DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


1. The following is a Final Office Action in response to applicant’s arguments filed on September 15, 2022
Claims 1, 15, and 24 are amended
Claims 1-24 are pending 

Examiner’s Note: The term, “processor”, is defined in paragraph 0013 of the specification as being a device comprising circuitry



Response to Arguments
1.) Applicant’s argument regarding 35 U.S.C. 101 rejection of claim 24 has been fully considered. In the remarks, applicant amended claim to include a non-transitory computer-readable medium. The argument is persuasive. Therefore, the rejection is withdrawn.
2.) Applicant’s amendment to claims 1, 15, and 24 filed on 9/15/2022 regarding “associating a predetermined exception with an exception handling program in an operating system having at least two types of users, wherein the at least two types of users comprising the normal privilege user and the highest privilege user; restricting a user program to execution by the normal privilege user, wherein a highest privilege user is not permitted to execute the user program;” necessitated the new ground(s) of rejection presented in this Office action. Therefore, Applicant's arguments with respect to claims 1-24 have been considered but are moot in view of the new ground(s) of rejection.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

1.) Claims 1, 15, and 24 are rejected under 35 U.S.C. 103 as being unpatentable over US 20100031360, Seshadri in view of US 20050044319, Olukotun 

 	In regards to claim 1, Seshardi teaches a method, comprising: 
associating a predetermined exception with an exception handling program in an operating system(US 20100031360, Seshadri, para. 0060, On each entry to kernel mode, the monitoring program 9 sets execute permissions in the Protection Page Table so that only approved code will be executable. Then, the CPU 2 will generate an exception on every attempt to execute unapproved code in kernel mode. When the monitoring program 9[i.e. exception handling program] receives such an exception, it terminates the kernel. The monitoring program 9 also marks the approved code pages read-only in the Protection Page Table. This prevents any code executing on the CPU (except the monitoring program 9) from modifying approved code pages, thereby satisfying part of property P4. From FIG. 3 it can be seen that, in kernel mode, the pages of kernel memory will be either writable or executable, but never both. This type of memory protection is generally referred to as W exclusive-or X protection.) having at least two types of users, wherein the at least two types of users comprising the normal privilege user and the highest privilege user(US 20100031360, Seshadri, para. 0044 and 0045: [0044]- A second issue is how to ensure the integrity of kernel code. The monitoring program 9 addresses this issue by ensuring that, when executing at the privilege level of the kernel (hereafter called the kernel mode), the CPU 2 refuses to execute any code that is not approved by the user. In the interest of simplicity, henceforth, the monitoring program 9 will be referred to as approving the kernel code, with the understanding that the monitoring program 9 uses the user supplied policy for code approval. The monitoring program 9 does not prevent code from being added to the kernel; only that the CPU 2 will refuse to execute unapproved code. For example, the attacker could exploit a kernel-level buffer overflow vulnerability to inject code into the kernel's data segment. But the CPU 2 will not execute the injected code because it is not approved by the monitoring program 9. An additional requirement is that the monitoring program's 9 approved code should not be modifiable by any entity on the system other than those in the monitoring program's TCB 16 and the monitoring program 9 itself. To implement these requirements, the monitoring program 9 needs to inform the CPU 2 which code is approved for execution in kernel mode and also protect the approved code from modification. The CPU-based protections provide a natural way to address these. The monitoring program 9 sets the CPU-based protections over kernel memory to ensure that only code approved by the monitoring program 9 is executable in kernel mode and that the approved code can only be modified by the monitoring program 9 or its TCB 16. 

