the I/O controller of the computing device to disallow trusted I/O comprises to clear the TIO enable register over the secure routing hardware (Lal: [0047] For example, the processor 120 may include a TIO PRM base register and a TIO PRM size register, which together define the TIO PRM range. In block 506, the processor 120 locks down the TIO PRM range to be inaccessible to software. For example, after being locked down, the processor 120 may generate a page fault, exception, or other error in response to a software attempt to access the TIO PRM range; [0059] In block 538, after reading the cryptographic response, the CID filter device driver 306 invokes a privileged processor feature to securely clear the CID TIO PRM range).
Regarding claim 21, the combination of Lal, Luong, Krishnakumar and Sastry discloses:
The one or more non-transitory, machine-readable medium of claim 20, wherein to clear the TIO enable register comprises to:
route a command that clears the TIO enable register over the secure routing hardware to the I/O controller (Lal: [0047] For example, the processor 120 may include a TIO PRM base register and a TIO PRM size register, which together define the TIO PRM range. In block 506, the processor 120 locks down the TIO PRM range to be inaccessible to software. For example, after being locked down, the processor 120 may generate a page fault, exception, or other error in response to a software attempt to access the TIO PRM range; [0059] In block 538, after reading the cryptographic response, the CID filter device driver 306 invokes a privileged processor feature to securely clear the CID TIO PRM range).
Regarding claim 22, Lal discloses:
A method comprising:
facilitating by an input/output (I/O) controller (See FIG. 1; i.e. inline channel identifier (CID) filter hardware 136 attached to I/O Controller 138) of the computing device to allow trusted I/O, the I/O controller having registers ([0017] s shown in FIG. 1, the illustrative computing device 100 includes a processor 120, an I/O subsystem 128, a memory 130, a data storage device 132, a CID filter 136, and one or more I/O controllers 138; [0019] The processor 120 may also include one or more range registers or other features to protect the TIO PRM from unauthorized access; [0042] In block 406, an I/O controller 138 of the computing device 100 generates an I/O transaction. The I/O transaction identifies a memory address in the memory 130 as well as plaintext I/O data, which may be received from an I/O device 140. The I/O transaction may be embodied as, for example, a PCI DMA transaction. In some embodiments, in block 408 the I/O controller 138 may add a CID to the I/O transaction. For example, the I/O controller 138 may add a CID to transactions that originate from a TIO-capable I/O device 140); 
disabling accesses to memory regions (See [0040] i.e. processor reserved memory (PRM) region) (See [0040] i.e. generate a page fault, exception, or other error in response to a software attempt to access the TIO PRM range) associated with one or more programmable I/O registers of the I/O controller in response to programming the I/O controller to allow trusted I/O ([0040] one or more TIO PRM range registers may be set to define the TIO PRM range in memory. Continuing that example, the processor 120 may include a TIO PRM base register and a TIO PRM size register, which together define the TIO PRM range. After reserving the TIO PRM range, the processor 120 may generate a page fault, exception, or other error in response to a software attempt to access the TIO PRM range; [0044] For example, the CID filter 136 may look up the CID in the CAM table and then verify the associated address. In block 418, the CID filter 418 checks whether the address is within the CID TIO PRM range. If not, the method 400 branches to block 420, in which the CID filter 136 drops the I/O transaction, preventing the I/O data from being written to the memory 130), 
wherein the one or more programmable I/O registers allow access to plaintext I/O data to or from an I/O device ([0042] The I/O transaction identifies a memory address in the memory 130 as well as plaintext I/O data, which may be received from an I/O device 140; [0045] In block 422, the CID filter 136 allows the I/O transaction to write the plaintext I/O data to the memory address within the CID TIO PRM range; [0065] the I/O transaction also includes plaintext data received from the I/O device 140; [0074] the computing device 100 securely transfers the encrypted data through the untrusted system I/O stack before allowing trusted software (e.g., the application enclave 304) to decrypt and access the plaintext I/O data; Also see [0077]),
wherein disabling the accesses includes flushing out stale data in one or more data buffers associated with the I/O controllers ([0020] & [0049] which discloses that access to memory is further disabled by cleaning [flushing] the memory cells within the trusted I/O (TIO) processor reserved memory (PRM) region whenever the same memory cell is used again by untrusted or trusted components); 
perform I/O data transfers to or from an I/O device via direct memory access in response to disabling the accesses to the memory regions associated with the one or more programmable I/O registers ([0038] the CEE 302 (cryptographic engine) communicates with the CID filter driver 306 to securely program the crypto engine 124 of the processor 120 and the CID filter 136 to perform trusted I/O over a DMA channel; [0068] Referring now to FIG. 6B, in block 622 the filter driver 310 handles a DMA completion from the I/O controller 138. The DMA completion is generated when the I/O controller 138 performs a DMA operation to write I/O data from the I/O device 140 into the shadow buffer; [0069] In response to the DMA completion, in block 624 the filter driver 310 invokes a privileged processor feature to encrypt and copy the I/O data), 
wherein the I/O data transfers are protected by a trusted I/O channel ([0045] In block 422, the CID filter 136 allows the I/O transaction to write the plaintext I/O data to the memory address within the CID TIO PRM range. As described above, the TIO PRM is protected by the processor 120 from access by software of the computing device 100. Thus, even though the I/O data is written to the memory 130 in plaintext, the I/O data is protected from potential malicious software); and 
