DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1 20 are pending in this Office Correspondence.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1 – 20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.  
Step 1:   The claim recites a series of steps and, therefore, is a process  
Step 2A, P1: 	Claims 1, 8 and 15 recite the limitations generating a search result based at least in part on a query of a plurality of events derived from raw data; determining, based at least in part on the search result, that a trigger condition for generating an alert is met; identifying information from the search result corresponding to the alert; based at least in part on the trigger condition being met, generating a payload including one or more values determined based at least in part on the information, the one or more values included in the payload at one or more locations corresponding to one or more tokens associated with configuration information of the alert; and causing execution of an alert action corresponding to the alert based at least in part on the payload.
The limitation of “determining”, which specifically reads “determining, based at least in part on the search result, that a trigger condition for generating an alert is met;” in claim 1, 8 and 15, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind, but for the recitation of generic computer components.  That is, other than reciting “by the computer system” nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “by the computer system” language, “determining” in the context of this claim encompasses the user manually deciding or resolving a task. 
Similarly, the limitation based on the determining, identifying, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. For example, but for the “by the computer system” language, “identifying” in the context of this claim encompasses that identifying or recognizing or locating information from the search result corresponding to the alert is being determined.  If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. 
Step 2A, P2:  This judicial exception is not integrated into a practical application. In particular, the claims recite the additional elements – “generating a payload including one or more values determined based at least in part on the information, the one or more values included in the payload at one or more locations corresponding to one or more tokens associated with configuration information of the alert.”
The limitations “generating a payload including one or more values determined based at least in part on the information” has been used in conjunction with “based at least in part on the trigger condition being met” and “execution of an alert action corresponding to the alert based at least in part on the payload”, amount to data-gathering steps which is considered to be insignificant extra-solution activity, (See MPEP 2106.05(g)). The limitations “generating a payload including one or more values determined based at least in part on the information” has been used in conjunction with “based at least in part on the trigger condition being met” and “execution of an alert action corresponding to the alert based at least in part on the payload”, represents an extra-solution activity because it is a mere nominal or tangential addition to the claim, a mere generic transmission and presentation of collected and analyzed data. (See MPEP 2106.05(g)).  Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea. 
Step 2B: The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The insignificant extra-solution activities identified above, which include the data-gathering, and determining steps, are recognized by the courts as well-understood, routine, and conventional activities when they are claimed in a merely generic manner (e.g., at a high level of generality) or as insignificant extra-solution activity (See MPEP 2106.05(d)(II)(iv) Storing and retrieving information in memory, Versata Dev. Group, Inc. v. SAP Am., Inc., 793 F.3d 1306, 1334, 115 USPQ2d 1681, 1701 (Fed. Cir. 2015); OIP Techs., 788 F.3d at 1363, 115 USPQ2d at 1092-93;

