MEMORY ACCESS LOCKING AND LOGGING FOR TRUSTED EXECUTION ENVIRONMENTS

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kanemura (US 2009/0083520) in view of MacDonald (US 2009/0316889). Regarding claim(s) 1, 9 and 16, Kanemura teaches: A method of controlling memory access in a non-secure processing environment, the method comprising: providing a memory locking service in a computing device, the computing device including a secure processing environment and a non-secure processing environment, [0092] The unauthorized operation prevention circuit 0105 is a circuit provided with a mechanism for preventing an unauthorized execution of the program that is executed by the CPU 0201, and preventing an unauthorized access between programs. wherein the memory locking service is executed in the secure processing environment; [0095] The unauthorized operation prevention control unit 0106 receives a request for using a memory area from the program A 0102, the program B 0103, the program C 0107, or the OS 0104, judges whether or not to permit using the requested memory area, and if it permits using, controls the unauthorized operation prevention circuit 0105 so that the requested memory area is used only in a manner specified by the request source program. wherein the computing device divides hardware and software resources into the secure processing environment and the non-secure processing environment to provide separate execution domains, and wherein the secure processing environment and the non-secure processing environment are associated with separate […] memory regions; [0095] The unauthorized operation prevention control unit 0106 receives a request for using a memory area from the program A 0102, the program B 0103, the program C 0107, or the OS 0104, judges whether or not to permit using the requested memory area, and if it permits using, controls the unauthorized operation prevention circuit 0105 so that the requested memory area is used only in a manner specified by the request source program. [0102] The hardware structure of the program protection device 0101 will be described with reference to the drawings. [0103] As shown in FIG. 2, the program protection device 0101 includes the CPU 0201, a nonvolatile memory 0203, a bus encryption circuit 0204, a key register 0205, an access restriction circuit 0207, a mode switch circuit 0208, a debugger interface 0209, the storage medium 0216, a nonvolatile memory 0221, a RAM 0202 connected to the bus encryption circuit 0204, and a protected memory 0206 connected to the access restriction circuit 0207. [0148] Next, the software structure of the program protection device 0101 will be described with reference to the drawings. [0149] As shown in FIG. 7, the programs that run on the CPU 0201 of the program protection device 0101 include the operating system (OS) 0104 containing an OS interrupt management unit 0404, the program A 0102 containing a program A interrupt management unit 0402, the program B 0103 containing a program B interrupt management unit 0403, the program C 0107 containing a program C interrupt management unit 0406, the security kernel 0401, the unauthorized operation prevention control unit 0106, and the BIOS 0405. receiving a request with the memory locking service to lock a specified memory region of the computing device, [0282] In the judgment performed in step S0600 shown in FIG. 10, which is a detail of step S0807, the unauthorized operation prevention control unit 0106 judges that the above-described process request is the data area protection setting request ("protection" in step S0600). Accordingly, the control moves to step S0602. the specified memory region being associated with the non-secure processing environment; associating the specified memory region with the secure processing environment; [0283] The unauthorized operation prevention control unit 0106 judges whether the data address included in the data area protection setting request has been registered with the security requirement management information table T0310, as the security requirement management information (step S0602). The unauthorized operation prevention control unit 0106 judges that the area at the data address is an unused area if the data address has not been registered, and judges that the area at the data address is not an unused area if the data address has been registered. identifying an access attempt to the specified memory region, the access attempt received from the non-secure processing environment; and controlling the access attempt to the specified memory region, based on a policy. [0300] The unauthorized operation prevention control unit 0106 obtains the data area sharing setting request from the shared memory on the RAM 0202, in step S0802. The unauthorized operation prevention control unit 0106 then judges whether the data address included in the data area sharing setting request has been registered with the security requirement management information table T0310, as the security requirement management information (step S0632). If it judges that the data address has been registered (YES in step S0632), the unauthorized operation prevention control unit 0106 judges whether the data area sharing setting request is authenticated (step S0633). [0301] More specifically, the judgment on the authenticity is made by judging whether the function flag included in the program management information corresponding to the program, which requests for sharing, satisfies the security requirement of the security requirement management information being the target of the judgment on the authenticity. [0302] If it judges that the data area sharing setting request is authenticated (YES in step S0633), the unauthorized operation prevention control unit 0106 updates the security requirement management information table T0310 and the data area management information table for the request source program (step S0634). [0311] If it judges that the data address has not been registered (NO in step S0632), or if it judges that the data area sharing setting request is not authenticated (NO in step S0633), the unauthorized operation prevention control unit 0106 generates a process result indicating an error. Kanemura does not explicitly teach, but MacDonald teaches hardware-enforced memory regions [0032] The protected memory segment protectively holds the content and denies unauthorized access to the content by enforcing the set of hardware-based rules. The output-protection component applies encryption to the content upon releasing the content to one or more presentation devices. It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the invention to combine the data protection in data processing system taught by Kanemura with the hardware-based protection of secure data taught by MacDonald. The motivation for doing so would have been that hardware protections are much more secure than software protections, as hardware-based rules provide a robust shielded environment to block against internal and external attacks. This is taught by MacDonald in [0037]. Regarding claim(s) 2, 10 and 17, Kanemura teaches: further comprising: receiving a subsequent request with the memory locking