METHODS AND APPARATUS TO MANAGE DEBUGGING INTERFACES OF COMPUTING DEVICES

§101 §103

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This is the initial office action based on the application filed on March 28th, 2024, which claims 1-20 are presented for examination. Status of Claims 3. Claims 1-20 are pending, of which claims, of which claim 1, claim 10 and 16 are in independent form. Priority 4. No priority has been considered for this application. The Office's Note: 5. The Office has cited particular paragraphs / columns and line numbers in the reference(s) applied to the claims above for the convenience of the Applicant. Although the specified citations are representative of the teachings of the art and are applied to specific limitations within the individual claim(s), other passages and figures may apply as well. It is respectfully requested from the Applicant in preparing responses, to fully consider the references in entirety as potentially teaching all or part of the claimed invention, as well as the context of the cited passages as taught by the prior art or relied upon by the Examiner. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. 6. Claims 1-20 rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. Claim 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Claim 1, claim 10 and claim 16 recite “check the debug authentication status in the first memory; perform an authentication procedure in response to determining that the debug authentication status stored in the first memory does not indicate that debug is allowed; and set the debug authentication status in the first memory to indicate that debug is allowed in response to a successful performance of the authentication procedure.” as drafted, are functions that, under its broadest reasonable interpretation, recite the abstract idea of a mental process. The limitations encompass a human mind carrying out the function through observation, evaluation judgment and /or opinion, or even with the aid of pen and paper. Thus, this limitation recites and falls within the “Mental Processes” grouping of abstract ideas under Prong 1. Under Prong 2, this judicial exception is not integrated into a practical application. The additional elements ““memory”, and “processor” are recited at a high-level of generality such that it amounts no more than mere instructions to apply the exception using generic computer, and/or mere computer components, and “perform an authentication procedure in response to determining that the debug authentication status stored in the first memory does not indicate that debug is allowed; and set the debug authentication status in the first memory to indicate that debug is allowed in response to a successful performance of the authentication procedure” do nothing more than add insignificant extra solution activity to the judicial exception of merely gathering, displaying, updating, transmitting and storing data/information. Accordingly, the additional elements do not integrate the recited judicial exception into a practical application and the claim is therefore directed to the judicial exception. See MPEP 2106.05(g). Under Step 2B, the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements of ““memory,” and “processor” are recited at a high-level of generality such that it amounts no more than mere instructions to apply the exception using generic computer, and/or mere computer components, and “perform an authentication procedure in response to determining that the debug authentication status stored in the first memory does not indicate that debug is allowed; and set the debug authentication status in the first memory to indicate that debug is allowed in response to a successful performance of the authentication procedure””, the courts have identified merely gathering, displaying, updating, transmitting and storing data/information on a display is well-understood, routine and conventional activity. See MPEP 2106.05(d). The recitation of generic computer instruction and computer components to apply the judicial exception, and merely displaying data do not amount to significantly more, thus, cannot provide an inventive concept. Accordingly, the claims are not patent eligible under 35 USC 101. In conclusion, claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 7. Claim 1-20 rejected under 35 U.S.C. 103(a) as being unpatentable over Kataria et al. (US 20220027519) and further in view of Mayer US 20230267094 (hereinafter Mayer). Claim 1 is rejected, Kataria teaches an apparatus comprising: (Kataria, abstract and summary) first memory configured to store a debug authentication status (Kataria, US 20220027519, fig. 1 and para [0032], validation circuit 122 is further configured to receive certificate 135 that was generated by server computer system 115, and to decode debug permissions 140 using the identification value… Device 105 has access to, or may generate, the same keyword based on this identification value. Para [0033-0034], Using the decoded debug permissions 140, validation circuit 122 is further configured to enable one or more of the debug features on debug circuit 120. Certificate 135 may, for example, indicate that the user is allowed to access debug features associated with a graphics processor included in device 105. Debug system 110 is then allowed access to one or more of the debug features of device 105 based on debug permissions 140 in certificate 135. Debug system 110, for example, may send, to validation circuit 122, requests for setting breakpoints and tracing code execution by the graphics processor. Based on the permissions in the validated certificate 135, validation circuit 122 forwards these requests on to debug circuit 120 to be performed. Fig. 9, memory circuit – 950 and para [0111-0112].); a processor (Kataria, Fig. 9, processor complex – 910 and para [0108-0109])); second memory storing instructions that, when executed, cause the processor to (Kataria, Fig. 9, memory circuit – 950 and para [0111-0112]. fig. 9, processor complex – 910 and para [0108-0109]): check a debug authentication status in the