DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-22 and 26-28 have been examined. 

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 02/08/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1, 2, 7, 16, 12 and 21 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. 
Claims 1 and 16 recite the limitation: “wherein the MOT table comprises a GPA reverse mapping” in line 10 and line 9 respectively. The limitation “GPA reverse mapping” is unclear. 
Claims 1 and 16 recite the limitation "append to the MOT entry verification data" in line 12 and line 11 respectively. The limitation does not recite what is being appended to the MOT entry verification data and therefore, the limitation is unclear. 
Claims 1 and 16 recite the limitation "the MOT entry verification data" in line 12 and line 11 respectively.  There is insufficient antecedent basis for this limitation in the claim. 
Claims 2 and 12 recite the limitation "the processor" in line 1.  There is insufficient antecedent basis for this limitation in the claims.
Claims 7 and 21 recite the limitation "the first encryption key" in line 2 and lines 2-3 respectively.  There is insufficient antecedent basis for this limitation in the claim.

Allowable Subject Matter
Claims 1-22 and 26-28 will be allowed if the rejections under 35 U.S.C 112 are overcome.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 
US 20180129611 to Parker et al: A data processing apparatus (20) comprises processing circuitry (24, 25, 28) to execute a plurality of processes. An ownership table (50) comprises one or more entries (52) each indicating, for a corresponding block of physical addresses, which of the processes is an owner process that has exclusive control of access to the corresponding block of physical addresses.
US 20180165224 to Brown et al: Systems, apparatuses, and methods for implemented secure encrypted virtualization are disclosed. In one embodiment, a system includes at least one or more main processors, a memory, a memory controller, and a security processor. The system is configured to detect a request to provision a guest virtual machine (VM) in a secure environment. The system computes a first integrity check value from the guest VM prior to initiating the guest VM. The system initiates the guest VM responsive to receiving an indication that the first integrity check value is valid. The system encrypts, with a first encryption key, the guest VM stored in the memory. The security processor loads the first encryption key into the memory controller, and the memory controller encrypts the guest VM with the first encryption key.
Secure MMU: Architectural support for memory isolation among virtual machines by Jin et al: In conventional virtualized systems, a hypervisor can access the memory pages of guest virtual machines without any restriction, as the hypervisor has a full control over the address translation mechanism. In this paper, we propose Secure MMU, a hardware-based mechanism to isolate the memory of guest virtual machines from unauthorized accesses even from the hypervisor. The proposed mechanism extends the current nested paging support for virtualization with a small hardware cost. With Secure MMU, the hypervisor can flexibly allocate physical memory pages to virtual machines for resource management, but update nested page tables only through the secure hardware mechanism, which verifies each mapping change. With the hardware-rooted memory isolation among virtual machines, the memory of a virtual machine in cloud computing can be securely protected from a compromised hypervisor or co-tenant virtual machines.
H-SVM: Hardware-Assisted Secure Virtual Machines under a Vulnerable Hypervisor by Jin et al: With increasing demands on cloud computing, protecting guest virtual machines (VMs) from malicious attackers has become critical to provide secure services. The current cloud security model with software-based virtualization relies on the invulnerability of the software hypervisor and its trustworthy administrator with the root permission. However, compromising the hypervisor with remote attacks or root permission grants the attackers with a full access capability to the memory and context of a guest VM. This paper proposes a HW-based approach to protect guest VMs even under an untrusted hypervisor. With the proposed mechanism, memory isolation is provided by the secure hardware, which is much less vulnerable than the software hypervisor. The proposed mechanism extends the current hardware support for memory virtualization based on nested paging with a small extra hardware cost. The hypervisor can still flexibly allocate physical memory pages to virtual machines for efficient resource management. In addition to the system design for secure virtualization, this paper presents a prototype implementation using system management mode. Although the current system management mode is not intended for security functions and thus limits the performance and complete protection, the prototype implementation proves the feasibility of the proposed design.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MADHURI R HERZOG whose telephone number is (571)270-3359.  The examiner can normally be reached on 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


MADHURI R. HERZOG
Primary Examiner
Art Unit 2438



/MADHURI R HERZOG/Primary Examiner, Art Unit 2438