DETAILED ACTION
 Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to the communication filed on 09/27/2019.
Claims 1-13 are pending for consideration.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-13 are rejected under 35 U.S.C.101 because the claimed invention is directed to abstract ideas without significantly more.
	Step 1 Statutory Category:
		Claims 1-12 are directed to a process for performing an action within a machine-generated big data environment. The claims are directed to statutory categories.
		Claim 13 is directed to a process for verifying a device on a network. The claim is directed to statutory categories.	Step 2A Prong 1 Judicial exception:
		The independent claims recite the following limitations which have been identified as reciting a Mental Process:

		Step 2A Prong 2, additional elements that integrate into a practical application of the exception:
		 Claim 1 further recites “creating and writing a first object to the data repository based on a result of the first search; … and performing a predetermined action”.  The additional steps of creating and writing an object and performing an action are basic human actions performed on a general purpose computer.   Claim 13 further recites “consolidating multiple system …; writing, if the identity of the new device is not present in the known-devices system log … ; retrieving … the identity of the new device ..; invoking … an external script that uses an application programming interface (API) of an external application …; writing… an externally-not-known object …;  and performing a predetermined action”.  These are insignificant extra solution activities, See MPEP 2106.05(b)(I).  They’re merely activities for collecting, retrieving, sending data or simply 	Step 2B significantly more:
		Claim 1 recites “creating and writing a first object to the data repository based on a result of the first search; … and performing a predetermined action”.  The additional steps of creating and writing an object and performing an action are basic human actions performed on a general purpose computer.   Claim 13 recites “consolidating multiple system …; writing, if the identity of the new device is not present in the known-devices system log … ; retrieving … the identity of the new device ..; invoking … an external script that uses an application programming interface (API) of an external application …; writing… an externally-not-known object …;  and performing a predetermined action”.  These are routing actions performed by an ordinary person skilled in the art.  Adding a record so it can be read later, or so that a database trigger can be generated are common actions in the art.  When taken individually or viewed as an ordered combination, the claims as a whole do not amount to significantly more than the abstract idea.
	As a result, the independent claims 1 and 13 remain abstract ideas.

	Regarding dependent claim 2, the claim recites “… writing the first object including a parameter ....”.  Write a record of data with all relevant data for future use is not significantly more than judicial exception.  It does not improve existing technology so it does not integrate the judicial exception into a practical application.  The claim is an abstract idea.

	Regarding dependent claim 3, the claim recites “… performing the second search using the parameter ....”.  Performing a search using a parameter such as a keyword is a common action of an ordinary person skilled in the art applied on a conventional computer with conventional hardware.  It is not significantly more than judicial exception.  It does not improve existing technology so it does not integrate the judicial exception into a practical application.  The claim is an abstract idea.
	
	Regarding dependent claim 4, the claim recites “… performing the predetermined action using the parameter of the object written to the data repository”.  Passing data to a function or action for execution is not new and is a common idea in the art where it can be found in early computers with command line interface (command line arguments).  It is not significantly more than judicial exception.  It does not improve existing technology so it does not integrate the judicial exception into a practical application.  The claim is an abstract idea.



	Regarding dependent claim 6, the claim recites “… monitoring an unstructured data repository of machine-generated logs”.  Log data that are unstructured are common data.  Without specific details of how the data is parsed, or the novelty feature of parsing the data, it can be simply pattern matching or string matching, which is a basic action of search applied on a general purpose computer with generic hardware.  As a result, it is not significantly more than judicial exception.  It does not improve existing technology so it does not integrate the judicial exception into a practical application.  The claim is an abstract idea.

	Regarding dependent claim 7, the claim recites “… creating and writing the object to a selected subset of the machine- generated logs”.  Selecting a place to write data is arbitrary without specific structure.  Furthermore, organized data is a basic human activity that can be performed by an ordinary person skilled in the art that is applied on a general computer using generic hardware.  As a result, it is not significantly 
	
	Regarding dependent claim 8, the claim recites “invoking an external script”.  The mechanism for invoking an external script is provided by an operating system and/or the database system being used.  As a result, it’s a well-known, already implemented and publicly documented idea in the art.  Making use of it or within the context of a database trigger is not new or any more special than making use of it in other computing environment.  As a result, it is not significantly more than judicial exception.  It does not improve existing technology so it does not integrate the judicial exception into a practical application.  The claim is an abstract idea.

	Regarding dependent claim 9, the claim recites “… invoking the external script to make a call on an application programming interface to retrieve data from an external program”.  Retrieving data is a basic human action applying on a general purpose computer using generic hardware.  Using a script to perform the action is common action performed by an ordinary skilled person in the art.  As a result, it is not significantly more than judicial exception.  It does not improve existing technology so it does not integrate the judicial exception into a practical application.  The claim is an abstract idea.



