DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
This Action is in response to communications filed 04/30/2021.
Claims 1, 6, 8, 14, and 19 have been amended.
Claims 20-24 have been canceled.
Claims 26-28 have been newly added.
Claims 1-6, 8-19, and 25-28 are pending.
Claims 1-6, 8-19, and 25-28 are rejected.

Response to Arguments
In Remarks filed on 04/30/2021, Applicant substantially argues:
The applied reference Wentzlaff fails to disclose the amended limitations of claim 1, 14, and 19 of reading a host physical memory address which is stored in system memory in an access protected structure identified to be a virtual machine control structure. 
Furthermore, the Applicant argues that the PALB as disclosed in Wentzlaff does not disclose the limitations of claims 1 and 14 that the host physical memory address is not stored in any of a set of hierarchical paging structures “even when the processor currently configured to translate the virtual addresses of the guests to the host physical addresses.” Applicant’s arguments filed have been fully considered but are not found to be persuasive. The Examiner notes that under the broadest reasonable interpretation of the amended claim language, the disclosure of Wentzlaff continues to read on the limitation regarding the host physical memory address not being stored in any of a set of hierarchical paging structures even when the processor is currently configured to translate virtual addresses. This is because while the cited portion of Wentzlaff in the previous prior art rejection, and as acknowledged by the Applicant, refers to the processor in an untranslated mode, this does not prevent the processor from performing address translation as it is further disclosed by Wentzlaff in [Col. 32 ln. 49-52] “Address translation is performed using either the TLB in "translation mode," or using an address extension register (AER) in untranslated ‘physical memory mode.’” Herein it is noted translation may still occur in the physical memory mode. Furthermore, the language of “currently using” or “currently configured” as recited in Claims 1 and 14 does not indicate significant limitations beyond the claiming of the capabilities of the processor for providing address translation as it is not found to be substantially supported by the originally filed specification to represent a specified meaning.
By virtue of dependency on the independent claims 1, 14, and 19, the applied references do not disclose the remainder of the respective dependent claims not specifically addressed above. Applicant’s arguments filed have been fully considered but are not found to be persuasive for the reasons indicated above. The Examiner notes the Applicant argues on a similar basis as identified above for the references failing to disclose the limitations of claims 20-24; however, claims 20-24 are indicated as cancelled and therefore the arguments are found to be moot.
Newly added claims 26-28 are addressed for the first time in the current action.
All arguments by the applicant are believed to be covered in the body of the office action; thus, this action constitutes a complete response to the issues raised in the remarks dated April 30, 2021.

Claim Objections
Claim 1 is objected to because of the following informalities:  
Claim 1, lines 10-11 are amended to recite “even when the processor currently configured to translate virtual addresses of guest to host physical...” which contains a typographical error and should instead read “even when the processor is currently configured to translate virtual addresses of guests to host physical addresses…”
Appropriate correction is required.

Claim Rejections - 35 USC § 103

Claims 1-2, 6, 8-10, 12, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Wilson (2013/0111195) in view of Wentzlaff et al. (US 7,461,210) and further in view of Sell (US 2016/0371496) and still further view of Campbell et al. (US 2005/0223225).

