DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objections

Claim 29 is objected to because of the following informalities:  
[A] Claim 29:Line 2 – denied .

Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-9, 11-26, and 28-30 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
The claims have been amended to recite that applications executing outside of the secure engine … are always denied access to the data portions stored with the respective instructions in the execute-only storage.  The applicant’s originally filed specification describes that software may execute (i.e., access) the instructions stored in portion 104 (SPEC ¶0033) and that the presence of the portion of the secret data has no impact on the result of the execution of the instruction (SPEC ¶0047).  The nearest disclosure to what the applicant is claiming relates to the secure engine being inaccessible to the software such that software cannot use the circuit to access the confidential software stored in the execute-only memory (SPEC ¶0036).  However, being unable to use the secure engine to access the secret data is not the same as software always being denied access to the data portions stored with the respective instructions in the execute-only storage.  Since the applicant’s specification explicitly describes that the software can access the execute-only memory to execute the instructions (instructions including secret data) stored there, the amendments are considered to include new matter.

Claim Rejections - 35 USC § 103




In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-9 and 11-26 are rejected under 35 U.S.C. 103 as being unpatentable over LEMAY et al. (US PGPub No. 2016/0378490 A1), hereinafter referred to as LEMAY.

Consider Claim 1, 
LEMAY teaches a device, comprising: 
processing circuitry (LEMAY, e.g, Fig 1, shows processing circuitry.); and 
a memory coupled to the processing circuitry, the memory including an execute- only storage (LEMAY, e.g., Fig 1, shows an execute only memory (XOM) region (108).) having a plurality of locations (LEMAY, e.g., ¶0015, XOM region may encompass multiple pages.), each storing an instruction (LEMAY, e.g., ¶0015, XOM stores execute-only code pages (i.e., storing instructions).), wherein data stored in the execute-only storage is divided into a plurality of portions (LEMAY, e.g., ¶0015, XOM region may encompass multiple pages (i.e., region is divided into a plurality of portions);¶0028, any number of instructions can be used to accommodate secret data of arbitrary length.), each data portion stored in one of the locations with a respective instruction (LEMAY, e.g., Fig 8;¶0055+, establish a code page having an instruction used to access a hidden secret in XOM;Fig 6(620), shows a code page including a secret.); and
a secure engine coupled to the memory and configured to read from and write into locations of the execute-only storage (LEMAY, e.g., Fig 7; ¶0054+, VMM (e.g., a secure engine) installs to memory and marks the memory as execute only;¶0049, VMM may intercept all possible interrupts and exchanges and clear any secrets that may be loaded in memory and registers;¶0016, trusted VMM may mark pages execute only.), wherein applications executing outside of the secure engine are always denied read and write access to the data portions stored with the respective instructions in the execute-only storage (LEMAY, e.g., ¶0046, A page containing a secret 
is marked execute-only, for example using a trusted VMM (execute-only describes a mode where read and write access are denied to all applications); ¶0055, if the transaction mode is not enabled, the load instruction may generate a fault (describes also denying execute access in some contexts;).
	LEMAY describes that execute-only code pages are managed by the VMM (LEMAY, e.g., ¶0054), that a user may verify a trusted VMM is in place before installing software elements (LEMAY, e.g., ¶0052), and that some virtualization technologies may be configured by the VMM to block device access to execute-only pages (LEMAY, e.g., ¶0016).  Thus, LEMAY describes that the VMM is functioning as a secure engine and the software with access to the execute-only memory is disclosed as running on top of the trusted VMM alongside the VMM’s ability to block device access to the execute-only memory, but is silent as to how access to the execute-only memory is managed for applications executing outside of the VMM (i.e., secure engine) and fails to expressly describe wherein applications executing outside of the secure engine are always denied access to the data portions stored with the respective instructions in the execute-only storage.  The examiner additionally notes that, in the most general sense, the only two options are to allow or not allow access.  Therefore, it would have been obvious to a person of ordinary skill in the art to modify the system of LEMAY to always deny access to items outside of the VMM (i.e., secure engine) because it is constrains access to execute-only memory to the element managing the execute only pages (i.e., VMM) and is the most secure of a plurality of options (e.g., allowing or not allowing access for applications external to the VMM).
	LEMAY further describes dedicated security modules that work with the VMM to secure a computing platform (see, e.g., LEMAY:Fig 7;¶0054, openSSL and RSA processing modules.) and additionally identifies that a module, as used in any embodiment, may be embodied as circuitry (LEMAY, e.g., ¶0058).  In this context,  LEMAY clearly articulates that security elements implemented in software (LEMAY, e.g., ¶0058, module may be software.) may be embodied as circuitry while failing to expressly describe that the secure engine operates on hardware separate from the processing circuitry.  Although LEMAY articulates that software security modules may be implemented in hardware (i.e., switching is just a simple substitution of hardware for software to obtain predictable results) there is no disclosure that the specific software constructs used to perform the functions of the secure engine described in the instant claims are present in hardware separate from the processor.  Therefore, it would have been obvious to a person of ordinary skill in the art, prior to the effective filing date of the claimed invention, to migrate the functions associated with a secure engine into hardware separate from the processor because hardware functions are transparent to the environment (the OS operating on the processor) in which they operate thus improving overall system security.

