HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPDownload PDFPatent Trials and Appeals BoardJun 14, 20212020001904 (P.T.A.B. Jun. 14, 2021) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 15/033,144 04/29/2016 Eran SAMUNI 90199881 8470 146568 7590 06/14/2021 MICRO FOCUS LLC 500 Westover Drive #12603 Sanford, NC 27330 EXAMINER ALMEIDA, DEVIN E ART UNIT PAPER NUMBER 2492 NOTIFICATION DATE DELIVERY MODE 06/14/2021 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): software.ip.mail@microfocus.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte ERAN SAMUNI, DANIEL ADRIAN, and YOHAY GOLAN Appeal 2020-001904 Application 15/033,144 Technology Center 2400 Before ROBERT E. NAPPI, BETH Z. SHAW, and NORMAN H. BEAMER, Administrative Patent Judges. SHAW, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Pursuant to 35 U.S.C. § 134(a), Appellant1 appeals from the Examiner’s decision to reject claims 1–17. We have jurisdiction under 35 U.S.C. § 6(b). We AFFIRM. 1 We use the word Appellant to refer to “applicant” as defined in 37 C.F.R. § 1.42(a). Appellant identifies the real party in interest as EntIT Software LLC. Appeal Br. 3. Appeal 2020-001904 Application 15/033,144 2 CLAIMED SUBJECT MATTER The claims are directed to log analysis based on user activity volume. Claim 1, reproduced below, is illustrative of the claimed subject matter: 1. A log analysis system comprising: a processor; and a memory to store instructions that, when executed by the processor, cause the processor to: monitor user activity of a computer system; generate an expected baseline of a log based on historical log activity, wherein the log comprises event messages describing states experienced by the computer system; compare the log to the expected baseline to identify an abnormality; compare the abnormality to a user activity volume based on a correlation between the user activity volume and the log activity; and classify the log based on the abnormality, the correlation, and the user activity volume. Appeal Br. 19 (Claims App’x.). REFERENCES The prior art relied upon by the Examiner is: Name Reference Date Takemori US 2004/0250169 Al Dec. 9, 2004 Dai US 2011/0023120 Al Jan. 27, 2011 Cohen US 2012/0016886 Al Jan. 19, 2012 Ayyagari US 2013/0305357 A1 Nov. 14, 2013 REJECTIONS Claims 1, 6, 9, and 11 are rejected under 35 U.S.C. § 103 as being unpatentable over Ayyagari and Takemori. Appeal 2020-001904 Application 15/033,144 3 Claims 2–5, 7, 8, 10, 12, and 14–17 are rejected under 35 U.S.C. § 103 as being unpatentable over Ayyagari, Takemori, and Cohen. Claim 13 is rejected under 35 U.S.C. § 103 as being unpatentable over Ayyagari, Takemori, Cohen, and Dai. OPINION We have reviewed the Examiner’s rejections in light of Appellant’s arguments that the Examiner has erred. We are not persuaded by Appellant’s contentions that the Examiner erred. We agree with and adopt the Examiner’s findings and conclusions in the Final Rejection and Answer. See Final Act. 2–17; Ans. 3–12. Independent Claim 1 Appellant argues that “[i]nstead of classifying logs, Ayyagari discusses network security threat detection based on behavior profiles for users and nodes.” Appeal Br. 9. Appellant argues that “although the node profiles may, arguendo, may be based in part on logged activity, the logs discussed in Ayyagari are not classified, as set forth in claim 1.” Id. at 10. Appellant argues that “Ayyagari fails to, however, in any of these discussions of logs or logging, discuss generating a baseline for a log or classifying a log, where the log includes event messages describing states executed by a computer system.” Id. We are not persuaded by these arguments. First, we agree with the Examiner’s findings that Ayyagari teaches generating a baseline for a log because it teaches monitoring user behavior on a node to create a baseline profile. Ans. 3 (citing Ayyagari ¶¶ 81, 88, 97). Moreover, the Examiner finds, and we agree, that Ayyagari teaches “classify the log based on the Appeal 2020-001904 Application 15/033,144 4 abnormality, the correlation, and the user activity volume,” as recited in claim 1. Ans. 5 (citing Ayyagari ¶¶ 130–132, Fig. 17). In particular, Ayyagari teaches that a processor flags an event associated with the difference between the behavior profile for a user and the baseline profile for the user 2400, when the difference: exceeds a baseline threshold level, does not exceed a baseline threshold level, meets at least one criterion, or does not meet at least one criterion 2500. See Ayyagari ¶ 130, Fig. 17. The processor then classifies the event to an event classification 2600. Id. Appellant does not respond to these findings or conclusions set forth in the Answer, and we are not persuaded of error in them. Accordingly, we sustain the rejection of claim 1. Independent Claim 6 Regarding independent claim 6, Appellant argues “Ayyagari does not disclose or render obvious generating an expected baseline of a log, much less generating a graph that represents such an expected baseline.” Appeal Br. 12. We are not persuaded by this argument because as the Examiner finds, and we agree, the graph line 430 in Figure 17 of Ayyagari teaches an expected baseline of log activity of a computer system. Ans. 6. Accordingly, we sustain the rejection of claim 6. Dependent Claim 9 Regarding dependent claim 9, as the Examiner explains, the disputed limitation is not recited in claim 9. Ans. 7. Moreover, we agree with and adopt the Examiner’s findings and conclusions regarding dependent claim 9. Ans. 7–8. Appellant does not respond to these findings or conclusions set Appeal 2020-001904 Application 15/033,144 5 forth in the Answer, and we are not persuaded of error in them. Accordingly, we sustain the rejection of claim 9. Remaining Pending Claims Regarding claims 2–4, 7, and 11, Appellant disputes the Examiner’s findings and conclusions. Appeal Br. 13–17. We agree with and adopt the Examiner’s findings and conclusions. Ans. 7–8. Appellant does not respond to these findings or conclusions set forth in the Answer, and we are not persuaded of error in them. Accordingly, we sustain the rejection of claims 2–4, 7, and 11. We also sustain the Examiner’s obviousness rejections of claims 5, 8, 10, and 12–17. Despite nominally arguing these claims separately, Appellant reiterates similar arguments made in connection with other claims, and alleges that the additional cited prior art fails to cure those purported deficiencies. Appeal Br. 18. We are not persuaded by these arguments for the reasons previously discussed. CONCLUSION We affirm the Examiner’s rejections. DECISION SUMMARY In summary: Claim(s) Rejected 35 U.S.C. § Reference(s)/Basis Affirmed Reversed 1, 6, 9, 11 103 Ayyagari, Takemori 1, 6, 9, 11 Appeal 2020-001904 Application 15/033,144 6 2–5, 7, 8, 10, 12, 14– 17 103 Ayyagari, Takemori, Cohen 2–5, 7, 8, 10, 12, 14– 17 13 103 Ayyagari, Takemori, Cohen, Dai 13 Overall Outcome 1–17 TIME PERIOD FOR RESPONSE No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). See 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED Copy with citationCopy as parenthetical citation
