Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
1. 	This Office Action is taken in response to Applicants’ Amendments and Remarks filed on 11/1/2022 regarding application 17/010,072 filed on 9/2/2020.  
2. 	Claims 1-20 are pending for consideration.

3.				Response to Amendments and Remarks 
	Applicants’ amendments and remarks have been fully and carefully considered, with the Examiner’s response set forth below.
	(1) In response to the amendments and remarks, an updated claim analysis has been made. Refer to the corresponding sections of the following Office Action for details.

4.					Examiner’s Note
(1) In the case of amending the Claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention. This will assist in expediting compact prosecution.  MPEP 714.02 recites: “Applicant should also specifically point out the support for any amendments made to the disclosure. See MPEP § 2163.06. An amendment which does not comply with the provisions of 37 CFR 1.121(b), (c), (d), and (h) may be held not fully responsive. See MPEP § 714.”  Amendments not pointing to specific support in the disclosure may be deemed as not complying with provisions of 37 C.F.R.  1.131(b), (c), (d), and (h) and therefore held not fully responsive.  Generic statements such as “Applicants believe no new matter has been introduced” may be deemed insufficient.
(2) Examiner has cited particular columns/paragraph and line numbers in the references applied to the claims above for the convenience of the applicant. Although the specified citations are representative of the teachings of the art and are applied to specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested from the applicant in preparing responses, to fully consider the references in entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the Examiner.

Claim Rejections - 35 USC § 103
5.	The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

6.	Claims 1-6, and 9-14 are rejected under 35 U.S.C. 103 as being unpatentable over Ahn et al. (US Patent Application Publication 2012/0124429, hereinafter Ahn), and in view of Lindo et al. (US Patent 8,813,079, hereinafter Lindo).
As to claim 1, Ahn teaches A system for protecting a memory [An apparatus and method for tracing memory access information of a user program while ensuring a normal operation of the user program. An access permission about a memory region may be set to trace the memory access information. An instruction of the user program encounters a page fault according to the set access permission. If the page fault occurs, memory access information is stored based on the page fault, and apparatus executes an instruction causing the page fault while in a supervisor mode (abstract); 
Lindo also teaches this limitation -- The preceding sections describe detecting when an application program performs a memory read operation or memory write operation using memory protection and exception handling techniques. In alternative embodiments, detecting memory operations may be performed in other ways. For example, in one embodiment recording system 130 detects kernel calls that relate to memory read operations or memory write operations, and determines whether state synchronization exists or race conditions are present using processing other than exception handling. Thus, the broad approach herein involves detecting memory read operations or memory write operations and performing responsive processing to detect state synchronization or race conditions, but the use of memory protection and exception handlers is not required (c36 L2-16)], the system comprising: 
a hardware memory protection unit configured to generate an exception in response to an unauthorized attempt to perform an action in the memory 
[exception handling software – as shown in figure 7, steps 701-704; The exception handling unit may comprise a determination unit configured to determine whether the page fault is caused by the access permission that is set by the memory access permission managing unit, a storage unit configured to store memory access information that is related to the instruction causing the page fault, if the page fault is caused by the access permission that is set by the memory access permission managing unit, and an execution unit configured to execute the instruction causing the page fault, if the page fault is caused by the access permission that is set by the memory access permission managing unit (¶ 0011); 
Lindo also teaches this limitation -- FIG. 11A is a flow diagram of an overview of a write exception process in one example embodiment. FIG. 11B is a flow diagram of a process of setting memory to read-only access in one example embodiment. FIG. 12A is a flow diagram of an example exception handler process for use in state synchronization. FIG. 13B is a flow diagram of a process of performing an exception handler for detecting race conditions in an embodiment (c3 L54-67); At step 1110, a processor executing an application program attempts a memory write operation. The effect of setting memory to read-only access is that when an application program attempts to perform a write operation on the memory, the computer platform throws a hardware exception at step 1112 that invokes the exception handler that was installed at step 1104. In various embodiments, the approaches of FIG. 12, FIG. 13 can be used to implement an exception handler