DETAILED ACTION
This Office Action is in response to the application 16/410,609 filed on 05/13/2019.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 have been examined and are pending in this application. Claims 1 and 13 are independent.	
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Mikheev et al (“Mikheev,” US 2016/0134619, published on 05/12/2016), in view of Kirti et al (“Kirti,” US 2017/0251013, published on 10/31/2017).
As to claim 1, Mikheev teaches a method for resource appropriation in a multi-tenant computing environment (Mikheev: pars 0029, 0034, 0041; Fig 1, 2, a cloud based multi-tenant platform to access a customer's account and associated data and applications), the method comprising:
(a)    assigning, by a server, a first allocation of resource tokens to an application of a plurality of applications in a multi-tenant computing environment, the resource tokens corresponding to access privileges to a plurality of resources of the multi-tenant computing environment allocated to the application, and the multi-tenant computing environment receiving a plurality of requests from a plurality of clients for the plurality of applications (Mikheev: pars 0029, 0034, 0041-0045; Fig 1, 2, a multiple tenant request access, over multiple user interfaces, for the service to provide access to applications and data for a user or "tenant" of the service. Par 0068, Tenant Management application auto-generate temporary credentials [i.e. token, first allocated] in each tenant instance,);
(b)    monitoring, by the server, requests executed by the application using the resource tokens and the plurality of resources corresponding to the resource tokens, the requests received by one or more clients of the plurality of clients (Mikheev: pars 0029, 0034, 0041-0045; the multi-tenant system provide the each tenant with the access to the requested services associated with one or applications and the allocated tenant data store after performing authentication of the user using tenant’s account information. Par 0068, Tenant Management application auto-generate temporary credentials [i.e. first allocated resource token] in each tenant instance, with those credentials generated at the time of access);
(c)    determining, by the server, metrics corresponding to the requests executed by the application, the metrics comprising characteristics of the requests and characteristics of execution by the application (Mikheev: pars 0034, 0041-0045, 0047, 0054; the system identify and categorized the type of applications that are requested for access, and the level of the services that the application provides, and implement necessary level of authentication process required).
Mikheev does not explicitly teach (d) generating, by the server, a risk model to identify a risk score for the application using the request characteristics and the execution characteristics;
(e)    generating, by the server, a value model to identify a value score for the application using properties of the application and properties of the one or more clients of the plurality of clients that generated the requests; and
(f)    using, by the server, the risk model and the value model to determine and provide a second allocation of the resource tokens for the application, wherein a difference between the first allocation and the second allocation corresponds to a difference between the risk score generated by the risk model and the value score generated by the value model properties of the one or more clients of the plurality of clients that generated the requests.
However, in an analogous art, Kirti teaches (d)    generating, by the server, a risk model to identify a risk score for the application using the request characteristics and the execution characteristics (Kirti: pars 0010-0012, 0120-0121, 0128-0129, a security monitoring system in a cloud service providing environment compute a measure of security for an application ("an application risk score"));
(e)    generating, by the server, a value model to identify a value score for the application using properties of the application and properties of the one or more clients of the plurality of clients that generated the requests (Kirti: pars 0010-0012, 0120-0121, 0128-0129, a score is analyzed by the security monitoring system in the cloud service providing environment to determine a threat of security posed by the application based on use of the application. Where the system computes a measure of security for an application ("an application risk score") [i.e. properties of the application] and a user ("a user risk score") [i.e. properties of the one or more clients]); and
(f)    using, by the server, the risk model and the value model to determine and provide a second allocation of the resource tokens for the application, wherein a difference between the first allocation and the second allocation corresponds to a difference between the risk score generated by the risk model and the value score generated by the value model properties of the one or more clients of the plurality of clients that generated the requests (Kirti: pars 0010-0012, 0120-0121, 0189,  generates a risk event or security threat and alert to change the access and authentication policy from lower level to higher level or change operation to prevent access to particular applications [i.e. implementation of second allocation of the resource tokens).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kirti with the method/system of Mikheev for the benefit of providing a user with a means for using an analytical score based on the application risk factor and associated user’s risk factor to (Kirti: pars 0010-0012, 0120-0121, 0189). 
As to claim 2, the combination of Mikheev and Kirti teaches the method of claim 1, 
Mikheev and Kirti further teaches wherein (a) further comprises mapping, by the server, each of the resource tokens to at least one resource of the plurality of resources (Mikheev: par 0068, Tenant Management application auto-generate temporary credentials [i.e. first allocated resource token] in each tenant instance, with those credentials generated at the time of access. Kirti: pars 0091, 0230, token are used in providing access authorization).
