DETAILED ACTION
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2.	This communication is in response to applicant's amendment dated 2/3/2022 and interview dated 2/11/2022.
3.	Applicant's remarks, filed on 2/3/2022, with respect to the art rejection of the claims have been fully considered and they are persuasive as amended and in the light of the Examiner's amendments. 
Continued Examination Under 37 CFR 1.114
4.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission has been entered. 
EXAMINER’S AMENDMENT
5.1.	An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee. 
Authorization for this examiner’s amendment was given in a telephone interview with Jun Li, (Reg. No. 70074) on 2/11/2022.



1. 	 (Currently Amended) A computer-implemented method, comprising: 
receiving, by a software service application executing on a cloud computing platform, a request for a software service provided by the software service application, wherein the software service application provides the software service to multiple users;
identifying, by the software service application, a resource that is triggered by the request;
determining, by the software service application, that the request has a security risk based on a security policy associated with the resource, wherein the security policy comprises a threshold amount for aggregate usages of the resource for multiple users on the cloud computing platform by the software service application, and the determining that the request has the security risk comprises:
	determining previous aggregate usages of the resource for multiple users by the software service application; 
	determining that the threshold amount would be exceeded based on the previous aggregate usages of the resources and a usage of the resource according to the request; and 
	determining that the request has the security risk in response to the determining that the threshold amount would be exceeded; 

updating the security policy based on a usage pattern of aggregate usages of the resource by multiple users of the software service; 
identifying a client device that transmits the request; and
preventing the identified client device from receiving the software service for a configured duration.

2.	 (Original) The method of claim 1, wherein the security policy for the resource is associated with a resource provision of the resource on the cloud computing platform for the software service.

3.	 (Original) The method of claim 1, wherein the resource is a communication resource.

4.	 (Original) The method of claim 3, wherein the resource is at least one of an email resource, a messaging resource, or a telephonic call resource.

5.	(Cancelled)  

6.	 (Original) The method of claim 1, wherein the security policy comprises a usage threshold of the resource within a configured duration. 

7.	(Cancelled)  

8.	 (Currently Amended) A device, comprising:
at least one hardware processor; and
one or more computer-readable storage media coupled to the at least one hardware processor and storing programming instructions for execution by the at least one hardware processor, wherein the programming instructions, when executed, cause the at least one hardware processor to perform operations comprising:
receiving, by a software service application executing on a cloud computing platform, a request for a software service provided by the software service application, wherein the software service application provides the software service to multiple users;
identifying, by the software service application, a resource that is triggered by the request;
determining, by the software service application, that the request has a security risk based on a security policy associated with the resource, wherein the security policy comprises a threshold amount for aggregate usages of the resource for multiple users on the cloud computing platform by the software service application, and the determining that the request has the security risk comprises:
	determining previous aggregate usages of the resource for multiple users by the software service application; 

	determining that the request has the security risk in response to the determining that the threshold amount would be exceeded; 
in response to the determining that the request has the security risk, generating, by the software service application, a security notification indicating the security risk; [[and]] 
updating the security policy based on a usage pattern of aggregate usages of the resource by multiple users of the software service;
identifying a client device that transmits the request; and
preventing the identified client device from receiving the software service for a configured duration.

9.	 (Original) The device of claim 8, wherein the security policy for the resource is associated with a resource provision of the resource on the cloud computing platform for the software service.

10.	 (Original) The device of claim 8, wherein the resource is a communication resource.

11.	 (Original) The device of claim 10, wherein the resource is at least one of an email resource, a messaging resource, or a telephonic call resource.

12.	 (Cancelled) 

13.	 (Original) The device of claim 8, wherein the security policy comprises a usage threshold of the resource within a configured duration. 

14.	 (Cancelled) 

15.	 (Currently Amended) One or more non-transitory computer-readable media containing instructions which, when executed, cause a computing device to perform operations comprising:
receiving, by a software service application executing on a cloud computing platform, a request for a software service provided by the software service application, wherein the software service application provides the software service to multiple users;
identifying, by the software service application, a resource that is triggered by the request;
determining, by the software service application, that the request has a security risk based on a security policy associated with the resource, wherein the security policy comprises a threshold amount for aggregate usages of the resource for multiple users on the cloud computing platform by the software service application, and the determining that the request has the security risk comprises:
	determining previous aggregate usages of the resource for multiple users by the software service application; 

	determining that the request has the security risk in response to the determining that the threshold amount would be exceeded; and
in response to the determining that the request has the security risk, generating, by the software service application, a security notification indicating the security risk; [[and]] 
updating the security policy based on a usage pattern of aggregate usages of the resource by multiple users of the software service;
identifying a client device that transmits the request; and
preventing the identified client device from receiving the software service for a configured duration. 

16.	 (Original) The one or more computer-readable media of claim 15, wherein the security policy for the resource is associated with a resource provision of the resource on the cloud computing platform for the software service.

17.	 (Original) The one or more computer-readable media of claim 15, wherein the resource is a communication resource.



19.	 (Cancelled)

20.	 (Original) The one or more computer-readable media of claim 15, wherein the security policy comprises a usage threshold of the resource within a configured duration. 
Allowable Subject Matter
5.1.	Claims 1-4, 6, 8-11, 13, 15-18, 20 are allowed.
5.2.     a). US Patent No. 7171374 issued to Sheehan et al., discloses a method and system for utility resource aggregation and allocation is disclosed. User data on utility resource use for a plurality of utility users is collected. Utility resource demand is modeled for an aggregation of a subset of the plurality of utility users. The aggregation of utility users are dynamically matched with a utility source or aggregated utility source.
         
b). US Patent Application No. 20160099975 to Banatwala discloses an information sharing paradigm for a cloud computing solution enables flexible organizational boundaries with respect to cloud resources. Cloud service customers manage their own organization boundary but can extend that boundary selectively by associating cloud resources they own with sets of domain names that may be associated with requests for cloud resources that the organization may be willing to share with other 

c). US Patent Application No. 20190158535 to Kedem discloses devices, systems, and methods of detecting a vishing attack, in which an attacker provides to a victim step-by-step over-the-phone instructions that command the victim to log-in to his bank account and to perform a dictated banking transaction. The system monitors transactions, online operations, user interactions, gestures performed via input units, speed and timing of data entry, and user engagement with User Interface elements. The system detects that the operations performed by the victim, follow a pre-defined playbook of a vishing attack. The system detects that the victim operates under duress or under dictated instructions, as exhibited in irregular doodling activity, data entry rhythm, typographical error introduction rhythm, unique posture of the user, alternating pattern of listening to phone instructions and performing online operations via a computer, and device orientation changes or spatial changes that characterize a device being used to perform an online transaction while also talking on the phone.



Therefore, independent claim 1 is allowable over the prior arts of record.  The other independent claims 8 and 15 recite similar subject matter. Consequently, independent claims 8 and 15 are also allowable over the prior arts of record.

Conclusion
6.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARUNUR RASHID whose telephone number is (571)270-7195. The examiner can normally be reached 9 AM to 5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

HARUNUR . RASHID
Primary Examiner
Art Unit 2497



/HARUNUR RASHID/Primary Examiner, Art Unit 2497