Regarding claim 1, Wilson discloses a processor comprising: a decode unit to decode an aperture access instruction; and an execution unit coupled with the decode unit, the execution unit, in response to the aperture access instruction ([0022] In operation, instruction fetch unit 52 generates instruction addresses which are used to fetch instructions to be decoded by instruction decode unit 46 and executed by execution unit(s) 50, accessing register file 40 as needed.), to: read a host physical memory address, which is to be associated with an aperture that is to be in system memory, from an access protected structure ... where the host physical memory address is to be stored ([0022] Page attributes from the selected entry (e.g. read, write, execute, endianness, cacheability, security, stack, etc.) are provided to control circuitry 62 and may be used by control circuitry 62 during execution of instructions fetched from the corresponding page.) …; and access data within the aperture at a host physical memory address. ([0022] Alternate embodiments may directly map all or a portion of virtual address 56 to be the complete physical address 58 without any address translation being required.). Wilson does not explicitly disclose the access protected structure is in system memory and … wherein the access protected structure is a virtual machine control structure, wherein the host physical memory address is not stored in any of a set of hierarchical paging structures that the processor is to use to translate virtual addresses of guests to host physical even when the processor currently configured to translate the virtual addresses of the guests to the host physical addresses, wherein an opcode of the aperture access instruction allows the execution unit to read the host physical memory address from the access protected structure, and wherein opcodes of a plurality of memory access instructions, in an instruction set of the processor that includes the aperture access instruction, do not allow the processor to read the host physical memory address from the access protected structure. Regarding the limitation of storing the host physical memory addresses in a structure separate from the hierarchical paging structures the processors uses for translation, Wentzlaff discloses in [Col. 29 ln. 4-21] “One example of a protection mechanism is the protection of physical memory using a physical address lookaside buffer (PALB). The PALB provides a mechanism to restrict what can be written to a tile's TLB. This mechanism provides a way to protect one tile's operating system from another. This protection mechanism can be used in any multicore chip that is configured to run multiple operating systems on respective sets of one or more processor cores, where for example one of the operating systems might not be trusted. For example, the PALB restricts what a TLB entry may contain. The PALB also restricts accesses to physical memory when the processor is in an untranslated mode that uses physical addresses directly without needing translation of a virtual address to a physical address. The PALB can be managed by a "hypervisor process" associated with a hypervisor protection level (CPL=2), which allocates regions of memory to respective operating systems (e.g., operating systems running on different sets of one or more tiles). And [Col. 32 ln. 49-52]” Herein it is indicated that physical addresses may be accessed when in Paragraphs [0034-0035] “[0034] As used herein the term "system memory" refers to physical memory and includes a physical main memory as well as other data storage that for the most part can be addressed and read from and/or written to at least by a system master processor (and optionally by supplemental other processors). However, in accordance with the present disclosure a relatively small part (e.g., less than 10%) of the "system memory can be set aside as `buried` metadata space (represented by dashed box 75d and also referred to as a `buried` metadata zone 75d) where the system master processor (and supplemental other processors) cannot directly write intelligibly into that `buried` metadata space or intelligibly read from it although it can cause the integrity of the metadata buried in that `buried` metadata space to be verified. [0035] Thus, none of a guest operating system (OS--e.g., 74), system Hypervisor (HV--e.g., 76), external supplemental processors (e.g., 84b), internal supplemental uP's (e.g., 85c) can intelligibly read the data stored in the `buried` metadata zone 75d or directly cause it to be intelligibly changed (such that data integrity is preserved and passes integrity testing) without concurrent permission being given by the application that owns that metadata (a.k.a. the PR-owning application). None of external other user applications, threads, or processes (e.g., 250 of FIG. 2B) can intelligibly read the data stored in the `buried` metadata zone 75d. Even the application (e.g., 70) which caused instantiation of the buried metadata (in buried zone 75d) can not intelligibly read the data stored in the `buried` metadata zone 75d. However, the PR-owning application 70 can cause that buried metadata to be changed or destroyed by use of special PR-attribute changing opcodes provided in the microcodes holding section (e.g., 218e of FIG. 2B) of the master uP's 85b and usable only by the PR-owning application to request that the PR enforcer perform these operations.” Herein it is indicated by Sell that specified opcodes are required to be issued by the application with which the protected region, found analogous to the aperture as claimed and interpreted as such for the current rejection, is associated with in order to access the physical memory in the protected region. Additionally, it is noted that the metadata may be stored in system memory. It would be obvious to one of ordinary skill in the art to modify the protected access as disclosed by Wilson and Wentzlaff with the opcode definitions of Sell before the effective filing date of the claimed invention in order to secure code and code execution (Sell [0003]). Wilson, Wentzlaff and Sell do not explicitly disclose that the access protected structure is a virtual machine control structure. It is disclosed in Wentzlaff that the PALB used to store host physical memory addresses are present at the virtual device API level. Regarding this limitation, Campbell discloses “[0038] A virtual machine execution (VMX) mode may be utilized to enable virtual machine functionality for use in switching between protected modes. Further, a virtual machine control structure (VMCS) may be utilized to store state information related to the original and target protected modes for use in atomically switching between the two.” As depicted in related Figure 3, the VMCS manages the access permissions and address tables similar to the address translation structures. Therefore the VMCS may be utilized to provide the target address to the requestor. It would be obvious to one of ordinary skill in the art to recognize the virtual device API of Wentzlaff as virtual machine interface programming which may include virtual machine control structures as it is known for virtual machines to be managed via a control structure to store state information of respective virtual machines currently in operation. Furthermore, these control structures would be seen as protected structures as they contain high priority information for virtual machine execution. 
