Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
	

Allowable Subject Matter
Claims 12-14 are allowed.
The following is a statement of reasons for the indication of allowable subject matter:  

The prior art of record (in particular, Watt U.S. Publication 20040177261 (hereinafter "Watt"), Krueger et al. U.S. Publication 20180203610 (hereinafter “Krueger”), Thathapudi U.S. Patent 8209510 (hereinafter "Thathapudi"), and Angelino U.S. Publication 20180218150 (hereinafter "Angelino")) does not expressly disclose all the limitations recited in independent claim 12 and the combination of their features thereon. With respect to independent claim 12 the closest prior art does not disclose at least the following limitations in the recited context:


CLAIM 12
the control circuitry is configured to determine whether the security checking 30procedure still needs to be performed for a given memory access transaction, on the basis of the security check indication specified by the given memory access transaction and the cache entry check indicator of a cache entry corresponding to the combination of the target address and the issuing security domain for the given memory access transaction.  


Rather, Watt discloses a processor executing an application sends a memory access request specifying a memory address to a memory management logic. The memory access request may include a domain signal that indicates a secure/non-secure originating domain. The domain signal may be reflected in a domain status register and/or predetermined pin. A partition checking logic (or further partition checking logic) can be triggered to check whether a memory access request from a non-secure domain is allowed to access secure or non-secure memory.  Determining whether to grant access may be based on partitioning information defining the secure and non-secure memory [Watt para. 16, 23, 0022, 471, 0458, 471, 514]. 
However, Watt does not disclose at least the features of claim 12 quoted above.  
To this, Kruger adds including an additional security state indication along with the domain identifier in the memory access transaction. The additional security state indication indicates whether it is known that the memory access is allowed or whether the domain of the requesting party for the memory access transaction must be referenced to determine whether to allow or deny the memory access transaction [Krueger, para. 104-105 and the table in para. 105]. Thathapudi adds raising an error signal when a software process attempts to write beyond the memory allocated from a secure page for any given software object [Thathapudi, 2:53-65]. Angelino adds a monitor provides required security credentials so that an access request from a less secure region can access memory in a more secure region [Angelino, para. 35-36, 44]. 
However, the combination of Watt, Krueger, Thathapudi, and Angelino does not teach at least the features of claim 12 quoted above. 
Dependent claims 13 and 14 are allowed in view of their respective dependence from independent claim 12.
For the reasons described above, the prior art of record does not disclose, with respect to claims 12-14, features corresponding to those of claims 12-14 in their respective contexts. 
None of the prior art of record, either taken by itself or in any combination, would have anticipated or made obvious the claimed embodiments of claims 12-14 at or before the time it was filed.

Response to Amendment
This communication is in response to the amendment filed on 10/27/2022. The Examiner acknowledges amended claims 1-18. Claim 19 has been canceled. No claim has been added.  Claims 1-18 are pending and claims 1-11 and 15-18 are rejected. Claims 12-14 are allowed. Claims 1, 12, and 15 are independent. 
	
	
The rejection(s) of claims under 35 U.S.C. § 112 are withdrawn in view of Applicant's amendments.

	
Response to Arguments
Applicant's arguments filed 10/27/2022 have been fully considered.  Applicant argues (see Remarks, page 4, bottom paragraph-page 13, top paragraph) that the references cited in the previous rejection fail to disclose the newly amended claim features.  This argument is persuasive. Therefore, the rejections are withdrawn. However, upon further consideration, a new ground of rejection is made in view of Watt et al. U.S. Publication 20040177261 (hereinafter “Watt”) in view of Krueger et al. U.S. Publication 20180203610 (hereinafter “Krueger”).
Krueger teaches including an additional security state indication along with domain identifier in the memory access transaction. See the table above para. 106 in Krueger. The column indicated by “NS” is the security state. When the security state is 1, that is sufficient to indicate the requesting party has access to the requested memory address. When the security state is 0, whether or not there is allowed memory access depends on the domain indicated under the column “MPAM_NS.” This is described under the column labeled “meaning”. Thus, the Krueger security state indication is also indicative of whether it is already known that the memory access transaction would pass a security checking procedure or requires a security checking procedure to be performed. See Krueger at para. 104, 105.
Independent claim 15 recites limitations analogous to the limitations of claim 1 and is also rejected for similar reasons. Regarding applicant’s arguments with respect to the dependent claims 2-11 and 16-18, applicant’s amendments to the independent claims have necessitated a new ground of rejection with respect to the independent claims from which the dependent claims depend, thereby requiring new grounds of rejection for the dependent claims also. 
Applicant's arguments/amendments have been fully considered, but are moot in view of the new grounds of rejection. Note that this action is made FINAL. See MPEP § 706.07(a).
Accordingly, Applicant's argument is persuasive, the rejection is withdrawn, and new ground(s) of rejection are presented herein.

	

	
	
	
	
	
	
	


Claim Rejections - 35 USC § 103
	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
	
	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1-3, 5-9, 11, and 15-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Watt et al. U.S. Publication 20040177261 (hereinafter “Watt”) in view of Krueger et al. U.S. Publication 20180203610 (hereinafter “Krueger”).
As per claim 1, Watt discloses 
A memory system component comprising: 
transaction handling circuitry to receive memory access transactions, each memory access transaction specifying at least: 
(Watt discloses a memory request specifying virtual address is passed to MMU 200 [Watt para. 0458, 0022].
	memory system component = memory management logic 30 [0458] …..memory management unit [Watt para. 0025, figure 56 element 200] and memory protection unit together [Watt para. 0032]
receive memory access transactions = upon receipt of a memory access request[Watt para. 0025]
transaction handling circuitry = memory management unit  [Watt ¶ 0025] and integrated circuit [Watt ¶ 0619]
)
[Watt ¶ 0619] Every integrated circuit (IC)1 consists of two kind of logic:
[Watt ¶ 0025] A memory management unit  is provided in one embodiment which is operable, upon receipt of a memory access request issued by the processor when the processor wishes to access an item of data in the memory, … to ensure that the processor in its current mode of operation is entitled to access the data item requested
[Watt 0458] FIG. 37 … memory management logic 30 … consists of a Memory Management Unit (MMU) 200 and a Memory Protection Unit (MPU) 220. Any memory access request issued by the core 10 that specifies a virtual address will be passed over path 234 to the MMU 200, the MMU 200 being responsible for performing predetermined access control functions 

[Watt 0032] data processing apparatus further comprises a memory protection unit within which the further partition checking logic is provided, … the memory protection unit is operable to perform at least memory access permission processing to verify whether the memory location specified by the physical address is accessible in said particular secure mode. Hence, when the processor is operating in a particular secure mode, the access is managed solely by a memory protection unit managed by the secure operating system.

