Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant’s submission filed on 08/10/2020 has been entered.

This Office Action is in response to the communication and claim amendment filed on 08/10/2020; claims 1, 7-8, 12-13, and 18 have been amended; claims 1, 13, and 18 are independent claims.  Claims 1-2 and 5-20 have been examined and are pending. This Action is made Non-FINAL.
Response to Arguments
Applicants’ arguments in the instant Amendment, filed on 08/10/2020, with respect to limitations listed below, have been fully considered but they are not persuasive.
a. Applicants argue: Spears is not directed to social media networks in any manner. Bassemir is directed to allowing users to vote to determine priorities of messages; it is assumed that all voting occurs on a same type of social network in Bassemir for the voting to determine priorities. There is no concept of any social media type of social media identifier at all in Bassemir; only a given message has an identifier in Bassemir (Remark, page 8, filed 08/10/2020); neither reference teaches nor suggests that an initial risk score is assigned based on a user’s successful login to a messaging platform and based on obtaining the initial risk score based on a social media platform identifier or type from an index; neither reference teaches nor suggests posing as a user to perform an operation with an external service, which is now also recited in the amended independent claims (Applicant Arguments/Remarks, page 9, filed 08/10/2020).
The Examiner disagrees with the Applicants. The Examiner respectfully submits that Spear does disclose portions of the aforementioned limitations as the following:
Spears discloses assigning, by executable instructions that execute on a hardware processor from a non-transitory computer-readable storage medium, an initial risk score to a user upon detecting that the user has successfully logged into a session with a messaging platform through a user identifier used with the messaging platform (Spears: pars. 0011, 0017; analyzing risk profiles for users to verify the identity of users who have registered an account with a service provider.  Based on the risk profile analysis, account access may be denied to "users" who are suspected to be computer "bots" or other human imposters, while legitimate human users may be granted account access [i.e. successfully login]; pars. 0047, assigning a low risk score [i.e. initial risk score]/intermediate risk score/high risk score to user);
requesting, by the executable instructions, a credential from the user during the session based on a user-requested operation with an external service that is made by the user within and during the session (Spears: par. 0017, perform functions, such as email, texting, voice and IM applications [i.e. external service] that allow user 105 to send and receive emails, calls, and texts through network 160 …,; par. 0058, the risk profile establishment and analysis may involve requiring the user to perform a login with the correct username and password); 
It is clear that Spears does teach the portions of the aforementioned limitations. 
Applicant’s arguments with respect to the other aforementioned limitation have been considered but are moot in view of the new ground(s) of rejection.
	b. Applicants argue: Applicant maintains that Sharma is directed to a message packet handling for a message (email) and is not directed to a messaging platform. A specific data packet and a specific protocol is used to perform authentication on messages. Sharma assumes that a user is already logged into a computer system and the purpose is for the receiving and sending computer systems to authenticate messages sent between the two of them base. Message type in Sharma is defined as “confirmable, non-confirmable, acknowledgment, reset [,]” see paragraphs 31, 36, 59, 61, 73, and 82 of Sharma. Moreover, neither reference teaches nor suggests posing as a user to perform an operation with an external service, which is now also recited in (Applicant Arguments/Remarks, page 9, filed 08/10/2020).
The Examiner disagrees with the Applicants. The Examiner respectfully submits that Spear does disclose portions of the aforementioned limitations as the following:
Spears teaches receiving, by the executable instructions, an in-session operation request for an operation with an external service from the user, wherein the user makes the in-session operation within and during the session for processing by the external service (Spears: par. 0017, perform functions, such as email, texting, voice and IM applications [i.e. external service] that allow user 105 to send and receive emails, calls, and texts through network 160, as well as application enable the user to communicate, transfer information, make payments …; pars. 0057-0058; the risk profile establishment and analysis may involve requiring the user to perform a login with the correct username and password.  If the correct combination of the username and password could not be produced, a high risk score may be assigned to the user).
It is clear that Spears does teach the portions of the aforementioned limitations. 
Applicant’s arguments with respect to the other aforementioned limitation have been considered but are moot in view of the new ground(s) of rejection.
c.  Applicants argue:  Claim 9 was rejected under 35 U.S.C. § 103 over Spears et al. (U.S. 2017/0345003) in view of Bassemir Richard T (U.S. 2016/0127299) in view of Ladha Mohammed et al. (U.S. 2017/0366479). Based on the amendments and remarks presented above with the corresponding independent claims to these rejected dependent claims, Applicant believes that these rejected dependent claims are now in (Applicant Arguments/Remarks, page 10, filed 08/10/2020).