enabling accesses to the address regions associated (i.e., reserving processor reserved memory (PRM) region in the memory 130 which is protected from untrusted I/O attempts) with the one or more programmable I/O registers in response to programming the I/O controller to disallow trusted I/O ([0040] The method 400 begins in block 402, in which the processor 120 of the computing device 100 reserves a trusted I/O (TIO) processor reserved memory (PRM) region in the memory 130. For example, one or more TIO PRM range registers may be set to define the TIO PRM range in memory; [0044] the CID filter 136 may look up the CID in the CAM table and then verify the associated address. In block 418, the CID filter 418 checks whether the address is within the CID TIO PRM range. If not, the method 400 branches to block 420, in which the CID filter 136 drops the I/O transaction, preventing the I/O data from being written to the memory 130), 
wherein the accesses to the memory regions associated with the one or more programmable I/O registers of the I/O controller are locked to provide exclusive access to the I/O controller ([0040] The method 400 begins in block 402, in which the processor 120 of the computing device 100 reserves a trusted I/O (TIO) processor reserved memory (PRM) region in the memory 130. For example, one or more TIO PRM range registers may be set to define the TIO PRM range in memory; [0047] The method 500 begins in block 502, in which system firmware of the computing device 100 assigns a trusted I/O (TIO) processor reserved memory (PRM) region in the memory 130. In some embodiments, in block 504, the firmware of the computing device 100 may set one or more TIO PRM range registers to define the TIO PRM range in memory. For example, the processor 120 may include a TIO PRM base register and a TIO PRM size register, which together define the TIO PRM range. In block 506, the processor 120 locks down the TIO PRM range to be inaccessible to software);
control access to a TIO enable register of the I/O controller to enable or disable one or more of the accesses to the memory regions associated with one or more programmable I/O registers ([0019] the cryptographic engine 124 may perform TIO functions such as encrypting and/or decrypting DMA I/O data input from and/or output to one or more I/O devices 142. In particular, as described further below, in some embodiments, plaintext I/O data may be stored in a TIO Processor Reserved Memory (TIO PRM) region that is not accessible to software of the computing device 100, and the cryptographic engine 124 may be used to encrypt the plaintext DMA I/O data and copy the encrypted data to an ordinary kernel I/O buffer. The processor 120 may also include one or more range registers or other features to protect the TIO PRM from unauthorized access).
Lal fails to disclose:
	wherein enabling the accesses includes re-enabling accesses to memory mapped I/O addresses to programmable I/O registers, wherein a secure session is established between an application executed by the computing device- Page 2 of 14 -Application No. 15/856,570 Art Unit 2432and the I/O controller, wherein a secure session request is received from the application to establish the secure session between the application and the I/O controller, wherein the TIO enable register is access restricted to microcode of the one or more processors of the computing device, wherein the TIO enable register is set over a secure routing hardware.
However, Luong discloses:
	wherein enabling the accesses includes re-enabling accesses to memory mapped I/O addresses to programmable I/O registers ([0029-0030] discloses the concept of disabling and re-enabling selected memory regions associated with the memory accessing operation).
	It would have been obvious to an ordinary skill in the art before the effective filing date of the claimed invention to modify the Lal reference and include an information handling system which includes disabling and enabling access to memory regions as per conditions and requirements, as disclosed by Luong.
	The motivation to include such information handling system is to efficiently manage and protect memory regions of a computing device.
The combination of Lal and Luong fails to disclose:
	wherein a secure session is established between an application executed by the computing device and the I/O controller, wherein a secure session request is received from the application to establish the secure session between the application and the I/O controller, wherein the TIO enable register is access restricted to microcode of the one or more processors of the computing device, wherein the TIO enable register is set over a secure routing hardware.
However, Krishnakumar discloses:
	wherein a secure session (i.e. a session configuration request by a trusted software component of the computing device to establish an audio session between an untrusted audio driver of the computing device 100 to establish an audio session with an audio controller; See [0030]) is established between an application (i.e. untrusted audio driver) executed by the computing device and the I/O controller ([0006] FIG. 3 is a simplified block diagram of at least one embodiment of an environment that may be established by the computing device of FIGS. 1-2; [0007] FIGS. 4A and 4B are a simplified flow diagram of at least one embodiment of a method for protecting I/O data that may be executed by the computing device of FIGS. 1-3; [0030] The session configuration module 302 is configured to request, by a trusted software component of the computing device 100, an untrusted audio driver of the computing device 100 to establish an audio session with an audio controller 144 … The trusted software component may be embodied as a secure enclave established with the secure enclave support 122 of the processor 120. In some embodiments, the session configuration module 302 may be further configured to allocate, by the untrusted audio driver, one or more DMA engines 202, 204 of the audio controller 144 for the audio session. Each of the host DMA engines 202 is associated with a stream buffer 210 established in the memory 130),
	wherein a secure session request is received from the application to establish the secure session between the application and the I/O controller ([0030] The session configuration module 302 is configured to request, by a trusted software component of the computing device 100, an untrusted audio driver of the computing device 100 to establish an audio session with an audio controller 144).