an issuing domain identifier which indicates an issuing security domain specified by an issuing master device for the memory access transaction, where the issuing security domain is one of a plurality of security domains; 
(Watt discloses a domain signal, called the domain bit [Watt ¶ 471] or the S bit [Watt ¶ 0514, 0298] that indicates the domain issuing a memory request.
issuing domain identifier=domain signal, which is the domain bit [Watt para. 471], also called the S bit [Watt para. 514, 298]
issuing master device = device issuing the memory access request  [Watt 0514]
plurality of security domains = secure/non-secure [Watt ¶ 0514]
)
[Watt ¶ 0471] The memory protection unit is managed by the secure operating system, which is able to set within registers of the CP15 34 partitioning information defining the partitions between the secure memory and the non-secure memory. The partition checker 222 is then able to reference that partitioning information in order to determine whether access control information is being transferred to the micro-TLB 206 which would allow access by the core 10 in a non-secure mode to secure memory. More particularly, in preferred embodiments, when the core 10 is operating in a non-secure mode of operation, as indicated by the domain bit set by the monitor mode within the CP15 domain status register, the partition checker 222 is operable to monitor via path 244 any physical address portion seeking to be retrieved into the micro-TLB 206 from the main TLB 208 and to determine whether the physical address that would then be produced for the virtual address based on that physical address portion would be within the secure memory. In such circumstances, the partition checker 222 will issue an abort signal over path 230 to the core 10 to prevent the memory access from taking place.
[Watt ¶ 0297] S bit: Secure state bit, contained in a dedicated CP15 register.
[Watt ¶ 0514] This domain signal, also referred to herein as the "S bit" will identify whether the device issuing the memory access request is operating in secure domain or non-secure domain, and this information will be received by the partition checker 492 coupled to the external bus. The partition checker 492 will also have access to the partitioning information identifying which regions of memory are secure or non-secure, and accordingly can be arranged to only allow a device to have access to a secure part of memory if the S bit is asserted to identify a secure mode of operation.
[Watt ¶ 0298] `Secure/Non-Secure state`. This state is defined by the S bit value. It indicates whether the core may access the Secure world (when it is in Secure state, i.e. S=1) or is restricted to the Non-secure world only (S=0). Note that the Monitor mode (see further) overrides the S bit status.

a target address (physical address [Watt ¶ 0028] or virtual address [Watt ¶ 0028, ¶ 0458]); and 
a security check indication (the predetermined pin [Watt ¶ 0016, 0513]) which indicates whether it is already known that the memory access transaction would pass a security checking procedure 
 (
already known that the memory access transaction would pass a security checking procedure can be disclosed by ‘the domain signal can be incorporated within the memory access request in a variety of ways. Preferably, the domain signal is asserted at the hardware level and hence is only assertable by an application which the device itself has verified is able to be run in the secure domain’ [Watt ¶ 0016]. An application running in a secure domain means application will assert secure domain signal for memory access request, thereby allowing application access to secure memory is already known.
security check indication can be disclosed by domain bit set by the monitor mode within the CP15 domain status register [Watt 0471]
security check indication can also be disclosed by a predetermined pin [Watt ¶ 0016]; when the Watt predetermined pin indicates that the memory access request comes from a secure domain, that is an indication that it is already known that the memory access transaction would pass a security check procedure to check whether the signal came from secure or nonsecure domain.
said security checking procedure can be disclosed by ‘thus the partition checking logic can be triggered to check the memory access request in the event that that domain signal indicates that the device is operating in the non-secure domain.’ [Watt 0015] See partition checker 222 [Watt ¶ 0471]
said security checking procedure can also be disclosed by the procedure where the further partition checking logic determines whether the memory access request originated from secure or non-secure domain [Watt ¶ 0023]; this is an additional security checking that is performed by further partition checking logic 
); 
[Watt ¶ 0023] Since the partition checking logic coupled to the device bus cannot perform any partition checking function with regard to memory connected to the system bus, further partition checking logic is provided

[Watt ¶ 0028] memory access requests may specify virtual addresses, or in certain embodiments may specify physical addresses, 
[Watt ¶ 0016]  domain signal can be incorporated within the memory access request in a variety of ways. Preferably, the domain signal is asserted at the hardware level and hence is only assertable by an application which the device itself has verified is able to be run in the secure domain. Hence it would not be possible for a rogue application executing on the device to tamper with the setting of the domain signal. More particularly, in preferred embodiments, the device has a predetermined pin for outputting the domain signal onto the device bus, and by default the domain signal is set to indicate that the device is operating in a non-secure mode. Hence, in one embodiment, only when the device is executing secure applications in the secure domain will the domain signal be set to indicate that the device is operating in the secure domain, and only when that domain signal is set will the partition checking logic allow access to secure data in the memory.
[Watt ¶ 0513] FIG. 47 … a predetermined pin for outputting the domain signal onto path 490 within the external bus. 
[Watt 0015] partition checking logic can be triggered to check the memory access request in the event that that domain signal indicates that the device is operating in the non-secure domain. 
[Watt 0471]
domain bit set by the monitor mode within the CP15 domain status register, 

where said security checking procedure is for determining whether the memory access transaction indicating said issuing security domain is authorised to access the target address, based on control data indicative of which of the plurality of security domains are allowed to access the target address; and 
(Watt discloses information about the partitions between the secure memory and the non-secure memory [Watt ¶ 0013] and partitioning information defining the partitions between the secure memory and the non-secure memory [Watt ¶ 0471].  The target address can be disclosed by, for example, the physical address that would then be produced for the virtual address based on that physical address portion [Watt ¶ 0035].
said security checking procedure can be disclosed by ‘thus the partition checking logic can be triggered to check the memory access request in the event that that domain signal indicates that the device is operating in the non-secure domain.’ [Watt 0015] See partition checker 222 [Watt ¶ 0471]
said security checking procedure can also be disclosed by the procedure where the further partition checking logic determines whether the memory access request originated from secure or non-secure domain [Watt ¶ 22, 0023, 28]; this is an additional security checking that is performed by further partition checking logic 
control data can be disclosed by information about the partitions between the secure memory and the non-secure memory [Watt ¶ 0013], also described as partitioning information defining the partitions between the secure memory and the non-secure memory Watt [¶ 0471]
control data can include mappings, e.g., para. 508 and para. 48, which discloses mapped, which indicates a mapping between the physical address range and secure/non-secure physical area of memory
the target address = any physical address or virtual address [Watt ¶ 0471]; 
the target address is disclosed in ‘the physical address portion if the physical address that would then be produced for the virtual address is within the secure memory’ [Watt ¶ 0035] 
)
[Watt 0015]
In one embodiment, this domain signal hence identifies whether the device is operating in the secure domain or the non-secure domain, and thus the partition checking logic can be triggered to check the memory access request in the event that that domain signal indicates that the device is operating in the non-secure domain. 
[Watt 0022] further partition checking logic coupled to the system bus and operable whenever the memory access request is generated by the processor when operating in a non-secure mode in said non-secure domain to detect if the memory access request is seeking to access either the secure memory or the secure further memory, and upon such detection to prevent the access specified by that memory access request.
[Watt ¶ 0023] Since the partition checking logic coupled to the device bus cannot perform any partition checking function with regard to memory connected to the system bus, further partition checking logic is provided 
in such embodiments to ensure that when the processor is operating in a non-secure mode, it cannot access any part of the secure memory system, whether that be parts of the secure memory coupled to the device bus, or parts of the further memory that contains secure data. 
[Watt ¶ 0028] when the processor is operating in a non-secure mode, memory access requests will specify a virtual address, and the memory management unit is controlled by the non-secure operating system. In such embodiments, one of the preferred access control functions performed by the memory management unit comprises conversion of the virtual address to a physical address, the further partition checking logic being operable to prevent the access specified by that memory access request if the physical address to be generated by the memory management unit is within the secure memory.
[Watt ¶ 0035]  prevent the internal storage unit from storing as access control information the physical address portion if the physical address that would then be produced for the virtual address is within the secure memory. 
[Watt ¶ 0013] The partition checking logic will have access to information about the partitions between the secure memory and the non-secure memory. 
[Watt ¶ 0471] The memory protection unit is managed by the secure operating system, which is able to set within registers of the CP15 34 partitioning information defining the partitions between the secure memory and the non-secure memory. The partition checker 222 is then able to reference that partitioning information in order to determine whether access control information is being transferred to the micro-TLB 206 which would allow access by the core 10 in a non-secure mode to secure memory. More particularly, in preferred embodiments, when the core 10 is operating in a non-secure mode of operation, as indicated by the domain bit set by the monitor mode within the CP15 domain status register, the partition checker 222 is operable to monitor via path 244 any physical address portion seeking to be retrieved into the micro-TLB 206 from the main TLB 208 and to determine whether the physical address that would then be produced for the virtual address based on that physical address portion would be within the secure memory. In such circumstances, the partition checker 222 will issue an abort signal over path 230 to the core 10 to prevent the memory access from taking place.

