DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are pending in this application.
Claims 2 and 7 are currently amended.
No new IDS was submitted by the Applicant.

Claim Objections
The previous objection to claim 7 has been withdrawn in response to the amendment.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 11-14, 15-17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Dunshea et al. (US 9,189,291 B2) (hereinafter, “Dunshea”) in view of Willcock et al. (US 2017/0228192 A1) (hereinafter, “Willcock”).
As to claim 1, Dunshea discloses a network interface device (Fig. 4, item 152) comprising: 
a first area of trust comprising a first part of the network interface device, the first part comprising a first kernel (“For further explanation, FIG. 4 sets forth a functional block diagram illustrating a further exemplary system for sharing a kernel of an operating system among logical partitions according to embodiments of the present invention. For convenience of explanation, the example of FIG. 1 included only one logical partition. For convenience of explanation, the example of FIG. 2 included only one shared kernel. The system of FIG. 4, however, includes nine logical partitions sharing among them three shared kernels, further explaining the fact that systems for sharing kernels according to embodiments of the present invention may share any number of kernels among any number of logical partitions. The system of FIG. 4 includes logical partitions (408, 410), each of which shares kernel (416). The system of FIG. 4 also includes logical partitions (434, 436, 438), each of which shares kernel (430). The system of FIG. 4 also includes logical partitions (440, 442, 444, 446), each of which shares kernel (432).” -col. 10, lines 29-45; herein, partitions (408, 410) (i.e. a first area of trust) which comprises a kernel (416) (i.e. a first kernel); It should be understood that kernel space is known to be trusted area); 
a second area of trust comprising a second part of the network interface device different to the first part, the second part comprising a second kernel (“For further explanation, FIG. 4 sets forth a functional block diagram illustrating a further exemplary system for sharing a kernel of an operating system among logical partitions according to embodiments of the present invention. For convenience of explanation, the example of FIG. 1 included only one logical partition. For convenience of explanation, the example of FIG. 2 included only one shared kernel. The system of FIG. 4, however, includes nine logical partitions sharing among them three shared kernels, further explaining the fact that systems for sharing kernels according to embodiments of the present invention may share any number of kernels among any number of logical partitions. The system of FIG. 4 includes logical partitions (408, 410), each of which shares kernel (416). The system of FIG. 4 also includes logical partitions (434, 436, 438), each of which shares kernel (430). The system of FIG. 4 also includes logical partitions (440, 442, 444, 446), each of which shares kernel (432).” -col. 10, lines 29-45; herein partitions (434, 436, 438) are considered a second area of trust in kernel (430) (i.e. in a second part of the network interface device comprising a second kernel); and 
a communication link between the first area of trust and the second area of trust (“In the system of FIG. 4, however, because a shared kernel is no longer embedded in an operating system of a single logical partition, there is no inherent one-to-one relationship between any particular system call and a particular kernel. The system of FIG. 4, therefore, is configured to vector all system calls (456, 458, 460) through its partition manager (422) by setting the protected registers or memory variables for all interrupt processing to the starting address of the partition manager's interrupt handler (448). The partition manager's interrupt handler (448) then passes (462, 464, 466) the system call to a kernel's interrupt handler, first determining which kernel to which the interrupt is to be passed by use of a data structure such as, for example, the one illustrated as Table 1:” -col. 10, lines 58-67 to col. 11, lines 1-5; herein, the partition manager’s interrupt handler (448) works as communication link between the first area of trust comprising first kernel 416 and the second area of trust which comprises a second kernel 430), 
wherein at least one of the first and second areas of trust is provided with [partition manager] … control which data is passed to the other of the first and second areas of trust via the communication link (“In the system of FIG. 4, however, because a shared kernel is no longer embedded in an operating system of a single logical partition, there is no inherent one-to-one relationship between any particular system call and a particular kernel. The system of FIG. 4, therefore, is configured to vector all system calls (456, 458, 460) through its partition manager (422) by setting the protected registers or memory variables for all interrupt processing to the starting address of the partition manager's interrupt handler (448). The partition manager's interrupt handler (448) then passes (462, 464, 466) the system call to a kernel's interrupt handler, first determining which kernel to which the interrupt is to be passed by use of a data structure such as, for example, the one illustrated as Table 1:” -col. 10, lines 58-67 to col. 11, lines 1-5; herein, partition manager controls which data is passed to the other of the first and second areas of trust via interrupt handler (448) (i.e. via communication link)).  
Dunshea doesn’t explicitly disclose isolation circuitry configured to control data. 
However, in analogous art, Willcock discloses isolation circuitry configured to control data (“In various embodiments, the memory device 120 can include isolation circuitry (e.g., isolation stripes 172 in FIGS. 1B and 1C and/or isolation stripe 372 and isolation transistors 332 and 333 in FIG. 3) configured to disconnect a first portion of a shared I/O line 355 corresponding to a first partition from a second portion of the same shared I/O line 355 corresponding to a second partition. The controller 140 can be configured to direct the isolation circuitry to disconnect the first portion and the second portion of the shared I/O line 355 during parallel movement (e.g., transfer and/or transport) of data values within the first partition and within the second partition. Disconnecting portions of the shared I/O line 355 can isolate the movement of data values within a first partition from the parallel movement of data values within a second partition.” -e.g. see, Willcock: [0084]; herein, isolation circuitry controls data movement to each of the first and second partition).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Dunshea with the teaching of Willcock to include isolation circuitry configured to control data in order to save time by reducing and eliminating external communications and may also conserve power. 

