SECURING SENSITIVE DEBUG DATA

FINAL OFFICE ACTION Response to Arguments Applicant’s arguments with respect to the claims have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1, 3, 5-8, 11, 12, 14, 15, and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Pub. No. 2017/0323110 to Griffith et al. (hereinafter Griffith) in view of U.S. Patent Pub. No. 2021/0232337 to Talvitie et al. (hereinafter Talvitie). Griffith discloses: 1. A computer-implemented method comprising: monitoring, by an exception handler, an operational state of a processor-based system, wherein the monitoring comprises identifying a system error that satisfies a reboot condition, wherein the system schedules a reboot event responsive to satisfaction of the reboot condition (paras. [0014]-[0015] – failure results in system restart); generating debug data indicative of the operational state when the system error occurred (paras. [0015], [0025], [0043] – system snapshot is generated); storing the debug data in a protected memory that retains data during the reboot event [paras. [0024], [0026] - snapshot stored to external storage); intercepting, by a secure debugging module, a debug data request from an untrusted entity, thereby preventing the untrusted entity from directly accessing the debug data in the protected memory (paras. [0018], [0019], [0027], [0037] – snapshot access by software vendor); analyzing the debug data using a sensitive data detection process, wherein the analyzing detects sensitive data in the debug data (paras. [0027], [0044]-[0049], [0051]-[0053]); generating modified debug data by performing a data protection process on the debug data (para. [0054]); and sending, as a response to the debug data request, the modified debug data to the untrusted entity ([0018], [0019]). Griffith does not disclose expressly wherein the protected memory is hard coded, the hard coding limiting an access to the protected memory by a secure debugging module. Talvitie teaches wherein the protected memory is hard coded, the hard coding limiting an access to the protected memory by a secure debugging module (paras. [0049]-[0052]). Before the effective filing date of the claimed invention, it would have been obvious to a person of ordinary skill in the art to modify Griffith by hard coding the protected memory, as taught by Talvitie. A person of ordinary skill in the art would have been motivated to do so in order to switch between secure and non-secure states without requiring dedicated processor instructions, as discussed by Talvitie (para. [0057]). Modified Griffith discloses: 3. The method of claim 1, wherein the debug data comprises data extracted from a processor register (Griffith - para. [0025]). 5. The method of claim 1, wherein the data protection process comprises performing a protective measure against a leak of the sensitive data (Griffith - paras. [0027], [0044]-[0049], [0051]-[0053]). 6. The method of claim 5, wherein protective measure comprises sanitizing the debug data by removing the sensitive data from the debug data (Griffith - paras. [0027], [0044]-[0049], [0051]-[0053]). 7. The method of claim 5, wherein the protective measure comprises detecting whether sensitive data was being processed during a window of time in which the system error occurred (Griffith - paras. [0027], [0044]-[0049], [0051]-[0053]). 8. The method of claim 7, wherein the protective measure further comprises, responsive to detecting that sensitive data was being processed during the window of time, sanitizing the debug data by removing the sensitive data from the debug data (Griffith - paras. [0027], [0044]-[0049], [0051]-[0053]). Claims 11, 14, 15, are a computer program product for performing the identical method as recited in claims 1, 6, and 7 and are rejected under the same rationale. 12. The computer program product of claim I1, wherein the stored program instructions are stored in a computer readable storage device in a data processing system, and wherein the stored program instructions are transferred over a network from a remote data processing system (Griffith - para. [0060]). Claims 17, 18, and 19 are a computer system for performing the identical method as recited in claims 1, 6, and 7 and are rejected under the same rationale. Claims 2 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Griffith in view of Talvitie and further in view of U.S. Patent No. 11,188,407 to Swanson et al. (hereinafter Swanson). Griffith does not disclose expressly: 2. The method of claim 1, wherein the system error is associated with a kernel error involving a halt to at least a portion of a kernel operating on the system. Swanson teaches monitoring for a system error that is associated with a kernel error involving a halt to at least a portion of a kernel operating on the system (col. 2, lns. 35-44). Before the effective filing date of the claimed invention, it would have been obvious to a person of ordinary skill in the art to modify Griffith by monitoring for a system error associated with a kernel error, as taught by Swanson. A person of ordinary skill in the art would have been motivated to do so because a kernel crash is a common type of error that leas to a crash dump, as discussed by Swanson (col. 1, lns. 9-14 and col. 2, lns. 35-40). Therefore, it would have been obvious to combine Griffiths with Swanson to achieve the invention as recited in claim 2. Modified Griffith discloses: 10. The method of claim 1, wherein the sending of the modified debug data comprises sending the modified debug data using a trusted protocol (Swanson – col. 2, lns. 6-11). Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Griffith in view of Talvitie and further in view of U.S. Patent Pub. No. 2009/0031166 to Kathail et al. (hereinafter Kathail). Griffiths does not disclose expressly: 4. The method of claim 1, wherein the reboot event comprises a warm reboot that does not initialize the memory. Kathail teaches a reboot event comprises a warm reboot that does not initialize the memory (paras. [0005]). Before the effective filing date of the claimed invention, it would have been obvious to a person of ordinary skill in the art to modify Griffith by performing a warm reboot, as taught by Kathail. A person of ordinary skill in the art would have been motivated to do so in order to preserve the crash dump file, as discussed by Kathail (para. [0040]). Claims 9, 16, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Griffith in view of Talvitie and further in view of U.S. Patent Pub. No. 2021/0019264 to Patel et al. (hereinafter Patel). Griffith does not disclose expressly: 9. The method of claim 5, wherein the protective measure comprises encrypting sensitive data in the debug data. Patel teaches a protective measure comprises encrypting sensitive data in the debug data (para. [0012]). Before the effective filing date of the claimed invention, it would have been obvious to a person of ordinary skill in the art to modify Griffith by encrypting sensitive data, as taught by Patel. A person of ordinary skill in the art would have been motivated to do so because encrypting the sensitive data or removing the sensitive data can be interchangeably used for the same purpose, as discussed by Patel (para. [0012]). Since Griffith discloses removing sensitive data (paras. [0027], [0044]-[0049], [0051]-[0053]), it would have been obvious to a person of ordinary skill in the art to either remove or encrypt the sensitive data to achieve the invention as recited in claim 9. Claim 16 is a computer program product for performing the identical method as recited in claim 9, and is rejected under the same rationale. Claim 20 is a computer system for performing the identical method as recited in claim 9, and is rejected under the same rationale. Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Griffith in view of Talvitie and further in view of U.S. Patent Pub. No. 2022/0405163 to Patel et al. (hereinafter Patel2). Griffith does not disclose expressly: 13. The computer program product of claim 11, wherein the stored program instructions are stored in a computer readable storage device in a server data processing system, and wherein the stored program instructions are downloaded in response to a request over a network to a remote data processing system for use in a computer readable storage device associated with the remote data processing system, further comprising: program instructions to meter use of the program instructions associated with the request; and program instructions to generate an invoice based on the metered use. Patel2 discloses wherein the stored program instructions are stored in a computer readable storage device in a server data processing system, and wherein the stored program instructions are downloaded in response to a request over a network to a remote data processing system for use in a computer readable storage device associated with the remote data processing system, further comprising: program instructions to meter use of the program instructions associated with the request (para. [0080]); and program instructions to generate an invoice based on the metered use (para. [0095]). Before the effective filing date of the claimed invention, it would have been obvious to a person of ordinary skill in the art to modify Griffith by metering and invoicing, as taught by Patel2. A person of ordinary skill in the art would have been motivated to do so in order to provide transparency for both provider and consumer, as discussed by Patel2 (para. [0080]). Conclusion Applicant's amendment necessitated the new grounds of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Philip Guyton whose telephone number is (571)272-3807. The examiner can normally be reached M-F 8:00-4:30. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bryce Bonzo can be reached at (571)272-3655. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /PHILIP GUYTON/ Primary Examiner, Art Unit 2113