DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
This is a Non-Final Office Action in response to the communication filed on November 12, 2019.
Claims 1-20 have been examined.


Drawings
The drawings filed on November 12, 2019 are acceptable for examination proceedings.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on January 27, 2020 was filed after the mailing date of the application 16/681775 on November 12, 2019.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-6, 9-13, and 15-19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Amradkar et al. (U.S. Patent Application Publication No.: US 2010/0125612 A1 / or “Amradkar” hereinafter).

Regarding claim 1, Amradkar discloses “A computer implemented method for maintaining tenant-level data isolation in a system comprising a multi-tenant platform and a secondary platform, wherein the multi-tenant platform hosts multiple tenants and the secondary platform does not provide tenant-level data isolation, the method comprising” (Para 0027: a method for implementing a multi-tenancy service; and Fig. 1A: Multi-Tenancy Component 121 i.e., “multi-tenant platform”, Store 130/Claim Store 316 of Server 315 i.e., a “secondary platform”; and Para 0040): 
“transferring tenant data for multiple tenants to the secondary platform” (Fig. 3: Claim Store 316 of Server 315 i.e., a “secondary platform” stores a plurality of claims i.e., “tenant data of multiple tenants”; and Para 0034); 
“receiving a job request for one of the tenants” (Para 0033, received resource request);
 “executing the requested job on the secondary platform, comprising: 
identifying tenant data on the secondary platform that is relevant for the job; verifying that the tenant requesting the job has access to the identified tenant data” (Fig. 3; and Para 0033-0034, resource level access is determined from user resource instance claim i.e., “tenant data”. The access is further validated using an access token);
“receiving from the secondary platform, a job-level credential that permits access to the relevant tenant data” (Fig. 3; and Para 0035, a signed security token i.e., a “job-level credential” is received which indicates user’s rights in association with resource request);
“and sending, to the secondary platform, a request to execute the job, wherein access to the relevant tenant data is obtained through use of the job-level credential” (Para 0047, obtains access to resources).

Regarding claim 2, in view of claim 1, Amradkar discloses “wherein executing the requested job on the secondary platform, comprises: requesting resources from the secondary platform to execute the job; and requesting that the secondary platform execute the job, wherein the resources on the secondary platform obtain access to the relevant tenant data through use of the job-level credential” (Fig. 3; and Para 0035, a signed security token i.e., a “job-level credential” is received which indicates user’s rights in association with resource request).

Regarding claim 3, in view of claim 1, Amradkar discloses “wherein the secondary platform is a cloud computing system” (Para 0020, discloses cloud computing architecture).

Regarding claim 4, in view of claim 1, Amradkar discloses “wherein the job-level credential is a security token provided by the secondary platform, wherein the security token provides access to at least a portion of tenant data for a predefined length of time” (Para 0035, a signed security token i.e., a “job-level credential” is received which indicates user’s rights in association with resource request; and Para 0026, the security token may expire).


Regarding claim 5, in view of claim 1, Amradkar discloses “further comprising: 
receiving a job configuration for the job request, the job configuration identifying one or more storage locations associated with the requested job” (Para 0024, discloses resources being data storage as a service); 
“sending a request to the secondary platform to provide job-level credential to permit access to the one or more storage locations” (Fig. 3: Security Token Request 36; and Para 0034, user access security token request);
“receiving the job-level credential from the secondary platform wherein the job- level credential provides access to the one or more storage locations for a predetermined amount of time” (Fig. 3: Signed Security Token 361 i.e., “job-level credential”; and Para 0034, signed security token is send to the user); 
“annotating the job configuration with the job-level credential” (Fig. 3: Data Request 330; and Para 0046, data request is received using signed security token 361); 
“and sending the annotated job configuration to the secondary platform” (Fig. 3: Service Resources 313; and Para 0047, provides resources to the user).