Claim 20 is rejected using the similar rationale as for the rejection of claim 1.

As to claim 11, the combination of Dunshea and Willcock disclose wherein the first kernel is configured to be one of inserted and removed at run time (Dunshea: “For further explanation, FIG. 5 sets forth a flow chart illustrating an exemplary method for sharing a kernel (416) of an operating system among logical partitions according to embodiments of the present invention that includes installing (402) in a partition manager (422) a kernel (416) of a type used by a plurality of logical partitions (408, 410). Installing such a kernel may be carried out by use of subroutines of the partition manager that install a kernel with its boot sectors on a disk drive, for example, so that the boot sector can be accessed at boot time for the kernel.” -e.g. see, Dunshea: col. 11, lines 34-48; the reasons of obviousness have been noted in the rejection of claim 1 above and applicable herein).  

As to claim 12, the combination of Dunshea and Willcock disclose wherein the network interface device is configured such that once the first kernel is loaded, a hardware linker for the first kernel is provided linking the first kernel to another kernel, the hardware linker being configured such that only data associated with an allowed data flow can be one or more of received and output by the first kernel (Dunshea: “For further explanation, FIG. 5 sets forth a flow chart illustrating an exemplary method for sharing a kernel (416) of an operating system among logical partitions according to embodiments of the present invention that includes installing (402) in a partition manager (422) a kernel (416) of a type used by a plurality of logical partitions (408, 410). Installing such a kernel may be carried out by use of subroutines of the partition manager that install a kernel with its boot sectors on a disk drive, for example, so that the boot sector can be accessed at boot time for the kernel.” -e.g. see, Dunshea: col. 11, lines 34-48; the reasons of obviousness have been noted in the rejection of claim 1 above and applicable herein).  

As to claim 13, the combination of Dunshea and Willcock disclose wherein the hardware linker provides the communication link between the first and second areas of trust and at least 63X-6371 USPATENT a part of the isolation circuitry in the first area of trust (Dunshea: “The method of FIG. 5 also includes installing (404) in the partition manager (422) generic data structures (420) specifying computer resources assigned to each of the plurality of logical partitions. Installing generic data structures may be carried out by use of subroutines of the partition manager improved for that purpose. A partition manager typically provides subroutines for creating and maintaining logical partitions. Such subroutines are improved according to embodiments of the present invention to include functions that create the generic data structures and associate pointers to them with logical partition identifiers as illustrated in Table 1 and in table (514) on FIGS. 8 and 9. Such subroutines typically are accessed by a system administrator or other authorized user through a GUI tool or command line interface exposed by a partition manager through a primary partition or through a command console coupled directly to the partition manager.” -e.g. see, Dunshea: col. 11, lines 49-65; the reasons of obviousness have been noted in the rejection of claim 1 above and applicable herein).  

