DETAILED ACTION
This action is in response to the application filed on June 24, 2022. Claims 1-20 are pending. Claims 1-15, and 17-19 are amended. Of such, claims 1-14 represent a device, claims 15-17 represent a non-transitory medium, and claims 18-20 represents method directed to dynamically determine an authentication method for a user device to access services based on security risk.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	Response to Arguments
Applicant’s arguments, see pages 11-16, filed  on June 24, 2022, with respect to the rejections of claims 1-20 in view of Lester and Koral have been fully considered and are persuasive.  Therefore the rejection has been withdrawn. However, upon further consideration, a new grounds of rejection is made in view of Lester and Koral in further view of Chang et al. (US 20140208419).
Specification
The rejection to the disclosure for informalities with the abstract is withdrawn in light of the amendments to the Abstract.
Claim Rejections - 35 USC § 112
The rejection to the disclosure with regards to Claims 1-20 have been withdrawn in light of the amendments to the claims. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3, 5-16, 18, 20 are rejected under 35 U.S.C. 103 as being unpatentable by Lester et al. (US Patent 10432605), hereinafter referred to as Lester, in view of Chang et al. (US 20140208419), hereinafter referred to as Chang. 
Regarding Claim 1, Lester discloses:
A device, comprising: a processing system including a processor; and a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations, the operations comprising (In ¶ 44 Lester discloses “the authentication system 200 can include memory 210, one or more processors 220”): obtaining network intelligence data for a mobile network over the communication network (In ¶ 11 Lester discloses “In response to the request, risk factors indicative of behavior of the user, a social network of the user, the user device, and information security of the organization may be aggregated”); analyzing a security behavior of the device (In ¶ 106, Lester discloses “Information used to generate the user's (or the device's) behavior pattern may be received from cross-channel information gathering and monitoring module 830.”); identifying a security risk level for each of a plurality of authentication methods resulting in a plurality of security risk levels in response to the analyzing the security behavior of the device and the network intelligence data using a machine learning application, wherein the first authentication method is one of the plurality of authentication methods (In ¶ 17 Lester discloses “a method includes creating a unique authentication plan for a session with a user based on an intrusiveness of the authentication methods available, user preferences, device capabilities, and a difference between an identity trust score and an activity score of the requested activity, where the unique authentication plan includes one or more authentication options” and in ¶ 37, Lester further discloses “Organization 145 may include various computing systems, model/rules execution engine 160, user behavior database 150, security and fraud indicator database 155, and user database 165”); determining the first security risk level associated with the first authentication method corresponds to a higher risk than the second security risk level associated with the function (In ¶ 67 Lester discloses “In block 350, the identity trust score is compared with the activity trust threshold”); and responsive to the determining the first security risk level corresponds to a lower risk than the second security risk level: Appln. No. 16/903,528Page 4 of 17 Reply to Non-Final Office Action of April 5, 2022 Docket No. 2020-0047_7785-2155A notifying the user device of the second security risk level for the function (In ¶ 7 Lester discloses “generate an alert when the user behavior deviates above the threshold level”); and providing a recommendation to the user device to utilize the second authentication method to perform the function (In ¶ 90 Lester discloses “The authentication plan may be generated by considering the customer's stated authentication preferences, the operational status of the authenticators, an invasiveness of the authentication requests, and the effectiveness of the authenticator with respect to the channel and operation being requested” and in ¶ 72 Lester discloses “In some embodiments, the authentication plan makes a recommendation regarding the authentication information needed for the user to engage in the activity”).
However, Lester does not explicitly disclose the limitation of receiving an authentication request and selecting a function. 
