Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments with respect to claims 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-21 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by US Pat. Pub. No. 2017/0017708 to Fuchs et al. (hereinafter Fuchs).
Per claim 1, Fuchs discloses a computer-implemented method (see figures) comprising:
applying, by a computing device (fig. 2:214…server), deductive artificial intelligence (Al) attribution and auditability to data inputs (fig. 3:302, 306 and ¶46…ingest data and automatically organize data and extract entities and relationship between entities, this process construed as deductive AI attribution and auditability;  fig. 7... provenance link; figs. 9-21 and ¶12-13…attribution and auditability is provided by the ability to drill down each entity and relationship and introspect the raw data that entity/relationship derived from, for instance, provenance link enable visual exploration of entity-relationship model where user can inspect and attribute raw data to user selected entities and relationships; fig. 4:224 and ¶42…audit sub-system), wherein applying the deductive AI attribution and auditability accounts for ontologies (fig. 4:404, fig. 5:504, fig. 6:604 and ¶9…extracting entities and relationships between entities being ontological, based on models 504; ¶9…”On top of the raw data, a second tier comprises a linked data view extracting entities and relationships from the underlying data according to a configurable ontology”) and competing system information (fig. 4:400, fig. 5:502 and fig. 6:602…raw data can contain data construed to be competing system information; fig. 7 and ¶16…raw data store shows network and system logs associated with potential cybersecurity events/threats, e.g., competing system information; fig. 17…underlying data records, e.g., competing system information, for entities and relationships can be examined), wherein the ontologies comprise structured data that represent relations between one or more concepts (fig. 5:504, fig. 6:604 and ¶60-61,64L…models are structured data representing entities/concepts and their relationships: “[0060] A "model store" is a container for data that has been extracted via mappings out of the raw data store. The model store is composed of special purpose datasets containing entity and relationship instances.  [0061] An "entity instance" is a datatype comprising scalar, aggregate, and grouped features extracted from raw data records.  [0064] A “relationship instance” is a datatype representing a link between two entity instances.  Each relationship instance is identified by its relationship class and its origin and destination entity instances.”) in one or more subject matter domains (fig. 6 and ¶122,127…models can be belong to particular subject matter domains such as cybersecurity, healthcare, intelligence, finances, etc.), wherein the competing system information comprises cybersecurity threat information (¶122…raw data can be cybersecurity related information: ”in one embodiment, the raw data records comprise enterprise network security-related data sources including one of: syslog, netflow, PCAP, proxy logs and SIEM alerts, and the entities are cybersecurity actors and assets including one of: hosts, users, files and programs. A model populated with such data enables cybersecurity analysis (e.g., to identify a cybersecurity threat in the enterprise)”), and wherein the deductive AI attribution and auditability is applied to the data inputs by user workflow (figs. 9-21 and ¶12-13…visual exploration by user, e.g., user workflow, can be done to find sources of anomalies such in the cybersecurity domain, where attribution and auditability of models is applied by being able to inspect raw data underlying an item of interest, e.g., an entity/relationship, such as by drilling down to the raw data associated with the item of interest);
processing, via a feedback loop (¶48…source/raw data can be update regularly as new data is added and entities and relationships, obtained from the deductive AI, can be updated regularly to reflect the new source/raw data, the continual ingesting and updating of models for new data is construed to be a feedback loop; fig. 9 and ¶121…entity-relationship model can be readily displayed and queried, the model being displayed as a graph with entity instance represented by a dot while relationship instances represented by lines connecting the dots, wherein “the user can query the entity-relationship model and, in response, the visual display may be updated”, thus, the query and visual display update is a feedback loop since every query will generate a specific visual display update), the data inputs applied with the deductive AI attribution and auditability to align a sense-understand-decide-act (SUDA) understanding (figs. 9-21…ability of user to visually explore/introspect models and their underlying raw data is giving user sense-understand-decide-act abilities, i.e., user can identify and then mitigate a cybersecurity threat) with an inductive AI understanding (figs. 19-21 and ¶9, 119 and 124…automated anomaly detection can be implemented by applying machine learning on underlying raw data associated with models to differentiate between expected behavior versus outliers, the machine learning on the underlying raw data of the model construed as inductive AI understanding);
automating, via the feedback loop, the inductive AI (figs. 19-21 and ¶119…user can make a query and update visual display (fig. 19), e.g., an instance of the feedback loop, where automated anomaly detection by machine learning is automatically performed, shown by outliner and anomaly detection/display of figs. 20-21) based upon, at least in part, an AI expert system processing of the data inputs (fig. 2:200…enterprise system 200 construed to be AI expert system that processing raw data inputs); and 
developing one or more policy based rules for user automation authorization (fig. 1:104, fig. 2:220,fig. 3:304 and ¶41,44,46…security component 114 provides a policy engine 220 that enables, thru development of specific rules, for both role-based and attribute-based access controls, giving ability of organization to dictate who can access certain types of data) based upon, at least in part, the feedback loop (access controls, for ingested raw data and future updates of raw data to be ingested, is determined by policy engine 220; figs. 19-21…query and visual display updates will only show user the data that is permissible by the policy engine 220).
Per claim 2, Fuchs discloses claim 1, further disclosing processing the data inputs includes indexing the data inputs (¶82-83, 100…indexing data inputs).
Per claim 3, Fuchs discloses claim 1, further disclosing processing the data inputs includes analyzing the data inputs (fig. 3:308…analyze data inputs).
Per claim 4, Fuchs discloses claim 1, further disclosing processing the data inputs includes organizing the data inputs (fig. 3:306 and ¶46…”to “connect” 306 refers to the ability of the system to automatically organize data and extract information”).
Per claim 5, Fuchs discloses claim 1, further disclosing processing the data inputs includes sorting the data inputs (fig. 2:216 and ¶43…Accumulo database provides a sorted, distributed key-value data store…”).
Per claim 6, Fuchs discloses claim 1, further disclosing the competing system information includes one of cybersecurity threat information (¶122…raw data can be cybersecurity related information: ”in one embodiment, the raw data records comprise enterprise network security-related data sources including one of: syslog, netflow, PCAP, proxy logs and SIEM alerts, and the entities are cybersecurity actors and assets including one of: hosts, users, files and programs. A model populated with such data enables cybersecurity analysis (e.g., to identify a cybersecurity threat in the enterprise)” and the one or more policy based rules for user automation authorization (fig. 1:104, fig. 2:220,fig. 3:304 and ¶41,44,46…security component 114 provides a policy engine 220 that enables, thru development of specific rules, for both role-based and attribute-based access controls, giving ability of organization to dictate who can access certain types of data).
Per claim 7, Fuchs discloses claim 1, further disclosing automating the inductive AI includes automating sensing and understanding functions of the inductive AI (figs. 19-21 and ¶119…automated anomaly detection by machine learning is automatically performed, shown by outliner and anomaly detection/display of figs. 20-21) and decision and action functions of the deductive AI (fig. 3:302, 306 and ¶46…ingest data and automatically organize data and extract entities and relationship between entities).
Claims 8-21 are substantially similar in scope and spirit to claims 1-7. Therefore, the rejection of claims 1-7 are applied accordingly. Fuchs further discloses a computer program product (¶132...apparatus/computer), computer readable storage medium (¶132...computer readable storage medium) and computer system (figs. 1-2) as associated with the method of claims 1-7.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALAN CHEN whose telephone number is (571)272-4143. The examiner can normally be reached M-F 10-7.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kamran Afshar can be reached on (571) 272-7796. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ALAN CHEN/Primary Examiner, Art Unit 2125