Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsMicrosoft Technology Licensing, LLC › 18186768
Last updated: April 19, 2026
Application No. 18/186,768

CREDENTIAL-BASED SECURITY POSTURE ENGINE IN A SECURITY MANAGEMENT SYSTEM

Non-Final OA §103
Filed
Mar 20, 2023
Examiner
BROWN, CHRISTOPHER J
Art Unit
2439
Tech Center
2400 — Computer Networks
Assignee
Microsoft Technology Licensing, LLC
OA Round
3 (Non-Final)
75%
Grant Probability
Favorable
3-4
OA Rounds
3y 6m
To Grant
88%
With Interview

Interview Optional

+12.6% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 707 resolved cases, 2023–2026

Examiner Intelligence

BROWN, CHRISTOPHER J View full profile →
Grants 75% — above average
75%
Career Allow Rate
533 granted / 707 resolved
+17.4% vs TC avg
Moderate +13% lift
Without
With
+12.6%
Interview Lift
resolved cases with interview
Typical timeline
3y 6m
Avg Prosecution
36 currently pending
Career history
743
Total Applications
across all art units

Statute-Specific Performance

§101
12.7%
-27.3% vs TC avg
§103
54.6%
+14.6% vs TC avg
§102
10.4%
-29.6% vs TC avg
§112
11.1%
-28.9% vs TC avg
Black line = Tech Center average estimate • Based on career data from 707 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant argues that neither Shua US 2022/0345483 or Fellows US 2022/0360597 teach generating a validation status for an unsecured credential based on whether the credential provides access to the resource in the computing environment. Examiner asserts arguably Shua teaches a “validation status” [0099][0357][360]. Shua teaches testing a “stolen password” based on a “compromised account” or “attempt to login using owners previously leaked passwords”. Shua therefore acknowledges that the status for the credential is “stolen” and that a successful test would result in a “valid” but “stolen” password. Applicant argues that Shua and Fellows fail to teach generating a security posture visualization based on the validation status the unsecured credential and resource associated with the risk score. Examiner asserts that Shua arguably teaches this in a comprehensive report provided. However, Examiner has included Crabtree US 2023/0308459 to expedite prosecution. Crabtree teaches testing compromised credentials, a security graph, attack path and risk score as will be more fully articulated in the rejection below. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-4, 6-17, 19, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Shua US 2022/0345483 in view of Fellows US 2022/0360597 in view of Crabtree US 2023/0308459 As per claim 1. A computerized system comprising: one or more computer processors; and computer memory storing computer-useable instructions that, when used by the one or more computer processors, cause the one or more computer processors to perform operations, the operations comprising: Shua teaches accessing credentials scan results associated with a computing device in a computing environment; [0099][0357] (passwords match lateral movement) Shua teaches based on the credentials scan results, identifying an unsecured credential associated with accessing a resource in the computing environment; (passwords match lateral movement) [0099][0100][0101][0320][0322][0357][0360] (teaches scanning for unsecured credentials and the assets they could compromise) Shua teaches based on the risk score, generating a security posture visualization associated with computing environment, wherein the security posture visualization comprises the unsecured credential and the resource associated with the risk score; [0419][0420] (cybersecurity report per asset, including threats including password scans, identifying a risk level per asset) Shua teaches and communicating the security posture visualization to cause display of the security posture visualization. [0161][0162] Shua teaches, wherein each risk score is based on each corresponding unsecured credential and risk assessment factors of the unsecured credential, wherein the risk assessment factors comprise the following: an unsecured credential type, a resource type, an unsecured credential validation status, and an attack path analysis. [0098][0099]-[0101][0300][0320][0322][0357][0360] (insecure password, matching to resource, validating credential, attack path analysis) Fellows more explicitly teaches the risk score for each credential. [0012][0014][0048] (teaches that the security score is in part based on a specific credential and its potential to compromise further key systems) Fellows teaches generating a risk score that quantifies a security exposure associated with the unsecured credential and the resource; [0012][0014][0048] (teaches that the security score is in part based on a specific credential and its potential to compromise further key systems) It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the teaching of Fellows with the prior art because it provides better context to prioritize remediation of security threats. Crabtree teaches generating a risk score based on one or more of a plurality of risk assessment factors comprising an unsecured credential type, a resource type and an attack path analysis. [0098] (teaches monitoring for attacks including ticket attacks, privilege escalation, and compromised credentials) [0128] (collect metadata of attack using compromised credentials including success or failure of attack using credential, thus indicating a compromised status of account and credentials) [0143][0149] (attack impact assessment score, blast radius including resources at risk, using compromised credentials) Crabtree teaches generating a validation status for the unsecured credential based on validating whether the unsecured credential provides