first memory (Kataria, US 2022027519, para [0045], Validation circuit 122, using cryptographic circuit 224, validates any additional encrypted/hashed values that may be used to confirm that certificate 135 is a valid certificate issued by server computer system 115.); perform an authentication procedure in response to determining that the debug authentication status stored in the first memory does not indicate that debug is allowed (Kataria, para [0046], Received certificate 135 further includes encoded debug permissions. In response to a successful validation of certificate 135, validation circuit 122 is configured to, as shown, extract and decode the encoded debug permissions. In some embodiments, the debug permissions are encoded using the previously sent identification value, in whole or in part. In such embodiments, validation circuit 122 decodes the debug permissions using the identification value.); and set the debug authentication status in the first memory to indicate that debug is allowed in response to a successful performance of the authentication procedure(Kataria, para [0046], Validation circuit 122 is further configured to, using the decoded debug permissions, initiate an active debug session. During an active debug session, validation circuit 122 enables one or more of debug features 230 for access by debug system 110. In response to the enabling, debug system 110 may send debug requests to debug circuit 120 via validation circuit 122. The enabled ones of debug features 230 allow access to one or more of functional circuits 250.). The Office would like to use prior art to Mayer back up Kataria to further teach limitation set the debug authentication status in the first memory to indicate that debug is allowed in response to a successful performance of the authentication procedure(Mayer, US 20230267094, para [0074-0075], In further examples, the privileged software (the debug configuration software or first debug instructions) can run first and may be designed to obtain the setting to be made from a source outside the system on a chip 300 as data generated by means of an authenticated method and to authenticate said setting. The privileged user can provide the setting to be made, for example. Fig. 5 and para [0076], The registers in which the trace configuration can be set are shown in FIG. 5 by way of illustration with fields, bits, types, descriptions, and so on. For the sake of clarity, this information is not repeated here. In one example, the register is configured to store read and write permissions for respective address ranges relating to respective virtual machines, and access to memory associated with various virtual machines is controlled by selectively storing read and/or write permissions to various address ranges in the register. For example, read and write permission for address ranges associated with VM2 (the VM being debugged) while read and write permission may not be stored for address ranges relating to VM1 (the VM to which access is to be blocked). It would have obvious to one having ordinary skill in the art before the effecting filing date of the claimed invention to combine the teachings of cited references. Thus, one of ordinary skill in the art before the effecting filing date of the claimed invention would have been motivated to incorporate Mayer into Kataria to execute debug instructions after the SOC has started operating in a debug mode. The debug instructions cause the processor core to make a debug setting that prevents another processor core executing another set of debug instructions from accessing one of the virtual machines and allows the latter core executing the latter set of instructions to access the other virtual machine, after the former instructions are executed, where the latter core is a hardware security module (HSM) and a hardware bus master of the module.as suggested by Mayer (See abstract and summary). Claim 2 is rejected for the reasons set forth hereinabove for claim 1, Kataria and Mayer teach the apparatus of claim 1, wherein the instructions, when executed, cause the processor to allow a debug session in response to a successful performance of the authentication procedure(Kataria, para [0046], Validation circuit 122 is further configured to, using the decoded debug permissions, initiate an active debug session. During an active debug session, validation circuit 122 enables one or more of debug features 230 for access by debug system 110. In response to the enabling, debug system 110 may send debug requests to debug circuit 120 via validation circuit 122. The enabled ones of debug features 230 allow access to one or more of functional circuits 250.). Claim 3 is rejected for the reasons set forth hereinabove for claim 1, Kataria and Mayer teach the apparatus of claim 1, wherein the instructions, when executed, cause the processor to clear one or more bits indicating the debug authentication status in the first memory in response to a failed performance of the authentication procedure(Kataria, para [0045], A failure to validate any one these values may result in validation circuit 122 denying certificate 135 and refusing access to debug features 230. Mayer, para [0074-0075], In further examples, the privileged software (the debug configuration software or first debug instructions) can run first and may be designed to obtain the setting to be made from a source outside the system on a chip 300 as data generated by means of an authenticated method and to authenticate said setting. The privileged user can provide the setting to be made, for example. Fig. 5 and para [0076], The registers in which the trace configuration can be set are shown in FIG. 5 by way of illustration with fields, bits, types, descriptions, and so on. For the sake of clarity, this information is not repeated here. In one example, the register is configured to store read and write permissions for respective address ranges relating to respective virtual machines, and access to memory associated with various virtual machines is controlled by selectively storing read and/or write permissions