DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 08/17/2022 has been entered. 

This office action is a response to amendments filed 08/17/2022 wherein claims 1-5, 8-13, and 16-20 are pending and ready for examination. 
Response to Arguments
Applicant’s arguments, see Remarks, filed 08/17/2022, with respect to the rejection(s) of claims 1-5, 8-13, and 16-20 under 35 U.S.C.§103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground of rejection is made in view of Alber.
Response to Advisory Action and Interview Summary

	Applicant Asserts: In the Advisory Action, the Examiner alleges: “the sorting across all record types must also include the unit of work across all record types to qualify as the anomaly” and “applicant is missing the ‘(across all record types’) relating to the unit of work.”

First, Applicant respectfully disagrees with the language used in the Interview Summary
to the extent that it does not track the language used in Applicant’s claims.
Second, Applicant respectfully submits that this allegation is unclear. Specifically, it is
unclear where the phrase “across all record types” originated (Applicant’s specification,
including claims, does not recite the phrase “across all record types’) and from where that phrase is missing. For example, is the Examiner alleging that the previously submitted amendment is unclear because this phrase is allegedly missing from the specification or claims?
Applicant respectfully requests that this allegation be withdrawn or, in the alternative,
explained.

Examiner Response:  The Examiner thanks applicant representative for working to advance the prosecution of this application and agrees that the Interview Summary of 08/17/2022, in an attempt to capture the relevant portions of the discussion, was indeed wordy and could be confusing.  Specifically, the Examiner was attempting to paraphrase the second limitation of claim 1 which reads: 
receiving, by a processing device, the data records, the data records being of a plurality of data record types, each of the data records being associated with one of a plurality of units of work identified by an identification feature that caused a respective data record of the data records to be created;
The Examiner withdraws the allegation because the claims do not include the term “across all”.




Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 1 recites the limitation "the identification features" in each of the data records being associated with one of a plurality of units of work identified by an identification feature that caused a respective data record of the data records to be created; analyzing, by the processing device, the data records by comparing the data records of different record types, wherein the analyzing the data records further comprises sorting occurrences of the identification features. Claims 2-5 and 8 are likewise rejected based on their dependency on Claim 1.
There is insufficient antecedent basis for this limitation in the claim.

Claim 1-5, 8-13, and 16-20 further recites the limitation “the anomaly” in identifying, by the processing device and based at least in part on the analyzing, a unit of work of the plurality of units of work that has the highest occurrence of data records across the plurality of data record types as the anomaly. 
 There is insufficient antecedent basis for this limitation in the claim.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim 1-5, 8-13, and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Blaicher; Christopher Youngs, US 20180365259, December 20, 2018, hereafter referred to as Blaicher in view of Alber; Chad Norman et al, US 201401486648 A1, hereafter referred to as Alber, in further view of Abramovitz; Micheal Paul et al, US 20140149477, May 09, 2014 hereafter referred to as Abramovitz.

