DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event a determination of the status of the application as subject to AIA  35 U.S.C. 102, 103, and 112 (or as subject to pre-AIA  35 U.S.C. 102, 103, and 112) is incorrect, any correction of the statutory basis for a rejection will not be considered a new ground of rejection if the prior art relied upon and/or the rationale supporting the rejection, would be the same under either status.  

Notice of Claim Interpretation
Claims in this application are not interpreted under 35 U.S.C. 112(f) unless otherwise noted in an office action.

	Information Disclosure Statement
The information disclosure statement (IDS) submitted on 15 September 2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 11, 17, 18, and 21-23 are rejected under 35 U.S.C. 103 as being unpatentable over Fuchs (US 9,495,305) in view of Zeldovich et al. (“Hardware Enforcement of Application Security Policies Using Tagged Memory”).
In regards to claim 1, Fuchs teaches an apparatus comprising:
processing circuitry (“processing system”, abstract);
memory access circuitry to perform a guard tag check for a tag checking target address having an associated address tag, the guard tag check comprising comparing the address tag with a guard tag stored in a memory system in association with a block of one or more memory locations comprising an addressed location identified by the target address (“The tag value is used to determine access permission to the portion of memory during execution of an instruction that uses a pointer provided by the allocation of the portion of memory. Determining access permission includes comparing the contents of a tag field in the pointer with the tag value entered in the tag field of the control structure, the pointer also including a control-structure-pointer field that points to the control structure.”, Col. 3, lines 43-51); and
random tag selection hardware to randomly select a random tag value from a set of candidate tag values, and the processing circuitry to set the address tag associated with the tag setting target address to the random tag value randomly selected from the set of candidate tag values (“The tag value is assigned from a set of available tag values according to a tag-value-assigning method. Once a particular tag value is assigned, it is no longer in the set of available tag values. ... One embodiment assigns a random one of the set of available tag values.”, Col. 6, lines 15-22).
Fuchs fails to teach triggering an error handling response or error reporting mechanism when a mismatch is detected between the guard tag and the address tag; and
an instruction decoder responsive to a random tag setting instruction specifying a tag setting target address, to control the processing circuitry to set the address tag.  
Zeldovich teaches triggering an error handling response or error reporting mechanism when a mismatch is detected between the guard tag and the address tag (“When a tag permission check fails, control must be transferred to the security monitor, which will either update the permission cache based on the tag of the accessed memory location, or terminate the offending protection domain.”, section 4.3, paragraph 1); and
an instruction decoder (Instruction Decode, Figure 4) responsive to a tag setting instruction specifying a tag setting target address, to control the processing circuitry to set the address tag (“We added 6 instructions to the SPARC ISA to read/write memory tags, read/write security registers, write to the permission cache, and return from a tag exception.”, section 5.1, paragraph 2) 
in order to “directly enforce Unix’s discretionary security policies without trusting the kernel” (section 2.1, paragraph 2).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Fuchs with Zeldovich to include triggering an error handling response or error reporting mechanism when a mismatch is detected between the guard tag and the address tag; and
an instruction decoder responsive to a random tag setting instruction specifying a tag setting target address, to control the processing circuitry to set the address tag 
in order to “directly enforce Unix’s discretionary security policies without trusting the kernel” (id.).
In regards to claim 2, Fuchs further teaches, in response to the random tag setting instruction, the instruction decoder is configured to control the random tag selection hardware to prevent at least one excluded value of the set of candidate tag values from being selected as the random tag value, and to randomly select the random tag value from a remaining subset of the candidate tag values (“The tag value is assigned from a set of available tag values according to a tag-value-assigning method. Once a particular tag value is assigned, it is no longer in the set of available tag values. ... One embodiment assigns a random one of the set of available tag values.”, Col. 6, lines 15-22).
In regards to claim 11, Fuchs further teaches that the at least one excluded tag value comprises one or more excluded tag values identified by configuration data stored in a configuration register; or
one or more hardware-defined excluded tag values (“The tag value is assigned from a set of available tag values according to a tag-value-assigning method. Once a particular tag value is assigned, it is no longer in the set of available tag values. ... One embodiment assigns a random one of the set of available tag values.”, Col. 6, lines 15-22).