The Examiner respectfully disagrees with the Applicants. The Examiner respectfully submits that the dependent claim 9 is rejected at least based on the rationale and response presented to the argument for their respective base claims, and the reference applied to the claim 9.
d. Applicants argue:  Claims 5-6 were rejected under 35 U.S.C. § 103 over Spears et al. (U.S. 2017/0345003) in view of Bassemir Richard T (U.S. 2016/0127299) in view of Feekes (U.S. 2014/0337957). Based on the amendments and remarks presented above with the corresponding independent claims to these rejected dependent claims, Applicant believes that these rejected dependent claims are now in condition for allowance and respectfully requests an indication of the same from the learned Examiner (Applicant Arguments/Remarks, page 10, filed 08/10/2020).
The Examiner respectfully disagrees with the Applicants. The Examiner respectfully submits that the dependent claims 5-6 are rejected at least based on the rationale and response presented to the argument

Claim Objections
Claim 8 is objected
Regarding claim 8, claim 8 recites the limitation, “the current score” in lines 2-3.  For better claim, it is suggested that claim 8 be further amended, reciting, “the current risk score” to be consistent with claim 1 and claim 7.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-2, 7-8, 10-12, and 13-20 are rejected under 35 U.S.C. 103 as being unpatentable over Spears et al. (“Spears,” US 2017/0345003, published Nov. 30, 2017) in Bassemir,” US 2016/0127299, published May 5, 2016), further in view of Brauff et al. (“Brauff,” US 2013/0018963, published Jan. 17, 2013). 
Regarding claim 1, Spears teaches a method, comprising:
assigning, by executable instructions that execute on a hardware processor from a non-transitory computer-readable storage medium, an initial risk score to a user upon detecting that the user has successfully logged into a session with a messaging platform through a user identifier used with the messaging platform (Spears: pars. 0011, 0017; analyzing risk profiles for users to verify the identity of users who have registered an account with a service provider.  Based on the risk profile analysis, account access may be denied to "users" who are suspected to be computer "bots" or other human imposters, while legitimate human users may be granted account access [i.e. successfully login]; pars. 0047, assigning a low risk score /intermediate risk score/high risk score  to user), wherein assigning further includes assigning the initial risk score to a current risk score (Spears: pars. 0053-0054, grant the user access to the account in response to high risk score, or require further security information (i.e. login) from the user in response to an intermediate risk score; par. 0057, If the service provider detects that the user response (to the email address verification) is received while One Touch.TM. was enabled, that is an indication that the user is likely the real user and not an imposter, and correspondingly the risk score may be lowered), wherein assigning further includes assigning the initial risk score to a current risk score being maintained for the session (Spears: pars. 0053-0054);
requesting, by the executable instructions, a credential from the user during the session based on a user-requested operation with an external service that is made by the (Spears: par. 0017, perform functions, such as email, texting, voice and IM applications that allow user 105 to send and receive emails, calls, and texts through network 160 …, 0058, the risk profile establishment and analysis may involve requiring the user to perform a login with the correct username and password), wherein requesting further includes searching a data store with a service identifier for the external service (Spears: par. 0017, enable the user to communicate, transfer information, make payments, and otherwise utilize a digital wallet through the payment provider as discussed herein) and an operation identifier for the user-requested operation and obtaining, based on the service identifier from the data store (Spears: par. 0017, enable the user to communicate, transfer information, make payments, and otherwise utilize a digital wallet through the payment provider as discussed herein): 1) a target risk score that is required by the external service for processing the user-requested operation (Spears: pars. 0053-0054, 0057; grant the user access to the account in response to high risk score, or require further security information (i.e. login) from the user in response to an intermediate risk score) and 2) a credential type that is required by the external service to satisfy the target risk score (Spears: pars. 0053-0054, 0057; grant the user access to the account in response to high risk score, or require further security information (i.e. login) from the user in response to an intermediate risk score), and wherein requesting further includes mapping the user identifier of the user to a service-user identifier that the service recognizes the user by (Spears: par. 0017, User device 110 also may include other applications to perform functions, such as email, texting, voice and IM applications that allow user 105 to send and receive emails, calls, and texts through network 160, as well as applications that enable the user to communicate, transfer information, make payments, and otherwise utilize a digital wallet through the payment provider as discussed herein);
dynamically lowering, by the executable instructions, the current risk score for the session to at least the target risk score based on validating the credential having the credential type (Spears: pars. 0053-0054, grant the user access to the account in response to high risk score, or require further security information (i.e. login) from the user in response to an intermediate risk score; par. 0057, If the service provider detects that the user response (to the email address verification) is received while One Touch.TM. was enabled, that is an indication that the user is likely the real user and not an imposter, and correspondingly the risk score may be lowered); and
