Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 


Information Disclosure Statement
	The information disclosure statement(s) (IDS) submitted on 01/17/2022 is/are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement(s) is/are being considered by the examiner.	

Response to Amendment
This communication is in response to the amendment filed on 01/13/2022. The Examiner acknowledges amended claims 1-20. No claims have been cancelled or added. Claims 1-20 are pending and claims 1-10 are rejected.  Claims 11-20 are withdrawn. Claims 1, 11, and 16 is/are independent. 

The rejection(s) of claims under 35 U.S.C. § 112 are withdrawn in view of Applicant's amendments except as specifically set forth below.
The rejection(s) of claims under 35 U.S.C. § 101 are withdrawn in view of Applicant's amendments.

Response to Arguments
Applicant's arguments filed 01/13/2022 have been fully considered.  Applicant argues (see Remarks, page 8) that the previous rejections fail to disclose the newly amended claim features.  This argument is persuasive. Therefore, the rejections are withdrawn. However, upon further consideration, a new ground of rejection is made in view of Chen et al. Virtualization-th International Conference On Architectural Support For Programming Languages And Operating Systems, March 2008, Pages 2–13 (submitted in IDS) in view of Klein et al. U.S. Publication 20170139840 (hereinafter “Klein”), further in view of Gupta et al. U.S. Publication 20170220466 (hereinafter “Gupta”).
The newly found reference Gupta teaches that an instruction decoder may decode instructions to be executed by a processor to perform operations. Some of these operations may include creating a protected domain in system memory or paging to swap an executing software’s code and data in and out of system memory (Gupta figure 42, para. 25, 29, 35).
Regarding applicant’s arguments with respect to the dependent claims 2-10, applicant’s amendments to the independent claims have necessitated a new ground of rejection with respect to the independent claims from which the dependent claims depend, thereby requiring new grounds of rejection for the dependent claims also. 
Accordingly, Applicant's argument is persuasive, the rejection is withdrawn, and new ground(s) of rejection are presented herein.



	
	
	
	

	
	
	
	
	
	

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-10 is/are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim 1 recites “verifying the first VM guest page”. However, there is no antecedent basis for the first VM guest page. For compact prosecution, “the first VM guest page” is interpreted as “the VM guest page”. Claims 2-10 depend from claim 1 and inherit the limitations of claim 1, and are therefore rejected for the same reasons. Appropriate correction is required.


	

Claim Rejections - 35 USC § 103
	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
	
	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

	
Claims 1-3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chen et al. Virtualization-Based Approach To Retrofitting Protection In Commodity Operating Systems, ASPLOS XIII: Proceedings of the 13th International Conference On Architectural Support For Programming Languages And Operating Systems, March 2008, Pages 2–13 (submitted in IDS) in view of Klein et al. U.S. Publication 20170139840 (hereinafter “Klein”), further in view of Gupta et al. U.S. Publication 20170220466 (hereinafter “Gupta”).
As per claim 1, Chen discloses A processor comprising: 
(See Chen 
page 4, Left column, 2nd paragraph under section 3.3 memory cloaking 
our virtualization-based cloaking does not require any changes to the processor architecture,
)

a key domain in which to execute a VM, and wherein the core is also to perform operations corresponding to the VM page-in instruction, including paging a VM guest page into the key domain, 
(See 
Chen page 4, 2nd paragraph under section 3.2 
The “context” that determines which view (shadow page table) to use for a particular
memory access can be defined in terms of any state accessible
to the VMM, such as ……, instruction pointer [instruction; the instruction pointer points to each instruction to be executed, instruction can be the software code instruction being executed; one or more of these instructions being executed by the processor will be an instruction to page-in a VM page]

