DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
This action is in response to applicant’s arguments and amendments filed 4/20/2022, which are in response to USPTO Office Action mailed 12/22/2021. Applicant’s arguments have been considered with the results that follow: THIS ACTION IS MADE NON-FINAL.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim 1-3 and 18-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over CAI et al. (US PGPUB No. 2020/0104849; Pub. Date: Apr. 2, 2020) in view of UCHIUMI et al. (US PGPUB No. 2019/0129781; Pub. Date: May 2, 2019).
Regarding independent claim 1,
	CAI discloses a method for performing a data investigation by querying a plurality of data sources, the method performed at a system comprising one or more processors, the method comprising: receiving, at a query controller, a first investigation input; See Paragraph [0055], (Disclosing a method for turning a computer system via a machine learning model. The method is triggered by receiving a user input to the monitoring or tuning system, i.e. receiving, at a query controller, a first investigation input.)
querying, by the query controller, a plurality of data sources in accordance with the first investigation input; See Paragraph [0056], (Method 300 of FIG. 3A selects a preliminary set of sampled events from a set of below-the-line events via hypergeometric sampling, i.e. querying a plurality of data sources in accordance with the first input.) Note [0103] wherein the historic event data is divided into multiple sets and sampling is carried out in batches, i.e. multiple sets corresponding to multiple data sources.
receiving, in response to the querying in accordance with the first investigation input, first response data from the plurality of data sources; See FIG. 3A, (Following step 310, the method continues to step 315 of labelling each preliminary sampled correlated event, i.e. the events are received in response to querying in accordance with the first investigation input (e.g. the received historic events are response data).)
generating and storing, based on the first response data, a data structure representing relationships between the first investigation input and the first response data, wherein the data structure comprises a knowledge graph; See Paragraph [0034], (Disclosing an events database for storing events and related information, i.e. a data structure representing relationships between the first investigation input and the first response data.) See Paragraph [0262], (The term data structure can be interpreted as referring to methods of organizing data including a graph. Therefore, the events database of [0034] may be embodied as a graph for storing events and related information that is stored in memory 1215, storage 1235 or data 1240.)
	wherein the first set of investigation steps comprises one or more investigation steps based on the first investigation input, in accordance with the stored record of the first set of investigation steps, See Paragraph [0026], (A minimal sampling investigation of historical data is sufficient to capture investigator insights into the machine learning model, i.e. using the first set of investigation steps and generated with respect to different respective entities into one or a set of predefined classifications.)  Note [0217] wherein historic events represent investigated events that are stored as sampled data in events database 110 as described in [0042], i.e. one or more investigation steps based on the first investigation input, in accordance with the stored record of the first set of investigation steps.
and training a machine learning algorithm based on the plurality of respective data structures, See Paragraph [0044]-[0049], (Disclosing a machine learning model for calculating probabilities that a given event is or is not a suspicious event. Note [0024] wherein the machine learning model is calibrated during training and the calibration is validated to determine if a scenario and segment's threshold values should be lowered, i.e. training a machine learning algorithm based on the plurality of respective data structures.)
wherein training the machine learning algorithm based on the plurality of respective data structures comprises training the machine learning algorithm to classify data structures generated using the first set of investigation steps and generated with respect to different respective entities into one or a set of predefined classifications. See Paragraph [0127], (The machine learning model categorizes risk as High, Medium or Low and other subdivisions. The risk analysis determines whether an event is to be classified as suspicious or not, i.e. wherein training the machine learning algorithm based on the plurality of respective data structures comprises training the machine learning algorithm to classify data structures.) See Paragraph [0026], (A minimal sampling investigation of historical data is sufficient to capture investigator insights into the machine learning model, i.e. using the first set of investigation steps and generated with respect to different respective entities into one or a set of predefined classifications.)


