Prosecution Insights
Last updated: July 17, 2026
Application No. 18/859,259

EXECUTION ENVIRONMENT MISMATCH

Non-Final OA §101§102§103§112
Filed
Oct 23, 2024
Priority
Apr 28, 2022 — GB 2206210.3 +2 more
Examiner
SONG, HEE K
Art Unit
2497
Tech Center
2400 — Computer Networks
Assignee
ARM Limited
OA Round
1 (Non-Final)
85%
Grant Probability
Favorable
1-2
OA Rounds
1y 0m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 85% — above average
85%
Career Allowance Rate
659 granted / 776 resolved
+26.9% vs TC avg
Strong +20% interview lift
Without
With
+19.6%
Interview Lift
resolved cases with interview
Typical timeline
2y 9m
Avg Prosecution
13 currently pending
Career history
789
Total Applications
across all art units

Statute-Specific Performance

§101
2.6%
-37.4% vs TC avg
§103
74.6%
+34.6% vs TC avg
§102
12.5%
-27.5% vs TC avg
§112
2.4%
-37.6% vs TC avg
Black line = Tech Center average estimate • Based on career data from 776 resolved cases

Office Action

§101 §102 §103 §112
Detailed Action The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This is in response to Application with case number 18/859,259, filed on 12/23/2024 in which claims 1-18 are presented for examination. Status of Claims Claims 1-18 are pending, of which claims 1, 17 and 18 are in independent form. Specification The examiner notes that the Specification does not include any URL links and Trademark terms requiring capitalization. The examiner notes that the abstract is in narrative form and is limited to a single paragraph on a separate sheet within the range of 50 to 150 words in length. The examiner also notes that Abstract includes no legal phraseology. The examiner notes no claims invokes 35 USC § 112 6th paragraph. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claim 18 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because claim 18 is directed to a computer program for controlling a host data processing apparatus which is interpreted by the examiner as software per se. While the non-transitory storage medium storing the computer program is patent-eligible subject matter, the program itself (i.e., software per se) does not fall within one of the patent-eligible categories. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1, 2, 4, 8, 11, 15 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claim 1 recites the limitation "the one of the execution environments" in the third line of second limitation. There is insufficient antecedent basis for this limitation in the claim. Claim 2 recites the limitation "the data of the memory access request" in the second line of first limitation. There is insufficient antecedent basis for this limitation in the claim. Claim 4 recites the limitation "the one of the entries" in the third line of the limitation. There is insufficient antecedent basis for this limitation in the claim. Claims 8, 11, and 15 recite the limitation "the one of the entries" in the third line of the limitation. There is insufficient antecedent basis for this limitation in the claim. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claim(s) 1-5, 13-18 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Chhabra et al. (US 2021/0064547 A1) hereinafter Chhabra. As to claim 1, Chhabra teaches an apparatus comprising: processing circuitry configured to perform processing in one of a fixed number of at least two domains (see para. [0021] “…a memory controller of a processor that can tag cache lines stored in system memory with an ownership bit. The ownership bit, which may be included within metadata associated with the cache line, indicates whether or not the cache line belongs to a trust domain (TD). The ownership bit may be set upon write of the cache line in response to a determination that a key identifier (ID) located within a physical address of a write request belongs to a TD. Upon performing a read of the cache line, the access type of the key ID (e.g., whether or not is a TD key ID) in a read request is checked against a value of the ownership bit. If there is a mismatch, the memory controller may return, in response to the read request, a poison bit and invalid data that matches a fixed pattern (e.g., all zeros or all ones).”), one of the domains being subdivided into a variable number of execution environments (see para. [0025] for multiple domains); memory translation circuitry configured, in response to a memory access request to a given memory address, to determine a given encryption environment identifier associated with the one of the execution environments and to forward the memory access request together with the given encryption environment identifier (see para. [0090] “detecting, within a read request for a cache line from the processor core, a key identifier (ID) within a physical address of a location in the memory device (705). The method 700 may continue with the processing logic determining whether the key ID is a TD key ID (710). If no, the read request is handled as per previous non-TD access request, e.g., returning unencrypted