th paragraph down, When the encrypted page is subsequently accessed via the application shadow (transitions 2 or 3), the VMM unmaps the page from the system shadow, verifies its integrity hash, decrypts the page, and maps the page[paging a VM guest page into the key domain; wherein the core is also to perform operations corresponding to the VM page-in instruction; as a processor executes instructions, mapping the page in the Chen application shadow would disclose perform operations corresponding to the VM page-in instruction ] into the application shadow. 
Chen Section 3.2 Conceptually,multiple shadow page tables are used to provide different views of guest physical memory to different shadow contexts. [This indicates that it is VM guest pages that are being paged in]
[Paging a page into the key domain can be disclosed by mapping the page into the application shadow (page 4, right side column, paragraph 5);
key domain can be disclosed by a portion of memory storing one or more pages which can be decrypted or encrypted plus the portion of memory with the one or more pages is mapped into the application shadow page table (after having been decrypted); when access to the page is requested by OS/ kernel (paging out), the page is encrypted and the encrypted view of the page is seen by the OS/ kernel, and a key is required to decrypt; when access is requested by an application (paging in), the decrypted view of the page is seen by the application. In a scenario where the page is accessed by an application after having been encrypted previously, a key is required to decrypt the data; see figure 1 cloaking protocol
]
Chen page 4, right hand column, bottom paragraph 
…… if the kernel swaps a cloaked page to disk, which is later paged in due to an application read[this shows that there are scenarios where the page may be on disk and paged into memory in response to an application read, thus disclosing paging the VM guest page into the key domain; in this scenario key domain can be disclosed by a portion of memory storing one or more pages which can be decrypted or encrypted]

Chen Page 3, right side column, bottom paragraph
The VMM also typically manages
separate shadow page tables, which contain GVPN-to-MPN [VM guest page is a page that is referenced in a shadow page table and is a page of a virtual machine; VM guest page is disclosed by the virtual machine guest page that is paged in to the application shadow table from the system shadow table]

Chen 7.1 Protected Resources
Each cloaked resource, such as a file or anonymous memory region,
…..
When a resource is mapped into memory[paging the VM guest page into the key domain], its RMD is loaded into the metadata cache (MDC) in the VMM. A single MDC caches metadata for all cloaked resources mapped by the guest.
)

 	wherein paging the VM guest page into the key domain includes verifying the first VM guest page using a message authentication code (MAC) stored in an extended page table entry (EPTE) for the first VM guest page and 
(See 
Chen Page 3, right side column, bottom paragraph
The VMM also typically manages
separate shadow page tables, which contain GVPN-to-MPN [VM guest page is a page that is referenced in a shadow page table and is a page of a virtual machine; VM guest page is disclosed by the virtual machine guest page that is paged in to the application shadow table from the system shadow table]

Chen 
page 4, right side column,  5th paragraph down, When the encrypted page is subsequently accessed [this will cause paging the VM guest page into the key domain ]……the VMM unmaps the page from the system shadow, verifies its integrity hash[verifying the first VM guest page]
[message authentication code (MAC)= hash H]

Chen 7.1 Protected Resources, 1st paragraph
Each cloaked resource, such as a file or anonymous memory region,
is associated with a unique 64-bit resource identifier (RID).
Each RID has a corresponding resource metadata object (RMD)
that stores metadata [Note RMD stores metadata for the combination argument with secondary reference below ]needed to decrypt, check integrity, and preserve
ordering. Concretely, an RMD is an ordered set of (IV,H)
pairs[extended page table entry (EPTE)= ordered set of (IV,H)
pairs= three-level page table], one per encrypted page[for the first VM guest page], addressed by a 32-bit resource page number (RPN). ……., each RMD is implemented
with a data structure similar to a three-level page table 
)

removing the MAC in the EPTE; and 
(See Chen page 4, right side column, 5th para. If the page is later written by the application (transition 4), the (IV,H) is discarded 


an encryption engine to decrypt the first VM guest page responsive to the VM page-in instruction.
(See Chen 
page 4, right side column,  5th paragraph down, When the encrypted page is subsequently accessed  via the application shadow (transitions 2 or 3), the VMM unmaps the page from the system shadow, verifies its integrity hash, decrypts the page[decrypt the first VM guest page; an encryption engine= the VMM], and maps the page into the application shadow. 
Chen Section 3.2 Conceptually,multiple shadow page tables are used to provide different views of guest physical memory to different shadow contexts. [This indicates that it is VM guest pages that are being paged in]
Chen page 4, 2nd paragraph under section 3.2 
The “context” that determines which view (shadow page table) to use for a particular
memory access can be defined in terms of any state accessible
to the VMM, such as ……, instruction pointer [instruction; the instruction pointer points to each instruction to be executed, instruction can be the software code instruction being executed; one or more of these instructions being executed by the processor will be an instruction to page-in a VM page]
)

