TECHNOLOGIES FOR TRUSTED I/O WITH A CHANNEL IDENTIFIER FILTER AND PROCESSOR-BASED CRYPTOGRAPHIC ENGINE

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION This is a Final Office action in response to communications received April 07, 2025. Claims 26, 29, 33, 38, 51, 53, 55, 58, 59, 61, 63, 66 have been amended. Therefore, claims 26-27, 29-30, 33, 35, 37-38, 51-66 are pending and addressed below. Response to Arguments Applicant’s arguments, see Pages 1-2, filed April 07, 2025, with respect to the rejection(s) of claim(s) 26-27, 29-30, 33, 37-38, 51-55, 57-63, and 65-66 under 35 USC 102(a)(1) have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of newly found prior art reference, Krishnakumar et al. (US 2017/0177293 A1). Based on claim’s amendments, the Examiner rejects claims 26-27, 29-30, 33, 37-38, 51-55, 57-63, and 65-66 with the new ground of rejections. Minor Informalities Claims 26, 51, 59 are objected to because of the following informalities: Claims 26, 51, 59, recites “DMA channel . Appropriate correction is required. Allowable Subject Matter Claims 35, 56, 64 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 26, 27, 29, 30, 33, 37, 38, 51-55, 57-63, 65, 66 are rejected under 35 U.S.C. 103 as being unpatentable over Chhabra et al. (US2015/0086012 A1, publish date 03/26/2015) in view of Krishnakumar et al. (US 2017/0177293 A1, publish date 06/22/2017). Claims 26, 51, 59: With respect to claims 26, 51, 59, Chhabra et al. discloses An apparatus/A method/At least one computer-readable storage medium ("Secure enclave" herein shall refer to a protected sequence of operations accessing a memory protected at the micro-architectural level. Encryption is used to protect the integrity of an active enclave, 0028) (Figure 1), having stored thereon instructions which, when executed, cause a computing device to perform operations/including/comprising: a memory controller (Memory controller 150 can assess CMA 180 residing on backing storage device 186 within physical address space 188. CMA 180 may comprise EPC 182 and EPC map 184. The EPC, EPC map, and various other implementation-specific data structures may be mapped to locations inside the CMA, 0031, Figure 1), and processor circuitry (processor, Figure 1) (processor, Figure 2) coupled to the memory controller (accessing a memory protected, 0028), the processor circuitry to: receive an unprivileged processor instruction (the application may invoke a kernel mode driver to store the encrypted surface encryption key in a display engine register, and to signal the display engine that a surface bitmap is ready for rendering, 0047) (The EPC is located within the physical address space of the processing system, but can only be accessed using privileged or non-privileged enclave instructions used to build and enable an enclave, enter/exit the enclave, manage EPC, and perform various other operations, 0029) with programming information (a TLB may be implemented as a table mapping virtual addresses to physical addresses, Each TLB entry may include one or more bits indicating identifying the enclave owning the memory location, 0033-0034), which is to have been generated by one or more unprivileged software components of a trusted execution environment (a security processor such as a trusted platform module (TPM) 1638, 0108), as a parameter, the programming information including a channel identifier and a channel key (The application may then encrypt the surface encryption key with a key wrapping key, 0036) (The encrypted key may be produced by the EBIND instruction based on the input BIND_STRUCT structure specified as an input parameter for the instruction: EBIND BIND_STRUCT. The BIND_STRUCT structure may comprise a target device identifier, a target security version number, a target device policy, a surface encryption key to be encrypted, and/or various other fields as schematically illustrated by FIG. 4, 0045, Figure 4); and generate wrapped programming information (an application 252 being executed within a secure enclave, 0035, Figure 2) based on the programming information in response to the unprivileged processor instruction (the application may generate a surface encryption key and then generate an output surface encrypted with the surface encryption key. The application may then encrypt the surface encryption key with a key wrapping key, The key wrapping key may be generated by the processor reset microcode, and can be written into the display engine register during the processor reset sequence execution, 0036-0037), wherein the channel key is to be encrypted using a key-wrapping key to generate an encrypted channel key (encrypt the surface encryption key with a key wrapping key, 0036-0037), wherein the wrapped programming information