 (v) Presenting offers and gathering statistics, OIP Techs., 788 F.3d at 1362-63, 115 USPQ2d at 1092-93).  
Therefore, the claim is not patent eligible.
Accordingly, claim 1, 8 and 15 are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.  
Further the limitations in the dependent claims 2 – 7, 9 – 14 and 16 – 20, respectively, merely specify the type of the data gathered and analyzed without adding significantly more. Analysis of the dependent claims is shown below.
Claim 2 is dependent on claim 1 and includes all the limitations of claim 1.  Therefore, claim 2 recites the same abstract idea of claim 1. The claim recites the additional limitation of “the trigger condition is defined within a user interface.”, which is equivalent to merely saying “apply it”, and amounts to no more than mere instructions to implement the abstract idea on a computer. Mere instructions to apply an exception using a generic computer does not amount to significantly more.  Same rationale applies to claims 9 and 16, since they also recite limitations that further elaborate on the abstract idea.
Claim 3 is dependent on claim 1 and includes all the limitations of claim 1.  Therefore, claim 3 recites the same abstract idea of claim 1. The claim recites the additional limitation of “the alert action includes at least one of generating an email, instantiating an instant messaging application, generating a notification, updating firewall information, or executing a user-defined alert action”, which is equivalent to merely saying “apply it”, and amounts to no more than mere instructions to implement the abstract idea on a computer. Mere instructions to apply an exception using a generic computer does not amount to significantly more.  Same rationale applies to claims 10 and 17, since they also recite limitations that further elaborate on the abstract idea.
Claim 4 is dependent on claim 1 and includes all the limitations of claim 1.  Therefore, claim 4 recites the same abstract idea of claim 1. The claim recites the additional limitation of “the identifying the information is based at least in part on associations between one or more data items and one or more field names.”, which is equivalent to merely saying “apply it”, and amounts to no more than mere instructions to implement the abstract idea on a computer. Mere instructions to apply an exception using a generic computer does not amount to significantly more.  Same rationale applies to claims 11 and 18, since they also recite limitations that further elaborate on the abstract idea.
Claim 5 is dependent on claim 4 and includes all the limitations of claim 4.  Therefore, claim 5 recites the same abstract idea of claim 4. The claim recites the additional limitation of “at least one token of the one or more tokens corresponds to at least one field name of the one or more field names.”, which is equivalent to merely saying “apply it”, and amounts to no more than mere instructions to implement the abstract idea on a computer. Mere instructions to apply an exception using a generic computer does not amount to significantly more.  Same rationale applies to claims 12 and 19, since they also recite limitations that further elaborate on the abstract idea.
Claim 6 is dependent on claim 1 and includes all the limitations of claim 1.  Therefore, claim 6 recites the same abstract idea of claim 1. The claim recites the additional limitation of “the generating the search result is executed based at least in part on a request from a user or at an interval.”, which is equivalent to merely saying “apply it”, and amounts to no more than mere instructions to implement the abstract idea on a computer. Mere instructions to apply an exception using a generic computer does not amount to significantly more.  Same rationale applies to claims 13 and 20, since they also recite limitations that further elaborate on the abstract idea.
Claim 7 is dependent on claim 1 and includes all the limitations of claim 1.  Therefore, claim 7 recites the same abstract idea of claim 1. The claim recites the additional limitation of “the configuration information is defined through a user interface, and wherein the configuration information specifies how the information is used to perform the one or more alert actions.”, which is equivalent to merely saying “apply it”, and amounts to no more than mere instructions to implement the abstract idea on a computer. Mere instructions to apply an exception using a generic computer does not amount to significantly more.  Same rationale applies to claim 14, since they also recite limitations that further elaborate on the abstract idea.
Therefore, claims 1 – 20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception without significantly more than the abstract idea.  






Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1 – 20 are rejected under 35 U.S.C. 102 (a)(1) as being anticipated by USPGPUB 2016/01477830 A1 isuued to Qianjie Zhong et al., (“Zhong”).

With respect to claims 1, 8 and 15, Zhong discloses a method, a system and a program product (Para [0013 and 0124]: systems and methods for managing datasets produced by alert-triggering search queries in data aggregation and analysis systems. The data storage device may include a computer-readable storage medium on which may be stored one or more sets of instructions implementing any one or more of the methods or functions described herein), comprising: 
generating a search result based at least in part on a query of a plurality of events derived from raw data (Para [0013 – 0014]: managing datasets produced by alert-triggering search queries in data aggregation and analysis systems. The aggregated source data may comprise a plurality of events. An event may be represented by a data structure that is associated with a certain point in time and comprises a portion of raw machine-generated data. The system may be configured to perform real-time indexing of the source data and to execute real-time, scheduled, or historic searches on the source data);
determining, based at least in part on the search result, that a trigger condition for generating an alert is met (Para [0015]: the data aggregation and analysis system may provide an alerting mechanism to trigger certain actions in response to an occurrence of certain conditions. An alert may be defined by a triggering condition applied to a data set produced by a search query that is executed by the system either in real time or according to a certain schedule. An alert instance may be triggered when at least a portion of the dataset returned by the search satisfies the triggering condition); 
identifying information from the search result corresponding to the alert (Para [0015]: an alert may be defined by a triggering condition applied to a data set produced by a search query that is executed by the system either in real time or according to a certain schedule. An alert instance may be triggered when at least a portion of the dataset returned by the search satisfies the triggering condition; and Para 0024]: a search query may comprise one or more search terms. Search terms may include keywords, phrases, Boolean expressions, regular expressions, field name-value pairs, etc. the data aggregation and analysis system may produce a plurality of data items from the source data in a reverse chronological order, in order to optimize search operations on more recent data); 
based at least in part on the trigger condition being met, generating a payload including one or more values determined based at least in part on the information, the one or more values included in the payload at one or more locations corresponding to one or more tokens associated with configuration information of the alert (Para [0016 & 0020]: responsive to triggering an alert instance, the system may perform one or more actions associated with the alert, and ); and requesting the portion of the dataset associated with a particular alert instance may trigger an irrecoverable error condition if the portion of the dataset has been deleted in accordance with a file retention policy. To provide a recovery mechanism in the above described scenario, an example data aggregation and analysis system may, at the time when an alert is triggered, store, in a memory, the search query associated with the alert and a time parameter associated with the instance of the alert. The time parameter may define a point in time of executing a search query that has triggered the alert instance, and/or an absolute time range associated with the search query that has triggered the alert instance. The time parameter may define the time range of data searched using the query that resulted in meeting the trigger condition, where the data is time-series data); and
causing execution of an alert action corresponding to the alert based at least in part on the payload (Para [0028]: A “scheduled” alert instance may be triggered whenever the dataset produced by executing the search query associated with the alert satisfies a certain triggering condition. The search schedule may include criteria for searching data only within a specified time period relative to when the search is performed).

