DETAILED ACTION
Claims 1, 5, 7-8, 18-19 are amended.
Claims 2-4, 9-14, 20-21 are canceled. 
Claims 1, 5-7, 8, 15-17, 18-19 are pending.
Priority: February 25, 2016
Assignee: RedHat Israel

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 9/23/2022 has been entered.
 

Claim objections
A.Amended claim 1 is objected to because of a typo. It recites, ‘wherein the receive rings store incoming packets sent through the kernel to be processed by the device drive’. It must recite, ‘wherein the receive rings store incoming packets sent through the kernel to be processed by the device driver’.
Appropriate correction is requested.

B.Amended claim 5 is objected to because of a typo. Amended claim 5 recites, ‘wherein the transmit ring and the receive ring are located in….’. Claim 1 recites, ‘transmit rings’ and ‘receive rings’. It does not recite ‘a transmit ring’ and/or ‘a receive ring’. 
Appropriate correction is requested.


Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1, 5-7, 8, 15-17, 18-19 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
A.Claims 1, 5-7, 8, 15-17, 18-19 are rejected for reciting ‘kernel virtual memory space of the OS’ and ‘application virtual memory space of the OS’, both being unsupported by the spec.
Amended claim 1 recites, ‘loading the device driver into a kernel virtual memory space of the OS’. 
But the spec in Para-0002 recites, ‘The device driver is loaded in an operating system by a kernel of the OS’. As per Fig. 1, and Para-0014, the spec recites ‘kernel space 160’. In other words, nowhere does the spec recite, ‘kernel virtual memory space of the OS’. 
There is no indication in the spec that ‘kernel space 160’ is equivalent to ‘kernel virtual memory space of the OS’. So, per Fig. 1 of the spec, ‘kernel virtual memory space of the OS’ is undefined and unknown. Therefore ‘kernel virtual memory space of the OS’ constitutes new matter.
 It is well-known that the Linux kernel supports mapping of linear/virtual addresses in kernel space. But the spec does not explicitly disclose this feature. So reciting ‘kernel virtual memory space of the OS’ has no patentable weight.
Amended claim 1 also recites, ‘executing in the application virtual memory space of the OS’. 
With reference to Fig. 1, Para-0014 recites, ‘a user may run programs or applications in the application memory space 142’. As per Fig. 1, Para-0013 recites, ‘The OS 186 may include a kernel 184 and a device driver 182’.
Nowhere does the spec recite, ‘application virtual memory space of the OS’. Furthermore, none of the above spec citations suggest that the Fig. 1, ‘application memory space 142’ is equivalent to ‘application virtual memory space of the OS’.
As per Fig. 1 of the spec, ‘application virtual memory space of the OS’ is undefined and unknown. Therefore ‘application virtual memory space of the OS’ constitutes new matter.
	Due to lack of explicit support for ‘kernel virtual memory space of the OS’, and ‘application virtual memory space of the OS’ in the spec, lexicography is inapplicable.
Claims 8, 18 have a similar issue and hence are rejected for the same reason.
Claims 5-7, 15-17 and 19 are rejected for failing to cure the deficiency from their respective parent claim by dependency.
For examination, the spec is followed.

B.Claims 1, 5-7, 8, 15-17, 18-19 are rejected for reciting a limitation that is unsupported by the spec.
Amended claim 1 recites, ‘wherein the first set of physical memory pages are set to be writable by applications executing in an application virtual memory space of the OS’. 
	Amended claim 1 also recites, ‘wherein the second set of physical memory pages are set to be read-only by applications executing in the application virtual memory space of the OS’.
	Nowhere does the spec recite that write and read-only permissions are set by applications executing in application space. Para-0014 of the spec recites, ‘an application (e.g., Applications 170A-C) may refer to less privileged software without the ability to change memory mappings for itself’. 
As per Paras:0029-0030 of the spec, the kernel device driver sets permissions (r-w and r-only) to the first and second set of physical pages respectively. 
Therefore, ‘wherein the first set of physical memory pages are set to be writable by applications executing in an application virtual memory space of the OS’, and, ‘wherein the second set of physical memory pages are set to be read-only by applications executing in the application virtual memory space of the OS’, constitute new matter.
Claims 8, 18 have a similar issue and hence are rejected for the same reason.
Claims 5-7, 15-17 and 19 are rejected for failing to cure the deficiency from their respective parent claim by dependency.
For examination, the spec is followed. So ‘by applications’ is replaced with ‘for applications’.

