DETAILED ACTION
This Final Office Action is in response to amendment filed on 06/21/2022.
Claims 1 and 19-20 have been amended. Claims 18 and 21 were previously cancelled. Claims 22 has been newly added. Claims 1-17, 19-20 and 22 remain pending in the application. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings filed on 12/19/2019 are accepted.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 06/21/2022 has been considered. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly an initialed and dated copy of Applicant's IDS form 1449 filed 06/21/2022 are attached to the instant Office action. 

Response to Arguments 06/21/2022
Applicant’s arguments, see Applicant Remarks, Pages 9-11 and 13, regarding the newly added limitation “wherein the memory access circuitry is configured to reject an access request from a current process to access data at a target physical address when a corresponding entry of the ownership table corresponding to the target physical address indicates that the current process is not permitted to access the target physical address”, filed 06/21/2022, with respect to the rejection(s) of claim(s) 1 and 19-20 under 35 U.S.C 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of the newly found prior art: Christodorescu et. al. (US 20170277903 A1), hereinafter Christodorescu, in addition to the previously cited prior art. See detailed rejection below.
Applicant stated in Pages 11-12 “Acknowledging that Jin does not describe interrupting an export operation, the OA proposes combining Jin with Minami's interrupting an access request and contends that it would have been obvious to modify Jin "with the motivation of reducing memory access latency of a master with high priority." Applicant disagrees… So Jin exports a memory page out to a disk, which is a write to slower storage, and Minami interrupts a memory read of data to a faster processor. The flow of data is therefore opposite in these two processes with Jin describing pushing data away from the processor and Minami describing reading data to a processor. A person of ordinary skill in the art (POSIT A) would have understood that Jin and Minami describe fundamentally different techniques that would not have been combined. Furthermore, Minami suggests in paragraph [0182] interrupting a first access request to carry out a second memory access to reduce the memory access latency of a master with high priority. Minami's teaching of ensuring that some masters get faster access to data than others is the motivation the OA uses to combine Jin and Minami. But this alleged motivation does not make sense when applied to Jin's export process to push data out to slower to access memory. Interrupting this process to export data from a higher priority master would not "reduce memory access latency," as  suggested by the OA, because the export pushes the data to slower to access memory, which would make that data for the higher priority master slower to access, increasing memory access latency for that data from the higher priority master. Hence, combining Jin and Minami would not "reduce memory access latency."… the proposed
motivation to combine Jin and Minami does not make sense. Hence, the present technique is not made obvious even when considering the combination of Jin and Minami.”
Examiner respectfully disagrees. Jin discloses the transfer/exporting of data to a memory region, which can be a disk space, however, Jin does not disclose the prioritizing of commands based on command sources. Minami discloses in [0170-0171, 0180] transferring read data from one storage to a source storage based on priorities, e.g. [0180] “The read data from the read buffer 704 is transferred in an order corresponding to the priority set for the plurality of request sources (masters 1 and 2”, this is further disclosed in claim 12 of Minami. Examiner submits that Minami discloses the limitation pertaining to prioritizing the transferring/exporting of data based on the command source. Examiner further submits that the disclosure of Jin of page swapping/transferring to a disk, i.e. slower memory, and the disclosure of Minami of prioritizing and interrupting transfer of read data based on priority of a command source as disclosed in details below do not preclude the combination of Jin in view of Minami from reaching the claim limitations, as drafted, in independent claims 1 and 19-20. Particularly, Jin discloses a transfer of data from a plurality of pages to a disk space, however, Jin does not disclose which page transfer process has higher priority. Minami discloses the concept of dynamically setting conditions for which process of read data transfer should have a higher priority, where lower priority of read data process should be interrupted if a higher priority of read data transfer is to commence. Therefore, a person of ordinary skill in the art can modify Jin by incorporating the teaching of Minami by setting priorities for data transfer from pages to a disk space, i.e. which page of Jin has a higher priority, where the incorporation of Minami would reduce latency of higher priority transfer by ensuring that a process of data transfer from a page with higher priority is performed before any process of data transfer from a page with lower priority. Furthermore, examiner submits that the claims, as drafted, does not disclose the distinction pertaining to slow and quick memory access as described in the above remark. Moreover, The examiner emphasizes the teaching of transferring of data, irrespective of whether its read data or write data, furthermore, the claim as drafted does not emphasize the type of data or direction of transfer of data as argued in the above remark.
Applicant further stated in Pages 12-13 “Still further, Minami does not disclose encrypting data, which means Minami cannot teach "when said second export command source has a higher priority, to interrupt said first export operation for encrypting said given owned data and storing said given encrypted data in the second memory, and to perform a second export operation specified by said second export command," as claimed. Moreover, Minami interrupts a different type of operation than that described by Jin. Again, the swapping operation of Jin and the memory read of Minami have data flowing in opposite directions, and therefore, there is no reasonable basis for interrupting an encrypting process… Minami is incompatible with the disclosure of Jin as these documents describe processes for moving data in opposite directions in a memory system”
Examiner submits that the combination of Jin in view of Minami disclose the above argued limitation. Jin discloses swapping/transferring of content and Jin further discloses in Page 2837 Col. 1 line 4-9 encrypting the contents, and maintaining the integrity of swapped pages. Therefore, Jin discloses exporting and encrypting swapped pages for maintaining the integrity of swapped pages. Jin does not disclose the concept prioritizing and interrupting, however, Minami discloses prioritizing and interrupting as discussed above and in more details in the below rejection. Furthermore, examiner disagrees that Minami interrupts a different type of operation, where “the swapping operation of Jin and the memory read of Minami have data flowing in opposite directions”. Examiner submits that Jin discloses swapping/transferring operation, and  Minami discloses transferring of read data operation, where Minami discloses the operation of transferring or interrupting transfer of read data from one storage space to another storage area based on priority of the command source as explicitly disclosed in [070-0171, 0182, claim 12]. Therefore a person of ordinary skill in the art would learn from Minami a transfer of data or an interruption of transfer of data from one space to another based on priority of a command source. The examiner further emphasizes the teaching of transferring of data, irrespective of whether its read data or write data, furthermore, the claim as drafted does not emphasize the type of data or direction of transfer of data as argued in the above remark.
Conclusion: Jin in view of Minami and Christodorescu disclose the aforementioned limitations of independent claims 1 and 19-20 and render claims’ limitations obvious before the effective date of the claimed invention.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 3-8, 12-17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Jin et. al., “H-SVM: Hardware-Assisted Secure Virtual Machines under a Vulnerable Hypervisor”, IEEE TRANSACTIONS ON COMPUTERS, VOL. 64, NO. 10, OCTOBER 2015, hereinafter Jin, in view of Minami (US 20100146156 A1), hereinafter Minami, and further in view of Christodorescu et. al. (US 20170277903 A1), hereinafter Christodorescu.

