DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
In response to communications filed on 23 April 2025, claims 1-20 are presently pending in the application, of which, claims 1, 10 and 18 are presented in independent form.
Priority
The Examiner acknowledges the instant application claims priority under 35 U.S.C. 119(e) to U.S. Provisional Application No. 63/640,264, filed 30 April 2024, and has been accorded the earliest effective file date.
Drawings
The drawings, filed 23 April 2025, have been reviewed and accepted by the Examiner.
Specification
The title of the invention is not descriptive. A new title is required that is clearly indicative of the invention to which the claims are directed.
The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claims 1-20 are rejected under 35 U.S.C. 102(a)(1)/(a)(2) as being unpatentable by Cohen, Tai, et al (U.S. 7,673,340 and known hereinafter as Cohen).
As per claim 1, Cohen teaches a system comprising:
one or more processors (Cohen, see Figure 2, which discloses one or more processing units.); and
one or more memories including instructions executable by the one or more processors to cause the one or more processors (Cohen, see Figure 2, which discloses one or more processing units coupled to one or more volatile or non-volatile memory and a system bus.) to:
receive an input record, wherein the input record includes a duration load value and a unique customer identifier (Cohen, see column 14, line 15 to column 14, line 65, which discloses the sessions unit traverses the log entries from the time period being analyzed and constructs sessions for each uniquely identifiable usage of the system by a unique user);
load a configuration file comprising commands (e.g. Cohen, see column 20, line 52 to column 21, line 35, which discloses state machine snapshot builder creates a model graph according to the configuration in the current state machine through a graph creation command file.) that cause the processor to:
query a data source to extract application log data associated with the unique customer identifier and recorded within the duration load value (e.g. Cohen, see column 21, line 50 to column 22, line 40, which discloses log source represents the log source concept of the activity analysis system, where the user-defined name is a name that is displayed to identify the log source to the user of the activity application system the URI uniquely identifies the log source in the event log files. Additionally, the event log of the log source has an associated sequence of log entries built from event logs that have been added to the system, where the log sources are stored in a log source repository and within the log source the log entries are stored in a log repository, which may be queried to retrieve attributes that are specific to the log source over a duration of time.); and
map the application log data to transaction graph data comprising a set of components connected by a set of edges, wherein a combination of the set of components defines a type of transaction and each edge in the set of edges represents a relationship between connected components of the set of components (Cohen, see column 14, line 15 to column 14, line 65, which discloses if the time period spans more than one state machine snapshot for a presentation model of the project, then the graph unit constructs (e.g. maps) the nodes in the graph from multiple state machine snapshots, thus a node generated by the graph units and the corresponding links (e.g. edges) have a discrete lifetime for which they are valid in the graph. Additionally, Cohen, see column 14, line 13-25, discloses the projects unit creates projects that include at least one presentation model state machine and its log source. The project unit will create a project including more than one presentation model to track user interaction across multiple presentation models of multiple sub-systems.);
traverse the transaction graph data to identify one or more anomalous components in the transaction graph data (Cohen, see column 14, line 60 to column 15, line 65, which discloses the sessions unit is adapted to permit construction of a model of user behavior as a sequence of states in the presentation graph and application graphs that the user traversed over a predetermined period of time.), wherein each component of the transaction graph data is accessible by traversing the set of edges (Cohen, see column 14, line 60 to column 15, line 65, which discloses the sessions unit traverses the log entries from the time period being analyzed and constructs sessions for each uniquely identifiable usage of the system by a unique user); and
output a signal associated with an indication of the one or more identified anomalous components (e.g. Cohen, see column 11, line 25-55, which discloses the user interface provides inputs and receives outputs, which are displayed to the presentation model of the system modeling unit.).