As to claims 2, 9 and 16, the trigger condition is defined within a user interface (Para [0036]: an action associated with an alert may comprise creating an RSS feed including at least a portion of the dataset that has triggered the alert instance. An action associated with an alert may comprise presenting the alert via a GUI of a client computing device).
As to claims 3, 10 and 17, the alert action includes at least one of generating an email, instantiating an instant messaging application, generating a notification, updating firewall information, or executing a user-defined alert action (Para [0016]: responsive to triggering an alert instance, the system may perform one or more actions associated with the alert, such as sending an email message to certain recipients, creating a Really Simple Syndication (RSS) feed, executing a certain script, and/or presenting the alert instance via a graphical user interface (GUI) of a client computing device).
As to claims 4, 11 and 18, the identifying the information is based at least in part on associations between one or more data items and one or more field names (Para 0024]: A search query may comprise one or more search terms. Search terms may include keywords, phrases, Boolean expressions, regular expressions, field name-value pairs, etc. the data aggregation and analysis system may produce a plurality of data items from the source data in a reverse chronological order, in order to optimize search operations on more recent data).
As to claims 5, 12 and 19, at least one token of the one or more tokens corresponds to at least one field name of the one or more field names (Para [0024]: Search terms may include keywords, phrases, Boolean expressions, regular expressions, field name-value pairs, etc.).

As to claims 6, 13 and 20, the generating the search result is executed based at least in part on a request from a user or at an interval (Para [0028]: The search schedule may include criteria for searching data only within a specified time period relative to when the search is performed. Thus, the same search query may produce different results when run (according to the schedule) at different times).

As to claims 7 and 14, the configuration information is defined through a user interface, and wherein the configuration information specifies how the information is used to perform the one or more alert actions (Para [0033]: evaluating a triggering condition may comprise comparing the number of data items in the dataset produced by executing the search query associated with the alert to a certain configurable integer value. An alert instance may be triggered whenever the number of data items in the dataset produced by executing the real-time search query that monitors events within a rolling time window associated with the alert is greater then, less then, or equal to a certain configurable integer value).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Could be used as an obviousness type Office Correspondence.
USPAT 8,042,178 (Fisher): a set of instructions for generating an alert message by a remote alert message generating compute. The alert message is transferred from the remote alert message generating computer to a data processing apparatus using an alert message transferring code. A security action is automatically triggered by a security mechanism e.g. network malware scanner, of the data processing apparatus in response to the alert message using a triggering code, where the alert message includes configuration data permitting a temporary countermeasure to be established and the security action.


Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHID AL ALAM whose telephone number is (571)272-4030. The examiner can normally be reached M-F 8:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Pierre Vital can be reached on 571-272-4215. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
October 21, 2022
/SHAHID A ALAM/Primary Examiner, Art Unit 2162