Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

	This action is in response to the claims filed 9/26/2020.  Claims 1-20 are pending.  Claims 1 (a machine), 16 (a method), and 19 (a machine) are independent.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claim 1, 2, 16, and 19 provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 4 and 5 of copending Application No. 16/728,712, Khosravi (reference application). Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1, 4 and 5 are an obvious variant of the claimed subject matter.
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
As to claims 1, 16, and 19, Khosravi claims:
An apparatus comprising: a core to write data to and read data from a plurality of memory regions, each of the plurality of memory regions to be identified by a corresponding address; (“decode circuitry to decode the instance of the fetched single instruction, the fetched instruction to specify an opcode, an address, and a key identifier, the opcode indicating the processor is to use the address to determine whether to use an explicit key, in which case the processor is to use the key identifier to select a cryptographic key among the plurality of full encryption keys” Khosravi claim 1.)
an encryption unit to encrypt data to be written (“wherein the opcode calls for the processor to encrypt the write data and store encrypted write data to the location identified by the address.” Khosravi claim 4) and decrypt data to be read, (“wherein the opcode calls for the fetch of read data from the location identified by the address, and to use the cryptographic key to decrypt the read data.” Khosravi claim 5) wherein the encryption unit is to use a plurality of encryption keys; and (“decode circuitry to decode the instance of the fetched single instruction, the fetched instruction to specify an opcode, an address, and a key identifier, the opcode indicating the processor is to use the address to determine whether to use an explicit key, in which case the processor is to use the key identifier to select a cryptographic key among the plurality of full encryption keys” Khosravi claim 1.)
key identification hardware to use a portion of the corresponding address to look up a corresponding key identifier in a key information data structure, wherein the corresponding key identifier is one of a plurality of key identifiers and the corresponding key identifier is to identify one of the plurality of encryption keys to be used to encrypt and decrypt the data. (“decode circuitry to decode the instance of the fetched single instruction, the fetched instruction to specify an opcode, an address, and a key identifier, the opcode indicating the processor is to use the address to determine whether to use an explicit key, in which case the processor is to use the key identifier to select a cryptographic key among the plurality of full encryption keys” Khosravi claim 1.)

Although claims 4 and 5 are separate dependent claims, it would have been obvious to a person of ordinary skill in the art that claims 4 and 5 would be implemented in the same system as encrypting and decrypting actions require each other for the use of encrypted memory.

As to claim 2, Khosravi discloses: 
wherein the portion of the corresponding address is an address of one of the plurality of memory region to be protected by encryption with the one of the plurality of encryption keys identified by the corresponding key identifier. (“decode circuitry to decode the instance of the fetched single instruction, the fetched instruction to specify an opcode, an address, and a key identifier, the opcode indicating the processor is to use the address to determine whether to use an explicit key, in which case the processor is to use the key identifier to select a cryptographic key among the plurality of full encryption keys” Khosravi claim 1.)

Claim 1, 2, 16, and 19 provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of copending Application No. 17/482,370, Dewan (reference application). Although the claims at issue are not identical, they are not patentably distinct from each other because claim 1 appears to anticipate the claimed subject matter.
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.

As to claims 1, 16, and 19, Dewan claims:
An apparatus comprising: a core to write data to and read data from a plurality of memory regions, each of the plurality of memory regions to be identified by a corresponding address; (“wherein the cryptographic controller one of encrypts or decrypts data in a data packet in transition between the NVMe and the external memory component as a function of one or more of a physical address bit, a key lookup table and a key table” Dewan claim 1.)
an encryption unit to encrypt data to be written and decrypt data to be read, wherein the encryption unit is to use a plurality of encryption keys; and (“wherein the cryptographic controller one of encrypts or decrypts data in a data packet in transition between the NVMe and the external memory component as a function of one or more of a physical address bit, a key lookup table and a key table” Dewan claim 1.)
key identification hardware to use a portion of the corresponding address to look up a corresponding key identifier in a key information data structure, wherein the corresponding key identifier is one of a plurality of key identifiers and the corresponding key identifier is to identify one of the plurality of encryption keys to be used to encrypt and decrypt the data. (“wherein the cryptographic controller one of encrypts or decrypts data in a data packet in transition between the NVMe and the external memory component as a function of one or more of a physical address bit, a key lookup table and a key table” Dewan claim 1.)