to various address ranges in the register. For example, read and write permission for address ranges associated with VM2 (the VM being debugged) while read and write permission may not be stored for address ranges relating to VM1 (the VM to which access is to be blocked). Claim 4 is rejected for the reasons set forth hereinabove for claim 1, Kataria and Mayer teach the apparatus of claim 1, wherein the instructions, when executed, cause the processor to disallow a debug session in response to a failed performance of the authentication procedure(Kataria, para [0045], A failure to validate any one these values may result in validation circuit 122 denying certificate 135 and refusing access to debug features 230. nfiguration software or first debug instructions) can run first and may be designed to obtain the setting to be made from a source outside the system on a chip 300 as data generated by means of an authenticated method and to authenticate said setting. The privileged user can provide the setting to be made, for example. Fig. 5 and para [0076], The registers in which the trace configuration can be set are shown in FIG. 5 by way of illustration with fields, bits, types, descriptions, and so on. For the sake of clarity, this information is not repeated here. In one example, the register is configured to store read and write permissions for respective address ranges relating to respective virtual machines, and access to memory associated with various virtual machines is controlled by selectively storing read and/or write permissions to various address ranges in the register. For example, read and write permission for address ranges associated with VM2 (the VM being debugged) while read and write permission may not be stored for address ranges relating to VM1 (the VM to which access is to be blocked). Claim 5 is rejected for the reasons set forth hereinabove for claim1, Kataria and Mayer teach the apparatus of claim 1, wherein the instructions, when executed, cause the processor to enable a debug session in response to determining that the debug authentication status stored in the first memory indicates that debug is allowed(Kataria, para [0046], Validation circuit 122 is further configured to, using the decoded debug permissions, initiate an active debug session. During an active debug session, validation circuit 122 enables one or more of debug features 230 for access by debug system 110. In response to the enabling, debug system 110 may send debug requests to debug circuit 120 via validation circuit 122. The enabled ones of debug features 230 allow access to one or more of functional circuits 250. Mayer, para [0074-0075], In further examples, the privileged software (the debug configuration software or first debug instructions) can run first and may be designed to obtain the setting to be made from a source outside the system on a chip 300 as data generated by means of an authenticated method and to authenticate said setting. The privileged user can provide the setting to be made, for example. Fig. 5 and para [0076], The registers in which the trace configuration can be set are shown in FIG. 5 by way of illustration with fields, bits, types, descriptions, and so on. For the sake of clarity, this information is not repeated here. In one example, the register is configured to store read and write permissions for respective address ranges relating to respective virtual machines, and access to memory associated with various virtual machines is controlled by selectively storing read and/or write permissions to various address ranges in the register. For example, read and write permission for address ranges associated with VM2 (the VM being debugged) while read and write permission may not be stored for address ranges relating to VM1 (the VM to which access is to be blocked). Claim 6 is rejected for the reasons set forth hereinabove for claim 1, Kataria and Mayer teach the apparatus of claim 1, wherein the instructions, when executed, cause the processor to: determine that a power-on reset occurred; and perform the authentication procedure without checking the debug authentication status in response to determining that the power-on reset occurred (Kataria, para [0044], If validation circuit 122 does not have a record of a request for debug access (e.g., has issued a liveness token that is still valid), then validation circuit 122 denies the received certificate 135 and may refuse any further attempt by debug system 110 to access debug features 230. This refusal may last until device 105 performs a power-on reset or other similar type of reset. Mayer, para [0074-0075], In further examples, the privileged software (the debug configuration software or first debug instructions) can run first and may be designed to obtain the setting to be made from a source outside the system on a chip 300 as data generated by means of an authenticated method and to authenticate said setting. The privileged user can provide the setting to be made, for example. Fig. 5 and para [0076], The registers in which the trace configuration can be set are shown in FIG. 5 by way of illustration with fields, bits, types, descriptions, and so on. For the sake of clarity, this information is not repeated here. In one example, the register is configured to store read and write permissions for respective address ranges relating to respective virtual machines, and access to memory associated with various virtual machines is controlled by selectively storing read and/or write permissions to various address ranges in the register. For example, read and write permission for address ranges associated with VM2 (the VM being debugged) while read and write permission may not be stored for address ranges relating to VM1 (the VM to which access is to be blocked). Claim 7 is rejected for the reasons set forth hereinabove for claim1, Kataria and Mayer teach the apparatus of claim 1, wherein the instructions, when executed, cause the processor to: determine that a non-power-on reset occurred; and check the debug authentication status in the first memory in response to