performing, by the executable instructions, the user-requested operation with the external service based on a lowered current risk score (Spears: par. 0057, If the service provider detects that the user response (to the email address verification) is received while One Touch.TM. was enabled, that is an indication that the user is likely the real user and not an imposter, and correspondingly the risk score may be lowered)  using the service-user identifier when interacting with the external service to perform the user-requested operation by posing as the user with the external service for the user-requested operation (Spears: par. 0017, User device 110 also may include other applications to perform functions, such as email,  texting, voice and IM applications that allow user 105 to send and receive emails, calls, and texts through network 160, as well as applications that enable the user to communicate, transfer information, make payments, and otherwise utilize a digital wallet through the payment provider as discussed herein), wherein the external service is external to the session and is not part of the messaging platform (Spears: par. 0023, payment provider server 170 also maintains a plurality of user accounts 180 ), and wherein the executable instructions representing an automated bot (Spears: pars. 0052-0053, 0083, computer bots).
Spears does not explicitly disclose wherein assigning further includes searching an index with a messaging platform identifier that identifies the messaging platform and obtaining the initial risk score from the index based on a match to the messaging platform identifier for the messaging platform, wherein the index maintains the initial risk score with the messaging platform identifier for the messaging platform;
However, in an analogous art, Bassemir teaches wherein assigning further includes searching an index with a messaging platform identifier and obtaining the initial risk score from the index based on a match to the messaging platform identifier for the messaging platform (Bassemir: par. 0028; assigning importance or weights to messages… lookup index may be provided for each user that maps a message identifier with a weight value, e.g., zero as default.  The format of the index may be [message_id: weight value]), wherein the index maintains the initial risk score with the messaging platform identifier for the messaging platform (Bassemir: par. 0028; lookup index may be provided for each user that maps a message identifier with a weight value, e.g., zero as default.  The format of the index may be [message_id: weight value]),
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Bassemir with the method and system of Spears wherein assigning further includes searching an index with a messaging platform identifier and obtaining the initial risk score from the index based on a match to the messaging platform identifier for the messaging platform, (Bassemir: par. 0027). 
Bassemir does not explicitly disclose wherein the messaging platform identifier comprises a social media platform identifier for a specific social media platform and wherein the specific social media platform is the messaging platform;
However, in an analogous art, Brauff teaches wherein the messaging platform identifier comprises a social media platform identifier for a specific social media platform and wherein the specific social media platform is the messaging platform (Brauff: par. 0023, social media provider identifiers associated with monitored users, email addresses, phone numbers, instant message identifiers  and similar associated with monitored users, the output of hash algorithms performed on content associated with monitored users, the output of hash algorithms performed on identifiers associated with monitored users, time/date stamps, and similar).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Brauff with the method and system of Spears and Bassemir wherein the messaging platform identifier comprises a social media platform identifier for a specific social media platform and wherein the specific social media platform is the messaging platform to provide users with means for obtaining content i.e. audio, from social networks, handles re-authentication requirements with respect to monitored users and social networks, includes content obtained from social networks in a journal and archiving system compatible with (Brauff: par. 0009).
Regarding claim 2, the combination of Spears, Bassemir, and Brauff teaches the method of claim 1. Spears further discloses wherein assigning further includes determining the initial risk score based on a strength of authentication that is assigned to the messaging platform (Spears: par. 0052, response time).
Regarding claim 7, the combination of Spears, Bassemir, and Brauff teaches the method of claim 1.  Spears further discloses wherein dynamically lowering further includes determining that the current risk score is still insufficient for performing the user-requested operation (Spears: par. 0053; If the answer from the decision step 530 is no, that means the response time no longer falls within the "sweet spot" because it took too long. Thus, at step 540 the user is determined to be likely a real human, but he may or may not be the legitimate user. In other words, there is a chance that the user may still be an imposter. But due to the uncertainty, only an intermediate (rather than high) risk score is assigned to the user), requesting and validating a second credential from the user during the session, lowering the current risk score and performing the user-requested operation with the external service (Spears: par. 0054; grant the user access to the account in response to a requiring further security information (e.g. login) from the user in response to an intermediate risk).
