DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is response to the RCE filed on 02/23/2022.
Claims 1-4, 6-11, 13-18, 20, 21 and 24-26 are currently pending in this application. Claims 24-26 are new. No new IDS has been filed.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after allowance. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, prosecution in this application has been reopened pursuant to 37 CFR 1.114.  Applicant's submission filed on 02/23/2022 has been entered.

Examiner’s Note
Applicants are suggested to include information of the figures 3 and 4 with related text of the specification into the claims to provide the application in a condition for an allowance. 

Response to Arguments
In response to the applicants’ filing of the RCE, an updated search for the current claims is performed. Accordingly, the prior art rejections to the claims are stated below. 

The applicants, in page 8 of the remarks, have argued that “… support for new claims 24-26 may be found throughout the specification …”, however, the claimed limitations are not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, at the time the application was filed, had possession of the claimed invention. See the 112 rejections section below for detail.

Thus, the applicants’ arguments are not persuasive. Please see amended rejections below for the current claims.

Claim Objections
Claims 25 and 26 are objected to because of the following informalities:  the claims recite “The computer-readable storage medium of claim 24 …”, which appears to be “The non-transitory computer-readable storage medium of claim 24 …”.  
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a)  IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

Claims 24-26 are rejected under 35 U.S.C. 112(a) as failing to comply with the written description requirements.

New claims 24-26 recite subject matter, “… provide the encryption key associated with the first shared virtual memory space to the first virtual machine to encrypt data … provide the encryption key associated with the first shared virtual space to a second virtual machine … to decrypt data … ”, which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, at the time the application was filed, had possession of the claimed invention. 
The specification, in paras. 0040-0042 describes, “… virtual machine process 508-1 may encrypt data 524 using an encryption key 530 in order to obtain encrypted data 532 … encryption key 530 may comprise a symmetric encryption key … encryption key 530 may comprise a dedicated encryption key for use in encryption and decryption of data being provided to the virtual machine corresponding to virtual machine process 508-2 by the virtual machine corresponding to virtual machine process 508-1 … virtual machine process 508-2 may retrieve encrypted data 532 from public virtual memory space 526 and decrypt encrypted data 532 using an encryption key 536 …”. However, these information does not describe the claimed limitations, “… provide the encryption key associated with the first shared virtual memory space to the first virtual machine to encrypt data … provide the encryption key associated with the first shared virtual space to a second virtual machine … to decrypt data … 
Claims 25 and 26 depend from the claim 24, and are analyzed and rejected accordingly. 

The following is a quotation of 35 U.S.C. 112(b):
(B)  CONCLUSION. — The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
 

Claims 24-26 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.
The applicants are suggested to review all claims for clarification (e.g., compatibility, antecedent basis or grammatical issues) and some (not all) of them are indicated below.  

Claim 24 recites:
“… define a plurality of shared virtual memory spaces, the respective ones of the shared virtual memory spaces to be associated with a respective encryption key of a plurality of encryption keys …”, however, it is not clear (1) what “the respective ones” is respecting to (e.g., a shared virtual memory space, a virtual machine or a virtual machine process); (2) “the respective ones” has an antecedent basis issue; (3) whether the respective one is actually associating with a respective encryption or not (e.g., the usage of term “to be” is intended use) – suggested to use “first”, “second”, etc. instead of “respective ones”;
“… define … the respective ones of the shared virtual memory spaces … assign respective ones of the plurality of memory spaces to respective ones of a plurality of virtual machines…”, however, it is not clear (1) whether “respective ones of the plurality of memory spaces” is the same as “the respective ones of the shared virtual memory spaces” or not; (2) how to define “respective ones”;
 “… space is assigned to provide data to the remaining plurality of virtual machine … provide the encryption key … the first virtual machine to encrypt data to be written … provide the encryption key … virtual machine to decrypt data in the first shared …”, however, it is not clear (1) whether “data” located in three different locations are the same or not; (2) how to define “the remaining plurality of virtual machine” - suggested to use “first”, “second”, etc. instead of “the remaining …”, and “the remaining plurality of virtual machine” has an antecedent basis issue; (3) whether “the encryption key” is the same as “a respective encryption key” included before or not and “the encryption key” has an antecedent basis issue; (3) whether “the encryption key” is used for the decryption process or not; (4) whether or not it is decrypting the (plain/clear) data or how to decrypt the (plain/clear) data.
Claims 25 and 26 depend (and include similar terms, such as “the remaining …”, “to decrypt data …”, etc.) from the claim 24, and are analyzed and rejected accordingly.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any 
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-4, 8-11, 15-18 and 24-26 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Nation et al. (US 2010/0161879 A1).

