DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
	Claims 1-20 are pending of which claims 1, 7 and 13 are in independent form.
Claims 1-20 are rejected under 35 U.S.C. 101. 
Claims 1-20 are rejected under 35 U.S.C. 103.

Response to Arguments
Applicant's arguments filed 1/26/2022 have been fully considered but they are not persuasive.

Applicant’s Argument:
Applicant argues, on page 6 of the "Remarks”, that “It is respectfully submitted that Swafford should be disqualified as prior art under 35 U.S.C. § 102(b)(2)(c). Specifically, Swafford and the present application were both assigned to Forcepoint, LLC at the time of filing the present application”. 

	Examiner's Response:
Examiner respectfully disagrees; Swafford; Brandon L. et al. (US 20190036969 A1) was published (1/31/2019) more than one year prior to filing of the current application (App. No. 16863622, 4/30/2020), therefore Swafford et al. is treated under 35 USC 102(a)(1); for at least this reason the 35 U.S.C. § 102(b)(2)(c) exception does not apply to Swafford et al.. Hence, Applicants’ arguments are simply not persuasive. The rejection is therefore maintained.


Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to abstract idea without significantly more. 
The claim(s) recite(s) querying streamed events, extracting features, constructing distribution of features based on the query and analyzing the distribution of features; nothing in the claim element precludes the step from practically performing certain methods of organizing human activity and mental process.
The process, as drafted, under its broadest reasonable interpretation, covers performance of the limitation for the recitation of generic computer components. If a claim limitation, under its broadest reasonable interpretation, covers performance of the generic computer components, then it falls within the “certain methods of organizing human activity” and “mental process” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. This generic processor limitation is no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to the abstract idea
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. 



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-4, 7-10, 13-16, 19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Swafford; Brandon L. et al. (US 20190036969 A1) [Swafford] in view of Das; Dipock et al. (US 20190034813 A1) [Das].

	Regarding claims 1, 7 and 13, Swafford discloses, a computer-implementable method for constructing a distribution of interrelated event features, comprising: receiving a stream of events, the stream of events comprising a plurality of events (In certain embodiments, an event stream collector 402 may be implemented to collect event and related contextual information, described in greater detail herein, associated with various user behaviors. In these embodiments, the method by which the event and contextual information is selected to be collected by the event stream collector 402 
generating a query relating to the plurality of events, the query comprising condition information, the condition information defining a subset of query relevant events (In certain embodiments, the event queue analytics 404 operations may be implemented to determine whether or not a feature associated with a particular document matches one or more policy queries 610. In certain embodiments, the policy query 610 may include data, metadata, or a combination thereof, related to an event ¶ [0086], [0099]-[0103], [0106], [0112]); 
constructing a distribution of the features from the plurality of events based upon the query (In certain embodiments, a repository of persistent event data 670 may be queried for a random sampling of events containing the configured features 620. In certain embodiments, the resulting random sampling of events may be used during various scoring container initialization 702 operations to generate an initial probability distribution of their associated features. In certain embodiments, the initial probability distribution of associated features may likewise be stored in the repository of persistent event data 670 for re-use ¶ [0112], [0166]).
However Swafford does not explicitly facilitate processing the query relating to the plurality of events, extracting features from the plurality of events based upon the query; analyzing the distribution of the features from the plurality of events based upon the query.
Das discloses, processing the query relating to the plurality of events, extracting features from the plurality of events based upon the query (The data intake and query system uses a flexible schema to specify how to extract information from events. A flexible schema may be developed and redefined as needed. Note that a flexible schema may be applied to events "on the fly," when it is needed (e.g., at 
analyzing the distribution of the features from the plurality of events based upon the query (Each indexer 206 may be responsible for storing and searching a subset of the events contained in a corresponding data store 208. By distributing events among the indexers and data stores, the indexers can analyze events for a query in parallel. For example, using map-reduce techniques, each indexer returns partial responses for a subset of events to a search head that combines the results to produce an answer for the query. By storing events in buckets for specific time ranges, an indexer may further optimize the data retrieval process by searching buckets corresponding to time ranges that are relevant to a query ¶ [0120], [0180]).
It would have been obvious to one ordinary skilled in the art at the time of filing of the present invention to combine the teachings of the cited references because Das’ system would have allowed Swafford to facilitate processing the query relating to the plurality of events, extracting features from the plurality of events based upon the query; analyzing the distribution of the features from the plurality of events based upon the query. The motivation to combine is apparent in the Swafford’s reference, because there is a need for more effective techniques for interfacing with various underlying data sources via natural language applications.

Regarding claims 2, 8 and 14, the combination of Swafford and Das discloses, the query comprises a domain specific language (DSL) query (Swafford: a Domain Specific Language (DSL) broadly refers to a computer language specialized to a particular application domain ¶ [0087]).

Regarding claims 3, 9 and 15, the combination of Swafford and Das discloses, the DSL query comprises a plurality of Boolean predicates (Swafford: In certain embodiments, the rule may include 

Regarding claims 4, 10 and 16, the combination of Swafford and Das discloses, the plurality of Boolean predicates comprise a matching query predicate and a conditioning query predicate (Swafford: In certain embodiments, the rule may include one or more parameters, factors, limits, restrictions, constraints, numeric values, numeric operators, Boolean operators, or a combination thereof ¶ [0070]. Examiner specifies that Boolean operators are conditioning queries).

Regarding claim 19, the combination of Swafford and Das discloses, wherein the computer executable instructions are deployable to a client system from a server system at a remote location (Swafford: The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider) ¶ [0210] and claim 19).

Regarding claim 20, the combination of Swafford and Das discloses, wherein the computer executable instructions are provided by a service provider to a user on an on-demand basis (Swafford: In certain embodiments, the security analytics system 118 may be implemented to provide log storage, reporting, and analytics capable of performing streaming 408 and on-demand 410 analytics operations ¶ [0044]. Also see ¶ [0048]-[0050]).


Claims 5, 6, 11, 12, 17 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Swafford in view of Das in view of Ford; Richard A. et al. (US 20190034625 A1) [Ford].

Regarding claims 5, 11 and 17, the combination of Swafford and Das teaches all the elements of claims 4 and 10.
However neither Swafford nor Das explicitly facilitate the analyzing the distribution of features is performed by a DSL query processing module.
Ford discloses, the analyzing the distribution of features is performed by a DSL query processing module (Referring now to FIG. 7, enriched events 610 resulting from performance of the event enrichment operations 600 described in the text associated with FIG. 6 may be provided in certain embodiments to a DSL query processing 702 module. In certain embodiments, the DSL query processing 702 module may be implemented to provide a streaming query framework. In certain embodiments, the streaming query framework may be implemented to extract features, as described in greater detail herein, and construct probability distributions in real-time, in batch mode, or on-demand. In certain embodiments, the DSL query processing 702 module may be implemented to receive certain DSL queries 704 that include terms, features, tags, or other items of interest that may be associated with certain interrelated events ¶ [0096]-[0100]).

Regarding claims 6 , 12 and 18, the combination of Swafford, Das and Ford discloses, the conditioning query is implemented to cause the DSL query processing module to identify a subset of conditions of analytic utility (Ford: Referring now to FIG. 7, enriched events 610 resulting from performance of the event enrichment operations 600 described in the text associated with FIG. 6 may be provided in certain embodiments to a DSL query processing 702 module. In certain embodiments, .

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD S ROSTAMI whose telephone number is (571)270-1980. The examiner can normally be reached Mon-Fri From 9 a.m. to 5 p.m..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





2/9/2022
/MOHAMMAD S ROSTAMI/Primary Examiner, Art Unit 2154