Regarding claim 2, Wentzlaff and Sell further disclose the processor of claim 1; wherein the access protected structure is not part of a memory management unit and is not part of a translation lookaside buffer (Wentzlaff [Col. 29 ln. 4-21] and Sell [0036] The data storage space which has the buried metadata of zone 75d (represented by dashed box 75d) stored therein is not located where dashed box 75d is drawn. Rather, that data storage space may be designated to be located in an OS or Hypervisor identified storage unit and the so-designated buried metadata zone 75d may be allocated into special address spaces having access attributes of being a buried zone, for example the ones denoted as buried zone 80z within the main memory 80 and buried zone 85z within the on-chip cache 85a.), and wherein the aperture is to represent a portion of the system memory that is not to be accessible through the address translation (Wentzlaff [Col. 29 ln. 4-21] and Sell [0036] More specifically, in one embodiment, only an in-SoC hardware/firmware mechanism referred to here as the PR enforcer 85e can intelligibly read the data in the on-chip buried metadata zone 85z for the purpose of enforcing constraints and/or requirements defined by data in the buried metadata zone 75d and only the PR enforcer 85e can overwrite data or destroy data present within the on-chip buried metadata zone 85z. The data in the on-chip buried metadata zone 85z is swapped off-chip or back into-chip in ways similar to how other on-chip and off-chip data is swapped except that the special access constraints assigned to the designated buried metadata zone 75d are enforced. In one embodiment, only special PR-attribute changing opcodes provided within the microcodes holding section of the master uP's 85b can be used to command the PR enforcer 85e to overwrite data or destroy data present within the buried metadata zone 75d (which zone can physically occupy area 80z as well as 85z) and only if the call for those special opcodes comes from (e.g., originates from) the PR-owning application 70.). Herein it is provided that the protected region is a portion of main memory. Additionally, aperture access instructions do not require address translation as physical address information is stored in the buried metadata zone. This is “[0034] After virtual addresses (VA's) are generated by the Hypervisor 76 for the protected regions (PR's) (and one-stage VA/PA translation tables are generated for them), the initially included PR definitions 71b are copied (although not necessarily copied in bit-for-bit sameness, it is the underlying information that is transferred as, or optionally transformed into PR enforcer executable format) into a `buried` memory space or zone 75d of system memory by the PR enforcer. As used herein the term "system memory" refers to physical memory and includes a physical main memory as well as other data storage that for the most part can be addressed and read from and/or written to at least by a system master processor (and optionally by supplemental other processors).” In this manner, the formatted information is stored to the buried memory space for access. The Examiner notes the broadest reasonable interpretation of the term address translation is translation of a virtual address to a physical address and it is not otherwise indicated for the term to represent another meaning or narrow interpretation.
Regarding claim 6, Sell further discloses the processor of claim 1, wherein the execution unit, in response to the aperture access instruction, is to read the host physical memory address from the access protected structure ([0060] However, for purpose of illustration, a first instruction 143a is depicted as a memory read operation ("Get Vdata (Addr1)") where the address parameter can be a variable pointer (typically an indirect pointer or offset plus index or tag). In the illustrated example, the pointer-based data access operation is depicted as a data reaching-to thread DATAr04 reaching to the white filled circle representing the memory location and contents of the pointed to data item(s). The icon of a grabbing hand is provided at the terminal end of the reaching-to thread DATAr04.). Herein it is disclosed that a location may be read given the appropriate permissions.
Regarding claim 8, Wentzlaff and Sell further disclose the processor of claim 1, wherein the execution unit, in response to the aperture access instruction, is to read the host physical memory address from the access protected structure, and wherein the decode unit is to decode the aperture access instruction that is not to indicate any architecturally visible memory address information for the access protected structure (Wentzlaff [Col. 30 ln. 1-15] and Sell [0036] Additionally or alternatively, parts of the buried meta data may be located in other data storage units whose respective storing areas for that buried metadata are given the access attributes of the buried zone such that intelligible access to those various buried zones 80z, 85c and/or others (not shown) is constrained by hardware and not overideable by software … On the other hand, the hypervisor 76 is still allowed to keep track, without being able to intelligibly read it, of what part of the buried metadata 75d is inside the buried section 85z of the cache 85 and what part is inside buried section 80z of the main memory 80 or elsewhere in physical memory.). Other processing units outside of the PR-owning application are unable to read the corresponding PR information. It is not specifically identified as to what the meaning of “architecturally visible” encompasses; for the purposes of interpretation in the current rejection, this is viewed as the physical addresses. In this manner, it is noted by Wentzlaff that access may not cross protection domains according to the specified design.
Regarding claim 9, Sell further discloses the processor of claim 1, wherein the decode unit is to decode the aperture access instruction which is to indicate an offset, and wherein the execution unit, in response to the aperture access instruction, is to access the data within the aperture at the host physical memory address, which is to differ by the offset from a host physical memory address corresponding to a base of the aperture ([0090] More specifically, and referring to FIG. 2C, the TLB 215' is modified such that when a next-executing instruction is targeting an information data item (e.g., 143aa' of FIG. 2B) and the PR attributes of the targeted region are not immediately available to the PR enforcing mechanism, then they are first sought from the TLB 215' by submitting the illustrated, set-associative inputs of FIG. 2C. In one embodiment these inputs are constituted by an ASID (Address Space ID signal), a virtual page address (VpgA signal) and a target PR identifying tag (PRCAT signal). In response, if the associative information is present in the TLB, the Payload1 output signal 215o' will provide the physical page address (PpgA) of the targeted region, the PR attributes of the targeted region and a decryption tag (PRKT) identifying the decryption swap key needed by the system hardware for bringing a plaintext version of the targeted PR contents into cache memory 218a.). Herein as indicated, target address may be accessed via an offset and reference address.
Regarding claim 10, Sell further discloses the processor of claim 1, wherein the execution unit, in response to the aperture access instruction, is to read, from the access protected structure, the host physical memory address, which is to represent a host physical memory address for a base of a block of apertures that is to include a plurality of adjacent apertures ([0093] On the other hand, if the PR enforcing firmware detects that the targeted and control-receiving code (e.g., code 144aa' in PR3) is not in the same protected region as that of the currently to be executed code (e.g., code 143aa' in PR1) then the change of region flag is automatically set to true by the PR enforcer mechanism and in addition to the normal Payload1 output 215o1, the modified TLB 215'' outputs a further payload signal 215o2 which contains the PRCAT of the targeted protected region and the offset from the top of the physical page address (PpgA) to the exact spot where the next to be executed as a target code resides.). It would be obvious to one of ordinary skill in the art that multiple ranges of memory address can be associated together in a broader division of memory such as a block consisting of multiple apertures, apertures otherwise identified as protected regions.
