SECURING SENSITIVE DEBUG DATA

§102 §103

NON-FINAL OFFICE ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 1, 3, 5-8, 11, 12, 14, 15, and 17-19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by U.S. Patent Pub. No. 2017/0323110 to Griffith et al. (hereinafter Griffith). Griffith discloses: 1. A computer-implemented method comprising: monitoring, by an exception handler, an operational state of a processor-based system, wherein the monitoring comprises identifying a system error that satisfies a reboot condition, wherein the system schedules a reboot event responsive to satisfaction of the reboot condition (paras. [0014]-[0015] – failure results in system restart); generating debug data indicative of the operational state when the system error occurred (paras. [0015], [0025], [0043] – system snapshot is generated); storing the debug data in a memory that retains data during the reboot event [paras. [0024], [0026] - snapshot stored to external storage); intercepting a debug data request from an untrusted entity, thereby preventing the untrusted entity from directly accessing the debug data in the memory (paras. [0018], [0019], [0027], [0037] – snapshot access by software vendor); analyzing the debug data using a sensitive data detection process, wherein the analyzing detects sensitive data in the debug data (paras. [0027], [0044]-[0049], [0051]-[0053]); generating modified debug data by performing a data protection process on the debug data (para. [0054]); and sending, as a response to the debug data request, the modified debug data to the untrusted entity ([0018], [0019]). 3. The method of claim 1, wherein the debug data comprises data extracted from a processor register (para. [0025]). 5. The method of claim 1, wherein the data protection process comprises performing a protective measure against a leak of the sensitive data (paras. [0027], [0044]-[0049], [0051]-[0053]). 6. The method of claim 5, wherein protective measure comprises sanitizing the debug data by removing the sensitive data from the debug data (paras. [0027], [0044]-[0049], [0051]-[0053]). 7. The method of claim 5, wherein the protective measure comprises detecting whether sensitive data was being processed during a window of time in which the system error occurred (paras. [0027], [0044]-[0049], [0051]-[0053]). 8. The method of claim 7, wherein the protective measure further comprises, responsive to detecting that sensitive data was being processed during the window of time, sanitizing the debug data by removing the sensitive data from the debug data (paras. [0027], [0044]-[0049], [0051]-[0053]). Claims 11, 14, 15, are a computer program product for performing the identical method as recited in claims 1, 6, and 7 and are rejected under the same rationale. 12. The computer program product of claim I1, wherein the stored program instructions are stored in a computer readable storage device in a data processing system, and wherein the stored program instructions are transferred over a network from a remote data processing system (para. [0060]). Claims 17, 18, and 19 are a computer system for performing the identical method as recited in claims 1, 6, and 7 and are rejected under the same rationale. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 2 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Griffiths in view of U.S. Patent No. 11,188,407 to Swanson et al. (hereinafter Swanson). Griffiths does not disclose expressly: 2. The method of claim 1, wherein the system error is associated with a kernel error involving a halt to at least a portion of a kernel operating on the system. Swanson teaches monitoring for a system error that is associated with a kernel error involving a halt to at least a portion of a kernel operating on the system (col. 2, lns. 35-44). Before the effective filing date of the claimed invention, it would have been obvious to a person of ordinary skill in the art to modify Griffiths by monitoring for a system error associated with a kernel error, as taught by Swanson. A person of ordinary skill in the art would have been motivated to do so because a kernel crash is a common type of error that leas to a crash dump, as discussed by Swanson (col. 1, lns. 9-14 and col. 2, lns. 35-40). Therefore, it would have been obvious to combine Griffiths with Swanson to achieve the invention as recited in claim 2. Modified Griffiths discloses: 10. The method of claim 1, wherein the sending of the modified debug data comprises sending the modified debug data using a trusted protocol (Swanson – col. 2, lns. 6-11). Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Griffiths in view of U.S. Patent Pub. No. 2009/0031166 to Kathail et al. (hereinafter Kathail). Griffiths does not disclose expressly: 4. The method of claim 1, wherein the reboot event comprises a warm reboot that does not initialize the memory. Kathail teaches a reboot event comprises a warm reboot that does not initialize the memory (paras. [0005]). Before the effective filing date of the claimed invention, it would have been obvious to a person of ordinary skill in the art to modify Griffiths by performing a warm reboot, as taught by Kathail. A person of ordinary skill in the art would have been motivated to do so in order to preserve the crash dump file, as discussed by Kathail (para. [0040]). Claims 9, 16, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Griffiths in view of U.S. Patent Pub. No. 2021/0019264 to Patel et al. (hereinafter Patel). Griffiths does not disclose expressly: 9. The method of claim 5, wherein the protective measure comprises encrypting sensitive data in the debug data. Patel teaches a protective measure comprises encrypting sensitive data in the debug data (para. [0012]). Before the effective filing date of the claimed invention, it would have been obvious to a person of ordinary skill in the art to modify Griffiths by encrypting sensitive data, as taught by Patel. A person of ordinary skill in the art would have been motivated to do so because encrypting the sensitive data or removing the sensitive data can be interchangeably used for the same purpose, as discussed by Patel (para. [0012]). Since Griffiths discloses removing sensitive data (paras. [0027], [0044]-[0049], [0051]-[0053]), it would have been obvious to a person of ordinary skill in the art to either remove or encrypt the sensitive data to achieve the invention as recited in claim 9. Claim 16 is a computer program product for performing the identical method as recited in claim 9, and is rejected under the same rationale. Claim 20 is a computer system for performing the identical method as recited in claim 9, and is rejected under the same rationale. Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Griffiths in view of U.S. Patent Pub. No. 2022/0405163 to Patel et al. (hereinafter Patel2). Griffiths does not disclose expressly: 13. The computer program product of claim 11, wherein the stored program instructions are stored in a computer readable storage device in a server data processing system, and wherein the stored program instructions are downloaded in response to a request over a network to a remote data processing system for use in a computer readable storage device associated with the remote data processing system, further comprising: program instructions to meter use of the program instructions associated with the request; and program instructions to generate an invoice based on the metered use. Patel2 discloses wherein the stored program instructions are stored in a computer readable storage device in a server data processing system, and wherein the stored program instructions are downloaded in response to a request over a network to a remote data processing system for use in a computer readable storage device associated with the remote data processing system, further comprising: program instructions to meter use of the program instructions associated with the request (para. [0080]); and program instructions to generate an invoice based on the metered use (para. [0095]). Before the effective filing date of the claimed invention, it would have been obvious to a person of ordinary skill in the art to modify Griffiths by metering and invoicing, as taught by Patel2. A person of ordinary skill in the art would have been motivated to do so in order to provide transparency for both provider and consumer, as discussed by Patel2 (para. [0080]). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to Philip Guyton whose telephone number is (571)272-3807. The examiner can normally be reached M-F 8:00-4:30. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bryce Bonzo can be reached at (571)272-3655. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /PHILIP GUYTON/ Primary Examiner, Art Unit 2113