DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they include the following reference character(s) not mentioned in the description:
“M23” of Figure 30 is not in the specification; and
“K6” of Figure 31 is not in the specification.  
Corrected drawing sheets in compliance with 37 CFR 1.121(d), or amendment to the specification to add the reference character(s) in the description in compliance with 37 CFR 1.121(b) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Specification
The disclosure is objected to because of the following informalities:

page 41, line 10, should “m13” be “m23”?   
Appropriate correction is required.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f), because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “an encryption unit configured to encrypt” and “a decryption unit configured to decrypt” in claim 5.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f), it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f), applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f).
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


Claims 1-17 are rejected under 35 U.S.C. 112(b), as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, regards as the invention.
Claims 1 and 9 recite the limitation “the data”. There is insufficient antecedent basis for this limitation in the claim.
Claims 2-8 are rejected under 35 U.S.C. 112(b) because said claims depend on claim 1.
Claims 10-17 are rejected under 35 U.S.C. 112(b) because said claims depend on claim 9.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-3 are rejected under 35 U.S.C. 102(a)(1) and (a)(2) as being anticipated by Kamada et al US 20050033973 (hereinafter Kamada).

As to claim 1, Kamada teaches a storage device comprising: a first storage (Figure 1, reference number 2, paragraphs 33 and 35 recite “a memory”); and a controller (Figure 1, reference number 10; paragraph 34) configured to execute control of the first storage based on a command from a host device (paragraph 34 recites “The memory management unit 10 is a processing unit that manages the memory 2, particularly sets that the memory in which the code to be executed is stored is valid to make the processor 1 execute the code”; paragraph 35 recites “the processor 1 stores the code in the memory 2 via the memory management unit 10”), wherein the controller is configured to: generate a verifier of data stored in the first storage in response to a first command related to the data from the host device(Paragraph 36 recites “the memory management unit 10 verifies the validity of the code using the verification information assigned to the code” Paragraph 37 recites “the memory management unit 10 stores a verification key used to verify the validity of the code using the verification key stored in advance and the verification information stored in the memory for verification information 3”; Paragraph 44 ; Paragraphs 56-58 recite “the memory management unit 10 upon receiving an instruction to set the execution/effective bit, reads out the verification information corresponding to the code relating to the instruction from the memory for verification information”); and transmit the verifier of the data to the host device in response to a second command related to the data from the host device (Paragraph  57  recites “the verifying unit 16 of the memory management unit 10 verifies the validity of the code relating to the instruction using the verification information and the verification key”; Paragraph 60 recites “the memory management unit 10 stores the verification key used to verify the validity of the code in the verification-key storing unit…when the code is stored in the memory 2 and ready to be executed by the processor 1, the memory management unit 10 verifies the validity of the code using the verification key stored in the verification-key storing unit 15 and the verification information assigned to the code (verification information stored in the memory for verification information  3)”).

As to claim 2, Kamada teaches wherein the first command is a read command to read data from the first storage or a write command to write data into the first storage, (Figure 4, Steps S407 and s408; Paragraph 57 recites “the memory management unit…reads out the verification information corresponding to the code relating to the instruction from the memory for verification information 3, and reads out the verification key corresponding to the verification information from the verification-key storing unit 15”),  and the second command is a command to verify the data (Figure 4, steps s409 and s410; Paragraph 57 recites “the verifying unit 16 of the memory management unit 10 verifies the validity of the code relating to the instruction using the verification information and the verification key” ;Paragraph 58 recites “based on the verification, when it is verifies that the code is valid, the verifying unit 16 instructs the execution/effective bit setting unit 13”).

