DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1-3, 6-12, 15-20, 23-25 are pending.  Claims 4-5, 13-14, 21-22 are cancelled.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3, 6, 8-10, 12, 15, 17-18, 20, 23, 25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zimmer (PGPUB 2005/0114639), and further in view of Intel (Intel 64 and IA-32 Architectures Software Developer’s Manual, Volume 3C: System Programming Guide, Part 3, September 2013) and McGrath (US 7,043,616).

Regarding Claim 1:
Zimmer teaches an apparatus, comprising:
memory to store instructions (paragraph 29, System Management Mode (SMM) Nub loaded into SMM-only memory space; paragraph 86, exemplary computer comprising memory); and 
processing circuitry coupled with the memory, the processing circuitry to (paragraph 86, exemplary computer comprising processor): 
detect an access request to access a computing resource of a plurality of computing resources while in a system management mode (SMM) (paragraph 29, SMM Nub responsible for coordinating all activities while control is transferred to system management mode, including providing SMM library to event handlers; paragraph 34, in response to system management interrupt (SMI) event, CPU switches to SMM mode and redirects instruction pointer to first instruction in SMM Nub; paragraph 62, operations performed in response to SMI event; paragraph 64, appropriate event handler is chosen; paragraph 73, handler code executed to completion using memory and I/O access policy; paragraph 83, event handler attempts to access I/O port; decision performed by logic contained in SMM Nub; paragraph 61, plurality of I/O ports); 
a bitmap to indicate an access policy for the computing resource (paragraph 83-84, I/O permission bitmap defined via data structure managed by SMM Nub; determination is made to whether port address is one of port addresses that permission to access is allowed for as defined by the I/O permission bitmap); 
determine whether the access request violates the access policy set in the bitmap (paragraph 83-84, determination is made to whether port address is one of port addresses that permission to access is allowed for as defined by the I/O permission bitmap; result of decision performed by logic contained in SMM Nub); 
perform the access request if the access request does not violate the access policy (paragraph 83, if answer to access decision is YES, direct access to I/O port is allowed); and 
cause a fault if the access request does violate the access policy (paragraph 84, in the event that a request to access I/O port having a port address that is not included in the I/O permission bitmap is performed, code fault is generated).
	Zimmer does not explicitly teach the memory comprising at least a 16 kilobyte (kB) region allocated to store a plurality of bitmaps, the plurality of bitmaps comprising at least four (4) 1 kB bitmaps associated with model specific registers (MSRs) and two (2) 4 kB bitmaps associated with a plurality of computing resources.
	However, Intel teaches the concept of a memory comprising at least a 16 kilobyte (kB) region allocated to store a plurality of bitmaps, the plurality of bitmaps comprising at least four (4) 1 kB bitmaps associated with model specific registers (MSRs) and two (2) 4 kB bitmaps associated with a plurality of computing resources (page 3 section 23.1, Overview: basics of virtual machine architecture of Intel 64 and IA-32 architectures; page 17 section 24.6.4, I/O bitmaps A and B, each of which is 4 kB in size; page 19 section 24.6.9, four contiguous MSR bitmaps, each 1 kB in size; page 21 section 24.6.15, VMREAD and VMWRITE bitmaps, each of which is 4 kB in size; therefore, the memory comprises at least 16 kB allocated to store bitmaps).
	It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the defined bitmap memory region teachings of Intel with the SMM access request handling teachings of Zimmer.  Intel is a major manufacturer of processors with a widely installed user base, whose Intel 64 and IA-32 architectures have been incorporated into devices for a number of years (at least since 2013, as per the Intel reference).  Therefore, it would be beneficial to combine the bitmap memory region teachings of Intel with the system of Zimmer in order to utilize available bitmap features for the execution of the bitmap resource access policy of Zimmer, and apply the teachings to widely installed and available processing devices, increasing user security and compatibility.
Neither Zimmer nor Intel explicitly teaches determining a bit of a lock register is set to enable access to a one of the plurality of bitmaps associated with the computing resource of the plurality of computing resources; and
determine a location of the bitmap in the memory based on a location indicated in an MSR of the MSRs.
However, McGrath teaches determining a bit of a lock register is set to enable access to a one of a plurality of bitmaps associated with a computing resource of a plurality of computing resources (abstract, method of controlling access to model specific register; col 14 line 61-col 15 line 6, trusted mode data structure designated as protected MSR bit map (PMSRBM); PMSRBM accessed via PMSRBM Base MSR; col 15 line 33-57, PMSRBM Base MSR is itself a protected MSR; the limit field may be used to identify the number of pages which security kernel 121 has defined for PMSRBM 800; if limit field is equal to zero, all MSRs are protected and bit map lookup is disabled; accordingly, any write access to an MSR causes security exception to be generated); and
determine a location of the bitmap in a memory based on a location indicated in an MSR of MSRs (col 15 line 33-57, base address of PMSRBM 800 stored in PMSRBM Base MSR).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the bitmap access control MSR teachings of McGrath with the SMM access request handling teachings of Zimmer in view of Intel, in order to manage access to protected MSR bitmaps.  Access to certain MSRs may present a security risk when secure mode is enabled (McGrath, col 14 line 53-60).  Thus, Native kernel mode write accesses to protected MSRs may be inhibited.  Disabling access to the protected MSR bitmap provides a means to quickly and completely disable access to protected MSRs in a secure mode, thereby preventing system exploits in such a mode and improving the security environment.