C.Claims 1, 5-7, 8, 15-17, 18-19 are rejected for reciting a limitation that is unsupported by the spec.
Amended claim 1 recites, ‘produce a mapping of physical address of the second set of physical memory pages into virtual addresses used by the application in the virtual application memory space.’
Nowhere does the spec recite the above limitation. 
Para-0024 of the spec recites, ‘A page table 300 is a data structure that may be used to store a mapping of memory addresses of the transmit rings 240 to memory addresses of the memory available to the application memory space 142’. In Para-0029, the spec recites, ‘the kernel 184 may map the transmit rings 240 into the application memory space 142’. 
None of the above spec citations imply the amended claim 1 limitation. The spec does not explicitly recite any ‘mapping’ between the second set of physical pages and application space. Neither does Fig. 2 of the spec.
Hence ‘produce a mapping of physical address of the second set of physical memory pages into virtual addresses used by the application in the virtual application memory space’, as recited by claim 1, constitutes new matter.
Claims 8, 18 have a similar issue and hence are rejected for the same reason.
Claims 5-7, 15-17 and 19 are rejected for failing to cure the deficiency from their respective parent claim by dependency.
For examination, the spec is followed.
	
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1, 5-7, 8, 15-17, 18-19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
A.Claims 1, 5-7, 8, 15-17, 18-19 are rejected are rejected for being unclear, ambiguous and indefinite.
Amended claim 1 recites, ‘produce a mapping of physical address of the second set of physical memory pages into virtual addresses used by the application in the virtual application memory space’.
But as per Fig. 2, Para-0021, the spec recites, ‘The transmit rings 240 may be assigned to a first set of physical memory pages 270A’. In Para-0029, the spec recites, ‘the kernel 184 may map the transmit rings 240 into the application memory space 142’. In Fig. 3, Para-0024 of the spec recites, ‘A page table 300 is a data structure that may be used to store a mapping of memory addresses of the transmit rings 240 to memory addresses of the memory available to the application memory space 142’.
Given the above spec recitations, it is unclear how a ‘mapping’ of the second set of pages with application memory space is produced, as recited in amended claim 1.
The spec does not recite a mapping that involves ‘the physical address of the second set of physical memory pages’ and application space. Para-0030 of the spec recites setting permissions to the second set of pages but there is no disclosure of a ‘mapping’. There is also no indication that setting permissions to the second set of pages is equivalent to ‘mapping’.
More importantly, the spec recites that the receive rings are assigned to the second set of pages and application space has no write access to the second set of pages. Para-0021 of the spec recites, ‘Preventing the application 170 from writing into the receive rings 250 or second set of physical memory pages 270B ensures that the application 170 cannot intentionally or inadvertently corrupt machine memory, which may lead to crashing the kernel 184’. Therefore it is unclear what ‘produce a mapping’ means and how it is achieved, in amended claim 1.
Furthermore, as per the Para-0021 spec recitation, amended claim 1 recites a security violation, which is unsupported by the spec. Therefore, amended claim 1 diminishes the effectiveness of the disclosure and hence lacks patentable weight.
In summary, amended claim 1 limitation, ‘produce a mapping of physical address of the second set of physical memory pages into virtual addresses used by the application in the virtual application memory space’, is unclear, ambiguous and indefinite.
Claims 8, 18 have a similar issue and hence are rejected for the same reason.
Claims 5-7, 15-17 and 19 are rejected for failing to cure the deficiency from their respective parent claim by dependency.
For examination, the spec is followed.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
   A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 5, 7-8, 17-19 are rejected under AIA  35 U.S.C. 103(a) as being unpatentable over Andjelic (20090077572) in view of Pope et al (20100049876) and Pope et al (20150142832, hereinafter Pope-2).

