Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to claims filed 06/26/2020.
Claims 1-21 are pending.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims *** are rejected under 35 U.S.C. 103 as being unpatentable over Kaplan et al. Pub. No. US 2015/0248357 A1 (hereafter Kaplan) in view of Kaxiras et al. WO 2013/186694 A2 (hereafter Kaxiras).

With regard to claim 1, Kaplan teaches a processor, comprising (A processor employs a hardware encryption module in the processor's memory access path to cryptographically isolate secure information in at least abstract and Fig. 1 and 2):
a core to execute instructions (To facilitate execution of instructions, the processor 102 includes processor cores 104 and 106 … The processor cores 104 and 106 are processing units that individually and concurrently execute instructions. In some embodiments, each of the processor cores 104 and 106 includes an individual 
a cache to store data (To facilitate execution of instructions, the processor 102 includes … caches 105, 107 in at least ¶ [0024]); and
a zero-copy memory (ZCM) manager in communication with the core and the cache, the ZCM manager to (To facilitate execution of instructions, the processor 102 includes … a northbridge 110, and a security mode register 121 in at least ¶ [0024] and In some embodiments, the encryption module is located at a memory controller (e.g. northbridge) of the processor, and each memory access provided to the memory controller indicates whether the access is a secure memory access in at least ¶ [0017] and The northbridge 110 is a memory controller that provides an interface for the processor 102 to communicate with the memory 120. In some embodiments, the northbridge 110 can perform other functions, such as interfacing with an input/output controller (e.g. a southbridge, not shown), and providing an interface between different processor cores (e.g. the processor cores 104 and 106 and other processor cores (not shown), such as a graphics processing unit in at least ¶ [0029]):
in response to receiving an access request from a first software component (If the write request is a secure memory access request, the northbridge 110 identifies one of the keys 126 that is assigned to the entity (e.g. program, VM, software service, and the like) that generated the memory access request in at least ¶ [0030]), wherein the access request involves a memory address within a cache line (the memory access path of the processing system 
(a) compare an owner tag (OTAG) associated with the memory address (the cache 108 stores, for each storage location of a given size (e.g. a cache line), entity tag information identifying a particular program or other entity (e.g. a VM) that is authorized to access the information at the storage location in at least ¶ [0028]) against a first identity tag (ITAG) for the first software component (the cache 108 compares the identity of the entity that generated the memory access request to the entity tag information in at least ¶ [0028]);
(b) if the OTAG matches the first ITAG, complete the access request (Accordingly, the cache controller 572 compares the VM tag value at the entry's VM tag field to the VM tag value stored at the CMV ID value register 573. A match of the values indicates that the VM currently executing at the processor 102 is the VM that is authorized to access the information at the entry. Accordingly, in response to a match, the cache controller 572 indicates a cache hit and satisfies the memory access request in at least ¶ [0055]), and
(c) if the OTAG does not match the first ITAG, abort the access request (the cache 108 compares the identity of the entity that generated the memory access request to the entity tag information and, in response 
Kaplan teaches a processor wherein a memory manager adjudicates cache line access requests by comparing the identity of the requestor VM to an owner of the memory address and completes or aborts the request in accordance with the identity and ownership match/mismatch. Kaplan does not specifically teach facilitating the requestor VM requesting to change the memory address ownership to another entity, another VM.
However, in analogous art Kaxiras teaches in response to a send request from the first software component (If a different core accessing a private line is detected (by detecting that the requestor ID is different from the current owner ID), the line is changed to Shared in at least ¶ [00024] and If the cache line changes from Private to Shared, before the LLC/SHC responds to the new requestor, the former private owner changes the classification of the cache line. The classification change is achieved by sending a request to the former private owner to change its classification of the cache line from Private to Shared. As a result of changing classification, the former private  change the OTAG associated with the memory address to match a second ITAG for a second software component (When a cache line is brought into the LLC/SHC, the requesting LI cache becomes the line's private owner and the cache ID is added to the private owner field in at least ¶ [00026] and If the former private owner has evicted the line from its cache (i.e. the cache line generation has ended), the former private owner replies with a negative acknowledgement to the LLC/SHC request. In this case, the LLC/SHC line remains Private, and the PrivateOwner/SharerCount field is set to the ID of the new owner in at least ¶ [00032]).
It would have been obvious to a person having ordinary skill in art prior to the effective filing date of the claimed invention to combine the facilitating the requestor VM requesting to change the memory address ownership to another entity of Kaxiras with the systems and methods of Kaplan resulting in a system in which the current cache line owner of Kaplan may request a change of ownership of the cache line, as in Kaxiras, to another virtual machine that want access to the cache line/data. A person having ordinary skill in the art would have been motivated to make this combination, with a reasonable expectation of success, for the purpose of reducing cost and complexity in a shared memory processing environment without sacrificing power and performance, particularly in implementing virtual cache coherency and private and shared caches (see at least Kaxiras ¶ [00010]). 