determining that the non-power-on reset occurred(Kataria, para [0040], validation circuit 122 may be enabled in response to a particular combination of voltage levels on particular physical connections of debug interface 226 during a power-on reset or other particular types of resets. Once enabled, debug interface is capable of receiving messages from debug system 110. Para [0048], When the particular amount of time has elapsed, validation circuit 122 may send a notification to debug system 110 indicating an imminent end to the current debug session, and may provide an option to extend the debug session by requesting an extension to certificate 135 or by requesting a new certificate. In some embodiments, validation circuit 122 may provide a new liveness token to debug system 110 if requested before ending the current active debug session. Debug system 110 may then use the new liveness token to request a new certificate form server computer system 115, and subsequently use the new certificate to keep the current debug session active for an extended amount of time. Mayer, para [0074-0075], In further examples, the privileged software (the debug configuration software or first debug instructions) can run first and may be designed to obtain the setting to be made from a source outside the system on a chip 300 as data generated by means of an authenticated method and to authenticate said setting. The privileged user can provide the setting to be made, for example. Fig. 5 and para [0076], The registers in which the trace configuration can be set are shown in FIG. 5 by way of illustration with fields, bits, types, descriptions, and so on. For the sake of clarity, this information is not repeated here. In one example, the register is configured to store read and write permissions for respective address ranges relating to respective virtual machines, and access to memory associated with various virtual machines is controlled by selectively storing read and/or write permissions to various address ranges in the register. For example, read and write permission for address ranges associated with VM2 (the VM being debugged) while read and write permission may not be stored for address ranges relating to VM1 (the VM to which access is to be blocked). Claim 8 is rejected for the reasons set forth hereinabove for claim 1, Kataria and Mayer teach the apparatus of claim 1, wherein the instructions, when executed, cause the processor to perform the authentication procedure based on a media access control (MAC) address associated with the apparatus (Kataria, para [0069], These Ethernet packets may include internet protocol (IP) addresses and/or media access control (MAC) addresses. Fig. 5 and para [0075], Request 133, as shown, also includes current device configuration 504. Current device configuration 504 includes information regarding a current status of device 105, including, for example, status of one or more debug features that are available and/or are enabled. Liveness token 506, as described above, is a value that device 105 uses to determine a validity of a received certificate 135. Liveness token 506 is generated by device 105 and sent to debug system 110 for inclusion in request 133. Liveness token 506 may include a one-time-use nonce value that changes each time a debug system 110 requests a new debug session.). Claim 9 is rejected for the reasons set forth hereinabove for claim 8, Kataria and Mayer teach the apparatus of claim 8, wherein the instructions cause the processor to perform the authentication procedure based on the MAC address and further based on a value generated by a random number generator (Kataria, para [0069], These Ethernet packets may include internet protocol (IP) addresses and/or media access control (MAC) addresses. Fig. 5 and para [0075], Request 133, as shown, also includes current device configuration 504. Current device configuration 504 includes information regarding a current status of device 105, including, for example, status of one or more debug features that are available and/or are enabled. Liveness token 506, as described above, is a value that device 105 uses to determine a validity of a received certificate 135. Liveness token 506 is generated by device 105 and sent to debug system 110 for inclusion in request 133. Liveness token 506 may include a one-time-use nonce value that changes each time a debug system 110 requests a new debug session.). Claim 10 is rejected, Kataria teaches a non-transitory computer readable medium comprising instructions that, when executed, cause a machine to at least (Kataria, abstract and summary): check a debug authentication status in a memory (Kataria, US 20220027519, para [0045], Validation circuit 122, using cryptographic circuit 224, validates any additional encrypted/hashed values that may be used to confirm that certificate 135 is a valid certificate issued by server computer system 115.); perform an authentication procedure in response to determining that the debug authentication status stored in the memory does not indicate that debug is allowed (Kataria, para [0046], Received certificate 135 further includes encoded debug permissions. In response to a successful validation of certificate 135, validation circuit 122 is configured to, as shown, extract and decode the encoded debug permissions. In some embodiments, the debug permissions are encoded using the previously sent identification value, in whole or in part. In such embodiments, validation circuit 122 decodes the debug permissions using the identification value.); and set the debug authentication status in the memory to indicate that debug is allowed in response to a successful performance of the authentication procedure(Kataria, para [0046], Validation circuit 122 is further configured to, using the decoded debug permissions, initiate an active debug session. During an active debug session, validation circuit 122 enables one or more of debug features 230 for access by debug system 110. In response to the enabling, debug system 110 may send debug requests to debug circuit 120 via validation circuit 