Chang discloses:
receiving, over a communication network, an authentication request from a user device for performing a function utilizing a first authentication method (In ¶ 11, Chang discloses “there is provided a method for providing a user access to a computer system comprising a plurality of services and a plurality of authentication levels”), wherein the authentication request identifies the function and the first authentication method (In ¶ 14, Chang discloses “[0014] In an embodiment, the step of sending a further authentication request to the user further comprises providing the user with an authentication selection menu comprising a plurality of authentication options, each of said options at least matching the dynamically selected authentication level. This has the advantage that the user may select his or her preferred authentication method without compromising security as only authentication methods are being offered to the user that match or exceed the appropriate authentication level.”); identifying a first security risk level of the plurality of security risk levels associated with the first authentication method (In ¶ 44, Chang discloses “ It is reiterated that although the above principles may also be applied upon a user trying to gain access to the computer system, these principles are applied particularly advantageously once the user has successfully gained access to the computer system by passing an initial authentication method, such that the trust level or risk profile for the user assessed during the initial log-in is dynamically monitored during the user session,”); identifying a second security risk level of the plurality of security risk levels associated with the function (In ¶ 41, Chang discloses  “Each service or service class S1-S4 in the service group 10 is assigned an authentication method from the tiered authentication structure 20 by means of a mapping function 30, which mapping function itself is a function of a risk profile of the user of the computer system”); identifying a second authentication method from the plurality of authentication methods that is associated with the second security risk level (In ¶ 23, Chang discloses “and send a further authentication request to the user requesting the user to provide authentication information corresponding to the dynamically selected authentication level if said dynamically selected authentication level is higher than the actual authentication level for said user.”)
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Lester’s approach by utilizing Chang’s approach of selecting a user authentication method and associated risk scores to the methods as the motivation would be to allow the user to select their preferred authentication method without compromising security as only authentication methods are being offered to the user that match or exceed security of the services they are trying to access (See Chang ¶ 14).
Regarding Claim 3, the combination of Lester and Chang disclose:
The device of claim 1, wherein the first authentication method is associated with a first service, and wherein the second authentication method is associated with a second service (In ¶ 123 Lester discloses “The authentication plan may include multiple channels and methods of authentication (e.g., biometrics) for the user to step-up the identity trust score”).
Regarding Claim 5, the combination of Lester and Chang disclose:
The device of claim 1, wherein the network intelligence data further comprises historical data of a plurality of user devices accessing services on the mobile network, events occurring in the mobile network, time of day data associated with the plurality of user devices accessing the services on the mobile network, trending data associated with the plurality of user devices accessing the services on the mobile network, or a combination thereof (In ¶ 5 Lester discloses “a scalable, risk-based authentication system includes a plurality of fraud monitoring engines configured to analyze user data and organization data and generate a set of risk factors based on the user data and the enterprise data” and in ¶ 40, Lester discloses “User behavior database 150 may include transaction information relating to past transactions the user has engaged in, such as the time of day transactions were made, the amount and destination of the transfer, the channel and/or point of interaction used, activities and times associated with those activities (time spent making the transaction), etc.”).
Regarding Claim 6, the combination of Lester and Chang disclose:
The device of claim 1, wherein the operations further comprise: identifying a risk threshold; and determining the first security risk level is above the risk threshold (In ¶ 29 Lester discloses “The authentication engine may determine an identity trust score for the user, which may then be compared to the activity trust threshold”).
Regarding Claim 7, the combination of Lester and Chang disclose:
The device of claim 6, wherein the operations further comprise: determining an amount of risk between the first security risk level and the risk threshold (In ¶ 57 Lester discloses “If the comparison module 260 determines that the identity trust score is lower than the activity trust threshold, then the user is either rejected from engaging in the activity or the user may be asked to provide additional identifying information to raise the identity trust score.”) and triggering an alert responsive to the amount of risk between the first security risk level and the risk threshold exceeding an alert threshold (In ¶ 7 Lester discloses “generate an alert when the user behavior deviates above the threshold level”).
Regarding Claim 8, the combination of Lester and Chang disclose:
The device of claim 6, wherein the operations further comprise: determining a number of user devices utilizing the first authentication method; and terminating operation of the device responsive to the number of user devices utilizing the authentication method exceeding a threshold number of user devices (In ¶ 120, Lester discloses “Based on the identity trust score, the type of device currently being used by the user or a preferred device/method of authentication, and the activity trust threshold (measure of riskiness of the activity), authentication plan creation operation 1090 creates an authentication plan for the user.”)
