Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
Applicant’s amendment filed 10/6/2022 has been entered.  Claims 12, 19 and 20 were amended.  Claim 21 was added.  Applicant’s claim amendments have overcome the claim objection and 112(d) rejection in the Non-Final office action mailed 7/6/2022.  Claims 1-21 are presented for examination.


Response to Arguments
Applicant's arguments filed 10/6/2022 have been fully considered but they are not persuasive.   
Applicant argues Masuyama (2002/0184345) does not teach claim 1.  Examiner respectfully disagrees.
On page 9, ¶2, Applicant argues that Masuyama’s address map and routing table does not teach multiple permission registers.  Applicant argues Masuyama uses “single address map and routing table” but ignores the contents of the map and table which includes permission data (e.g. 420).  The permission data is what is claimed1.  On page 9, ¶3, Applicant argues that routing table does not have different domains with corresponding permission register.  First, Masuyama’s system address map, (see Fig 4) identifies config space for Domains 0, 1, 2 up to Domain N-1.  Second, the domain address map is then used to index (locate within) the Domain Routing Table the access bits (permission bits) for what fields (registers) the Domain can access.  Thus, Masuyama has “a set of permission registers” accessed by the Domain (corresponds to the particular domain out of multiple domains up to N-1 (set of N-1)) “that controls accessing the register” (Examiner Note: access to Privileged Register 183 in Fig 3 is satisfied by the domain access fields which are controlled by permissions 420, 425)
Masuyama teaches the limitation of permission registers.  As explained in Masuyama [0023], FIG. 4 shows … each domain 405 has a Domain Address Map 410 and a Domain Routing Table (415).  Each domain (405) teaches the limitation “in a respective domain.”  The Domain Routing Table is a set of permissions for the group of registers for each domain.  The group of registers teaches “a set of permission registers” Referring to Fig. 4, the system Address Map shows multiple domains 405, and each domain has a Domain address map 410 for Registers 0 to K.  The Domain routing Table shows Domain Read and Write permissions (access).  This satisfies the limitation of a set of permission registers, where each permission data controls accessing the register in a domain.  The Read access field (420) is controlled by a 1 for read permission (access) and a 0 for each domain that does not have read permission (reject).  The Write access field (425) is controlled by a 1 for write permission and a 0 for each domain that does not have write permission.  (Examiner Note: the claim does not have a limitation on the type of access it only recites “accept or reject the request based on the permission bit in the permission data”.)
Prior to the arguments, on page 7, Applicant refers to their disclosed Figure 3.  Masuyama Fig 4 shows the System Address Map for domains which maps to the Domains A, B, C in Fig 3, with a Domain Routing Table which maps to the permission bit registers 111, 113 and 115 in Fig 3.  The routing table access bit (permission bit) controls what can be accessed which maps to whether a domain can request the Privileged Register X 183 in Fig 3.  Or seen another way, can process in Domain A (processor executing in domain A) access the Privileged Register, where the access is determined by permission data?  Masuyama teaches the domain is used to index the Domain Routing Table which contains register access permissions.  If there is no access (read or write etc.) the permission is not given to the Privileged Register.
Thus, Masuyama teaches the argued limitations and claims as shown in the rejection below.


Information Disclosure Statement
The information disclosure statement (IDS) submitted on 10/4/2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-2, 5-13 and 21 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Masuyama (2002/0184345).

