DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
                                                   Response to Amendment
The Amendment filed on June 07, 2022 has been entered. Claims 1, 9 and 14 were amended. As a result, claims 1-18 are pending, of which claims 1, 9 and 14 are in independent form.

                                                    Response to Arguments
On Pages 7 and 8 of remarks, the applicant argues that there is no disclosure in cited references that “wherein the plurality of sequences is used to train the trained machine learning model to recognize a malicious action”, as amended in claims 1, 9 and 14 and the claims that depend thereon.
Applicant’s arguments, with respect to the rejection(s) of claim(s) 1,9 and 14 have been fully
considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Pliskin et al. (US 2020/0053123 A1).

                                        Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4-10, 12-15, and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Krebs (US 2019/0042737 A1) in view of Ando (JP 5749053 B2) and further in view of Pliskin et al. (US 2020/0053123 A1), hereinafter Pliskin.

In regards to claim 1, Krebs discloses a method of monitoring a processing system in an intrusion detection system (IDS), comprising:
monitoring a log file associated with the processing system (Krebs, Para. 0071, an indication of at least one potentially malicious action occurring in a secured environment monitored by an intrusion detection system can be identified. The indication of the at least one potentially malicious action may be based on an analysis of log files associated with one or more of the components included in the secure environment);
identifying a plurality of sequences within the log file (Krebs, Para. 0071, the malicious action rule sets may be based on or associated with one or more patterns to be identified from the logs themselves, including combinations of activity and values from the logs of different components); and
determining whether a cyber-attack on the IDS has occurred (Krebs, Para. 0070, Fig. 2, method 200 may be performed at or by an intrusion detection system, such as intrusion detection system 130 of FIG. 1 and Para. 0074, method 300 may be performed at or by an intrusion detection system, such as intrusion detection system 130 of FIG. 1).
Krebs fails to disclose labeling the plurality of sequences using an interface control document to create a labeled plurality of sequences;
comparing the labeled plurality of sequences with a plurality of known malicious sequences of messages;
However, Ando teaches labeling the plurality of sequences using an interface control document to create a labeled plurality of sequences (Ando, Para. 0047, at the start of the system, the reference destination definition of the white list database WL (white list) is designated as the same for all customers and Para. 0081, The mail address of the administrator on the customer side is specified in the setting file of the ICD);
comparing the labeled plurality of sequences with a plurality of known malicious sequences of messages (Ando, Para. 0042, the determination engine 33 receives and determines data extracted by
the URL extraction engine 32, but refers to the reputation database DB 2, the white list database WL, and the black list database BL to determine whether or not malware is present);
Krebs and Ando are both considered to be analogous to the claim invention because they are in the same field of detecting and notifying the user if there is an ongoing hacking process which can result in a possible cyber-attack. Therefore, it would have been to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Krebs to incorporate the teachings of Ando to include labeling the plurality of sequences using an interface control document to create a labeled plurality of sequences (Ando, Para. 0047);
comparing the labeled plurality of sequences with a plurality of known malicious sequences of messages (Ando, Para. 0042). Doing so would aid to provide a system and a method for intercepting an upload of a file in order to prevent tampering of web content. More specifically, it is possible to detect the presence of a malicious URL/ link indicating the presence of malware or the like based on the evaluation (credibility) of a group of URLs included in a file, and to prevent the publication of the file to the Web (Ando, Para. 0012).
Krebs and Ando fail to teach using a trained machine learning model to identify hacking steps within the labeled plurality of sequences with respect to the plurality of known malicious sequences of messages; wherein the plurality of sequences is used to train the trained machine learning model to recognize a malicious action; 
However, Pliskin teaches using a trained machine learning model to identify hacking steps within the labeled plurality of sequences with respect to the plurality of known malicious sequences of messages (Pliskin, Para. 0033, negatively-labeled data 222 is provided as a second input to supervised machine learning algorithm 220. Using these inputs, supervised machine learning algorithm 220 learns what constitutes a malicious sequence of resource allocations and generates a sequence classification model 214 that is utilized to classify new sequences of resource allocations provided thereto (shown as new data 224) as being a malicious sequence of resource allocations or a non-malicious sequence of resource allocation); wherein the plurality of sequences is used to train the trained machine learning model to recognize a malicious action (Pliskin, Para. 0030, Malicious resource allocation detector 130 may utilize machine learning-based techniques to determine whether a user's account has been compromised by a malicious entity to perform malicious resource allocations. For example, malicious resource allocation detector 130 may train a machine learning algorithm to generate a sequence classification model. The machine learning algorithm may be trained using one or more sequences of resource allocation operations that are known to be malicious); 
Krebs, Ando and, Pliskin are all considered to be analogous to the claim invention because they are in the same field of detecting and notifying the user if there is an ongoing hacking process which can result in a possible cyber-attack. Therefore, it would have been to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Krebs and Ando to incorporate the teachings of Pliskin to include using a trained machine learning model to identify hacking steps within the labeled plurality of sequences with respect to the plurality of known malicious sequences of messages (Pliskin, Para. 0033); wherein the plurality of sequences is used to train the trained machine learning model to recognize a malicious action (Pliskin, Para. 0030). Doing so would aid the machine learning-based algorithm to learn what constitutes a malicious resource allocation sequence and generates the sequence classification model. The sequence classification model is used to classify any sequence of resource allocation operations performed via a valid user's cloud services subscription provided thereto as being a malicious sequence or a non-malicious sequence (Pliskin, Para. 0003)