With regard to claim 2, Kaplan teaches wherein: the ZCM manager is to associate OTAGs with cache lines (the cache 108 stores, for each storage location of a given size (e.g. a cache line), entity tag information identifying a particular program or other entity (e.g. a VM) that is authorized to access the information at the storage location in at least ¶ [0028]); and
Kaplan does not specifically teach the cache/cache controller changing the ownership.
However, in analogous art Kaxiras teaches the ZCM manager is to respond to the send request by changing the OTAG of the cache line that includes the memory address to match the second ITAG (… the LLC/SHC responds to the new core requesting the cache line … the LLC/SHC line remains Private, and the PrivateOwner/SharerCount field is set to the ID of the new owner in at least ¶ [00032]).
It would have been obvious to a person having ordinary skill in art prior to the effective filing date of the claimed invention to combine the LLC/SHC to change the memory address ownership to another entity of Kaxiras with the systems and methods of Kaplan resulting in a system in which the current cache line owner of Kaplan may request a change of ownership of the cache line by the cache/cache controller, as in the LLC/SHC of Kaxiras, to another virtual machine that want access to the cache line/data. A person having ordinary skill in the art would have been motivated to make this combination, with a reasonable expectation of success, for the purpose of reducing cost and complexity in a shared memory processing environment without sacrificing power and performance, particularly in implementing virtual cache coherency and private and shared caches (see at least Kaxiras ¶ [00010]). 

With regard to claim 3, Kaxiras teaches wherein the ZCM manager enables the first software component to use the send request to change the OTAG associated with the memory address to match the second ITAG without calling a virtual machine monitor (When a cache line is brought into the LLC/SHC, the requesting LI cache becomes the line's private owner and the cache ID is added to the private owner field in at least ¶ [00026] and If the former private owner has evicted the line from its cache (i.e. the cache line generation has ended), the former private owner replies with a negative acknowledgement to the LLC/SHC request. In this case, the LLC/SHC line remains Private, and the PrivateOwner/SharerCount field is set to the ID of the new owner in at least ¶ [00032], Examiner notes, there is no call to a virtual machine monitor. Moreover, Kaplan, which is being modified by Kaxiras, does not call the virtual machine monitor from the cache/cache controller when handling cache requests, it is just the cache controller, thus also no call to virtual machine monitor).

With regard to claim 4, Kaplan teaches wherein: the first software component comprises a first virtual machine (VM) to which the first ITAG has been assigned (If the write request is a secure memory access request, the northbridge 110 identifies one of the keys 126 that is assigned to the entity (e.g. program, VM, software service, and the like) that generated the memory access request in at least ¶ [0030]);
the second software component comprises a second virtual machine (VM) to which the second ITAG has been assigned (Accordingly, the cache controller 572 compares the VM tag value at the entry's VM tag field to the VM tag value stored at the 
the processor further comprises a memory management unit (MMU) to translate a guest physical address (GPA) associated with the access request to a host physical address (HPA) that comprises the OTAG (where the processor 102 executes VMs and a hypervisor, the address translation module 145 may access more than one level of page tables to identify the C-bit and the physical address to be used by the memory 120 (referred to for purposes of description of FIG. 4 as a "system physical address") in at least ¶ [0050] and The guest page tables 447 store a mapping of virtual addresses to a set of addresses, referred to as guest physical addresses. The guest physical addresses are not actual physical addresses of the memory 120, but rather represent intermediate addresses between the virtual address and the system physical addresses of the memory 120. The host page tables 449 store a mapping between the guest physical addresses and corresponding system physical addresses. in at least ¶ [0051]); and
the operation of comparing the OTAG associated with the memory address against the first ITAG for the first software component comprises comparing the first ITAG that has been assigned to the first VM against the OTAG in the HPA to verify whether the first VM owns a cache line that includes the HPA (the cache 108 stores, for each storage location of a given size (e.g. a cache line), entity tag information 

