Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
DETAILED ACTION
This action is in response to original filings made on 11/9/2020. Claims 1-20 are pending. 
Specification (Title)
The title of the invention is not descriptive.  A new title is required that is clearly indicative of the invention to which the claims are directed. 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 4-6, 13 and 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Jenkins (US Patent No. 8,621,597) in view of Wang (US Patent Publication No. 2016/0217021).

As to claims 1 and 13, Jenkins teaches a secure programmable logic device (PLD) failure characterization system, comprising: 
a secure PLD, wherein the secure PLD comprises a plurality of programmable logic blocks (PLBs) arranged in a PLD fabric of the secure PLD (i.e., figure 2), 
and a configuration engine configured to program the PLD fabric according to a configuration image stored in a non- volatile memory (NVM) of the secure PLD and/or coupled through a configuration input/output (I/O) of the secure PLD to the configuration engine (i.e., …teaches in col. 4 lines 35-50 the following: “Configuration plane 250 generally includes a configuration circuit 260 and configuration memory array 255. Configuration circuit 260 typically includes several input and/or output terminals that are connected to dedicated configuration pins 265 and to dual-purpose I/O associated with IOBs, e.g., I/O pins 220 (connection not shown). Configuration memory array 255 includes memory cells that can be arranged in "frames" (i.e., columns of memory cells extending the length of PLD 200), and addressing circuitry (not shown) for accessing each frame. Configuration memory array 255 is typically formed from some combination of volatile configuration memory (e.g., SRAM) and nonvolatile memory (e.g., flash memory).”.  …teaches in col. 5 lines 1-10 the following: “A configuration circuit such as circuit 260 typically includes a configuration bus structure and a collection of configuration registers for accessing and controlling the configuration logic of configuration plane 250.”), 
wherein the secure PLD is configured to perform a computer-implemented method comprising: receiving a failure characterization (FC) command from the PLD fabric or an external system coupled to the secure PLD through the configuration I/O (i.e., …teaches in col. 6 lines 39-49 the following: “Status information memory 315 is used to store information about the erase operation. In the simplest case, status information memory 315 includes a flag indicating that for some reason, erase controller 305 has issued one or more erase commands. This status information can be useful for debugging purposes or to subsequently determine why certain memory has been erased. Status information memory 315 can include more detailed information such as the addresses of memory subject to erase commands, timing information, copies of actual commands used, and the like.”. The commands are received through the I/O.); 
executing the FC command (i.e., ….teaches in col. 6 lines 50-65 the following: “For example, where the PLD including security erase circuit 300 is used in a device subject to routine maintenance or servicing, e.g., a gaming machine or an ATM, opening the device enclosure might compromise PLD security. In that case, opening the device enclosure can trigger a signal supplied to a PLD pin which either directly or indirectly provides a security event signal on security event line 330. In another example, logic included in the PLD having security erase circuit 300, e.g., specialized logic or CLBs/IOBs configured to perform the function, can monitor for certain events and determine whether to issue a security event signal. Such monitoring might include: determining expiration of a timeout period, detection of various hacking attempts, security information expiration, error conditions that might compromise PLD security, receipt of external trusted "erase" commands, and the like. Numerous other conditions leading to the assertion of a security event signal will be well known to those having ordinary skill in the art.”), 
wherein the executing the FC command comprises erasing and/or nullifying at least a portion of the NVM of the secure PLD (i.e., …teaches in col. 6 lines 30-40 the following: “Security erase circuit 300 provides basic functionality for automatically erasing some or all of PLDs associated nonvolatile and volatile configuration memory upon detection of a security event. Security erase circuit 300 can also be configured to erase memory that is not strictly used for configuration purposes, e.g., block RAM 240. It can also include and/or initiate specialized circuits designed to protect device I/O interfaces while erase operations are performed.”.); 
and performing a debug process (i.e., … teaches in col. 5 lines 30-35 the following: “…perform extensive debugging and diagnostics”.).


Jenkins does not expressly teach:
wherein the performing the debug process comprises booting a debug configuration by the PLD fabric that is configured to identify and/or characterize failures in the operation of any one or combination of elements of the secure PLD.
In this instance the examiner notes the teachings of prior art reference Wang.
Wang teaches in par. 0012 the following: “The log is embedded in the PLD hardware and can be placed in the “on” setting continuously, thereby capturing a failure state when it happens. It is especially useful for random board failure among a chassis-full of boards. The set of hardware signals to be logged can be changed since a PLD is a programmable device, making it easy for trial-and-error debugging. Therefore, a tester can pre-program the PLD to log a number of selected signals and the log can be used to quickly make progress in identifying and solving a problem. In addition, when logging hardware signals in EBR, the logging speed can match the speed(s) at which the signals are changing. Thus, EBR-based hardware signal logging is well suited for hardware debugging.”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of Jenkins with the teachings of Wang by having their system comprise error configuration analysis. One would have been motivated to do so to provide a simple and effective means to determine system failure, wherein error configuration analysis helps facilitate device repair and makes it easier to configure the devices to handle failure events. 