[0045]- All CPUs support at least one other privilege level (other than the kernel mode and VMM privilege level), called user mode, at which user programs execute. Given that a CPU will switch between user and kernel mode execution via control transfers, the monitoring program 9 needs to prevent the attacker from modifying the expected control flow of these control transfers to execute arbitrary code with kernel privilege. This requires two checks. First, the monitoring program 9 needs to ensure that the targets of all control transfers that switch the CPU to kernel mode lie within approved code. Without this, the attacker could execute arbitrary code with kernel privilege by modifying the targets of control transfers that enter kernel mode. Second, the control transfers that exit kernel mode to enter user mode modify the privilege level of the CPU to that of user mode. Otherwise, the attacker could execute user programs with kernel privilege. [note: where a user {i.e. highest privileged user} controls programs operating in kernel mode and an attacker{i.e. normal privilege user} may operate in user mode]); 
5restricting a user program to execution by the normal privilege user, wherein a highest privilege user is not permitted to execute the user program; and 
designating a secure partition of an address space of memory and restricting the secure partition to be accessible by a highest privilege user(US 20100031360, Seshadri, fig. 3 and para. 0058: In using the Protection Page Table 11 to set protections over kernel memory, the monitoring has to consider how the kernel and user memories are mapped into address spaces In most commodity OSes today, the kernel and user memories share the same address spaces. Such a shared address spaces configuration could enable an attacker to modify the control flow of the kernel to execute user code with kernel privilege. For example, the attacker could exploit a buffer overflow vulnerability and modify a return address stored on the kernel's stack to point to user code. To prevent these kinds of attacks, and thereby achieve property P2, the monitoring program 9 sets the Protection Page Table 11 so that user memory is not executable when the CPU executes in kernel mode. On the other hand, it is clear that user memory has to be executable when the CPU is in user mode. Then, the monitoring program 9 has to intercept all transitions between kernel and user mode to modify the user memory execute permissions in the Protection Page Table 11. The monitoring program 9 uses the execute permissions themselves to intercept these transitions. The monitoring program 9 sets execute permissions in the Protection Page Table 11 only for the memory of the mode that is currently executing. Then, all inter-mode transitions cause protection violations, which inform the monitoring program 9 of an attempted mode change via a CPU exception.);  	wherein: when executed in user space corresponding to the normal privilege user, the user program generates the predetermined exception(US 20100031360, Seshadri, para. 0058, In using the Protection Page Table 11 to set protections over kernel memory, the monitoring has to consider how the kernel and user memories are mapped into address spaces. In most commodity OSes today, the kernel and user memories share the same address space. Such a shared address space configuration could enable an attacker to modify the control flow of the kernel to execute user code with kernel privilege. For example, the attacker could exploit a buffer overflow vulnerability and modify a return address stored on the kernel's stack to point to user code. To prevent these kinds of attacks, and thereby achieve property P2, the monitoring program 9 sets the Protection Page Table 11 so that user memory is not executable when the CPU executes in kernel mode. On the other hand, it is clear that user memory has to be executable when the CPU is in user mode. Then, the monitoring program 9 has to intercept all transitions between kernel and user mode to modify the user memory execute permissions in the Protection Page Table 11. The monitoring program 9 uses the execute permissions themselves to intercept these transitions. The monitoring program 9 sets execute permissions in the Protection Page Table 11 only for the memory of the mode that is currently executing. Then, all inter-mode transitions cause protection violations, which inform the monitoring program 9 of an attempted mode change via a CPU exception.); the exception handling program is configured to read data from the secure partition and deliver the data after processing to the user programs the user program is stored in a user space of the address space(US 20100031360, Seshadri, para. 0133, To deal with the synchronization issue, it is observed that the shadow copies of these tables only need to control execution in user mode 70 because property P1 deals with transition from user mode 70 to kernel mode 72. In other words, during kernel mode 72 execution the CPU 2 can use the kernel's GDT, LDT, and IDT[i.e. data in kernel partition]. This observation enables two simplifications. One, a lazy synchronization scheme can be implemented to maintain shadow copies of the GDT, LDT, and IDT. This lazy synchronization scheme only synchronizes the shadow tables when the CPU transitions from kernel 72 to user 70 mode. Because all legitimate modifications to these tables can only occur in kernel mode 72, the lazy synchronization allows the monitoring program 9 to batch all its updates to the shadow copies. As part of the synchronization, the monitoring program 9 checks that all entry pointers in the shadow GDT, LDT, and IDT contain virtual addresses of approved kernel code 34. Two, the monitoring program 9 does not need to intercept writes to the gdtr, ldtr, and idtr. Because the shadow tables need to be in control of execution only in user mode 70, the monitoring program 9 can set these registers to point to the shadow copies as part of the kernel mode 72 to user mode transition[i.e. the monitoring program can facilitate providing shadow table data to user programs executed in user mode]. This it does by changing the corresponding values in the VMCB as part of handling a kernel 72 to user 70 mode transition. Any attempt by the user programs to modify any of these registers will result in the CPU causing an exception. Because the corresponding entry pointer is pointing to approved kernel code 34, this exception will cause approved kernel code 34 to be invoked, satisfying property P1).; and a normal privilege user permission set is more restrictive with respect to the secure partition than a highest privilege user permission set(US 20100031360, Seshadri, para. 0007, Another aspect of the present disclosure is directed to a method of protecting a computer which operates in a user mode[i.e. normal privilege user] and a higher privilege operating system mode[i.e. kernel mode- highest privilege user permission], the method comprising requiring that all entries into the higher privilege operating system mode begin with the execution of approved operating system instructions, executing only approved operating system instructions while in the higher privilege operating system mode[i.e. less restrictive with respect to higher permission users/more restrictive to normal privilege users], switching to user mode before running non-approved instructions, and preventing unauthorized modification of approved instructions.); 	Seshardi does not teach the predetermined exception 10triggers execution of the exception handling program in kernel space 	However, Olukotun teaches the predetermined exception 10triggers execution of the exception handling program in kernel space (US 20050044319, Olukotun, para. 0033, The processor is configured to handle excepting instructions. Here, the instructions in the pipeline are flushed to NOPs, the Exception Program Counter (EPC) is set to point the excepting instruction, the Program Counter (PC) of the thread is set to start fetching the exception handler, and the processor status register is adjusted so that the thread is running in kernel mode.).  	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Seshardi with the teaching of Olukotun because a user would have been motivated to apply special kernel instructions, taught by Olukotun, in order to improve the operational efficiency of the operating system, taught by Seshardi, by using a dedicated processor thread to minimize the kernel latency by guaranteeing a worst-case latency(Olukotun, para. 0036) 
 
