DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
This is a Non-Final Office Action in response to the communication filed on March 08, 2019.
Claims 1-25 have been examined.


Drawings
The drawings filed on March 08, 2019 are acceptable for examination proceedings.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on July 30, 2019, and September 10, 2021 were filed after the mailing date of the application 16/296308 on March 08, 2019.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 101 (CRM Analysis)
Claims 19-25 are directed to "computer readable storage medium" and applicant's specification support for said “computer readable storage medium” is being limited to a statutory embodiment (See, Specification Para 0150). 

Allowable Subject Matter
Claims 3-6, 12-15, and 21-24 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
 The following is an examiner’s statement of reasons for allowance: 
Regarding dependent claims 3, 12, and 21:
The closest prior art Kaplan et al. (U.S. 2018/0189190 A1) discloses different level of access with different permission levels or different number or type of permissions (Kaplan, Para 0071), but fails to specially disclose “…whether the page is currently identified as secure with the secure storage protection indicator being set and the page registered to the secure domain of the secure entity; and registering, …the page to the secure domain as shared based on determining that the page was identified as secure and registered to the secure domain of the secure entity”.

Agesen et al. (U.S. 8,006,043 B2 [provided by applicant]) discloses “In a virtualized system using memory page sharing, a method is provided for maintaining sharing when Guest code attempts to write to the shared memory. In one embodiment, virtualization logic uses a pattern matcher to recognize and intercept page zeroing code in the Guest OS. When the page zeroing code is about to run against a page that is already zeroed, i.e., contains all zeros, and is being shared, the memory writes in the page zeroing code have no effect”.

determining, by the secure interface control, whether the page is currently identified as secure with the secure storage protection indicator being set and the page registered to the secure domain of the secure entity; 
and registering, by the secure interface control, the page to the secure domain as shared based on determining that the page was identified as secure and registered to the secure domain of the secure entity” along with other limitations dependent claims 3, 12, and 21.
Furthermore, the prior arts alone or in combination fails to teach or suggest the claimed limitation of dependent claims 4, 13, and 18 “..based on determining that the page is currently identified as secure, registered to the secure domain of the secure entity, and the page is not currently locked; and preventing, by the secure interface control, the secure entity or the secure interface control in a different context from accessing the page when locked”.
For this reason, the specific claim limitations recited in the dependent claims 3, 12, and 21 taken as whole are allowed.
The dependent claims 4-6, 13-15, and 18-20 which are dependent on the above dependent claims 3, 12, and 21 being further limiting to the dependent claim, definite and enabled by the specification are also allowed.
	 Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance”.

Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-2, 7-11, 16-20, and 25 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Kaplan et al. (U.S. Patent Application Publication No.: US 2018/0189190 A1 / or “Kaplan” hereinafter).

Regarding claim 1, Kaplan discloses “A method comprising” (Para 16; and Fig. 11: a process is disclosed): 
“enabling, by a secure interface control of a computer system, a non-secure entity of the computer system to access a page of memory shared between the non-secure entity and a secure domain of the computer system based on the page being marked as non- secure with a secure storage protection indicator of the page being clear” (Fig. 1: Computing Device 200 i.e., a “computer system” and Para 0041; Platform Secure Processor 232 i.e., a “secure interface control” and Para 0036; Para 0042, the computing device 200 with hypervisor i.e., a “non-secure entity” is allowed access to a page table i.e., a “page of memory” that is shared between the hypervisor and a virtual machine [where the virtual machine has its separate operating environment i.e.,  “ secure domain”.  Para 0028, the virtual machine can access the memory page when the validation bits are removed i.e., a “secure storage protection indicator of the page being clear”); 
“verifying, by the secure interface control, that the secure storage protection indicator of the page is clear prior to allowing the non-secure entity to access the page” (Para 0028, the virtual machine can access the memory page when the validation bits are removed i.e., a “secure storage protection indicator of the page being clear”);
 “and providing, by the secure interface control, a secure entity of the secure domain with access to the page absent a check of the secure storage protection indicator of the page” (Para 0141, a virtual machine i.e., a “secure entity” is allowed access if the pages are not protected).

Regarding claim 2, in view of claim 1, Kaplan discloses “further comprising: verifying, by the secure interface control, that a dynamic address translation mapping established by the non-secure entity, and used by the secure entity, is unchanged prior to providing the secure entity with access to the page” (Para 0021, and 0025-0026, a virtual machine consult a translation lookaside buffers i.e., a “dynamic translation mapping” established by the hypervisor i.e., the “non-secure entity”; Para 0067, allowed access based on lock indicator).

Regarding claim 7, in view of claim 1, Kaplan discloses “wherein the secure domain is checked and updated through a zone-security table comprising a secure domain identifier associated with the page and virtual address mapping data associated with the page” (Para 0060-63, pages are assigned based on guest identifier).

wherein the secure storage protection indicator comprises a bit in hardware of the computer system for each page of a plurality pages of the memory” (Para 0028, a bit is used).

