DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on September 28th, 2020 has been entered.

Claim Status
	Claims 1 and 10 have been amended. Claims 3-4 and 12-13 remain cancelled. Claims 1-2, 5-11 and 14-18 remain pending and are ready for examination.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1 and 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ellis et al. (US Publication No. 2017/0047124 -- "Ellis") in view of Otsuka et al. (US Publication No. 2016/0092289 -- "Otsuka") in further view of Savelieva et al. (US Publication No. 2016/0099915 -- "Savelieva").

Regarding claim 1, Ellis teaches A storage device communicable with a server device, the storage device comprising: a nonvolatile memory; and a controller configured to control the nonvolatile memory, (Ellis paragraph [0029], (A13) In another aspect, a storage device includes non-volatile memory (e.g., one or more non-volatile storage devices, such as flash memory devices), one or more processors, and one or more controller modules. The one or more controller modules are configured to detect occurrence of a first event. In response to detecting the occurrence of the first event, the one or more controller modules are configured to: write low read data (e.g., data satisfying predefined low read criteria) to the non-volatile memory of the storage device with a fast SLC programming mode, distinct from a default SLC programming mode) wherein the controller is configured to: transmit log data stored in the nonvolatile memory to the server device (Ellis paragraph [0004], Particular types of data written to persistent or non-volatile memory, such as error log data, power fail data, and logical-to-physical mapping tables are read back only a limited number of times (e.g., less than a dozen times). Nevertheless, persistent or non-volatile memory systems, such as flash memory systems, typically store these particular types of data in the same fashion (e.g., with write operations designed for high endurance) as data that is read back repeatedly (e.g., thousands of times)) when a logical failure occurs in the nonvolatile memory; (Ellis paragraph [0006], In some embodiments, in order to achieve the improvements discussed above, when a storage device detects occurrence of a first event (e.g., a power fail event), the storage device writes low read data to non-volatile memory of the storage device with a fast SLC programming mode of writing the low read data. Writing the low read data with the fast SLC programming mode includes using one or more memory programming parameters to write data faster (e.g., faster on a per page or per block basis) than writing data to the non-volatile memory of the storage device with a default SLC programming mode that uses a default set of memory programming parameters. By using the fast SLC programming mode, low read data is written quickly and requires less power than data written using the default SLC programming mode. When a power failure event occurs, data is transmitted from storage to a server/management device of the computer system. This includes the logging data as described above) the recovery data including a command for recovering the logical failure; (Ellis paragraph [0050], In some embodiments, an error control module, included in additional module(s) 125, includes an encoder and a decoder. In some embodiments, the encoder encodes data by applying an error control code (ECC) to produce a codeword, which is subsequently stored in storage medium 132. When encoded data (e.g., one or more codewords) is read from storage medium 132, the decoder applies a decoding process to the encoded data to recover the data, and to correct errors in the recovered data within the error correcting capability of the error control code. Those skilled in the art will appreciate that various error control codes have different error detection and correction capacities, and that particular codes are selected for various applications for reasons beyond the scope of this disclosure. As such, an exhaustive review of the various types of error control codes is not provided herein. Moreover, those skilled in the art will appreciate that each type or family of error control codes may have encoding and decoding algorithms that are particular to the type or family of error control codes. On the other hand, some algorithms may be utilized at least to some extent in the decoding of a number of different types or families of error control codes. As such, for the sake of brevity, an exhaustive description of the various types of encoding and decoding algorithms generally available and known to those skilled in the art is not provided herein. The recovery can occur based on the reading and transmission of encoded data, which will provide data for recovery as well as a command that will decode the encoded data in order to correct the errors in the recovered data causing the failure).