includes the encrypted channel key and the channel identifier (The application may then encrypt the surface encryption key with a key wrapping key, 0036) (The encrypted key may be produced by the EBIND instruction based on the input BIND_STRUCT structure specified as an input parameter for the instruction: EBIND BIND_STRUCT. The BIND_STRUCT structure may comprise a target device identifier, a target security version number, a target device policy, a surface encryption key to be encrypted, and/or various other fields as schematically illustrated by FIG. 4, 0045, Figure 4), wherein a processor reserved memory region has a plurality of ranges with the channel identifier (The EPC, EPC map, and various other implementation-specific data structures may be mapped to locations inside the CMA. When a request to access the EPC is generated, CMA may remap the request to the backing storage location containing encrypted EPC data, and retrieve the data, 0031), and wherein the processor reserved memory region is inaccessible to the one or more unprivileged software component (Any accesses to the enclave memory pages loaded into the EPC are protected from any modification by software entities outside that enclave, unauthorized parties will not be able to read or modify plain-text data belonging to enclaves that is loaded into the EPC via straight-forward hardware attacks, 0029). Chhabra et al. does not disclose DMA identifier, a processor reserved memory region has a plurality of ranges including a first range mapped to the DMA channel identifier and a second range mapped to another DMA channel identifier as claimed. However, Krishnakumar et al. teaches DMA identifier (the I/O controllers 140 and associated DMA channels are uniquely identified using identifiers called channel identifiers (CIDs). Each I/O controller 140 may assert an appropriate CID with every DMA transaction, for example as part of a transaction layer packet (TLP) prefix, to uniquely identify the source of the DMA transaction and provide liveness protections., 0024) (the cryptographic engine 136 intercepts DMA transactions tagged with the channel identifier and then encrypts and/or decrypts the DMA data using the encryption key, 0042), a processor reserved memory region has a plurality of ranges including a first range mapped to the DMA channel identifier and a second range mapped to another DMA channel identifier (includes mappings between pre-assigned channel identifiers and audio codecs 146 of the computing device 100, configured to start, by the audio controller 144, the audio session after the channel identifier is sent to the audio controller 144; and to perform, by the trusted software component, a cryptographic operation (e.g., decryption or encryption) on DMA audio data associated with the DMA channel., 0031-0032) (The channel identifier 502 uniquely identifies the I/O controller 140 and the DMA channel of the device 142 associated with a DMA transaction, 0039). Chhabra et al. and Krishnakumar et al. are analogous art because they are from the same field of endeavor of Secure enclaves. It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Krishnakumar et al. in Chhabra et al. for DMA identifier, a processor reserved memory region has a plurality of ranges including a first range mapped to the DMA channel identifier and a second range mapped to another DMA channel identifier as claimed for purposes of dynamically identify DMA channel(s) to be protected, to uniquely identify I/O controllers and associated DMA channels. (see Krishnakumar et al. 0023, 0024). Claims 27, 52, 60: With respect to claims 27, 52, 60, Chhabra et al. discloses wherein the unprivileged processor instruction comprises an EBIND instruction (a data structure providing an input parameter for the EBIND instruction, 0007, Figure 4) (a new instruction, EBIND, may implemented for encrypting a key and binding it to a policy, 0044), and wherein the unprivileged processor instruction is invoked using an unprivileged software component of the one or more unprivileged software components, and wherein the key-wrapping key is private to the processor circuitry (The application may then encrypt the surface encryption key with a key wrapping key, and write the encrypted surface encryption key into a display engine register, The key wrapping key may by generated by the processor reset microcode, and may be stored in a register within the display engine during the processor reset sequence execution. 