In regards to claim 17, Zeldovich further teaches that, in response to the random tag setting instruction, the instruction decoder is also configured to control the memory access circuitry to update, to the random tag value, the guard tag stored in a memory system in association with a block of one or more memory locations comprising an addressed location identified by the tag setting target address (“We modified its RTL code to add support for coarse and fine-grained tags, added the P-cache, introduced the security registers defined by Loki, and added the instructions that manipulate special registers and provide direct access to tags in the monitor mode. We added 6 instructions to the SPARC ISA to read/write memory tags, read/write security registers, write to the permission cache, and return from a tag exception.”, section 5.1, paragraph 2).
In regards to claim 18, Fuchs further teaches that the guard tag check comprises returning a fault status indication when a mismatch is detected between the address tag and the guard tag (“A dereferencing of a location in the allocated portion 103 includes making a determination to ascertain whether the tag field 205 in the pointer structure 201 has the same tag value X as the tag field 215 of the control structure 211 corresponding to the pointed-to location. Access is prevented, and, in some embodiments, an exception is raised if these tag values are not the same.”, Col. 5, lines 57-64).
In regards to claim 21, Fuchs further teaches that, in the guard tag check, the addressed location is selected independent of the address tag associated with the tag checking target address (“The tag value is assigned from a set of available tag values according to a tag-value-assigning method. Once a particular tag value is assigned, it is no longer in the set of available tag values. ... One embodiment assigns a random one of the set of available tag values.”, Col. 6, lines 15-22).
In regards to claim 22, Fuchs teaches a method comprising:
performing a guard tag check for a tag checking target address having an associated address tag, the guard tag check comprising comparing the address tag with a guard tag stored in a memory system in association with a block of one or more memory locations comprising an addressed location identified by the target address (“The tag value is used to determine access permission to the portion of memory during execution of an instruction that uses a pointer provided by the allocation of the portion of memory. Determining access permission includes comparing the contents of a tag field in the pointer with the tag value entered in the tag field of the control structure, the pointer also including a control-structure-pointer field that points to the control structure.”, Col. 3, lines 43-51); and
randomly selecting, with random tag selection hardware, a random tag value from a set of candidate tag values, and setting the address tag associated with the tag setting target address to the random tag value randomly selected from the set of candidate tag values (“The tag value is assigned from a set of available tag values according to a tag-value-assigning method. Once a particular tag value is assigned, it is no longer in the set of available tag values. ... One embodiment assigns a random one of the set of available tag values.”, Col. 6, lines 15-22).
Fuchs fails to teach triggering an error handling response or error reporting mechanism when a mismatch is detected between the guard tag and the address tag; and
in response to decoding of a random tag setting instruction specifying a tag setting target address, setting the address tag associated with the tag setting target address.  
Zeldovich teaches triggering an error handling response or error reporting mechanism when a mismatch is detected between the guard tag and the address tag (“When a tag permission check fails, control must be transferred to the security monitor, which will either update the permission cache based on the tag of the accessed memory location, or terminate the offending protection domain.”, section 4.3, paragraph 1); and 
in response to decoding (Instruction Decode, Figure 4) of a random tag setting instruction specifying a tag setting target address, setting the address tag associated with the tag setting target address (“We added 6 instructions to the SPARC ISA to read/write memory tags, read/write security registers, write to the permission cache, and return from a tag exception.”, section 5.1, paragraph 2) 
in order to “directly enforce Unix’s discretionary security policies without trusting the kernel” (section 2.1, paragraph 2).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Fuchs with Zeldovich to include triggering an error handling response or error reporting mechanism when a mismatch is detected between the guard tag and the address tag; and 
in response to decoding of a random tag setting instruction specifying a tag setting target address, setting the address tag associated with the tag setting target address 
in order to “directly enforce Unix’s discretionary security policies without trusting the kernel” (id.).