Regarding claim 12, Sell further discloses the processor of claim 1, wherein the execution unit, in response to the aperture access instruction, is to read, from the access protected structure, the host physical memory address, which is to represent a host physical memory address for a base of an aperture list, and wherein the aperture list is to store a plurality of host physical memory addresses each for a base of a different one of a plurality of potentially non-adjacent apertures ([0095] Moreover, and as indicated at bullet point 218ii of FIG. 2B, each executing thread (e.g., XT200) of a protection-utilizing application (e.g., App1) can position its virtual top of stack pointer to point to memory areas that include one or more changes of PR attributes. For example, the executing thread can point its virtual top of stack pointer to a memory area where an NPR region bounds against a PR region such that a first part of the stack is subject to NPR rules and another part of the stack is subject to the attribute constraints of the PR region into which the stack extends. These PR attribute constraints may prevent various other applications from accessing the part of the stack that extends into the PR region.). As indicated, multiple protected regions may be identified. Similar to the limitation of claim 10, it would be obvious to one of ordinary skill in the art that offset addressing could be utilized for multiple base address schemes and appropriately be applied as multiplicity of well-known components does not distinguish the claim language from the disclosure of the prior art.
Regarding claim 19, Wilson discloses an article of manufacture comprising a non-transitory machine-readable storage medium, the non-transitory machine-readable storage medium storing instructions that if executed by a machine are to cause the machine to perform operations comprising to ([0048] All or some of the software described herein may be received elements of system 10, for example, from computer readable media such as memory 14 or other media on other computer systems. Such computer readable media may be permanently, removably or remotely coupled to an information processing system such as system 10.): allocate a region of system memory for an aperture; store a host physical memory address, which is to be associated with the aperture, in an access protected data structure … ([0023] FIG. 3 illustrates address mapping circuitry 32 in accordance with one embodiment of the present invention. Address mapping circuitry 32 includes a plurality of entries, such as entry 100. Each entry includes a virtual page address, a corresponding physical page address, and corresponding page attributes. Some examples of other address attributes which may be included in the page attributes are attributes related to security, memory coherence, cache inhibition, write-through operation, etc.), but does not explicitly disclose the access protected data structure is in system memory that is a virtual machine control data structure that is used to store virtualization controls to control a first virtual machine, wherein the an opcode of an aperture access instruction allows the machine to read the host physical address from the access protected structure but an opcode of a given load from memory instruction of an instruction set does not allow the machine to read the host physical address from the access protected structure, when virtual to physical address translation is being used; and make host physical memory addresses of the aperture, including the host physical memory address, not accessible through a second level of hierarchical paging structures by omitting the host physical memory addresses of the aperture from the second level of hierarchical paging structures; and make a host physical memory address within the aperture available to a second virtual machine. Regarding the limitation of storing the host physical memory addresses in a structure separate from the hierarchical paging structures the processors uses for translation, Wentzlaff discloses Col. 29 ln. 4-21. Herein it is disclosed that host physical addresses are stored in a separate structure identified as a PALB which is separate from the TLB which involves translation. In this manner, the addresses in the PALB are not accessible through any manner of translation that may be stored in TLBs. Wentzlaff discloses in Col. 30 ln. 7-24 “Protection domains can be used to define subsets of tiles that are configured to run independent operating systems. The hierarchical layers in protection system also help to enable multiple processes communicating over the networks to communicate with the same physical devices using a physical device multiplexing approach. For example, multiple processes running on different tiles may want to interact with one network device. The protection system provides virtual device application programming interfaces (APIs) to allow physical device multiplexing. In this approach, a physical device driver is associated with the hypervisor protection level. A supervisor device driver uses a virtual device API to interface with a hypervisor process and provide the appearance of a separate physical device. It is the hypervisor's responsibility to verify that a desired operation is legitimate and to provide a manner in which to multiplex access to the physical device between multiple supervisor device drivers.” Regarding the access protected structure being in system memory and opcodes with one implemented for the aperture access and other opcodes implemented that do not allow aperture access and that the address may be available to a second virtual machine, Sell discloses “[0035] and [0086] One of these special opcodes creates the meta-data protecting memory space region (PRM) 218ee and stores therein various protected region attributes (as well as VA/PA direct translation tables--see for example 72c of FIG. 1B) where the latter can only be intelligibly accessed by the PR enforcing mechanism 218e. The protected region attributes may include a read/write (R/W) permission bit, an executable/non-executable (N/NX) control bit for each respective protected region (or for each subsection of the PR, for example for each 4 Kbyte memory page of the PR) as well as additional other operational constraining controls or requirements for each respective protected region or subsection thereof. [0199] Protected Regions provide many advantages over SGX, including efficient protection of entire VMs and applications, private and secure sharing between Protected Regions, protected code and data, code-only, and data-only regions with access and entry rights flexibility, page and sub-page access rights, and incorporation of special processors, IO, and the OS into the protection scheme.” Herein it is indicated that instructions including the correct opcode may access the protected region associated metadata. These are stored separately from traditional translation access provided by the system. These opcodes may provide access to the PALB as disclosed in Wentzlaff. Furthermore, it is disclosed by Sell that the protected regions may be accessed from other protected regions given the permissions being set accordingly. This is additionally described in Table 1 of Sell which indicates attribute values and corresponding permissions. Wentzlaff does not explicitly identified that the PALB is stored in a data structure containing virtualization controls in system memory as a virtual machine control data structure, but it is indicated by the virtual device API that the PALB is stored with virtualization controls for a virtual machine. It is rendered obvious by Campbell that the virtual device API contains virtualization controls to control a virtual machine, as in the form of a virtual machine control data structure, for establishing protected execution regions in Paragraph “[0038] A virtual machine execution (VMX) mode may be utilized to enable virtual machine functionality for use in switching between protected modes. Further, a virtual machine control structure (VMCS) may be utilized to store state information related to the original and target protected modes for use in atomically switching between the two.” Claim 19 is rejected on a similar basis as claim 1.

