Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present Final Office Action is responsive to communication received 1/30/2026
Claims 1-9 and 11-22 are pending.
Claim 10 is cancelled.
Claim interpretation U.S.C. 112(f)
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “a trusted authentication driver…for generating authentication results” in claims 1, 5, 9, 13, and 16.
“device driving module… to provide a protection rule for each of the first physical memory partitions” in claims 1, 3, 5, 9, 11, 13, and 16.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph.
Response to Arguments
Applicant’s arguments with respect to claims 1, 9, and 16 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. The examiner brings in reference De Perthuis to disclose “the memory comprises one or more first physical memory partitions configured for sensitive data and one or more second physical memory partitions configured for non- sensitive data and the device driving module is configured to provide a protection rule for each of the first physical memory partitions to limit access to the first physical memory partitions”.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 3, 6, 8, and 17-22 are rejected under 35 U.S.C. 103 as being unpatentable over by Shan et al. (US 20180157822) in view of De Perthuis et al. (US 20110078760).
Regarding claim 1,
Shan teaches A system for managing a memory, wherein :
the memory allocator is configured to receive a first memory access request for a target partition among the first physical memory partitions and obtain authentication information to generate an authentication request,
[the processor 107 acquires an authentication request provided by an application. (Shan et al., paragraph 24, processor 107 or memory allocator receiving request)]
[the processor 107 sends the acquired instruction pointer to the memory controller 109 via the memory interface 105. (Shan et al., paragraph 31)]
[the characteristic information of the application 111 is used to identify the application 111, which is, for example, at least a portion of the codes of the application 111. (Shan et al., paragraph 31)]
[The memory controller 109 may compare the characteristic information obtained using the characteristic instruction with the authentication information, so as to determine whether the authentication of the application 111 is successful. (Shan et al., paragraph 34, authenticating the characteristic instructions)]
wherein the memory allocator independently manages the first physical memory partitions
[By controlling the data buffer 106, the memory controller 109 is able to control the data interaction between the processor 107 and the memory module 103. In a memory conforming to the DDR4 standard, (Shan et al., paragraph 19, memory controller 109 manages memory module 103)]
[the processor 107 can cooperate with the memory controller 109 to complete the authentication of the application that requests access to the memory module 103. (Shan et al., paragraph 21, memory module 103 is the target memory and as managed by memory controller 109)]
The trusted authentication driver is configured to receive the authentication request, generate an authentication result based on the authentication information and external authorization information, and return the authentication result to the memory allocator;
[The memory controller 109 may compare the characteristic information obtained using the characteristic instruction with the authentication information, so as to determine whether the authentication of the application 111 is successful. (Shan et al., paragraph 34)]
[the memory controller 109 may output an authentication result to the processor 107 after the authentication result is obtained. (Shan et al., paragraph 36)]
the memory allocator is further configured to execute the first memory access request when the authentication result indicates that the authentication succeeds,
[ the processor 107 may decide whether to allow or restrict subsequent access of the application 111 to the memory 101 based on the authentication result, i.e. whether subsequent instructions of the application 111 stored in the memory 101 can be executed. (Shan et al., paragraph 36)]
and reject the first memory access request when the authentication result indicates that the authentication fails.
[the processor 107 may decide whether to allow or restrict subsequent access of the application 111 to the memory 101 based on the authentication result, i.e. whether subsequent instructions of the application 111 stored in the memory 101 can be executed. (Shan et al., paragraph 36)]
Shan fails to explicitly disclose the memory comprises one or more first physical memory partitions configured for sensitive data and one or more second physical memory partitions configured for non- sensitive data and the device driving module is configured to provide a protection rule for each of the first physical memory partitions to limit access to the first physical memory partitions.
