Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This office action is in response to the amendment filed 02/17/2022. In the instant amendment, claims 1, 7-8, 11, 13, 17-18 were amended; 21-25 have been added; claims 6, 9-10, 16, 19-20 are cancelled; claims 21-25 are new; claims 1, 11 and 23 are independent claims. Claims 1-5, 7-8, 11-15, 17-18, 21-25 are pending in this application. THIS ACTION IS MADE FINAL. 

Claim Objections
Claim 21 is objected to because of the following informalities: There are two claims that say claim 21. To expedite the examination process, the Examiner labels those two claims as 21-1 and 21-2 for the sack of examination.  The claims need to be renumbered. Appropriate correction is required.

Response to Arguments
Applicant’s arguments filed 02/17/2022 have been fully considered but they are not persuasive. 
Applicant argues (on page: 9) that Sprague fails to disclose or suggest collect, by a multifactor identification device, a plurality of types of user identifying data; assign a confidence level to each of the plurality of types of user identifying data, the confidence levels representing a confidence that each of plurality of types of user identifying data identifies a specified user: decrement at least one of the confidence levels based on elapsed time since the corresponding at least one of the plurality of types of user identifying data has been collected: determine, by the multifactor identification device, a trust score based on the confidence levels that the plurality of types of user identifying data identifies a specified user; and when the trust score is greater than a threshold, send an identification credential identifying the user to an authentication provider.
In response, the Examiner respectfully disagrees with the applicant. Under a broadest reasonable interpretation (BRI), words of the claim must be given their plain meaning, unless such meaning is inconsistent with the specification. The plain meaning of a term means the ordinary and customary meaning given to the term by those of ordinary skill in the art at the time of invention. Here the limitation ends with a comma then the next line starts a new amended limitation where new prior art was applied. “Although the specifications may well indicate that certain embodiments are preferred, particular embodiments appearing in specification will not be read into the claims when the claim language is broader than such embodiments,” (Electro Med. Sys. S.A. v. Cooper Life Sciences Inc., 34 F. 3d 1048, 1054 (Fed. Cir. 1994)). Sprague discloses collect, by a multifactor identification device, a plurality of types of user identifying data; (see Sprague, [0009], [0093]-[0107]) assign a confidence level to each of the plurality of types of user identifying data, the confidence levels representing a confidence that each of plurality of types of user identifying data identifies a specified user; (See Sprague, [0018]-[0019], [0021], [0038] and FIG 2B) decrement at least one of the confidence levels based on elapsed time since the corresponding at least one of the plurality of types of user identifying data has been collected; (See Sprague, [0109]-[0110], [0130] and [0142], FIG 2B and FIG 4A) determine, by the multifactor identification device,  (See Sprague, [0009] & [0093]-[0107]) a trust score based on the confidence levels that the plurality of types of user identifying data identifies a specified user; (Sprague, [0093]-[0107]) and when the trust score is greater than a threshold, (See Sprague, [0038], [0132], [0092]-[0093]). Dean was used in combination with Sprague to disclose send an identification credential identifying the user to an authentication provider (see Dean, Col. 9, Lines 9-35).
Applicant's arguments (page 9): Additionally, as to the dependent claims 2-5, 7-8, 12-15, 17-18, 21-22 and 24-25 the Applicant argues that the claims are dependent directly or indirectly from a respective one of claims of independent claims 1, 11 and 23 and are therefore distinguished from the cited art at least by virtue OR allowable at least based on of their additionally recited patentable subject matter. 
The Examiner disagrees with the Applicants. The Examiner respectfully submits that the dependent claims 2-5, 7-8, 12-15, 17-18, 21-22 and 24-25 are rejected at least based on the rationale and response presented to the argument for their respective base claims, and the reference applied to claims 2-5, 7-8, 12-15, 17-18, 21-22 and 24-25. 
Therefore, in view of the above reasons, the Examiner maintains the rejection with the cited prior art references. Therefore, in view of the above reasons, the Examiner maintains the rejection.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
7.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