	Regarding claim 1 (Currently Amended), Jin teaches apparatus for processing data (Jin Figure 3 illustrating a system and operation for processing data on virtual machines (VMs), hypervisor and HSVM) comprising: 
memory access circuitry to enforce ownership rights of a plurality of memory regions within a first memory based on an ownership table comprising one or more entries (Jin Figure 3 H-SVM isolate memory regions for VMs, where the H-SVM enforces ownership by maintaining data structures in a protected region, including page ownership table, etc. as disclosed in Page 2835 Col. 2 line 42-55 “H-SVM maintains several data structures, including VM context information, nested page tables, and a page ownership table, in the protected memory region…The page ownership table tracks the owner of each physical memory page, and thus the number of entries is as large as the number of physical memory pages in the system”),
each entry indicating, for a given memory region among said plurality of memory regions, (Jin Page 2833 Col. 2 line 15-18 “A hypervisor determines a set of memory pages to be allocated for a VM, and maintains a mapping table from guest-physical to machine address (nested page table (NPT)) for each VM.”, Page 2835 Col. 2 line 41-56 “H-SVM maintains several data structures, including VM context information, nested page tables, and a page ownership table, in the protected memory region. The VM context information contains various states such as the address of the top-level nested page table, and an encryption key created for the VM. The VM context information is similar to the VMCB in the AMD-V architecture. The page ownership table tracks the owner of each physical memory page, and thus the number of entries is as large as the number of physical memory pages in the system. Each entry, corresponding to a physical page, records the ownership of the page. A VM, hypervisor, or H-SVM itself can be the owner of a page. If H-SVM is the owner of a page, the page is used for the protected memory area. The page ownership table is used to verify whether a page map request from the hypervisor is valid or not.” Page 2837 line 52-57 “Guest VMs or the hypervisor can request H-SVM to update the DMA protection status of memory pages owned by them. H-SVM must allow the change of the protection status, only when the requesting VM or hypervisor owns the corresponding page by checking the page ownership table.”, where pages are associated with VM process, correspond to protected memory region associated with a process, having ownership control of the owned data pages); 
[wherein the memory access circuitry is configured to reject an access request from a current process to access data at a target physical address when a corresponding entry of the ownership table corresponding to the target physical address indicates that the current process is not permitted to access the target physical address]; 
wherein said memory access circuitry is responsive to a first export command for said given memory region received from a first export command source to perform a first export operation to encrypt said given owned data to form given encrypted data and to store said given encrypted data in a second memory (Jin discloses in Page 2836 Col. 2 line 47-52 the exporting/swapping of memory pages and files to a disk, where the pages and files are to be encrypted to preserve confidentiality, as disclosed in Page 2836 Col. 1 line 40-41 “H-SVM also creates a per-VM encryption key, which will be used for page swap requested by the hypervisor.” Page 2837 Col. 1 line 4-9 “For these page swap operations by a guest OS, the guest OS is responsible for encrypting the contents, and maintaining the integrity of swapped pages. Since the guest OS needs to protect its other files in addition to the swap file, it must use a secure file system, which can guarantee the confidentiality and integrity of its data in untrusted storage.”, Page 2838 Col.1 line 30-47 and Col. 2 line 1-2 and 30-36, where the operation that performs swapping operation is based on a command source to perform the operation); and 
said memory access circuitry is responsive to a second export command for said given memory region received from a second export command source (Jin discloses in Page 2836 Col. 2 line 47-52 the exporting/swapping of memory pages and files to a disk “systems, both guest OSes and the hypervisor can swap out memory pages to disks” and further disclosed in Page 2838 Col.1 line 46-47 and Col. 2 line 1-2 and 30-36, where there are a number of VMs exporting/swapping of memory pages),
for encrypting said given owned data and storing said given encrypted data in the second memory (Jin Page 2837 Col. 1 line 4-9 “For these page swap operations by a guest OS, the guest OS is responsible for encrypting the contents, and maintaining the integrity of swapped pages. Since the guest OS needs to protect its other files in addition to the swap file, it must use a secure file system, which can guarantee the confidentiality and integrity of its data in untrusted storage.”, where Jin discloses confidentiality and integrity by encrypting contents when swapping and exporting contents).
While Jin discloses the aforementioned limitations, where a guest OS is responsible for encrypting the contents, and maintaining the integrity of swapped pages contents to preserve confidentiality and integrity, however, Jin does not disclose the below limitations where command sources have different priority hierarchy to export/transfer data as described below. Emphasis in italic.