the memory system component comprises control circuitry to determine, on the basis of the security check indication, whether the security checking procedure still needs to be performed.
(Watt discloses partition checking circuitry [Watt ¶ 0471, 0023, 0619]
control circuitry can be disclosed by partition checking logic plus the memory management logic 30 [Watt ¶ 0023, 0458, 487] and circuitry disclosed at [Watt ¶ 0619]
the memory system component comprises control circuitry = the partition checker 222 can be incorporated within the MMU 200.[0487] 
security check indication can be disclosed by domain bit set by the monitor mode within the CP15 domain status register [Watt 0471]
security check indication can be disclosed by a predetermined pin [Watt ¶ 0513]
determine, on the basis of the security check indication can be disclosed by partition checker checking the domain bit within the CP15 domain status register [Watt ¶ 0471]
determine, on the basis of the security check indication can also be disclosed by a predetermined pin for outputting the domain signal onto path 490 within the external bus [Watt ¶ 0513]  and ‘the device has a predetermined pin for outputting the domain signal onto the device bus …only when that domain signal is set will the partition checking logic allow access to secure data in the memory’. [Watt ¶ 0016]
said security checking procedure can be disclosed by ‘thus the partition checking logic can be triggered to check the memory access request in the event that that domain signal indicates that the device is operating in the non-secure domain.’ [Watt 0015] See partition checker 222 [Watt ¶ 0471]
said security checking procedure can also be disclosed by the procedure where the further partition checking logic determines whether the memory access request originated from secure or non-secure domain  [Watt ¶ 0023] e.g., ‘further partition checking logic is provided’; [Watt ¶ 0023]

determine whether the security checking procedure still needs to be performed is performed by the partition checking logic whenever the memory access request originates from a non-secure mode of operation [Watt 0015]
determine whether the security checking procedure still needs to be performed can also be disclosed as follows: Watt’s further partition checking logic is an additional security checking (a 2nd time determining whether the memory access request comes from a secure domain or non-secure domain) that is performed by further partition checking logic; when the partition checking logic determines that the memory access request comes from a non-secure domain, the partition checking logic effectively determines that further partition checking logic is required when the access request is to memory connected to the system bus [para. 23], thereby disclosing determine whether the security checking procedure still needs to be performed. 
Note Watt para. 23 memory connected to the Watt system bus is different from memory connected to the Watt device bus; see Watt para. 21; memory connected to the system bus has “further partition checking logic” to determine whether access is granted
)
[Watt 0015] this domain signal hence identifies whether the device is operating in the secure domain or the non-secure domain, and thus the partition checking logic can be triggered to check the memory access request in the event that that domain signal indicates that the device is operating in the non-secure domain. 
[Watt ¶ 0016] the device has a predetermined pin for outputting the domain signal onto the device bus, and by default the domain signal is set to indicate that the device is operating in a non-secure mode. Hence, in one embodiment, only when the device is executing secure applications in the secure domain will the domain signal be set to indicate that the device is operating in the secure domain, and only when that domain signal is set will the partition checking logic allow access to secure data in the memory.
[Watt ¶ 0023] Since the partition checking logic coupled to the device bus cannot perform any partition checking function with regard to memory connected to the system bus, further partition checking logic is provided in such embodiments to ensure that when the processor is operating in a non-secure mode, it cannot access any part of the secure memory system, whether that be parts of the secure memory coupled to the device bus, or parts of the further memory that contains secure data. 
[Watt ¶ 0514] This domain signal, also referred to herein as the "S bit" will identify whether the device issuing the memory access request is operating in secure domain or non-secure domain, and this information will be received by the partition checker 492 coupled to the external bus. The partition checker 492 will also have access to the partitioning information identifying which regions of memory are secure or non-secure, and accordingly can be arranged to only allow a device to have access to a secure part of memory if the S bit is asserted to identify a secure mode of operation.
[Watt ¶ 0513] FIG. 47… a device capable of operating in secure or non-secure domains will include a predetermined pin for outputting the domain signal onto path 490 within the external bus. 
[Watt ¶ 0022] further partition checking logic coupled to the system bus and operable whenever the memory access request is generated by the processor when operating in a non-secure mode in said non-secure domain to detect if the memory access request is seeking to access either the secure memory or the secure further memory, and upon such detection to prevent the access specified by that memory access request.
[Watt ¶ 0021] the memory coupled to the device bus can take a variety of forms, … may also be certain memory connected to the system bus
[Watt 0487] FIG. 38...the partition checker 222 can be incorporated within the MMU 200. 
[Watt 0030] In one embodiment, all modes of operation of the processor employ virtual addresses for memory access requests, and the further partition checking logic is provided within the memory management unit

	However, Watt does not expressly disclose 
	wherein the memory access transaction supports a plurality of encodings including at least: 
a first encoding specifying a given value for the issuing domain identifier and a first value for the security check indication; and 
a second encoding specifying said given value for the issuing domain identifier and a second value for the security check indication.