In regards to claim 23, Fuchs teaches a non-transitory storage medium storing a computer program for controlling a host data processing apparatus to provide an instruction execution environment for execution of instructions of target program code (abstract), comprising:
memory access program logic to perform a guard tag check for a tag checking target address having an associated address tag, the guard tag check comprising comparing the address tag with a guard tag stored in a memory system in association with a block of one or more memory locations comprising an addressed location identified by the target address (“The tag value is used to determine access permission to the portion of memory during execution of an instruction that uses a pointer provided by the allocation of the portion of memory. Determining access permission includes comparing the contents of a tag field in the pointer with the tag value entered in the tag field of the control structure, the pointer also including a control-structure-pointer field that points to the control structure.”, Col. 3, lines 43-51); and
tag setting program logic to control random tag selection program logic to randomly select a random tag value from a set of candidate values, and to set the address tag associated with the tag setting target address to the random tag value randomly selected from the set of candidate tag values (“The tag value is assigned from a set of available tag values according to a tag-value-assigning method. Once a particular tag value is assigned, it is no longer in the set of available tag values. ... One embodiment assigns a random one of the set of available tag values.”, Col. 6, lines 15-22).
Fuchs fails to teach triggering an error handling response or error reporting mechanism when a mismatch is detected between the guard tag and the address tag; and
tag setting program logic responsive to a random tag setting instruction specifying a tag setting target address, to set the address tag.  
Zeldovich teaches triggering an error handling response or error reporting mechanism when a mismatch is detected between the guard tag and the address tag (“When a tag permission check fails, control must be transferred to the security monitor, which will either update the permission cache based on the tag of the accessed memory location, or terminate the offending protection domain.”, section 4.3, paragraph 1); and
program logic responsive to a tag setting instruction specifying a tag setting target address, to set the address tag (“We added 6 instructions to the SPARC ISA to read/write memory tags, read/write security registers, write to the permission cache, and return from a tag exception.”, section 5.1, paragraph 2) 
in order to “directly enforce Unix’s discretionary security policies without trusting the kernel” (section 2.1, paragraph 2).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Fuchs with Zeldovich to include triggering an error handling response or error reporting mechanism when a mismatch is detected between the guard tag and the address tag; and
tag setting program logic responsive to a random tag setting instruction specifying a tag setting target address, to set the address tag 
in order to “directly enforce Unix’s discretionary security policies without trusting the kernel” (id.).

Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Fuchs (US 9,495,305) in view of Zeldovich et al. (“Hardware Enforcement of Application Security Policies Using Tagged Memory”) and Koeune (“Pseudorandom number generator”).
In regards to claim 16, Fuchs further teaches that the random tag selection hardware is configured to randomly select the random tag value from the set of candidate tag values (“The tag value is assigned from a set of available tag values according to a tag-value-assigning method. Once a particular tag value is assigned, it is no longer in the set of available tag values. ... One embodiment assigns a random one of the set of available tag values.”, Col. 6, lines 15-22).  Fuchs in view of Zeldovich fails to teach that the random selection is done pseudo-randomly.  Koeune teaches that the random selection is done pseudo-randomly (“A pseudorandom number generator (PRNG) is a function that, once initialized with some random value (called the seed), outputs a sequence that appears random”, page 995, Definition section) because “generating random values on a computer is in fact a very difficult task” (page 995, Background section).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Fuchs with Zeldovich and Koeune such that the random selection is done pseudo-randomly because “generating random values on a computer is in fact a very difficult task” (id.).

Claims 19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Fuchs (US 9,495,305) in view of Zeldovich et al. (“Hardware Enforcement of Application Security Policies Using Tagged Memory”) and Doshi et al. (US 2008/0140968).
In regards to claim 19, Fuchs in view of Zeldovich teaches claim 1.  Fuchs in view of Zeldovich fails to teach that the address tag associated with the tag checking target address is represented by a subset of bits of the tag checking target address; and
in response to the random tag setting instruction, the instruction decoder is configured to control the processing circuitry to update a subset of bits of the tag setting target address based on the random tag value.