Regarding Claim 9, the combination of Lester and Chang disclose:
The device of claim 7, wherein the first authentication method is associated with a first service, wherein the operations further comprise: terminating an access point device associated with the first service based on the amount of risk between the first security risk level and the risk threshold, wherein the access point device is communicatively coupled to the device over the communication network (In ¶ 45 Lester discloses “in one embodiment, the identity trust score module 280 can be separated into a channel rules module for determining the channel-appropriate authentication rules” and in ¶ 58, Lester further discloses “In some embodiments, the user has exhausted all methods of authentication in that channel but has been unsuccessful in raising the identity trust score to the necessary activity trust threshold level. In such a case, the user may be rejected from engaging in the activity”).
Regarding Claim 10, the combination of Lester and Chang disclose:
The device of claim 6, wherein the operations further comprise: determining the first security risk level has decreased below the risk threshold, wherein the first authentication method is associated with a first service (In ¶ 67 Lester discloses “In block 350, the identity trust score is compared with the activity trust threshold.”); receiving, over the communication network, a first notification that another device has terminated an access point device for the first service (In ¶ 57 Lester discloses “If the comparison module 260 determines that the identity trust score is lower than the activity trust threshold, then the user is either rejected from engaging in the activity or the user may be asked to provide additional identifying information to raise the identity trust score”); and providing, over the communication network, a second notification to each of a group of user devices associated with the other device, wherein each of the group of user devices are using the first service, wherein the second notification indicates that the device offers the first service to each of the group of user devices as the other device (In ¶ 62 Lester discloses “authentication system 200 includes a channel porting module 290 configured to transfer a user on one channel to a second channel that is different from the first channel, during a session. The channel porting module 290 allows the session to seamlessly be transferred to a different channel. Using the channel porting module 290, an identity trust score and activity trust threshold in connection with the second channel may be determined and compared. If enough identifying information is available (the identity trust score meets or exceeds the activity trust threshold), the session will be continued on the second channel”).
Regarding Claim 11, the combination of Lester and Chang disclose:
The device of claim 1, wherein the first authentication method and the second authentication method further comprises one of username/password credentials associated with the device, multifactor authentication, username/password credentials for a service, facial identification, or a combination thereof (In ¶ 66 Lester discloses “Identifying information may include information such as a username, a password, biometric data, a device identification, an automatic number identification, a token, a onetime password, or a grid card code, for example”).
Regarding Claim 12, the combination of Lester and Chang disclose:
The device of claim 1, wherein the first authentication method further comprises username/password credentials for a first service, wherein the identifying of the first security risk level comprises detecting a security breach for the first service, and wherein the second authentication method further comprises user/name credentials for a second service (In ¶ 6 Lester discloses “an information security monitoring engine configured to access alerts relating to enterprise information security, and a social network analyzer configured to analyze the user's social network to identify relationships indicating fraud” and in ¶ 66, Lester further discloses “Identifying information may include information such as a username, a password, biometric data, a device identification, an automatic number identification, a token, a onetime password, or a grid card code, for example”).
Regarding Claim 13, the combination of Lester and Chang disclose:
The device of claim 1, wherein the first authentication method comprises username/password credentials for a first service, wherein the identifying of the first security risk level comprises detecting a security breach for the first service, and wherein the second authentication method further comprises user/name credentials associated with the device (In ¶ 6 Lester discloses “an information security monitoring engine configured to access alerts relating to enterprise information security, and a social network analyzer configured to analyze the user's social network to identify relationships indicating fraud” and in ¶ 66, Lester further discloses “Identifying information may include information such as a username, a password, biometric data, a device identification, an automatic number identification, a token, a onetime password, or a grid card code, for example”).
Regarding Claim 14, the combination of Lester and Chang disclose:
The device of claim 1, wherein the first authentication method comprises username/password credentials for a first service, wherein the identifying of the first security risk level comprises detecting a security breach for the first service, and wherein the second authentication method further comprises multifactor authentication (In ¶ 6 Lester discloses “an information security monitoring engine configured to access alerts relating to enterprise information security, and a social network analyzer configured to analyze the user's social network to identify relationships indicating fraud” and in ¶ 66, Lester further discloses “Identifying information may include information such as a username, a password, biometric data, a device identification, an automatic number identification, a token, a onetime password, or a grid card code, for example”).