access to the resource in the computing environment. [0098] (teaches monitoring for attacks including ticket attacks, privilege escalation, and compromised credentials) [0128] (collect metadata of attack using compromised credentials including success or failure of attack using credential, thus indicating a compromised status of account and credentials) [0143][0145][0149] (attack impact assessment score, blast radius including resources at risk, testing using compromised credentials) Crabtree teaches based on the validation status and the risk score, generating a security posture visualization associated with the computing environment wherein the visualization comprises the validation status the unsecured credential and resource associate with the risk score. [0145] [0148][0149](cyber-physical graph, impact scores, including compromised credential threats and impact assessment scores in the graph, make report) It would have been obvious to one of ordinary skill in the art before the priority date of the current application to use the teaching of Crabtree with the prior art because it comprehensively improves the security of a network. As per claim 2. Shua teaches The system of claim 1, wherein a credential scanner, associated with a credential-based security posture engine, supports identifying, for a plurality of computing devices in the computing environment, a plurality of unsecured credentials and their corresponding resources, wherein the credential scan results comprise the unsecured credential and the resource. [0099][0100][0101][0360] (teaches scanning for unsecured credentials and the assets they could compromise) As per claim 3. Shua teaches The system of claim 1, the operations further comprising validating that the unsecured credential provides access to the resource in the computing environment. [0099][0100][0101][0320][0322] (uses insecure credential to test access) Crabtree provides additional teachings: [0098] (teaches monitoring for attacks including ticket attacks, privilege escalation, and compromised credentials) [0128] (collect metadata of attack using compromised credentials including success or failure of attack using credential, thus indicating a compromised status of account and credentials) [0143][0145][0149] (attack impact assessment score, blast radius including resources at risk, testing using compromised credentials) As per claim 4. Shua teaches The system of claim 1, the operations further comprising executing an attack path analysis based on the computing device, the unsecured credential, and the resource, wherein the executing the attack path analysis identifies an attack path associated with the computing device, the unsecured credential, and the resource. [0285][0286][0305] (attack path analysis based on vulnerability) As per claim 4. Shua teaches The system of claim 1, the operations further comprising executing an attack path analysis based on the computing device, the unsecured credential, and the resource, wherein the executing the attack path analysis identifies an attack path associated with the computing device, the unsecured credential, and the resource. [0285][0286][0305] (attack path analysis based on vulnerability) Fellows teaches The system of claim 1, wherein a security posture management engine supports generating a security posture visualization comprising a plurality of alerts, wherein an alert from the plurality alerts is associated with the unsecured credential and a prioritization identifier, wherein the plurality of alerts are provided in the security posture visualization based on their corresponding prioritization identifiers. [0129]-[0132][0150] (more clearly teaches alert ranking and prioritization identifiers) As per claim 6. Shua teaches The system of claim 1, wherein a security posture management engine supports executing a risk assessment on a plurality of unsecured credentials, wherein executing the risk assessment comprises generating risk scores for each of the plurality of unsecured credentials to quantify their security exposure of the computing environment, wherein each risk score is based on each corresponding unsecured credential and risk assessment factors of the unsecured credential,. [0098][0099]-[0101][0300][0320][0322][0357][0360] (insecure password, matching to resource, validating credential, attack path analysis) Crabtree provides additional teachings: [0098] (teaches monitoring for attacks including ticket attacks, privilege escalation, and compromised credentials) [0128] (collect metadata of attack using compromised credentials including success or failure of attack using credential, thus indicating a compromised status of account and credentials) [0143][0145][0149] (attack impact assessment score, blast radius including resources at risk, testing using compromised credentials) As per claim 7. Shua teaches generating a security posture visualization comprising a plurality of alerts, wherein an alert from the plurality alerts is associated with the unsecured credential [0065][0066][0162][0419] (teaches a report for each asset, and alerts, including password issues, teaches prioritization but not in depth) Crabtree provides additional teachings: [0098] (teaches monitoring for attacks including ticket attacks, privilege escalation, and compromised credentials) [0128] (collect metadata of attack using compromised credentials including success or failure of attack using credential, thus indicating a compromised status of account and credentials) [0143][0145][0149] (attack impact assessment score, blast radius including resources at risk, testing using compromised credentials) As per claim 8. Shua teaches The system of claim 1, wherein security posture