and perform state synchronization or race condition detection operations. At step 1114, the exception handler returns control. Control transfers to step 1106 at which continued program execution recording occurs at step 1106 (c28 L19-30); The preceding sections describe detecting when an application program performs a memory read operation or memory write operation using memory protection and exception handling techniques. In alternative embodiments, detecting memory operations may be performed in other ways. For example, in one embodiment recording system 130 detects kernel calls that relate to memory read operations or memory write operations, and determines whether state synchronization exists or race conditions are present using processing other than exception handling. Thus, the broad approach herein involves detecting memory read operations or memory write operations and performing responsive processing to detect state synchronization or race conditions, but the use of memory protection and exception handlers is not required (c36 L2-16)]; and
security software configured to determine, in response to the exception whether the security software is authorized to perform the action [supervisor mode, figures 6A-6C, 620; as shown in figure 7, steps 701-704; An apparatus and method for tracing memory access information of a user program while ensuring a normal operation of the user program. An access permission about a memory region may be set to trace the memory access information. An instruction of the user program encounters a page fault according to the set access permission. If the page fault occurs, memory access information is stored based on the page fault, and apparatus executes an instruction causing the page fault while in a supervisor mode (abstract)], based on at least read versus write characteristics of the action being attempted [Referring to again FIG. 2, the memory access permission managing unit 201 may set the access permission field 303 for the memory region 301 such that a read/write operation on a corresponding memory region is not allowed during user mode and is allowed during supervisor mode. For example, an access permission that is set such that a read/write is allowable only during a supervisor mode may be referred to as an access permission set for tracing (¶ 0050-0051); … The access permission may be set such that an access for a write/read operation on a memory region is allowable while in the supervisor. Accordingly, the execution unit 403 may execute instructions without the restriction of access to the memory region, and may update the context information (¶ 0063); For example, the instruction generating unit 501 may determine the type of instruction that causes the page fault by analyzing context information backed up according to the page fault, and may generate a series of instructions that are the same as the instruction that causes the page fault … (¶ 0067); If a page fault is caused by the access permission, in 703 memory access information is stored. For example, the memory access information tracing apparatus (200, in FIG. 2) may store an address of an instruction that causes the page fault, the type of the instruction that causes the page fault, an address of a memory region at which the page fault occurs, a time at which the page fault occurs, an identifier of a process or thread including the instruction causing the page fault, and the like (¶ 0080); 
Lindo more expressively teaches the aspect of “read versus write” -- FIG. 11B is a flow diagram of a process of setting memory to read-only access in one example embodiment (c3 L54-67); At step 1108, a portion of main memory of the computer platform that is under development, test, debugging or other observation is set to read-only access. One technique for setting memory to read-only access is provided in FIG. 11B. At step 1110, a processor executing an application program attempts a memory write operation. The effect of setting memory to read-only access is that when an application program attempts to perform a write operation on the memory, the computer platform throws a hardware exception at step 1112 that invokes the exception handler that was installed at step 1104. In various embodiments, the approaches of FIG. 12, FIG. 13 can be used to implement an exception handler and perform state synchronization or race condition detection operations. At step 1114, the exception handler returns control. Control transfers to step 1106 at which continued program execution recording occurs at step 1106 (c28 L15-30); The preceding sections describe detecting when an application program performs a memory read operation or memory write operation using memory protection and exception handling techniques. In alternative embodiments, detecting memory operations may be performed in other ways. For example, in one embodiment recording system 130 detects kernel calls that relate to memory read operations or memory write operations, and determines whether state synchronization exists or race conditions are present using processing other than exception handling. Thus, the broad approach herein involves detecting memory read operations or memory write operations and performing responsive processing to detect state synchronization or race conditions, but the use of memory protection and exception handlers is not required (c36 L2-16)].
