DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claim 20 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
Regarding claim 20, the claim recites a “computer program product,” which in the broadest reasonable interpretation (BRI), is deemed as software per se.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 7, 13, 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over PAEK et al. (U.S. PGPub. 2019/0065737), hereinafter Paek, in view of Fisher et al. (U.S. PGPub. 2020/0125282), hereinafter Fisher.
Regarding claim 1, Paek teaches A kernel protection method (Paek, Paragraph [0126], see “…LMBench for kernel and synthetic benchmark for application when security application operates”), wherein the method comprises:
working in a first privilege (Paek, Figure 2, see “OUTER DOMAIN”, which is being read as working in a first privilege), and detecting a page table modification command (Paek, Paragraph [0084], see “…it instruments the outer domain code to route all page table modification operations to the inner domain”, which is being read as detecting a page table modification command in a first privilege), (Paek, Paragraph [0084], see “…The intra-level domain isolation unit 110 initially configures page tables as read-only to prevent the outer domain from modifying them…it instruments the outer domain code to route all page table modification operations to the inner domain…the inner domain can modify the contents of the page tables through section shadow mapping”), and the target page table is a kernel-related page table (Paek, Paragraph [0063], see “…two TTBR registers, i.e., TTBR0_EL1 and TTBR1_EL1 to simultaneously indicate the user space and the kernel space”, where the target page table is a kernel-related page table (indicated by the kernel space));
switching from the first privilege to a second privilege, and determining, under the second privilege, whether to modify the target page table based on the page table modification command (Paek, Paragraph [0084], “…The intra-level domain isolation unit 110 initially configures page tables as read-only to prevent the outer domain from modifying them…it instruments the outer domain code to route all page table modification operations to the inner domain…the inner domain can modify the contents of the page tables through section shadow mapping”, where “inner domain” is being read as switching to a second privilege, where the inner domain determines whether to modify the target page table based on the command), wherein a permission of the second privilege is higher than that of the first privilege (Paek, Paragraph [0047], see “…the inner domain becomes more privileged than the outer domain”, where “inner domain” is being read as the second privilege and “outer domain” is being read as the first privilege); and
modifying the access permission data in the target page table if determining to modify the target page table (Paek, Paragraph [0084], see “…The inner domain may checks the constraints and performs those operations for the outer domain…the inner domain can modify the contents of the page tables through section shadow mapping”, which is being read as modifying the access permission data in the target page table if determining to modify the target page table).
Paek does not teach the following limitation(s) as taught by Fisher: wherein the first privilege comprises a kernel privilege (Fisher, Paragraph [0078], see “…Virtualized environments also often have their own kernel which runs at a lower privilege than the primary system kernel, or have limited direct access to the primary system kernel”, which is analogous to the first privilege (lower privilege) comprising a kernel privilege).
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Paek, by implementing techniques of the first privilege comprising a kernel privilege, disclosed of Fisher.
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for kernel protection, comprising of the first privilege comprising a kernel privilege. This allows for better security management and system efficiency by allowing the first privilege (lower privilege) to have limited access to the primary system kernel, such as read-only privileges in order to determine if the system should switch from the first privilege to the second privilege. Fisher is deemed as analogous art due to the art disclosing techniques of the first privilege comprising a kernel privilege (Fisher, Paragraph [0078]).
Regarding claims 7, 13, 18 and 20, the claims are rejected under the same reasoning as claim 1.
Claims 3-5, 9-11 and 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over Paek, in view of Fisher, in further view of KEMISETTI et al. (U.S. PGPub. 2024/0220425), hereinafter Kemisetti.
Regarding claim 3, Paek as modified by Fisher do not teach the following limitation(s) as taught
by Kemisetti: The method according to claim 1, wherein the method further comprises: creating first physical memory (Kemisetti, FIG. 3, see “SYSTEM MEMORY 308”), a first page table (Kemisetti, Paragraph [0066], see “…generating a first page table”), and a second page table under the first privilege (Kemisetti, Paragraph [0066], see “…generating a second page table”), wherein
the first page table and the second page table are stored in the first physical memory (Kemisetti, FIG. 3, see “NON-SECURE PAGE TABLE 326”, which is being read as the first page table, which is stored in the physical memory (308), and see “SECURE PAGE TABLE 324”, which is being read as the second page table, which is stored in the physical memory (308)), the first page table is a page table used for mapping the first physical memory (Kemisetti, Paragraph [0051], see “…the first page table may map a range of 64-bit virtual memory addresses to physical addresses in the secure memory 320”), and the second page table is a kernel-related page table (Kemisetti, FIG. 3, see “SECURE PAGE TABLE 324”, which is being read as the second page table (kernel-related), since it is stored in the secure memory 320).
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques disclosed of Paek and techniques disclosed of Fisher, by implementing techniques of a first and second page table, wherein the first page table is used for mapping the physical memory and the second page table is kernel-related, disclosed of Kemisetti.
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for kernel protection, comprising of a first and second page table, wherein the first page table is used for mapping the physical memory and the second page table is kernel-related. This allows for better security management by providing efficient memory management and isolation with the use of separate page tables. It allows for sparse address spaces, reducing memory overhead, while enabling rapid kernel-user address space separation. Kemisetti is deemed as analogous art due to the art disclosing techniques of a first and second page table, wherein the first page table is used for mapping the physical memory and the second page table is kernel-related (Kemisetti, FIG. 3).
Regarding claim 4, Paek as modified by Fisher and further modified by Kemisetti teaches The
method according to claim 3, wherein an access permission of the first physical memory is read-only under the first privilege (Paek, FIG. 3, see “OUTER DOMAIN VIEW”, which is being read as the first privilege, wherein an access permission is read only for the first physical memory (i.e., where the page tables are stored)).
Regarding claim 5, Paek as modified by Fisher and further modified by Kemisetti teaches The method according to claim 3, wherein the first page table does not comprise a write permission under the first privilege (Paek, FIG. 3, see “Page Table (PERMISSION: r)”, wherein the first page table does not comprise a write permission under the first privilege (OUTER DOMAIN VIEW)), and the first page table comprises the write permission under the second privilege (Paek, FIG. 3, see “Page Table (PERMISSION: rw)”, wherein the first page table comprises the write permission under the second privilege (INNER DOMAIN VIEW)).
Regarding claims 9 and 15, the claims are rejected under the same reasoning as claim 3.
Regarding claims 10 and 16, the claims are rejected under the same reasoning as claim 4.
Regarding claims 11 and 17, the claims are rejected under the same reasoning as claim 5.
Allowable Subject Matter
Claims 2, 6, 8, 12, 14 and 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODMAN ALEXANDER MAHMOUDI whose telephone number is (571)272-8747. The examiner can normally be reached on M-F 11:00am – 7:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on (571) 272-3951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/RODMAN ALEXANDER MAHMOUDI/Examiner, Art Unit 2499