CAI does not disclose the step of generating and storing a record of a first set of investigation steps used to generate the data structure, wherein the first set of investigation steps comprises one or more investigation steps based on the first investigation input, 
wherein generating and storing the record comprises generating and storing instructions for applying the first set of investigation steps to a plurality of different entities to generate a plurality of respective data structures, such that each of the plurality of respective data structures is representative of applying the first set of investigation steps to a different respective entity of the plurality of different entities.
UCHIUMI discloses the step of generating and storing a record of a first set of investigation steps used to generate the data structure, wherein the first set of investigation steps comprises one or more investigation steps based on the first investigation input, See FIG. 4 and Paragraph [0053], (Investigation history storage unit 13 stores an alert investigation history, i.e. generating and storing a record of a first set of investigation steps used to generate the data structure.) See Paragraph [0054], (Alert investigation history includes a plurality of attributes including No., an occurrence time, an occurrence place, an alert type, an operator ID, and an investigation history, i.e. one or more investigation steps based on the first input.) Note [0056]-[0057] describe a variety of input search expressions and attributes that are stored within each entry corresponding to an alert investigation history, i.e. first and second investigation inputs.
wherein generating and storing the record comprises generating and storing instructions for applying the first set of investigation steps to a plurality of different entities to generate a plurality of respective data structures, such that each of the plurality of respective data structures is representative of applying the first set of investigation steps to a different respective entity of the plurality of different entities. Paragraph [0057], (Disclosing an example alert investigation history record where a user displays a graph using two distinct search expressions, i.e. of applying the first set of investigation steps to a different respective entity of the plurality of different entities.) The examiner note that the investigation history is directed to two sets of data “search expression A” and “search expression B”, therefore the investigation steps are applied to different entities.
CAI and UCHIUMI are analogous art because they are in the same field of endeavor, data analysis. It would have been obvious to anyone having ordinary skill in the art before the effective filing date to modify the system of CAI to include the method of storing investigation data that may be further applied to other data as disclosed by UCHIUMI. Paragraph [0064] of UCHIUMI discloses that the method may use investigation history to determine reliability of investigations via a learning model, resulting in more reliable investigations that have more utility than otherwise unreliable investigations.


Regarding dependent claim 2,
As discussed above with claim 1, CAI-UCHIUMI discloses all of the limitations.
	CAI further discloses the step wherein the query controller is configured to determine, based on the first investigation input, a first data source of the plurality of data sources to query. See Paragraph [0056], (Method 300 of FIG. 3A selects a preliminary set of sampled events from a set of below-the-line events via hypergeometric sampling, i.e. querying a plurality of data sources in accordance with the first input.) Note [0103] wherein the historic event data is divided into multiple sets and sampling is carried out in batches, i.e. multiple sets corresponding to multiple data sources.

Regarding dependent claim 3,
As discussed above with claim 2, CAI-UCHIUMI discloses all of the limitations.
	CAI further discloses the step wherein querying the first data source comprises transmitting a first respective query data to a first data source of the plurality of data sources. See Paragraph [0042], (Historic events that are sampled are stored in an events databased and retrieved by the method 300 to perform hypergeometric sampling.) The examiner notes that one of ordinary skill in the art would know that access to a database necessarily involves submitting a query having query data that identifies data to which the query is directed.


Regarding dependent claim 18,
	The claim is analogous to the subject matter of independent claim 1 directed to a computer system and is rejected under similar rationale.

Regarding dependent claim 19,
	The claim is analogous to the subject matter of independent claim 1 directed to a non-transitory, computer readable medium and is rejected under similar rationale.

Claim 4 is/are rejected under 35 U.S.C. 103 as being unpatentable over CAI in view of UCHIUMI as applied to claim 1 above, and further in view of Gopalakrishnan et al. (US PGPUB No. 2020/0117737; Pub. Date: Apr. 16, 2020).
Regarding dependent claim 4,
As discussed above with claim 1, CAI-UCHIUMI discloses all of the limitations.
CAI-UCHIUMI does not disclose the step wherein the first response data comprises data of a first type from a first data source of the plurality of data sources and data of a second type from a second data source of the plurality of data sources.
	Gopalakrishnan discloses the step wherein the first response data comprises data of a first type from a first data source of the plurality of data sources and data of a second type from a second data source of the plurality of data sources. See FIG. 2 and Paragraph [0027], (The search and analytics engine translates and decomposes the input query into constituent components (sub-queries) and maps the sub-queries to each of the types of data in the respective data sources 240A-240N. The result set from each data source is formed from the results of each sub-query, i.e. sub-queries comprise data of types corresponding to the respective data sources. Therefore the result set, i.e. first response data, comprises data of a first type from a first data source and data of a second type from a second data source, etc.).
	CAI, UCHIUMI and Gopalakrishnan are analogous art because they are in the same field of endeavor, data analysis. It would have been obvious to anyone having ordinary skill in the art before the effective filing date to modify the system of CAI- UCHIUMI to include the search analytics engine as disclosed by Gopalakrishnan. Doing so would allow the system to obtain data from a plurality of sources such that they may be further analyzed.

