Prosecution Insights
Last updated: July 17, 2026
Application No. 19/047,944

METHOD AND SYSTEM FOR IMPROVING EFFICIENCY OF PROTECTING A MULTI-CONTENT PROCESS

Non-Final OA §103§112
Filed
Feb 07, 2025
Priority
Jul 28, 2020 — provisional 63/057,320 +1 more
Examiner
TALUKDAR, ARVIND
Art Unit
2132
Tech Center
2100 — Computer Architecture & Software
Assignee
MediaTek Inc.
OA Round
1 (Non-Final)
81%
Grant Probability
Favorable
1-2
OA Rounds
1y 4m
Est. Remaining
85%
With Interview

Examiner Intelligence

Grants 81% — above average
81%
Career Allowance Rate
456 granted / 566 resolved
+25.6% vs TC avg
Minimal +4% lift
Without
With
+4.0%
Interview Lift
resolved cases with interview
Typical timeline
2y 9m
Avg Prosecution
32 currently pending
Career history
603
Total Applications
across all art units

Statute-Specific Performance

§101
2.4%
-37.6% vs TC avg
§103
82.1%
+42.1% vs TC avg
§102
5.2%
-34.8% vs TC avg
§112
3.2%
-36.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 566 resolved cases

Office Action

§103 §112
DETAILED ACTION Claims 1-20 are pending. Priority: 7/28/2020(Provisional; continuation of 17/225,185) Assignee: MediaTek Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Claim(s) 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim(s) 1-18 of U.S. Patent No. 12,253,960. Although the claims at issue are not identical, they are not patentably distinct from each other because the corresponding claims are obvious variants of each other as shown below. 19/047,944(Instant) 12,253,960(Parent) 1. A method applied to a system for improving an efficiency of protecting a multi-content process; the system cooperating with a memory, and the system comprising an IP (intellectual property) for content processing, wherein: the IP is associated with a plurality of access identities; the memory comprises a plurality of ranges; and the method comprises: configuring range permissions by causing each of the plurality of ranges to permit at least one of the plurality of access identities to access; selecting one of the plurality of access identities as a first access identity for processing a first content, and using the first access identity when the IP accesses the memory during a processing of the first content; and selecting a different one of the plurality of access identities as a second access identity for processing a second content, and using the second access identity when the IP accesses the memory during a processing of the second content. 1. A method applied to a system for improving an efficiency of protecting a multi-content process; the system cooperating with a memory, and comprising one or more hardware IPs (intellectual properties) for content processing, wherein: one of the one or more IPs is associated with multiple access identities; the memory comprises multiple different ranges; and the method comprises: configuring range permissions by causing each of the multiple different ranges to permit only one of the multiple access identities to access, with different ones of the multiple different ranges respectively permitting different ones of the multiple access identities to access; selecting one of the multiple access identities as a first access identity for processing a first content, and using the first access identity when said IP accesses the memory during a processing of a first portion of the first content; and selecting a different one of the multiple access identities as a second access identity for processing a second content, and using the second access identity when said IP accesses the memory during a processing of a first portion of the second content; and after using the first access identity during the processing of the first portion of the first content and before using the second access identity during the processing of the first portion of the second content, not reconfiguring the configured range permissions; and after using the first access identity during the process of the first portion of the first content and using the second access identity during the process of the first portion of the second content, using the first access identity again when said IP accesses the memory during a processing of a second portion of the first content. 2. The method of claim 1, wherein: when configuring the range permissions, configuring the range permissions further by causing each of the plurality of ranges not to permit one or more of the plurality of access identities to access. (claim 1) configuring range permissions by causing each of the multiple different ranges to permit only one of the multiple access identities to access… 3. The method of claim 1 further comprising: after using the first access identity during the processing of the first content and before using the second access identity during the processing of the second content, not reconfiguring the configured range permissions. (claim 1) after using the first access identity during the processing of the first portion of the first content and before using the second access identity during the processing of the first portion of the second content, not reconfiguring the configured range permissions. 4. The method of claim 1 further comprising: when selecting one of the plurality of access identities, determining which one to select by a non-secure CPU. 2. The method of claim 1 further comprising: when selecting one of the multiple access identities, determining which one to select by a non-secure CPU. 5. The method of claim 1, wherein: the system further comprises a preceding IP coupled to the IP; the preceding IP is associated with a plurality of preceding-IP access identities, and is arranged to select one of the plurality of preceding-IP access identities; each of the plurality of access identities is bound to one of the plurality of preceding-IP access identities; and the method further comprises: when selecting one of the plurality of access identities, selecting a said access identity that is bound to the selected preceding-IP access identity. 4. The method of claim 1, wherein: the one or more IPs further include a preceding IP coupled to said IP; the preceding IP is associated with a plurality of preceding-IP access identities, and is arranged to select one of the plurality of preceding-IP access identities; each said access identity is bound to one of the plurality of preceding-IP access identities; and the method further comprises: when selecting one of the multiple access identities, selecting a said access identity that is bound to the selected preceding-IP access identity. 6. The method of claim 5, wherein selecting the said access identity that is bound to the selected preceding-IP access identity is performed without intervention of a secure CPU, and regardless of whether and how a non-secure CPU instructs. 5. The method of claim 4, wherein selecting the said access identity that is bound to the selected preceding-IP access identity is performed without intervention of a secure CPU, and regardless of whether and how a non-secure CPU instructs. 7. The method of claim 1, wherein: the system further comprises a succeeding IP coupled to the IP; and the method further comprises: when one of the plurality of access identities is selected, propagating the selected access identity to the succeeding IP, and using the selected access identity when the succeeding IP accesses the memory. 6. The method of claim 1, wherein: the one or more IPs further include a succeeding IP coupled to said IP; and the method further comprises: when one of the multiple access identities is selected, propagating the selected access identity to the succeeding IP, and using the selected access identity when the succeeding IP accesses the memory. 