DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Guccione et al (US 2015/0319156) in view of Yan et al (US 2017/0019500) and in further view of Ballard et al (US 2019/0236254).
Regarding claims 1, 8, and 15, Guccione et al discloses computer-implemented method for user authentication performed by an identity provider system, non-transitory computer-readable storage medium storing instructions that when executed by a computer processor perform actions, and a identity provider system comprising: a computer processor; and a non-transitory computer-readable medium storing instructions that when executed by a computer processor perform actions comprising [0084, 0098]:
receiving a request from a first user to authenticate an identity of the first user [0023];
Please note that in this example, requested user assertion may indicate at least one result of at least one authentication of a user equipment.  
identifying a set of authentication factors enrolled for use of the first user with the identity provider system, the set including the first one of the authentication factors and the second one of the authentication factors [0022]; 
Please note that in this example, request may include an indication of an authentication requirement and an identity of the user that is associated with the M-IdP. The indication of the authentication requirement may include a required authentication assurance level. Also, the indication of the authentication requirement may include an identification of required authentication factors, and thus the request may explicitly identify the required authentication factors
However, Guccione et al does not expressly disclose but Yan et al discloses:
monitoring, for each of a plurality of authentication factors, a health of the authentication factor [0039-0042]; 
Please note that in this example, the system determines, based on retrieved historical processing records for each data interaction processing mode candidate, processing success rates for each data interaction processing mode candidate, wherein at least one different processing parameter is present among different data interaction processing modes
determining, based on the monitoring, that a first one of the authentication factors is below a threshold degree of health, and that a second one of the authentication factors is above the threshold degree of health [0039-0042];
Please note that in this example, the system determines, based on the processing success rates for each data interaction processing mode candidate, a data interaction processing mode for handling the service processing request for the user terminal.
However, Guccione et al and Yan et al do not expressly disclose but Ballard et al discloses:
determining that the first one of the authentication factors is currently a default factor for the first user on the identity provider system [0031]; 
Please note that in this example, the system may require a default authentication requirement to allow multiple types of authentication (e.g., either biometric or manual) to perform various actions.
selecting the second one of the authentication factors as a current default factor for the first user on the identity provider system [0031];
Please note that in this example, in response to a request to access certain types of information, the system is configured to change authentication requirement from a first state to a second state.
 providing, to the first user, an authentication user interface in which the second one of the authentication factors is the default factor [0039-0040]; 
Please note that in this example, the device may require a different authentication type in response to the detection of the element, relative to a default authentication type for one or more user actions, before authorizing the one or more user actions. 
receiving, from the first user, a value for the second one of the authentication factors and authenticating the first user using the received value of the second one of the authentication factors [0039-0040];
Please note that in this example the device may enter a second mode of operation relative to a first (e.g., default) mode of operation. The change in mode may be specified by authentication requirement. 
It would have been obvious to one of ordinary skill in the art at to create the invention as claimed for the following reasons.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Guccione et al by determining health thresholds, for the purpose of changing authentication based on success rate, based upon the beneficial teachings provided by Yan et al , see for example [0042].  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Guccione et al and Yan et al by setting a default authentication mode, for the purpose of changing authentication based on different requirements, based upon the beneficial teachings provided by Ballard et al , see for example [0039].  These modifications would result in ease of use and increased security, both of which are obvious benefits to the skilled artisan.  Additionally, the cited references are in the field of computer security, as is the current application, and thus, are in analogous arts.  
Regarding claims 2, 9, and 16, Guccione et al, Yan et al and Ballard et al disclose all the limitations of independent claims 1, 8, and 15. However, Guccione et al does not expressly disclose but Yan et al discloses monitoring the health of an authentication factor comprises determining a number of errors when using the authentication factor to authenticate identities of users [0028];
Please note that in this example a success rate can be calculated to determining the success of the authentication mode in the past. 
The motivation to combine is the same as disclosed in point (8).
Regarding claims 3, 10, and 17, Guccione et al, Yan et al and Ballard et al disclose all the limitations of independent claims 1, 8, and 15. Guccione et al further disclose monitoring the health of an authentication factor comprises: determining additional contextual metadata associated with the factor; and determining the health of the authentication factor for each of a plurality of values of the contextual metadata associated with the factor [0048, 0056];
Please note that in this example, an additional factor may be required and bound with a first factor. The service provider can then check a signature associated with the bound/encrypted factors (i.e., additional contextual metadata). 
Regarding claims 4, 11, and 18, Guccione et al, Yan et al and Ballard et al disclose all the limitations of independent claims 1, 8, and 15. However, Guccione et al does not expressly disclose but Yan et al discloses that the additional contextual metadata comprises at least one of: a version of an application of the identity provider system that is installed on a client device of the first user, a version of an operating system of the client device of the first user, an internet protocol (IP) address of the client device of the first user, or a geographical location of the client device of the first user [0052]. 
Please note that in this example terminal information may be used as means to process the request as such equipment data is utilized as a factor in authentication.  
The motivation to combine is the same as disclosed in point (8).
Regarding claims 5, 12, and 19, Guccione et al, Yan et al and Ballard et al disclose all the limitations of independent claims 1, 8, and 15. Guccione et al further disclose that the authentication factors comprise one or more of: a biometric reading, a push notification, an email, a voice message, or a one-time password provided over short message service (SMS) (i.e., fingerprint, retina scan od user) [0003]. 
Regarding claims 6, 13, and 20, Guccione et al, Yan et al and Ballard et al disclose all the limitations of independent claims 1, 8, and 15. Guccione et al further disclose responsive to determining that the first user is authenticated: identifying electronic services to which the first user has been granted access by an organization of which the first user is a member, identifying credentials of the first user for the identified electronic services, and automatically signing the first user in to the identified electronic services using the credentials [0030, 0038];
Please note that in this example authentication requirements may be dependent upon the service requested. 
Regarding claims 7 and 14, Guccione et al, Yan et al and Ballard et al disclose all the limitations of independent claims 1, 8, and 15. However, Guccione et al and Yan et al do not expressly disclose but Ballard et al discloses that responsive to determining that the first one of the authentication factors is below the threshold degree of health, omitting the first one of the authentication factors from inclusion within the provided authentication user interface [0040, 0056]. 
Please note that in this example a change mode can be implemented such that one factor can be utilized over the other. 
The motivation to combine is the same as disclosed in point (8).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Shiralkar et al (US 2022/0124098) discloses that identity providers simplify the user experience by allowing users of service providers to configure authentication processes on a single identity provider and subsequently rely on that identity provider to authenticate on one or multiple client service providers that use the identity provider. The third-party service provider determines whether to provide the client device access to the one or more services in accordance with the determined access level, after determining the access level.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KENDALL DOLLY whose telephone number is (571)270-1948. The examiner can normally be reached Monday-Thursday 8am-5pm(EST) and Friday 8am-12pm(EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/KENDALL DOLLY/Primary Examiner, Art Unit 2436