DETAILED ACTION
This Office Action is in response to the Amendment filed on 07/06/2021.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the instant Amendment, filed on 07/06/2021, claims 1 and 13 have been amended. 
Claims 1-20 have been examined and are pending; claims 1 and 13 are independent.  This Action is made FINAL.
Response to Arguments/Remarks
Applicant’s arguments with respect to prior-art rejections to claims 1-21, filed on 07/06/2021, have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection, where a new ground of rejection is applied with new art that is necessitated based on the amendment.
A new Art, Jalisatgi, is used to addressed the amended limitation of the claims.
The Examiner respectfully suggests that the claim be further amended and details in the specification be incorporated to distinguish the claimed invention over prior art of record, by refining the limitations to recite:
 (a) what type/specific of “properties” are used to calculate the value score, 
(b) what algorithm/calculation is used to generate the value score,
(c) what calculation/mechanism is used in deterring the “difference,” at what measurement unit the difference is outputted, and how the difference is considered deterring the second allocation,  and
(d) refine the resource limitation to recite what type resources that the claims are directed to.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Mikheev et al (“Mikheev,” US 2016/0134619, published on 05/12/2016), in view of Jalisatgi et al (“Jalisatgi,” US 2015/0271145, published on 09/24/2015).
As to claim 1, Mikheev teaches a method for resource appropriation in a multi-tenant computing environment (Mikheev: pars 0029, 0034, 0041; Fig 1, 2, a cloud based multi-tenant platform to access a customer's account and associated data and applications), the method comprising:
(a)    assigning, by a server, a first allocation of resource tokens to an application of a plurality of applications in a multi-tenant computing environment, the resource tokens corresponding to access privileges to a plurality of resources of the multi-tenant computing environment allocated for used by the application, and the multi-tenant computing environment receiving a plurality of requests from a plurality of clients for the plurality of applications (Mikheev: pars 0029, 0034, 0041-0045; Fig 1, 2, a multiple tenant request access, over multiple user interfaces, for the service to provide access to applications and data for a user or "tenant" of the service. Par 0068, Tenant Management application auto-generate temporary credentials [i.e. token, first allocated] in each tenant instance,);
(b)    monitoring, by the server, requests executed by the application using the resource tokens and the plurality of resources corresponding to the resource tokens, the requests received by one or more clients of the plurality of clients (Mikheev: pars 0029, 0034, 0041-0045; the multi-tenant system provide the each tenant with the access to the requested services associated with one or applications and the allocated tenant data store after performing authentication of the user using tenant’s account information. Par 0068, Tenant Management application auto-generate temporary credentials [i.e. first allocated resource token] in each tenant instance, with those credentials generated at the time of access);
(Mikheev: pars 0034, 0041-0045, 0047, 0054; the system identify and categorized the type of applications that are requested for access, and the level of the services that the application provides, and implement necessary level of authentication process required).
Mikheev does not explicitly teach (d) generating, by the server, a risk model to identify a risk score for the application using the request characteristics and the execution characteristics;
(e)    generating, by the server, a value model to identify a value score for the application using properties of the application and properties of the one or more clients of the plurality of clients that generated the requests, the value score being a different type of score than the risk score: and
(f)    determining, by the server, and to provide a second allocation of the resource tokens for the application different from the first allocation based at least in part on a difference between the risk score generated by the risk model and the value score generated by the value model.
However, in an analogous art, Jalisatgi teaches (d) generating, by the server, a risk model to identify a risk score for the application using the request characteristics and the execution characteristics (Jalisatgi: pars 0008-0010, 0055-0056; Fig 5, discloses a method and system where degree of risk [i.e. risk score] of a client or request of client is measured based on a geolocation of the client, an Internet protocol address of the client, and/or a time of day of the request from the client);
, the value score being a different type of score than the risk score (Jalisatgi: pars 0008-0010, 0055-0056; Fig 5, a measuring module measures a resource load at the server associated with the request and various security and complex level of cypher mechanisms that can be applied [i.e. value model]) ; and
(f)    determining, by the server, and to provide a second allocation of the resource tokens for the application different from the first allocation based at least in part on a difference between the risk score generated by the risk model and the value score generated by the value model (Jalisatgi: pars 0008-0010, 0055-0056; Fig 5, applies appropriate level of cypher for processing client request based on the degree of risk [i.e. risk model] and level of resource load [i.e. value level]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Jalisatgi with the method/system of Mikheev for the benefit of providing a user with a means for using an analytical value based score and risk factor/score  to monitor a security threat and apply/change policy for accessing the resource to increase security and same time managing system resource burden efficiently (Jalisatgi: pars 00002, 0008-0010, 0055-0056). 