However in an analogous art De Perthuis discloses the memory comprises one or more first physical memory partitions configured for sensitive data and one or more second physical memory partitions configured for non- sensitive data
[A first region, labelled DMA group 1 includes all sensitive data such as decrypted bitstreams and decoded video. A second region, labelled DMA group 2 includes all non sensitive data such as encrypted data and HDD data, for example. Encrypted data is received from the broadcast channel and written in memory (DMA group 2) in a non protected area. (De Perthuis et al., paragraph 21)]
the device driving module is configured to provide a protection rule for each of the first physical memory partitions to limit access to the first physical memory partitions.
[wherein the memory protection unit is arranged to logically partition the memory into different regions, to maintain a policy for each region, the policy defining access rights to the respective region and defining the safety status of data written in the respective region, to check access requests writing data from a first region to a second region, and to refuse the access request if the safety status, according to the respective policy, of the written data in the second region is not maintained. (De Perthuis et al., paragraph 7)]
Shan and De Perthuis are considered to be analogous to the claimed invention because they are in the same field of memory access. Therefore, it would have been obvious to one of ordinary skill in the art before the instant application effective filing date of the claimed invention to have modified the teachings of Shan to incorporate the teachings of De Perthuis et al. to include the memory comprises one or more first physical memory partitions configured for sensitive data and one or more second physical memory partitions configured for non- sensitive data and the device driving module is configured to provide a protection rule for each of the first physical memory partitions to limit access to the first physical memory partitions., in order to allow transfer between different regions within the memory that have different security levels, as long as the necessary safety conditions are maintained.. (De Perthuis et al., paragraph 9)]
Regarding claim 3,
Shan in view of De Perthuis disclose the system according to claim 1, wherein the trusted authentication driver is further configured to invoke an interface of the device driving module and send a first key stored in the trusted authentication driver to the device driving module when the authentication result indicates that the authentication succeeds;
[the memory controller 109 may generate an access key after the authentication result is obtained. (Shan et al., paragraph 37)]
the device driving module is configured to determine if the first key matches a second key stored in the secure memory module, and disables a protection rule of the target partition when the first key matches the second key.
[The memory controller 109 verifies the access key provided by the application using a locally stored key, i.e. determining whether the application can continue to access the memory 101. (Shan et al., paragraph 37, if the key matches and is verified it is allowed to continue to access memory meaning the protection rule restricting access is disabled)]
[the memory controller 109 may also provide the authentication result directly to the data buffer 106 to allow or restrict the subsequent access of the application 111 with the data buffer 106. (Shan et al., paragraph 36, if the keys fail to match or be verified then the protection rule/ restriction will restrict the access )]
Regarding claim 6,
Shan in view of De Perthuis discloses the system according to claim 1, wherein the secure memory module is configured to receive a second memory access request for the target partition,
[the memory controller 109 may generate an access key after the authentication result is obtained. (Shan et al., paragraph 37)]
[The application's subsequent requests or instructions to access the memory may all include the access key. (Shan et al., paragraph 37)]
detect whether a conflict exists between the second memory access request and a protection rule of the target partition,
[The memory controller 109 verifies the access key provided by the application using a locally stored key, i.e. determining whether the application can continue to access the memory 101. (Shan et al., paragraph 37)]
and reject the second memory access request when detecting that the conflict exists, wherein the second memory access request is not from the memory allocator.
[the memory controller 109 may also provide the authentication result directly to the data buffer 106 to allow or restrict the subsequent access of the application 111 with the data buffer 106 (Shan et al., paragraph 36)]
Regarding claim 8,
Shan in view of De Perthuis discloses the system according to claim 1, wherein the protection rules comprise one or more of: data reads from the physical memory partition are disabled, data writes to the physical memory partition are disabled, and accesses to the physical memory partition are monitored.
[This access control mechanism prevents an unauthorized application from accessing the memory illegally and invoking or modifying the data and instructions stored therein. (Shan et al., paragraph 15)]
Regarding claim 17,
Shan in view of De Perthuis discloses the system according to claim 1, wherein the system further comprises an operating system, and the operating system is configured to manage the second physical memory partitions.