Ellis does not teach transmit log data stored in a secret storage region of the nonvolatile memory; receive, from the server device, recovery data which is data generated based on the transmitted log data; and erase the log data from the nonvolatile memory based on the received recovery data.
However, Otsuka teaches receive, from the server device, recovery data which is data generated based on the transmitted log data; and erase the log data from the nonvolatile memory based on the received recovery data (Otsuka paragraph [0029], Also, when a failure occurs in a system, and its recovery work is carried out, the configuration information before the failure recovery and the configuration information after the failure recovery are compared so that a setting item of the configuration information related to the failure is identified. Thus, the configuration information is stored for a certain period, and learning is performed with a setting item value that was changed before and after the failure recovery as information on the setting change item. Then, it is thought that a sign of failure occurrence is detected based on the comparison between a value set in the setting items of newly input configuration information, and the setting change item information. However, it is difficult to identify which one of the values before and after the failure recovery is to be used as suitable setting change item information depending on a failure type and a difference in the setting items, and the like. Recovery data can be used to recover the previously lost data from the logical failure. The log data corresponding to the logical failure can be incorporated into the recovery data and removed, see Otsuka paragraph [0044], Further, the pattern generation unit 21 deletes a pattern having the failure type and the key that match a pair of a failure type and a key predetermined in a disregard list 40 as illustrated in FIG. 8, for example from the pattern list 39. In the disregard list 40, a key by which it is difficult to find a cause and a sign of failure occurrence by comparing the values before and after the failure recovery, such as a key that changes every time a system is started, or the like, for example is predetermined for each failure type. As stated, Otsuka can use previous transmitted and stored data as a means to determine recovery/correction data, also see Otsuka paragraph [0033], It is possible to detect a sign of failure occurrence in one of the processing apparatuses 16 by determining whether correct values are set or not for the setting values of the various setting items in the configuration information (the details will be described later) in the processing apparatus 16, for example. For a method of determining whether the set value is correct or not, an assumption is made of a method of comparing the set value with correct learning data, or erroneous learning data, which are provided in advance. When the set value and a value of the correct learning data are compared, it is possible to determine that the set value is correct if the two values match. When the set value and a value of the erroneous learning data are compared, it is possible that the set value is incorrect if the two values match).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to combine the teachings of Ellis and Waseda with those of Otsuka. Otsuka teaches the usage of recovery data in the memory system to recover data lost due to a logical failure. The benefit of using recovery data is clear and is extremely useful to help recover data that was previously thought to be lost or entirely gone. Additionally, the recovered data can be customized to provide either additional details corresponding to the initial failure or can be adjusted in order to provide more stability and reliability than the original data (Otsuka paragraph [0045-0046], The learning data generation unit 22 generates learning data from each pattern recorded in the pattern list 39 generated by the pattern generation unit 21. The learning data is summary data for a certain key, which includes the number of occurrences of a certain value as a correct answer, and the number of occurrences of a certain value as an error for each failure type. The pattern recorded in the pattern list 39 includes the values before and after the failure recovery for each key. The value before the failure recovery V.sub.A is an erroneous value, and the value after the failure recovery V.sub.B is a correct value. For example, as illustrated in FIG. 9, a plurality of learning data including items of a failure type, a key, a success or failure, a value, and the number of times are recorded in the learning data DB 31. The learning data generation unit 22 increases, by one, the number of times of the learning data having a failure type, a key, and a value that match the failure type, the key, and the value V.sub.A before the failure recovery of a certain pattern, respectively, and having a success or failure of "Failure" for one pattern. Also, the learning data generation unit 22 increases, by one, the number of times of the learning data having a failure type, a key, and a value that match the failure type, the key, and the value V.sub.B after the failure recovery of a certain pattern, respectively, and having a success or failure of "Success" for one pattern. In this regard, if the learning data having a failure type, a key, and a value that match the failure type, the key, and the value V.sub.A before the failure recovery or the value V.sub.B after the failure recovery is not recorded in the learning data DB 31, the learning data generation unit 22 adds the relevant learning data, and sets the number of times to 1).