122. The enabled ones of debug features 230 allow access to one or more of functional circuits 250.). The Office would like to use prior art to Mayer back up Kataria to further teach limitation set the debug authentication status in the memory to indicate that debug is allowed in response to a successful performance of the authentication procedure (Mayer, US 20230267094, para [0074-0075], In further examples, the privileged software (the debug configuration software or first debug instructions) can run first and may be designed to obtain the setting to be made from a source outside the system on a chip 300 as data generated by means of an authenticated method and to authenticate said setting. The privileged user can provide the setting to be made, for example. Fig. 5 and para [0076], The registers in which the trace configuration can be set are shown in FIG. 5 by way of illustration with fields, bits, types, descriptions, and so on. For the sake of clarity, this information is not repeated here. In one example, the register is configured to store read and write permissions for respective address ranges relating to respective virtual machines, and access to memory associated with various virtual machines is controlled by selectively storing read and/or write permissions to various address ranges in the register. For example, read and write permission for address ranges associated with VM2 (the VM being debugged) while read and write permission may not be stored for address ranges relating to VM1 (the VM to which access is to be blocked). It would have obvious to one having ordinary skill in the art before the effecting filing date of the claimed invention to combine the teachings of cited references. Thus, one of ordinary skill in the art before the effecting filing date of the claimed invention would have been motivated to incorporate Mayer into Kataria to execute debug instructions after the SOC has started operating in a debug mode. The debug instructions cause the processor core to make a debug setting that prevents another processor core executing another set of debug instructions from accessing one of the virtual machines and allows the latter core executing the latter set of instructions to access the other virtual machine, after the former instructions are executed, where the latter core is a hardware security module (HSM) and a hardware bus master of the module.as suggested by Mayer (See abstract and summary). Claim 11 is rejected for the reasons set forth hereinabove for claim 10, Kataria and Mayer teach the non-transitory computer readable medium of claim 10, wherein the indication includes a bit indicating whether persistent debug is enabled(Kataria, Para [0048], When the particular amount of time has elapsed, validation circuit 122 may send a notification to debug system 110 indicating an imminent end to the current debug session, and may provide an option to extend the debug session by requesting an extension to certificate 135 or by requesting a new certificate. In some embodiments, validation circuit 122 may provide a new liveness token to debug system 110 if requested before ending the current active debug session. Debug system 110 may then use the new liveness token to request a new certificate form server computer system 115, and subsequently use the new certificate to keep the current debug session active for an extended amount of time. Mayer, para [0074-0075], In further examples, the privileged software (the debug configuration software or first debug instructions) can run first and may be designed to obtain the setting to be made from a source outside the system on a chip 300 as data generated by means of an authenticated method and to authenticate said setting. The privileged user can provide the setting to be made, for example. Fig. 5 and para [0076], The registers in which the trace configuration can be set are shown in FIG. 5 by way of illustration with fields, bits, types, descriptions, and so on. For the sake of clarity, this information is not repeated here. In one example, the register is configured to store read and write permissions for respective address ranges relating to respective virtual machines, and access to memory associated with various virtual machines is controlled by selectively storing read and/or write permissions to various address ranges in the register. For example, read and write permission for address ranges associated with VM2 (the VM being debugged) while read and write permission may not be stored for address ranges relating to VM1 (the VM to which access is to be blocked). Claim 12 is rejected for the reasons set forth hereinabove for claim 10, Kataria and Mayer teach the non-transitory computer readable medium of claim 10, wherein the instructions are part of a boot code of the machine and the memory further stores an application for execution by the machine (Kataria, para [0043-0044], Validation circuit 122 may also be configured to send information indicative of available features of the debug circuit, as well as currently enabled features of debug circuit 120. For example, device 105 may be booted into a particular debug mode in which a portion of debug features 230 are enabled, and/or a different portion are not available. As used herein, an “enabled debug feature” refers to a supported debug feature that may be accessed by a currently connected debug system that has general permission to access debug circuit 120. An “available debug feature” refers to a supported debug feature that may be enabled if the currently connected debug system has explicit permission, e.g., from certificate 135, to access that supported debug feature. Mayer, para [0074-0075], In further examples, the privileged software (the debug configuration software or first debug instructions) can run first and may be designed to obtain the setting to be made from a source outside the system on a chip 300 as data generated by means of an authenticated method and to authenticate said setting. The privileged user can provide the setting to be made, for example. Fig. 5 and para [0076], The registers