	As to claim 3, Kamada teaches wherein the controller is further configured to: set a range of storage areas within the first storage as designated by a third command from the host device as a generation range of the verifier (Paragraph 41 recites “the address space…is formed by assigning upper half of the virtual address space to the memory 2 after converting the virtual address into the physical address….and assigning lower half of the virtual address space to the memory for verification information 3 without converting the virtual address into the physical address.” Paragraph 45 recites “the page table 11 is includes a plurality of entries acquired by the processor 1 when the processor 1 stores the code. The entries are prepared for every page of 4Kbytes that is a unit for assigning the memory”; See also paragraphs 45-47,  Figure 4, s403 and s404; Paragraph 55 recites “the processor 1 sets a starting-point virtual address and a starting point physical address to the entry acquired” Paragraph 56 “the processor 1 reads out the code from a data storage (disk) such as a hard disk, stores the code in the physical page acquired in the step s402”); and generate the verifier of the data after confirming that the data is stored within the generation range of the verifier (Figure 4, s405, s407-s408; Paragraph 55 recites “the processor 1 acquires an unused entry from the page table 11 of the memory management unit 10 and an unused physical page from the memory 2…the processor 1 sets a starting-point virtual address and a starting-point physical address to the entry acquired”; Paragraph 56 recites “subsequently, the process 1 reads out the code from a data storage (disk) such as a hard disk stores the code in the physical page acquired in the step s402, and at the same time stores verification information assigned to the code to the memory for verification information 3”).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 4-7, 9-16 are rejected under 35 U.S.C. 103 as being unpatentable over Kamada et al US 20050033973 (hereinafter Kamada) in view of Morino et al US 20070226412 (hereinafter Morino).

	As to claim 4, Kamada does not teach wherein 51PATENTAtty. Dkt. No. TAI/2491US when the first command is the write command, the controller stores the generated verifier of the data in a second storage, and in response to a fourth command from the host device, the controller compares the verifier of the data stored in the second storage with a verifier generated when reading the data by the controller, and transmits the comparison result to the host device.
	Morino teaches wherein 51PATENTAtty. Dkt. No. TAI/2491US when the first command is the write command, the controller stores the generated verifier of the data in a second storage (Paragraph 111 recites “the host encrypts data to be written by using the second session key K2s and sends the encrypted data to the hard disk…The hard disk device decrypts the data by using K2s and generate a digest …the hard disk then stores the digest in the nonvolatile memory 23 and encrypts the data by using the media encryption key to write the data on a media such as the HDA 21”; See also paragraph 165), and in response to a fourth command from the host device, the controller compares the verifier of the data stored in the second storage with a verifier generated when reading the data by the controller, and transmits the comparison result to the host device (Paragraph 63 recites “the digest read out from the nonvolatile memory 23 and the digest generated by the digest generation unit 31 are inputted to the digest verification unit 32 to compare the digest by the digest verification unit 32. As a result of the comparison, it is judged that data are not falsified when the digests coincide with each other, and the data read out from the HDA 21 are transferred to the host via the host I/F control unit 14”;See also paragraphs 91, 143 and 165).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Kamada’s storage device with Morino’s controller and  storage to enhance the safety of data because by utilizing the nonvolatile storage as a tamper resistance module, this allows the memory and the commands from the controller to be protected from piracy such as interception and falsification of data (paragraph 30 of Morino).

	As to claim 5, Kamada does not teach wherein the controller further includes: an encryption unit configured to encrypt data to be written into the first storage; and a decryption unit configured to decrypt the data which is encrypted by the encryption unit and read from the first storage.
	Morino teaches wherein the controller further includes: an encryption unit configured to encrypt data to be written into the first storage (Paragraph 139 recites “in the case of storing a digest in the tamper resistant module 100, a digest generated by the digest generation 31 is encrypted in the encryption processing unit 42 by using the session key, and information specifying a position of the nonvolatile memory inside the tamper resistant module 100 is generated based on an address of an LBA in the storage region assigning unit 43”; see also paragraphs 27 and 82
); and a decryption unit configured to decrypt the data which is encrypted by the encryption unit and read from the first storage (Paragraph 143 recites “the hard disk controller decrypts the encrypted digest by using the session key in the encryption processing unit 42, and the digest verification unit 32 compares the digest generated from the data read out from the HDA 21 with the decrypted digest to confirm whether or not there is falsification”; see also paragraphs 27, 83, 85, 140-141).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Kamada’s storage device with Morino’s encryption and decryption units to enhance the safety of data (paragraph 30 of Morino).