Krueger discloses including an additional security state indication along with domain identifier in the transaction memory access transaction
(See Krueger 
security check indication = secure state indication Krueger [0104]
see the table above para. 106 in Krueger. The column indicated by “NS” is the security state. When the security state is 1, that is sufficient to indicate the requesting party has access. When the security state is 0, whether or not there is allowed access depends on the domain from which the transaction is issued indicated under the column “MPAM_NS.” This is described under the column labeled “meaning”. Thus, the Krueger security state is also indicative of whether it is already known that the memory access transaction would pass a security checking procedure or requires security checking procedure still need to be performed.
)
Krueger [0104]
At step 150 of FIG. 7, the memory transaction is issued specifying the PMG and PARTID (either in the original form read from the selected partition ID register, or following remapping at step 122), as well as a secure state indication indicating whether the security state in which the transaction was issued. The secure state indication is included so that the partition IDs allocated in the secure domain may use a completely separate partition ID space from the partition IDs allocated for the less secure domain (rather than allocating some partition IDs from a single ID space to the secure processes, which could allow non-secure processes to infer information about the secure processes that are provided). By providing complete separation between the secure and less secure worlds, security can be improved. The security indication provided with the transaction indicates which security state the transaction is issued from. 
Krueger [0105] This security indication may be provided separately from any address-based security indication indicating whether the target address of the transaction is secure or non-secure. That is, regions of the memory address space may be designated as secure or non-secure, with the secure regions being accessible only from the secure domain while the non-secure regions are accessible in both the secure and non-secure domains. Such an address-based security indication may be included with transactions in case the memory system includes further control structures, such as a system MMU, which control access in dependence on whether the address is in a secure or non-secure region. However, since the secure domain can access both non-secure and secure regions of the address space, this address-based security indication is not enough to identify whether the process which issued the transaction was secure or non-secure. Therefore, the memory transactions may separately identify both the domain from which the transaction is issued (MPAM_NS) and the security state associated with the target address (NS):

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Watt with the technique for including security state indication in the transaction memory access transaction of Krueger to include 
	wherein the memory access transaction supports a plurality of encodings including at least: 
a first encoding specifying a given value for the issuing domain identifier and a first value for the security check indication; and 
a second encoding specifying said given value for the issuing domain identifier and a second value for the security check indication.

One of ordinary skill in the art would have made this modification to improve the ability of the system to perform more efficiently by not performing additional security checking when unnecessary. The system of the base reference may be modified to encode a value such as the security state indication in each transaction, which indicates whether the transaction is allowed or the transaction needs security checking to be performed. The system of the primary reference may be modified to check the security indication to determine whether it is needed to check the domain in order to grant or deny access. Further, adding the security indication would facilitate using a completely separate partition ID space for secure domain and the less secure domain, as described in para. 104 of Krueger.


As per claim 2, the rejection of claim 1 is incorporated herein. 
Watt discloses wherein when the control circuitry determines that the security checking procedure still needs to be performed, the control circuitry is configured to control security checking circuitry to perform the security checking procedure.  
(
control circuitry can be disclosed by partition checking logic plus the memory management logic 30 [Watt ¶ 0023, 0458, 487, 0619] 
security checking circuitry can be disclosed by the partition checking logic [Watt 0015] or partition checker  [Watt ¶ 0471, 0619]
security checking circuitry can also be disclosed by  further partition checking logic  [Watt ¶ 22, 0023] and/or further partition checker [para. 511, 0619]
said security checking procedure can be disclosed by the procedure where the partition checking logic determines whether the memory access request originated from secure or non-secure domain and whether to grant access based on whether the target address is in secure or nonsecure memory [Watt 0015] See partition checker 222 [Watt ¶ 0471]
security checking circuitry to perform the security checking procedure can also be disclosed by the procedure where the further partition checking logic determines whether the memory access request originated from secure or non-secure domain  [Watt ¶ 22, 0023]
the partition checking logic determining no access granted is a control signal to the further partition checking logic to determine whether to grant access  [Watt ¶ 22, 0023]
)

[Watt 0015]
In one embodiment, this domain signal hence identifies whether the device is operating in the secure domain or the non-secure domain, and thus the partition checking logic can be triggered to check the memory access request in the event that that domain signal indicates that the device is operating in the non-secure domain. In preferred embodiments, the partition checking logic does not perform any partition checking when the device is operating in the secure domain, since in preferred embodiments the device can access both the secure memory and the non-secure memory when operating in a secure mode. 
[Watt 0022]
further partition checking logic coupled to the system bus and operable whenever the memory access request is generated by the processor when operating in a non-secure mode in said non-secure domain to detect if the memory access request is seeking to access either the secure memory or the secure further memory, and upon such detection to prevent the access specified by that memory access request. 
[Watt ¶ 0023] Since the partition checking logic coupled to the device bus cannot perform any partition checking function with regard to memory connected to the system bus, further partition checking logic is provided in such embodiments to ensure that when the processor is operating in a non-secure mode, it cannot access any part of the secure memory system, whether that be parts of the secure memory coupled to the device bus, or parts of the further memory that contains secure data
[Watt ¶ 0471] The memory protection unit is managed by the secure operating system, which is able to set within registers of the CP15 34 partitioning information defining the partitions between the secure memory and the non-secure memory. The partition checker 222 is then able to reference that partitioning information in order to determine whether access control information is being transferred to the micro-TLB 206 which would allow access by the core 10 in a non-secure mode to secure memory. More particularly, in preferred embodiments, when the core 10 is operating in a non-secure mode of operation, as indicated by the domain bit set by the monitor mode within the CP15 domain status register, the partition checker 222 is operable to monitor via path 244 any physical address portion seeking to be retrieved into the micro-TLB 206 from the main TLB 208 and to determine whether the physical address that would then be produced for the virtual address based on that physical address portion would be within the secure memory. In such circumstances, the partition checker 222 will issue an abort signal over path 230 to the core 10 to prevent the memory access from taking place.
 [0511]
As mentioned earlier, in addition to the provision of the partition checker 222 within the MPU 220, preferred embodiments of the present invention also provide an analogous partition checking block coupled to the external bus 70, this additional partition checker being used to police accesses to memory by other master devices, …, a partition checker may optionally be provided as part of the memory management logic 30, in such instances this partition checker be considered as a further partition checker provided in addition to the one coupled to the device bus.

