Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This Examiner’s Amendment and Examiner’s Reasons for Allowance action is in response to the filing of 8/03/2022. Claims 7-11 have been withdrawn from consideration due to a Restriction Election, and claims 1 and 12 have been amended.  Therefore claims 1-6 and 12-18 are presently pending in the application and have been considered as follows.

Response to Amendments
Examiner acknowledges Applicant intends to invoke 35 U.S.C 112, sixth paragraph, on claim 1. Therefore, the structure on the claim limitations is equivalent as described in the applicant's specification. 
In light of amendments, all previously raised rejections are now withdrawn.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Attorney John Fisher (Reg. No. 60900) on September 1, 2022.
The application has been amended as follows:
Amendment to the claims:
1.	(Currently Amended) A processor system to provide sandbox execution support for protection key rights attacks, the processor system comprising:
a processor core to execute a task associated with an untrusted application, the processor core to execute the task using a designated page of a memory; and
a memory management unit, coupled to the processor core, the memory management unit to designate the page of the memory to support execution of the untrusted application, the memory management unit comprising:
a storage unit to store a page table entry associated with a page of the memory, the page table entry including a protection key field that identifies a location of a protection key right (PKR) entry and a field that enables a trusted PKR update page of the memory; and
a PKR register including the PKR entry, the PKR entry including a set of bits; and
:
receive a request to clear a bit of the set of bits of the PKR entry; and
[[, ]]in response to [[a]]the request to clear [[a]]the bit of the set of bits of the PKR entry, generate a page fault in response to the request originating in a page other than the trusted PKR update page of the memory.

2.	(Original) The processor system of claim 1, wherein the memory management unit to, in response to the field that enables the trusted PKR update page enable being set, retrieve, from a register, an identifier of the trusted PKR update page.

3.	(Original) The processor system of claim 2, wherein the register is a control register.

4.	(Original) The processor system of claim 1, wherein the memory management unit to allow access to the trusted PKR update page via a branch from the page of the memory to support execution of the untrusted application in response to the branch being an ENDBRANCH instruction.

5.	(Original) The processor system of claim 1, wherein the processor core to deny access to the trusted PKR update page via a branch from the page of the memory to support execution of the untrusted application in response to the branch landing on an instruction other than an ENDBRANCH instruction.

6.	(Original) The processor system of claim 1, wherein the processor core to operate in a 64-bit mode to execute the untrusted application.

7.-11.	(Canceled)

12.	(Currently Amended) A method to provide sandbox execution support for protection key rights attacks, the method comprising:
designating, by a memory management unit, a page of a memory to support execution of an untrusted application;
executing, by a processor core, a task associated with the untrusted application using the designated page of the memory;
storing a page table entry associated with a page of the memory, the page table entry including a protection key field that identifies a location of a protection key right (PKR) entry and a field that enables a trusted PKR update page of the memory, the PKR entry including a set of bits;
receiving, by the memory management unit, a request to clear a bit of the set of bits of the PKR entry; and
in response to [[a]]the request to clear [[a]]the bit of the set of bits of the PKR entry, the memory management unit generating a page fault in response to the request originating in a page other than the trusted PKR update page of the memory.

13.	(Previously Presented) The method of claim 12, further comprising, in response to the field that enables the trusted PKR update page enable being set, retrieving, from a register, an identifier of the trusted PKR update page.

14.	(Previously Presented) The method of claim 13, wherein the register is a control register.

15.	(Previously Presented) The method of claim 12, further comprising allowing access to the trusted PKR update page via a branch from the page of the memory to support execution of the untrusted application in response to a target of the branch target being an ENDBRANCH instruction.

16.	(Previously Presented) The method of claim 12, further comprising denying access to the trusted PKR update page via a branch from the page of the memory to support execution of the untrusted application in response to the branch landing on an instruction other than an ENDBRANCH instruction.

17.	(Previously Presented) The method of claim 12, wherein the processor core to operate in a 64-bit mode to execute the untrusted application.

18.	(Previously Presented) The method of claim 12, wherein the request to clear the bit of the set of bits of the PKR entry includes a request to clear one of an access disable bit, a write disable bit, or an execution disable bit.


Allowable Subject Matter
Claims 1-6 and 12-18 are allowed over the prior art of record.  The following is an examiner's statement of reasons for allowance:

Prior art of record teaches the following:
Koufaty et al. (US 2016/0110298 A1) teaches a processing system includes a processing core to execute a task and a memory management unit, coupled to the core. The memory management unit includes a storage unit to store a page table entry including one or more identifiers of memory frames, a protection key, and an access mode bit indicating whether the one or more memory frames are accessible according to a user mode or according to a supervisor mode, a first permission register including a plurality of fields, each field comprising a set of bits reflecting a set of memory access permissions under the user mode, and a second permission register storing a plurality of fields, each field comprising a set of bits reflecting a set of memory access permissions under the supervisor mode. 
Chen et al. (US 7,278,030 B1) teaches in a virtual computer system, the invention virtualizes a primary protection mechanism, which restricts memory accesses based on the type of access attempted and a current hardware privilege level, using a secondary protection mechanism, which is independent of the hardware privilege level. The invention may be used to virtualize the protection mechanisms of the Intel IA-64 architecture. In this embodiment, virtual access rights settings in a virtual TLB are translated into shadow access rights settings in a hardware TLB, while virtual protection key settings in a virtual PKR cache are translated into shadow protection key settings in a hardware PKR cache, based in part on the virtual access rights settings. The shadow protection key settings are dependent on the guest privilege level, but the shadow access rights settings are not.
However, none of the prior art of record teach by themselves or in any combination nor would have anticipated nor render obvious by combination the claimed invention of the present invention at or before the time it was filed.  The prior art of record is silent on "a processor core to execute a task associated with an untrusted application, the processor core to execute the task using a designated page of a memory; and a memory management unit, coupled to the processor core, the memory management unit to designate the page of the memory to support execution of the untrusted application, the memory management unit comprising: a storage unit to store a page table entry associated with a page of the memory, the page table entry including a protection key field that identifies a location of a protection key right (PKR) entry and a field that enables a trusted PKR update page of the memory; and a PKR register including the PKR entry, the PKR entry including a set of bits; and the memory management unit to: receive a request to clear a bit of the set of bits of the PKR entry; and in response to the request to clear the bit of the set of bits of the PKR entry, generate a page fault in response to the request originating in a page other than the trusted PKR update page of the memory", in combination with all other claim limitations, as it has been recited in independent claims 1 and 12.  
All other dependent claims are allowable as they depend on an allowable independent claim.
	Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance”.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.  See form PTO-892 Notice of References Cited.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LIZBETH TORRES-DIAZ whose telephone number is (571)272-1787.  The examiner can normally be reached on 9:00a-4:30p.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr, can be reached on (571)272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.  
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/LIZBETH TORRES-DIAZ/Examiner, Art Unit 2495                                                                                                                                                                                                                                                                                                                                                                                                                
/7 September 2022/
/ltd/