8. The method of claim 1, wherein: the system further comprises a plurality of preceding IPs coupled to the IP; each of the plurality of access identities is associated with one of a plurality of security levels; each of the plurality of preceding IPs is associated with a plurality of corresponding access identities, and is arranged to select one of the plurality of corresponding access identities; each of the plurality of corresponding access identities is associated with one of the plurality of security levels; and the method further comprises: when selecting one of the plurality of access identities, selecting a said access identity according to the security levels associated with the selected corresponding access identities of the plurality of preceding IPs. 7. The method of claim 1, wherein: the one or more IPs further include a plurality of preceding IPs coupled to said IP; each said access identity is associated with one of a plurality of security levels; each said preceding IP is associated with a plurality of corresponding access identities, and is arranged to select one of the plurality of corresponding access identities; each said corresponding access identity is associated with one of the plurality of security levels; and the method further comprises: when selecting one of the multiple access identities, selecting a said access identity according to the security levels associated with the selected corresponding access identities of the plurality of preceding IPs. 9. The method of claim 1, wherein: the system further comprises a plurality of preceding IPs coupled to the IP; each of the plurality of access identities is associated with one of a plurality security levels; each of the plurality of preceding IPs is associated with a plurality of corresponding access identities, and is arranged to select one of the plurality of corresponding access identities; each of the plurality of corresponding access identities is associated with one of the plurality of security levels; and the method further comprises: when selecting one of the plurality of access identities, applying a predefined rule to the security levels associated with the selected corresponding access identities of the plurality of preceding IPs to evaluate a resultant security level, and selecting a said access identity that is associated with the resultant security level. 8. The method of claim 1, wherein: the one or more IPs further include a plurality of preceding IPs coupled to said IP; each said access identity is associated with one of a plurality security levels; each said preceding IP is associated with multiple corresponding access identities, and is arranged to select one of the multiple corresponding access identities; each said corresponding access identity is associated with one of the plurality of security levels; and the method further comprises: when selecting one of the multiple access identities, applying a predefined rule to the security levels associated with the selected corresponding access identities of the plurality of preceding IPs to evaluate a resultant security level, and selecting a said access identity that is associated with the resultant security level. 10. The method of claim 1, wherein: each of the plurality of access identities is associated with one of a plurality of security levels; the first content is associated with one of the plurality of security levels; and the method further comprises: when selecting one of the plurality of access identities as the first access identity for processing the first content, selecting a said access identity according to the security level associated with the first content. 9. The method of claim 1, wherein: each said access identity is associated with one of a plurality of security levels; the first content is associated with one of the plurality of security levels; and the method further comprises: when selecting one of the multiple access identities for processing the first content, selecting a said access identity according to the security level associated with the first content. 11. A system with improved efficiency of protecting a multi-content process; the system comprising: one or more hardware IPs (intellectual properties) for content processing; wherein: a subset of the one or more hardware IPs implements a secure CPU and a non-secure CPU; the system cooperates with a memory which comprises a plurality of ranges; a certain IP of the one or more hardware IPs is associated with a plurality of access identities; the secure CPU is arranged to configure range permissions by causing each of the plurality of ranges to permit at least one of the plurality of access identities to access; and the certain IP is arranged to: select one of the plurality of access identities as a first access identity for processing a first content, and use the first access identity when accessing the memory to process the first content; and select a different one of the plurality of access identities as a second access identity for processing the second content, and use the second access identity when accessing the memory to process the second content. 10. A system with improved efficiency of protecting a multi-content process, comprising: one or more hardware IPs for content processing, a subset of the one or more hardware IPs implementing a secure CPU and a non-secure CPU; wherein: the system cooperates with a memory which comprises multiple different ranges; one of the one or more IPs is associated with multiple access identities; the secure CPU is arranged to configure range permissions by causing each of the multiple different ranges to permit only one of the multiple access identities to access, with different ones of the multiple different ranges respectively permitting different ones of the multiple access identities to access; said IP is arranged to: select one of the multiple access identities as a first access identity for processing a first content, and use the first access identity when accessing the memory to process the first content; and select a different one of the multiple access identities as a second access identity for processing the second content, and use the second access identity when accessing the memory to process the second content; and the secure CPU is further arranged not to reconfigure the configured range permissions after said IP using the first access identity and before said IP uses the second access identity. 12. The system of claim 11, wherein: the secure CPU is further arranged to configure the range permissions by additionally causing each of the plurality of ranges not to permit one or more of the plurality of access identities to access. (claim 10) the secure CPU is arranged to configure range permissions by causing each of the multiple different ranges to permit only one of the multiple access identities to access. 13. The system of claim 11, wherein the non-secure CPU is arranged to instruct the certain IP which one of the plurality of access identities to select when the certain IP selects one of the plurality of access identities. 11. The system of claim 10, wherein the non-secure CPU is arranged to instruct said IP which one of the multiple access identities to select when said IP selects one of the multiple access identities. 14. The system of claim 11, wherein: the one or more IPs further include a preceding IP coupled to the certain IP; the preceding IP is associated with a plurality of preceding-IP access identities, and is arranged to select one of the plurality of preceding-IP access identities; each of the plurality of access identities is bound to one of the plurality of preceding-IP access identities; and the certain IP is further arranged to, when selecting one of the plurality of access identities, select a said access identity that is bound to the selected preceding-IP access identity. 12. The system of claim 10, wherein: the one or more IPs further include a preceding IP coupled to said IP; the preceding IP is associated with a plurality of preceding-IP access identities, and is arranged to select one of the plurality of preceding-IP access identities; each of the multiple access identities is bound to one of the plurality of preceding-IP access identities; and said IP is further arranged to: when selecting one of the multiple access identities, select a said access identity that is bound to the selected preceding-IP access identity. 15. The system of claim 14, wherein the certain IP is further arranged to: when selecting one of the plurality of access identities, determine which one to select without intervention of the secure CPU, and regardless of whether and how the non-secure CPU instructs. 13. The system of claim 12, wherein said IP is further arranged to: when selecting one of the multiple access identities, determine which one to select without intervention of the secure CPU, and regardless of whether and how the non-secure CPU instructs. 16. The system of claim 11 further comprising an internal link, wherein: the one or more IPs further include a succeeding IP coupled to the certain IP via the internal link; the internal link is arranged to, when the certain IP selects one of the plurality of access identities, propagate the selected access identity to the succeeding IP; and the succeeding IP is arranged to use the selected access identity when the succeeding IP accesses the memory. 14. The system of claim 10 further comprising an internal link, wherein: the one or more IPs further include a succeeding IP coupled to said IP via the internal link; the internal link is arranged to: when said IP selects one of the multiple access identities, propagate the selected access identity to the succeeding IP; and the succeeding IP is arranged to: use the selected access identity when the succeeding IP accesses the memory. 