          As to claim 1.  Blaicher teaches a computer-implemented method - Blaicher [0022] … Mainframe 101 executes processes discussed with reference to FIG. 5.  Here, the claimed ‘method’ is taught by Blaicher as ‘processes’ referenced in Figure 5) for anomaly detection based on data records - Blaicher [0030] ... Mainframe 101 overcomes the need of having memory repositories (e.g., disk drives 315) dedicated to handle bottlenecks of SMF data that may occur when mainframe 101 operates close to its full capacity or at anomalous rates.  Here, the claimed ‘anomaly detection’ is taught by Blaicher as ‘overcomes’ since the mainframe is taking actions based on a detection of full capacity.  The claimed ‘anomaly’ is taught by Blaicher as ‘full or anomalous rates’, the method comprising:
          receiving, by a processing device, the data records, the data records being of a plurality of data record types - Blaicher [0060] In FIG. 6, SF mainframe 101 receives or captures at 601 a data output stream with a set of SMF data from a mainframe (e.g., via data collector engine 305 in FIG. 3. Thereafter, at 603, mainframe 101 retrieves from memory a selection or predetermined criteria indicating classes, types of SMF field data values configured to be flattened. Here, the claimed ‘receiving’ is taught by Blaicher as ’receives’ whereas the claimed ‘processing device’ is taught by Blaicher as ‘mainframe 101’ whereas the claimed ‘data records’ is taught by Blaicher as ‘SMF data’);
        each of the data records being associated with one of a plurality of units of work identified by an identification feature - Blaicher [0060] ... Thereafter, at 603, mainframe 101 retrieves from memory a selection or predetermined criteria indicating classes, types of SMF field data values configured to be flattened ... mainframe 101 parses the set of SMF data to select a set of field values configured to be flattened based on a flattening criteria. Here, the claimed ‘data records’ is taught by Blaicher as ’set of SMF data’ whereas the claimed ‘units of work’ is taught by Blaicher as ‘configured to be flattened’ whereas the claimed ‘identification feature’ is taught by Blaicher as ‘predetermined criteria’ since the mainframe identifies this criteria of a SMF data type for work) that caused a respective data record of the data records to be created - Blaicher [0061] ... Thereafter, mainframe 101 inserts, at 609, flattened SMF records into a repository compatible with the targeted repository. Alternatively, or additionally, mainframe 101 can send the flattened SMF records to a repository such that the SMF records are integrated to a data set residing in the repository. Here, the claimed ‘records to be created’ is taught by Blaicher as ‘mainframe 101 inserts, at 609, flattened SMF records’);
         analyzing, by the processing device, the data records by comparing the data records of different record types, - Blaicher [0062] ... selection data engine 307 selects from the SMF data field values that match or belong to the class or type indicated by the field-type.  Here, the claimed ‘analyzing’ is taught by Blaicher as ‘match’ because a match requires a comparison between one or more elements which are the incoming data and previously stored data.  BLAICHER DOES NOT TEACH wherein the analyzing the data records further comprise sorting occurrences of the identification features in descending order of a number of the occurrences across the plurality of data record types wherein the sorting occurs regardless of which of the plurality of data record types has a highest occurrence, HOWEVER IN AN ART THAT IS ANALAGOUS TO THE FIELD OF ENDEAVOR ALBER TEACHES 
            wherein the analyzing the data records further comprise sorting occurrences of the identification features in descending order of a number of the occurrences across the plurality of data record types – Alber [0217]  ... The GUI may be configured to include a column with a header such as "Drive Lifetime Hours in Motion," and a user may provide input such as clicking/selecting a sort arrow (e.g., a "sort descending" arrow) to cause the top or first drives in this category (in terms of time in motion) to be presented at the top of the column)
         wherein the sorting occurs regardless of which of the plurality of data record types has a highest occurrence – Alber [0124] The moves table 710 in the STA application or STA database records these actions. Regardless of the complexity of the actions required, a single record is typically used to capture each move. Data captured for the move is related to the library actions required, such as the time required from the robot(s) and the time the move was queued up waiting for access to the robotics. Here, the claimed ‘sorting’ is taught by Alber as ‘Data captured is related’ since relating the data requires sorting or classifying the data into the appropriate field.  The claimed ‘regardless of which’ is taught by Alber as ‘capture each move’ because no exceptions are taught for recording these moves.  The claimed ‘plurality...record types’ is taught by Blaicher as ‘moves table 710’ and illustrated in figure 7. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Alber’s sort order logic across record types.  Blaicher does not teach flexible sorting either ascending or descending regardless of the record type.  Alber’s sort logic incorporates sort order logic that when included into mainframe 101 of Blaicher enhances security and asset protection. THE COMBINATION OF BLAICHER AND ALBER DO NOT TEACH; and
            identifying, by the processing device and based at least in part on the analyzing, a unit of work, of the plurality of units of work that has the highest occurrence of data records across the plurality of data record types as the anomaly, HOWEVER IN AN ANALAGOUS ART DIRECTED TO THE SAME FIELD OF ENDEAVOR ABRAMOVITZ TEACHES and 
           identifying, by the processing device and based at least in part on the analyzing, a unit of work of the plurality of units of work that has the highest occurrence of data records across the plurality of data record types as the anomaly – Abramovitz [0068 and 0253] since at ‘068... An alert, as managed by the STA application 340, may be a direct result of something that happens in the tape environment, such as the report of an error by a tape library 314 ... a suspicion value that exceeds a threshold may result in an alert, ‘253 FIG. 36 illustrates a partial screen shot 3600 of an STA GUI dashboard... a user is adding a portlet to display a drive utilization graph, and the user is moving the icon (or mouse arrow) down a set of granularities to select one for use in plotting the graph (e.g., a monthly granularity).  Here, the claimed ‘identifying’ is taught by Abramovitz as ‘report of an error’ since an error is not the normal operations. The claimed ‘highest occurrence’ is taught by Abramovitz as ‘exceeds a threshold’.  Abramovitz further illustrates the claimed ‘highest occurrence’ at Figure 35. The claimed ‘plurality of data records’ is taught by Abramovitz as ‘tape library 314’ since a tape library would contain a plurality of SMF data records.  Thus, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to identify records with a suspicion value exceeding a threshold. Blaicher, in view of Alber, is silent establishing a threshold whereby a suspicion value is monitored.   Abramovitz  identifies data items that may be suspicious and sets an exception threshold for those data items.  The combination of Blaicher and Alber would benefit from Abramovitz use of thresholds, as predetermined criteria to detect anomalies and enables greater processing efficiency). 

