Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This Office Action is in response to the communication and claim amendment filed on 05/03/2021; claims 3-4 were cancelled; claims 1-2, 13-14 and 18 have been amended; and claims 1, 13, and 18 are independent claims.  Claims 1-2 and 5-20 have been examined and are pending.
Authorization for this Examiner’s Amendment was given in a telephone interview with Applicant’s representative, Mr. Joseph P. Mehrle (Reg. No.: 45,535) has agreed and authorized the Examiner to amend claims 1 and 18; cancel claims 2 and 13-17.

Examiner’s Amendments
Claims
Replacing claims 1-20 as following:
1.	(Proposed Examiner Amendment) A method, comprising:	detecting, by executable instructions that execute on a hardware processor from a non-transitory computer-readable storage medium, an event indicating that the user has successfully logged into a session with a messaging platform through a user identifier used with the messaging platform;
searching, by the executable instructions, an index with a messaging platform identifier that identifies the messaging platform and obtaining  an initial risk score from the index based on 
assigning, by the executable instructions, the initial risk score to a current risk score being maintained for the user during session, wherein assigning further includes determining the initial risk score based on a strength of authentication that is assigned to the messaging platform within the index.	requesting, by the executable instructions, a credential from the user during the session based on a user-requested operation with an external service that is made by the user within and during the session, wherein requesting further includes searching a data store with a service identifier for the external service and an operation identifier for the user-requested operation and obtaining, based on the service identifier from the data store: 1) a target risk score that is required by the external service for processing the user-requested operation and 2) a credential type that is required by the external service to satisfy the target risk score, and wherein requesting further includes mapping the user identifier of the user to the [[a]] service-user identifier 

2.	(Canceled).

3.-4.	(Canceled)

5.	(Original) The method of claim 1, wherein dynamically lowering further includes authenticating the credential received from the user through in-band session communications.

6.	(Original) The method of claim 1, wherein dynamically lowering further includes authenticating the credential received from the user through out-of-band session communications.

7.	(Previously Presented) The method of claim 1, wherein dynamically lowering further includes determining that the current risk score is still insufficient for performing the user-requested operation, requesting and validating a second credential from the user during the session, lowering the current risk score and performing the user-requested operation with the external service.
8.	(Currently Amended) The method of claim 1, wherein dynamically lowering further includes producing the current risk score for the session and performing the user-requested operation with the external service using the current risk score.

9.	(Original) The method of claim 1, wherein dynamically lowering further includes performing the user-requested operation using a native Application Programming Interface (API) of the external service.

10.	(Previously Presented) The method of claim 1 further comprising, providing, by the executable instructions, a status indication for performing the user-requested operation back to the user within the session and the messaging platform.

11.	(Previously Presented) The method of claim 1 further comprising, providing, by the executable instructions, results returned from the external service in response to performing the user-requested operation back to the user within the session and the messaging platform.

12.	(Previously Presented) The method of claim 1 further comprising, processing, by the executable instructions, additional user-requested operations with the external service as communicated by the user during the session with the lowered current risk score.

13.—17.	(Canceled) 


a non-transitory computer-readable storage medium having executable instructions represent a cross-platform authenticator, and a hardware processor; and	the cross-platform authenticator is executed on the hardware processor from the non-transitory computer-readable storage medium and is configured to perform processing to:
detecting an event indicating that a user has successfully logged into a messaging platform for a session;
searching an index with a messaging platform identifier for the messaging platform and obtaining an initial risk score for the session of the user with the messaging platform, wherein searching further includes maintaining the index with a plurality of mappings between messaging platform identifiers for messaging platforms and initial risk scores,  wherein searching further includes determining the initial risk score based on a strength of authentication that is assigned to the messaging platform within the index;
assigning a current risk score to the initial risk score for the user during the session; 
dynamically upgrading an processing   wherein processing the user-requested operation further includes:
 searching a data store using a service identifier associated with the external;
obtaining from the data store: 1) a target risk score that is required by the external service for processing the user-requested operation and 2) a credential type that is required by the external service to satisfy the target risk score; 
mapping the user identifier of the user to the service-user identifier that the external service recognizes the user; 
obtaining a credential for the user;
validating the credential using the credential type; and
processing the user-requested operation with the external service.


20.	(Previously Presented) The system of claim 18, wherein the cross-platform authenticator is further configured to perform processing to: further upgrade the upgraded authentication level to a new authentication level in response to a different user-requested operation with a different external service during the session using the new authentication level.

Examiner's Statement of reason for Allowance
Claims 1, 5-12, and 18-20 are allowed.
The following is an examiner’s statement of reasons for allowance: 
The invention is directed a method/system for a user is assigned an initial risk score during a session with a messaging platform.  During the session, the user attempts an operation with an external service.  One or more additional authentication factors are requested from the user to dynamically lower the initial risk score.  The lowered risk score is processed with the external service to perform the operation on behalf of the user during the session. 
 


However, none of  Spears, Bassemir, and Brauff teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent claims 1 and 18.  For examples, it failed to teach “detecting, by executable instructions that execute on a hardware processor from a non-transitory computer-readable storage medium, an event indicating that the user has successfully logged into a session with a messaging platform through a user identifier used with the messaging platform;” and “assigning, by the executable instructions, the initial risk score to a current risk score being maintained for the user during session, wherein assigning further includes determining the initial risk score based on a strength of authentication that is assigned to the messaging platform within the index.” and “obtaining, based on the service identifier from the data store: 1) a target risk score that is required by the external service for processing the user-requested operation and 2) a credential type that is required by the external service to satisfy the target risk score, and wherein requesting further includes mapping the user identifier of the user to the service-user identifier;” and “dynamically lowering, by the executable instructions, the current risk score for the session to at least the target risk score based on validating the credential having the credential type; and performing, by the executable instructions, the user-requested operation with the external service based on a lowered current risk score using the service-user identifier when interacting with the external service to perform the user-requested operation by posing as the user with the external service for the user-requested operation, wherein the external service is external to the session and is not part of the messaging platform, and wherein the executable instructions representing an automated bot.”
This feature in light of other features, when considered as a whole, in the independent claims 1 and 18 are allowable over the prior arts of record.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”





Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CANH LE whose telephone number is (571)270-1380.  The examiner can normally be reached on Monday-Friday: 6:00 AM-3:30 PM, other Friday off.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/Canh Le/
Examiner, Art Unit 2439

August 9th, 2021 


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439