Regarding claim 1, Ahn teaches memory read/write accessing protection [Referring to again FIG. 2, the memory access permission managing unit 201 may set the access permission field 303 for the memory region 301 such that a read/write operation on a corresponding memory region is not allowed during user mode and is allowed during supervisor mode. For example, an access permission that is set such that a read/write is allowable only during a supervisor mode may be referred to as an access permission set for tracing (¶ 0050-0051); … The access permission may be set such that an access for a write/read operation on a memory region is allowable while in the supervisor. Accordingly, the execution unit 403 may execute instructions without the restriction of access to the memory region, and may update the context information (¶ 0063); For example, the instruction generating unit 501 may determine the type of instruction that causes the page fault by analyzing context information backed up according to the page fault, and may generate a series of instructions that are the same as the instruction that causes the page fault … (¶ 0067); If a page fault is caused by the access permission, in 703 memory access information is stored. For example, the memory access information tracing apparatus (200, in FIG. 2) may store an address of an instruction that causes the page fault, the type of the instruction that causes the page fault, an address of a memory region at which the page fault occurs, a time at which the page fault occurs, an identifier of a process or thread including the instruction causing the page fault, and the like (¶ 0080)], but does not expressively teach the read versus write characteristic.
However, Lindo specifically teaches memory read/write accessing protection based on read versus write characteristic [FIG. 11B is a flow diagram of a process of setting memory to read-only access in one example embodiment (c3 L54-67); At step 1108, a portion of main memory of the computer platform that is under development, test, debugging or other observation is set to read-only access. One technique for setting memory to read-only access is provided in FIG. 11B. At step 1110, a processor executing an application program attempts a memory write operation. The effect of setting memory to read-only access is that when an application program attempts to perform a write operation on the memory, the computer platform throws a hardware exception at step 1112 that invokes the exception handler that was installed at step 1104. In various embodiments, the approaches of FIG. 12, FIG. 13 can be used to implement an exception handler and perform state synchronization or race condition detection operations. At step 1114, the exception handler returns control. Control transfers to step 1106 at which continued program execution recording occurs at step 1106 (c28 L15-30); The preceding sections describe detecting when an application program performs a memory read operation or memory write operation using memory protection and exception handling techniques. In alternative embodiments, detecting memory operations may be performed in other ways. For example, in one embodiment recording system 130 detects kernel calls that relate to memory read operations or memory write operations, and determines whether state synchronization exists or race conditions are present using processing other than exception handling. Thus, the broad approach herein involves detecting memory read operations or memory write operations and performing responsive processing to detect state synchronization or race conditions, but the use of memory protection and exception handlers is not required (c36 L2-16)].
 Therefore, it would have been obvious to one having ordinary skill in the art at the time of Applicant’s invention to set read-only memory protection regions, as demonstrated by Lindo, and to incorporate it into the existing scheme disclosed by Ahn, in order to protect memory from unauthorized write operations.
As to claim 2, Ahn in view of Lindo teaches The system according to claim 1, wherein the unauthorized attempt is performed by other software [Ahn -- An apparatus and method for tracing memory access information of a user program while ensuring a normal operation of the user program. An access permission about a memory region may be set to trace the memory access information. An instruction of the user program encounters a page fault according to the set access permission. If the page fault occurs, memory access information is stored based on the page fault, and apparatus executes an instruction causing the page fault while in a supervisor mode (abstract)].
As to claim 3, Ahn in view of Lindo teaches The system according to claim 1, wherein the security software is configured to obtain characteristics of the action from the generated exception [Ahn -- The exception handling unit may comprise an instruction generating unit that generates an instruction that is substantially the same as the instruction that causes the page fault, based on context information of the user program that is stored in response to the occurrence of the page fault, and the exception handling unit executes the substantially the same instruction (¶ 0026)].
As to claim 4, Ahn in view of Lindo teaches The system according to claim 3, wherein the obtained characteristics comprise one or more of: an address of the memory targeted by the unauthorized attempt, an identification of software attempting the action in the memory, the action that other software is attempting to perform, an operator code of the action, or registers of the action [Ahn -- An apparatus and method for tracing memory access information of a user program while ensuring a normal operation of the user program. An access permission about a memory region may be set to trace the memory access information. An instruction of the user program encounters a page fault according to the set access permission. If the page fault occurs, memory access information is stored based on the page fault, and apparatus executes an instruction causing the page fault while in a supervisor mode (abstract); The exception handling unit may comprise an instruction generating unit that generates an instruction that is substantially the same as the instruction that causes the page fault, based on context information of the user program that is stored in response to the occurrence of the page fault, and the exception handling unit executes the substantially the same instruction (¶ 0026)].