8.	Claims 1, 7-8 and 21-1 are rejected under 35 U.S.C. 103 as being unpatentable over Sprague et al (“Sprague,” US 20150089568) and further in view of Dean et al (“Dean,” US 8,856,894)

Regarding claim 1, Sprague discloses a non-transitory computer readable medium comprising instructions stored thereon, the instructions effective to cause at least one processor to:
collect, by a multifactor identification device, a plurality of types of user identifying
data; (Sprague, [0009] & [0093] describes multifactor identification; [0094]-[0107], describe collecting a plurality of types of user identifying data such as biometric information from a trusted device [multifactor identification device]) 
assign a confidence level to each of the plurality of types of user identifying data, the confidence levels representing a confidence that each of plurality of types of user identifying data identifies a specified user; (Sprague, [0018], [0019], [0021], [0038], describe assigning a high or low confidence score [where high to low confidence score refers to confidence levels] to each of the plurality of types of context data [user identifying data], the confidence levels representing a confidence that each of the plurality of types of user identifying data identifies a specified user; 260, specify environmental factors to improve trust score calculation, 262, specify factors to decrease trust score calculation FIG 2B; also see [0022]-[0035] which describes types of user identifying data), 
decrement at least one of the confidence levels based on elapsed time since the corresponding at least one of the plurality of types of user identifying data has been collected; (Sprague, [0109]-[0110], [0130], [0142], describe decreasing [decrementing] at least one of the confidence levels based on elapsed time; 262, FIG 2B, specify factors to decrease trust score calculation; FIG 4A shows trust score with factor weighting based on time such as hour old registration, month old registration, year old registration which are based on elapsed time since the corresponding at least one of the plurality of types of identifying data has been collected; also see [0022]-[0035] which describes types user identifying data)
determine, by the multifactor identification device, (Sprague, [0009] & [0093] [0094]-[0107], describe determining from a trusted device [multifactor identification device])
a trust score based on the confidence levels that the plurality of types of user identifying data identifies a specified user; (Sprague, [0018], [0019], [0021], [0038], describe assigning a high or low confidence score  [where high to low confidence score refers to confidence levels] to each of the plurality of types of context data [user identifying data], the confidence levels representing a confidence that each of the plurality of types of user identifying data identifies a specified user; 260, specify environmental factors to improve trust score calculation, 262, specify factors to decrease trust score calculation FIG 2B, also see [0093]-[0107], [0022]-[0035] which describes types of user identifying data)
when the trust score is greater than a threshold, (Sprague, [0038], [0132], [0092]-[0093], describes the trust score passing a threshold [greater than a threshold])
Sprague fails to explicitly disclose and send an identification credential identifying the user to an authentication provider.
However, in an analogous art, Dean discloses send an identification credential identifying the user to an authentication provider, (Dean, Col. 9, Lines 9-35 discloses sending a virtual credential which can be token identifying the user to the service provider to perform authentication). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Dean with the method and system of Sprague to include send an identification credential identifying the user to an authentication provider. One would have been motivated to provide a server that automatically monitors and authenticates an individual's online transactions and/or activities using an Always On Authentication scheme (Dean, Col. 1, Lines 33-36). 

Regarding claim 7, Sprague and Dean disclose the non-transitory computer readable medium of claim 1. 
Sprague further discloses of the multifactor identification device (Sprague, [0009] & [0093] [0094]-[0107], describe determining from a trusted device [multifactor identification device])
wherein a rate at which the trust score is decremented (Sprague, 262, FIG 2B, specify factors to decrease trust score calculation; also see [0038], [0044] and [0049]). 
Dean further discloses is based on a determination of a spatial-temporal context (Dean, Col. 12, Lines 50-64 describes based on a determination of the risk profile containing context such as location and time). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Dean with the method and system of Sprague to include is based on a determination of a spatial-temporal context. One would have been motivated to provide a server that automatically monitors and authenticates an individual's online transactions and/or activities using an Always On Authentication scheme (Dean, Col. 1, Lines 33-36).