	However, Chen does not expressly disclose 
a hardware core, including an instruction decoder to decode a create key domain instruction and a virtual machine (VM) page-in instruction, 
wherein the core is to perform operations corresponding to the create key domain instruction, including to create a key domain in which to execute a VM, and wherein the core is also to perform operations corresponding to the VM page-in instruction
replacing the MAC in the EPTE with a host physical address of the VM guest page; 

Klein discloses  loading a page into memory and then storing, in metadata, the physical address of page being loaded into the memory 
(See Klein Para. [0111]
In step 707, the hardware or firmware component that has sent the acknowledgement may load the data blocks 163 associated with the data object 161 from the storage devices 151 into the memory unit 125, e.g., in the form of pages. …... The physical address of the data of the data object 161 that is stored in the memory unit 125 may be stored on the FW/HW metadata in association with the object ID of the data object 161…… In case of a system including a TLB, step 405 may further include adding an entry in the TLB 145. The entry indicating the virtual address of the data object 161 and the physical address of that data object 161.[Also teaches storing physical address in the table]
[0078] In another example, the object-based storage system 100 may enable a 
virtualization environment.  The hypervisor may run or control one or more 
virtual machines (or guest machines). 
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Chen with the technique for loading a page into memory and then recording, in metadata, the physical address of page being loaded into the memory of Klein to include 
replacing the MAC in the EPTE with a host physical address of the VM guest page; 
st paragraph under 7.1 protected resources), and the Klein secondary reference teaching storing the machine physical address in the metadata, the combination discloses replacing the MAC in the EPTE with a host physical address of the VM guest page.

However, the combination of Chen and Klein does not expressly disclose 
a hardware core, including an instruction decoder to decode a create key domain instruction and a virtual machine (VM) page-in instruction, 
wherein the core is to perform operations corresponding to the create key domain instruction, including to create a key domain in which to execute a VM, and wherein the core is also to perform operations corresponding to the VM page-in instruction

Gupta discloses a hardware core, including an instruction decoder to decode a create key domain instruction and a virtual machine (VM) page-in instruction, 
wherein the core is to perform operations corresponding to the create key domain instruction, including to create a key domain, and wherein the core is also to perform operations corresponding to the VM page-in instruction
 (See Gupta Para. [0021] Processor 112 may represent all or part of a hardware component including one or more processors [hardware core]
instruction decoder,[ instruction decoder] to fetch, receive, decode, interpret, schedule, and/or handle instructions to be executed by processor 200. Any instruction format may be used within the scope of the present invention; for example, an instruction may include an opcode and one or more operands, where the opcode may be decoded 
[decode a create key domain instruction and a virtual machine (VM) page-in instruction; the actual domain creation is discussed at Gupta para. 35 and the paging is discussed at Gupta para. 29; these operations, when performed by a processor, would involve decoding instructions to perform such operations] into one or more micro-instructions or micro-operations for execution by execution unit 230. 
Gupta [0035]
Therefore, EPTs may be used to create protected domains in system memory [to create a key domain; perform operations corresponding to the create key domain instruction, including to create a key domain; in which to execute a VM is intended use ]. Each such domain may correspond to a different set of EPT paging structures, each defining a different view of memory with different access permissions (each, a permission view), and each referenced by a different EPT pointer (EPTP). 
Gupta [0029]
MMU 250 supports the use of virtual memory to provide software, including software running in a VM or…. MMU 250 supports a memory management scheme, such as paging[and a virtual machine (VM) page-in instruction;] , to swap the executing software's code and data[the executing software can be the virtual machine] in and out of system memory 120 on an as-needed basis[the core is also to perform operations corresponding to the VM page-in instruction]. 
).

a hardware core, including an instruction decoder to decode a create key domain instruction and a virtual machine (VM) page-in instruction, 
wherein the core is to perform operations corresponding to the create key domain instruction, including to create a key domain in which to execute a VM, and wherein the core is also to perform operations corresponding to the VM page-in instruction
One of ordinary skill in the art would have made this modification to improve the ability of the system to decode and execute instructions, including decoding and executing instructions for creating the key domain and paging the virtual machine pages. The system (Chen, ‘a practical system’, page 3, left side column, section 2.1, 1st paragraph) of the primary reference can be modified to decode and execute the create domain instruction and VM paging instruction, as taught in the Gupta reference. 

