DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
This action is in response to applicant’s arguments and amendments filed 6/17/2022, which are in response to USPTO Office Action mailed 2/22/2022. Applicant’s arguments have been considered with the results that follow: THIS ACTION IS MADE FINAL.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-4, 6-7, 9-11, 13, 14-15 and 18-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Herwadkar et al. (US PGPUB No. 2019/0102553; Pub. Date: Apr. 4, 2019) in view of Gieseke (US PGPUB No. 2017/0178139; Pub. Date: Jun. 22, 2017) and Baradaran et al. (US PGPUB No. 2017/0126718; Pub. Date: May 4, 2017)
Regarding independent claim 1,
	Herwadkar discloses a system for false positive detection comprising: an interface configured to receive a transaction data; See Paragraph [0041], (Disclosing a method for detecting an anomaly in queries of a relational database. The method including a monitoring apparatus for analyzing queries received by the RDBMS, i.e. an interface configured to receive transaction data.).
and a processor configured to: determine whether the transaction data is a statistical outlier; See Paragraph [0041], (The monitoring apparatus analyzes queries received by the RDBMS in order to determine anomalies. Note [0151] wherein the method extracts attribute values from a query in order to identify outlier values, i.e. determine whether transaction data is a statistical outlier.).
and in response to the transaction data being the statistical outlier: query database data to determine whether the transaction data is a false positive; See FIG. 3 and Paragraph [0117]-[0118], (FIG.3  illustrating steps for performing frequency-based anomaly detection in relational database queries. An incoming query may be matched to one or more non-anomalous queries at step 302, i.e. querying a database. If a query matches one or more non-anomalous queries, the frequency of said query is determined and compared to a frequency threshold. The frequency threshold may reflect a false positive tolerance, i.e. determining whether the transaction data is a false positive.).
in response to the transaction data being the false positive, indicate that the transaction data is normal. See Paragraph [0119], (If the query's frequency meets the frequency threshold, the query may be identified as non-anomalous and no further output and/or analysis is required, i.e. indicating that the transaction data is normal.).
Herwadkar does not disclose the step comprising to: select an object graph associated with the transaction data, wherein the object graph comprises a set of relationships that exist amongst a set of objects; 
determine whether relation types originating from the transaction data conform with the set of relationships; 
and in response to a determination that the relation types originating from the transaction data do not conform with the set of relationships, determine the transaction data is not a false positive;
Gieseke discloses the step comprising to: select an object graph associated with the transaction data, wherein the object graph comprises a set of relationships that exist amongst a set of objects; See FIG. 3 and Paragraph [0028], (Disclosing a method for generating a graph database based on transaction information and determine whether there are potentially fraudulent nodes in said graph database. FIG. 3 illustrates method 300 comprising step 320 of generating a graph that represents transaction information. This step includes populating graph database elements using data structures associated via edges to form the graph, i.e. select an object graph associated with the transaction data (e.g. the graph of transaction information), wherein the object graph comprises a set of relationships that exist amongst a set of objects (e.g. the data structures representing types of transaction information).)