As to claim 3, the combination of Mikheev and Kirti teaches the method of claim 1, 
Mikheev further teaches wherein (c) further comprises determining, by the server, the metrics corresponding to the requests executed by the application in real-time (Mikheev: pars 0034, 0041-0045, 0047, 0054; the system identify and categorized the type of applications that are requested for access, and the level of the services that the application provides).
As to claim 4, the combination of Mikheev and Kirti teaches the method of claim 1, 
Kirti further teaches wherein (c) further comprises: determining a processing duration value and a memory utilization profile for the application corresponding to the requests executed by the application; and generating a request history profile for the (Kirti: 0057: provides access control to applications reducing security risks and/or minimize inefficient or undesirable consumption of computing resources (e.g., bandwidth and memory usage)).
As to claim 5, the combination of Mikheev and Kirti teaches the method of claim 1,  
Mikheev further teaches wherein (c) further comprises: generating a client application profile for the application corresponding to a listing of clients interacting with the application (Mikheev: pars 0029, 0034, 0041-0045; the multi-tenant system provide the each tenant with the access to the requested services associated with one or applications and the allocated tenant data store after performing authentication of the user using tenant’s account information).
As to claim 6, the combination of Mikheev and Kirti teaches the method of claim 1, 
Mikheev and Kirti further teaches wherein (c) further comprises: determining the metrics corresponding to the requests over a predetermined time period; aggregating the metrics for the predetermined time period into a data set; and providing the data set as an input to the risk model to identify the risk score for the application based on the predetermined time period (Mikheev: pars 0065, 0068, Multiple service users are permitted to access the same tenant account for a SaaS application at the same time. Auto-generate temporary credentials are generated at the time of access. Kirti: pars 0101, 0112, 0149, connection made with a cloud server and authenticated occur periodically (e.g., every 4 hours or every 6 hours. The weight value for indicators can be revised periodically to improve the risk score)).
As to claim 7, the combination of Mikheev and Kirti teaches the method of claim 1, 
Mikheev and Kirti further teaches wherein (d) further comprises: generating, by the server, a resource token usage profile for each of the plurality of resource tokens; and providing, by the server, the resource token usage profile for the resource tokens as at least one input for the risk model (Mikheev: par 0068, Tenant Management application auto-generate temporary credentials [i.e. first allocated resource token] in each tenant instance, with those credentials generated at the time of access. Kirti: pars 0010-0012, 0120-0121, 0128-0129, the system computes a measure of security for an application ("an application risk score") and a user ("a user risk score")).
As to claim 8, the combination of Mikheev and Kirti teaches the method of claim 1, 
Kirti further teaches wherein (e) further comprises: identifying, by the server, the properties of the one or more clients of the plurality of clients from a client database, the properties including at least one of: an importance score for a respective client, an account type of the respective client, and a resiliency profile for the respective client (Kirti: pars 0010-0012, 0120-0121, 0128-0129, the system computes a measure of security for a user ("a user risk score"), with respect to a security policy to determine a threat of security posed by the application or user based on use of an application).
As to claim 9, the combination of Mikheev and Kirti teaches the method of claim 1, 
Kirti further teaches wherein (f) further comprises dynamically increasing the value of the second allocation of resource tokens for the application responsive to an (Kirti: pars 0149, 0189, 0261, the weight value for indicators can be revised periodically to improve the risk score. Adjusted score is computed. Cloud infrastructure system dynamically scales to meet the needs of its users).
As to claim 10, the combination of Mikheev and Kirti teaches the method of claim 1, 
Kirti further teaches wherein (f) further comprises dynamically decreasing the value of the second allocation of resource tokens for the application responsive to an increase in the risk score provided by the risk model (Kirti: pars 0149, 0189, the weight value for indicators can be revised periodically to improve the risk score. Adjusted score is computed. Change operation to prevent access to particular applications and/or change operation of an application in particular environments where the client device is used. Remediation action prevents access to an application by a plurality of users. Cloud infrastructure system dynamically scales to meet the needs of its users).
As to claim 11, the combination of Mikheev and Kirti teaches the method of claim 1, 
Kirti further teaches further comprising: determining, by the server, that the risk score for the application is less than a risk threshold for the multi-tenant computing environment; and modifying, by the server, the value of the second allocation of resource tokens for the application responsive to the determination (Kirti: pars 0019, 00187-0190,  a policy define threshold (e.g., a security threshold or risk threshold) that defines when a remediation action is to be taken, and measure of security satisfies a risk threshold for the application. A remediation action is performed based on a measure of security of an application satisfying a threshold, including a security control and/or setting for an application, and adjusting a configuration operation of the application).