As per claim 2, the rejection of claim 1 is incorporated herein. 
Chen discloses wherein: the core is also to execute a VM page-out instruction to page the first VM guest page out of the key domain; and 
the encryption engine is also to encrypt the first VM guest page responsive to the VM page-out instruction.
(See Chen 
[page 4, figure 1, which shows receiving multiple requests, i.e. each arrow indicates a read or write request, and the subscript indicates whether an application or kernel is making the request to perform the read/writing, and the 3 states as depicted in figure 1 shows changing VM page-out instruction ]

Chen page 4, right side column, 4th paragraph
Figure 1 presents the basic state transition diagram for managing
cloaked pages. When the cloaked page is accessed via the
system shadow [this will cause the processor core to perform operations including VM page-out  i.e. the system request comes from other than an application ](transition 1), the VMM unmaps the page [page the first VM guest page out of the key domain]from the
application shadow, encrypts the page,[ encrypt the first VM guest page] 

Chen page 4, right hand column, bottom paragraph 
…… if the kernel swaps a cloaked page to disk[page the first VM guest page out of the key domain], which is later paged in due to an application read[this shows that there are scenarios where the page may be on disk and paged into memory in response to an application read, thus disclosing page a first virtual machine guest page into a key domain]
Chen page 4, 2nd paragraph under section 3.2 
The “context” that determines which view (shadow page table) to use for a particular
memory access can be defined in terms of any state accessible
to the VMM, such as ……, instruction pointer [instruction; the instruction pointer points to each instruction to be executed, instruction can be the software code instruction being executed; one or more of these instructions being executed by the processor will be an instruction to page-in or page-out a VM page]
)

As per claim 3, the rejection of claim 1 is incorporated herein. 
wherein the key domain is to include a plurality of protected memory locations to store a plurality of VM guest pages, including the first VM guest page.
(See Chen 
page 3, right side column, bottom para. 
VMM also typically manages separate shadow page tables, which contain GVPN-to-MPN mappings [shadow page tables indicate some portion of memory that may be protected against OS/kernel access. The portion of memory referenced in a shadow page table would  disclose the key domain; GVPN-to-MPN mappings indicate that some referenced portion of memory has been allocated corresponding to respective GVPN-to-MPN mappings]
)



Claim 4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chen in view of Klein, in view of Gupta, further in view of Sagi et al. U.S. Publication 20120179909 (hereinafter “Sagi”).
As per claim 4, the rejection of claim 3 is incorporated herein. 
Chen discloses decrypting a page and a key used for encryption/decryption of pages
(See Chen 
[to provide to the encryption engine for decrypting the plurality of VM guest pages is intended use and carries no patentable weight]
page 4, right side column, 2nd paragraph Overshadow currently uses a single secret key KVMM[key domain key] managed by the VMM to encrypt all pages
Page 10, section 7.7 The VMM arbitrates who is allowed to access what resources,
regardless of the key with which it was encrypted. 
Chen page 4, right side column,  5th paragraph down, When the encrypted page is subsequently accessed via the application shadow (transitions 2 or 3), the VMM unmaps the page from the system shadow, verifies its integrity hash, decrypts the page, and maps the page into the application shadow. 
Page 2, right side column, 2nd to the bottom paragraph, 
Overshadow leverages this mechanism to present an application
with a cleartext view of its pages[the plurality of VM guest pages], and the OS with an
encrypted view, a technique we call cloaking
 )  