0036-0037). Claims 29, 53, 61: With respect to claims 29, 53, 61, Chhabra et al. discloses wherein the process circuitry is further to assign, via a firmware environment, a trusted (I/O) processor reserved memory region (a security processor such as a trusted platform module (TPM) 1638, 0108) includes the processor reserved memory region associated with the channel identifier (Memory controller 150 can assess CMA 180 residing on backing storage device 186 within physical address space 188. CMA 180 may comprise EPC 182 and EPC map 184. The EPC, EPC map, and various other implementation-specific data structures may be mapped to locations inside the CMA, 0031, Figure 1). Krishnakumar et al. teaches DMA identifier (the I/O controllers 140 and associated DMA channels are uniquely identified using identifiers called channel identifiers (CIDs). Each I/O controller 140 may assert an appropriate CID with every DMA transaction, for example as part of a transaction layer packet (TLP) prefix, to uniquely identify the source of the DMA transaction and provide liveness protections., 0024) (the cryptographic engine 136 intercepts DMA transactions tagged with the channel identifier and then encrypts and/or decrypts the DMA data using the encryption key, 0042). Chhabra et al. and Krishnakumar et al. are analogous art because they are from the same field of endeavor of Secure enclaves. The motivation for combing Chhabra et al. and Krishnakumar et al. is recited in claims 26, 51, 59. Claims 30, 54, 62: With respect to claims 30, 54, 62, Chhabra et al. discloses wherein the processor circuitry is further to: store the trusted I/O processor (a security processor such as a trusted platform module (TPM) 1638, 0108) reserved memory region setting in a firmware variable in response to assignment of the trusted I/O processor reserved memory region (An active secure enclave may be divided into an encrypted portion and a decrypted portion. The encrypted portion may reside in an unprotected memory (such as main memory or disk). The decrypted portion resides in the enclave page cache (EPC) 182. The EPC is a secure storage used by the processing system to temporarily store enclave pages when they are not cryptographically protected, 0029); and integrity-protect the firmware variable with a trusted platform module of the computing device (firmware hub (flash BIOS) 128, 0072) (The flash device 1622 may provide for non-volatile storage of system software, including a basic input/output software (BIOS) as well as other firmware of the system, 0104). Claims 33, 55, 63: With respect to claims 33, 55, 63, Chhabra et al. discloses wherein the processor circuitry is further to: provide the wrapped programming information to a privileged software component of the computing device, wherein the wrapped programming information is to be provided using the unprivileged software component (the application may invoke a kernel mode driver to store the encrypted surface encryption key in a display engine register, and to signal the display engine that a surface bitmap is ready for rendering, 0047) (The EPC is located within the physical address space of the processing system, but can only be accessed using privileged or non-privileged enclave instructions used to build and enable an enclave, enter/exit the enclave, manage EPC, and perform various other operations, 0029); invoke a first privileged processor feature (the application may invoke a kernel mode driver to store the encrypted surface encryption key in a display engine register, and to signal the display engine that a surface bitmap is ready for rendering, 0047) (The EPC is located within the physical address space of the processing system, but can only be accessed using privileged or non-privileged enclave instructions used to build and enable an enclave, enter/exit the enclave, manage EPC, and perform various other operations, 0029) with the wrapped programming information as a parameter (the application may generate a surface encryption key and then generate an output surface encrypted with the surface encryption key. The application may then encrypt the surface encryption key with a key wrapping key, The key wrapping key may be generated by the processor reset microcode, and can be written into the display engine register during the processor reset sequence execution, 0036-0037), wherein the first privileged processor feature is to be invoked by the privileged software component; and program the channel identifier filter circuity with the channel identifier and the memory range of the processor reserved memory region in response to invocation of the first privileged processor feature (the display engine may decrypt the surface encryption key using the key wrapping key , Responsive to receiving an encrypted surface encryption key, a display engine may transmit the blob comprising the encrypted key to a cryptographic functional unit implemented by another system component. The cryptographic functional unit may unwrap the key and return it to the