 	In regards to claim 15, Seshardi teaches a system, comprising: 
a processor for executing instructions, the instructions coming from an operating system, a secure access management module(US 20100031360, Seshadri, para. 0055, FIG. 2 depicts a system-level overview 18 of memory protections. In the system of FIG. 2, the CPU 2 is responsive to the system memory 4 through the memory controller 6. The memory controller is also responsive to one or more peripherals 24 through the peripheral bus 26. In this configuration, the contents of the system memory 4 are protected by the memory management unit (MMU) 20 and the 10 Memory Management Unit (IOMMU) 22. The MMU 20 enforces memory accesses from the CPU 2 while the IOMMU 22 enforces DMA write protections.), an exception handling program(US 20100031360, Seshadri, para. 0060, On each entry to kernel mode, the monitoring program 9 sets execute permissions in the Protection Page Table so that only approved code will be executable. Then, the CPU 2 will generate an exception on every attempt to execute unapproved code in kernel mode. When the monitoring program 9 receives such an exception, it terminates the kernel.), and a user program (US 20100031360, Seshadri, para. 0045, All CPUs support at least one other privilege level (other than the kernel mode and VMM privilege level), called user mode, at which user programs execute.); 
a storage device linked to the processor(US 20100031360, Seshadri, fig. 1, item 4, system memory); wherein: at least a portion of storage space of the storage device is partitioned into kernel space and user space(US 20100031360, Seshadri, fig. 3, where memory is partitioned between user memory and kernel memory); 
multiple instructions of the operating system and the secure access management module are executed by the processor in kernel space(US 20100031360, Seshadri, para. 0044, A second issue is how to ensure the integrity of kernel code. The monitoring program 9 addresses this issue by ensuring that, when executing at the privilege level of the kernel (hereafter called the kernel mode), the CPU 2 refuses to execute any code that is not approved by the user. In the interest of simplicity, henceforth, the monitoring program 9 will be referred to as approving the kernel code, with the understanding that the monitoring program 9 uses the user supplied policy for code approval. The monitoring program 9 does not prevent code from being added to the kernel; only that the CPU 2 will refuse to execute unapproved code. For example, the attacker could exploit a kernel-level buffer overflow vulnerability to inject code into the kernel's data segment. But the CPU 2 will not execute the injected code because it is not approved by the monitoring program 9. An additional requirement is that the monitoring program's 9 approved code should not be modifiable by any entity on the system other than those in the monitoring program's TCB 16 and the monitoring program 9 itself. To implement these requirements, the monitoring program 9 needs to inform the CPU 2 which code is approved for execution in kernel mode and also protect the approved code from modification. The CPU-based protections provide a natural way to address these. The monitoring program 9 sets the CPU-based protections over kernel memory to ensure that only code approved by the monitoring program 9 is executable in kernel mode and that the approved code can only be modified by the monitoring program 9 or its TCB 16.);
multiple instructions of the user program are executed by the processor in the user space(US 20100031360, Seshadri, para. 0045, All CPUs support at least one other privilege level (other than the kernel mode and VMM privilege level), called user mode, at which user programs execute.); the user program is stored in the user space(US 20100031360, Seshadri, para. 0126, Next is a description of how the monitoring program 9 achieves properties P1 and P3 on the x86 architecture. Property P3 requires that all kernel mode 72 exits set the privilege level of the CPU 2 to that of user mode 70. In the case of the Linux OS executing on a x86 CPU, user programs execute in Ring 3 (See FIG. 6).);the operating system is configured to associate a predetermined exception with Attorney Docket No. ALIBP43529PATENTthe exception handling program(US 20100031360, Seshadri, para. 0060, On each entry to kernel mode, the monitoring program 9 sets execute permissions in the Protection Page Table so that only approved code will be executable. Then, the CPU 2 will generate an exception on every attempt to execute unapproved code in kernel mode. When the monitoring program 9[i.e. exception handling program] receives such an exception, it terminates the kernel. The monitoring program 9 also marks the approved code pages read-only in the Protection Page Table. This prevents any code executing on the CPU (except the monitoring program 9) from modifying approved code pages, thereby satisfying part of property P4. From FIG. 3 it can be seen that, in kernel mode, the pages of kernel memory will be either writable or executable, but never both. This type of memory protection is generally referred to as W exclusive-or X protection.); the security access management module is configured to designate a secure partition comprised in the kernel space, and restrict the secure partition to be accessible by a highest privilege user(US 20100031360, Seshadri, para. 0014, The disclosed monitoring program may be implemented as a tiny virtualization platform, also referred to as a hypervisor, that uses hardware memory protections to ensure kernel code integrity. The monitoring program may virtualize the physical memory, allowing it to set hardware protections over kernel memory, that are independent of any protections set by the kernel. The monitoring program may also utilize the 10 Memory Management Unit (IOMMU) to protect approved code from DMA writes. Also, the monitoring program may virtualize the CPU's Memory Management Unit (MMU) and the IOMMU. This would ensure that the monitoring program can intercept and check all modifications to MMU and IOMMU state.) and restrict the user program to be executable by a normal privilege user, wherein the highest privilege user is not permitted to execute the user program;a normal privilege user permission set is more restrictive with respect to the secure partition than a highest privilege user permission set(US 20100031360, Seshadri, fig. 3 and para. 0058: In using the Protection Page Table 11 to set protections over kernel memory, the monitoring has to consider how the kernel and user memories are mapped into address spaces . In most commodity OSes today, the kernel and user memories share the same address spaces. Such a shared address spaces configuration could enable an attacker to modify the control flow of the kernel to execute user code with kernel privilege. For example, the attacker could exploit a buffer overflow vulnerability and modify a return address stored on the kernel's stack to point to user code. To prevent these kinds of attacks, and thereby achieve property P2, the monitoring program 9 sets the Protection Page Table 11 so that user memory is not executable when the CPU executes in kernel mode. On the other hand, it is clear that user memory has to be executable when the CPU is in user mode. Then, the monitoring program 9 has to intercept all transitions between kernel and user mode to modify the user memory execute permissions in the Protection Page Table 11. The monitoring program 9 uses the execute permissions themselves to intercept these transitions. The monitoring program 9 sets execute permissions in the Protection Page Table 11 only for the memory of the mode that is currently executing. Then, all inter-mode transitions cause protection violations, which inform the monitoring program 9 of an attempted mode change via a CPU exception.); and
 	when executed in user space corresponding to the normal privilege user, the user program is configured to generate the predetermined exception(US 20100031360, Seshadri, para. 0058, In using the Protection Page Table 11 to set protections over kernel memory, the monitoring has to consider how the kernel and user memories are mapped into address spaces. In most commodity OSes today, the kernel and user memories share the same address space. Such a shared address space configuration could enable an attacker to modify the control flow of the kernel to execute user code with kernel privilege. For example, the attacker could exploit a buffer overflow vulnerability and modify a return address stored on the kernel's stack to point to user code. To prevent these kinds of attacks, and thereby achieve property P2, the monitoring program 9 sets the Protection Page Table 11 so that user memory is not executable when the CPU executes in kernel mode. On the other hand, it is clear that user memory has to be executable when the CPU is in user mode. Then, the monitoring program 9 has to intercept all transitions between kernel and user mode to modify the user memory execute permissions in the Protection Page Table 11. The monitoring program 9 uses the execute permissions themselves to intercept these transitions. The monitoring program 9 sets execute permissions in the Protection Page Table 11 only for the memory of the mode that is currently executing. Then, all inter-mode transitions cause protection violations, which inform the monitoring program 9 of an attempted mode change via a CPU exception.), and the exception handling program is configured to read data from the secure partition and deliver the data after processing to the user program(US 20100031360, Seshadri, para. 0133, To deal with the synchronization issue, it is observed that the shadow copies of these tables only need to control execution in user mode 70 because property P1 deals with transition from user mode 70 to kernel mode 72. In other words, during kernel mode 72 execution the CPU 2 can use the kernel's GDT, LDT, and IDT[i.e. data in kernel partition]. This observation enables two simplifications. One, a lazy synchronization scheme can be implemented to maintain shadow copies of the GDT, LDT, and IDT. This lazy synchronization scheme only synchronizes the shadow tables when the CPU transitions from kernel 72 to user 70 mode. Because all legitimate modifications to these tables can only occur in kernel mode 72, the lazy synchronization allows the monitoring program 9 to batch all its updates to the shadow copies. As part of the synchronization, the monitoring program 9 checks that all entry pointers in the shadow GDT, LDT, and IDT contain virtual addresses of approved kernel code 34. Two, the monitoring program 9 does not need to intercept writes to the gdtr, ldtr, and idtr. Because the shadow tables need to be in control of execution only in user mode 70, the monitoring program 9 can set these registers to point to the shadow copies as part of the kernel mode 72 to user mode transition[i.e. the monitoring program can facilitate providing shadow table data to user programs executed in user mode]. This it does by changing the corresponding values in the VMCB as part of handling a kernel 72 to user 70 mode transition. Any attempt by the user programs to modify any of these registers will result in the CPU causing an exception. Because the corresponding entry pointer is pointing to approved kernel code 34, this exception will cause approved kernel code 34 to be invoked, satisfying property P1)
 	Seshardi does not teach the predetermined exception is configured to trigger execution of the exception handling program in the kernel space 	However, Olukotun teaches the predetermined exception is configured to trigger execution of the exception handling program in the kernel space (US 20050044319, Olukotun, para. 0033, The processor is configured to handle excepting instructions. Here, the instructions in the pipeline are flushed to NOPs, the Exception Program Counter (EPC) is set to point the excepting instruction, the Program Counter (PC) of the thread is set to start fetching the exception handler, and the processor status register is adjusted so that the thread is running in kernel mode.).  	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Seshardi with the teaching of Olukotun because a user would have been motivated to apply special kernel instructions, taught by Olukotun, in order to improve the operational efficiency of the operating system, taught by Seshardi, by using a dedicated processor thread to minimize the kernel latency by guaranteeing a worst-case latency(Olukotun, para. 0036) 