Claim 5-7 is/are rejected under 35 U.S.C. 103 as being unpatentable over CAI in view of UCHIUMI as applied to claim 1 above, and further in view of Kreutzer et al. (US PGPUB No. 2018/0096035; Pub. Date: Apr. 5, 2018).
Regarding dependent claim 5,
As discussed above with claim 1, CAI-UCHIUMI discloses all of the limitations.
	CAI-UCHIUMI does not disclose the step wherein the first investigation input comprises an indication of a first entity, and wherein the first response data comprises an indication of a second entity related to the first entity.
	Kreutzer discloses the step wherein the first investigation input comprises an indication of a first entity, and wherein the first response data comprises an indication of a second entity related to the first entity. See FIG.2 and Paragraph [0034], (Disclosing a method of analyzing graph queries. The method including receiving iterative queries for an entity, i.e. a first investigation input, comprising a first entity having an analytic that is within a set number of edges away from a second entity, i.e. the analytic is an indication of a second entity related to the first entity by said analytic.).
	CAI, UCHIUMI and Kreutzer are analogous art because they are in the same field of endeavor, query analysis. It would have been obvious to anyone having ordinary skill in the art before the effective filing date to modify the system of CAI-UCHIUMI to include the iterative query analysis disclosed by Kreutzer. Paragraph [0033] of Kreutzer discloses that the method 200 of FIG. 2 allows for iteratively refining earlier queries and query analytics which allows for a single call to iterate its results a set number of times until a given size result set is produced or for a given computational time.

Regarding dependent claim 6,
As discussed above with claim 5, CAI-UCHIUMI-Kreutzer discloses all of the limitations.
	CAI-UCHIUMI does not disclose the step wherein the first response data comprises data regarding a relationship between the first entity and the second entity.  
	Kreutzer discloses the step wherein the first response data comprises data regarding a relationship between the first entity and the second entity. See Paragraph [0034], (A query and its associated analytic(s) provide a subgraph of the initial graph which subsequent graph queries and analytics are based on, i.e. the results are based on the query and the analytic, i.e. the relationship between the first entity and the second entity. Note that the method includes receiving iterative queries for a first entity having an analytic that is within a set number of edges away from a second entity, i.e. the analytic is an indication of a second entity related to the first entity by said analytic.).
CAI, UCHIUMI and Kreutzer are analogous art because they are in the same field of endeavor, query analysis. It would have been obvious to anyone having ordinary skill in the art before the effective filing date to modify the system of CAI-UCHIUMI to include the iterative query analysis disclosed by Kreutzer. Paragraph [0033] of Kreutzer discloses that the method 200 of FIG. 2 allows for iteratively refining earlier queries and query analytics which allows for a single call to iterate its results a set number of times until a given size result set is produced or for a given computational time.

Regarding dependent claim 7,
As discussed above with claim 5, CAI-UCHIUMI-Kreutzer discloses all of the limitations.
	Kreutzer further discloses the step wherein the first response data comprises a characteristic of the first entity. See Paragraph [0034], (A query and its associated analytic(s) provide a subgraph of the initial graph which subsequent graph queries and analytics are based on, i.e. the results are based on the query and the analytic, i.e. the relationship between the first entity and the second entity.). The examiner notes that a relationship is a characteristic of an entity.

