DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 3/29/2022 has been entered.
 
Response to Arguments
 The arguments are moot in view of the allowance herein.

EXAMINER'S AMENDMENT

An examiner' s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner' s amendment was given in an interview with Brian Harris on 5-19-2022

The application has been amended as follows: 


1. (Currently Amended) A computer implemented method comprising: 
receiving, by a target device, a login request message comprising a login request to establish a communications session between a target device and a client device, wherein the login request is initiated by a user via the client device, and wherein the login request message further comprises authentication credentials provided by the user; 
extracting, from the login request message, a login context, wherein the login context includes data representative of: 
a role of the user, 
a security level and a geographical location of the client device, 
a security level and location of the target device, 
a role of the target device, and 
a connection type of the communications session;
calculating, by a server, a tentative permission level based at least in part on the login context associated with the login request; and
adjusting, by the server, the tentative permission level such that a resulting first adjusted permission level does not exceed a previous permission level assigned to the client device;
assigning, by the server, the first adjusted permission level to the client device, 
wherein the tentative permission level is adjusted to the first adjusted permission level prior to being assigned to the client device; 
collecting, by the server, activity data representative of network activity by the user while logged in to the network with the first adjusted permission level; 
classifying, during the communications session by the server using a classifier model, at least a portion of the activity data to generate a second adjusted permission level for the client device; [[and]]
assigning, by the server in a case wherein the second adjusted permission level is lower than the first adjusted permission level, the second adjusted permission level to the client device to control the communications session; and
storing, by the server in the case wherein the second adjusted permission level is lower than the first adjusted permission level, the second adjusted permission level as a new value of the previous permission level.

5. (Cancelled) 
9. (Currently Amended) A computer usable program product comprising a computer-readable storage device, and program instructions stored on the storage device, the stored program instructions comprising:
program instructions to receive, by a target device, a login request message comprising a login request to establish a communications session between a target device and a client device, wherein the login request is initiated by a user via the client device, and wherein the login request message further comprises authentication credentials provided by the user; 
program instructions to extract, from the login request message, a login context, wherein the login context includes data representative of: 
a role of the user, 
a security level and a geographical location of the client device, 
a security level and location of the target device, 
a role of the target device, and 
a connection type of the communications session;
program instructions to calculate, by a server, a tentative permission level based at least in part on the login context associated with the login request; and
 program instructions to adjust, by one or more processors, the tentative permission level such that a resulting first adjusted permission level does not exceed a previous permission level assigned to the client device; 
program instructions to assign, by one or more processors, the first adjusted permission level to the client device, 
wherein the tentative permission level is adjusted to the first adjusted permission level prior to being assigned to the client device;
program instructions to collect, by one or more processors, activity data representative of network activity by the user while logged in to the network; 
program instructions to classify, during the communications session by one or more processors using a classifier model, at least a portion of the activity data to generate a second adjusted permission level for the client device; 
program instructions to assign, in a case wherein the second adjusted permission level is lower than the first adjusted permission level, the second adjusted permission level to the client device to control the communications session; and 
program instructions to store, in the case wherein the second adjusted permission level is lower than the first adjusted permission level, the second adjusted permission level as a new value of the previous permission level.
10. (Currently Amended) A computer usable program product of claim 9, further comprising: 

program instructions to establish, by one or more processors and responsive to the login request, an authenticated session with the client device. 
13. (Cancelled) 
14. (Currently Amended) A computer usable program product of claim [[13,]] 12, wherein the login context includes data representative of a MAC address of the client device.