As to claim 2, Dewan discloses: 
wherein the portion of the corresponding address is an address of one of the plurality of memory region to be protected by encryption with the one of the plurality of encryption keys identified by the corresponding key identifier. (“wherein the cryptographic controller one of encrypts or decrypts data in a data packet in transition between the NVMe and the external memory component as a function of one or more of a physical address bit, a key lookup table and a key table” Dewan claim 1.)

Claims 1, 2, 16, and 19 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 10,540,198, Durham. Although the claims at issue are not identical, they are not patentably distinct from each other, see rejection below.

Claims 1, 2, 16, and 19 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 5 of U.S. Patent No. 10,705,976, Sahita. Although the claims at issue are not identical, they are not patentably distinct from each other, see rejection below.



Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1, 2, 16, and 19 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Durham et al., US 10,540,198.
As to claims 1, 16, and 19, Durham discloses:
An apparatus comprising: a core to write data to and read data from a plurality of memory regions, each of the plurality of memory regions to be identified by a corresponding address; (“wherein the physical memory address comprises a key identifier; a key manager to select an encryption key from a key table based on the key identifier of the physical memory address;” Durham claim 1)
an encryption unit to encrypt data to be written and decrypt data to be read, wherein the encryption unit is to use a plurality of encryption keys; and (“encrypt a part of the compressed line with the encryption key” Durham claim 1. “decrypt a remaining part of the encrypted line” Durham claim 9)
key identification hardware to use a portion of the corresponding address to look up a corresponding key identifier in a key information data structure, wherein the corresponding key identifier is one of a plurality of key identifiers and the corresponding key identifier is to identify one of the plurality of encryption keys to be used to encrypt and decrypt the data. (“from a key table based on the key identifier of the physical memory address;” Durham claim 1.)

As to claim 2, Durham discloses: 
wherein the portion of the corresponding address is an address of one of the plurality of memory region to be protected by encryption with the one of the plurality of encryption keys identified by the corresponding key identifier. (“from a key table based on the key identifier of the physical memory address;” Durham claim 1.)

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 2, 16, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sahita et al., US 10,705,976.
	As to claims 1, 16, and 19, Sahita claims:
An apparatus comprising: a core to write data to and read data from a plurality of memory regions, each of the plurality of memory regions to be identified by a corresponding address; (“the processor is configured to encrypt at least one page of the host physical memory reached via translation of the private guest physical address with a key of a trusted domain (TD).” Sahita claim 5.)
an encryption unit to encrypt data to be written and 
key identification hardware to use a portion of the corresponding address to look up a corresponding key identifier in a key information data structure, wherein the corresponding key identifier is one of a plurality of key identifiers and the corresponding key identifier is to identify one of the plurality of encryption keys to be used to encrypt and decrypt the data. (“the processor is configured to encrypt at least one page of the host physical memory reached via translation of the private guest physical address with a key of a trusted domain (TD).” Sahita claim 5. However the key is obtained)

Sahita does not explicitly disclose decryption. However, given the context it would be obvious/inherent that decryption is performed as any system performing encryption on data to be used must/would be expected to also perform decryption.

As to claim 2, Sahita discloses: 
wherein the portion of the corresponding address is an address of one of the plurality of memory region to be protected by encryption with the one of the plurality of encryption keys identified by the corresponding key identifier. (“the processor is configured to encrypt at least one page of the host physical memory reached via translation of the private guest physical address with a key of a trusted domain (TD).” Sahita claim 5.)



Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claim(s) 1-3, 9, 13, 16, 17, and 19 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Intel Architecture Memory Encryption Technologies Specification (published 2019-04), hereafter Intel.
	As to claims 1, 16, and 19, Intel discloses a machine/method/machine comprising:
a core to write data to and read data from a plurality of memory regions, each of the plurality of memory regions to be identified by a corresponding address; (See Intel Figures 1 and 2 on pages 5 and 6)
an encryption unit to encrypt data to be written and decrypt data to be read, wherein the encryption unit is to use a plurality of encryption keys; and (“The AES XTS encryption engine is in the direct data path to external memory buses and therefore, all the memory data entering and/or leaving the SOC on memory buses is encrypted using AES XTS.” Intel § 2)
key identification hardware to use a portion of the corresponding address to look up a corresponding key identifier in a key information data structure, wherein the corresponding key identifier is one of a plurality of key identifiers and the corresponding key identifier is to identify one of the plurality of encryption keys to be used to encrypt and decrypt the data. (“The KeyID is included in the Page Table Entry as upper bits of the physical address field. In this example, KeyID 2 is shown. The remainder of the bits in the physical address field are used to address bits in the memory.” Intel § 3.1. see also key table of Intel § 6.1)

As to claim 2, Intel discloses the machine of claim 1 and further discloses: wherein the portion of the corresponding address is an address of one of the plurality of memory region to be protected by encryption with the one of the plurality of encryption keys identified by the corresponding key identifier. (“The KeyID is included in the Page Table Entry as upper bits of the physical address field. In this example, KeyID 2 is shown. The remainder of the bits in the physical address field are used to address bits in the memory.” Intel § 3.1. see also key table of Intel § 6.1).