Regarding claim 8, Sprague and Dean disclose the non-transitory computer readable medium of claim 1. 
Sprague further discloses wherein a rate at which the trust score is decremented (Sprague, 262, FIG 2B, specify factors to decrease trust score calculation)
Dean further discloses is based on a rate set by the authentication provider (Dean, Col. 2, Lines 50-64; Col. 3, Lines 1-18 describes allowing the threshold trust level to be adjusted up or down by the service provider that performs authentication as described in Col. 9, Lines 9-35). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Dean with the
method and system of Sprague to include is based on a rate set by the service provider. One would have been motivated to provide a server that automatically monitors and authenticates an individual's online transactions and/or activities using an Always On Authentication scheme (Dean, Col. 1, Lines 33-36).

Regarding claim 21-1, Sprague and Dean disclose the non-transitory computer readable medium of claim 1. 
Sprague further discloses wherein the decrement at least one of the confidence levels based on elapsed time since at least one of the plurality of types of user identifying data has been collected comprises: decrement, at a first rate over time, one of the confidence levels for a first type of the plurality of types of user identifying data; (Sprague, [0109]-[0110], [0130], [0142], describe decreasing [decrementing] at least one of the confidence levels based on elapsed time; 262, FIG 2B, specify factors to decrease trust score calculation; FIG 4A shows trust score with factor weighting based on time such as hour old registration [first rate based on hour rate of time], month old registration [second rate based on month’s old time], year old registration [third rate based on a year’s old time] which are based on elapsed time since the corresponding at least one of the plurality of types of identifying data has been collected [where the registration is the user identifying data])
decrement, at a second rate over time, one of the confidence levels for a second type of the plurality of types of user identifying data, the first rate being different from the second rate (Sprague, [0109]-[0110], [0130], [0142], describe decreasing [decrementing] at least one of the confidence levels based on elapsed time; 262, FIG 2B, specify factors to decrease trust score calculation; FIG 4A shows trust score with factor weighting based on time such as hour old registration [first rate based on hour rate of time], month old registration [second rate based on month’s old time], year old registration [third rate based on a year’s old time] which are based on elapsed time since the corresponding at least one of the plurality of types of identifying data has been collected [where the registration is the user identifying data])

9.	Claims 2-5, 11-15, 17-18, 21-2, 23-24 and 25 are rejected under 35 U.S.C. 103 as being unpatentable over Sprague et al (“Sprague,” US 20150089568) in view of Dean et al (“Dean,” US 8856894) and further in view of Sheller et al (“Sheller,” US 20150373007). 

Regarding claim 2, Sprague and Dean disclose the non-transitory computer readable medium of claim 1. 
Sprague and Dean fail to explicitly disclose wherein the trust score is determined based on factors specified in an access policy configured by a service provider, wherein the access policy specifies conditions required to initiate a session with the service
provider and conditions required to maintain the session with the service provider.
However, in an analogous art, Sheller discloses wherein the trust score is determined based on factors specified in an access policy configured by a service provider, (Sheller, [0071], [0078], [0042] & [0017], describes a confidence score is determined based on factors specified in an access policy configured by a service provider)
 wherein the access policy specifies conditions required to initiate a session with the service provider (Sheller, [0071], [0078], [0050] & [0017], describes an access policy that specifies conditions required to start a session with the service provider)
and conditions required to maintain the session with the service provider, (Sheller, [0082], [0091] & [0017] describes conditions required to maintain the session with the service provider)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Sheller with the method and system of Sprague and Dean to include wherein the trust score is determined based on factors specified in an access policy configured by a service provider, wherein the access policy specifies conditions required to initiate a session with the service provider and conditions required to maintain the session with the service provider. One would have been motivated to a system and method configured to provide continuous authentication from initial authentication (e.g., by a user to a user device) to session closure, e.g., by the authenticated user (Sheller, [0014]). 