As per claim 10, Cohen teaches a method comprising:
receive an input record, wherein the input record includes a duration load value and a unique customer identifier (Cohen, see column 14, line 15 to column 14, line 65, which discloses the sessions unit traverses the log entries from the time period being analyzed and constructs sessions for each uniquely identifiable usage of the system by a unique user);
load a configuration file comprising commands (e.g. Cohen, see column 20, line 52 to column 21, line 35, which discloses state machine snapshot builder creates a model graph according to the configuration in the current state machine through a graph creation command file.) that cause the processor to:
query a data source to extract application log data associated with the unique customer identifier and recorded within the duration load value (e.g. Cohen, see column 21, line 50 to column 22, line 40, which discloses log source represents the log source concept of the activity analysis system, where the user-defined name is a name that is displayed to identify the log source to the user of the activity application system the URI uniquely identifies the log source in the event log files. Additionally, the event log of the log source has an associated sequence of log entries built from event logs that have been added to the system, where the log sources are stored in a log source repository and within the log source the log entries are stored in a log repository, which may be queried to retrieve attributes that are specific to the log source over a duration of time.); and
map the application log data to transaction graph data comprising a set of components connected by a set of edges, wherein a combination of the set of components defines a type of transaction and each edge in the set of edges represents a relationship between connected components of the set of components (Cohen, see column 14, line 15 to column 14, line 65, which discloses if the time period spans more than one state machine snapshot for a presentation model of the project, then the graph unit constructs (e.g. maps) the nodes in the graph from multiple state machine snapshots, thus a node generated by the graph units and the corresponding links (e.g. edges) have a discrete lifetime for which they are valid in the graph. Additionally, Cohen, see column 14, line 13-25, discloses the projects unit creates projects that include at least one presentation model state machine and its log source. The project unit will create a project including more than one presentation model to track user interaction across multiple presentation models of multiple sub-systems.);
traverse the transaction graph data to identify one or more anomalous components in the transaction graph data (Cohen, see column 14, line 60 to column 15, line 65, which discloses the sessions unit is adapted to permit construction of a model of user behavior as a sequence of states in the presentation graph and application graphs that the user traversed over a predetermined period of time.), wherein each component of the transaction graph data is accessible by traversing the set of edges (Cohen, see column 14, line 60 to column 15, line 65, which discloses the sessions unit traverses the log entries from the time period being analyzed and constructs sessions for each uniquely identifiable usage of the system by a unique user); and
output a signal associated with an indication of the one or more identified anomalous components (e.g. Cohen, see column 11, line 25-55, which discloses the user interface provides inputs and receives outputs, which are displayed to the presentation model of the system modeling unit.).
As per claim 18, Cohen teaches a non-transitory computer-readable medium comprising program code that is executable by a processor to cause the processor (Cohen, see Figure 2, which discloses one or more processing units coupled to one or more volatile or non-volatile memory and a system bus.) to:
receive an input record, wherein the input record includes a duration load value and a unique customer identifier (Cohen, see column 14, line 15 to column 14, line 65, which discloses the sessions unit traverses the log entries from the time period being analyzed and constructs sessions for each uniquely identifiable usage of the system by a unique user);
load a configuration file comprising commands (e.g. Cohen, see column 20, line 52 to column 21, line 35, which discloses state machine snapshot builder creates a model graph according to the configuration in the current state machine through a graph creation command file.) that cause the processor to:
query a data source to extract application log data associated with the unique customer identifier and recorded within the duration load value (e.g. Cohen, see column 21, line 50 to column 22, line 40, which discloses log source represents the log source concept of the activity analysis system, where the user-defined name is a name that is displayed to identify the log source to the user of the activity application system the URI uniquely identifies the log source in the event log files. Additionally, the event log of the log source has an associated sequence of log entries built from event logs that have been added to the system, where the log sources are stored in a log source repository and within the log source the log entries are stored in a log repository, which may be queried to retrieve attributes that are specific to the log source over a duration of time.); and
map the application log data to transaction graph data comprising a set of components connected by a set of edges, wherein a combination of the set of components defines a type of transaction and each edge in the set of edges represents a relationship between connected components of the set of components (Cohen, see column 14, line 15 to column 14, line 65, which discloses if the time period spans more than one state machine snapshot for a presentation model of the project, then the graph unit constructs (e.g. maps) the nodes in the graph from multiple state machine snapshots, thus a node generated by the graph units and the corresponding links (e.g. edges) have a discrete lifetime for which they are valid in the graph. Additionally, Cohen, see column 14, line 13-25, discloses the projects unit creates projects that include at least one presentation model state machine and its log source. The project unit will create a project including more than one presentation model to track user interaction across multiple presentation models of multiple sub-systems.);
traverse the transaction graph data to identify one or more anomalous components in the transaction graph data (Cohen, see column 14, line 60 to column 15, line 65, which discloses the sessions unit is adapted to permit construction of a model of user behavior as a sequence of states in the presentation graph and application graphs that the user traversed over a predetermined period of time.), wherein each component of the transaction graph data is accessible by traversing the set of edges (Cohen, see column 14, line 60 to column 15, line 65, which discloses the sessions unit traverses the log entries from the time period being analyzed and constructs sessions for each uniquely identifiable usage of the system by a unique user); and
output a signal associated with an indication of the one or more identified anomalous components (e.g. Cohen, see column 11, line 25-55, which discloses the user interface provides inputs and receives outputs, which are displayed to the presentation model of the system modeling unit.).
As per claims 2 and 11, Cohen teaches the system of claim 1 and the method of claim 10, respectively, wherein each component of the set of components comprises a computing action associated with the type of transaction (Cohen, see column 14, line 15 to column 14, line 65, which discloses the sessions unit traverses the log entries from the time period being analyzed and constructs sessions for each uniquely identifiable usage of the system by a unique user).