Consider Claim 2, 
The modified system of LEMAY further teaches wherein the locations have a same size (LEMAY, e.g., ¶0043+, assume code pages have a minimum possible size in the absence of a mechanism to determine extent.  This is considered a teaching that the locations may be the same size or a different size depending on a system configuration.).

Consider Claim 3, 
The modified system of  LEMAY further teaches wherein a size of each portion is less than the size of the locations (LEMAY, e.g., Fig 6, illustrates that the secret is smaller than a location (i.e., cade page).).

Consider Claim 4, 
The modified system of LEMAY further teaches wherein a data portion stored with a respective instruction does not impact execution of the instruction (LEMAY, e.g., ¶0046+, configured to include instruction prefixes that are ignored (i.e., do not impact execution).).

Consider Claim 5, 
The modified system of LEMAY further teaches wherein one or more of the locations storing data portions store invalid instructions (LEMAY, e.g., Fig 5, shows NOP padding (i.e., invalid instructions);¶0046+, uses NOP instructions.).

Consider Claim 6, 
The modified system of LEMAY further teaches wherein a data portion is stored in bits of a location which are not used by the instruction stored in the location (LEMAY, e.g., ¶0046+, encode secret as immediate values of an instruction … which include prefixes that are ignored when preceding a NOP.).

Consider Claim 7, 
The modified system of LEMAY further teaches wherein the data portions are stored in successive locations of the execute-only storage (LEMAY, e.g., ¶0028+, instructions may be pipelined to accommodate secret data of arbitrary length.  In this context, the memory locations are at least temporally successive.).

Consider Claim 8, 
The modified system of LEMAY further teaches wherein the successive locations are preceded by at least one location storing an invalid instruction (LEMAY, e.g., Fig 5, shows NOP padding used in XOM locations.).

Consider Claim 9, 
The modified system of LEMAY further teaches wherein a data portion is not stored on a set of most significant bits of a location (LEMAY, e.g., Fig 5, shows encoded secret not located on a set of MSB).

Consider Claim 11, 
The modified system of LEMAY further teaches wherein the data corresponds to secret information (LEMAY, e.g., Fig 5(508).).

Consider Claim 12, 
The modified system of LEMAY further teaches wherein the memory includes read storage, which, in operation, stores applications executable by the processing circuitry (LEMAY, e.g., ¶0058, an application may be embodied as code or instructions which may be executed;¶0014, execute instructions fetched from memory module … memory may include transactional memory.  In other words, LEMAY describes that the memory (106) can include code or instructions which may be executed (e.g., applications) even without XOM region (108).).