17. The system of claim 11, wherein: the one or more IPs further include a plurality of preceding IPs coupled to the certain IP; each of the plurality of access identities is associated with one of a plurality of security levels; each of the plurality of preceding IPs is associated with a plurality of corresponding access identities, and is arranged to select one of the plurality of corresponding access identities; each of the plurality of corresponding access identities is associated with one of the plurality of security levels; and the certain IP is further arranged to: when selecting one of the plurality of access identities, select a said access identity according to the security levels associated with the selected corresponding access identities of the plurality of preceding IPs. 15. The system of claim 10, wherein: the one or more IPs further include a plurality of preceding IPs coupled to said IP; each said access identity is associated with one of a plurality of security levels; each said preceding IP is associated with multiple corresponding access identities, and is arranged to select one of the multiple corresponding access identities; each of the multiple corresponding access identities is associated with one of the plurality of security levels; and said IP is further arranged to: when selecting one of the multiple access identities, select a said access identity according to the security levels associated with the selected corresponding access identities of the plurality of preceding IPs. 18. The system of claim 17, wherein the certain IP is further arranged to: when selecting one of the plurality of access identities, determine which one to select without intervention of the secure CPU, and regardless of whether and how the non-secure CPU instructs. 16. The system of claim 15, wherein said IP is further arranged to: when selecting one of the multiple access identities, determine which one to select without intervention of the secure CPU, and regardless of whether and how the non-secure CPU instructs. 19. The system of claim 11, wherein: the one or more IPs further include a plurality of preceding IPs coupled to the certain IP; each of the plurality of access identities is associated with one of a plurality of security levels; each of the plurality of preceding IP is associated with a plurality of corresponding access identities, and is arranged to select one of the plurality of corresponding access identities; each of the plurality of corresponding access identities is associated with one of the plurality of security levels; and the certain IP is further arranged to: when selecting one of the plurality of access identities, apply a predefined rule to the security levels associated with the selected corresponding access identities of the plurality of preceding IPs to evaluate a resultant security level, and select a said access identity that is associated with the resultant security level. 17. The system of claim 10, wherein: the one or more IPs further include a plurality of preceding IPs coupled to said IP; each said access identity is associated with one of a plurality of security levels; each said preceding IP is associated with a plurality of corresponding access identities, and is arranged to select one of the plurality of corresponding access identities; each of the plurality of corresponding access identities is associated with one of the plurality of security levels; and said IP is further arranged to: when selecting one of the multiple access identities, apply a predefined rule to the security levels associated with the selected corresponding access identities of the plurality of preceding IPs to evaluate a resultant security level, and select a said access identity that is associated with the resultant security level. 20. The system of claim 11, wherein: each of the plurality of access identities is associated with one of a plurality of security levels; the first content is associated with one of the plurality of security levels; and the certain IP is further arranged to: when selecting one of the plurality of access identities for processing the first content, select a said access identity that is associated with a said security level equal to the security level associated with the first content. 18. The system of claim 10, wherein: each said access identity is associated with one of a plurality of security levels; the first content is associated with one of the plurality of security levels; and said IP is further arranged to: when selecting one of the multiple access identities for processing the first content, select a said access identity that is associated with a said security level equal to the security level associated with the first content. Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claim(s) 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Independent claims 1 and 11 recite content-processing IPs associated with a plurality of access identities, wherein different access identities are selected and used when accessing memory during processing of different contents. The remaining claims further recite embodiments involving propagation of access identities, binding of access identities, association of access identities with security levels, and selection of access identities according to various criteria. The claims therefore encompass a broad genus of access-identity architectures and mechanisms. However, the specification describes access identities almost exclusively in functional terms, namely as identifiers that are selected and used to obtain differing memory-access permissions([0036]). The specification does not adequately describe the structural characteristics of the claimed access identities, including what constitutes an access identity, how an access identity is represented, how it is implemented within memory-access transactions, how it is encoded, how it is stored, or what structural features distinguish the claimed access identities from other forms of access-control information. Although the specification illustrates exemplary identifiers labeled aid[n]_1 through aid[n]_K, such examples merely demonstrate desired operation and functional use(0036, 0038, 0040). The specification does not disclose representative species sufficient to support the full breadth of the claimed genus and does not identify common structural characteristics that would allow one of ordinary skill in the art to recognize that the inventor possessed the entire scope of access identities encompassed by the claims. Furthermore, the claims encompass numerous implementations involving identity propagation, identity binding, security-level associations, and rule-based identity selection(0047, 0045, 0050). The specification does not provide representative disclosure commensurate with the breadth of these claimed access-identity embodiments and therefore does not reasonably convey possession of the full scope of the claimed invention. Accordingly, the specification fails to provide adequate written description support for the claimed plurality of access identities and the associated access-identity mechanisms recited in claims 1-20. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claim(s) 1, 2, 3, 4, 5, 8, 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lidman et al.(2020/0379923), and further in view of Mienkina et al.