As to claims 4 and 16, the system of Jenkins and Wang as applied to claim 1 above teaches a PLD, specifically Jenkins teaches a secure PLD failure characterization system of claim 1, wherein the NVM comprises rewritable and/or unlocked sectors, and wherein the executing the authenticated FC command comprises: erasing individual sectors of the NVM according to a prioritized erase order (i.e., …teaches in col. 6 lines 30-40 the following: “Security erase circuit 300 provides basic functionality for automatically erasing some or all of PLDs associated nonvolatile and volatile configuration memory upon detection of a security event. Security erase circuit 300 can also be configured to erase memory that is not strictly used for configuration purposes, e.g., block RAM 240. It can also include and/or initiate specialized circuits designed to protect device I/O interfaces while erase operations are performed.”.), wherein the prioritized erase order comprises user flash memory sectors, image sectors, security and/or other features stored in securable storage sectors, device key sectors, and lock policy sectors (i.e., …teaches in col. 6 lines 30-40 the following: “Security erase circuit 300 provides basic functionality for automatically erasing some or all of PLDs associated nonvolatile and volatile configuration memory upon detection of a security event. Security erase circuit 300 can also be configured to erase memory that is not strictly used for configuration purposes, e.g., block RAM 240. It can also include and/or initiate specialized circuits designed to protect device I/O interfaces while erase operations are performed.”.).

As to claims 5 and 17, the system of Jenkins and Wang as applied to claim 1 above teaches a PLD, specifically Jenkins teaches a secure PLD failure characterization system of claim 1, wherein the NVM comprises one time programmable sectors, and wherein the executing the authenticated FC command comprises: nullifying individual sectors of the NVM according to a prioritized erase order (i.e., …teaches in col. 6 lines 30-40 the following: “Security erase circuit 300 provides basic functionality for automatically erasing some or all of PLDs associated nonvolatile and volatile configuration memory upon detection of a security event. Security erase circuit 300 can also be configured to erase memory that is not strictly used for configuration purposes, e.g., block RAM 240. It can also include and/or initiate specialized circuits designed to protect device I/O interfaces while erase operations are performed.”), wherein the nullifying comprises setting all bits within a particular sector to "1," and wherein the prioritized erase order comprises user flash memory sectors, image sectors, security and/or other features stored in securable storage sectors, device key sectors, and lock policy sectors (i.e., …teaches in col. 6 lines 30-40 the following: “Security erase circuit 300 provides basic functionality for automatically erasing some or all of PLDs associated nonvolatile and volatile configuration memory upon detection of a security event. Security erase circuit 300 can also be configured to erase memory that is not strictly used for configuration purposes, e.g., block RAM 240. It can also include and/or initiate specialized circuits designed to protect device I/O interfaces while erase operations are performed.”).