As per Claim 1, Andjelic discloses a system (Andjelic, [0036 – Fig. 1 shows network device driver architecture in its system environment, including user space, kernel space and network space]; [Fig. 11]) comprising: 
a network interface controller (NIC) (Andjelic, [Fig. 1: NIC 30]; [0072 - Fig. 11, Intel 82543GC Gigabit Ethernet NIC]); 
a memory (Andjelic, [Fig. 1: User space, Kernel space]), 
the memory storing a device driver and instructions (Andjelic, [Fig. 1: kernel space device driver 10; This is similar to Fig. 1 of the spec]; [0047 – In Fig. 3, the kernel-space device driver 10 comprises of a network device driver core/NDD core 14 and a kernel space agent 16]; [0055 - As per Fig. 3, the kernel agent 16 is realized by about 200 lines of new code/instructions together with about 300 lines of standard device driver framework code/instructions, all of which is resident in kernel space, thereby implying that the memory stores a device driver and instructions; Since the claim does not define ‘memory’, the citation is a valid interpretation]); 
one or more processors in communication with the memory (Andjelic, [0072 – In Fig. 11, two central processor base boards are in communication with the memory via a 32 bit/66 MHz cPCI bus between CPU and the cPCI-PCI bridge. Each CPBB board has one or more Alpha servers/processors]);
wherein the one or more processors (Andjelic, [0072 – In Fig. 11, each CPBB board has one or more Alpha servers/processors]), when executing the instructions (Andjelic, [0002 - The OS is a resource manager that makes system resources such as processors, memory, I/O devices and communication devices available to users. It also provides the base functionality upon which application software is written and executed. Important OS functions include sharing hardware among users, preventing users from interfering with each other, resource scheduling, organizing data for secure and rapid access, and supporting I/O functions and network communications]), cause the system to: 
initialize the NIC (Andjelic, [0062 - The kernel-space device driver performs a standard initialization procedure as a base network device driver also called the Network Device Driver Core/NDD core 14]; [0065 - The NDD core 14 then performs basic initialization of NIC 30]) by loading, by a kernel of an operating system (OS) (Andjelic, [0003 - The central part of the OS is the kernel. The kernel provides services to user applications, including memory management, allocating processing resources, and responding to system calls from user applications or processes]), the device driver into a kernel virtual memory space of the OS (Andjelic, [0062 - The OS is loaded with a network device driver in kernel space; Since the spec does not recite or define ‘kernel virtual memory space of the OS’, it is valid to interpret ‘Fig. 1:kernel space’ to be equivalent to the ‘kernel virtual memory space of the OS’]); 
assign transmit rings (Andjelic, [0041 - In Fig. 2, each interface 15, 25 and 35 is associated with a transmit queue/transmit ring, thereby implying a plurality of transmit rings]; [0041 - KTX, NTX, TX are transmit rings]) of the NIC (Andjelic, [0045 - The transmit buffer queues/rings are allocated in kernel space by the kernel driver. To make the queues/transmit rings visible to the NIC, they are first mapped to the NIC bus address space and the obtained addresses are then written to the specific NIC registers; The claim recites ‘transmit rings of the NIC’ without reciting if, where and how the transmit rings are located. So the citation is a valid interpretation]) to the first set of physical memory pages (Andjelic, [0064 - In the outbound direction, in Fig. 5, NDD/kernel driver core 14 operates as a design base NDD. If the user-space tunneled access mode is off, messages to the NIC are put in the NTX ring of NDD core 14; Outbound direction means the application sends messages. Since the messages are accessible/writable by the application, it is valid to interpret the messages to be associated with the first set of physical pages]; [0044 – In Fig. 2, the user application 40 wants to send a message and makes a system call, and the message to be transferred to NIC 30 is copied into kernel-space and handled by the invoked kernel-space protocol 45. The kernel-level protocol 45 delivers pointer P-2 that points to the memory position of the message in system memory 50 to the kernel-space device driver 10, which inserts the pointer into the KTX queue of the kernel-space-user-space interface 15; Here, since MSG-2 is accessible/writable by the application, it is valid to interpret that it is associated with the first set of physical pages. Furthermore, since the NIC fetches MSG-2, it implies that the transmit rings/KTX of the NIC are assigned to the first set of pages. Since the claim does not recite how the assignment is done and how the first set of pages are represented in memory, the citation is a valid interpretation]),
assign receive rings (Andjelic, [0041 - In Fig. 2, each interface 15, 25 and 35 is associated with a receive queue/receive ring, thereby implying a plurality of receive rings]; [0041 - KRX, NRX, RX are receive rings]) of the NIC (Andjelic, [0045 – The receive buffer queues/rings are allocated in kernel space by the kernel driver. To make the queues visible to the NIC, they are first mapped to the NIC bus address space and the obtained addresses are then written to specific NIC registers; The claim recites ‘receive rings of the NIC’ without reciting if, where and how the receive rings are located. So the citation is a valid interpretation]) to the second set of physical memory pages (Andjelic, [0070 - NIC 30 puts descriptors associated with inbound/receive messages in the receive ring]; [0070 - If there is no match, the message descriptor is inserted into the KRX ring, as in Fig. 10. At a configurable interval, the user-space device driver 20 calls the kernel agent 16. The kernel agent 16 then fetches descriptors relating to inbound messages from the KRX ring and delivers them to the NDD core 14/kernel driver, which performs the operations for delivering the messages to the kernel-level user; Here the lack of match and message delivery via the NDD core implies that the inbound messages are not accessible/writable by the aplication and hence they correspond to memory associated with the second set of physical pages. Furthermore, since the kernel agent 16 fetches descriptors relating to inbound messages/second set from the KRX ring deposited by the NIC, it implies that the receive rings of the NIC are assigned to the second set of physical memory pages which are not writeable by the application]),
