Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Claims 1-20 are presented for examination. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

3.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Shanbhag et al hereafter Shanbhag (US pat. 9864874) and in view of Fries et al hereafter Fries (US pat. App. Pub. 20090282266).  
4.	As per claims 1, 11, and 16, Shanbhag discloses an apparatus, a method, and one or more non-transitory computer-readable media comprising: a processor comprising: at least one core to execute instructions of a plurality of virtual machines and a virtual machine monitor; and a cryptographic engine comprising circuitry to protect data associated with the plurality of virtual machines through use of a plurality of private keys and an accessor key, wherein each of the plurality of private keys are to protect a respective virtual machine and the accessor key is to protect management structures of the plurality of virtual machines (2:33-67, 3:1-37, 7:10-64, and 10:1-46; wherein it emphasizes executing VM and VMM and it uses different keys to protect VM and management body of the VM); and wherein the processor is to provide, to the virtual machine monitor, direct read access to the management structures of the plurality of virtual machines through the accessor key and indirect write access to the management structures of the plurality of virtual machines through a secure software module (10:56-67, 11:1-48. 18:46-67, 19:1-35; wherein it elaborates it provides direct read access of the VM to the VMM by using the one type of key and provide write access to the management of the VM through module). Although, he discusses provide write access to the management of the VM through module. He does not specifically mention indirect write access to the management. However, in the same field of endeavor, Fries discloses indirect write access to the management (paragraphs: 12, 16, and 37).
Accordingly, it would been obvious to one of ordinary skill in the network security art before the effective filing date of the claimed invention to have incorporated Fries’s teachings of indirect write access to the management with the teachings of Shanbhag, for the purpose of effectively protecting the write access from any unauthorized intruders. 
5.	As per claim 2, Shanbhag discloses the apparatus, wherein the management structures comprise page tables mapping guest physical addresses to physical addresses of a memory (3:24-37, 9:10-35).
6.	As per claim 3, Shanbhag discloses the apparatus, wherein the cryptographic engine is to provide, through the accessor key, integrity protection of the management structures of the plurality of virtual machines (5:25-35, 10:1-17).
7.	As per claim 4, Shanbhag discloses the apparatus, wherein the cryptographic engine is to encrypt, through the accessor key, the management structures of the plurality of virtual machines (4:32-54, 7:35-60).
8.	As per claim 5, Shanbhag discloses the apparatus, wherein the processor is to issue a page fault responsive to the virtual machine monitor attempting to write directly to the management structures of the plurality of virtual machines (3:10-21, 11:11-35).
9.	As per claim 6, Shanbhag discloses the apparatus, wherein the cryptographic engine is to return poisoned data responsive to the virtual machine monitor attempting to access private data of a virtual machine using the accessor key (8:6-33, 10:19-45).
10.	As per claim 7, Shanbhag discloses the apparatus, wherein the cryptographic engine is to set a trust domain bit for writes using a private key of the plurality of private keys and to not set the trust domain bit for writes using the accessor key (4:15-30, 14:7-30).
11.	As per claim 8, Shanbhag discloses the apparatus, wherein the processor comprises a register to specify which key identifier of a key identifier space is an identifier of the accessor key (11:36-60, 16:33-57).
12.	As per claim 9, Shanbhag discloses the apparatus, further comprising a memory to store encrypted program instructions and data of the plurality of virtual machines (8:34-57, 13:6-30).
13.	As per claim 10, Shanbhag discloses the apparatus, further comprising one or more of a battery communicatively coupled to the processor, a display communicatively coupled to the processor, or a network interface communicatively coupled to the processor (15:10-26, 17:5-30).
14.	 Claims 12-15 and 17-20 are listed all the same elements of claims 2-10. Therefore, the supporting rationales of the rejection to claims 2-10 apply equally as well to claims 12-15 and 17-20.
Citation of References
15. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following references are cited but not been replied upon for this office action: 
Camenisch et al (US pat. 9641325): discusses a distributed cryptographic protocol includes a machine management server which comprises a current virtual machine configured to implement the protocol using a set of communication keys and state information for the protocol. The system further includes a memory and a refresh server. The system is configured, for each of successive new time periods in operation of the protocol, to perform a refresh operation wherein: the refresh server retrieves the state information from the memory, generates a new set of communication keys, and sends the state information and new set of keys to the machine management server; the machine management server configures a new virtual machine for implementing the protocol.  
Caronni et al (US pat. App. Pub. 20030133574): elaborates that accessing information in and loading encrypted information to memory. A processor provides virtual address information to a memory management unit. In response, the memory management unit retrieves a key tag and physical address information corresponding to the virtual address information. The memory management unit then sends the key tag and physical address information to the processor. The processor then determines whether a memory location corresponding to the physical address information is encrypted based on the key tag, and retrieves a secret key using the key tag based on the determining. Thereafter, information read from the memory location is decrypted using the secret key.   
Conclusion
16.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD W REZA whose telephone number is (571)272-6590.  The examiner can normally be reached on Monday-Friday 8:30-5:30 ET.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
/MOHAMMAD W REZA/Primary Examiner, Art Unit 2436