Minami discloses said memory access circuitry is responsive to a second export command for said given memory region received from a second export command source while said first export operation is being performed to determine whether said second export command source has higher priority position within a control hierarchy than said first export command source and: when said second export command source has a higher priority, to interrupt said first export operation…and to perform a second export operation specified by said second export command, and when said second export command source has a lower priority, to continue to perform said first export operation…and to block performing of said second export operation (Minami discloses that when a second source is issuing a command, to a memory control apparatus, for data transfer/export, while the memory control apparatus is performing a data transfer based on previously issued command from a first source, the memory control apparatus determines whether the second source has higher priority, and if so, then the memory control interrupts the data transfer pertaining to the first source request, where it’s resumed only after completion of the data transfer pertaining to the higher priority source, [0035] “Another memory control apparatus according to the present invention comprises storage means for storing read data as a result of access to a memory in accordance with read requests from a plurality of request sources, and transfer means for transferring the read data from the storage means in an order corresponding to priority set for the plurality of request sources.”, [0170] “The processor 901 will be referred to as master 1, the printer controller 906 as master 2, and the memory controller 902 as a slave hereinafter.”, [0171] “…master 2 is given higher priority over master 1…The priority may permanently set in advance or dynamically designated at the time of execution.”, [0180] “During this time, the memory controller 902 issues a read command to the memory 904 again in cycle-8 to process subsequent 8 beat access (32 bits.times.8=256 bits) from master 2. On the memory bus, 64 bits.times.4 beat transfer is done following the preceding transfer (cycle-12 to cycle-15). Master 2 has higher priority over master 1. Hence, when the first read data is read out in cycle-12, the memory controller 902 interrupts read return to master 1 and returns read data to master 2 from cycle-13. When all 8 beat read return to master 2 is ended, the memory controller 902 resumes read return to master 1 from cycle-21…read data as a result of access to the memory 904 in accordance with read requests from a plurality of request sources (masters 1 and 2) is stored in the read data buffer 704. The read data from the read buffer 704 is transferred in an order corresponding to the priority set for the plurality of request sources (masters 1 and 2). Received read requests are sequentially stored in the command queue 702. The memory 904 is accessed by extracting a command from the command queue 702 while avoiding bank conflict.”, where the interruption is only performed, i.e. conditional, when the subsequent request from the second requesting source, i.e. Master 2, has higher priority, i.e. if it has lower priority, then interruption will not be performed, i.e. blocked, which indicates that Master 1 and Master 2 have priority hierarchy, where transfer of data from one storage to another storage corresponds to exporting data, further described in claim 12).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Jin to incorporate the teaching of Minami to utilize the above feature, with the motivation of reducing memory access latency of a master with high priority, as recognized by (Minami [0182]).
Jin in view of Minami do not disclose the below limitation.
Christodorescu discloses wherein the memory access circuitry is configured to reject an access request from a current process to access data at a target physical address when a corresponding entry of the ownership table corresponding to the target physical address indicates that the current process is not permitted to access the target physical address (Christodorescu Figures 4-5 are ownership table and certification table, which may be combined into one table as disclosed in [0076] “ the ownership table 400 and the certification table 500 may be combined”, where the table combination indicates entries of ownership associated with virtual and physical identifiers/address of where resource contents are located, and further illustrates requesting entities and what resource content they are permitted to view/access, e.g. Figure 5 (512) illustrates requesting entity R2 has obscured access type for certificate CB1, whereas requesting entity R1 in Figure 5 (508) has access for certificate CA1, 
[0060] “FIG. 4 illustrates a non-limiting example of an ownership table 400 that the data protection system 300 may use to store data of the ownership of the computing device resources. Various implementations may include different combinations and ordering of ownership data, including owner identifiers, virtual resource identifiers, such as virtual addresses, physical resource identifiers, such as physical addresses, and validity indicators. In some implementations, the terms virtual resource identifiers and physical resource identifiers may be used interchangeably.”,
[0075] “…an owner requesting entity may be granted unobscured access to the resource content for a certified function, or regardless of the function. Row 508 illustrates an example of a requesting entity that is also an owner of the requested computing device resource. Rows 510-514 illustrate requesting entities that are not owners of the requested computing device resources. The certified function of each of the requesting entities in rows 510-514 may be correlated with a specified access type controlling the type and/or level of encryption the data protection system 300 may apply to the virtual view of the requested resource contents provided to the requesting entity. For example, row 510 indicates that the certificate “CA2” for the requesting entity “R1” may allow for only partial obscuring of the virtual view of the requested resource contents. The data protection system 300 may apply full or partial homomorphic encryption to the virtual view of the requested resource contents for a request made by the requesting entity “R1”. Similarly, rows 512 and 514 indicates that the certificates “CB1” and “CC1” for the requesting entities “R2” and “RN”, respectively, may allow for only obscuring of the virtual view of the requested resource contents. The data protection system 300 may apply strong encryption to the virtual view of the requested resource contents for requests made by the requesting entities “R2” and “RN””).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Jin in view of Minami to incorporate the teaching of Christodorescu to utilize the above feature, with the motivation of protecting data using virtual views of resource contents, as recognized by (Christodorescu Abstract and throughout).

