Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
2.	Applicant’s arguments filed on 03/08/2021, with respect to the 35 U.S.C. § 102(a)(2) rejection of claim 1-9, 11-13, and 16-20 as being anticipated by US 2008/0276111 to Jacoby et al (Jacoby ) have been fully considered a.  However, upon further consideration, a new ground(s) of rejection is made in view of amended claims.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
s 1-9, 11-13 and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication No. 20080276111 hereinafter Jacoby in view of U.S. Publication No. 20140208422 hereinafter Porat.

As per claim 1, Jacoby discloses:
An attack detector (para 0007 “The present invention includes an information processing device capable of detecting undesired software operation.”) comprising first circuitry (para 0008 “The device may include a network interface circuit (NIC) and a microprocessor.”), the first circuitry being configured to:
detect occurrence of level change of power or a signal supplied to a predetermined circuit (para 0057 “The method is initiated, and the power consumption of the device or individual device component (e.g., NIC 24 or microprocessor 26) is detected. The power consumption measurement may be instantaneous or may be averaged over a short period of time (less than one sampling period).”);
store a first attack evaluation value indicating a degree of probability that an attack on the predetermined circuit has occurred (para 0013 “The device may also include a buffer for storing the power consumption signal from the sensor, such that the detector can calculate a frequency signature using past power consumption data .” para 0054 “The power monitor may include a memory for storing a recent history of power consumption data." para 0058 “Steps 102/103: The detected power is compared to a threshold value. Preferably, the 
update the first attack evaluation value based on a detection result of the occurrence of the level change (para 0064 “The threshold value is set slightly higher (e.g., 5, 10, 15 or 20% higher) than a normal power consumption level. The normal power consumption level typically will depend on the operating mode (e.g., idle mode or busy mode). Hence, the threshold level will change when the device changes between idle and busy operating modes. The device may also have 3 or more operating and sleep modes, each with its own established threshold level. Each time the device changes to a new operating state, the power monitor 32 should be notified so the threshold level can be changed.” para 0079 “In operation, the frequency detector receives analog (time domain) power consumption signals from the sensor 30, and/or sensors 30a 30b and converts the power consumption signals to the frequency domain. Preferably, the frequency detector 36 includes a circuit for performing a fast Fourier transform calculation on the power consumption signals. The frequency detector identifies the highest amplitude frequencies present in the power consumption signals. The group of the highest amplitude frequencies comprises a frequency signature. For example, a frequency signature may simply be a para 0095 “Therefore, in the present frequency spectrum monitoring method, it is essential to empirically determine the frequency signatures for each individual attack, worm or virus in each individual model of electronic device, and store these empirically determined frequency signatures in the database 40. Hence, each model of electronic device will have a unique set of frequency signatures stored in the signature database 40. The frequency signatures in the database 40 will be specific to each type of electronic device. Also, the frequency signatures in the database 40 will need to be updated with new empirical data as new viruses are created.”);
and perform first determination of determining whether or not the attack has occurred based on the first attack evaluation value (para 0060 “If the detected power consumption is higher than the threshold level for an extended period of time (e.g., several consecutive sampling periods, or several seconds), then preferably the user or microprocessor can be notified that excessive power consumption is occurring, or that malicious software might be operating. The user can be offered a menu of several responsive actions. For 

Jacoby does not disclose:
determining whether or not the attack has occurred based on whether or not the first attack evaluation value exceeds a threshold value, wherein the level change includes a glitch

Porat discloses:
determining whether or not the attack has occurred based on whether or not the first attack evaluation value exceeds a threshold value, wherein the level change includes a glitch (para 0020 “In responding to such glitches, detector 38 evaluates whether the glitch voltage exceeds upper and lower thresholds 46 and 48. Glitches in the range that is above threshold 46, such as glitch 50, or below threshold 48 are treated as malicious and cause detector 38 to invoke appropriate countermeasures against a possible fault generation attack. On the other hand, glitches in the intermediate range between limit 42 and threshold 46, such as glitch 52, or between limit 44 and threshold 48 are considered to be signaling glitches, created by environmental signal generator 39.”)
Therefore, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention information processing device capable of detecting undesired software operation of Jacoby 
The motivation would have been to properly detect attacks associate with glitches outsides a specified range.