With regard to claim 6, Kaxiras teaches a processor according to claim 1, wherein the ZCM manager is further to: in response to a receive request from a third (Each processor core 20 is connected to its own small but fast level 1 local or private data cache 22. Each core 20 may also optionally include a level 1 instruction cache (not shown). A global or shared data cache 24 is associated with all the cores 20 in at least ¶ [00021] and Fig. 1, Examiner notes system may contain a plurality of cores, Kaplan executes a VM on each core, therefore Kaplan may be extended to more than two cores/VMs as Kaxiras already handle cache ownerships in an environment with a plurality of cores) software component that executes on the core (If a different core accessing a private line is detected (by detecting that the requestor ID is different from the current owner ID), the line is changed to Shared in at least ¶ [00024] and If the cache line changes from Private to Shared, before the LLC/SHC responds to the new requestor, the former private owner changes the classification of the cache line. The classification change is achieved by sending a request to the former private owner to change its classification of the cache line from Private to Shared. As a result of changing classification, the former private owner may perform a write-back of dirty data. The resulting classification information is carried, with the LLC/SHC response, to the new requestor in at least ¶ [00025]), change the OTAG associated with the memory address to match a third ITAG for the third software component (When a cache line is brought into the LLC/SHC, the requesting LI cache becomes the line's private owner and the cache ID is added to the private owner field in at least ¶ [00026] and If the former private owner has evicted the line from its cache (i.e. the cache line generation has ended), the former private owner replies with a negative acknowledgement to the LLC/SHC request. In this case, the LLC/SHC line remains Private, and the PrivateOwner/SharerCount field is set to the ID of the new owner in at least ¶ [00032]).

With regard to claim 7, Kaplan teaches wherein the ZCM manager is further to: determine whether the OTAG associated with the memory address (the cache 108 stores, for each storage location of a given size (e.g. a cache line), entity tag information identifying a particular program or other entity (e.g. a VM) that is authorized to access the information at the storage location in at least ¶ [0028]) matches a specified ITAG for a source software component (the cache 108 compares the identity of the entity that generated the memory access request to the entity tag information in at least ¶ [0028]); and
abort the receive request without changing the OTAG associated with the memory address in response to a determination that the OTAG associated with the memory address does not match the specified ITAG for the source software component (the cache 108 compares the identity of the entity that generated the memory access request to the entity tag information and, in response to a mismatch, indicates a cache miss, thereby preventing unauthorized access to the information in at 