determine whether relation types originating from the transaction data conform with the set of relationships; See FIG. 3 and Paragraph [0029], (Method 300 comprises step 330 of analyzing relationships in the transaction graph. The method continues to step 340 of identifying fraudulent graph nodes based on the analysis of step 330.) See FIG. 1 and Paragraph [0019]-[0020], (Fraud status information of a node may indicate that a node is potentially fraudulent. For the example graph provided in FIG. 1, nodes 111, 121, 131, 141, 124, and 112 are identified as associated with fraudulent activity, i.e. determining whether relation types originating from transaction data conform with the set of relationships (e.g. determining if nodes 111, 121, 131, 141, 124, and 112 conform to the rest of the graph).)
and in response to a determination that the relation types originating from the transaction data do not conform with the set of relationships, determine the transaction data is not a false positive; See Paragraph [0030], (At step 340, fraudulent nodes in the graph are identified based on the analysis performed at step 330 wherein the method determines that a node or group of nodes are fraudulent, i.e. relation types originating from the transaction data do not conform with the set of relationships (e.g. the fraudulent nodes do not conform to transaction information from non-fraudulent nodes.) See Paragraph [0031], (Positive and negative profiling of transaction graphs may be used to determine the likelihood that a transaction is/is not fraudulent with greater accuracy. 
The examiner notes that the accurate determination that a node/group of nodes is fraudulent constitutes a determination that transaction data is not a false positive as it has been correctly determined to be fraudulent.
Herwadkar and Gieseke are analogous art because they are in the same field of endeavor, anomaly detection. It would have been obvious to anyone having ordinary skill in the art before the effective filing date to modify the system of Herwadkar to include the method of detecting fraudulent nodes in a transaction graph as disclosed by Gieseke. Doing so would allow the system to use positive and negative profiling as described in Paragraph [0031] of Gieseke to accurately determine which nodes and/or groups of nodes are fraudulent based on known information and trends relating to graphs that represent transaction information.
Herwadkar-Gieseke does not disclose the step wherein in response to the transaction data not being the false positive, indicate that the transaction data is an unknown potential error.
Baradaran discloses the step wherein in response to the transaction data not being the false positive, indicate that the transaction data is an unknown potential error. See Paragraph [0313], (The disclosed multivariate policy manager is configured to produce explanations for anomalies based on rules, statistical models or historical observations. If the system is unable to provide an anomaly explanation, it is configured to receive an input corresponding to unknown anomalies. A potential anomaly may be classified as a false positive in the anomaly detection system if an element of network traffic does not appear to include an anomaly. If a user is unable to determine the cause of an anomaly, the anomaly is characterized as unknown, i.e. indicating that the transaction data is an unknown potential error (e.g. the network traffic anomaly is characterized as unknown.) 
The examiner notes that if an anomaly is determined to not be an anomaly it is then classified as a false positive. If it is determined to be an anomaly, then it can be determined to be unknown (e.g. an unknown anomaly cannot be a false positive).
	Herwadkar, Gieseke and Baradaran are analogous art because they are in the same field of endeavor, anomaly detection. It would have been obvious to anyone having ordinary skill in the art before the effective filing date to modify the system of Herwadkar-Gieseke to include the anomaly detection and method of output as described by Baradaran. Doing so would allow users to receive indication of anomalies the potential reason(s) for said anomalies. The method may also provide outputs following determination that network traffic is not anomalous, including false positives, and similarly generating output information for a user as described in Paragraph [0323] of Baradaran. The resulting improvement would be the delivery of anomaly and/or false positive information to a user allowing them to react accordingly.