Regarding claim 3, Sprague, Dean and Sheller disclose the non-transitory computer readable medium of claim 2. 
Dean further discloses wherein the identification credential is at least partially a composite of multiple types of the plurality of the user identifying data, (Dean, Col. 10, Lines 39-44 describes an AOA ID or a virtual credential may have one or more levels of associated data attributes for the individual. The one or more levels may correspond to different degrees of privacy and/or amount of data associated with the individual. For example, some levels may include basic, private, identity, payment, and/or marketing).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Dean with the method and system of Sprague to include wherein the identification credential is at least partially a composite of the multiple types of the plurality of the user identifying data. One would have been motivated to provide a server that automatically monitors and authenticates an individual's online transactions and/or activities using an Always On Authentication scheme (Dean, Col. 1, Lines 33-36).

Regarding claim 4, Sprague, Dean and Sheller disclose the non-transitory computer readable medium of claim 3. 
Dean further discloses define the multiple of the plurality of the user identifying data to make up the identification credential, (Dean, Col. 10, Lines 39-67; Col. 11, Lines 1-9; Col. 14, Lines 10-45 describes defining An AOA ID or a virtual credential may have one or more levels of associated data attributes for the individual. The one or more levels may correspond to different degrees of privacy and/or amount of data associated with the individual. For example, some levels may include basic, private, identity, payment, and/or marketing and associating risk levels that are low, medium and high depending on the transaction; Col. 2, Lines 65-67; Col. 3, Lines 1-18 describe a threshold trust level). 
where at least one of the multiple types of the plurality of the user identifying data is required such that the trust score cannot be greater than the threshold without the required identifying data, (Dean, Col. 10, Lines 39-67; Col. 11, Lines 1-9; Col. 14, Lines 10-45 describes defining An AOA ID or a virtual credential may have one or more levels of associated data attributes for the individual. The one or more levels may correspond to different degrees of privacy and/or amount of data associated with the individual. For example, some levels may include basic, private, identity, payment, and/or marketing and associating risk levels that are low, medium and high depending on the transaction; Col. 2, Lines 65-67; Col. 3, Lines 1-18 describe a threshold trust level).
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Dean with the
method and system of Sprague to include to define the multiple of the plurality of the user identifying data to make up the identification credential, where at least one of the multiple types of the plurality of the user identifying data is required such that the trust score cannot be greater than the threshold without the required identifying data. One would have been motivated to provide a server that automatically monitors and authenticates an individual's online transactions and/or activities using an Always On Authentication scheme (Dean, Col. 1, Lines 33-36).
Sheller further discloses wherein the access policy conditions required to initiate the session with the service provider (Sheller, [0071], [0078], [0050] & [0017], describes an access policy that specifies conditions required to start a session with the service provider)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Sheller with the method and system of Sprague and Dean to include wherein the access policy conditions required to initiate the session with the service provider. One would have been motivated to a system and method configured to provide continuous authentication from initial authentication (e.g., by a user to a user device) to session closure, e.g., by the authenticated user (Sheller, [0014]). 

Regarding claim 5, Sprague and Dean disclose the non-transitory computer readable medium of claim 1. 
Sprague further discloses a multifactor identification device (Sprague, [0009] & [0093] describes multifactor identification; [0094]-[0107], describe collecting a plurality of types of user identifying data such as biometric information from a trusted device [multifactor identification device])
Dean further discloses wherein the instructions are further effective to cause at least one processor to: determine a spatial-temporal context (Dean, Col. 12, Lines 50-64 describes based on a determination of the risk profile containing context such as location and time). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Dean with the method and system of Sprague to include wherein the instructions are further effective to cause at least one processor to: determine a spatial-temporal context. One would have been motivated to provide a server that automatically monitors and authenticates an individual's online transactions and/or activities using an Always On Authentication scheme (Dean, Col. 1, Lines 33-36).
wherein the trust score can only be greater than the threshold when the spatial-temporal context (Dean, Col. 2, Lines 50-64; Col. 3, Lines 1-18 describes allowing the threshold trust level to be adjusted up or down based on factors such as the risk profile that contains location and time data [spatial-temporal context]). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Dean with the method and system of Sprague to include wherein the instructions are further effective to cause at least one processor to: determine a spatial-temporal context of the multifactor identification device, wherein the trust score can only be greater than the threshold when the spatial-temporal context complies with an access policy. One would have been motivated to provide a server that automatically monitors and authenticates an individual's online transactions and/or activities using an Always On Authentication scheme (Dean, Col. 1, Lines 33-36).
	Sprague and Dean fail to explicitly disclose complies with an access policy. 
However, in an analogous art, Sheller discloses complies with an access policy (Sheller, [0071] & [0132] describes agreeing with the policy for access to open a session). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Sheller with the method and system of Sprague and Dean to include complies with an access policy. One would have been motivated to a system and method configured to provide continuous authentication from initial authentication (e.g., by a user to a user device) to session closure, e.g., by the authenticated user (Sheller, [0014]).