            As to claim 2, the combination of Blaicher, Alber, and Abramovitz teaches the computer-implemented method of claim 1, further comprising:
            implementing a mitigation action based at least in part on the unit of work identified as the anomaly – Alber [190] … In tables, columns may be hidden, exposed, and reordered. These capabilities are exposed to the STA application users. A user may also annotate many elements throughout the user interface. Annotations serve to help document key events, key decisions, anomalies, tape system and environment information specific to an installation, and so on.  Here, the claimed ‘mitigation action’ is taught by Alber as ‘annotate’ since documenting the anomaly is a unit of work that alerts users to the hidden data which mitigates the threat.  The claimed ‘anomaly’ is taught by Alber as ‘anomalies’.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to document potential threats when processing SMF records.  Blaicher does not teach explicit mitigation actions available to mainframe 101.  Alber provides a mitigation feature by annotating potential anomalies allowing Blaicher a forensics capability).

           As to claim 3, the combination of Blaicher, Alber, and Abramovitz teaches the computer-implemented method of claim 1, wherein the method is implemented as an application programming interface - Blaicher [0052] SF input interface 411 enables users or non-person entities to enter configuration files to, for example, update data included in flattening data structure 417, control data structure 419, targeted formats 421 or other suitable data structures and processor-executable instructions residing in SF server 205.  Here, the claimed ‘application programming interface’ is taught by Blaicher as ‘SF input interface 411’ whereas a Graphical User interface is further taught by Blaicher at [0053]).

            As to claim 4, the combination of Blaicher, Alber, and Abramovitz teaches the computer-implemented method of claim 1, further comprising identifying a second anomaly by identifying features of interest across multiple data record types and determining a highest occurring feature of interest as being the second anomaly – Abramovitz [0186] and Figure 22A since at ‘186 … The pivot tables used in the aggregate views provide the ability to swap rows and columns. In tables, columns may be hidden, exposed, and reordered. These capabilities are exposed to the STA application users. A user may also annotate many elements throughout the user interface. Annotations serve to help document key events, key decisions, anomalies, tape system and environment information specific to an installation, and other user-selected or user-relevant information.  Here, the claimed ‘second anomaly’ is taught by Abramovitz as ‘anomalies’ as these anomalies are in the plurality.  The claimed ‘across multiple data record types’ is taught by Abramovitz as ‘in the aggregate views’ as illustrated by Figure 3 Data Source 314 depicting multiple data records since at Figure 22A FIG. 22A illustrates a screen shot of a graph portlet 2210 that may be generated and displayed by the user interface module while a user is accessing/using an STA application.  Here, the claimed ‘feature of interest’ is illustrated by Abramovitz as ‘count’ which monitors the highest occurrences of media movement.  The rationale for Blaicher in view of Alber to consider the teachings of Abramovitz statistical analysis in claim 1 applies here in claim 4).

             As to claim 5, the combination of Blaicher, Alber, and Abramovitz teaches the computer-implemented method of claim 1, further comprising comparing the identified anomaly to historic data records to determine whether the anomaly is consistent or inconsistent with historic behavior – Abramovitz [0221 and 0236] since at ‘221 Of interest in identifying problems, a user can navigate through the history of use of media and drives, e.g., a user may identify a drive that has an error and obtain a list of exchanges for that "bad" drive to perform further analysis since at ‘236….The user interface module of the STA application is configured or adapted such that each of these portlets displays some information on how the user's monitored tape infrastructure or library environment is presently operating or has operated historically or both.  Here, the claimed ‘anomaly’ is taught by Abramovitz as ‘identifying problems’ which in this case is a bad media/drive whereas the claimed ‘behavior’ is taught by Abramovitz as ‘operating/has operated’.  Thus, one of ordinary skill in the art before the effective filing date of the claimed invention of Blaicher, in view of Alber, would have been motivated to update the implementation system of Blaicher, in view of Alber, with the (teachings of Abramovitz) and thereby gaining, predictably, the commonly understood benefits of such adaptation, that is, acquiring the ability to provide historical analytics provided by Abramovitz to the collected SMF records of Blaicher, in view of Alber).
 