With regard to claim 8, a data processing system, comprising (FIG. 1 illustrates a processing system 100):
random access memory (The memory 120 can be random access memory (RAM));
a processor in communication with the random access memory (A processor employs a hardware encryption module in the processor's memory access path to cryptographically isolate secure information in at least abstract and Fig. 1 and 2);
a core in the processor (To facilitate execution of instructions, the processor 102 includes processor cores 104 and 106 … The processor cores 104 and 106 are processing units that individually and concurrently execute instructions. In some embodiments, each of the processor cores 104 and 106 includes an individual instruction pipeline that fetches instructions, decodes the fetched instructions into corresponding operations and, using the resources of the processing system 100, executes the operations, including memory access requests … in at least ¶ [0024]);
a cache in the processor (To facilitate execution of instructions, the processor 102 includes … caches 105, 107 in at least ¶ [0024]); and
a zero-copy memory (ZCM) manager in the processor, in communication with the core and the cache, the ZCM manager to (To facilitate execution of instructions, the processor 102 includes … a northbridge 110, and a security mode register 121 in at least ¶ [0024] and In some embodiments, the encryption module is located at a memory controller (e.g. northbridge) of the processor, and each memory access provided to the memory controller indicates whether the access is a secure memory access in at least ¶ [0017] and The northbridge 110 is a memory controller that provides an interface for the processor 102 to communicate with the memory 120. In some embodiments, the northbridge 110 can perform other functions, such as interfacing with an input/output controller (e.g. a southbridge, not shown), and providing an interface between different processor cores (e.g. the processor cores 104 and 106 and other processor cores (not shown), such as a graphics processing unit in at least ¶ [0029]):
receive an access request from a first software component that executes on the core (If the write request is a secure memory access request, the northbridge 110 identifies one of the keys 126 that is assigned to the entity (e.g. program, VM, software service, and the like) that generated the memory access request in at least ¶ [0030]), wherein the access request involves a memory address within a cache line (the memory access path of the processing system 100 is such that the cache 108 stores information, including secure information, in an unencrypted form. Accordingly, as described further 
in response to receiving the access request, (i) compare an owner tag (OTAG) associated with the memory address (the cache 108 stores, for each storage location of a given size (e.g. a cache line), entity tag information identifying a particular program or other entity (e.g. a VM) that is authorized to access the information at the storage location in at least ¶ [0028]) against a first identity tag (ITAG) for the first software component (the cache 108 compares the identity of the entity that generated the memory access request to the entity tag information in at least ¶ [0028]), (ii) if the OTAG matches the first ITAG, complete the access request (Accordingly, the cache controller 572 compares the VM tag value at the entry's VM tag field to the VM tag value stored at the CMV ID value register 573. A match of the values indicates that the VM currently executing at the processor 102 is the VM that is authorized to access the information at the entry. Accordingly, in response to a match, the cache controller 572 indicates a cache hit and satisfies the memory access request in at least ¶ [0055]), and (iii) if the OTAG does not match the first ITAG, abort the access request (the cache 108 compares the identity of the entity that generated the memory access request to the entity tag information and, in response to a mismatch, indicates a cache miss, thereby preventing unauthorized access to the information in at least ¶ [0028] and Accordingly, the cache controller 572 compares the VM tag value at the entry's VM tag field to the VM tag value stored at the CMV ID value register 573 … In response to a mismatch between the VM 
Kaplan teaches a processor wherein a memory manager adjudicates cache line access requests by comparing the identity of the requestor VM to an owner of the memory address and completes or aborts the request in accordance with the identity and ownership match/mismatch. Kaplan does not specifically teach facilitating the requestor VM requesting to change the memory address ownership to another entity, another VM.
However, in analogous art Kaxiras teaches in response to a send request from the first software component (If a different core accessing a private line is detected (by detecting that the requestor ID is different from the current owner ID), the line is changed to Shared in at least ¶ [00024] and If the cache line changes from Private to Shared, before the LLC/SHC responds to the new requestor, the former private owner changes the classification of the cache line. The classification change is achieved by sending a request to the former private owner to change its classification of the cache line from Private to Shared. As a result of changing classification, the former private owner may perform a write-back of dirty data. The resulting classification information is carried, with the LLC/SHC response, to the new requestor in at least ¶ [00025]), change the OTAG associated with the memory address to match a second ITAG for a second software component that executes on the core (When a 
It would have been obvious to a person having ordinary skill in art prior to the effective filing date of the claimed invention to combine the facilitating the requestor VM requesting to change the memory address ownership to another entity of Kaxiras with the systems and methods of Kaplan resulting in a system in which the current cache line owner of Kaplan may request a change of ownership of the cache line, as in Kaxiras, to another virtual machine that want access to the cache line/data. A person having ordinary skill in the art would have been motivated to make this combination, with a reasonable expectation of success, for the purpose of reducing cost and complexity in a shared memory processing environment without sacrificing power and performance, particularly in implementing virtual cache coherency and private and shared caches (see at least Kaxiras ¶ [00010]).