(2022/0035953). As per claim 1, Lidman discloses: A method applied to a system for improving an efficiency of protecting a multi-content process(Lidman, [0038 -- The processing system 300 may be physically and/or virtually partitioned into a rich environment and a trusted environment (such as the rich environment 210 and trusted environment 220, respectively, of FIG. 2). ]); the system cooperating with a memory, and the system comprising an IP (intellectual property) for content processing(Lidman, [0038 -- The processing system 300 includes an applications processing unit (ACPU) 310, a neural network processing unit (NPU) 320, an input processing unit (IPU)], [0043 -- The memory apparatus 340 includes a memory protection unit (MPU) 350, a secure partition 360, and a non-secure partition 370]), wherein: the IP is associated with a plurality of access identities(Lidman, [0045 -- The MPU 350 may be configured to filter the memory access transactions 301-303 from the masters]); the memory comprises a plurality of ranges(Lidman, [0044 -- Each of the secure memory zones 362-366 may span one or more physical and/or virtual memory addresses of the secure partition 360. ]); and the method comprises: selecting one of the plurality of access identities as a first access identity for processing a first content, and using the first access identity when the IP accesses the memory during a processing of the first content(Lidman, [0046 -- The first filter 352 may selectively deny or allow transactions for the first secure memory zone], [0061 -- the first zone filter 612 may only allow the ACPU and/or NPU to access data stored in the first secure memory zone], [0062 -- the first zone filter 612 may reject any transaction that does not include the master ID of the ACPU (Master_ID_ACPU) or a first master ID of the NPU (Master_ID_NPU1)]); and selecting a different one of the plurality of access identities as a second access identity for processing a second content, and using the second access identity when the IP accesses the memory during a processing of the second content(Lidman, [0046 -- The first filter 352 may selectively deny or allow transactions for the first secure memory zone], [0061 -- the first zone filter 612 may only allow the ACPU and/or NPU to access data stored in the first secure memory zone], [0062 -- the first zone filter 612 may reject any transaction that does not include the master ID of the ACPU (Master_ID_ACPU) or a first master ID of the NPU (Master_ID_NPU1)]). Lidman does not explicitly disclose the following, however Mienkina discloses: and the method comprises: configuring range permissions by causing each of the plurality of ranges to permit at least one of the plurality of access identities to access(Mienkina, [0048 -- The BOOT CORE defines memory ranges of the memory devices 610 and assigns the memory ranges to corresponding domains and processors and programs the MP circuitry 630 accordingly. The BOOT CORE programs the gateway circuitry 624 to assign DMA channels 602 and corresponding control and error circuitry to domains and corresponding processors. The BOOT CORE also programs the MP circuitry 630 to enable the DMA channels 602 in accessing the memory devices 610 according to domain assignments]); Therefore it would have been obvious to a POSITA at the time of filing to incorporate the features of Mienkina into the system of Lidman for the benefit of a processing system that provides flexible protection of hardware resources, so that unwanted interference and constant threat can be reduced during operation in an effective manner. The processing system allows a first processor, so that the first processor can be prevented from interfering with operation of second processor or associated applications in a harmful or fatal manner, thus avoiding unwanted interference directed at the hardware resources by the second processor or non-core master in a reliable manner. The processing system completes domain and hardware resource assignments, so that the boot processor can lock configuration to prevent the second processor from being altering programmed configuration(Mienkina, 0031). As per claim 2, the rejection of claim 1 is incorporated, in addition, Lidman does not explicitly disclose the following, however Mienkina discloses: wherein: when configuring the range permissions, configuring the range permissions further by causing each of the plurality of ranges not to permit one or more of the plurality of access identities to access(Mienkina, [0048 -- The BOOT CORE defines memory ranges of the memory devices 610 and assigns the memory ranges to corresponding domains and processors and programs the MP circuitry 630 accordingly.], [0025 -- On the other hand, if CORE 2 improperly attempts to access the DMA channels CH1 and CH2 using its domain identifier DID(2), the access is denied by the gateway protection circuit 252. Since the domain identifiers do not match, CORE 2 is prevented from accessing DMA channels CH1 and CH2.]). Therefore it would have been obvious to a POSITA at the time of filing to incorporate the features of Mienkina into the system of Lidman for the benefit of a processing system that provides flexible protection of hardware resources, so that unwanted interference and constant threat can be reduced during operation in an effective manner. The processing system allows a first processor, so that the first processor can be prevented from interfering with operation of second processor or associated applications in a harmful or fatal manner, thus avoiding unwanted interference directed at the hardware resources by the second processor or non-core master in a reliable manner. The processing system completes domain and hardware resource assignments, so that the boot processor can lock configuration to prevent the second processor from being altering programmed configuration(Mienkina, 0031). As per claim 3, the rejection of claim 1 is incorporated, in addition, Lidman does not explicitly disclose the following, however Mienkina discloses: The method of claim 1 further comprising: after using the first access identity during the processing of the first content and before using the second access identity during the processing of the second content, not reconfiguring the configured range permissions(Mienkina, [0031 -- After the protection resources are programmed and resources to all processors are defined and assigned, then the boot processor may lock the setting meaning that the assignment settings of protection elements cannot be changed until next device reset. After locking resources, the boot processor starts the remaining processors to operate. The remaining processors can only use hardware and memory resources that they were assigned during bootup by the boot processor.]). Therefore it would have been obvious to a POSITA at the time of filing to incorporate the features of Mienkina into the system of Lidman for the benefit of a processing system that provides flexible protection of hardware resources, so that unwanted interference and constant threat can be reduced during operation in an effective manner. The processing system allows a first processor, so that the first processor can be prevented from interfering with operation of second processor or associated applications in a harmful or fatal manner, thus avoiding unwanted interference directed at the hardware resources by the second processor or non-core master in a reliable manner. The processing system completes domain and hardware resource assignments, so that the boot processor can lock configuration to prevent the second processor from being altering programmed configuration(Mienkina, 0031). As per claim 4, the rejection of claim 1 is incorporated, in addition, Lidman discloses: The method of claim 1 further comprising: when selecting one of the plurality of access identities, determining which one to select by a non-secure CPU(Lidman, [0047 -- The security information 430 for some masters (such as those that permanently reside in the rich environment) may be hardcoded to reflect the non-secure state, whereas other masters (such as the ACPU 310) may toggle their security information 430 based on whether they are in the trusted environment or the rich environment at any given time.]). As per claim 5, the rejection of claim 1 is incorporated, in addition, Lidman discloses: the system further comprises a preceding IP coupled to the IP(Lidman, [0038 -- The processing system 300 includes an applications processing unit (ACPU) 310, a neural network processing unit (NPU) 320, an input processing unit (IPU) 330, and a memory apparatus 340.]); the preceding IP is associated with a plurality of preceding-IP access identities, and is arranged to select one of the plurality of preceding-IP access identities(Lidman, [0057 -- the NPU 500 may use a first master ID (Master_ID_NPU1) to access the secure memory zone in which the neural network models 502 are stored, a second master ID (Master_ID_NPU2) to access the secure memory zone in which the intermediate inferences 506 are stored, a third master ID (Master_ID_NPU3) to access the secure memory zone in which the inference results]); each of the plurality of access identities is bound to one of the plurality of preceding-IP access identities(Lidman, [0047 -- a memory access transaction 400 may include a transaction type 410, a memory address 420, security information 430, and a master identifier (ID)]); and the method further comprises: when selecting one of the plurality of access identities, selecting a said access identity that is bound to the selected preceding-IP access identity(Lidman, [0061 -- the first zone filter 612 may only allow the ACPU and/or NPU to access data stored in the first secure memory zone 622; the second and third zone