wherein the receive rings (Andjelic, [0041 - In Fig. 2, each interface 15, 25 and 35 is associated with a receive queue/receive ring, thereby implying a plurality of receive rings]) store incoming packets sent through the kernel to be processed by the device driver (Andjelic, [0017 - The kernel-space device driver is operable for directly accessing the NIC via a kernel-space-NIC interface]; [0053 - The FIFO receive queue KRX of the kernel-space-user-space interface is allocated/assigned in kernel address space. KRX is a receive ring/queue]; [0064 – As per Fig. 6, in the inbound direction, messages/packets from the NIC are put in the NRX/receive ring]; [0070 - NIC 30 puts descriptors associated with inbound/receive messages/packets in the receive ring; The above citations imply that the receive rings store incoming packets sent through the kernel to be processed by the device/kernel driver]); 
Pope further clarifies,
a network interface controller (NIC) (Pope, [Fig. 1: NIC 116]);
a memory (Pope, [Figs. 1-2: memory of computer system 110]) having a first set of physical memory pages (Pope, [0043 – In Fig. 2, address space/Page 252 is used for communication between application processes and resources 231-234. This implies page 252 is associated with the first set of physical pages and writable by applications]; [0040 – Block/address space 252 represent allocated pages on PCI bus 118]) and a second set of physical memory pages (Pope, [0043 - Page 251 is used by the kernel driver to send instructions to the NIC. This implies page 251 is associated with second set of physical pages and not writable by applications]; [0040 – Block/address space 251 represent allocated pages on PCI bus 118]);  
the memory storing a device driver (Pope, [Fig. 2: kernel driver 225]) and instructions (0038 - [Fig. 2 shows computer system 110. A library 223 of instructions is stored by the computer and available to the applications. The part of the library usable for communications with the NIC 116 is termed a transport library 224]),
assign transmit rings of the NIC (Pope, [0068 – In Fig. 5, NIC 116 includes a transmit queue/TX ring descriptor table 540. Each transmit queue/TX ring has a corresponding transmit queue ID, which is used as an index into the transmit queue descriptor table 540, thereby implying a plurality of TX rings]; [0103 – In Fig. 13, the NIC implements an algorithm for choosing among the multiple transmit queues/rings for the next queue to service; The above citations imply that the transmit rings are associated with the NIC]) to the first set of physical memory pages (Pope, [0082 – In Fig. 6, step 610, the kernel begins by allocating memory for the generalized buffers/first set of pages that will be used to hold the transmit queues/rings. It then maps the buffers into the application's virtual address space so that the application can read and write to them directly; This implies that the transmit rings of the NIC are assigned to the first set of pages. Since the claim does not recite how the assignment is made, the citation is a valid interpretation]), 
wherein the first set of physical memory pages are set to be writable (Pope, [0043 – In Fig. 2, during system setup, pages 252 are allocated to NIC 116. Pages 252/first set are used for communication between applications 222 and resources 231-234/TX rings, thereby implying that r-w permissions are set to pages 252/first set]; [0084 - In Fig. 6, after steps 612-616, at step 618, the kernel programs into NIC 116 certain access rights/r-w permissions that are to be associated with the particular transmit queue; Since the r-w transmit queue is assigned to the first set of pages, it therefore implies that the first set of pages are also r-w, thereby implying that the first set of physical pages are set to writable. ‘Set to writable’ permission is a design decision]) by applications (Pope, [Fig. 2: Applications 222]; [0061 – In Fig. 3, step 328, the application process writes transmit data into buffers/first set in the application program's virtual address space, thereby implying that the applications have write access to the first pages]) executing in an application virtual memory space of the OS (Pope, [0038 - Fig. 2 shows computer system 110 which runs OS 221 which is capable of supporting application processes 222 also running on the computer]; [0059 - In Fig. 3, step 310, when the application first starts up, its libraries are initialized. This includes the user level transport library 224, which is initialized into the application's virtual address space. The above citations imply that the first set of physical pages are set to be writable by/for applications executing in an application virtual memory space of the OS. See 112(a)]);
assign receives rings of the NIC (Pope, [0068 – In Fig. 5, NIC 116 includes a receive queue/RX ring descriptor table 541. Each receive queue/RX ring has a corresponding receive queue ID, which is used as an index into the transmit queue descriptor table 541, thereby implying that a plurality of receive rings are associated with the NIC]) to the second set of physical memory pages (Pope, [0082 - In Fig. 6, step 610, the kernel allocates memory for buffers/second set that will be used to hold the receive queues/rings. It then maps the buffers into the application's virtual address space so that the application can only read them; This implies that the receive rings of the NIC are assigned to the second set of physical pages]),