With regard to claim 9, Kaplan teaches wherein: the ZCM manager is to associate OTAGs with cache lines (the cache 108 stores, for each storage location of a given size (e.g. a cache line), entity tag information identifying a particular program or 
Kaplan does not specifically teach the cache/cache controller changing the ownership.
However, in analogous art Kaxiras teaches the ZCM manager is to respond to the send request by changing the OTAG of the cache line that includes the memory address to match the second ITAG (… the LLC/SHC responds to the new core requesting the cache line … the LLC/SHC line remains Private, and the PrivateOwner/SharerCount field is set to the ID of the new owner in at least ¶ [00032]).
It would have been obvious to a person having ordinary skill in art prior to the effective filing date of the claimed invention to combine the LLC/SHC to change the memory address ownership to another entity of Kaxiras with the systems and methods of Kaplan resulting in a system in which the current cache line owner of Kaplan may request a change of ownership of the cache line by the cache/cache controller, as in the LLC/SHC of Kaxiras, to another virtual machine that want access to the cache line/data. A person having ordinary skill in the art would have been motivated to make this combination, with a reasonable expectation of success, for the purpose of reducing cost and complexity in a shared memory processing environment without sacrificing power and performance, particularly in implementing virtual cache coherency and private and shared caches (see at least Kaxiras ¶ [00010]).

With regard to claim 10, Kaxiras teaches wherein the ZCM manager enables the first software component to use the send request to change the OTAG associated with the memory address to match the second ITAG without calling a virtual machine monitor (When a cache line is brought into the LLC/SHC, the requesting LI cache becomes the line's private owner and the cache ID is added to the private owner field in at least ¶ [00026] and If the former private owner has evicted the line from its cache (i.e. the cache line generation has ended), the former private owner replies with a negative acknowledgement to the LLC/SHC request. In this case, the LLC/SHC line remains Private, and the PrivateOwner/SharerCount field is set to the ID of the new owner in at least ¶ [00032], Examiner notes, there is no call to a virtual machine monitor. Moreover, Kaplan, which is being modified by Kaxiras, does not call the virtual machine monitor from the cache/cache controller when handling cache requests, it is just the cache controller, thus also no call to virtual machine monitor).

With regard to claim 11, Kaplan teaches wherein: the first software component comprises a first virtual machine (VM) to which the first ITAG has been assigned (If the write request is a secure memory access request, the northbridge 110 identifies one of the keys 126 that is assigned to the entity (e.g. program, VM, software service, and the like) that generated the memory access request in at least ¶ [0030]);
the second software component comprises a second virtual machine (VM) to which the second ITAG has been assigned (Accordingly, the cache controller 572 compares the VM tag value at the entry's VM tag field to the VM tag value stored at the CMV ID value register 573 … In response to a mismatch between the VM tag values, the cache controller 572 indicates a cache miss and does not satisfy the request. 
the processor further comprises a memory management unit (MMU) to translate a guest physical address (GPA) associated with the access request to a host physical address (HPA) that comprises the OTAG (where the processor 102 executes VMs and a hypervisor, the address translation module 145 may access more than one level of page tables to identify the C-bit and the physical address to be used by the memory 120 (referred to for purposes of description of FIG. 4 as a "system physical address") in at least ¶ [0050] and The guest page tables 447 store a mapping of virtual addresses to a set of addresses, referred to as guest physical addresses. The guest physical addresses are not actual physical addresses of the memory 120, but rather represent intermediate addresses between the virtual address and the system physical addresses of the memory 120. The host page tables 449 store a mapping between the guest physical addresses and corresponding system physical addresses. in at least ¶ [0051]); and
the operation of comparing the OTAG associated with the memory address against the first ITAG for the first software component comprises comparing the first ITAG that has been assigned to the first VM against the OTAG in the HPA to verify whether the first VM owns a cache line that includes the HPA (the cache 108 stores, for each storage location of a given size (e.g. a cache line), entity tag information identifying a particular program or other entity (e.g. a VM) that is authorized to access the information at the storage location in at least ¶ [0028] and the cache 108 compares 