Ellis in view of Otsuka does not teach transmit log data stored in a secret storage region of the nonvolatile memory.
However, Savelieva teaches transmit log data stored in a secret storage region of the nonvolatile memory (Savelieva paragraph [0029], When the shared application platform 108 receives an assignment for running a tenant application 114, it may request retrieval of a piece of security context data associated with a tenant that initiated the request (e.g., tenant C 106), as shown by communication line 116 of FIG. 1. The trusted service request for the security context data may be submitted by the trusted service 110 for accessing secrets persisted on a trusted secret storage such as the trusted secret storage 118. The trusted secret storage 118 may be any software or hardware implementation that is able to secure sensitive data such as tenant security context data. The trusted secret storage 118 may evaluate the requested piece of security context data to determine if a component or resource is authorized to receive the piece of security context data. In one example, the internal resource 112 of the trusted service 110 may be evaluated. If the trusted service 110 determines that the internal resource 112 is authorized to receive the piece of security context data, the trusted secret storage 118 transmits the security context data to the trusted service 110 for evaluation, for example as shown by communication line 116 of FIG. 1. The trusted secret storage 118 may transmit the security context data in a secure form, such as encrypted data so that even if a security breach occurred and an untrusted device or service received the piece of security context data, security context data would not be compromised because the untrusted device is unable to access the security context data in the secure form. The stored/logged data may be transmitted from a secret and secure storage to a requesting device. This can be done for a plurality of reasons, such as a security breach or data evaluation).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to combine the teachings of Ellis and Waseda and Otsuka with those of Savelieva. Savelieva teaches transmitting data stored in a secret storage region to a requesting device. This allows the data to remain in a secret and secure storage vault providing additional levels of safety until the data is actually required. When the data is required the secret storage can transmit the data in an encoded communication resulting in further security in case of a data breach or security failure that can occur. This will improve the overall safety of the memory system and the data being stored (Savelieva paragraph [0019], Various components may be implemented as part of the shared application platform 108. As identified above, a component may be any hardware or software resource applicable to the shared application platform 108. One such component that may be implemented is a software-based security framework employable on one or more hardware devices of the shared application platform 108. The security framework provides robust tools for enforcing application-level security context while allowing the multi-tenant computational environment to retain openness associated with example multi-tenant distributed networks, such as a cloud computing environment. A security framework may be implemented on the shared application platform 108 including the trusted service 110, the trusted secret storage 118 and a protocol implemented by the trusted service 110 for ensuring security of security context data transmitted. The security framework enforces security context in multi-tenant computational environment. The protocol allows tenants to bind its pieces of security context to an application of the tenant and restricts the ability of other tenants to abuse tenant-specific information. The shared application platform 108 implements the protocol and checks to authorize a tenant at a moment when a tenant application is launched. The trusted service 110 also establishes secure connection with tenant's application for passing the security context data to tenant applications as necessary. Altogether this allows for isolation of tenants' applications inside of the multitenant computational environment and tenants' data outside of the multitenant computational environment. Also see Savelieva paragraph [0029]).

Claim 10 is the corresponding method claim to device claim 1. It is rejected with the same references and rationale.


Claims 2 and 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ellis in view of Otsuka in further view of Savelieva as applied to claims 1 and 10 above, and further in view of Fujisawa (US Publication No. 2013/0055036 -- "Fujisawa").

Regarding claim 2, Ellis in view of Otsuka in further view of Savelieva and further in view of Fujisawa teaches The storage device of claim 1, wherein the controller is configured to generate failure level information which is information indicating a level of the logical failure, wherein the transmitted log data includes the failure level information, (Fujisawa paragraph [0008-0010], The log data of an obtained network packet is stored in a nonvolatile memory such as a magnetic disk so that the stored log data can be acquired when the log information is investigated at a later date. Thus, the manager can check what data have been processed in what order when the failure occurs, at a later date. In this case, the log data records contents of a performed operation, transmitted/received data, or a date and time when the operation or data transmission/reception is carried out. Such technique is important because it enables a user of the device to receive a quick description and appropriate countermeasures when a device failure occurs. In order to analyze the failure, checking of the following information from the log data is more important than checking the log data when the device normally operates: information indicating what data have been processed in what order and with what size and frequency just before/after occurrence of a device failure or a performance reduction. The failure level information can be stored as log data, also see Fujisawa paragraph [0012], In step S21, the application management unit 401 receives a failure occurrence message from another task. In step S22, the application management unit 401 determines whether the failure of the received message is a fatal one that accompanies power OFF/ON. [0082] Specific examples of fatal failures may be occurrence of print jamming, destruction of printer counter information, tampering detection, occurrence of a communication failure in a scanner or a printer, and occurrence of exception processing of each application. An unclear failure is determined as a fatal failure. If a failure that has occurred is fatal, it is highly possible that the apparatus does not recover from the failure unless the image forming apparatus is turned OFF, and a possibility of power cutoff is very high) wherein the recovery data is generated by the server device based on the failure level information (Otsuka teaches using the failure level information to help generate improved recovery data, see Otsuka paragraph [0077], Next, in step S13, the pattern generation unit 21 extracts all the keys from the configuration information 35A before the failure recovery, and the configuration information 35B after the failure recovery, which are included in the obtained case data 34, and creates the key list 38 as illustrated in FIG. 6, for example and Otsuka paragraph [0079], Next, in step S16, the pattern generation unit 21 obtains the values before and after the failure recovery corresponding to the key K from the configuration information 35A before the failure recovery, and the configuration information 35B after the failure recovery, respectively. Then, the pattern generation unit 21 determines whether the obtained values before and after the failure recovery are different or not. If they are different, the processing proceeds to step S17, and if they are equal, the processing returns to step S14. For further detail, see Otsuka paragraphs [0110-0111]).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to combine the teachings of Ellis and Otsuka and Savelieva with those of Fujisawa. Fujisawa teaches generating and storing failure level information as logging data in order to use the data in order to correct the intended data operation or storage as well as diagnose the failure and provide analysis and eventual correction/prevention (Fujisawa paragraph [0014], The lost data is no longer stored in the nonvolatile memory. Consequently, the object of “correctly storing the log data necessary for failure analysis, just before/after occurrence of the failure of the device or at the time of a performance reduction” cannot be achieved. This means a possible loss of the important log data that is to be an investigation target).