Claims 19 (Currently Amended) and 20 (Currently Amended) are directed to a method and non-transitory storage medium, respectively, associated with the apparatus claimed in claim 1. Claims 19 and 20 are similar in scope to claim 1, and are therefore rejected with the same rationale and motivation as claim 1.

Regarding claim 3 (Original), Jin in view of Minami and Christodorescu teaches apparatus as claimed in claim 1, 
wherein said plurality of processes have respective [privilege levels within a hierarchy of privilege levels independent of] said ownership rights (Jin discloses virtual machine processes (VMs) owning page memory data Page 2835 Col. 2 line 41-56 “H-SVM maintains several data structures, including VM context information, nested page tables, and a page ownership table, in the protected memory region. The VM context information contains various states such as the address of the top-level nested page table, and an encryption key created for the VM. The VM context information is similar to the VMCB in the AMD-V architecture. The page ownership table tracks the owner of each physical memory page, and thus the number of entries is as large as the number of physical memory pages in the system. Each entry, corresponding to a physical page, records the ownership of the page. A VM, hypervisor, or H-SVM itself can be the owner of a page. If H-SVM is the owner of a page, the page is used for the protected memory area. The page ownership table is used to verify whether a page map request from the hypervisor is valid or not.” Page 2837 line 52-57 “Guest VMs or the hypervisor can request H-SVM to update the DMA protection status of memory pages owned by them. H-SVM must allow the change of the protection status, only when the requesting VM or hypervisor owns the corresponding page by checking the page ownership table.”).  
While Jin discloses virtual machines owning their corresponding data pages, however Jin does not explicitly disclose that there are privilege levels within a hierarchy of privilege levels among the VMs.
Minami discloses plurality of processes have respective privilege levels within a hierarchy of privilege levels (Minami discloses privileges between processors processing data, where the Master 2 process has higher priority/privilege to process the data over the master 1 privilege as described above in [0035, 0170-0171, 0180], where ownership of various processes described by Jin is independent of which process has higher priority/privilege to perform the task first).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Jin to incorporate the teaching of Minami to utilize the above feature, with the motivation of reducing memory access latency of a master with high priority, as recognized by (Minami [0182]).

Regarding claim 4 (Original), Jin in view of Minami and Christodorescu teaches apparatus as claimed in claim 3, 
Jin does not disclose the below limitation.
Minami discloses wherein said control hierarchy corresponds to said hierarchy of privilege levels (Minami discloses hierarchy of privilege/priority level among master processes, as disclosed between Master 1 and Master 2 in [0035, 0170-0171, 0180]).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Jin to incorporate the teaching of Minami to utilize the above feature, with the motivation of reducing memory access latency of a master with high priority, as recognized by (Minami [0182]).