	Regarding dependent claim 11, the claim recites “… monitoring … the data repository …; performing a third search within the data repository based on the second designated change in the machine-generated logs; and performing a second predetermined action based on the third search”. Monitoring and performing a search are abstract ideas of observation, evaluation and determination.  Performing some action is an insignificant extra solution activity, see MPEP 2106.05(b)(I).  Without a clear criteria for the search and what the action tries to accomplish or the goals the search and the action try to reach, these are arbitrary limitations that are insignificant and do not have patentable weight since any different step can be performed and the same result would be expected.  There is no patentable utility in these limitations that is both substantial and specific (see In re Fisher, 421 F.3d 1365, 1371 (Fed. Cir. 2005)). When considered individually or as an ordered combination, they’re not significantly more than judicial exception.  They do not improve existing technology so it does not integrate the judicial exception into a practical application.  The claim is an abstract idea.

	Regarding dependent claim 12, the claim recites “… writing a second object to the data repository …; … monitoring … the data repository …; performing a third search patentable utility in these limitations that is both substantial and specific (see In re Fisher, 421 F.3d 1365, 1371 (Fed. Cir. 2005)).  Performing an action is an insignificant extra solution activity, see MPEP 2106.05(b)(I) .  When considered individually or as an ordered combination, they’re not significantly more than judicial exception.  They do not improve existing technology so it does not integrate the judicial exception into a practical application.  The claim is an abstract idea.

Claim Rejections - 35 USC § 112The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly 


Claims 11-12 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.	Regarding claim 11, the claim recites “performing a third search within the data repository based on the second designated change … performing a second predetermined action based on the third search”.  The instant application specification does not disclose these limitations.  Paragraph [0005] discloses a search based on the second designated change and the performing of an action based on the search result (“… The data repository is monitored with the second alert for a second designated change in the machine-generated logs, and the second designated change in the machine-generated logs corresponds to the first object  … The data repository is searched a second time based on the second designated change … Based on the second search, a predetermined action is performed”).  Paragraph [0026] also discloses a second designated change as in paragraph [0005] (“a second alert is used to monitor the data repository of machine- generated logs for a second designated change in the machine-generated logs, and the second designated change in the machine-generated logs corresponds to the first object”).  Paragraph [0027] discloses a second search is performed based on the second designated change (“[0027] At 210, a second search is performed within the data repository based on the second designated change in the monitored with the second alert for a second designated change in the machine-generated logs, and the second designated change in the machine-generated logs corresponds to the first object  … The data repository is searched a second time based on the second designated change … Based on the second search, a second designated change in the machine-generated logs, and the second designated change in the machine-generated logs corresponds to the first object”).  Paragraph [0027] discloses a second search is performed based on the second designated change (“[0027] At 210, a second search is performed within the data repository based on the second designated change in the machine-generated logs, similar to the first search above. However, the second search may use the parameter that may have been included in the object to supplement the second search.”).  Paragraph [0028] discloses an action is performed based on the second search (“[0028] At 212, a predetermined action is performed based on the second search”).  However, the instant application specification does not discloses a third search based on the second designated change.  The instant application specification also does not disclose performing an action based on the third search.  As a result, it is not clear to an ordinary person skilled in the art what search to perform.  Specifically, what parameter is used for the search and what’s the search is looking for after a match is found.  Without the disclosing of the search or the action depending on the search result, it is not clear how the result of the search can be used in the action, since the action is based on the search result.  These limitations are not substantial and specific (see In re Fisher, 421 F.3d 1365, 1371 (Fed. Cir. 2005)).
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-12 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. 	Regarding claim 1, the claim recites “performing a first search within the data repository based on the first designated change in the machine-generated logs” and “performing a second search within the data repository based on the second designated change in the machine-generated logs”.  It is not clear what each of the searches is looking for in the limitations.  Furthermore, it is not clear what parameters are used to perform the searches.  Although the limitation states the search is based on “based on the first designated change” and “based on the second designated change”, it can also means the searches are triggered by the changes, not necessarily the parameters of the searches depends on the changes.  The claim further recites “performing a predetermined action based on the second search”.  The limitation is not specific of what action or type of actions to be performed.  Without the specific details, a predetermined action can also be doing nothing and move on to a next step.  Due to this indefiniteness, it presents a problem for determining whether a claim is infringed upon or not.  For the purpose of prior art examination, the limitations are interpreted as best understood.	Regarding dependent claims 2-12, the claims do not discloses further details monitored with the second alert for a second designated change in the machine-generated logs, and the second designated change in the machine-generated logs corresponds to the first object  … The data repository is searched a second time based on the second designated change … Based on the second search, a predetermined action is performed”).  Paragraph [0026] also discloses a second designated change as in paragraph [0005] (“a second alert is used to monitor the data repository of machine- generated logs for a second designated change in the machine-generated logs, and the second designated change in the machine-generated logs corresponds to the first object”).  Paragraph [0027] discloses a second search is performed based on the second designated change (“[0027] At 210, a second search is performed within the data repository based on the second designated change in the machine-generated logs, similar to the first search above. However, the second search may use the parameter that may have been included in the object to supplement the second search.”).  Paragraph [0028] discloses an action is performed based on the second search (“[0028] At 212, a predetermined action is performed based on the monitored with the second alert for a second designated change in the machine-generated logs, and the second designated change in the machine-generated logs corresponds to the first object  … The data repository is searched a second time based on the second designated change … Based on the second search, a predetermined action is performed”).  Paragraph [0026] also discloses a second designated change as in paragraph [0005] (“a second alert is used to monitor the data repository of machine- generated logs for a second designated change in the machine-generated logs, and the second designated change in the machine-generated logs corresponds to the first object”).  Paragraph [0027] discloses a second search is performed based on the second designated change (“[0027] At 210, a second search is performed within the data repository based on the second designated change in the machine-generated logs, similar to the first search above. However, the second search may use the parameter that may have been included in the object to supplement the second search.”).  Paragraph [0028] discloses an action is performed based on the second search (“[0028] At 212, a predetermined action is performed based on the second search”).  However, the instant application specification does not discloses a third search based on the second designated change.  The instant application specification also does not disclose performing an action based on the third search.  As a result, it is not clear to an ordinary person skilled in the art what search to perform.  Specifically, what parameter is used for the search and what’s the search is looking for after a match is found.  Without the disclosing of the search or the action depending on the search result, it is not clear how the result of the search can be used in the action, since the action is based on the search result.  These limitations are not substantial and specific (see In re Fisher, 421 F.3d 1365, 1371 (Fed. Cir. 2005)).
	Furthermore, claim 12 recites at line 2 of the claim “performing a second predetermined action comprises writing a second object to the data repository based on results of the second search”. Claim 12 further recites “performing a second predetermined action based on the third search” at line 12 of the claim.  It is unclear if the later recitation of “a second predetermined action” on line 11 is the same as that of the first recitation on line 2.  The “action” on line 2 is based on results of the second search, while the action on line 11 is based on the third search.  For the purpose of prior third predetermined action based on the third search”.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4 and 7-9 are rejected under 35 U.S.C. 103 as being unpatentable over Farrell et al. (US 20150304167 A1, hereinafter Farrell) in view of Stackoverflow (NPL U: “Can a SQL trigger call a web service”, dated December 02, 2016, hereinafter Stackoverflow).