Claim 11 is the corresponding method claim to device claim 2. It is rejected with the same references and rationale.


Claims 5-6, 9, 14-15 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ellis in view of Otsuka in further view of Savelieva in further view of Fujisawa and further in view of as applied to claims 2 and 11 above, and further in view of Takeda (US Publication No. 2011/0219241 -- "Takeda").

Regarding claim 5, Ellis in view of Otsuka in further view of Savelieva in further view of Fujisawa and in further view of Takeda teaches The storage device of claim 2, wherein the recovery data includes: a first command which is a command for removing a restriction for prohibiting access to the Log data from a host which is an external information processing device; (Takeda paragraph [0008], That is, in the on-line installation method, the administrator manages the encryption key reported by the client. In the off-line installation method, the administrator manages the self-set encryption key in creating an installation package to be distributed to the clients. The encryption key managed by the administrator is used for a so-called recovery process to extract encrypted data in the hard disk and decrypt the extracted data when the computer of a client cannot be activated, for example. The first command from the host is a decryption command in order to remove the restriction of access, so that the host can access the encrypted log data) and a second command which is a command for recovering the logical failure (Takeda paragraphs [0052-0053], FIG. 8 is an exemplary flowchart showing the procedure for operating the operation management software 120 in a case where the administrator computer is used to carry out a recovery process of reading the data stored in the HDD 21 of the client computer in which some defect occurred. The recovery module 123 reads plaintext index information from the encryption key file 202 stored in the HDD 21 to be recovered (block C1). Next, the recovery module 123 reads the encryption key caused to correspond to the index information from the encryption key table 210 in the installation package (block C2). Then, the recovery module 123 reads various items of data from the HDD 21 using the read encryption key (block C3). The procedure/operation sent can also be a command to recover data from the region that experienced a logical failure).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to combine the teachings of Ellis and Otsuka, Savelieva and Fujisawa with those of Takeda. Takeda teaches using commands for removing a restriction for access to the log data for the host as well as a command for recovering the logical failure. Takeda is able to utilize these commands with encryption techniques in order to provide a level of security and safety that would otherwise not be reasonably achievable (Takeda paragraph [0006], Meanwhile, data leakage due to theft has been regarded as a problem. In this connection, the use of hard disk encryption software for encrypting the data in the hard disk has begun to spread. Hard disk encryption software is a data encryption program which encrypts data using an encryption key in writing data into the hard disk and decrypts the encrypted data in reading the data from the hard disk. When the hard disk encryption software is distributed to the employees to cause them to install it into the individual computers, this is achieved by either the on-line installation method or the off-line installation method).

Claim 14 is the corresponding method claim to device claim 5. It is rejected with the same references and rationale.

Regarding claim 6, Ellis in view of Otsuka in further view of Savelieva and further in view of Fujisawa in further view of Takeda teaches The storage device of claim 5, wherein the controller is configured to: transmit the received recovery data to the host; and remove the restriction based on the first command received from the host (Otsuka paragraph [0029], Also, when a failure occurs in a system, and its recovery work is carried out, the configuration information before the failure recovery and the configuration information after the failure recovery are compared so that a setting item of the configuration information related to the failure is identified. Thus, the configuration information is stored for a certain period, and learning is performed with a setting item value that was changed before and after the failure recovery as information on the setting change item. Then, it is thought that a sign of failure occurrence is detected based on the comparison between a value set in the setting items of newly input configuration information, and the setting change item information. However, it is difficult to identify which one of the values before and after the failure recovery is to be used as suitable setting change item information depending on a failure type and a difference in the setting items, and the like. The recovery data is transmitted to the storage device and the processing units. Additionally, the data can only be accessed in periodic timing requiring the removal of the restriction from the access, see Otsuka paragraph [0112], However, the configuration information is sometimes collected at periodic timing (for example, once a day), or is sometimes collected at any timing regardless of a failure recovery. If the configuration information collected at such timing is input, the configuration information whose collection time is included in a predetermined period as a period before the failure recovery is identified as the configuration information 35A before the failure recovery. In the same manner, the configuration information whose collection time is included in a predetermined period as a period after the failure recovery is identified as the configuration information 35B after the failure recovery. Then, the configuration information 35A before the failure recovery, and the configuration information 35B after the failure recovery, which were collected in the predetermined periods corresponding to the periods before and after the failure recovery, respectively ought to be formed into a pair, and a pattern ought to be generated for a setting item whose value has been changed).