Claim 15-17 is/are rejected under 35 U.S.C. 103 as being unpatentable over CAI in view of UCHIUMI as applied to claim 1 above, and further in view of Funk et al. (US Patent No.: 10/606,866; Date of Patent: Mar. 31, 2020).
Regarding dependent claim 15,
As discussed above with claim 1, CAI-UCHIUMI discloses all of the limitations.
	CAI-UCHIUMI does not disclose the method further comprising: receiving, at the query controller, a second investigation input, wherein the second investigation input comprises an indication of all or part of the first response data;
	querying, by the query controller, the plurality of data sources in accordance with the second investigation input;
	receiving, in response to the querying in accordance with the second investigation input, second response data from the plurality of data sources; 
	and augmenting, based on the second response data, the data structure such that the data structure represents relationships between the second investigation input and the second response data.
	Funk discloses the method further comprising: receiving, at the query controller, a second investigation input, wherein the second investigation input comprises an indication of all or part of the first response data; See Col. 11, lines 37-48, (An interface engine component may render one or more network activity graphs based on investigations built by a user. The network activity graph may be further modified based on a user's interaction with the network activity graph. The interface engine may change entities/links in the network activity graph based on user interaction with the network activity graph, i.e. receiving a second investigation input, wherein the second investigation input comprises an indication of all or part of the first response data (e.g. user changes may comprise removing a node, creating a new connection between nodes, etc. nodes are a part of first response data (e.g. the initial network a ctivity graph).)
	querying, by the query controller, the plurality of data sources in accordance with the second investigation input; See Col. 5, lines 54-65, (Data in two or more tables maybe combined to lead generation of an investigation. Data in entity tables and link tables may be combined to create a graph of related entities that may be further augmented/complemented to allow a user to find one or more entities and further modify the generated graph. Tables may be joined via fast joins effectuated by one or more SQL instructions/joins to combine data.) The examiner notes that the two or more tables are a plurality of data sources that are being manipulated via user interaction.
	receiving, in response to the querying in accordance with the second investigation input, second response data from the plurality of data sources; See Col. 11, lines 37-48, (An interface engine component may render one or more network activity graphs based on investigations built by a user. The network activity graph may be further modified based on a user's interaction with the network activity graph. The network activity graph may be augmented/complemented with additional information such as data in the attributes table. The interface engine may change entities/links in the network activity graph based on user interaction with the network activity graph, i.e. receiving second response data (e.g. the modified activity graph) in response to second investigation input (e.g. the user interaction).)
	and augmenting, based on the second response data, the data structure such that the data structure represents relationships between the second investigation input and the second response data. See Col. 11, lines 37-48, (An interface engine component may render one or more network activity graphs based on investigations built by a user. The network activity graph may be modified based on a user's interaction with the network activity graph. The network activity graph may be augmented/complemented with additional information such as data in the attributes table, i.e. augmenting the data structure such that the data structure represents relationships between the second investigation input and the second response data.) The examiner notes that the network activity graph is generated based on previous investigations which result in an initial network activity graph and then further modified by user interaction which results in a second network activity graph, i.e. second investigation input and second response data.
	CAI, SAINANI and Funk are analogous art because they are in the same field of endeavor, data analysis. It would have been obvious to anyone having ordinary skill in the art before the effective filing date to modify the system of CAI-SAINANI to include the method of generating and modifying graphs for data investigation as disclosed by Funk. Doing so would allow users to interact with existing investigation data in order to perform further analysis. This provides further information relating to the plurality of entities included in the network activity graph that users can engage with, thereby improving the user experience.
Regarding dependent claim 16,
As discussed above with claim 15, CAI-UCHIUMI-Funk discloses all of the limitations.
	Funk further discloses the step wherein the second investigation input comprises an indication of an entity included in the first response data. See Col. 11, lines 41-48, (Subsequent user inputs may further modify the existing network activity. User inputs may include removal of nodes or adding new connections to nodes, i.e. user inputs interact with already existing network activity graph components, i.e. entities included in the first response data.
	CAI, SAINANI and Funk are analogous art because they are in the same field of endeavor, data analysis. It would have been obvious to anyone having ordinary skill in the art before the effective filing date to modify the system of CAI-SAINANI to include the method of generating and modifying graphs for data investigation as disclosed by Funk. Doing so would allow users to interact with existing investigation data in order to perform further analysis. This provides further information relating to the plurality of entities included in the network activity graph that users can engage with, thereby improving the user experience.



Regarding dependent claim 17,
As discussed above with claim 15, Gopalakrishnan-UCHIUMI-Funk discloses all of the limitations.
	UCHIUMI further discloses the method further comprising generating and storing a record of a first set of investigation steps used to generate the data structure, wherein the first set of investigation steps comprises the first investigation input and the second investigation input. See Paragraph [0034], (Disclosing an events database for storing events and related information, i.e. storing a record of a first set of investigation steps used to generate the data structure, wherein the first set of investigation steps comprises the first investigation input and the second investigation input.)

