DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
According to applicant s filed on 03/14/2022, claims 1,3, 8,10 and 15-21 have been amended hereby acknowledged.

Applicant’s amendment made the withdrawal of 101 rejection over claims 15-21; 112(b) rejection over claims 6,13 and 20; and claim objection over claims 3, 10 and 17.

 Applicant’s arguments concerning the 103 rejections have been fully considered.  The arguments concerning the prior art of record is not found persuasive.  Further, arguments concerning the newly amended claim limitations have been considered but are moot in view of new grounds of rejection.

 Applicant argues that none of the prior art of record teaches the new amended feature that recites: “the second cryptographic key enables the workload owner to access the debug/management interface to inspect which data the platform owner is allowed to access and under what circumstances the data may be accessed”.

Examiner would like to point out that the new secondary reference Roth (2017/0054696) in Para:0039 and Para:0044-0049 teaches the above claimed limitation (see, the rejection below).                                           

                                                      
Claim Rejections - 35 USC § 103
7. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



8. Claims 1-21 are rejected under 35 U.S.C. 103 as being unpatentable over Kurts (US Pub.No.2020/0348361) in view of Ferguson (US Pub.No.2015/0082048) and further in view of Roth (US Pub.No.2017/0054696).

9. Regarding claims 1, 8, 15 Kurts teaches a computer-implemented method, an apparatus and one or more computer-readable storage media comprising: 
assigning a second cryptographic key associated with a workload owner to a debug/management interface of the compute platform; and encrypting device information generated by the debug/management interface of the compute platform using at least one of the first cryptographic key or the second cryptographic key (Figs.2-3, Para:0015 teaches during testing and/or implementation by the non-designer party (e.g., clients), the integrated circuit device (e.g., System Under Test (SUT)) will not function as intended. To determine the error(s) and/or causes of the error(s), the designing party will perform a debug process that involves analysis of the IP. In such cases, the IP will be unlocked to enable full access of the IP during the debugging process. For example, the designing party will perform a terminal access point (TAP) Unlock that enables the designing party to internally and fully debug the integrated circuit device using a special access key while the integrated circuit device is at the client site.
 Para: 0025-0027 and Para: 0030 teaches the remote debug process will be initiated by the client using, for example, the client site host device 312 when an unexpected error occurs during testing and/or implementation of the SUT (System under Test) 308 at the client site 302. In such instances, the client will request that the remote debug process be performed on the SUT 308 by the debug labs 306. The request, in particular, will include authorization for performance of the remote debug process by the debug labs 306 and/or a certificate that identifies the client, the SUT 308, the processor 310, and/or other relevant information. The request will be encrypted by the remote debug IP, communicated to the client site host device 312 via a Joint Test Action Group (JTAG) interface 320, and ultimately transmitted to the debugging site 304 from the client site host device 312 over a public network 322. Once the debug labs 306 verify the client and the SUT 308, JTAG commands will be encrypted by the encryption/decryption device 324 at the debugging site 304 and will be transmitted to the client site host device 312 via the public network 322. Para: 0020 teaches session keys will be used to authenticated, decrypt, and encrypt information communicated during the remote debug process).

Kurts teaches all the above claimed limitations but does not expressly teach initializing a computer platform in a cloud computing environment; assigning at least a first cryptographic key associated with the platform owner to a debug/management interface of the compute platform.

Ferguson teaches initializing a computer platform in a cloud computing environment; assigning at least a first cryptographic key associated with the platform owner to a debug/management interface of the compute platform (Fig.1, Para:0028-0031 and 0056 teaches assigning cryptographic keys associated with the service provider to debug interface).

Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to modify the teaching of Kurts to include assigning at least a first cryptographic key associated with the platform owner to a debug/management interface of the compute platform as taught by Ferguson such a setup would verify the authenticity of the device /system and establish a secure communication channel.

Both Kurts in view of Ferguson teaches all the above claimed limitations but does not expressly teach the second cryptographic key enables the workload owner to access the debug/management interface to inspect which data the platform owner is allowed to access and under what circumstances the data may be accessed.