[wherein the memory protection unit is arranged to logically partition the memory into different regions, to maintain a policy for each region, the policy defining access rights to the respective region and defining the safety status of data written in the respective region, to check access requests writing data from a first region to a second region, (De Perthuis et al., paragraph 7)]
[The implementation of the memory protection unit 16 can be a combination of hardware and software. (De Perthuis et al., paragraph 44, memory protection unit can be software)]
Shan and De Perthuis are considered to be analogous to the claimed invention because they are in the same field of memory access. Therefore, it would have been obvious to one of ordinary skill in the art before the instant application effective filing date of the claimed invention to have modified the teachings of Shan to incorporate the teachings of De Perthuis et al. to include wherein the system further comprises an operating system, and the operating system is configured to manage the second physical memory partitions, in order to allow transfer between different regions within the memory that have different security levels, as long as the necessary safety conditions are maintained.. (De Perthuis et al., paragraph 9)]
Regarding claim 18,
Shan in view of De Perthuis discloses the system according to claim 17, wherein the first physical memory partitions are inaccessible to the operating system.
[The address of a direct memory access will be checked against the memory range and the ID of the IP unit 24 that is making the DMA. In the case of a transfer from a block move unit, other data (like the operation performed and the source and destination of the access) are required. If it is seen that an IP unit 24 tries to access a memory location it is not allowed to access, then the access will be refused and an interrupt will be raised. (De Perthuis et al., paragraph 40, access not allowed)]
Shan and De Perthuis are considered to be analogous to the claimed invention because they are in the same field of memory access. Therefore, it would have been obvious to one of ordinary skill in the art before the instant application effective filing date of the claimed invention to have modified the teachings of Shan to incorporate the teachings of De Perthuis et al. to include wherein the first physical memory partitions are inaccessible to the operating system, in order to allow transfer between different regions within the memory that have different security levels, as long as the necessary safety conditions are maintained.. (De Perthuis et al., paragraph 9)]
Regarding claim 19,
Shan in view of De Perthuis discloses the system according to claim 1, wherein the first physical memory partitions have equal or different sizes.
[The memory module 103 may include a plurality of memory cells, each of which has an addressable storage address and can be used to store an instruction or data (e.g., application data) of certain size (Shan et al., paragraph 17)]
Regarding claim 20,
Shan in view of De Perthuis discloses the system according to claim 1,
wherein the memory allocator comprises a file system, and the file system is configured to initialize the first physical memory partitions and to generate an access path for each of the first physical memory partitions; and a user sends the first memory access request to the memory allocator by a corresponding one of access paths, so as to directly access the target partition.
[wherein the memory protection unit is arranged to logically partition the memory into different regions, to maintain a policy for each region, the policy defining access rights to the respective region and defining the safety status of data written in the respective region, to check access requests writing data from a first region to a second region, and to refuse the access request if the safety status, according to the respective policy, of the written data in the second region is not maintained. (De Perthuis et al., paragraph 7)]
Shan and De Perthuis are considered to be analogous to the claimed invention because they are in the same field of memory access. Therefore, it would have been obvious to one of ordinary skill in the art before the instant application effective filing date of the claimed invention to have modified the teachings of Shan to incorporate the teachings of De Perthuis et al. to include wherein the memory allocator comprises a file system, and the file system is configured to initialize the first physical memory partitions and to generate an access path for each of the first physical memory partitions; and a user sends the first memory access request to the memory allocator by a corresponding one of access paths, so as to directly access the target partition, in order to allow transfer between different regions within the memory that have different security levels, as long as the necessary safety conditions are maintained.. (De Perthuis et al., paragraph 9)]
Regarding claim 21,
Shan in view of De Perthuis discloses the system according to claim 20, wherein the access paths are presented as files or file directories.