Claim 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over CAI in view of UCHIUMI as applied to claim 1 above, and further in view of Lecue et al. (US PGPUB No. 2020/0110746; Pub. Date: Apr. 9, 2020).
Regarding dependent claim 9,
As discussed above with claim 1, CAI-UCHIUMI discloses all of the limitations.
	CAI-UCHIUMI does not disclose the method further comprising generating and displaying a visual representation of the data structure representing the relationships between the first investigation input and the first response data.  
	Lecue discloses the method further comprising generating and displaying a visual representation of the data structure representing the relationships between the first investigation input and the first response data. See Paragraph [0014], (Disclosing a system for generating and enhancing knowledge graphs, wherein said knowledge graphs include a knowledge base of information that captures entities, relationships and attributes with semantic meaning responsive to a data query.). See Paragraph [0033], (A GUI may render displays of the constructed knowledge graphs, i.e. displaying a visual representation of the data structure.).
	CAI, UCHIUMI and Lecue are analogous art because they are in the same field of endeavor, data analytics. It would have been obvious to anyone having ordinary skill in the art before the effective filing date to modify the system of CAI-UCHIUMI to include the method of rendering knowledge graphs as disclosed by Lecue. Doing so would allow users to view relationships between queried entities via a comprehensive knowledge graph.

Claim 13-14 is/are rejected under 35 U.S.C. 103 as being unpatentable over CAI in view of UCHIUMI as applied to claim 1 above, and further in view of HSU et al. (US PGPUB No. 2012/00789514; Pub. Date: Mar. 29, 2012).
Regarding dependent claim 13,
As discussed above with claim 1, CAI-UCHIUMI discloses all of the limitations.
CAI-UCHIUMI does not disclose the method further comprising receiving an input, based on the record, comprising instructions to modify one or more of the investigation steps to modify the data structure.  
HSU discloses the method further comprising receiving an input, based on the record, comprising instructions to modify one or more of the investigation steps to modify the data structure. See Paragraph [0027], (Disclosing a system for processing a data stream by performing query processing to generate map results for portions of the data stream. The method includes the ability to perform a query rewind that rolls back query processing but does not terminate or shut down the entire process.). Note [0064] wherein the rewind operation causes the system to output the results of the current portion of data being processed, i.e. the rewind operation modifies the output data structure.
CAI, UCHIUMI and HSU are analogous art because they are in the same field of endeavor, query analysis. It would have been obvious to anyone having ordinary skill in the art before the effective filing date to modify the system of CAI-UCHIUMI to include the method of rewinding query processing steps as disclose by HSU. Doing so would allow the system to rewind a query in order to process stream data portion-by-portion or chunk-by-chunk while preserving history-sensitive data as disclosed in Paragraph [0027] of HSU.

Regarding dependent claim 14,
As discussed above with claim 13, CAI-UCHIUMI -HSU discloses all of the limitations.
HSU further discloses the step wherein modifying one or more of the investigation steps comprises undoing an investigation step. See Paragraph [0027], (The method includes the ability to perform a query rewind that rolls back query processing but does not terminate or shut down the entire process, i.e. rewinding a query is undoing an investigation step.).
CAI, UCHIUMI and HSU are analogous art because they are in the same field of endeavor, query analysis. It would have been obvious to anyone having ordinary skill in the art before the effective filing date to modify the system of CAI-UCHIUMI to include the method of rewinding query processing steps as disclose by HSU. Doing so would allow the system to rewind a query in order to process stream data portion-by-portion or chunk-by-chunk while preserving history-sensitive data as disclosed in Paragraph [0027] of HSU.

Claim 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over CAI in view of UCHIUMI as applied to claim 1 above, and further in view of Gupta et al. (US PGPUB No. 2017/0091673; Pub. Date: Mar. 30, 2017).
Regarding dependent claim 21,
	As discussed above with claim 1, CAI-UCHIUMI discloses all of the limitations.
	CAI-UCHIUMI does not disclose exporting the data structure to a second system comprising one or more processors, a second system is configured to query a second plurality of data sources distinct from the plurality of data sources;
	Gupta discloses exporting the data structure to a second system comprising one or more processors, See Paragraph [0034], (Disclosing exporting a transformation chain including an endpoint of a trained model from a training environment to a production environment for prediction, i.e. exporting a data structure to a second system.). Note Figure 3 wherein the production environment 108 comprises a processor 302, i.e. a second system comprising one or more processors.
	a second system is configured to query a second plurality of data sources distinct from the plurality of data sources; See Figure 3 and Paragraph [0082], (Production environment 108 comprises a storage device 312 for storing one or more imported DAGs of transformation workflows, model data, etc., i.e. storage device 312 may be queried and is separate from storage device 212 of the testing environment. ).
	and modifying the data structure based on one or more queries of the second plurality of data sources. See Paragraph [0077], (Models are exported to the prediction server 108 after a model training module identifies a rule associated with training and exporting the updated model to the prediction server.) See Paragraph [0084], (New or updated portable models corresponding to existing models stored at the prediction server may be received from among models stored in storage device 212 as illustrated in FIG. 2)
CAI, UCHIUMI and Gupta are analogous art because they are in the same field of endeavor, data analytics. It would have been obvious to anyone having ordinary skill in the art before the effective filing date to modify the system of CAI-UCHIUMI to include the method of exporting data analytics graphs across storage systems as disclosed by Gupta. Doing so would allow the system to analyze datasets from disparate systems using previously identified and/or optimized models developed via machine learning. This allows for recycling previous data models as opposed to determining a new model for every dataset encountered.

