DETAILED ACTION

Examiner’s Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

	Authorization for this Examiner’s Amendment was given in a telephone interview with Scott Pape on 16 May 2022.
This application has been amended as follows:
IN THE CLAIMS
Replace the following claims listed as follows.

1.	(Currently Amended) An apparatus for authenticating a debug session, comprising:
	one or more functional circuits; 
	a debug circuit configured to implement one or more debug features for use with the one or more functional circuits during a debug session, wherein at least one of the one or more debug features are disabled outside of a debug session when a debug session is not active; and
	a validation circuit configured, during an active debug session, to:
		receive, from a particular computing device that is external to the apparatus, a request to access at least one of the debug features of the debug circuit;
		send, external to the apparatus, an identification value corresponding to the apparatus, wherein the identification value is sent to a server computer system in a certificate request; 
		receive a certificate generated by [[a]] the server computer system, the certificate authenticating the active debug session and including encoded debug permissions to enable the at least one debug feature; 
		decode the encoded debug permissions using the identification value; and
		using the decoded debug permissions, enable the at least one of the debug features for use with the one or more functional circuits.

2.	(Original) The apparatus of claim 1, wherein the validation circuit is further configured to:
	in response to receiving the request, generate a liveness token, wherein the liveness token includes a one-time use value; and 
	send the generated liveness token with the identification value.

3.	(Previously Presented) The apparatus of claim 2, wherein the validation circuit is further configured, in response to receiving the certificate, to:
	compare a received liveness token extracted from the certificate to the generated liveness token; and
	based on the comparison, selectively permit the at least one of the debug features to be accessed.

4.	(Original) The apparatus of claim 1, wherein the validation circuit is further configured to send information indicative of available features of the debug circuit and currently enabled features of the debug circuit.

5.	(Original) The apparatus of claim 1, wherein the validation circuit is further configured, in response to receiving the certificate, to determine if the reception of the certificate is expected.

6.	(Previously Presented) The apparatus of claim 1, wherein the validation circuit is further configured to end the active debug session in response to a determination that a particular amount of time has elapsed since receiving the certificate, wherein the particular amount of time is indicated in the certificate.

7.	(Previously Presented) The apparatus of claim 1, wherein the validation circuit is further configured to end the active debug session in response to a determination that a number of allowed device resets, as indicated by the certificate, have occurred.

8.	(Previously Presented) The apparatus of claim 1, wherein the validation circuit is further configured to end the active debug session in response to a determination that a different computing device has been connected to the apparatus in place of the particular computing device.

9.	(Original) The apparatus of claim 1, wherein the validation circuit is further configured to authenticate a digital signature that is included in the received certificate.

10.	(Currently Amended) A non-transitory computer-readable storage medium having instructions stored thereon that are executable by a computer system to perform operations comprising:
	sending, by the computer system to a device to be debugged, a request to access debug features of the device, wherein the debug features are disabled outside of a debug session when 
	in response to receiving an identification value from the device, sending, by the computer system to a server computer system, a certificate request to enable one or more of the debug features of the device, the certificate request including the identification value;
	receiving a certificate [[from]] generated by the server computer system, the certificate including debug permissions to authenticate a debug session and enable at least a portion of the one or more requested debug features;
	sending the certificate to the device; and
	accessing ones of the debug features of the device that have been enabled based on the debug permissions in the certificate after the debug session is authenticated.

11.	(Currently Amended) The non-transitory computer-readable storage medium of claim 10, wherein the operations further comprise:
	requesting, from the device, a liveness token that includes a one-time use value; and
	including the liveness token in the certificate request.

12.	(Currently Amended) The non-transitory computer-readable storage medium of claim 10, wherein the operations further comprise including authentication credentials for a user of the computer system in the certificate request.

13.	(Currently Amended) The non-transitory computer-readable storage medium of claim 10, wherein the operations further comprise:
	requesting, from the device, a first value indicating a plurality of debug features available on the device, and a second value indicating a subset of the plurality of debug features that are currently locked; 
	using the first value and the second value to generate a third value indicating one or more of the plurality of debug features to be accessed; and
	including the third value in the certificate request.

14.	(Currently Amended) The non-transitory computer-readable storage medium of claim 10, wherein the operations further comprise sending, to the device, a command to end a current debug session.

15.	(Currently Amended) The non-transitory computer-readable storage medium of claim 10, wherein the operations further comprise including, in the certificate request, a user-specified number of device resets that are allowed by the device while maintaining a validity of the certificate.

16.	(Currently Amended) A method for authenticating a debug session, comprising:
	maintaining, by a server computer system, one or more policies that indicate debug permissions for one or more users to access debug features of one or more devices, wherein the debug features are disabled for respective devices outside of a debug session while a debug session is not active;
	receiving, by the server computer system from a debug system, a request to enable one or more debug features of a particular device to be debugged, the request including an identification value associated with the particular device, wherein the debug system is external to the particular device;
	validating, by the server computer system using the identification value, the request;
	in response to the validating, determining, by the server computer system, ones of the debug features that can be permitted for a particular user based on the one or more policies; and
	sending, by the server computer system, a certificate to the debug system including encoded debug permissions, the certificate indicating:
		permission to authenticate a debug session and enable a plurality of the debug features; and
		the ones of the requested debug features that are permitted to be enabled after the debug session is authenticated.

17.	(Original) The method of claim 16, wherein the validating includes:
	receiving authentication credentials for the particular user; and
	in response to a successful validation of the authentication credentials, identifying a particular policy that corresponds to the particular user.

18.	(Original) The method of claim 17, wherein the validating, using the identification value, includes determining if the particular policy is valid for the particular device or for a class of devices that includes the particular device.

19.	(Previously Presented) The method of claim 17, wherein determining the debug permissions for the particular user includes:
	receiving, from the request, a first value indicating the one or more debug features to be enabled; and
	generating, using the particular policy, a second value indicating at least one of the one or more debug features that are permitted to be enabled.

20.	(Original) The method of claim 16, wherein validating the request comprises determining a geographic location of the debug system.
 


Allow Subject Matter

Claims 1 – 20 are allowed.
The following is an examiner’s statement of reasons for allowance:
The above mentioned claims are allowable over prior arts because the CPA (Cited Prior Art) of record fails to teach or render obvious the claimed limitations in combination with the specific added limitations recited in each of the independent claims 1, 10 & 16 (& associated dependent claims).

This communication warrants No Examiner's Reason for Allowance, applicant's reply make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule 37 CFR 1.104(e).  Specifically, applicant’s claim amendments and arguments filed on 4/25/2022 and Examiner’s Amendment are persuasive, as such the reasons for allowance are in all probability evident from the record and no statement is deemed necessary (see MPEP 1302.14).
Any comments Applicants considers necessary must be submitted no later than the payment of the Issue Fee and to avoid processing delays, should preferable accompany the Issue Fees.  Such submission should be clearly labeled “Comments on Statement of Reasons for Allowance”.  In event of any post-allowance papers (e.g. IDS, 312 amendment, petition, etc.), Applicant is exhorted to mail papers to the Production Control branch in Publications or faxed to post-allowance papers correspondence branch at (703) 308-5864 to expedite issuing process or call PUB's Customer Service if any questions at (703) 305-8497.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to LONGBIT CHAI whose telephone number is (571)272-3788.  The examiner can normally be reached on Monday - Friday 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D. Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

           /LONGBIT CHAI/Primary Examiner, Art Unit 2431                                                                                                                                                                                                                 (No. #2320 - 2022)