Consider Claim 13, 
LEMAY teaches a system, comprising: 
	processing circuitry (LEMAY, e.g., Fig 1, shows processing circuitry);
a secure circuit (LEMAY, e.g., Fig 1(102);¶0015+, VMM manages access.); and 
a memory coupled to the processing circuitry and the secure engine, the memory including an execute-only memory (LEMAY, e.g., Fig 1, shows an execute only memory (XOM) region (108).) having a plurality of locations (LEMAY, e.g., ¶0015, XOM region may encompass multiple pages.), each location storing an instruction (LEMAY, e.g., ¶0015, XOM stores execute-only code pages (i.e., storing instructions).), the execute-only memory storing data divided into a plurality of data portions (LEMAY, e.g., ¶0015, XOM region may encompass multiple pages (i.e., region is divided into a plurality of portions);¶0028, any number of instructions can be used to accommodate secret data of arbitrary length.), each data portion stored in one of the locations with a respective instruction (LEMAY, e.g., Fig 8;¶0055+, establish a code page having an instruction used to access a hidden secret in XOM;Fig 6(620), shows a code page including a secret.), wherein,
the memory includes a read memory, which, in operation, stores executable applications executable on the processing circuitry (LEMAY, e.g., ¶0054, The VM launches and in turn starts up a web server application.  Launching and starting applications requires a readable memory.); and
applications executing outside of the secure engine are denied read and write access to the data portions stored with the respective instructions in the execute-only storage (LEMAY, e.g., ¶0046, A page containing a secret 
is marked execute-only, for example using a trusted VMM (execute-only describes a mode where read and write access are denied to all applications); ¶0055, if the transaction mode is not enabled, the load instruction may generate a fault (describes also denying execute access in some contexts.).
LEMAY describes that execute-only code pages are managed by the VMM (LEMAY, e.g., ¶0054), that a user may verify a trusted VMM is in place before installing software elements (LEMAY, e.g., ¶0052), and that some virtualization technologies may be configured by the VMM to block device access to execute-only pages (LEMAY, e.g., ¶0016).  Thus, LEMAY describes that the VMM is functioning as a secure engine and the software with access to the execute-only memory is disclosed as running on top of the trusted VMM alongside the VMM’s ability to block device access to the execute-only memory, but is silent as to how access to the execute-only memory is managed for applications executing outside of the VMM (i.e., secure engine) and fails to expressly describe wherein applications executing outside of the secure engine are always denied access to the data portions stored with the respective instructions in the execute-only storage.  The examiner additionally notes that, in the most general sense, the only two options are to allow or not allow access.  Therefore, it would have been obvious to a person of ordinary skill in the art to modify the system of LEMAY to always deny access to items outside of the VMM (i.e., secure engine) because it is constrains access to execute-only memory to the element managing the execute only pages (i.e., VMM) and is the most secure of a plurality of options (e.g., allowing or not allowing access for applications external to the VMM).
	LEMAY further describes dedicated security modules that work with the VMM to secure a computing platform (see, e.g., LEMAY:Fig 7;¶0054, openSSL and RSA processing modules.) and additionally identifies that a module, as used in any embodiment, may be embodied as circuitry (LEMAY, e.g., ¶0058).  In this context,  LEMAY clearly articulates that security elements implemented in software (LEMAY, e.g., ¶0058, module may be software.) may be embodied as circuitry while failing to expressly describe that the secure engine operates on hardware separate from the processing circuitry.  Although LEMAY articulates that software security modules may be implemented in hardware (i.e., switching is just a simple substitution of hardware for software to obtain predictable results) there is no disclosure that the specific software constructs used to perform the functions of the secure engine described in the instant claims are present in hardware separate from the processor.  Therefore, it would have been obvious to a person of ordinary skill in the art, prior to the effective filing date of the claimed invention, to migrate the functions associated with a secure engine into hardware separate from the processor because hardware functions are transparent to the environment (the OS operating on the processor) in which they operate thus improving overall system security.

Consider Claim 14, 
The modified system of LEMAY further teaches wherein the locations have a same size (LEMAY, e.g., ¶0043+, assume code pages have a minimum possible size in the absence of a mechanism to determine extent.  This is considered a teaching that the locations may be the same size or a different size depending on a system configuration.).