Regarding claim 8, the combination of Spears, Bassemir, and Brauff teaches the method of claim 1. Spears discloses wherein dynamically lowering further includes producing the current score for the session (Spears: par. 0053) and performing the (Spears: par. 0054).
Regarding claim 10, the combination of Spears, Bassemir, and Brauff teaches the method of claim 1. Spears further discloses further comprising, providing by the executable instruction, status indication for performing the user-requested operation back to the user within the session and the messaging platform (Spears: par. 0054, the service provider may deny the user access to the account in response to a high risk score, grant the user access to the account in response to a low risk score).
Regarding claim 11, the combination of Spears, Bassemir, and Brauff teaches the method of claim 1 further comprising. Spears further discloses providing by the executable instructions, results returned from the external service in response to performing the user-requested operation back to the user within the session and the messaging platform (Spears: par. 0045, based on the detected results of sequence in which the emails 475,480, and 485 were opened the service provider may determine whether the user is likely a bot).
Regarding claim 12, the combination of Spears, Bassemir, and Brauff teaches the method of claim 1. Spears further discloses comprising, processing by the executable instructions, additional user-requested operations with the external service as communicated by the user during the session with the lowered current risk score (Spears: par. 0066, generating a unique ID for the user ...).
Regarding claim 13, Spears teaches a method, comprising:
(Spears: pars. 0011,  0058; the risk profile establishment and analysis may involve requiring the user to perform a login with the correct username and password.  If the correct combination of the username and password could not be produced, a high risk score may be assigned to the user);
assigning, by the executable instructions, a risk score for the session in response to the messaging platform (Spears: par. 0058; the risk profile establishment and analysis may involve requiring the user to perform a login with the correct username and password.  If the correct combination of the username and password could not be produced, a high risk score may be assigned to the user) based on the user being successfully logged into the messaging platform under the user identifier recognized by the messaging platform (Spears: pars. 0011, 0017; analyzing risk profiles for users to verify the identity of users who have registered an account with a service provider.  Based on the risk profile analysis, account access may be denied to "users" who are suspected to be computer "bots" or other human imposters, while legitimate human users may be granted account access; pars. 0047, assigning a low risk score/intermediate risk score/high risk score to user);
receiving, by the executable instructions, an in-session operation request for an operation with an external service from the user, wherein the user makes the in-session operation within and during the session for processing by the external service (Spears: par. 0017, perform functions, such as email, texting, voice and IM applications [i.e. external service] that allow user 105 to send and receive emails, calls, and texts through network 160 …, par. 0058; the risk profile establishment and analysis may involve requiring the user to perform a login with the correct username and password.  If the correct combination of the username and password could not be produced, a high risk score may be assigned to the user);
determining, by the executable instructions, an acceptable risk score for the external service to securely process the operation based on an external service identifier for the external service and an operation identifier for the operation (Spears: par. 0017, … enable the user to communicate, transfer information, make payments, and otherwise utilize a digital wallet through the payment provider as discussed herein; Spears: pars. 0053-0054,  grant the user access to the account in response to high risk score, or require further security information (i.e. login) from the user in response to an intermediate risk score; par. 0057, If the service provider detects that the user response (to the email address verification) is received while One Touch.TM. was enabled, that is an indication that the user is likely the real user and not an imposter, and correspondingly the risk score may be lowered);
obtaining, by the executable instructions, at least one authentication factor from the user during the session (Spears: par. 0058; the risk profile establishment and analysis may involve requiring the user to perform a login with the correct username and password, wherein the at least one authentication factor is in addition to any other authentications factors performed by the messaging platform when the user logged into the messaging platform the session between the user and the messaging platform was (Spears: abstract; access to the user account is granted if email address is confirmed; par. 0011, analyzing risk profiles);
modifying, by the executable instructions, the risk score to a new risk score upon successful authentication of the at least one authentication factor, wherein the new risk score is at or below the acceptable risk score required by the external service (Spears: pars. 0053-0054, further security information (i.e. login) from the user in response to an intermediate risk score; 0057, If the service provider detects that the user response (to the email address verification) is received while One Touch.TM. was enabled, that is an indication that the user is likely the real user and not an imposter, and correspondingly the risk score may be lowered); and
processing, by the executable instructions, the operation with the external service using the new risk score during the session between the user and the messaging platform by posing as the user with the external service (Spears: par. 0054; grant the user access to the account in response to a requiring further security information (e.g. login) from the user in response to an intermediate risk score,  wherein processing further mapping the user identifier to a service-user identifier that identifies the user to the external service (Spears: par. 0017, enable the user to communicate, transfer information, make payments, and otherwise utilize a digital wallet through the payment provider as discussed herein) and using the service-user identifier to perform the operation on behalf of the user with the external service (Spears: par. 0017, enable the user to communicate, transfer information, make payments, and otherwise utilize a digital wallet through the payment provider as discussed herein), wherein the external service is external to the session and is not part of the messaging platform (Spears: par. 0023, payment provider server 170 also maintains a plurality of user accounts 180), and wherein the executable instructions representing an automated bot (Spears: pars. 0052-0053, 0083, computer bots).