in which the trace configuration can be set are shown in FIG. 5 by way of illustration with fields, bits, types, descriptions, and so on. For the sake of clarity, this information is not repeated here. In one example, the register is configured to store read and write permissions for respective address ranges relating to respective virtual machines, and access to memory associated with various virtual machines is controlled by selectively storing read and/or write permissions to various address ranges in the register. For example, read and write permission for address ranges associated with VM2 (the VM being debugged) while read and write permission may not be stored for address ranges relating to VM1 (the VM to which access is to be blocked). Claim 13 is rejected for the reasons set forth hereinabove for claim 10, Kataria and Mayer teach the non-transitory computer readable medium of claim 10, wherein the instructions, when executed, cause the machine to: determine that a power-on reset occurred; and perform the authentication procedure without checking the debug authentication status in response to determining that the power-on reset occurred (Kataria, para [0044], If validation circuit 122 does not have a record of a request for debug access (e.g., has issued a liveness token that is still valid), then validation circuit 122 denies the received certificate 135 and may refuse any further attempt by debug system 110 to access debug features 230. This refusal may last until device 105 performs a power-on reset or other similar type of reset. Mayer, para [0074-0075], In further examples, the privileged software (the debug configuration software or first debug instructions) can run first and may be designed to obtain the setting to be made from a source outside the system on a chip 300 as data generated by means of an authenticated method and to authenticate said setting. The privileged user can provide the setting to be made, for example. Fig. 5 and para [0076], The registers in which the trace configuration can be set are shown in FIG. 5 by way of illustration with fields, bits, types, descriptions, and so on. For the sake of clarity, this information is not repeated here. In one example, the register is configured to store read and write permissions for respective address ranges relating to respective virtual machines, and access to memory associated with various virtual machines is controlled by selectively storing read and/or write permissions to various address ranges in the register. For example, read and write permission for address ranges associated with VM2 (the VM being debugged) while read and write permission may not be stored for address ranges relating to VM1 (the VM to which access is to be blocked). Claim 14 is rejected for the reasons set forth hereinabove for claim 10, Kataria and Mayer teach the non-transitory computer readable medium of claim 10, wherein the instructions, when executed, cause the machine to: determine that a non-power-on reset occurred; and check the debug authentication status in the memory in response to determining that the non-power-on reset occurred(Kataria, para [0040], validation circuit 122 may be enabled in response to a particular combination of voltage levels on particular physical connections of debug interface 226 during a power-on reset or other particular types of resets. Once enabled, debug interface is capable of receiving messages from debug system 110. Para [0048], When the particular amount of time has elapsed, validation circuit 122 may send a notification to debug system 110 indicating an imminent end to the current debug session, and may provide an option to extend the debug session by requesting an extension to certificate 135 or by requesting a new certificate. In some embodiments, validation circuit 122 may provide a new liveness token to debug system 110 if requested before ending the current active debug session. Debug system 110 may then use the new liveness token to request a new certificate form server computer system 115, and subsequently use the new certificate to keep the current debug session active for an extended amount of time. Mayer, para [0074-0075], In further examples, the privileged software (the debug configuration software or first debug instructions) can run first and may be designed to obtain the setting to be made from a source outside the system on a chip 300 as data generated by means of an authenticated method and to authenticate said setting. The privileged user can provide the setting to be made, for example. Fig. 5 and para [0076], The registers in which the trace configuration can be set are shown in FIG. 5 by way of illustration with fields, bits, types, descriptions, and so on. For the sake of clarity, this information is not repeated here. In one example, the register is configured to store read and write permissions for respective address ranges relating to respective virtual machines, and access to memory associated with various virtual machines is controlled by selectively storing read and/or write permissions to various address ranges in the register. For example, read and write permission for address ranges associated with VM2 (the VM being debugged) while read and write permission may not be stored for address ranges relating to VM1 (the VM to which access is to be blocked). Claim 15 is rejected for the reasons set forth hereinabove for claim 10, Kataria and Mayer teach the non-transitory computer readable medium of claim 10, wherein the instructions, when executed, cause the machine to perform the authentication procedure based on a media access control (MAC) address associated with the machine (Kataria, para [0069], These Ethernet packets may include internet protocol (IP) addresses and/or media access control (MAC) addresses. Fig. 5 and para [0075], Request 133, as shown, also includes current device configuration 504. Current device configuration 504 includes information regarding a current status of device 105, including, for example, status of one or more debug features that are available and/or are enabled. Liveness