In regards to claim 2, the combination of Krebs and Ando in view of Pliskin teaches the method of claim 1, further comprising notifying a user of the cyber-attack on the IDS (Krebs, Para. 0073, the mitigation action may include notifying a particular user or administrator of the at least one potentially malicious action, automatically and without user input initiating the triggering of one or more automatic security countermeasures by the intrusion detection system or another related system, or any other suitable mitigation action).

In regards to claim 4, the combination of Krebs, Ando and Pliskin teaches the method of claim 1, wherein the log files comprise malicious messages (Krebs, Para. 0073, the indication of the at least one
potentially malicious action may be based on an analysis of log files associated with one or more of the components included in the secure environment).

In regards to claim 5, the combination of Krebs, Ando and Pliskin teaches the method of claim 1, wherein the trained machine learning model updates the IDS with the plurality of known malicious sequences of messages after the cyber-attack has occurred (Krebs, Para. 0056, the system 130 may be able to update the dynamic rule patterns 152 based on such actions, e.g., through use of the machine learning module 142 associated with the intrusion detection application 136).

In regards to claim 6, the combination of Krebs, Ando and Pliskin teaches the method of claim 1, wherein labeling the plurality of sequences provides context to the plurality of sequences (Ando, Para. 0005, a "blacklist (BL)" is a list of URLs, IP addresses, FQDN, e-mail addresses, and the like determined to be malicious. "Malware" refers to a generic name of malicious software and malicious code created in an attempt to perform fraudulent and harmful operations). Therefore, it would have been to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Krebs to incorporate the teachings of Ando to include wherein labeling the plurality of sequences provides context to the plurality of sequences (Ando, Para. 0005). Doing so would aid to provide a system and a method for intercepting an upload of a file in order to prevent tampering of web content. More specifically, it is possible to detect the presence of a malicious URL / link indicating the presence of malware or the like based on the evaluation (credibility) of a group of URLs included in a file, and to prevent the publication of the file to the Web (Ando, Para. 0012).

In regards to claim 7, the combination of Krebs, Ando and Pliskin teaches the method of claim 1, wherein the system utilizes an embedded communication protocol (Krebs, Para. 0043, for example,
Internet Protocol (IP) packets, Frame Relay frames, Asynchronous Transfer Mode (ATM) cells, voice, video, data, and other suitable information between network addresses).

In regards to claim 8, the combination of Krebs, Ando and Pliskin teaches the method of claim 1, wherein the system is an airplane, a vehicle, or a factory (Krebs, Para. 0043, the network 120 may be all ora portion of an enterprise or secured network, while in another instance, at least a portion of the network 120 may represent a connection to the Internet).