Regarding Claim 15, Lester discloses:
A non-transitory, machine-readable medium, comprising executable instructions that, when executed by a processing system including a processor, facilitate performance of operations, the operations comprising (In ¶ 125 Lester discloses “A variety of these steps and operations may be performed by hardware components or may be embodied in machine-executable instructions, which may be used to cause a general-purpose or special-purpose processor programmed with the instructions to perform the steps”):  obtaining network intelligence data for a mobile network over the communication network (In ¶ 11 Lester discloses “In response to the request, risk factors indicative of behavior of the user, a social network of the user, the user device, and information security of the organization may be aggregated”); analyzing a security behavior of the processing system (In ¶ 106, Lester discloses “Information used to generate the user's (or the device's) behavior pattern may be received from cross-channel information gathering and monitoring module 830.”);  identifying a risk level each of a plurality of authentication methods resulting in a plurality of risk levels in response to the analyzing the security behavior of the processing system and the network intelligence data using a machine learning application, wherein the first authentication method is one of the plurality of authentication methods (In ¶ 17 Lester discloses “a method includes creating a unique authentication plan for a session with a user based on an intrusiveness of the authentication methods available, user preferences, device capabilities, and a difference between an identity trust score and an activity score of the requested activity, where the unique authentication plan includes one or more authentication options” and in ¶ 37, Lester further discloses “Organization 145 may include various computing systems, model/rules execution engine 160, user behavior database 150, security and fraud indicator database 155, and user database 165”); identifying a risk threshold (In ¶ 67 Lester discloses “In block 350, the identity trust score is compared with the activity trust threshold”);  and determining the first risk level associated with the first authentication method is above the risk threshold and the second risk level associated with the function is below the risk threshold and in response thereto (In ¶ 29 Lester discloses “The authentication engine may determine an identity trust score for the user, which may then be compared to the activity trust threshold”): determining an amount of risk between the first risk level and the risk threshold (In ¶ 67 Lester discloses “In block 350, the identity trust score is compared with the activity trust threshold”); terminating an access point device associated with a first service based on the amount of risk (In ¶ 57 Lester discloses “If the comparison module 260 determines that the identity trust score is lower than the activity trust threshold, then the user is either rejected from engaging in the activity or the user may be asked to provide additional identifying information to raise the identity trust score”); notifying the user device of the second risk level for the function (In ¶ 7 Lester discloses “generate an alert when the user behavior deviates above the threshold level.”); and providing a recommendation to the user device to utilize the second authentication method to perform the function(In ¶ 90 Lester discloses “The authentication plan may be generated by considering the customer's stated authentication preferences, the operational status of the authenticators, an invasiveness of the authentication requests, and the effectiveness of the authenticator with respect to the channel and operation being requested” and in ¶ 72, Lester further discloses “In some embodiments, the authentication plan makes a recommendation regarding the authentication information needed for the user to engage in the activity”).
However, Lester does not explicitly disclose the limitation of receiving an authentication request and selecting a function. 
Chang discloses:
receiving, over a communication network an authentication request from a user device for performing a function utilizing a first authentication method, wherein the authentication request identifies the function and the first authentication method (In ¶ 11, Chang discloses “there is provided a method for providing a user access to a computer system comprising a plurality of services and a plurality of authentication levels”); identifying a first risk level that is associated with the first authentication method and identifying a second risk level that is associated with the function (In ¶ 44, Chang discloses “ It is reiterated that although the above principles may also be applied upon a user trying to gain access to the computer system, these principles are applied particularly advantageously once the user has successfully gained access to the computer system by passing an initial authentication method, such that the trust level or risk profile for the user assessed during the initial log-in is dynamically monitored during the user session,” and in ¶ 41, Chang further discloses “Each service or service class S1-S4 in the service group 10 is assigned an authentication method from the tiered authentication structure 20 by means of a mapping function 30, which mapping function itself is a function of a risk profile of the user of the computer system”); identifying a second authentication method from the plurality of authentication methods that is associated with the second risk level (In ¶ 23, Chang discloses “and send a further authentication request to the user requesting the user to provide authentication information corresponding to the dynamically selected authentication level if said dynamically selected authentication level is higher than the actual authentication level for said user.”)