Regarding claim 11, Sprague discloses a multifactor authentication system, the system comprising:
a multifactor identification device configured to (Sprague, [0094]-[0107] describes a trusted device [a multifactor identification device] configured to)
collect a plurality of types of user identifying data, (Sprague, [0009] & [0093] describes multifactor identification; [0094]-[0107], describe collecting a plurality of types of user identifying data such as biometric information from a trusted device [multifactor identification device])
assign a confidence level to each of the plurality of types of user identifying data, the confidence levels representing a confidence that each of plurality of types of user identifying data identifies a specified user, (Sprague, [0018], [0019], [0021], [0038], describe assigning a high or low confidence score [where high to low confidence score refers to confidence levels] to each of the plurality of types of context data [user identifying data], the confidence levels representing a confidence that each of the plurality of types of user identifying data identifies a specified user; 260, specify environmental factors to improve trust score calculation, 262, specify factors to decrease trust score calculation FIG 2B; also see [0022]-[0035] which describes types of user identifying data),
decrement at least one of the confidence levels based on elapsed time since the corresponding at least one of the plurality of types of user identifying data has been collected, (Sprague, [0109]-[0110], [0130], [0142], describe decreasing [decrementing] at least one of the confidence levels based on elapsed time; 262, FIG 2B, specify factors to decrease trust score calculation; FIG 4A shows trust score with factor weighting based on time such as hour old registration, month old registration, year old registration which are based on elapsed time since the corresponding at least one of the plurality of types of identifying data has been collected; also see [0022]-[0035] which describes types user identifying data)
determine a trust score based on the confidence levels that the plurality of types of user identifying data identifies a specified user, (Sprague, [0018], [0019], [0021], [0038], describe assigning a high or low confidence score  [where high to low confidence score refers to confidence levels] to each of the plurality of types of context data [user identifying data], the confidence levels representing a confidence that each of the plurality of types of user identifying data identifies a specified user; 260, specify environmental factors to improve trust score calculation, 262, specify factors to decrease trust score calculation FIG 2B, also see [0093]-[0107], [0022]-[0035] which describes types of user identifying data) and
when the trust score is greater than a threshold, (Sprague, [0038], [0132], [0092]-[0093], describes the trust score passing a threshold)
and instructions are further effective to cause at least one processor to: when the trust score drops below the threshold, (Sprague, 262, FIG 2 specify factors that decrease the trust score calculation; [0038], [0044] and [0049] describe less than a threshold)
and instructions are further effective to cause at least one processor to: when the trust score drops below the threshold, (Sprague, 262, FIG 2B, specify factors to decrease trust score calculation; [0038], [0044] and [0049] describe a threshold). 
Sprague fails to explicitly disclose send an identification credential identifying the user to an authentication provider; 
However, in an analogous art, Dean discloses send an identification credential identifying the user to an authentication provider; (Dean, Col. 9, Lines 9-35 discloses sending a virtual credential which can be token identifying the user to the service provider to perform authentication).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Dean with the method and system of Sprague to include send an identification credential identifying the user to an authentication provider; and instructions are further effective to cause at least one processor to: when the trust score drops below the threshold, send a notification to the authentication provider. One would have been motivated to provide a server that automatically monitors and authenticates an individual's online transactions and/or activities using an Always On Authentication scheme (Dean, Col. 1, Lines 33-36). 
Sprague and Dean fail to explicitly disclose send a notification to the authentication provider
However, in an analogous art, Sheller discloses send a notification to the authentication provider (Sheller, 210, FIG 2, notify the remote communication partner. [0017] describes the remote communication partner as a server that performs continuous authentication)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Sheller with the method and system of Sprague and Dean to include send a notification to the authentication provider. One would have been motivated to a system and method configured to provide continuous authentication from initial authentication (e.g., by a user to a user device) to session closure, e.g., by the authenticated user (Sheller, [0014]).