data after passing an integrity check assuming the memory access bit indicates non-TD data (715). If yes, the key ID is a TD key ID, the method 700 may continue with the processing logic reading data the cache line from the memory (720).”); storage circuitry configured to store a plurality of entries, each associated with an associated encryption environment identifier and an associated memory address, wherein the storage circuitry comprises determination circuitry configured to determine, in at least one enabled mode of operation, whether the given encryption environment identifier differs from the associated encryption environment identifier associated with one of the entries associated with the given memory address (see para. [0057] KET 122, “…the memory controller may include the KET 122, which stores mappings of encryption keys to key IDs, as illustrated in FIG. 2C for one implementation where K=128 total keys and K.sub.TDX=96 restricted keys. In one implementation, encryption keys 255 may be 128-bit keys. The KET 122 may be indexed by the key IDs 250. The partition of key IDs (and, hence, of the encryption keys) may be implemented as described above. When a memory operation is directed at a physical memory address of a physical page of the memory, the processor may extract the key ID from the upper M bits of the physical memory address used for key ID encoding. The processor may then reference the KET 122 to determine which encryption key is to be used to decrypt or encrypt the physical page of the memory.”). As to claims 17 and 18, claims 17 and 18 include similar limitations as claim 1 and thus are rejected under the same rationale as in claim 1. As to claim 2, in view of claim 1, Chhabra teaches comprising: memory protection circuitry configured to use a key input to perform encryption or decryption on the data of the memory access request in response to the data being absent from the storage circuitry, wherein the key input is based on the given encryption environment identifier; the key input for each of the domains is fixed at boot time of the apparatus (see para. [0040]); and the key input for each of the execution environments is dynamic (see para. [0022] “a memory controller of a processor that can tag cache lines stored in system memory with an ownership bit. The ownership bit, which may be included within metadata associated with the cache line, indicates whether or not the cache line belongs to a trust domain (TD). The ownership bit may be set upon write of the cache line in response to a determination that a key identifier (ID) located within a physical address of a write request belongs to a TD. Upon performing a read of the cache line, the access type of the key ID (e.g., whether or not is a TD key ID) in a read request is checked against a value of the ownership bit. If there is a mismatch, the memory controller may return, in response to the read request, a poison bit and invalid data that matches a fixed pattern (e.g., all zeros or all ones).”). As to claim 3, in view of claim 1, Chhabra teaches wherein the storage circuitry is configured, in at least one error mode of operation (see para. [0051]), to perform an error action in response to the given encryption environment identifier differing from the associated encryption environment identifier that is associated with the given memory address (see para. [0039] for checking whether the memory operation such as read or write or execute involving a physical page of the memory (e.g., cache line in the memory 130) includes a correct Key ID along with a physical memory address for the encryption key used to encrypt or decrypt the physical page of the memory; see para. [0064]-[0065] for an error detection action (e.g., non-restricted key page fault), “[0064] In particular, in the first situation, a trusted software executing in the TD 150A may erroneously concatenate a non-restricted (either shared or non-shared) MK-TME request key ID to the physical memory address of a private physical page of the memory which is encrypted (or is expected to be encrypted—in case of a write operation) with one of the restricted TDX keys allocated to the TD 150A. In this case, the memory controller 120, via the cryptographic engine 136, may detect that none of the restricted bits of the request key ID is set and that, therefore, the request key ID is not one of the restricted key IDs. [0065] Correspondingly, the memory controller 120 may generate a fault, e.g. a non-restricted key page fault, in response to a determination that at least one of the restricted bits of the request key ID is set (or clear, in some implementations, as discussed above). The fault may be used to inform the software program which initiated the memory operation that a non-restricted key has been used where a restricted key is expected. In some implementations, the memory controller 120 may further detect that the memory operation originated outside a trust computing base of the TD 150A (for example, an operation from one of TDs 150 