As per claim 2, Jacoby in view of Porat discloses:
The attack detector according to claim 1, wherein the first circuitry increases the first attack evaluation value every time the level change occurs (Jacoby para 0012, 0078 and 0084).

As per claim 3, Jacoby in view of Porat discloses:
 attack detector according to claim 1, wherein the first circuitry updates the first attack evaluation value in accordance with the occurrence of the level change in an execution period in which the predetermined circuit performs predetermined processing (Jacoby para 0011,0064, and 0124).

As per claim 4, Jacoby in view of Porat discloses:
The attack detector according to claim 3, wherein the predetermined processing comprising encryption processing, conditional branch processing, or processing of writing to a storage area (Jacoby para 0064).

As per claim 5, Jacoby in view of Porat discloses:
 para 0060, 0062, 0064, 0067, 0109 and 0124).

As per claim 6, Jacoby in view of Porat discloses:
The attack detector according to claim 3, wherein the first circuitry acquires a power consumption waveform of the predetermined circuit, and estimates the execution period based on the acquired power consumption waveform (Jacoby Fig. para 0085 and 0086).

As per claim 7, Jacoby in view of Porat discloses:
The attack detector according to claim 3, wherein the first circuitry does not update the first attack evaluation value when the level change occurs a plurality of times in one execution period of a repeatedly appearing plurality of the execution periods (Jacoby Fig. 2, element 103, para 0058 “The detected power is compared to a threshold value. Preferably, the threshold value is variable and depends on factors such as the operating mode of the device (e.g., idle or busy), the number and type of software applications presently operating, past history of power consumption patterns, user concern about possible undetected software attacks or other factors that affect normal operating power consumption or the tolerability of false positive events and undetected attacks. Preferably in the present method, several consecutive above-threshold measurements are required before any action or notification occurs. Typically, para 0064 “The normal power consumption level typically will depend on the operating mode (e.g., idle mode or busy mode). Flence, the threshold level will change when the device changes between idle and busy operating modes. The device may also have 3 or more operating and sleep modes, each with its own established threshold level. Each time the device changes to a new operating state, the power monitor 32 should be notified so the threshold level can be changed.” para 0079, only the highest frequencies are identified).

As per claim 8, Jacoby in view of Porat discloses:
The attack detector according to claim 3, wherein the first circuitry updates the first attack evaluation value based on successiveness of the occurrence of the level change between a repeatedly appearing plurality of the execution periods (Jacoby Fig. 2, para 0058 and 0064).

As per claim 9, Jacoby in view of Porat discloses:
The attack detector according to claim 8, wherein in a case where the level change occurs in one execution period, the first circuitry increases the first attack evaluation value when the level change occurs in an execution period immediately before the one execution period, and in a case where the level change occurs in one execution period, the first circuitry does not increase the first attack evaluation value when the level change does not occur in (Jacoby para 0064 “The normal power consumption level typically will depend on the operating mode (e.g., idle mode or busy mode). Hence, the threshold level will change when the device changes between idle and busy operating modes. The device may also have 3 or more operating and sleep modes, each with its own established threshold level. Each time the device changes to a new operating state, the power monitor 32 should be notified so the threshold level can be changed.”).

As per claim 11, Jacoby in view of Porat discloses:
The attack detector according to claim 8, wherein the first circuitry decreases the first attack evaluation value when there is successive nonoccurrence of the level change in the repeatedly appearing plurality of the execution periods (Jacoby para 0064).

As per claim 12, Jacoby in view of Porat discloses:
The attack detector according to claim 3, wherein in the first determination, the first circuitry compares the first attack evaluation value and a threshold value, and determines the attack has occurred when the first attack evaluation value exceeds the threshold value (Porat para 0020), 
and the first circuitry decreases the threshold value in accordance with the number of times of successive occurrence of the level change in a repeatedly appearing plurality of the execution periods (Jacoby Fig. 2, para 0058, 0060 and 0064).