service to release the lock on the specified memory region; and associating the specified memory region with the non-secure processing environment. Fig. 10 and [0302] If it judges that the data area sharing setting request is authenticated (YES in step S0633), the unauthorized operation prevention control unit 0106 updates the security requirement management information table T0310 and the data area management information table for the request source program (step S0634). [0303] In updating the security requirement management information table T0310, the unauthorized operation prevention control unit 0106 writes the identifier of the program, which requests for sharing, into the sharing program identifier of the security requirement management information corresponding to the target data area. Regarding claim(s) 3, 11 and 18, Kanemura teaches: wherein the request is received with the memory locking service via an application programming interface, and wherein the application programming interface is configured to receive at least one command to lock or unlock at least one memory region. [0095] The unauthorized operation prevention control unit 0106 receives a request for using a memory area from the program A 0102, the program B 0103, the program C 0107, or the OS 0104, judges whether or not to permit using the requested memory area, and if it permits using, controls the unauthorized operation prevention circuit 0105 so that the requested memory area is used only in a manner specified by the request source program. Regarding claim(s) 4, 12 and 19, Kanemura teaches: wherein the application programming interface is accessible by an application of an operating system of the computing device, [0095] The unauthorized operation prevention control unit 0106 receives a request for using a memory area from the program A 0102, the program B 0103, the program C 0107, or the OS 0104, judges whether or not to permit using the requested memory area, and if it permits using, controls the unauthorized operation prevention circuit 0105 so that the requested memory area is used only in a manner specified by the request source program. and wherein the request is used to secure access to data at the specified memory region that is associated with the application. [0282] In the judgment performed in step S0600 shown in FIG. 10, which is a detail of step S0807, the unauthorized operation prevention control unit 0106 judges that the above-described process request is the data area protection setting request ("protection" in step S0600). Accordingly, the control moves to step S0602. [0287] Next, the unauthorized operation prevention control unit 0106 sets the updated information of the data area management information table in the unauthorized operation prevention circuit 0105 (step S0604). [0288] More specifically, the unauthorized operation prevention control unit 0106, as the setting of the updated information in the unauthorized operation prevention circuit 0105, adds a pair of the data address of the new piece of security requirement management information and the data encryption key to the data key information table 0306 of the unauthorized operation prevention circuit 0105. Regarding claim(s) 5 and 13, Kanemura teaches: wherein access to memory regions for the non-secure processing environment and the secure processing environment is controlled by hardware elements including a Security Attribution Unit and an Implementation Defined Attribution Unit. [0095] The unauthorized operation prevention control unit 0106 receives a request for using a memory area from the program A 0102, the program B 0103, the program C 0107, or the OS 0104, judges whether or not to permit using the requested memory area, and if it permits using, controls the unauthorized operation prevention circuit 0105 so that the requested memory area is used only in a manner specified by the request source program. [0102] The hardware structure of the program protection device 0101 will be described with reference to the drawings. [0103] As shown in FIG. 2, the program protection device 0101 includes the CPU 0201, a nonvolatile memory 0203, a bus encryption circuit 0204, a key register 0205, an access restriction circuit 0207, a mode switch circuit 0208, a debugger interface 0209, the storage medium 0216, a nonvolatile memory 0221, a RAM 0202 connected to the bus encryption circuit 0204, and a protected memory 0206 connected to the access restriction circuit 0207. Regarding claim(s) 6 and 14, Kanemura teaches: wherein the memory locking service is implemented as an isolated partition in the secure processing environment. Fig. 9 and [0188] The security requirement management information includes a security requirement management information identifier, a data address, a generator program identifier, a sharing program identifier, and a security requirement. The security requirement management information identifier identifies a piece of security requirement management information. [0189] The data address indicates an address area that is managed by each piece of security requirement management information. Regarding claim(s) 7, 15 and 20, Kanemura teaches: wherein the policy defines a list of permitted accesses, and wherein controlling the access attempt includes granting access to the specified memory region if the access attempt satisfies the policy, and denying access to the specified memory region if the access attempt does not satisfy the policy. [0176] The function flag indicates, with respect to the code loaded in the address area, whether or not any of the functions: file output; copy; move; special playback; and digital output are permitted. [0177] The function flag is data composed of, for example, five bits, and the functions: file output; copy; move; special playback; and digital output are assigned to the five bits, respectively. For example: if the file output function and the move function are permitted, the function flag is "10100" in binary number notation; and if only the digital output function is permitted, the function flag is "00001" in binary number notation. [0301] More specifically, the judgment on the authenticity is made by judging whether the function flag included in the program management information corresponding to the program, which requests for sharing, satisfies the security requirement of the security requirement management information being the target of the judgment on the authenticity. Regarding claim(s) 8, Kanemura teaches: further comprising: logging the access attempt to the specified memory region. [0340] Next, the program A interrupt management unit 0402 stores the argument data and the request for switching to the program B 0103, into the shared memory (step S0903). Response to Arguments Applicant’s arguments with respect to claim(s) 1, 9 and 16 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHARLES J CHOI whose telephone number is (571)270-0605. The examiner can normally be reached MON-FRI: 9AM-5PM EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ROCIO DEL MAR PEREZ-VELEZ can be reached at 571-270-5935. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /CHARLES J CHOI/Primary Examiner, Art Unit 2133