With regard to claim 13, Kaxiras teaches wherein the ZCM manager is further to: in response to a receive request from a third (Each processor core 20 is connected to its own small but fast level 1 local or private data cache 22. Each core 20 may also optionally include a level 1 instruction cache (not shown). A global or shared data cache 24 is associated with all the cores 20 in at least ¶ [00021] and Fig. 1, Examiner notes system may contain a plurality of cores, Kaplan executes a VM on each core, therefore Kaplan may be extended to more than two cores/VMs as Kaxiras already handle cache ownerships in an environment with a plurality of cores) software component that executes on the core (If a different core accessing a private line is detected (by detecting that the requestor ID is different from the current owner ID), the line is changed to Shared in at least ¶ [00024] and If the cache line changes from Private to Shared, before the LLC/SHC responds to the new requestor, the former private owner changes the classification of the cache line. The classification change is achieved by sending a request to the former private owner to change its classification of the cache line from Private to Shared. As a result of changing classification, the former private owner may perform a write-back of dirty data. The resulting classification information is carried, with the LLC/SHC response, to the new requestor in at least ¶ [00025]), change the OTAG associated with the memory address to match a third ITAG for the third software component (When a cache line is brought into the LLC/SHC, the requesting LI cache becomes the line's private owner and the cache ID is 

With regard to claim 14, Kaplan teaches wherein the ZCM manager is further to: determine whether the OTAG associated with the memory address (the cache 108 stores, for each storage location of a given size (e.g. a cache line), entity tag information identifying a particular program or other entity (e.g. a VM) that is authorized to access the information at the storage location in at least ¶ [0028]) matches a specified ITAG for a source software component (the cache 108 compares the identity of the entity that generated the memory access request to the entity tag information in at least ¶ [0028]); and
abort the receive request without changing the OTAG associated with the memory address in response to a determination that the OTAG associated with the memory address does not match the specified ITAG for the source software component (the cache 108 compares the identity of the entity that generated the memory access request to the entity tag information and, in response to a mismatch, indicates a cache miss, thereby preventing unauthorized access to the information in at least ¶ [0028] and Accordingly, the cache controller 572 compares the VM tag value at the entry's VM tag field to the VM tag value stored at the CMV ID value register 573 … In response to a mismatch between the VM tag values, the cache controller 572 

With regard to claim 15, Kaplan teaches a non-transitory machine-readable medium comprising instructions which, when executed by a processor, cause the processor to (in at least ¶ [0072] – [0073]):
in response to receiving an access request from a first software component (If the write request is a secure memory access request, the northbridge 110 identifies one of the keys 126 that is assigned to the entity (e.g. program, VM, software service, and the like) that generated the memory access request in at least ¶ [0030]), wherein the access request involves a memory address within a cache line (the memory access path of the processing system 100 is such that the cache 108 stores information, including secure information, in an unencrypted form. Accordingly, as described further below with respect to FIG. 5, in some embodiments the cache 108 stores, for each storage location of a given size (e.g. a cache line) in at least ¶ [0028]):
(a) compare an owner tag (OTAG) associated with the memory address (the cache 108 stores, for each storage location of a given size (e.g. a cache line), entity tag information identifying a particular program or other entity (e.g. a VM) that is authorized to access the information at the storage location in at least ¶ [0028]) against a first identity tag (ITAG) for the first software component (the cache 108 compares the identity 
(b) if the OTAG matches the first ITAG, complete the access request (Accordingly, the cache controller 572 compares the VM tag value at the entry's VM tag field to the VM tag value stored at the CMV ID value register 573. A match of the values indicates that the VM currently executing at the processor 102 is the VM that is authorized to access the information at the entry. Accordingly, in response to a match, the cache controller 572 indicates a cache hit and satisfies the memory access request in at least ¶ [0055]), and
(c) if the OTAG does not match the first ITAG, abort the access request (the cache 108 compares the identity of the entity that generated the memory access request to the entity tag information and, in response to a mismatch, indicates a cache miss, thereby preventing unauthorized access to the information in at least ¶ [0028] and Accordingly, the cache controller 572 compares the VM tag value at the entry's VM tag field to the VM tag value stored at the CMV ID value register 573 … In response to a mismatch between the VM tag values, the cache controller 572 indicates a cache miss and does not satisfy the request. Accordingly, if the currently-executing VM is not authorized to access the information designated for cryptographic protection, the cache controller 572 prevents the access in at least ¶ [0055]); and