token 506, as described above, is a value that device 105 uses to determine a validity of a received certificate 135. Liveness token 506 is generated by device 105 and sent to debug system 110 for inclusion in request 133. Liveness token 506 may include a one-time-use nonce value that changes each time a debug system 110 requests a new debug session.). Claim 16 is rejected, Kataria teaches a method comprising (Kataria, abstract and summary): checking, via instructions executed by a device, a debug authentication indication of the device(Kataria, US 20220027519, para [0045], Validation circuit 122, using cryptographic circuit 224, validates any additional encrypted/hashed values that may be used to confirm that certificate 135 is a valid certificate issued by server computer system 115.); performing an authentication procedure in response to determining that the debug authentication indication does not indicate that debug is allowed (Kataria, para [0046], Received certificate 135 further includes encoded debug permissions. In response to a successful validation of certificate 135, validation circuit 122 is configured to, as shown, extract and decode the encoded debug permissions. In some embodiments, the debug permissions are encoded using the previously sent identification value, in whole or in part. In such embodiments, validation circuit 122 decodes the debug permissions using the identification value.); and setting the debug authentication indication to indicate that debug is allowed in response to a successful performance of the authentication procedure(Kataria, para [0046], Validation circuit 122 is further configured to, using the decoded debug permissions, initiate an active debug session. During an active debug session, validation circuit 122 enables one or more of debug features 230 for access by debug system 110. In response to the enabling, debug system 110 may send debug requests to debug circuit 120 via validation circuit 122. The enabled ones of debug features 230 allow access to one or more of functional circuits 250.). The Office would like to use prior art to Mayer back up Kataria to further teach limitation setting the debug authentication indication to indicate that debug is allowed in response to a successful performance of the authentication procedure (Mayer, US 20230267094, para [0074-0075], In further examples, the privileged software (the debug configuration software or first debug instructions) can run first and may be designed to obtain the setting to be made from a source outside the system on a chip 300 as data generated by means of an authenticated method and to authenticate said setting. The privileged user can provide the setting to be made, for example. Fig. 5 and para [0076], The registers in which the trace configuration can be set are shown in FIG. 5 by way of illustration with fields, bits, types, descriptions, and so on. For the sake of clarity, this information is not repeated here. In one example, the register is configured to store read and write permissions for respective address ranges relating to respective virtual machines, and access to memory associated with various virtual machines is controlled by selectively storing read and/or write permissions to various address ranges in the register. For example, read and write permission for address ranges associated with VM2 (the VM being debugged) while read and write permission may not be stored for address ranges relating to VM1 (the VM to which access is to be blocked). It would have obvious to one having ordinary skill in the art before the effecting filing date of the claimed invention to combine the teachings of cited references. Thus, one of ordinary skill in the art before the effecting filing date of the claimed invention would have been motivated to incorporate Mayer into Kataria to execute debug instructions after the SOC has started operating in a debug mode. The debug instructions cause the processor core to make a debug setting that prevents another processor core executing another set of debug instructions from accessing one of the virtual machines and allows the latter core executing the latter set of instructions to access the other virtual machine, after the former instructions are executed, where the latter core is a hardware security module (HSM) and a hardware bus master of the module.as suggested by Mayer (See abstract and summary). Claim 17 is rejected for the reasons set forth hereinabove for claim 16, Kataria and Mayer teach the method as defined in claim 16, wherein checking the debug authentication indication includes determining that an indication is stored at the device that indicates that a persistent debug connection is disabled(Kataria, Para [0048], When the particular amount of time has elapsed, validation circuit 122 may send a notification to debug system 110 indicating an imminent end to the current debug session, and may provide an option to extend the debug session by requesting an extension to certificate 135 or by requesting a new certificate. In some embodiments, validation circuit 122 may provide a new liveness token to debug system 110 if requested before ending the current active debug session. Debug system 110 may then use the new liveness token to request a new certificate form server computer system 115, and subsequently use the new certificate to keep the current debug session active for an extended amount of time. Mayer, para [0074-0075], In further examples, the privileged software (the debug configuration software or first debug instructions) can run first and may be designed to obtain the setting to be made from a source outside the system on a chip 300 as data generated by means of an authenticated method and to authenticate said setting. The privileged user can provide the setting to be made, for example. Fig. 5 and para [0076], The registers in which the trace configuration can be set are shown in FIG. 5 by way of illustration with fields, bits, types, descriptions, and so on. For the sake of clarity, this information is not repeated here. In one example, the register is