Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This Office Action is in response to the response filed on 09/06/2022.
Claims 1-10 and 19 have been examined and are pending; claims 11-18 and 20 have been cancelled. This Action is made Non-FINAL.
Election/Restrictions
Applicant elects, with traverse, Group-I, comprising claims 1-10 with claim 19, for prosecution of this patent application in the reply filed on 09/06/2022 is acknowledged.
Information Disclosure Statement
The information disclosure statement (IDS), submitted on 08/13/2021 and 12/16/2019, are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 
Claim 19 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Regarding claim 19, the claimed limitations "means for" coupled with functional language, but it is modified by some structure, material, or acts recited in the claim; (Refer to MPEP §2181 [R-9], Federal Register/Vol. 76. No. 27~February 09, 2011~Notices -page 7167, and Guidelines posted on the USPTO's website from the following link: http.'//www.uspto.gov/patents/law/exam/examguide.jsp for further details). It is unclear whether the recited structure, material, or acts are sufficient for performing the claimed function because there is no corresponding algorithm disclosed in the specification. The corresponding structure for a computer-implemented function must include the algorithm as well as the general purpose computer or microprocessor. However, there is no corresponding algorithm disclosed in the specification. It is unclear as to how the claimed means-plus functions are performed and what corresponding structures and/or algorithms are utilized to perform said claimed "means for." As a result, the aforementioned drawings do not provide sufficient structure for performing claimed functions. If there is no structure in the specification corresponding to the means-plus-function limitation in the claims, the claims will be found invalid as indefinite." Biomedino, LLC vs. Waters Technology Corp., 490 F.3d 946, 950 (Fed. Cir. 2007).
If applicant wishes to have the claim limitation treated under 35 U.S.C. 112, sixthparagraph, applicant may amend the claim so that the phrase "means for" is clearly not modified by sufficient structure, material, or acts for performing the claimed function, or present a sufficient showing that the claim limitation is written as a function to be performed and the claim does not recite sufficient structure, material, or acts for performing the claimed function. 
If applicant does not wish to have the claim limitation treated under 35 U.S.C. 112, sixth paragraph, applicant may amend the claim so that it will clearly not invoke 35 U.S.C.112, sixth paragraph, or present a sufficient showing that the claim recites sufficientstructure, material, or acts for performing the claimed function to preclude application of35 U.S.C. 112, sixth paragraph. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C.
102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 3-4, 6-10 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Gupta (US 2018/0034792) and in view of Fujimoto (US 2003/0033537).
Regarding claim 1, Gupta discloses an apparatus, comprising: 
a processor (Gupta Fig. 1; 134);
 a memory system organized into pages, each of at least some pages being associated with a realm ID and encrypted with one of a plurality of keys identified by a realm key ID (Gupta par. 0028 and 0033. Gupta teaches that the key ID encryption system 101 utilizes a key identifier, such as a key prefix, that is included with encrypted data and that identifies a corresponding key (and, in some implementations, other encryption-relevant information). More particularly, the application 102 includes, and/or has access to, an application memory 110. As shown, the memory 110 may be utilized to store a key store 112 of secret keys for a plurality of objects represented by an application object 114. As also illustrated in FIG. 1, the memory 110 may be utilized to store a key identifier table. The key ID encryption system further includes a key identifier (ID) generator 122 that is configured to generate a unique (within the system 100) key identifier, such as a key prefix, to be stored within the key identifier table 115 for identifying a corresponding encryption key, and also to be attached to encrypted data by virtue of operations of an encryption engine 124. That is, once the key store 112 and the key identifier table 115 are configured, then at a time of encryption of data, a key selector 126 may be configured to select from among a plurality of live encryption keys to perform the desired encryption, while a key identifier handler 127 is configured to append, attach, or otherwise associate a corresponding key identifier to the encrypted data. See also par. 0029 and Fig. 1; 110); 
a realm management unit having a key ID association table configured to associate a realm ID with a realm key ID (Gupta par. 0041-0043, 0062 and Fig. 2. Gupta teaches that  able 200 illustrating an example of the key ID table 115 of FIG. 1. In the example of FIG. 2, a column 202 includes a key ID that is a short, unique (within the system) identifier of a corresponding key. More specifically, a column 204 includes a universally unique identifier (UUID) of each key corresponding to each key ID of the column 202. In other words, each UUID of the column 204 may be used to perform a lookup operation of a corresponding encryption key from the key store . a column 208 includes a realm ID, referencing a customer realm within the system . It may be noted that the encryption approach of FIGS. 1-6 also enables determinations of faults in data returned from the database, by mapping the key id in the data returned to the realm ID in the key table 115 (e.g., table 200 of FIG. 2). See also par. 0043, 0051); and 
Gupta teaches utilizes a key identifier, such as a key prefix, that is included with encrypted data and that identifies a corresponding key and/or has access to, an application memory  (Gupta par. 0028 ). However, Gupta does not explicitly disclose wherein a page in memory is configured to be accessed using a realm key ID associated with the realm ID associated with the page.