wherein the second set of physical memory pages are set to be read-only (Pope, [0043 – In Fig. 2, during system setup, pages 251/second set are allocated to NIC 116. Pages 251 are used by kernel driver 225 to send instructions to the NIC 116, thereby implying that since the pages 251 are used by the kernel driver/trusted mode, they have read-only access for the applications]) by applications executing in the application virtual memory space of the OS (Pope, [Fig. 2: Applications 222]; [0038 - Fig. 2 shows computer system 110 which runs OS 221 which is capable of supporting application processes 222 also running on the computer]; [0059 - In Fig. 3, step 310, when the application first starts up, its libraries are initialized. This includes the user level transport library 224, which is initialized into the application's virtual address space; The above citations imply that the second set of physical pages are set to be read-only by/for applications executing in the application virtual memory space of the OS. See 112(a)]),
Therefore it would have been obvious to a person of ordinary skill at the time of filing to incorporate the physical memory pages of Pope into the network device architecture and protection domains of Andjelic for the benefit of secure packet transmission wherein a network interface device transmits the packet only if the sending queue has authority to send packets having that characteristic. The data packet characteristics can include transport protocol number, source and destination port numbers, source and destination IP addresses. Authorizations are programmed into the NIC by a kernel routine upon establishment of the queue/ring, based on the privilege level of the process for which the queue is being established. In this way, a user process can use an untrusted user-level protocol stack to initiate data transmission onto the network, while the NIC protects the remainder of the system (Pope, 0016).
Pope-2 clarifies,
wherein the second set of physical memory pages are set to be read-only (Pope-2, [0043 – In Fig. 3A, during system setup, pages 351/second set are allocated to NIC 116. Pages 351 are used by kernel driver 325 to send instructions to the NIC 116, thereby implying that since the pages 351 are used by the kernel driver/trusted mode, they have r-only access for applications]; [0160 - In Fig. 17, step 1718, the user routine performs TCP/IP receive processing on received packet from RX queue, and copies the payload to the buffer that the application had specified in the arguments in step 1216, thereby implying that the RX queue only allows the application to read the received data; Since the RX queue is assigned to the second set of pages, and the RX queue allows r-only, it further implies that the second set of pages are also set to read-only]) by applications executing in the application virtual memory space of the OS (Pope-2, [Fig. 3A: applications 322]; [0068 - Fig. 3A shows computer system 210 which runs OS 321 which is capable of supporting application processes 322 also running on the computer]; [0141 - In Fig. 12, step 1210, when the application first starts up, its libraries are initialized. This includes the user level transport library 324, which is initialized into the application's virtual address space; The above citations imply that the second set of physical pages are set to be read-only by/for applications executing in the application virtual memory space of the OS. See 112(a)]),
wherein the receive rings store incoming packets sent through the kernel to be processed by the device drive (Pope-2, [0117 – Fig. 7 shows functions initiated for the transfer of the data to each destination receive queue/receive ring. The incoming data is placed into a RX FIFO]; [0117 - In Fig. 7, step 716, NIC 216 writes data from the incoming packet into the receive data buffer designated by the retrieved descriptor, beginning at the specified offset. Writing continues by DMA until either the end of the current data buffer is reached or the end of the incoming data packet is reached, or both]; [0197 - Fig. 27 shows the steps that the kernel driver performs upon receipt of a data packet]; [0093 – In Fig. 4, the kernel driver 325 is able to communicate data packets received by the kernel, to the user level driver of individual target applications; The above citations imply that the receive rings store incoming packets sent through the kernel to be processed by the device driver/kernel driver]);
produce a mapping of physical address of the second set of physical memory pages (Pope-2, [0072 – As per Fig. 3A, address space/pages 351 is used by the kernel driver 325 to send instructions to NIC 216, thereby implying that page 351/second set are not writeable by the application]; [0070 – In Fig. 3A, block 351 represents allocated pages]) into virtual addresses used by the application in the virtual application memory space (Pope-2, [0152 – In Fig. 14, step 1420, the kernel resource allocation routine returns to the application with handles/physical addresses for the resources allocated, with the base virtual addresses of the receive queues, and virtual memory addresses corresponding to the doorbells allocated in the receive queue descriptor table 541]; [0075 - The routines for allocation, re-allocation and de-allocation of resources require access to restricted memory mapped addresses, such as page 351/second set for sending configuration instructions to NIC 216. Since the user level transport library 324 lacks the necessary privilege level to perform these accesses, these routines in the user level transport library 324 make calls to the kernel driver 325 for mapped access. These calls cause an initial context switch to a kernel level process; The above citations imply producing a mapping of physical address of the second set of physical memory pages into virtual addresses used by the application in the virtual application memory space; Since the claim does not define ‘mapping’ and how it is achieved, the citation is a valid interpretation. Also see 112(a) and 112(b) rejections]).
Therefore it would have been obvious to a person of ordinary skill at the time of filing to incorporate the packet reception of Pope-2 into the network device architecture of Andjelic, Pope for the benefit of handling incoming packets wherein the NIC has a bus interface controller, a resource configuration unit and a bus mapping table. During setup of the system one or more pages on the bus are allocated to the NIC. Part of this address space is used by the kernel driver to send instructions to the NIC. Other pages are used for communication between application processes and the resources such as receive rings. The resource configuration unit stores a record of the pages that are allocated to the NIC for use by the resources (Pope-2, 0071, 0072).