Regarding dependent claim 2,
As discussed above with claim 1, Herwadkar-Gieseke-Baradaran discloses all of the limitations.
	Herwadkar further discloses the step wherein the processor is further configured to determine whether there is an error detected using a classifier. See Paragraph [0037], (The anomaly detection system classifies queries as anomalous based on an adaptive thresholding process, i.e. an anomaly is equivalent to an error, detecting an anomaly is equivalent to detecting an error.).

Regarding dependent claim 3,
As discussed above with claim 2, Herwadkar-Gieseke-Baradaran discloses all of the limitations.
	Herwadkar further discloses the step wherein the classifier comprises a multi-category classifier. See Paragraph [0155], (Queries may be classified as anomalous, otherwise they may be classified as normal, i.e. multiple categories of classification.)

Regarding dependent claim 4,
As discussed above with claim 2, Herwadkar-Gieseke-Baradaran discloses all of the limitations.
	Herwadkar further discloses the step wherein the classifier comprises a model-based classifier. See Paragraph [0152], (The query evaluation process of FIG. 6 includes comparing attribute values extracted from a query to a corresponding distribution model used to identify outlier values, i.e. the classifier and/or classification process are based on distribution models, i.e. a model-based classifier.)

Regarding dependent claim 6,
As discussed above with claim 2, Herwadkar-Gieseke-Baradaran discloses all of the limitations.
	Herwadkar further discloses the step wherein the processor is further configured to determine whether the transaction data is a statistical outlier in response to determining that the error is not detected using the classifier. See Paragraph [0155], (The query evaluation process includes determining a probability cutoff based on how many of the feature attributes in a query are outliers, i.e. determining whether transaction data is a statistical outlier. If the probability is greater than the threshold, the query is classified as normal, i.e. an error is not detected using the classifier.)
Regarding dependent claim 7,
As discussed above with claim 1, Herwadkar-Gieseke-Baradaran discloses all of the limitations.
	Herwadkar further discloses the step wherein the processor is further configured to indicate that the transaction data does not comprise an unknown potential error in response to the transaction data not being the statistical outlier. See Paragraph [0155], (The query evaluation process includes determining a probability cutoff based on how many of the feature attributes in a query are outliers, i.e. determining whether transaction data is a statistical outlier. If the probability is greater than the threshold, the query is classified as normal, i.e. a query that is classified as "normal" does not comprise an unknown potential error and does not represent a statistical outlier.)

Regarding dependent claim 9,
As discussed above with claim 1, Herwadkar-Gieseke-Baradaran discloses all of the limitations.
Baradaran further discloses the step wherein the processor is further configured to determine using feedback whether the unknown potential error is an actual error in response to the transaction data not being the false positive. See Paragraph [0323], (Univariate and multivariate rules may be updated based on user input received for a particular anomaly in order to generate further information about said anomaly, i.e. users may provide feedback to further explain and/or encompass all possible anomaly explanations, i.e. determining whether an error is an actual error.). The examiner notes that the process of [0323] is performed if an anomaly is detected, i.e. no false positives are detected.
	Herwadkar, Gieseke and Baradaran are analogous art because they are in the same field of endeavor, anomaly detection. It would have been obvious to anyone having ordinary skill in the art before the effective filing date to modify the system of Herwadkar-Gieseke to include the anomaly detection and method of output as described by Baradaran. Doing so would allow users to receive indication of anomalies the potential reason(s) for said anomalies. The method may also provide outputs following determination that network traffic is not anomalous, including false positives, and similarly generating output information for a user as described in Paragraph [0323] of Baradaran. The resulting improvement would be the delivery of anomaly and/or false positive information to a user allowing them to react accordingly.

Regarding dependent claim 10,
As discussed above with claim 9, Herwadkar-Gieseke-Baradaran discloses all of the limitations.
Baradaran further discloses the step wherein feedback comprises active feedback or passive feedback. See Paragraph [0323], (Univariate and multivariate rules may be updated based on user input received for a particular anomaly in order to generate further information about said anomaly, i.e. users input is active feedback.) The examiner notes that Paragraph [0037] of Applicant's Specification describe "active feedback" as a user response that is provided via user interface, therefore the user input responses of Baradaran comprise "active feedback".
	Herwadkar, Gieseke and Baradaran are analogous art because they are in the same field of endeavor, anomaly detection. It would have been obvious to anyone having ordinary skill in the art before the effective filing date to modify the system of Herwadkar-Gieseke to include the anomaly detection and method of output as described by Baradaran. Doing so would allow users to receive indication of anomalies the potential reason(s) for said anomalies. The method may also provide outputs following determination that network traffic is not anomalous, including false positives, and similarly generating output information for a user as described in Paragraph [0323] of Baradaran. The resulting improvement would be the delivery of anomaly and/or false positive information to a user allowing them to react accordingly.

Regarding dependent claim 11,
As discussed above with claim 9, Herwadkar-Gieseke-Baradaran discloses all of the limitations.
Herwadkar further discloses the step wherein the processor is further configured to use the feedback to train a false positive screen. See Paragraph [0061], (The management apparatus may obtain user feedback relating to queries identified as anomalous by the system. User feedback may identify non-anomalous queries previously identified as anomalous.) See Paragraph [0143], (The training process allows for user feedback which may modify and/or manage outlier classifications.). See Paragraph [0196], (Users may efficiently and effectively control the false positives generated by the anomaly detection system by providing threshold cutoffs, timeframes, etc., i.e. feedback for training false positive screens.).
Regarding dependent claim 13,
As discussed above with claim 1, Herwadkar-Gieseke-Baradaran discloses all of the limitations.
	Herwadkar further discloses the step wherein the database data is stored using a database system. See FIG. 1 and Paragraph [0040], (RDBMS 122 manages and/or maintains relational databases 128, 130, i.e. database data stored using a database system.)

