DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This office action is a response to amendments filed 02/11/2022 wherein claims 1-5, 8-13, and 16-20 are pending and ready for examination. 

Response to Arguments
Applicant's arguments filed 02/11/2020 have been fully considered but they are not persuasive. 

Applicant Asserts: “Applicant submits that the cited references fail to disclose, teach, or suggest at least “identifying, by the processing device and based at least in part on the analyzing, a unit of work of the plurality of units of work that has a highest count of data records as the anomaly” as recited in claim 1 and as similarly recited in independent claims 9 and 17.

In the Office Action, the Examiner alleges that Abramovitz teaches a unit of work as "media activity counts" shown in FIG. 22A and further alleges that the "claimed 'flooding' is illustrated by Abramovitz as '7200 [sic] counts on 8/16/13 in FIG. 22A." "FIG. 22A illustrates a screen shot of a graph portlet 2210 that may be generated and displayed by the user interface module while a user is accessing/using an STA application." (Abramovitz at para. [0237]). The cited FIG. 22A of Abramovitz shows media activity accounts by day. That is, the number of daily media activity accounts is plotted as a "count" for each "date." Thus, this figure and the associated description of Abramovitz is silent regarding "identifying, by the processing device and based at least in part on the analyzing, a unit of work of the plurality of units of work that has a highest count of data records as the anomaly" as claimed”.
Examiner Response:  Respectfully, the Examiner disagrees with applicant representative characterization of the prior art of record not teaching the above limitation, as amended.  Blaicher, in view of Abramovitz, discloses at the cited location the identification and analyzing by a processing device a units of work that may exceed a threshold.  In this case, the unit of work is cited by secondary reference Abramovitz as to exceed a threshold.  The Examiner in the previous Office Action addressed the ‘flooding’ term and in an effort to advance prosecution cited another portion of Abramovitz to teach the concept of flooding as exceeding a threshold or specified limit.   It is at least for these reasons the Examiner maintains the prior art with a new round of rejection of claims 1-5, 8-13, and 16-20.                              


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Blaicher; Christopher Youngs, US 20180365259, December 20, 2018, hereafter referred to as Blaicher in view of Abramovitz; Micheal Paul et al, US 20140149477, May 09, 2014 hereafter referred to as Abramovitz.

          As to claim 1.  Blaicher teaches a computer-implemented method - Blaicher [0022] … Mainframe 101 executes processes discussed with reference to FIG. 5) for anomaly detection based on data records, the method comprising:
          receiving, by a processing device, the data records, the data records being of a plurality of data record types - Blaicher [0060] In FIG. 6, SF mainframe 101 receives or captures at 601 a data output stream with a set of SMF data from a mainframe (e.g., via data collector engine 305 in FIG. 3. Thereafter, at 603, mainframe 101 retrieves from memory a selection or predetermined criteria indicating classes, types of SMF field data values configured to be flattened. Here, the claimed ‘data records’ is taught by Blaicher as ‘output stream’ because the stream is a composite or collection of SMF (system management facility) data sent to mainframe 101);
         analyzing, by the processing device, the data records by comparing the data records of different record types, - Blaicher [0062]  Stated differently, selection data engine 307 selects from the SMF data field values that match or belong to the class or type indicated by the field-type.  Here, the claimed ‘analyzing’ is taught by Blaicher as ‘match’ because a match requires a comparison between one or more elements which are the incoming data and previously stored data, wherein the analyzing the data records further comprise sorting occurrences of the identification features - Blaicher [0042] In some instances, selection data engine 307 parses SMF data received or captured by data collector engine 305 to determine a set of SMF record-type identifiers and SMF field-type identifiers logically related to SMF record-type identifiers in the set of SMF record-type identifiers.  BLAICHER DOES NOT TEACH each of the data records being associated with one of a plurality of units of work identified by an identification feature that caused a respective data record of the data records to be created;
identifying, by the processing device and based at least in part on the analyzing, a unit of work, of the plurality of units of work that has a highest count of data records as the anomaly, HOWEVER IN AN ANALAGOUS ART DIRECTED TO THE SAME FIELD OF ENDEAVOR ABRAMOVITZ TEACHES
          each of the data records being associated with one of a plurality of units of work identified by an identification feature that caused a respective data record of the data records to be created - Abramovitz [0066] The loaders 342 may work via a multi-step process such as the following exemplary two-step process. The first step may be to acquire the input data 326, parse it, and insert it into staging tables in database 344 (or in other areas of memory accessible by the STA application 340.  Here, the claimed ‘units of work’ is taught by Abramovitz as ‘loaders 342’ because the work performed includes identifying and storing data whereas the claimed.  The claimed ‘associated’ is taught by Abramovitz as ‘staging tables’ because input data first identified and loaded into staging tables where the identification makes the association for proper transformation), and 
           identifying, by the processing device and based at least in part on the analyzing, a unit of work of the plurality of units of work that has a highest count of data records as the anomaly – Abramovitz [0069] since at ‘69 … a rules-based subsystem that understands a few rules such as filtering and thresholds and applies user-specified or default criteria and its rules to create alerts. … In many cases, an alert refers to a specific entity in the user's environment, such as a tape drive 316 or a tape cartridge or media 318.  Here, the claimed ‘identifying’ is taught by Abramovitz as ‘alerting subsystem/module 350 whereas the claimed ‘highest count’ is taught by Abramovitz as ‘thresholds’ because to exceed the user applied criteria would surpass the allowed data loads. Thus, it would have been recognized by one of ordinary skill in the art before the effective filing date of the claimed invention that applying the known technique of pattern recognition for anomaly detection taught by Abramovitz to the implementation system of Blaicher would have yielded predicable results and resulted in an improved system, namely, an implementation system that incorporates statistical analysis to security records management storage system thereby advantaging Blaicher using the technique of anomaly detection provided by Abramovitz. 