Spears discloses assigning, by the executable instructions, a risk score for the session in response to the messaging platform but does not explicitly disclose wherein a type of messaging platform associated with a messaging platform identifier for the messaging platform and wherein by searching an index with the messaging platform identifier for the messaging platform and obtaining the risk score that was assigned to the messaging platform.
However, in an analogous art, Bassemir teaches wherein a type of messaging platform associated with a messaging platform identifier for the messaging platform (Bassemir: par. 0028; assigning importance or weights to messages… lookup index may be provided for each user that maps a message identifier with a weight value, e.g., zero as default.  The format of the index may be [message_id: weight value]) by searching an index with the messaging platform identifier for the messaging platform and obtaining the risk score that was assigned to the messaging platform (Bassemir: par. 0028; assigning importance or weights to messages… lookup index may be provided for each user that maps a message identifier with a weight value, e.g., zero as default.  The format of the index may be [message_id: weight value])
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Bassemir with the method and system of Spears wherein a type of messaging platform associated with a messaging platform identifier for the messaging platform and assigning further includes (Bassemir: par. 0027). 
Bassemir does not explicitly disclose wherein the messaging platform identifier comprises a social media platform identifier for a specific social media platform and wherein the specific social media platform is the messaging platform;
However, in an analogous art, Brauff teaches wherein the messaging platform identifier comprises a social media platform identifier for a specific social media platform and wherein the specific social media platform is the messaging platform (Brauff: par. 0023, social media provider identifiers associated with monitored users, email addresses, phone numbers, instant message identifiers and similar associated with monitored users, the output of hash algorithms performed on content associated with monitored users, the output of hash algorithms performed on identifiers associated with monitored users, time/date stamps, and similar).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Brauff with the method and system of Spears and Bassemir wherein the messaging platform identifier comprises a social media platform identifier for a specific social media platform and (Brauff: par. 0009).
Regarding claim 14, the combination of Spears, Bassemir, and Brauff teaches the method of claim 13. Spears further discloses wherein assigning further includes assigning the risk score based on an authentication mechanism processed by the messaging platform (Spears: fig. 12, par. 0053).
Regarding claim 15, the combination of Spears, Bassemir, and Brauff teaches the method of claim 13. Spears further discloses wherein obtaining further determining the at least one authentication factor based on an assigned strength of authentication associated with the external service (Spears: par. 0052, response time).
Regarding claim 16, the combination of Spears, Bassemir, and Brauff teaches the method of claim 13. Spears further discloses wherein processing further includes providing an authentication attestation along with an the operation identifier for the in-session operation and an the service-user identifier for the user to the external service for processing the in-session operation on behalf of the user (Spears: fig. 13, par. 0017, enable the user to communicate, transfer information, make payments, and otherwise utilize a digital wallet through the payment provider as discussed herein; pars. 0064, 0066, generating a unique ID for the user ..; par. 0067;  the detecting step 630 comprises detecting a sequence in which the one or more emails are opened, and the establishing step 640 comprises determining whether the user passed the Turing test (based on whether the detected sequence is the same as the specified sequence.).
