Ex Parte HyserDownload PDFBoard of Patent Appeals and InterferencesOct 20, 201010638008 (B.P.A.I. Oct. 20, 2010) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES ____________ Ex parte CHRIS D. HYSER _____________ Appeal 2009-007945 Application 10/638,008 Technology Center 2400 ____________ Before KENNETH W. HAIRSTON, MARC S. HOFF, and ELENI MANTIS MERCADER, Administrative Patent Judges. MANTIS MERCADER, Administrative Patent Judge. DECISION ON APPEAL1 1 The two-month time period for filing an appeal or commencing a civil action, as recited in 37 C.F.R. § 1.304, or for filing a request for rehearing, as recited in 37 C.F.R. § 41.52, begins to run from the “MAIL DATE” (paper delivery mode) or the “NOTIFICATION DATE” (electronic delivery mode) shown on the PTOL-90A cover letter attached to this decision. Appeal 2009-007945 Application 10/638,008 2 STATEMENT OF THE CASE Appellant seeks our review under 35 U.S.C. § 134(a) of the Examiner’s final rejection of claims 1-16. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. INVENTION Appellant’s claimed invention is directed to a secure kernel which assumes direct control of the I/O system controller(s) and, through an interface provided by the secure-platform kernel and secure-platform global services layer (SPK/SPGS), does not allow access to operating systems and other untrusted entities. The secure kernel allocates a high order portion of 32-bit system-memory address space for exclusive use by the SPK/SPGS, and does not provide any address translations to the system controller directed to the portion of system-memory address space allocated for exclusive use by the secure kernel. See Spec. 14:18-25. Claims 1 and 11, reproduced below, are representative of the subject matter on appeal: 1. A method for passing control of a system-resource-accessing device, which accesses a system resource through system-resource addresses, to an untrusted entity within a secure computer system having a secure kernel without passing control of the entire system resource to the untrusted entity, the method comprising: assuming control of address-translation provision to system controllers within the computer system by the secure kernel; allocating a specific portion of the system resource for exclusive access by the secure kernel; and Appeal 2009-007945 Application 10/638,008 3 during system operation, providing, by the secure kernel, address translations to the system controllers that are not directed to the allocated portion of the system resource for exclusive access by the secure kernel. 11. A secure computer system comprising: a system resource; an untrusted processing entity; a secure kernel that allocates a specific portion of the system resource for exclusive access by the secure kernel; and a system-resource-accessing device that contains an internal view of the system resource, provided by the secure kernel, that does not include a view of the specific portion of the system resource allocated for exclusive access by the secure kernel, the system-resource-accessing device used by the untrusted processing entity to access only that portion of the system resource corresponding to the internal view of the system resource within the system-resource-accessing device. THE REJECTIONS The Examiner relies upon the following as evidence of unpatentability: Blumrich US 5,659,798 Aug. 19, 1997 Larson US 6,505,263 B1 Jan. 7, 2003 Strongin US 2003/0188184 A1 Oct. 2, 2003 Barnes US 6,823,433 B1 Nov. 23, 2004 The following rejection is before us for review: 1. The Examiner rejected claims 11, 13, 14, and 16 under 35 U.S.C. § 102(e) as being anticipated by Strongin. 2. The Examiner rejected claims 1, 2, 4-10, and 15 under 35 U.S.C. § 103(a) as being unpatentable over Strongin in view of Blumrich. Appeal 2009-007945 Application 10/638,008 4 3. The Examiner rejected claim 12 under 35 U.S.C. § 103(a) as being unpatentable over Strongin in view of Barnes. 4. The Examiner rejected claim 3 under 35 U.S.C. § 103(a) as being unpatentable over Strongin in view of Blumrich and further in view of Larson. ISSUES The pivotal issues are: 1. whether Strongin teaches the limitation of: “a system-resource- accessing device that contains an internal view of the system resource, provided by the secure kernel, that does not include a view of the specific portion of the system resource allocated for exclusive access by the secure kernel” as recited in claim 11; and 2. whether the combination of Strongin in view of Blumrich teaches the limitation of: “providing, by the secure kernel, address translations” as recited in claim 1. FINDINGS OF FACT (FF) The following Findings of Fact are supported by a preponderance of the evidence: 1. Appellant’s description of “view” regarding claim 11 (App. Br. 4 (citing Spec. 6:3–9:3)) includes describing the SPK/SPGS layer 316 which shields and protects all but non privileged instructions and non privileged registers of the underlying hardware architecture from Appeal 2009-007945 Application 10/638,008 5 “access” by operating systems and higher-level software programs and utilities (Spec. 6:26–7:2 (emphasis added)). 