display engine, the display engine may decrypt one or more output surface bitmaps using the surface encryption key, 0048-0049), wherein the first privileged processor feature comprise an instruction of the processor (The cryptographic functional unit may unwrap the key and return it to the display engine, the display engine may decrypt one or more output surface bitmaps using the surface encryption key, 0048-0049). Krishnakumar et al. teaches DMA identifier (the I/O controllers 140 and associated DMA channels are uniquely identified using identifiers called channel identifiers (CIDs). Each I/O controller 140 may assert an appropriate CID with every DMA transaction, for example as part of a transaction layer packet (TLP) prefix, to uniquely identify the source of the DMA transaction and provide liveness protections., 0024) (the cryptographic engine 136 intercepts DMA transactions tagged with the channel identifier and then encrypts and/or decrypts the DMA data using the encryption key, 0042). Chhabra et al. and Krishnakumar et al. are analogous art because they are from the same field of endeavor of Secure enclaves. The motivation for combing Chhabra et al. and Krishnakumar et al. is recited in claims 26, 51, 59. Claims 37, 57, 65: With respect to claims 37, 57, 65, Chhabra et al. discloses wherein the processor circuitry is further to: verify the wrapped programming information, wherein to invoke the first privileged processor feature comprises to invoke the first privileged processor feature in response to verification of the wrapped programming information (The generated key may be used by the secure application to encrypt the output surface bitmap to be stored in a memory buffer accessible by the display engine, The secure application may then encrypt the RDRAND value using the key wrapping key and store the encrypted blob in a display engine register, Upon receiving the encrypted blob, the display engine may decrypt the RDRAND value. The display engine may then generate the surface encryption key by a applying the key derivation function to the RDRAND value and a locally maintained surface counter, 0061). Claims 38, 58, 66: With respect to claims 38, 58, 66, Chhabra et al. discloses wherein the processor circuity is further to: read a cryptographic response from the processor in response to invocation of the first privileged processor feature (unauthorized parties will not be able to read or modify plain-text data belonging to enclaves that is loaded into the EPC via straight-forward hardware attacks. The EPC is located within the physical address space of the processing system, but can only be accessed using privileged or non-privileged enclave instructions used to build and enable an enclave, enter/exit the enclave, manage EPC, and perform various other operations, 0029), and prevent the privileged software component from accessing the processor reserved memory region associated with the channel identifier (unauthorized parties will not be able to read or modify plain-text data belonging to enclaves that is loaded into the EPC via straight-forward hardware attacks. The EPC is located within the physical address space of the processing system, but can only be accessed using privileged or non-privileged enclave instructions used to build and enable an enclave, enter/exit the enclave, manage EPC, and perform various other operations, 0029); and wherein the privileged software component comprises a kernel mode driver of the computing device (A kernel mode driver 262, Figure 2). Krishnakumar et al. teaches DMA identifier (the I/O controllers 140 and associated DMA channels are uniquely identified using identifiers called channel identifiers (CIDs). Each I/O controller 140 may assert an appropriate CID with every DMA transaction, for example as part of a transaction layer packet (TLP) prefix, to uniquely identify the source of the DMA transaction and provide liveness protections., 0024) (the cryptographic engine 136 intercepts DMA transactions tagged with the channel identifier and then encrypts and/or decrypts the DMA data using the encryption key, 0042). Chhabra et al. and Krishnakumar et al. are analogous art because they are from the same field of endeavor of Secure enclaves. The motivation for combing Chhabra et al. and Krishnakumar et al. is recited in claims 26, 51, 59. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Helai Salehi whose telephone number is 571-270-7468. The examiner can normally be reached on Monday - Friday from 9 am to 5 pm., every other Friday off. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeff Pwu, can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). /HELAI SALEHI/ Examiner, Art Unit 2433 /JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433