	As to claim 6, Kamada fails to teach wherein the controller is further configured to: issue to an external device, a command requesting authentication of a program stored in the first storage using a verifier that the controller generated from the program; and store the generated verifier in the second storage when the program is authenticated by the external device.
	Morino teaches wherein the controller is further configured to: issue to an external device, a command requesting authentication of a program stored in the first storage using a verifier that the controller generated from the program (Paragraphs 96-98 recites “Fig 3 is a sequence diagram showing authentication using a certificate…The hard disk device preliminary sets a public key Ko of a certificate authority, a certificate of the hard disk drive, a secret key of the hard disk…”); and store the generated verifier in the second storage when the program is authenticated by the external device (Paragraphs 86-89; Paragraph 98 recites “the host sends the host certificate to the hard disk device…the hard disk verifies the host certificate by verifying the signature using the certificate authority public key Ko to confirm that the host certificate is free from falsification and the certificate has been issued by the certificate authority…The hard disk transfer the HDD certificate to the hard disk drive…the host verifies the HDD certificate by verifying the signature using the certificate authority public key Ko to confirm that the HDD certificate is free from falsification and the certificate has been issued by the certificate authority”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Kamada’s storage device with Morino’s controller and  storage to enhance the safety of data because by utilizing the nonvolatile storage as a tamper resistance module, this allows the memory and the commands from the controller to be protected from piracy such as interception and falsification of data (paragraph 30 of Morino).

As to claim 7, Kamada fails to teach wherein the controller is further configured to: in response to a fifth command from the host device, 52PATENT Atty. Dkt. No. TAI/2491US generate a verifier of a program that is loaded into an external memory from the first storage; and in response to a sixth command from the host device, compare the verifier of the program with a verifier of the program which is generated when the program is stored in the first storage and is stored in the second storage.
Morino teaches wherein the controller is further configured to: in response to a fifth command from the host device, 52PATENT Atty. Dkt. No. TAI/2491US generate a verifier of a program that is loaded into an external memory from the first storage (Paragraph 126 recites “when it is judged that the (logical block address) LBA of the data is the LBA in the falsification check region 28, the CPU 10 writes the data in the assigned LBA in the falsification check region 28 to generate digests in a digest processing unit, followed by storing the digest in a nonvolatile memory 23”); and in response to a sixth command from the host device, compare the verifier of the program with a verifier of the program which is generated when the program is stored in the first storage and is stored in the second storage (Paragraph 127 recites “in the case of reading, when it is judged that the LBA is the LBA in the falsification check region 28, the data are read out from the assigned LBA in the falsification check region 28 to confirm whether or not the data have been falsified by performing verification of digests in the digest processing unit 18.” Paragraph 165 recites “the digest read out from the nonvolatile memory 114 and the digest generate based on the data read out by the digest generation unit 117 are inputted to the digest verification unit 118 to compare the digests in the digest verification unit 118”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Kamada’s storage device with Morino’s controller and  storage to enhance the safety of data because by utilizing the nonvolatile storage as a tamper resistance module, this allows the memory and the commands from the controller to be protected from piracy such as interception and falsification of data (paragraph 30 of Morino).]

As to claim 9, Kamada teaches said method comprising: generating a verifier of data stored in the first storage in response to a first command related to the data from the host device (Paragraph 36 recites “the memory management unit 10 verifies the validity of the code using the verification information assigned to the code”; Paragraph 37 recites “the memory management unit 10 stores a verification key used to verify the validity of the code using the verification key stored in advance and the verification information stored in the memory for verification information 3”; Paragraph 44; Paragraphs 56-58 recite “the memory management unit 10 upon receiving an instruction to set the execution/effective bit, reads out the verification information corresponding to the code relating to the instruction from the memory for verification information”); and transmitting the verifier of the data to the host device in response to a second command related to the data from the host device(Paragraph  57 recites “the verifying unit 16 of the memory management unit 10 verifies the validity of the code relating to the instruction using the verification information and the verification key”; Paragraph 60 recites “the memory management unit 10 stores the verification key used to verify the validity of the code in the verification-key storing unit…when the code is stored in the memory 2 and ready to be executed by the processor 1, the memory management unit 10 verifies the validity of the code using the verification key stored in the verification-key storing unit 15 and the verification information assigned to the code (verification information stored in the memory for verification information  3)”).
Kamada fail to explicitly teach a method of detecting tampering of data in a first storage connected to a host device.
Morino teaches a method of detecting tampering of data in a first storage connected to a host device (Abstract recites  “…realizing content protection by enhancing data safety by detecting falsification of data stored in a storage device….” Paragraph 42 “the hard disk controller 20 has a control CPU a memory 11 for storing a control program and the like, a buffer control unit 12, a servo control unit 13, a host I/F control unit 14, a signal processing unit 15”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Kamada’s storage device with Morino’s controller and  storage to enhance the safety of data because by utilizing the nonvolatile storage as a tamper resistance module, this allows the memory and the commands from the controller to be protected from piracy such as interception and falsification of data (paragraph 30 of Morino).