As per claim 13, Jacoby in view of Porat discloses:
The attack detector according to claim 3, wherein concerning each of a plurality of partial periods obtained by dividing the execution period into a plurality of periods, the first circuitry stores the first attack evaluation value indicating a degree of probability that the attack has occurred in each of the plurality of partial periods, concerning each of the plurality of partial periods, the first circuitry updates the first attack evaluation value in accordance with the occurrence of the level change in each of the plurality of partial periods, and in the first determination, the first circuitry determines whether or not the attack has occurred based on the attack evaluation value concerning each of the plurality of partial periods (Jacoby Fig. 2, para 0058, 0060, 0062 and 0064).

As per claim 16, Jacoby in view of Porat discloses:
The attack detector according to claim 1, wherein the first circuitry determines a degree of a risk of the attack based on a comparison result between the first attack evaluation value and each of a plurality of threshold values that are different from each other (Fig. 2).

As per claim 17, Jacoby in view of Porat discloses:
The attack detector according to claim 1, wherein the first circuitry stores a second attack evaluation value indicating a degree of probability that the attack has occurred (Jacoby Fig. 2, 0064),


As per claim 18, Jacoby in view of Porat discloses:
A controller (Jacoby Fig. 1 element 22, para 0049) comprising:
the attack detector of claim 16 (Jacoby Fig. 1);
and a second circuitry configured to control the predetermined circuit when it is determined that the attack has occurred in the attack detector (Jacoby Fig. 2 element 22, para 0049),
wherein the second circuitry changes control over the predetermined circuit depending on the degree of the risk determined by the first circuitry (Jacoby para 0058 “Preferably, the threshold value is variable and depends on factors such as the operating mode of the device (e.g., idle or busy), the number and type of software applications presently operating, past history of power consumption patterns, user concern about possible undetected software attacks or other factors that affect normal operating power consumption or the tolerability of false positive events and undetected attacks.” Para 0062 and 0064).
As per claim 19, Jacoby in view of Porat discloses:
A controller (Jacoby Fig. 1 element 22, para 0049) comprising:
the attack detector of claim 17 (Jacoby Fig. 1);
 Fig. 2 element 22, para 0049),
wherein the second circuitry changes control over the predetermined circuit depending on cases, the cases including a first case where it is determined that the attack has occurred in the first determination, and a second case where it is determined that the attack has occurred in the second determination (Jacoby para 0058 “Preferably, the threshold value is variable and depends on factors such as the operating mode of the device (e.g., idle or busy), the number and type of software applications presently operating, past history of power consumption patterns, user concern about possible undetected software attacks or other factors that affect normal operating power consumption or the tolerability of false positive events and undetected attacks.” Para 0062 and 0064).

As per claim 20, the implementation of the attack detector of claim 1 will execute the attack detector of claim 20. The claim is analyzed with respect to claim 1.
4. 	Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Jacoby in view of Porat and further in view of in view of U.S. Publication No. 20130129083 hereinafter Fujino.

As per claim 10, Jacoby in view of Porat discloses:
The attack detector according to claim 8, wherein the first circuitry sets a value according to the number of times of successive occurrence of the level change in the repeatedly appearing plurality of the execution periods (Jacoby para 0022, 0043, and 0124).

Jacoby in view of Porat does not disclose:
sets a one-time update amount of the first attack evaluation value

Fujino discloses:
sets a one-time update amount of the first attack evaluation value (para 0012 “As a solution for the above problem, Non-patent Literature 3 (Yoshinobu Toyoda, Kenta Kido, Yoshiaki Shitabayashi, and Takeshi Fujino, "Proposal of domino-
Therefore, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention information processing device capable of detecting undesired software operation of Jacoby in view of Porat to include sets a one-time update amount of the first attack evaluation value, as taught by Fujino.
The motivation would have been to properly address fault attacks in a secure device.

5. 	Claim 14 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Jacoby in view of Porat, and further in view of U.S. Publication No. 20140020097 hereinafter Riou.