Regarding claim 1, Masuyama teaches
a computer system, comprising: 
a memory configured to at least store instructions of routines of a predefined set of domains; 
a processor coupled with the memory, wherein the processor has: 
an execution unit; (Masuyama, [0014] In accordance with the present invention, there is provided a multi-node computer system that includes a plurality of central processing unit (CPU) nodes 105, memory nodes 110, and input/output (I/O) nodes 115 coupled to a system interconnect 120.)
a register; and 
permission data corresponding to the register and the domains in the predefined set; and (Masuyama, [0015] In one embodiment, a domain configuration unit 126 includes domain configuration registers 125 and routing table registers (not shown in FIG. 2). Domain configuration registers 125 (which can also be described as partition definition registers) are used to partition computer system 200 into domains 130, 135, 140.  Each domain has its own local domain registers 145, 150, 155 controlling the state of the local domain. The local domain registers can include a variety of different types of local registers, such as control registers,)
a set of permission registers configured to store the permission data, wherein the permission registers correspond to the domains respectively; and each of the permission registers is configured to store a permission bit that controls accessing the privileged register by routines in a respective domain; (Masuyama, [0020] Domain read/write access rights to local domain registers are programmable by the server manager and are enforced by the address map and the routing table. The address map and routing table can be combined. Whenever a domain attempts to access a register, the address map and routing table are accessed to determine what the access rights are and how to route the packet. [0023] The routing table includes routing information and access control information for groups of registers. The routing table 415 is indexed by a register configuration space identifier, which value is given by the memory mapped register window The domain read access field 420 of routing table is a list of domain that have read access for the groups of registers governed by routing table)
wherein in response to an instruction executed in the processor that generates a request to access the register, the processor is configured to determine whether to accept or reject the request based on a permission bit provided in the permission data corresponding to an execution domain in which the instruction is running (Masuyama, [0023] An individual configuration space 405 includes a domain address map 410 and an associated routing table 415. The routing table includes routing information and access control information for groups of registers. The routing table 415 is indexed by a register configuration space identifier, which value is given by the memory mapped register window  The domain read access field 420 of routing table is a list of domain that have read access for the groups of registers governed by routing table 415. As one example, the domain read access field 420 could be implemented as a bit vector with a bit set to "1" for each domain that has read permission and set to "0" for each domain that does not have read permission.)

Regarding claim 2, Masuyama teaches
the computer system of claim 1, wherein the permission data includes a first permission bit corresponding to a first domain and a second permission bit corresponding to a second domain; 
when the instruction is running in the first domain, the first permission bit controls whether to accept or reject the request; and 
when the instruction is running in the second domain, the second permission bit controls whether to accept or reject the request (Masuyama, [0023] An individual configuration space 405 includes a domain address map 410 and an associated routing table 415. The routing table includes routing information and access control information for groups of registers. The routing table 415 is indexed by a register configuration space identifier, which value is given by the memory mapped register window The domain read access field 420 of routing table is a list of domain that have read access for the groups of registers governed by routing table 415. As one example, the domain read access field 420 could be implemented as a bit vector with a bit set to "1" for each domain that has read permission and set to "0" for each domain that does not have read permission.) (Examiner Note: read permission for each domain satisfies accept or reject for the first and second domain)

Regarding claim 5, Masuyama teaches
the computer system of claim 2, wherein the permission data includes different permission bits for different types of accesses to the register from a same domain (Masuyama, [0023] FIG. 4 shows an example of system address map 400 with memory mapped register windows. The system address map 400 includes a configuration space window 405 for each domain. Each configuration space window is identified by an identifier, called the register configuration space identifier. An individual configuration space 405 includes a domain address map 410 and an associated routing table 415. The routing table includes routing information and access control information for groups of registers. The routing table 415 is indexed by a register configuration space identifier, which value is given by the memory mapped register window The domain read access field 420 of routing table is a list of domain that have read access for the groups of registers governed by routing table 415. As one example, the domain read access field 420 could be implemented as a bit vector with a bit set to "1" for each domain that has read permission and set to "0" for each domain that does not have read permission. Note that domain read access field 420 is optional. If the field is absent, the default is that every domain has read access.
[0024] Domain write access field 425 of domain routing table 415 is a list of domains that have write access to the local domain registers (i.e., local domain registers 145, 150, and 155) governed by the domain routing table 415. In one embodiment, the domain write access field 425 is a bit vector set for each domain that has write permission, e.g., the bit vector could be set to "1" for each domain that has write access permission and to "0" for each domain that does not have write access permission. The field is optional. If the field is absent, the default is that only the local domain has write permission unless the register is a domain configuration register, in which case no domain has write permission.) (Examiner Note: Read or Write permission satisfies different permission)