Claim 6 (cancelled) 
 Claim 7 (cancelled).
              As to claim 8, the combination of Blaicher, Alber, and Abramovitz teaches the computer-implemented method of claim 1, wherein the data records are system management facilities records - Blaicher [0022] For instance, a selection of SMF records can be captured by mainframe 101 and forwarded to data warehouses 107. SMF is a mainframe operating system application used for the measurement of mainframe software services).
 
           As to claim 9, Blaicher teaches a system - Blaicher [0006] FIG. 1 is a schematic diagram of an implementation of a system for selectively capture system measurement facility records, comprising:
          a memory comprising computer readable instructions devices - Blaicher [0079] with a non-transitory computer-readable medium (also can be referred to as a non-transitory processor-readable medium or memory) having instructions or computer code thereon for performing various computer-implemented operations); and
          a processing device for executing the computer readable instructions for performing a method for anomaly detection based on data records - Blaicher [0030] ... if mainframe 101 process two billion transactions per day, mainframe 101 can implement processes to selectively capture and forward SMF data produced from such transactions. Mainframe 101 overcomes the need of having memory repositories (e.g., disk drives 315) dedicated to handle bottlenecks of SMF data that may occur when mainframe 101 operates close to its full capacity or at anomalous rates. Here, the claimed ‘processing device’ is taught by Blaicher as ‘Mainframe 101’.  The claimed ‘anomaly detection’ is taught by Blaicher as ‘selectively capture’ since anomalous data has to first captured to detect anomalies.  The claimed ‘data records’ is taught by Blaicher as ‘SMF data’), the method comprising:
	receiving, by a processing device, the data records, the data records being of a plurality of data record types - Blaicher [0060] In FIG. 6, SF mainframe 101 receives or captures at 601 a data output stream with a set of SMF data from a mainframe (e.g., via data collector engine 305 in FIG. 3. Thereafter, at 603, mainframe 101 retrieves from memory a selection or predetermined criteria indicating classes, types of SMF field data values configured to be flattened. Here, the claimed ‘receiving’ is taught by Blaicher as ’receives’ whereas the claimed ‘processing device’ is taught by Blaicher as ‘mainframe 101’ whereas the claimed ‘data records’ is taught by Blaicher as ‘SMF data’);
           each of the data records being associated with one of a plurality of units of work identified by an identification feature - Blaicher [0060] ... Thereafter, at 603, mainframe 101 retrieves from memory a selection or predetermined criteria indicating classes, types of SMF field data values configured to be flattened ... mainframe 101 parses the set of SMF data to select a set of field values configured to be flattened based on a flattening criteria. Here, the claimed ‘data records’ is taught by Blaicher as ’set of SMF data’ whereas the claimed ‘units of work’ is taught by Blaicher as ‘configured to be flattened’ whereas the claimed ‘identification feature’ is taught by Blaicher as ‘predetermined criteria’ since the mainframe identifies this criteria of a SMF data type for work) that caused a respective data record of the data records to be created - Blaicher [0061] ... Thereafter, mainframe 101 inserts, at 609, flattened SMF records into a repository compatible with the targeted repository. Alternatively, or additionally, mainframe 101 can send the flattened SMF records to a repository such that the SMF records are integrated to a data set residing in the repository. Here, the claimed ‘records to be created’ is taught by Blaicher as ‘mainframe 101 inserts, at 609, flattened SMF records’);
         analyzing, by the processing device, the data records by comparing the data records of different record types, - Blaicher [0062] ... selection data engine 307 selects from the SMF data field values that match or belong to the class or type indicated by the field-type.  Here, the claimed ‘analyzing’ is taught by Blaicher as ‘match’ because a match requires a comparison between one or more elements which are the incoming data and previously stored data.  BLAICHER DOES NOT TEACH wherein the analyzing the data records further comprise sorting occurrences of the identification features in descending order of a number of the occurrences across the plurality of data record types wherein the sorting occurs regardless of which of the plurality of data record types has a highest occurrence, HOWEVER IN AN ART THAT IS ANALAGOUS TO THE FIELD OF ENDEAVOR ALBER TEACHES 
            wherein the analyzing the data records further comprise sorting occurrences of the identification features in descending order of a number of the occurrences across the plurality of data record types – Alber [0217]  ... The GUI may be configured to include a column with a header such as "Drive Lifetime Hours in Motion," and a user may provide input such as clicking/selecting a sort arrow (e.g., a "sort descending" arrow) to cause the top or first drives in this category (in terms of time in motion) to be presented at the top of the column)
         wherein the sorting occurs regardless of which of the plurality of data record types has a highest occurrence – Alber [0124] The moves table 710 in the STA application or STA database records these actions. Regardless of the complexity of the actions required, a single record is typically used to capture each move. Data captured for the move is related to the library actions required, such as the time required from the robot(s) and the time the move was queued up waiting for access to the robotics. Here, the claimed ‘sorting’ is taught by Alber as ‘Data captured is related’ since relating the data requires sorting or classifying the data into the appropriate field.  The claimed ‘regardless of which’ is taught by Alber as ‘capture each move’ because no exceptions are taught for recording these moves.  The claimed ‘plurality...record types’ is taught by Blaicher as ‘moves table 710’ and illustrated in figure 7. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Alber’s sort order logic across record types.  Blaicher does not teach flexible sorting either ascending or descending regardless of the record type.  Alber’s sort logic incorporates sort order logic that when included into mainframe 101 of Blaicher enhances security and asset protection. THE COMBINATION OF BLAICHER AND ALBER DO NOT TEACH; and
            identifying, by the processing device and based at least in part on the analyzing, a unit of work, of the plurality of units of work that has the highest occurrence of data records across the plurality of data record types as the anomaly, HOWEVER IN AN ANALAGOUS ART DIRECTED TO THE SAME FIELD OF ENDEAVOR ABRAMOVITZ TEACHES and 
           identifying, by the processing device and based at least in part on the analyzing, a unit of work of the plurality of units of work that has the highest occurrence of data records across the plurality of data record types as the anomaly – Abramovitz [0068 and 0253] since at ‘068... An alert, as managed by the STA application 340, may be a direct result of something that happens in the tape environment, such as the report of an error by a tape library 314 ... a suspicion value that exceeds a threshold may result in an alert, ‘253 FIG. 36 illustrates a partial screen shot 3600 of an STA GUI dashboard... a user is adding a portlet to display a drive utilization graph, and the user is moving the icon (or mouse arrow) down a set of granularities to select one for use in plotting the graph (e.g., a monthly granularity).  Here, the claimed ‘identifying’ is taught by Abramovitz as ‘report of an error’ since an error is not the normal operations. The claimed ‘highest occurrence’ is taught by Abramovitz as ‘exceeds a threshold’.  Abramovitz further illustrates the claimed ‘highest occurrence’ at Figure 35. The claimed ‘plurality of data records’ is taught by Abramovitz as ‘tape library 314’ since a tape library would contain a plurality of SMF data records.  Thus, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to identify records with a suspicion value exceeding a threshold. Blaicher, in view of Alber, is silent establishing a threshold whereby a suspicion value is monitored.   Abramovitz identifies data items that may be suspicious and sets an exception threshold for those data items. Blaicher, in view of Alber, would benefit from Abramovitz use of thresholds, as predetermined criteria to detect anomalies and enables greater processing efficiency).