As to claim 14, the combination of Dunshea and Willcock disclose wherein the first kernel of the first area of trust is configured to process data and to provide a part of the data to the second kernel of the second area of trust (Dunshea: “The system of FIG. 4, therefore, is configured to vector all system calls (456, 458, 460) through its partition manager (422) by setting the protected registers or memory variables for all interrupt processing to the starting address of the partition manager's interrupt handler (448). The partition manager's interrupt handler (448) then passes (462, 464, 466) the system call to a kernel's interrupt handler, first determining which kernel to which the interrupt is to be passed by use of a data structure such as, for example, the one illustrated as Table 1:”-e.g. see, Dunshea: col. 10, lines 62-67 to col. 11, lines 1-4; the reasons of obviousness have been noted in the rejection of claim 1 above and applicable herein).  

As to claim 16, the combination of Dunshea and Willcock disclose wherein the second kernel of the second area of trust is configured to support a data storage application (Willcock: “FIG. 1B schematically illustrates storage space (e.g., storage space 132) that can be configured for storage of data values from various subarrays (e.g., data values from some or all rows of a last subarray in a partition) prior to being overwritten to enable these data values to be later moved (e.g., transferred) between the different partitions, as described herein. For example, the data values from a row or rows of the last subarray in the partition can be moved (e.g., transferred) to an unused (e.g., designated) row or rows of memory cells in the same partition or in a different partition and/or subarray (e.g., shifted into a different partition and/or subarray), and/or any other available storage space associated with the array in order to serve as the storage space.” -e.g. see, Willcock: [0047]; the reasons of obviousness have been noted in the rejection of claim 1 above and applicable herein).  

As to claim 17, the combination of Dunshea and Willcock disclose wherein the first area of trust is configured to provide data to a third area of trust in the network interface device (Dunshea: “The system of FIG. 4, therefore, is configured to vector all system calls (456, 458, 460) through its partition manager (422) by setting the protected registers or memory variables for all interrupt processing to the starting address of the partition manager's interrupt handler (448). The partition manager's interrupt handler (448) then passes (462, 464, 466) the system call to a kernel's interrupt handler, first determining which kernel to which the interrupt is to be passed by use of a data structure such as, for example, the one illustrated as Table 1:”-e.g. see, Dunshea: col. 10, lines 62-67 to col. 11, lines 1-4; the reasons of obviousness have been noted in the rejection of claim 1 above and applicable herein).  

As to claim 19, the combination of Dunshea and Willcock disclose wherein at least one of the first and second area of trust extends to a host computing device (Dunshea: “FIG. 1 sets forth a block diagram of automated computing machinery comprising an exemplary computer (152) useful in sharing a kernel of an operating system among logical partitions according to embodiments of the present invention” -e.g. see, Dunshea: col. 3, lines 13-22; the reasons of obviousness have been noted in the rejection of claim 1 above and applicable herein).

Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Dunshea and Willcock and further in view of Caceres et al. (US 10,778,444 B2) (hereinafter, “Caceres”).