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Lester’s approach by utilizing Chang’s approach of selecting a user authentication method and associated risk scores to the methods as the motivation would be to allow the user to select their preferred authentication method without compromising security as only authentication methods are being offered to the user that match or exceed security of the services they are trying to access (See Chang ¶ 14).
Regarding Claim 16, the combination of Lester and Chang disclose:
The non-transitory, machine-readable medium of claim 15, wherein the access point device is communicatively coupled to the processing system over the communication network (In ¶ 33 Lester discloses “Personal computers 125 may be any computer (e.g., desktop computers, laptop computers, netbooks, tablet computers, Internet-enabled television devices, etc.) connected to network 140”).
Regarding Claim 18, the combination of Lester and Chang disclose:
A method, comprising: receiving, by a processing system including a processor, over a communication network, an authentication request from a user device for performing a function utilizing a first authentication method, (In ¶ 44 Lester discloses “the authentication system 200 can include memory 210, one or more processors 220” and in ¶ 11, Lester further discloses “receiving, from a user device via a channel, an activity request from a user”); obtaining, by the processing system, network intelligence data for a mobile network over the communication network (In ¶ 11 Lester discloses “In response to the request, risk factors indicative of behavior of the user, a social network of the user, the user device, and information security of the organization may be aggregated”); analyzing, by the processing system, a security behavior of the processing system (In ¶ 106, Lester discloses “Information used to generate the user's (or the device's) behavior pattern may be received from cross-channel information gathering and monitoring module 830.”); identifying, by the processing system, a risk level for each of a plurality of authentication methods resulting in a plurality of risk levels in response to the analyzing the  security behavior of the processing system and the network intelligence data using a machine learning application , wherein the first authentication method is one of the plurality of authentication methods (In ¶ 17 Lester discloses “a method includes creating a unique authentication plan for a session with a user based on an intrusiveness of the authentication methods available, user preferences, device capabilities, and a difference between an identity trust score and an activity score of the requested activity, where the unique authentication plan includes one or more authentication options” and in ¶ 37, Lester further discloses “Organization 145 may include various computing systems, model/rules execution engine 160, user behavior database 150, security and fraud indicator database 155, and user database 165”); identifying, by the processing system, a risk threshold In ¶ 29 Lester discloses “The authentication engine may determine an identity trust score for the user, which may then be compared to the activity trust threshold”) and determining, by the processing system, the first risk level is above the risk threshold and the second risk level is below the risk threshold and in response thereto (In ¶ 67 Lester discloses “In block 350, the identity trust score is compared with the activity trust threshold.”): notifying, by the processing system, the user device of the second risk level for the function; providing, by the processing system, over the communication network, a recommendation to the user device to utilize the second authentication method to perform the function (In ¶ 90 Lester discloses “The authentication plan may be generated by considering the customer's stated authentication preferences, the operational status of the authenticators, an invasiveness of the authentication requests, and the effectiveness of the authenticator with respect to the channel and operation being requested” and in ¶ 72 Lester discloses “In some embodiments, the authentication plan makes a recommendation regarding the authentication information needed for the user to engage in the activity”);  determining, by the processing system, the first risk level has decreased below the risk threshold, wherein the first authentication method is associated with a first service (In ¶ 57 Lester discloses “If the comparison module 260 determines that the identity trust score is lower than the activity trust threshold, then the user is either rejected from engaging in the activity or the user may be asked to provide additional identifying information to raise the identity trust score”);  Appln. No. 16/903,528Page 10 of 17 Reply to Non-Final Office Action of April 5, 2022Docket No. 2020-0047_7785-2155A receiving, by the processing system, over the communication network, a first notification that another processing system has terminated an access point device for the first service; and providing, by the processing system, over the communication network, a second notification to each of a group of user devices associated with the other processing system, wherein each of the group of user devices are using the first service, wherein the second notification indicates that the processing system offers the first service to each of the group of user devices as the other processing system (In ¶ 62 Lester discloses “authentication system 200 includes a channel porting module 290 configured to transfer a user on one channel to a second channel that is different from the first channel, during a session. The channel porting module 290 allows the session to seamlessly be transferred to a different channel. Using the channel porting module 290, an identity trust score and activity trust threshold in connection with the second channel may be determined and compared. If enough identifying information is available (the identity trust score meets or exceeds the activity trust threshold), the session will be continued on the second channel”).However, Lester does not explicitly disclose the limitation of receiving an authentication request and selecting a function. 
