"Clearly and it is understood by the judges that OOBA is not some non-computer analogy, but a computer specific process that is the solution to a computer specific criminal activity (Hacking)."
That's really it, in a nutshell, imo. Good summation!
SA's argument seems incredibly flawed from the get go. Take the daycare analogy for example: even if the judges considered this analogy comparable (which, come on...), the analogies presented are not apples to apples with our patented solutions.
SA's claim is that we all do "OOBA" in our everyday lives. What they ignore is that actual OOBA is a result of real code and intellectual property that has been designed and developed to automate and IMPROVE the authentication process. Hell, I would consider basic "username/password" security to be patentable; it's still IP that was created to solve a specific problem (computer specific, remote transactions, where your identity cannot be determined without code designed to do so...)
Even if you could properly compare the daycare situation to SFOR, which you can't, the problem of remotely authenticating a user in a (or preferably, multiple) computing environment(s) isn't solved without designing and coding the solution. And that, in and of itself is patentable.