Claims 3-5, 14-15, 17-18, and 25-26 are rejected under 35 U.S.C. 103 as being unpatentable over Wilson in view of Wentzlaff and further in view of Sell and still further in view of Campbell and Pan (US 2013/0103923).

Regarding claim 3, Wilson, Wentzlaff, Sell and Campbell do not explicitly disclose the processor of claim 1, wherein the decode unit is to decode the aperture access instruction which is to be an aperture write instruction, wherein the aperture write instruction is to indicate a source operand, and wherein the execution unit, in response to the aperture write instruction, is to receive the data from the source operand, and is to store the data from the source operand to the aperture. Regarding this limitation, Pan discloses “[0021] The register file is coupled to provide operands to the execution core 40, and is coupled to receive results to be written to the register file 22 from the execution core 40. The execution core 40 is coupled to the interface unit 70, which is further coupled to an external interface of the processor 10.” The execution core provides an analogous function as the decode unit wherein operands are transferred and provided for execution to move data as designated by the instructions provided with the operands. These would then be found in the access instructions provided in Wilson, Wentzlaff and Sell for the protected regions. It would be obvious to one of ordinary skill in the art that the processor disclosed by Wilson, Wentzlaff and Sell in combination be capable of processing the provided operands included in the instructions as disclosed by Pan. Wilson, Wentzlaff, Sell, and Pan are analogous art because they are from the same field of endeavor of memory management.
Regarding claim 4, Wentzlaff, Sell and Pan further disclose the processor of claim 3; wherein the access protected structure is not part of address translation logic (Wentzlaff [Col. 29 ln. 4-21] and Sell [0036]) , and wherein the source operand is to be in the system memory, and wherein the execution unit, in response to the aperture write instruction, is to perform address translation to obtain a host physical memory address to be used to receive the data from the source operand (Pan [0033] The decode unit 16 may generally be configured to decode received instructions into instruction operations (ops). Generally, an instruction operation may be an operation that the hardware included in the execution core 40 is capable of executing. Each instruction may translate to one or more instruction operations which, when executed, result in the operation(s) defined for that instruction being performed according to the instruction set architecture implemented by the processor 10. [0041] A virtual address space for the data stored in system memory and used by a software process may be divided into pages of a prefixed size. The virtual addresses may also be referred to as linear addresses. The processing performed within the processor 10 may utilize linear addresses. The virtual pages may be mapped to frames of physical memory. The mappings of virtual addresses to physical addresses may keep track of where the virtual pages are loaded in the physical memory. These mappings are stored in a page table and this page table is stored in memory.). It would be obvious to one of ordinary skill in the art that address translation may be one of the instructions operations derived from the instructions. In this case, data may be accessed from a non-protected structure to then be written into a protected structure as an operand.
Regarding claim 5, Wentzlaff and Sell further discloses the processor of claim 1, wherein the decode unit is to decode the aperture access instruction which is to be an aperture read instruction, wherein the aperture read instruction is to indicate a destination operand, and wherein the execution unit, in response to the aperture read instruction, is to read the data from the aperture, and is to store the data read from the aperture to the destination operand (Sell [0110] In other words, if the operating system (OS) and/or Hypervisor decides to rearrange the locations in virtual memory space of where the informational data items and/or executable codes of respective applications are to be placed then the PR attribute identifiers for those relocated data items/codes move with them. That is why in general, PR coverage areas will tend to fragment as the operating system (OS) and/or Hypervisor over time rearrange the locations in virtual memory space of where the informational data items and/or executable codes of respective applications are placed. In accordance with the present disclosure, the decisions of the OS and/or Hypervisor to relocate informational data items and/or executable codes of respective applications are communicated to the PR enforcer before being finally executed so that the PR enforcer will permit the corresponding PR constraints (attribute specifications) to travel with their respective relocated informational data items and/or executable codes.). Herein it is noted that protected region data may be “[0021] The register file is coupled to provide operands to the execution core 40, and is coupled to receive results to be written to the register file 22 from the execution core 40. The execution core 40 is coupled to the interface unit 70, which is further coupled to an external interface of the processor 10.” The execution core provides an analogous function as the decode unit wherein operands are transferred and provided for execution to move data as designated by the instructions provided with the operands. It would be obvious to one of ordinary skill in the art that the processor disclosed by Wilson and Sell in combination be capable of processing the provided operands included in the instructions.