As per claims 3 and 12, Cohen teaches the system of claim 1 and the method of claim 10, respectively, wherein the duration load value comprises a start load value and an end load value defining a timing window, wherein the system is further configured to:
filter the application log data to remove application log data that is outside the timing window (Cohen, see column 14, line 15 to column 14, line 65, which discloses if the time period spans more than one state machine snapshot for a presentation model of the project, then the graph unit constructs (e.g. maps) the nodes in the graph from multiple state machine snapshots, thus a node generated by the graph units and the corresponding links (e.g. edges) have a discrete lifetime for which they are valid in the graph.).
As per claims 4 and 13, Cohen teaches the system of claim 3 and the method of claim 12, respectively, wherein the set of components are hierarchically arranged in the transaction graph data based on the timing window, such that each component is ordered in a sequential order, wherein the system is further configured to:
output, for display on a user computing device, a visualization object associated with the transaction graph data (e.g. Cohen, see column 11, line 25-55, which discloses the user interface provides inputs and receives outputs, which are displayed to the presentation model of the system modeling unit.).
As per claim 5, Cohen teaches the system of claim 1, wherein the input record comprises a file comprising comma separated values (Cohen, see column 36, lines 30-65, which discloses node encodings which are used to delineate the attribute value for the graph edges.).
As per claims 6 and 14, Cohen teaches the system of claim 1 and the method of claim 10, respectively, wherein the system is further configured to:
generate a script to write the transaction graph data into a transaction graph database thereby generating a transaction graph (e.g. Cohen, see column 21, line 50 to column 22, line 40, which discloses log source represents the log source concept of the activity analysis system, where the user-defined name is a name that is displayed to identify the log source to the user of the activity application system the URI uniquely identifies the log source in the event log files. Additionally, the event log of the log source has an associated sequence of log entries built from event logs that have been added to the system, where the log sources are stored in a log source repository and within the log source the log entries are stored in a log repository, which may be queried to retrieve attributes that are specific to the log source over a duration of time.).
As per claims 7, 15, and 19, Cohen teaches the system of claim 1, the method of claim 10, and the non-transitory computer-readable medium of claim 18, respectively, wherein each component in the set of components comprises a respective application log data extracted based on the duration load value, wherein the respective application log data comprises an event status field defining a success or a failure of a computing action associated with the component (Cohen, see column 14, line 15 to column 14, line 65, which discloses if the time period spans more than one state machine snapshot for a presentation model of the project, then the graph unit constructs (e.g. maps) the nodes in the graph from multiple state machine snapshots, thus a node generated by the graph units and the corresponding links (e.g. edges) have a discrete lifetime for which they are valid in the graph. Additionally, Cohen, see column 14, line 13-25, discloses the projects unit creates projects that include at least one presentation model state machine and its log source. The project unit will create a project including more than one presentation model to track user interaction across multiple presentation models of multiple sub-systems.).
As per claims 8, 17, and 20, Cohen teaches the system of claim 7, the method of claim 15, and the non-transitory computer-readable medium of claim 19, respectively, wherein the system of further configured to:
analyze each event status field for each component (e.g. Cohen, see column 37, line 45-65, which discloses analyzing the task topic for the component); and
label each component comprising a failed event status field as anomalous (e.g. Cohen, see column 36, lines 32-50, which discloses the nodes are shown and a text label with different background and shadow setting are provided for the event status as visual attributes.).
As per claims 9 and 16, Cohen teaches the system of claim 1 and the method of claim 10, respectively, wherein the system is further configured to:
transform the application log data to a structured format prior to mapping the application log data to transaction graph data (Cohen, see column 14, line 15 to column 14, line 65, which discloses if the time period spans more than one state machine snapshot for a presentation model of the project, then the graph unit constructs (e.g. maps) the nodes in the graph from multiple state machine snapshots, thus a node generated by the graph units and the corresponding links (e.g. edges) have a discrete lifetime for which they are valid in the graph. Additionally, Cohen, see column 14, line 13-25, discloses the projects unit creates projects that include at least one presentation model state machine and its log source. The project unit will create a project including more than one presentation model to track user interaction across multiple presentation models of multiple sub-systems.).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure. See attached PTO-892 that includes additional prior art of record describing the general state of the art in which the invention is directed to.
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FARHAN M SYED whose telephone number is (571)272-7191. The examiner can normally be reached M-F 8:30AM-5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Apu Mofiz can be reached at 571-272-4080. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/FARHAN M SYED/Primary Examiner, Art Unit 2161 April 3, 2026
Prosecution Insights