However, the combination of Chen, Klein, and Gupta does not expressly disclose 
wherein execution of the create key domain instruction includes
decrypting an encrypted key domain key to provide to the encryption engine for decrypting the plurality of VM guest pages.
decrypting an encrypted key to provide to the system for decrypting encrypted data.
(See Sagi Para. 
[0020]……. decrypting the symmetric key using the at least one private key and 
returning the decrypted symmetric key to the second data processing system.
[0083] the virtual machines VM1 824, VM2 826, VM3 828 and VMn 829 are cryptographically protected 
[0072] the second data processing system …… decrypting a corresponding 
one of the plurality of digital documents using the returned decrypted 
symmetric key.
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Chen, Klein, and Gupta with the technique for decrypting an encrypted key and providing such decrypted key to another component for decrypting data of Sagi to include 
decrypting an encrypted key domain key to provide to the encryption engine for decrypting the plurality of VM guest pages.
One of ordinary skill in the art would have made this modification to improve the ability of the system to maintain the security of the key for decrypting VM pages. The system (VMM) of the primary reference can be modified to include an additional component to decrypt a key and provide the decrypted key to another component such as the VMM for decrypting VM pages as needed, as taught in the Sagi reference. Having an encrypted key and another component to decrypt the key is more secure since the VMM does not store the key in plaintext.

Claims 5, 6, and 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chen in view of Klein, in view of Gupta, further in view of Steinberg et al. U.S. Patent No. 10846117 (hereinafter “Steinberg”).
As per claim 5, the rejection of claim 1 is incorporated herein. 
Chen discloses receiving a request to page in a VM page
(See Chen page 4, right side column,  5th paragraph down, When the encrypted page is subsequently accessed [this causes execution of VM page-in instruction by the processor core] via the application shadow (transitions 2 or 3), the VMM unmaps the page from the system shadow, verifies its integrity hash, decrypts the page, and maps the page[page a first virtual machine (VM) guest page= page] into the application shadow. 
)
However, the combination of Chen, Klein, and Gupta does not expressly disclose 
wherein the VM page-in instruction is to specify a first guest physical address to indicate a start of a guest physical address range for the first VM.
Steinberg discloses including a guest physical address range in a request
(See Steinberg
17:52-56 probe request issued to the virtualization layer includes a guest-physical memory address range to which the agent 360 can request the guest monitor 352 to map the two buffers of the communication interface 600 into its guest-physical address space. 
18:38-49 agent has knowledge of how the guest-physical address space (i.e., virtual machine memory map) is used (allocated) by the guest operating system, and thus, is able to select an address range for the communication interface buffers. …..Once the address range is chosen, the virtual device (communication interface 600) is present in (physical) memory 220, e.g., at a location (i.e., host-physical address space) mapped by the virtualization layer to appear (in the virtual machine) at the guest-physical address range [a range would indicate  a beginning and end of the range ]requested by the agent. 

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Chen, Klein, and Gupta with the technique for including a guest physical address range in the request of Steinberg to include 
wherein the VM page-in instruction is to specify a first guest physical address to indicate a start of a guest physical address range for the first VM.
One of ordinary skill in the art would have made this modification to improve the ability of the system to specify a range of guest physical addresses for paging in a guest page. The system (VMM) of the primary reference can be modified to require specification of a guest physical address range including the beginning of the range.




Chen discloses receiving a request to page in a VM page
(See Chen page 4, right side column,  5th paragraph down, When the encrypted page is subsequently accessed [this causes processor core execution of VM page-in instruction] via the application shadow (transitions 2 or 3), the VMM unmaps the page from the system shadow, verifies its integrity hash, decrypts the page, and maps the page[page a first virtual machine (VM) guest page= page] into the application shadow. 
)
However, the combination of Chen, Klein, and Gupta does not expressly disclose 
wherein the VM page-in instruction is to specify a second guest physical address to indicate an end of the guest physical address range for the first VM.
Steinberg discloses including a guest physical address range in a request
(See Steinberg
17:52-56 probe request issued to the virtualization layer includes a guest-physical memory address range to which the agent 360 can request the guest monitor 352 to map the two buffers of the communication interface 600 into its guest-physical address space. 
18:38-49 agent has knowledge of how the guest-physical address space (i.e., virtual machine memory map) is used (allocated) by the guest operating system, and thus, is able to select an address range for the communication interface buffers. …..Once the address range is chosen, the virtual device (communication interface 600) is present in (physical) memory 220, e.g., at a location (i.e., host-physical address space) mapped by the virtualization layer to appear (in the virtual machine) at the guest-physical address range [a range would indicate  a beginning and end of the range ]requested by the agent. 
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Chen, Klein, guest physical address range in the request of Steinberg to include 
wherein the VM page-in instruction is to specify a second guest physical address to indicate an end of the guest physical address range for the first VM.
One of ordinary skill in the art would have made this modification to improve the ability of the system to specify a range of guest physical addresses for paging in a guest page. The system (VMM) of the primary reference can be modified to require specification of a guest physical address range including the beginning of the range.