Regarding claim 17, the combination of Spears, Bassemir, and Brauff teaches the method of claim 13. Spears further discloses wherein processing further includes providing the new risk score along with the operation identifier for the in-session operation and the service-user identifier for the user to the external service for processing the in-session operation on behalf of the user (Spears: fig. 13, par. 0017, enable the user to communicate, transfer information, make payments, and otherwise utilize a digital wallet through the payment provider as discussed herein; pars. 0064,  0066, generating a unique ID for the user; par. 0068,; assigning a second risk score in response to the calculated period of time being outside the predefined time range, the second risk score being greater than the first risk score).
Regarding claim 18, Spears teaches a system (SST), comprising: 
a server (Spears: fig. 1, pars. 0013-0014) comprising:
a non-transitory computer-readable storage medium having executable instructions represent a cross-platform authenticator, and a hardware processor (Spears; fig. 12, pars. 0053-0054;  see also, pars. 0014, 0032, 0076-77); and
the cross-platform authenticator is executed on the hardware processor from the non-transitory computer-readable storage medium and is configured to perform processing to (Spears; fig. 12, pars. 0053-0054;  see also, pars. 0014, 0032, 0076-77):
(Spears: pars. 0017, 0053-0054, 0057; If the answer from the decision step 530 is no, that means the response time no longer falls within the "sweet spot" because it took too long. Thus, at step 540 the user is determined to be likely a real human, but he may or may not be the legitimate user. In other words, there is a chance that the user may still be an imposter. But due to the uncertainty, only an intermediate (rather than high) risk score is assigned to the user and the user being successfully logged into the session with the messaging platform (Spears: pars. 0011, 0017; analyzing risk profiles for users to verify the identity of users who have registered an account with a service provider.  Based on the risk profile analysis, account access may be denied to "users" who are suspected to be computer "bots" or other human imposters, while legitimate human users may be granted account access; pars. 0047, assigning a low risk score /intermediate risk score/high risk score to user); and
 process a user-requested operation with an external service during the session using the upgraded authentication level on behalf of the user (Spears: par. 0017, perform functions, such as email, texting, voice and IM applications that allow user 105 to send and receive emails, calls, and texts through network 160 …,par. 0054; grant the user access to the account in response to a requiring further security information (e.g. login) from the user in response to an intermediate risk score, wherein the user identifier is mapped to a service-user identifier that the external service recognizes the user by  (Spears: par. 0017, enable the user to communicate, transfer information, make payments, and otherwise utilize a digital wallet through the payment provider as discussed herein) and the service-user identifier is provided to the external service for performing the user-requested operation along with an operation identifier for the user-requested operation  by posing as the user with the external service  (Spears: par. 0017, .. enable the user to communicate, transfer information, make payments, and otherwise utilize a digital wallet through the payment provider as discussed herein), wherein the external service is external to the session and is not part of the messaging platform (Spears: par. 0023, payment provider server 170 also maintains a plurality of user accounts 180), and wherein the cross-platform authenticator is processed over a network as an automated bot (Spears: pars. 0052-0053, 0083, computer bots).
Spears does not explicitly disclose the original authentication level is obtained by searching an index on the messaging platform type and obtaining the original authentication level assigned to the messaging platform based on the messaging platform type, wherein the messaging platform type comprises a social media platform identifier for a specific social media platform and wherein the specific social media platform is the messaging platform.
However, in an analogous art, Bassemir teaches wherein the original authentication level is obtained by searching an index on the messaging platform type and obtaining the original authentication level assigned to the messaging platform based on the messaging platform type (Bassemir: par. 0028; assigning importance or weights to messages… lookup index may be provided for each user that maps a message identifier with a weight value, e.g., zero as default.  The format of the index may be [message_id: weight value]);
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Bassemir with the method and system of Spears wherein the original authentication level is obtained by searching an index on the messaging platform type and obtaining the original authentication level assigned to the messaging platform based on the messaging platform type to provide users with means for generating clearer needs for messages to be answered or acted upon is enhanced.  The messaging application allows users to have control of turning the weighing feature on and off (Bassemir: par. 0027).
Bassemir does not explicitly disclose wherein the messaging platform identifier comprises a social media platform identifier for a specific social media platform and wherein the specific social media platform is the messaging platform;
However, in an analogous art, Brauff teaches wherein the messaging platform identifier comprises a social media platform identifier for a specific social media platform and wherein the specific social media platform is the messaging platform (Brauff: par. 0023, social media provider identifiers associated with monitored users, email addresses, phone numbers, instant message identifiers and similar associated with monitored users, the output of hash algorithms performed on content associated with monitored users, the output of hash algorithms performed on identifiers associated with monitored users, time/date stamps, and similar).