	Regarding claim 1, Farrell teaches a process for performing an action within a machine-generated big data environment, the process comprising:		monitoring, with a first alert, a data repository of machine-generated logs for a first designated change in the machine-generated logs ([Examiner note: the crossed over text is discussed below]; Farrell Fig. 1: 
    PNG
    media_image1.png
    376
    642
    media_image1.png
    Greyscale
;Farrell [0003]: … A discovery system receives the each classified message and detects, based on the each received classified message, a new network device added to the one or more networks and detects one or more configuration changes made on the one or more network devices; Farrell [0019]: At 100 in FIG. 1, the one or more network devices communicate each other … The one or more messages include, but are not limited to: … (6) log files (e.g., log files 615 shown in FIGS. 5-6) echoed from the one or more network devices; Farrell [0021] Returning to FIG. 1, at 110, a classifier (e.g., a classifier 630 shown in FIG. 5) intercepts the one or more messages associated with the one or more network devices ; Farrell [0016]: … the discovery system monitors the communication port and/or echoes the log entries in order to detect the addition of the new network device and/or the configuration changes. For example, a communication port of the discovery system may receive a message whose header indicates a new mail server whose web address is not listed on a list of current existing network device stored in the discovery system; [Examiner note: classifier corresponds to first alert, log files corresponds to machine-generated logs; the addition of the new network  a first designated change; discovery system corresponds to the data repository]);		performing a first search within the data repository based on the first designated change in the machine-generated logs (Farrell [0030]: At 230, if the classifier determines that the sender and the receiver of the intercepted message match a layer whose senders' IP address list includes the identification of the sender; [Examiner note: the sender is associated with the intercepted message, the first search is based on the sender and as a result, the first search is based on the intercepted message, which corresponds to the first designated change);		creating and writing a first object to the data repository based on a result of the first search (Farrell [0033]: At 270, if the classifier determines that the sender, the receiver or the content of the intercepted message does not match any layer, i.e., there is no match between the IP address of the sender of the message and an IP address listed on the senders' IP address list of each layer … then the classifier inserts a time stamp, which indicate a time period taken to process the intercepted message by the classifier, into the intercepted message. ... after inserting the time stamp into the intercepted message, the classifier places the intercepted message with the inserted time stamp in a pending table; [Examiner note: the database housing the pending table corresponds to the data repository]);		performing a second search within the data repository based on the second designated change in the machine-generated logs (Farrell [0016]: … the discovery system may receive a message whose header indicates a new mail server whose web address is not listed on a list of current existing network device stored in the discovery system; Farrell [0033]: after inserting the time stamp into the intercepted message, the classifier places the intercepted message with the inserted time stamp in a pending table; Farrell [0034]: … the classifier searches the pending table in order to find a match between the inserted time stamp and a pre-determined elapsed time set in a pending table entry … [Examiner note: places the intercepted message with the inserted time stamp corresponds to the second designated change]); and		performing a predetermined action based on the second search (Farrell [0034]: … upon finding the match, the classifier sends the intercepted message to a router that forwards the intercepted message to a network domain that corresponds to the found match.).
		Although Farrell teaches the limitations of the claim 1 (see discussion above), Farrell does not teach: 			monitoring, with a second alert, the data repository of machine-generated logs for a second designated change in the machine-generated logs, wherein the second designated change in the machine-generated logs corresponds to the first object;
		Stackoverflow teaches a request can be processed by inserting it into a table, then use a trigger based on data insertion to process the request (Stackoverflow, top of page 1: When a user "checks-in" [Inserts new row into a table] I want to then take data from that insert and call a web service, which would send push notifications based upon that insert; Stackoverflow, top of page 3: used a trigger to insert a record in a Queue table, then a Stored procedure using a cursor to pull Queued entries off … the Stored Procedure calls XP_CMDShell calling a .bat file with parameters [Examiner note: 
		It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Stackoverflow, which teaches performing a business logic step by inserting a record into a database pending table and then use a trigger to monitor for the change to process the data to result in the claimed limitations:			monitoring, with a second alert, the data repository of machine-generated logs for a second designated change in the machine-generated logs, wherein the second designated change in the machine-generated logs corresponds to the first object (Stackoverflow, top of page 3: … used a trigger to insert a record in a Queue table [Examiner note: by using the trigger taught by Stackoverflow to monitor the pending table taught by Farrell, a new record inserted, which is taught by Farrell, would execute the trigger.  All tables are inside the discovery system’s database taught by Farrell discussed above, which corresponds to the data repository. An insertion of a record into the pending table corresponds to the second designated change.]; Farrell [0033] … then the classifier inserts a time stamp, which indicate a time period taken to process the intercepted message by the classifier, into the intercepted message; [Examiner note: the intercepted message and the time stamp corresponds to the first object]);