In regards to claim 9, Krebs discloses One or more non-transitory machine-readable storage media storing instructions that are executable by one or more processing devices to perform operations comprising:
monitoring a log file associated with the processing system (Krebs, Para. 0071, an indication of at least one potentially malicious action occurring in a secured environment monitored by an intrusion detection system can be identified. The indication of the at least one potentially malicious action may be based on an analysis of log files associated with one or more of the components included in the secure environment);
identifying a plurality of sequences within the log file (Krebs, Para. 0071, the malicious action rule sets may be based on or associated with one or more patterns to be identified from the logs themselves, including combinations of activity and values from the logs of different components) and
determining whether a cyber-attack on an intrusion detection system (IDS) has occurred (Krebs, Para. 0070, Fig. 2, method 200 may be performed at or by an intrusion detection system, such as intrusion detection system 130 of FIG. 1 and Para. 0074, method 300 may be performed at or by an intrusion detection system, such as intrusion detection system 130 of FIG. 1).
Krebs fails to disclose labeling the plurality of sequences using an interface control document;
comparing the log file with a plurality of known malicious sequences of messages;
However, Ando teaches labeling the plurality of sequences using an interface control document (Ando, Para. 0047, at the start of the system, the reference destination definition of the white list database WL (white list) is designated as the same for all customers and Para. 0081, The mail address of the administrator on the customer side is specified in the setting file of the ICD);
comparing the log file with a plurality of known malicious sequences of messages (Ando, Para. 0042, the determination engine 33 receives and determines data extracted by the URL extraction engine 32, but refers to the reputation database DB 2, the white list database WL, and the black list database BL to determine whether or not malware is present);
Krebs and Ando are both considered to be analogous to the claim invention because they are in the same field of detecting and notifying the user if there is an ongoing hacking process which can result in a possible cyber-attack. Therefore, it would have been to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Krebs to incorporate the teachings of Ando to include labeling the plurality of sequences using an interface control document (Ando, Para. 0047);
comparing the log file with a plurality of known malicious sequences of messages (Ando, Para. 0042). Doing so would aid to provide a system and a method for intercepting an upload of a file in order to prevent tampering of web content. More specifically, itis possible to detect the presence of a malicious URL/ link indicating the presence of malware or the like based on the evaluation (credibility)
of a group of URLs included in a file, and to prevent the publication of the file to the Web (Ando, Para. 0012).
Krebs and Ando fail to teach using a trained machine learning model to identify hacking steps within the plurality of sequences; wherein the plurality of sequences is used to train the trained machine learning model to recognize a malicious action; 
However, Pliskin teaches using a trained machine learning model to identify hacking steps within the plurality of sequences (Pliskin, Para. 0033, negatively-labeled data 222 is provided as a second input to supervised machine learning algorithm 220. Using these inputs, supervised machine learning algorithm 220 learns what constitutes a malicious sequence of resource allocations and generates a sequence classification model 214 that is utilized to classify new sequences of resource allocations provided thereto (shown as new data 224) as being a malicious sequence of resource allocations or a non-malicious sequence of resource allocation); wherein the plurality of sequences is used to train the trained machine learning model to recognize a malicious action (Pliskin, Para. 0030, Malicious resource allocation detector 130 may utilize machine learning-based techniques to determine whether a user's account has been compromised by a malicious entity to perform malicious resource allocations. For example, malicious resource allocation detector 130 may train a machine learning algorithm to generate a sequence classification model. The machine learning algorithm may be trained using one or more sequences of resource allocation operations that are known to be malicious); 
Krebs, Ando and Pliskin are all considered to be analogous to the claim invention because they are in the same field of detecting and notifying the user if there is an ongoing hacking process which can result in a possible cyber-attack. Therefore, it would have been to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Krebs and Ando to incorporate the teachings of Pliskin to include using a trained machine learning model to identify hacking steps within the plurality of sequences (Pliskin, Para. 0033); wherein the plurality of sequences is used to train the trained machine learning model to recognize a malicious action (Pliskin, Para. 0030). Doing so would aid the machine learning-based algorithm to learn what constitutes a malicious resource allocation sequence and generates the sequence classification model. The sequence classification model is used to classify any sequence of resource allocation operations performed via a valid user's cloud services subscription provided thereto as being a malicious sequence or a non-malicious sequence (Pliskin, Para. 0003).