Regarding claim 14, Wilson discloses a method performed by a processor comprising: receiving an aperture write instruction at the processor, the aperture write instruction being of an instruction set of the processor, ([0022] In operation, instruction fetch unit 52 generates instruction addresses which are used to fetch instructions to be decoded by instruction decode unit 46 and executed by execution unit(s) 50, accessing register file 40 as needed.); determining to allow the processor to read a host physical memory address, which is associated with an aperture in system memory, from an access protected structure, … and storing data received from the source operand to a host physical memory address ([0022-0023]). Wilson does not explicitly disclose the access protected structure to be stored in system memory and … having an opcode, and indicating a source operand; decoding the opcode of the aperture write instruction with a decode unit of the processor; determining … based on the opcode of the aperture write instruction, wherein the access protected structure is a virtual machine control data structure used to store virtualization controls for a virtual machine; reading the host physical memory address from the access protected structure while performing the aperture write instruction, wherein the host physical memory address is not stored in any of a set of hierarchical paging structures the processor is using to translate virtual addresses of guests to host physical addresses, even when the processor is currently using the hierarchical paging structures to translate the virtual addresses of guests to the host physical addresses; determining not to allow the processor to read the host physical memory address from the access protected structure based an opcode of a load instruction, of an instruction set of the processor that includes the aperture write instruction, wherein the access protected structure is not part of a memory management unit and is not part of a translation lookaside buffer. Regarding the limitation of storing the host physical memory addresses in a structure separate from the hierarchical paging structures the processors uses for translation, Wentzlaff discloses [Col. 29 ln. 4-21] and [Col. 32 ln. 49-52]. Herein it is disclosed that host physical addresses are stored in a separate structure identified as a PALB which is separate from the TLB which involves translation. While in the mode, it is disclosed that address translation may still occur and it is not otherwise restricted in function. Regarding the access protected structure being in system memory and opcodes with one implemented for the aperture access and other opcodes implemented that do not allow aperture access, Sell discloses in Paragraphs [0034-0035] and [0086] that instructions including the correct opcode may access the protected region associated metadata. These are stored separately in main memory away from traditional translation access provided by the system in cache. Wentzlaff discloses in Col. 30 ln. 7-24 it is not explicitly identified that the PALB is stored in a data structure containing virtualization controls, but it is indicated by the virtual device API that the PALB is stored with virtualization controls for a virtual machine. It is rendered obvious by Campbell that the virtual device API contains virtualization controls to control a virtual machine for establishing protected execution regions in Paragraph [0038].  Wilson, Wentzlaff, Sell and Campbell do not explicitly discuss operands; however, Pan discloses “[0021] The register file is coupled to provide operands to the execution core 40, and is coupled to receive results to be written to the register file 22 from the execution core 40. The execution core 40 is coupled to the interface unit 70, which is further coupled to an external interface of the processor 10.”
Regarding claim 15, Wentzlaff, Sell and Pan further disclose the method of claim 14; further comprising: receiving an aperture read instruction at the processor, the aperture read instruction indicating a destination operand; reading the host physical memory address, which is associated with the aperture in the system memory, from the access protected structure, in response to the aperture read instruction; reading the data from within the aperture at the host physical memory address that is not obtained through address translation, in response to the aperture read instruction (Wentzlaff [Col. 29 ln. 4-21] and Sell [0110]); and storing the data read from the aperture to the destination operand (Pan [0021] The register file is coupled to provide operands to the execution core 40, and is coupled to receive results to be written to the register file 22 from the execution core 40. The execution core 40 is coupled to the interface unit 70, which is further coupled to an external interface of the processor 10.). The execution core provides an analogous function as the decode unit wherein operands are transferred and provided for execution to move data as designated by the instructions provided with the operands.
Regarding claim 17, Wentzlaff and Sell further disclose the method of claim 14; further comprising preventing the host physical memory address where the data received from the source operand is stored from being reachable through second level hierarchical paging structures (Wentzlaff [Col. 29 ln. 4-21] and Sell [0086]). Herein it is noted that the protected region information is stored in main memory which is separate from other addressing information which may be stored in cache. This is represented in Wentzlaff by the PALB.
Regarding claim 18, Wentzlaff and Sell further disclose the method of claim 14; performed by a virtual machine, and wherein the virtual machine is prevented from knowing the host physical memory address where the data received from the source operand is stored (Wentzlaff [Col. 30 7-24] and Sell [0036]). As noted by the Applicant in the specification, the manager program may not know the exact physical memory address as it can be abstracted through multiple layers of translation and in these cases, the processor handles additional translations as needed that is beyond the functioning of the virtual machine; thus the virtual machine is unaware of the actual physical memory addresses the virtual addresses point to. Only the PR-owning application may 
Regarding claim 25, Wilson, Wentzlaff and Sell do not explicitly disclose the processor of claim 1, wherein the aperture access instruction does not have an operand to provide a memory address. Regarding this limitation, Pan discloses in Paragraphs [0021] and [0033-0035] decoding of ops in order to associate addresses with the ops. Sell discloses that only the PR-owning application may process and issue the protected region targeting instructions and opcodes, or microcodes, may be interpreted for accessing requested data in Paragraph [0031] of Sell. In this case, an operand, as detailed by Pan, may not be supplied as according to ops used by Sell for accessing the protected region.
Regarding claim 26, Wilson, Wentzlaff and Sell do not explicitly disclose the method of claim 1, wherein the aperture access instruction does not have an operand to provide a memory address. Regarding this limitation, Pan discloses in Paragraphs [0021] and [0033-0035] decoding of ops in order to associate addresses with the ops. Claim 26 is rejected on a similar basis as claim 25.