As to claims 6 and 18, the system of Jenkins and Wang as applied to claim 1 above teaches a PLD, specifically Jenkins does not teach a secure PLD failure characterization system of claim 1, wherein the performing the debug process comprises: 
receiving a debug configuration over the configuration I/O and loading, booting, and/or executing the received debug configuration in the PLD fabric; 
and generating a debug digest associated with the debug configuration, wherein the debug digest comprises a listing of failures and/or other debug information associated with execution of the debug configuration by the PLD fabric.
In this instance the examiner notes the teachings of prior art reference Wang.
With regards to applicant’s claim limitation element of, “receiving a debug configuration over the configuration I/O and loading, booting, and/or executing the received debug configuration in the PLD fabric”, Wang teaches in par. 0012 the following: “The log is embedded in the PLD hardware and can be placed in the “on” setting continuously, thereby capturing a failure state when it happens. It is especially useful for random board failure among a chassis-full of boards. The set of hardware signals to be logged can be changed since a PLD is a programmable device, making it easy for trial-and-error debugging. Therefore, a tester can pre-program the PLD to log a number of selected signals and the log can be used to quickly make progress in identifying and solving a problem. In addition, when logging hardware signals in EBR, the logging speed can match the speed(s) at which the signals are changing. Thus, EBR-based hardware signal logging is well suited for hardware debugging”. The commands will be received and sent by way of the I/O.
With regards to applicant’s claim limitation element of, “and generating a debug digest associated with the debug configuration,” Wang teaches in par. 0012 the following: “The log is embedded in the PLD hardware and can be placed in the “on” setting continuously, thereby capturing a failure state when it happens. It is especially useful for random board failure among a chassis-full of boards. The set of hardware signals to be logged can be changed since a PLD is a programmable device, making it easy for trial-and-error debugging. Therefore, a tester can pre-program the PLD to log a number of selected signals and the log can be used to quickly make progress in identifying and solving a problem. In addition, when logging hardware signals in EBR, the logging speed can match the speed(s) at which the signals are changing. Thus, EBR-based hardware signal logging is well suited for hardware debugging.”.
With regards to applicant’s claim limitation element of, “wherein the debug digest comprises a listing of failures and/or other debug information associated with execution of the debug configuration by the PLD fabric”, Wang teaches in par. 0012 the following: “The log is embedded in the PLD hardware and can be placed in the “on” setting continuously, thereby capturing a failure state when it happens. It is especially useful for random board failure among a chassis-full of boards. The set of hardware signals to be logged can be changed since a PLD is a programmable device, making it easy for trial-and-error debugging. Therefore, a tester can pre-program the PLD to log a number of selected signals and the log can be used to quickly make progress in identifying and solving a problem. In addition, when logging hardware signals in EBR, the logging speed can match the speed(s) at which the signals are changing. Thus, EBR-based hardware signal logging is well suited for hardware debugging.”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of Jenkins with the teachings of Wang by having their system comprise error configuration analysis. One would have been motivated to do so to provide a simple and effective means to determine system failure, wherein error configuration analysis helps facilitate device repair and makes it easier to configure the devices to handle failure events. 

Claim(s) 2 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Jenkins in view of Wang as applied to claims 1 and 13 above, and further in view Peterson et al. (US Patent No. 9,230,112 and Peterson hereinafter (cited from IDS 4/20/2022)).

As to claims 2 and 14, the system of Jenkins and Wang as applied to claim 1 above teaches a PLD, however neither reference teaches a secure PLD failure characterization system of claim 1, wherein the computer-implemented method further comprises: authenticating the received FC command prior to the executing the FC command, wherein the FC command is signed using an application private key associated with a secure PLD customer for the secure PLD, a corresponding application public key is stored in the NVM, and the authenticating comprises using the application public key to verify that the FC command is signed using the application private key associated with the secure PLD customer.
In this instance the examiner notes the teachings of prior art reference Peterson. 
With regards to applicant’s claim limitation element of, “authenticating the received FC command prior to the executing the FC command”, Peterson teaches in col. 10 lines 65-67 & col. 11 lines 1-5 the following: “authentication and/or encryption of software updates in a fielded device, authentication and/or encryption of full or partial bitstream in a fielded device, and/or loading of authenticated and/or encrypted data files in a fielded device.”.
With regards to applicant’s claim limitation element of, “wherein the FC command is signed using an application private key associated with a secure PLD customer for the secure PLD”, teaches in col. 10 lines 35-45 the following: “use RSA code signing for public key authentication”.
With regards to applicant’s claim limitation element of, “a corresponding application public key is stored in the NVM”, teaches in col. 16 lines 5-15 the following: “encrypted in NVM. Authentication may use a public key, RSA (e.g., RSA-2048), and/or a private key HMAC algorithm.”.
With regards to applicant’s claim limitation element of, “and the authenticating comprises using the application public key to verify that the FC command is signed using the application private key associated with the secure PLD customer”, teaches in col. 10 lines 35-45 the following: “use RSA code signing for public key authentication”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of Jenkins and Wang with the teachings of Peterson by having their system comprise command authentication analysis. One would have been motivated to do so to provide a simple and effective means to secure system level commands, wherein command authentication analysis helps facilitate device security and makes it easier to configure the devices with safe instruction. 

Claim(s) 7 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Jenkins in view of Wang as applied to claims 6 and 18 above and further in view Lambert et al. (US Patent Publication No. 2019/0138369 and Lambert hereinafter).