As per claim 3, the rejection of claim 2 is incorporated herein. 
Watt discloses wherein the memory system component comprises the security checking circuitry.  
(the security checking circuitry = partition checking logic [Watt 0015] or partition checker  [Watt ¶ 0471] or further partition checking logic [Watt 0030] [Watt ¶ 0619]
)
[Watt 0030] the further partition checking logic is provided within the memory management unit,

As per claim 5, the rejection of claim 1 is incorporated herein. 
Watt discloses wherein when the control circuitry determines that the security checking procedure still needs to be performed, the 35control circuitry is configured to control downstream security checking circuitry to perform the security checking procedure.  
(This claim is the same as claim 2 except the limitation downstream has been added. Further partition checking logic is downstream of partition checking logic [Watt ¶ 0023, 0458, 487]
control circuitry can be disclosed by partition checking logic plus the memory management logic 30 [Watt ¶ 0023, 0458, 487, 0619] 
security checking circuitry = partition checking logic [Watt 0015] or partition checker  [Watt ¶ 0471] or further partition checking logic [Watt 0030] [Watt ¶ 0619] [Watt ¶ 22, 0023]
security checking circuitry to perform the security checking procedure can be disclosed by the procedure where the partition checking logic determines whether the memory access request originated from secure or non-secure domain or  further partition checking logic determines whether the memory access request originated from secure or non-secure domain,  to determine whether access is granted to a memory address in secure or nonsecure memory [Watt ¶ 22, 0023] [Watt 0015] [Watt ¶ 0471]
further, the partition checking logic determining no access granted is a control signal to the further partition checking logic to determine whether to grant access  [Watt ¶ 22, 0023]
)
[Watt ¶ 0023] Since the partition checking logic coupled to the device bus cannot perform any partition checking function with regard to memory connected to the system bus, further partition checking logic is provided in such embodiments to ensure that when the processor is operating in a non-secure mode, it cannot access any part of the secure memory system, whether that be parts of the secure memory coupled to the device bus, or parts of the further memory that contains secure data

As per claim 6, the rejection of claim 1 is incorporated herein. 
Watt discloses wherein the target address is a physical address.  
(a target address is disclosed by (physical address [Watt ¶ 0028] or virtual address [Watt ¶ 0458]);
)
[Watt 0028] one of the preferred access control functions performed by the memory management unit comprises conversion of the virtual address to a physical address, the further partition checking logic being operable to prevent the access specified by that memory access request if the physical address to be generated by the memory management unit is within the secure memory.


As per claim 7, the rejection of claim 1 is incorporated herein. 
Watt discloses wherein the control data 5comprises a number of entries, each associating at least one region of address space with at least one of the plurality of security domains.  
(control data can be disclosed by information about the partitions between the secure memory and the non-secure memory [Watt ¶ 0013], also described as partitioning information defining the partitions between the secure memory and the non-secure memory [Watt ¶ 0471]
number of entries = registers of the CP15 34  [Watt ¶ 0471]
number of entries can also be disclosed by para. 508 and para. 48, which discloses mapped, which indicates a mapping between the physical address range and secure/non-secure physical area of memory
at least one region of address space can be disclosed by partition [Watt ¶ 0471] or  TCM memory [Watt 0048]
)
[Watt ¶ 0013] The partition checking logic will have access to information about the partitions between the secure memory and the non-secure memory. 
[Watt ¶ 0471] The memory protection unit is managed by the secure operating system, which is able to set within registers of the CP15 34 partitioning information defining the partitions between the secure memory and the non-secure memory. The partition checker 222 is then able to reference that partitioning information in order to determine whether access control information is being transferred to the micro-TLB 206 which would allow access by the core 10 in a non-secure mode to secure memory. More particularly, in preferred embodiments, when the core 10 is operating in a non-secure mode of operation, as indicated by the domain bit set by the monitor mode within the CP15 domain status register, the partition checker 222 is operable to monitor via path 244 any physical address portion seeking to be retrieved into the micro-TLB 206 from the main TLB 208 and to determine whether the physical address that would then be produced for the virtual address based on that physical address portion would be within the secure memory. In such circumstances, the partition checker 222 will issue an abort signal over path 230 to the core 10 to prevent the memory access from taking place.
[Watt 0047] the physical address range for the TCM is definable within a control register of the data processing apparatus. However, this can give rise to certain security issues, as can be illustrated by the following example
[Watt 0048] define as the TCM memory a physical address space which overlaps with part of the secure memory... if the non-secure operating system subsequently changed again the setting of the physical address range for the TCM so that the previous secure memory part is now mapped in a non-secure physical area of memory, it will be appreciated that the non-secure operating system can then access the secure data

As per claim 8, the rejection of claim 7 is incorporated herein. 
Watt discloses wherein the security checking procedure includes comparing the issuing domain identifier with the at least one of the 10plurality of security domains associated with a region of address space including the target address.  
(
comparing is disclosed by partition checking logic (or further partition checking logic) checking the domain signal to see if the memory access request is originating from secure domain or nonsecure domain and determining whether to grant access based on whether the target address is in secure or nonsecure memory [Watt 0015] See partition checker 222 [Watt ¶ 0471] and [Watt ¶ 0514, ¶ 0022] 

issuing domain identifier=domain signal, which is the domain bit [Watt para. 471], also called the S bit [Watt para. 514, 298]

security checking procedure can be disclosed by ‘the partition checking logic can be triggered to check the memory access request in the event that that domain signal indicates that the device is operating in the non-secure domain.’ [Watt 0015] See partition checker 222 [Watt ¶ 0471] note security checking procedure is procedure performed by partition checking logic (or further partition checking logic) for addressable memory [Watt ¶ 0022] [Watt 0048]
security domains associated with a region of address space including the target address is disclosed because ‘detect if the memory access request is seeking to access either the secure memory or the secure further memory’ and the secure memory/non-secure memory is associated with address ranges [Watt ¶ 0022] [Watt 0047] [Watt 0048] see also para. 28 ‘if the physical address to be generated by the memory management unit is within the secure memory.’
).
[Watt ¶ 0022] further partition checking logic coupled to the system bus and operable whenever the memory access request is generated by the processor when operating in a non-secure mode in said non-secure domain to detect if the memory access request is seeking to access either the secure memory or the secure further memory, and upon such detection to prevent the access specified by that memory access request.
[Watt ¶ 0471] The memory protection unit is managed by the secure operating system, which is able to set within registers of the CP15 34 partitioning information defining the partitions between the secure memory and the non-secure memory. …the core 10 is operating in a non-secure mode of operation, as indicated by the domain bit set by the monitor mode within the CP15 domain status register, 
[Watt ¶ 0514] This domain signal, also referred to herein as the "S bit" will identify whether the device issuing the memory access request is operating in secure domain or non-secure domain, and this information will be received by the partition checker 492 coupled to the external bus. The partition checker 492 will also have access to the partitioning information identifying which regions of memory are secure or non-secure, and accordingly can be arranged to only allow a device to have access to a secure part of memory if the S bit is asserted to identify a secure mode of operation.
[Watt 0047] the physical address range for the TCM is definable within a control register of the data processing apparatus. 
[Watt 0048] define as the TCM memory a physical address space which overlaps with part of the secure memory. … if the non-secure operating system subsequently changed again the setting of the physical address range for the TCM so that the previous secure memory part is now mapped in a non-secure physical area of memory, it will be appreciated that the non-secure operating system can then access the secure data, since the further partition checking logic will see the area as non-secure and won't assert an abort.
[0028] the further partition checking logic being operable to prevent the access specified by that memory access request if the physical address to be generated by the memory management unit is within the secure memory.
As per claim 9, the rejection of claim 1 is incorporated herein. 
Watt discloses wherein the plurality of domains includes at least a secure domain and a less secure domain.  
[Watt ¶ 0514] This domain signal, also referred to herein as the "S bit" will identify whether the device issuing the memory access request is operating in secure domain or non-secure domain, and this information will be received by the partition checker 492 coupled to the external bus. The partition checker 492 will also have access to the partitioning information identifying which regions of memory are secure or non-secure, and accordingly can be arranged to only allow a device to have access to a secure part of memory if the S bit is asserted to identify a secure mode of operation.
[Watt ¶ 0298] `Secure/Non-Secure state`. This state is defined by the S bit value. It indicates whether the core may access the Secure world (when it is in Secure state, i.e. S=1) or is restricted to the Non-secure world only (S=0). Note that the Monitor mode (see further) overrides the S bit status.