As per claim 1, Nation teaches an apparatus, comprising: circuitry; memory storing instructions for execution by the circuitry [processor, memory in figs. 1-3, par. 0046 of Nation] to:
define a plurality of shared virtual memory spaces [figs. 4, 6a; par. 0005, lines 1-5; par. 0014, lines 1-10; par. 0053, lines 28-33 of Nation teaches defining a plurality of shared virtual memory spaces (e.g., the memory pages or the configuration entries/spaces)] 
assign respective ones of the plurality of shared virtual memory spaces to respective ones of a plurality of virtual machines executed on the circuitry, a first shared virtual memory space of the plurality of shared virtual memory spaces assigned to a first virtual machine of the plurality of virtual machines [figs. 4, 6b; par. 0014, lines 1-21; par. 0054, lines 1-18 of Nation teaches to assign respective ones of the plurality of shared virtual memory spaces (e.g., one of the memory pages or the configuration entries/spaces) to respective ones of a plurality of virtual machines (e.g., VMID) 
the respective ones of the shared virtual memory spaces to comprise a respective mailbox for the respective ones of the virtual machines to which the shared virtual memory space is assigned to provide data to the remaining plurality of virtual machines [figs. 4, 6b; par. 0040, lines 1-6; par. 0068, lines 14-28 of Nation teaches that the respective ones of the shared virtual memory spaces (e.g., the memory page or the configuration entry/space for the VM0) to comprise a respective mailbox (e.g., the memory resource) for the respective ones (e.g., the VM0) of the virtual machines to which the shared virtual memory space (e.g., the overlapped memory) is assigned to provide data to the remaining plurality of virtual machines (e.g., VM5, etc.)];
encrypt a first data by the first virtual machine; write, by the first virtual machine to the first shared virtual memory space, the encrypted first data to share the encrypted first data with a second virtual machine of the plurality of virtual machines
read, by the second virtual machine, the encrypted first data in the first shared virtual memory space; and decrypt, by the second virtual machine, the encrypted first data [figs. 4, 6b; par. 0045, lines 1-7; par. 0065, lines 9-14; par. 0069, lines 1-12 of Nation teaches to read, by the second virtual machine (e.g., the VM5), the encrypted first data in the first shared virtual memory space (e.g., reading the encrypted data from the shared region of the memory space); and decrypt, by the second virtual machine, the encrypted first data (e.g., the decryption performed by a virtualized device/machine)].

As per claim 2, Nation teaches the apparatus of claim 1. 
Nation further teaches the memory storing instructions for execution by the circuitry to define the plurality of shared virtual memory spaces according to a paged virtual memory scheme [fig. 4; par. 0054, lines 1-14 of Nation teaches to define the plurality of shared virtual memory spaces (e.g., the memory pages or the configuration entries/spaces) according to a paged virtual memory scheme – see also rejections to the claim 1].