As to claim 2, neither Dunshea nor Willcock explicitly disclose wherein hardware provided in one area of trust has restricted access to hardware in the other area of trust, wherein the first and second area of trust comprise non-overlapping hardware and the first and second kernels are different. 
However, in an analogous art, Caceres discloses wherein hardware provided in one area of trust has restricted access to hardware in the other area of trust, wherein the first and second area of trust comprise non-overlapping hardware and the first and second kernels are different (“Briefly, as shown in FIG. 1A, the client devices described herein may include multiple, separate and discrete code execution environments. One such environment includes the rich OS, from which applications stored on the client device may be executed. The rich OS includes a bootloader, used to boot the rich OS, and a kernel. The kernel acts as a bridge between the rich OS and the hardware, and connects the hardware and applications software. The rich OS may be rooted, for example, where a user removes software restrictions and is granted root (administrator) access.” -e.g. see, Caceres: col. 2, lines 38-47; see also, “Another environment disposed on the client devices described herein includes the trusted execution environment (TEE). The TEE refers to a secure area of the main processor in the client device, which ensures that sensitive data is stored, processed, and protected in an isolated, trusted environment. TEE is isolated from the rich OS, and includes a separate, isolated bootloader and kernel.” -e.g. see, Caceres: col. 2, lines 63-67 to col. 3, lines 1-2; see also, Caceres: FIG. 1A & claim 1: “A device, comprising: one or more memories; a rich operating system (OS); and one or more processors, disposed in a trusted execution environment (TEE) of the device, communicatively coupled to the one or more memories, the TEE being associated with a first bootloader and a first kernel, the rich OS being associated with a second bootloader and a second kernel, the first bootloader and the first kernel being separate from the second bootloader and the second kernel”; herein, TEE is comparable to one area of trust and rich OS is comparable to other area of trust; TEE and rich OS comprise non-overlapping hardware and the first and second kernels are different). 
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Dunshea and Willcock with the teaching of Caceres to include wherein hardware provided in one area of trust has restricted access to hardware in the other area of trust, wherein the first and second area of trusts comprises non-overlapping hardware and the first and second kernels are different in order to protect the assets associated with a secure environment. 

Claims 8-10 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Dunshea and Willcock and further in view of Hanel et al. (US 2020/0252207 A1) (hereinafter, “Hanel”).

As to claim 8, neither Dunshea nor Willcock explicitly disclose wherein the first area of trust is associated with a first address space and the second area of trust is associated with a second address space, the first address space being different than the second address space.  
However, in an analogous art, Hanel discloses wherein the first area of trust is associated with a first address space and the second area of trust is associated with a second address space, the first address space being different than the second address space (Hanel: “As shown in FIG. 2, the processing circuitry 4 and other components of the device may have a hardware architecture which provides for a secure execution environment 20 and a less secure (normal) execution environment 22 which coexist on the device. Software applications and data may be associated with one of the secure or less secure execution environments, and application code or data associated with the secure execution environment 20 is isolated from access by the code executed within the less secure execution environment 22. This may be implemented using hardware architecture features, such as using a memory management unit which may define a partition of memory address space into secure and less secure regions, and may enforce memory protection so that access requests issued by an application executed in the less secure execution environment 22 are not permitted to read/write a region of the memory address space that is restricted for access by the secure execution environment 20. In some examples, only the volatile memory unit 6 may be partitioned into the secure and less secure regions and have its access policed by the memory management unit.” -e.g. see, Hanel: [0060]; herein, memory address space is partitioned for secure and less secure regions; hence, for first and second trust area).  
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Dunshea and Willcock with the teaching of Hanel to include wherein the first area of trust is associated with a first address space and the second area of trust is associated with a second address space, the first address space being different than the second address space in order to protect the assets associated with a secure environment. 

As to claim 9, neither Dunshea nor Willcock explicitly disclose wherein the first area of trust is associated with a first data flow and the second area of trust is associated with a second different data flow.  
However, in an analogous art, Hanel discloses wherein the first area of trust is associated with a first data flow and the second area of trust is associated with a second different data flow (Hanel: “As shown in FIG. 2, the processing circuitry 4 and other components of the device may have a hardware architecture which provides for a secure execution environment 20 and a less secure (normal) execution environment 22 which coexist on the device.” -e.g. see, Hanel: [0060]; herein, first area is associated with secure execution environment (i.e. first data flow) and second area is associated with a less secure execution environment (i.e. second different data flow)).  
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Dunshea and Willcock with the teaching of Hanel to include disclose wherein the first area of trust is associated with a first data flow and the second area of trust is associated with a second different data flow in order to protect the assets associated with a secure environment. 

