DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 04/13/2022 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly an initialed and dated copy of Applicant's IDS form 1449 filed 04/13/2022 are attached to the instant Office action.

Acknowledgements
This communication is in response to
Application claim amendments filed on 04/18/2022, and 
Authorization for the below examiner’s claim amendments was given by Phone by Ms. Carol E. Thorstad-Forsyth (Reg. No.  56,455) on 06/07/2022.

The amendments filed on 04/18/2022 have been entered.
The claims amendments overcome the USC 103 rejections previously set forth in the Office Action mailed on 03/07/2022.

An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Examiner’s Amendment
Note: Proposed amendments marked manually with underlining and 
Claims

Please replace claim 1 with:
1. (Currently Amended) A method comprising: 
receiving, by a computing device, a request from a client device to access a resource; determining, by the computing device, context information that corresponds to the request and comprises a plurality of elements; assigning, by the computing device, scores to individual elements of the plurality of elements; combining the scores to generate a second score; assigning, by the computing device, an authentication level to the request based on a user identity and the combined score; 
generating, by the computing device, an authentication challenge based on the authentication level, the authentication challenge comprises an initial token, the initial token comprising the user identity, identification of the resource for which access is being requested, at least a portion of the context information, authentication parameters, and an assertion that authentication credentials included in the request have been verified; 
receiving, by the computing device, an updated token from the client device in response to transmission of the authentication challenge to the client device, the updated token generated by inclusion in the initial token [[of]] an indication of authentication of [[the]] a user of the client device to one or more authentication services, the authentication being accomplished with use of the authentication parameters, and the indication being included in the initial token by the one or more authentication services as a part of a response to an authentication request from the client device made in response to the authentication challenge; and 
providing, by the computing device, the client device with access to the resource based on the authentication of the user of the client device to one or more authentication services as indicated by the updated token.  

Please replace claim 5 with:
5. (Currently Amended) The method according to claim 4, further comprising: determining, by the client device, upon receipt of the updated token, whether all authentication schemes included in [[the]] an identified authentication protocol have been executed; and upon determining that all authentication schemes included in the identified authentication protocol have been executed, transmitting the updated token to the computing device.  

Please cancel claims 17-29:
17-29. (Cancelled). 

Please replace claim 31 with:
31. (Currently Amended) A computing system, comprising: 
a processor; and a non-transitory computer-readable storage medium comprising programming instructions that are configured to cause the processor to implement a method for authenticating a user in the computing system, wherein the programming instructions comprise instructions to: 
receive a request from a client device to access a resource; determine context information that corresponds to the request and comprises a plurality of elements; assign scores to individual elements of the plurality of elements; 
combining the scores to generate a combined score; 
assign an authentication level to the request based on a user identity and the combined score; generate an authentication challenge in accordance with the authentication level, the authentication challenge comprises an initial token, the initial token comprising the user identity, identification of the resource for which access is being requested, at least a portion of the context information, authentication parameters, and an assertion that authentication credentials included in the request have been verified; 
receive an updated token from the client device in response to transmission of the authentication challenge to the client device, the updated token generated by inclusion in the initial token [[of]] an indication of authentication of a user of the client device to [[the]] one or more authentication services, the authentication being accomplished with use of [[the]] at least one authentication protocol and the authentication parameters an authentication request from the client device made in response to the authentication challenge; and 
provide the client device with access to the resource based on the authentication of the user of the client device to the one or more authentication services as indicated by the updated token.  

Please replace claim 32 with:
32. (Currently Amended) The computing system according to claim 31, wherein the programming instructions further comprise instructions to cause the client device to: transmit an authentication request that comprises the initial token; and receive the updated token that comprises an assertion indicating a status of user authentication upon execution of [[the]] at least one authentication scheme.  

Please replace claim 33 with:
33. (Currently Amended) The computing system according to claim 31, wherein the programming instructions further comprise instructions to cause the client device to: determine, upon receipt of the updated token, whether all authentication schemes included in [[the]] an identified authentication protocol have been executed; and upon determining that all authentication schemes included in the identified authentication protocol have been executed, transmit the updated token to the processor.  

Please replace claim 34 with:
34. (Currently Amended) The computing system according to claim 32, wherein the programming instructions further comprise instructions to cause the processor to grant the [[access]] request for accessing the resource upon determining that the one or more assertions included in the updated token satisfy [[the]] an identified authentication protocol.  

Please replace claim 35 with:
35. (Currently amended) The method according to claim 1, wherein the initial token includes information specifying performance of an execution of [[the]] at least one authentication protocol by the one or more authentication services.  

Allowable Subject Matter
Claims 1-12, 16 and 31-36 are allowed.
The following is a statement of reasons for indication of allowable subject matter.
Cited and relevant prior art of record:
Unnikrishnan et. al. (US 20160094531 A1),
Veeraraghavan et. al. (US 20090320103 A1),
Badri et. al. (US 20180351925 A1), and
Samuels et. al. (US 8788419 B2).
Unnikrishnan discloses a system for granting access to secured resources of a network, where a computing device receives an access request from a client, where the computing device inspects a user string or header of the access request, including the type of authentication the client is able to authenticate, version of the authentication protocol supported, previous challenges, and further discloses an authentication challenge, where a cookie is included in the challenge, where the authentication challenge is tailored to a specific type of authentication. Unnikrishnan further discloses identifying from the request the client’s ability to use a specific authentication protocol, and receiving a response to the challenge by the client device, where the response includes an authentication token. Veeraraghavan discloses an augmented token to augment the original token with authentication and/or authorization, where the augmented token includes the original token. Badri discloses multi-level and/or a multi-factor authentication system and a self-learning process, where each user can be assigned a default score index based on one or more attributes, e.g. user location, time and authenticator, where the score index representing a security level/challenge and the corresponding authentication required to access each of the one or more services/resources. Samuels discloses scores to individual attributes and combining the scores of the attributes.  
While the above prior arts disclose the aforementioned concepts, however, none of the above prior arts, individually or in combination, discloses all the limitations in the manner recited in the independent claims. Specifically, none of the above prior art discloses authentication levels based on combined scores of elements of the context information and user identity, generating an authentication challenge based on the authentication levels, an initial token, which is included in the authentiction challenge, where the initial token includes user identity, identification of the resource for which access is being requested, at least a portion of the context information, authentication parameters, and an assertion that authentication credentials included in a request have been verified, receiving an updated token in response to the authentication challenge, where the updated token generated by inclusion in the initial token of an indication of authentication of the user of the client device to one or more authentication services. Therefore, the above limitations in conjunction with the remaining limitations of the independent claims render the above independent claims allowable.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance."

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705.  The examiner can normally be reached on Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BASSAM A NOAMAN/Examiner, Art Unit 2497