Regarding claim 12, claim 12 is directed to the multifactor authentication system of claim 11. Claim 12 is similar in scope to claim 2 and is therefore rejected under similar rationale.

Regarding claim 13, claim 13 is directed to the multifactor authentication system of claim 11. Claim 13 is similar in scope to claim 3 and is therefore rejected under similar rationale.

Regarding claim 14, claim 14 is directed to the multifactor authentication system of claim 13. Claim 14 is similar in scope to claim 4 and is therefore rejected under similar rationale.

Regarding claim 15, claim 15 is directed to the multifactor authentication system of claim 11. Claim 15 is similar in scope to claim 5 and is therefore rejected under similar rationale.

Regarding claim 17, claim 17 is directed to the multifactor authentication system of claim 11. Claim 17 is similar in scope to claim 7 and is therefore rejected under similar rationale.

Regarding claim 18, claim 18 is directed to the multifactor authentication system of claim 11. Claim 18 is similar in scope to claim 8 and is therefore rejected under similar rationale.

Regarding claim 21-2, Sprague and Dean disclose the multifactor authentication system of claim 11. 
Sprague further discloses wherein the decrement at least one of the confidence levels based on elapsed time since at least one of the plurality of types of user identifying data has been collected comprises: decrement, at a first rate over time, one of the confidence levels for a first type of the plurality of types of user identifying data; (Sprague, [0109]-[0110], [0130], [0142], describe decreasing [decrementing] at least one of the confidence levels based on elapsed time; 262, FIG 2B, specify factors to decrease trust score calculation; FIG 4A shows trust score with factor weighting based on time such as hour old registration [first rate based on hour rate of time], month old registration [second rate based on month’s old time], year old registration [third rate based on a year’s old time] which are based on elapsed time since the corresponding at least one of the plurality of types of identifying data has been collected [where the registration is the user identifying data])
decrement, at a second rate over time, one of the confidence levels for a second type of the plurality of types of user identifying data, the first rate being different from the second rate (Sprague, [0109]-[0110], [0130], [0142], describe decreasing [decrementing] at least one of the confidence levels based on elapsed time; 262, FIG 2B, specify factors to decrease trust score calculation; FIG 4A shows trust score with factor weighting based on time such as hour old registration [first rate based on hour rate of time], month old registration [second rate based on month’s old time], year old registration [third rate based on a year’s old time] which are based on elapsed time since the corresponding at least one of the plurality of types of identifying data has been collected [where the registration is the user identifying data])