Rothi teaches the second cryptographic key enables the workload owner to access the debug/management interface to inspect which data the platform owner is allowed to access and under what circumstances the data may be accessed (Para:0039 and Para:0044-0049 teaches the access key enables the workload owner to access the management interface or resources and it also describes under what circumstances the data can be accessed). 

Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to modify the teaching of Kurts in view of Ferguson to include teaches the second cryptographic key enables the workload owner to access the debug/management interface to inspect which data the platform owner is allowed to access and under what circumstances the data may be accessed as taught by Rothi such a setup would give a predictable result of protecting computer resource service provider information from the customer and protecting customer information from the computing resource service provider.

10. Regarding claims 2, 9,16 Kurts teaches the method, the apparatus and the computer-readable storage media further comprising: receiving, from the workload owner, a request for an attestation quote for the debug/management interface; in response to the request, generating an attestation quote for the debug/management interface, and returning the attestation quote to the workload owner (Figs.3-5, Para: 0046 -0048 teaches the debug lab 306 will transmit encrypted JTAG commands signed using the session key 602B for performing AFD and/or other operations to the SUT 308. In response to receiving the encrypted message, the SUT 308 may subsequently verify the integrity of the received message (process block 522). In particular, each message may include integrity information, such as a command number, which may also be encrypted using the session key 602A when the message is encrypted. The SUT 308 may decrypt the message using the random session key 602A and read the command number. The SUT 308 may verify that the command number matches an expected command number held by an integrity counter within the SUT 308 before continuing execution of the JTAG command. 
Para: 0049-0050 teaches the SUT 308 will execute the JTAG command to gather information on the internal state of the processor 310 for debugging by the debug lab 306 and/or perform other operations on the processor 310. The information (e.g., response) will then be encrypted using the encryption/decryption machine 316 and the random session key 602A. The SUT 308 will transmit the encrypted information back to the debug lab 306 via the relay server 402 for analysis by the designer in the debug lab 306 (process block 524). Upon receiving the encrypted information, the debug lab 306 will verify, in a similar manner as the verification performed by the SUT 308, the received encrypted information to determine whether the encrypted information has been compromised (process block 526). In particular, the verification will include comparing a received packet number to an expected packet number held in a packet counter at the debug lab 306. When the received packet number and the expected packet number do not match, the debug secure session 518 will be halted. When the received packet number and the expected packet number match, the encrypted information will be decrypted and analyzed, and the packet counter will be incremented to a value of that the next packet number is to match. The debug lab 306 may generate an appropriate JTAG command, protect the JTAG command (e.g., encrypted then signed with the random session key) with the random session key, and transmit the encrypted version of the JTAG command to the SUT 308 via the relay server (process block 528). In this manner, the remote debug process will continue until the root cause for the error is identified and resolved). 

11. Regarding claims 3,10, 17 Kurts teaches  the method, the apparatus and the computer-readable storage media wherein the attestation quote comprises information derived from the second public cryptography key, an indication that the debug interface is enabled, and a list of identifiers indicating one or more entities authorized to decrypt device information generated by the debug/management interface (Para:0026-0029 and Para:0042-0045 teaches once the debug labs 306 verify the client and the SUT 308, JTAG commands may be encrypted by the encryption/decryption device 324 at the debugging site 304 and may be transmitted to the client site host device 312 via the public network 322. The JTAG commands may be transferred from the client site host device 312 to the SUT 308 via the JTAG interface 320. Specifically, the central TAP 314 may receive the encrypted/protected JTAG commands for AFD and/or other interactions and subsequently transfer the JTAG commands to the encryption/decryption machine 316 to decrypt to the JTAG commands using a secure session key. Once decrypted, the remote debug process session may be active and the TAP network may be modified to allow encrypted TAP commands to be passed through to the client site 302 and/or the debugging site 304 while blocking other types of non-encrypted commands. In other words, once the remote debug process session is active (e.g., remote debug SoC state is enabled), a remote debug security policy (e.g., enable debug mode) may be implemented to enable unlocked and/or elevated TAP access of the SUT 308 IP while encrypting data that is input to and/or output from the client site host device, authenticating the client site host device 312, and verifying integrity of TAP commands sent between the debugging site 304 and the client site 302 via the secure session key).