B-C, one of VMs 155 operating outside a TD, a hypervisor 140, and so on) and generate silent abort-page semantics. In some implementations, this may mean that write operations are silently ignored whereas read operations return invalid data with a fixed pattern, e.g., bits of all zero values or all one values.”). As to claim 4, in view of claim 1, Chhabra teaches wherein the at least one enabled mode of operation comprises a poison mode of operation in which, in response to the associated memory address of the one of the entries being the given memory address when the given encryption environment identifier differs from the associated encryption environment identifier associated with the one of the entries, the storage circuitry is configured to poison the one of the entries (see para. [0091], [0092] and [0144]). As to claim 5, in view of claim 4, Chhabra teaches wherein the processing circuitry is configured, when the one of the entries is received by the processing circuitry, to generate an exception (see para. [0066] for machine check exception (MCE)). As to claim 13, in view of claim 1, Chhabra teaches wherein when the memory access request is a write memory access request, the storage circuitry is further configured to update the associated encryption identifier to correspond with the given encryption environment identifier (see para. [0077] “The method 500 may continue with the processing logic writing the encrypted data, the ownership bit, and the MAC of the cache line to the memory (530). In different implementations, the ownership bit may be stored with the cache line (e.g., in one of the ECC bits 415) or stored within the sequestered range of memory 430.”) As to claim 14, in view of claim 1, Chhabra teaches wherein the determination circuitry is configured, in at least one disabled mode of operation, to inhibit determination of whether the given encryption environment identifier differs from the associated encryption environment identifier associated with one of the entries associated with the given memory address (see para. [0092] “If the integrity check does not pass, the method 700 may continue with the processing logic returning, in response to the read request, a poison bit and invalid data that matches a fixed pattern (760).”) As to claim 15, in view of claim 1, Chhabra teaches wherein in at least some of the at least one enabled mode of operation, in response to the associated memory address of the one of the entries being the given memory address when the given encryption environment identifier differs from the associated encryption environment identifier associated with the one of the entries, the storage circuitry is configured to generate an asynchronous exception (see para. [0063] “…the memory controller 120 may generate a fault and/or abort procedure in a number of situations, including but not limited to the following: 1) A memory operation that includes a non-restricted ID concatenated to the physical memory address whereas the physical page of the memory is a private page allocated to a TD. 2) A memory operation that includes a wrong restricted key ID concatenated to the physical memory address for which a different restricted key ID is expected.”) As to claim 16, in view of claim 15, Chhabra teaches wherein the storage circuitry is configured to generate the asynchronous exception and to store in one or more registers accessible to the processing circuitry details of the memory access request (see para. [0049] “The cryptographic engine 136 may cache the internal key data structure 121, which the cryptographic engine 136 may use to identify domain accesses to be protected. The key data structure 121 may be a table or other data structure capable of being indexed and stored within hardware of the cryptographic engine 136. In one implementation, the hardware is a cache, a set of registers, or other flash memory.”) Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 8 and 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chhabra, in view of Waugh (US 10,198,360 B2) hereinafter Waugh. As to claim 8, Chhabra teaches the apparatus according to claim 1, wherein the at least one enabled mode of operation comprises a cleaning mode of operation in which (see par. [0085] “The ownership bit provides deterministic protection … The cryptographic engine…implements the following rules, namely that: 1) a non-TD request … can never get access to ciphertext (fixed pattern of bits are returned); and 2) a non-TD request with integrity deterministically gets integrity failure ….”; see also para. [0065] “Correspondingly, the memory controller 120 may generate a fault, e.g. a non-restricted key page fault, in response to a determination that at least one of the restricted bits of the request key ID is set (or clear, in some implementations, as discussed above). The fault may be used to inform the software program which initiated the memory operation that a non-restricted key has been used where a restricted key is expected. In some implementations, the