Regarding claim 23, Sprague discloses a method, comprising:
collecting, by a multifactor identification device, a plurality of types of user identifying data; (Sprague, [0009] & [0093] describes multifactor identification; [0094]-[0107], describe collecting a plurality of types of user identifying data such as biometric information from a trusted device [multifactor identification device])
assigning a confidence level to each of the plurality of types of user identifying data, the confidence levels representing a confidence that each of plurality of types of user identifying data identifies a specified user; (Sprague, [0018], [0019], [0021], [0038], describe assigning a high or low confidence score [where high to low confidence score refers to confidence levels] to each of the plurality of types of context data [user identifying data], the confidence levels representing a confidence that each of the plurality of types of user identifying data identifies a specified user; 260, specify environmental factors to improve trust score calculation, 262, specify factors to decrease trust score calculation FIG 2B; also see [0022]-[0035] which describes types of user identifying data),
decrementing at least one of the confidence levels based on elapsed time since the corresponding at least one of the plurality of types of user identifying data has been collected; (Sprague, [0109]-[0110], [0130], [0142], describe decreasing [decrementing] at least one of the confidence levels based on elapsed time; 262, FIG 2B, specify factors to decrease trust score calculation; FIG 4A shows trust score with factor weighting based on time such as hour old registration, month old registration, year old registration which are based on elapsed time since the corresponding at least one of the plurality of types of identifying data has been collected; also see [0022]-[0035] which describes types user identifying data)
determining, by the multifactor identification device, (Sprague, [0009] & [0093] [0094]-[0107], describe determining from a trusted device [multifactor identification device])
a trust score based on the confidence levels that the plurality of types of user identifying data identifies a specified user; (Sprague, [0018], [0019], [0021], [0038], describe assigning a high or low confidence score  [where high to low confidence score refers to confidence levels] to each of the plurality of types of context data [user identifying data], the confidence levels representing a confidence that each of the plurality of types of user identifying data identifies a specified user; 260, specify environmental factors to improve trust score calculation, 262, specify factors to decrease trust score calculation FIG 2B, also see [0093]-[0107], [0022]-[0035] which describes types of user identifying data) and 
when the trust score is greater than a threshold, (Sprague, [0038], [0132], [0092]-[0093], describes the trust score passing a threshold [greater than a threshold])
Sprague fails to explicitly disclose send an identification credential identifying the user to an authentication provider.
However, in an analogous art, Dean discloses send an identification credential identifying the user to an authentication provider, (Dean, Col. 9, Lines 9-35 discloses sending a virtual credential which can be token identifying the user to the service provider to perform authentication). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Dean with the method and system of Sprague to include send an identification credential identifying the user to an authentication provider. One would have been motivated to provide a server that automatically monitors and authenticates an individual's online transactions and/or activities using an Always On Authentication scheme (Dean, Col. 1, Lines 33-36). 

Regarding claim 24, Sprague and Dean disclose the method of claim 23.
Sprague further discloses wherein a rate in which the trust score is decremented is based on a determination of a spatial-temporal context of the multifactor identification device, (Sprague, [0109]-[0110], [0130], [0142], describe decreasing [decrementing] at least one of the confidence levels based on elapsed time; 262, FIG 2B, specify factors to decrease trust score calculation; [0024], [0096]; [0109], [0130], [0142] describes a geographic location based on time [spatial-temporal context])

Regarding claim 25, Sprague and Dean disclose the method of claim 23.  
Sprague further discloses wherein the decrementing at least one of the confidence levels based on elapsed time since at least one of the plurality of types of user identifying data has been collected comprises: decrementing, at a first rate over time, one of the confidence levels for a first type of the plurality of types of user identifying data; (Sprague, [0109]-[0110], [0130], [0142], describe decreasing [decrementing] at least one of the confidence levels based on elapsed time; 262, FIG 2B, specify factors to decrease trust score calculation; FIG 4A shows trust score with factor weighting based on time such as hour old registration [first rate based on hour rate of time], month old registration [second rate based on month’s old time], year old registration [third rate based on a year’s old time] which are based on elapsed time since the corresponding at least one of the plurality of types of identifying data has been collected [where the registration is the user identifying data])
decrementing, at a second rate over time, one of the confidence levels for a second type of the plurality of types of user identifying data, the first rate being different from the second rate, (Sprague, [0109]-[0110], [0130], [0142], describe decreasing [decrementing] at least one of the confidence levels based on elapsed time; 262, FIG 2B, specify factors to decrease trust score calculation; FIG 4A shows trust score with factor weighting based on time such as hour old registration [first rate based on hour rate of time], month old registration [second rate based on month’s old time], year old registration [third rate based on a year’s old time] which are based on elapsed time since the corresponding at least one of the plurality of types of identifying data has been collected [where the registration is the user identifying data]).







Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES J WILCOX whose telephone number is (571)270-3774. The examiner can normally be reached M-F: 8 A.M. to 5 P.M..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T. Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JAMES J WILCOX/           Examiner, Art Unit 2439      



/LUU T PHAM/           Supervisory Patent Examiner, Art Unit 2439