Regarding claim 6, in view of claim 5, Amradkar discloses “wherein the one or more storage locations comprise one or more of:  
a storage location of an executable file storing executable instructions for the requested job” (Para 0046: 13-22, a plug-in i.e., an “executable file” is executed in determining user access level); 
a storage location for storing temporary data processed by the job during execution; and 
a storage location for storing output results of execution of the job.
Regarding claim 9, Amradkar discloses “A non-transitory computer readable storage medium for storing instructions that when executed by a computer processor cause the computer processor to” (Para 0019, computer with processors, Para 0014, computer-readable medium) 
“perform steps for maintaining tenant-level data isolation in a system comprising a multi-tenant platform and a secondary platform, wherein the multi-tenant platform hosts multiple tenants and the secondary platform does not provide tenant-level data isolation, the steps comprising” (Para 0027: a method for implementing a multi-tenancy service; and Fig. 1A: Multi-Tenancy Component 121 i.e., “multi-tenant platform”, Store 130/Claim Store 316 of Server 315 i.e., a “secondary platform”; and Para 0040):
“transferring tenant data for multiple tenants to the secondary platform” (Fig. 3: Claim Store 316 of Server 315 i.e., a “secondary platform” stores a plurality of claims i.e., “tenant data of multiple tenants”; and Para 0034);  
“receiving a job request for one of the tenants” (Para 0033, received resource request); 
“executing the requested job on the secondary platform, comprising: 
identifying tenant data on the secondary platform that is relevant for the job; 
verifying that the tenant requesting the job has access to the identified tenant data” (Fig. 3; and Para 0033-0034, resource level access is determined from user resource instance claim i.e., “tenant data”. The access is further validated using an access token); 
“receiving from the secondary platform, a job-level credential that permits access to the relevant tenant data” (Fig. 3; and Para 0035, a signed security token i.e., a “job-level credential” is received which indicates user’s rights in association with resource request);
“and sending, to the secondary platform, a request to execute the job, wherein access to the relevant tenant data is obtained through use of the job-level credential” (Para 0047, obtains access to resources).

Regarding claim 10, in view of claim 9, Amradkar discloses “wherein executing the requested job on the secondary platform, comprises: requesting resources from the secondary platform to execute the job; and requesting that the secondary platform execute the job, wherein the resources on the secondary platform obtain access to the relevant tenant data through use of the job-level credential” (see rejection of claim 1).

Regarding claim 11, in view of claim 9, Amradkar discloses “wherein the job-level credential is a security token provided by the secondary platform, wherein the security token provides access to at least a portion of tenant data for a predefined length of time” (see rejection of claim 4).

Regarding claim 12, in view of claim 9, Amradkar discloses “wherein the stored instructions further cause the computer processor to perform steps comprising: receiving a job configuration for the job request, the job configuration identifying one or more storage locations associated with the requested job; sending a request to the secondary platform to provide job-level credential to permit access to the one or more storage locations; receiving the job-level credential from the secondary platform wherein the job- level credential provides access to the one or more storage locations for a predetermined amount of time; annotating the job configuration with the job-level credential; and sending the annotated job configuration to the secondary platform” (see rejection of claim 5).

Regarding claim 13, in view of claim 12, Amradkar discloses “wherein the one or more storage locations comprise one or more of: 
a storage location of an executable file storing executable instructions for the requested job; 
a storage location for storing temporary data processed by the job during execution; and 
a storage location for storing output results of execution of the job” (see rejection of claim 6).

Regarding claim 15, Amradkar discloses “A computer system comprising” (Para 0012, computer system is disclosed): 
“a computer processor” (Para 0019, computer with processors); 
“and a non-transitory computer readable storage medium for storing instructions that when executed by the computer processor” (Para 0014, computer-readable medium), 
“cause the computer processor to perform steps for maintaining tenant-level data isolation in a system comprising a multi-tenant platform and a secondary platform, wherein the multi-tenant platform hosts multiple tenants and the secondary platform does not provide tenant-level data isolation, the steps comprising” (Para 0027: a method for implementing a multi-tenancy service; and Fig. 1A: Multi-Tenancy Component 121 i.e., “multi-tenant platform”, Store 130/Claim Store 316 of Server 315 i.e., a “secondary platform”; and Para 0040):
“transferring tenant data for multiple tenants to the secondary platform” (Fig. 3: Claim Store 316 of Server 315 i.e., a “secondary platform” stores a plurality of claims i.e., “tenant data of multiple tenants”; and Para 0034);
“receiving a job request for one of the tenants” (Para 0033, received resource request);
 “executing the requested job on the secondary platform, comprising: 
identifying tenant data on the secondary platform that is relevant for the job;
verifying that the tenant requesting the job has access to the identified tenant data” (Fig. 3; and Para 0033-0034, resource level access is determined from user resource instance claim i.e., “tenant data”. The access is further validated using an access token); 
“receiving from the secondary platform, a job-level credential that permits access to the relevant tenant data” (Fig. 3; and Para 0035, a signed security token i.e., a “job-level credential” is received which indicates user’s rights in association with resource request);
“and sending, to the secondary platform, a request to execute the job, wherein access to the relevant tenant data is obtained through use of the job-level credential” (Para 0047, obtains access to resources).

Regarding claim 16, in view of claim 15, Amradkar discloses “wherein the job-level credential is a security token provided by the secondary platform, wherein the security token provides access to at least a portion of tenant data for a predefined length of time” (see rejection of claim 4).

Regarding claim 17, in view of claim 15, Amradkar discloses “wherein the instructions for executing the requested job on the secondary platform, comprise instructions for: requesting resources from the secondary platform to execute the job; and requesting that the secondary platform execute the job, wherein the resources on the secondary platform obtain access to the relevant tenant data through use of the job-level credential” (see rejection of claim 2).