filters 614 and 616 may only allow the NPU to access data stored in the second and third secure memory zones 624 and 626, respectively; and the fourth zone filter 618 may only allow the IPU or NPU to access data stored in the fourth secure memory zone 628.]). As per claim 8, the rejection of claim 1 is incorporated, in addition, Lidman discloses: wherein: the system further comprises a plurality of preceding IPs coupled to the IP(Lidman, [0038 -- The processing system 300 includes an applications processing unit (ACPU) 310, a neural network processing unit (NPU) 320, an input processing unit (IPU) 330, and a memory apparatus 340.]); each of the plurality of access identities is associated with one of a plurality of security levels(Lidman, [0047 -- a memory access transaction 400 may include a transaction type 410, a memory address 420, security information 430, and a master identifier (ID) ]); each of the plurality of preceding IPs is associated with a plurality of corresponding access identities, and is arranged to select one of the plurality of corresponding access identities(Lidman, [0057 -- the NPU 500 may use a first master ID (Master_ID_NPU1) to access the secure memory zone in which the neural network models 502 are stored, a second master ID (Master_ID_NPU2) to access the secure memory zone in which the intermediate inferences 506 are stored, a third master ID (Master_ID_NPU3) to access the secure memory zone in which the inference results]); each of the plurality of corresponding access identities is associated with one of the plurality of security levels(Lidman, [0047 -- a memory access transaction 400 may include a transaction type 410, a memory address 420, security information 430, and a master identifier (ID) ]); and the method further comprises: when selecting one of the plurality of access identities, selecting a said access identity according to the security levels associated with the selected corresponding access identities of the plurality of preceding Ips(Lidman, [0061 -- the first zone filter 612 may only allow the ACPU and/or NPU to access data stored in the first secure memory zone 622; the second and third zone filters 614 and 616 may only allow the NPU to access data stored in the second and third secure memory zones 624 and 626, respectively; and the fourth zone filter 618 may only allow the IPU or NPU to access data stored in the fourth secure memory zone 628.]). As per claim 10, the rejection of claim 1 is incorporated, in addition, Lidman discloses: each of the plurality of access identities is associated with one of a plurality of security levels(Lidman, [0045 -- the MPU 350 may include a plurality of filters 352-366 to act as individual access control agents for the secure memory zones 362-366, respectively.]); the first content is associated with one of the plurality of security levels(Lidman, [0046 -- the first filter 352 may ensure that only the TEE 314 (or the ACPU 310 while operating in the secure state) can access the data stored in the first secure memory zone]); and the method further comprises: when selecting one of the plurality of access identities as the first access identity for processing the first content, selecting a said access identity according to the security level associated with the first content(Lidman, [0062 -- MPU 610 may filter each transaction 400 based on the memory address 420, the security information 430, the master ID 440, and/or the transaction type 410. In some aspects, each of the zone filters]). Claim(s) 6, 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lidman et al.(2020/0379923), in view of Mienkina et al.(2022/0035953), and further in view of van Schaik et al.(2014/0164718). As per claim 6, the rejection of claim 5 is incorporated, in addition, Lidman does not disclose the following, however van Schaik discloses: wherein selecting the said access identity that is bound to the selected preceding-IP access identity is performed without intervention of a secure CPU, and regardless of whether and how a non-secure CPU instructs(van Schaik, [0042 -- In an embodiment, the physical processor's domains are recycled. For example, an infrequently used domain may be swapped out for a new and/or frequently used domain. In an embodiment, the hypervisor 400 switches from the first user process to the second user process by storing the second address space identifier in at least one register. In an embodiment, address space identifiers are recycled.]). Therefore it would have been obvious to a POSITA at the time of filing to incorporate the features of van Schaik into the system of Lidman, Mienkina for the benefit of enabling accessing one portion of the physical memory associated with one process by another virtual processor associated with another process through the hypervisor, so that the hypervisor facilitates the sharing of memory between multiple processes of a virtual machine. The method enables associating a global shared memory region with a second domain by hypervisor to allow user processes associated with the second domain to access the global shared region, so that different user processes within a virtual machine can share data without the need to swap the shared data in and out of each processes respective user region of the memory by using the global shared memory region(van Shaik, [0037]). As per claim 9, the rejection of claim 1 is incorporated, in addition, Lidman discloses: wherein: the system further comprises a plurality of preceding IPs coupled to the IP(Lidman, [0038 -- The processing system 300 includes an applications processing unit (ACPU) 310, a neural network processing unit (NPU) 320, an input processing unit (IPU) 330, and a memory apparatus 340.]); each of the plurality of access identities is associated with one of a plurality security levels(Lidman, [0047 -- a memory access transaction 400 may include a transaction type 410, a memory address 420, security information 430, and a master identifier (ID) ]); each of the plurality of preceding IPs is associated with a plurality of corresponding access identities, and is arranged to select one of the plurality of corresponding access identities(Lidman, [0057 -- the NPU 500 may use a first master ID (Master_ID_NPU1) to access the secure memory zone in which the neural network models 502 are stored, a second master ID (Master_ID_NPU2) to access the secure memory zone in which the intermediate inferences 506 are stored, a third master ID (Master_ID_NPU3) to access the secure memory zone in which the inference results]); each of the plurality of corresponding access identities is associated with one of the plurality of security levels(Lidman, [0047 -- a memory access transaction 400 may include a transaction type 410, a memory address 420, security information 430, and a master identifier (ID)]); Lidman does not explicitly disclose the following, however van Schaik discloses: and the method further comprises: when selecting one of the plurality of access identities, applying a predefined rule to the security levels associated with the selected corresponding access identities of the plurality of preceding IPs to evaluate a resultant security level, and selecting a said access identity that is associated with the resultant security level(van Schaik, [0042 -- In an embodiment, the physical processor's domains are recycled. For example, an infrequently used domain may be swapped out for a new and/or frequently used domain. In an embodiment, the hypervisor 400 switches from the first user process to the second user process by storing the second address space identifier in at least one register. In an embodiment, address space identifiers are recycled.]). Therefore it would have been obvious to a POSITA at the time of filing to incorporate the features of van Schaik into the system of Lidman, Mienkina for the benefit of enabling accessing one portion of the physical memory associated with one process by another virtual processor associated with another process through the hypervisor, so that the hypervisor facilitates the sharing of memory between multiple processes of a virtual machine. The method enables associating a global shared memory region with a second domain by hypervisor to allow user processes associated with the second domain to access the global shared region, so that different user processes within a virtual machine can share data without the need to swap the shared data in and out of each processes respective user region of the memory by using the global shared memory region(van Shaik, [0037]). Claim 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lidman et al.(2020/0379923), in view of Mienkina et al.