As per claim 11, the rejection of claim 1 is incorporated herein. 
Watt discloses
comprising a cache comprising cache entries to cache data obtained in response to previously received memory access transactions, each cache entry indexed by a combination of the target address and issuing security domain.  
(cache entries to cache data obtained in response to previously received memory access transactions can be disclosed by linefill procedure will be initiating by the cache in order to retrieve from the external memory 56 a line of data that includes the data item the subject of the memory access request [Watt 0575]
each cache entry indexed by a combination of the target address and issuing security domain can be disclosed by cache 38 is virtual-indexed and physical-tagged [Watt 0504]
…that flag can then be used by the cache 38 to directly control any subsequent access to the data items in that cache line 2600 [Watt 0504], and specificallyeach cache entry indexed by … issuing security domain can be disclosed by ‘cache 38 can be arranged to only allow data items in a cache line that the corresponding flag 2602 indicates is secure data to be accessed by the processor core 10 when the processor core 10 is operating in a secure mode of operation’ [Watt 0504]
)
[Watt 0504] cache 38 is virtual-indexed and physical-tagged. Accordingly, when an access is performed in the cache 38, a lookup will have already been performed in the micro-TLB 206 first, and accordingly access permissions, especially secure and non-secure permissions, will have been checked. Accordingly, secure data cannot be stored in the cache 38 by non-secure applications. Access to the cache 38 is under the control of the partition checking performed by the partition checker 222, and accordingly no access to secure data can be performed in non-secure mode.

[Watt 0505] secure dirty data must be written to the external memory before being replaced. Preferably, secure data is tagged in the cach

[Watt 0575] determine whether the data item specified by that address is stored within the cache. Whenever a miss occurs within the cache, i.e. it is determined that the data item subject to the access request is not stored within the cache, a linefill procedure will be initiating by the cache in order to retrieve from the external memory 56 a line of data that includes the data item the subject of the memory access request. 

[Watt 0579]  flag 2602 associated with that cache line will be set based on the value provided by the partition checker 2656, and that flag can then be used by the cache 38 to directly control any subsequent access to the data items in that cache line 2600. Hence, if the core 10 subsequently issues a memory access request that produces a hit in a particular cache line 2600 of the cache 38, the cache 38 will review the value of the associated flag 2602, and compare that value with the current mode of operation of the core 10. In preferred embodiments, this current mode of operation of the core 10 is indicated by a domain bit set by the monitor mode within the CP15 domain status register. Hence, cache 38 can be arranged to only allow data items in a cache line that the corresponding flag 2602 indicates is secure data to be accessed by the processor core 10 when the processor core 10 is operating in a secure mode of operation. Any attempt by the core to access secure data within the cache 38 whilst the core is operating in a non-secure mode will result in the cache 38 generating an abort signal over path 2670.


As per claim 15, the claim(s) is/are directed to a master device with limitations which correspond to limitations of claim 1, and is/are rejected for the reasons detailed with respect to claim 1.  Claim 15 also recites A master device comprising: transaction issuing circuitry to issue memory access transactions; and encoding circuitry to encode each memory access transaction with an encoding specifying at least:
Watt discloses A master device comprising:
 transaction issuing circuitry to issue memory access transactions; and 
encoding circuitry to encode each memory access transaction with an encoding specifying at least:
(master device can be disclosed by the data processing apparatus of figure 1 or the processing core 10
transaction issuing circuitry = processor [Watt 0020] [Watt ¶ 0025]  and integrated circuit [Watt ¶ 0619]
encoding circuitry can also be disclosed by the processor which encodes the information for the issuing domain identifier, target address, and security check indication
the remaining limitations of claim 15 are analogous to the limitations of claim 1 and are rejected for the same reasons.
)
[Watt ¶ 0025] A memory management unit  is provided in one embodiment which is operable, upon receipt of a memory access request issued by the processor when the processor wishes to access an item of data in the memory
[Watt 0020] In preferred embodiments, at least one device is a chip incorporating a processor, the chip further comprising a memory management unit operable, when the processor generates the memory access request, to perform one or more predetermined access control functions to control issuance of the memory access request onto the device bus. 

[Watt 0124]
FIG. 1 is a block diagram illustrating a data processing apparatus in accordance with preferred embodiments of the present invention. The data processing apparatus incorporates a processor core 10


As per claim 16, the rejection of claim 15 is incorporated herein. 
Watt discloses 
security checking circuitry to perform the security checking procedure; and 
determination circuitry to determine whether or not the security checking procedure should be performed; 
wherein the encoding circuitry is configured to set the security check indication based 35on the determination made by the determination circuitry.  
(
security checking circuitry can be disclosed by the partition checking logic [Watt 0015] or partition checker  [Watt ¶ 0471, 0619]
security checking circuitry can also be disclosed by  further partition checking logic  [Watt ¶ 22, 0023] and/or further partition checker [para. 511, 0619]
said security checking procedure can be disclosed by the procedure where the partition checking logic determines whether the memory access request originated from secure or non-secure domain and whether to grant access based on whether the target address is in secure or nonsecure memory [Watt 0015] See partition checker 222 [Watt ¶ 0471]
security checking circuitry to perform the security checking procedure can be disclosed by the procedure where the further partition checking logic determines whether the memory access request originated from secure or non-secure domain  [Watt ¶ 22, 0023] [Watt ¶ 0619]
security check indication can be disclosed by domain bit set by the monitor mode within the CP15 domain status register [Watt 0471]
security check indication can be disclosed by a predetermined pin [Watt ¶ 0513]
determination circuitry = the processor [Watt 0004] and partition checking logic [Watt ¶ 0023] and integrated circuit [Watt ¶ 0619], 
determine whether or not the security checking procedure should be performed is performed by the partition checking logic whenever the memory access request originates from a non-secure mode of operation [Watt 0015]
determine whether or not the security checking procedure should be performed is also disclosed because the processor executes the application and determines whether to assert the domain signal as secure/non-secure, and  when the partition checking logic determines that the memory access request comes from a non-secure domain, the partition checking logic effectively determines that further partition checking logic is required when the access request is to memory connected to the system bus (note there are 2 buses, system bus and device bus)[para. 23], thereby disclosing to determine whether or not the security checking procedure should be performed in combination with the processor operations [Watt 0004] [0016] if non-secure, then subsequently at some point further partition checking logic determines, after the partition checking logic, whether the memory access request originated from secure or non-secure domain as part of the security checking procedure [Watt ¶ 22, 0023] integrated circuit [Watt ¶ 0619]
encoding circuitry = processor [Watt 0004] [Watt 0016] and integrated circuit [Watt ¶ 0619]
encoding circuitry is configured to set the security check indication is disclosed because
the processor while executing the application sets the value for the predetermined pin as secure/non-secure. [Watt 0016] [Watt 0004]
)
[Watt 0005] … applications that can be run on the processor.