As to claim 10, the combination of Kamada and Morino teaches wherein the first command is a read command to read data from the first storage or a write command to write data into the 53PATENTAtty. Dkt. No. TAI/2491USfirst storage (Kamada: Figure 4, Steps S407 and s408; Paragraph 57 recites “the memory management unit…reads out the verification information corresponding to the code relating to the instruction from the memory for verification information 3, and reads out the verification key corresponding to the verification information from the varication-key storing unit 15”), and the second command is a (Kamada: Figure 4, steps s409 and s410; Paragraph 57 recites “the verifying unit 16 of the memory management unit 10 verifies the validity of the code relating to the instruction using the verification information and the verification key”; Paragraph 58 recites “based on the verification, when it is verifies that the code is valid, the verifying unit 16 instructs the execution/effective bit setting unit 13”).

As to claim 11, the combination of Kamada and Morino teaches further comprising: setting a range of storage areas within the first storage as designated by a third command from the host device as a generation range of the verifier (Kamada: Paragraph 41 recites “the address space…is formed by assigning upper half of the virtual address space to the memory 2 after converting the virtual address into the physical address….and assigning lower half of the virtual address space to the memory for verification information 3 without converting the virtual address into the physical address. “ 
Paragraph 45 recites “the page table 11 is includes a plurality of entries acquired by the processor 1 when the processor 1 stores the code. The entries are prepared for every page of 4Kbytes that is a unit for assigning the memory”; See also paragraphs 45-47 ;Figure 4, s403 and s404;Paragraph 55 recites “the processor 1 sets a starting-point virtual address and a starting point physical address to the entry acquired”; Paragraph 56 “the processor 1 reads out the code from a data storage (disk) such as a hard disk, stores the code in the physical page acquired in the step s402”), wherein the verifier of the data is generated after confirming that the data is stored within the generation range of the verifier (Kamada: Figure 4, s405, s407-s408; Paragraph 55 recites “the processor 1 acquires an unused entry form the page table 11 of the memory management unit 10 and an unused physical page from the memory 2…the processor 1 sets a starting-point virtual address and a starting-point physical address to the entry acquired”; Paragraph 56 recites “subsequently, the process 1 reads out the code from a data storage (disk) such as a hard disk stores the code in the physical page acquired in the step s402, and at the same time stores verification information assigned to the code to the memory for verification information 3”).

	As to claim 12, Kamada fails to teach storing the generated verifier of the data in a second storage when the first command is the write command.
	Morino teaches storing the generated verifier of the data in a second storage when the first command is the write command (Paragraph 111 recites “the host encrypts data to be written by using the second session key K2s and sends the encrypted data (write command) to the hard disk…The hard disk device decrypts the data by using K2s and generate a digest …the hard disk then stores the digest in the nonvolatile memory 23 and encrypts the data by using the media encryption key to write the data on a media such as the HDA 21”; See also paragraph 165).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Kamada’s storage device with Morino’s controller and  storage to enhance the safety of data because by utilizing the nonvolatile storage as a tamper resistance module, this allows the memory and the commands from the controller to be protected from piracy such as interception and falsification of data (paragraph 30 of Morino).

	As to claim 13, Kamada fail to teach in response to a fourth command from the host device, comparing the verifier of the data stored in the second storage with a verifier generated from data read form the first storage, and transmitting the comparison result to the host device.
	Morino teaches in response to a fourth command from the host device, comparing the verifier of the data stored in the second storage with a verifier generated from data read form the first storage, and transmitting the comparison result to the host device (Paragraph 63 recites “the digest read out from the nonvolatile memory 23 and the digest generated by the digest generation unit 31 are inputted to the digest verification unit 32 to compare the digest by the digest verification unit 32. As a result of the comparison, it is judged that data are not falsified when the digests coincide with each other, and the data read out from the HAD 21 are transferred to the host via the host I/F control unit 14”; See also paragraphs 91, 143 and 165).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Kamada’s storage device with Morino’s controller and  storage to enhance the safety of data because by utilizing the nonvolatile storage as a tamper resistance module, this allows the memory and the commands from the controller to be protected from piracy such as interception and falsification of data (paragraph 30 of Morino).

