Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 06/15/2022 has been entered.

Election/Restrictions
This application is in condition for allowance except for the presence of claims 11-20 directed to an invention non-elected without traverse.  Accordingly, claims 11-20 have been cancelled.

Examiner’s Amendment
An examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner's amendment was given via telephone conversation and email from Attorney Tom Lane (Reg. No. 42781) on August 3, 2022 and August 4, 2022, respectively.

The application has been amended as follows:

Amendments to the Claims:
This listing of claims will replace prior versions, and listings, of claims in the application:
Listing of Claims: 

1.	(Currently Amended)	A processor comprising:
a hardware core, including an instruction decoder to decode a create key domain instruction and a virtual machine (VM) page-in instruction, wherein the create key domain instruction is to specify an encrypted client key;
wherein the hardware core is to perform operations corresponding to the create key domain instruction, including to create a key domain in which to execute a first VM,  and wherein the hardware core is also to perform operations corresponding to the VM page-in instruction, including paging a first VM guest page into the key domain, wherein paging the first VM guest page into the key domain includes verifying the first VM guest page using a message authentication code (MAC) stored in an extended page table entry (EPTE) for the first VM guest page and replacing the MAC in the EPTE with a host physical address of the first VM guest page; and
an encryption engine to decrypt the first VM guest page using the client key responsive to the VM page-in instruction.

2. 	(Currently Amended)	The processor of claim 1, wherein:
the hardware core is also to execute a VM page-out instruction to page the first VM guest page out of the key domain; and
the encryption engine is also to encrypt the first VM guest page responsive to the VM page-out instruction.

11-20. 	(Canceled)

Response to Amendment
This communication is in response to the amendment filed on 06/15/2022. The Examiner acknowledges amended claims 1-10. No claims have been cancelled or added. Claims 1-10 are pending and claims 1-10 are allowed.  Claim 1 is/are independent. 
Claims 1-2 have been amended with this Examiner’s amendment.
Claims 11-20 have been canceled as being directed to an invention non-elected without traverse.

The rejection(s) of claims under 35 U.S.C. § 112 are withdrawn in view of Applicant's amendments.
	
Response to Arguments
Applicant's arguments (Remarks, page 8, 2nd and 3rd paragraphs) filed 06/15/2022 have been fully considered and are persuasive. The rejection to the claims 1-10 have been withdrawn in view of the applicant’s amendment and persuasive arguments.

Allowable Subject Matter
Claims 1-10 are allowed.

Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:

The prior art of record (in particular, Chen et al. Virtualization-Based Approach To Retrofitting Protection In Commodity Operating Systems, ASPLOS XIII: Proceedings of the 13" International Conference On Architectural Support For Programming Languages And Operating Systems, March 2008, Pages 2-13, (hereinafter “Chen”),  Klein et al. U.S. Publication 20170139840 (hereinafter “Klein”), Gupta et al. U.S. Publication 20170220466 (hereinafter “Gupta”), Sagi et al. U.S. Publication 20120179909 (hereinafter “Sagi”), Steinberg et al. U.S. Patent No. 10846117 (hereinafter “Steinberg”), Hayakawa et al. U.S. Publication 20110202919 (hereinafter “Hayakawa”), and Tsirkin et al. U.S. Publication 20180060249 (hereinafter “Tsirkin”)) does not expressly disclose all the limitations recited in independent claim(s) and the combination of their features thereon. With respect to independent claim 1 the closest prior art does not disclose at least the following limitations in the recited context:

a hardware core, including an instruction decoder to decode a create key domain instruction and a virtual machine (VM) page-in instruction, wherein the create key domain instruction is to specify an encrypted client key;
wherein the hardware core is to perform operations corresponding to the create key domain instruction, including to create a key domain in which to execute a first VM, and wherein the hardware core is also to perform operations corresponding to the VM page-in instruction, including paging a first VM guest page into the key domain, 
an encryption engine to decrypt the first VM guest page using the client key responsive to the VM page-in instruction.

Rather, Chen discloses multiple shadow page tables are used to provide different views of guest physical memory to different shadow contexts. A kernel may swap a cloaked page to disk, which may be later paged in due to an application read. A VMM manages separate shadow page tables, which contain GVPN-to-MPN mappings. When an encrypted page is accessed via the application shadow (transitions 2 or 3), the VMM unmaps the page from a system shadow, verifies its integrity hash, decrypts the page, and maps the page into the application shadow. Each cloaked resource, such as a file or anonymous memory region, is associated with a unique 64-bit resource identifier (RID). Each RID has a corresponding resource metadata object (RMD) that stores metadata [Chen page 4, right side column, 5" paragraph down; Section 3.2; page 4, right hand column, bottom paragraph; Page 3, right side column, bottom paragraph; 7.1 Protected Resources, 1st paragraph]. 
However, Chen does not disclose at least the features of claim 1 quoted above.  
To this, Klein adds loading a page into memory and then storing, in metadata, the physical address of page being loaded into the memory [Klein, para. 78, 111]. Gupta adds decoding an instruction that may include an opcode, and creating protected domains in system memory. The Gupta system may also swap executing software’s code and data in and out of  system memory as needed [Gupta, para. 25, 29, 35]. Sagi adds decrypting a symmetric key using a private key and returning the decrypted symmetric key to a data processing system. The data processing system decrypts a digital document using the returned decrypted symmetric key [Sagi, para. 20, 72, 83]. 
Steinberg adds a probe request to a virtualization layer may include a guest physical address range [Steinberg, 17:52-56;18:38-49]. Hayakawa adds a guest OS receives a write request specifying a guest logical address from a program being executed on the guest OS. A
physical CPU, which is executing this guest OS, identifies the host physical address corresponding to this guest logical address based on a shadow page table. The physical CPU  writes data in accordance with the write request to the physical page denoted by this host physical address [Hayakawa, para. 68, 85]. Tsirkin adds guest code may access guest memory and may securely modify the guest’s memory permissions specified in hypervisor page tables by requesting the hypervisor to perform the modifications [Tsirkin, para. 29, 32, 43]. 
However, the combination of Chen, Klein, Gupta, Sagi, Steinberg, Hayakawa, and Tsirkin does not teach at least the features of claim 1 quoted above. 

None of the prior art of record, either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed.	
	
	
	
	
For the reasons described above, the prior art of record does not disclose, with respect to independent claim(s) 1, features corresponding to those of independent claim(s) 1 in their respective contexts. Therefore, the independent claim(s) 1 is/are allowed.

Dependent claims 2-9 are allowed in view of their respective dependence from independent claim(s) 1.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for
Allowance.”

Conclusion
	Any inquiry concerning this communication or earlier communications from the examiner should be directed to HOWARD H LOUIE whose telephone number is 571-272-0036.  The examiner can normally be reached on Monday-Friday 9 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung W. Kim can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HOWARD H. LOUIE/Examiner, Art Unit 2494                                                     

/JUNG W KIM/Supervisory Patent Examiner, Art Unit 2494