memory controller 120 may further detect that the memory operation originated outside a trust computing base of the TD 150A (for example, an operation from one of TDs 150 B-C, one of VMs 155 operating outside a TD, a hypervisor 140, and so on) and generate silent abort-page semantics. In some implementations, this may mean that write operations are silently ignored whereas read operations return invalid data with a fixed pattern, e.g., bits of all zero values or all one values.”), in response to the associated memory address of the one of the entries being the given memory address when the given encryption environment identifier differs from the associated encryption environment identifier associated with the one of the entries, the storage circuitry is configured to clean (see para. [0092]-[0093] “[0092] With additional reference to FIG. 7B, the method 700 may continue with the processing logic determining whether there is an integrity failure, e.g., via a comparison of a generated MAC with the MAC of the cache line (750). If the integrity check passes, the method 700 may continue with the processing logic returning decrypted data (755). If the integrity check does not pass, the method 700 may continue with the processing logic returning, in response to the read request, a poison bit and invalid data that matches a fixed pattern (760). The method 700 may continue with the processing logic determining whether key poisoning is enabled for the processor (765). If not, the key and corresponding key ID are not poisoned (770). If yes, the method 700 may continue with the processing logic poisoning the key associated with the key ID, e.g., by setting the poison status bit 260 in the KET 122 illustrated in FIG. 2C (775). [0093] As discussed, the poison status bit can be cleared by executing a PCONFIG (or similar processor configuration instruction) to reprogram the key ID for use with a new key, but the old “poisoned” key is now invalid and will not be used again. Furthermore, any data stored in the memory that is encrypted with the poisoned key is cleared out. In this way, an attacker cannot access data using a poisoned key at any time in the future.”). Chhabra fails to explicitly teach however Waugh teaches “and invalidate the one of the entries” (Waugh col. 6 lines 4-33; …Accordingly, the special faulting entry in the table circuitry 140 is invalidated and a page walk occurs; col. 8 lines 1-4 &fig. 4 step 350; the process then proceeds to step 335, where it is determined whether or not the instruction was correctly speculatively executed. If not, then at step 350, a “rewind” takes place. During this step, if the page walk is still being carried out by the page walk circuitry 150, it is terminated … the faulting entry in the TLB is invalidated, an example of which was shown with regards to FIG. 3C. A further page walk occurs at step 365, “invalidate” action for the entry and the consequent re-walk; … (FIG. 3C): “FIG. 3C illustrates the format of an invalid entry in the TLB 120. The entry has a valid flag of ‘0’, indicating that the entry is invalid. Any other bits in the particular entry are disregarded, since the particular entry is invalid : showing the structural state of an invalidated entry (valid bit cleared), corroborating the invalidate/remove operation.”). Therefore, it would have been obvious to one ordinary skill in the art before the effective filing date of the application to apply Waugh’s conventional invalidate/remove control to Chhabra’s mismatch/sanitization path in order to ensure that a sanitized or stale entry is not subsequently reused, because removing stale or incorrectly tagged cached state is routine cache/TLB housekeeping that preserves security and correctness; the combined result (sanitize then invalidate so future accesses miss and trigger a fresh refill) is a predictable outcome of applying standard entry-management to Chhabra’s security trigger. As to claim10, Chhabra fails to explicitly teach, however Waugh teaches the apparatus according to claim 1, wherein the processing circuitry is configured to speculatively issue the memory access request as a speculative read request while in a speculative mode of operation (see col. 2 lines 23-35 & fig. 1; processing circuitry to speculatively execute an instruction referencing a virtual address; lookup circuitry to receive the virtual address from the processing circuitry, the lookup circuitry comprising: storage circuitry to store at least one virtual address; and page walking circuitry to perform a page walk on further storage circuitry, in dependence on the virtual address being unlisted by the storage circuitry, to determine whether a correspondence between a physical address and the virtual address exists, wherein the lookup circuitry signals an error when the correspondence cannot be found; and in response to the error being signaled, the storage circuitry stores an entry comprising the virtual address; see further col., 4 lines 64-col. 5 lines 25; TLB; claim 4 and fig 4 