	As to claim 14, Kamada fail to teach encrypting data to be written into the first storage; and decrypting the data which has been encrypted and read from the first storage.
	Morino teaches encrypting data to be written into the first storage(Paragraph 139 recites “in the case of storing a digest in the tamper resistant module 100, a digest generated by the digest generation 31 is encrypted in the encryption processing unit 42 by using the session key, and information specifying a position of the nonvolatile memory inside the tamper resistant module 100 is generated based on an address of an LBA in the storage region assigning unit 43”; see also paragraphs 27 and 82); and decrypting the data which has been encrypted and read from the first storage (Paragraph 143 recites “the hard disk controller decrypts the encrypted digest by using the session key in the encryption processing unit 42, and the digest verification unit 32 compares the digest generated from the data read out from the HDA 21 with the decrypted digest to confirm whether or not there is falsification”; see also paragraphs 27, 83, 85, 140-141).
Kamada’s storage device with Morino’s encryption and decryption units to enhance the safety of data (paragraph 30 of Morino).

	As to claim 15, Kamada fails to teach issuing to an external device, a command requesting authentication of a program stored in the first storage using      Atty. Dkt. No. TAI/2491USa verifier generated from the program; and storing the generated verifier in the second storage when the program is authenticated by the external device.
	Morino teaches issuing to an external device, a command requesting authentication of a program stored in the first storage using 54PATENT Atty. Dkt. No. TAI/2491US a verifier generated from the program (Paragraphs 96-98 recite “Fig 3 is a sequence diagram showing authentication using a certificate…The hard disk device preliminary sets a public key Ko of a certificate authority, a certificate of the hard disk drive, a secret key of the hard disk…”); and storing the generated verifier in the second storage when the program is authenticated by the external device (Paragraphs 86-98 recite “the host sends the host certificate to the hard disk device…the hard disk verifies the host certificate by verifying the signature using the certificate authority public key Ko to confirm that the host certificate is free from falsification and the certificate has been issued by the certificate authority…The hard disk transfer the HDD certificate to the hard disk drive…the host verifies the HDD certificate by verifying the signature using the certificate authority public key Ko to confirm that the HDD certificate is free from falsification and the certificate has been issued by the certificate authority”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Kamada’s storage device with Morino’s controller and  storage to enhance the safety of data (paragraph 30 of Morino).

As to claim 16, Kamada does not teach in response to a fifth command from the host device, generating a verifier of a program that is loaded into an external memory from the first storage; and in response to a sixth command from the host device, comparing the verifier of the program with a verifier of the program which is generated when the program is stored in the first storage and is stored in the second storage.
Morino teaches  in response to a fifth command from the host device, generating a verifier of a program that is loaded into an external memory from the first storage (Paragraph 126 recites “when it is judged that the LBA of the data is the LBA in the falsification check region 28, the CPU 10 writes the data in the assigned LBA in the falsification check region 28 to generate digests in a digest processing unit, followed by storing the digest in a nonvolatile memory 23”); and in response to a sixth command from the host device, comparing the verifier of the program with a verifier of the program which is generated when the program is stored in the first storage and is stored in the second storage (Paragraph 127 recites “in the case of reading, when it is judged that the LBA is the LBA in the falsification check region 28, the data are read out from the assigned LBA in the falsification check region 28 to confirm whether or not the data have been falsified by performing verification of digests in the digest processing unit 18.” Paragraph 165 recite “the digest read out from the nonvolatile memory 114 and the digest generate based on the data read out by the digest generation unit 117 are inputted to the digest verification unit 118 to compare the digests in the digest verification unit 118”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Kamada’s storage device with Morino’s controller and  storage to enhance the safety of data (paragraph 30 of Morino).

Claims 8 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Kamada et al US 20050033973 (hereinafter Kamada) in view of Morino et al US 20070226412 (hereinafter Morino) in further view of Hashimoto et al US 20150370726 (hereinafter Hashimoto).