As to claim 3, Intel discloses the machine of claim 2 and further discloses: wherein the one of the plurality of memory regions is a page. (“The KeyID is included in the Page Table Entry as upper bits of the physical address field. In this example, KeyID 2 is shown. The remainder of the bits in the physical address field are used to address bits in the memory.” Intel § 3.1. see also key table of Intel § 6.1).

As to claim 9, Intel discloses the machine of claim 1 and further discloses: 
wherein the key information data structure is to be stored in a system memory, further comprising a key information cache to cache entries from the key information data structure. (“MKTME retains the existing behavior of the caches and TLB for the entire physical address, including the KeyID portion of the physical address” Intel § 7.2.)

As to claims 13 and 17, Intel discloses the machine/method of claims 1 and 16 and further discloses: 
further comprising an instruction decoder to decode a first instruction to write (“PCONFIG is a new instruction that is used to program KeyID attributes for MKTME.” Intel § 6.1.  Existence of an instruction makes an instruction decoder inherent.) to the key information data structure, (Intel Figure 2, page table and Figure 3, key table) wherein the first instruction is the only way for software to write to the key information data structure and is to write only to the key information structure. (“The MKTME_KEY_PROGRAM leaf of PCONFIG is used by software to manage the key associated with a KeyID.” Intel § 6.2.1.1. No other instructions for accessing the “new” features are listed.)

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 4-6, and 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Intel in view of Khosravi et al., US 2019/0147192 (published 2019-05).

As to claim 4, Intel discloses the machine of claim 3 and but does not explicitly disclose: wherein the portion of the corresponding address is a page frame number. 

Khosravi discloses:
wherein the portion of the corresponding address is a page frame number. 
(“Memory 114 may be organized according to physical memory pages (e.g., memory frames) that each have a fixed size. Each memory frame may be associated with an identifier that uniquely identifies the memory frame. A virtual memory page of the virtual address may be mapped corresponding to a fixed-sized unit in the physical address space of memory 114 (e.g., a memory frame, a physical memory page). During execution of a guest application (e.g., a VM) within TD 124A, 124N, responsive to a request to access memory 114, processor 112 may use mappings (e.g., mappings of virtual memory page to physical memory page in page tables such as GPT 184 of the guest application and EPT 182 of TDRM 122) to access physical memory pages of memory 114.” Khosravi ¶ 47)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Intel with Khosravi by including the key identifier in a page frame mapping table. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Intel with Khosravi in order to allow encryption of virtual memory; thereby allowing memory to be virtualized by associating the key with the physical memory page frames.

As to claim 5, Intel in view of Khosravi discloses the machine of claim 4 and further discloses:
wherein the corresponding address is an address of a memory location within the page. (“The KeyID is included in the Page Table Entry as upper bits of the physical address field. In this example, KeyID 2 is shown. The remainder of the bits in the physical address field are used to address bits in the memory.” Intel § 3.1. see also key table of Intel § 6.1).

As to claim 6, Intel in view of Khosravi discloses the machine of claim 5 and further discloses:
wherein the key information data structure is to include an entry per page, wherein each entry is to include a key identifier field.
(“The KeyID is included in the Page Table Entry as upper bits of the physical address field. In this example, KeyID 2 is shown. The remainder of the bits in the physical address field are used to address bits in the memory.” Intel § 3.1. see also key table of Intel § 6.1. Every page table entry includes a key id).

As to claim 8, Intel in view of Khosravi discloses the machine of claim 6 and further discloses:
wherein each entry is to include an indicator (“When MKTME is activated, the upper bits of platform physical address (starting with the highest order bit available as enumerated by the CPUID MAX_PA info) are repurposed for usage as a KeyID as shown below.” Intel § 5, the key-id indicating it is one of a group of entries) to indicate that the entry is one of a group of entries in which the key identifier field is storing a first key identifier, wherein the first key identifier is the same for each entry. (Intel Figure 2, showing a key-id used for multiple entries. E.g. a first key identifier 2 is the same for a plurality of entities.)