	Regarding claim 2, Farrell in view of Stackoverflow teaches the process of claim 1, wherein creating and writing a first object to the data repository comprises writing the first object including a parameter for the second search to the data repository (Farrell [0033]: … then the classifier inserts a time stamp, which indicate a time period taken to process the intercepted message by the classifier, into the intercepted message. ... after inserting the time stamp into the intercepted message, the classifier places the intercepted message with the inserted time stamp in a pending table; Farrell [0034]: … the classifier searches the pending table in order to find a match between the inserted time stamp and a pre-determined elapsed time set in a pending table entry; [Examiner note: the intercepted message and the time stamp corresponds to the parameter for the second search]).
	
	Regarding claim 3, Farrell in view of Stackoverflow teaches the process of claim 2, wherein performing a second search within the data repository comprises performing the second search using the parameter of the object written to the data repository (Farrell [0034]: … the classifier searches the pending table in order to find a match between the inserted time stamp and a pre-determined elapsed time set in a pending table entry;).

the process of claim 3, wherein performing a predetermined action based on the second search comprises performing the predetermined action using the parameter of the object written to the data repository (Farrell [0034]: … upon finding no match, the classifier creates a table entry, in the pending table, which represents the intercepted message …. The created table entry may include the inserted time stamp of the intercepted message; Farrell [0035] The router sends the intercepted message to a network domain which corresponds to the found match at 410).

	Regarding claim 7, Farrell in view of Stackoverflow teaches the process of claim 1, wherein creating and writing a first object to the data repository comprises creating and writing the object to a selected subset of the machine-generated logs (Farrell [0033]: … then the classifier inserts a time stamp, which indicate a time period taken to process the intercepted message by the classifier, into the intercepted message. ... after inserting the time stamp into the intercepted message, the classifier places the intercepted message with the inserted time stamp in a pending table; [Examiner note: the pending table is inside the database in the discovery system taught by Farrell.  The pending table corresponds to the selected subset of the machine-generated logs.  Please also note that writing the object to the selected subset of the machine-generated is an arbitrary limitation that depends on a choice of implementation, since although it’s convenient to write to a local database of the local system, the data can be written anywhere that it can be later retrieved.  The instant application specification does not indicate how writing in one location is better than 

	Regarding claim 8, Farrell in view of Stackoverflow teaches the process of claim 1, wherein performing a predetermined action comprises invoking an external script (Stackoverflow, top of page 3: used a trigger to insert a record in a Queue table, then a Stored procedure using a cursor to pull Queued entries off … the Stored Procedure calls XP_CMDShell calling a .bat file with parameters [Examiner note: the .bat file corresponds to an external script]).
	
	Regarding claim 9, Farrell in view of Stackoverflow teaches the process of claim 8, wherein invoking an external script comprises invoking the external script to make a call on an application programming interface to retrieve data from an external program (Stackoverflow bottom of page 3: The bat file calls cURL which manages the REST/JSON call and response).

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Farrell in view of Stackoverflow and further in view of Hinrichs et al. (US 10592302 B1, hereinafter Hinrichs).
	Regarding claim 5, Farrell in view of Stackoverflow teaches the process of claim 1.
creating and writing a first object to the data repository comprises creating and writing a JavaScript Object Notation (JSON) object to the data repository.
 		Hinrichs teaches creating and writing a first object to the data repository comprises creating and writing a JavaScript Object Notation (JSON) object to the data repository ([Examiner note: the format of the data being JSON written to a data repository is an insignificant extra solution activity.  Whether the data is written in one format or another does not change the result of the claimed invention.  The instant specification also indicated any desired format can be used (instant specification paragraph [0024] “At 206, a first object is created and written to the data repository … the object may be in any desired format (e.g., JavaScript Object Notation (JSON), Python, etc.)).  For the purpose of compact prosecution, the examiner further uses prior art to reject the claimed limitation].  Hinrichs: col. 26, lines 26-31: … This database can persist both policies and any data the policies need in their evaluation. … the database saves policies as plain source code, while storing the parameter data as JSON documents. Hinrichs col. 26, lines 60-67, col. 27, lines 1-2: … to retrieve and properly format the parameters for consumption … transforming the collected parameter data from its native format into a structured document (e.g., a JSON document) for storing in the database 1035 ...).
		It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Hinrichs, which stores parameter in JSON format for later use in a database table, into the 
		One of ordinary skilled would be motivated to do so as using Hinrichs’ teaching allows data to be stored without depending on the programming language being used, having a structured format and help the data to be readable to humans (Hinrichs col. 2, lines 26-37).