 	In regards to claim 24, Seshardi teaches a non-transitory computer-readable medium, comprising multiple instructions, the multiple instructions forming an operating system, user program, and exception handling program(US 20100031360, Seshadri, para. 0126, Next is a description of how the monitoring program 9[i.e. exception handling program] achieves properties P1 and P3 on the x86 architecture. Property P3 requires that all kernel mode 72 exits set the privilege level of the CPU 2 to that of user mode 70. In the case of the Linux OS executing on a x86 CPU, user programs execute in Ring 3 (See FIG. 6).), the instructions the operating system, user program, and exception handling program implement the following operations when executed by a processor: 
Attorney Docket No. ALIBP43530PATENTassociating a predetermined exception with the exception handling program in the operating system(US 20100031360, Seshadri, para. 0060, On each entry to kernel mode, the monitoring program 9 sets execute permissions in the Protection Page Table so that only approved code will be executable. Then, the CPU 2 will generate an exception on every attempt to execute unapproved code in kernel mode. When the monitoring program 9[i.e. exception handling program] receives such an exception, it terminates the kernel. The monitoring program 9 also marks the approved code pages read-only in the Protection Page Table. This prevents any code executing on the CPU (except the monitoring program 9) from modifying approved code pages, thereby satisfying part of property P4. From FIG. 3 it can be seen that, in kernel mode, the pages of kernel memory will be either writable or executable, but never both. This type of memory protection is generally referred to as W exclusive-or X protection.) having at least two types of users, wherein the at least two types of users comprising the normal privilege user and the highest privilege user(US 20100031360, Seshadri, para. 0044 and 0045: [0044]- A second issue is how to ensure the integrity of kernel code. The monitoring program 9 addresses this issue by ensuring that, when executing at the privilege level of the kernel (hereafter called the kernel mode), the CPU 2 refuses to execute any code that is not approved by the user. In the interest of simplicity, henceforth, the monitoring program 9 will be referred to as approving the kernel code, with the understanding that the monitoring program 9 uses the user supplied policy for code approval. The monitoring program 9 does not prevent code from being added to the kernel; only that the CPU 2 will refuse to execute unapproved code. For example, the attacker could exploit a kernel-level buffer overflow vulnerability to inject code into the kernel's data segment. But the CPU 2 will not execute the injected code because it is not approved by the monitoring program 9. An additional requirement is that the monitoring program's 9 approved code should not be modifiable by any entity on the system other than those in the monitoring program's TCB 16 and the monitoring program 9 itself. To implement these requirements, the monitoring program 9 needs to inform the CPU 2 which code is approved for execution in kernel mode and also protect the approved code from modification. The CPU-based protections provide a natural way to address these. The monitoring program 9 sets the CPU-based protections over kernel memory to ensure that only code approved by the monitoring program 9 is executable in kernel mode and that the approved code can only be modified by the monitoring program 9 or its TCB 16. 