Consider Claim 15, 
The modified system of LEMAY further teaches wherein the locations storing data portions store invalid instructions  (LEMAY, e.g., Fig 5, shows NOP padding (i.e., invalid instructions);¶0046+, uses NOP instructions.).

Consider Claim 16, 
The modified system of LEMAY further teaches wherein the data portions are stored in successive locations of the execute-only memory  (LEMAY, e.g., ¶0028+, instructions may be pipelined to accommodate secret data of arbitrary length.  In this context, the memory locations are at least temporally successive.).

Consider Claim 17, 
The modified system of LEMAY further teaches wherein the successive locations are preceded by at least one location storing an invalid instruction (LEMAY, e.g., Fig 5, shows NOP padding used in XOM locations.).

Consider Claim 18, 
The modified system of LEMAY further teaches wherein a data portion is stored on a set of least significant bits of a location (LEMAY, e.g., Fig 5, shows secret stored on a set of least significant bits (LSB).  For example, the set of LSB defined to include elements 508 and 510 include a stored data portion.).

Consider Claim 19, 
The modified system of LEMAY further teaches wherein the secure engine, in operation, reads from and writes into locations of the execute-only memory (LEMAY, e.g., Fig 7; ¶0054+, VMM (e.g., a secure engine) installs to memory and marks the memory as execute only;¶0049, VMM may intercept all possible interrupts and exchanges and clear any secrets that may be loaded in memory and registers;¶0016, trusted VMM may mark pages execute only.).

Consider Claim 20, 
LEMAY teaches a method, comprising: 
storing, using a secure engine operating on hardware, instructions into individual storage locations (LEMAY, e.g., ¶0015, XOM stores execute-only code pages (i.e., storing instructions).) of an execute-only memory (LEMAY, e.g., Fig 1, shows an execute only memory (XOM) region (108), ¶0054+, VMM (e.g., a secure engine).); 
dividing, using the secure engine, data into a plurality of data portions (LEMAY, e.g., ¶0015, XOM region may encompass multiple pages (i.e., region is divided into a plurality of portions);¶0028, any number of instructions can be used to accommodate secret data of arbitrary length.); and 
storing, using the secure engine, the data portions with respective instructions stored in the execute-only memory (LEMAY, e.g., Fig 8;¶0055+, establish a code page having an instruction used to access a hidden secret in XOM;Fig 6(620), shows a code page including a secret.); and
always denying read and write access to the data portions stored with the respective instructions in the execute-only memory to applications executing on the processor (LEMAY, e.g., ¶0046, A page containing a secret is marked execute-only, for example using a trusted VMM (execute-only describes a mode where read and write access are denied to all applications); ¶0055, if the transaction mode is not enabled, the load instruction may generate a fault (describes also denying execute access in some contexts.).
LEMAY describes that execute-only code pages are managed by the VMM (LEMAY, e.g., ¶0054), that a user may verify a trusted VMM is in place before installing software elements (LEMAY, e.g., ¶0052), and that some virtualization technologies may be configured by the VMM to block device access to execute-only pages (LEMAY, e.g., ¶0016).  Thus, LEMAY describes that the VMM is functioning as a secure engine and the software with access to the execute-only memory is disclosed as running on top of the trusted VMM alongside the VMM’s ability to block device access to the execute-only memory, but is silent as to how access to the execute-only memory is managed for applications executing outside of the VMM (i.e., secure engine) and fails to expressly describe wherein applications executing outside of the secure engine are always denied access to the data portions stored with the respective instructions in the execute-only storage.  The examiner additionally notes that, in the most general sense, the only two options are to allow or not allow access.  Therefore, it would have been obvious to a person of ordinary skill in the art to modify the system of LEMAY to always deny access to items outside of the VMM (i.e., secure engine) because it is constrains access to execute-only memory to the element managing the execute only pages (i.e., VMM) and is the most secure of a plurality of options (e.g., allowing or not allowing access for applications external to the VMM).
	LEMAY further describes dedicated security modules that work with the VMM to secure a computing platform (see, e.g., LEMAY:Fig 7;¶0054, openSSL and RSA processing modules.) and additionally identifies that a module, as used in any embodiment, may be embodied as circuitry (LEMAY, e.g., ¶0058).  In this context,  LEMAY clearly articulates that security elements implemented in software (LEMAY, e.g., ¶0058, module may be software.) may be embodied as circuitry while failing to expressly describe that the secure engine operates on hardware separate from the processing circuitry.  Although LEMAY articulates that software security modules may be implemented in hardware (i.e., switching is just a simple substitution of hardware for software to obtain predictable results) there is no disclosure that the specific software constructs used to perform the functions of the secure engine described in the instant claims are present in hardware separate from the processor.  Therefore, it would have been obvious to a person of ordinary skill in the art, prior to the effective filing date of the claimed invention, to migrate the functions associated with a secure engine into hardware separate from the processor because hardware functions are transparent to the environment (the OS operating on the processor) in which they operate thus improving overall system security.