It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the Lal and Luong references and include a session configuration module to establish a secure session between audio application and audio controller, as disclosed by Krishnakumar.
	The motivation to the session configuration module to establish a secure session between audio application and audio controller is protect audio application data associated with the audio session (see Krishnakumar: Abstract).
The combination of Lal, Luong and Krishnakumar fails to disclose:
	wherein the TIO enable register is access restricted to microcode of the one or more processors of the computing device, wherein the TIO enable register is set over a secure routing hardware.
However, Sastry discloses:
	wherein the TIO enable register is access restricted to microcode of the one or more processors of the computing device (See FIG. 10; [0084] The process begins in a block 1002, wherein a processor core generates a restricted core transaction to configure a mode register in the system agent with the core's current mode … This results in generation of an n-bit security attribute that includes a bit encoding indicating that it is microcode access; [0086] The security attributes accompanying the sideband message are verified by the access control policy register before access is permitted to the mode register, as depicted in a block 1010. In this case, a security attribute indicating an execution mode of the transaction initiator is verified to correspond to a microcode execution mode before permitting a write to the mode register. The mode register is then updated to core's current mode),
wherein the TIO enable register is set over a secure routing hardware (i.e. fabric-based enforcement such as through I/O Fabric 220 and through Memory Fabric 206 in Figures 5 & 8) ([0004] FIGS. 3 a and 3 b respective show course-grain and fine-grain subject initiator to target object mappings for source-based, target-based and fabric-based SAI enforcement schemes; [0006] FIG. 5 shows the SoC of FIG. 2, further including a bus implementing a proprietary protocol and a mapper for mapping security attributes between the proprietary protocol and a protocol employed by the SoC fabrics; [0067] FIG. 8 depicts an example of securely enforcing device accesses to memory. Under this example, device 222 initiates a transaction (e.g., read or write) to access DRAM 218. At an I/O bridge 252, appropriate SAIs are generated via the bridge hardware; these SAI will be forwarded with the transaction message across interfaces until reaching an applicable security enforcement entity, which in this case are policy registers 256 in memory fabric 206. At policy registers 256, the SAI will be inspected and evaluated against the applicable policy register in accordance with the type of transaction, e.g., read or write).	
	It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the reference of Lal, Luong and Krishnakumar and include Security Attribute indicator (SAI) enforcement schemes, as disclosed by Sastry.
	The motivation to include SAI is define immutable properties of a subject or initiator used for making access decisions (See Sastry: Abstract).
Regarding claim 26, the combination of Lal, Luong, Krishnakumar and Sastry discloses:
The method of claim 22, wherein to set the TIO enable register comprises to: 
route a command that sets the TIO enable register over the secure routing hardware to the I/O controller (Lal: [0047] The method 500 begins in block 502, in which system firmware of the computing device 100 assigns a trusted I/O (TIO) processor reserved memory (PRM) region in the memory 130. In some embodiments, in block 504, the firmware of the computing device 100 may set one or more TIO PRM range registers to define the TIO PRM range in memory. For example, the processor 120 may include a TIO PRM base register and a TIO PRM size register, which together define the TIO PRM range);
	verify, by the secure routing hardware, a security attribute of the initiator (SAI) of the command to ensure that the command is issued from microcode of the computing device (Sastry: [0085] In a block 1006, the restricted core transaction along with the security attributes is sent to the IO fabric … a security attribute indicating an execution mode of the transaction initiator is verified to correspond to a microcode execution mode before permitting a write to the mode register. The mode register is then updated to core's current mode).
Regarding claim 27, the combination of Lal, Luong, Krishnakumar and Sastry discloses:
The method of claim 22, wherein to program the I/O controller of the computing device to disallow trusted I/O comprises to clear the TIO enable register over the secure routing hardware (Lal: [0047] For example, the processor 120 may include a TIO PRM base register and a TIO PRM size register, which together define the TIO PRM range. In block 506, the processor 120 locks down the TIO PRM range to be inaccessible to software. For example, after being locked down, the processor 120 may generate a page fault, exception, or other error in response to a software attempt to access the TIO PRM range; [0059] In block 538, after reading the cryptographic response, the CID filter device driver 306 invokes a privileged processor feature to securely clear the CID TIO PRM range).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED M AHSAN whose telephone number is (571)272-5018. The examiner can normally be reached 8:30 AM - 6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffery L. Nickerson can be reached on 469-295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/SYED M AHSAN/Patent Examiner, Art Unit 2432                                                                                                                                                                                                        09/07/2022