As to claim 10, neither Dunshea nor Willcock explicitly disclose wherein the first area of trust is associated with a first application and the second area of trust is associated with a second, different, application. 
However, in an analogous art, Hanel discloses wherein the first area of trust is associated with a first application and the second area of trust is associated with a second, different, application (Hanel: “Software applications and data may be associated with one of the secure or less secure execution environments, and application code or data associated with the secure execution environment 20 is isolated from access by the code executed within the less secure execution environment 22.” -e.g. see, Hanel: [0060]; see also, Hanel: Fig. 2; herein, client applications are associated with less secure execution environment (i,e, associated with a first area of trust) and trusted applications are associated with secure execution environment (i.e. second area of trust)).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Dunshea and Willcock with the teaching of Hanel to include wherein the first area of trust is associated with a first application and the second area of trust is associated with a second, different, application in order to protect the assets associated with a secure environment. 

As to claim 15, neither Dunshea nor Willcock explicitly disclose wherein the first kernel of the first area of trust is configured to at least one of: at least partially protocol process data; decrypt data; or encrypt data.  
However, in an analogous art, Hanel discloses wherein the first kernel of the first area of trust is configured to at least one of: at least partially protocol process data; decrypt data; or encrypt data (Hanel: “Other security mechanisms that can be provided to protect the assets associated with a secure environment 20 may be to provide for encryption of any data which may need to be paged out of the secure regions of memory to a potentially insecure location such as an external device (or in the flash memory 7 if this is not within the secure boundary of the secure execution environment 20).” -e.g. see, Hanel: [0060]; herein, data is encrypted in the first area of trust).  
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Dunshea and Willcock with the teaching of Hanel to include wherein the first kernel of the first area of trust is configured to at least one of: at least partially protocol process data; decrypt data; or encrypt data in order to protect the assets associated with a secure environment. 


Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Dunshea and Willcock and further in view of Burger et al. (US 2016/0378491 A1) (hereinafter, “Burger”).


As to claim 3, neither Dunshea nor Willcock explicitly disclose wherein the isolation circuitry is configured to use header values of the data to determine which data can be passed to the other of the first and second areas of trust.  
However, in analogous art, Burger discloses wherein the isolation circuitry is configured to use header values of the data to determine which data can be passed to the other of the first and second areas of trust (“In some examples, the control logic circuitry is configured to determine that the target location is at an address immediately following the current instruction block. In some examples, the control logic circuitry is configured to determine the target location of the next instruction block based at least in part on exit type information encoded in an instruction header for the current instruction block. In some examples, the apparatus further includes a core scheduler configured to map the instruction blocks for execution on respective ones of the processor cores, the core scheduler being configured to speculatively execute at least one control flow instruction based at least in part on the exit type information.” -e.g. see, Burger: [0136]).  
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Dunshea and Willcock with the teaching of Burger to include wherein the isolation circuitry is configured to use header values of the data to determine which data can be passed to the other of the first and second areas of trust in order to allowing for improved compiler and processor performance as suggested by Burger (para. [0002]). 

Claims 4-5 are rejected under 35 U.S.C. 103 as being unpatentable over Dunshea and Willcock and further in view of Xie et al. (US 2019/0034658 A1) (hereinafter, “Xie”).

As to claim 4, neither Dunshea nor Willcock explicitly disclose wherein the isolation circuitry associated with the first area of trust is configured to modify received data to be in a form used in the first area of trust.  
However, in an analogous art, Xie discloses wherein the isolation circuitry associated with the first area of trust is configured to modify received data to be in a form used in the first area of trust (Xie: [0041] S106. Decrypt the encrypted data in a trusted zone to obtain the user data.[0042] S108. Train a model by using the user data in the trusted zone.).  
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Dunshea and Willcock with the teaching of Xie to include wherein the isolation circuitry associated with the first area of trust is configured to modify received data to be in a form used in the first area of trust in order to effectively provide acceptable data format usable by a particular trust zone. 