Regarding claim 6, Masuyama teaches
the computer system of claim 5, wherein the types of accesses comprise at least one of retrieving content from the register, writing content from the register, or executing an instruction in the register, or any combination thereof (Masuyama, [0023] FIG. 4 shows an example of system address map 400 with memory mapped register windows. The system address map 400 includes a configuration space window 405 for each domain. Each configuration space window is identified by an identifier, called the register configuration space identifier. An individual configuration space 405 includes a domain address map 410 and an associated routing table 415. The routing table includes routing information and access control information for groups of registers. The routing table 415 is indexed by a register configuration space identifier, which value is given by the memory mapped register window The domain read access field 420 of routing table is a list of domain that have read access for the groups of registers governed by routing table 415. As one example, the domain read access field 420 could be implemented as a bit vector with a bit set to "1" for each domain that has read permission and set to "0" for each domain that does not have read permission. Note that domain read access field 420 is optional. If the field is absent, the default is that every domain has read access.
[0024] Domain write access field 425 of domain routing table 415 is a list of domains that have write access to the local domain registers (i.e., local domain registers 145, 150, and 155) governed by the domain routing table 415. In one embodiment, the domain write access field 425 is a bit vector set for each domain that has write permission, e.g., the bit vector could be set to "1" for each domain that has write access permission and to "0" for each domain that does not have write access permission. The field is optional. If the field is absent, the default is that only the local domain has write permission unless the register is a domain configuration register, in which case no domain has write permission.)  (Examiner Note: read access satisfies retrieving content, write access satisfies writing content)

Regarding claim 7, Masuyama teaches
the computer system of claim 6, further comprising: 
a permission register configured to store at least a portion of the permission data (Masuyama, [0023] As one example, the domain read access field 420 could be implemented as a bit vector with a bit set to "1" for each domain that has read permission and set to "0" for each domain that does not have read permission.)  (Examiner Note: read and write permission fields are separate, each is a portion)

Regarding claim 8, Masuyama teaches
the computer system of claim 7, wherein the permission data is stored in a predetermined location in the permission register (Masuyama, [0023] The routing table includes routing information and access control information for groups of registers. The routing table 415 is indexed by a register configuration space identifier, which value is given by the memory mapped register window The domain read access field 420 of routing table is a list of domain that have read access for the groups of registers governed by routing table) (Examiner Note: value provided by memory mapped register window for the index satisfies predetermined location)

Regarding claim 9, Masuyama teaches
the computer system of claim 7, wherein the permission register is programmable (Masuyama, [0020] Domain read/write access rights to local domain registers are programmable by the server manager and are enforced by the address map and the routing table.)

Regarding claim 10, Masuyama teaches
the computer system of claim 9, wherein the permission register is programmable via firmware or software running in the processor (Masuyama, [0020]  Note that a local domain preferably has read and write access only to the local registers of its domain. In one embodiment, a domain may be given read access to the local domain registers of the other domains of system 200.  Domain read/write access rights to local domain registers are programmable by the server manager and are enforced by the address map and the routing table.)