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Farrell in view of Stackoverflow and further in view of JOSHI et al. (US 20140337974 A1, hereinafter Joshi).
	Regarding claim 6, Farrell in view of Stackoverflow teaches the process of claim 1.		However does not teach wherein monitoring a data repository of machine-generated logs comprises monitoring an unstructured data repository of machine-generated logs.
		Joshi teaches monitoring a data repository of machine-generated logs comprises monitoring an unstructured data repository of machine-generated logs (Joshi [0022]: … a method of detecting a potential cyber threat or attack, comprising receiving data from at least two data sources, extracting information from the received data, asserting the information extracted using an ontology, accumulating the asserted information and determining if a cyber threat or attack is present based on the received data ...; Joshi [0043]: However, these resources also contain unstructured text data in which important information could be embedded …; Joshi [0045]: After analyzing the the information extracted is added to a knowledge base; Joshi [0075]: The reasoning logic module 110B found the annots.api dll being executed at the host via the logs received from the IBM … The log also pointed out the product using this service, i.e., Adobe Acrobat Reader.RTM.. The unstructured text data from the Juniper Networks.RTM. link [21] also comprised of `annots.api` in the text.)
		It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Joshi, which teaches an intrusion detection system that monitors unstructured text in data sources, into the combined teachings of Farrell and Stackoverflow to result in the limitations of the claimed invention.
		One of ordinary skilled would be motivated to do so as using Joshi’s teaching can help providing important information for detecting new network device (Joshi [0043]).

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Farrell in view of Stackoverflow and further in view of Mizuno et al. (US 7778193 B2, hereinafter Mizuno).
	Regarding claim 10, Farrell in view of Stackoverflow teaches the process of claim 1.
		However, Farrell in view of Stackoverflow does not teach displaying the object written to the data repository based on results of the first search.
		Mizuno teaches displaying the object written to the data repository based on results of the first search (Mizuno col. 11 lines 16-19: As shown in FIG. 11, monitors packets in the residential network NW1 and, when it detects a device not yet registered, makes an enquiry to the user about whether to register the device; Mizuno col. 11 lines 24-34: The device detection part 103 monitors packets in the residential network NW1 … found a packet having an address other than a device IP address allocated to a device to which the home gateway apparatus 100 is already connected (Step S302), searches the settings information files in the database 101 for a corresponding device, on the basis of a device IP address and a device external IP address estimated to correspond, and, if nothing is found, returns to Step S301 to resume the monitoring of packets (Step S303). In case devices were found, it saves the list of all devices found for future convenience (Step S305); Mizuno col. 13 lines 34-42: … a request based on UPnP from the device to be registered, the device information is collected from the device to be connected by UPnP negotiation in Step S121 of FIG. 17. Next, it is determined whether there is a device name and there is product information in the collected device information (Step S122), and if there is not, the process comes to an end by making an error response in Step S129; Mizuno Claim 13: … detecting a new packet emitted from a new device and possessing a device IP address other than registered device IP addresses allocated to devices already registered in said residential network, and a display means displaying that the new device is present as being not yet successful in connection settings.).
		It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Mizuno, which teaches displaying a new device when the device is not found in an existing 
		One of ordinary skilled would be motivated to do so as both Mizuno and Farrell teaches new device detection against an existing device list, incorporating Mizuno’s teaching would optimize system performance (Mizuno col. 11 lines 33-34).

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Farrell in view of Stackoverflow and further in view of Hunchback et al. (NPL V: “Trigger Called in Reverse Order”, dated January 2011, hereinafter Hunchback).