As to claim 2, the combination of Mikheev and Jalisatgi teaches the method of claim 1, 
(Mikheev: par 0068, Tenant Management application auto-generate temporary credentials [i.e. first allocated resource token] in each tenant instance, with those credentials generated at the time of access).
As to claim 3, the combination of Mikheev and Jalisatgi teaches the method of claim 1, 
Mikheev further teaches wherein (c) further comprises determining, by the server, the metrics corresponding to the requests executed by the application in real-time (Mikheev: pars 0034, 0041-0045, 0047, 0054, the system identify and categorized the type of applications that are requested for access, and the level of the services that the application provides).
As to claim 4, the combination of Mikheev and Jalisatgi teaches the method of claim 1, 
Jalisatgi further teaches wherein (c) further comprises: determining a processing duration value and a memory utilization profile for the application corresponding to the requests executed by the application; and generating a request history profile for the application (Jalisatgi: pars 0008-0010, 0045, degree of risk posed by the client may be based on a geolocation of the client, an Internet protocol address of the client, and/or a time of day of the request from the client, reputation of a client, interaction history with a client [i.e. request history], formatting of a request, and/or content of a request).
As to claim 5, the combination of Mikheev and Jalisatgi teaches the method of claim 1,  
Mikheev further teaches wherein (c) further comprises: generating a client application profile for the application corresponding to a listing of clients interacting with the application (Mikheev: pars 0029, 0034, 0041-0045; the multi-tenant system provide the each tenant with the access to the requested services associated with one or applications and the allocated tenant data store after performing authentication of the user using tenant’s account information).
As to claim 6, the combination of Mikheev and Jalisatgi teaches the method of claim 1, 
Mikheev and Jalisatgi further teaches wherein (c) further comprises: determining the metrics corresponding to the requests over a predetermined time period; aggregating the metrics for the predetermined time period into a data set; and providing the data set as an input to the risk model to identify the risk score for the application based on the predetermined time period (Mikheev: pars 0065, 0068, Multiple service users are permitted to access the same tenant account for a SaaS application at the same time. Auto-generate temporary credentials are generated at the time of access. Jalisatgi: pars 0008, 0045, degree of risk posed by the client may be based on a time of day of the request from the client).
As to claim 7, the combination of Mikheev and Jalisatgi teaches the method of claim 1, 
Mikheev and Jalisatgi further teaches wherein (d) further comprises: generating, by the server, a resource token usage profile for each of the plurality of resource tokens; (Mikheev: par 0068, Tenant Management application auto-generate temporary credentials [i.e. first allocated resource token] in each tenant instance, with those credentials generated at the time of access. Jalisatgi: pars 0008-0010, 0055-0056; Fig 5, applies appropriate level of cypher for processing client request based on the degree of risk] and level of resource load).
As to claim 8, the combination of Mikheev and Jalisatgi teaches the method of claim 1, 
Jalisatgi further teaches wherein (e) further comprises: identifying, by the server, the properties of the one or more clients of the plurality of clients from a client database, the properties including at least one of: an importance score for a respective client, an account type of the respective client, and a resiliency profile for the respective client (Jalisatgi: pars 0008-0010, 0045, degree of risk posed by the client may be based on a geolocation of the client, reputation of a client, interaction history with a client [i.e. there is a client profile]).
As to claim 9, the combination of Mikheev and Jalisatgi teaches the method of claim 1, 
Jalisatgi further teaches wherein (f) further comprises dynamically increasing the value of the second allocation of resource tokens for the application responsive to an increase in the value score provided by the value model (Jalisatgi: pars 0008-0010, 0046-0047, 0055-0056; Fig 5, applies appropriate level of cypher for processing client request based on the degree of risk and level of resource load. If low load [i.e. high value level resource load] then apply high security cipher).
As to claim 10, the combination of Mikheev and Jalisatgi teaches the method of claim 1, 
Jalisatgi further teaches wherein (f) further comprises dynamically decreasing the value of the second allocation of resource tokens for the application responsive to an increase in the risk score provided by the risk model (Jalisatgi: pars 0008-0010, 0046-0047, 0055-0056; Fig 5, applies appropriate level of cypher for processing client request based on the degree of risk and level of resource load. If high security cipher needed due to high risk level, apply high security cipher, resource load is impacted negatively).
As to claim 11, the combination of Mikheev and Jalisatgi teaches the method of claim 1, 
Jalisatgi further teaches further comprising: determining, by the server, that the risk score for the application is less than a risk threshold for the multi-tenant computing environment; and modifying, by the server, the value of the second allocation of resource tokens for the application responsive to the determination (Jalisatgi: pars 0008-0010, 0046-0047, 0055-0056; Fig 5, determine the threshold for risk factor(s), and then apply different actions to process the request based on the threshold determination).