Regarding claim 5 (Previously Presented), Jin in view of Minami and Christodorescu teaches apparatus as claimed in claims 1, wherein said first export operation comprises forming first metadata specifying one or more characteristics of said given owned data and storing said first metadata within a metadata memory region of said first memory that is private to said memory access circuitry so as to be accessible to said memory access circuitry and to be inaccessible to said plurality of processes (Jin Page 2835 Col. 2 line 36-41 “The nested page tables of all VMs are stored in protected memory pages. The protected memory region is just part of the physical memory, which is accessible only by H-SVM.”, Page 2858 Col. 2 line 36-41 “To maintain the integrity of swapped pages, H-SVM also must maintain the hashes of swapped-out pages in the protected memory region. When a page is swapped in, the page is first decrypted, and its hash is calculated. The hash value of the swap-in page must be compared to the stored value for integrity checking.”, hash corresponds to characteristics of owned data stored in protected region corresponding to the metadata memory region).  
Regarding claim 6 (Original), Jin in view of Minami and Christodorescu teaches apparatus as claimed in claim 5, wherein a memory region accessible to said plurality of processes is registered under software control as said metadata memory region to become inaccessible to said plurality of processes (Jin Page 2836 Col. 2 line 37-41 and 54-55 “The nested page tables of all VMs are stored in protected memory pages. The protected memory region is just part of the physical memory, which is accessible only by H-SVM…If H-SVM is the owner of a page, the page is used for the protected memory area.”, Page 2841 Col. 1 line 8-20 “Protecting the SMI handler. The first step in initializing H-SVMsmm is to ensure the protection of the SMI handler from the untrusted hypervisor with the highest privilege level. In the current SMM design, BIOS can lock the SMI handler by setting a bit in the MSR register, and even the hypervisor cannot modify the SMI handler. Setting SMRAM. The protected SMRAM is accessible only during the SMM execution, and the memory region must be set during the initialization. The modified BIOS allocates 64 MB memory to SMRAM, by updating E820 System Address Map to mark the SMRAM region as reserved area. This process prevents the hypervisor from accessing the SMRAM region.”, where the above process is performed by a program/algorithm,/software to perform the above operations).  

Regarding claim 7 (Previously Presented), Jin in view of Minami and Christodorescu teaches apparatus as claimed in claim 5, wherein said metadata memory region is part of a metadata memory region tree having a branching pattern determined under software control (Jin Page 2858 Col. 2 line 36-41 discloses “hashes of swapped-out pages in the protected memory region”, where the metadata memory region is part of a memory/data structure tree illustrated in Figure 5, where the data structure is maintained and utilized by means of algorithm/software to perform the process disclosed in Page 2839 Col.1 line 1-21).  

Regarding claim 8 (Previously Presented), Jin in view of Minami and Christodorescu teaches apparatus as claimed in claim 5, wherein said memory access circuitry is responsive to an import command for said given encrypted data to perform an import operation to use said first metadata to validate integrity of said given encrypted data, to decrypt said given encrypted data to form said given owned data and to restore said given owned data to said given memory region (Jin Page 2838 Col. 2 line 39-42 “When a page is swapped in, the page is first decrypted, and its hash is calculated. The hash value of the swap-in page must be compared to the stored value for integrity checking”, where swapping corresponding to exporting data from the perspective of one source and importing data from the perspective of the other source, the data imported/received from the perspective of the other source is initially encrypted as disclosed in e.g. Page 2836 Col. 1 line 40-41, therefore it is being decrypted and validated based on the hash value corresponding to the first metadata, and further described in Page 2839 Col. 1 line 18-21).

Regarding claim 12 (Previously Presented), Jin in view of Minami and Christodorescu teaches apparatus as claimed in claims 1, wherein access to said second memory storing said given encrypted data is outside control by said memory access circuitry (Jin Page 2838 Col. 1 line 47, Col. 2 line 1 “swapped files from a VM is stored in disks where H-SVM cannot directly control. Although the confidentiality can be guaranteed by encryption, the integrity of the stored states must be protected by an additional mechanism.”).  

Regarding claim 13 (Previously Presented), Jin in view of Minami and Christodorescu teaches apparatus as claimed in claims 1, 
wherein said first export operation overwrites said given owned data with values uncorrelated with said given owned data before said given memory region is made accessible to a process other than said given owning process (Jin discloses cleaning pages for confidentiality, where cleaning is performed by filling/writing zeros to the page as disclosed in Page 2835 Col. 2 line 20-29 “…If a physical memory page is deallocated from a VM, H-SVM cleans up the deallocated page by setting all the bytes to zeros.”, Page 282 Col. 1 line 43-45 “during the page unmap operation, the SMI handler must clean the free page by filling it with zero content”, once page cleaning is performed by a handler, the page becomes free to be available by another owner as further disclosed in Page 2841 Col. 2 line 29-38 and Page 2836 Col. 2 line 42-49, where written zeros are uncorrelated with any other data written, other than zeros, 
Consistent with specification of the instant application in Page 9 line 1-5, where writing zeros to the given memory).  