Claim 15 is the corresponding method claim to device claim 6. It is rejected with the same references and rationale.

Regarding claim 9, Ellis in view of Otsuka in further view of Savelieva and further in view of Fujisawa in further view of Takeda teaches The storage device of claim 1, wherein the controller is configured to: receive a cryptography key from the server device; encrypt the stored log data (see Ellis mapping for claim 1 for the teaching of log data specifically) using the received cryptography key; and transmit the encrypted log data to the server device (Takeda paragraph [0006], Meanwhile, data leakage due to theft has been regarded as a problem. In this connection, the use of hard disk encryption software for encrypting the data in the hard disk has begun to spread. Hard disk encryption software is a data encryption program which encrypts data using an encryption key in writing data into the hard disk and decrypts the encrypted data in reading the data from the hard disk. When the hard disk encryption software is distributed to the employees to cause them to install it into the individual computers, this is achieved by either the on-line installation method or the off-line installation method. Takeda teaches using encryption keys for data transmission to the server device, also see Takeda paragraph [0043], To do this, the encryption key table creation module 121 creates the encryption key table 201 which holds plaintext index information and an encryption key for ciphertext in such a manner that the former is caused to correspond to the latter. Similarly, the installer 124 also creates an encryption key file 202 which holds plaintext index information and an encryption key for ciphertext in such a manner that the former and the latter make pairs. That is, in the HDD 21 to be recovered, index information for recognizing the encryption key used by the hard disk encryption software 125 has been stored in plaintext).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to combine the teachings of Ellis, Otsuka, Savelieva, and Fujisawa with those of Takeda. Takeda teaches using an encryption key for the transmission of data to the server device. The use of an encryption key provides the straightforward and vital benefit of enhanced security features. The use of an encryption key can prevent data leakage as well as hacking or data theft (Takeda paragraph [0006], Meanwhile, data leakage due to theft has been regarded as a problem. In this connection, the use of hard disk encryption software for encrypting the data in the hard disk has begun to spread. Hard disk encryption software is a data encryption program which encrypts data using an encryption key in writing data into the hard disk and decrypts the encrypted data in reading the data from the hard disk. When the hard disk encryption software is distributed to the employees to cause them to install it into the individual computers, this is achieved by either the on-line installation method or the off-line installation method).

Claim 18 is the corresponding method claim to device claim 9. It is rejected with the same references and rationale.


Claims 7 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ellis in view of Otsuka in further view of Savelieva in further view of Fujisawa and further in view of Takeda as applied to claims 6 and 15 above, and further in view of Okano (US Publication No. 2013/0173964 -- "Okano").

Regarding claim 7, Ellis in view of Otsuka in further view of Savelieva in further view of Fujisawa in further view of Takeda in further view of Okano teaches The storage device of claim 6, wherein the controller is configured to recover the logical failure based on the second command received from the host (Okano paragraph [0191], As the above, in the failure management system 1 of the first embodiment, the storing processor 22 stores failure data related to a failure occurred in the customer system 20 into the memory device 11 of the management server 10 via the network 51. This eliminates the requirement of limiting the data size of the failure data, and, for example, makes it possible to pass log data having large capacity to the failure reproducing system 30. Advantageously, the failure reproducing system 30 can obtain sufficient log data to be used for the reproducing test, so that efficiency in reproducing the failure can be improved. The host can issue a command regarding the logical failure in an attempt to recover and replicate the logical failure again, for further detail see Okano paragraph [0205], (1) there is no need to limit the data size of the failure data; for example, log data having a large capacity can be passed to the failure reproducing device so that efficiency in reproducing the failure can be improved).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to combine the teachings of Ellis, Otsuka, Savelieva and Fujisawa and Takeda with those of Okano. Okano teaches recovering the original logical failure based on a received host command. Recovering the logical failure is a useful tool in order to provide more accurate and thorough diagnostics as well as definitely answer and correct the initial cause of said logical failure (Okano paragraph [0191], As the above, in the failure management system 1 of the first embodiment, the storing processor 22 stores failure data related to a failure occurred in the customer system 20 into the memory device 11 of the management server 10 via the network 51. This eliminates the requirement of limiting the data size of the failure data, and, for example, makes it possible to pass log data having large capacity to the failure reproducing system 30. Advantageously, the failure reproducing system 30 can obtain sufficient log data to be used for the reproducing test, so that efficiency in reproducing the failure can be improved).