As per Claim 5, the rejection of claim 1 is incorporated, in addition Andjelic discloses, 
wherein the transmit ring and the receive ring are located in physical memory available to the application memory space (Andjelic, [0053 – As per Fig. 3, FIFO queues KTX, KRX of the kernel-space-user-space interface are allocated in kernel address space and mapped to user address space, thereby implying that the transmit ring and the receive ring are located in physical memory available to the application memory space; Since the claim does not recite the location of the physical memory and how the physical memory is made available to the application memory space, the citation is a valid interpretation]).

As per Claim 7, the rejection of claim 1 is incorporated, in addition Andjelic discloses,
- wherein the device driver is configured to map a transmit request address into one of the applications (Andjelic, [0044 – In Fig. 2, kernel-level protocol 45 delivers a pointer P-2 that points to the memory position of the message in system memory 50 to the kernel-space device driver 10, which inserts the pointer into the KTX queue of the kernel-space-user-space interface 15. The user-space device driver functionality 20 polls the KTX queue and moves the pointer to the TX queue of the user-space-NIC interface 25, thereby mapping the transmit request address/pointer into an application. Fig. 3 shows a plurality of applications/processes]; [Claim 41 - The kernel-space device driver inserts pointer/address information pointing to data in a shared memory into a transmit buffer associated with the kernel-space-user-space interface]), 
-  the transmit request address is located on the NIC (Andjelic, [0065 - The kernel agent 16 maps memory visible to the NIC 30 to user address space]; [Claim 41 – The user-space device driver fetches the pointer information from the transmit buffer and inserts it into a transmit buffer associated with the user-space-NIC interface. The NIC then fetches the pointer information from the transmit buffer, thereby implying that the transmit request address is located on the NIC; Since the claim does not define ‘transmit request address’, the citation is a valid interpretation]).

