DETAILED ACTION
This communication is responsive to the application # 16/403,033 filed on May 03, 2019. Claims 1-18 are pending and are directed toward IN-PLACE ENCRYPTION OF A SWAP FILE ON A HOST MACHINE.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Specification
The disclosure is objected to because of the following informalities: no Application number was provided in Specification [0001]. Examiner assumes it could be US 16/402,430.  
Appropriate correction is required.
  
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-18 are rejected under 35 U.S.C. 102(a)(1) as being unpatentable over Djoko et al. (TPRIVEXEC: Private Execution in Virtual Memory, CODASPY’16, March 09 - 11, 2016, 10 pages), hereinafter referred to as Djoko.
As per claim 1, Djoko teaches a method comprising:
performing, by a computing system, swapping operations to swap in and swap out pages of memory between a main memory of the computer system and a swap file (Virtual memory allows processes to allocate more memory than there is available in the system. Frequently accessed pages are kept in physical memory, while stale pages are saved to secondary storage called swap. Djoko, page 288 ); and
performing, by the computing system, an encryption operation, concurrently with and independently of the swapping operations, including encrypting each page of memory that is stored in the swap file (The pages in swap space are stored in cleartext and persist beyond process execution. If left unaddressed, this presents a potential violation of privacy, as private application data could be recovered from swap space. Therefore, using the PEK as an encryption key, the pages from private processes are encrypted and decrypted as they transit in and out of swap space. Djoko, page 288) and updating information associated with said each page of memory to indicate said each page of memory is encrypted (To differentiate a private process from a public one, a private attribute of type privexec_context was added to the task_struct. Djoko, page 288),
wherein a swapping operation on a page of memory to be swapped includes encrypting or decrypting the page of memory depending on whether the swapping operation is a swap-in operation or a swap-out operation and depending on whether information associated the page of memory indicates the page of memory is encrypted or not encrypted (For every  filesystem, the VFS defines a set of callback functions implement I/O operations. The readpage and writepage operations read pages in and write pages out of the cache respectively. For TpriVexeC, during a writepage operation, the page is encrypted before it is copied to swap. As for the readpage operation, if the page being read belongs to a private container, the page is decrypted after it is read into the page cache. Djoko, page 289).
As per claim 2, Djoko teaches the method of claim 1, wherein the encryption operation comprises: accessing a page map to identify a page of memory that is stored in the swap file, the page map including information that indicates where the page of memory is located in the swap file; accessing the page of memory from the swap file; encrypting the accessed page of memory and storing the encrypted page of memory back in the swap file; updating the page map with information to indicate that the page of memory is encrypted; and repeating with a next page of memory (In Linux, swapping involves copying pages from the page cache to the swap cache. The swap cache is the set of all pages written out to swap and its principal role is buffering pages before committing them to disk. By design, each page in the swap cache correspond to a unique page frame. This implies that shared memory pages (with different PTEs pointing to the same page frame) although mapped in multiple process address spaces, their PTEs eventually correspond to the same page frame in the swap cache. Therefore, for private processes, our solution is to modify the swapping process to take into account when a page is mapped by a private process. It required extending the object representing a swap entry with a pointer to the corresponding private context. Using the process' private context, the kernel swap routine was modified to encrypt and decrypt pages as they move in and out of swap the cache. Djoko, page 290).
claim 3, Djoko teaches the method of claim 2, wherein the encryption operation further comprises accessing the page map in sequential order starting from a first page of memory in the page map and proceeding toward a last page of memory in the page map (Lastly, the ref variable stores the number of processes pointing to the privexec_context and indirectly serves as a count of the number of processes in an enclave. Its value is decremented whenever a process terminates and when it drops to zero, the private context is deleted. Djoko, page 288).
As per claim 4, Djoko teaches the method of claim 1, wherein the swapping operation is a swap-out operation, the method further comprising encrypting the page of memory to be swapped when the information in the page map associated the page of memory indicates the page of memory is not encrypted (It required extending the object representing a swap entry with a pointer to the corresponding private context. Using the process' private context, the kernel swap routine was modified to encrypt and decrypt pages as they move in and out of swap the cache. Djoko, page 290).
As per claim 5, Djoko teaches the method of claim 1, wherein the swapping operation is a swap-in operation, the method further comprising reading in the page of memory to be swapped and decrypting the page of memory when the information in the page map associated the page of memory indicates the page of memory is encrypted (It required extending the object representing a swap entry with a pointer to the corresponding private context. Using the process' private context, the kernel swap routine was modified to encrypt and decrypt pages as they move in and out of swap the cache. Djoko, page 290).
As per claim 6, Djoko teaches the method of claim 1, wherein the computing system is a host machine of a virtualization system and the host physical memory is host physical memory of the host machine, wherein the pages of memory stored in the swap file are pages of guest Lacuna [6] introduces the concept ephemeral channels to provide forensic deniability for programs as they communicate with devices. Using a modified QEMU hypervisor, it runs the private application in a virtual machine. When the private execution is terminated, the ephemeral channels are clobbered thereby making any state generated by the private process irrecoverable. Though the design goals of Lacuna considerably overlaps with ours, the approach employed by Lacuna is deemed heavyweight. By copying OS resources and running the private application in a VM makes Lacuna inappropriate for resource-constrained systems. Djoko, page 294).
Claims 7-18 have limitations similar to those treated in the above rejection, and are met by the references as discussed above, and are rejected for the same reasons of anticipation as used above.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-18 are  provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of copending Application No. 16/402,430 (reference application). Although the claims at issue are not identical, they are not patentably distinct from each other because each element of the claims of the present application is anticipated by In re Goodman (CAFC) 29 USPQ2D 2010 (12/3/1993)).
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to OLEG KORSAK whose telephone number is (571)270-1938.  The examiner can normally be reached on 5:00 AM- 4:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/OLEG KORSAK/