Regarding claim 14 (Previously Presented), Jin in view of Minami and Christodorescu teaches apparatus as claimed in claims 1, wherein said memory access circuitry changes ownership rights of said given memory region during said first export operation such that said given memory region is inaccessible to any of said plurality of processes during said first export operation (Jin Page 2836 Col. 2 line 53-56 “…in virtualized systems, the memory allocated for each VM can change dynamically. One of the most common techniques for dynamic VM memory management is a ballooning technique [33].”, Page 2839 Col. 1 line 22-26 “A possible vulnerability of supporting page swap by the hypervisor is that the consistency of pages can be violated. The malicious hypervisor can request a swap operation for a page while the page is being updated by the owning VM in another core. The swapped page may not have the latest updates. To prevent such integrity violation, H-SVM must block the execution of virtual cores for the VM during the swap operation.”).  

Regarding claim 15 (Previously Presented), Jin in view of Minami and Christodorescu teaches apparatus as claimed in claim 1, wherein said plurality of processes include an application program, a guest operating system program serving as part of a given guest virtual machine execution environment for said application program, and a hypervisor program serving to manage one or more guest virtual machine execution environments including said given guest virtual machine execution environment (Jin Figure 3 illustrates plurality of processes including a guest VMs, hypervisor managing VMs).  

Regarding claim 16 (Original), Jin in view of Minami and Christodorescu teaches apparatus as claimed in claim 15, wherein said given owning process is a guest operating system and said ownership rights enforced by said memory access circuitry prevent access by said hypervisor program to said given owned data owned by said guest operating system (Jin Page 2838 line 5-7 “To support content-based sharing, H-SVM must help the hypervisor find pages with the same content, since the hypervisor cannot directly read the memory of guest VMs.”, where Jin addresses isolating the memory protection mechanism from the hypervisor that may be compromised/untrusted as illustrated in Figure 1 and further disclosed in Page 2835 line 6-13).  

Regarding claim 17 (Previously Presented), Jin in view of Minami and Christodorescu teaches apparatus as claimed in claims 1, 
Jin does not disclose the below limitation.
Minami discloses wherein memory access circuitry resumes said first export operation after said second export operation is completed (Minami discloses that when a second source is issuing a command, to a memory control apparatus, for data transfer/export, while the memory control apparatus is performing a data transfer based on previously issued command from a first source, the memory control apparatus determines whether the second source has higher priority, and if so, then the memory control interrupts the data transfer pertaining to the first source request, where it’s resumed only after completion of the data transfer pertaining to the higher priority source, [0035] “Another memory control apparatus according to the present invention comprises storage means for storing read data as a result of access to a memory in accordance with read requests from a plurality of request sources, and transfer means for transferring the read data from the storage means in an order corresponding to priority set for the plurality of request sources.”, [0170] “The processor 901 will be referred to as master 1, the printer controller 906 as master 2, and the memory controller 902 as a slave hereinafter.”, [0171] “…master 2 is given higher priority over master 1…The priority may permanently set in advance or dynamically designated at the time of execution.”, [0180] “During this time, the memory controller 902 issues a read command to the memory 904 again in cycle-8 to process subsequent 8 beat access (32 bits.times.8=256 bits) from master 2. On the memory bus, 64 bits.times.4 beat transfer is done following the preceding transfer (cycle-12 to cycle-15). Master 2 has higher priority over master 1. Hence, when the first read data is read out in cycle-12, the memory controller 902 interrupts read return to master 1 and returns read data to master 2 from cycle-13. When all 8 beat read return to master 2 is ended, the memory controller 902 resumes read return to master 1 from cycle-21…read data as a result of access to the memory 904 in accordance with read requests from a plurality of request sources (masters 1 and 2) is stored in the read data buffer 704. The read data from the read buffer 704 is transferred in an order corresponding to the priority set for the plurality of request sources (masters 1 and 2). Received read requests are sequentially stored in the command queue 702. The memory 904 is accessed by extracting a command from the command queue 702 while avoiding bank conflict.”, where the interruption is only performed, i.e. conditional, when the subsequent request from the second requesting source, i.e. Master 2, has higher priority, i.e. if it has lower priority, then interruption will not be performed, which indicates that Master 1 and Master 2 have priority hierarchy, where transfer of data from one storage to another storage corresponds to exporting data, further described in claim 12).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Jin to incorporate the teaching of Minami to utilize the above feature, with the motivation of reducing memory access latency of a master with high priority, as recognized by (Minami [0182]).  