As per claim 14, Jacoby in view of Porat discloses:
The attack detector according to claim 1, the first attack evaluation value is stored in the first storage circuit, in the first determination, the first 

Jacoby in view of Porat does not disclose:
wherein a first circuitry comprises a first storage circuit in which stored information is not cleared in response to power disconnection and reset of the attack detector
and the first circuitry decreases the threshold value every time the attack detector is restarted
Riou discloses:
wherein a first circuitry comprises a first storage circuit in which stored information is not cleared in response to power disconnection and reset of the attack detector (para 0044 “Referring to FIG. 1, in the method of detecting the fault attack according to one example embodiment, when power is supplied to the secure memory device or when the operation of the secure memory device is reset, the payload data is selectively initialized by determining whether the payload data is consistent (step SI 00). The payload data may be stored in a plurality of ephemeral registers, included in the secure memory device, and may be used to detect the fault attack. Unlike a related art nonvolatile memory, as described with reference to FIGS. 2 and 3, unlike a typical nonvolatile 
and the first circuitry decreases the threshold value every time the attack detector is restarted (para 0012 “In the step of increasing the count value, the count value may be maintained to a previous value if the fault is not injected in the secure memory device.”)
Therefore, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention information processing device capable of detecting undesired software operation of Jacoby in view of Porat to include a first storage circuit in which stored information is not cleared in response to power disconnection and reset of the attack detector and the first circuitry decreases the threshold value every time the attack detector is restarted, as taught by Riou.
The motivation would have been to properly address fault attacks in a secure device.

As per claim 15, Jacoby in view of Porat in view of Riou discloses:
The attack detector according to claim 1, wherein the first circuitry comprises a first storage circuit in which stored information is cleared in response to power disconnection and reset of the attack detector (Riou para 0044 “Referring to FIG. 1, in the method of detecting the fault attack according to one example when power is supplied to the secure memory device or when the operation of the secure memory device is reset, the payload data is selectively initialized by determining whether the payload data is consistent (step SI 00). The payload data may be stored in a plurality of ephemeral registers, included in the secure memory device, and may be used to detect the fault attack. Unlike a related art nonvolatile memory, as described with reference to FIGS. 2 and 3, unlike a typical nonvolatile memory, the ephemeral register may store data for a predetermined data retention time, even if power is shut off. The ephemeral register may have a data retention time shorter than that of the related art nonvolatile memory.” para 0069 “For example, the data retention time
may be determined within the range of about one second to about ten seconds.”),
and a second storage circuit in which stored information is not cleared in response to power disconnection and reset of the attack detector (Riou para 0068 “As described above, unlike a related art volatile memory, the ephemeral register 392 may store at least one of the bits constituting the payload data for a predetermined data retention time even if power is shut off. In other words, when power is supplied to the secure memory device 300, the storage block 394 stably receives power from the supply voltage VDD to store at least one of the bits constituting the payload data. After power supplied to the secure memory device 300 has been shut off, the storage block 394 may store at least 
the first attack evaluation value is stored in the first storage circuit, the second storage circuit stores a second attack evaluation value indicating a degree of probability that the attack has occurred (Jacoby Fig. 2, para 0058, 0060, 0062 and 0064) and (Riou para 0045 “A count value, included in the payload data, is selectively increased by detecting whether a fault is injected into secure data, stored in the secure memory device, from an outside of the secure memory device during a processing operation for the secure data (step S200). Based on the count value and a threshold value, it is determined whether the fault injected in the secure memory device from the outside is caused by the fault attack (step S300).”),
the first circuitry updates the second attack evaluation value in the second storage circuit based on the detection result, and in the first determination, the first circuitry determines whether or not the attack has occurred based on the first attack evaluation value in the first storage circuit and the second attack evaluation value in the second storage circuit (Jacoby Fig. 2, para 0058, 0060, 0062 and 0064) and (Riou para 0061 and 0091).


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to GARY S GRACIA whose telephone number is (571)270-5192.  The examiner can normally be reached on Monday-Friday 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/GARY S GRACIA/Primary Examiner, Art Unit 2491