As per Claim 8, it is similar to claim 1 and therefore the same rejections are incorporated.

As per Claim 17, it is similar to claim 7 and therefore the same rejections are incorporated.

As per Claim 18, it is similar to claim 1 and therefore the same rejections are incorporated.

As per Claim 19, the rejection of claim 18 is incorporated, in addition Andjelic discloses,
send, by the device driver, a mapping request to the kernel (Andjelic, [0058 – In Fig. 3, the interface between the NDD core 14 and the kernel agent 16 is an API that supports sending/receiving messages over a specific NIC]; [0059 - The interface 15 between the kernel agent 14 and the user-space device driver functionality 20 is an interface supporting driver requests for opening a connection towards the kernel agent, mapping of contiguous buffer memory and memory mapped CSR from the kernel agent to application context; The claim does not recite why the device driver sends a mapping request. A mapping request may involve memory allocation for sending data from application/user, so that requirement is triggered by the user space driver to the kernel agent. The above citations imply that the user-space driver initiates the requirement to the kernel agent, a component of the kernel device driver, thereby further implying that the kernel agent sends a mapping request to the kernel/NDD core]);
responsive to sending the mapping request, receive, by the kernel, the mapping request from the device driver (Andjelic, [0019 - In user-space tunneled access mode, the driver core routes outgoing data to the kernel agent, thereby implying that the NDD core receives the mapping request from the kernel agent]; [0058 – In Fig. 3, the interface between the NDD core 14 and the kernel agent 16 is an API that supports sending/receiving messages over a specific NIC]); 
responsive to receiving the mapping request, map, by the kernel, the transmit rings into the virtual application memory space (Andjelic, [0041, 0045 – The buffer queues/rings KTX, NTX, KRX, NRX are adapted for holding pointer information, and accessed by writing for the tail and reading from the head. All buffer queues are allocated in kernel address space by the kernel-space device driver. The queues are mapped to the address space of the user-space device driver functionality]; [Claim 36 - The kernel-space device driver inserts into the transmit buffer associated with the kernel-space-user-space interface, pointer information that points to data in a shared memory/buffer queue. Pointers to transmit buffers are stored in transmit rings]; [Claim 41 – The user-space device driver fetches the pointer information from the transmit buffer associated with the kernel-space-user-space interface and inserts it into a transmit buffer associated with the user-space-NIC interface; The above citations imply that responsive to receiving the mapping request, the kernel maps the transmit rings into the virtual application memory space]).
Pope clarifies,
responsive to receiving the mapping request (Pope, [0082- In Fig. 6, step 610, the kernel begins by allocating memory for the generalized buffers/first set of pages that will be used to hold the transmit queues. It then maps the buffers into the application's virtual address space so that the application can read and write to them directly; As mentioned above, the mapping request is initiated by the application/user to the kernel driver, thereby implying that the kernel receives the mapping request from the kernel device driver]), map, by the kernel, the transmit rings into the virtual application memory space (Pope, [0082 – In fig. 6, step 612, the kernel installs descriptors for these buffers in the buffer descriptor table 510. In step 612, the kernel programs buffer IDs into the transmit/TX queue descriptor table 540. In step 616, the kernel determines the doorbell address in the NIC 116 for each transmit queue, and maps them into the application's virtual address space. In step 618, the kernel programs into the NIC 116 access/authorization rights that are to be associated with the particular transmit queue. In step 620, the kernel returns to the application with handles for the resources allocated, with the base virtual addresses of the transmit queues, and virtual memory addresses corresponding to the doorbells allocated in the transmit queue descriptor tables 540, thereby implying mapping by the kernel the transmit rings in the virtual application memory space]).
Therefore it would have been obvious to a person of ordinary skill at the time of filing to incorporate the kernel based transmit queue/ring mapping of Pope into the network device architecture of Andjelic for the benefit of secure packet transmission wherein authorizations are programmed into the NIC by the kernel upon establishment of the transmit queue, based on the privilege level of the process for which the queue is being established. In this way, a user process can use an untrusted user-level protocol stack to initiate data transmission onto the network, while the NIC protects the remainder of the system or network from compromise (Pope, 0016).


Claims 6, 15-16 are rejected under AIA  35 U.S.C. 103(a) as being unpatentable over Andjelic (20090077572) in view of Pope et al (20100049876), Pope-2 et al (20150142832) and Thomas et al (20130191577).