configured to store read and write permissions for respective address ranges relating to respective virtual machines, and access to memory associated with various virtual machines is controlled by selectively storing read and/or write permissions to various address ranges in the register. For example, read and write permission for address ranges associated with VM2 (the VM being debugged) while read and write permission may not be stored for address ranges relating to VM1 (the VM to which access is to be blocked). Claim 18 is rejected for the reasons set forth hereinabove for claim 16, Kataria and Mayer teach the method of claim 16, further comprising allowing a debug session in response to a successful performance of the authentication procedure(Kataria, para [0046], Validation circuit 122 is further configured to, using the decoded debug permissions, initiate an active debug session. During an active debug session, validation circuit 122 enables one or more of debug features 230 for access by debug system 110. In response to the enabling, debug system 110 may send debug requests to debug circuit 120 via validation circuit 122. The enabled ones of debug features 230 allow access to one or more of functional circuits 250. Mayer, para [0074-0075], In further examples, the privileged software (the debug configuration software or first debug instructions) can run first and may be designed to obtain the setting to be made from a source outside the system on a chip 300 as data generated by means of an authenticated method and to authenticate said setting. The privileged user can provide the setting to be made, for example. Fig. 5 and para [0076], The registers in which the trace configuration can be set are shown in FIG. 5 by way of illustration with fields, bits, types, descriptions, and so on. For the sake of clarity, this information is not repeated here. In one example, the register is configured to store read and write permissions for respective address ranges relating to respective virtual machines, and access to memory associated with various virtual machines is controlled by selectively storing read and/or write permissions to various address ranges in the register. For example, read and write permission for address ranges associated with VM2 (the VM being debugged) while read and write permission may not be stored for address ranges relating to VM1 (the VM to which access is to be blocked). Claim 19 is rejected for the reasons set forth hereinabove for claim 16, Kataria and Mayer teach the method of claim 16, further comprising clearing one or more bits indicating the debug authentication indication in response to a failed performance of the authentication procedure(Kataria, para [0045], A failure to validate any one these values may result in validation circuit 122 denying certificate 135 and refusing access to debug features 230. Mayer, para [0074-0075], In further examples, the privileged software (the debug configuration software or first debug instructions) can run first and may be designed to obtain the setting to be made from a source outside the system on a chip 300 as data generated by means of an authenticated method and to authenticate said setting. The privileged user can provide the setting to be made, for example. Fig. 5 and para [0076], The registers in which the trace configuration can be set are shown in FIG. 5 by way of illustration with fields, bits, types, descriptions, and so on. For the sake of clarity, this information is not repeated here. In one example, the register is configured to store read and write permissions for respective address ranges relating to respective virtual machines, and access to memory associated with various virtual machines is controlled by selectively storing read and/or write permissions to various address ranges in the register. For example, read and write permission for address ranges associated with VM2 (the VM being debugged) while read and write permission may not be stored for address ranges relating to VM1 (the VM to which access is to be blocked). Claim 20 is rejected for the reasons set forth hereinabove for claim 16, Kataria and Mayer teach the method of claim 16, further comprising disallowing a debug session in response to a failed performance of the authentication procedure(Kataria, para [0045], A failure to validate any one these values may result in validation circuit 122 denying certificate 135 and refusing access to debug features 230 Mayer, para [0074-0075], In further examples, the privileged software (the debug configuration software or first debug instructions) can run first and may be designed to obtain the setting to be made from a source outside the system on a chip 300 as data generated by means of an authenticated method and to authenticate said setting. The privileged user can provide the setting to be made, for example. Fig. 5 and para [0076], The registers in which the trace configuration can be set are shown in FIG. 5 by way of illustration with fields, bits, types, descriptions, and so on. For the sake of clarity, this information is not repeated here. In one example, the register is configured to store read and write permissions for respective address ranges relating to respective virtual machines, and access to memory associated with various virtual machines is controlled by selectively storing read and/or write permissions to various address ranges in the register. For example, read and write permission for address ranges associated with VM2 (the VM being debugged) while read and write permission may not be stored for address ranges relating to VM1 (the VM to which access is to be blocked). Inquiry 8. Any inquiry concerning this communication or earlier communications from the examiner should be directed to DUY KHUONG THANH NGUYEN whose telephone number is (571)270-7139. The examiner can normally be reached Monday - Friday 0800-1630. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lewis Bullock can be reached at 5712723759. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /DUY KHUONG T NGUYEN/ Primary Examiner, Art Unit 2199