As per claim 3, Nation teaches the apparatus of claim 1. 
Nation further teaches the memory storing instructions for execution by the circuitry to generate a shared data notification to notify the second virtual machine of the presence of the encrypted first data in the first shared virtual memory space [par. 0021, lines 5-17 of Nation teaches to generate a shared data notification to notify the second virtual machine of the presence of the encrypted first data in the first 

As per claim 4, Nation teaches the apparatus of claim 1. 
Nation further teaches the second virtual machine not permitted to write to the first shared virtual memory space, the plurality of shared virtual memory spaces writable only by the respective virtual machine of the plurality of virtual machines to which the respective shared virtual memory space is assigned, the plurality of shared virtual memory spaces readable by the plurality of virtual machines [fig. 6b; par. 0069, lines 4-12, 36-39 of Nation teaches the second virtual machine not permitted to write (e.g., the read only memory region for one machine, such as the second virtual machine) to the first shared virtual memory space (e.g., the overlapping memory region), the plurality of shared virtual memory spaces writable only by the respective virtual machine (e.g., the virtual machine with read/write access attribute) of the plurality of virtual machines to which the respective shared virtual memory space is assigned, the plurality of shared virtual memory spaces readable by the plurality of virtual machines – see also rejections to the claim 1].

Claims 8-11 are method claims that correspond to the apparatus claims 1-4, and are analyzed and rejected accordingly.
Claims 15-18 are non-transitory computer-readable storage medium claims that correspond to the apparatus claims 1-4, and are analyzed and rejected accordingly.

As per claim 24, Nation teaches a non-transitory computer-readable storage medium comprising instructions that, when executed by a processor, cause the processor [processor, memory in figs. 1-3, par. 0046 of Nation] to:
define a plurality of shared virtual memory spaces, the respective ones of the shared virtual memory spaces to be associated with a respective encryption key of a plurality of encryption keys [figs. 4, 6a; par. 0005, lines 1-5; par. 0014, lines 1-10; par. 0053, lines 28-33; par. 0065, lines 16-24 of Nation teaches defining a plurality of shared virtual memory spaces (e.g., the memory pages or the configuration entries/spaces), the respective ones of the shared virtual memory spaces to be associated with a respective encryption key of a plurality of encryption keys (e.g., supporting different encryption keys across various virtual machines associated with a given memory appliance, including shared memory spaces]; 
assign respective ones of the plurality of shared virtual memory spaces to respective ones of a plurality of virtual machines, a first shared virtual memory space of the plurality of shared virtual memory spaces assigned to a first virtual machine of the plurality of virtual machines
the respective ones of the shared virtual memory spaces to comprise a respective mailbox for the respective ones of the virtual machines to which the shared virtual memory space is assigned to provide data to the remaining plurality of virtual machines [figs. 4, 6b; par. 0040, lines 1-6; par. 0068, lines 14-28 of Nation teaches that the respective ones of the shared virtual memory spaces (e.g., the memory page or the configuration entry/space for the VM0) to comprise a respective mailbox (e.g., the memory resource) for the respective ones (e.g., the VM0) of the virtual machines to which the shared virtual memory space (e.g., the overlapped memory) is assigned to provide data to the remaining plurality of virtual machines (e.g., VM5, etc.)];
provide the encryption key associated with the first shared virtual memory space to the first virtual machine to encrypt data to be written to the first shared virtual memory space [figs. 4, 6b; par. 0045, lines 1-7; par. 0065, lines 14-19; par. 0069, lines 1-12 of Nation teaches to provide the encryption key (e.g., supporting the encryption key) associated with the first shared virtual memory space (e.g., the shared region of the memory space for VM0) to the first virtual machine to encrypt data to be written to the first shared virtual memory space (e.g., encrypted data to the shared region of VM0 and VM5)]; and 
provide the encryption key associated with the first shared virtual memory space to a second virtual machine of the plurality of virtual machines to decrypt data in the first shared virtual memory space [figs. 4, 6b; par. 0045, lines 1-7; par. 0065, lines 9-14; par. 0069, lines 1-12 of Nation 

As per claim 25, Nation teaches the computer-readable storage medium of claim 24. 
Nation further teaches instructions that when executed by the processor cause the processor to: provide the encryption key associated with the first shared virtual memory space to the remaining plurality of virtual machines to decrypt data in the first shared virtual memory space [par. 0065, lines 9-14; par. 0069, lines 1-12 of Nation teaches to provide the encryption key (e.g., supporting encryption keys across various virtual machines) associated with the first shared virtual memory space (e.g., the given memory appliance or the shared memory space) to the remaining plurality of virtual machines (e.g., the various virtual machines) to decrypt data in the first shared virtual memory space (e.g., to perform encryption and decryption processes)].