[0045]- All CPUs support at least one other privilege level (other than the kernel mode and VMM privilege level), called user mode, at which user programs execute. Given that a CPU will switch between user and kernel mode execution via control transfers, the monitoring program 9 needs to prevent the attacker from modifying the expected control flow of these control transfers to execute arbitrary code with kernel privilege. This requires two checks. First, the monitoring program 9 needs to ensure that the targets of all control transfers that switch the CPU to kernel mode lie within approved code. Without this, the attacker could execute arbitrary code with kernel privilege by modifying the targets of control transfers that enter kernel mode. Second, the control transfers that exit kernel mode to enter user mode modify the privilege level of the CPU to that of user mode. Otherwise, the attacker could execute user programs with kernel privilege. [note: where a user {i.e. highest privileged user} controls programs operating in kernel mode and an attacker{i.e. normal privilege user} may operate in user mode]); 
restricting a user program to execution by the normal privilege user, wherein a highest privilege user is not permitted to execute the user program; and 
designating a secure partition of an address space of memory and restricting the secure partition to be accessible by a 5highest privilege user(US 20100031360, Seshadri, fig. 3 and para. 0058: In using the Protection Page Table 11 to set protections over kernel memory, the monitoring has to consider how the kernel and user memories are mapped into address spaces. In most commodity OSes today, the kernel and user memories share the same address spaces. Such a shared address spaces configuration could enable an attacker to modify the control flow of the kernel to execute user code with kernel privilege. For example, the attacker could exploit a buffer overflow vulnerability and modify a return address stored on the kernel's stack to point to user code. To prevent these kinds of attacks, and thereby achieve property P2, the monitoring program 9 sets the Protection Page Table 11 so that user memory is not executable when the CPU executes in kernel mode. On the other hand, it is clear that user memory has to be executable when the CPU is in user mode. Then, the monitoring program 9 has to intercept all transitions between kernel and user mode to modify the user memory execute permissions in the Protection Page Table 11. The monitoring program 9 uses the execute permissions themselves to intercept these transitions. The monitoring program 9 sets execute permissions in the Protection Page Table 11 only for the memory of the mode that is currently executing. Then, all inter-mode transitions cause protection violations, which inform the monitoring program 9 of an attempted mode change via a CPU exception.);
 wherein: when executed in user space corresponding to the normal privilege user, the user program generates the predetermined exception(US 20100031360, Seshadri, para. 0058, In using the Protection Page Table 11 to set protections over kernel memory, the monitoring has to consider how the kernel and user memories are mapped into address spaces. In most commodity OSes today, the kernel and user memories share the same address space. Such a shared address space configuration could enable an attacker to modify the control flow of the kernel to execute user code with kernel privilege. For example, the attacker could exploit a buffer overflow vulnerability and modify a return address stored on the kernel's stack to point to user code. To prevent these kinds of attacks, and thereby achieve property P2, the monitoring program 9 sets the Protection Page Table 11 so that user memory is not executable when the CPU executes in kernel mode. On the other hand, it is clear that user memory has to be executable when the CPU is in user mode. Then, the monitoring program 9 has to intercept all transitions between kernel and user mode to modify the user memory execute permissions in the Protection Page Table 11. The monitoring program 9 uses the execute permissions themselves to intercept these transitions. The monitoring program 9 sets execute permissions in the Protection Page Table 11 only for the memory of the mode that is currently executing. Then, all inter-mode transitions cause protection violations, which inform the monitoring program 9 of an attempted mode change via a CPU exception.); the exception handling program is configured to read data from the secure partition and deliver the data after processing 10to the user program(US 20100031360, Seshadri, para. 0133, To deal with the synchronization issue, it is observed that the shadow copies of these tables only need to control execution in user mode 70 because property P1 deals with transition from user mode 70 to kernel mode 72. In other words, during kernel mode 72 execution the CPU 2 can use the kernel's GDT, LDT, and IDT[i.e. data in kernel partition]. This observation enables two simplifications. One, a lazy synchronization scheme can be implemented to maintain shadow copies of the GDT, LDT, and IDT. This lazy synchronization scheme only synchronizes the shadow tables when the CPU transitions from kernel 72 to user 70 mode. Because all legitimate modifications to these tables can only occur in kernel mode 72, the lazy synchronization allows the monitoring program 9 to batch all its updates to the shadow copies. As part of the synchronization, the monitoring program 9 checks that all entry pointers in the shadow GDT, LDT, and IDT contain virtual addresses of approved kernel code 34. Two, the monitoring program 9 does not need to intercept writes to the gdtr, ldtr, and idtr. Because the shadow tables need to be in control of execution only in user mode 70, the monitoring program 9 can set these registers to point to the shadow copies as part of the kernel mode 72 to user mode transition[i.e. the monitoring program can facilitate providing shadow table data to user programs executed in user mode]. This it does by changing the corresponding values in the VMCB as part of handling a kernel 72 to user 70 mode transition. Any attempt by the user programs to modify any of these registers will result in the CPU causing an exception. Because the corresponding entry pointer is pointing to approved kernel code 34, this exception will cause approved kernel code 34 to be invoked, satisfying property P1);the user program is stored in a user space of the address space(US 20100031360, Seshadri, para. 0126, Next is a description of how the monitoring program 9 achieves properties P1 and P3 on the x86 architecture. Property P3 requires that all kernel mode 72 exits set the privilege level of the CPU 2 to that of user mode 70. In the case of the Linux OS executing on a x86 CPU, user programs execute in Ring 3 (See FIG. 6).); and a normal privilege user permission set is more restrictive with respect to the secure partition than a highest privilege user permission set(US 20100031360, Seshadri, para. 0007, Another aspect of the present disclosure is directed to a method of protecting a computer which operates in a user mode[i.e. normal privilege user] and a higher privilege operating system mode[i.e. kernel mode- highest privilege user permission], the method comprising requiring that all entries into the higher privilege operating system mode begin with the execution of approved operating system instructions, executing only approved operating system instructions while in the higher privilege operating system mode[i.e. less restrictive with respect to higher permission users/more restrictive to normal privilege users], switching to user mode before running non-approved instructions, and preventing unauthorized modification of approved instructions.) 	Seshardi does not teach the predetermined exception triggers execution of the exception handling program in kernel space 	However, Olukotun teaches the predetermined exception triggers execution of the exception handling program in kernel space (US 20050044319, Olukotun, para. 0033, The processor is configured to handle excepting instructions. Here, the instructions in the pipeline are flushed to NOPs, the Exception Program Counter (EPC) is set to point the excepting instruction, the Program Counter (PC) of the thread is set to start fetching the exception handler, and the processor status register is adjusted so that the thread is running in kernel mode.). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Seshardi with the teaching of Olukotun because a user would have been motivated to apply special kernel instructions, taught by Olukotun, in order to improve the operational efficiency of the operating system, taught by Seshardi, by using a dedicated processor thread to minimize the kernel latency by guaranteeing a worst-case latency(Olukotun, para. 0036)

2.) Claims 2-6 and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over US 20100031360, Seshadri in view of US 20050044319, Olukotun and further in view of US 20080320333, Watson

 	In regards to claim 2, the combination of Seshardi and Olukotun teach the method of claim 1. The combination of Seshardi and Olukotun do not teach wherein the user program is configured to generate the predetermined exception by invoking a system service program 	However, Watson teaches wherein the user program is configured to generate the predetermined exception by invoking a system service program(see US 20080320333, Watson, para. 0030, where an exception handler is invoked[i.e. exception generated] when an attempt to write to a read-only memory is performed) .  	 It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Seshardi and Olukotun with the teaching of Watson because a user would have been motivated to improve the operational performance of the computing system taught by the combination of Seshardi and Olukotun by utilizing the debugging methods taught by Watson in order identify and repair causes of system crashes and to create a more stable execution environment(see Watson, para. 0004)