Claim 16 is the corresponding method claim to device claim 7. It is rejected with the same references and rationale.


Claims 8 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ellis in view of Otsuka in further view of Savelieva in further view of Fujisawa and further in view of Takeda as applied to claims 6 and 15 above, and further in view of Okano and further in view of Waseda (US Publication No. 2016/0266825 – “Waseda”).

Regarding claim 8, Ellis in view of Otsuka in further view of Savelieva in further view of Fujisawa and further in view of Takeda in further view of Okano and further in view of Waseda teaches The storage device of claim 7, wherein the controller is configured to prohibit access to the log data from the host (Waseda paragraph [0036], The access log area 111B stores therein log data from the memory controller 200 (NAND interface 240). The access log area 111B has, for example, the storage capacity greater than or equal to 512 MB. In order to carry out read of the access log area 111B, a dedicated read command from outside (for example, the host) is required, and the user is inhibited from carrying out read of the access log area 111B. The host can be prevented from reading or accessing the log data. Also see Waseda paragraph [0066], Conversely, by the embodiment described above, the NAND flash memory 100 is provided with an access log area 111B. The memory controller 200 creates log data on the basis of access (host data) from the host device 300, and stores the log data in the access log area 111B. Thereby, it is possible to acquire log data only by reading the stored log data without confirming the reproducibility of the fault occurrence after data has been returned on account of fault or the like. Accordingly, it is possible to carry out fault analysis easily and in a shortening manner. According to the embodiment, it is possible to carry out a fault analysis operation within a short time of, for example, about two days).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to combine the teachings of Ellis, Otsuka, Savelieva, Fujisawa and Takeda with those of Okano and Waseda. Waseda teaches preventing or prohibiting the host from accessing the log data. This can be done to provide the log data a period of time to be updated or copied without any access or modification being done. This can help to ensure data reliability so that operations or procedures won't be carelessly performed whilst the log data is updated, rewritten, erased, or modified in any way (Waseda paragraph [0066], Conversely, by the embodiment described above, the NAND flash memory 100 is provided with an access log area 111B. The memory controller 200 creates log data on the basis of access (host data) from the host device 300, and stores the log data in the access log area 111B. Thereby, it is possible to acquire log data only by reading the stored log data without confirming the reproducibility of the fault occurrence after data has been returned on account of fault or the like. Accordingly, it is possible to carry out fault analysis easily and in a shortening manner. According to the embodiment, it is possible to carry out a fault analysis operation within a short time of, for example, about two days).

Claim 17 is the corresponding method claim to device claim 8. It is rejected with the same references and rationale.

Response to Arguments
Applicant’s arguments, see pages 1-3 (numbered pages 6-8), filed September 28th, 2022, with respect to the rejection(s) of claim(s) 1-2, 5-11 and 14-18 under 35 U.S.C. 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Ellis in view of Otsuka in further view of Savelieva et al. (US Publication No. 2016/0099915 -- "Savelieva").

The applicant has added two new claim limitations to the independent claims as currently constructed. The claims now recite a secret storage region of the nonvolatile memory which transmits log data, as well as the recovery data including a command for recovering the logical failure. A new citation has been added to the Ellis reference mapping to disclose the second limitation, wherein Ellis discloses a decoded set of data used for recovery that also begins a command process of restoring the recovery data for a failure. The newly added reference Savelieva has been added to disclose the limitation regarding the shared storage region. Savelieva discloses transmitting data from the secret storage region in response to certain triggers as well as additional features adding security to the data transmission process.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to whose telephone number is (571)272-3627. The examiner can normally be reached Monday - Friday 8 AM - 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Charles Rones can be reached on (571)272-4085. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/J.C.K./Examiner, Art Unit 2136                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             
/CHARLES RONES/Supervisory Patent Examiner, Art Unit 2136