Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant’s submission filed on 03/04/2022 has been entered.
As per instant Amendment, claims 1, 5, 7, 9, 13, 15, 17, 20-21 and 23 have been amended; claims 4, 12 and 25 have been cancelled and claims 26-28 have been added. 
Claims 1-3, 5-7, 9-11, 13-15, 17-19, 21-23 and 26-28 are pending as the claim 20 is cancelled according to the examiner’s amendment below.
EXAMINER’S AMENDMENT
An Examiner’s Amendment to the record appears below.  Should the changes and/or additions be unacceptable to Applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this Examiner’s Amendment was given in a telephone interview with Applicant’s representative, Mrs. Leslie E. Dalglish (Reg. No. 40,579) on February 9th, 2022.  During the telephone conference, Mrs. Leslie has agreed and authorized the Examiner to amend claim 21 and to cancel claim 20. 
The application has been amended as follows:
CLAIMS
Replacing claims 20 and 21 as follows:
Claim 20. (Cancelled)
Claim 21. (Currently Amended) The method of claim 17, further comprising:
generating, responsive to the detecting the integrity failure, an error code indicating that the integrity failure has been detected;
determining an operating mode of the second VM associated with the second instruction; and
providing the generated error code to a destination that is based on the determined operating mode of the second VM.
Response to Arguments
The rejection to the claims 4-6, 12-14 and 20-22 under 35 U.S.C. 112(a), are withdrawn as the claims have been cancelled.
The rejection to the claims 1-7, 9-15 and 17-23 under 35 U.S.C. 112(b), are withdrawn as the claims have been amended. 
 The previous rejection of claims 1-7, 9-15 and 17-23 under 35 U.S.C. § 103, is withdrawn in response to the applicant's amendments.
Allowable Subject Matter
 Claims 1-3, 5-7, 9-11, 13-15, 17-19, 21-23 and 26-28 are allowed in light of the Applicant’s arguments/amendments and in light of the prior art made of record.
 The following is an examiner’s statement of reasons for allowance: 
As to claims 1-3, 5-7, 9-11, 13-15, 17-19, 21-23 and 26-28, the closest prior arts, Hunt (US 2019/0182040), in view of August (US 2019/0042750), in view of Rozas (US 2016/0378688), in view of Franklin (US 6,000,832), in view of Durham (US 2018/0091308) and further in view of Hashimoto (US 2015/0370727), alone or in combination fails to anticipate or render obvious the claim invention.  
Hunt (prior art of record) discloses a processor executes one or more virtual machines (VMs) and executes a hypervisor to partition the server hardware among the VMs and to isolate the VMs from each other; each VM provides a secure and isolated hardware-emulation environment for one or more virtual processors, whereby each virtual processor executes a corresponding guest operating system (OS); the write request is a secure memory access request, the northbridge  identifies one of the encryption keys that is assigned to the entity (e.g., program, VM, software service, and the like) that generated the memory access request and the processor generates memory access requests, including write requests to store data at the memory and read requests to retrieve data from the memory . Each memory access request includes a memory address (e.g. a system physical See par. 0001, 0015-0017 and 0020-0021of Hunt.
August (prior art of record) discloses a hardware element include a checking unit that performs verification, the checking unit may include a verification engine for checking correctness of instructions. For every store operation, a MAC is generated based on a stored value, address of the store, and a secret key; The hardware element generates a MAC value corresponding to each load. Each MAC value is based on a loaded value, a memory load address, and a secret key. The hardware element determines if the loaded MAC value and the generated MAC value are equal. This may be done by comparing the generated MAC value with a MAC value in the buffer if the buffer contains an entry for the memory load address or by comparing the generated MAC with the loaded MAC value sent as part of the untrusted trace information- See par. 0030, 0035, 0037, 0069, 0075 and 0080 of August.
Rozas (prior art of record) discloses a cryptographic unit optionally be operative to cryptographically provide integrity protection and/or authentication to the code and/or data of protected containers; the cryptographic unit may automatically compute a message authentication code, or other authentication or integrity check data, for code and/or data of protected containers before the code and/or data is stored out of the processor (e.g., to system memory); the key manager protected container may control or manage a set of one or more per-OS container or OS container specific keys (e.g., key hierarchies) each corresponding to a different one of the OS containers that has a corresponding protected container- See par. 0036 and 0046 of Rozas.
See the abstract, col. 5; lines 28-37 and col. 12; lines 13-14.  of Franklin.
Durham (prior art) discloses a system for managing encrypted memory comprises a processor to store a first MAC based on data stored in system memory in response to a write operation to the system memory. The processor can also detect a read operation corresponding to the data stored in the system memory, calculate a second MAC based on the data retrieved from the system memory, determine that the second MAC does not match the first MAC, and recalculate the second MAC with a correction operation. Furthermore, the processor can decrypt the data stored in the system memory in response to detecting the recalculated second MAC matches the first MAC and transmit the decrypted data to cache thereby correcting memory errors - See the abstract of Durham.
Hashimoto (prior art) discloses a device executes reading and writing for a storage unit storing a table tree and verifier tree and a MAC value of a respective data block is generated based on a content of the data block and its allocated address, and the generated MAC value is managed by a MAC block associated with (related to) a reference source block that refers to the data block- See the abstract and par. 0256 of Hashimoto.
Hunt, August, Rozas, Franklin, Durham and Hashimoto teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent claims, 1, 9 and 17.  For example, none of the cited prior art teaches or suggest the steps of generate a first message authentication code (MAC) based on a combination of at least first target data to be stored via the write operation, a first cryptographic key that is specific to the first VM of the multiple VMs, and a first physical memory address in which the first target data is to be stored via the write operation; perform, subsequent to the write operation, a second read operation at the first physical memory address by a second VM of the multiple VMs;  generate a third message authentication code (MAC) based on a combination of at least the first target data retrieved from the first physical memory address, a second cryptographic key that is specific to the second VM of the multiple VMs, and the first physical memory address; and detect an integrity failure based on a comparison of the first MAC and the third MAC. 
These limitations, in conjunction with all other limitations, has not been disclosed, suggested or made obvious over the prior art of record either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed.  For these reasons, as well as the other limitations and in the light of amendments to the claims of the independent claims, puts these claims in condition for allowance.
Claims 2-3, 5-7, 10-11, 13-15, 18-19, 21-23 and 26-28 are directly or indirectly dependent upon claims 1, 9 and 17 therefore, they are also allowable over the prior arts of record.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANCHIT K SARKER whose telephone number is (571)270-7907. The examiner can normally be reached M-F 8:30 AM-5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, FARID HOMAYOUNMEHR can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx 





/SANCHIT K SARKER/Examiner, Art Unit 2495