Regarding dependent claim 14,
As discussed above with claim 1, Herwadkar-Gieseke-Baradaran discloses all of the limitations.
	Gieseke further discloses the step wherein the database data comprises an object graph.

	See FIG. 1 and Paragraph [0015], (Graph 100 illustrated in FIG. 1 comprises a plurality of nodes associated with transaction information. Nodes may represent institutions (101-102), transaction terminals (111-114), users (131-135), etc., wherein nodes represent data objects related by edges which represent one or more associated properties, i.e. the graph is an object graph (e.g. wherein institutions, transaction terminals, users, etc. represent data objects.)




Regarding dependent claim 15,
	As discussed above with claim 1, Herwadkar-Gieseke-Baradaran discloses all of the limitations.
	Herwadkar further discloses the step wherein the database data comprises relational database data. See FIG. 1 and Paragraph [0040], (RDBMS 122 manages and/or maintains relational databases 128, 130, i.e. data stored in a relational database is relational database data.)

Regarding dependent claim 18,
As discussed above with claim 1, Herwadkar-Gieseke-Baradaran discloses all of the limitations.
	Gieseke further discloses the step wherein the transaction data comprises at least one of: financial data, journal line data, record-based data, or human resources system data. See Paragraph [0022], (Event information associated with a transaction event may be data relating to a financial transaction. Note [0017] wherein graphs may be generated based on event information and dimension information.)
	The examiner notes that the step " at least one of: financial data, journal line data, record-based data, or human resources system data. " is optional due to the use of the terms “at least one of” and "or", the claim requires selection of an element from a list of alternatives, the prior art teaches the element if one of the alternatives is taught by the prior art, see MPEP 2143.03.


Regarding independent claim 19,
	The claim is analogous to the subject matter of independent claim 1 directed to a method or process and is rejected under similar rationale.

Regarding independent claim 20,
	The claim is analogous to the subject matter of independent claim 1 directed to a non-transitory, computer readable medium and is rejected under similar rationale.

Claim 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Herwadkar in view of Gieseke and Baradaran as applied to claim 2 above, and further in view of Pang et al. (US PGPUB No. 2016/0359880; Pub. Date; Dec. 8, 2016).
Regarding dependent claim 5,
As discussed above with claim 2, Herwadkar-Gieseke-Baradaran discloses all of the limitations.
	Herwadkar-Gieseke-Baradaran does not disclose the step wherein the processor is further configured to indicate that the transaction data comprises a known error in response to determining that the error is detected using the classifier.
	Pang discloses the step wherein the processor is further configured to indicate that the transaction data comprises a known error in response to determining that the error is detected using the classifier. See Paragraph [0036], (Disclosing an analytics engine for identifying outlier observations. If a training set of example data with known outlier labels exists, supervised anomaly detection techniques may be used to train a classifier, i.e. the known outlier label is a known error that may be detected using the classifier.)
	Herwadkar, Gieseke, Baradaran and Pang are analogous art because they are in the same field of endeavor, anomaly detection. It would have been obvious to anyone having ordinary skill in the art before the effective filing date to modify the system of Herwadkar-Gieseke-Baradaran to include the supervised training techniques using known outlier labels as described by Pang. Doing so would allow the system to recognize previously learned and/or identified anomalous conditions using supervised training techniques that can be further refined via additional training datasets.