          As to claim 10, the combination of Blaicher, Alber, and Abramovitz teaches the system of claim 9, comprises: comprising:
            implementing a mitigation action based at least in part on the unit of work identified as the anomaly– Blaicher [0030] … if mainframe 101 process two billion transactions per day, mainframe 101 can implement processes to selectively capture and forward SMF data produced from such transactions. Mainframe 101 overcomes the need of having memory repositories (e.g., disk drives 315) dedicated to handle bottlenecks of SMF data that may occur when mainframe 101 operates close to its full capacity or at anomalous rates.  Here, the claimed ‘mitigation action’ is taught by Blaicher as ‘selectively capture’ since reducing the number of records will reduce the processing burden).

           As to claim 11, the combination of Blaicher, Alber, and Abramovitz teaches the system of claim 9, wherein the method is implemented as an application programming interface - Blaicher [0052] SF input interface 411 enables users or non-person entities to enter configuration files to, for example, update data included in flattening data structure 417, control data structure 419, targeted formats 421 or other suitable data structures and processor-executable instructions residing in SF server 205.  Here, the claimed ‘application programming interface’ is taught by Blaicher as ‘SF input interface 411’).

          As to claim 12, the combination of Blaicher, Alber, and Abramovitz teaches the system of claim 9, wherein the method further comprises identifying a second anomaly by identifying features of interest across multiple data record types and determining a highest occurring feature of interest as being the second anomaly – Abramovitz [0186] and Figure 22A since at ‘186 … The pivot tables used in the aggregate views provide the ability to swap rows and columns. In tables, columns may be hidden, exposed, and reordered. These capabilities are exposed to the STA application users. A user may also annotate many elements throughout the user interface. Annotations serve to help document key events, key decisions, anomalies, tape system and environment information specific to an installation, and other user-selected or user-relevant information.  Here, the claimed ‘second anomaly’ is taught by Abramovitz as ‘anomalies’ as these anomalies are in the plurality.  The claimed ‘across multiple data record types’ is taught by Abramovitz as ‘in the aggregate views’ as illustrated by Figure 3 Data Source 314 depicting multiple data records since at Figure 22A FIG. 22A illustrates a screen shot of a graph portlet 2210 that may be generated and displayed by the user interface module while a user is accessing/using an STA application.  Here, the claimed ‘feature of interest’ is illustrated by Abramovitz as ‘count’ which monitors the highest occurrences of media movement.  The rationale for Blaicher, in view of Alber, to consider the teachings of Abramovitz statistical analysis in claim 1 applies here in claim 4).  Therefore claim 12 is rejected for the reasons as set forth in claim 4.

          As to claim 13, the combination of Blaicher, Alber, and Abramovitz teaches the system of claim 9,  further comprises comparing the identified anomaly to historic data records to determine whether the anomaly is consistent or inconsistent with historic behavior – Abramovitz [0221 and 0236] since at ‘221 Of interest in identifying problems, a user can navigate through the history of use of media and drives, e.g., a user may identify a drive that has an error and obtain a list of exchanges for that "bad" drive to perform further analysis since at ‘236….The user interface module of the STA application is configured or adapted such that each of these portlets displays some information on how the user's monitored tape infrastructure or library environment is presently operating or has operated historically or both.  Here, the claimed ‘anomaly’ is taught by Abramovitz as ‘identifying problems’ which in this case is a bad media/drive whereas the claimed ‘behavior’ is taught by Abramovitz as ‘operating/has operated’.  Thus, one of ordinary skill in the art before the effective filing date of the claimed invention of Blaicher would have been motivated to update the implementation system of Blaicher with the (teachings of Abramovitz) and thereby gaining, predictably, the commonly understood benefits of such adaptation, that is, acquiring the ability to provide historical analytics provided by Abramovitz to the collected SMF records of Blaicher).

As to claim 14, (cancelled)As to claim 15, (cancelled).