Claim 27 is rejected under 35 U.S.C. 103 as being unpatentable over Wilson in view of Wentzlaff and further in view of Sell and still further in view of Pan.

Regarding claim 27, Wilson discloses, in the italicized portions, a processor comprising: a decode unit to decode an aperture access instruction ([0022]), wherein the aperture access instruction does not have an operand to provide memory addressing information; and an execution unit coupled with the decode unit, the execution unit, in response to the aperture access instruction, to: read a host physical memory address, which is to be associated with an aperture that is to be in system memory, from an access protected structure where the host physical memory address is to be stored ([0022-0023]), wherein the host physical memory address is not stored in any of a set of hierarchical paging structures that the processor is to use to translate virtual addresses of guests to host physical addresses, wherein an opcode of the aperture access instruction allows [Col. 29 ln. 4-21] and [Col. 32 ln. 49-52]. Herein it is disclosed that host physical addresses are stored in a separate structure identified as a PALB which is separate from the TLB which involves translation. While in the mode, it is disclosed that address translation may still occur and it is not otherwise restricted in function. Regarding the opcodes with one implemented for the aperture access and other opcodes implemented that do not allow aperture access, Sell discloses in Paragraphs [0034-0035] and [0086] that instructions including the correct opcode may access the protected region associated metadata. These are stored separately in main memory away from traditional translation access provided by the system in cache. Wilson, Wentzlaff, and Sell do not explicitly discuss not providing an operand to provide memory addressing information; however, Pan discloses “[0021] The register file is coupled to provide operands to the execution core 40, and is coupled to receive results to be written to the register file 22 from the execution core 40. The execution core 40 is coupled to the interface unit 70, which is further coupled to an external interface of the processor 10. And [0033-0035].” The execution core provides an analogous function as the decode unit wherein operands are transferred and provided for execution to move data as designated by the instructions provided with the operands and decoding of ops in order to associate addresses with the ops. Sell discloses that only the PR-owning application may process and issue the protected region targeting instructions and opcodes, or microcodes, may be interpreted for accessing requested data in Paragraph [0031] of Sell. In this case, an operand, as detailed by Pan, may not be supplied as according to ops used by Sell for accessing the protected region. It would be obvious to one of ordinary skill in the art that the processor .