Regarding Claim 3:
Zimmer in view of Intel and McGrath teaches the apparatus of claim 1.  In addition, McGrath teaches the processing circuitry to determine the bit of the lock register is not set to enable access to the bitmap and cause a fault to indicate an error (abstract, method of controlling access to model specific register; col 14 line 61-col 15 line 6, trusted mode data structure designated as protected MSR bit map (PMSRBM); PMSRBM accessed via PMSRBM Base MSR; col 15 line 33-57, PMSRBM Base MSR is itself a protected MSR; if limit field is equal to zero, all MSRs are protected and bit map lookup is disabled; accordingly, any write access to an MSR causes security exception to be generated).
The rationale to combine Zimmer and McGrath is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 3.

Regarding Claim 6:
Zimmer in view of Intel and McGrath teaches the apparatus of claim 1.  In addition, McGrath teaches the processing circuitry to disable write operations to a bitmap register associated with the bitmap based on the bit of the lock register being set (abstract, method of controlling access to model specific register; paragraph 76, trusted mode data structure designated as protected MSR bit map (PMSRBM); PMSRBM accessed via PMSRBM Base MSR; paragraph 79, PMSRBM Base MSR is itself a protected MSR; if limit field is equal to zero, all MSRs are protected and bit map lookup is disabled; accordingly, any write access to an MSR causes security exception to be generated).
The rationale to combine Zimmer and McGrath is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 6.

Regarding Claim 8:
Zimmer in view of Intel and McGrath teaches the apparatus of claim 1.  In addition, Zimmer teaches the apparatus, comprising one or more computing resources including the computing resource (paragraph 83, I/O port referenced by port address), wherein the one or more computing resources comprise Input/Output (I/O) devices (paragraph 83, I/O port), and central processing unit (CPU) registers (paragraph 42-43, SMM Nub manages functions related to processor floating point registers); and 
McGrath teaches wherein the one or more computing resources comprise model specific registers (MSRs) (abstract, method of controlling access to model specific register).
The rationale to combine Zimmer and McGrath is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 8.

Regarding Claim 9:
Zimmer in view of Intel and McGrath teaches the apparatus of claim 1.  In addition, Zimmer teaches the apparatus, comprising:
a storage coupled with the memory and the processing circuitry, the storage to store data (paragraph 89, storage, e.g. CD-ROM comprising data on disk which can be read or transferred into memory); and 
one or more input/output (I/O) devices coupled with the storage, the memory, and the processing circuitry, the one or more I/O devices configured to couple with one or more devices (paragraph 88, input/output devices, e.g. USB connected mouse, monitor for outputting graphics, network interface card for connecting computer system to network).

Regarding Claims 10, 12, 15, 17:
	These are the computer-implemented method claims corresponding to the apparatus claims 1, 3, 6, 8 respectively, and are therefore rejected for corresponding reasons.

Regarding Claim 18, 20, 23, 25:
	These are the computer-readable storage medium claims corresponding to the apparatus claims 1, 3, 6, 8 respectively, and are therefore rejected for corresponding reasons.

Claims 2, 11, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zimmer in view of Intel and McGrath, and further in view of Shin et al (PGPUB 2007/0050586) and Kaplan et al (PGPUB 2018/0032447).