Response to Arguments
Applicant's arguments with respect to the rejection(s) of claim(s) 1 under 35 USC 103 have been fully considered but they are not persuasive.
Regarding independent claim 1,
Applicant argues that CAI (US PGPUB No. 2020/0104849; Pub. Date: Apr. 2, 2020) does not disclose the following limitations of independent claim 1:
generating and storing, based on the first response data, a data structure representing relationships between the first investigation input and the first response data, wherein the data structure comprises a knowledge graph; 
The examiner respectfully disagrees,
Paragraph [0034] of CAI describes a data structure for storing events and related information referred to as an events database that may be stored in memory 1215, storage 1235 or data 1240 illustrated in FIG. 12, i.e. a data structure representing relationships between first investigation input and first response data. Paragraph [0262] defines a data structure as being one of a data field, a data file, a data array, a data record, a database, a data table, a graph, a tree, a linked list, etc. Data structures may be formed from and contain a plurality of other data structures, i.e. forming a data structure is equivalent to generating and storing (e.g. the events warehouse is formed and stored in memory, storage or data.) The examiner notes that since the events database is a data structure, it may be embodied and formed as a graph as described in [0262], i.e. the data structure comprises a knowledge graph.
Regarding the portion of the limitation “based on the first response data”, Paragraph [0055] discloses that the method of threshold tuning which handles sampling and investigation of event information is triggered in response to a user input to the monitoring system or the tuning system. Paragraph [0104] additionally disclosing that sampled events are presented to a human investigator for investigation using an output device, i.e. the content presented to a user represents response data. Users may provide further inputs to the provided sampled events and the subsequent event information is stored in the events database data structure.
and training a machine learning algorithm based on the plurality of respective data structures, wherein training the machine learning algorithm based on the plurality of respective data structures comprises training the machine learning algorithm to classify data structures generated using the first set of investigation steps and generated with respect to different respective entities into one or a set of predefined classifications.
The examiner respectfully disagrees.
Paragraph [0036] of CAI discloses that the machine learning model is built, trained and validated based one vents sampled from the events database. As disclosed in Paragraph [0262], the events database may be formed and comprising of a plurality of data structures, including graphs, i.e. training a machine learning algorithm based on the plurality of respective data structures. Paragraph [0123] of CAI describes the training process as using a machine learning model to calculate a raw probability score of suspiciousness. Paragraph [0127] then describes the methodology for classifying training data comprising events into risk rating categories, i.e. a set of predefined classifications.
Note [0164] that training the machine learning model includes a step of validation and calibration wherein the training set is validated against a validation set comprising distinct events which are obtained from a sampling of events from the events database, i.e. training the machine learning algorithm to classify data structures generated using the first set of investigation steps (e.g. the validation set is obtained from previously generated events data of the events database)
Therefore, events from the events database is used to train and validate a training set of event data for configuring a machine learning algorithm capable of assigning probability scores of suspiciousness for said events.

Applicant’s arguments with respect to the rejection(s) of claim(s) 15 under 35 USC 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Funk et al. (US Patent No.: 10/606,866; Date of Patent: Mar. 31, 2020).
See rejection above for further details.
Additionally, rejections for claims 16-17 which depended upon previously rejected claim 15 have also required new grounds of rejection as detailed above.





Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fernando M Mari whose telephone number is (571)272-2498. The examiner can normally be reached Monday-Friday 6am-3pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Mariela Reyes can be reached on (571) 270-1006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/FMMV/Examiner, Art Unit 2159                                                                                                                                                                                                        /Mariela Reyes/Supervisory Patent Examiner, Art Unit 2159