visualization comprises an alert associated with the unsecured credential, wherein the alert comprises a prioritization identifier and a remediation action, wherein the remediation action is executable to address a security threat associated with the alert. [0065][0066][0162][0419] (alert with remediation suggestion) As per claim 9. Shua teaches The system of claim 1, the operations further comprising: communicating, from a security management client, a request for a security posture of the computing environment; based on the request, receiving the security posture visualization associated with the computing environment, wherein the security posture visualization comprises an alert associated with the computing device, the unsecured credential, and the resource; and causing display of the security posture visualization. [0065][0066][0162][0366][0419] (alerts, security reports per asset, vulnerabilities.) As per claim 10. Shua teaches The system of claim 1, the operations further comprising: receiving an indication to execute a remediation action associated with the unsecured credential, wherein the remediation action is associated with the security posture visualization; and communicating the indication to execute the remediation action to cause execution of the remediation action. [0065][0066][0162][0419] (alert with remediation suggestion) As per claim 11. Shua teaches One or more computer-storage media having computer-executable instructions embodied thereon that, when executed by a computing system having a processor and memory, cause the processor to perform operations, the operations comprising: communicating a request for a security posture of a computing environment; based on the request, receiving a security posture visualization associated with the computing environment, wherein the security posture visualization comprises a risk score of an unsecured credential associated with accessing a resource in the computing environment; and causing display of the security posture visualization. [0098][0099]-[0101][0162][0286][0290][0300][0320][0322][0357][0360][0419] (security reports, visualization of security ) Shua teaches each risk score is based on each corresponding unsecured credential and risk assessment factors of the unsecured credential, wherein the risk assessment factors comprise the following: an unsecured credential type, a resource type, an unsecured credential validation status, and an attack path analysis. [0098][0099]-[0101][0300][0320][0322][0357][0360] (insecure password, matching to resource, validating credential, attack path analysis) Fellows more explicitly teaches the risk score for each credential. [0012][0014][0048] (teaches that the security score is in part based on a specific credential and its potential to compromise further key systems) Fellows teaches generating a risk score that quantifies a security exposure associated with the unsecured credential and the resource; [0012][0014][0048] (teaches that the security score is in part based on a specific credential and its potential to compromise further key systems) As per claim 12. Shua teaches The media of claim 11, wherein the risk score is based on the unsecured credential and corresponding risk assessment factors of the unsecured credential, wherein the risk assessment factors comprising the following: an unsecured credential type, a resource type, an unsecured credential validation status, and an attack path analysis. [0098][0099]-[0101][0300][0320][0322][0357][0360] (insecure password, matching to resource, validating credential, attack path analysis) Fellows more explicitly teaches the risk score for each credential. [0012][0014][0048] (teaches that the security score is in part based on a specific credential and its potential to compromise further key systems) As per claim 13. Shua teaches The media of claim 11, wherein the security posture visualization comprises an alert associated with the unsecured credential, wherein the alert is associated with a prioritization identifier and a remediation action, wherein the remediation action is executable to address a security threat associated with the alert. [0065][0066][0162][0419] (alert with remediation suggestion) As per claim 14. The media of claim 11, Shua teaches the security posture visualization comprises a first plurality of alerts that are not associated with unsecured credentials and a second plurality of alerts that are associated with unsecured credentials, wherein the first plurality of alerts and the second plurality of alerts are provided in the security posture visualization [0065][0066][0162][0419] (teaches a report for each asset, and alerts, including password issues, and alerts for all other security issues, teaches prioritization but not in depth) Fellows teaches The system of claim 1, wherein a security posture management engine supports generating a security posture visualization comprising a plurality of alerts, wherein the first plurality of alerts and the second plurality of alerts are provided in the security posture visualization based on corresponding prioritization identifiers, [0129]-[0132][0150] (more clearly teaches alert ranking and prioritization identifiers) As per claim 15. Shua teaches The media of claim 11, the operations further comprising: receiving an indication to perform a remediation action associated with the unsecured credential, wherein the remediation action is associated with the security posture visualization; and communicating the indication to perform the remediation action to cause execution of the remediation action. [0065][0066][0162][0419] (alert with remediation suggestion) As per claim 16. Shua teaches A computer-implemented