[The computer program product may comprise instructions that promote the loading and/or copying of data, data structures, files, and/or executable instructions to the secondary storage 384, to the ROM 386, to the RAM 388, and/or to other non-volatile memory and volatile memory of the computer system 380. (Shan et al., column 19, lines 2-7)]
Regarding claim 22,
Shan in view of De Perthuis discloses the system according to claim 1, wherein the authentication information comprises user information, process information, information of target partition, and operation information; the external authorization information comprises authorized user information, authorized program information, authorized partition information, and/or authorized operation information;
[the memory controller 109 compares the acquired characteristic information with authentication information corresponding to the application, so as to determine whether the authentication of the application is successful. (Shan et al., paragraph 33)]
[Alternatively, the authentication information further includes the name or other identification information of the application. (Shan et al., paragraph 34)]
and each one of the first memory access request and the second memory access request comprises memory allocation requests, memory release requests, memory mapping requests, memory data attribute modification requests, and/or memory data read/write requests.
[authenticating applications that request access to the memory. An application can obtain access to the memory only after the authentication is successful. This access control mechanism prevents an unauthorized application from accessing the memory illegally and invoking or modifying the data and instructions stored therein. (Shan et al., paragraph 15)]
Claims 4 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over by Shan et al. (US 20180157822) in view of De Perthuis et al. (US 20110078760) and in further view of Krishan et al. (US 20240163271)
Regarding claim 4,
Shan in view of De Perthuis discloses the system according to claim 3, but fails to explicitly disclose wherein the secure memory module is further
configured to update, after the first key matches the second key, the second key to obtain an updated second key.
However in an analogous art Krishan discloses wherein the secure memory module is further
configured to update, after the first key matches the second key, the second key to obtain an updated second key.
[when TLS data changes in a TLS certificate (e.g., data used in access token ownership verification), intermediate NF 598 may send updated ownership information (e.g., an updated ‘owner_tls_key’ value and/or an ‘owner_tls_value’ value) in an NRF heartbeat or NFUpdate message, to get the updated trust token in a corresponding message. (Krishan et al., paragraph 97)]
Shan, De Perthuis, and Krishan are considered to be analogous to the claimed invention because they are in the same field of memory access. Therefore, it would have been obvious to one of ordinary skill in the art before the instant application effective filing date of the claimed invention to have modified the teachings of Shan and De Perthuis to incorporate the teachings of Krishan et al. to include wherein the secure memory module is further configured to update, after the first key matches the second key, the second key to obtain an updated second key, in order to verify ownership of a access token and to determine or detect that a malicious entity is the owner of the access token. (Krishan et al., paragraph 127)]
Regarding claim 5,
Shan in view of De Perthuis and in further view of Krishan discloses the system according to claim 4,
wherein the trusted authentication driver is further configured to invoke the interface of the device driving module after the memory allocator finishes executing the first memory access request to notify the device driving module to re-enable the protection rule of the target partition, and update the first key based on the updated second key.
[when TLS data changes in a TLS certificate (e.g., data used in access token ownership verification), intermediate NF 598 may send updated ownership information (e.g., an updated ‘owner_tls_key’ value and/or an ‘owner_tls_value’ value) in an NRF heartbeat or NFUpdate message, to get the updated trust token in a corresponding message. (Krishan et al., paragraph 97)]
Shan, De Perthuis, and Krishan are considered to be analogous to the claimed invention because they are in the same field of memory access. Therefore, it would have been obvious to one of ordinary skill in the art before the instant application effective filing date of the claimed invention to have modified the teachings of Shan and De Perthuis to incorporate the teachings of Krishan et al. to include wherein the trusted authentication driver is further configured to invoke the interface of the device driving module after the memory allocator finishes executing the first memory access request to notify the device driving module to re-enable the protection rule of the target partition, and update the first key based on the updated second key, in order to verify ownership of a access token and to determine or detect that a malicious entity is the owner of the access token. (Krishan et al., paragraph 127)]
Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over by Shan et al. (US 20180157822) in view of De Perthuis et al. (US 20110078760) and in further view of Brandwine et al. (US 20190332786).