However, in analogous art Kaxiras teaches in response to a send request from the first software component (If a different core accessing a private line is detected (by detecting that the requestor ID is different from the current owner ID), the line is changed to Shared in at least ¶ [00024] and If the cache line changes from Private to Shared, before the LLC/SHC responds to the new requestor, the former private owner changes the classification of the cache line. The classification change is achieved by sending a request to the former private owner to change its classification of the cache line from Private to Shared. As a result of changing classification, the former private owner may perform a write-back of dirty data. The resulting classification information is carried, with the LLC/SHC response, to the new requestor in at least ¶ [00025]), change the OTAG associated with the memory address to match a second ITAG for a second software component (When a cache line is brought into the LLC/SHC, the requesting LI cache becomes the line's private owner and the cache ID is added to the private owner field in at least ¶ [00026] and If the former private owner has evicted the line from its cache (i.e. the cache line generation has ended), the former private owner replies with a negative acknowledgement to the LLC/SHC request. In this case, 
It would have been obvious to a person having ordinary skill in art prior to the effective filing date of the claimed invention to combine the facilitating the requestor VM requesting to change the memory address ownership to another entity of Kaxiras with the systems and methods of Kaplan resulting in a system in which the current cache line owner of Kaplan may request a change of ownership of the cache line, as in Kaxiras, to another virtual machine that want access to the cache line/data. A person having ordinary skill in the art would have been motivated to make this combination, with a reasonable expectation of success, for the purpose of reducing cost and complexity in a shared memory processing environment without sacrificing power and performance, particularly in implementing virtual cache coherency and private and shared caches (see at least Kaxiras ¶ [00010]).

With regard to claim 16, Kaxiras teaches in response to a receive request from a third (Each processor core 20 is connected to its own small but fast level 1 local or private data cache 22. Each core 20 may also optionally include a level 1 instruction cache (not shown). A global or shared data cache 24 is associated with all the cores 20 in at least ¶ [00021] and Fig. 1, Examiner notes system may contain a plurality of cores, Kaplan executes a VM on each core, therefore Kaplan may be extended to more than two cores/VMs as Kaxiras already handle cache ownerships in an environment with a plurality of cores) software component (If a different core accessing a private line is detected (by detecting that the requestor ID is different from the current owner ID), the  change the OTAG associated with the memory address to match a third ITAG for the third software component (When a cache line is brought into the LLC/SHC, the requesting LI cache becomes the line's private owner and the cache ID is added to the private owner field in at least ¶ [00026] and If the former private owner has evicted the line from its cache (i.e. the cache line generation has ended), the former private owner replies with a negative acknowledgement to the LLC/SHC request. In this case, the LLC/SHC line remains Private, and the PrivateOwner/SharerCount field is set to the ID of the new owner in at least ¶ [00032]).

With regard to claim 17, Kaplan teaches determine whether the OTAG associated with the memory address (the cache 108 stores, for each storage location of a given size (e.g. a cache line), entity tag information identifying a particular program or other entity (e.g. a VM) that is authorized to access the information at the storage location in at least ¶ [0028]) matches a specified ITAG for a source software component (the cache 108 compares the identity of the entity that generated the memory access request to the entity tag information in at least ¶ [0028]); and
abort the receive request without changing the OTAG associated with the memory address in response to a determination that the OTAG associated with the memory address does not match the specified ITAG for the source software component (the cache 108 compares the identity of the entity that generated the memory access request to the entity tag information and, in response to a mismatch, indicates a cache miss, thereby preventing unauthorized access to the information in at least ¶ [0028] and Accordingly, the cache controller 572 compares the VM tag value at the entry's VM tag field to the VM tag value stored at the CMV ID value register 573 … In response to a mismatch between the VM tag values, the cache controller 572 indicates a cache miss and does not satisfy the request. Accordingly, if the currently-executing VM is not authorized to access the information designated for cryptographic protection, the cache controller 572 prevents the access in at least ¶ [0055]).