(Brauff: par. 0009).
Regarding claim 19, the combination of Spears, Sharma, and Bassemir teaches the system of claim 18. Spears further discloses wherein the cross-platform authenticator is further configured to: 
provide results from the external service back to the user during the session and within the messaging platform (Spears: par. 0045, based on the detected results of sequence in which the emails 475,480, and 485 were opened the service provider may determine whether the user is likely a bot).
Regarding claim 20, the combination of Spears, Sharma, and Bassemir teaches the system of claim 18. Spears further discloses wherein the cross-platform authenticator is further configured to: 
further upgrade the upgraded authentication level to a new authentication level in response to a different user-requested operation with a different external service during the session using the new authentication level (Spears: par. 0053; If the answer from the decision step 530 is no, that means the response time no longer falls within the "sweet spot" because it took too long. Thus, at step 540 the user is determined to be likely a real human, but he may or may not be the legitimate user. In other words, there is a chance that the user may still be an imposter. But due to the uncertainty, only an intermediate (rather than high) risk score is assigned to the user).
Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Spears et al. (“Spears,” US 2017/0345003, published Nov. 30, 2017) in view of Bassemir et al. (“Bassemir,” US 2016/0127299, published May 5, 2016), further in view of Brauff et al. (“Brauff,” US 2013/0018963, published Jan. 17, 2013), and Ladha et al. (“Ladha,” US 2017/0366479, published Dec. 21, 2017). 
Regarding claim 9, the combination of Spears, Bassemir, and Brauff teaches the method of claim 1. The combination of Spears, Bassemir, and Brauff further discloses wherein dynamically lowering further includes performing the user-requested operation but does not explicitly disclose using a native Application Programming Interface (API) of the external service,
However, in an analogous art, Ladha teaches wherein using a native Application Programming Interface (API) of the external service (Ladha: pars. 0022-0023, the bot interface may be an API and content of the first message may be transmitted directly to the dialogue manage).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Ladha with the method and system of Spears, Bassemir, and Brauff, wherein using a native Application (Ladha: abstract, par. 0099).
Claims 5-6 are rejected under 35 U.S.C. 103 as being unpatentable over Spears et al. (“Spears,” US 2017/0345003, published Nov. 30, 2017) in view of Bassemir et al. (“Bassemir,” US 2016/0127299, published May 5, 2016), further in view of Brauff et al. (“Brauff,” US 2013/0018963, published Jan. 17, 2013), and Feekes (“Feekes,” US 2014/0337957, published Nov. 13, 2014).
Regarding claim 5, the combination of Spears, Bassemir, and Brauff teaches the method of claim 1. Spears does not explicitly discloses wherein dynamically lowering further includes authenticating the credential received from the user through in-band session communications.
However, in an analogous art, Feekes teaches wherein authenticating the credential received from the user through in-band session communications (Feekes:  par. 0021; upon initiating a transaction request, security credentials that represent the knowledge authentication factor (username, password, PIN, etc.) may be communicated to a service provider via an in-band communication system).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Feekes with the method and system of Spears, Bassemir, and Brauff, wherein dynamically lowering further includes authenticating the credential received from the user through in-band session communications to provide users with means for  upon initiating a transaction request, security credentials that represent the knowledge authentication factor (username, password, PIN, etc.) may be communicated to a service provider via an in-band communication system (Feekes: par. 0021).
Regarding claim 6, the combination of Spears, Bassemir, and Brauff teaches the method of claim 1. Spears does not explicitly discloses wherein dynamically lowering further includes authenticating the credential received from the user through out-of-band session communications.
However, in an analogous art, Feekes teaches wherein the credential received from the user through out-of-band session communications (Feekes:  par. 0021; security credentials that represent the possession authentication factor (i.e. OTP, digital certificate, etc.) may be communicated via an out-of-band communication system in a way that is entirely separate from the in-band communication).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Feekes with the method and system of Spears, Bassemir, and Brauff, wherein dynamically lowering (Feekes: par. 0021).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Canh Le whose telephone number is 571-270-1380. The examiner can normally be reached on Monday to Friday 6:00AM to 3:30PM other Friday off.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-

/Canh Le/
Examiner, Art Unit 2439

January 25th, 2021 

/JAHANGIR KABIR/Primary Examiner, Art Unit 2439