Regarding claim 11, Masuyama teaches
the computer system of claim 6, wherein the register is a privileged register.  (Masuyama, [0020] Domain read/write access rights to local domain registers are programmable by the server manager and are enforced by the address map and the routing table. The address map and routing table can be combined. Whenever a domain attempts to access a register, the address map and routing table are accessed to determine what the access rights are and how to route the packet. [0023] The routing table includes routing information and access control information for groups of registers. The routing table 415 is indexed by a register configuration space identifier, which value is given by the memory mapped register window The domain read access field 420 of routing table is a list of domain that have read access for the groups of registers governed by routing table)  (Examiner Note:  Read/Write are privileges)

Regarding claim 12, Masuyama teaches
a method, comprising: 
storing a set of permission bits for a plurality of predefined domains and for a register of a processor; (Masuyama, [0020] Domain read/write access rights to local domain registers are programmable by the server manager and are enforced by the address map and the routing table. The address map and routing table can be combined. Whenever a domain attempts to access a register, the address map and routing table are accessed to determine what the access rights are and how to route the packet. [0015] In one embodiment, a domain configuration unit 126 includes domain configuration registers 125 and routing table registers (not shown in FIG. 2). Domain configuration registers 125 (which can also be described as partition definition registers) are used to partition computer system 200 into domains 130, 135, 140.  Each domain has its own local domain registers 145, 150, 155 controlling the state of the local domain. The local domain registers can include a variety of different types of local registers, such as control registers,) in a set of permission registers, wherein each of the plurality of predefined domains has its own corresponding permission register in the set of permission registers; (Masuyama,[0023]  The system address map 400 includes a configuration space window 405 for each domain. Each configuration space window is identified by an identifier, called the register configuration space identifier.  An individual configuration space 405 includes a domain address map 410 and an associated routing table 415. The routing table includes routing information and access control information for groups of registers. The routing table 415 is indexed by a register configuration space identifier, which value is given by the memory mapped register window)
receiving, in the processor, a first request to access the register during a first execution of a first set of instructions; (Masuyama, [0020] Note that a local domain preferably has read and write access only to the local registers of its domain. In one embodiment, a domain may be given read access to the local domain registers of the other domains of system 200.)
identifying, among the plurality of predefined domains, a first execution domain that contains the first execution of the first set of instructions; (Masuyama, [0023] The routing table includes routing information and access control information for groups of registers. The routing table 415 is indexed by a register configuration space identifier, which value is given by the memory mapped register window)
retrieving, from a first permission register of the set of permission registers, a first permission bit corresponding to the first execution domain; and (Masuyama, [0023] The routing table 415 is indexed by a register configuration space identifier, which value is given by the memory mapped register window  The domain read access field 420 of routing table is a list of domain that have read access for the groups of registers governed by routing table)
controlling, by the processor and based on the first permission bit, the first request to access the register (Masuyama [0025] The routing destination field 430 defines how requests in the window defined by {base2, limit2} are handled. The routing destination field 430 is a required field. An access attempt to an undefined window is trapped and treated as an access control violation. [0024] Domain write access field 425 of domain routing table 415 is a list of domains that have write access to the local domain registers (i.e., local domain registers 145, 150, and 155) governed by the domain routing table 415. In one embodiment, the domain write access field 425 is a bit vector set for each domain that has write permission, e.g., the bit vector could be set to "1" for each domain that has write access permission and to "0" for each domain that does not have write access permission. The field is optional. If the field is absent, the default is that only the local domain has write permission unless the register is a domain configuration register, in which case no domain has write permission.)  (Examiner Note: Read or Write accesses are controlled by permission bits)
receiving, in the processor, a second request to access the register during a second execution of a second set of instructions;
identifying, among the plurality of predefined domains, a second execution domain that contains the second execution of the second set of instructions;
retrieving, from a second permission register of the set of permission registers, a second permission bit corresponding to the second execution domain; and
controlling, by the processor and based on the second permission bit, the second request to access the register (Masuyama, [0020] Domain read/write access rights to local domain registers are programmable by the server manager and are enforced by the address map and the routing table. The address map and routing table can be combined. Whenever a domain attempts to access a register, the address map and routing table are accessed to determine what the access rights are and how to route the packet. [0023] The routing table includes routing information and access control information for groups of registers. The routing table 415 is indexed by a register configuration space identifier, which value is given by the memory mapped register window. The domain read access field 420 of routing table is a list of domain that have read access for the groups of registers governed by routing table [0014] The present invention includes a system and a method for partitioning a multimode computer system into domains.)  (Examiner Note: Masuyama’s teaching of multiple domains satisfies multiple executions (first, second … N domain))