With regard to claim 18, Kaplan teaches wherein: the machine-readable medium comprises at least one virtual machine (VM) image (The VM owner encrypts an image of the corresponding VM and provides it to the hypervisor 252, which stores the encrypted image as secure data at the memory 120. Thus, in the illustrated example, the secure information 225 includes the VM image for the VM 250 in at least ¶ [0035])
to enable the processor to instantiate (a) a first VM to which the first ITAG is assigned and the first VM comprises the first software component; and (If the write request is a secure memory access request, the northbridge 110 identifies one of 
(b) a second VM to which the second ITAG is assigned; the second VM comprises the second software component (Accordingly, the cache controller 572 compares the VM tag value at the entry's VM tag field to the VM tag value stored at the CMV ID value register 573 … In response to a mismatch between the VM tag values, the cache controller 572 indicates a cache miss and does not satisfy the request. Accordingly, if the currently-executing VM is not authorized to access the information designated for cryptographic protection, the cache controller 572 prevents the access in at least ¶ [0055]).

With regard to claim 19, Kaxiras teaches wherein the send request enables the first VM to change the OTAG associated with the memory address to match the second ITAG without calling a virtual machine monitor (When a cache line is brought into the LLC/SHC, the requesting LI cache becomes the line's private owner and the cache ID is added to the private owner field in at least ¶ [00026] and If the former private owner has evicted the line from its cache (i.e. the cache line generation has ended), the former private owner replies with a negative acknowledgement to the LLC/SHC request. In this case, the LLC/SHC line remains Private, and the PrivateOwner/SharerCount field is set to the ID of the new owner in at least ¶ [00032], Examiner notes, there is no call to a virtual machine monitor. Moreover, Kaplan, which is being modified by Kaxiras, does not call the virtual machine monitor from the cache/cache controller when handling cache requests, it is just the cache controller, thus also no call to virtual machine monitor).

With regard to claim 20, Kaplan teaches cause a memory management unit (MMU) in the processor to translate a guest physical address (GPA) associated with the access request to a host physical address (HPA) that comprises the OTAG (where the processor 102 executes VMs and a hypervisor, the address translation module 145 may access more than one level of page tables to identify the C-bit and the physical address to be used by the memory 120 (referred to for purposes of description of FIG. 4 as a "system physical address") in at least ¶ [0050] and The guest page tables 447 store a mapping of virtual addresses to a set of addresses, referred to as guest physical addresses. The guest physical addresses are not actual physical addresses of the memory 120, but rather represent intermediate addresses between the virtual address and the system physical addresses of the memory 120. The host page tables 449 store a mapping between the guest physical addresses and corresponding system physical addresses. in at least ¶ [0051]); and
the operation of comparing the OTAG associated with the memory address against the first ITAG for the first software component comprises: comparing the first ITAG that has been assigned to the first VM against the OTAG in the HPA to verify whether the first VM owns a cache line that includes the HPA (the cache 108 stores, for each storage location of a given size (e.g. a cache line), entity tag information identifying a particular program or other entity (e.g. a VM) that is authorized to access the information at the storage location in at least ¶ [0028] and the cache 108 compares .

Allowable Subject Matter
Claims 5, 12 and 21 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims as well as overcoming any outstanding rejections under 35 U.S.C. § 101 and 112.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 9459903 B2
teaches
Techniques for routing service chain flow packets between virtual machines
US 10706147 B1
teaches
Mitigating side-channel attacks via shared cache
US 20060265554 A1
teaches
Apparatus and method of controlling data sharing on a shared memory computer system
US 20090327616 A1
teaches
Snoop filtering mechanism
US 20180004680 A1
teaches
Technologies for zero-copy inter-virtual-machine data movement
US 20210099391 A1
teaches
Methods and apparatus for low latency operation in user space networking
WO 2013186694 A2
teaches
System and method for data classification and efficient virtual cache coherence without reverse translation



Examiner respectfully requests, in response to this Office action, support be shown for language added to any original claims on amendment and any new claims. That is, indicate support for newly added claim language by specifically pointing to page(s) and line number(s) in the specification and/or drawing figure(s). This will assist Examiner in prosecuting the application.

When responding to this Office Action, Applicant is advised to clearly point out the patentable novelty which he or she thinks the claims present, in view of the state of the art disclosed by the references cited or the objections made. He or she must also show how the amendments avoid such references or objections.  See 37 CFR 1.111(c).

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRADLEY A TEETS whose telephone number is (571)272-3338.  The examiner can normally be reached on Monday - Friday, 6am-2pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Meng An can be reached on 5712723756.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/BRADLEY A TEETS/Primary Examiner, Art Unit 2195