As to claim 5, Ahn in view of Lindo teaches The system according to claim 3, wherein the security software is configured to compare the obtained characteristics of the action to information representative of actions that can be performed in the memory [Ahn -- as shown in figures 6A-6C, user mode (610) as compared to supervisor mode (620); An apparatus and method for tracing memory access information of a user program while ensuring a normal operation of the user program. An access permission about a memory region may be set to trace the memory access information. An instruction of the user program encounters a page fault according to the set access permission. If the page fault occurs, memory access information is stored based on the page fault, and apparatus executes an instruction causing the page fault while in a supervisor mode (abstract); The exception handling unit may comprise an instruction generating unit that generates an instruction that is substantially the same as the instruction that causes the page fault, based on context information of the user program that is stored in response to the occurrence of the page fault, and the exception handling unit executes the substantially the same instruction (¶ 0026)].
As to claim 6, Ahn in view of Lindo teaches The system according to claim 5, wherein the information is accessible only by the security software [Ahn -- as shown in figures 6A-6C, user mode (610) as compared to supervisor mode (620); An apparatus and method for tracing memory access information of a user program while ensuring a normal operation of the user program. An access permission about a memory region may be set to trace the memory access information. An instruction of the user program encounters a page fault according to the set access permission. If the page fault occurs, memory access information is stored based on the page fault, and apparatus executes an instruction causing the page fault while in a supervisor mode (abstract); The exception handling unit may comprise an instruction generating unit that generates an instruction that is substantially the same as the instruction that causes the page fault, based on context information of the user program that is stored in response to the occurrence of the page fault, and the exception handling unit executes the substantially the same instruction (¶ 0026)].
A s to claim 9, it recites substantially the same limitations as in claim 1, and is rejected for the same reasons set forth in the analysis of claim 1. Refer to "As to claim 1" presented earlier in this Office Action for details.
As to claim 10, it recites substantially the same limitations as in claim 3, and is rejected for the same reasons set forth in the analysis of claim 3. Refer to "As to claim 3" presented earlier in this Office Action for details.
As to claim 11, Ahn in view of Lindo teaches The method according to claim 9, further comprising performing, by the security software, the action [Ahn -- The exception handling unit may comprise an instruction generating unit that generates an instruction that is substantially the same as the instruction that causes the page fault, based on context information of the user program that is stored in response to the occurrence of the page fault, and the exception handling unit executes the substantially the same instruction (¶ 0026)].
As to claim 12, it recites substantially the same limitations as in claim 2, and is rejected for the same reasons set forth in the analysis of claim 2. Refer to "As to claim 2" presented earlier in this Office Action for details.
As to claim 13, Ahn in view of Lindo teaches The method according to claim 12, wherein the other software continues its execution after the security software performs the action [Ahn -- The return location setting unit 503 may set a return location of the updated context information to a location that is behind the instruction causing the page fault. Therefore, an instruction placed behind the instruction causing the page fault may be executed after the page fault is processed. The result is that a user perceives a program as if it was continually running without interruption (¶ 0070)].
As to claim 14, it recites substantially the same limitations as in claim 5, and is rejected for the same reasons set forth in the analysis of claim 5. Refer to "As to claim 5" presented earlier in this Office Action for details.
7.	Claims 7-8, and 15-20 are rejected under 103 as being unpatentable over Ahn in view of Lindo, and further in view of LeMay et al. (US Patent Application Publication 2018/0004946, hereinafter LeMay).
As to claim 7, Ahn in view of Lindo teaches The system according to claim 1, further comprising a memory protection unit configured to define regions in the memory [Ahn -- An apparatus and method for tracing memory access information of a user program while ensuring a normal operation of the user program. An access permission about a memory region may be set to trace the memory access information. An instruction of the user program encounters a page fault according to the set access permission. If the page fault occurs, memory access information is stored based on the page fault, and apparatus executes an instruction causing the page fault while in a supervisor mode (abstract)], does not teach assign protection levels to the regions.