2. Appellant’s Specification further describes the SPK as maintaining confidential information in memory that cannot be accessed by an operating system, third party applications, or controllers (Spec. 7:8- 11). 3. Strongin teaches that the CPU includes a CPU security check unit (SCU) which is responsible for checking each memory access generated by the CPU to determine if the access falls within a region of memory previously designated as secure by the security kernel (¶¶ [0023]-[0024]). 4. Strongin teaches that if the region of memory has not been designated as secure, then the CPU SCU allows the memory access to proceed to an address translation mechanism (¶ [0024]). 5. Strongin teaches that if the memory access falls within a secure region, then the CPU SCU analyzes the memory access to determine if the requesting agent has a sufficiently high privilege level to initiate such a request (¶¶ [0023]-[0024]). 6. Strongin teaches that the secure sections of memory are exclusively accessible by the secure kernel (¶ [0023]). 7. Blumrich teaches a kernel that “translates virtual addresses to physical addresses” and verifies the user-level process permission (col. 6, ll. 66-67). Appeal 2009-007945 Application 10/638,008 6 PRINCIPLES OF LAW During ex parte prosecution, claims must be interpreted as broadly as their terms reasonably allow since Applicants have the power during the administrative process to amend the claims to avoid the prior art. In re Zletz, 893 F.2d 319, 322 (Fed. Cir. 1989). The claims, of course, do not stand alone. Rather, they are part of “a fully integrated written instrument” consisting principally of a specification that concludes with the claims. For that reason, claims “must be read in view of the specification, of which they are a part.” . . . [T]he specification “is always highly relevant to the claim construction analysis. Usually, it is dispositive; it is the single best guide to the meaning of a disputed term.” Phillips v. AWH Corp., 415 F.3d 1303, 1315 (Fed. Cir. 2005) (citations omitted). Although claims are interpreted in light of the specification, limitations from the specification are not read into the claims. In re Van Geuns, 988 F.2d 1181, 1184 (Fed. Cir. 1993). “[O]ne cannot show non-obviousness by attacking references individually where . . . the rejections are based on combinations of references.” In re Keller, 642 F.2d 413, 426 (CCPA 1981). ANALYSIS Analysis with respect to the rejection of claims 11, 13, 14, and 16 under 35 U.S.C. § 102(e) as being anticipated by Strongin Appellant argues that nothing in Strongin teaches or suggests “a system-resource-accessing device that contains an internal view of the Appeal 2009-007945 Application 10/638,008 7 system resource, provided by the secure kernel, that does not include a view of the specific portion of the system resource allocated for exclusive access by the secure kernel” (App. Br. 16). Appellant asserts that Strongin’s CPU SCU views all of the system memory, and that at best, Strongin teaches a security kernel separate from the operating system that designates portions of the memory being accessible only by the security kernel (id.). Appellant further characterizes the Examiner’s interpretation of the claimed “internal view of the system resource” as meaning the “non secure region/section of the memory” and the claimed “a view of the specific portion of the system resource” as the “secure region/section of the memory” as completely inconsistent with the meaning of the term “view” (Reply Br. 10). According to Appellant, a view of a system resource is not, for example, a portion of the system resource, but rather, information that describes the system resource (id.). In the case of system memory, for example, a view may be a range of addresses that an entity possessing the view considers to describe the contents of the memory (id.). Appellant asserts that in Strongin, each component sees the same system memory (id.). Different components may not be able to access certain portions of memory, depending on their execution privilege level and access permissions associated with that portion of memory, but they are all aware of the full address space provided by the system memory (id.). In other words, Appellant makes a distinction between the terms “access” and “view,” and essentially argues that “view” is not tantamount to Appeal 2009-007945 Application 10/638,008 8 “access” but rather view is more specific and relates to a description of range of addresses. We are not persuaded by Appellant’s argument. At the outset, we note that claim 11 is silent as to any recitation of “addresses,” let alone a description of addresses or memory size stored in the system-memory-size register as argued in Reply Brief page 9. Thus, Appellant’s argument is not commensurate in scope with the claim language. Furthermore, Appellant’s description of “view” regarding claim 11 includes describing the SPK/SPGS layer 316 which shields and protects all but non privileged instructions and non privileged registers of the underlying hardware architecture from “access” by operating systems and higher-level software programs and utilities (FF 1). Appellant’s Specification further describes the SPK as maintaining confidential information