Regarding claim 13, Masuyama teaches
the method of claim 12, wherein the storing comprises: storing the set of permission bits in a predefined portion of a second register of the processor (Masuyama, [0020] Domain read/write access rights to local domain registers are programmable by the server manager and are enforced by the address map and the routing table. The address map and routing table can be combined.  [0023] An individual configuration space 405 includes a domain address map 410 and an associated routing table 415. The routing table includes routing information and access control information for groups of registers. The routing table 415 is indexed by a register configuration space identifier, which value is given by the memory mapped register window. The domain read access field 420 of routing table is a list of domain that have read access for the groups of registers governed by routing table 415. As one example, the domain read access field 420 could be implemented as a bit vector with a bit set to "1" for each domain that has read permission and set to "0" for each domain that does not have read permission.)

Regarding claim 21, Masuyama teaches 
the computer system of claim 1, wherein each of the set of permission registers is pre-associated with one of the domains in the predefined set (Masuyama, [0024] Domain write access field 425 of domain routing table 415 is a list of domains that have write access to the local domain registers (i.e., local domain registers 145, 150, and 155) governed by the domain routing table 415.  In one embodiment, the domain write access field 425 is a bit vector set for each domain that has write permission, e.g., the bit vector could be set to "1" for each domain that has write access permission and to "0" for each domain that does not have write access permission.) (Examiner Note: governed by the domain reads on pre-associated, list of domains reads on predefined set)

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 3 and 4 are rejected under 35 U.S.C. 103 as being unpatentable over Masuyama (2002/0184345) in view of Smith (2004/0221036).

Regarding claim 3, 
the computer system of claim 2, wherein the predefined set of domains comprises at least one of a domain for hypervisor, a domain for operating system, or a domain for application, or any combination thereof.
Masuyama teaches partitioning into domains with an operating system on each domain as part of the background art (Masuyama, [0004] Multi-node computer networks are often partitioned into domains, with each domain functioning as an independent machine with its own address space. An operating system runs separately on each domain. Partitioning permits the resources of a computer network to be efficiently allocated to different tasks).  Masuyama does not explicitly teach a domain for operating system.  For compact prosecution Smith is cited to teach a domain for an operating system.
However Smith teaches a domain for operating system (Smith [0027] Domains A and B may be configured to run independent operating systems which may be the same or different operating systems.)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Smith’s operating system domains with Masuyama’s domains because doing so improves the logical grouping of tasks (Smith, [0005] Resources which are allocated for particular tasks, or which are allocated for use by particular groups, may be logically grouped together into a separate domain.)

Regarding claim 4, Masuyama and Smith teach
the computer system of claim 3, wherein the execution domain in which the instruction is running is based on a memory address of the instruction (Masuyama, [0022] As previously described, each domain has its own address space. Register addresses are mapped within an address space. Examples of techniques to map register addresses to an address space include memory mapping using windows defined by {base, limit} address pairs or mapping to an entirely separate address space for register access, such as peripheral component interface (PCI). [0020] Domain read/write access rights to local domain registers are programmable by the server manager and are enforced by the address map and the routing table. The address map and routing table can be combined. Whenever a domain attempts to access a register, the address map and routing table are accessed to determine what the access rights are and how to route the packet.)

Claims 14 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Masuyama (2002/0184345) in view of Deshpande (2010/0228943).

