DETAILED ACTION
A.	This action is in response to the following communications: Transmittal of New Application filed 12/23/2020.
B.	Claims 21-40 remains pending.
   


Claim Rejections - 35 USC § 103
1.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
2.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


3.	Claim 21-40 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kiff, Liana Maria et al. (US Pub. 2015/0019174 A1), herein referred to as “Kiff” in view of Muddu, Sudhakar et al. (US Pub. 2019/0364060 A1), herein referred to as “Muddu”.


As for claim 21, 30 and 38, Kiff teaches. A building system and corresponding method and devices of a building comprising one or more storage devices having instructions stored thereon that, when executed by one or more processors (par.3 creating a building ontology and the computing environment which it is ran from as shown in figure 1), cause the one or more processors to:

cause a storage device to store a graph comprising a plurality of nodes representing a plurality of entities of the building and a plurality of relationships between the plurality of nodes representing relationships between the plurality of entities of the building (par.30; fig. 2 plurality of nodes that make up the building);

cause a user interface of a user device to display at least a portion of the graph (fig.10B shows only a subset of the building graph within the viewport); 
receive, via the user device, one or more user inputs, wherein the one or more user inputs indicate a new node for the graph and a selection of a new relationship for the graph (par.43; editing of node) from a plurality of available relationships by the user device (par.28 relationship in the ontology may be selected to convert 155 downstream the audit data from existing data sources 160, such as EBI, CP-O, and others; relationships in the ontology may be selected to upstream into other systems, applications, and analysis tools 170 such as an energy analysis system. Additionally in par. 40 another way to define relationships via user input within the user interface; here  

update the graph based on the one or more user inputs; receive, via the user device, a selection of one node of the plurality of nodes; identify, based on the graph, one or more relationships of the plurality of relationships between the one node and other nodes of the plurality of nodes (par.37 updating ontology of screen from user selecting and querying information); and

cause a display device of the user device to display, an indication of the one or more relationships (par.39 displaying relational data between nodes of ontology reported).

Kiff does not specifically teach selecting a new relationship type; however in the same field of endeavor Muddu teaches receive, via the user device, a first user input via the user interface indicating a new node for the graph and a second user input via the user interface selecting a new relationship type for a new relationship between the new node and another node of the graph from a plurality of available relationship types and update the graph based on the first user input and the second user input (par.214-215 an event relationship discovery and mini graphs wherein a graph is generated after entities are identified and identifying relationships between entities such that the graph displays a node  (entities) and an edge (relationship), such that an action can assign a new relationship between entities as events happen in real time for identifying functionality of 
[0213]
A. Event Relationship Discovery/Mini-Graphs
[0214]
FIGS. 9A and 9B show an example event relationship discovery and recordation technique, which can be implemented in the data intake and preparation stage. To facilitate description, FIGS. 9A and 9B are explained below with reference to FIG. 8. The relationship discovery and recordation technique can be performed by, for example, the relationship graph generator 810. Specifically, after the entities are identified in the tokens, the relationship graph generator 810 is operable to identify a number of relationships between the entities, and to explicitly record these relationships between the entities. Some implementations of the relationship graph generator 810 generate a single relationship graph for each event; such an event-specific relationship graph may also be called a “mini-graph.” Further, some implementations incorporate the generated relationship graph into the event data that represents the event, in the form of a data structure representing the relationship graph. A graph in the context of this description includes a number of nodes and edges. Each node in the relationship graph represents one of the entities involved in the event, and each edge represents a relationship between two of the entities. In general, any event involves at least two entities with some relationship between them (e.g., a device and a user who accesses the device) and therefore can be represented as an event-specific relationship graph.
[0215]
In some implementations, the graph generator 810 can identify a relationship between entities involved in an event based on the actions that are performed by one entity with respect to another entity. For example, the graph generator 810 can identify a relationship based on comparing the action with a table of identifiable relationships. Such a table of identifiable relationship may be customizable and provides the flexibility to the administrator to tailor the system to his data sources (described above). Possible relationships can include, for example, “connects to,” “uses,” “runs on,” “visits,” “uploads,” “downloads,” “successfully logs onto,” “restarts,” “shuts down,” “unsuccessfully attempts to log onto,” “attacks,” and “infects.” Also, the identified relationship between the entities can be indicative of the action, meaning that the identifiable relationship can include the action and also any suitable inference that can be made from the action. For example, an event that records a GET command (which is an action) may indicate that the user is using a machine with a certain IP address to visit a certain website, which has another IP address. In practice, however, the number of identifiable relationships can be directly correlated to the size of the graph, which may impact the security platform's responsiveness and 
[0216]
In some embodiments, specific details on how to construct the edges and the identifiable relationships are recorded in the configuration file (e.g., snippet). For example, a portion of the configuration file can specify, for the relationship graph generator 810, that an edge is to be created from an entity “srcUser” to another entity “sourceIP,” with a relationship that corresponds to an event category to which the event belongs, such as “uses.”