            As to claim 2, the combination of Blaicher and Abramovitz teaches the computer-implemented method of claim 1, further comprising:
            implementing a mitigation action based at least in part on the unit of work identified as the anomaly– Blaicher [0030] … if mainframe 101 process two billion transactions per day, mainframe 101 can implement processes to selectively capture and forward SMF data produced from such transactions. Mainframe 101 overcomes the need of having memory repositories (e.g., disk drives 315) dedicated to handle bottlenecks of SMF data that may occur when mainframe 101 operates close to its full capacity or at anomalous rates.  Here, the claimed ‘mitigation action’ is taught by Blaicher as ‘selectively capture’ since reducing the number of records will reduce the processing burden).

           As to claim 3, the combination of Blaicher and Abramovitz teaches the computer-implemented method of claim 1, wherein the method is implemented as an application programming interface - Blaicher [0052] SF input interface 411 enables users or non-person entities to enter configuration files to, for example, update data included in flattening data structure 417, control data structure 419, targeted formats 421 or other suitable data structures and processor-executable instructions residing in SF server 205.  Here, the claimed ‘application programming interface’ is taught by Blaicher as ‘SF input interface 411’).

            As to claim 4, the combination of Blaicher and Abramovitz teaches the computer-implemented method of claim 1, further comprising identifying a second anomaly by identifying features of interest across multiple data record types and determining a highest occurring feature of interest as being the second anomaly – Abramovitz [0186] and Figure 22A since at ‘186 … The pivot tables used in the aggregate views provide the ability to swap rows and columns. In tables, columns may be hidden, exposed, and reordered. These capabilities are exposed to the STA application users. A user may also annotate many elements throughout the user interface. Annotations serve to help document key events, key decisions, anomalies, tape system and environment information specific to an installation, and other user-selected or user-relevant information.  Here, the claimed ‘second anomaly’ is taught by Abramovitz as ‘anomalies’.  The claimed ‘across multiple data record types’ is taught by Abramovitz as ‘in the aggregate views’ as illustrated by Figure 3 Data Source 314 depicting multiple data records since at Figure 22A FIG. 22A illustrates a screen shot of a graph portlet 2210 that may be generated and displayed by the user interface module while a user is accessing/using an STA application.  Here, the claimed ‘feature of interest’ is illustrated by Abramovitz as ‘count’ which monitors media movement.  The rationale for Blaicher to consider the teachings of Abramovitz statistical analysis in claim 1 applies here in claim 4).

             As to claim 5, the combination of Blaicher and Abramovitz teaches the computer-implemented method of claim 1, further comprising comparing the identified anomaly to historic data records to determine whether the anomaly is consistent or inconsistent with historic behavior – Abramovitz [0221 and 0236] since at ‘221 Of interest in identifying problems, a user can navigate through the history of use of media and drives, e.g., a user may identify a drive that has an error and obtain a list of exchanges for that "bad" drive to perform further analysis since at ‘236….The user interface module of the STA application is configured or adapted such that each of these portlets displays some information on how the user's monitored tape infrastructure or library environment is presently operating or has operated historically or both.  Here, the claimed ‘anomaly’ is taught by Abramovitz as ‘identifying problems’ which in this case is a bad media/drive whereas the claimed ‘behavior’ is taught by Abramovitz as ‘operating/has operated’.  Thus, one of ordinary skill in the art before the effective filing date of the claimed invention of Blaicher would have been motivated to update the implementation system of Blaicher with the (teachings of Abramovitz) and thereby gaining, predictably, the commonly understood benefits of such adaptation, that is, acquiring the ability to provide historical analytics provided by Abramovitz to the collected SMF records of Blaicher).