Doshi teaches that the address tag associated with the tag checking target address is represented by a subset of bits of the tag checking target address (“For example, in embodiments in which a 64-bit pointer is used, some number of the high order bits of the VA may be used to store the color identifier. For example, in one embodiment bits 58 to 62 may be used to store a 5-bit identifier obtained from the colormap, along with an enable bit.”, paragraph 0021); and
in response to the random tag setting instruction, the instruction decoder is configured to control the processing circuitry to update a subset of bits of the tag setting target address based on the random tag value (“Accordingly, the color (i.e., value) stored in the first location (e.g., byte) of the colormap may be associated with the pointer to the object. In various embodiments, such association may be realized by storing the color identifier as part of a virtual address of the pointer.”, paragraph 0021)
such that “complete transparency exists as pointers migrate between legacy (i.e., non-checking) and color-aware binaries” (paragraph 0012).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Fuchs with Zeldovich and Doshi such that the address tag associated with the tag checking target address is represented by a subset of bits of the tag checking target address; and
in response to the random tag setting instruction, the instruction decoder is configured to control the processing circuitry to update a subset of bits of the tag setting target address based on the random tag value
such that “complete transparency exists as pointers migrate between legacy (i.e., non-checking) and color-aware binaries” (id.).
In regards to claim 20, Doshi further teaches that the subset of bits of the tag setting target address are updated to a transformed tag value corresponding to a transformation of the random tag value dependent on at least one other bit of the tag setting target address (“More specifically, this first color may be obtained by accessing the location of the colormap that corresponds to the block of memory in which the object is to be stored. Assume for ease of illustration that an object A is to be stored in a first block of a heap represented by the colormap. Accordingly, the color (i.e., value) stored in the first location (e.g., byte) of the colormap may be associated with the pointer to the object. In various embodiments, such association may be realized by storing the color identifier as part of a virtual address of the pointer.”, paragraph 0021).

Allowable Subject Matter
Claims 3, 5-10, 13, and 14 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Response to Arguments
Applicant's arguments filed 19 July 2022 have been fully considered but they are not persuasive. The combination of Fuchs and Zeldovich renders claims 1, 2, 11, 17, 18, and 21-23 obvious as explained above.
In response to the argument regarding Fuchs, the fact that Fuchs also teaches assigning tag values sequentially does not prevent Fuchs from also teaching assigning tag values randomly.  The Examiner is using Fuchs as the primary reference in the obviousness combination and therefore does not need to provide a rationale for relying on one embodiment of Fuchs over another.  Furthermore, Fuchs could also be used as a modifying reference in an obviousness combination because there are two possibilities (sequential and random), the results of using these would be predictable, and there is no secondary evidence of record.  Thus, Fuchs’ random selection could be used to modify a primary reference on the basis of obvious to try (See MPEP § 2143(I)
(E)).
In response to the argument regarding Zeldovich, the fact that there is a machine instruction that allows reading of memory tags does not mean that there is no hardware involved.  Any executing software must be executing on some piece of hardware.  Zeldovich teaches that the software ultimately runs on an FPGA board (section 5.1, paragraph 1).  Therefore, some portion of the FPGA board can be considered the random tag selection hardware.
To the extent that there are additional benefits or features disclosed by the application, these can only help distinguish over the prior art combination if they appear in the claims.  The Examiner will not import additional benefits or features not claimed into the claims.  
While the Examiner recognizes that adding millions of instructions to an instruction set is generally untenable, adding less than 10 as proposed by Zeldovich is certainly reasonable and has frequently occurred with a new processor generation.  Furthermore, Applicant’s position is undercut by the fact that x86 has three separate undefined instructions (UD0, UD1, and UD2).  If current chips can exist with three separate undefined instructions, adding less than 10 instructions to gain memory protection certainly seems like a reasonable tradeoff.

Conclusion
The other art made of record and not relied upon is considered pertinent to applicant's disclosure.  Barnes (US 11,327,903) teaches a closely related invention.
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NATHAN SADLER whose telephone number is (571)270-7699. The examiner can normally be reached Monday - Friday 9am - 6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Reginald Bragdon can be reached on (571)272-4204. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Nathan Sadler/Primary Examiner, Art Unit 2139                                                                                                                                                                                                        3 October 2022