In regards to claim 10, the combination of Krebs, Ando and Pliskin teaches the one or more non- transitory machine-readable storage media of claim 9, wherein the trained machine learning model updates the IDS with the plurality of known malicious sequences of messages after the cyber-attack has occurred (Krebs, Para. 0056, the system 130 may be able to update the dynamic rule patterns 152 based on such actions, e.g., through use of the machine learning module 142 associated with the intrusion detection application 136).

In regards to claim 12, the combination of Krebs, Ando and Pliskin teaches the one or more non- transitory machine-readable storage media of claim 9, further comprising notifying a user of the cyber- attack on the IDS (Krebs, Para. 0073, the mitigation action may include notifying a particular user or administrator of the at least one potentially malicious action, automatically and without user input initiating the triggering of one or more automatic security countermeasures by the intrusion detection system or another related system, or any other suitable mitigation action).

In regards to claim 13, the combination of Krebs, Ando and Pliskin teaches the one or more non- transitory machine-readable storage media of claim 9, wherein labeling the plurality of sequences provides context to the plurality of sequences (Ando, Para. 0005, a "blacklist (BL)" is a list of URLs, IP addresses, FQDN, e-mail addresses, and the like determined to be malicious. "Malware" refers to a generic name of malicious software and malicious code created in an attempt to perform fraudulent and harmful operations). Therefore, it would have been to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Krebs to incorporate the teachings of
Ando to include wherein labeling the plurality of sequences provides context to the plurality of sequences (Ando, Para. 0005). Doing so would aid to provide a system and a method for intercepting an upload of a file in order to prevent tampering of web content. More specifically, it is possible to detect the presence of a malicious URL/ link indicating the presence of malware or the like based on the evaluation (credibility) of a group of URLs included in a file, and to prevent the publication of the file to the Web (Ando, Para. 0012).