(2022/0035953), and further in view of Rodgers et al.(2014/0052975). As per claim 7, the rejection of claim 1 is incorporated, in addition, Lidman does not disclose the following, however Rodgers discloses: wherein: the system further comprises a succeeding IP coupled to the IP(Rodgers, [0055 -- As previously discussed, the security CPU-B may communicate with the security CPU-A through the secure, dedicate communications bus 142. This bus 142 may be physically and/or logically separate from a bus 840 through which the host processor communicates with the security CPU-A. ]); and the method further comprises: when one of the plurality of access identities is selected, propagating the selected access identity to the succeeding IP(Rodgers, [0058 -- If the request is from the host, the security CPU-A may generate a key as requested for use by the host processor (914). The security CPU-A provides access or decryption rights to the host processor corresponding to the key (918).]), and using the selected access identity when the succeeding IP accesses the memory(Rodgers, [0054 -- Once the security CPU-A generates a key and provides access to the security CPU-B or the host processor, then the security CPU-B (or the host processor) may access the region of memory containing the decrypted content]). Therefore it would have been obvious to a POSITA at the time of filing to incorporate the features of Rodgers into the system of Lidman, Mienkina for the benefit of the first CPU executing secure booting of the second CPU with decrypting encrypted code to generate decrypted code executable by the second CPU and inaccessible by the host processor, so that the software in the multi-security-CPU system can be protected effectively by securely booting security(Rodgers, 0052). Claim(s) 11, 12, 13, 14, 16, 17, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lidman et al.(2020/0379923), in view of Rodgers et al.(2014/0052975) and further in view of Mienkina et al.(2022/0035953). As per claim 11, Lidman discloses: . A system with improved efficiency of protecting a multi-content process(Lidman, [0038 -- The processing system 300 may be physically and/or virtually partitioned into a rich environment and a trusted environment (such as the rich environment 210 and trusted environment 220, respectively, of FIG. 2). ]); the system comprising: one or more hardware IPs (intellectual properties) for content processing(Lidman, [0038 -- The processing system 300 includes an applications processing unit (ACPU) 310, a neural network processing unit (NPU) 320, an input processing unit (IPU)], [0043 -- The memory apparatus 340 includes a memory protection unit (MPU) 350, a secure partition 360, and a non-secure partition 370]); the system cooperates with a memory which comprises a plurality of ranges(Lidman, [0044 -- Each of the secure memory zones 362-366 may span one or more physical and/or virtual memory addresses of the secure partition 360. ]); a certain IP of the one or more hardware IPs is associated with a plurality of access identities(Lidman, [0045 -- The MPU 350 may be configured to filter the memory access transactions 301-303 from the masters]); and the certain IP is arranged to: select one of the plurality of access identities as a first access identity for processing a first content, and use the first access identity when accessing the memory to process the first content(Lidman, [0046 -- The first filter 352 may selectively deny or allow transactions for the first secure memory zone], [0061 -- the first zone filter 612 may only allow the ACPU and/or NPU to access data stored in the first secure memory zone], [0062 -- the first zone filter 612 may reject any transaction that does not include the master ID of the ACPU (Master_ID_ACPU) or a first master ID of the NPU (Master_ID_NPU1)]); and select a different one of the plurality of access identities as a second access identity for processing the second content, and use the second access identity when accessing the memory to process the second content(Lidman, [0046 -- The second filter 354 may selectively deny or allow transactions for the second secure memory zone], [0061 -- the second and third zone filters 614 and 616 may only allow the NPU to access data stored in the second and third secure memory zones], [0062 -- the second zone filter 614 may reject any transaction that does not include a second master ID of the NPU (Master_ID_NPU2);]). Lidman does not explicitly disclose the following, however Rodgers discloses: wherein: a subset of the one or more hardware IPs implements a secure CPU and a non-secure CPU(Rodgers, [0035 -- A system on a chip (SOC) may include a first security central processing unit (SCPU) and a second SCPU (202, 210)]); Therefore it would have been obvious to a POSITA at the time of filing to incorporate the features of Rodgers into the system of Lidman for the benefit of the first CPU executing secure booting of the second CPU with decrypting encrypted code to generate decrypted code executable by the second CPU and inaccessible by the host processor, so that the software in the multi-security-CPU system can be protected effectively by securely booting security(Rodgers, 0052). Lidman does not explicitly disclose the following, however Mienkina discloses: the secure CPU is arranged to configure range permissions by causing each of the plurality of ranges to permit at least one of the plurality of access identities to access(Mienkina, [0048 -- The BOOT CORE defines memory ranges of the memory devices 610 and assigns the memory ranges to corresponding domains and processors and programs the MP circuitry 630 accordingly. The BOOT CORE programs the gateway circuitry 624 to assign DMA channels 602 and corresponding control and error circuitry to domains and corresponding processors. The BOOT CORE also programs the MP circuitry 630 to enable the DMA channels 602 in accessing the memory devices 610 according to domain assignments]); Therefore it would have been obvious to a POSITA at the time of filing to incorporate the features of Mienkina into the system of Lidman, Rodgers for the benefit of a processing system that provides flexible protection of hardware resources, so that unwanted interference and constant threat can be reduced during operation in an effective manner. The processing system allows a first processor, so that the first processor can be prevented from interfering with operation of second processor or associated applications in a harmful or fatal manner, thus avoiding unwanted interference directed at the hardware resources by the second processor or non-core master in a reliable manner. The processing system completes domain and hardware resource assignments, so that the boot processor can lock configuration to prevent the second processor from being altering programmed configuration(Mienkina, 0031). As per claim 12, the rejection of claim 11 is incorporated, in addition, Lidman does not explicitly disclose the following, however Mienkina discloses: the secure CPU is further arranged to configure the range permissions by additionally causing each of the plurality of ranges not to permit one or more of the plurality of access identities to access(Mienkina, [0048 -- The BOOT CORE defines memory ranges of the memory devices 610 and assigns the memory ranges to corresponding domains and processors and programs the MP circuitry 630 accordingly.], [0025 -- On the other hand, if CORE 2 improperly attempts to access the DMA channels CH1 and CH2 using its domain identifier DID(2), the access is denied by the gateway protection circuit 252. Since the domain identifiers do not match, CORE 2 is prevented from accessing DMA channels CH1 and CH2.]). Therefore it would have been obvious to a POSITA at the time of filing to incorporate the features of Mienkina into the system of Lidman, Rodgers for the benefit of of a processing system that provides flexible protection of hardware resources, so that unwanted interference and constant threat can be reduced during operation in an effective manner. The processing system allows a first processor, so that the first processor can be prevented from interfering with operation of second processor or associated applications in a harmful or fatal manner, thus avoiding unwanted interference directed at the hardware resources by the second processor or non-core master in a reliable manner. The processing system completes domain and hardware resource assignments, so that the boot processor can lock configuration to prevent the second processor from being altering programmed configuration(Mienkina, 0031). As per claim 13, the rejection of claim 11 is incorporated, in