Claim(s) 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Intel in view of Khosravi et al., US 2019/0147192 (published 2019-05), and Noel et al., US 6,804,766 (filed 1997)
As to claim 7, Intel in view of Khosravi discloses the machine of claim 6 but does not disclose:
wherein each entry is to include an indicator to indicate whether data to be stored at the corresponding address is private.

Noel discloses:
wherein each entry is to include an indicator to indicate whether data to be stored at the corresponding address is private.
(“Three of the flags are relevant in the invention: a "shared page tables" flag SHARED_PTS 452, a "memory resident" flag MRES 454, and a "pre-allocate" flag ALLOC 456” Noel col. 13, ln. 32. “SHARED_PTS	Created region requires the virtual address space created within it to be capable of using shared page tables. If this flag is not specified, the virtual address space created within the region is mapped by process- private page tables only. By default, the region does not allow the use of shared page tables.” Noel col. 10, table 2)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have modified Intel in view of Khosravi with Noel by including the shared page table flags of Noel to indicate that the page table is not private and is shared.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Intel in view of Khosravi with Noel in order to allow processes to share page tables, thereby reducing memory requirements due to the sharing and increasing processor speed due to the shared pages being directly accessible (Noel Col. 3, ln. 15).


Claim(s) 10-12, 14, 15, and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Intel in view of Durham et al., US 2020/0057664 (published 2020-02).
As to claims 10 and 18 Intel discloses the machine of claims 1 and 16 and further discloses: 
further comprising an instruction decoder to decode a first instruction (“PCONFIG is a new instruction that is used to program KeyID attributes for MKTME.” Intel § 6.1.  Existence of an instruction makes an instruction decoder inherent.) to … from the key information data structure (Intel Figure 2, page table and Figure 3, key table), wherein the first instruction is the only way for software to read from the key information data structure and is to read only from the key information structure. (“The MKTME_KEY_PROGRAM leaf of PCONFIG is used by software to manage the key associated with a KeyID.” Intel § 6.2.1.1. No other instructions for accessing the “new” features are listed.)

	Intel does not disclose: read

	Durham discloses: read
(“When a guest virtual machine (or agent) is to be initially launched or resumed, the key domain identifier/address selector is specified by the unused bits of an address provided in a VM Pointer Load (VMPTRLD) instruction that loads a control structure (VMCS) for the guest virtual machine (or agent) to be launched or resumed. In response to the VMPTRLD function call, CPU hardware reads the VMCS inside the key domain by setting the key domain identifier/address selector in the physical address. If the VMCS is invalid or corrupted, the host VMM will reject the requested VMPTRLD function call to load the VMCS. If the VMCS is valid, the VMCS will be written to cache for use by the agent or guest VM that is to be launched, the guest address space identifier will be flushed, and the guest state cleared so that the new VMCS can configure the address space and guest state for the newly-launched VM or agent.” Durham ¶ 338. See also Durham ¶¶ 435-436 and Fig. 49B)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Intel with Durham by utilizing a VMPTRLD and its associated address to read the key.  IT would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Intel with Durham in order to allow the loading of encrypted data, such as a virtual machine, and using the read key identifier to validate and decrypt said data, thereby ensuring security and validity of the data, Durham ¶ 338.


	As to claim 11, Intel in view of Durham discloses the machine of claim 10 and further discloses:
wherein the first instruction has a format including a first field for an opcode and a second field for an operand, wherein the operand is to specify at least one of the plurality of memory regions. (“When a guest virtual machine (or agent) is to be initially launched or resumed, the key domain identifier/address selector is specified by the unused bits of an address provided in a VM Pointer Load (VMPTRLD) instruction” Durham ¶ 338. See also Durham ¶¶ 435-436 and Fig. 49B).

As to claim 12, Intel in view of Durham discloses the machine of claim 11 and further discloses:
wherein execution of the decoded first instruction includes reading the corresponding key identifier from the key information data structure, (“CPU hardware reads the VMCS inside the key domain by setting the key domain identifier/address selector in the physical address. If the VMCS is invalid or corrupted, the host VMM will reject the requested VMPTRLD function call to load the VMCS. If the VMCS is valid, the VMCS will be written to cache for use by the agent or guest VM that is to be launched, the guest address space identifier will be flushed, and the guest state cleared so that the new VMCS can configure the address space and guest state for the newly-launched VM or agent.” Durham ¶ 338. See also Durham ¶¶ 435-436 and Fig. 49B)
 wherein the corresponding key identifier corresponds to the at least one of the plurality of memory regions. (Intel Figure 2, showing a key-id used for multiple entries. E.g. a first key identifier 2 is the same for a plurality of entities.)