Regarding claim 7
Shan in view of De Perthuis discloses the system according to claim 6, but fails to explicitly disclose wherein the secure memory module is further configured to generate an illegal access record when detecting that the conflict exists.
However in an analogous art Brandwine discloses wherein the secure memory module is further configured to generate an illegal access record when detecting that the conflict exists.
[Additionally, the update to the breach detection system may include placing the requestor on a black list, which may cause the service computer system to ignore request from the requestor. (Brandwine et al., paragraph 54)]
Shan, De Perthuis, and Brandwine are considered to be analogous to the claimed invention because they are in the same field of memory access. Therefore, it would have been obvious to one of ordinary skill in the art before the instant application effective filing date of the claimed invention to have modified the teachings of Shan and De Perthuis to incorporate the teachings of Brandwine et al. to include wherein the secure memory module is further configured to generate an illegal access record when detecting that the conflict exists, in order to cause the service computer system to ignore request from the requestor when a breach is detected. (Brandwine et al., paragraph 54)]
Claim 9 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over by Shan et al. (US 20180157822) in view of De Perthuis et al. (US 20110078760) and in further view of Molnar et al. (US 20170097896).
Regarding claim 9,
Shan discloses A method applied to a system for managing a memory,
wherein the system comprises a memory allocator and a trusted authentication driver, wherein the memory allocator independently manages the first physical memory partitions, and the method comprises: receiving, by the memory allocator, a first memory access request for a target partition among the first physical memory partitions
[the processor 107 acquires an authentication request provided by an application. (Shan et al., paragraph 24, processor 107 or memory allocator receiving request)]
[the processor 107 can cooperate with the memory controller 109 to complete the authentication of the application that requests access to the memory module 103. (Shan et al., paragraph 21, memory module 103 is the target memory and as managed by memory controller 109)]
and obtaining authentication information to generate an authentication request,
[the processor 107 sends the acquired instruction pointer to the memory controller 109 via the memory interface 105. (Shan et al., paragraph 31)]
[the characteristic information of the application 111 is used to identify the application 111, which is, for example, at least a portion of the codes of the application 111. (Shan et al., paragraph 31)]
generating, by the trusted authentication driver, an authentication result based on the authentication information of the authentication request and external authorization information, and returning the authentication result to the memory allocator;
[The memory controller 109 may compare the characteristic information obtained using the characteristic instruction with the authentication information, so as to determine whether the authentication of the application 111 is successful. (Shan et al., paragraph 34)]
[the memory controller 109 may output an authentication result to the processor 107 after the authentication result is obtained. (Shan et al., paragraph 36)]
and executing, by the memory allocator, the first memory access request when the authentication result indicates that the authentication succeeds,
[the processor 107 may decide whether to allow or restrict subsequent access of the application 111 to the memory 101 based on the authentication result, i.e. whether subsequent instructions of the application 111 stored in the memory 101 can be executed. (Shan et al., paragraph 36)]
and rejecting the first memory access request when the authentication result indicates that the authentication fails.
[the processor 107 may decide whether to allow or restrict subsequent access of the application 111 to the memory 101 based on the authentication result, i.e. whether subsequent instructions of the application 111 stored in the memory 101 can be executed. (Shan et al., paragraph 36)]
Shan fails to explicitly disclose the memory comprises one or more first physical memory partitions configured for sensitive data and one or more second physical memory partitions configured for non- sensitive data and the device driving module is configured to provide a protection rule for each of the first physical memory partitions to limit access to the first physical memory partitions.