Regarding claim 9, in view of claim 1, Kaplan discloses “wherein the secure interface control comprises firmware, hardware, or a combination of firmware and hardware” (Para 0041; Platform Secure Processor 232 i.e., a “secure interface control);
 “the non-secure entity comprises a hypervisor” (Para 0036; Para 0042, the computing device 200 with hypervisor i.e., a “non-secure entity”); 
“and the secure entity comprises a virtual machine that is a secure guest hosted by the hypervisor in the secure domain” (Para 0141, a virtual machine i.e., a “secure entity”).

Regarding claim 10, Kaplan discloses “A system comprising” (Para 0027, a system is disclosed):
 “a memory” (Fig. 1, and Para 0034: memory); 
“and a secure interface control of a processing unit configured to perform a plurality of operations comprising:
 enabling a non-secure entity to access a page of the memory shared between the non-secure entity and a secure domain of the system based on the page being marked as non-secure with a secure storage protection indicator of the page being clear; 
verifying that the secure storage protection indicator of the page is clear prior to allowing the non-secure entity to access the page; 
and providing a secure entity of the secure domain with access to the page absent a check of the secure storage protection indicator of the page” (See rejection of claim 1).

Regarding claim 11, in view of claim 10, Kaplan discloses “wherein the secure interface control is configured to perform operations comprising: verifying that a dynamic address translation mapping established by the non- secure entity, and used by the secure entity, is unchanged prior to providing the secure entity with access to the page” (See rejection of claim 2).

Regarding claim 16, in view of claim 10, Kaplan discloses “wherein the secure domain is checked and updated through a zone-security table comprising a secure domain identifier associated with the page and virtual address mapping data associated with the page” (See rejection of claim 7).

Regarding claim 17, in view of claim 10, Kaplan discloses “wherein the secure storage protection indicator comprises a bit in hardware of the computer system for each page of a plurality pages of the memory” (See rejection of claim 8).

Regarding claim 18, in view of claim 10, Kaplan discloses “wherein the secure interface control comprises firmware, hardware, or a combination of firmware and hardware; the non-secure entity comprises a hypervisor; 
and the secure entity comprises a virtual machine that is a secure guest hosted by the hypervisor in the secure domain” (See rejection of claim 9).
A computer program product comprising a computer readable storage medium, the computer readable storage medium comprising computer executable instructions, which when executed by a secure interface control of a processing unit causes the processing unit to perform a method comprising” (Para 0034, and Para 00145: computer storage medium is disclosed): 
“enabling a non-secure entity of the computer system to access a page of memory shared between the non-secure entity and a secure domain of the computer system based on the page being marked as non-secure with a secure storage protection indicator of the page being clear; 
verifying that the secure storage protection indicator of the page is clear prior to allowing the non-secure entity to access the page; 
and providing a secure entity of the secure domain with access to the page absent a check of the secure storage protection indicator of the page” (See rejection of claim 1).

Regarding claim 20, in view of claim 19, Kaplan discloses “wherein the executable instructions further cause the processing unit to perform: verifying that a dynamic address translation mapping established by the non- secure entity, and used by the secure entity, is unchanged prior to providing the secure entity with access to the page” (See rejection of claim 2).

Regarding claim 25, in view of claim 19, Kaplan discloses “wherein the secure domain is checked and updated through a zone-security table comprising a secure domain identifier associated with the page and virtual address mapping data associated with the page” (See rejection of claim 7).
Relevant Prior Arts
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Azab et al. (U.S. Patent No.: US 2015/0199507 A1) discloses “…normal world virtual processor and a secure world virtual processor are instantiated on a target device. A target operating system is executed on the normal world virtual processor. An integrity verification agent is executed on the secure world virtual processor. One or more predetermined operations attempted on the normal world virtual processor are trapped to the secure world virtual processor. The integrity verification agent is used to determine the effect of the execution of the trapped operations on the target device” (Abstract).

Agesen et al. (U.S. 8,006,043 B2 [provided by applicant]) discloses:
In a virtualized system using memory page sharing, a method is provided for maintaining sharing when Guest code attempts to write to the shared memory. In one embodiment, virtualization logic uses a pattern matcher to recognize and intercept page zeroing code in the Guest OS. When the page zeroing code is about to run against a page that is already zeroed, i.e., contains all zeros, and is being shared, the memory writes in the page zeroing code have no effect. The virtualization logic skips over the writes, providing an appearance that the Guest OS page zeroing code has run to completion but without performing any of the writes that would have caused a loss of page sharing. The pattern matcher can be part of a binary translator that inspects code before it executes [Abstract].

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDULLAH ALMAMUN whose telephone number is         (571) 270-3392.  The examiner can normally be reached on 8 AM - 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ABDULLAH ALMAMUN/Examiner, Art Unit 2431                                                                                                                                                                                                        
/LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431