As to claim 14, Intel discloses the machine of claim 13 and further discloses:
wherein the first instruction has a format including a first field for an opcode, a second field for a first operand, and a third field for a second operand, (“PCONFIG is a new instruction that is used to program KeyID attributes for MKTME.” Intel § 6.1. “The MKTME_KEY_PROGRAM leaf of PCONFIG is used by software to manage the key associated with a KeyID…. The MKTME_KEY_PROGRAM leaf works using the MKTME_KEY_PROGRAM_STRUCT in memory, shown in Table 3.” Intel § 6.2.1.1)
wherein the first operand is to specify … and the second operand is to specify the corresponding key identifier. (Intel § 6.2.1.1, Table 3, “KEYID”)

Intel does not disclose:
at least one of the plurality of memory regions.

Durham discloses: at least one of the plurality of memory regions.
(““Receive Create Key Domain Command with Encrypted Key Domain Key” block 1710, the key domain-capable server CPU receives a Create Key Domain command with input parameters KD_Id, the local key domain identifier (key domain address selector), and Encrypted_Key, the encrypted key domain key.” Durham ¶ 232).


A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Intel with Durham by utilizing a create key domain instruction.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Intel with Durham in order to allow the creation of key domains that secure virtual machines from tampering thereby securing client workloads in the virtual machines, Durham ¶ 69.

As to claim 15, Intel in view of Durham discloses the machine of claim 14 and further discloses:
wherein execution of the decoded first instruction includes writing the corresponding key identifier to the key information data structure, (“CPU hardware reads the VMCS inside the key domain by setting the key domain identifier/address selector in the physical address. If the VMCS is invalid or corrupted, the host VMM will reject the requested VMPTRLD function call to load the VMCS. If the VMCS is valid, the VMCS will be written to cache for use by the agent or guest VM that is to be launched, the guest address space identifier will be flushed, and the guest state cleared so that the new VMCS can configure the address space and guest state for the newly-launched VM or agent.” Durham ¶ 338. See also Durham ¶¶ 435-436 and Fig. 49B)
 wherein the corresponding key identifier corresponds to the at least one of the plurality of memory regions. (Intel Figure 2, showing a key-id used for multiple entries. E.g. a first key identifier 2 is the same for a plurality of entities.)

Claim(s) 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Intel in view of Wang et al., US 2020/0042442 (published 2020-02).
As to claim 20, Intel discloses the machine of claim 16 but does not disclose:
wherein the core is to access the memory through a plurality of memory channels and at least a portion of the key information data structure is to be copied for more than one of the plurality of memory channels.

Wang discloses:
(“To alleviate such data leakage in the XOM model, oblivious random access memory (ORAM) (e.g., implementing Path ORAM) may be used to protect data privacy on untrusted memory by reshuffling memory data after each memory access. Path ORAM is a tree based ORAM protocol, and maintains a position map using a recursive ORAM.” Wang ¶ 5)
wherein the core is to access the memory through a plurality of memory channels and at least a portion of the key information data structure is to be copied for more than one of the plurality of memory channels. (“the accessing data saved in the one or more unsecure memory modules may include converting the memory access request into a plurality of memory accesses on a Path ORAM tree, and delegating the Path ORAM tree across memory channels including a secure channel and one or more non-secure channels of the D-ORAM 140. In some cases, the delegating the Path ORAM tree may include balancing a space demand for the secure channel 226A by reallocating the plurality of memory accesses to a last level of a Path ORAM tree node set for the secure channel 226A to the one or more non-secure channels 226B.” Wang ¶ 54)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have modified Intel with Wang by utilizing the data splitting across multiple channels of Wang to store the data of Intel, including the page tables with associated key identifiers shown in Intel Figure 2.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Intel with Wang in order to protect the data by splitting it among the various memory components, thereby obfuscating and securing the data, Wang ¶ 5

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892, particularly:
Bower et al., US 10,721,067, discloses a secure processor that encrypts memory and associates memory addresses with encryption keys. 


Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL W CHAO whose telephone number is (571)272-5165. The examiner can normally be reached M, W-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MICHAEL W CHAO/           Examiner, Art Unit 2492