Claim 28 is rejected under 35 U.S.C. 103 as being unpatentable over Wilson in view of Wentzlaff and further in view of Sell and still further in view of Pan and Campbell.

Regarding claim 28, Sell further discloses, in the italicized portions, the processor of claim 27, wherein the access protected structure is a virtual machine control structure in system memory ([0034-0035] and [0086]). Herein it is disclosed the metadata may be stored in system memory. Furthermore, Wentzlaff discloses in Col. 30 ln. 7-24 it is not explicitly identified that the PALB is stored in a data structure containing virtualization controls, but it is indicated by the virtual device API that the PALB is stored with virtualization controls for a virtual machine. It is rendered obvious by Campbell that the virtual device API contains virtualization controls to control a virtual machine for establishing protected execution regions in Paragraph [0038]. 

Claims 11 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Wilson in view of Wentzlaff and further in view of Sell and still further view of Campbell and Koryakin et al. (US 7,506,096).

Regarding claim 11, Wilson, Wentzlaff and Sell do not explicitly disclose the processor of claim 10, wherein the decode unit is to decode the aperture access instruction that is to indicate an aperture selector to select one of the plurality of adjacent apertures. Regarding this limitation, Koryakin discloses “[Col. 2 ln. 54-57] Global and Local Descriptor Tables (GDT and LDT) are tables in the physical memory that store segment descriptors for each segment. The value in the segment register is usually referred to as a "selector" and points to the entry in the GDT.” The descriptors noted by Koryakin describe the memory segments; as such, it would be obvious to one of ordinary skill in the art that when the access operation is processed by the decoder unit, part of the operation indicates a descriptor for a specific memory segment for the system to access. This may be present in Wentzlaff through multiple PALB(s). Wilson, Wentzlaff, 
Regarding claim 13, Wilson, Wentzlaff and Sell do not explicitly disclose the processor of claim 12, wherein the decode unit is to decode the aperture access instruction that is to indicate an aperture selector to select one of the plurality of potentially non-adjacent apertures. Regarding this limitation, Koryakin discloses “[Col. 2 ln. 54-57] Global and Local Descriptor Tables (GDT and LDT) are tables in the physical memory that store segment descriptors for each segment. The value in the segment register is usually referred to as a "selector" and points to the entry in the GDT.” As similarly indicated in the rejection of claim 11, the descriptors noted by Koryakin describe the memory segments; as such, it would be obvious to one of ordinary skill in the art that when the access operation is processed by the decoder unit, part of the operation indicates a descriptor for a specific memory segment for the system to access.

Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Wilson in view of Wentzlaff and further in view of Campbell and still further in view of Sell and Campbell and Pan and still in further view of Baumberger (US 2005/0114855).

Regarding claim 16, Wilson, Wentzlaff, Sell and Pan do not explicitly disclose the method of claim 15, further comprising issuing the aperture write instruction from a first virtual machine, issuing the aperture read instruction from a second virtual machine, and wherein the aperture write instruction and the aperture read instruction are used to share the data between the first virtual machine and the second virtual machine. Regarding this limitation of sharing, Baumberger discloses “[0023] In a specific illustrative embodiment, if the first VM is using a network interface to communicate with the second VM, the first VM's virtual transmit buffers of the virtual network interface may be dynamically remapped from the physical network interface to a first shared physical memory element. The second VM's virtual receive buffers of the second VM's virtual network interface may also be dynamically remapped to the first shared memory element. In order to enable two-way communication, the first VM's virtual receive buffer may be remapped to a second shared physical memory element, and the second VM's virtual transmit buffers may also be remapped to the second shared physical memory element.” In this case, Baumberger discloses that the physical memory may be used as a sharing data platform for virtual machines operating in a system where the physical memory is made available to both. It is disclosed by Wentzlaff that multiple protection domains may be present and correspond to different virtual device API. This then renders obvious the disclosure by Baumberger in combination with the disclosure of Wilson, Wentzlaff, Sell and Pan to achieve the claimed data sharing via aperture access operations. Wilson, Wentzlaff, Sell, Pan and Baumberger are analogous art because they are from the same field of endeavor of memory management.


Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEXANDER J YOON whose telephone number is (408)918-7629.  The examiner can 
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Sanjiv Shah can be reached on 571-272-4098.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ALEXANDER YOON/
Examiner, Art Unit 2135   

/SANJIV SHAH/Supervisory Patent Examiner, Art Unit 2135