As to claim 12, the combination of Mikheev and Kirti teaches the method of claim 1, 
Kirti further teaches further comprising: determining, by the server, that the value score for the application is greater than a value threshold for the multi-tenant computing environment; and modifying, by the server, the value of the second allocation of resource tokens for the application responsive to the determination (Kirti: pars 0019, 00187-0190,  a policy define threshold (e.g., a security threshold or risk threshold) that defines when a remediation action is to be taken, and measure of security satisfies a risk threshold for the application. A remediation action is performed based on a measure of security of an application satisfying a threshold, including a security control and/or setting for an application, and adjusting a configuration operation of the application).
As to claim 13, the claim is directed to a system, and claim limitations are similar to the method claim 1, and therefore, claim 13 is rejected for the same reason set forth above for claim 1.
As to claim 14, the combination of Mikheev and Kirti teaches the system of claim 13, 
Kirti further teaches wherein the server is further configured to: determine a processing duration value and a memory utilization profile for the application corresponding to the requests executed by the application; and generate a request history profile for the application (Kirti: 0057: provides access control to applications reducing security risks and/or minimize inefficient or undesirable consumption of computing resources (e.g., bandwidth and memory usage))..
As to claim 15, the combination of Mikheev and Kirti teaches the system of claim 13, 
Mikheev and Kirti further teaches wherein the server is further configured to: generate a resource token usage profile for each of the plurality of resource tokens; and provide the resource token usage profile for the resource tokens as at least one input for the risk model (Mikheev: par 0068, Tenant Management application auto-generate temporary credentials [i.e. first allocated resource token] in each tenant instance, with those credentials generated at the time of access. Kirti: pars 0010-0012, 0120-0121, 0128-0129, the system computes a measure of security for an application ("an application risk score") and a user ("a user risk score")).
As to claim 16, the combination of Mikheev and Kirti teaches the system of claim 13, 
Kirti further teaches wherein the server is further configured to: identify the properties of the one or more clients of the plurality of clients from a client database, the properties including at least one of: an importance score for a respective client, an account type of the respective client, and a resiliency profile for the respective client (Kirti: pars 0010-0012, 0120-0121, 0128-0129, the system computes a measure of security for a user ("a user risk score"), with respect to a security policy to determine a threat of security posed by the application or user based on use of an application).
As to claim 17, the combination of Mikheev and Kirti teaches the system of claim 13, 
Kirti further teaches wherein the server is further configured to: dynamically increase the value of the second allocation of resource tokens for the application responsive to an increase in the value score provided by the value model (Kirti: pars 0149, 0189, 0261, the weight value for indicators can be revised periodically to improve the risk score. Adjusted score is computed. Cloud infrastructure system dynamically scales to meet the needs of its users).
As to claim 18, the combination of Mikheev and Kirti teaches the system of claim 13, 
Kirti further teaches wherein the server is further configured to: dynamically decrease the value of the second allocation of resource tokens for the application responsive to an increase in the risk score provided by the risk model (Kirti: pars 0149, 0189, the weight value for indicators can be revised periodically to improve the risk score. Adjusted score is computed. Change operation to prevent access to particular applications and/or change operation of an application in particular environments where the client device is used. Remediation action prevents access to an application by a plurality of users. Cloud infrastructure system dynamically scales to meet the needs of its users).
As to claim 19, the combination of Mikheev and Kirti teaches the system of claim 13, 
Kirti further teaches wherein the server is further configured to: determine that the risk score for the application is less than a risk threshold for the multitenant computing environment; and modify the value of the second allocation of resource tokens for the (Kirti: pars 0019, 00187-0190,  a policy define threshold (e.g., a security threshold or risk threshold) that defines when a remediation action is to be taken, and measure of security satisfies a risk threshold for the application. A remediation action is performed based on a measure of security of an application satisfying a threshold, including a security control and/or setting for an application, and adjusting a configuration operation of the application).
As to claim 20, the combination of Mikheev and Kirti teaches the system of claim 13, 
Kirti further teaches wherein the server is further configured to: determine that the value score for the application is greater than a value threshold for the multi-tenant computing environment; and modify the value of the second allocation of resource tokens for the application responsive to the determination (Kirti: pars 0019, 00187-0190,  a policy define threshold (e.g., a security threshold or risk threshold) that defines when a remediation action is to be taken, and measure of security satisfies a risk threshold for the application. A remediation action is performed based on a measure of security of an application satisfying a threshold, including a security control and/or setting for an application, and adjusting a configuration operation of the application).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jahangir Kabir whose telephone number is (571) 270-3355.  The examiner can normally be reached on 9:00- 5:00 Mon-Thu.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/JAHANGIR KABIR/             Primary Examiner, Art Unit 2439