Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
1.	This action is responsive to:  an original application filed on 22 June 2021 and preliminary amendment filed on 9 December 2021 with acknowledgement that this application is a continuation of application 16/234,871 now patent 11,373,013 filed on 28 December 2018.
2.	Claims 21-38 are currently pending.  Claims 21, 27, and 33, are independent claims. 
3.	The IDS submitted on 9 December 2021 has been considered. 
Claim Rejections - 35 USC § 101
4.	35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

5.	Claims 33-38 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  Independent claim 33 is directed to “a computer-readable medium”, these claims are rejected under 101 because computer-readable medium can be interpreted as a signal, which is non-statutory subject matter.  
		In order to overcome the 101 rejection, the Examiner recommends that the language of the claim be modified to include "non-transitory" or "computer readable device".  Appropriate Correction is required.
Double Patenting
6.	The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A statutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and  In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. 
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/forms/.
 The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. 
 An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, please refer to - http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp
 7.	Claims 21-38 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-17 of application 16/234,871 now patent 11,373,013.  Although the conflicting claims are not identical, they are not patentably distinct from each other because all the elements/features of claimed technology for filtering memory access transaction exist in the patented application in similar or different names, essentially performing the same tasks.  The table below is a comparison of the pending claims with the patented claims.  The difference between the claim set is that the pending claims contain less details.  The limitations not in the independent claims of the pending application are highlighted below
PENDING CLAIM 21
PATENTED 11,373,013 CLAIM 1
An apparatus comprising: one or more processors having filter circuitry to: receive a first key identifier from the processor, wherein the first key identifier is indicative of a shared memory range includes a shared key identifier range to be used for untrusted input/output (I/O) devices; receive a transaction from the I/O device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device; 




determine whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain; 






and perform a secure I/O with the trust domain.
An apparatus comprising: one or more processors to: receive a first key identifier from the processor, wherein the first key identifier is indicative of a shared memory range includes a shared key identifier range to be used for untrusted input/output (I/O) devices; receive a transaction from the I/O device, wherein the transaction includes a second key identifier and a trust device identification (ID) indicator associated with the I/O device, wherein the transaction to receive the second key identifier from an accelerator associated with the one or more processors; 

determine whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain; 

determine, in response to a determination that the transaction is not asserted with the trust device ID indicator, whether the second key identifier matches the first key identifier; perform, 
in response to determining that the trust device ID indicator is asserted, a secure I/O with the trust domain; and block, in response to determining that the second key identifier fails to fall within the shared key identifier range, the transaction.


Claim Rejections - 35 USC § 112
8.	The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


9.	Claims 21-38 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  Below is independent claim 27, the limitations that are unclear /indefinite are underlined with an explanation below the claim.
“A method comprising: receiving, by one or more processors of a compute device, a first key identifier from a processor of the compute device, wherein the first key identifier indicative of a shared memory range includes a shared key identifier range to be used for untrusted input/output (I/O) devices; receiving, by the one or more processors, a transaction from an input/output (I/O) device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device; determining, by the one or more processors, whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain; and performing a secure I/O with the trust domain.”

Note the claim limitation “receiving, by one or more processors of a compute device, a first key identifier from a processor of the compute device”, raises the questions:
How can a compute device receive something from itself?
Is a first processor receiving a first key identifier from another processor”
Is the compute device receiving the 1st key identifier from an input/output (I/O) device?
Appropriate Correction is required.
10.	To expedite a complete examination of the instant application the claims rejected under 35 U.S.C. 101 (nonstatutory) as well as 35 U.S.C. 112 above are further rejected as set forth below in anticipation of applicant amending these claims to overcome the above rejections.

Claim Rejections – 35 USC § 103
11.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


12.	Claims 21-25, 27-32, and 34-37 are rejected under 35 U.S.C. 103 as being unpatentable over Bacher et al. U.S. Patent Application Publication 2016/0132345 (hereinafter ‘345) in view of Jayasena et al. U.S. Patent Application Publication No. 2019/0018800 (hereinafter ‘800).
As to dependent claim 27, “A method comprising: receiving, by one or more processors of a compute device, a first key identifier from a processor of the compute device, wherein the first key identifier indicative of a shared memory range includes a shared key identifier range to be used for untrusted input/output (I/O) devices” is taught in ‘345 paragraph 22, note the invention teaches secure execution of guests in an insecure environment (i.e. untrusted) by issuing guest keys that are used by the guests to access shared memory in an insecure environment of a hypervisor-controlled system/”A hypervisor which is considered as untrusted, may control secure guests as well as unsecure guests at the same time in the same system”the following is not explicitly taught in ‘345:
	“receiving, by the one or more processors, a transaction from an input/output (I/O) device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device; determining, by the one or more processors, whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain; and performing a secure I/O with the trust domain” however ‘800 teaches a host processor receives an address translation requests from an accelerator that includes a virtual address (i.e. second key identifier) and the use of access keys/region keys in the Abstract, paragraphs 9 and 11.
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of processing a guest event in a hypervisor-controlled system taught in ‘345 to include a means to utilize a second key identifier and a trust device ID.  One of ordinary skill in the art would have been motivated to perform such a modification to enhance the performance of processing systems see ‘800 (paragraph 1). 