In regards to claim 14, Krebs discloses an intrusion detection system (IDS) for monitoring a processing system comprising:
an input-output device for receiving a log file associated with the processing system (Krebs, Para. 0007, obtaining the log files associated with the lifecycle operations executed by the lifecycle operations manager); and
a processor for (Krebs, Para. 0013):
a) identifying a plurality of sequences within the log file (Krebs, Para. 0071, an indication of at least one potentially malicious action occurring in a secured environment monitored by an intrusion detection system can be identified. The indication of the at least one potentially malicious action may be based on an analysis of log files associated with one or more of the components included in the secure environment); and
e) determining whether a cyber-attack on the IDS has occurred (Krebs, Para. 0070, Fig. 2, method 200 may be performed at or by an intrusion detection system, such as intrusion detection system 130 of FIG. 1 and Para. 0074, method 300 may be performed at or by an intrusion detection system, such as intrusion detection system 130 of FIG. 1).
Krebs fails to disclose b) labeling the plurality of sequences using an interface control document to create a labeled plurality of sequences;
c) comparing the labeled plurality of sequences with a plurality of known malicious sequences of messages;
However, Ando teaches b) labeling the plurality of sequences using an interface control document to create a labeled plurality of sequences (Ando, Para. 0047, at the start of the system, the reference destination definition of the white list database WL (white list) is designated as the same for all customers and Para. 0081, The mail address of the administrator on the customer side is specified in the setting file of the ICD);
c) comparing the labeled plurality of sequences with a plurality of known malicious sequences of messages (Ando, Para. 0042, the determination engine 33 receives and determines data extracted by the URL extraction engine 32, but refers to the reputation database DB 2, the white list database WL, and the black list database BL to determine whether or not malware is present);
Krebs and Ando are both considered to be analogous to the claim invention because they are in the same field of detecting and notifying the user if there is an ongoing hacking process which can result in a possible cyber-attack. Therefore, it would have been to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Krebs to incorporate the teachings of Ando to include labeling the plurality of sequences using an interface control document to create a labeled plurality of sequences (Ando, Para. 0047);
c) comparing the labeled plurality of sequences with a plurality of known malicious sequences of messages (Ando, Para. 0042). Doing so would aid to provide a system and a method for intercepting an upload of a file in order to prevent tampering of web content. More specifically, it is possible to detect the presence of a malicious URL/ link indicating the presence of malware or the like based on the evaluation (credibility) of a group of URLs included in a file, and to prevent the publication of the file to the Web (Ando, Para. 0012).
Krebs and Ando fail to teach using a trained machine learning model to identify hacking steps within the labeled plurality of sequences with respect to the plurality of known malicious sequences of messages; wherein the plurality of sequences is used to train the trained machine learning model to recognize a malicious action; 
However, Pliskin teaches using a trained machine learning model to identify hacking steps within the labeled plurality of sequences with respect to the plurality of known malicious sequences of messages (Pliskin, Para. 0033, negatively-labeled data 222 is provided as a second input to supervised machine learning algorithm 220. Using these inputs, supervised machine learning algorithm 220 learns what constitutes a malicious sequence of resource allocations and generates a sequence classification model 214 that is utilized to classify new sequences of resource allocations provided thereto (shown as new data 224) as being a malicious sequence of resource allocations or a non-malicious sequence of resource allocation); wherein the plurality of sequences is used to train the trained machine learning model to recognize a malicious action (Pliskin, Para. 0030, Malicious resource allocation detector 130 may utilize machine learning-based techniques to determine whether a user's account has been compromised by a malicious entity to perform malicious resource allocations. For example, malicious resource allocation detector 130 may train a machine learning algorithm to generate a sequence classification model. The machine learning algorithm may be trained using one or more sequences of resource allocation operations that are known to be malicious); 
Krebs, Ando and Pliskin are all considered to be analogous to the claim invention because they are in the same field of detecting and notifying the user if there is an ongoing hacking process which can result in a possible cyber-attack. Therefore, it would have been to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Krebs and Ando to incorporate the teachings of Pliskin to include using a trained machine learning model to identify hacking steps within the labeled plurality of sequences with respect to the plurality of known malicious sequences of messages (Pliskin, Para. 0033); wherein the plurality of sequences is used to train the trained machine learning model to recognize a malicious action (Pliskin, Para. 0030). Doing so would aid the machine learning-based algorithm to learn what constitutes a malicious resource allocation sequence and generates the sequence classification model. The sequence classification model is used to classify any sequence of resource allocation operations performed via a valid user's cloud services subscription provided thereto as being a malicious sequence or a non-malicious sequence (Pliskin, Para. 0003).

In regards to claim 15, the combination of Krebs, Ando and Pliskin teaches the IDS of claim 14, wherein the trained machine learning model updates the IDS with the plurality of known malicious sequences of messages after the cyber-attack has occurred (Krebs, Para. 0056, the system 130 may be able to update the dynamic rule patterns 152 based on such actions, e.g., through use of the machine learning module 142 associated with the intrusion detection application 136).

In regards to claim 17, the combination of Krebs, Ando and Pliskin teaches the IDS of claim 14, further comprising notifying a user of the cyber-attack on the IDS (Krebs, Para. 0073, the mitigation action may include notifying a particular user or administrator of the at least one potentially malicious action, automatically and without user input initiating the triggering of one or more automatic security countermeasures by the intrusion detection system or another related system, or any other suitable mitigation action).

In regards to claim 18, the combination of Krebs, Ando and Pliskin teaches the IDS of claim 14, wherein labeling the plurality of sequences provides context to the plurality of sequences (Ando, Para. 0005, a "blacklist (BL)" is a list of URLs, IP addresses, FQDN, e-mail addresses, and the like determined to be malicious. "Malware" refers to a generic name of malicious software and malicious code created in an attempt to perform fraudulent and harmful operations). Therefore, it would have been to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Krebs to incorporate the teachings of Ando to include, wherein labeling the plurality of sequences provides context to the plurality of sequences (Ando, Para. 0005). Doing so would aid to provide a system and a method for intercepting an upload of a file in order to prevent tampering of web content. More specifically, it is possible to detect the presence of a malicious URL / link indicating the presence of malware or the like based on the evaluation (credibility) of a group of URLs included in a file, and to prevent the publication of the file to the Web (Ando, Para. 0012).