Claims 2 is rejected under 35 U.S.C. 103 as being unpatentable over Jin et. al., “H-SVM: Hardware-Assisted Secure Virtual Machines under a Vulnerable Hypervisor”, IEEE TRANSACTIONS ON COMPUTERS, VOL. 64, NO. 10, OCTOBER 2015, hereinafter Jin in view of Minami (US 20100146156 A1), hereinafter Minami, Christodorescu et. al. (US 20170277903 A1), hereinafter Christodorescu, and further in view of Xue et. al. (US 20170237682 A1), hereinafter Xue.

Regarding claim 2 (Original) Jin in view of Minami and Christodorescu teaches apparatus as claimed in claim 1, 
While Jin in view of Minami and Christodorescu discloses the aforementioned limitations, where Minami discloses two processes as described in claim 1 where the process with the higher priority can be construed as a parent process and the process with the lower priority can be construed as a child process, however, Jin in view of Minami and Christodorescu do not explicitly disclose parent and child process. Emphasis in italic.
Xue discloses wherein said plurality of processes comprises a hierarchy of processes including a parent process with at least one child process, said parent process having a higher priority position within said control hierarchy than said at least one child process (Xue [0024] “The operating system enforces resource limits on individual child processes, for example, by limiting the amount of memory a process may acquire and/or limiting the amount of CPU time that a process can consume. The operating system also runs the child processes with different priorities, so e.g., processes running customizations from higher-value customers may be able to acquire relatively more resources than those running customizations from lower-value customers, or customizations with stricter requirements on execution time may be run with a higher CPU time allocation than customizations that can take longer to execute without business impact. When a child process exceeds its resource limits, the child process can be terminated (by the operating system or by the parent process) or it can be allowed to continue executing with a lower priority.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Jin in view of Minami and Christodorescu to incorporate the teaching of Xue to utilize the above feature, with the motivation of accommodating the child process when exceeding its resource limit, as recognized by (Xue [0024]).

Claims 9 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Jin et. al., “H-SVM: Hardware-Assisted Secure Virtual Machines under a Vulnerable Hypervisor”, IEEE TRANSACTIONS ON COMPUTERS, VOL. 64, NO. 10, OCTOBER 2015, hereinafter Jin in view of Minami (US 20100146156 A1), hereinafter Minami, Christodorescu et. al. (US 20170277903 A1), hereinafter Christodorescu, and further in view of Sell (US 20160371496 A1), hereinafter Sell.

Regarding claim 9 (Previously Presented) Jin in view of Minami and Christodorescu teaches apparatus as claimed in 
Jin in view of Minami discloses the aforementioned limitations, where Jin discloses the hash values, corresponding to the first metadata, for swapping, e.g. exporting, pages are stored in a data structure as illustrated in Figure 5, in a protected region, as disclosed in Page 2838 Col. 2 line 47-48, however, Jin in view of Minami and Christodorescu do not explicitly disclose that the hash values are encrypted. Emphasis in italic.
Sell discloses wherein said memory access circuitry is responsive to an export command for said metadata memory region to encrypt said first metadata data to form encrypted metadata and to store said encrypted metadata in said second memory (Sell [0161] “hardware decrypts and re-encrypts each Protected Region's pages with the appropriate non-resident session key and an address-independent algorithm when swapping out to other storage, and the reverse when swapping in. Protected Region hardware and firmware can maintain SHA2 256-bit hashes of swapped out pages. The hashes include ID and version information. Protected Region hardware and firmware maintain the hashes in encrypted and integrity protected main memory or encrypted and signed when swapped out to other storage.”).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Jin in view of Minami and Christodorescu to incorporate the teaching of Sell to utilize the above feature, with the motivation of establish verification and integrity, as recognized by (Sell [0039]), utilizing a securely protected hash values.