Regarding Claim 2:
Zimmer in view of Intel and McGrath teaches the apparatus of claim 1.  
Neither Zimmer nor Intel nor McGrath explicitly teaches the access policy specifies one or more access settings for the computing resource, the one or more access settings comprising a write setting, a read-only setting, an executable setting, and an executable disabled setting.
However, Shin teaches wherein an access policy specifies one or more access settings for a computing resource, the one or more access settings comprising a write setting, a read-only setting, an executable setting, and an executable disabled setting (paragraph 35, memory operation types include memory read, memory write, and instruction read (i.e. “execute”); paragraph 40, RST permissions include “rwx”, i.e. “read” “write” “execute”).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the access policy access setting teachings of Shin with the SMM access request handling teachings of Zimmer in view of Intel and McGrath, in order to provide policy settings which permit fine-grained control over system resources, thereby allowing administration of resource reads and writes (to allow or prevent access to potentially protected information) or executable functions (to examine or block potentially malicious code), thus improving the security environment.
Neither Zimmer nor Intel nor McGrath nor Shin explicitly teaches the one or more access settings comprising an immutable setting.
However, Kaplan teaches one or more access settings comprising an immutable setting (abstract, table walker determines when lock indicator for memory page in map table is set; paragraph 105, table walker determines if memory page access is permitted; table walker determines if entry is marked as immutable).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the immutable setting teachings of Kaplan with the SMM access request handling teachings of Zimmer in view of Intel, McGrath, and Shin, in order to provide a permission setting which prevents any changes from being made to a resource, thereby preventing types of malicious attacks such as attacks which rely on modifying or overwriting the current version of data in pages of memory with older versions (Kaplan paragraph 27).

Regarding Claim 11:
	This is the computer-implemented method corresponding to the apparatus of claim 2, and is therefore rejected for corresponding reasons.

Regarding Claim 19:
	This is the computer-readable storage medium corresponding to the apparatus of claim 2, and is therefore rejected for corresponding reasons.

Claims 7, 16, 24 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zimmer in view of Intel and McGrath, and further in view of Weber et al (PGPUB 2003/0041248).

Regarding Claim 7:
Zimmer in view of Intel and McGrath teaches the apparatus of claim 1.  In addition, Zimmer teaches the processing circuitry to detect a system management interrupt (SMI) (paragraph 33, process for handling SMI event; SMI event signal received by CPU; paragraph 34, in response to SMI event, CPU switches to SMM mode), and 
McGrath teaches the processing circuitry to set the bit of the lock register (col 15 line 33-57, PMSRBM Base MSR is itself a protected MSR; the limit field may be used to identify the number of pages which security kernel 121 has defined for PMSRBM 800; if limit field is equal to zero, all MSRs are protected and bit map lookup is disabled; accordingly, any write access to an MSR causes security exception to be generated).
The rationale to combine Zimmer and McGrath is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 7.
Neither Zimmer nor Intel nor McGrath explicitly teaches the processing circuitry to save a SMM save state in one or more model specific registers in response to the SMI.
However, Weber teaches the concept of processing circuitry to save a SMM save state in one or more model specific registers in response to an SMI (abstract, method for providing external locking mechanism for memory locations; paragraph 84, SMI initiates SMM; paragraph 138, processor saves unfinished SMM state, saving state indications to one or more SMM MSRs).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the saving an SMM save state teachings of Weber with the SMM access request handling teachings of Zimmer in view of Intel and McGrath, in order to improve system performance and reliability by capturing an SMM state in the event that the system management mode needs to be exited before completion, thereby allowing the system to resume the process at the exact point the SMM was exited at a later time.

Regarding Claim 16:
	This is the computer-implemented method corresponding to the apparatus of claim 7, and is therefore rejected for corresponding reasons.

Regarding Claim 24:
	This is the computer-readable storage medium corresponding to the apparatus of claim 7, and is therefore rejected for corresponding reasons.

Response to Arguments
Applicant’s arguments, see pages 8 paragraph 4-page 9 paragraph 1, filed 7/15/2022, with respect to the rejection(s) of claim(s) 1, 10, and 18 under 35 USC 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of a new interpretation of the previously cited prior art references Zimmer, Intel, and McGrath, as provided above.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814. The examiner can normally be reached 9:00AM-5:30PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FORREST L CAREY/Examiner, Art Unit 2491                                                                                                                                                                                                        

/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491