As to claim 5, neither Dunshea nor Willcock explicitly disclose wherein the isolation circuitry associated with the first area of trust is configured to modify data to be output from the first area of trust to remove a part of the data required in the first area of trust but is not required in the second area of trust.  
However, in an analogous art, Xie discloses wherein the isolation circuitry associated with the first area of trust is configured to modify data to be output from the first area of trust to remove a part of the data required in the first area of trust but is not required in the second area of trust (Xie: [0041] S106. Decrypt the encrypted data in a trusted zone to obtain the user data.[0042] S108. Train a model by using the user data in the trusted zone.).  
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Dunshea and Willcock with the teaching of Xie to include wherein the isolation circuitry associated with the first area of trust is configured to modify data to be output from the first area of trust to remove a part of the data required in the first area of trust but is not required in the second area of trust in order to effectively provide acceptable data format usable by a particular trust zone. 
 Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Dunshea and Willcock and further in view of Tsien (US 2022/0091657 A1).

As to claim 6, neither Dunshea nor Willcock explicitly disclose wherein the isolation circuitry 62X-6371 USPATENT is configured to determine adherence to a communication link protocol of the communication link.
However, in an analogous art, Tsien discloses wherein the isolation circuitry 62X-6371 USPATENT is configured to determine adherence to a communication link protocol of the communication link (“In various embodiments, each of the processing nodes 210A-210D of the partition 240 and each of the processing nodes 910A-910D of the partition 640 has the functionality described earlier for processing node 100 (of FIG. 2). In an embodiment, the links 920-930, 932 and 934 support a same communication protocol as supported by the links 220-230.” -e.g. see, Tsien: [0083]).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Dunshea and Willcock with the teaching of Tsien to include wherein the isolation circuitry 62X-6371 USPATENT is configured to determine adherence to a communication link protocol of the communication link in order to provide a robust and faster way to transmit data between components. 
 Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Dunshea and Willcock and further in view of Durham et al. (US 2019/0042799 A1) (hereinafter, “Durham”).

As to claim 7, neither Dunshea nor Willcock explicitly disclose wherein the isolation circuitry is configured to terminate one or requests indicating one or more of reset or reconfiguration of one or more of the first and second kernels.
However, in an analogous art, Durham discloses wherein the isolation circuitry is configured to terminate one or requests indicating one or more of reset or reconfiguration of one or more of the first and second kernels (“The disclosed system and methods include memory tagging circuitry that is configured to address existing and potential hardware and software architectures security vulnerabilities, according to various embodiments. The memory tagging circuitry may be configured to prevent memory pointers being overwritten, prevent memory pointer manipulation (e.g., by adding values) that cause the pointers to land on a wrong (unauthorized) data object in memory space, access a non-current object in time and increase the granularity of memory tagging to include byte-level tagging in cache.” -e.g. see, Durham: [0015]; herein, Durham discloses preventing overwrite and memory manipulation which is equivalent to terminate reconfiguration of one or more area).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Dunshea and Willcock with the teaching of Durham to include wherein the isolation circuitry is configured to terminate one or requests indicating one or more of reset or reconfiguration of one or more of the first and second kernels in order to wherein the isolation circuitry is configured to terminate one or requests indicating one or more of reset or reconfiguration of one or more of the first and second kernels. 
 
Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Dunshea and Willcock and further in view of Dapp et al. (US 2007/0032920 A1) (hereinafter, “Dapp”).

As to claim 18, neither Dunshea nor Willcock explicitly disclose wherein the isolation circuitry is configured to prevent data from one of the second or third areas of trust from being pushed to the other of the second or third areas of trust.  
However, in an analogous art, Dapp discloses wherein the isolation circuitry is configured to prevent data from one of the second or third areas of trust from being pushed to the other of the second or third areas of trust (Dapp: “The example operating system shown in FIG. 1 consists of two components, a SMP Partitioned Kernel (PK) and an RTOS. These components are a layer above the processor and the Board Support Package (BSP). The PK may be a very small kernel that provides secure partitioning and prevents unauthorized data transfer between partitions. The secure partitioning supports the development of software that is DO-178B (flight safety critical) compliant. On top of the PK are RTOS instances. The RTOSs may provide the APIs and services to the application and middleware layers above the OS layer.” -e.g. see, Dapp: [0070]).  
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Dunshea and Willcock with the teaching of Dapp to include wherein the isolation circuitry is configured to prevent data from one of the second or third areas of trust from being pushed to the other of the second or third areas of trust in order to provide secure partitioning supports by preventing unauthorized data transfer. 