However in an analogous art De Perthuis discloses the memory comprises one or more first physical memory partitions configured for sensitive data and one or more second physical memory partitions configured for non- sensitive data
[A first region, labelled DMA group 1 includes all sensitive data such as decrypted bitstreams and decoded video. A second region, labelled DMA group 2 includes all non sensitive data such as encrypted data and HDD data, for example. Encrypted data is received from the broadcast channel and written in memory (DMA group 2) in a non protected area. (De Perthuis et al., paragraph 21)]
the device driving module is configured to provide a protection rule for each of the first physical memory partitions to limit access to the first physical memory partitions.
[wherein the memory protection unit is arranged to logically partition the memory into different regions, to maintain a policy for each region, the policy defining access rights to the respective region and defining the safety status of data written in the respective region, to check access requests writing data from a first region to a second region, and to refuse the access request if the safety status, according to the respective policy, of the written data in the second region is not maintained. (De Perthuis et al., paragraph 7)]
Shan and De Perthuis are considered to be analogous to the claimed invention because they are in the same field of memory access. Therefore, it would have been obvious to one of ordinary skill in the art before the instant application effective filing date of the claimed invention to have modified the teachings of Shan to incorporate the teachings of De Perthuis et al. to include the memory comprises one or more first physical memory partitions configured for sensitive data and one or more second physical memory partitions configured for non- sensitive data and the device driving module is configured to provide a protection rule for each of the first physical memory partitions to limit access to the first physical memory partitions., in order to allow transfer between different regions within the memory that have different security levels, as long as the necessary safety conditions are maintained.. (De Perthuis et al., paragraph 9)]
Shan in view of De Perthuis fails to explicitly disclose sending, by the memory allocator, the authentication request to the trusted authentication driver;
However in an analogous art Molnar discloses sending, by the memory allocator, the authentication request to the trusted authentication driver;
[the TLB sends a validation request 485 (labelled with the “8” bubble) that includes the translated address and the secure state information 215 included in the cached mapping to the validation unit 416. (Molnar et al., paragraph 48)]
Shan, De Perthuis, and Molnar are considered to be analogous to the claimed invention because they are in the same field of memory access. Therefore, it would have been obvious to one of ordinary skill in the art before the instant application effective filing date of the claimed invention to have modified the teachings of Shan and De Perthuis to incorporate the teachings of Molnar et al. to include sending, by the memory allocator, the authentication request to the trusted authentication driver, in order to ascertain whether the memory access request is an authorized request. (Molnar et al., paragraph 49)]
Regarding claim 16,
Shan discloses a memory, on which a computer program is stored; and a processor, communicatively connected to the memory and configured to invoke the computer program to perform a method applied to a system for managing the memory,
[a memory interface connecting a memory (the memory described herein refers to a main memory, commonly known as a memory) and a processor (e.g., a CPU of a computer, or a microprocessor of a mobile terminal) (Shan et al., paragraph 14)]
The claim recites substantially the same content as claim 1 and is rejected with the rationales set forth for claim 9.
Claims 10-11, and 14 are rejected under 35 U.S.C. 103 as being unpatentable over by Shan et al. (US 20180157822) in view of De Perthuis et al. (US 20110078760) in further view of Molnar et al. (US 20170097896) and in further view of Schmisseur et al. (US 20060047934).
Regarding claim 10,
Shan in view of De Perthuis in further view of Molnar discloses the method according to claim 9, further comprising a device driving module, but fails to explicitly disclose wherein the device driving module configures a protection rule for each of the physical memory partitions to limit access to the physical memory partitions.
However in an analogous art Schmisseur discloses wherein the device driving module configures a protection rule for each of the physical memory partitions to limit access to the physical memory partitions.