12. Regarding claims 4, 11, 18 Kurts teaches the method, the apparatus and the computer-readable storage media further comprising: configuring the debug/management interface to require requests to be signed using a cryptographic key from an authorized entity (Para: 0051 -0053 teaches the data bits 656, the control bits 658, and the integrity information bits 660 will facilitate the data transfer during the secure debug session 518. For example, the data bits 656 may include the JTAG command transmitted to the Central TAP 314, the control bits 658 may include information to guide processing of the data bits 656 by the SUT 308, and the integrity information bits 660 may include a value representative of a position (e.g., command number) of the data bits 656 in the sequence of commands transmitted to the SUT 308. As an illustrative example of the integrity information bits 660, a first AES message 652A to be transmitted to the SUT 308 may include integrity information 660 with a first value (e.g., zero), while a second AES message 652A to be transmitted to the SUT 308 may include integrity information 660 with a second value (e.g., one). The debug labs 306 may encrypt the AES message 652A and sign the AES message 652A with the random session key 602B decrypted during the authentication phase to generate an encrypted AES message 654A (e.g., ciphertext) that cannot be deciphered by an unauthorized third party. The encrypted AES message 654A may still include the data bits 656, the control bits 658, and the integrity information bits 660 but in an encrypted form. Once the encrypted AES message 654A is generated, the encrypted AES message 654A may be transmitted to the SUT 308 via the relay server 402. Upon receiving the encrypted AES message 654B, the SUT may decrypt and validate the encrypted AES message 654A using a local copy of the random session key 602A, thereby re-generating the AES message 652B. Before proceeding with the processing of the AES message 652B, the SUT 308 may verify whether the AES message 652B has been compromised, for example, by an unauthorized third party that is listening to communications between the debug labs 306 and the SUT 308. In particular, the SUT 308 may include an integrity counter within the debug IP that stores an expected integrity information value 662 for an incoming command. For example, when the AES message 652B is the first JTAG command to be received by the SUT 308 in the secure debug session 518, the expected integrity information value 662 may be a first value (e.g., zero). When the expected integrity information value 662 does not match the value of the integrity information bit bits 660, the secure debug session 518 may be halted or terminated (process block 664) as the command sequence may have been scrambled or the AES message 652B may have been tampered with. This verification check may prevent unauthorized third parties from replaying the AES message 652B and other malicious attacks).

13. Regarding claims 5,12, 19  Kurts teaches the method, the apparatus and the computer-readable storage media further comprising: receiving, from a first entity, a command to access information in the debug/management interface; decrypting the command to recover the cryptographic key from the request; and in response to a determination that that the first entity is authorized to access the debug/management interface, executing the command (Para:0026-0030 and Para:0042-0045 teaches the remote debug process may be initiated by the client using, for example, the client site host device 312 when an unexpected error occurs during testing and/or implementation of the SUT 308 at the client site 302. In such instances, the client may request that the remote debug process be performed on the SUT 308 by the debug labs 306. The request, in particular, may include authorization for performance of the remote debug process by the debug labs 306 and/or a certificate that identifies the client, the SUT 308, the processor 310, and/or other relevant information. The request may be encrypted by the remote debug IP, communicated to the client site host device 312 via a Joint Test Action Group (JTAG) interface 320, and ultimately transmitted to the debugging site 304 from the client site host device 312 over a public network 322. Once the debug labs 306 verify the client and the SUT 308, JTAG commands may be encrypted by the encryption/decryption device 324 at the debugging site 304 and may be transmitted to the client site host device 312 via the public network 322. The JTAG commands may be transferred from the client site host device 312 to the SUT 308 via the JTAG interface 320. Specifically, the central TAP 314 may receive the encrypted/protected JTAG commands for AFD and/or other interactions and subsequently transfer the JTAG commands to the encryption/decryption machine 316 to decrypt to the JTAG commands using a secure session key. Once decrypted, the remote debug process session may be active and the TAP network may be modified to allow encrypted TAP commands to be passed through to the client site 302 and/or the debugging site 304 while blocking other types of non-encrypted commands. In other words, once the remote debug process session is active (e.g., remote debug SoC state is enabled), a remote debug security policy (e.g., enable debug mode) may be implemented to enable unlocked and/or elevated TAP access of the SUT 308 IP while encrypting data that is input to and/or output from the client site host device, authenticating the client site host device 312, and verifying integrity of TAP commands sent between the debugging site 304 and the client site 302 via the secure session key).