Claims 3, 11 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Krebs (US 2019/0042737 A1) and Ando (JP 5749053 B2) in view of Pliskin et al. (US 2020/0053123 A1), hereinafter Pliskin and further in view of Dash et al. (US 10,963,590 B1), hereinafter Dash.

In regards to claim 3, the combination of Krebs, Ando, and Pliskin fails to teach the method of claim 1, wherein the log file comprises a plurality of communication protocols.
However, Dash teaches wherein the log file comprises a plurality of communication protocols (Dash, Col. 6, lines 2-4, the log file 300 may include Internet Protocol addresses and / or hostnames of network solve this problem. devices 120 (1) -120 (N)).
Krebs, Ando, Pliskin and Dash are all considered to be analogous to the claim invention because they are in the same field of detecting and notifying the user if there is an ongoing hacking process which can result in a possible cyber-attack. Therefore, it would have been to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Krebs, Ando and Pliskin to incorporate the teachings of Dash to include wherein the log file comprises a plurality of communication protocols. (Dash, Col. 6, lines 2-4). Doing so would aid to share service request documents with third- party technical resolution systems (e.g., automated processes running on servers of private companies or cloud providers, academics, etc.) having specific capabilities for addressing (identifying a solution for) certain technical issues. Publishing service request documents would lead to improved innovation, analysis, and pattern detection of technical issues and resolutions for those technical issues (Dash, Col.3, lines 34-45).

In regards to claim 11, the combination of Krebs, Ando, and Pliskin fails to teach the one or more non-transitory machine-readable storage media of claim 9, wherein the log file comprises a plurality of communication protocols.
However, Dash teaches wherein the log file comprises a plurality of communication protocols (Dash, Col. 6, lines 2-4, the log file 300 may include Internet Protocol addresses and / or hostnames of network solve this problem. devices 120 (1) -120 (N)).
Krebs, Ando, Pliskin and Dash are all considered to be analogous to the claim invention because they are in the same field of detecting and notifying the user if there is an ongoing hacking process which can result in a possible cyber-attack. Therefore, it would have been to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Krebs, Ando and Pliskin to incorporate the teachings of Dash to include wherein the log file comprises a plurality of communication protocols (Dash, Col. 6, lines 2-4). Doing so would aid to share service request documents with third- party technical resolution systems (e.g., automated processes running on servers of private companies or cloud providers, academics, etc.) having specific capabilities for addressing (identifying a solution for) certain technical issues. Publishing service request documents would lead to improved innovation, analysis, and pattern detection of technical issues and resolutions for those technical issues (Dash, Col.3, lines 34-45).

In regards to claim 16, the combination of Krebs, Ando, and Pliskin fails to teach the IDS of claim 14, wherein the log file comprises a plurality of communication protocols.
However, Dash teaches wherein the log file comprises a plurality of communication protocols (Dash, Col. 6, lines 2-4, the log file 300 may include Internet Protocol addresses and / or hostnames of network solve this problem. devices 120 (1) -120 (N)).
Krebs, Ando, Pliskin and Dash are all considered to be analogous to the claim invention because they are in the same field of detecting and notifying the user if there is an ongoing hacking process which can result in a possible cyber-attack. Therefore, it would have been to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Krebs, Ando and Pliskin to incorporate the teachings of Dash to include wherein the log file comprises a plurality of communication protocols (Dash, Col. 6, lines 2-4). Doing so would aid to share service request documents with third- party technical resolution systems (e.g., automated processes running on servers of private companies or cloud providers, academics, etc.) having specific capabilities for addressing (identifying a solution for) certain technical issues. Publishing service request documents would lead to improved innovation, analysis, and pattern detection of technical issues and resolutions for those technical issues (Dash, Col.3, lines 34-45).


                                                             Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GITA FARAMARZI whose telephone number is (571) 272-0248. The examiner can normally be reached 9:30 AM- 6:30 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached on (571) 272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from
Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/G.F./
Examiner, Art Unit 2496
/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496