in memory that cannot be accessed by an operating system, third party applications, or controllers (FF 2). Strongin teaches that the CPU includes a CPU SCU which is responsible for checking each memory access generated by the CPU (i.e., processor) to determine if the access falls within a region of memory previously designated as secure by the security kernel (FF 3). If the region of memory has not been designated as secure (i.e., an internal view of the system resource non secure region/section of the memory), then the CPU SCU allows memory access (FF 4). On the other hand, if the memory access falls within a secure region (i.e., a view of the specific region/portion of the memory), then the CPU SCU analyzes the memory access to Appeal 2009-007945 Application 10/638,008 9 determine if the requesting agent has a sufficiently high privilege level to initiate such a request (FF 5). Strongin teaches that the secure sections of memory are exclusively accessible by the secure kernel (FF 6). Thus, the Examiner correctly interpreted (Ans. 10-11) the claimed limitation “internal view of the system resource” as access to a non secure region/section of the memory, and correctly interpreted “a view of the specific portion of the system resource” as access to a secure region/section of the memory. In other words, Strongin teaches a system-resource- accessing device that contains an internal view of the system resource (i.e., an internal view of the system resource non secure region/section of the memory—FF 4), provided by the secure kernel, that does not include a view of the specific portion of the system resource allocated for exclusive access by the secure kernel (i.e., a view of the specific region/portion of the memory—FF 5, 6). This interpretation of the term “view” is consistent with Appellant’s Specification describing the function of a secure kernel as maintaining confidential information in memory that cannot be accessed by an operating system, third party applications, or controllers (FF 2). See Phillips, 415 F.3d at 1315. The Examiner also appropriately interpreted the claims in light of the Specification, without reading limitations from the Specification into the claims (i.e., limitations such as addresses or memory size stored in the system-memory-size register as argued in Reply Brief page 9). See Van Geuns, 988 F.2d at 1184. Appeal 2009-007945 Application 10/638,008 10 For the reasons articulated supra, we will sustain the Examiner’s rejection of claim 11 and for similar reasons the rejection of claims 13, 14, and 16 as no other additional arguments of patentability were presented with respect to these claims. Analysis with respect to the rejection of claims 1, 2, 4-10, and 15 under 35 U.S.C. § 103(a) as being unpatentable over Strongin in view of Blumrich Appellant argues (App. Br. 20) that Blumrich does not once teach, mention, or suggest a secure kernel, separate from an operating system, that either allocates a specific portion of the system resource for exclusive use by the secure kernel or that assumes control of an address-translation provision or memory-sizing registers of a system controller in order to prevent the system controller from accessing portions of memory. Appellant further argues (App. Br. 21) that neither Strongin nor Blumrich teaches “assuming control of address-translation provision to system controllers within the computer system by the secure kernel.” We are again not persuaded by Appellant’s argument. The Examiner modified Strongin with Blumrich’s teaching of a kernel that “translates virtual addresses to physical addresses” and verifies the user-level process permission (FF 7). Based on this modification, Strongin’s security kernel would perform the address-translations, as taught by Blumrich, to the system controllers that are not directed to the allocated portion of the system resource for exclusive access by the secure kernel (FF 4, 6). One cannot show non-obviousness by attacking references individually (i.e., Blumrich not teaching allocating a specific portion of the Appeal 2009-007945 Application 10/638,008 11 system resource for exclusive use by the secure kernel or preventing the system controller from accessing portions of memory) where the rejections are based on combinations of references (i.e., Strongin teaches these limitations as discussed above). See Keller, 642 F.2d at 426. Accordingly, we will also sustain the Examiner’s rejection of claim 1 and for similar reasons the rejection of claims 2, 4-10, and 15. Analysis with respect to the rejections of claims 3 and 12 We will also sustain the Examiner’s rejections of claims 3 and 12 for the same reasons as set forth above, because Appellant does not provide any separate arguments of patentability with respect to the additional references of Larson or Barnes, but rather relies on their respective dependencies from claims 11 and 1. ORDER The decision of the Examiner to reject claims 1-16 is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(v). AFFIRMED babc HEWLETT-PACKARD COMPANY Intellectual Property Administration 3404 E. Harmony Road Mail Stop 35 FORT COLLINS, CO 80528 Copy with citationCopy as parenthetical citation