Chang discloses:
wherein the authentication request identifies the function and the first authentication method (In ¶ 11, Chang discloses “there is provided a method for providing a user access to a computer system comprising a plurality of services and a plurality of authentication levels”); identifying, by the processing system, a first risk level of the plurality of risk levels associated with the first authentication method and identifying a second risk level of the plurality of risk levels associated with the function (In ¶ 44, Chang discloses “ It is reiterated that although the above principles may also be applied upon a user trying to gain access to the computer system, these principles are applied particularly advantageously once the user has successfully gained access to the computer system by passing an initial authentication method, such that the trust level or risk profile for the user assessed during the initial log-in is dynamically monitored during the user session,” and in ¶ 41, Chang further discloses “Each service or service class S1-S4 in the service group 10 is assigned an authentication method from the tiered authentication structure 20 by means of a mapping function 30, which mapping function itself is a function of a risk profile of the user of the computer system”);  identifying, by the processing system, a second authentication method from the plurality of authentication methods that is associated with the second risk level (In ¶ 23, Chang discloses “and send a further authentication request to the user requesting the user to provide authentication information corresponding to the dynamically selected authentication level if said dynamically selected authentication level is higher than the actual authentication level for said user.”)
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Lester’s approach by utilizing Chang’s approach of selecting a user authentication method and associated risk scores to the methods as the motivation would be to allow the user to select their preferred authentication method without compromising security as only authentication methods are being offered to the user that match or exceed security of the services they are trying to access (See Chang ¶ 14).
Regarding Claim 20, the combination of Lester and Chang disclose:
The method of claim 18, wherein the network intelligence data comprises historical data of a plurality of user devices accessing services on the mobile network, events occurring in the mobile network, time of day data associated with the plurality of user devices, trending data associated with the plurality of user devices accessing the services on the mobile network, or a combination thereof (In ¶ 5 Lester discloses “a scalable, risk-based authentication system includes a plurality of fraud monitoring engines configured to analyze user data and organization data and generate a set of risk factors based on the user data and the enterprise data” and in ¶ 40, Lester discloses “User behavior database 150 may include transaction information relating to past transactions the user has engaged in, such as the time of day transactions were made, the amount and destination of the transfer, the channel and/or point of interaction used, activities and times associated with those activities (time spent making the transaction), etc.”).
Claims 2, 4, 17, and 19 are rejected under 35 U.S.C. 103 as being unpatentable Lester et al. (US Patent 10432605), hereinafter referred to as Lester, in view of Chang et al. (US 20140208419), hereinafter referred to as Chang, in further view of Koral et al (US Patent Application Publication 2021/0306372), hereinafter referred to as Koral.
Regarding Claim 2, the combination of Lester and Chang disclose all the limitations with respect to claim 1. 
Lester and Chang do not explicitly teach the use of a multi-access edge computing device. 
However, Koral discloses the following limitation:
wherein the device further comprises a multi-access edge computing device, wherein the multi-access edge computing device further comprises a radio intelligent controller, and wherein the radio intelligent controller further comprises a security monitoring and notification system. (In ¶ 32 Koral discloses “In operation in one embodiment, an IoT device may connect with the 5G RAN 34, via a RAN intelligent controller (RIC) associated with the MEC architecture and establish a session with the enterprise network through the EPC” and in ¶ 27, Koral further discloses “providing a security component having one or more security elements within the MEC that monitors and processes data and local network traffic while mitigating network attacks may be beneficial”).
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to utilize Koral’s approach of utilizing an MEC as the device as the motivation would be to by running applications and performing related processing tasks closer to the cellular customer, core network data traffic is reduced and applications respond faster due to the reduced physical distance between client and server, and energy can be saved eventually by offloading processing into the cloud despite adding additional communication overhead and latency to the communication (see Koral ¶ 22).