As to claim 12, the combination of Mikheev and Jalisatgi teaches the method of claim 1, 
Jalisatgi further teaches further comprising: determining, by the server, that the value score for the application is greater than a value threshold for the multi-tenant computing environment; and modifying, by the server, the value of the second allocation of resource tokens for the application responsive to the determination (Jalisatgi: pars 0008-0010, 0046-0047, 0055-0056; Fig 5, determine the threshold for risk factor(s), and then apply different actions to process the request based on the threshold determination. If risk factor(s) threshold exceed the threshold, apply high security cipher).
As to claim 13, the claim is directed to a system, and claim limitations are similar to the method claim 1, and therefore, claim 13 is rejected for the same reason set forth above for claim 1.
As to claim 14, the combination of Mikheev and Jalisatgi teaches the system of claim 13, 
Kirti further teaches wherein the server is further configured to: determine a processing duration value and a memory utilization profile for the application corresponding to the requests executed by the application; and generate a request history profile for the application (Kirti: 0057: provides access control to applications reducing security risks and/or minimize inefficient or undesirable consumption of computing resources (e.g., bandwidth and memory usage))..
As to claim 15, the combination of Mikheev and Jalisatgi teaches the system of claim 13, 
Mikheev and Kirti further teaches wherein the server is further configured to: generate a resource token usage profile for each of the plurality of resource tokens; and provide the resource token usage profile for the resource tokens as at least one input for the risk model (Mikheev: par 0068, Tenant Management application auto-generate temporary credentials [i.e. first allocated resource token] in each tenant instance, with those credentials generated at the time of access. Kirti: pars 0010-0012, 0120-0121, 0128-0129, the system computes a measure of security for an application ("an application risk score") and a user ("a user risk score")).
As to claim 16, the combination of Mikheev and Jalisatgi teaches the system of claim 13, 
Kirti further teaches wherein the server is further configured to: identify the properties of the one or more clients of the plurality of clients from a client database, the properties including at least one of: an importance score for a respective client, an account type of the respective client, and a resiliency profile for the respective client (Kirti: pars 0010-0012, 0120-0121, 0128-0129, the system computes a measure of security for a user ("a user risk score"), with respect to a security policy to determine a threat of security posed by the application or user based on use of an application).
As to claim 17, the combination of Mikheev and Jalisatgi teaches the system of claim 13, 
Kirti further teaches wherein the server is further configured to: dynamically increase the value of the second allocation of resource tokens for the application responsive to an increase in the value score provided by the value model (Kirti: pars 0149, 0189, 0261, the weight value for indicators can be revised periodically to improve the risk score. Adjusted score is computed. Cloud infrastructure system dynamically scales to meet the needs of its users).
As to claim 18, the combination of Mikheev and Jalisatgi teaches the system of claim 13, 
(Kirti: pars 0149, 0189, the weight value for indicators can be revised periodically to improve the risk score. Adjusted score is computed. Change operation to prevent access to particular applications and/or change operation of an application in particular environments where the client device is used. Remediation action prevents access to an application by a plurality of users. Cloud infrastructure system dynamically scales to meet the needs of its users).
As to claim 19, the combination of Mikheev and Jalisatgi teaches the system of claim 13, 
Kirti further teaches wherein the server is further configured to: determine that the risk score for the application is less than a risk threshold for the multitenant computing environment; and modify the value of the second allocation of resource tokens for the application responsive to the determination (Kirti: pars 0019, 00187-0190,  a policy define threshold (e.g., a security threshold or risk threshold) that defines when a remediation action is to be taken, and measure of security satisfies a risk threshold for the application. A remediation action is performed based on a measure of security of an application satisfying a threshold, including a security control and/or setting for an application, and adjusting a configuration operation of the application).
As to claim 20, the combination of Mikheev and Jalisatgi teaches the system of claim 13, 
Kirti further teaches wherein the server is further configured to: determine that the value score for the application is greater than a value threshold for the multi-tenant (Kirti: pars 0019, 00187-0190,  a policy define threshold (e.g., a security threshold or risk threshold) that defines when a remediation action is to be taken, and measure of security satisfies a risk threshold for the application. A remediation action is performed based on a measure of security of an application satisfying a threshold, including a security control and/or setting for an application, and adjusting a configuration operation of the application).

Conclusion
Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/JAHANGIR KABIR/             Primary Examiner, Art Unit 2439