Response to Arguments
Applicant has amended claim 2, which necessitated new ground of rejection, see rejection above. 
Applicant's arguments filed regarding claim 1 have been fully considered but they are not persuasive. 

Applicant argued on page 8 of the remark regarding independent claim 1 that: “Dunshea explains that a "traditional kernel is installed in an operating system. Kernel (416), however, is no longer located in a single partition. Kernel (416) has been removed to a partition manager space and may be used by any number of logical partitions that use the same type of operating system and kernel." Dunshea, col 5, lines 65-67. In other words, the logical partitions (408, 410) in Dunshea no longer comprise the kernel (416). Instead, the kernel (416) resides in a partition manager space, which is separate hardware from these coupled partitions. Similarly, the logical partitions (434, 436, 438) in Dunshea no longer comprise the kernel (430), and the kernel (430) resides in the same partition manager space as the kernel (416). See Fig. 4 of Dunshea, In contrast, the present claims recite, in part, "a first area of trust comprising a first part of the network interface device, the first part comprising a first kernel." Thus, Applicant respectfully submits that Dunshea does not teach "a first area of trust comprising a first part of the network interface device, the first part comprising a first kernel," nor "a second area of trust comprising a second part of the network interface device different to the first part, the second part comprising a second kernel." Because Willcock does not cure this deficiency in Dunshea, for at least this reason Applicant submits the combination of references does not render claim 1 obvious.” 
Examiner respectfully disagrees with the Applicant’s argument and would like to point out that Applicant is arguing about things that are not in the independent claims. For instance, claim language didn’t recite where the kernel is located, claim reads, “a first area of trust…comprising a first kernel”. Furthermore, claim doesn’t limit “a first area of trust” to be a single partition or even in a separate non-overlapping hardware. Claim language simple stating: “a first area of trust…comprising a first kernel”. Examiner with a reasonable interpretation, interpreting logical partitions (408, 410) is a first area of trust. It should be understood from Examiner’s mapping that both partitions 408 and 410 are considered as first area of trust and the kernel 416 is called shared kernel 416 because it’s shared between 408 and 410. Point should be noted that 408 and 410 both are part of first area of trust and kernel 416 is associated with that area (i.e. comprising a first kernel). Kernel 416 is not shared with the second area of trust that comprises separate set of logical partitions. Applicant’s claim doesn’t mention that kernel must be physically located in the first area of trust (i.e. can’t be a logical association), also doesn’t claim that first kernel should be exclusive to a segment (i.e. can not be shared with two logical partition), also doesn’t claim that first area of trust should have only one logical partition. Thus, Examiner with a reasonable interpretation, interprets that logical “partitions (408, 410)” is comparable to “a first area of trust” which comprises “a kernel 416” which is comparable to “a first kernel” and “logical partitions (434, 436, 438)” are comparable to “a second area of trust” comprising “kernel (430)” which is comparable to “a second kernel”. Kernel 430 is shared among logical partitions (434, 436, 438) which are considered a second area of trust. 