As per claim 26, Nation teaches the computer-readable storage medium of claim 24. 
Nation further teaches instructions that when executed by the processor cause the processor to: provide the plurality of encryption keys to the plurality of virtual machines [par. 0065, lines 9-14 of Nation teaches to provide the plurality of encryption .

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.


Claims 6, 7, 13, 14, 20 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Nation et al. (US 2010/0161879 A1) in view of Chaturvedi et al. (US 2014/0164791 A1).

As per claim 6
Although Nation teaches encrypting and decrypting the data of the shared memory by the various virtual machines or the first VM and the second VM – see par. 0065 and rejections to the claim 1, Nation does not explicitly disclose the first virtual machine to encrypt the first data using a symmetric encryption key, the second virtual machine to decrypt the encrypted first data using the symmetric key.
However, Chaturvedi teaches the first virtual machine to encrypt the first data using a symmetric encryption key, the second virtual machine to decrypt the encrypted first data using the symmetric key.
Chaturvedi (par. 0019, lines 4-8; par. 0020, lines 1-4; par. 0038, lines 1-3) discloses that an encryption key can be created when the associated VM is created, as well as at each time a snapshot is taken. In the second configuration that can be used to manage encrypted memory, the hypervisor manages storing the data selected for secure access, as well as the key used for encryption/decryption. Decryption keys can be static – created for the life-time of the VM or dynamic – created each time a snapshot of the VM is taken. In other words, the hypervisor (or VMM) executes as the first VM process to encrypt the information using a key (or a symmetric key used for encryption/decryption) and as the second VM process to decrypt the encrypted information using the key (or the symmetric key used for encryption/decryption). 
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Nation with the teaching of Chaturvedi to include a key or a symmetric key 

As per claim 7, Nation in view of Chaturvedi teaches the apparatus of claim 6.
Although Nation teaches encryption and decryption with different keys for each virtualized device – see par. [0065], Nation does not explicitly teach the first virtual machine to encrypt the symmetric encryption key using a public key of a private/public key pair, the second virtual machine to decrypt the encrypted symmetric encryption key using a private key of the private/public key pair.
However, Chaturvedi teaches the first virtual machine to encrypt the symmetric encryption key using a public key of a private/public key pair, the second virtual machine to decrypt the encrypted symmetric encryption key using a private key of the private/public key pair.
Chaturvedi (par. 0031, lines 6-8; par. 0032, lines 6-9) discloses that the method includes transmitting the encrypted information and at least one shared key (or the symmetric key) to a new hypervisor. When migration occurs, the old and new hosts can share the encryption/decryption key, perhaps using public and private key logic, so that the data can be sent from the old host to the new host in encrypted format
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Nation with the teaching of Chaturvedi to include encrypting/decrypting a key or a symmetric key using public/private key logic because it provides a secure access to memory in a virtual environment (see paras. 0004 and 0010 of Chaturvedi).

Claims 13 and 14 are method claims that correspond to the apparatus claims 6 and 7, and are analyzed and rejected accordingly.
Claims 20 and 21 are non-transitory computer-readable storage medium claims that correspond to the apparatus claims 6 and 7, and are analyzed and rejected accordingly.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAUNG T LWIN whose telephone number is (571)270-7845.  The examiner can normally be reached on Monday - Friday 10:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MAUNG T LWIN/Primary Examiner, Art Unit 2495