            As to claim 16, the combination of Blaicher, Alber, and Abramovitz teaches the system of claim 9, wherein the data records are system management facilities records - Blaicher [0033] ... SF server 205 can be directly coupled to mainframes 201 and/or data warehouses 209. While in other implementations, SF server 205 can be coupled to mainframes 201 and data warehouses 209 via a computer network (not shown in FIG. 2). SF server 205 can receive or capture data output stream 202 having System Management Facility (SMF) records 203. Here, the claimed ‘data records’ is taught by Blaicher as ‘data output stream 202’ .  The claimed ‘system management facilities records’ is taught by Blaicher as ‘System Management Facility (SMF) records 203’). 
           As to claim 17, Blaicher teaches a computer program product comprising:
a computer readable storage medium having program instructions embodied therewith - Blaicher [0079] ... a non-transitory computer-readable medium (also can be referred to as a non-transitory processor-readable medium or memory) having instructions or computer code thereon for performing various computer-implemented operations)  to cause the processing device to perform a method - Blaicher [0060] ... mainframe 101 retrieves from memory a selection or predetermined criteria indicating classes, types of SMF field data values configured to be flattened. Here, the claimed ‘processing device’ is taught by Blaicher as ‘mainframe 101’);
for anomaly detection based on data records - Blaicher [0030] ... Mainframe 101 overcomes the need of having memory repositories (e.g., disk drives 315) dedicated to handle bottlenecks of SMF data that may occur when mainframe 101 operates close to its full capacity or at anomalous rates.  Here, the claimed ‘anomaly detection’ is taught by Blaicher as ‘mainframe 101 overcomes’ since the mainframe is taking actions based on detecting full capacity or anomalous rates.  The claimed ‘anomaly’ is taught by Blaicher as ‘full or anomalous rates’ whereas the claimed ‘data records’ is taught by Blaicher as ‘SMF data’, the method comprising:
           receiving, by a processing device, the data records, the data records being of a plurality of data record types - Blaicher [0060] In FIG. 6, SF mainframe 101 receives or captures at 601 a data output stream with a set of SMF data from a mainframe (e.g., via data collector engine 305 in FIG. 3. Thereafter, at 603, mainframe 101 retrieves from memory a selection or predetermined criteria indicating classes, types of SMF field data values configured to be flattened. Here, the claimed ‘receiving’ is taught by Blaicher as ’receives’ whereas the claimed ‘processing device’ is taught by Blaicher as ‘mainframe 101’ whereas the claimed ‘data records’ is taught by Blaicher as ‘SMF data’);
        each of the data records being associated with one of a plurality of units of work identified by an identification feature - Blaicher [0060] ... Thereafter, at 603, mainframe 101 retrieves from memory a selection or predetermined criteria indicating classes, types of SMF field data values configured to be flattened ... mainframe 101 parses the set of SMF data to select a set of field values configured to be flattened based on a flattening criteria. Here, the claimed ‘data records’ is taught by Blaicher as ’set of SMF data’ whereas the claimed ‘units of work’ is taught by Blaicher as ‘configured to be flattened’ whereas the claimed ‘identification feature’ is taught by Blaicher as ‘predetermined criteria’ since the mainframe identifies this criteria of a SMF data type for work) that caused a respective data record of the data records to be created - Blaicher [0061] ... Thereafter, mainframe 101 inserts, at 609, flattened SMF records into a repository compatible with the targeted repository. Alternatively, or additionally, mainframe 101 can send the flattened SMF records to a repository such that the SMF records are integrated to a data set residing in the repository. Here, the claimed ‘records to be created’ is taught by Blaicher as ‘mainframe 101 inserts, at 609, flattened SMF records’);