Regarding claim 22 (New), Jin in view of Minami, Christodorescu teaches Apparatus as claimed in claim 1.
 Jin discloses the aforementioned limitations and further discloses supporting memory encryption to off-chip memory, indicating exporting from on-chip type memory to the off-chip memory. However, Jin in view of Minami and Christodorescu do not explicitly disclose the below limitation.
wherein the first memory is an on-chip memory, and the second memory is an off-chip memory (Sell [0161] “…hardware decrypts and re-encrypts each Protected Region's pages with the appropriate non-resident session key and an address-independent algorithm when swapping out to other storage, and the reverse when swapping in. Protected Region hardware and firmware can maintain SHA2 256-bit hashes of swapped out pages. The hashes include ID and version information. Protected Region hardware and firmware maintain the hashes in encrypted and integrity protected main memory or encrypted and signed when swapped out to other storage.”, where data are swapped and stored in encrypted form when swapped out to other storage, e.g. from on-chip storage to outside. i.e. off-chip, storage as disclosed in e.g. [0005] where data are in encrypted form, and [0030] “ The hardware/firmware under supervision of the hypervisor 56 also typically moves data on as needed basis between the on-chip cache 65a and off-chip other memory…stored in encrypted form…”, [0032] “…data sent to those off-chip resources may be in encrypted form while being conveyed between chips…”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Jin in view of Minami and Christodorescu to incorporate the teaching of Sell to utilize the above feature, with the motivation of moving data on as needed basis between on-chips and off-chips, as recognized by (Sell [0039]), utilizing a securely protected hash values.
Claims 10-11 are rejected under 35 U.S.C. 103 as being unpatentable over Jin et. al., “H-SVM: Hardware-Assisted Secure Virtual Machines under a Vulnerable Hypervisor”, IEEE TRANSACTIONS ON COMPUTERS, VOL. 64, NO. 10, OCTOBER 2015, hereinafter Jin in view of Minami (US 20100146156 A1), hereinafter Minami, Christodorescu et. al. (US 20170277903 A1), hereinafter Christodorescu, Sell (US 20160371496 A1), hereinafter Sell, and further in view of Niu et. al. (CN 102024123 B), hereinafter Niu.

Regarding claim 10 (Original), Jin in view of Minami, Christodorescu and Sell teaches apparatus as claimed in claim 9, 
Jin in view of Minami, Christodorescu and Sell discloses the aforementioned limitations, where Jin discloses the hash values, corresponding to the first metadata, for swapping, e.g. exporting, pages are stored and restored in a data structure as illustrated in Figure 5, in a protected region, as disclosed in Page 2838 Col. 2 line 47-48, Sell further discloses encrypting hashes, which indicates that the encrypted hashes is subsequently decrypted for verification, however, Jin in view of Minami, Christodorescu and Sell do not explicitly disclose that the hash values are decrypted. Emphasis in italic.
Niu  discloses wherein said memory access circuitry is responsive to an import command for said encrypted metadata to perform an import operation to decrypt said encrypted metadata to form said first metadata and to restore said first metadata to said metadata memory region (Niu Abstract “receiving the imported mirror image of the virtual machine; extracting a data signature of the mirror image of the virtual machine; decrypting the data signature to obtain a hash value of the mirror image of the virtual machine; calculating the original hash value of the mirror image of the virtual machine; and if the obtained hash value is judged to be identical to the calculated original hash value”, Page 5 line 40-47 “Fig. 5, for the invention provides the structural representation of virtual machine image gatherer in a kind of cloud computing, described device comprises: receiving element 51, extraction unit 52, decryption unit 53, computing unit 54, judging unit 55 imports unit 56, wherein, described receiving element 51 is used for receiving the virtual machine image that imports; Described extraction unit 52 is for the data signature that extracts described virtual machine image; Described decryption unit 53 is used for described data signature is decrypted, and obtains the cryptographic hash of described virtual machine image; Computing unit 54 is for the original cryptographic hash of calculating described virtual machine image; Judging unit 55 is used for judging whether the described cryptographic hash that obtains is identical with the original cryptographic hash of calculating; Import unit 56, be used for judged result at judging unit when identical, allow described virtual machine image to import.”).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Jin in view of Minami, Christodorescu and Sell to incorporate the teaching of Niu to utilize the above feature, with the motivation of ensuring the safety in importing mirror image of the virtual machine, as recognized by (Niu Abstract).
Regarding claim 11 (Original), Jin in view of Minami, Christodorescu, Sell and Niu teaches apparatus as claimed in claim 10, wherein said export command [for said metadata and said import command for said metadata are] issued by a software process (Jin discloses the aforementioned limitations and further discloses using H-SVM operations for pages swapping, e.g. import/export and the maintenance of the hash/metadata and part of the data structure, which is performed by means of software process, Page 8 Col. 2 line 56-58 “We use SMM to execute H-SVM operations by using a custom SMI handler”). 
Jin does not disclose the below limitations.
Sell discloses the export of metadata by a software process as disclosed in claim 9, utilizing a firmware. Rationale and motivation apply.
Jin and Sell does not explicitly describe importing metadata by software.
Niu describes importing metadata by software, where Niu describes importing encrypted hashes/metadata as descried above in claim 10, where the process is performed by a software as described in Page 6 line 14-19.  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Jin in view of Minami, Christodorescu and Sell teaches to incorporate the teaching of Niu to utilize the above feature, with the motivation of ensuring the safety in importing mirror image of the virtual machine, as recognized by (Niu Abstract).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705. The examiner can normally be reached Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BASSAM A NOAMAN/Examiner, Art Unit 2497