[Watt 0004] A data processing apparatus will typically include a processor for running applications loaded onto the data processing apparatus. 

[Watt ¶ 0023] Since the partition checking logic coupled to the device bus cannot perform any partition checking function with regard to memory connected to the system bus, further partition checking logic is provided in such embodiments to ensure that when the processor is operating in a non-secure mode, it cannot access any part of the secure memory system, whether that be parts of the secure memory coupled to the device bus, or parts of the further memory that contains secure data

[Watt 0016]
 domain signal can be incorporated within the memory access request in a variety of ways. Preferably, the domain signal is asserted at the hardware level and hence is only assertable by an application which the device itself has verified is able to be run in the secure domain. Hence it would not be possible for a rogue application executing on the device to tamper with the setting of the domain signal. More particularly, in preferred embodiments, the device has a predetermined pin for outputting the domain signal onto the device bus, and by default the domain signal is set to indicate that the device is operating in a non-secure mode. Hence, in one embodiment, only when the device is executing secure applications in the secure domain will the domain signal be set to indicate that the device is operating in the secure domain, and only when that domain signal is set will the partition checking logic allow access to secure data in the memory.


As per claim 17, the rejection of claim 16 is incorporated herein. 
Watt discloses wherein the determination circuitry is configured to make the determination on the basis of at least one of: the issuing security domain, and whether the memory access transaction encountered a miss in a given level 5of cache, where said cache is one of: a data cache; and a control data cache to cache said control data indicative of which of the security domains are allowed to access the target address.  
 (determination circuitry = the processor [Watt 0004] and partition checking logic [Watt ¶ 0023] and integrated circuit [Watt ¶ 0619]

when the partition checking logic determines that the memory access request comes from a non-secure domain, the partition checking logic effectively determines that further partition checking logic execution is required when the access request is to memory connected to the system bus (note there are 2 buses, system bus and device bus)[para. 23], thereby disclosing wherein the determination circuitry is configured to make the determination on the basis of at least one of: the issuing security domain in combination with the processor operations as described in para.16. 
See reference citations for claim 16
)

As per claim 18, the rejection of claim 15 is incorporated herein. 
Watt discloses A system comprising: 
the master device according to claim 15; and 
a memory system component comprising: 
transaction handling circuitry to receive the memory access transactions issued by the transaction issuing circuitry of the master device; and  
15control circuitry to determine, on the basis of the security check indication, whether the security checking procedure still needs to be performed.  
(A system can be disclosed by the system depicted in figure 1 or as described in para. 17
memory system component = memory management logic 30 [0458] …..memory management unit [Watt ¶ 0025, figure 56 element 200] and memory protection unit together [Watt ¶ 0032]
transaction handling circuitry = memory management unit  [Watt ¶ 0025] and integrated circuit [Watt ¶ 0619]
memory access transactions issued by the transaction issuing circuitry of the master device
transaction issuing circuitry = processor  [Watt 0020] [Watt ¶ 0025]  
master device can be disclosed by the data processing apparatus of figure 1 or the processing core 10
control circuitry can be disclosed by partition checking logic plus the memory management logic 30 [Watt ¶ 0023, 0458, 487] 
security check indication can be disclosed by domain bit set by the monitor mode within the CP15 domain status register [Watt 0471]
security check indication can be disclosed by a predetermined pin [Watt ¶ 0513

on the basis of the security check indication can be disclosed by partition checker checking the domain bit within the CP15 domain status register [Watt ¶ 0471]
on the basis of the security check indication can be disclosed by a predetermined pin for outputting the domain signal onto path 490 within the external bus [Watt ¶ 0513] 
said security checking procedure can be disclosed by ‘thus the partition checking logic can be triggered to check the memory access request in the event that that domain signal indicates that the device is operating in the non-secure domain.’ [Watt 0015] See partition checker 222 [Watt ¶ 0471]
said security checking procedure can be disclosed by the procedure where the further partition checking logic determines whether the memory access request originated from secure or non-secure domain  [Watt ¶ 0023] e.g., ‘further partition checking logic is provided’; [Watt ¶ 0023]
determine whether the security checking procedure still needs to be performed is also disclosed as follows: Watt’s further partition checking logic is an additional security checking (a 2nd time determining whether the memory access request comes from a secure domain or non-secure domain) that is performed by further partition checking logic; when the partition checking logic determines that the memory access request comes from a non-secure domain, the partition checking logic effectively determines that further partition checking logic is required when the access request is to memory connected to the system bus (not the device bus)[para. 23], thereby disclosing determine whether the security checking procedure still needs to be performed. This is similar to the rejection for claim 1.
)
[0269] FIG. 17 is a flow diagram schematically illustrating the operation of the system 
[Watt ¶ 0025] A memory management unit  is provided in one embodiment which is operable, upon receipt of a memory access request issued by the processor when the processor wishes to access an item of data in the memory, to perform one or more predetermined access control functions to control issuance of that memory access request to the memory. As an example, such predetermined access control functions could involve translation of virtual addresses to physical addresses, review of access permissions rights to ensure that the processor in its current mode of operation is entitled to access the data item requested
[0004] A data processing apparatus will typically include a processor for running applications loaded onto the data processing apparatus.

Claim 4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Watt in view of Krueger, in view of Thathapudi et al. U.S. Patent No. 8209510 (hereinafter “Thathapudi”).
As per claim 4, the rejection of claim 3 is incorporated herein. 
Watt discloses to prevent the given memory access transaction from propagating downstream of the memory system component.  
(See Watt Para. 27, 35, 39,
see also, 40, 41,
).
[0027] … even if that application can output a memory access request which is seeking to access a location within the secure memory, the further partition checking logic will detect that that application executing in a non-secure mode of the processor is seeking to access a secure memory location, and will prevent the access taking place.
[0035] In embodiments where the memory access request specifies a virtual address, … the further partition checking logic is operable, when the processor is operating in said at least one non-secure mode, to prevent the internal storage unit from storing as access control information the physical address portion if the physical address that would then be produced for the virtual address is within the secure memory.
[0039] … memory access request. In such embodiments, the further partition checking logic is operable, when the processor is operating in said at least one non-secure mode, to prevent the transfer of any access control information from the main TLB to the micro-TLB that would allow access to said secure memory.