Claim 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Herwadkar in view of Gieseke and Baradaran as applied to claim 9 above, and further in view of Vasseur et al. (US PGPUB No. 2017/0279848; Pub. Date: Sep. 28, 2017).
Regarding dependent claim 12,
As discussed above with claim 9, Herwadkar-Gieseke-Baradaran discloses all of the limitations.
	Herwadkar-Gieseke-Baradaran does not disclose the step wherein the processor is further configured to use the feedback to train a classifier.  
	Vasseur discloses the step wherein the processor is further configured to use the feedback to train a classifier. See Paragraph [0095], (Disclosing a method for detecting anomalies in a network. The method including the use of a machine learning classified training using training data using feedback from a user interface regarding the significance of previously-reported anomalies, i.e. using feedback to train a classifier.).
	Herwadkar, Gieseke, Baradaran and Vasseur are analogous art because they are in the same field of endeavor, anomaly detection. It would have been obvious to anyone having ordinary skill in the art before the effective filing date to modify the system of Herwadkar-Gieseke-Baradaran to include the method of training a classifier as described by Vasseur. Doing so would allow users to train an anomaly classifier via user feedback. Doing so would allow the classifier to adjust to user preferences by boosting user-requested scores for certain anomalies as described in Paragraph [0095] of Vasseur.

Claim 16-17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Herwadkar in view of Gieseke and Baradaran as applied to claim 1 above, and further in view of BLAKE et al. (US PGPUB No. 2018/0267741; Pub. Date: Sep. 20, 2018).
Regarding dependent claim 16,
As discussed above with claim 1, Herwadkar-Gieseke-Baradaran discloses all of the limitations.
	Herwadkar-Gieseke-Baradaran does not disclose the step wherein querying the database data to determine whether the transaction data is a false positive comprises querying the database data to determine whether the transaction data comprises a short edit distance to transaction data not comprising a statistical outlier.
	BLAKE discloses the step wherein querying the database data to determine whether the transaction data is a false positive comprises querying the database data to determine whether the transaction data comprises a short edit distance to transaction data not comprising a statistical outlier. See Paragraph [0054], (Disclosing a method for monitoring a data store. The method including detecting false positives in response to a determination that an address of a queried region of data has changed, i.e. a short edit distance comprising a changed field of an address.)	Herwadkar, Gieseke, Baradaran and BLAKE are analogous art because they are in the same field of endeavor, data monitoring and analysis. It would have been obvious to anyone having ordinary skill in the art before the effective filing date to modify the system of Herwadkar-Gieseke-Baradaran to include the method of detecting false positives in response to changes in addresses for data records as described by BLAKE. Paragraph [0054] of BLAKE disclosing that the process reduces storage overhead for monitoring data.

Regarding dependent claim 17,
As discussed above with claim 16, Herwadkar-Gieseke-Baradaran-BLAKE discloses all of the limitations.
	BLAKE further discloses the step wherein the short edit distance comprises at least one of: a changed tag, a changed field of an address, or a changed digit of an identification number. See Paragraph [0054], (Disclosing a method for monitoring a data store. The method including detecting false positives in response to a determination that an address of a queried region of data has changed, i.e. a short edit distance comprising a changed field of an address.)
	Herwadkar, Gieseke, Baradaran and BLAKE are analogous art because they are in the same field of endeavor, data monitoring and analysis. It would have been obvious to anyone having ordinary skill in the art before the effective filing date to modify the system of Herwadkar-Gieseke-Baradaran to include the method of detecting false positives in response to changes in addresses for data records as described by BLAKE. Paragraph [0054] of BLAKE disclosing that the process reduces storage overhead for monitoring data.	
Response to Arguments
Applicant’s arguments with respect to claim(s) 1, 19 and 20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Applicant’s amendments necessitated the new grounds of rejection presented in this Office Action.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.                                                                                                                                                                                
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fernando M Mari whose telephone number is (571)272-2498. The examiner can normally be reached Monday-Friday 6am-3pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Mariela Reyes can be reached on (571) 270-1006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FMMV/Examiner, Art Unit 2159                                                                                                                                                                                                        /Mariela Reyes/Supervisory Patent Examiner, Art Unit 2159