DETAILED ACTION
This Office Action is in response to the amendment and communication filed on 05/06/2022.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
As per instant amendment, filed on 05/06/2022, independent claim 1 and 13 are amended, claims 11 and 23 are amended to change to independent claim, along with other dependent claims that are amended, claims 12 and 24 are cancelled.
Claims 1-11 and 13-23 have been examined and are pending in this application. Claims 1, 11, 13, and 23 are independent.	
Information Disclosure Statement
The information disclosure statement (IDS), submitted on 04/04/2022 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Response to Arguments/Remarks
Claims 1-11 and 13-23 are allowable over PriorArt of reference, and are allowed.
Examiner's Statement of reason for Allowance
The following is an Examiner’s statement of reasons for allowance: 
The present invention is directed to a method and computer readable media for dynamically-tiered authentication, which allows the authentication tier (AT) associated with a session to be automatically downgraded based on the session satisfying one or more downgrade criteria. Automatically downgrading a session eliminates some authentication-based privileges for the session without eliminating all privileges for the session. A session satisfies downgrade criteria based on: an explicit request for session downgrading; client interaction with the application; and/or activity on the device on which the client runs. For example, if a client authenticates to a third AT, but only performs actions in the application that are associated with the first AT during a pre-defined amount of time, the AT associated with the session is automatically downgraded. The session is either downgraded from the third AT to the first AT, or downgraded in intervals until the current or more recently accessed tiers are consistent with the current AT of the session.
The closest prior art, as previously recited, Mathew (2017/0118223) is generally directed to technique to modify the authentication level of a session providing access to resources. In some embodiments, an access management system is configurable to enable voluntary (e.g., request by a user) or involuntary (e.g., by the access management system) reduce, or “step-down” the authentication level for a session if a lower authentication level exists. For example, an access management system may be configured to enable a user to request a step-down of the authentication level of a session to prevent access to resources at a higher authentication level. By reducing the authentication level to a lower authentication level, a user may be prompted to provide credentials for authentication according to the authentication schemes defined for higher authentication levels. These techniques can reduce, if not prevent, unauthorized access to protected resources by challenging a user for credentials to authenticate to higher authentication levels, Patter (21019/0334921) is generally directed to access control, and more particularly, to techniques (e.g., systems, methods, computer program products storing code or instructions executable by one or more processors) for providing for inline enrollment in multi-level and multi-factor authentication of a user allowing login on a restricted website, or on an enterprise network with single sign-on, or on various other service systems with security restrictions, and Jagannathrao (2014/0109196) is generally directed to method detecting a presence of a first server device; communicating, with the first server device, to obtain information associated with the first server device; sending, to a second server device, a request for authentication services, where the request includes the information associated with the first server device; receiving, from the second server device, a notification that the first server device has been authenticated, where the notification includes a session threshold; and establishing, based on the notification, a session with the first server device by associating the first server device with a virtual local area network (VLAN), where the associating permits network traffic to be received from or sent to the first server device via the VLAN, and where the network node uses the session threshold received from the second server device, instead of a threshold associated with the VLAN, to determine a duration permitted for the session.  
The Examiner concludes that in addition to the Applicant's arguments/Remarks, filed on 05/06/2022 with the amendment, prior art of reference does not teach at least the limitations of the independent claims 1, 11, 13, and 23. None of Mathew, Patter, and Jagannathrao, nor any other art teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the amended independent claim 11. For example, none of the cited prior art teaches or suggest the steps of generating a particular session identifier for a session of a client of an application: wherein the application supports a plurality of authentication tiers; wherein each authentication tier, of the plurality of authentication tiers, 1s associated with one or more respective authentication steps of a plurality of authentication steps; wherein the plurality of authentication tiers includes (a) a higher-security authentication tier that allows first one or more restricted actions, and (b) a lower-security authentication tier that allows second one or more restricted actions; authenticating the client to the higher-security authentication tier; based on said authenticating the client to the higher-security authentication tier: maintaining authentication-tier data that identifies an authentication tier for the session by associating the particular session identifier with the higher- security authentication tier, and setting a timer based on a particular pre-defined amount of time associated with the higher-security authentication tier; detecting a particular explicit user request to downgrade the authentication tier associated with the particular session identifier; wherein the particular explicit user request 1s received prior to expiration of the timer; in response to detecting the particular explicit user request to downgrade the authentication tier associated with the particular session identifier, downgrading the authentication tier of the session by updating the authentication-tier data to associate the particular session identifier with the lower-security authentication tier: after downgrading the authentication tier of the session and prior to expiration of the timer, receiving an action request from the client to perform a restricted action of the first one or more restricted actions; and in response to receiving the action request from the client, updating the authentication- tier data to associate the particular session identifier with the higher-security authentication tier without requiring the client to re-execute particular one or more authentication steps associated with the higher-security authentication tier, as a whole with the remaining limitations. Therefore, the claim 11 is considered allowable over the cited prior art.
As to claim 1, the claim is directed to a Method, and the claim limitations are similar to the claim limitations of the method claim 1, and further extending the limitation capturing the function directed to beyond “explicit user request,” and therefore, claim 1 is also considered allowable for the same reason set forth above for claim 11.
As to claim 13, the claim is directed to a computer readable media, and the claim limitations are similar to the claim limitations of the method claim 1.  Therefore, claim 13 is also considered allowable for the same reason set forth above for claim 1.
As to claim 23, the claim is directed to a computer readable media, and the claim limitations are similar to the claim limitations of the method claim 11.  Therefore, claim 23 is also considered allowable for the same reason set forth above for claim 11.
As to claims 2-10 and 14-22, the claims are dependent from claims 1 or 13 respectively, and are considered allowable.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jahangir Kabir whose telephone number is (571) 270-3355.  The examiner can normally be reached on 9:00- 5:00 Mon-Thu.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/JAHANGIR KABIR/             Primary Examiner, Art Unit 2439