flowchart); and the speculative mode of operation is disabled unless the storage circuitry is in the enabled mode of operation (see Waugh see col. 2 lines 65-col. 3 line 9 & fig. 4: in response to the error being signaled, the storage circuitry stores an entry comprising the virtual address and a fault indication to indicate the entry was made in response to the error being signaled. Accordingly, entries in the storage circuitry that were made as a consequence of the error being signaled are marked accordingly. Such fault indications indicate that the entry in the storage circuitry does not contain a translation between a virtual address and a physical address, but rather, that it refers to a virtual address that previously produced a translation error. Such an indication can be used to prevent erroneous accesses into physical memory; … see further claims 14-16; use of stored faulting entries and speculation signals to prevent speculative page walks and to disable or modify speculative actions when an address is known to fault or when speculation is not validated). Therefore, it would have been obvious to one ordinary skill in the art before the effective filing date of the application to apply Waugh’s mechanism of preventing speculative page walks/gating speculation to Chhabra’s memory-protection environment, specifically, to disable speculative read mode whenever storage circuitry is not in an “enabled” mismatch-detection/enforcement mode (i.e., when the protective checks are not active), because doing so prevents speculative reads from accessing lines that might otherwise be subject to mismatch/poison handling and prevents leakage or mis-processing. Allowable Subject Matter Claims 6, 7, 9, 11-12 are objected to as being dependent upon a rejected base claim, but would be allowable if claims are amended to overcome 35 USC section 112(b) rejections and if rewritten in independent form including all of the limitations of the base claim and any intervening claims. The following is a statement of reasons for the indication of allowable subject matter: Prior arts of record and further search does not teach the following limitation(s) of claims 6, 7, 9, 11-12, “wherein when the memory access request is a write memory access request, those portions of the one of the entries that are accessed by the write memory access request are modified and remaining portions of the one of the entries are poisoned” in claim 6, “wherein the at least one enabled mode of operation comprises an aliasing mode of operation in which the storage circuitry is configured to treat the entries of the storage circuitry as different when the associated memory address of the entries match and when the associated encryption environment identifier of the entries mismatch” in claim 7, “wherein in the cleaning mode of operation, in response to the associated memory address of the one of the entries being the given memory address when the given encryption environment identifier differs from the associated encryption environment identifier associated with the one of the entries, the storage circuitry is further configured to treat the memory access request as a miss in the storage circuitry” in claim 9, “wherein the at least one enabled mode of operation comprises an erasing mode of operation in which, in response to the associated memory address of the one of the entries being the given memory address when the given encryption environment identifier differs from the associated encryption environment identifier associated with the one of the entries, the storage circuitry is configured to perform an erasure of the one of the entries” in claim 11, in view of all other limitations of claims 6-7, 9, 11, respectively. Claim 12 is dependent on claim 11 including the above allowable subject matter. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to HEE SONG whose telephone number is (571)270-3260. The examiner can normally be reached on Mon – Fri, 7:30 AM – 5:00 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-7291. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /HEE K SONG/Primary Examiner, Art Unit 2497
Read full office action

Prosecution Timeline

Oct 23, 2024
Application Filed
Apr 20, 2026
Non-Final Rejection mailed — §101, §102, §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12671593
Multi-Party Computation Node Configuration
2y 10m to grant Granted Jun 30, 2026
Patent 12670271
GRAPHQL ACCESS AUTHORIZATION
1y 9m to grant Granted Jun 30, 2026
Patent 12659172
DIGITAL SIGNATURE SYSTEM, DIGITAL SIGNATURE METHOD
1y 12m to grant Granted Jun 16, 2026
Patent 12653974
ACOUSTIC DETECTION FOR RESPIRATORY TREATMENT APPARATUS
1y 7m to grant Granted Jun 16, 2026
Patent 12651090
SYSTEMS AND METHODS OF DATA TRANSFORMATION FOR DATA POOLING
1y 6m to grant Granted Jun 09, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
85%
Grant Probability
99%
With Interview (+19.6%)
2y 9m (~1y 0m remaining)
Median Time to Grant
Low
PTA Risk
Based on 776 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month