However, assigning protection levels to the regions well known and commonly adopted in the art to maintain data integrity.
For example, LeMay specifically teaches a memory protection unit configured to define regions in the memory and assign protection levels to the regions [Execute-only memory 230 can be implemented using any suitable approach for designating one or more regions of execute-only memory 230 and providing execute-only protection to those designated memory regions … (¶ 0048); Protection keys may be used, for example, to ensure that software processes have the appropriate permissions to access memory assigned with a particular protection key. For example, protection keys allow different regions of memory to be assigned different levels of protection, forming "protection domains" that each correspond to the memory regions with a particular protection key. In this manner, protection keys may be used in some embodiments to designate certain regions of memory 420 as execute-only memory 430 (¶ 0073)].
Therefore, it would have been obvious to one having ordinary skill in the art at the time of Applicant’s invention to assign protection levels to the regions, as demonstrated by LeMay, and to incorporate it into the existing scheme disclosed by Ahn in view of Lindo, because LeMay teaches doing so ensures that software processes have the appropriate permissions to access memory assigned with a particular protection key [Protection keys may be used, for example, to ensure that software processes have the appropriate permissions to access memory assigned with a particular protection key. For example, protection keys allow different regions of memory to be assigned different levels of protection, forming "protection domains" that each correspond to the memory regions with a particular protection key. In this manner, protection keys may be used in some embodiments to designate certain regions of memory 420 as execute-only memory 430 (¶ 0073)].
As to claim 8, Ahn in view of Lindo & LeMay teaches The system according to claim 7, wherein the exception is generated by the memory protection unit [LeMay -- As described throughout this disclosure, control-flow enforcement may be used to provide further protection of XO secrets, for example, by preventing execution from entering and/or exiting XO code at an unintended offset. In some embodiments, invalid entry and/or exit of XO code execution may result in a fault, exception, abort, virtual machine exit, and/or similar error (¶ 0064)].
As to claim 15, it recites substantially the same limitations as in claim 8, and is rejected for the same reasons set forth in the analysis of claim 8. Refer to "As to claim 8" presented earlier in this Office Action for details.
Further, Ahn in view of Lindo & LeMay teaches a first non-transitory memory storage comprising privileged memory and non-privileged memory [Ahn -- Referring to again FIG. 2, the memory access permission managing unit 201 may set the access permission field 303 for the memory region 301 such that a read/write operation on a corresponding memory region is not allowed during user mode and is allowed during supervisor mode … (¶ 0050-0052); … The memory controller and the flash memory device may constitute a solid state drive/disk (SSD) that uses a non-volatile memory to store data (¶ 0091].
As to claim 16, Ahn in view of Lindo & LeMay teaches The system according to claim 15, wherein the first and second non-transitory memory storages are a same memory storage [Ahn – as shown in figure 1].
As to claim 17, it recites substantially the same limitations as in claim 5, and is rejected for the same reasons set forth in the analysis of claim 5. Refer to "As to claim 5" presented earlier in this Office Action for details.
As to claim 18, it recites substantially the same limitations as in claim 4, and is rejected for the same reasons set forth in the analysis of claim 4. Refer to "As to claim 4" presented earlier in this Office Action for details.
As to claim 19, it recites substantially the same limitations as in claim 2, and is rejected for the same reasons set forth in the analysis of claim 2. Refer to "As to claim 2" presented earlier in this Office Action for details.
As to claim 20, it recites substantially the same limitations as in claim 7, and is rejected for the same reasons set forth in the analysis of claim 7. Refer to "As to claim 7" presented earlier in this Office Action for details.

Conclusion
8.	Claims 1-20 are rejected as explained above. 
9. 	THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
10.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHENG JEN TSAI whose telephone number is 571-272-4244.  The examiner can normally be reached on Monday-Friday, 9-6.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Charles Rones can be reached on 571-272-4085. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/SHENG JEN TSAI/Primary Examiner, Art Unit 2136                                                                                                                                                                                                        
December 1, 2022