 	In regards to claim is3, the combination of Seshardi, Olukotun, and Watson teach the method of claim 2, wherein the system service program is configured to generate the predetermined exception in response to performing a write operation on a read-only storage area(see US 20080320333, Watson, para. 0030, where an exception handler is invoked[i.e. exception generated] when an attempt to write to a read-only memory is performed).  	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Seshardi and Olukotun with the teaching of Watson because a user would have been motivated to improve the operational performance of the computing system taught by the combination of Seshardi and Olukotun by utilizing the debugging methods taught by Watson in order identify and repair causes of system crashes and to create a more stable execution environment(see Watson, para. 0004) 

 	In regards to claim 4, the combination of Seshardi, Olukotun, and Watson teach the method of claim 3, wherein the system service program is configured to generate the predetermined exception in response to an access to a read-only storage area that is restricted to be accessible by the highest privilege user(see US 20080320333, Watson, para. 0030 and 0033, where an exception handler is invoked[i.e. exception generated] when an attempt to write to a read-only memory is performed, wherein a system crash may occur due to insufficient access privileges).   	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Seshardi and Olukotun with the teaching of Watson because a user would have been motivated to improve the operational performance of the computing system taught by the combination of Seshardi and Olukotun by utilizing the debugging methods taught by Watson in order identify and repair causes of system crashes and to create a more stable execution environment(see Watson, para. 0004)

 	In regards to claim 205, the combination of Seshardi, Olukotun, and Watson teach the method of claim 3, wherein the read-only storage area is the secure partition(US 20100031360, Seshadri, para. 0060, On each entry to kernel mode, the monitoring program 9 sets execute permissions in the Protection Page Table so that only approved code will be executable. Then, the CPU 2 will generate an exception on every attempt to execute unapproved code in kernel mode. When the monitoring program 9 receives such an exception, it terminates the kernel. The monitoring program 9 also marks the approved code pages read-only in the Protection Page Table. This prevents any code executing on the CPU (except the monitoring program 9) from modifying approved code pages, thereby satisfying part of property P4. From FIG. 3 it can be seen that, in kernel mode, the pages of kernel memory will be either writable or executable, but never both. This type of memory protection is generally referred to as W exclusive-or X protection.).   	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Seshardi and Olukotun with the teaching of Watson because a user would have been motivated to improve the operational performance of the computing system taught by the combination of Seshardi and Olukotun by utilizing the debugging methods taught by Watson in order identify and repair causes of system crashes and to create a more stable execution environment(see Watson, para. 0004)

 	In regards to claim 6, the combination of Seshardi, Olukotun, and Watson teach the method of claim 4, wherein the read-only storage area is the secure partition(US 20100031360, Seshadri, para. 0060, On each entry to kernel mode, the monitoring program 9 sets execute permissions in the Protection Page Table so that only approved code will be executable. Then, the CPU 2 will generate an exception on every attempt to execute unapproved code in kernel mode. When the monitoring program 9 receives such an exception, it terminates the kernel. The monitoring program 9 also marks the approved code pages read-only in the Protection Page Table. This prevents any code executing on the CPU (except the monitoring program 9) from modifying approved code pages, thereby satisfying part of property P4. From FIG. 3 it can be seen that, in kernel mode, the pages of kernel memory will be either writable or executable, but never both. This type of memory protection is generally referred to as W exclusive-or X protection.).   	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Seshardi and Olukotun with the teaching of Watson because a user would have been motivated to improve the operational performance of the computing system taught by the combination of Seshardi and Olukotun by utilizing the debugging methods taught by Watson in order identify and repair causes of system crashes and to create a more stable execution environment(see Watson, para. 0004)

 	In regards to claim 16, the combination of Seshardi and Olukotun teach the system of claim 15. The combination of Seshardi and Olukotun do not teach wherein the user program is configured to generate the predetermined exception by invoking a system service program 	However, Watson teaches wherein the user program is configured to generate the predetermined exception by invoking a system service program (see US 20080320333, Watson, para. 0030, where an exception handler is invoked[i.e. exception generated] when an attempt to write to a read-only memory is performed).  	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Seshardi and Olukotun with the teaching of Watson because a user would have been motivated to improve the operational performance of the computing system taught by the combination of Seshardi and Olukotun by utilizing the debugging methods taught by Watson in order identify and repair causes of system crashes and to create a more stable execution environment(see Watson, para. 0004) 
 	In regards to claim 17, the combination of Seshardi, Olukotun, and Watson teach the system of claim 16, wherein the system service program is configured to generate the predetermined exception when performing a write operation on a read-only storage area(see US 20080320333, Watson, para. 0030, where an exception handler is invoked[i.e. exception generated] when an attempt to write to a read-only memory is performed).  	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Seshardi and Olukotun with the teaching of Watson because a user would have been motivated to improve the operational performance of the computing system taught by the combination of Seshardi and Olukotun by utilizing the debugging methods taught by Watson in order identify and repair causes of system crashes and to create a more stable execution environment(see Watson, para. 0004) 

 	In regards to claim 18, the combination of Seshardi, Olukotun, and Watson teach the system of claim 16, wherein the system service program is configured to generate the predetermined exception in response to an access to a read-only storage area that is restricted to is be accessible by the highest privilege user(see US 20080320333, Watson, para. 0030 and 0033, where an exception handler is invoked[i.e. exception generated] when an attempt to write to a read-only memory is performed, wherein a system crash may occur due to insufficient access privileges).   	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Seshardi and Olukotun with the teaching of Watson because a user would have been motivated to improve the operational performance of the computing system taught by the combination of Seshardi and Olukotun by utilizing the debugging methods taught by Watson in order identify and repair causes of system crashes and to create a more stable execution environment(see Watson, para. 0004)

 	In regards to claim 19, the combination of Seshardi, Olukotun, and Watson teach the system of claim 17, wherein the read-only storage area is the secure partition(US 20100031360, Seshadri, para. 0060, On each entry to kernel mode, the monitoring program 9 sets execute permissions in the Protection Page Table so that only approved code will be executable. Then, the CPU 2 will generate an exception on every attempt to execute unapproved code in kernel mode. When the monitoring program 9 receives such an exception, it terminates the kernel. The monitoring program 9 also marks the approved code pages read-only in the Protection Page Table. This prevents any code executing on the CPU (except the monitoring program 9) from modifying approved code pages, thereby satisfying part of property P4. From FIG. 3 it can be seen that, in kernel mode, the pages of kernel memory will be either writable or executable, but never both. This type of memory protection is generally referred to as W exclusive-or X protection.).  	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Seshardi and Olukotun with the teaching of Watson because a user would have been motivated to improve the operational performance of the computing system taught by the combination of Seshardi and Olukotun by utilizing the debugging methods taught by Watson in order identify and repair causes of system crashes and to create a more stable execution environment(see Watson, para. 0004) 