As to claims 7 and 19 the system of Jenkins and Wang as applied to claim 6 above teaches PLD, specifically Jenkins does not teach a secure PLD failure characterization system of claim 6, wherein the performing the debug process further comprises: and providing the debug digest to an external system coupled to the secure PLD over the configuration I/O.
In this instance the examiner notes the teachings of prior art reference Wang.
Wang teaches in par. 0012 the following: “The log is embedded in the PLD hardware and can be placed in the “on” setting continuously, thereby capturing a failure state when it happens. It is especially useful for random board failure among a chassis-full of boards. The set of hardware signals to be logged can be changed since a PLD is a programmable device, making it easy for trial-and-error debugging. Therefore, a tester can pre-program the PLD to log a number of selected signals and the log can be used to quickly make progress in identifying and solving a problem. In addition, when logging hardware signals in EBR, the logging speed can match the speed(s) at which the signals are changing. Thus, EBR-based hardware signal logging is well suited for hardware debugging.”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of Jenkins with the teachings of Wang by having their system comprise error configuration analysis. One would have been motivated to do so to provide a simple and effective means to determine system failure, wherein error configuration analysis helps facilitate device repair and makes it easier to configure the devices to handle failure events. 

The system of Jenkins and Wang do not expressly teach:
authenticating the debug configuration prior to the loading, booting, and/or executing the received debug configuration in the PLD fabric.
In this instance the examiner notes the teachings of prior art reference Lambert. 
With regards to applicant’s claim limitation element of, “authenticating the debug configuration prior to the loading, booting, and/or executing the received debug configuration in the PLD fabric”, Lambert teaches as part of his claim 14 claim limitation(s) the following: “requesting authentication information from the debugging information handling system and providing the access in response to receiving the authentication information”. 
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of Jenkins and Wang with the teachings of Lambert by having their system comprise command authentication analysis. One would have been motivated to do so to provide a simple and effective means to secure commands, wherein command authentication analysis helps facilitate device security and makes it easier to configure the devices with safe instruction. 
Allowable Subject Matter
Claims 3 and 15 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. 
The following is a statement of reasons for the indication of allowable subject matter: Applicant’s recital of, “authenticating the received FC command prior to the executing the FC command, wherein the FC command comprises an FC trace ID, a trace ID associated the secure PLD is stored in the NVM, and the authenticating comprises comparing the FC trace ID with the trace ID stored in the NVM.”.

Claims 8 and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. 
The following is a statement of reasons for the indication of allowable subject matter: Applicant’s recital of, “re-provisioning the secure PLD after the performing the debug process, and wherein the re-provisioning the secure PLD comprises: receiving a programming private key, a programming secret, and an initial programming image (IPI) configuration over the configuration I/O of the secure PLD storing the IPI configuration in the NVM; programming the PLD fabric of the secure PLD according to the IPI configuration.”.

Claim 9 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. 
The following is a statement of reasons for the indication of allowable subject matter: Applicant’s recital of, “provide a debug configuration to the secure PLD over the configuration I/O; receive a debug digest from the secure PLD associated with booting and/or execution of the debug configuration by the PLD fabric of the secure PLD; determine an updated manufacturer trim based, at least in part, on the received debug digest; and provide the updated manufacturer trim to the secure PLD over the configuration I/O.”.

Claim 10 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. 
The following is a statement of reasons for the indication of allowable subject matter: Applicant’s recital of, “generate or receive a protected configuration for the secure PLD; and program the secure PLD according to the protected configuration; wherein the protected configuration comprises an application configuration and a feature configuration, each signed by an application private key associated with a secure PLD customer and encrypted by an application encryption key associated with the secure PLD customer, and a programming key digest comprising an encrypted and signed combination of an application public key, the application encryption key, and a programming secret associated with the secure PLD customer”.

Claim 11 is allowed. Dependent claim 12 is allowed by way of its dependency. The following is a statement of reasons for the indication of allowable subject matter: Applicant’s recital of, “an external system comprising a processor and a memory and configured to be coupled to a secure PLD through a configuration input/output (I/O) of the secure PLD, wherein the memory comprises machine-readable instructions which when executed by the processor of the external system are adapted to cause the external system to perform a computer-implemented method comprising: providing a failure characterization (FC) command and/or a debug configuration to the secure PLD over the configuration I/O; and receiving a debug digest from the secure PLD associated with booting and/or execution of the debug configuration by a PLD fabric of the secure PLD; determining an updated manufacturer trim based, at least in part, on the received debug digest; and providing the updated manufacturer trim to the secure PLD over the configuration I/O.”.
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRYAN F WRIGHT whose telephone number is (571)270-3826.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/BRYAN F WRIGHT/Examiner, Art Unit 2497