             As to claim 6, the combination of Blaicher and Abramovitz teaches the computer-implemented method of claim 1, wherein analyzing the data records further comprises sorting occurrences of identification features - Abramovitz [0083] The STA application provides considerable flexibility about the appearance of most of these display screens in the user interface. The tables shown in a multi view, for example, can be sorted. The rationale for Blaicher to consider the teachings of Abramovitz statistical analysis in claim 1 applies here in claim 4). 

             As to claim 7, the combination of Blaicher and Abramovitz teaches the computer-implemented method of claim 6, wherein identifying the unit of work that is flooding the data records as the anomaly further comprises aggregating the data records created by each of a plurality of units of work, across record types, and identifying a highest count unit of work of the plurality of units of work as being the unit of work that is flooding the data records – Abramovitz [0180 and Figure 22A] since at ‘180  a libraries panel 1350 (which may show health by library model, volume of data reads and writes, exchanges for a time period, enters and ejects by counts over a monitoring time period, or the like). Generally, the subpanels/views may be used to give a user status of components of a tape infrastructure (such as status of libraries, media, and drives) and may show alerts in some embodiments for various components/portions of a tape infrastructure. An "Action" element may be provided in the health portlets to call monitoring personnel (customers of the STA application/service) into action.  Here, the claimed ‘aggregating’ in taught by Abramovitz as ‘counts’.  The claimed ‘plurality of units of work’ is taught by Abramovitz as ‘components of tape infrastructure because it is the components that perform the work identified as ‘enter’ ‘ejects’ or ‘other’ in FIG. 22A.  The rationale for Blaicher considering Abramovitz in claim 1 applies here in claim 7).
 
             As to claim 8, the combination of Blaicher and Abramovitz teaches the computer-implemented method of claim 1, wherein the data records are system management facilities records - Blaicher [0022] For instance, a selection of SMF records can be captured by mainframe 101 and forwarded to data warehouses 107. SMF is a mainframe operating system application used for the measurement of mainframe software services).
 
           As to claim 9, claim 9 is a system that is directed to the method of claim 1.  Therefore claim 9 is rejected for the reasons as set forth in claim 1.  

          As to claim 10, claim 10 is a system that is directed to the method of claim 2.  Therefore claim 10 is rejected for the reasons as set forth in claim 2.

           As to claim 11, claim 11 is a system that is directed to the method of claim 3.  Therefore claim 11 is rejected for the reasons as set forth in claim 3.

          As to claim 12, claim 12 is a system that is directed to the method of claim 4.  Therefore claim 12 is rejected for the reasons as set forth in claim 4.

          As to claim 13, claim 13 is a system that is directed to the method of claim 5.  Therefore claim 13 is rejected for the reasons as set forth in claim 5.

          As to claim 14, claim 14 is a system that is directed to the method of claim 6.  Therefore claim 14 is rejected for the reasons as set forth in claim 6.

         As to claim 15, claim 15 is a system that is directed to the method of claim 7.  Therefore claim 15 is rejected for the reasons as set forth in claim 7.

            As to claim 16, claim 16 is a system that is directed to the method of claim 8.  Therefore claim 16 is rejected for the reasons as set forth in claim 8.

           As to claim 17, claim 17 is a computer program product that is directed to the method of claim 1.  Therefore claim 17 is rejected for the reasons as set forth in claim 1.

           As to claim 18, claim 18 is a computer program product that is directed to the method of claim 2.  Therefore claim 18 is rejected for the reasons as set forth in claim 2.

           As to claim 19, claim 19 is a computer program product that is directed to the method of claim 3.  Therefore claim 19 is rejected for the reasons as set forth in claim 3.

          As to claim 20, claim 20 is a computer program product that is directed to the method of claim 4.  Therefore claim 20 is rejected for the reasons as set forth in claim 4.

Examiner Note: The Examiner further found ALBER; CHAD NORMAN et al, US 20140146648 - A1 to be of particular relevance to the claimed invention.

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM B. JONES whose telephone number is (571) 272-9637.  The examiner can normally be reached on Mon - Fri., 5:30 a.m. to 2:00 p.m.  If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-272-3900.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
 /WILLIAM B JONES/Examiner, Art Unit 249105/16/2022


/ALEXANDER LAGOR/Primary Examiner, Art Unit 2491