Regarding Claim 4, the combination of Lester and Chang disclose all the limitations with respect to claim 1. 
However, Lester and Chang do not explicitly teach the use of obtaining user plane and control plane behavior on the mobile network. 
However, Koral discloses the following limitation:
wherein the security behavior of the device further comprises at least one of a user plane behavior of the mobile network and a control plane behavior of the mobile network. (In ¶ 56 Koral discloses “Because each MEC (205 or 251) includes a security component, abnormal behavioral patterns for an associated control plane, an associated user plane, or associated UEs detected by an anomaly detection element 221 of an MEC (an affected MEC) may be communicated to other MECs that are connected to the affected MEC in response to the detection of abnormal behavioral patterns (e.g., an alert)”).
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to utilize Koral’s approach of MEC’s and the use of their security components as the motivation would be by running applications and performing related processing tasks closer to the cellular customer, core network data traffic is reduced and applications respond faster due to the reduced physical distance between client and server, and energy can be saved eventually by offloading processing into the cloud despite adding additional communication overhead and latency to the communication (see Koral ¶ 22).
Regarding Claim 17, the combination of Lester and Chang disclose all the limitations with respect to claim 15. 
Lester and Chang do not explicitly teach the use of a multi-access edge computing device. 
However, Koral discloses the following limitation:
wherein the processing system comprises a multi-access edge computing device, wherein the multi-access edge computing device comprises a radio intelligent controller, and wherein the radio intelligent controller comprises a security monitoring and notification system. (In ¶ 32 Koral discloses “In operation in one embodiment, an IoT device may connect with the 5G RAN 34, via a RAN intelligent controller (RIC) associated with the MEC architecture and establish a session with the enterprise network through the EPC” and in ¶ 27, Koral further discloses “providing a security component having one or more security elements within the MEC that monitors and processes data and local network traffic while mitigating network attacks may be beneficial”).
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to utilize Koral’s approach of utilizing an MEC as the device as the motivation would be to by running applications and performing related processing tasks closer to the cellular customer, core network data traffic is reduced and applications respond faster due to the reduced physical distance between client and server, and energy can be saved eventually by offloading processing into the cloud despite adding additional communication overhead and latency to the communication (see Koral ¶ 22).
Regarding Claim 19, the combination of Lester and Chang disclose all the limitations with respect to claim 18. 
However, Lester and Chang do not explicitly teach the use of obtaining user plane and control plane behavior on the mobile network. 
However, Koral discloses the following limitation:
wherein the security behavior of the processing system comprises at least one of a user plane behavior of the mobile network and a control plane behavior of the mobile network. (In ¶ 56 Koral discloses “Because each MEC (205 or 251) includes a security component, abnormal behavioral patterns for an associated control plane, an associated user plane, or associated UEs detected by an anomaly detection element 221 of an MEC (an affected MEC) may be communicated to other MECs that are connected to the affected MEC in response to the detection of abnormal behavioral patterns (e.g., an alert)”).
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to utilize Koral’s approach of MEC’s and the use of their security components as the motivation would be by running applications and performing related processing tasks closer to the cellular customer, core network data traffic is reduced and applications respond faster due to the reduced physical distance between client and server, and energy can be saved eventually by offloading processing into the cloud despite adding additional communication overhead and latency to the communication (see Koral ¶ 22).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Boodeai et al. (US Patent Publication 2021/0168148) discloses a method of identifying confidence levels for a user requesting an authentication session.
Gaeta et al. (US Patent 10972458) discloses a method for authenticating a user based on certain authentication levels.
Mohammad et al. (US Patent Publication 2019/0333055) discloses an authentication system utilizing token values. 
Boss et al. (US Patent Publication 20150324559) discloses a method for managing authentication policies for users on a network based on risk assessment scores. 
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHADI H KOBROSLI whose telephone number is (571)272-1952. The examiner can normally be reached M-F 9am-5pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHADI H KOBROSLI/               Examiner, Art Unit 2492                                                                                                                                                                                         

/SALEH NAJJAR/               Supervisory Patent Examiner, Art Unit 2492