method, the method comprising: accessing credential scan results associated with a computing device in a computing environment; based on the credential scan results, identifying an unsecured credential; generating a security posture visualization associated with the computing environment, wherein the security posture visualization comprises the unsecured credential; and communicating the security posture visualization to cause display of the security posture visualization. [0098][0099]-[0101][0162][0286][0290][0300][0320][0322][0357][0360][0419] (security reports, insecure credential, visualization of security posture) Shua teaches each risk score is based on each corresponding unsecured credential and risk assessment factors of the unsecured credential, wherein the risk assessment factors comprise the following: an unsecured credential type, a resource type, an unsecured credential validation status, and an attack path analysis. [0098][0099]-[0101][0300][0320][0322][0357][0360] (insecure password, matching to resource, validating credential, attack path analysis) Fellows more explicitly teaches the risk score for each credential. [0012][0014][0048] (teaches that the security score is in part based on a specific credential and its potential to compromise further key systems) Fellows teaches generating a risk score that quantifies a security exposure associated with the unsecured credential and the resource; [0012][0014][0048] (teaches that the security score is in part based on a specific credential and its potential to compromise further key systems) As per claim 17. Shua teaches The method of claim 16, the method further comprising executing an attack path analysis based on the computing device, the unsecured credential, and a resource accessible using the unsecured credential, wherein the executing the attack path analysis identifies an attack path associated with the computing device, the unsecured credential. [0285][0286][0305] (attack path analysis based on vulnerability) As per claim 19. The method of claim 16, Shua teaches generating a security posture visualization comprising an alert from the plurality alerts is associated with the unsecured credential [0065][0066][0162][0419] (teaches a report for each asset, and alerts, including password issues, teaches prioritization but not in depth) Fellows teaches The system of claim 1, wherein a security posture management engine supports generating a security posture visualization comprising a plurality of alerts, wherein an alert from the plurality alerts is associated with the unsecured credential and a prioritization identifier, wherein the plurality of alerts are provided in the security posture visualization based on their corresponding prioritization identifiers. [0129]-[0132][0150] (more clearly teaches alert ranking and prioritization identifiers) As per claim 20. Shua teaches The method of claim 16, the method further comprising: receiving an indication to perform a remediation action associated with the unsecured credential, wherein the remediation action is associated with the security posture visualization; and based on receiving the indication to perform the remediation action, causing execution of the remediation action. [0065][0066][0162][0419] (alert with remediation suggestion) Claim(s) 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Shua US 2022/0345483 in view of Fellows US 2022/0360597 in view of Crabtree US 2023/0308459 in view of Guo US 2022/0019676. As per claim 5. Guo teaches The system of claim 1, wherein generating the risk score quantifies the security exposure based multiplying a probability score and an impact score associated with a security threat of the computing device, the unsecured credential, and the resource. [0023][0110] (teaches risk calculation in part by multiplying probability and impact). It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the risk calculation of Guo with the prior art because it makes for an efficient prioritization of risk. Claim(s) 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Shua US 2022/0345483 in view of Fellows US 2022/0360597 in view of Crabtree US 2023/0308459 in view of Botti US 2020/0026847. As per claim 18. Shua teaches The method of claim 16, the method further comprising executing a risk assessment on the unsecured credential, wherein executing the risk assessment comprises generating the risk score based on risk assessment factors comprising the following: an unsecured credential type, a resource type, an unsecured credential validation status, and an attack path analysis. [0098][0099]-[0101][0300][0320][0322][0357][0360] (insecure password, matching to resource, validating credential, attack path analysis) Fellows more explicitly teaches the risk score for each credential. [0012][0014][0048] (teaches that the security score is in part based on a specific credential and its potential to compromise further key systems) Botti teaches wherein executing the risk assessment comprises generating risk scores for each of the plurality of unsecured credentials to quantify their security exposure of the computing environment; and wherein each risk score is based on each corresponding unsecured credential and risk assessment factors of the unsecured credential. [0025]-[0032][0063] (teaches each retrieved password has a score based on security exposure, including a risk score) It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the teaching of Botti with the prior art because it provides more refined risk assessment. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833. The examiner can normally be reached M-F 8-5. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439
Read full office action