14. Regarding claims 6,13, 20  Kurts teaches the method, the apparatus and computer-readable storage media further comprising: receiving, from a first entity, a command to access information in the debug/management interface; decrypting the command to recover the cryptographic key from the request; and in response to a determination that that the first entity is authorized to access the debug/management interface, rejecting the command (Para:0026-0030 and Para:0042-0045 teaches the remote debug process may be initiated by the client using, for example, the client site host device 312 when an unexpected error occurs during testing and/or implementation of the SUT 308 at the client site 302. In such instances, the client may request that the remote debug process be performed on the SUT 308 by the debug labs 306. The request, in particular, may include authorization for performance of the remote debug process by the debug labs 306 and/or a certificate that identifies the client, the SUT 308, the processor 310, and/or other relevant information. The request may be encrypted by the remote debug IP, communicated to the client site host device 312 via a Joint Test Action Group (JTAG) interface 320, and ultimately transmitted to the debugging site 304 from the client site host device 312 over a public network 322. Once the debug labs 306 verify the client and the SUT 308, JTAG commands may be encrypted by the encryption/decryption device 324 at the debugging site 304 and may be transmitted to the client site host device 312 via the public network 322. The JTAG commands may be transferred from the client site host device 312 to the SUT 308 via the JTAG interface 320. Specifically, the central TAP 314 may receive the encrypted/protected JTAG commands for AFD and/or other interactions and subsequently transfer the JTAG commands to the encryption/decryption machine 316 to decrypt to the JTAG commands using a secure session key. Once decrypted, the remote debug process session may be active and the TAP network may be modified to allow encrypted TAP commands to be passed through to the client site 302 and/or the debugging site 304 while blocking other types of non-encrypted commands. In other words, once the remote debug process session is active (e.g., remote debug SoC state is enabled), a remote debug security policy (e.g., enable debug mode) may be implemented to enable unlocked and/or elevated TAP access of the SUT 308 IP while encrypting data that is input to and/or output from the client site host device, authenticating the client site host device 312, and verifying integrity of TAP commands sent between the debugging site 304 and the client site 302 via the secure session key. and Para:0042-0045 teaches when the authentication fails, direct access to the central TAP 314 may remain blocked and the remote debug process may be halted and/or terminated [process block 616]).

15. Regarding claims 7, 14, 21 Kurts teaches the method, the apparatus and the computer-readable storage media further comprising: generating an error report; and entering the first entity into a log of malicious users (Para: 0043-0045 and Para: 0052-0053 teaches Once the debug lab 306 receives the encrypted session key 608A, the debug lab 306 may proceed to decrypt the encrypted session key 608A and to generate an acknowledgement that successful decryption occurred. For example, a constant pattern 612 known to both the debug labs 306 and the SUT 308 may be encrypted using the random session key 602B (e.g., encrypted acknowledgement 614A). The encrypted acknowledgement 614A may then be transmitted to the SUT 308 to verify that a received encrypted acknowledgement 614B is as expected. If the received encrypted acknowledgement 614B is not of the correct pattern, the remote debug process session may be terminated and connection with the relay server 402 may be dropped. This verification check will prevent malicious attacks).


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEREENA T CATTUNGAL whose telephone number is (571)270-0506. The examiner can normally be reached Mon-Fri: 7:30 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DEREENA T CATTUNGAL/Primary Examiner, Art Unit 2431