As per Claim 6, the rejection of claim 1 is incorporated, and Andjelic, Pope, Pope-2 disclose address translation.
Thomas further discloses,
wherein the mapping includes a page table (Thomas, [Fig.1: PPT-GPT-MPT-Physical Page Permission Table]) that maps virtual addresses to physical addresses (Thomas, [0033 – As per Fig. 1, guest virtual memory 120 refers to a GPT 130 to translate the guest virtual memory address to a corresponding guest memory address in guest physical memory 140. The address in guest physical memory 140 is translated through a PPT 150 to a corresponding physical memory address in the physical memory 190]; [0035 - the VMM/kernel 100 includes a mirrored virtual memory page table/MPT 170. The guest physical memory 140 is translated to the physical memory 190 through the MPT 170, as indicated by the dotted arrows connecting the guest physical memory 140, MPT 170, and physical memory 190]).
Therefore it would have been obvious to a person of ordinary skill at the time of filing to incorporate the page table of Thomas into the network device architecture of Andjelic, Pope, Pope-2, for the benefit of facilitating execution of instructions which are located in separate memory pages, on different processing cores of a computer processor in accordance with different virtual memory page tables and modifying mirrored virtual memory page tables based on a permission received for a physical page table (Thomas, 0020).

As per Claim 15, it is similar to claim 6 and therefore the same rejections are incorporated.

As per Claim 16, the rejection of claim 15 is incorporated, and Andjelic, Pope, Pope-2, Thomas disclose address translation and permissions.
Thomas further discloses,
wherein the page table includes an indication of the access permissions to the first set of physical memory pages (Thomas, [Fig. 1: Physical Page Permission Table]; [0062 - Fig. 8 shows the physical page permission table 160 comprising one or more entries that record permissions for one or more pages of physical memory 190. For example, the physical page permission table 180 shows that page A has only read permissions, page D has read and write permissions, and pages B and C allow full permissions]).
Therefore it would have been obvious to a person of ordinary skill at the time of filing to incorporate the physical page permission table of Thomas into the network device architecture of Andjelic, Pope, Pope-2, for the benefit of provide for maintenance and tracking of per-physical-page memory access permissions (Thomas, Abstract).


Response to arguments
The Applicant's arguments filed on September 23, 2022 have been fully considered, but they are not persuasive.

A.Applicant argues: ‘Previous Office Action conflated terms found in previously presented claims (such as kernel space/second set of physical pages, the application space/first set of pages) …. of the claims as currently presented.’ (Rem, Pg. 7)
Response: No. The combination of Andjelic, Pope etc., wherein Pope in Para-0043, Fig. 2, recites, ‘During setup of the system one or more pages (251, 252) on the bus 118 are allocated to the NIC 116. Part of this address space (page 251) can be used by the kernel driver 225 to send instructions to the NIC 116. Other pages (e.g. page 252) can be used for communication between application processes such as application 222 and the resources 231-234.’ And Pope, Para-0040 recites, ‘Blocks 251 and 252 represent allocated pages on the PCI bus 118.
The spec does not recite how the physical pages are represented in memory. The above citation, which has been used in the O/A, implies that the application executing in application space is associated with the first set of pages(r-w) or pages 252, and kernel driver executing in kernel space is associated with the second set of pages(read-only) or pages 251. The O/A recites this association.

B.Applicant argues: ‘The Office Action states on page 10 that ‘… it is valid to interpret all of 60c as the first set of pages …’ (Rem, Pg.7)
Response: Physical memory need not be contiguous.
In Col. 12, lines 36-37, Asanovic recites, ‘every software thread is associated with exactly one protection domain at any point in its execution’. 
In Fig. 2, if each software thread is a TX queue/ring and TX-queue-1 is associated with domain 52 and TX-queue-4 is associated with domain 58, then TX-queue-1 will utilize pages/memory address range 52a, 52e and TX-queue-4 will utilize pages 52g-h, 52i. They can do so because the pages have r-w permission (Fig. 2, 60c). Therefore the O/A made a valid interpretation.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ARVIND TALUKDAR whose telephone number is (571)270-3177. The examiner can normally be reached M-F, 10 am-6pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, David Yi can be reached on 571-270-7519. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

Arvind Talukdar
Primary Examiner
Art Unit 2132



/ARVIND TALUKDAR/
 Primary Examiner, Art Unit 2132