However, in an analogous art, Fujimoto teaches wherein a page in memory is configured to be accessed using a realm key ID associated with the realm ID associated with the page  (Fujimoto par. 0059 and 0199. Fujimoto teaches that The key data storage section 106b corresponding to each key ID is uniquely determined for the key ID, for example. For example, addresses are defined for a prescribed memory region in advance, and the encryption key corresponding to an address according to the key ID is stored into that address. when the microprocessor 100 makes an access to the external memory 1, the calculation processing unit 103 makes an access by regarding an encryption block that contains an address to be accessed on the external memory 1 as being encrypted by using the key indicated by the access key ID. See also par. 0100).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Fujimoto with the method and system of Gupta, wherein a page in memory is configured to be accessed using a realm key ID associated with the realm ID associated with the page to provide users with a means for  making an access to the memory  by using a key ID (Fujimoto par. 0156).
Regarding claim 2, Gupta and Fujimoto disclose the apparatus of claim 1,
Gupta further discloses further comprising: a memory management unit comprising: a translation lookaside buffer configured to associate a page with a memory address; and a memory ownership table configured to associate a memory address with a realm ID (Gupta par. 0062-0063. Gupta teaches that the encryption approach of FIGS. 1-6 also enables determinations of faults in data returned from the database, by mapping the key id in the data returned to the realm ID in the key table 115 (e.g., table 200 of FIG. 2) and  customer request for data is received (702). For example, encrypted customer or tenant data may be stored within the storage layer 104 using the table 400 of FIG. 4, as described above. In some implementations, each node on a cluster of the multi-tenant architecture of FIG. 1 serving a defined set of customers creates a cache during bootstrap or other startup operations, and loads entries for realms being served into the cache).
Regarding claim 3, Gupta and Fujimoto disclose the apparatus of claim 2,
Gupta further discloses wherein the translation lookaside buffer is further configured to cache recently accessed realm key IDs (Gupta par. 0062-0063. Gupta teaches that the encryption approach of FIGS. 1-6 also enables determinations of faults in data returned from the database, by mapping the key id in the data returned to the realm ID in the key table 115 (e.g., table 200 of FIG. 2) and  customer request for data is received (702). For example, encrypted customer or tenant data may be stored within the storage layer 104 using the table 400 of FIG. 4, as described above. In some implementations, each node on a cluster of the multi-tenant architecture of FIG. 1 serving a defined set of customers creates a cache during bootstrap or other startup operations, and loads entries for realms being served into the cache).
Regarding claim 4, Gupta and Fujimoto disclose the apparatus of claim 1,
Fujimoto further discloses wherein the key ID association table is a hash table indexed by a current hash function (Fujimoto par. 0046 and 0231. Fujimoto teaches that register group 102 has a register group (ordinary register group) 102a similar to that of the conventional microprocessor such as general purpose registers, index registers, control registers, etc., for example, and a key register group 102b to be used in the execution of the encryption processing of the programs and the like. The signature 206 is added in order to prove the legitimacy of the data 203 and 204 and the random number 205. This signature 206 is for indicating that it is generated by the microprocessor 100, for example, and can be given in a form of a digest of the data 203 and 204 and the random number 205 that is generated by MD5 (Message Digest 5), which is an example of the hash functions, for example. Else, in the case where the entire context is set as a single encrypted block or appropriately chained in the encryption of the context using the processor temporary key Kc, the random number 205 itself can be used as the signature 206).  
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Fujimoto with the method and system of Gupta, wherein a page in memory is configured to be accessed using a realm key ID associated with the realm ID associated with the page to provide users with a means for  making an access to the memory  by using a key ID (Fujimoto par. 0156).
Regarding claim 5, Gupta and Fujimoto disclose the apparatus of claim 4,
Gupta further discloses wherein each entry in the key ID association table comprises an indexed realm ID, at least one associated realm key ID, and a pointer to a next entry. (Gupta Fig.2 table 200).  