 	In regards to claim 20, the combination of Seshardi, Olukotun, and Watson teach the system of claim 18, wherein the read-only storage area is the secure partition(US 20100031360, Seshadri, para. 0060, On each entry to kernel mode, the monitoring program 9 sets execute permissions in the Protection Page Table so that only approved code will be executable. Then, the CPU 2 will generate an exception on every attempt to execute unapproved code in kernel mode. When the monitoring program 9 receives such an exception, it terminates the kernel. The monitoring program 9 also marks the approved code pages read-only in the Protection Page Table. This prevents any code executing on the CPU (except the monitoring program 9) from modifying approved code pages, thereby satisfying part of property P4. From FIG. 3 it can be seen that, in kernel mode, the pages of kernel memory will be either writable or executable, but never both. This type of memory protection is generally referred to as W exclusive-or X protection.). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Seshardi and Olukotun with the teaching of Watson because a user would have been motivated to improve the operational performance of the computing system taught by the combination of Seshardi and Olukotun by utilizing the debugging methods taught by Watson in order identify and repair causes of system crashes and to create a more stable execution environment(see Watson, para. 0004)  


3.) Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over US 20100031360, Seshadri in view of US 20050044319, Olukotun and further in view of US 20080301402, Alapati

 	In regards to claim 7, the combination of Seshardi and Olukotun teach the method of claim 1. The combination of Seshardi and Olukotun do not teach wherein the associating the predetermined exception with the exception handling program in the operating system comprises: copying the exception handling program into an exception/interrupt vector of the 25operating system during the boot-up of the operating system 	However, Alapati teaches wherein the associating the predetermined exception with the exception handling program in the operating system comprises: copying the exception handling program into an exception/interrupt vector of the 25operating system during the boot-up of the operating system (see US 20080301402, Alapati, para. 0010, where the interrupt handlers are copied to the interrupt vector memory location).   	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Seshardi and Olukotun with the teaching of Alapati because a user would have been motivated to improve the data processing of the system taught by the combination of Seshardi and Olukotun by stealing the interrupt vectors from the Operating System in order to gain access to all system resources for the purposing of allowing tests to be performed and improvements made to the system taught by the combination of Seshardi and Olukotun(see Alapati, para. 0009)

4.) Claims 8 and 9 are rejected under 35 U.S.C. 103 as being unpatentable over US 20100031360, Seshadri in view of US 20050044319, Olukotun and further in view of US 20080301402, Alapati and further in view of US 20060294341, Plondke

 	In regards to claim 8, the combination of Seshardi, Olukotun, and Alapati teach the method of claim 7. The combination of Seshardi, Olukotun, and Alapati do not teach wherein the predetermined exception triggers execution of the exception handling program in the kernel space comprises: in the kernel space, the operating system being configured to respond to the Attorney Docket No. ALIBP43528PATENTpredetermined exception, obtain return address after processing the predetermined exception, save status information, and execute the exception handling program based on the predetermined exception 	However, Plondke teaches wherein the predetermined exception triggers execution of the exception handling program in the kernel space comprises: in the kernel space, the operating system being configured to respond to the Attorney Docket No. ALIBP43528PATENTpredetermined exception, obtain return address after processing the predetermined exception, save status information, and execute the exception handling program based on the predetermined exception (see US 20060294341, Plondke, para. 0020, where an exception occurs return address is saved, status information is saved and an exception handler is called). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Seshardi and Olukotun with the teaching of Plondke because a user would have been motivated by methods of debugging the system taught by the combination of Seshardi and Olukotun by utilizing a translation look-aside buffer, taught by Plondke, in order to facilitate remedial actions to correct a system’s unexpected interrupts and exceptions(see Plondke, para. 0005)  

 	In regards to claim 9, the combination of Seshardi, Olukotun, Alapati, and Plondke teach The method of claim 8, further comprising: 
returning to the user program according to the return address(see US 20060294341, Plondke, fig. 2, step 82, where the execution returns to the return address).  	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Seshardi and Olukotun with the teaching of Plondke because a user would have been motivated by methods of debugging the system taught by the combination of Seshardi and Olukotun by utilizing a translation look-aside buffer, taught by Plondke, in order to facilitate remedial actions to correct a system’s unexpected interrupts and exceptions(see Plondke, para. 0005) 
5.) Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over US 20100031360, Seshadri in view of US 20050044319, Olukotun and further in view of US 20180121665, Anderson

 	In regards to claim 10, the combination of Seshardi and McGarth teach the method of claim 1. The combination of Seshardi and McGarth do not teach wherein the exception handling program is configured to write the data after processing the data into a data file and grant the normal privilege user read permission to the data file 	However, Anders teaches wherein the exception handling program is configured to write the data after processing the data into a data file and grant the normal privilege user read permission to the data file(see US 20180121665, Anderson, para. 0022, where a user has read/write access privilege to a file via an application). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Seshardi and Olukotun with the teaching of Anderson because a user would have been motivated to enhance the system security for the system taught by the combination of Seshardi and Olukotun by applying a mechanism to analyze elevated authority usage, taught by Anderson, in order to minimize the risk caused by applications having excessive permissions(see Anderson, para. 0003) 

 
6.) Claims 11 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over US 20100031360, Seshadri in view of US 20050044319, Olukotun and further in view of US 6769076, Moyer