	As to dependent claim 28, “The method of claim 27, further comprising: determining, in response to a determination that the transaction is not asserted with the trust device ID indicator, whether the second key identifier matches the first key identifier; and blocking, in response to determining that the second key identifier fails to fall within the shared key identifier range, the transaction, wherein the secure I/O with the trust domain in performed in response to determining that the trust device ID indicator is asserted, wherein the transaction to receive the second key identifier from an accelerator associated with the one or more processors” is taught in ‘800 paragraph 11.
	As to dependent claim 29, “The method of claim 27, further comprising performing, in response to determining that the trust device ID indicator is asserted, a secure I/O with the trust domain, wherein the transaction is a direct memory access transaction” is shown in ‘800 paragraph 11-12
	As to dependent claim 30, “The method of claim 27, further comprising receiving, by the one or more processors, a third key identifier from the trust domain, wherein the third key identifier is indicative of a private key identifier of the trust domain, wherein performing the secure I/O with the trust domain comprises replacing, in response to determining that the trust device ID indicator is asserted and by the filter logic, the second key identifier with the third key identifier and performing the secure I/O with the trust domain” is disclosed in ‘345 Figure 2, paragraphs 22, 28, note guest3 key, as well teaching the use of multiple guest protected memories.
	As to dependent claim 31, “The method of claim 27, further comprising performing, in response to determining that the second key identifier falls within the shared key identifier range, I/O with a memory outside of the trust domain, wherein replacing the second key identifier with the third key identifier of the trust domain comprises replacing, by the filter logic, one or more most significant bits of an address of the transaction with the third key identifier” is taught in ‘345 Figure 2, paragraphs 22, 28, note guest3 key, as well teaching the use of multiple guest protected memories.
	As to independent claim 21, this claim is directed to an apparatus executing the method of claim 27; therefore, it is rejected along similar rationale.
	As to dependent claims 22-25, these claims contain substantially similar subject matter as claims 28-312; therefore, they are rejected along similar rationale.
	As to independent claim 33, this claim is directed to a computer-readable medium with instructions executing the method of claim 27; therefore, it is rejected along similar rationale.
	As to dependent claims 34-37, these claims contain substantially similar subject matter as claims 28-31; therefore, they are rejected along similar rationale.

13.	Claims 26, 33, and 38, are rejected under 35 U.S.C. 103 as being unpatentable over Bacher et al. U.S. Patent Application Publication 2016/0132345 (hereinafter ‘345) in view of Jayasena et al. U.S. Patent Application Publication No. 2019/0018800 (hereinafter ‘800) in further view of Burgess U.S. Patent Application Publication No. 2014/0201526 (hereinafter ‘526).
	As to dependent claim 32, the following is not explicitly taught in ‘345 and ‘800: “The method of claim 27, further comprising transmitting, in response to determining that the second key identifier does not fall within the shared key identifier range and by the one or more processors, a warning notification to a trust domain owner of the second key identifier” however ‘526 teaches alert the data creator when the system needs to self-protect dues to intrusion based on the key utilized in paragraphs 23 and 45.	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of processing a guest event in a hypervisor-controlled system taught in ‘345 and ‘800 to alert an owner of protected content when key identifier do not match.  One of ordinary skill in the art would have been motivated to perform such a modification to combat cybercrime and protect data see ‘526 (paragraphs 8-15). 
	As to dependent claims 26 and 38, these claims contain substantially similar subject matter as claim 32; therefore, they are rejected along similar rationale.
Conclusion
14.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ELLEN C TRAN whose telephone number is (571) 272-3842.  The examiner can normally be reached from M-F 9 AM to 6PM.
Examiner interviews are available via telephone and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
		If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeff Pwu can be reached at 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
________________________________________________________________
/ELLEN TRAN/Primary Examiner, Art Unit 2433                                                                                                                                                                                                        23 September 2022