         analyzing, by the processing device, the data records by comparing the data records of different record types, - Blaicher [0062] ... selection data engine 307 selects from the SMF data field values that match or belong to the class or type indicated by the field-type.  Here, the claimed ‘analyzing’ is taught by Blaicher as ‘match’ because a match requires a comparison between one or more elements which are the incoming data and previously stored data.  BLAICHER DOES NOT TEACH wherein the analyzing the data records further comprise sorting occurrences of the identification features in descending order of a number of the occurrences across the plurality of data record types wherein the sorting occurs regardless of which of the plurality of data record types has a highest occurrence, HOWEVER IN AN ART THAT IS ANALAGOUS TO THE FIELD OF ENDEAVOR ALBER TEACHES 
            wherein the analyzing the data records further comprise sorting occurrences of the identification features in descending order of a number of the occurrences across the plurality of data record types – Alber [0217]  ... The GUI may be configured to include a column with a header such as "Drive Lifetime Hours in Motion," and a user may provide input such as clicking/selecting a sort arrow (e.g., a "sort descending" arrow) to cause the top or first drives in this category (in terms of time in motion) to be presented at the top of the column)
         wherein the sorting occurs regardless of which of the plurality of data record types has a highest occurrence – Alber [0124] The moves table 710 in the STA application or STA database records these actions. Regardless of the complexity of the actions required, a single record is typically used to capture each move. Data captured for the move is related to the library actions required, such as the time required from the robot(s) and the time the move was queued up waiting for access to the robotics. Here, the claimed ‘sorting’ is taught by Alber as ‘Data captured is related’ since relating the data requires sorting or classifying the data into the appropriate field.  The claimed ‘regardless of which’ is taught by Alber as ‘capture each move’ because no exceptions are taught for recording these moves.  The claimed ‘plurality...record types’ is taught by Blaicher as ‘moves table 710’ and illustrated in figure 7. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Alber’s sort order logic across record types.  Blaicher does not teach flexible sorting either ascending or descending regardless of the record type.  Alber’s sort logic incorporates sort order logic that when included into mainframe 101 of Blaicher enhances security and asset protection. THE COMBINATION OF BLAICHER AND ALBER DO NOT TEACH; and
            identifying, by the processing device and based at least in part on the analyzing, a unit of work, of the plurality of units of work that has the highest occurrence of data records across the plurality of data record types as the anomaly, HOWEVER IN AN ANALAGOUS ART DIRECTED TO THE SAME FIELD OF ENDEAVOR ABRAMOVITZ TEACHES and 
           identifying, by the processing device and based at least in part on the analyzing, a unit of work of the plurality of units of work that has the highest occurrence of data records across the plurality of data record types as the anomaly – Abramovitz [0068 and 0253] since at ‘068... An alert, as managed by the STA application 340, may be a direct result of something that happens in the tape environment, such as the report of an error by a tape library 314 ... a suspicion value that exceeds a threshold may result in an alert, ‘253 FIG. 36 illustrates a partial screen shot 3600 of an STA GUI dashboard... a user is adding a portlet to display a drive utilization graph, and the user is moving the icon (or mouse arrow) down a set of granularities to select one for use in plotting the graph (e.g., a monthly granularity).  Here, the claimed ‘identifying’ is taught by Abramovitz as ‘report of an error’ since an error is not the normal operations. The claimed ‘highest occurrence’ is taught by Abramovitz as ‘exceeds a threshold’.  Abramovitz further illustrates the claimed ‘highest occurrence’ at Figure 35. The claimed ‘plurality of data records’ is taught by Abramovitz as ‘tape library 314’ since a tape library would contain a plurality of SMF data records.  Thus, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to identify records with a suspicion value exceeding a threshold. Blaicher, in view of Alber, is silent establishing a threshold whereby a suspicion value is monitored.   Abramovitz identifies data items that may be suspicious and sets an exception threshold for those data items. Blaicher, in view of Alber, would benefit from Abramovitz use of thresholds, as predetermined criteria to detect anomalies and enables greater processing efficiency).