	However, the combination of Watt and Krueger does not expressly disclose 
wherein when a given memory access transaction fails the security checking procedure, the security checking circuitry is configured 30to signal an error and to prevent the given memory access transaction from propagating downstream of the memory system component.  
Thathapudi discloses when a given memory access transaction fails the security checking procedure, the security checking circuitry is configured 30to signal an error
(
signal an error= raise an error signal [Watt ¶ 0619]
security checking circuitry= MMU 44 ‘MMU 44 may each comprise … an application specific integrated circuit (ASIC),’’ [Thathapudi 4:1-12]
).
[Thathapudi 2:53-65] (12) The techniques described herein may present several advantages. For instance, attempts by a software process to write beyond the memory allocated from a secure page for any given software object causes the memory access hardware to immediately raise an error signal that may be used to detect and prevent the memory overrun. This may aid program debugging by allowing developers to quickly pinpoint the cause of the attempted overrun and remedy the overrun vulnerability. In programs that retain overrun vulnerabilities, the techniques may nevertheless prevent both inadvertent memory overruns and exploitation of the vulnerability by malicious code at run-time, leading to a more secure system and improved reliability. In addition, the detection techniques are implemented in the memory access hardware, and, unlike many conventional methods for detecting overruns, may avoid reductions in memory access throughput.
[Thathapudi 4:1-12] (15) In this example, routing engine 12 includes hardware components 36 that comprises central processing unit 42 ("CPU 42"), memory management unit 44 ("MMU 44"), main memory 40, and disk 48 interconnected via system bus 38. CPU 42 executes program instructions loaded into main memory 40 from disk 48 in order to operate routing engine 12. MMU 44 handles memory access requests, including read and write requests, to main memory 40 by CPU 42. CPU 42 and MMU 44 may each comprise one or more general- or special-purpose processors such as a digital signal processor (DSP), an application specific integrated circuit (ASIC), 

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Watt and Krueger with the technique for raising an error signal in response to a failed memory access check of Thathapudi to include 
wherein when a given memory access transaction fails the security checking procedure, the security checking circuitry is configured 30to signal an error and to prevent the given memory access transaction from propagating downstream of the memory system component.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to determine whether the memory access is valid and informing other system components of an invalid memory access. The system of the primary reference can be modified to signal an error when the memory access request is found invalid, as taught in the Thathapudi reference. For example, such signaling may be performed by the further partition checking logic.


Claim 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Watt in view of Krueger, in view of Angelino et al. U.S. Publication 20180218150 (hereinafter “Angelino”).
As per claim 10, the rejection of claim 9 is incorporated herein. 
Watt disclose wherein the memory access transaction supports an encoding which indicates that the issuing security domain is the less secure domain 
(an encoding = domain signal [Watt ¶ 0514]
issuing security domain is the less secure domain is disclosed because the domain signal may indicate that the access request came from a non-secure domain [Watt ¶ 0514]
 ).
[Watt ¶ 0514] This domain signal, also referred to herein as the "S bit" will identify whether the device issuing the memory access request is operating in secure domain or non-secure domain, and this information will be received by the partition checker 492 coupled to the external bus. The partition checker 492 will also have access to the partitioning information identifying which regions of memory are secure or non-secure, and accordingly can be arranged to only allow a device to have access to a secure part of memory if the S bit is asserted to identify a secure mode of operation.
[Watt ¶ 0298] `Secure/Non-Secure state`. This state is defined by the S bit value. It indicates whether the core may access the Secure world (when it is in Secure state, i.e. S=1) or is restricted to the Non-secure world only (S=0). 

	However, the combination of Watt and Krueger does not expressly disclose 
wherein the memory access transaction supports an encoding which indicates that the issuing security domain is the less secure domain and the transaction is known to pass the security checking procedure.  
Angelino discloses 
the transaction is known to pass the security checking procedure.  
 ( the transaction is known to pass the security checking procedure is disclosed because the monitor provides the required security credentials, which indicates that the party requesting access will in fact be granted access[Angelino para. 0034].  security checking procedure is disclosed because the component requesting access is reviewed for security credentials and if the security credential is not available then no access is granted [Angelino para. 0034]  ).
[Angelino 0034] FIG. 3 illustrates schematically two simplified secure areas 301, 302 of a data processing apparatus, for example a less secure area (first secure area 301) and a secure area (second secure area 302). Secure area 301 has a security domain 310 and a secure memory 312, and secure area 302 has a security domain 314 and a secure memory 316. The two secure areas 301, 302 are connected via a monitor 320. Secure area 302 has a higher level of security than secure area 301. The embodiment is not limited to two secure areas and more than two secure areas may be provided, for example, a less secure area, a secure area and a more secure area. In another embodiment, one or more secure areas are provided each having an equivalent level of security, for example, a further less-secure area or a further secure area. In another embodiment, a less secure area can be provided together with at least one other secure area, the other secure area(s) having different or the same level(s) of security. 

[Angelino 0035] In order for functions from the security domain 310 to access data stored in the secure memory 316 it must gain access via the monitor 320 which determines whether the code is allowed to access the security domain 314. When the code is allowed to access the security domain 316, the monitor 320 provides it with the required security credentials. The security credentials may take any form of code or data, such as a piece of evidence, an assertion, or an attribute associated with the code, allowing the code to access the secure area. The security credentials are applied to the code by the monitor, such that authorised access to the secure area is enabled. 
[Angelino 0036] The code must pass via the monitor 320 in order to be provided with the security credentials of secure area 302. If code tries to jump into security domain 314 directly from security domain 310 without going via the monitor 320, for example during a malicious attack, then the code will not have the required security credentials and so will not be processed in security domain 314. Instead the code is treated as if it is still in secure area 301 as it still has the security credentials of area 301. The only way to obtain the correct security credentials to enter secure area 302 is via the monitor 320.

[Angelino 0044] As illustrated in FIG. 5, first secure area 501 (a less secure area) has a security domain 510 and a secure memory 512, and second secure area 502 (a more secure area) has a security domain 514 and a secure memory 516. The two secure areas 501, 502 are connected via a monitor 520. Secure area 502 has a higher level of security than secure area 501. The security domains 510, 514 cannot be accessed directly, but instead in order to be provided with the security credentials associated with the second security domain 514, access must be granted via the monitor 520. Following completion of functions in the secure area 502, the monitor detaches the security credentials associated with the secure area 502 before returning the program code to area 501. Detachment of the security credentials associated with the secure area 502 prevents the code from continuing to run with secure area 502 security credentials after completion of the function.

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Watt and Krueger with the technique for a monitor to provide a credential to grant memory access of Angelino to include wherein the memory access transaction supports an encoding which indicates that the issuing security domain is the less secure domain and the transaction is known to pass the security checking procedure.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to allow memory access to the more secure domain from the less secure domain. The system of the primary reference can be modified so that the monitor provides a security credential as needed to the party seeking memory access.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HOWARD H LOUIE whose telephone number is 571-272-0036.  The examiner can normally be reached on M-F 9 AM-5 PM EST. 
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung W. Kim can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HOWARD H. LOUIE/Examiner, Art Unit 2494                                                                                                                                                                                                        
/JUNG W KIM/Supervisory Patent Examiner, Art Unit 2494                                                                                                                                                                                                        



    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 Emphasis is additional throughout.