[port controller circuitry 310 may include rules engine circuitry 314 and address comparator circuitry 315. Rules engine circuitry 314 may include one or more memory access rules, and may be capable of defining an order to memory read requests and/or memory write request for one or more ports 204, 206, 208 comprised in memory controller 48. (Schmisseur et al., paragraph 35)]
[Exemplary rules which may be defined by rules engine circuitry 314 may include, for example, that memory read requests as may be stored in one or more read queues 304A, 306A and/or 308A (Schmisseur et al., paragraph 36)]
Shan, De Perthuis, Molnar, and Schmisseur are considered to be analogous to the claimed invention because they are in the same field of memory access. Therefore, it would have been obvious to one of ordinary skill in the art before the instant application effective filing date of the claimed invention to have modified the teachings of Shan, De Perthuis, and Molnar to incorporate the teachings of Schmisseur et al. to include wherein the device driving module configures a protection rule for each of the physical memory partitions to limit access to the physical memory partitions, in order to determine memory access rules and defining an order to memory read requests and or memory write request for one or more ports comprised in memory. (Schmisseur et al., paragraph 35)]
Regarding claim 11,
Shan in view of De Perthuis, in further view of Molnar and in further view of Schmisseur disclose the method according to claim 10, wherein the trusted driving module is further configured to invoke an interface of the device driving module and send a first key stored in the trusted driving module to the device driving module when the authentication result indicates that the authentication succeeds;
[the memory controller 109 may generate an access key after the authentication result is obtained. (Shan et al., paragraph 37)]
the device driving module is configured to determine if the first key matches a second key stored in the secure memory module, and disables a protection rule of the target partition when the first key matches the second key.
[The memory controller 109 verifies the access key provided by the application using a locally stored key, i.e. determining whether the application can continue to access the memory 101. (Shan et al., paragraph 37, if the key matches and is verified it is allowed to continue to access memory meaning the protection rule restricting access is disabled)]
[the memory controller 109 may also provide the authentication result directly to the data buffer 106 to allow or restrict the subsequent access of the application 111 with the data buffer 106. (Shan et al., paragraph 36, if the keys fail to match or be verified then the protection rule/ restriction will restrict the access )]
Regarding claim 14,
Shan in view of De Perthuis in further view of Molnar and in further view of Schmisseur discloses the method according to claim 10, wherein the secure memory module is configured to receive a second memory access request for the target partition,
[the memory controller 109 may generate an access key after the authentication result is obtained. (Shan et al., paragraph 37)]
[The application's subsequent requests or instructions to access the memory may all include the access key. (Shan et al., paragraph 37)]
detect whether a conflict exists between the second memory access request and a protection rule of the target partition,
[The memory controller 109 verifies the access key provided by the application using a locally stored key, i.e. determining whether the application can continue to access the memory 101. (Shan et al., paragraph 37)]
and reject the second memory access request when detecting that the conflict exists, wherein the second memory access request is not from the memory allocator.
[the memory controller 109 may also provide the authentication result directly to the data buffer 106 to allow or restrict the subsequent access of the application 111 with the data buffer 106 (Shan et al., paragraph 36)]
Claims 12 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over by Shan et al. (US 20180157822) in view of De Perthuis et al. (US 20110078760) in further view of Molnar et al. (US 20170097896) in further view of Schmisseur et al. (US 20060047934) and in further view of Krishan et al. (US 20240163271)
Regarding claim 12,
Shan in view of De Perthuis in further view of Molnar and in further view of Schmisseur disclose the method according to claim 11, but fails to explicitly disclose updating, by the secure memory module, the second key to obtain an updated second key after the first key matches the second key..
However in an analogous art Krishan discloses updating, by the secure memory module, the second key to obtain an updated second key after the first key matches the second key.