addition, Lidman discloses: The system of claim 11, wherein the non-secure CPU is arranged to instruct the certain IP which one of the plurality of access identities to select when the certain IP selects one of the plurality of access identities(Lidman, [0044 -- the first secure memory zone 362 may store data for the TEE 314 (e.g., the ACPU 310 when operating in the secure state), the second secure memory zone 364 may store data for the NPU 320, and the third secure memory zone 366 may store data for the IPU 330.], [0047 -- The security information 430 for some masters (such as those that permanently reside in the rich environment) may be hardcoded to reflect the non-secure state, whereas other masters (such as the ACPU 310) may toggle their security information 430 based on whether they are in the trusted environment or the rich environment at any given time.]). As per claim 14, the rejection of claim 11 is incorporated, in addition, Lidman discloses: wherein: the one or more IPs further include a preceding IP coupled to the certain IP(Lidman, [0038 -- The processing system 300 includes an applications processing unit (ACPU) 310, a neural network processing unit (NPU) 320, an input processing unit (IPU) 330, and a memory apparatus 340.]); the preceding IP is associated with a plurality of preceding-IP access identities, and is arranged to select one of the plurality of preceding-IP access identities(Lidman, [0057 -- the NPU 500 may use a first master ID (Master_ID_NPU1) to access the secure memory zone in which the neural network models 502 are stored, a second master ID (Master_ID_NPU2) to access the secure memory zone in which the intermediate inferences 506 are stored, a third master ID (Master_ID_NPU3) to access the secure memory zone in which the inference results]); each of the plurality of access identities is bound to one of the plurality of preceding-IP access identities(Lidman, [0047 -- a memory access transaction 400 may include a transaction type 410, a memory address 420, security information 430, and a master identifier (ID)]); and the certain IP is further arranged to, when selecting one of the plurality of access identities, select a said access identity that is bound to the selected preceding-IP access identity(Lidman, [0061 -- the first zone filter 612 may only allow the ACPU and/or NPU to access data stored in the first secure memory zone 622; the second and third zone filters 614 and 616 may only allow the NPU to access data stored in the second and third secure memory zones 624 and 626, respectively; and the fourth zone filter 618 may only allow the IPU or NPU to access data stored in the fourth secure memory zone 628.]). As per claim 16, the rejection of claim 11 is incorporated, in addition, Lidman does not explicitly disclose the following, however Rodgers discloses: The system comprising an internal link(Rodgers, [0055 -- This bus 142 may be physically and/or logically separate from a bus 840 through which the host processor communicates with the security CPU-A.]), wherein: the one or more IPs further include a succeeding IP coupled to the certain IP via the internal link(Rodgers, [0024 -- The security CPU-B and the security CPU-A may be coupled together with a dedicated, secure communications bus 142 that operates as a private channel between the CPU-B 130 and the security CPU-A. ]); the internal link is arranged to, when the certain IP selects one of the plurality of access identities, propagate the selected access identity to the succeeding IP(Rodgers, [0058 -- If the request is from the host, the security CPU-A may generate a key as requested for use by the host processor (914). The security CPU-A provides access or decryption rights to the host processor corresponding to the key (918).]); and the succeeding IP is arranged to use the selected access identity when the succeeding IP accesses the memory(Rodgers, [0054 -- Once the security CPU-A generates a key and provides access to the security CPU-B or the host processor, then the security CPU-B (or the host processor) may access the region of memory containing the decrypted content]). Therefore it would have been obvious to a POSITA at the time of filing to incorporate the features of Rodgers into the system of Lidman for the benefit of the first CPU executing secure booting of the second CPU with decrypting encrypted code to generate decrypted code executable by the second CPU and inaccessible by the host processor, so that the software in the multi-security-CPU system can be protected effectively by securely booting security(Rodgers, 0052). As per claim 17, the rejection of claim 11 is incorporated, in addition, Lidman discloses: The system, wherein: the one or more IPs further include a plurality of preceding IPs coupled to the certain IP(Lidman, [0038 -- The processing system 300 includes an applications processing unit (ACPU) 310, a neural network processing unit (NPU) 320, an input processing unit (IPU) 330, and a memory apparatus 340.]); each of the plurality of access identities is associated with one of a plurality of security levels(Lidman, [0047 -- a memory access transaction 400 may include a transaction type 410, a memory address 420, security information 430, and a master identifier (ID) ]); each of the plurality of preceding IPs is associated with a plurality of corresponding access identities, and is arranged to select one of the plurality of corresponding access identities(Lidman, [0057 -- the NPU 500 may use a first master ID (Master_ID_NPU1) to access the secure memory zone in which the neural network models 502 are stored, a second master ID (Master_ID_NPU2) to access the secure memory zone in which the intermediate inferences 506 are stored, a third master ID (Master_ID_NPU3) to access the secure memory zone in which the inference results]); each of the plurality of corresponding access identities is associated with one of the plurality of security levels(Lidman, [0047 -- a memory access transaction 400 may include a transaction type 410, a memory address 420, security information 430, and a master identifier (ID)]); and the certain IP is further arranged to: when selecting one of the plurality of access identities, select a said access identity according to the security levels associated with the selected corresponding access identities of the plurality of preceding Ips(Lidman, [0061 -- the first zone filter 612 may only allow the ACPU and/or NPU to access data stored in the first secure memory zone 622; the second and third zone filters 614 and 616 may only allow the NPU to access data stored in the second and third secure memory zones 624 and 626, respectively; and the fourth zone filter 618 may only allow the IPU or NPU to access data stored in the fourth secure memory zone 628.]). As per claim 20, the rejection of claim 11 is incorporated, in addition, Lidman discloses: The system, wherein: each of the plurality of access identities is associated with one of a plurality of security levels(Lidman, [0045 -- the MPU 350 may include a plurality of filters 352-366 to act as individual access control agents for the secure memory zones 362-366, respectively.]); the first content is associated with one of the plurality of security levels(Lidman, [0046 -- the first filter 352 may ensure that only the TEE 314 (or the ACPU 310 while operating in the secure state) can access the data stored in the first secure memory zone]); and the certain IP is further arranged to: when selecting one of the plurality of access identities for processing the first content, select a said access identity that is associated with a said security level equal to the security level associated with the first content(Lidman, [0062 -- MPU 610 may filter each transaction 400 based on the memory address 420, the security information 430, the master ID 440, and/or the transaction type 410. In some aspects, each of the zone filters]). Claim(s) 15, 18, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lidman et al.(2020/0379923), in view of Rodgers et al.(2014/0052975) in view of Mienkina et al.(2022/0035953), and further in view of van Schaik et al.