As per claim 9, the rejection of claim 2 is incorporated herein. 
Chen discloses VM page-out instruction
(see rejection of claim 2) 

However, the combination of Chen, Klein, and Gupta does not expressly disclose 
wherein the VM page-out instruction is to specify a first guest physical address to indicate a start of a guest physical address range for the first VM and a second guest physical address to indicate an end of the guest physical address range for the first VM.
Steinberg discloses including a guest physical address range 
(See Steinberg
17:52-56 probe request issued to the virtualization layer includes a guest-physical memory address range to which the agent 360 can request the guest monitor 352 to map the two buffers of the communication interface 600 into its guest-physical address space. 
18:38-49 agent has knowledge of how the guest-physical address space (i.e., virtual machine memory map) is used (allocated) by the guest operating system, and thus, is able to select an address range for the communication interface buffers. …..Once the address range is chosen, the virtual device (communication interface 600) is present in (physical) memory 220, the guest-physical address range [a range would indicate  a beginning and end of the range ]requested by the agent. [The guest is the VM, i.e. the address range is for the first VM]
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Chen, Klein, and Gupta with the technique for including a guest physical address range of Steinberg to include 
wherein the VM page-out instruction is to specify a first guest physical address to indicate a start of a guest physical address range for the first VM and a second guest physical address to indicate an end of the guest physical address range for the first VM.
One of ordinary skill in the art would have made this modification to improve the ability of the system to specify guest physical addresses for paging in a guest page. The system (VMM) of the primary reference can be modified to require specification of a guest physical address range including the beginning and end of the range in the paging out instruction range.


Claim 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chen in view of Klein, in view of Gupta, further in view of Hayakawa et al. U.S. Publication 20110202919 (hereinafter “Hayakawa”).
As per claim 7, the rejection of claim 3 is incorporated herein. 
Chen discloses a first protected memory location to store the first VM guest page.
(See Chen 
section 7.1, 1st paragraph 
an RMD is an ordered set of (IV,H)
pairs, one per encrypted page[protected memory location], addressed by a 32-bit resource page number (RPN). 
Chen section 7.1, 2nd paragraph When a resource is mapped into memory[store the first VM guest page], its RMD is loaded into the metadata cache (MDC) in the VMM. A single MDC
caches metadata for all cloaked resources mapped by the guest.
Chen page 4, right hand column, bottom paragraph 
…… if the kernel swaps a cloaked page to disk, which is later paged in[store the first VM guest page] due to an application read) 
However, the combination of Chen, Klein, and Gupta does not expressly disclose wherein the VM page-in instruction is to specify a host physical address of a first protected memory location to store the first VM guest page.

Hayakawa discloses wherein the instruction is to specify a host physical address of a first protected memory location to store the first VM guest page.
(See Hayakawa [to store the first VM guest page is intended use and is given no patentable weight]
Para. 
write request specifying a guest 
logical address from a program [this could be an application program like in the base reference ]being executed on this guest OS (4).  The 
physical CPU (11), which is executing this guest OS (4), identifies the host 
physical address corresponding to this guest logical address based on the 
shadow page table (2321).  The physical CPU (11) writes data in accordance with 
a write request to the physical page denoted by this host physical address[specify a host physical address; the write request specifies a host address indirectly by indicating the guest logical address in the request].  
See also para. [0085] 
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Chen, Klein, and Gupta with the technique for indirectly specifying a host physical address of Hayakawa to include 
wherein the VM page-in instruction is to specify a host physical address of a first protected memory location to store the first VM guest page.
One of ordinary skill in the art would have made this modification to improve the ability of the system to specify a host physical address for performing an operation by indicating a guest logical address which indirectly specifies the host physical address. The guest logical address can be translated to such host physical address. The system (VMM) of the primary reference can be modified to specify the host physical address for storing guest page.