As to claim 8, Kamada fails to teach wherein the controller is further configured to perform, at each predetermined timing, generation of the verifier of the program in the external memory, comparison of the verifier of the program generated at each predetermined timing with the verifier of the program stored in the second storage, and notification to the host device when the comparison result indicates non-coincidence.
Morino teaches [sending a]  notification to the host device when the comparison result indicates non-coincidence (Paragraph 63 recites “When the digest do not coincide with each other, it is judged that the data could have been falsified , and the possibility of falsification is informed to the host via the host I/F control unit 14.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Kamada’s storage device with Morino’s controller and storage to enhance the safety of data because by utilizing the nonvolatile storage as a tamper resistance module, this allows the memory and the commands from the controller to be protected from piracy such as interception and falsification of data (paragraph 30 of Morino).
The combination of Kamada and Morino fail to teach wherein the controller is further configured to perform, at each predetermined timing, generation of the verifier of the program in the external memory, comparison of the verifier of the program generated at each predetermined timing with the verifier of the program stored in the second storage.
Hashimoto teaches wherein the controller is further configured to perform, at each predetermined timing, generation of the verifier of the program in the external memory (Paragraph 238 recites “the secure VMM 516 stored in the external memory 7 is verified at the time of activation based on a program stored in the mask ROM 508, and is then stored in the program area 519g in the secure VMM 516 in the internal memory 8”; Paragraph 57 recites “when the parent tables 101 is not stored in the internal memory 8, and the child table 201 and verifiers cv1 to cvn are copied from the external memory 7 to the internal memory 8, the verification calculation unit 4 generates verification information based on the parent table 101 and parent verifiers pv1 to pvn read from the external memory 7 and physical addresses stored in the parent table 101 in the external memory 7”; Also paragraph 6; Paragraph 163 recites “…signature verification during the boot is performed in parallel with generation of the page table tree 9 and the verifier tree 10 to shorten the boot time in comparison with the case of performing signature verification and generation of the page table tree 9 and the verifier tree 10 separately”; see also paragraph 164), comparison of the verifier of the program generated at each predetermined timing with the verifier of the program stored in the second storage (Paragraph 6 recites “in data falsifying verification, it is determined whether verification target data is falsified according to whether a first verifier calculated at a first time based on the verification target data matches at a second verifier calculated at a second time based on the verification target data”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Kamada’s storage in view of Morino’s controller and storage with Hashimoto’s controller to protect the operating system from memory errors at low cost without an expensive error correcting memory (paragraph 466 of Hashimoto).

As to claim 17, Kamada fails to teach  performing, at each predetermined timing, generation of the verifier of the program in the external memory, comparison of the verifier of the program generated at each predetermined timing with the verifier of the program stored in the second storage, and notification to the host device when the comparison result indicates non-coincidence.
Morino teaches [sending a] notification to the host device when the comparison result indicates non-coincidence (Paragraph 63 recites “When the digest do not coincide with each other, it is judged that the data could have been falsified , and the possibility of falsification is informed to the host via the host I/F control unit 14.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Kamada’s storage device with Morino’s controller and  storage to enhance the safety of data (paragraph 30 of Morino).
The combination of Kamada and Morino fail to teach  performing, at each predetermined timing, generation of the verifier of the program in the external memory, comparison of the verifier of the program generated at each predetermined timing with the verifier of the program stored in the second storage.
Hashimoto teaches  performing, at each predetermined timing, generation of the verifier of the program in the external memory(Paragraph 238 recites “the secure VMM 516 stored in the external memory 7 is verified at the time of activation based on a program stored in the mask ROM 508, and is then stored in the program area 519g in the secure VMM 516 in the internal memory 8”; Paragraph 57 recites “when the parent tables 101 is not stored in the internal memory 8, and the child table 201 and verifiers cv1 to cvn are copied from the external memory 7 to the internal memory 8, the verification calculation unit 4 generates verification information based on the parent table 101 and parent verifiers pv1 to pvn read from the external memory 7 and physical addresses stored in the parent table 101 in the external memory 7”; Also paragraph 6; Paragraph 163 recites “…signature verification during the boot is performed in parallel with generation of the page table tree 9 and the verifier tree 10 to shorten the boot time in comparison with the case of performing signature verification and generation of the page table tree 9 and the verifier tree 10 separately”; see also paragraph 164), comparison of the verifier of the program generated at each predetermined timing (Paragraph 6 recites “in data falsifying verification, it is determined whether verification target data is falsified according to whether a first verifier calculated at a first time based on the verification target data matches at a second verifier calculated at a second time based on the verification target data”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Kamada’s storage in view of Morino’s controller and storage with Hashimoto’s controller to protect the operating system from memory errors at low cost without an expensive error correcting memory (paragraph 466 of Hashimoto).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FELICIA FARROW whose telephone number is (571)272-1856. The examiner can normally be reached M - F 7:30--5:30pm (EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on (571)272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional 





/F.F/               Examiner, Art Unit 4122                                                                                                                                                                                         



/ALEXANDER LAGOR/               Primary Examiner, Art Unit 2491