Prosecution Timeline

Mar 20, 2023
Application Filed
Apr 18, 2025
Non-Final Rejection — §103
Jun 03, 2025
Examiner Interview Summary
Jun 03, 2025
Applicant Interview (Telephonic)
Aug 07, 2025
Response Filed
Oct 21, 2025
Final Rejection — §103
Dec 18, 2025
Applicant Interview (Telephonic)
Dec 18, 2025
Examiner Interview Summary
Jan 28, 2026
Request for Continued Examination
Feb 01, 2026
Response after Non-Final Action
Mar 20, 2026
Non-Final Rejection — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

17/323,853
Patent 12603822
SOFTWARE AS A SERVICE (SaaS) USER INTERFACE (UI) FOR DISPLAYING USER ACTIVITIES IN AN ARTIFICIAL INTELLIGENCE (AI)-BASED CYBER THREAT DEFENSE SYSTEM
2y 5m to grant Granted Apr 14, 2026
18/637,260
Patent 12574725
METHODS, APPARATUSES, COMPUTER PROGRAMS AND CARRIERS FOR SECURITY MANAGEMENT BEFORE HANDOVER FROM 5G TO 4G SYSTEM
2y 5m to grant Granted Mar 10, 2026
17/684,585
Patent 12563390
AUTHENTICATING A DEVICE IN A COMMUNICATION NETWORK OF AN AUTOMATION INSTALLATION
2y 5m to grant Granted Feb 24, 2026
18/542,786
Patent 12563056
SYSTEM AND METHOD FOR MONITORING AND MANAGING COMPUTING ENVIRONMENT
2y 5m to grant Granted Feb 24, 2026
18/473,438
Patent 12537828
ON-DEMAND SOFTWARE-DEFINED SECURITY SERVICE ORCHESTRATION FOR A 5G WIRELESS NETWORK
2y 5m to grant Granted Jan 27, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
75%
Grant Probability
88%
With Interview (+12.6%)
3y 6m
Median Time to Grant
High
PTA Risk
Based on 707 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month