[0219]
Note, however, that the components introduced here (e.g., the graph generator 810) may be tailored or customized to the environment in which the platform is deployed. As described above, if the network administrator wishes to receive data in a new data format, he can edit the configuration file to create rules (e.g., in the form of functions or macros) for the particular data format including, for example, identifying how to tokenize the data, identifying which data are the entities in the particular format, and/or identifying the logic on how to establish a relationship. The data input and preparation stage then can automatically adjust to understand the new data format, identify identities and relationships in event data in the new format, and create event relationship graphs therefrom.

It would have been obvious to one of ordinary skill in the art before the effective filing date to combine Muddu into Kiff because Muddu provides advances that employs a variety of techniques and mechanisms for anomalous activity detection in a networked environment in ways that are more insightful and scalable than the conventional techniques of the building system of Kiff.


As for claim 22, Kiff teaches. The building system of claim 21 and corresponding method and devices, wherein the one or more user inputs include an edit to a particular node or a particular relationship, wherein the edit is creation of the particular node or the particular relationship or deletion of the particular node or the particular relationship (par.43 add/ edit/ delete nodes of ontology).



As for claim 24, 32 and 40, Kiff teaches. The building system of claim 21 and corresponding method and devices, wherein each of the plurality of relationships logically defines a particular relationship between a first data entity of the plurality of entities and a second data with one or more words or phrases, the one or more words or phrases comprising a predicate (fig.3 or 4a describes first and second entity of plurality of entities with word comprising a predicate such as map, photo, video, light, chiller).

As for claim 25 and 33, Kiff teaches. The building system of claim 21 and corresponding method and devices, wherein the instructions cause the one or more processors to: identify a plurality of available relationship types of a set of relationship types for the one node, wherein the plurality of available relationship types are relationships available for the one node with second nodes of the plurality of nodes; and cause the display device of the user device to display, a second indication of the plurality of available relationship types (par.40 user is able to see predefined relationship between two nodes and create new relationships via user input thus where once relationships were available now is the ability to see or create new relationships from user input).



As for claim 27 and 35, Kiff teaches. The building system of claim 21 and corresponding method and devices, wherein the instructions cause the one or more processors to: receive a second indication to delete the one node; and update the graph by removing the one node from the plurality of nodes in response to receiving the second indication to delete the one node (par.43 add/ edit/ delete nodes of ontology).

As for claim 28 and 36, Kiff teaches. The building system of claim 21 and corresponding method and devices, wherein the one or more user inputs indicate the new relationship between a first existing node of the plurality of nodes and a second existing node of the plurality of nodes;

wherein the instructions cause the one or more processors to update the graph based on the one or more user inputs by causing the new relationship to be added between the first existing node of the plurality of nodes and the second existing node of the 

As for claim 29 and 37, Kiff teaches. The building system of claim 21 and corresponding method and devices, wherein the one or more user inputs indicate the new relationship, the new node, and a request to add the new relationship between the new node and an existing node of the plurality of nodes;
wherein the instructions cause the one or more processors to update the graph based on the one or more user inputs by causing the new node to be added to the graph and causing the new relationship to be added between the new node and the existing node (par.40-42 creating new relationships and new nodes via the user interface from user inputs).






(Note :) 	It is noted that any citation to specific, pages, columns, lines, or figures in the prior art references and any interpretation of the references should not be considered to be limiting in any way. A reference is relevant for all it contains and may be relied upon for all that it would have reasonably suggested to one having ordinary skill in the art. In re Heck, 699 F.2d 1331, 1332-33, 216 USPQ 1038, 1039 (Fed. Cir. 1983) (quoting In re Lemelson, 397 F.2d 1006,1009, 158 USPQ 275, 277 (CCPA 1968)).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Inquires
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICHOLAS AUGUSTINE whose telephone number is (571)270-1056 and fax is 571-270-2056.  The examiner can normally be reached on M-F 8am-5pmpm Eastern.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Stephen Hong can be reached on 571-272-4124.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



    PNG
    media_image1.png
    213
    564
    media_image1.png
    Greyscale

/NICHOLAS AUGUSTINE/Primary Examiner, Art Unit 2178                                                                                                                                                                                                        February 07, 2021