[when TLS data changes in a TLS certificate (e.g., data used in access token ownership verification), intermediate NF 598 may send updated ownership information (e.g., an updated ‘owner_tls_key’ value and/or an ‘owner_tls_value’ value) in an NRF heartbeat or NFUpdate message, to get the updated trust token in a corresponding message. (Krishan et al., paragraph 97)]
Shan, De Perthuis, Molnar, Schmisseur, and Krishan are considered to be analogous to the claimed invention because they are in the same field of memory access. Therefore, it would have been obvious to one of ordinary skill in the art before the instant application effective filing date of the claimed invention to have modified the teachings of Shan, De Perthuis , Molnar, and Schmisseur to incorporate the teachings of Krishan et al. to include updating, by the secure memory module, the second key to obtain an updated second key after the first key matches the second key., in order to verify ownership of a access token and to determine or detect that a malicious entity is the owner of the access token. (Krishan et al., paragraph 127)]
Regarding claim 13,
Shan in view of De Perthuis in further view of Molnar in further view of Schmisseur and in further view of Krishan disclose the method according to claim 12, invoking, by the trusted driving module, the interface of the device driving module after the memory allocator finishes executing the first memory access request to notify the device driving module to re-enable the protection rule of the target partition, and updating the first key based on the updated second key.
[when TLS data changes in a TLS certificate (e.g., data used in access token ownership verification), intermediate NF 598 may send updated ownership information (e.g., an updated ‘owner_tls_key’ value and/or an ‘owner_tls_value’ value) in an NRF heartbeat or NFUpdate message, to get the updated trust token in a corresponding message. (Krishan et al., paragraph 97)]
Shan, De Perthuis, Molnar, Schmisseur, and Krishan are considered to be analogous to the claimed invention because they are in the same field of memory access. Therefore, it would have been obvious to one of ordinary skill in the art before the instant application effective filing date of the claimed invention to have modified the teachings of Shan, De Perthuis, Molnar, and Schmisseur to incorporate the teachings of Krishan et al. to include invoking, by the trusted driving module, the interface of the device driving module after the memory allocator finishes executing the first memory access request to notify the device driving module to re-enable the protection rule of the target partition, and updating the first key based on the updated second key, in order to verify ownership of a access token and to determine or detect that a malicious entity is the owner of the access token. (Krishan et al., paragraph 127)]
Claims 15 is rejected under 35 U.S.C. 103 as being unpatentable over by Shan et al. (US 20180157822) in view of De Perthuis et al. (US 20110078760) in further view of Molnar et al. (US 20170097896) in further view of Schmisseur et al. (US 20060047934) and in further view of Brandwine et al. (US 20190332786).
Regarding claim 15,
Shan in view of De Perthuis in further view of Molnar and in further view of Schmisseur discloses the method according to claim 14, but fails to explicitly disclose wherein the secure memory module is further configured to generate an illegal access record when detecting that the conflict exists.
However in an analogous art Brandwine discloses wherein the secure memory module is further configured to generate an illegal access record when detecting that the conflict exists.
[Additionally, the update to the breach detection system may include placing the requestor on a black list, which may cause the service computer system to ignore request from the requestor. (Brandwine et al., paragraph 54)]
Shan, De Perthuis, Molnar, Schmisseur, and Brandwine are considered to be analogous to the claimed invention because they are in the same field of memory access. Therefore, it would have been obvious to one of ordinary skill in the art before the instant application effective filing date of the claimed invention to have modified the teachings of Shan, De Perthuis, Molnar, and Schmisseur, to incorporate the teachings of Brandwine et al. to include wherein the secure memory module is further configured to generate an illegal access record when detecting that the conflict exists, in order to cause the service computer system to ignore request from the requestor when a breach is detected. (Brandwine et al., paragraph 54)]
Conclusion
Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office action. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANIEL ELAHIAN whose telephone number is (703) 756-1284. The examiner can normally be reached on Monday – Friday from 7:30am to 5pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Catherine Thiaw can be reached at telephone number 571-270-1138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from Patent Center and the Private Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from Patent Center or Private PAIR. Status information for unpublished applications is available through Patent Center and Private PAIR for authorized users only. Should you have questions about access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/D.E./DANIEL ELAHIAN, Examiner, Art Unit 2407
/David J Pearson/Primary Examiner, Art Unit 2407