Consider Claim 21, 
The modified system of LEMAY further teaches wherein the storage locations of the execute-only memory have a same size (LEMAY, e.g., ¶0043+, assume code pages have a minimum possible size in the absence of a mechanism to determine extent.  This is considered a teaching that the locations may be the same size or a different size depending on a system configuration.).

Consider Claim 22, 
The modified system of LEMAY further teaches wherein the storage locations are words of the execute-only memory (LEMAY, e.g., ¶0028+, a single operand may be 4 bytes (i.e., 2 words); ¶0030, NOP padding may be up to 6 bytes (i.e., 3 words). Therefore, a location of the XOM is necessarily comprised of words.).

Consider Claim 23, 
The modified system of LEMAY further teaches wherein the storage locations storing data portions store invalid instructions  (LEMAY, e.g., Fig 5, shows NOP padding (i.e., invalid instructions);¶0046+, uses NOP instructions.).

Consider Claim 24, 
The modified system of LEMAY further teaches wherein the data portions are stored in successive locations of the execute-only memory  (LEMAY, e.g., ¶0028+, instructions may be pipelined to accommodate secret data of arbitrary length.  In this context, the memory locations are at least temporally successive.).

Consider Claim 25, 
The modified system of LEMAY further teaches wherein the successive locations are preceded by at least one location storing an invalid instruction (LEMAY, e.g., Fig 5, shows NOP padding used in XOM locations.).

Consider Claim 26, 
The modified system of LEMAY further teaches storing a data portion on a set of least significant bits of a storage location (LEMAY, e.g., Fig 5, shows secret stored on a set of least significant bits (LSB).  For example, the set of LSB defined to include elements 508 and 510 include a stored data portion.).

Consider Claim 28, 
The modified system of LEMAY further teaches always denying read and write access to the execute-only memory to applications executing on the processor (LEMAY, e.g., ¶0046, A page containing a secret is marked execute-only, for example using a trusted VMM (execute-only describes a mode where read and write access are denied to all applications).).

Consider Claim 29, 
The modified system of LEMAY further teaches wherein applications executing on the processor are always denying read and write access to the execute-only storage (LEMAY, e.g., ¶0046, A page containing a secret is marked execute-only, for example using a trusted VMM (execute-only describes a mode where read and write access are denied to all applications).).

Consider Claim 30, 
The modified system of LEMAY further teaches wherein applications executing outside of the secure circuit are always denied read and write access to the execute-only memory (LEMAY, e.g., ¶0046, A page containing a secret is marked execute-only, for example using a trusted VMM (execute-only describes a mode where read and write access are denied to all applications).).

Response to Arguments
Applicant's arguments filed 15SEP2022 have been fully considered but are moot in view of the updated grounds for rejection necessitated by the applicant’s amendments. 

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Gary W Cygiel whose telephone number is (571)270-1170. The examiner can normally be reached Monday - Thursday 11am-3pm PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Arpan P Savla can be reached on (571) 272-1077. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Gary W. Cygiel/Primary Examiner, Art Unit 2137