	Regarding claim 11, Farrell in view of Stackoverflow teaches the process of claim.
		However, Farrell in view of Stackoverflow does not teach:			monitoring, with a third alert, the data repository of machine-generated logs for the second designated change in the machine-generated logs, wherein the second designated change in the machine-generated logs corresponds to the object written to the data repository based on the results of the first search;			performing a third search within the data repository based on the second designated change in the machine-generated logs; and			performing a second predetermined action based on the third search.
		Hunchback teaches:			monitoring, with a third alert, the data repository of machine-generated logs for the second designated change in the machine-generated logs (Hunchback, page 10: “Create first trigger” [Examiner note: Farrell in view of Stackoverflow teaches having a trigger to monitor changes on the pending table, Hanchback further teaches two triggers can be added on a table.  As a result, a second trigger would also monitor the “second designated change”.  The “First Trigger” taught by Hunchback corresponds to the third alert.]), wherein the second designated change in the machine-generated logs corresponds to the object written to the data repository based on the results of the first search (Farrell [0033]: after inserting the time stamp into the intercepted message, the classifier places the intercepted message with the inserted time stamp in a pending table; [Examiner note: the placing of the intercepted message with the inserted time stamp in a pending table corresponds to the second designated change; Farrell in view of Stackoverflow teaches having a trigger to monitor changes on the pending table, Hanchback further teaches two triggers can be added on a table.  As a result, a second trigger can be added to also monitor the “second designated change” of the pending table.  The “First Trigger” taught by Hunchback corresponds to the third alert. The intercepted message with the time stamp corresponds to the object written to the data repository]);			performing a third search within the data repository based on the second designated change in the machine-generated logs (Hunchback page 11, near top of the page: FROM TriggerTest T JOIN inserted I ON T.ID = I.ID; [Examiner note: the data retrieval and the join corresponds to the third search]); and			performing a third predetermined action based on the third search (Hunchback page 11, near top of the page: UPDATE T SET FullName = 'ID ' + CAST (T.ID AS varchar … ; [Examiner note: the update corresponds to the third action. The update action is using data from the third search.  As a result, it’s based on the third search]).
		It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Hunchback, which teaches adding two triggers to monitor a same table and performing a search and update in one of the triggers, into the combined teachings of Farrell and Stackoverflow to result in the limitations of the claimed invention.
		One of ordinary skilled would be motivated to do so as both Stackoverflow and Hunchback teach using trigger to monitor data on a table, incorporate Hunchback’s teaching helps making it easier to manage and streamline the code, and helps keeping unrelated functions separated from each other (Hunchback, top of page 6).

Claims 12 are rejected under 35 U.S.C. 103 as being unpatentable over Farrell in view of Stackoverflow and further in view of JbcEdge (NPL W: “MS SQL SERVER – Triggers”, dated February 2018, hereinafter JbcEdge).

	Regarding claim 12, Farrell in view of Stackoverflow teaches the process of claim 1, wherein:		performing a second predetermined action comprises writing a second object to the data repository based on results of the second search upon finding no match, the classifier creates a table entry, in the pending table, which represents the intercepted message …. The created table entry may include the inserted time stamp of the intercepted message);
		Farrell in view of Stackoverflow does not teach monitoring, with a third alert, the data repository of machine-generated logs for a third designated change in the machine-generated logs;
		performing a third search within the data repository based on the third designated change in the machine-generated logs; and
		performing a second predetermined action based on the third search.
	JbcEdge teaches:			monitoring, with a third alert, the data repository of machine-generated logs for a third designated change in the machine-generated logs (JbcEdge, middle of page 1: CREATE TRIGGER …; JbcEdge middle of page 2: Triggers can be nested that is trigger on TableA updates Table B then TableB trigger updates TableC and so on; Farrell [0034]: … classifier creates a table entry, in the pending table … [Examiner note: the creating of a trigger taught by JbcEdge as a nested trigger into the trigger taught by Stackoverflow to monitor the pending table taught by Farrell corresponds to monitoring, the trigger corresponds to the third alert.  The table entry corresponds to the third designated change]), wherein the third designated change in the machine-generated logs corresponds to the second object written to the data repository based on the results of the second search ([Examiner note: the intercepted message corresponds to the second object]);performing a third search within the data repository based on the third designated change in the machine-generated logs ([Examiner note: the instant specification does not disclose a third search was performed based on the second designated change.  The instant specification discloses an action can be performed after the second search, see paragraph [0027] and [0028].  The action can be [0028]…” to write a second object with a second parameter and may also include the parameter from the first object. As another example of a predetermined action, an internal or external script may be launched”.  However, the instant specification does not specifically disclose the action is a third search within the data repository that is based on the second designated change.]; JbcEdge bottom of page 1, SELECT Id, StatusId, UpdatedDateTime as CreatedDateTime, UpdatedBy as CreatedBy, UpdatedDateTime, UpdatedBy FROM Inserted...; [Examiner note: the query statement corresponds to the third search, the “inserted” corresponds to the second designated change in the machine-generated logs]); and			performing a second predetermined action based on the third search ([Examiner note: the instant specification does not disclose a third search was performed based on the second designated change.  The instant specification discloses an action can be performed after the second search, see paragraphs [0027] and [0028] (“to write a second object with a second parameter and may also include the parameter from the first object. As another example of a predetermined action, an internal or external script may be launched”).  However, the instant specification does not specifically disclose the action is a third search within the data repository that is based on the second designated change.]; JbcEdge middle of page 1: INSERT INTO 
		It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of JbcEdge, which teaches to create a nested insert trigger to perform a search and an data insertion, into the combined teachings of Farrell and Stackoverflow to result in the limitations of the claimed invention.
		One of ordinary skilled would be motivated to do so as both JbcEdge and Stackoverflow teaches using triggers to perform tasks in response to an event, incorporating JbcEdge’s teaching would help keeping a modular implementation of separate business requirements while the tool is readily available (JbcEdge bottom of page 1; JbcEdge middle of page 2).

Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Farrell in view of Todd C et al. (NPL X: “Calling an api from sql server stored-procedure”, dated June 2017, hereinafter Todd) and further in view of JbcEdge.	Regarding claim 13, Farrell teaches a process for verifying a device on a network, the process comprising:		consolidating multiple system logs into a known-devices system log in a data repository (Farrell [0003]: … A discovery system receives the each classified message and detects, based on the each received classified message, a new network device added to the one or more networks and detects one or more configuration changes made on the one or more network devices; Farrell [0019] At 100 in FIG. 1, the one or more network devices communicate each other … The one or more messages include, but are not limited to: … (6) log files (e.g., log files 615 shown in FIGS. 5-6) echoed from the one or more network devices; Farrell [0039]: One or more datastores (e.g., a datastore 650 shown in FIGS. 5-7) store the one or more messages, which are intercepted by the classifier, according to corresponding message groups. The verifiers and the discovery systems in different network domains may share the one or more datastores);		monitoring the data repository for an event that signifies a new device has accessed a network ([Examiner note: the crossed over text is discussed below]; Farrell Fig. 1: 
    PNG
    media_image1.png
    376
    642
    media_image1.png
    Greyscale
;Farrell [0019]: At 100 in FIG. 1, the one or more network devices communicate each other … The one or more messages include, but are not limited to: … (6) log files (e.g., log files 615 shown in FIGS. 5-6) echoed from the one or more network devices; Farrell [0016]: … the discovery system monitors the communication port and/or echoes the log entries in order to detect the addition of the new network device and/or the configuration changes. For example, a communication port of the discovery system may receive a message whose header indicates a new mail server whose web address is not listed on is run, e.g., by a discovery system (i.e., a system running method steps shown in FIG. 8) as a job during off hours (e.g., computing resources in a corresponding company are not used). Alternatively, the discovery of the new network device and the configuration changes are performed, e.g., by the discovery system, in real-time as the new network device is added to a corresponding network(s) and/or as the configuration changes are made on one or more existing network device(s). The discovery system may run the discovery daily, weekly, and sometimes monthly.);		searching, if the event that signifies a new device has accessed a network occurs, the known-devices system log to determine if an identity of the new device is present in the known-devices system log (Farrell [0033] At 270, if the classifier determines that the sender, the receiver or the content of the intercepted message does not match any layer, i.e., there is no match between the IP address of the sender of the message and an IP address listed on the senders' IP address list; Farrell [0038] … In order to identify the new IP address, the verifier may retrieve a previous configuration file(s), which is(are) stored in a database associated with the one or more network devices);		writing, if the identity of the new device is not present in the known-devices system log, a locally-not-found object to the data repository, wherein the object includes the identity of the new device (Farrell [0033] At 270, if the classifier determines that the sender …  there is no match between the IP address of the sender of the message and an IP address listed on the senders' IP address list of each layer … inserts a time stamp, which indicate a time period taken to process the intercepted message by the classifier, into the intercepted message. ... after inserting the time stamp into the intercepted message, the classifier places the intercepted message with the inserted time stamp in a pending table; [Examiner note: the database housing the pending table corresponds to the data repository]);		searching data repository for the locally-not-found object ([Examiner note: the crossed over text is addressed below]; Farrell [0034] … the classifier searches the pending table in order to find a match between the inserted time stamp and a pre-determined elapsed time set in a pending table entry [Examiner note: Farrell teaches searching the pending table, but Farrell does not explicitly disclose monitoring the table, which is discussed below]);		retrieving, if the locally-not-found object is added to the data repository, the identity of the new device from the locally-not-found object (Farrell [0027] Upon intercepting the one or more messages, …  based on header information of the one or more messages. … the classifier evaluates whether the sender … each message match a layer which includes an identification (e.g., an IP (Internet Protocol) address) of the sender; Farrell [0033] … places the intercepted message with the inserted time stamp in a pending table … ; Farrell [0034]: … the classifier searches the pending table in order to find a match between the inserted time stamp and a pre-determined elapsed time set in a pending table entry. At 410, upon finding the match, the classifier sends the intercepted message to a router [Examiner note: Farrell discloses the message header contains an identification/IP address of the sender.  Farrell further discloses when finding a match in the pending table, the intercepted message is sent to a router.  As a result, the intercepted message is obtained, which has the identification of the sender, which corresponds to the new device]);
		 (Farrell [0035]: At 420 in FIG. 4, if the classifier finds no match at 410 in FIG. 4, at 200 in FIG. 2, at 220 in FIG. 2, at 240 in FIG. 2 and at 260 in FIG. 2, the classifier sends the intercepted message to all network domains known to the classifier. Farrell [0036] Each network domain may include one or more discovery systems (e.g., a discovery system 640 shown in FIGS. 5-7). A discovery system receives a classified message(s) (i.e., the one or more messages classified by the classifier) and detects, based on the classified message, a new network device added to the one or more networks and detects one or more configuration changes made on the one or more network devices. Farrell [0037] ... the verifier may query the one or more network devices (e.g., send a verification query to the one or more network device as shown in 625 in FIGS. 5-7; Farrell Fig. 6: 
    PNG
    media_image2.png
    592
    966
    media_image2.png
    Greyscale
Farrell [0038]: … In order to identify the new IP address, the verifier may retrieve a previous configuration file(s), which is(are) stored in a database associated with the one or more network devices … The difference may include the new IP address corresponding to the addition of the new network device.).);
		writing, if the identity of the new device is not known to the external application, an  (Farrell [0033]: after inserting the time stamp into the intercepted message, the classifier places the intercepted message with the inserted time stamp in a pending table; [Examiner note: Farrell teaches the process of writing a record to a table when the device is not found locally.  Farrell does not explicitly teaches the same process of writing a record to a table after searching externally for the device. Farrell teaches the verifier searches both locally and query the network devices for the new device and also record the result to a pending table.  Furthermore, the writing of result to a table for further processing is performing a predetermined action based on the externally-not-known object (Farrell [0037]: … Based on answers to the queries received from the one or more network devices and/or the datastore, the verifier may determine that a new configuration or a new service is enabled on the one or more network devices [Examiner note: determine that a new configuration is enabled corresponds to the performing a predetermined action]).
		Although Farrell teaches the limitations of the claimed invention (see above discussion), Farrell does not explicitly teach monitoring data repository for the locally-not-found object;
			invoking an external script that uses an application programming interface (API) of an external application to determine if the identity of the new device is known to the external application;
			writing, if the identity of the new device is not known to the external application, an externally
		Todd teaches monitoring data repository for the locally-not-found object (Todd top of page 2: built a trigger that queued the DB events [Examiner note: the trigger would monitor the pending table taught by Farrell]);
			invoking an external script that uses an application programming interface (API) of an external application to determine if the identity of the new device is known to the external application (Todd middle of page 2: cURL allowed me to send the API calls to a local manager from anywhere [Examiner note: the ;
			writing, if the identity of the new device is not known to the external application, an externally(Todd middle of page 2: API call Stored procedure run every 5 seconds runs Cursor to pull each Queue table entry,send the XP_CMDShell call to the bat file with parameters Bat file contains Curl call with parameters inserted sending output to logs [Examiner note: writing the output to a log from the external call to determine if the device is new from an external system meaning the result for both found and not found would be written.  As a result, when the device is not found, the result would be written]);
		It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Todd, which use a queue table and trigger to call an external script to call an API, into the teaching of Farrell to result in the limitations:

			monitoring data repository for the locally-not-found object;			invoking, if the locally-not-found object is added to the data repository, an external script that uses an application programming interface (API) of an external application to determine if the identity of the new device is known to the external application;			writing, if the identity of the new device is not known to the external application, an externally-not-known object to the data repository;
		One of ordinary skilled would be motivated to do so as both Todd and Stackoverflow teaches monitoring a database table to perform work in response to an event using a database trigger and using an external script to perform an action, incorporate Todd’s teaching helps getting a solution to work quickly within time constraint (Todd, bottom of page 2).
		Although Farrell in view of Todd teaches the limitations of the claimed invention (see discussion above), Farrell in view of Todd does not explicitly teach monitoring the data repository for the externally-not-known object.
		JbcEdge teaches monitoring the data repository for the externally-not-known object (JbcEdge, middle of page 1: CREATE TRIGGER …; JbcEdge middle of page 2: Triggers can be nested that is trigger on TableA updates Table B then TableB trigger updates TableC and so on; Farrell [0034]: … classifier creates a table entry, in the pending table … [Examiner note: the creating of a trigger taught by JbcEdge to monitor the output log table taught by Todd would cause the trigger to monitor the data repository for the externally-not-know object, the output log table taught by Todd corresponds to the data repository for the externally-not-know object.  
		It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of JbcEdge, which teaches to search a new device using a local or an external database into the combined teachings of Farrell and Todd to result in the limitations of the claimed invention.
		One of ordinary skilled would be motivated to do so as both Todd and JbcEdge teach using triggers to monitor and perform actions based on database table, furthermore, incorporating JbcEdge’s teaching would help keeping a modular implementation of separate business requirements while the tool is readily available (JbcEdge bottom of page 1; JbcEdge middle of page 2).
		Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 20150370522 A1- Display Device And Control Method
		Search a local or external database for the identification information of the external device, and determine whether the external device has been registered; and if the external device has been registered, then the flow proceeds to one operation; otherwise, the flow proceeds to another operation.
US 8769610 B1 - Distance-modified security and content sharing

US 20080168531 A1 - METHOD, SYSTEM AND PROGRAM PRODUCT FOR ALERTING AN INFORMATION TECHNOLOGY SUPPORT ORGANIZATION OF A SECURITY EVENT
		An intrusion detection system logs a plurality of security events, a trouble ticket alerting system configured to store therein a plurality of trouble tickets and a security event aggregator and reporter tool configured to determine, at a pre-determined time interval, whether or not a recent security event corresponds to an existing trouble ticket among the plurality of trouble tickets.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Vy Huy Ho whose telephone number is (571) 272-3261.  The examiner can normally be reached on Monday - Friday 7:30 am-5:30 pm.
	Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


03/29/2021
/V.H.H/
Examiner, Art Unit 2162


/PIERRE M VITAL/Supervisory Patent Examiner, Art Unit 2162