Regarding claim 14, Masuyama teaches
the method of claim 13.
Masuyama does not teach predefined domains includes a domain for hypervisor.
However Deshpande teach predefined domains includes a domain for hypervisor (Deshpande, [0036] In this way, a hypervisor or virtualization system maintains virtual-to-physical mappings between I/O and coherency domain identifiers (much in the same way it may maintain shadow page tables for mappings between guest virtual addresses and underlying physical memory addresses) and delegates the mapping function for individual accesses or operations to PAMU 211.  [0018] For concreteness of description, we focus on certain illustrative implementations of a peripheral access management unit (PAMU) in a logically partitionable, multiprocessor-based computational system for which a multiplicity of logical I/O devices and domains are supported using underlying physical resources.)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Deshpande’s hypervisor with Masuyama’s partitions because doing so enables widely available virtual machines to run on a system with domain registers, (Deshpande [0027] Virtualization technologies are widely employed in modern computational systems and, particularly with regard to processor and memory virtualization, suitable designs and the operation thereof are well understood by persons of ordinary skill in the art.)

Regarding claim 15, Masuyama and Deshpande teach
the method of claim 13, wherein the plurality of predefined domains includes a domain for operating system (Deshpande, [0018] Typically, operating system images are instantiated in individual partitions and one or more PAMU instances mediate address mappings between I/O domains and a coherency domain of the system)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Deshpande’s operating system with Masuyama’s partitions because doing so is a typical method (Deshpande, [0018] Typically, operating system images are instantiated in individual partitions and one or more PAMU instances mediate address mappings between I/O domains and a coherency domain of the system. )

Claims 16, 17, 18 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Masuyama (2002/0184345) in view of Koufaty (2016/0110298).

Regarding claim 16, Masuyma teaches
the method of claim 13.
Masuyama does not teach the first register is controlled for a type of operations based at least in part on a value of the permission bit corresponding to the execution domain.
However Koufaty teaches the first register is controlled for a type of operations based at least in part on a value of the permission bit corresponding to the execution domain (Koufaty, [0055] At 408, the processing logic may select a protection key from a set of protection keys available to the processing logic. The protection key may be n-bit of binary codes that may be used to identify memory access permission stored in one or more permission registers. [0053] In one embodiment, the processing logic may receive the privilege level from a register that keeps a record of the current privilege level (CPL) which may support levels from 0 to 3 with 3 as the lowest level (such as a user application) and 3 as the highest (such as a kernel of the operating system).)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Koufaty’s registers with Masuyama’s domains because doing so improves memory protection (Koufaty, [0002] To prevent the stray accesses from accessing or corrupting memory in unintended ways, certain memory protection mechanism is needed.)

Regarding claim 17, Masuyama and Koufaty teach
the method of claim 16, wherein the type comprises at least one of read, write, or execution, or a combination thereof (Koufaty, [0021] Based on the classification, the user domain of the memory (or portions of memory identified with the user mode) and the supervisor domain (or portions of memory identified with the supervisor mode) may be protected by separate permission registers. In certain implementations, the permission register associated with user domains may be modified directly by user application without the assistance of the kernel of the operating system.)

