ISOLATING MEMORY WITHIN TRUSTED EXECUTION ENVIRONMENTS

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The 8/19/2025, 11/21/2025, and 1/13/2026 IDS documents have been considered by the examiner. Response to Amendment / Arguments Regarding claims rejected under 35 USC 103: Applicant’s arguments, in view of the amended claim language, have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Kaplan (US 2018/0081829 A1). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1, 3-6, 8, 11, 13-16, and 18-21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Melara (“EnclaveDom: Privilege Separation for Large-TCB Applications in Trusted Execution Environments”) in view of Kaplan (US 2018/0081829 A1). Regarding claim 1, Melara discloses: A system to isolate memory with a trusted execution environment (TEE) (TEEs such as SGX according to at least paragraph 1 of the introduction and Col. 2, paragraph 3 on page 2 of Melara), the system comprising: a processor; and a memory that stores instructions that, when executed by the processor, cause the processor to perform operations comprising: allocating, to a single hardware-enforced TEE (e.g., “EnclaveDOM, a privilege separation system… that partitions an enclave into tagged memory regions, and enforces per-region access rules” in the abstract of Melara; “P2” in 3.2 of Melara), a plurality of portions of memory comprising a first portion and a second portion; Refer to at least the abstract, Col. 1, paragraph 7-Col. 2, paragraph 2 on page 2, section 4, and section 4.2 of Melara with respect to creating different memory domains within an SGX (or other kind of TEE) enclave. the first portion corresponding to a first executable function and the second portion corresponding to a second executable function, Refer to at least the abstract, Col. 2, paragraph 2 on page 2, and P1 in section 3.2 of Melara with respect to functions. each of the first and second executable functions executing concurrently (e.g., “[m]ultiple in-enclave functions may need to operate on the same sensitive data object… enable data sharing between functions… within a single enclave” in 3.2:P3 of Melara) on a shared virtual machine (VM) within the single hardware-enforced TEE (i.e., the single enclave managed by EnclaveDom in 3.2 of Melara), Refer to at least FIG. 1 on page 3 of Melara with respect to a VMM implementation which runs virtual machines. The trusted and untrusted code run on the same process. preventing instructions executing in the first portion from accessing data stored in the second portion. Refer to at least the abstract, Col. 2, paragraph 5 on page 2, sections 3.2-4, and sections 4.2-4.3 of Melara with respect to enforcing per-region access rules for the memory domains at the granularity of individual in-enclave functions. Melara discloses tagging page tables with memory protection keys (e.g., section 2.4), but does not disclose: wherein each of the first and second executable functions have separate and isolated first and second extended page tables (EPTs), respectively, with the first and second EPTs respectively referencing the first and second portions of memory allocated to the single hardware-enforced TEE, with the first and second EPTs managed by the shared VM. and with the first and second EPTs used to translate virtual physical memory addresses of the shared VM to host physical memory addresses of the system; preventing instructions executing in the first portion from accessing data stored in the second portion further being based on use of EPT isolation and encryption key separation. However, Melara in view of Kaplan discloses: wherein each of the first and second executable functions (e.g., user processes in Kaplan) have separate and isolated first and second extended page tables (EPTs) (e.g., vShim layer page tables as in [0017] of Kaplan), respectively, with the first and second EPTs respectively referencing the first and second portions of memory allocated to the single hardware-enforced TEE (e.g., memory regions as in [0023] of Kaplan), with the first and second EPTs managed by the shared VM, and with the first and second EPTs used to translate virtual physical memory addresses of the shared VM to host physical memory addresses of the system; Refer to at least the abstract, [0017], [0024], [0028], and [0037] of Kaplan with respect to nested paging and the vShim layer maintaining separate page tables; a unique vShim layer per user process. preventing instructions executing in the first portion from accessing data stored in the second portion further being based on use of EPT isolation and encryption key separation. Refer to at least [0028] and [0033]-[0034] of Kaplan with respect to each user process being associated with a unique encryption key and vShim layer; preventing other applications from accessing memory pages such that only approved code runs in a given domain. The teachings of Kaplan likewise concern access control for memory pages, and are considered to be within the same field of endeavor and combinable as such. Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Melara to further implement the teachings of Kaplan’s vShim layer and protections for at least the purpose of improved security and privacy (i.e., access control at the granularity described in [0004] and [0033] of Kaplan for preventing unauthorized access to secure data—whether from other processes or the hypervisor). Regarding claim 3, it is rejected for substantially the same reasons as claim 1 above. Regarding claim 4, Melara-Kaplan discloses: The system of claim 1, wherein: the plurality of portions comprises a third portion; and instructions executing in the third portion are permitted to access data stored in the first portion. Refer to at least sections 3.2, 4.3, and 5.2 of Melara with respect to secure data sharing (e.g., multiple in-enclave functions may need to operate on the same sensitive data object); specifying access rules and policy. Regarding claim 5, Melara-Kaplan discloses: The system of claim 4, wherein the access of the data in the first portion is controlled at a level of granularity smaller than a page. Refer to at least sections 2.4, 4.2-4.3, and 5.4 of Melara with respect to per-page granularity for access policy; setting a page KB size. Regarding claim 6, it is rejected for substantially the same reasons as claim 1 above (i.e., enforcing access rules). Regarding claim 8, it is rejected for substantially the same reasons as claims 4 and 7 above (i.e., the citations and obviousness rationale). Regarding independent claim 11, it is substantially similar to independent claim 1 above, and is therefore likewise rejected (i.e., the citations). Regarding claims 13-15, they are substantially similar to claims 3-5 above, and are therefore likewise rejected. Regarding independent claim 16, it is substantially similar to independent claim 1 above, and is therefore likewise rejected (i.e., the citations). Regarding claims 18-21, they are substantially similar to claims 3-6 above, and are therefore likewise rejected. Claim(s) 2, 7, 9-10, 12, 17, and 22-25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Melara-Kaplan as applied to claims 1, 3-6, 8, 11, 13-16, and 18-21 above, and further in view of Yao (“Building Secure Firmware: Armoring the Foundation of the Platform”). Regarding claim 2, Melara-Kaplan does not disclose: wherein the operations further comprise: in response to a secure-arbitration mode (SEAM) function call, switching between the first EPT for the first portion to the second EPT for the second portion. Refer to at least pages 467-471 of Yao with respect to SEAM and EPTs. The teachings of Yao likewise concern memory protection within TEEs, and are considered to be within the same field of endeavor and combinable as such. Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Melara-Kaplan to further implement SEAM because the particular known technique was recognized as part of the ordinary capabilities of one skilled in the art (Secure Arbitration Mode; e.g., FIG. 13-9 in Yao). Regarding claim 7, it is rejected for substantially the same reasons as claim 2 above (i.e., the citations and obviousness rationale—e.g., FIG 13-8 and 13-9 of Yao). Regarding claim 9, Melara-Kaplan-Yao discloses: The system of claim 8, wherein a guest operating system runs in the third portion. Refer to at least FIG. 13-7 in Yao with respect to guest domains. This claim would have been obvious for substantially the same reasons as claim 2 above. Regarding claim 10, Melara-Kaplan-Yao discloses: The system of claim 9, wherein the guest operating system invokes a first function in the first portion and a second function in the second portion. Refer to at least the abstract and 3.2 of Melara with respect to multiple functions within a TEE; partitioning the memory domains and per-region access rules for the functions. Refer to at least FIG. 13-7 in Yao with respect to tagged pages within a TEE. This claim would have been obvious for substantially the same reasons as claim 2 above. Regarding claims 12, 17, and 22-25, they are rejected for substantially the same reasons as claims 2, 7, and 9-10 above. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751. The examiner can normally be reached 12PM-8PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached at (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432 /V.S/Examiner, Art Unit 2432