Regarding claim 6, Gupta and Fujimoto disclose the apparatus of claim 4,
Fujimoto further discloses wherein the key ID association table is configured to be indexed by two hashing functions (Fujimoto par. 0231. Fujimoto teaches that the signature 206 is added in order to prove the legitimacy of the data 203 and 204 and the random number 205. This signature 206 is for indicating that it is generated by the microprocessor 100, for example, and can be given in a form of a digest of the data 203 and 204 and the random number 205 that is generated by MD5 (Message Digest 5), which is an example of the hash functions, for example. Else, in the case where the entire context is set as a single encrypted block or appropriately chained in the encryption of the context using the processor temporary key Kc, the random number 205 itself can be used as the signature 206).  
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Fujimoto with the method and system of Gupta, wherein a page in memory is configured to be accessed using a realm key ID associated with the realm ID associated with the page to provide users with a means for  making an access to the memory  by using a key ID (Fujimoto par. 0156).
Regarding claim 10, Gupta and Fujimoto disclose the apparatus of claim 3,
Gupta further discloses wherein the memory management unit is configured to initiate a memory transaction using the realm key ID received from the realm management unit (Gupta par. 0029. Gupta teaches that the memory 110 may be utilized to store a tenant identifier (ID) 116 that identifies the tenant associated with the application object 114, and any related data, as obtained from the tenant-specific system data).
Regarding claim 19; Gupta discloses an apparatus, comprising: 
means for realm management comprising a means for storing realm key IDs by a realm ID (Gupta par. 0028 and 0033. Gupta teaches that the key ID encryption system 101 utilizes a key identifier, such as a key prefix, that is included with encrypted data and that identifies a corresponding key (and, in some implementations, other encryption-relevant information). More particularly, the application 102 includes, and/or has access to, an application memory 110. As shown, the memory 110 may be utilized to store a key store 112 of secret keys for a plurality of objects represented by an application object 114. As also illustrated in FIG. 1, the memory 110 may be utilized to store a key identifier table. The key ID encryption system further includes a key identifier (ID) generator 122 that is configured to generate a unique (within the system 100) key identifier, such as a key prefix, to be stored within the key identifier table 115 for identifying a corresponding encryption key, and also to be attached to encrypted data by virtue of operations of an encryption engine 124. That is, once the key store 112 and the key identifier table 115 are configured, then at a time of encryption of data, a key selector 126 may be configured to select from among a plurality of live encryption keys to perform the desired encryption, while a key identifier handler 127 is configured to append, attach, or otherwise associate a corresponding key identifier to the encrypted data. See also par. 0029 and Fig. 1; 110); 
wherein the means for storing realm key IDs  is configured to associate a realm key ID with the realm ID, and to provide the associated realm key ID when looked up with the realm ID (Gupta par. 0041-0043, 0062 and Fig. 2. Gupta teaches that  able 200 illustrating an example F of the key ID table 115 of FIG. 1. In the example of FIG. 2, a column 202 includes a key ID that is a short, unique (within the system) identifier of a corresponding key. More specifically, a column 204 includes a universally unique identifier (UUID) of each key corresponding to each key ID of the column 202. In other words, each UUID of the column 204 may be used to perform a lookup operation of a corresponding encryption key from the key store . a column 208 includes a realm ID, referencing a customer realm within the system . It may be noted that the encryption approach of FIGS. 1-6 also enables determinations of faults in data returned from the database, by mapping the key id in the data returned to the realm ID in the key table 115 (e.g., table 200 of FIG. 2). See also par. 0043, 0051).
Gupta teaches utilizes a key identifier, such as a key prefix, that is included with encrypted data and that identifies a corresponding key and/or has access to, an application memory  (Gupta par. 0028 ). However, Gupta does not explicitly disclose means for realm management comprising a means for storing realm key IDs indexed.
However, in an analogous art, Fujimoto teaches means for realm management comprising a means for storing realm key IDs indexed (Fujimoto par. 0046. Fujimoto teaches that register group 102 has a register group (ordinary register group) 102a similar to that of the conventional microprocessor such as general purpose registers, index registers, control registers, etc., for example, and a key register group 102b to be used in the execution of the encryption processing of the programs and the like).  
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Fujimoto with the method and system of Gupta, wherein a page in memory is configured to be accessed using a realm key ID associated with the realm ID associated with the page to provide users with a means for  making an access to the memory  by using a key ID (Fujimoto par. 0156).
Allowable Subject Matter
Claims 7-9 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANCHIT K SARKER whose telephone number is (571)270-7907. The examiner can normally be reached M-F 8:30 AM-5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, FARID HOMAYOUNMEHR can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SANCHIT K SARKER/Primary Examiner, Art Unit 2495