 	In regards to claim 11, the combination of Seshardi and McGarth teach the method of claim 1. The combination of Seshardi and McGarth do not teach further comprising: 
receiving a debug command; 
comparing a debug address designated by the debug command and an access address associated with the secure partition; and 
filtering out the debug command if the debug address matches the access address 	However, Moyer teaches further comprising: 
receiving a debug command (see US 6769076, Moyer, col. 6, lines 35-42, where a debug interface asserts UPDATE DATA instruction); 
comparing a debug address designated by the debug command and an access address associated with the secure partition(see US 6769076, Moyer, col. 7, lines 10-19, where a data trace enables a debug to compare retrieved address from a debug addr with any defined address used for read/write[e.g. access addresses]); and 
filtering out the debug command if the debug address matches the access address(see US 6769076, Moyer, col. 7, lines 10-19, if a match is found, then the debug asserts the UPDATE DATA signal).   	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Seshardi and Olukotun with the teaching of Moyer because a user would have been motivated to improve the operational performance of the computing system taught by the combination of Seshardi and Olukotun by utilizing the debugging methods taught by Moyer in order identify and repair causes of system errors and to create a more stable execution environment(see Moyer, col. 1, lines 13-32)  

 	In regards to claim 21, the combination of Seshardi and McGarth teach the system of claim 15. The combination of Seshardi and McGarth do not teach wherein it further comprises: 
a debug control and management module that is configured to compare a debug address designated by a received debug command to an access address associated with the secure partition and filter out the received debug command if the debug address matches the access address 	However, Moyer teaches wherein it further comprises: 
a debug control and management module that is configured to compare a debug address designated by a received debug command to an access address associated with the secure partition(see US 6769076, Moyer, col. 7, lines 10-19, where a data trace enables a debug to compare retrieved address from a debug addr with any defined address used for read/write[e.g. access addresses]) and filter out the received debug command if the debug address matches the access address(see US 6769076, Moyer, col. 7, lines 10-19, if a match is found, then the debug asserts the UPDATE DATA signal).   	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Seshardi and Olukotun with the teaching of Moyer because a user would have been motivated to improve the operational performance of the computing system taught by the combination of Seshardi and Olukotun by utilizing the debugging methods taught by Moyer in order identify and repair causes of system errors and to create a more stable execution environment(see Moyer, col. 1, lines 13-32)

7.) Claims 12, 22 and 23 are rejected under 35 U.S.C. 103 as being unpatentable over US 20100031360, Seshadri in view of US 20050044319, Olukotun and further in view of US 6769076, Moyer and further in view of US 20120079458, Williams

 	In regards to claim 12, the combination of Seshardi, Olukotun, and Moyer teach the method of claim 11. The combination of Seshardi, Olukotun, and Moyer do not teach further comprising: 
if either the debug address or the access is address is a virtual address and the other is a physical address, converting both to either virtual addresses or physical addresses based on a translation table 	However, Williams teaches further comprising: 
if either the debug address or the access is address is a virtual address and the other is a physical address, converting both to either virtual addresses or physical addresses based on a translation table(see US 20120079458, Williams, para. 0066, where a translation table is used to convert a virtual address to a physical address).   	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Seshardi, Olukotun, and Moyer with the teaching of Williams because a user would have been motivated to improve the operational performance of the computing system taught by the combination of Seshardi, Olukotun, and Moyer by utilizing the debugging methods taught by Williams in order to debug software and diagnose design defects(see Williams, para. 0006)

 	In regards to claim 22, the combination of Seshardi, Olukotun, and Moyer teach the system of claim 21. The combination of Seshardi, Olukotun, and Moyer do not teach further comprising: 
a identifier bit setting unit configured to configure a identifier bit, wherein the identifier bit represents whether to perform debugging control 	However, Williams teaches further comprising: 
a identifier bit setting unit configured to configure a identifier bit, wherein the identifier bit represents whether to perform debugging control(see US 20120079458, Williams, para. 0023, where a bit may be used to determine a debug mode or a non-debug mode).  	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Seshardi, Olukotun, and Moyer with the teaching of Williams because a user would have been motivated to improve the operational performance of the computing system taught by the combination of Seshardi, Olukotun, and Moyer by utilizing the debugging methods taught by Williams in order to debug software and diagnose design defects(see Williams, para. 0006) 

 	In regards to claim 23, the combination of Seshardi, Olukotun, Moyer, and Williams teach The system of claim 22, wherein the identifier bit is stored in the secure partition(see US 20120079458, Williams, para. 0019 and 0023, where a dedicated target register stores a debug privilege level switching information, wherein the debug privilege level switching includes bit set information).   	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Seshardi, Olukotun, and Moyer with the teaching of Williams because a user would have been motivated to improve the operational performance of the computing system taught by the combination of Seshardi, Olukotun, and Moyer by utilizing the debugging methods taught by Williams in order to debug software and diagnose design defects(see Williams, para. 0006)

8.) Claims 13 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over US 20100031360, Seshadri in view of US 20050044319, Olukotun and further in view of US 20180121665, Anderson and further in view of US 20120079458, Williams

 	In regards to claim 13, the combination of Seshardi, Olukotun, and Anderson teach the method of claim 10. The combination of Seshardi, Olukotun, and Anderson do not teach further comprising: configuring an identifier bit, wherein the identifier bit represents whether to perform debugging control 	However, Williams teaches further comprising: configuring an identifier bit, wherein the identifier bit represents whether to perform debugging control (see US 20120079458, Williams, para. 0023, where a bit may be used to determine a debug mode or a non-debug mode).   	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Seshardi, Olukotun, and Anderson with the teaching of Williams because a user would have been motivated to improve the operational performance of the computing system taught by the combination of Seshardi, Olukotun, and Anderson by utilizing the debugging methods taught by Williams in order to debug software and diagnose design defects(see Williams, para. 0006)

 	In regards to claim 14, the combination of Seshardi, Olukotun, Anderson, and Williams teach The method of claim 13, wherein the identifier bit is stored in the secure partition(see US 20120079458, Williams, para. 0019 and 0023, where a dedicated target register stores a debug privilege level switching information, wherein the debug privilege level switching includes bit set information).   	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Seshardi, Olukotun, and Anderson with the teaching of Williams because a user would have been motivated to improve the operational performance of the computing system taught by the combination of Seshardi, Olukotun, and Anderson by utilizing the debugging methods taught by Williams in order to debug software and diagnose design defects(see Williams, para. 0006)


CONCLUSION

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREGORY LANE whose telephone number is (571)270-7469.  The examiner can normally be reached on 571 270 7469 from 8:00 AM to 6:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Taghi Arani, can be reached on 571 272 3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/GREGORY A LANE/ Examiner, Art Unit 2438


/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434