(2014/0164718). As per claim 15, the rejection of claim 14 is incorporated, in addition, Lidman does not explicitly disclose the following, however van Schaik discloses: The system of claim 14, wherein the certain IP is further arranged to: when selecting one of the plurality of access identities, determine which one to select without intervention of the secure CPU, and regardless of whether and how the non-secure CPU instructs(van Schaik, [0042 -- In an embodiment, the physical processor's domains are recycled. For example, an infrequently used domain may be swapped out for a new and/or frequently used domain. In an embodiment, the hypervisor 400 switches from the first user process to the second user process by storing the second address space identifier in at least one register. In an embodiment, address space identifiers are recycled.]). Therefore it would have been obvious to a POSITA at the time of filing to incorporate the features of van Shaik into the system of Lidman, Rodgers, Mienkina for the benefit of enabling accessing one portion of the physical memory associated with one process by another virtual processor associated with another process through the hypervisor, so that the hypervisor facilitates the sharing of memory between multiple processes of a virtual machine. The method enables associating a global shared memory region with a second domain by hypervisor to allow user processes associated with the second domain to access the global shared region, so that different user processes within a virtual machine can share data without the need to swap the shared data in and out of each processes respective user region of the memory by using the global shared memory region(van Shaik, [0037]). As per claim 18, the rejection of claim 17 is incorporated, in addition, Lidman does not explicitly disclose the following, however van Schaik discloses: The system, wherein the certain IP is further arranged to: when selecting one of the plurality of access identities, determine which one to select without intervention of the secure CPU, and regardless of whether and how the non-secure CPU instructs(van Schaik, [0042 -- In an embodiment, the physical processor's domains are recycled. For example, an infrequently used domain may be swapped out for a new and/or frequently used domain. In an embodiment, the hypervisor 400 switches from the first user process to the second user process by storing the second address space identifier in at least one register. In an embodiment, address space identifiers are recycled.]). Therefore it would have been obvious to a POSITA at the time of filing to incorporate the features of van Shaik into the system of Lidman, Rodgers, Mienkina for the benefit of enabling accessing one portion of the physical memory associated with one process by another virtual processor associated with another process through the hypervisor, so that the hypervisor facilitates the sharing of memory between multiple processes of a virtual machine. The method enables associating a global shared memory region with a second domain by hypervisor to allow user processes associated with the second domain to access the global shared region, so that different user processes within a virtual machine can share data without the need to swap the shared data in and out of each processes respective user region of the memory by using the global shared memory region(van Shaik, [0037]). As per claim 19, the rejection of claim 11 is incorporated, in addition, Lidman discloses: the system, wherein: the one or more IPs further include a plurality of preceding IPs coupled to the certain IP(Lidman, [0038 -- The processing system 300 includes an applications processing unit (ACPU) 310, a neural network processing unit (NPU) 320, an input processing unit (IPU) 330, and a memory apparatus 340.]); each of the plurality of access identities is associated with one of a plurality of security levels(Lidman, [0047 -- a memory access transaction 400 may include a transaction type 410, a memory address 420, security information 430, and a master identifier (ID) ]); each of the plurality of preceding IP is associated with a plurality of corresponding access identities, and is arranged to select one of the plurality of corresponding access identities(Lidman, [0057 -- the NPU 500 may use a first master ID (Master_ID_NPU1) to access the secure memory zone in which the neural network models 502 are stored, a second master ID (Master_ID_NPU2) to access the secure memory zone in which the intermediate inferences 506 are stored, a third master ID (Master_ID_NPU3) to access the secure memory zone in which the inference results]); each of the plurality of corresponding access identities is associated with one of the plurality of security levels(Lidman, [0047 -- a memory access transaction 400 may include a transaction type 410, a memory address 420, security information 430, and a master identifier (ID)]); Lidman does not explicitly disclose the following, however van Schaik discloses: and the certain IP is further arranged to: when selecting one of the plurality of access identities, apply a predefined rule to the security levels associated with the selected corresponding access identities of the plurality of preceding IPs to evaluate a resultant security level, and select a said access identity that is associated with the resultant security level(van Schaik, [0042 -- In an embodiment, the physical processor's domains are recycled. For example, an infrequently used domain may be swapped out for a new and/or frequently used domain. In an embodiment, the hypervisor 400 switches from the first user process to the second user process by storing the second address space identifier in at least one register. In an embodiment, address space identifiers are recycled.]). Therefore it would have been obvious to a POSITA at the time of filing to incorporate the features of van Shaik into the system of Lidman, Rodgers, Mienkina for the benefit of enabling accessing one portion of the physical memory associated with one process by another virtual processor associated with another process through the hypervisor, so that the hypervisor facilitates the sharing of memory between multiple processes of a virtual machine. The method enables associating a global shared memory region with a second domain by hypervisor to allow user processes associated with the second domain to access the global shared region, so that different user processes within a virtual machine can share data without the need to swap the shared data in and out of each processes respective user region of the memory by using the global shared memory region(van Shaik, [0037]). Examiner Notes The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Zavalney et al.(2017/0139844) The computing system comprises a central processing unit that is connected to communicate over a bus. A memory is provided with three accessible memory storage areas. A memory protection unit receives and controls memory access requests, which are received from the central processing unit and processing devices. A block or process that generates the memory access request, is determined based on an identity of the device. A determination is made that whether to allow access based upon which memory area is accessed and a type of access is requested. Zeng et al.(2018/0121125) The method involves obtaining a physical page number associated with a secure resource, a domain identifier and a memory attribute hardware configuration interfaces. The hardware configuration interfaces are provided in communication with a resource protection unit. The access is managed to the secure resource. A page table entry is configured in a page table maintained at the resource protection unit. The resource access transaction is directed to the secure resource. The page table entry is determined in the page table associated with the physical page number. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to ARVIND TALUKDAR whose telephone number is (303)297-4475. The examiner can normally be reached M-F, 10 am-6pm EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hosain Alam can be reached at 571-272-3978. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. Arvind Talukdar Primary Examiner Art Unit 2132 /ARVIND TALUKDAR/Primary Examiner, Art Unit 2132
Read full office action

Prosecution Timeline

Feb 07, 2025
Application Filed
Jun 03, 2026
Non-Final Rejection mailed — §103, §112 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12675312
PSEUDO-RANDOM WAY SELECTION
2y 0m to grant Granted Jul 07, 2026
Patent 12664102
MEMORY MANAGEMENT
1y 8m to grant Granted Jun 23, 2026
Patent 12657135
METHODS AND APPARATUS FOR INFLIGHT DATA FORWARDING AND INVALIDATION OF PENDING WRITES IN STORE QUEUE
1y 8m to grant Granted Jun 16, 2026
Patent 12639231
MULTI-LEVEL CACHE DATA TRACKING AND ISOLATION
3y 8m to grant Granted May 26, 2026
Patent 12625647
STORAGE DEVICE AND PREFETCH METHOD THEREOF
2y 6m to grant Granted May 12, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
81%
Grant Probability
85%
With Interview (+4.0%)
2y 9m (~1y 4m remaining)
Median Time to Grant
Low
PTA Risk
Based on 566 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month