Claim 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chen in view of Klein, in view of Gupta, in view of Hayakawa, further in view of Tsirkin et al. U.S. Publication 20180060249 (hereinafter “Tsirkin”). 
As per claim 8, the rejection of claim 7 is incorporated herein. 
	However, the combination of Chen, Klein, Gupta, and Hayakawa does not expressly disclose wherein the VM page-in instruction is to specify permissions for accessing the first protected memory location.
Tsirkin discloses wherein the instruction is to specify permissions for accessing the first protected memory location.
(See Tsirkin Para. 
[0043] 
Loading code 204 is code within guest 111 that has access to guest memory 114 
and is able to modify the guest 111's memory permissions specified in second 
set of hypervisor page tables 116-2 (see FIG. 3) by sending a request to 
hypervisor 108 to do so.  
[0029] Additionally, a hypervisor page table may store access permissions 
for one or more memory pages (e.g., in guest memory 114).  Examples of access 
permission modes are read-only, write-only, write-protected (e.g., read-execute 
only), read-write only, and read-write-execute only.  
[0032]  modify one or more guest 
memory permissions stored in a hypervisor page table in a secure fashion
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Chen, Klein, Gupta, and Hayakawa with the technique for making changes to guest page permissions in response to a request to modify permissions of pages of a guest of Tsirkin to include 
wherein the VM page-in instruction is to specify permissions for accessing the first protected memory location.
One of ordinary skill in the art would have made this modification to improve the ability of the system to provide for expressing and/or executing instruction for customized permissions for guest pages. The system (hypervisor, page 3, right side column, 5th paragraph) of the primary reference can be modified to execute VM page-in instructions which may include specified permissions associated with a guest page, and the permissions may be indicated for a 1st protected memory location. 

Claim 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chen in view of Klein, in view of Gupta, in view of Steinberg, further in view of Tsirkin.
As per claim 10, the rejection of claim 9 is incorporated herein. 
Chen discloses executing multiple instructions
(See Chen 
page 4, 2nd paragraph under section 3.2 
The “context” that determines which view (shadow page table) to use for a particular
memory access can be defined in terms of any state accessible
to the VMM, such as ……, instruction pointer
)

	However, the combination of Chen, Klein, Gupta, and Steinberg does not expressly disclose wherein the VM page-out instruction is to specify permissions for accessing the first VM guest page.
Tsirkin discloses wherein the instruction is to specify permissions for accessing the first VM guest page.
(See Tsirkin Para. 

Loading code 204 is code within guest 111 that has access to guest memory 114 
and is able to modify the guest 111's memory permissions specified in second 
set of hypervisor page tables 116-2 (see FIG. 3) by sending a request to 
hypervisor 108 to do so.  
[0029] Additionally, a hypervisor page table may store access permissions 
for one or more memory pages (e.g., in guest memory 114).  Examples of access 
permission modes are read-only, write-only, write-protected (e.g., read-execute 
only), read-write only, and read-write-execute only.  
[0032]  modify one or more guest 
memory permissions stored in a hypervisor page table in a secure fashion
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Chen, Klein, Gupta, and Steinberg with the technique for specifying and making changes to guest page permissions Tsirkin to include wherein the VM page-out instruction is to specify permissions for accessing the first VM guest page.
One of ordinary skill in the art would have made this modification to improve the ability of the system to provide for executing instruction for customized permissions for guest pages. The system (hypervisor, page 3, right side column, 5th paragraph) of the primary reference can be modified so that the paging out instruction for the virtual machines also specify the permissions for accessing the VM page.


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HOWARD H LOUIE whose telephone number is (571)272-0036.  The examiner can normally be reached on Monday-Friday 9 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung W. Kim can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR 

/HOWARD H. LOUIE/Examiner, Art Unit 2494                                                                                                                                                                                                        
/THEODORE C PARSONS/Primary Examiner, Art Unit 2494