           As to claim 18, the combination of Blaicher, Alber, and Abramovitz teaches the computer program product of claim 17, wherein the method further comprises: implementing a mitigation action based at least in part on the unit of work identified as the anomaly – Alber [190] … In tables, columns may be hidden, exposed, and reordered. These capabilities are exposed to the STA application users. A user may also annotate many elements throughout the user interface. Annotations serve to help document key events, key decisions, anomalies, tape system and environment information specific to an installation, and so on.  Here, the claimed ‘mitigation action’ is taught by Alber as ‘annotate’ since documenting the anomaly is a unit of work that alerts users to the hidden data which mitigates the threat.  The claimed ‘anomaly’ is taught by Alber as ‘anomalies’.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to document potential threats when processing SMF records.  Blaicher does not teach explicit mitigation actions available to mainframe 101.  Alber provides a mitigation feature by annotating potential anomalies allowing Blaicher a forensics capability).

           As to claim 19, the combination of Blaicher, Alber, and Abramovitz teaches the computer program product of claim 17, wherein the method is implemented as an application programming interface - Blaicher [0052] SF input interface 411 enables users or non-person entities to enter configuration files to, for example, update data included in flattening data structure 417, control data structure 419, targeted formats 421 or other suitable data structures and processor-executable instructions residing in SF server 205.  Here, the claimed ‘application programming interface’ is taught by Blaicher as ‘SF input interface 411’ whereas a Graphical User interface is further taught by Blaicher at [0053]).

          As to claim 20, the combination of Blaicher, Alber, and Abramovitz teaches the computer program product of claim 17, wherein the method further comprises, identifying a second anomaly by identifying features of interest across multiple data record types and determining a highest occurring feature of interest as being the second anomaly – Abramovitz [0186] and Figure 22A since at ‘186 … The pivot tables used in the aggregate views provide the ability to swap rows and columns. In tables, columns may be hidden, exposed, and reordered. These capabilities are exposed to the STA application users. A user may also annotate many elements throughout the user interface. Annotations serve to help document key events, key decisions, anomalies, tape system and environment information specific to an installation, and other user-selected or user-relevant information.  Here, the claimed ‘second anomaly’ is taught by Abramovitz as ‘anomalies’ as these anomalies are in the plurality.  The claimed ‘across multiple data record types’ is taught by Abramovitz as ‘in the aggregate views’ as illustrated by Figure 3 Data Source 314 depicting multiple data records since at Figure 22A FIG. 22A illustrates a screen shot of a graph portlet 2210 that may be generated and displayed by the user interface module while a user is accessing/using an STA application.  Here, the claimed ‘feature of interest’ is illustrated by Abramovitz as ‘count’ which monitors the highest occurrences of media movement.  The rationale for Blaicher, in view of Alber, to consider the teachings of Abramovitz statistical analysis in claim 1 applies here in claim 4).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM B. JONES whose telephone number is (571) 272-9637.  The examiner can normally be reached on Mon - Fri., 5:30 a.m. to 2:00 p.m.  If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-272-3900.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
 /WILLIAM B JONES/Examiner, Art Unit 249110/17/2022