Applicant argued on pages 9-10 of the remark that: “Applicant notes the interrupt handler (448) that forwards each of the intercepted system calls in a single direction to a corresponding connected kernel cannot be read on "a communication link between the first area of trust and the second area of trust" as recited in claim 1…. Dunshea does not teach or suggest that the interrupt handler (448) intercepts the system call (460) sent by the logical partitions (408, 410), and then forwards the system call (460) to the kernel (430), which is coupled to the logical”
In response to the applicant’s argument, Examiner would like to point out that “a single direction” communication can be interpreted as one directional communication link between the first area of trust and the second area of trust". Claim language doesn’t require the communication to be bidirectional. Examiner further asserts that “the interrupt handler (448)” communicates between first area of trust and second area of trust by distributing the system call to each area through the associated kernel (e.g. see, “The system of FIG. 4, therefore, is configured to vector all system calls (456, 458, 460) through its partition manager (422) by setting the protected registers or memory variables for all interrupt processing to the starting address of the partition manager's interrupt handler (448). The partition manager's interrupt handler (448) then passes (462, 464, 466) the system call to a kernel's interrupt handler, first determining which kernel to which the interrupt is to be passed by use of a data structure such as, for example, the one illustrated as Table 1:” -col. 10, lines 58-67 to col. 11, lines 1-5; herein, the partition manager’s interrupt handler (448) works as communication link between first logical partitions (i.e. the first area of trust) comprising first kernel 416 and second logical partitions (i.e. the second area of trust) which comprises a second kernel 430). Furthermore, it should be noted that no where in the claim it was mentioned that data was moving from first area of trust to a second area of trust or vise versa. Claim mentioned “a communication link between the first area of trust and the second area of trust” which taught by Dunshea as “interrupt handler (448)” situated between a first area of trust and a second area of trust. Claim limitation further recites that “isolation circuitry configured to control which data is passed to the other of the first and second areas of trust via the communication link”, herein, claim limitation doesn’t clarify if the “data” is coming from first area and communicated to the second area or vise versa. Thus, “data” could simply be a system calls that either passing to a first area of trust (i.e. to the first set of logical partitions) or to the second area of trust (i.e. to the second set of logical partitions). Thus, with a broadest reasonable interpretation, it’s reasonable to interpret that col. 10, lines 58-67 to col. 11, lines 1-5 of Dunshea reads on the limitation in argument (herein, The partition manager's interrupt handler (448) then passes (462, 464, 466) the system call to a kernel's interrupt handler, first determining which kernel to which the interrupt is to be passed by use of a data structure such as, for example, the one illustrated as Table 1).

Applicant argued on pages 10-11 of the remark that: “The isolation strip or transistor among memory partitions in Willcock, is far different from the logical partitions (e.g., virtual machines) taught in Dunshea. Moreover, as discussed above, Dunshea describes the sharing of a kernel between multiple logical partitions, but it does not teach "a communication link" between a first group of logical partitions (408, 410) with a first shared kernel and a second group of logical partitions (434, 436, 438) with a second shared kernel. Thus, it would not be obvious to one of ordinary skill in the art to use isolation circuitry (e.g., an isolation strip or transistor) for separating memory partitions to serve as isolation circuitry for logical partitions (e.g., virtual machines).”
Examiner respectfully disagrees with the Applicant’s argument and would like to point out that Willcock was cited to show that a hardware circuitry can be used to control data flow between two partitions. Herein, Willcock teaches a controlling mechanism to control the data flow between two partitions which should work regardless of logical or physical partition. Willcock teaches isolation circuitry configured to control data (“In various embodiments, the memory device 120 can include isolation circuitry (e.g., isolation stripes 172 in FIGS. 1B and 1C and/or isolation stripe 372 and isolation transistors 332 and 333 in FIG. 3) configured to disconnect a first portion of a shared I/O line 355 corresponding to a first partition from a second portion of the same shared I/O line 355 corresponding to a second partition. The controller 140 can be configured to direct the isolation circuitry to disconnect the first portion and the second portion of the shared I/O line 355 during parallel movement (e.g., transfer and/or transport) of data values within the first partition and within the second partition. Disconnecting portions of the shared I/O line 355 can isolate the movement of data values within a first partition from the parallel movement of data values within a second partition.” -e.g. see, Willcock: [0084]; herein, isolation circuitry controls data movement to each of the first and second partition). In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  In this case, motivation for the rejection is found, in the knowledge generally available to one of ordinary skill in the art.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SUMAN DEBNATH whose telephone number is (571)270-1256. The examiner can normally be reached Mon-Fri; 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

SUMAN DEBNATH
Patent Examiner
Art Unit 2495



/S.D/Examiner, Art Unit 2495                                                                                                                                                                                                        

/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495