Regarding claim 18, in view of claim 15, Amradkar discloses “wherein the instructions further cause the computer processor to perform steps comprising: receiving a job configuration for the job request, the job configuration identifying one or more storage locations associated with the requested job; sending a request to the secondary platform to provide job-level credential to permit access to the one or more storage locations; receiving the job-level credential from the secondary platform wherein the job- level credential provides access to the one or more storage locations for a predetermined amount of time; annotating the job configuration with the job-level credential; and sending the annotated job configuration to the secondary platform” (see rejection of claim 5).

Regarding claim 19, in view of claim 18, Amradkar discloses “wherein the one or more storage locations comprise one or more of:
 a storage location of an executable file storing executable instructions for the requested job;
 a storage location for storing temporary data processed by the job during execution; 
and a storage location for storing output results of execution of the job” (see rejection of claim 6).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 7, 14, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Amradkar in view of Krieger et al. (U.S. Patent Application Publication No.: US 2015/0156281 A1 / or “Krieger” hereinafter).

Regarding claim 7, in view of claim 1, Amradkar discloses “wherein the job-level credential provides access to tenant data for a predetermined length of time, the method further comprising” (Para 0026, the security token may expire): 
But Amradkar fails to explicitly teach saving a job on a secondary platform and restarting a job from the last saved state with updated token.  
However, Krieger discloses “periodically saving the state of the job in a persistent storage by the secondary platform” (Krieger, Fig. 3: Step 450; and Para); 
“responsive to the job failing to complete within the predetermined length of time, receiving a new job-level credential that provides access to tenant data for another predetermined length of time” (Krieger, Para 0028, if the current token has expired access is denied); 
“and restarting the job from the last state of the job that was saved by the secondary platform” (Krieger, Para 0029, with new token access can be resumed, and uploaded content is saved in the server).
	It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of saving a job on a secondary platform and restarting a job from the last saved state with updated token of Krieger to the system of Amradkar to have a system where access to the server is validated using a token with a time limit and the ordinary person skilled in the art would have been motivated to combine to ensure that only the authorized user can access the server (Krieger, Para 0004).

Regarding claim 14, in view of claim 9, Amradkar and in view of Krieger disclose “wherein the job-level credential provides access to tenant data for a predetermined length of time, wherein the stored instructions further cause the computer processor to perform steps comprising: periodically saving the state of the job in a persistent storage by the secondary platform; responsive to the job failing to complete within the predetermined length of time, receiving a new job-level credential that provides access to tenant data for another predetermined length of time; and restarting the job from the last state of the job that was saved by the secondary platform” (see rejection of claim 7).

Regarding claim 20, in view of claim 15, Amradkar and in view of Krieger disclose “wherein the job-level credential provides access to tenant data for a predetermined length of time, wherein the instructions further cause the computer processor to perform steps comprising: periodically saving the state of the job in a persistent storage by the secondary platform; responsive to the job failing to complete within the predetermined length of time, receiving a new job-level credential that provides access to tenant data for another predetermined length of time; and restarting the job from the last state of the job that was saved by the secondary platform” (see rejection of claim 7).

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Amradkar in view of Swaminath et al. (U.S. Patent Application Publication No.: US 2021/0037008 A1 / or “Swaminath” hereinafter).

Regarding claim 8, in view of claim 1, Amradkar discloses user access to resources using a multi-tenancy system with authorization token.
But Amradkar fails to explicitly teach training of machine learning model using user data.  
However, Swaminath discloses “wherein the job comprises training of a machine learning model using the tenant data” (Swaminath, Para 0035, a machine learning model trained with user data).
	It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of training of machine learning model using user data of Swaminath to the system of Amradkar to have a system where to discover new brands and the ordinary person skilled in the art would have been motivated to combine to provide recommendation and opportunities for exploration (Swaminath, Para 0035).


Relevant Prior Arts
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Gummaraju et al. (U.S. Patent No.: US 2018/0034858 A1) discloses “..a central point to administer network access rules, services credentials, and resource level controls for protecting a service. Further, the controller described herein is configured to identify inconsistent authentication patterns and alert administrators in real time about suspicious activity” (Para 0083).

Gregory Thomas Mark (US 2020/0371509 A1) discloses:
 [0033] Components and techniques described herein allow for training a multi-tenant machine learning model to generate manufacturing optimizations, without requiring tenants to send private data “out of house.” More specifically, as described herein, a hub-and-spoke multi-tenant machine learning platform allows for machine learning using data from multiple tenants, based on physical sensor data from manufacturing devices, while maintaining the privacy of each tenant's respective data.


Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDULLAH ALMAMUN whose telephone number is         (571) 270-3392.  The examiner can normally be reached on 8 AM - 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ABDULLAH ALMAMUN/Examiner, Art Unit 2431                                                                                                                                                                                                        
/LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431