Regarding claim 18, Masuyama teaches
a computer processor, comprising:
at least one privileged register; (Masuyama, [0015] In one embodiment, a domain configuration unit 126 includes domain configuration registers 125 and routing table registers (not shown in FIG. 2).)
at least one execution unit; and (Masuyama, [0014] In accordance with the present invention, there is provided a multi-node computer system that includes a plurality of central processing unit (CPU) nodes 105, memory nodes 110, and input/output (I/O) nodes 115 coupled to a system interconnect 120)
a plurality of permission registers each configured to store permission data corresponding to the privileged register and one of a plurality of predefined domains of instruction execution; (Masuyama, [0014] The present invention includes a system and a method for partitioning a multimode computer system into domains. [0015] In one embodiment, a domain configuration unit 126 includes domain configuration registers 125 and routing table registers (not shown in FIG. 2).  Domain configuration registers 125 (which can also be described as partition definition registers) are used to partition computer system 200 into domains 130, 135, 140. Each domain has its own local domain registers 145, 150, 155 controlling the state of the local domain. The local domain registers can include a variety of different types of local registers, such as control registers, [0023] As one example, the domain read access field 420 could be implemented as a bit vector with a bit set to "1" for each domain that has read permission and set to "0" for each domain that does not have read permission.))
Masuyama teaches the server controls access to the privilege register (routing table register) but Masuyama does not teach the computer processor is configured to control a request to access.
However Koufaty teaches wherein the computer processor is configured to control a request to access the privileged register based on a permission bit in the permission data corresponding to a domain in which an instruction is being executed in the computer processor to generate the request (Koufaty, [0129] In Example 23, the subject matter of any of Examples 21 and 22 can optionally provide that the first permission register is accessible by the task having a privilege level of the user-mode access, and wherein the first permission register comprises a write disable bit that is settable by the task having the privilege level of the user-mode access.)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Koufaty’s registers with Masuyama’s domains because doing so improves memory protection (Koufaty, [0002] To prevent the stray accesses from accessing or corrupting memory in unintended ways, certain memory protection mechanism is needed.)

Regarding claim 19, Masuyama and Koufaty teach
the computer processor of claim 18, wherein the at least one privileged register includes a plurality of privileged registers; (Koufaty, [0053]  At 404, the processing logic may determine at which privilege level the task operates. The privilege level of the task determines the mode of memory access to be a user-mode access or a supervisor-mode access. In one embodiment, the processing logic may receive the privilege level from a register that keeps a record of the current privilege level (CPL) which may support levels from 0 to 3 with 3 as the lowest level (such as a user application) and 3 as the highest (such as a kernel of the operating system). The task may either run at a user level (e.g., CPL=3) or at a supervisor level (e.g., CPL<3).) and the at least one permission register has a plurality of portions storing permission data for the plurality of privileged registers respectively (Koufaty, [0021] Based on the classification, the user domain of the memory (or portions of memory identified with the user mode) and the supervisor domain (or portions of memory identified with the supervisor mode) may be protected by separate permission registers. In certain implementations, the permission register associated with user domains may be modified directly by user application without the assistance of the kernel of the operating system.)

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Masuyama (2002/0184345) in view of Koufaty (2016/0110298) in view of Smith (2004/00221036).

Regarding claim 20, Masuyama and Koufaty teach
the computer processor of claim 19, wherein the predefined domains comprise at least one of a domain of hypervisor, a domain of operating system, or a domain of application, or any combination thereof.
Masuyama teaches partitioning into domains with an operating system on each domain as part of the background art (Masuyama, [0004] Multi-node computer networks are often partitioned into domains, with each domain functioning as an independent machine with its own address space. An operating system runs separately on each domain. Partitioning permits the resources of a computer network to be efficiently allocated to different tasks).  Masuyama does not explicitly teach a domain for operating system.  For compact prosecution Smith is cited to teach a domain for an operating system.
However Smith teaches a domain for operating system (Smith [0027] Domains A and B may be configured to run independent operating systems which may be the same or different operating systems.)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have combined Smith’s operating system with Masuyama’s partitions because doing so is a typical method of domain partitioning2 and allows support for different permissions that an operating system has (Smith [0027] Certain control and status registers 232 may be
configured with differing access rights.  It is noted that numerous components within a system may include control and/or status registers which correspond to the operations of that particular component)

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRUCE S ASHLEY whose telephone number is (571)270-0315. The examiner can normally be reached 9-5 PDT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jay Kim can be reached on 571-272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BRUCE S ASHLEY/Examiner, Art Unit 2494                                                                                                                                                                                                        

/ROBERT B LEUNG/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        10-21-2022


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 How the invention is able to process the request (what data structure or technique it uses) to read the permission data is not claimed, so to argue Masuyama’s data structure (address map and routing table) is off point. 
        2 Deshpande, (2010/0228943) [0018] Typically, operating system images are instantiated in individual partitions