17. (Currently Amended) A computer system comprising a processor, a computer-readable memory, and a computer-readable storage device, and program instructions stored on the storage device for execution by the processor via the memory, the stored program instructions comprising:
program instructions to receive, by a target device, a login request message comprising a login request to establish a communications session between a target device and a client device, wherein the login request is initiated by a user via the client device, and wherein the login request message further comprises authentication credentials provided by the user; 
program instructions to extract, from the login request message, a login context, wherein the login context includes data representative of: 
a role of the user, 
a security level and a geographical location of the client device, 
a security level and location of the target device, 
a role of the target device, and 
a connection type of the communications session;
program instructions to calculate, by a server, a tentative permission level based at least in part on the login context associated with the login request; and
 program instructions to adjust, by one or more processors, the tentative permission level such that a resulting first adjusted permission level does not exceed a previous permission level assigned to the client device; 
program instructions to assign, by one or more processors, the first adjusted permission level to the client device, 
wherein the tentative permission level is adjusted to the first adjusted permission level prior to being assigned to the client device;
program instructions to collect, by one or more processors, activity data representative of network activity by the user while logged in to the network; 
program instructions to classify, during the communications session by one or more processors using a classifier model, at least a portion of the activity data to generate a second adjusted permission level for the client device; 
program instructions to assign, in a case wherein the second adjusted permission level is lower than the first adjusted permission level, the second adjusted permission level to the client device to control the communications session; and 
program instructions to store, in the case wherein the second adjusted permission level is lower than the first adjusted permission level, the second adjusted permission level as a new value of the previous permission level.
18. (Currently Amended) The computer system of claim 17, further comprising: 

program instructions to establish, by one or more processors and responsive to the login request, an authenticated session with the client device. 

20. (Currently Amended) The computer system of claim 17, wherein the login request for connection to the network includes an indication of a target device with which the client device is requesting to connect, 
wherein the login context includes data representative of 
wherein the program instructions to calculate the permission level includes program instructions to calculate a Context Trust Score (CTS) based at least in part on the geographical location of the client device, the MAC address of the client device, and information about the target device.




Allowable Subject Matter
Claims 1-4, 6-12, and 14-20 are allowed.

The following is an examiner' s statement of reasons for allowance: 
Yin (CN 107995146  ) discloses in 205A, that the server parses the login request obtaining the location information of the target mobile device .

Pan (CN 107833456  ) discloses   that the server parses the login and verifies the account number and password are correct

Yu (TW 201706901 A ) discloses   where the login request carries the location. The account information of the client; the parsing unit is configured to parse out the feature identifier of the user end and the account information of the client from the login request; the determining unit is configured to determine whether the database in the server end exists. The feature identifier of the user end and the same information of the account information of the user end; 

GOA (WO 2015117396  ) discloses    then, receiving the login request of the WiFi access location mode reported by the client, the LBS positioning management platform parses the login request message to obtain information such as the user number, the user password, the WiFi network access type, the wireless router Mac address, and the like, and according to the user number, User password, WiFi network access type (residential access, shop access, other access) to the LBS location service database for authentication, after the authentication is passed, the location tag information is updated in the WiFi residential access or shop access mode.

Halla-Abo et al  (CN 107833456  ) discloses   in claim 1:   receiving a login request from a user equipment associated with a resource identifier, wherein the user equipment is configured to operate within a network including a plurality of clusters; modifying the resource identifier of the user equipment to include home cluster information indicating a corresponding one of the clusters serving the user equipment; and causing, at least in part, a sending of the modified resource identifier to an endpoint via the login request, wherein the modified resource identifier is parsed to determine the home location of the user equipment.

Kahn (US 7185192 ) discloses   in (34)  The login agent processing is not critical to embodiments of the invention, but is shown here for completeness. It is to be understood that the identity of a role of the requestor (e.g., 120) is determined at some point before or during (i.e., in conjunction with) receipt of an access request 301. In this example, the login agent 305 handles obtaining the requester role at the time of login, as well as passing the access requests 301 to the access request parser 309. In alternative embodiments, the login process might be separate from the receipt of access requests 301 and the requestor identity (i.e., the role that the requestor is acting as with respect to an access control decision) might be specified within one or more of the access requests 301 themselves.

The prior art of record does not explicitly disclose in light of the other features recited in the independent claims, 
extracting, from the login request message, a login context, wherein the login context includes data representative of: 
a role of the user, 
a security level and a geographical location of the client device, 
a security level and location of the target device, 
a role of the target device, and 
a connection type of the communications session;
 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”






Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RICHARD A MCCOY whose telephone number is (313)446-6520.  The examiner can normally be reached on M - F 10 - 6.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner' s supervisor, Lynn Feild can be reached on 571 272 2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/RICHARD A MCCOY/Examiner, Art Unit 2431